X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fos_crypto%2Fshared%2Fkeys.c;h=587f083ad03888c6eeae4b1eb4e9e172bcef77ee;hp=d70aab5b70db5235b17a9bd75d8587a062f4435c;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/os_crypto/shared/keys.c b/src/os_crypto/shared/keys.c index d70aab5..587f083 100755 --- a/src/os_crypto/shared/keys.c +++ b/src/os_crypto/shared/keys.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/os_crypto/shared/keys.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. @@ -8,7 +9,7 @@ * License (version 2) as published by the FSF - Free Software * Foundation. * - * License details at the LICENSE file included with OSSEC or + * License details at the LICENSE file included with OSSEC or * online at: http://www.ossec.net/en/licensing.html */ @@ -23,7 +24,7 @@ -/* __memclear: Clears keys entries. +/* __memclear: Clears keys entries. */ void __memclear(char *id, char *name, char *ip, char *key, int size) { @@ -40,10 +41,10 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key) { os_md5 filesum1; os_md5 filesum2; - - char *tmp_str; + + char *tmp_str; char _finalstr[KEYSIZE]; - + /* Allocating for the whole structure */ keys->keyentries =(keyentry **)realloc(keys->keyentries, @@ -53,32 +54,32 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key) ErrorExit(MEM_ERROR, __local_name); } os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]); - - + + /* Setting configured values for id */ os_strdup(id, keys->keyentries[keys->keysize]->id); - OSHash_Add(keys->keyhash_id, - keys->keyentries[keys->keysize]->id, + OSHash_Add(keys->keyhash_id, + keys->keyentries[keys->keysize]->id, keys->keyentries[keys->keysize]); - - + + /* agent ip */ os_calloc(1, sizeof(os_ip), keys->keyentries[keys->keysize]->ip); if(OS_IsValidIP(ip, keys->keyentries[keys->keysize]->ip) == 0) { ErrorExit(INVALID_IP, __local_name, ip); } - + /* We need to remove the "/" from the cidr */ if((tmp_str = strchr(keys->keyentries[keys->keysize]->ip->ip, '/')) != NULL) { *tmp_str = '\0'; } - OSHash_Add(keys->keyhash_ip, - keys->keyentries[keys->keysize]->ip->ip, + OSHash_Add(keys->keyhash_ip, + keys->keyentries[keys->keysize]->ip->ip, keys->keyentries[keys->keysize]); - + /* agent name */ os_strdup(name, keys->keyentries[keys->keysize]->name); @@ -90,15 +91,15 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key) keys->keyentries[keys->keysize]->fp = NULL; - + /** Generating final symmetric key **/ - + /* MD5 from name, id and key */ OS_MD5_Str(name, filesum1); OS_MD5_Str(id, filesum2); - /* Generating new filesum1 */ + /* Generating new filesum1 */ snprintf(_finalstr, sizeof(_finalstr)-1, "%s%s", filesum1, filesum2); @@ -111,7 +112,7 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key) /* Second md is just the key */ OS_MD5_Str(key, filesum2); - + /* Generating final key */ memset(_finalstr,'\0', sizeof(_finalstr)); snprintf(_finalstr, 49, "%s%s", filesum2, filesum1); @@ -127,14 +128,14 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key) /* ready for next */ keys->keysize++; - - + + return; } -/* int OS_CheckKeys(): - * Checks if the authentication key file is present +/* int OS_CheckKeys(): + * Checks if the authentication key file is present */ int OS_CheckKeys() { @@ -171,15 +172,15 @@ int OS_CheckKeys() void OS_ReadKeys(keystore *keys) { FILE *fp; - + char buffer[OS_BUFFER_SIZE +1]; - + char name[KEYSIZE +1]; char ip[KEYSIZE +1]; char