1 /* @(#) $Id: ./src/shared/file_op.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
14 /* Functions to handle operation with files
24 /* Vista product information. */
26 #ifndef PRODUCT_UNLICENSED
27 #define PRODUCT_UNLICENSED 0xABCDABCD
29 #ifndef PRODUCT_UNLICENSED_C
30 #define PRODUCT_UNLICENSED_C "Product Unlicensed "
33 #ifndef PRODUCT_BUSINESS
34 #define PRODUCT_BUSINESS 0x00000006
36 #ifndef PRODUCT_BUSINESS_C
37 #define PRODUCT_BUSINESS_C "Business Edition "
40 #ifndef PRODUCT_BUSINESS_N
41 #define PRODUCT_BUSINESS_N 0x00000010
43 #ifndef PRODUCT_BUSINESS_N_C
44 #define PRODUCT_BUSINESS_N_C "Business Edition "
47 #ifndef PRODUCT_CLUSTER_SERVER
48 #define PRODUCT_CLUSTER_SERVER 0x00000012
50 #ifndef PRODUCT_CLUSTER_SERVER_C
51 #define PRODUCT_CLUSTER_SERVER_C "Cluster Server Edition "
54 #ifndef PRODUCT_DATACENTER_SERVER
55 #define PRODUCT_DATACENTER_SERVER 0x00000008
57 #ifndef PRODUCT_DATACENTER_SERVER_C
58 #define PRODUCT_DATACENTER_SERVER_C "Datacenter Edition (full) "
61 #ifndef PRODUCT_DATACENTER_SERVER_CORE
62 #define PRODUCT_DATACENTER_SERVER_CORE 0x0000000C
64 #ifndef PRODUCT_DATACENTER_SERVER_CORE_C
65 #define PRODUCT_DATACENTER_SERVER_CORE_C "Datacenter Edition (core) "
68 #ifndef PRODUCT_DATACENTER_SERVER_CORE_V
69 #define PRODUCT_DATACENTER_SERVER_CORE_V 0x00000027
71 #ifndef PRODUCT_DATACENTER_SERVER_CORE_V_C
72 #define PRODUCT_DATACENTER_SERVER_CORE_V_C "Datacenter Edition (core) "
75 #ifndef PRODUCT_DATACENTER_SERVER_V
76 #define PRODUCT_DATACENTER_SERVER_V 0x00000025
78 #ifndef PRODUCT_DATACENTER_SERVER_V_C
79 #define PRODUCT_DATACENTER_SERVER_V_C "Datacenter Edition (full) "
82 #ifndef PRODUCT_ENTERPRISE
83 #define PRODUCT_ENTERPRISE 0x00000004
85 #ifndef PRODUCT_ENTERPRISE_C
86 #define PRODUCT_ENTERPRISE_C "Enterprise Edition "
89 #ifndef PRODUCT_ENTERPRISE_N
90 #define PRODUCT_ENTERPRISE_N 0x0000001B
92 #ifndef PRODUCT_ENTERPRISE_N_C
93 #define PRODUCT_ENTERPRISE_N_C "Enterprise Edition "
96 #ifndef PRODUCT_ENTERPRISE_SERVER
97 #define PRODUCT_ENTERPRISE_SERVER 0x0000000A
99 #ifndef PRODUCT_ENTERPRISE_SERVER_C
100 #define PRODUCT_ENTERPRISE_SERVER_C "Enterprise Edition (full) "
103 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE
104 #define PRODUCT_ENTERPRISE_SERVER_CORE 0x0000000E
106 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_C
107 #define PRODUCT_ENTERPRISE_SERVER_CORE_C "Enterprise Edition (core) "
110 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V
111 #define PRODUCT_ENTERPRISE_SERVER_CORE_V 0x00000029
113 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V_C
114 #define PRODUCT_ENTERPRISE_SERVER_CORE_V_C "Enterprise Edition (core) "
117 #ifndef PRODUCT_ENTERPRISE_SERVER_IA64
118 #define PRODUCT_ENTERPRISE_SERVER_IA64 0x0000000F
120 #ifndef PRODUCT_ENTERPRISE_SERVER_IA64_C
121 #define PRODUCT_ENTERPRISE_SERVER_IA64_C "Enterprise Edition for Itanium-based Systems "
124 #ifndef PRODUCT_ENTERPRISE_SERVER_V
125 #define PRODUCT_ENTERPRISE_SERVER_V 0x00000026
127 #ifndef PRODUCT_ENTERPRISE_SERVER_V_C
128 #define PRODUCT_ENTERPRISE_SERVER_V_C "Enterprise Edition (full) "
131 #ifndef PRODUCT_HOME_BASIC
132 #define PRODUCT_HOME_BASIC 0x00000002
134 #ifndef PRODUCT_HOME_BASIC_C
135 #define PRODUCT_HOME_BASIC_C "Home Basic Edition "
138 #ifndef PRODUCT_HOME_BASIC_N
139 #define PRODUCT_HOME_BASIC_N 0x00000005
141 #ifndef PRODUCT_HOME_BASIC_N_C
142 #define PRODUCT_HOME_BASIC_N_C "Home Basic Edition "
145 #ifndef PRODUCT_HOME_PREMIUM
146 #define PRODUCT_HOME_PREMIUM 0x00000003
148 #ifndef PRODUCT_HOME_PREMIUM_C
149 #define PRODUCT_HOME_PREMIUM_C "Home Premium Edition "
152 #ifndef PRODUCT_HOME_PREMIUM_N
153 #define PRODUCT_HOME_PREMIUM_N 0x0000001A
155 #ifndef PRODUCT_HOME_PREMIUM_N_C
156 #define PRODUCT_HOME_PREMIUM_N_C "Home Premium Edition "
159 #ifndef PRODUCT_HOME_SERVER
160 #define PRODUCT_HOME_SERVER 0x00000013
162 #ifndef PRODUCT_HOME_SERVER_C
