X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fshared%2Ffile_op.c;fp=src%2Fshared%2Ffile_op.c;h=d7860a12c4b52c386190a8a33635f3fcf7127983;hp=17778e28bfa0c6abf23737c57f488f96011a26e5;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hpb=ef70704f0b31b59bb719b884d6a99cb9e3e2044a diff --git a/src/shared/file_op.c b/src/shared/file_op.c index 17778e2..d7860a1 100755 --- a/src/shared/file_op.c +++ b/src/shared/file_op.c @@ -17,205 +17,291 @@ #include "shared.h" +#ifndef WIN32 +#include +#endif /* Vista product information. */ #ifdef WIN32 #ifndef PRODUCT_UNLICENSED #define PRODUCT_UNLICENSED 0xABCDABCD +#endif +#ifndef PRODUCT_UNLICENSED_C #define PRODUCT_UNLICENSED_C "Product Unlicensed " #endif #ifndef PRODUCT_BUSINESS #define PRODUCT_BUSINESS 0x00000006 +#endif +#ifndef PRODUCT_BUSINESS_C #define PRODUCT_BUSINESS_C "Business Edition " #endif #ifndef PRODUCT_BUSINESS_N #define PRODUCT_BUSINESS_N 0x00000010 +#endif +#ifndef PRODUCT_BUSINESS_N_C #define PRODUCT_BUSINESS_N_C "Business Edition " #endif #ifndef PRODUCT_CLUSTER_SERVER #define PRODUCT_CLUSTER_SERVER 0x00000012 +#endif +#ifndef PRODUCT_CLUSTER_SERVER_C #define PRODUCT_CLUSTER_SERVER_C "Cluster Server Edition " #endif #ifndef PRODUCT_DATACENTER_SERVER #define PRODUCT_DATACENTER_SERVER 0x00000008 +#endif +#ifndef PRODUCT_DATACENTER_SERVER_C #define PRODUCT_DATACENTER_SERVER_C "Datacenter Edition (full) " #endif #ifndef PRODUCT_DATACENTER_SERVER_CORE #define PRODUCT_DATACENTER_SERVER_CORE 0x0000000C +#endif +#ifndef PRODUCT_DATACENTER_SERVER_CORE_C #define PRODUCT_DATACENTER_SERVER_CORE_C "Datacenter Edition (core) " #endif #ifndef PRODUCT_DATACENTER_SERVER_CORE_V #define PRODUCT_DATACENTER_SERVER_CORE_V 0x00000027 +#endif +#ifndef PRODUCT_DATACENTER_SERVER_CORE_V_C #define PRODUCT_DATACENTER_SERVER_CORE_V_C "Datacenter Edition (core) " #endif #ifndef PRODUCT_DATACENTER_SERVER_V #define PRODUCT_DATACENTER_SERVER_V 0x00000025 +#endif +#ifndef PRODUCT_DATACENTER_SERVER_V_C #define PRODUCT_DATACENTER_SERVER_V_C "Datacenter Edition (full) " #endif #ifndef PRODUCT_ENTERPRISE #define PRODUCT_ENTERPRISE 0x00000004 +#endif +#ifndef PRODUCT_ENTERPRISE_C #define PRODUCT_ENTERPRISE_C "Enterprise Edition " #endif #ifndef PRODUCT_ENTERPRISE_N #define PRODUCT_ENTERPRISE_N 0x0000001B +#endif +#ifndef PRODUCT_ENTERPRISE_N_C #define PRODUCT_ENTERPRISE_N_C "Enterprise Edition " #endif #ifndef PRODUCT_ENTERPRISE_SERVER #define PRODUCT_ENTERPRISE_SERVER 0x0000000A +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_C #define PRODUCT_ENTERPRISE_SERVER_C "Enterprise Edition (full) " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_CORE #define PRODUCT_ENTERPRISE_SERVER_CORE 0x0000000E +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_CORE_C #define PRODUCT_ENTERPRISE_SERVER_CORE_C "Enterprise Edition (core) " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V #define PRODUCT_ENTERPRISE_SERVER_CORE_V 0x00000029 +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V_C #define PRODUCT_ENTERPRISE_SERVER_CORE_V_C "Enterprise Edition (core) " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_IA64 #define PRODUCT_ENTERPRISE_SERVER_IA64 0x0000000F +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_IA64_C #define PRODUCT_ENTERPRISE_SERVER_IA64_C "Enterprise Edition for