1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
10 /* Functions to handle operation with files
24 /* Vista product information */
26 #ifndef PRODUCT_UNLICENSED
27 #define PRODUCT_UNLICENSED 0xABCDABCD
29 #ifndef PRODUCT_UNLICENSED_C
30 #define PRODUCT_UNLICENSED_C "Product Unlicensed "
33 #ifndef PRODUCT_BUSINESS
34 #define PRODUCT_BUSINESS 0x00000006
36 #ifndef PRODUCT_BUSINESS_C
37 #define PRODUCT_BUSINESS_C "Business Edition "
40 #ifndef PRODUCT_BUSINESS_N
41 #define PRODUCT_BUSINESS_N 0x00000010
43 #ifndef PRODUCT_BUSINESS_N_C
44 #define PRODUCT_BUSINESS_N_C "Business Edition "
47 #ifndef PRODUCT_CLUSTER_SERVER
48 #define PRODUCT_CLUSTER_SERVER 0x00000012
50 #ifndef PRODUCT_CLUSTER_SERVER_C
51 #define PRODUCT_CLUSTER_SERVER_C "Cluster Server Edition "
54 #ifndef PRODUCT_DATACENTER_SERVER
55 #define PRODUCT_DATACENTER_SERVER 0x00000008
57 #ifndef PRODUCT_DATACENTER_SERVER_C
58 #define PRODUCT_DATACENTER_SERVER_C "Datacenter Edition (full) "
61 #ifndef PRODUCT_DATACENTER_SERVER_CORE
62 #define PRODUCT_DATACENTER_SERVER_CORE 0x0000000C
64 #ifndef PRODUCT_DATACENTER_SERVER_CORE_C
65 #define PRODUCT_DATACENTER_SERVER_CORE_C "Datacenter Edition (core) "
68 #ifndef PRODUCT_DATACENTER_SERVER_CORE_V
69 #define PRODUCT_DATACENTER_SERVER_CORE_V 0x00000027
71 #ifndef PRODUCT_DATACENTER_SERVER_CORE_V_C
72 #define PRODUCT_DATACENTER_SERVER_CORE_V_C "Datacenter Edition (core) "
75 #ifndef PRODUCT_DATACENTER_SERVER_V
76 #define PRODUCT_DATACENTER_SERVER_V 0x00000025
78 #ifndef PRODUCT_DATACENTER_SERVER_V_C
79 #define PRODUCT_DATACENTER_SERVER_V_C "Datacenter Edition (full) "
82 #ifndef PRODUCT_ENTERPRISE
83 #define PRODUCT_ENTERPRISE 0x00000004
85 #ifndef PRODUCT_ENTERPRISE_C
86 #define PRODUCT_ENTERPRISE_C "Enterprise Edition "
89 #ifndef PRODUCT_ENTERPRISE_N
90 #define PRODUCT_ENTERPRISE_N 0x0000001B
92 #ifndef PRODUCT_ENTERPRISE_N_C
93 #define PRODUCT_ENTERPRISE_N_C "Enterprise Edition "
96 #ifndef PRODUCT_ENTERPRISE_SERVER
97 #define PRODUCT_ENTERPRISE_SERVER 0x0000000A
99 #ifndef PRODUCT_ENTERPRISE_SERVER_C
100 #define PRODUCT_ENTERPRISE_SERVER_C "Enterprise Edition (full) "
103 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE
104 #define PRODUCT_ENTERPRISE_SERVER_CORE 0x0000000E
106 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_C
107 #define PRODUCT_ENTERPRISE_SERVER_CORE_C "Enterprise Edition (core) "
110 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V
111 #define PRODUCT_ENTERPRISE_SERVER_CORE_V 0x00000029
113 #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V_C
114 #define PRODUCT_ENTERPRISE_SERVER_CORE_V_C "Enterprise Edition (core) "
117 #ifndef PRODUCT_ENTERPRISE_SERVER_IA64
118 #define PRODUCT_ENTERPRISE_SERVER_IA64 0x0000000F
120 #ifndef PRODUCT_ENTERPRISE_SERVER_IA64_C
121 #define PRODUCT_ENTERPRISE_SERVER_IA64_C "Enterprise Edition for Itanium-based Systems "
124 #ifndef PRODUCT_ENTERPRISE_SERVER_V
125 #define PRODUCT_ENTERPRISE_SERVER_V 0x00000026
127 #ifndef PRODUCT_ENTERPRISE_SERVER_V_C
128 #define PRODUCT_ENTERPRISE_SERVER_V_C "Enterprise Edition (full) "
131 #ifndef PRODUCT_HOME_BASIC
132 #define PRODUCT_HOME_BASIC 0x00000002
134 #ifndef PRODUCT_HOME_BASIC_C
135 #define PRODUCT_HOME_BASIC_C "Home Basic Edition "
138 #ifndef PRODUCT_HOME_BASIC_N
139 #define PRODUCT_HOME_BASIC_N 0x00000005
141 #ifndef PRODUCT_HOME_BASIC_N_C
142 #define PRODUCT_HOME_BASIC_N_C "Home Basic Edition "
145 #ifndef PRODUCT_HOME_PREMIUM
146 #define PRODUCT_HOME_PREMIUM 0x00000003
148 #ifndef PRODUCT_HOME_PREMIUM_C
149 #define PRODUCT_HOME_PREMIUM_C "Home Premium Edition "
152 #ifndef PRODUCT_HOME_PREMIUM_N
153 #define PRODUCT_HOME_PREMIUM_N 0x0000001A
155 #ifndef PRODUCT_HOME_PREMIUM_N_C
156 #define PRODUCT_HOME_PREMIUM_N_C "Home Premium Edition "
159 #ifndef PRODUCT_HOME_SERVER