163 #define PRODUCT_HOME_SERVER_C "Home Server Edition "
166 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT
167 #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT 0x0000001E
169 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C
170 #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C "Essential Business Server Management Server "
173 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING
174 #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING 0x00000020
176 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C
177 #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C "Essential Business Server Messaging Server "
180 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY
181 #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY 0x0000001F
183 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C
184 #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C "Essential Business Server Security Server "
187 #ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS
188 #define PRODUCT_SERVER_FOR_SMALLBUSINESS 0x00000018
190 #ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS_C
191 #define PRODUCT_SERVER_FOR_SMALLBUSINESS_C "Small Business Edition "
194 #ifndef PRODUCT_SMALLBUSINESS_SERVER
195 #define PRODUCT_SMALLBUSINESS_SERVER 0x00000009
197 #ifndef PRODUCT_SMALLBUSINESS_SERVER_C
198 #define PRODUCT_SMALLBUSINESS_SERVER_C "Small Business Server "
201 #ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM
202 #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM 0x00000019
204 #ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C
205 #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C "Small Business Server Premium Edition "
208 #ifndef PRODUCT_STANDARD_SERVER
209 #define PRODUCT_STANDARD_SERVER 0x00000007
211 #ifndef PRODUCT_STANDARD_SERVER_C
212 #define PRODUCT_STANDARD_SERVER_C "Standard Edition "
215 #ifndef PRODUCT_STANDARD_SERVER_CORE
216 #define PRODUCT_STANDARD_SERVER_CORE 0x0000000D
218 #ifndef PRODUCT_STANDARD_SERVER_CORE_C
219 #define PRODUCT_STANDARD_SERVER_CORE_C "Standard Edition (core) "
222 #ifndef PRODUCT_STANDARD_SERVER_CORE_V
223 #define PRODUCT_STANDARD_SERVER_CORE_V 0x00000028
225 #ifndef PRODUCT_STANDARD_SERVER_CORE_V_C
226 #define PRODUCT_STANDARD_SERVER_CORE_V_C "Standard Edition "
229 #ifndef PRODUCT_STANDARD_SERVER_V
230 #define PRODUCT_STANDARD_SERVER_V 0x00000024
232 #ifndef PRODUCT_STANDARD_SERVER_V_C
233 #define PRODUCT_STANDARD_SERVER_V_C "Standard Edition "
236 #ifndef PRODUCT_STARTER
237 #define PRODUCT_STARTER 0x0000000B
239 #ifndef PRODUCT_STARTER_C
240 #define PRODUCT_STARTER_C "Starter Edition "
243 #ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER
244 #define PRODUCT_STORAGE_ENTERPRISE_SERVER 0x00000017
246 #ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER_C
247 #define PRODUCT_STORAGE_ENTERPRISE_SERVER_C "Storage Server Enterprise Edition "
250 #ifndef PRODUCT_STORAGE_EXPRESS_SERVER
251 #define PRODUCT_STORAGE_EXPRESS_SERVER 0x00000014
253 #ifndef PRODUCT_STORAGE_EXPRESS_SERVER_C
254 #define PRODUCT_STORAGE_EXPRESS_SERVER_C "Storage Server Express Edition "
257 #ifndef PRODUCT_STORAGE_STANDARD_SERVER
258 #define PRODUCT_STORAGE_STANDARD_SERVER 0x00000015
260 #ifndef PRODUCT_STORAGE_STANDARD_SERVER_C
261 #define PRODUCT_STORAGE_STANDARD_SERVER_C "Storage Server Standard Edition "
264 #ifndef PRODUCT_STORAGE_WORKGROUP_SERVER
265 #define PRODUCT_STORAGE_WORKGROUP_SERVER 0x00000016
267 #ifndef PRODUCT_STORAGE_WORKGROUP_SERVER_C
268 #define PRODUCT_STORAGE_WORKGROUP_SERVER_C "Storage Server Workgroup Edition "
271 #ifndef PRODUCT_ULTIMATE
272 #define PRODUCT_ULTIMATE 0x00000001
274 #ifndef PRODUCT_ULTIMATE_C
275 #define PRODUCT_ULTIMATE_C "Ultimate Edition "
278 #ifndef PRODUCT_ULTIMATE_N
279 #define PRODUCT_ULTIMATE_N 0x0000001C
281 #ifndef PRODUCT_ULTIMATE_N_C
282 #define PRODUCT_ULTIMATE_N_C "Ultimate Edition "
285 #ifndef PRODUCT_WEB_SERVER
