* and/or modify it under the terms of the GNU General Public
* License (version 2) as published by the FSF - Free Software
* Foundation.
* and/or modify it under the terms of the GNU General Public
* License (version 2) as published by the FSF - Free Software
* Foundation.
#include "shared.h"
#include "syscheck.h"
#include "os_crypto/md5/md5_op.h"
#include "os_crypto/sha1/sha1_op.h"
#include "os_crypto/md5_sha1/md5_sha1_op.h"
#include "shared.h"
#include "syscheck.h"
#include "os_crypto/md5/md5_op.h"
#include "os_crypto/sha1/sha1_op.h"
#include "os_crypto/md5_sha1/md5_sha1_op.h"
void os_winreg_open_key(char *subkey, char *fullkey_name);
int os_winreg_changed(char *key, char *md5, char *sha1)
{
void os_winreg_open_key(char *subkey, char *fullkey_name);
int os_winreg_changed(char *key, char *md5, char *sha1)
{
- while(fgets(buf, MAX_LINE, syscheck.reg_fp) != NULL)
- {
- if((buf[0] != '#') && (buf[0] != ' ') && (buf[0] != '\n'))
- {
+ while (fgets(buf, MAX_LINE, syscheck.reg_fp) != NULL) {
+ if ((buf[0] != '#') && (buf[0] != ' ') && (buf[0] != '\n')) {
- if((strncmp(buf, md5, sizeof(os_md5) -1) == 0)&&
- (strcmp(buf + sizeof(os_md5) -1, sha1) == 0))
- {
- /* File didn't change. */
- return(0);
+ if ((strncmp(buf, md5, sizeof(os_md5) - 1) == 0) &&
+ (strcmp(buf + sizeof(os_md5) - 1, sha1) == 0)) {
+ /* File didn't change */
+ return (0);
}
}
fseek(syscheck.reg_fp, 0, SEEK_END);
fprintf(syscheck.reg_fp, "%s%s %s\n", md5, sha1, key);
}
}
fseek(syscheck.reg_fp, 0, SEEK_END);
fprintf(syscheck.reg_fp, "%s%s %s\n", md5, sha1, key);
-
-/** int notify_registry(char *msg)
- * Notifies of registry changes.
- */
-int notify_registry(char *msg, int send_now)
+/* Notify of registry changes */
+int notify_registry(char *msg, __attribute__((unused)) int send_now)
- if(SendMSG(syscheck.queue, msg,
- SYSCHECK_REG, SYSCHECK_MQ) < 0)
- {
+ if (SendMSG(syscheck.queue, msg,
+ SYSCHECK_REG, SYSCHECK_MQ) < 0) {
SendMSG(syscheck.queue, msg, SYSCHECK_REG, SYSCHECK_MQ);
}
SendMSG(syscheck.queue, msg, SYSCHECK_REG, SYSCHECK_MQ);
}
/* Initializing the memory for some variables */
class_name_b[0] = '\0';
class_name_b[MAX_PATH] = '\0';
sub_key_name_b[0] = '\0';
sub_key_name_b[MAX_KEY_LENGTH] = '\0';
/* Initializing the memory for some variables */
class_name_b[0] = '\0';
class_name_b[MAX_PATH] = '\0';
sub_key_name_b[0] = '\0';
sub_key_name_b[MAX_KEY_LENGTH] = '\0';
rc = RegQueryInfoKey(hKey, class_name_b, &class_name_s, NULL,
rc = RegQueryInfoKey(hKey, class_name_b, &class_name_s, NULL,
- &subkey_count, NULL, NULL, &value_count,
- NULL, NULL, NULL, NULL);
+ &subkey_count, NULL, NULL, &value_count,
+ NULL, NULL, NULL, NULL);
-
-
- /* Checking if we have sub keys */
- if(subkey_count)
- {
- /* We open each subkey and call open_key */
- for(i=0;i<subkey_count;i++)
- {
+ /* Check if we have sub keys */
+ if (subkey_count) {
+ /* Open each subkey and call open_key */
+ for (i = 0; i < subkey_count; i++) {
sub_key_name_s = MAX_KEY_LENGTH;
rc = RegEnumKeyEx(hKey, i, sub_key_name_b, &sub_key_name_s,
NULL, NULL, NULL, NULL);
sub_key_name_s = MAX_KEY_LENGTH;
rc = RegEnumKeyEx(hKey, i, sub_key_name_b, &sub_key_name_s,
NULL, NULL, NULL, NULL);
snprintf(new_key, MAX_KEY,
"%s\\%s", p_key, sub_key_name_b);
snprintf(new_key_full, MAX_KEY,