160 #define PRODUCT_HOME_SERVER 0x00000013
162 #ifndef PRODUCT_HOME_SERVER_C
163 #define PRODUCT_HOME_SERVER_C "Home Server Edition "
166 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT
167 #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT 0x0000001E
169 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C
170 #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C "Essential Business Server Management Server "
173 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING
174 #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING 0x00000020
176 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C
177 #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C "Essential Business Server Messaging Server "
180 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY
181 #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY 0x0000001F
183 #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C
184 #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C "Essential Business Server Security Server "
187 #ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS
188 #define PRODUCT_SERVER_FOR_SMALLBUSINESS 0x00000018
190 #ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS_C
191 #define PRODUCT_SERVER_FOR_SMALLBUSINESS_C "Small Business Edition "
194 #ifndef PRODUCT_SMALLBUSINESS_SERVER
195 #define PRODUCT_SMALLBUSINESS_SERVER 0x00000009
197 #ifndef PRODUCT_SMALLBUSINESS_SERVER_C
198 #define PRODUCT_SMALLBUSINESS_SERVER_C "Small Business Server "
201 #ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM
202 #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM 0x00000019
204 #ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C
205 #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C "Small Business Server Premium Edition "
208 #ifndef PRODUCT_STANDARD_SERVER
209 #define PRODUCT_STANDARD_SERVER 0x00000007
211 #ifndef PRODUCT_STANDARD_SERVER_C
212 #define PRODUCT_STANDARD_SERVER_C "Standard Edition "
215 #ifndef PRODUCT_STANDARD_SERVER_CORE
216 #define PRODUCT_STANDARD_SERVER_CORE 0x0000000D
218 #ifndef PRODUCT_STANDARD_SERVER_CORE_C
219 #define PRODUCT_STANDARD_SERVER_CORE_C "Standard Edition (core) "
222 #ifndef PRODUCT_STANDARD_SERVER_CORE_V
223 #define PRODUCT_STANDARD_SERVER_CORE_V 0x00000028
225 #ifndef PRODUCT_STANDARD_SERVER_CORE_V_C
226 #define PRODUCT_STANDARD_SERVER_CORE_V_C "Standard Edition "
229 #ifndef PRODUCT_STANDARD_SERVER_V
230 #define PRODUCT_STANDARD_SERVER_V 0x00000024
232 #ifndef PRODUCT_STANDARD_SERVER_V_C
233 #define PRODUCT_STANDARD_SERVER_V_C "Standard Edition "
236 #ifndef PRODUCT_STARTER
237 #define PRODUCT_STARTER 0x0000000B
239 #ifndef PRODUCT_STARTER_C
240 #define PRODUCT_STARTER_C "Starter Edition "
243 #ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER
244 #define PRODUCT_STORAGE_ENTERPRISE_SERVER 0x00000017
246 #ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER_C
247 #define PRODUCT_STORAGE_ENTERPRISE_SERVER_C "Storage Server Enterprise Edition "
250 #ifndef PRODUCT_STORAGE_EXPRESS_SERVER
251 #define PRODUCT_STORAGE_EXPRESS_SERVER 0x00000014
253 #ifndef PRODUCT_STORAGE_EXPRESS_SERVER_C
254 #define PRODUCT_STORAGE_EXPRESS_SERVER_C "Storage Server Express Edition "
257 #ifndef PRODUCT_STORAGE_STANDARD_SERVER
258 #define PRODUCT_STORAGE_STANDARD_SERVER 0x00000015
260 #ifndef PRODUCT_STORAGE_STANDARD_SERVER_C
261 #define PRODUCT_STORAGE_STANDARD_SERVER_C "Storage Server Standard Edition "
264 #ifndef PRODUCT_STORAGE_WORKGROUP_SERVER
265 #define PRODUCT_STORAGE_WORKGROUP_SERVER 0x00000016
267 #ifndef PRODUCT_STORAGE_WORKGROUP_SERVER_C
268 #define PRODUCT_STORAGE_WORKGROUP_SERVER_C "Storage Server Workgroup Edition "
271 #ifndef PRODUCT_ULTIMATE
272 #define PRODUCT_ULTIMATE 0x00000001
274 #ifndef PRODUCT_ULTIMATE_C
275 #define PRODUCT_ULTIMATE_C "Ultimate Edition "