286 #define PRODUCT_WEB_SERVER 0x00000011
288 #ifndef PRODUCT_WEB_SERVER_C
289 #define PRODUCT_WEB_SERVER_C "Web Server Edition "
292 #ifndef PRODUCT_WEB_SERVER_CORE
293 #define PRODUCT_WEB_SERVER_CORE 0x0000001D
295 #ifndef PRODUCT_WEB_SERVER_CORE_C
296 #define PRODUCT_WEB_SERVER_CORE_C "Web Server Edition "
307 /* Sets the name of the starting program */
308 void OS_SetName(char *name)
315 int File_DateofChange(char *file)
317 struct stat file_status;
319 if(stat(file, &file_status) < 0)
322 return (file_status.st_mtime);
325 int IsDir(char *file)
327 struct stat file_status;
328 if(stat(file,&file_status) < 0)
330 if(S_ISDIR(file_status.st_mode))
336 int CreatePID(char *name, int pid)
343 snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,pid);
347 snprintf(file,255,"%s%s/%s-%d.pid",DEFAULTDIR,
348 OS_PIDFILE,name,pid);
351 fp = fopen(file,"a");
355 fprintf(fp,"%d\n",pid);
364 int DeletePID(char *name)
370 snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,(int)getpid());
374 snprintf(file,255,"%s%s/%s-%d.pid",DEFAULTDIR,
375 OS_PIDFILE,name,(int)getpid());
378 if(File_DateofChange(file) < 0)
387 int UnmergeFiles(char *finalpath, char *optdir)
389 int i = 0, n = 0, ret = 1;
393 char final_name[2048 +1];
398 finalfp = fopen(finalpath, "r");
401 merror("%s: ERROR: Unable to read merged file: '%s'.",
402 __local_name, finalpath);
408 /* Reading header portion. */
409 if(fgets(buf, sizeof(buf) -1, finalfp) == NULL)
420 /* Getting file size and name. */
421 files_size = atol(buf +1);
423 files = strchr(buf, '\n');
427 files = strchr(buf, ' ');
438 snprintf(final_name, 2048, "%s/%s", optdir, files);
442 strncpy(final_name, files, 2048);
443 final_name[2048] = '\0';
447 /* Opening file name. */
448 fp = fopen(final_name,"w");
452 merror("%s: ERROR: Unable to unmerge file '%s'.",
453 __local_name, final_name);
457 if(files_size < sizeof(buf) -1)
465 files_size -= sizeof(buf) -1;
468 while((n = fread(buf, 1, i, finalfp)) > 0)
474 fwrite(buf, n, 1, fp);
483 if(files_size < sizeof(buf) -1)
491 files_size -= sizeof(buf) -1;
505 int MergeAppendFile(char *finalpath, char *files)
516 /* Creating a new entry. */
519 finalfp = fopen(finalpath, "w");
522 merror("%s: ERROR: Unable to create merged file: '%s'.",
523 __local_name, finalpath);
532 finalfp = fopen(finalpath, "a");
535 merror("%s: ERROR: Unable to append merged file: '%s'.",
536 __local_name, finalpath);
541 fp = fopen(files,"r");
544 merror("%s: ERROR: Unable to merge file '%s'.", __local_name, files);
550 fseek(fp, 0, SEEK_END);
551 files_size = ftell(fp);
553 tmpfile = strrchr(files, '/');
562 fprintf(finalfp, "!%ld %s\n", files_size, tmpfile);
564 fseek(fp, 0, SEEK_SET);
566 while((n = fread(buf, 1, sizeof(buf) -1, fp)) > 0)
569 fwrite(buf, n, 1, finalfp);
580 int MergeFiles(char *finalpath, char **files)
582 int i = 0, n = 0, ret = 1;
590 finalfp = fopen(finalpath, "w");
593 merror("%s: ERROR: Unable to create merged file: '%s'.",
594 __local_name, finalpath);
600 fp = fopen(files[i],"r");
603 merror("%s: ERROR: Unable to merge file '%s'.", __local_name, files[i]);
609 fseek(fp, 0, SEEK_END);
610 files_size = ftell(fp);
612 /* Removing last entry. */
613 tmpfile = strrchr(files[i], '/');
623 fprintf(finalfp, "!%ld %s\n", files_size, tmpfile);
625 fseek(fp, 0, SEEK_SET);
627 while((n = fread(buf, 1, sizeof(buf) -1, fp)) > 0)
630 fwrite(buf, n, 1, finalfp);
643 /* Get basename of path */
644 char *basename_ex(char *path)
646 return (basename(path));
649 /* Rename file or directory */
650 int rename_ex(const char *source, const char *destination)
652 if (rename(source, destination)) {
668 /* Create a temporary file */
669 int mkstemp_ex(char *tmp_path)
673 fd = mkstemp(tmp_path);
687 /* mkstemp() only implicitly does this in POSIX 2008 */
688 if (fchmod(fd, 0600) == -1) {
699 if (unlink(tmp_path)) {
718 /* getuname; Get uname and returns a string with it.