"%s\\%s", full_key_name, sub_key_name_b);
snprintf(new_key, MAX_KEY,
"%s\\%s", p_key, sub_key_name_b);
snprintf(new_key_full, MAX_KEY,
"%s\\%s", full_key_name, sub_key_name_b);
snprintf(new_key, MAX_KEY, "%s", sub_key_name_b);
snprintf(new_key_full, MAX_KEY,
"%s\\%s", full_key_name, sub_key_name_b);
}
snprintf(new_key, MAX_KEY, "%s", sub_key_name_b);
snprintf(new_key_full, MAX_KEY,
"%s\\%s", full_key_name, sub_key_name_b);
}
value_buffer[MAX_VALUE_NAME] = '\0';
data_buffer[MAX_VALUE_NAME] = '\0';
checksum_fp = fopen(SYS_REG_TMP, "w");
value_buffer[MAX_VALUE_NAME] = '\0';
data_buffer[MAX_VALUE_NAME] = '\0';
checksum_fp = fopen(SYS_REG_TMP, "w");
- if(!checksum_fp)
- {
- printf(FOPEN_ERROR, ARGV0, SYS_REG_TMP);
+ if (!checksum_fp) {
+ printf(FOPEN_ERROR, ARGV0, SYS_REG_TMP, errno, strerror(errno));
data_buffer[0] = '\0';
rc = RegEnumValue(hKey, i, value_buffer, &value_size,
data_buffer[0] = '\0';
rc = RegEnumValue(hKey, i, value_buffer, &value_size,
- NULL, &data_type, (LPBYTE)data_buffer, &data_size);
+ NULL, &data_type, (LPBYTE)data_buffer, &data_size);
fprintf(checksum_fp, "%02x",
(unsigned int)data_buffer[j]);
}
fprintf(checksum_fp, "\n");
fprintf(checksum_fp, "%02x",
(unsigned int)data_buffer[j]);
}
fprintf(checksum_fp, "\n");
- if(OS_MD5_SHA1_File(SYS_REG_TMP, syscheck.prefilter_cmd, mf_sum, sf_sum) == -1)
- {
- merror(FOPEN_ERROR, ARGV0, SYS_REG_TMP);
+ if (OS_MD5_SHA1_File(SYS_REG_TMP, syscheck.prefilter_cmd, mf_sum, sf_sum, OS_TEXT) == -1) {
+ merror(FOPEN_ERROR, ARGV0, SYS_REG_TMP, errno, strerror(errno));
-
- /* Looking for p_key on the reg db */
- if(os_winreg_changed(full_key_name, mf_sum, sf_sum))
- {
- char reg_changed[MAX_LINE +1];
+ /* Look for p_key on the reg db */
+ if (os_winreg_changed(full_key_name, mf_sum, sf_sum)) {
+ char reg_changed[MAX_LINE + 1];
snprintf(reg_changed, MAX_LINE, "0:0:0:0:%s:%s %s",
snprintf(reg_changed, MAX_LINE, "0:0:0:0:%s:%s %s",
- /* sleep X every Y files */
- if(ig_count >= syscheck.sleep_after)
- {
- sleep(syscheck.tsleep +1);
+ /* Sleep X every Y files */
+ if (ig_count >= syscheck.sleep_after) {
+ sleep(syscheck.tsleep + 1);
- if(full_key_name && syscheck.registry_ignore)
- {
- while(syscheck.registry_ignore[i] != NULL)
- {
- if(strcasecmp(syscheck.registry_ignore[i], full_key_name) == 0)
- {
+ if (full_key_name && syscheck.registry_ignore) {
+ while (syscheck.registry_ignore[i] != NULL) {
+ if (strcasecmp(syscheck.registry_ignore[i], full_key_name) == 0) {
- while(syscheck.registry_ignore_regex[i] != NULL)
- {
- if(OSMatch_Execute(full_key_name, strlen(full_key_name),
- syscheck.registry_ignore_regex[i]))
- {
+ while (syscheck.registry_ignore_regex[i] != NULL) {
+ if (OSMatch_Execute(full_key_name, strlen(full_key_name),
+ syscheck.registry_ignore_regex[i])) {
-
- if(RegOpenKeyEx(sub_tree, subkey, 0, KEY_READ, &oshkey) != ERROR_SUCCESS)
- {
+ if (RegOpenKeyEx(sub_tree, subkey, 0, KEY_READ, &oshkey) != ERROR_SUCCESS) {
- if(!syscheck.reg_fp)
- {
- merror(FOPEN_ERROR, ARGV0, SYS_WIN_REG);
+ if (!syscheck.reg_fp) {
+ merror(FOPEN_ERROR, ARGV0, SYS_WIN_REG, errno, strerror(errno));
merror(SK_INV_REG, ARGV0, syscheck.registry[i]);
*syscheck.registry[i] = '\0';
i++;
merror(SK_INV_REG, ARGV0, syscheck.registry[i]);
*syscheck.registry[i] = '\0';
i++;