278 #ifndef PRODUCT_ULTIMATE_N
279 #define PRODUCT_ULTIMATE_N 0x0000001C
281 #ifndef PRODUCT_ULTIMATE_N_C
282 #define PRODUCT_ULTIMATE_N_C "Ultimate Edition "
285 #ifndef PRODUCT_WEB_SERVER
286 #define PRODUCT_WEB_SERVER 0x00000011
288 #ifndef PRODUCT_WEB_SERVER_C
289 #define PRODUCT_WEB_SERVER_C "Web Server Edition "
292 #ifndef PRODUCT_WEB_SERVER_CORE
293 #define PRODUCT_WEB_SERVER_CORE 0x0000001D
295 #ifndef PRODUCT_WEB_SERVER_CORE_C
296 #define PRODUCT_WEB_SERVER_CORE_C "Web Server Edition "
304 const char *__local_name = "unset";
306 /* Set the name of the starting program */
307 void OS_SetName(const char *name)
313 time_t File_DateofChange(const char *file)
315 struct stat file_status;
317 if (stat(file, &file_status) < 0) {
321 return (file_status.st_mtime);
324 int IsDir(const char *file)
326 struct stat file_status;
327 if (stat(file, &file_status) < 0) {
330 if (S_ISDIR(file_status.st_mode)) {
336 int CreatePID(const char *name, int pid)
342 snprintf(file, 255, "%s/%s-%d.pid", OS_PIDFILE, name, pid);
344 snprintf(file, 255, "%s%s/%s-%d.pid", DEFAULTDIR,
345 OS_PIDFILE, name, pid);
348 fp = fopen(file, "a");
353 fprintf(fp, "%d\n", pid);
355 if (chmod(file, 0640) != 0) {
365 char *GetRandomNoise()
371 /* Reading urandom */
372 fp = fopen("/dev/urandom", "r");
379 frr = fread(buf, 1, 2048, fp);
381 merror("ERROR: GetRandomNoise() fread() returned 0.");
390 int DeletePID(const char *name)
395 snprintf(file, 255, "%s/%s-%d.pid", OS_PIDFILE, name, (int)getpid());
397 snprintf(file, 255, "%s%s/%s-%d.pid", DEFAULTDIR,
398 OS_PIDFILE, name, (int)getpid());
401 if (File_DateofChange(file) < 0) {
418 int UnmergeFiles(const char *finalpath, const char *optdir)
421 size_t i = 0, n = 0, files_size = 0;
423 char final_name[2048 + 1];
428 finalfp = fopen(finalpath, "r");
430 merror("%s: ERROR: Unable to read merged file: '%s'.",
431 __local_name, finalpath);
436 /* Read header portion */
437 if (fgets(buf, sizeof(buf) - 1, finalfp) == NULL) {
446 /* Get file size and name */
447 files_size = (size_t) atol(buf + 1);
449 files = strchr(buf, '\n');
454 files = strchr(buf, ' ');
462 snprintf(final_name, 2048, "%s/%s", optdir, files);
464 strncpy(final_name, files, 2048);
465 final_name[2048] = '\0';
469 fp = fopen(final_name, "w");
472 merror("%s: ERROR: Unable to unmerge file '%s': %s",
473 __local_name, final_name, strerror(errno));
476 if (files_size < sizeof(buf) - 1) {
481 files_size -= sizeof(buf) - 1;
484 while ((n = fread(buf, 1, i, finalfp)) > 0) {
488 fwrite(buf, n, 1, fp);
491 if (files_size == 0) {
494 if (files_size < sizeof(buf) - 1) {
499 files_size -= sizeof(buf) - 1;
513 int MergeAppendFile(const char *finalpath, const char *files)
522 /* Create a new entry */
524 finalfp = fopen(finalpath, "w");
526 merror("%s: ERROR: Unable to create merged file: '%s'.",
527 __local_name, finalpath);
535 finalfp = fopen(finalpath, "a");
537 merror("%s: ERROR: Unable to append merged file: '%s'.",
538 __local_name, finalpath);
542 fp = fopen(files, "r");
544 merror("%s: ERROR: Unable to merge file '%s'.", __local_name, files);
549 fseek(fp, 0, SEEK_END);
550 files_size = ftell(fp);
552 tmpfile = strrchr(files, '/');
558 fprintf(finalfp, "!%ld %s\n", files_size, tmpfile);
560 fseek(fp, 0, SEEK_SET);
562 while ((n = fread(buf, 1, sizeof(buf) - 1, fp)) > 0) {
564 fwrite(buf, n, 1, finalfp);
573 int MergeFiles(const char *finalpath, char **files)
584 finalfp = fopen(finalpath, "w");
586 merror("%s: ERROR: Unable to create merged file: '%s'.",
587 __local_name, finalpath);
592 fp = fopen(files[i], "r");
594 merror("%s: ERROR: Unable to merge file '%s'.", __local_name, files[i]);
600 fseek(fp, 0, SEEK_END);
601 files_size = ftell(fp);
603 /* Remove last entry */
604 tmpfile = strrchr(files[i], '/');