719 * Memory must be freed after use
723 struct utsname uts_buf;
725 if(uname(&uts_buf) >= 0)
729 ret = calloc(256, sizeof(char));
733 snprintf(ret, 255, "%s %s %s %s %s - %s %s",
739 __ossec_name, __version);
746 ret = calloc(256, sizeof(char));
750 snprintf(ret, 255, "No system info available - %s %s",
751 __ossec_name, __version);
761 /* goDaemon: Daemonize a process without closing stdin/stdout/stderr..
772 merror(FORK_ERROR, __local_name);
781 /* becoming session leader */
784 merror(SETSID_ERROR, __local_name);
793 merror(FORK_ERROR, __local_name);
814 /* goDaemon: Daemonize a process..
826 merror(FORK_ERROR, __local_name);
834 /* becoming session leader */
837 merror(SETSID_ERROR, __local_name);
845 merror(FORK_ERROR, __local_name);
854 /* Dup stdin, stdout and stderr to /dev/null */
855 if((fd = open("/dev/null", O_RDWR)) >= 0)
867 /* Closing stdin, stdout and stderr */
874 /* Openining stdin, stdout and stderr to /dev/null */
876 open("/dev/null", O_RDONLY);
877 open("/dev/null", O_RDWR);
878 open("/dev/null", O_RDWR);
891 m_uname = getuname();
894 merror(MEM_ERROR, __local_name);
899 /* We check if the system is vista (must be called during the startup.) */
900 if(strstr(m_uname, "Windows Server 2008") ||
901 strstr(m_uname, "Vista") ||
902 strstr(m_uname, "Windows 7") ||
903 strstr(m_uname, "Windows 8") ||
904 strstr(m_uname, "Windows Server 2012"))
907 verbose("%s: INFO: System is Vista or newer (%s).",
908 __local_name, m_uname);
912 verbose("%s: INFO: System is older than Vista (%s).",
913 __local_name, m_uname);
921 /* Get basename of path */
922 char *basename_ex(char *path)
924 return (PathFindFileNameA(path));
927 /* Rename file or directory */
928 int rename_ex(const char *source, const char *destination)
930 if (!MoveFileEx(source, destination, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) {
932 "%s: ERROR: Could not move (%s) to (%s) which returned (%lu)",
945 /* Create a temporary file */
946 int mkstemp_ex(char *tmp_path)
954 PSECURITY_DESCRIPTOR pSD = NULL;
955 EXPLICIT_ACCESS ea[2];
956 SECURITY_ATTRIBUTES sa;
958 PSID pAdminGroupSID = NULL;
959 PSID pSystemGroupSID = NULL;
960 SID_IDENTIFIER_AUTHORITY SIDAuthNT = {SECURITY_NT_AUTHORITY};
962 #if defined(_MSC_VER) && _MSC_VER >= 1500
963 result = _mktemp_s(tmp_path, strlen(tmp_path) + 1);
967 "%s: ERROR: Could not create temporary file (%s) which returned (%d)",
976 if (_mktemp(tmp_path) == NULL) {
978 "%s: ERROR: Could not create temporary file (%s) which returned [(%d)-(%s)]",
989 /* Create SID for the BUILTIN\Administrators group */
990 result = AllocateAndInitializeSid(
993 SECURITY_BUILTIN_DOMAIN_RID,
994 DOMAIN_ALIAS_RID_ADMINS,
1001 "%s: ERROR: Could not create BUILTIN\\Administrators group SID which returned (%lu)",
1009 /* Create SID for the SYSTEM group */
1010 result = AllocateAndInitializeSid(
1013 SECURITY_LOCAL_SYSTEM_RID,
1014 0, 0, 0, 0, 0, 0, 0,
1020 "%s: ERROR: Could not create SYSTEM group SID which returned (%lu)",
1028 /* Initialize an EXPLICIT_ACCESS structure for an ACE */
1029 ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
1031 /* Add Administrators group */
1032 ea[0].grfAccessPermissions = GENERIC_ALL;
1033 ea[0].grfAccessMode = SET_ACCESS;
1034 ea[0].grfInheritance = NO_INHERITANCE;
1035 ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
1036 ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
1037 ea[0].Trustee.ptstrName = (LPTSTR)pAdminGroupSID;
1039 /* Add SYSTEM group */
1040 ea[1].grfAccessPermissions = GENERIC_ALL;
