3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
17 #include "headers/shared.h"
18 #include "headers/sec.h"
20 #include "os_zlib/os_zlib.h"
21 #include "os_crypto/md5/md5_op.h"
22 #include "os_crypto/blowfish/bf_op.h"
26 /* __memclear: Clears keys entries.
28 void __memclear(char *id, char *name, char *ip, char *key, int size)
30 memset(id,'\0', size);
31 memset(name,'\0', size);
32 memset(key,'\0', size);
33 memset(ip,'\0', size);
37 /* __chash: Creates the final key.
39 void __chash(keystore *keys, char *id, char *name, char *ip, char *key)
45 char _finalstr[KEYSIZE];
48 /* Allocating for the whole structure */
49 keys->keyentries =(keyentry **)realloc(keys->keyentries,
50 (keys->keysize+2)*sizeof(keyentry *));
53 ErrorExit(MEM_ERROR, __local_name);
55 os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);
58 /* Setting configured values for id */
59 os_strdup(id, keys->keyentries[keys->keysize]->id);
60 OSHash_Add(keys->keyhash_id,
61 keys->keyentries[keys->keysize]->id,
62 keys->keyentries[keys->keysize]);
66 os_calloc(1, sizeof(os_ip), keys->keyentries[keys->keysize]->ip);
67 if(OS_IsValidIP(ip, keys->keyentries[keys->keysize]->ip) == 0)
69 ErrorExit(INVALID_IP, __local_name, ip);
72 /* We need to remove the "/" from the cidr */
73 if((tmp_str = strchr(keys->keyentries[keys->keysize]->ip->ip, '/')) != NULL)
77 OSHash_Add(keys->keyhash_ip,
78 keys->keyentries[keys->keysize]->ip->ip,
79 keys->keyentries[keys->keysize]);
83 os_strdup(name, keys->keyentries[keys->keysize]->name);
85 /* Initializing the variables */
86 keys->keyentries[keys->keysize]->rcvd = 0;
87 keys->keyentries[keys->keysize]->local = 0;
88 keys->keyentries[keys->keysize]->keyid = keys->keysize;
89 keys->keyentries[keys->keysize]->global = 0;
90 keys->keyentries[keys->keysize]->fp = NULL;
94 /** Generating final symmetric key **/
96 /* MD5 from name, id and key */
97 OS_MD5_Str(name, filesum1);
98 OS_MD5_Str(id, filesum2);
101 /* Generating new filesum1 */
102 snprintf(_finalstr, sizeof(_finalstr)-1, "%s%s", filesum1, filesum2);
105 /* Using just half of the first md5 (name/id) */
106 OS_MD5_Str(_finalstr, filesum1);
111 /* Second md is just the key */
112 OS_MD5_Str(key, filesum2);
115 /* Generating final key */
116 memset(_finalstr,'\0', sizeof(_finalstr));
117 snprintf(_finalstr, 49, "%s%s", filesum2, filesum1);
120 /* Final key is 48 * 4 = 192bits */
121 os_strdup(_finalstr, keys->keyentries[keys->keysize]->key);
124 /* Cleaning final string from memory */
125 memset(_finalstr,'\0', sizeof(_finalstr));
136 /* int OS_CheckKeys():
137 * Checks if the authentication key file is present
143 if(File_DateofChange(KEYSFILE_PATH) < 0)
145 merror(NO_AUTHFILE, __local_name, KEYSFILE_PATH);
146 merror(NO_REM_CONN, __local_name);
150 fp = fopen(KEYSFILE_PATH, "r");
153 /* We can leave from here */
154 merror(FOPEN_ERROR, __local_name, KEYSFILE_PATH);
155 merror(NO_AUTHFILE, __local_name, KEYSFILE_PATH);
156 merror(NO_REM_CONN, __local_name);
163 /* Authentication keys are present */
168 /* void OS_ReadKeys(keystore *keys)
169 * Read the authentication keys.
171 void OS_ReadKeys(keystore *keys)
175 char buffer[OS_BUFFER_SIZE +1];
177 char name[KEYSIZE +1];
180 char key[KEYSIZE +1];
183 /* Checking if the keys file is present and we can read it. */
184 if((keys->file_change = File_DateofChange(KEYS_FILE)) < 0)
186 merror(NO_AUTHFILE, __local_name, KEYS_FILE);
187 ErrorExit(NO_REM_CONN, __local_name);
189 fp = fopen(KEYS_FILE,"r");
192 /* We can leave from here */
193 merror(FOPEN_ERROR, __local_name, KEYS_FILE);
194 ErrorExit(NO_REM_CONN, __local_name);
198 /* Initilizing hashes */
199 keys->keyhash_id = OSHash_Create();
200 keys->keyhash_ip = OSHash_Create();
201 if(!keys->keyhash_id || !keys->keyhash_ip)
203 ErrorExit(MEM_ERROR, __local_name);
207 /* Initializing structure */
208 keys->keyentries = NULL;
212 /* Zeroing the buffers */
213 __memclear(id, name, ip, key, KEYSIZE +1);
214 memset(buffer, '\0', OS_BUFFER_SIZE +1);
217 /* Reading each line.