611 fprintf(finalfp, "!%ld %s\n", files_size, tmpfile);
613 fseek(fp, 0, SEEK_SET);
614 while ((n = fread(buf, 1, sizeof(buf) - 1, fp)) > 0) {
616 fwrite(buf, n, 1, finalfp);
629 /* Get basename of path */
630 char *basename_ex(char *path)
632 return (basename(path));
635 /* Rename file or directory */
636 int rename_ex(const char *source, const char *destination)
638 if (rename(source, destination)) {
654 /* Create a temporary file */
655 int mkstemp_ex(char *tmp_path)
659 fd = mkstemp(tmp_path);
673 /* mkstemp() only implicitly does this in POSIX 2008 */
674 if (fchmod(fd, 0600) == -1) {
685 if (unlink(tmp_path)) {
703 /* Get uname. Memory must be freed after use */
706 struct utsname uts_buf;
708 if (uname(&uts_buf) >= 0) {
711 ret = (char *) calloc(512, sizeof(char));
716 snprintf(ret, 511, "%s %s %s %s %s - %s %s",
722 __ossec_name, __version);
727 ret = (char *) calloc(512, sizeof(char));
732 snprintf(ret, 511, "No system info available - %s %s",
733 __ossec_name, __version);
741 /* Daemonize a process without closing stdin/stdout/stderr */
749 merror(FORK_ERROR, __local_name, errno, strerror(errno));
755 /* Become session leader */
757 merror(SETSID_ERROR, __local_name, errno, strerror(errno));
764 merror(FORK_ERROR, __local_name, errno, strerror(errno));
773 if (chdir("/") == -1) {
774 merror(CHDIR_ERROR, __local_name, "/", errno, strerror(errno));
780 /* Daemonize a process */
788 merror(FORK_ERROR, __local_name, errno, strerror(errno));
794 /* Become session leader */
796 merror(SETSID_ERROR, __local_name, errno, strerror(errno));
803 merror(FORK_ERROR, __local_name, errno, strerror(errno));
809 /* Dup stdin, stdout and stderr to /dev/null */
810 if ((fd = open("/dev/null", O_RDWR)) >= 0) {
819 if (chdir("/") == -1) {
820 merror(CHDIR_ERROR, __local_name, "/", errno, strerror(errno));
833 m_uname = getuname();
835 merror(MEM_ERROR, __local_name, errno, strerror(errno));
839 /* Check if the system is Vista (must be called during the startup) */
840 if (strstr(m_uname, "Windows Server 2008") ||
841 strstr(m_uname, "Vista") ||
842 strstr(m_uname, "Windows 7") ||
843 strstr(m_uname, "Windows 8") ||
844 strstr(m_uname, "Windows Server 2012")) {
846 verbose("%s: INFO: System is Vista or newer (%s).",
847 __local_name, m_uname);
849 verbose("%s: INFO: System is older than Vista (%s).",
850 __local_name, m_uname);
858 /* Get basename of path */
859 char *basename_ex(char *path)
861 return (PathFindFileNameA(path));
864 /* Rename file or directory */
865 int rename_ex(const char *source, const char *destination)
867 if (!MoveFileEx(source, destination, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) {
869 "%s: ERROR: Could not move (%s) to (%s) which returned (%lu)",
882 /* Create a temporary file */
883 int mkstemp_ex(char *tmp_path)
891 PSECURITY_DESCRIPTOR pSD = NULL;
892 EXPLICIT_ACCESS ea[2];
893 SECURITY_ATTRIBUTES sa;
895 PSID pAdminGroupSID = NULL;
896 PSID pSystemGroupSID = NULL;
897 SID_IDENTIFIER_AUTHORITY SIDAuthNT = {SECURITY_NT_AUTHORITY};
899 #if defined(_MSC_VER) && _MSC_VER >= 1500
900 result = _mktemp_s(tmp_path, strlen(tmp_path) + 1);
904 "%s: ERROR: Could not create temporary file (%s) which returned (%d)",
913 if (_mktemp(tmp_path) == NULL) {
915 "%s: ERROR: Could not create temporary file (%s) which returned [(%d)-(%s)]",
926 /* Create SID for the BUILTIN\Administrators group */
927 result = AllocateAndInitializeSid(
930 SECURITY_BUILTIN_DOMAIN_RID,
931 DOMAIN_ALIAS_RID_ADMINS,
938 "%s: ERROR: Could not create BUILTIN\\Administrators group SID which returned (%lu)",
946 /* Create SID for the SYSTEM group */
947 result = AllocateAndInitializeSid(
950 SECURITY_LOCAL_SYSTEM_RID,
957 "%s: ERROR: Could not create SYSTEM group SID which returned (%lu)",
965 /* Initialize an EXPLICIT_ACCESS structure for an ACE */