1041 ea[1].grfAccessMode = SET_ACCESS;
1042 ea[1].grfInheritance = NO_INHERITANCE;
1043 ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
1044 ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
1045 ea[1].Trustee.ptstrName = (LPTSTR)pSystemGroupSID;
1047 /* Set entries in ACL */
1048 dwResult = SetEntriesInAcl(2, ea, NULL, &pACL);
1050 if (dwResult != ERROR_SUCCESS) {
1052 "%s: ERROR: Could not set ACL entries which returned (%lu)",
1060 /* Initialize security descriptor */
1061 pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(
1063 SECURITY_DESCRIPTOR_MIN_LENGTH
1068 "%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of a LocalAlloc() failure which returned (%lu)",
1076 if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {
1078 "%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of an InitializeSecurityDescriptor() failure which returned (%lu)",
1087 if (!SetSecurityDescriptorOwner(pSD, NULL, FALSE)) {
1089 "%s: ERROR: Could not set owner which returned (%lu)",
1097 /* Set group owner */
1098 if (!SetSecurityDescriptorGroup(pSD, NULL, FALSE)) {
1100 "%s: ERROR: Could not set group owner which returned (%lu)",
1108 /* Add ACL to security descriptor */
1109 if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) {
1111 "%s: ERROR: Could not set SECURITY_DESCRIPTOR DACL which returned (%lu)",
1119 /* Initialize security attributes structure */
1120 sa.nLength = sizeof (SECURITY_ATTRIBUTES);
1121 sa.lpSecurityDescriptor = pSD;
1122 sa.bInheritHandle = FALSE;
1130 FILE_ATTRIBUTE_NORMAL,
1134 if (h == INVALID_HANDLE_VALUE) {
1136 "%s: ERROR: Could not create temporary file (%s) which returned (%lu)",
1145 if (!CloseHandle(h)) {
1147 "%s: ERROR: Could not close file handle to (%s) which returned (%lu)",
1160 if (pAdminGroupSID) {
1161 FreeSid(pAdminGroupSID);
1164 if (pSystemGroupSID) {
1165 FreeSid(pSystemGroupSID);
1180 /** get uname for windows **/
1183 int ret_size = OS_SIZE_1024 -2;
1187 typedef void (WINAPI *PGNSI)(LPSYSTEM_INFO);
1188 typedef BOOL (WINAPI *PGPI)(DWORD, DWORD, DWORD, DWORD, PDWORD);
1191 /* Extracted from ms web site
1192 * http://msdn.microsoft.com/library/en-us/sysinfo/base/getting_the_system_version.asp
1194 OSVERSIONINFOEX osvi;
1198 BOOL bOsVersionInfoEx;
1201 ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
1202 osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
1204 if(!(bOsVersionInfoEx = GetVersionEx ((OSVERSIONINFO *) &osvi)))
1206 osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
1207 if (!GetVersionEx((OSVERSIONINFO *)&osvi))
1211 /* Allocating the memory */
1212 os_calloc(OS_SIZE_1024 +1, sizeof(char), ret);
1213 ret[OS_SIZE_1024] = '\0';
1215 switch(osvi.dwPlatformId)
1217 /* Test for the Windows NT product family. */
1218 case VER_PLATFORM_WIN32_NT:
1219 if(osvi.dwMajorVersion == 6)
1221 if(osvi.dwMinorVersion == 0)
1223 if(osvi.wProductType == VER_NT_WORKSTATION )
1224 strncat(ret, "Microsoft Windows Vista ", ret_size -1);
1227 strncat(ret, "Microsoft Windows Server 2008 ", ret_size -1);
1230 else if(osvi.dwMinorVersion == 1)
1232 if(osvi.wProductType == VER_NT_WORKSTATION )
1233 strncat(ret, "Microsoft Windows 7 ", ret_size -1);
1236 strncat(ret, "Microsoft Windows Server 2008 R2 ", ret_size -1);
1239 else if(osvi.dwMinorVersion == 2)
1241 if(osvi.wProductType == VER_NT_WORKSTATION )
1242 strncat(ret, "Microsoft Windows 8 ", ret_size -1);
1245 strncat(ret, "Microsoft Windows Server 2012 ", ret_size -1);
1248 else if(osvi.dwMinorVersion == 3)
1250 if(osvi.wProductType == VER_NT_WORKSTATION )