id[KEYSIZE +1]; char key[KEYSIZE +1]; - - + + /* Checking if the keys file is present and we can read it. */ if((keys->file_change = File_DateofChange(KEYS_FILE)) < 0) { @@ -221,7 +222,7 @@ void OS_ReadKeys(keystore *keys) { char *tmp_str; char *valid_str; - + if((buffer[0] == '#') || (buffer[0] == ' ')) continue; @@ -244,7 +245,7 @@ void OS_ReadKeys(keystore *keys) { continue; } - + /* Getting name */ valid_str = tmp_str; tmp_str = strchr(tmp_str, ' '); @@ -257,7 +258,7 @@ void OS_ReadKeys(keystore *keys) tmp_str++; strncpy(name, valid_str, KEYSIZE -1); - + /* Getting ip address */ valid_str = tmp_str; tmp_str = strchr(tmp_str, ' '); @@ -270,7 +271,7 @@ void OS_ReadKeys(keystore *keys) tmp_str++; strncpy(ip, valid_str, KEYSIZE -1); - + /* Getting key */ valid_str = tmp_str; tmp_str = strchr(tmp_str, '\n'); @@ -287,8 +288,8 @@ void OS_ReadKeys(keystore *keys) /* Clearing the memory */ - __memclear(id, name, ip, key, KEYSIZE +1); - + __memclear(id, name, ip, key, KEYSIZE +1); + /* Checking for maximum agent size */ if(keys->keysize >= (MAX_AGENTS -2)) @@ -296,11 +297,11 @@ void OS_ReadKeys(keystore *keys) merror(AG_MAX_ERROR, __local_name, MAX_AGENTS -2); ErrorExit(CONFIG_ERROR, __local_name, KEYS_FILE); } - + continue; } - - + + /* Closing key file. */ fclose(fp); @@ -343,12 +344,12 @@ void OS_FreeKeys(keystore *keys) keys->keysize = 0; keys->keyhash_id =NULL; keys->keyhash_ip = NULL; - - + + /* Sleeping to give time to other threads to stop using them. */ sleep(1); - - + + /* Freeing the hashes */ OSHash_Free(hashid); OSHash_Free(haship); @@ -363,16 +364,16 @@ void OS_FreeKeys(keystore *keys) free(keys->keyentries[i]->ip->ip); free(keys->keyentries[i]->ip); } - - if(keys->keyentries[i]->id) + + if(keys->keyentries[i]->id) free(keys->keyentries[i]->id); - + if(keys->keyentries[i]->key) free(keys->keyentries[i]->key); if(keys->keyentries[i]->name) free(keys->keyentries[i]->name); - + /* Closing counter */ if(keys->keyentries[i]->fp) fclose(keys->keyentries[i]->fp); @@ -381,7 +382,7 @@ void OS_FreeKeys(keystore *keys) keys->keyentries[i] = NULL; } } - + /* Freeing structure */ free(keys->keyentries); keys->keyentries = NULL; @@ -411,20 +412,20 @@ int OS_UpdateKeys(keystore *keys) { merror(ENCFILE_CHANGED, __local_name); debug1("%s: DEBUG: Freekeys", __local_name); - + OS_FreeKeys(keys); debug1("%s: DEBUG: OS_ReadKeys", __local_name); - + /* Reading keys */ verbose(ENC_READ, __local_name); - + OS_ReadKeys(keys); debug1("%s: DEBUG: OS_StartCounter", __local_name); - + OS_StartCounter(keys); debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name); - + return(1); } return(0); @@ -432,7 +433,7 @@ int OS_UpdateKeys(keystore *keys) /* OS_IsAllowedIP() - * Checks if an IP address is allowed to connect. + * Checks if an IP address is allowed to connect. */ int OS_IsAllowedIP(keystore *keys, char *srcip) { @@ -440,7 +441,7 @@ int OS_IsAllowedIP(keystore *keys, char *srcip) if(srcip == NULL) return(-1); - + entry = OSHash_Get(keys->keyhash_ip, srcip); if(entry) { @@ -476,7 +477,7 @@ int OS_IsAllowedID(keystore *keys, char *id) if(id == NULL) return(-1); - + entry = OSHash_Get(keys->keyhash_id, id); if(entry) { @@ -491,10 +492,10 @@ int OS_IsAllowedID(keystore *keys, char *id) int OS_IsAllowedDynamicID(keystore *keys, char *id, char *srcip) { keyentry *entry; - + if(id == NULL) return(-1); - + entry = OSHash_Get(keys->keyhash_id, id); if(entry) {