966 ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
968 /* Add Administrators group */
969 ea[0].grfAccessPermissions = GENERIC_ALL;
970 ea[0].grfAccessMode = SET_ACCESS;
971 ea[0].grfInheritance = NO_INHERITANCE;
972 ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
973 ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
974 ea[0].Trustee.ptstrName = (LPTSTR)pAdminGroupSID;
976 /* Add SYSTEM group */
977 ea[1].grfAccessPermissions = GENERIC_ALL;
978 ea[1].grfAccessMode = SET_ACCESS;
979 ea[1].grfInheritance = NO_INHERITANCE;
980 ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
981 ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
982 ea[1].Trustee.ptstrName = (LPTSTR)pSystemGroupSID;
984 /* Set entries in ACL */
985 dwResult = SetEntriesInAcl(2, ea, NULL, &pACL);
987 if (dwResult != ERROR_SUCCESS) {
989 "%s: ERROR: Could not set ACL entries which returned (%lu)",
997 /* Initialize security descriptor */
998 pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(
1000 SECURITY_DESCRIPTOR_MIN_LENGTH
1005 "%s: ERROR: Could not initialize SECURITY_DESCRIPTOR because of a LocalAlloc() failure which returned (%lu)",
1013 if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {
1015 "%s: ERROR: Could not initialize SECURITY_DESCRIPTOR because of an InitializeSecurityDescriptor() failure which returned (%lu)",
1024 if (!SetSecurityDescriptorOwner(pSD, NULL, FALSE)) {
1026 "%s: ERROR: Could not set owner which returned (%lu)",
1034 /* Set group owner */
1035 if (!SetSecurityDescriptorGroup(pSD, NULL, FALSE)) {
1037 "%s: ERROR: Could not set group owner which returned (%lu)",
1045 /* Add ACL to security descriptor */
1046 if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) {
1048 "%s: ERROR: Could not set SECURITY_DESCRIPTOR DACL which returned (%lu)",
1056 /* Initialize security attributes structure */
1057 sa.nLength = sizeof (SECURITY_ATTRIBUTES);
1058 sa.lpSecurityDescriptor = pSD;
1059 sa.bInheritHandle = FALSE;
1067 FILE_ATTRIBUTE_NORMAL,
1071 if (h == INVALID_HANDLE_VALUE) {
1073 "%s: ERROR: Could not create temporary file (%s) which returned (%lu)",
1082 if (!CloseHandle(h)) {
1084 "%s: ERROR: Could not close file handle to (%s) which returned (%lu)",
1097 if (pAdminGroupSID) {
1098 FreeSid(pAdminGroupSID);
1101 if (pSystemGroupSID) {
1102 FreeSid(pSystemGroupSID);
1116 /* Get uname for Windows */
1119 int ret_size = OS_SIZE_1024 - 2;
1123 typedef void (WINAPI * PGNSI)(LPSYSTEM_INFO);
1124 typedef BOOL (WINAPI * PGPI)(DWORD, DWORD, DWORD, DWORD, PDWORD);
1126 /* See http://msdn.microsoft.com/en-us/library/windows/desktop/ms724429%28v=vs.85%29.aspx */
1127 OSVERSIONINFOEX osvi;
1131 BOOL bOsVersionInfoEx;
1134 ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
1135 osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
1137 if (!(bOsVersionInfoEx = GetVersionEx ((OSVERSIONINFO *) &osvi))) {
1138 osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
1139 if (!GetVersionEx((OSVERSIONINFO *)&osvi)) {
1144 /* Allocate memory */
1145 os_calloc(OS_SIZE_1024 + 1, sizeof(char), ret);
1146 ret[OS_SIZE_1024] = '\0';
1148 switch (osvi.dwPlatformId) {
1149 /* Test for the Windows NT product family */
1150 case VER_PLATFORM_WIN32_NT:
1151 if (osvi.dwMajorVersion == 6) {
1152 if (osvi.dwMinorVersion == 0) {
1153 if (osvi.wProductType == VER_NT_WORKSTATION ) {
1154 strncat(ret, "Microsoft Windows Vista ", ret_size - 1);
1156 strncat(ret, "Microsoft Windows Server 2008 ", ret_size - 1);
1158 } else if (osvi.dwMinorVersion == 1) {
1159 if (osvi.wProductType == VER_NT_WORKSTATION ) {
1160 strncat(ret, "Microsoft Windows 7 ", ret_size - 1);
1162 strncat(ret, "Microsoft Windows Server 2008 R2 ", ret_size - 1);
1164 } else if (osvi.dwMinorVersion == 2) {
1165 if (osvi.wProductType == VER_NT_WORKSTATION ) {