1251 strncat(ret, "Microsoft Windows 8.1 ", ret_size -1);
1254 strncat(ret, "Microsoft Windows Server 2012 R2 ", ret_size -1);
1258 ret_size-=strlen(ret) +1;
1261 /* Getting product version. */
1262 pGPI = (PGPI) GetProcAddress(
1263 GetModuleHandle(TEXT("kernel32.dll")),
1266 pGPI( 6, 0, 0, 0, &dwType);
1270 case PRODUCT_UNLICENSED:
1271 strncat(ret, PRODUCT_UNLICENSED_C, ret_size -1);
1273 case PRODUCT_BUSINESS:
1274 strncat(ret, PRODUCT_BUSINESS_C, ret_size -1);
1276 case PRODUCT_BUSINESS_N:
1277 strncat(ret, PRODUCT_BUSINESS_N_C, ret_size -1);
1279 case PRODUCT_CLUSTER_SERVER:
1280 strncat(ret, PRODUCT_CLUSTER_SERVER_C, ret_size -1);
1282 case PRODUCT_DATACENTER_SERVER:
1283 strncat(ret, PRODUCT_DATACENTER_SERVER_C, ret_size -1);
1285 case PRODUCT_DATACENTER_SERVER_CORE:
1286 strncat(ret, PRODUCT_DATACENTER_SERVER_CORE_C, ret_size -1);
1288 case PRODUCT_DATACENTER_SERVER_CORE_V:
1289 strncat(ret, PRODUCT_DATACENTER_SERVER_CORE_V_C, ret_size -1);
1291 case PRODUCT_DATACENTER_SERVER_V:
1292 strncat(ret, PRODUCT_DATACENTER_SERVER_V_C, ret_size -1);
1294 case PRODUCT_ENTERPRISE:
1295 strncat(ret, PRODUCT_ENTERPRISE_C, ret_size -1);
1297 case PRODUCT_ENTERPRISE_N:
1298 strncat(ret, PRODUCT_ENTERPRISE_N_C, ret_size -1);
1300 case PRODUCT_ENTERPRISE_SERVER:
1301 strncat(ret, PRODUCT_ENTERPRISE_SERVER_C, ret_size -1);
1303 case PRODUCT_ENTERPRISE_SERVER_CORE:
1304 strncat(ret, PRODUCT_ENTERPRISE_SERVER_CORE_C, ret_size -1);
1306 case PRODUCT_ENTERPRISE_SERVER_CORE_V:
1307 strncat(ret, PRODUCT_ENTERPRISE_SERVER_CORE_V_C, ret_size -1);
1309 case PRODUCT_ENTERPRISE_SERVER_IA64:
1310 strncat(ret, PRODUCT_ENTERPRISE_SERVER_IA64_C, ret_size -1);
1312 case PRODUCT_ENTERPRISE_SERVER_V:
1313 strncat(ret, PRODUCT_ENTERPRISE_SERVER_V_C, ret_size -1);
1315 case PRODUCT_HOME_BASIC:
1316 strncat(ret, PRODUCT_HOME_BASIC_C, ret_size -1);
1318 case PRODUCT_HOME_BASIC_N:
1319 strncat(ret, PRODUCT_HOME_BASIC_N_C, ret_size -1);
1321 case PRODUCT_HOME_PREMIUM:
1322 strncat(ret, PRODUCT_HOME_PREMIUM_C, ret_size -1);
1324 case PRODUCT_HOME_PREMIUM_N:
1325 strncat(ret, PRODUCT_HOME_PREMIUM_N_C, ret_size -1);
1327 case PRODUCT_HOME_SERVER:
1328 strncat(ret, PRODUCT_HOME_SERVER_C, ret_size -1);
1330 case PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT:
1331 strncat(ret, PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C, ret_size -1);
1333 case PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING:
1334 strncat(ret, PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C, ret_size -1);
1336 case PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY:
1337 strncat(ret, PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C, ret_size -1);
1339 case PRODUCT_SERVER_FOR_SMALLBUSINESS:
1340 strncat(ret, PRODUCT_SERVER_FOR_SMALLBUSINESS_C, ret_size -1);
1342 case PRODUCT_SMALLBUSINESS_SERVER:
1343 strncat(ret, PRODUCT_SMALLBUSINESS_SERVER_C, ret_size -1);
1345 case PRODUCT_SMALLBUSINESS_SERVER_PREMIUM:
1346 strncat(ret, PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C, ret_size -1);
1348 case PRODUCT_STANDARD_SERVER:
1349 strncat(ret, PRODUCT_STANDARD_SERVER_C, ret_size -1);
1351 case PRODUCT_STANDARD_SERVER_CORE:
1352 strncat(ret, PRODUCT_STANDARD_SERVER_CORE_C, ret_size -1);
1354 case PRODUCT_STANDARD_SERVER_CORE_V:
1355 strncat(ret, PRODUCT_STANDARD_SERVER_CORE_V_C, ret_size -1);
1357 case PRODUCT_STANDARD_SERVER_V:
1358 strncat(ret, PRODUCT_STANDARD_SERVER_V_C, ret_size -1);
1360 case PRODUCT_STARTER:
1361 strncat(ret, PRODUCT_STARTER_C, ret_size -1);
