- tmpstr++;
- }
- }
- if(parseok == 0)
- {
- merror("%s: ERROR: Invalid request for new agent from: %s", ARGV0, srcip);
- }
- else
- {
- int acount = 2;
- char fname[2048 +1];
- char response[2048 +1];
- char *finalkey = NULL;
- response[2048] = '\0';
- fname[2048] = '\0';
- if(!OS_IsValidName(agentname))
- {
- merror("%s: ERROR: Invalid agent name: %s from %s", ARGV0, agentname, srcip);
- snprintf(response, 2048, "ERROR: Invalid agent name: %s\n\n", agentname);
- ret = SSL_write(ssl, response, strlen(response));
- snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
- ret = SSL_write(ssl, response, strlen(response));
- sleep(1);
- exit(0);
- }
-
-
- /* Checking for a duplicated names. */
- strncpy(fname, agentname, 2048);
- while(NameExist(fname))
- {
- snprintf(fname, 2048, "%s%d", agentname, acount);
- acount++;
- if(acount > 256)
- {
- merror("%s: ERROR: Invalid agent name %s (duplicated)", ARGV0, agentname);
- snprintf(response, 2048, "ERROR: Invalid agent name: %s\n\n", agentname);
- ret = SSL_write(ssl, response, strlen(response));
- snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
+ } else {
+ satop((struct sockaddr *) &_nc, srcip, IPSIZE);
+ char *agentname = NULL;
+ ssl = SSL_new(ctx);
+ SSL_set_fd(ssl, client_sock);
+
+ do {
+ ret = SSL_accept(ssl);
+
+ if (ssl_error(ssl, ret)) {
+ clean_exit(ctx, client_sock);
+ }
+
+ } while (ret <= 0);
+ verbose("%s: INFO: New connection from %s", ARGV0, srcip);
+ buf[0] = '\0';
+
+ do {
+ ret = SSL_read(ssl, buf, sizeof(buf));
+
+ if (ssl_error(ssl, ret)) {
+ clean_exit(ctx, client_sock);
+ }
+
+ } while (ret <= 0);
+
+ int parseok = 0;
+ char *tmpstr = buf;
+
+ /* Checking for shared password authentication. */
+ if(authpass) {
+ /* Format is pretty simple: OSSEC PASS: PASS WHATEVERACTION */
+ if (strncmp(tmpstr, "OSSEC PASS: ", 12) == 0) {
+ tmpstr = tmpstr + 12;
+
+ if (strlen(tmpstr) > strlen(authpass) && strncmp(tmpstr, authpass, strlen(authpass)) == 0) {
+ tmpstr += strlen(authpass);
+
+ if (*tmpstr == ' ') {
+ tmpstr++;
+ parseok = 1;
+ }
+ }
+ }
+ if (parseok == 0) {
+ merror("%s: ERROR: Invalid password provided by %s. Closing connection.", ARGV0, srcip);
+ SSL_CTX_free(ctx);
+ close(client_sock);
+ exit(0);
+ }
+ }
+
+ /* Checking for action A (add agent) */
+ parseok = 0;
+ if (strncmp(tmpstr, "OSSEC A:'", 9) == 0) {
+ agentname = tmpstr + 9;
+ tmpstr += 9;
+ while (*tmpstr != '\0') {
+ if (*tmpstr == '\'') {
+ *tmpstr = '\0';
+ verbose("%s: INFO: Received request for a new agent (%s) from: %s", ARGV0, agentname, srcip);
+ parseok = 1;
+ break;
+ }
+ tmpstr++;
+ }
+ }
+ if (parseok == 0) {
+ merror("%s: ERROR: Invalid request for new agent from: %s", ARGV0, srcip);
+ } else {
+ int acount = 2;
+ char fname[2048 + 1];
+ char response[2048 + 1];
+ char *finalkey = NULL;
+ response[2048] = '\0';
+ fname[2048] = '\0';
+ if (!OS_IsValidName(agentname)) {
+ merror("%s: ERROR: Invalid agent name: %s from %s", ARGV0, agentname, srcip);
+ snprintf(response, 2048, "ERROR: Invalid agent name: %s\n\n", agentname);
+ SSL_write(ssl, response, strlen(response));
+ snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
+ SSL_write(ssl, response, strlen(response));
+ sleep(1);
+ exit(0);
+ }
+
+ /* Check for duplicate names */
+ strncpy(fname, agentname, 2048);
+ while (NameExist(fname)) {
+ snprintf(fname, 2048, "%s%d", agentname, acount);
+ acount++;
+ if (acount > 256) {
+ merror("%s: ERROR: Invalid agent name %s (duplicated)", ARGV0, agentname);
+ snprintf(response, 2048, "ERROR: Invalid agent name: %s\n\n", agentname);
+ SSL_write(ssl, response, strlen(response));
+ snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
+ SSL_write(ssl, response, strlen(response));
+ sleep(1);
+ exit(0);
+ }
+ }
+ agentname = fname;
+
+ /* Check for duplicate IP addresses */
+ char *check_ip_address = NULL;
+ check_ip_address = IPExist(srcip);
+ if(check_ip_address) {
+ merror("%s: ERROR: Invalid IP address %s (duplicated)", ARGV0, check_ip_address);
+ snprintf(response, 2048, "ERROR: Invalid IP address: %s\n\n", check_ip_address);
+ SSL_write(ssl, response, strlen(response));
+ snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
+ SSL_write(ssl, response, strlen(response));
+ sleep(1);
+ exit(0);
+ }
+
+ /* Add the new agent */
+ if (use_ip_address) {
+ finalkey = OS_AddNewAgent(agentname, srcip, NULL);
+ } else {
+ finalkey = OS_AddNewAgent(agentname, NULL, NULL);
+ }
+ if (!finalkey) {
+ merror("%s: ERROR: Unable to add agent: %s (internal error)", ARGV0, agentname);
+ snprintf(response, 2048, "ERROR: Internal manager error adding agent: %s\n\n", agentname);
+ SSL_write(ssl, response, strlen(response));
+ snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
+ SSL_write(ssl, response, strlen(response));
+ sleep(1);
+ exit(0);
+ }
+
+ snprintf(response, 2048, "OSSEC K:'%s'\n\n", finalkey);
+ verbose("%s: INFO: Agent key generated for %s (requested by %s)", ARGV0, agentname, srcip);