1166 strncat(ret, "Microsoft Windows 8 ", ret_size - 1);
1168 strncat(ret, "Microsoft Windows Server 2012 ", ret_size - 1);
1170 } else if (osvi.dwMinorVersion == 3) {
1171 if (osvi.wProductType == VER_NT_WORKSTATION ) {
1172 strncat(ret, "Microsoft Windows 8.1 ", ret_size - 1);
1174 strncat(ret, "Microsoft Windows Server 2012 R2 ", ret_size - 1);
1178 ret_size -= strlen(ret) + 1;
1181 /* Get product version */
1182 pGPI = (PGPI) GetProcAddress(
1183 GetModuleHandle(TEXT("kernel32.dll")),
1186 pGPI( 6, 0, 0, 0, &dwType);
1189 case PRODUCT_UNLICENSED:
1190 strncat(ret, PRODUCT_UNLICENSED_C, ret_size - 1);
1192 case PRODUCT_BUSINESS:
1193 strncat(ret, PRODUCT_BUSINESS_C, ret_size - 1);
1195 case PRODUCT_BUSINESS_N:
1196 strncat(ret, PRODUCT_BUSINESS_N_C, ret_size - 1);
1198 case PRODUCT_CLUSTER_SERVER:
1199 strncat(ret, PRODUCT_CLUSTER_SERVER_C, ret_size - 1);
1201 case PRODUCT_DATACENTER_SERVER:
1202 strncat(ret, PRODUCT_DATACENTER_SERVER_C, ret_size - 1);
1204 case PRODUCT_DATACENTER_SERVER_CORE:
1205 strncat(ret, PRODUCT_DATACENTER_SERVER_CORE_C, ret_size - 1);
1207 case PRODUCT_DATACENTER_SERVER_CORE_V:
1208 strncat(ret, PRODUCT_DATACENTER_SERVER_CORE_V_C, ret_size - 1);
1210 case PRODUCT_DATACENTER_SERVER_V:
1211 strncat(ret, PRODUCT_DATACENTER_SERVER_V_C, ret_size - 1);
1213 case PRODUCT_ENTERPRISE:
1214 strncat(ret, PRODUCT_ENTERPRISE_C, ret_size - 1);
1216 case PRODUCT_ENTERPRISE_N:
1217 strncat(ret, PRODUCT_ENTERPRISE_N_C, ret_size - 1);
1219 case PRODUCT_ENTERPRISE_SERVER:
1220 strncat(ret, PRODUCT_ENTERPRISE_SERVER_C, ret_size - 1);
1222 case PRODUCT_ENTERPRISE_SERVER_CORE:
1223 strncat(ret, PRODUCT_ENTERPRISE_SERVER_CORE_C, ret_size - 1);
1225 case PRODUCT_ENTERPRISE_SERVER_CORE_V:
1226 strncat(ret, PRODUCT_ENTERPRISE_SERVER_CORE_V_C, ret_size - 1);
1228 case PRODUCT_ENTERPRISE_SERVER_IA64:
1229 strncat(ret, PRODUCT_ENTERPRISE_SERVER_IA64_C, ret_size - 1);
1231 case PRODUCT_ENTERPRISE_SERVER_V:
1232 strncat(ret, PRODUCT_ENTERPRISE_SERVER_V_C, ret_size - 1);
1234 case PRODUCT_HOME_BASIC:
1235 strncat(ret, PRODUCT_HOME_BASIC_C, ret_size - 1);
1237 case PRODUCT_HOME_BASIC_N:
1238 strncat(ret, PRODUCT_HOME_BASIC_N_C, ret_size - 1);
1240 case PRODUCT_HOME_PREMIUM:
1241 strncat(ret, PRODUCT_HOME_PREMIUM_C, ret_size - 1);
1243 case PRODUCT_HOME_PREMIUM_N:
1244 strncat(ret, PRODUCT_HOME_PREMIUM_N_C, ret_size - 1);
1246 case PRODUCT_HOME_SERVER:
1247 strncat(ret, PRODUCT_HOME_SERVER_C, ret_size - 1);
1249 case PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT:
1250 strncat(ret, PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C, ret_size - 1);
1252 case PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING:
1253 strncat(ret, PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C, ret_size - 1);
1255 case PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY:
1256 strncat(ret, PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C, ret_size - 1);
1258 case PRODUCT_SERVER_FOR_SMALLBUSINESS:
1259 strncat(ret, PRODUCT_SERVER_FOR_SMALLBUSINESS_C, ret_size - 1);
1261 case PRODUCT_SMALLBUSINESS_SERVER:
1262 strncat(ret, PRODUCT_SMALLBUSINESS_SERVER_C, ret_size - 1);
1264 case PRODUCT_SMALLBUSINESS_SERVER_PREMIUM:
1265 strncat(ret, PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C, ret_size - 1);
1267 case PRODUCT_STANDARD_SERVER:
1268 strncat(ret, PRODUCT_STANDARD_SERVER_C, ret_size - 1);
1270 case PRODUCT_STANDARD_SERVER_CORE:
1271 strncat(ret, PRODUCT_STANDARD_SERVER_CORE_C, ret_size - 1);
1273 case PRODUCT_STANDARD_SERVER_CORE_V:
1274 strncat(ret, PRODUCT_STANDARD_SERVER_CORE_V_C, ret_size - 1);
1276 case PRODUCT_STANDARD_SERVER_V:
1277 strncat(ret, PRODUCT_STANDARD_SERVER_V_C, ret_size - 1);
1279 case PRODUCT_STARTER:
1280 strncat(ret, PRODUCT_STARTER_C, ret_size - 1);