Itanium-based Systems " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_V #define PRODUCT_ENTERPRISE_SERVER_V 0x00000026 +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_V_C #define PRODUCT_ENTERPRISE_SERVER_V_C "Enterprise Edition (full) " #endif #ifndef PRODUCT_HOME_BASIC #define PRODUCT_HOME_BASIC 0x00000002 +#endif +#ifndef PRODUCT_HOME_BASIC_C #define PRODUCT_HOME_BASIC_C "Home Basic Edition " #endif #ifndef PRODUCT_HOME_BASIC_N #define PRODUCT_HOME_BASIC_N 0x00000005 +#endif +#ifndef PRODUCT_HOME_BASIC_N_C #define PRODUCT_HOME_BASIC_N_C "Home Basic Edition " #endif #ifndef PRODUCT_HOME_PREMIUM #define PRODUCT_HOME_PREMIUM 0x00000003 +#endif +#ifndef PRODUCT_HOME_PREMIUM_C #define PRODUCT_HOME_PREMIUM_C "Home Premium Edition " #endif #ifndef PRODUCT_HOME_PREMIUM_N #define PRODUCT_HOME_PREMIUM_N 0x0000001A +#endif +#ifndef PRODUCT_HOME_PREMIUM_N_C #define PRODUCT_HOME_PREMIUM_N_C "Home Premium Edition " #endif #ifndef PRODUCT_HOME_SERVER #define PRODUCT_HOME_SERVER 0x00000013 +#endif +#ifndef PRODUCT_HOME_SERVER_C #define PRODUCT_HOME_SERVER_C "Home Server Edition " #endif #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT 0x0000001E +#endif +#ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C "Essential Business Server Management Server " #endif #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING 0x00000020 +#endif +#ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C "Essential Business Server Messaging Server " #endif #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY 0x0000001F +#endif +#ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C "Essential Business Server Security Server " #endif #ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS #define PRODUCT_SERVER_FOR_SMALLBUSINESS 0x00000018 +#endif +#ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS_C #define PRODUCT_SERVER_FOR_SMALLBUSINESS_C "Small Business Edition " #endif #ifndef PRODUCT_SMALLBUSINESS_SERVER #define PRODUCT_SMALLBUSINESS_SERVER 0x00000009 +#endif +#ifndef PRODUCT_SMALLBUSINESS_SERVER_C #define PRODUCT_SMALLBUSINESS_SERVER_C "Small Business Server " #endif #ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM 0x00000019 +#endif +#ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C "Small Business Server Premium Edition " #endif #ifndef PRODUCT_STANDARD_SERVER #define PRODUCT_STANDARD_SERVER 0x00000007 +#endif +#ifndef PRODUCT_STANDARD_SERVER_C #define PRODUCT_STANDARD_SERVER_C "Standard Edition " #endif #ifndef PRODUCT_STANDARD_SERVER_CORE #define PRODUCT_STANDARD_SERVER_CORE 0x0000000D +#endif +#ifndef PRODUCT_STANDARD_SERVER_CORE_C #define PRODUCT_STANDARD_SERVER_CORE_C "Standard Edition (core) " #endif #ifndef PRODUCT_STANDARD_SERVER_CORE_V #define PRODUCT_STANDARD_SERVER_CORE_V 0x00000028 +#endif +#ifndef PRODUCT_STANDARD_SERVER_CORE_V_C #define PRODUCT_STANDARD_SERVER_CORE_V_C "Standard Edition " #endif #ifndef PRODUCT_STANDARD_SERVER_V #define PRODUCT_STANDARD_SERVER_V 0x00000024 +#endif +#ifndef PRODUCT_STANDARD_SERVER_V_C #define PRODUCT_STANDARD_SERVER_V_C "Standard Edition " #endif #ifndef PRODUCT_STARTER #define PRODUCT_STARTER 0x0000000B +#endif +#ifndef PRODUCT_STARTER_C #define PRODUCT_STARTER_C "Starter Edition " #endif #ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER #define PRODUCT_STORAGE_ENTERPRISE_SERVER 0x00000017 +#endif +#ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER_C #define PRODUCT_STORAGE_ENTERPRISE_SERVER_C "Storage Server Enterprise Edition " #endif #ifndef PRODUCT_STORAGE_EXPRESS_SERVER #define PRODUCT_STORAGE_EXPRESS_SERVER 0x00000014 +#endif +#ifndef PRODUCT_STORAGE_EXPRESS_SERVER_C #define PRODUCT_STORAGE_EXPRESS_SERVER_C "Storage Server Express Edition " #endif #ifndef PRODUCT_STORAGE_STANDARD_SERVER #define PRODUCT_STORAGE_STANDARD_SERVER 0x00000015 +#endif +#ifndef PRODUCT_STORAGE_STANDARD_SERVER_C #define PRODUCT_STORAGE_STANDARD_SERVER_C "Storage Server Standard Edition " #endif #ifndef PRODUCT_STORAGE_WORKGROUP_SERVER #define PRODUCT_STORAGE_WORKGROUP_SERVER 0x00000016 +#endif +#ifndef PRODUCT_STORAGE_WORKGROUP_SERVER_C #define PRODUCT_STORAGE_WORKGROUP_SERVER_C "Storage Server Workgroup Edition " #endif #ifndef PRODUCT_ULTIMATE #define PRODUCT_ULTIMATE 0x00000001 +#endif +#ifndef PRODUCT_ULTIMATE_C #define PRODUCT_ULTIMATE_C "Ultimate Edition " #endif #ifndef PRODUCT_ULTIMATE_N #define PRODUCT_ULTIMATE_N 0x0000001C +#endif +#ifndef PRODUCT_ULTIMATE_N_C #define PRODUCT_ULTIMATE_N_C "Ultimate Edition " #endif #ifndef PRODUCT_WEB_SERVER #define PRODUCT_WEB_SERVER 0x00000011 +#endif +#ifndef PRODUCT_WEB_SERVER_C #define PRODUCT_WEB_SERVER_C "Web Server Edition " #endif #ifndef PRODUCT_WEB_SERVER_CORE #define PRODUCT_WEB_SERVER_CORE 0x0000001D +#endif +#ifndef PRODUCT_WEB_SERVER_CORE_C #define PRODUCT_WEB_SERVER_CORE_C "Web Server Edition " #endif #endif /* WIN32 */ +#ifdef WIN32 +#include +#include +#include +#endif /* Sets the name of the starting program */ @@ -292,7 +378,7 @@ int DeletePID(char *name) if(File_DateofChange(file) < 0) return(-1); - unlink(file); + unlink(file); return(0); } @@ -446,7 +532,7 @@ int MergeAppendFile(char *finalpath, char *files) finalfp = fopen(finalpath, "a"); if(!finalfp) { - merror("%s: ERROR: Unable to create merged file: '%s'.", + merror("%s: ERROR: Unable to append merged file: '%s'.", __local_name, finalpath); return(0); } @@ -554,6 +640,81 @@ int MergeFiles(char *finalpath, char **files) #ifndef WIN32 +/* Get basename of path */ +char *basename_ex(char *path) +{ + return (basename(path)); +} + +/* Rename file or directory */ +int rename_ex(const char *source, const char *destination) +{ + if (rename(source, destination)) { + log2file( + RENAME_ERROR, + __local_name, + source, + destination, + errno, + strerror(errno) + ); + + return (-1); + } + + return (0); +} + +/* Create a temporary file */ +int mkstemp_ex(char *tmp_path) +{ + int fd; + + fd = mkstemp(tmp_path); + + if (fd == -1) { + log2file( + MKSTEMP_ERROR, + __local_name, + tmp_path, + errno, + strerror(errno) + ); + + return (-1); + } + + /* mkstemp() only implicitly does this in POSIX 2008 */ + if (fchmod(fd, 0600) == -1) { + close(fd); + + log2file( + CHMOD_ERROR, + __local_name, + tmp_path, + errno, + strerror(errno) + ); + + if (unlink(tmp_path)) { + log2file( + DELETE_ERROR, + __local_name, + tmp_path, + errno, + strerror(errno) + ); + } + + return (-1); + } + + close(fd); + return (0); +} + + + /* getuname; Get uname and returns a string with it. * Memory must be freed after use */ @@ -575,7 +736,7 @@ char *getuname() uts_buf.release, uts_buf.version, uts_buf.machine, - __name, __version); + __ossec_name, __version); return(ret); } @@ -587,7 +748,7 @@ char *getuname() return(NULL); snprintf(ret, 255, "No system info available - %s %s", - __name, __version); + __ossec_name, __version); return(ret); } @@ -738,11 +899,18 @@ int checkVista() /* We check if the system is vista (must be called during the startup.) */ if(strstr(m_uname, "Windows Server 2008") || strstr(m_uname, "Vista") || - strstr(m_uname, "Windows 7")) + strstr(m_uname, "Windows 7") || + strstr(m_uname, "Windows 8") || + strstr(m_uname, "Windows Server 2012")) { isVista = 1; - verbose("%s: INFO: System is Vista or Windows Server 2008.", - __local_name); + verbose("%s: INFO: System is Vista or newer (%s).", + __local_name, m_uname); + } + else + { + verbose("%s: INFO: System is older than Vista (%s).", + __local_name, m_uname); } free(m_uname); @@ -750,6 +918,263 @@ int checkVista() return(isVista); } +/* Get basename of path */ +char *basename_ex(char *path) +{ + return (PathFindFileNameA(path)); +} + +/* Rename file or directory */ +int rename_ex(const char *source, const char *destination) +{ + if (!MoveFileEx(source, destination, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) { + log2file( + "%s: ERROR: Could not move (%s) to (%s) which returned (%lu)", + __local_name, + source, + destination, + GetLastError() + ); + + return (-1); + } + + return (0); +} + +/* Create a temporary file */ +int mkstemp_ex(char *tmp_path) +{ + DWORD dwResult; + int result; + int status = -1; + + HANDLE h = NULL; + PACL pACL = NULL; + PSECURITY_DESCRIPTOR pSD = NULL; + EXPLICIT_ACCESS ea[2]; + SECURITY_ATTRIBUTES sa; + + PSID pAdminGroupSID = NULL; + PSID pSystemGroupSID = NULL; + SID_IDENTIFIER_AUTHORITY SIDAuthNT = {SECURITY_NT_AUTHORITY}; + +#if defined(_MSC_VER) && _MSC_VER >= 1500 + result = _mktemp_s(tmp_path, strlen(tmp_path) + 1); + + if (result != 0) { + log2file( + "%s: ERROR: Could not create temporary file (%s) which returned (%d)", + __local_name, + tmp_path, + result + ); + + return (-1); + } +#else + if (_mktemp(tmp_path) == NULL) { + log2file( + "%s: ERROR: Could not create temporary file (%s) which returned [(%d)-(%s)]", + __local_name, + tmp_path, + errno, + strerror(errno) + ); + + return (-1); + } +#endif + + /* Create SID for the BUILTIN\Administrators group */ + result = AllocateAndInitializeSid( + &SIDAuthNT, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + &pAdminGroupSID + ); + + if (!result) { + log2file( + "%s: ERROR: Could not create BUILTIN\\Administrators group SID which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Create SID for the SYSTEM group */ + result = AllocateAndInitializeSid( + &SIDAuthNT, + 1, + SECURITY_LOCAL_SYSTEM_RID, + 0, 0, 0, 0, 0, 0, 0, + &pSystemGroupSID + ); + + if (!result) { + log2file( + "%s: ERROR: Could not create SYSTEM group SID which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Initialize an EXPLICIT_ACCESS structure for an ACE */ + ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS)); + + /* Add Administrators group */ + ea[0].grfAccessPermissions = GENERIC_ALL; + ea[0].grfAccessMode = SET_ACCESS; + ea[0].grfInheritance = NO_INHERITANCE; + ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; + ea[0].Trustee.ptstrName = (LPTSTR)pAdminGroupSID; + + /* Add