From a02450119b4b7f6ac25af220a53ec24e7beb9850 Mon Sep 17 00:00:00 2001 From: Packit Service Date: Dec 09 2020 07:32:18 +0000 Subject: Prepare for a new update Reverting patches so we can apply the latest update and changes can be seen in the spec file and sources. --- diff --git a/doc/aide.1.in b/doc/aide.1.in index 932810e..e60858d 100644 --- a/doc/aide.1.in +++ b/doc/aide.1.in @@ -103,9 +103,9 @@ echo | base64 \-d | hexdump \-v \-e '32/1 "%02x" "\\n"' .SH FILES .IP \fB@sysconfdir@/aide.conf\fR Default aide configuration file. -.IP \fB@localstatedir@/lib/aide/aide.db\fR +.IP \fB@sysconfdir@/aide.db\fR Default aide database. -.IP \fB@localstatedir@/lib/aide/aide.db.new\fR +.IP \fB@sysconfdir@/aide.db.new\fR Default aide output database. .SH SEE ALSO .BR aide.conf (5) diff --git a/doc/aide.conf.5.in b/doc/aide.conf.5.in index bb88d1d..0ca8f6b 100644 --- a/doc/aide.conf.5.in +++ b/doc/aide.conf.5.in @@ -57,25 +57,6 @@ inclusive. This parameter can only be given once. Value from the first occurrence is used. If \-\-verbose or \-V is used then the value from that is used. The default is 5. If verbosity is 20 then additional report output is written when doing \-\-check, \-\-update or \-\-compare. -.IP "syslog_format" -Valid values are yes,true,no and false. This option enables new syslog format -which is suitable for logging. Every change is logged as one simple line. This option -changes verbose level to 0 and prints everything that was changed. It is suggested -to use this option with "report_url=syslog:...". Default value is "false/no". -Maximum size of message is 1KB which is limitation of syslog call. If message is -greater than limit, message will be truncated. -Option summarize_changes has no impact for this format. -.nf -.eo - -Output always starts with: -"AIDE found differences between database and filesystem!!" -And it is followed by summary: -summary;total_number_of_files=1000;added_files=0;removed_files=0;changed_files=1 -And finally there are logs about changes: -dir=/usr/sbin;Mtime_old=0000-00-00 00:00:00;Mtime_new=0000-00-00 00:00:00;... -.ec -.fi .IP "report_url" The url that the output is written to. There can be multiple instances of this parameter. Output is written to all of them. The default is diff --git a/include/be.h b/include/be.h index ab310fc..bacf29f 100644 --- a/include/be.h +++ b/include/be.h @@ -22,6 +22,6 @@ #define _BE_H_INCLUDED #include "db_config.h" -void* be_init(int inout,url_t* u,int iszipped); +FILE* be_init(int inout,url_t* u,int iszipped); #endif /* _BE_H_INCLUDED */ diff --git a/include/db_config.h b/include/db_config.h index 6ab6c4e..e92fe1c 100644 --- a/include/db_config.h +++ b/include/db_config.h @@ -311,7 +311,6 @@ typedef struct db_config { FILE* db_out; int config_check; - int syslog_format; struct md_container *mdc_in; struct md_container *mdc_out; @@ -376,7 +375,7 @@ typedef struct db_config { #endif url_t* initial_report_url; - void* initial_report_fd; + FILE* initial_report_fd; /* report_url is a list of url_t*s */ list* report_url; diff --git a/include/md.h b/include/md.h index a9ae0a2..84679ad 100644 --- a/include/md.h +++ b/include/md.h @@ -149,7 +149,6 @@ int init_md(struct md_container*); int update_md(struct md_container*,void*,ssize_t); int close_md(struct md_container*); void md2line(struct md_container*,struct db_line*); -DB_ATTR_TYPE get_available_crypto(); #endif /*_MD_H_INCLUDED*/ diff --git a/src/aide.c b/src/aide.c index 8dd38b7..f85c1b4 100644 --- a/src/aide.c +++ b/src/aide.c @@ -278,12 +278,11 @@ static void setdefaults_before_config() error(0,_("Couldn't get hostname")); free(s); } else { - // s=(char*)realloc((void*)s,strlen(s)+1); + s=(char*)realloc((void*)s,strlen(s)+1); do_define("HOSTNAME",s); } /* Setting some defaults */ - conf->syslog_format=0; conf->report_db=0; conf->tree=NULL; conf->config_check=0; @@ -349,7 +348,7 @@ static void setdefaults_before_config() conf->db_attrs = 0; #if defined(WITH_MHASH) || defined(WITH_GCRYPT) - conf->db_attrs |= get_available_crypto(); + conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512; #ifdef WITH_MHASH conf->db_attrs |= DB_GOST; #ifdef HAVE_MHASH_WHIRLPOOL @@ -496,16 +495,14 @@ static void setdefaults_after_config() if(conf->verbose_level==-1){ conf->verbose_level=5; } - if(conf->syslog_format==1){ - conf->verbose_level=0; - } - } int main(int argc,char**argv) { int errorno=0; + byte* dig=NULL; + char* digstr=NULL; #ifdef USE_LOCALE setlocale(LC_ALL,""); @@ -514,27 +511,8 @@ int main(int argc,char**argv) #endif umask(0177); init_sighandler(); - setdefaults_before_config(); - -#if WITH_GCRYPT - error(255,"Gcrypt library initialization\n"); - /* - * Initialize libgcrypt as per - * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html - * - * - */ - gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); - gcry_control(GCRYCTL_INIT_SECMEM, 1); - - if(!gcry_check_version(GCRYPT_VERSION)) { - error(0,"libgcrypt version mismatch\n"); - exit(VERSION_MISMATCH_ERROR); - } - - gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -#endif /* WITH_GCRYPT */ + setdefaults_before_config(); if(read_param(argc,argv)==RETFAIL){ error(0, _("Invalid argument\n") ); @@ -542,10 +520,6 @@ int main(int argc,char**argv) } errorno=commandconf('C',conf->config_file); - if (errorno==RETFAIL){ - error(0,_("Configuration error\n")); - exit(INVALID_CONFIGURELINE_ERROR); - } errorno=commandconf('D',""); if (errorno==RETFAIL){ @@ -596,9 +570,6 @@ int main(int argc,char**argv) } } #ifdef WITH_MHASH - byte* dig=NULL; - char* digstr=NULL; - if(conf->config_check&&FORCECONFIGMD){ error(0,"Can't give config checksum when compiled with --enable-forced_configmd\n"); exit(INVALID_ARGUMENT_ERROR); @@ -675,9 +646,6 @@ int main(int argc,char**argv) } #endif } -#ifdef WITH_GCRYPT - gcry_control(GCRYCTL_TERM_SECMEM, 0); -#endif /* WITH_GCRYPT */ return RETOK; } const char* aide_key_3=CONFHMACKEY_03; diff --git a/src/base64.c b/src/base64.c index 013a776..6c717fa 100644 --- a/src/base64.c +++ b/src/base64.c @@ -209,7 +209,6 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) case FAIL: error(3, "decode_base64: Illegal character: %c\n", *inb); error(230, "decode_base64: Illegal line:\n%s\n", src); - free(outbuf); return NULL; break; case SKIP: @@ -261,7 +260,7 @@ size_t length_base64(char* src,size_t ssize) int l; int left; size_t pos; - //unsigned long triple; + unsigned long triple; error(235, "decode base64\n"); /* Exit on empty input */ @@ -274,7 +273,7 @@ size_t length_base64(char* src,size_t ssize) inb = src; l = 0; - //triple = 0; + triple = 0; pos=0; left = ssize; /* @@ -294,7 +293,7 @@ size_t length_base64(char* src,size_t ssize) case SKIP: break; default: - //triple = triple<<6 | (0x3f & i); + triple = triple<<6 | (0x3f & i); l++; break; } @@ -303,10 +302,10 @@ size_t length_base64(char* src,size_t ssize) switch(l) { case 2: - //triple = triple>>4; + triple = triple>>4; break; case 3: - //triple = triple>>2; + triple = triple>>2; break; default: break; @@ -315,7 +314,7 @@ size_t length_base64(char* src,size_t ssize) { pos++; } - //triple = 0; + triple = 0; l = 0; } inb++; diff --git a/src/be.c b/src/be.c index 51838fc..054f821 100644 --- a/src/be.c +++ b/src/be.c @@ -117,9 +117,9 @@ static char* get_first_value(char** in){ #endif -void* be_init(int inout,url_t* u,int iszipped) +FILE* be_init(int inout,url_t* u,int iszipped) { - void* fh=NULL; + FILE* fh=NULL; long a=0; char* err=NULL; int fd; diff --git a/src/commandconf.c b/src/commandconf.c index 5be95ce..eb9e382 100644 --- a/src/commandconf.c +++ b/src/commandconf.c @@ -106,7 +106,7 @@ int commandconf(const char mode,const char* line) rv=0; } else { - if (config != NULL) rv=access(config,R_OK); + rv=access(config,R_OK); if(rv==-1){ error(0,_("Cannot access config file: %s: %s\n"),config,strerror(errno)); } @@ -166,11 +166,14 @@ int commandconf(const char mode,const char* line) int conf_input_wrapper(char* buf, int max_size, FILE* in) { int retval=0; + int c=0; + char* tmp=NULL; + void* key=NULL; + int keylen=0; /* FIXME Add support for gzipped config. :) */ #ifdef WITH_MHASH /* Read a character at a time until we are doing md */ - int c=0; if(conf->do_configmd){ retval=fread(buf,1,max_size,in); }else { @@ -182,9 +185,6 @@ int conf_input_wrapper(char* buf, int max_size, FILE* in) #endif #ifdef WITH_MHASH - char* tmp=NULL; - void* key=NULL; - int keylen=0; if(conf->do_configmd||conf->config_check){ if(((conf->do_configmd==1)&&conf->config_check)||!conf->confmd){ if(conf->do_configmd==1){ @@ -276,9 +276,6 @@ int db_input_wrapper(char* buf, int max_size, int db) #endif break; } - default: { - return 0; - } } #ifdef WITH_CURL @@ -654,6 +651,7 @@ int handle_endif(int doit,int allow_else){ case 0 : { conferror("@@endif or @@else expected"); return -1; + count=0; } default : { @@ -818,7 +816,6 @@ void do_dbdef(int dbtype,char* val) if(u==NULL||u->type==url_unknown||u->type==url_stdout ||u->type==url_stderr) { error(0,_("Unsupported input URL-type:%s\n"),val); - free(u); } else { *conf_db_url=u; @@ -828,7 +825,6 @@ void do_dbdef(int dbtype,char* val) case DB_WRITE: { if(u==NULL||u->type==url_unknown||u->type==url_stdin){ error(0,_("Unsupported output URL-type:%s\n"),val); - free(u); } else{ conf->db_out_url=u; @@ -852,7 +848,6 @@ void do_dbindef(char* val) if(u==NULL||u->type==url_unknown||u->type==url_stdout ||u->type==url_stderr) { error(0,_("Unsupported input URL-type:%s\n"),val); - free(u); } else { conf->db_in_url=u; @@ -874,7 +869,6 @@ void do_dboutdef(char* val) * both input and output urls */ if(u==NULL||u->type==url_unknown||u->type==url_stdin){ error(0,_("Unsupported output URL-type:%s\n"),val); - free(u); } else{ conf->db_out_url=u; @@ -900,8 +894,7 @@ void do_repurldef(char* val) } else { error_init(u,0); } - - free(u); + } void do_verbdef(char* val) @@ -991,7 +984,7 @@ void do_report_ignore_e2fsattrs(char* val) { break; } } - val++; + *val++; } } #endif diff --git a/src/compare_db.c b/src/compare_db.c index dcd7cd4..45b6f29 100644 --- a/src/compare_db.c +++ b/src/compare_db.c @@ -110,7 +110,7 @@ const DB_ATTR_TYPE details_attributes[] = { DB_FTYPE, DB_LINKNAME, DB_SIZE, DB_S #endif }; -const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") +const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") #ifdef WITH_MHASH , _("CRC32"), _("HAVAL"), _("GOST"), _("CRC32B"), _("WHIRLPOOL") #endif @@ -269,19 +269,12 @@ static int xattrs2array(xattrs_type* xattrs, char* **values) { if ((len == xattrs->ents[num - 1].vsz) || ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) { length = 8 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); (*values)[num]=malloc(length *sizeof(char)); - - char * fmt = "[%.*zd] %s = %s"; - if (conf->syslog_format) fmt = "[%.*zd]%s=%s"; // its smaller so it has to be enough space allocated. - snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); - + snprintf((*values)[num], length , "[%.*zd] %s = %s", width, num, xattrs->ents[num - 1].key, val); } else { val = encode_base64(xattrs->ents[num - 1].val, xattrs->ents[num - 1].vsz); length = 10 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); (*values)[num]=malloc( length *sizeof(char)); - - char * fmt = "[%.*zd] %s <=> %s"; - if (conf->syslog_format) fmt = "[%.*zd]%s<=>%s"; // its smaller so it has to be enough space allocated. - snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); + snprintf((*values)[num], length , "[%.*zd] %s <=> %s", width, num, xattrs->ents[num - 1].key, val); free(val); } } @@ -309,26 +302,6 @@ static int acl2array(acl_type* acl, char* **values) { } if (acl->acl_a || acl->acl_d) { int j, k, i; - if (conf->syslog_format) { - *values = malloc(2 * sizeof(char*)); - - char *A= "", *D = ""; - - if (acl->acl_a) { A = acl->acl_a; } - if (acl->acl_d) { D = acl->acl_d; } - - (*values)[0] = (char*) malloc(strlen(A) + 3); // "A:" and \0 - snprintf((*values)[0], strlen(A) + 3, "A:%s", A); - - (*values)[1] = (char*) malloc(strlen(D) + 3); // "D:" and \0 - snprintf((*values)[1], strlen(D) + 3, "D:%s", D); - - i = 0; while ( (*values)[0][i] ) { if ( (*values)[0][i]=='\n') { (*values)[0][i] = ' '; } i++; } - i = 0; while ( (*values)[1][i] ) { if ( (*values)[1][i]=='\n') { (*values)[1][i] = ' '; } i++; } - - return 2; - } - if (acl->acl_a) { i = 0; while (acl->acl_a[i]) { if (acl->acl_a[i++]=='\n') { n++; } } } if (acl->acl_d) { i = 0; while (acl->acl_d[i]) { if (acl->acl_d[i++]=='\n') { n++; } } } *values = malloc(n * sizeof(char*)); @@ -365,25 +338,25 @@ static char* e2fsattrs2string(unsigned long flags, int flags_only) { static char* get_file_type_string(mode_t mode) { switch (mode & S_IFMT) { - case S_IFREG: return conf->syslog_format ? "file" : _("File"); - case S_IFDIR: return conf->syslog_format ? "dir" : _("Directory"); + case S_IFREG: return _("File"); + case S_IFDIR: return _("Directory"); #ifdef S_IFIFO - case S_IFIFO: return conf->syslog_format ? "fifo" : _("FIFO"); + case S_IFIFO: return _("FIFO"); #endif - case S_IFLNK: return conf->syslog_format ? "link" : _("Link"); - case S_IFBLK: return conf->syslog_format ? "blockd" : _("Block device"); - case S_IFCHR: return conf->syslog_format ? "chard" : _("Character device"); + case S_IFLNK: return _("Link"); + case S_IFBLK: return _("Block device"); + case S_IFCHR: return _("Character device"); #ifdef S_IFSOCK - case S_IFSOCK: return conf->syslog_format ? "socket" : _("Socket"); + case S_IFSOCK: return _("Socket"); #endif #ifdef S_IFDOOR - case S_IFDOOR: return conf->syslog_format ? "door" : _("Door"); + case S_IFDOOR: return _("Door"); #endif #ifdef S_IFPORT - case S_IFPORT: return conf->syslog_format ? "port" : _("Port"); + case S_IFPORT: return _("Port"); #endif case 0: return NULL; - default: return conf->syslog_format ? "unknown" : _("Unknown file type"); + default: return _("Unknown file type"); } } @@ -438,11 +411,7 @@ snprintf(*values[0], l, "%s",s); } else { *values = malloc(1 * sizeof (char*)); if (DB_FTYPE&attr) { - char *file_type = get_file_type_string(line->perm); - if (!file_type) { - error(2,"%s: ", file_type); - } - easy_string(file_type) + easy_string(get_file_type_string(line->perm)) } else if (DB_LINKNAME&attr) { easy_string(line->linkname) easy_number((DB_SIZE|DB_SIZEG),size,"%li") @@ -585,51 +554,6 @@ static void print_dbline_attributes(db_line* oline, db_line* nline, DB_ATTR_TYPE } } - -static void print_dbline_attributes_syslog(db_line* oline, db_line* nline, DB_ATTR_TYPE - changed_attrs, DB_ATTR_TYPE force_attrs) { - char **ovalue, **nvalue; - int onumber, nnumber, i, j; - int length = sizeof(details_attributes)/sizeof(DB_ATTR_TYPE); - DB_ATTR_TYPE attrs; - char *file_type = get_file_type_string((nline==NULL?oline:nline)->perm); - if (file_type) { - error(0,"%s=", file_type); - } - error(0,"%s", (nline==NULL?oline:nline)->filename); - attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs); - for (j=0; j < length; ++j) { - if (details_attributes[j]&attrs) { - onumber=get_attribute_values(details_attributes[j], oline, &ovalue); - nnumber=get_attribute_values(details_attributes[j], nline, &nvalue); - - if (details_attributes[j] == DB_ACL || details_attributes[j] == DB_XATTRS) { - - error(0, ";%s_old=|", details_string[j]); - - for (i = 0 ; i < onumber ; i++) { - error(0, "%s|", ovalue[i]); - } - - error(0, ";%s_new=|", details_string[j]); - - for (i = 0 ; i < nnumber ; i++) { - error(0, "%s|", nvalue[i]); - } - - } else { - - error(0, ";%s_old=%s;%s_new=%s", details_string[j], *ovalue, details_string[j], *nvalue); - - } - - for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL; - for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL; - } - } - error(0, "\n"); -} - static void print_attributes_added_node(db_line* line) { print_dbline_attributes(NULL, line, 0, line->attr); } @@ -638,26 +562,6 @@ static void print_attributes_removed_node(db_line* line) { print_dbline_attributes(line, NULL, 0, line->attr); } -static void print_attributes_added_node_syslog(db_line* line) { - - char *file_type = get_file_type_string(line->perm); - if (file_type) { - error(0,"%s=", file_type); - } - error(0,"%s; added\n", line->filename); - -} - -static void print_attributes_removed_node_syslog(db_line* line) { - - char *file_type = get_file_type_string(line->perm); - if (file_type) { - error(0,"%s=", file_type); - } - error(0,"%s; removed\n", line->filename); - -} - static void terse_report(seltree* node) { list* r=NULL; if ((node->checked&(DB_OLD|DB_NEW)) != 0) { @@ -722,26 +626,6 @@ static void print_report_details(seltree* node) { } } -static void print_syslog_format(seltree* node) { - list* r=NULL; - - if (node->checked&NODE_CHANGED) { - print_dbline_attributes_syslog(node->old_data, node->new_data, node->changed_attrs, forced_attrs); - } - - if (node->checked&NODE_ADDED) { - print_attributes_added_node_syslog(node->new_data); - } - - if (node->checked&NODE_REMOVED) { - print_attributes_removed_node_syslog(node->old_data); - } - - for(r=node->childs;r;r=r->next){ - print_syslog_format((seltree*)r->data); - } -} - static void print_report_header() { char *time; int first = 1; @@ -863,53 +747,39 @@ int gen_report(seltree* node) { send_audit_report(); #endif if ((nadd|nrem|nchg) > 0 || conf->report_quiet == 0) { - - if (!conf->syslog_format) { - print_report_header(); + print_report_header(); + if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { + if (conf->grouped) { + if (nadd) { + error(2,(char*)report_top_format,_("Added entries")); + print_report_list(node, NODE_ADDED); } - - if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { - if (!conf->syslog_format && conf->grouped) { - if (nadd) { - error(2,(char*)report_top_format,_("Added entries")); - print_report_list(node, NODE_ADDED); - } - if (nrem) { - error(2,(char*)report_top_format,_("Removed entries")); - print_report_list(node, NODE_REMOVED); - } - if (nchg) { - error(2,(char*)report_top_format,_("Changed