1282 case PRODUCT_STORAGE_ENTERPRISE_SERVER:
1283 strncat(ret, PRODUCT_STORAGE_ENTERPRISE_SERVER_C, ret_size - 1);
1285 case PRODUCT_STORAGE_EXPRESS_SERVER:
1286 strncat(ret, PRODUCT_STORAGE_EXPRESS_SERVER_C, ret_size - 1);
1288 case PRODUCT_STORAGE_STANDARD_SERVER:
1289 strncat(ret, PRODUCT_STORAGE_STANDARD_SERVER_C, ret_size - 1);
1291 case PRODUCT_STORAGE_WORKGROUP_SERVER:
1292 strncat(ret, PRODUCT_STORAGE_WORKGROUP_SERVER_C, ret_size - 1);
1294 case PRODUCT_ULTIMATE:
1295 strncat(ret, PRODUCT_ULTIMATE_C, ret_size - 1);
1297 case PRODUCT_ULTIMATE_N:
1298 strncat(ret, PRODUCT_ULTIMATE_N_C, ret_size - 1);
1300 case PRODUCT_WEB_SERVER:
1301 strncat(ret, PRODUCT_WEB_SERVER_C, ret_size - 1);
1303 case PRODUCT_WEB_SERVER_CORE:
1304 strncat(ret, PRODUCT_WEB_SERVER_CORE_C, ret_size - 1);
1308 ret_size -= strlen(ret) + 1;
1309 } else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2) {
1310 pGNSI = (PGNSI) GetProcAddress(
1311 GetModuleHandle("kernel32.dll"),
1312 "GetNativeSystemInfo");
1313 if (NULL != pGNSI) {
1317 if ( GetSystemMetrics(89) )
1318 strncat(ret, "Microsoft Windows Server 2003 R2 ",
1320 else if (osvi.wProductType == VER_NT_WORKSTATION &&
1321 si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) {
1323 "Microsoft Windows XP Professional x64 Edition ",
1326 strncat(ret, "Microsoft Windows Server 2003, ", ret_size - 1);
1329 ret_size -= strlen(ret) + 1;
1330 } else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1) {
1331 strncat(ret, "Microsoft Windows XP ", ret_size - 1);
1333 ret_size -= strlen(ret) + 1;
1334 } else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0) {
1335 strncat(ret, "Microsoft Windows 2000 ", ret_size - 1);
1337 ret_size -= strlen(ret) + 1;
1338 } else if (osvi.dwMajorVersion <= 4) {
1339 strncat(ret, "Microsoft Windows NT ", ret_size - 1);
1341 ret_size -= strlen(ret) + 1;
1343 strncat(ret, "Microsoft Windows Unknown ", ret_size - 1);
1345 ret_size -= strlen(ret) + 1;
1348 /* Test for specific product on Windows NT 4.0 SP6 and later */
1349 if (bOsVersionInfoEx) {
1350 /* Test for the workstation type */
1351 if (osvi.wProductType == VER_NT_WORKSTATION &&
1352 si.wProcessorArchitecture != PROCESSOR_ARCHITECTURE_AMD64) {
1353 if ( osvi.dwMajorVersion == 4 ) {
1354 strncat(ret, "Workstation 4.0 ", ret_size - 1);
1355 } else if ( osvi.wSuiteMask & VER_SUITE_PERSONAL ) {
1356 strncat(ret, "Home Edition ", ret_size - 1);
1358 strncat(ret, "Professional ", ret_size - 1);
1362 ret_size -= strlen(ret) + 1;
1365 /* Test for the server type */
1366 else if ( osvi.wProductType == VER_NT_SERVER ||
1367 osvi.wProductType == VER_NT_DOMAIN_CONTROLLER ) {
1368 if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2) {
1369 if (si.wProcessorArchitecture ==
1370 PROCESSOR_ARCHITECTURE_IA64 ) {
1371 if ( osvi.wSuiteMask & VER_SUITE_DATACENTER )
1373 "Datacenter Edition for Itanium-based Systems ",
1375 else if ( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1377 "Enterprise Edition for Itanium-based Systems ",
1380 ret_size -= strlen(ret) + 1;
1381 } else if ( si.wProcessorArchitecture ==
1382 PROCESSOR_ARCHITECTURE_AMD64 ) {
1383 if ( osvi.wSuiteMask & VER_SUITE_DATACENTER )
1384 strncat(ret, "Datacenter x64 Edition ",
1386 else if ( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1387 strncat(ret, "Enterprise x64 Edition ",
1390 strncat(ret, "Standard x64 Edition ",
1393 ret_size -= strlen(ret) + 1;
1395 if ( osvi.wSuiteMask & VER_SUITE_DATACENTER )
1396 strncat(ret, "Datacenter Edition ",
1398 else if ( osvi.wSuiteMask & VER_SUITE_ENTERPRISE ) {
1399 strncat(ret, "Enterprise Edition ", ret_size - 1);
1400 } else if ( osvi.wSuiteMask == VER_SUITE_BLADE ) {
1401 strncat(ret, "Web Edition ", ret_size - 1 );
1403 strncat(ret, "Standard Edition ", ret_size - 1);