1363 case PRODUCT_STORAGE_ENTERPRISE_SERVER:
1364 strncat(ret, PRODUCT_STORAGE_ENTERPRISE_SERVER_C, ret_size -1);
1366 case PRODUCT_STORAGE_EXPRESS_SERVER:
1367 strncat(ret, PRODUCT_STORAGE_EXPRESS_SERVER_C, ret_size -1);
1369 case PRODUCT_STORAGE_STANDARD_SERVER:
1370 strncat(ret, PRODUCT_STORAGE_STANDARD_SERVER_C, ret_size -1);
1372 case PRODUCT_STORAGE_WORKGROUP_SERVER:
1373 strncat(ret, PRODUCT_STORAGE_WORKGROUP_SERVER_C, ret_size -1);
1375 case PRODUCT_ULTIMATE:
1376 strncat(ret, PRODUCT_ULTIMATE_C, ret_size -1);
1378 case PRODUCT_ULTIMATE_N:
1379 strncat(ret, PRODUCT_ULTIMATE_N_C, ret_size -1);
1381 case PRODUCT_WEB_SERVER:
1382 strncat(ret, PRODUCT_WEB_SERVER_C, ret_size -1);
1384 case PRODUCT_WEB_SERVER_CORE:
1385 strncat(ret, PRODUCT_WEB_SERVER_CORE_C, ret_size -1);
1390 ret_size-=strlen(ret) +1;
1393 else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2)
1395 pGNSI = (PGNSI) GetProcAddress(
1396 GetModuleHandle("kernel32.dll"),
1397 "GetNativeSystemInfo");
1401 if( GetSystemMetrics(89) )
1402 strncat(ret, "Microsoft Windows Server 2003 R2 ",
1404 else if(osvi.wProductType == VER_NT_WORKSTATION &&
1405 si.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_AMD64)
1408 "Microsoft Windows XP Professional x64 Edition ",
1413 strncat(ret, "Microsoft Windows Server 2003, ",ret_size-1);
1416 ret_size-=strlen(ret) +1;
1419 else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1)
1421 strncat(ret, "Microsoft Windows XP ", ret_size -1);
1423 ret_size-=strlen(ret) +1;
1426 else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0)
1428 strncat(ret, "Microsoft Windows 2000 ", ret_size -1);
1430 ret_size-=strlen(ret) +1;
1433 else if (osvi.dwMajorVersion <= 4)
1435 strncat(ret, "Microsoft Windows NT ", ret_size -1);
1437 ret_size-=strlen(ret) +1;
1441 strncat(ret, "Microsoft Windows Unknown ", ret_size -1);
1443 ret_size-=strlen(ret) +1;
1446 /* Test for specific product on Windows NT 4.0 SP6 and later. */
1447 if(bOsVersionInfoEx)
1449 /* Test for the workstation type. */
1450 if (osvi.wProductType == VER_NT_WORKSTATION &&
1451 si.wProcessorArchitecture!=PROCESSOR_ARCHITECTURE_AMD64)
1453 if( osvi.dwMajorVersion == 4 )
1454 strncat(ret, "Workstation 4.0 ", ret_size -1);
1455 else if( osvi.wSuiteMask & VER_SUITE_PERSONAL )
1456 strncat(ret, "Home Edition ", ret_size -1);
1458 strncat(ret, "Professional ",ret_size -1);
1461 ret_size-=strlen(ret) +1;
1464 /* Test for the server type. */
1465 else if( osvi.wProductType == VER_NT_SERVER ||
1466 osvi.wProductType == VER_NT_DOMAIN_CONTROLLER )
1468 if(osvi.dwMajorVersion==5 && osvi.dwMinorVersion==2)
1470 if (si.wProcessorArchitecture==
1471 PROCESSOR_ARCHITECTURE_IA64 )
1473 if( osvi.wSuiteMask & VER_SUITE_DATACENTER )
1475 "Datacenter Edition for Itanium-based Systems ",
1477 else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1479 "Enterprise Edition for Itanium-based Systems ",
1482 ret_size-=strlen(ret) +1;
1485 else if ( si.wProcessorArchitecture==
1486 PROCESSOR_ARCHITECTURE_AMD64 )
1488 if( osvi.wSuiteMask & VER_SUITE_DATACENTER )
1489 strncat(ret, "Datacenter x64 Edition ",
1491 else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1492 strncat(ret, "Enterprise x64 Edition ",
1495 strncat(ret, "Standard x64 Edition ",
1498 ret_size-=strlen(ret) +1;
1503 if( osvi.wSuiteMask & VER_SUITE_DATACENTER )
1504 strncat(ret, "Datacenter Edition ",
1506 else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1507 strncat(ret,"Enterprise Edition ",ret_size -1);