218 * lines are divided as "id name ip key"
220 while(fgets(buffer, OS_BUFFER_SIZE, fp) != NULL)
225 if((buffer[0] == '#') || (buffer[0] == ' '))
231 tmp_str = strchr(buffer, ' ');
234 merror(INVALID_KEY, __local_name, buffer);
240 strncpy(id, valid_str, KEYSIZE -1);
250 tmp_str = strchr(tmp_str, ' ');
253 merror(INVALID_KEY, __local_name, buffer);
258 strncpy(name, valid_str, KEYSIZE -1);
261 /* Getting ip address */
263 tmp_str = strchr(tmp_str, ' ');
266 merror(INVALID_KEY, __local_name, buffer);
271 strncpy(ip, valid_str, KEYSIZE -1);
276 tmp_str = strchr(tmp_str, '\n');
282 strncpy(key, valid_str, KEYSIZE -1);
285 /* Generating the key hash */
286 __chash(keys, id, name, ip, key);
289 /* Clearing the memory */
290 __memclear(id, name, ip, key, KEYSIZE +1);
293 /* Checking for maximum agent size */
294 if(keys->keysize >= (MAX_AGENTS -2))
296 merror(AG_MAX_ERROR, __local_name, MAX_AGENTS -2);
297 ErrorExit(CONFIG_ERROR, __local_name, KEYS_FILE);
304 /* Closing key file. */
308 /* clear one last time before leaving */
309 __memclear(id, name, ip, key, KEYSIZE +1);
312 /* Checking if there is any agent available */
313 if(keys->keysize == 0)
315 ErrorExit(NO_REM_CONN, __local_name);
319 /* Adding additional entry for sender == keysize */
320 os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);
328 * Frees the auth keys.
330 void OS_FreeKeys(keystore *keys)
337 _keysize = keys->keysize;
338 hashid = keys->keyhash_id;
339 haship = keys->keyhash_ip;
342 /* Zeroing the entries. */
344 keys->keyhash_id =NULL;
345 keys->keyhash_ip = NULL;
348 /* Sleeping to give time to other threads to stop using them. */
352 /* Freeing the hashes */
357 for(i = 0; i<= _keysize; i++)
359 if(keys->keyentries[i])
361 if(keys->keyentries[i]->ip)
363 free(keys->keyentries[i]->ip->ip);
364 free(keys->keyentries[i]->ip);
367 if(keys->keyentries[i]->id)
368 free(keys->keyentries[i]->id);
370 if(keys->keyentries[i]->key)
371 free(keys->keyentries[i]->key);
373 if(keys->keyentries[i]->name)
374 free(keys->keyentries[i]->name);
376 /* Closing counter */
377 if(keys->keyentries[i]->fp)
378 fclose(keys->keyentries[i]->fp);
380 free(keys->keyentries[i]);
381 keys->keyentries[i] = NULL;
385 /* Freeing structure */
386 free(keys->keyentries);
387 keys->keyentries = NULL;
392 /* int OS_CheckUpdateKeys(keystore *keys)
393 * Checks if key changed.
395 int OS_CheckUpdateKeys(keystore *keys)
397 if(keys->file_change != File_DateofChange(KEYS_FILE))
405 /* OS_UpdateKeys(keystore *keys)
406 * Update the keys if changed.
408 int OS_UpdateKeys(keystore *keys)
410 if(keys->file_change != File_DateofChange(KEYS_FILE))
412 merror(ENCFILE_CHANGED, __local_name);
413 debug1("%s: DEBUG: Freekeys", __local_name);
416 debug1("%s: DEBUG: OS_ReadKeys", __local_name);
419 verbose(ENC_READ, __local_name);
423 debug1("%s: DEBUG: OS_StartCounter", __local_name);
425 OS_StartCounter(keys);
426 debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name);
435 * Checks if an IP address is allowed to connect.
437 int OS_IsAllowedIP(keystore *keys, char *srcip)
444 entry = OSHash_Get(keys->keyhash_ip, srcip);
447 return(entry->keyid);
454 /* int OS_IsAllowedName
455 * Checks if the agent name is valid.
457 int OS_IsAllowedName(keystore *keys, char *name)
461 for(i = 0; i < keys->keysize; i++)
463 if(strcmp(keys->keyentries[i]->name, name) == 0)
473 int OS_IsAllowedID(keystore *keys, char *id)
480 entry = OSHash_Get(keys->keyhash_id, id);
483 return(entry->keyid);
489 /* int OS_IsAllowedDynamicID -- Used for dynamic ip addresses.
491 int OS_IsAllowedDynamicID(keystore *keys, char *id, char *srcip)
498 entry = OSHash_Get(keys->keyhash_id, id);
501 if(OS_IPFound(srcip, entry->ip))
503 return(entry->keyid);
projects / ossec-hids.git / blob