1406 ret_size -= strlen(ret) + 1;
1408 } else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0) {
1409 if ( osvi.wSuiteMask & VER_SUITE_DATACENTER ) {
1410 strncat(ret, "Datacenter Server ", ret_size - 1);
1411 } else if ( osvi.wSuiteMask & VER_SUITE_ENTERPRISE ) {
1412 strncat(ret, "Advanced Server ", ret_size - 1 );
1414 strncat(ret, "Server ", ret_size - 1);
1417 ret_size -= strlen(ret) + 1;
1418 } else if (osvi.dwMajorVersion <= 4) { /* Windows NT 4.0 */
1419 if ( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
1420 strncat(ret, "Server 4.0, Enterprise Edition ",
1423 strncat(ret, "Server 4.0 ", ret_size - 1);
1426 ret_size -= strlen(ret) + 1;
1430 /* Test for specific product on Windows NT 4.0 SP5 and earlier */
1433 char szProductType[81];
1434 DWORD dwBufLen = 80;
1437 lRet = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
1438 "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
1439 0, KEY_QUERY_VALUE, &hKey );
1440 if (lRet == ERROR_SUCCESS) {
1443 lRet = RegQueryValueEx( hKey, "ProductType", NULL, NULL,
1444 (LPBYTE) szProductType, &dwBufLen);
1445 RegCloseKey( hKey );
1447 if ((lRet == ERROR_SUCCESS) && (dwBufLen < 80) ) {
1448 if (lstrcmpi( "WINNT", szProductType) == 0 ) {
1449 strncat(ret, "Workstation ", ret_size - 1);
1450 } else if (lstrcmpi( "LANMANNT", szProductType) == 0 ) {
1451 strncat(ret, "Server ", ret_size - 1);
1452 } else if (lstrcmpi( "SERVERNT", szProductType) == 0 ) {
1453 strncat(ret, "Advanced Server " , ret_size - 1);
1456 ret_size -= strlen(ret) + 1;
1458 memset(__wv, '\0', 32);
1461 (int)osvi.dwMajorVersion,
1462 (int)osvi.dwMinorVersion);
1464 strncat(ret, __wv, ret_size - 1);
1465 ret_size -= strlen(__wv) + 1;
1470 /* Display service pack (if any) and build number */
1471 if ( osvi.dwMajorVersion == 4 &&
1472 lstrcmpi( osvi.szCSDVersion, "Service Pack 6" ) == 0 ) {
1477 memset(__wp, '\0', 64);
1478 /* Test for SP6 versus SP6a */
1479 lRet = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
1480 "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Hotfix\\Q246009",
1481 0, KEY_QUERY_VALUE, &hKey );
1482 if ( lRet == ERROR_SUCCESS )
1483 snprintf(__wp, 63, "Service Pack 6a (Build %d)",
1484 (int)osvi.dwBuildNumber & 0xFFFF );
1485 else { /* Windows NT 4.0 prior to SP6a */
1486 snprintf(__wp, 63, "%s (Build %d)",
1488 (int)osvi.dwBuildNumber & 0xFFFF);
1491 strncat(ret, __wp, ret_size - 1);
1492 ret_size -= strlen(__wp) + 1;
1493 RegCloseKey( hKey );
1497 memset(__wp, '\0', 64);
1499 snprintf(__wp, 63, "%s (Build %d)",
1501 (int)osvi.dwBuildNumber & 0xFFFF);
1503 strncat(ret, __wp, ret_size - 1);
1504 ret_size -= strlen(__wp) + 1;
1508 /* Test for Windows Me/98/95 */
1509 case VER_PLATFORM_WIN32_WINDOWS:
1510 if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 0) {
1511 strncat(ret, "Microsoft Windows 95 ", ret_size - 1);
1512 ret_size -= strlen(ret) + 1;
1515 if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 10) {
1516 strncat(ret, "Microsoft Windows 98 ", ret_size - 1);
1517 ret_size -= strlen(ret) + 1;
1520 if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 90) {
1521 strncat(ret, "Microsoft Windows Millennium Edition",
1524 ret_size -= strlen(ret) + 1;
1528 case VER_PLATFORM_WIN32s:
1529 strncat(ret, "Microsoft Win32s", ret_size - 1);
1530 ret_size -= strlen(ret) + 1;
1534 /* Add OSSEC-HIDS version */
1535 snprintf(os_v, 128, " - %s %s", __ossec_name, __version);
1536 strncat(ret, os_v, ret_size - 1);
1545 int w_ref_parent_folder(const char * path) {
1573 for (str = path; ptr = strstr(str, "/.."), ptr || (ptr = strstr(str, "\\.."), ptr); str = ptr + 3) {
1574 if (ptr[3] == '\0' || ptr[3] == '/' || ptr[3] == '\\') {
1576 for (str = path; ptr = strstr(str, "/.."), ptr; str = ptr + 3) {
1577 if (ptr[3] == '\0' || ptr[3] == '/') {