entries")); - print_report_list(node, NODE_CHANGED); - } - } else if (!conf->syslog_format && ( nadd || nrem || nchg ) ) { - if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } - else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } - else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } - else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } - else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } - else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } - else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } - print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); - } - if (nadd || nrem || nchg) { - if (!conf->syslog_format) { - error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); - print_report_details(node); - } else { - /* Syslog Format */ - error(0, "AIDE found differences between database and filesystem!!\n"); - error(0, "summary;total_number_of_files=%ld;added_files=%ld;" - "removed_files=%ld;changed_files=%ld\n",ntotal,nadd,nrem,nchg); - print_syslog_format(node); - } - } + if (nrem) { + error(2,(char*)report_top_format,_("Removed entries")); + print_report_list(node, NODE_REMOVED); } - if (!conf->syslog_format) { - print_report_databases(); - conf->end_time=time(&(conf->end_time)); - print_report_footer(); + if (nchg) { + error(2,(char*)report_top_format,_("Changed entries")); + print_report_list(node, NODE_CHANGED); } + } else if (nadd || nrem || nchg) { + if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } + else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } + else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } + else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } + else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } + else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } + else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } + print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); + } + if (nadd || nrem || nchg) { + error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); + print_report_details(node); + } + } + print_report_databases(); + conf->end_time=time(&(conf->end_time)); + print_report_footer(); } return conf->action&(DO_COMPARE|DO_DIFF) ? (nadd!=0)*1+(nrem!=0)*2+(nchg!=0)*4 : 0; diff --git a/src/conf_lex.l b/src/conf_lex.l index b00e028..b08d7a7 100644 --- a/src/conf_lex.l +++ b/src/conf_lex.l @@ -133,7 +133,7 @@ int var_in_conflval=0; [\ \t]*\n { conf_lineno++; return (TNEWLINE); -// BEGIN 0; + BEGIN 0; } \+ { @@ -401,12 +401,6 @@ int var_in_conflval=0; return (TROOT_PREFIX); } -^[\t\ ]*"syslog_format"{E} { - error(230,"%li:syslog_format =\n",conf_lineno); - BEGIN CONFVALHUNT; - return (SYSLOG_FORMAT); -} - ^[\t\ ]*"recstop"{E} { error(230,"%li:recstop =\n",conf_lineno); BEGIN CONFVALHUNT; diff --git a/src/conf_yacc.y b/src/conf_yacc.y index 3383695..99d0433 100644 --- a/src/conf_yacc.y +++ b/src/conf_yacc.y @@ -89,7 +89,6 @@ extern long conf_lineno; %token TREPORT_URL %token TGZIPDBOUT %token TROOT_PREFIX -%token SYSLOG_FORMAT %token TUMASK %token TTRUE %token TFALSE @@ -161,7 +160,7 @@ line : rule | equrule | negrule | definestmt | undefstmt | ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt | groupdef | db_in | db_out | db_new | db_attrs | verbose | report_detailed_init | config_version | database_add_metadata | report | gzipdbout | root_prefix | report_base16 | report_quiet - | report_ignore_e2fsattrs | syslogformat | recursion_stopper | warn_dead_symlinks | grouped + | report_ignore_e2fsattrs | recursion_stopper | warn_dead_symlinks | grouped | summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt | TEOF { newlinelastinconfig=1; @@ -409,15 +408,6 @@ conf->gzip_dbout=0; #endif } ; -syslogformat : SYSLOG_FORMAT TTRUE { -conf->syslog_format=1; -} | - SYSLOG_FORMAT TFALSE { -conf->syslog_format=0; -} ; - - - recursion_stopper : TRECSTOP TSTRING { /* FIXME implement me */ diff --git a/src/db.c b/src/db.c index 73e5f05..dd133d4 100644 --- a/src/db.c +++ b/src/db.c @@ -27,7 +27,6 @@ #include "db_file.h" #include "db_disk.h" #include "md.h" -#include "fopen.h" #ifdef WITH_PSQL #include "db_sql.h" @@ -270,9 +269,6 @@ db_line* db_readline(int db){ db_order=&(conf->db_new_order); break; } - default: { - return NULL; - } } switch (db_url->type) { @@ -372,7 +368,7 @@ db_line* db_char2line(char** ss,int db){ int i; db_line* line=(db_line*)malloc(sizeof(db_line)*1); - int* db_osize=NULL; + int* db_osize=0; DB_FIELD** db_order=NULL; switch (db) { @@ -386,10 +382,6 @@ db_line* db_char2line(char** ss,int db){ db_order=&(conf->db_new_order); break; } - default: { - free(line); - return NULL; - } } @@ -609,9 +601,7 @@ db_line* db_char2line(char** ss,int db){ size_t vsz = 0; tval = strtok(NULL, ","); - char * tmp = strdup(tval); - line->xattrs->ents[num].key = db_readchar(tmp); - free(tmp); + line->xattrs->ents[num].key = db_readchar(strdup(tval)); tval = strtok(NULL, ","); val = base64tobyte(tval, strlen(tval), &vsz); line->xattrs->ents[num].val = val; @@ -658,8 +648,6 @@ db_line* db_char2line(char** ss,int db){ default : { error(0,_("Not implemented in db_char2line %i \n"),(*db_order)[i]); - free_db_line(line); - free(line); return NULL; } @@ -838,7 +826,7 @@ void db_close() { case url_ftp: { if (conf->db_out!=NULL) { - url_fclose((URL_FILE*)conf->db_out); + url_fclose(conf->db_out); } break; } diff --git a/src/db_disk.c b/src/db_disk.c index 1b08d07..47e3e3e 100644 --- a/src/db_disk.c +++ b/src/db_disk.c @@ -79,15 +79,9 @@ static DIR *open_dir(char* path) { static void next_in_dir (void) { - #ifdef HAVE_READDIR_R - if (dirh != NULL) { -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + if (dirh != NULL) rdres = AIDE_READDIR_R_FUNC (dirh, entp, resp); -#pragma GCC diagnostic pop - } - #else #ifdef HAVE_READDIR if (dirh != NULL) { diff --git a/src/db_file.c b/src/db_file.c index c7265aa..94bd16d 100644 --- a/src/db_file.c +++ b/src/db_file.c @@ -171,7 +171,7 @@ int dofprintf( const char* s,...) int db_file_read_spec(int db){ int i=0; - int* db_osize=NULL; + int* db_osize=0; DB_FIELD** db_order=NULL; switch (db) { @@ -187,17 +187,10 @@ int db_file_read_spec(int db){ db_lineno=&db_new_lineno; break; } - default: { - return RETFAIL; - } } *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD)); - if (*db_order == NULL){ - error(1,"malloc for *db_order failed in %s", __func__); - } - while ((i=db_scan())!=TNEWLINE){ switch (i) { @@ -205,10 +198,13 @@ int db_file_read_spec(int db){ int l; - void * tmp = realloc((void*)*db_order, + /* Yes... we do not check if realloc returns nonnull */ + + *db_order=(DB_FIELD*) + realloc((void*)*db_order, ((*db_osize)+1)*sizeof(DB_FIELD)); - if (tmp != NULL) *db_order=(DB_FIELD*) tmp; - else { + + if(*db_order==NULL){ return RETFAIL; } @@ -295,8 +291,8 @@ char** db_readline_file(int db){ int* domd=NULL; #ifdef WITH_MHASH MHASH* md=NULL; - char** oldmdstr=NULL; #endif + char** oldmdstr=NULL; int* db_osize=0; DB_FIELD** db_order=NULL; FILE** db_filep=NULL; @@ -306,9 +302,9 @@ char** db_readline_file(int db){ case DB_OLD: { #ifdef WITH_MHASH md=&(conf->dboldmd); - oldmdstr=&(conf->old_dboldmdstr); #endif domd=&(conf->do_dboldmd); + oldmdstr=&(conf->old_dboldmdstr); db_osize=&(conf->db_in_size); db_order=&(conf->db_in_order); @@ -320,9 +316,9 @@ char** db_readline_file(int db){ case DB_NEW: { #ifdef WITH_MHASH md=&(conf->dbnewmd); - oldmdstr=&(conf->old_dbnewmdstr); #endif domd=&(conf->do_dbnewmd); + oldmdstr=&(conf->old_dbnewmdstr); db_osize=&(conf->db_new_size); db_order=&(conf->db_new_order); @@ -332,9 +328,7 @@ char** db_readline_file(int db){ break; } } - - if (db_osize == NULL) return NULL; - + if (*db_osize==0) { db_buff(db,*db_filep); @@ -743,6 +737,8 @@ int db_writespec_file(db_config* dbconf) int i=0; int j=0; int retval=1; + void*key=NULL; + int keylen=0; struct tm* st; time_t tim=time(&tim); st=localtime(&tim); @@ -754,8 +750,6 @@ int db_writespec_file(db_config* dbconf) #ifdef WITH_MHASH /* From hereon everything must MD'd before write to db */ - void*key=NULL; - int keylen=0; if((key=get_db_key())!=NULL){ keylen=get_db_key_len(); dbconf->do_dbnewmd=1; diff --git a/src/do_md.c b/src/do_md.c index 77d2e15..bc06e62 100644 --- a/src/do_md.c +++ b/src/do_md.c @@ -101,13 +101,8 @@ int is_prelinked(int fd) { continue; while (!bingo && (data = elf_getdata (scn, data)) != NULL) { - int maxndx; + int maxndx = data->d_size / shdr.sh_entsize; int ndx; - - if (shdr.sh_entsize != 0) - maxndx = data->d_size / shdr.sh_entsize; - else - continue; for (ndx = 0; ndx < maxndx; ++ndx) { (void) gelf_getdyn (data, ndx, &dyn); @@ -207,6 +202,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_fs,db_line* line) { and we don't read from a pipe :) */ struct AIDE_STAT_TYPE fs; + int sres=0; int stat_diff,filedes; #ifdef WITH_PRELINK pid_t pid; @@ -241,7 +237,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_fs,db_line* line) { return; } - AIDE_FSTAT_FUNC(filedes,&fs); + sres=AIDE_FSTAT_FUNC(filedes,&fs); if(!