1 /* @(#) $Id: ./src/config/rules-config.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
13 /* Functions to handle the configuration files
18 #include "global-config.h"
22 static int cmpr(const void *a, const void *b) {
23 /*printf("%s - %s\n", *(char **)a, *(char **)b);*/
24 return strcmp(*(char **)a, *(char **)b);
27 static int file_in_list(int list_size, char *f_name, char *d_name, char **alist)
30 for(i=0; i<(list_size-1); i++)
32 if((strcmp(alist[i], f_name) == 0 || strcmp(alist[i], d_name) == 0))
40 int Read_Rules(XML_NODE node, void *configp, void *mailp)
47 int decoders_size = 1;
50 char path[PATH_MAX +2];
51 char f_name[PATH_MAX +2];
60 char *xml_rules_include = "include";
61 char *xml_rules_rule = "rule";
62 char *xml_rules_rules_dir = "rule_dir";
63 char *xml_rules_lists = "list";
64 char *xml_rules_decoders = "decoder";
65 char *xml_rules_decoders_dir = "decoder_dir";
69 Config = (_Config *)configp;
71 /* initialise OSRegex */
72 regex.patterns = NULL;
73 regex.prts_closure = NULL;
74 regex.prts_str = NULL;
75 regex.sub_strings = NULL;
81 merror(XML_ELEMNULL, ARGV0);
84 else if(!node[i]->content)
86 merror(XML_VALUENULL, ARGV0, node[i]->element);
89 /* Mail notification */
90 else if((strcmp(node[i]->element, xml_rules_include) == 0) ||
91 (strcmp(node[i]->element, xml_rules_rule) == 0))
94 Config->includes = realloc(Config->includes,
95 sizeof(char *)*rules_size);
98 merror(MEM_ERROR, ARGV0);
102 os_strdup(node[i]->content,Config->includes[rules_size -2]);
103 Config->includes[rules_size -1] = NULL;
104 debug1("adding rule: %s", node[i]->content);
106 else if(strcmp(node[i]->element, xml_rules_decoders) == 0)
109 Config->decoders = realloc(Config->decoders,
110 sizeof(char *)*decoders_size);
111 if(!Config->decoders)
113 merror(MEM_ERROR, ARGV0);
117 os_strdup(node[i]->content,Config->decoders[decoders_size -2]);
118 Config->decoders[decoders_size -1] = NULL;
119 debug1("adding decoder: %s", node[i]->content);
121 else if(strcmp(node[i]->element, xml_rules_lists) == 0)
124 Config->lists = realloc(Config->lists,
125 sizeof(char *)*lists_size);
128 merror(MEM_ERROR, ARGV0);
131 os_strdup(node[i]->content,Config->lists[lists_size -2]);
132 Config->lists[lists_size -1] = NULL;
135 else if(strcmp(node[i]->element, xml_rules_lists) == 0)
138 Config->lists = realloc(Config->lists,
139 sizeof(char *)*lists_size);
142 merror(MEM_ERROR, ARGV0);
145 os_strdup(node[i]->content,Config->lists[lists_size -2]);
146 Config->lists[lists_size -1] = NULL;
149 else if(strcmp(node[i]->element, xml_rules_decoders_dir) == 0)
152 if(node[i]->attributes && node[i]->values)
154 while(node[i]->attributes[att_count])
156 if((strcasecmp(node[i]->attributes[att_count], "pattern") == 0))
158 if(node[i]->values[att_count])
160 if(!OSRegex_Compile(node[i]->values[att_count], ®ex, 0))
162 merror(CONFIG_ERROR, ARGV0, "pattern in decoders_dir does not compile");
163 merror("%s: ERROR: Regex would not compile", ARGV0);
173 OSRegex_Compile(".xml$", ®ex, 0);
177 snprintf(path,PATH_MAX +1,"%s", node[i]->content);
179 snprintf(path,PATH_MAX +1,"%s/%s", DEFAULTDIR, node[i]->content);
182 f_name[PATH_MAX +1] = '\0';
186 start_point = decoders_size- 1;
187 while((entry = readdir(dfd)) != NULL)
189 snprintf(f_name, PATH_MAX +1, "%s/%s", node[i]->content, entry->d_name);
191 /* Just ignore . and .. */
192 if((strcmp(entry->d_name,".") == 0) || (strcmp(entry->d_name,"..") == 0))
195 /* no dups allowed */
196 if(file_in_list(decoders_size, f_name, entry->d_name, Config->decoders))
199 if(OSRegex_Execute(f_name, ®ex))
202 Config->decoders= realloc(Config->decoders, sizeof(char *)*decoders_size);
203 if(!Config->decoders)
205 merror(MEM_ERROR, ARGV0);
206 OSRegex_FreePattern(®ex);
210 os_strdup(f_name, Config->decoders[decoders_size -2]);
211 Config->decoders[decoders_size -1] = NULL;
212 debug1("adding decoder: %s", f_name);
216 debug1("Regex does not match \"%s\"", f_name);
221 /* Sort just then newly added items */
222 qsort(Config->decoders + start_point , decoders_size- start_point -1, sizeof(char *), cmpr);
224 debug1("decoders_size %d", decoders_size);
225 for(ii=0;ii<decoders_size-1;ii++)
226 debug1("- %s", Config->decoders[ii]);
228 else if(strcmp(node[i]->element, xml_rules_rules_dir) == 0)
230 if(node[i]->attributes && node[i]->values)
232 while(node[i]->attributes[att_count])
234 if((strcasecmp(node[i]->attributes[att_count], "pattern") == 0))
236 if(node[i]->values[att_count])
238 if(!OSRegex_Compile(node[i]->values[att_count], ®ex, 0))
240 merror(CONFIG_ERROR, ARGV0, "pattern in rules_dir does not compile");
241 merror("%s: ERROR: Regex would not compile", ARGV0);
251 OSRegex_Compile(".xml$", ®ex, 0);
255 snprintf(path,PATH_MAX +1,"%s", node[i]->content);
257 snprintf(path,PATH_MAX +1,"%s/%s", DEFAULTDIR, node[i]->content);
260 f_name[PATH_MAX +1] = '\0';
264 start_point = rules_size - 1;
265 while((entry = readdir(dfd)) != NULL)
267 snprintf(f_name, PATH_MAX +1, "%s/%s", node[i]->content, entry->d_name);
269 /* Just ignore . and .. */
270 if((strcmp(entry->d_name,".") == 0) || (strcmp(entry->d_name,"..") == 0))
273 /* no dups allowed */
274 if(file_in_list(rules_size, f_name, entry->d_name, Config->includes))
277 if(OSRegex_Execute(f_name, ®ex))
280 Config->includes = realloc(Config->includes, sizeof(char *)*rules_size);
281 if(!Config->includes)
283 merror(MEM_ERROR, ARGV0);
284 OSRegex_FreePattern(®ex);
288 os_strdup(f_name, Config->includes[rules_size -2]);
289 Config->includes[rules_size -1] = NULL;
290 debug1("adding rule: %s", f_name);
294 debug1("Regex does not match \"%s\"", f_name);
299 /* Sort just then newly added items */
300 qsort(Config->includes + start_point , rules_size - start_point -1, sizeof(char *), cmpr);
305 merror(XML_INVELEM, ARGV0, node[i]->element);
306 OSRegex_FreePattern(®ex);
projects / ossec-hids.git / blob