1508 else if ( osvi.wSuiteMask == VER_SUITE_BLADE )
1509 strncat(ret,"Web Edition ",ret_size -1 );
1511 strncat(ret, "Standard Edition ",ret_size -1);
1513 ret_size-=strlen(ret) +1;
1516 else if(osvi.dwMajorVersion==5 && osvi.dwMinorVersion==0)
1518 if( osvi.wSuiteMask & VER_SUITE_DATACENTER )
1519 strncat(ret, "Datacenter Server ",ret_size -1);
1520 else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1521 strncat(ret, "Advanced Server ",ret_size -1 );
1523 strncat(ret, "Server ",ret_size -1);
1525 ret_size-=strlen(ret) +1;
1527 else if(osvi.dwMajorVersion <= 4) /* Windows NT 4.0 */
1529 if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1530 strncat(ret, "Server 4.0, Enterprise Edition ",
1533 strncat(ret, "Server 4.0 ",ret_size -1);
1535 ret_size-=strlen(ret) +1;
1539 /* Test for specific product on Windows NT 4.0 SP5 and earlier */
1543 char szProductType[81];
1547 lRet = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
1548 "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
1549 0, KEY_QUERY_VALUE, &hKey );
1550 if(lRet == ERROR_SUCCESS)
1554 lRet = RegQueryValueEx( hKey, "ProductType", NULL, NULL,
1555 (LPBYTE) szProductType, &dwBufLen);
1556 RegCloseKey( hKey );
1558 if((lRet == ERROR_SUCCESS) && (dwBufLen < 80) )
1560 if (lstrcmpi( "WINNT", szProductType) == 0 )
1561 strncat(ret, "Workstation ",ret_size -1);
1562 else if(lstrcmpi( "LANMANNT", szProductType) == 0 )
1563 strncat(ret, "Server ",ret_size -1);
1564 else if(lstrcmpi( "SERVERNT", szProductType) == 0 )
1565 strncat(ret, "Advanced Server " ,ret_size -1);
1567 ret_size-=strlen(ret) +1;
1569 memset(__wv, '\0', 32);
1572 (int)osvi.dwMajorVersion,
1573 (int)osvi.dwMinorVersion);
1575 strncat(ret, __wv, ret_size -1);
1576 ret_size-=strlen(__wv) +1;
1581 /* Display service pack (if any) and build number. */
1583 if( osvi.dwMajorVersion == 4 &&
1584 lstrcmpi( osvi.szCSDVersion, "Service Pack 6" ) == 0 )
1590 memset(__wp, '\0', 64);
1591 /* Test for SP6 versus SP6a. */
1592 lRet = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
1593 "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Hotfix\\Q246009",
1594 0, KEY_QUERY_VALUE, &hKey );
1595 if( lRet == ERROR_SUCCESS )
1596 snprintf(__wp, 63, "Service Pack 6a (Build %d)",
1597 (int)osvi.dwBuildNumber & 0xFFFF );
1598 else /* Windows NT 4.0 prior to SP6a */
1600 snprintf(__wp, 63, "%s (Build %d)",
1602 (int)osvi.dwBuildNumber & 0xFFFF);
1605 strncat(ret, __wp, ret_size -1);
1606 ret_size-=strlen(__wp) +1;
1607 RegCloseKey( hKey );
1613 memset(__wp, '\0', 64);
1615 snprintf(__wp, 63, "%s (Build %d)",
1617 (int)osvi.dwBuildNumber & 0xFFFF);
1619 strncat(ret, __wp, ret_size -1);
1620 ret_size-=strlen(__wp) +1;
1624 /* Test for the Windows Me/98/95. */
1625 case VER_PLATFORM_WIN32_WINDOWS:
1627 if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 0)
1629 strncat(ret, "Microsoft Windows 95 ", ret_size -1);
1630 ret_size-=strlen(ret) +1;
1633 if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 10)
1635 strncat(ret, "Microsoft Windows 98 ", ret_size -1);
1636 ret_size-=strlen(ret) +1;
1639 if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 90)
1641 strncat(ret, "Microsoft Windows Millennium Edition",
1644 ret_size-=strlen(ret) +1;
1648 case VER_PLATFORM_WIN32s:
1650 strncat(ret, "Microsoft Win32s", ret_size -1);
1651 ret_size-=strlen(ret) +1;
1656 /* Adding ossec version */
1657 snprintf(os_v, 128, " - %s %s", __ossec_name, __version);
1658 strncat(ret, os_v, ret_size -1);
1661 /* Returning system information */