(line->attr&DB_RDEV)) fs.st_rdev=0; @@ -335,7 +331,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_fs,db_line* line) { } #endif #endif /* not HAVE_MMAP */ -// buf=malloc(READ_BLOCK_SIZE); + buf=malloc(READ_BLOCK_SIZE); #if READ_BLOCK_SIZE>SSIZE_MAX #error "READ_BLOCK_SIZE" is too large. Max value is SSIZE_MAX, and current is READ_BLOCK_SIZE #endif diff --git a/src/error.c b/src/error.c index 3ccde18..21533d2 100644 --- a/src/error.c +++ b/src/error.c @@ -38,9 +38,6 @@ /*for locale support*/ #include "util.h" -#define MAX_BUFFER_SIZE 1024 -static char syslog_buffer[MAX_BUFFER_SIZE+1]; - int cmp_url(url_t* url1,url_t* url2){ return ((url1->type==url2->type)&&(strcmp(url1->value,url2->value)==0)); @@ -51,9 +48,7 @@ int error_init(url_t* url,int initial) { list* r=NULL; FILE* fh=NULL; - int sfac; - - memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); + int sfac; if (url->type==url_database) { conf->report_db++; @@ -168,24 +163,13 @@ void error(int errorlevel,char* error_msg,...) } #ifdef HAVE_SYSLOG if(conf->initial_report_url->type==url_syslog){ - - char buff[MAX_BUFFER_SIZE+1]; - vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); - size_t buff_len = strlen(buff); - - char result_buff[MAX_BUFFER_SIZE+1]; -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wformat-truncation" - snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); -#pragma GCC diagnostic pop - - if(buff[buff_len-1] == '\n'){ - syslog(SYSLOG_PRIORITY,"%s",result_buff); - memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); - } else { - memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); - } - +#ifdef HAVE_VSYSLOG + vsyslog(SYSLOG_PRIORITY,error_msg,ap); +#else + char buf[1024]; + vsnprintf(buf,1024,error_msg,ap); + syslog(SYSLOG_PRIORITY,"%s",buf); +#endif va_end(ap); return; } @@ -197,25 +181,17 @@ void error(int errorlevel,char* error_msg,...) #ifdef HAVE_SYSLOG if (conf->report_syslog!=0) { - va_start(ap, error_msg); - - char buff[MAX_BUFFER_SIZE+1]; - vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); - size_t buff_len = strlen(buff); - - char result_buff[MAX_BUFFER_SIZE+1]; -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wformat-truncation" - snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); -#pragma GCC diagnostic pop - - if(buff[buff_len-1] == '\n'){ - syslog(SYSLOG_PRIORITY,"%s",result_buff); - memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); - } else { - memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); - } +#ifdef HAVE_VSYSLOG + va_start(ap,error_msg); + vsyslog(SYSLOG_PRIORITY,error_msg,ap); + va_end(ap); +#else + char buf[1024]; + va_start(ap,error_msg); + vsnprintf(buf,1024,error_msg,ap); va_end(ap); + syslog(SYSLOG_PRIORITY,"%s",buf); +#endif } #endif diff --git a/src/gen_list.c b/src/gen_list.c index ab25781..8164936 100644 --- a/src/gen_list.c +++ b/src/gen_list.c @@ -843,15 +843,15 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db, DB_ATTR_TYPE localignorelist=0; DB_ATTR_TYPE ignored_added_attrs, ignored_removed_attrs, ignored_changed_attrs; - if(file==NULL){ - error(0, "add_file_to_tree was called with NULL db_line\n"); - } - node=get_seltree_node(tree,file->filename); if(!node){ node=new_seltree_node(tree,file->filename,0,NULL); } + + if(file==NULL){ + error(0, "add_file_to_tree was called with NULL db_line\n"); + } /* add note to this node which db has modified it */ node->checked|=db; diff --git a/src/md.c b/src/md.c index 7ac956d..98e7816 100644 --- a/src/md.c +++ b/src/md.c @@ -36,8 +36,8 @@ */ DB_ATTR_TYPE hash_gcrypt2attr(int i) { -#ifdef WITH_GCRYPT DB_ATTR_TYPE r=0; +#ifdef WITH_GCRYPT switch (i) { case GCRY_MD_MD5: { r=DB_MD5; @@ -74,62 +74,13 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { default: break; } - return r; -#else /* !WITH_GCRYPT */ - return 0; #endif -} - -const char * hash_gcrypt2str(int i) { -#ifdef WITH_GCRYPT - char * r = "?"; - switch (i) { - case GCRY_MD_MD5: { - r = "MD5"; - break; - } - case GCRY_MD_SHA1: { - r = "SHA1"; - break; - } - case GCRY_MD_RMD160: { - r = "RMD160"; - break; - } - case GCRY_MD_TIGER: { - r = "TIGER"; - break; - } - case GCRY_MD_HAVAL: { - r = "HAVAL"; - break; - } - case GCRY_MD_SHA256: { - r = "SHA256"; - break; - } - case GCRY_MD_SHA512: { - r = "SHA512"; - break; - } - case GCRY_MD_CRC32: { - r = "CRC32"; - break; - } - default: - break; - } return r; -#else /* !WITH_GCRYPT */ - return "?"; -#endif } -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-parameter" DB_ATTR_TYPE hash_mhash2attr(int i) { -#ifdef WITH_MHASH DB_ATTR_TYPE r=0; +#ifdef WITH_MHASH switch (i) { case MHASH_CRC32: { r=DB_CRC32; @@ -204,57 +155,14 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { default: break; } - - return r; -#else /*!WITH_MHASH */ - return 0; #endif + return r; } -#pragma GCC diagnostic pop - /* Initialise md_container according it's todo_attr field */ -DB_ATTR_TYPE get_available_crypto() { - - DB_ATTR_TYPE ret = 0; - -/* - * This function is usually called before config processing - * and default verbose level is 5 - */ -#define lvl 255 - - error(lvl, "get_available_crypto called\n"); - -#ifdef WITH_GCRYPT - - /* - * some initialization for FIPS - */ - gcry_check_version(NULL); - error(lvl, "Found algos:"); - - for(int i=0;i<=HASH_GCRYPT_COUNT;i++) { - - if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 ) - continue; - - if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) { - ret |= hash_gcrypt2attr(i); - error(lvl, " %s", hash_gcrypt2str(i)); - } - } - error(lvl, "\n"); - -#endif - - error(lvl, "get_available_crypto_returned with %lld\n", ret); - return ret; -} - int init_md(struct md_container* md) { int i; @@ -293,27 +201,25 @@ int init_md(struct md_container* md) { } #endif #ifdef WITH_GCRYPT - if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(255,"Gcrypt library initialization\n"); + if(!gcry_check_version(GCRYPT_VERSION)) { + error(0,"libgcrypt version mismatch\n"); + exit(VERSION_MISMATCH_ERROR); + } + gcry_control(GCRYCTL_DISABLE_SECMEM, 0); + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ error(0,"gcrypt_md_open failed\n"); exit(IO_ERROR); } for(i=0;i<=HASH_GCRYPT_COUNT;i++) { - - if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) { - - DB_ATTR_TYPE h=hash_gcrypt2attr(i); - - if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) { - error(0,"Algo %s is not available\n", hash_gcrypt2str(i)); - exit(-1); - } - - error(255,"inserting %llu\n",h); + DB_ATTR_TYPE h=hash_gcrypt2attr(i); + error(255,"inserting %llu\n",h); if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ md->calc_attr|=h; } else { - error(0,"gcry_md_enable %i failed\n",i); + error(0,"gcry_md_enable %i failed",i); md->todo_attr&=~h; } } @@ -328,6 +234,7 @@ int init_md(struct md_container* md) { */ int update_md(struct md_container* md,void* data,ssize_t size) { + int i; error(255,"update_md called\n"); @@ -338,7 +245,6 @@ int update_md(struct md_container* md,void* data,ssize_t size) { #endif #ifdef WITH_MHASH - int i; for(i=0;i<=HASH_MHASH_COUNT;i++) { if (md->mhash_mdh[i]!=MHASH_FAILED) { @@ -359,6 +265,7 @@ int update_md(struct md_container* md,void* data,ssize_t size) { */ int close_md(struct md_container* md) { + int i; #ifdef _PARAMETER_CHECK_ if (md==NULL) { return RETFAIL; @@ -366,7 +273,6 @@ int close_md(struct md_container* md) { #endif error(255,"close_md called \n"); #ifdef WITH_MHASH - int i; for(i=0;i<=HASH_MHASH_COUNT;i++) { if (md->mhash_mdh[i]!=MHASH_FAILED) { mhash (md->mhash_mdh[i], NULL, 0); @@ -393,7 +299,7 @@ int close_md(struct md_container* md) { /*. There might be more hashes in the library. Add those here.. */ - gcry_md_close(md->mdh); + gcry_md_reset(md->mdh); #endif #ifdef WITH_MHASH diff --git a/src/util.c b/src/util.c index 525eab5..ea43827 100644 --- a/src/util.c +++ b/src/util.c @@ -105,15 +105,13 @@ url_t* parse_url(char* val) for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++); if(r[0]=='\0'){ error(0,"Invalid file-URL,no path after hostname: file:%s\n",t); - free(hostname); return NULL; } u->value=strdup(r); r[0]='\0'; if(gethostname(hostname,MAXHOSTNAMELEN)==-1){ - strncpy(hostname,"localhost", 10); + strncpy(hostname,"localhost", 10); } - if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){ free(hostname); break; @@ -122,7 +120,7 @@ url_t* parse_url(char* val) free(hostname); return NULL; } - + free(hostname); break; } u->value=strdup(r); @@ -521,5 +519,28 @@ int syslog_facility_lookup(char *s) return(AIDE_SYSLOG_FACILITY); } +/* We need these dummy stubs to fool the linker into believing that + we do not need them at link time */ + +void* dlopen(char*filename,int flag) +{ + return NULL; +} + +void* dlsym(void*handle,char*symbol) +{ + return NULL; +} + +void* dlclose(void*handle) +{ + return NULL; +} + +const char* dlerror(void) +{ + return NULL; +} + const char* aide_key_2=CONFHMACKEY_02; const char* db_key_2=DBHMACKEY_02;