SYSTEM group */ + ea[1].grfAccessPermissions = GENERIC_ALL; + ea[1].grfAccessMode = SET_ACCESS; + ea[1].grfInheritance = NO_INHERITANCE; + ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; + ea[1].Trustee.ptstrName = (LPTSTR)pSystemGroupSID; + + /* Set entries in ACL */ + dwResult = SetEntriesInAcl(2, ea, NULL, &pACL); + + if (dwResult != ERROR_SUCCESS) { + log2file( + "%s: ERROR: Could not set ACL entries which returned (%lu)", + __local_name, + dwResult + ); + + goto cleanup; + } + + /* Initialize security descriptor */ + pSD = (PSECURITY_DESCRIPTOR)LocalAlloc( + LPTR, + SECURITY_DESCRIPTOR_MIN_LENGTH + ); + + if (pSD == NULL) { + log2file( + "%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of a LocalAlloc() failure which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { + log2file( + "%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of an InitializeSecurityDescriptor() failure which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Set owner */ + if (!SetSecurityDescriptorOwner(pSD, NULL, FALSE)) { + log2file( + "%s: ERROR: Could not set owner which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Set group owner */ + if (!SetSecurityDescriptorGroup(pSD, NULL, FALSE)) { + log2file( + "%s: ERROR: Could not set group owner which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Add ACL to security descriptor */ + if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) { + log2file( + "%s: ERROR: Could not set SECURITY_DESCRIPTOR DACL which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Initialize security attributes structure */ + sa.nLength = sizeof (SECURITY_ATTRIBUTES); + sa.lpSecurityDescriptor = pSD; + sa.bInheritHandle = FALSE; + + h = CreateFileA( + tmp_path, + GENERIC_WRITE, + 0, + &sa, + CREATE_NEW, + FILE_ATTRIBUTE_NORMAL, + NULL + ); + + if (h == INVALID_HANDLE_VALUE) { + log2file( + "%s: ERROR: Could not create temporary file (%s) which returned (%lu)", + __local_name, + tmp_path, + GetLastError() + ); + + goto cleanup; + } + + if (!CloseHandle(h)) { + log2file( + "%s: ERROR: Could not close file handle to (%s) which returned (%lu)", + __local_name, + tmp_path, + GetLastError() + ); + + goto cleanup; + } + + /* Success */ + status = 0; + +cleanup: + if (pAdminGroupSID) { + FreeSid(pAdminGroupSID); + } + + if (pSystemGroupSID) { + FreeSid(pSystemGroupSID); + } + + if (pACL) { + LocalFree(pACL); + } + + if (pSD) { + LocalFree(pSD); + } + + return (status); +} /** get uname for windows **/ @@ -811,6 +1236,24 @@ char *getuname() strncat(ret, "Microsoft Windows Server 2008 R2 ", ret_size -1); } } + else if(osvi.dwMinorVersion == 2) + { + if(osvi.wProductType == VER_NT_WORKSTATION ) + strncat(ret, "Microsoft Windows 8 ", ret_size -1); + else + { + strncat(ret, "Microsoft Windows Server 2012 ", ret_size -1); + } + } + else if(osvi.dwMinorVersion == 3) + { + if(osvi.wProductType == VER_NT_WORKSTATION ) + strncat(ret, "Microsoft Windows 8.1 ", ret_size -1); + else + { + strncat(ret, "Microsoft Windows Server 2012 R2 ", ret_size -1); + } + } ret_size-=strlen(ret) +1; @@ -1211,7 +1654,7 @@ char *getuname() /* Adding ossec version */ - snprintf(os_v, 128, " - %s %s", __name, __version); + snprintf(os_v, 128, " - %s %s", __ossec_name, __version); strncat(ret, os_v, ret_size -1);