3 /* Copyright (C) 2010 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * In addition, as a special exception, the copyright holders give
12 * permission to link the code of portions of this program with the
13 * OpenSSL library under certain conditions as described in each
14 * individual source file, and distribute linked combinations
17 * You must obey the GNU General Public License in all respects
18 * for all of the code used other than OpenSSL. If you modify
19 * file(s) with this exception, you may extend this exception to your
20 * version of the file(s), but you are not obligated to do so. If you
21 * do not wish to do so, delete this exception statement from your
22 * version. If you delete this exception statement from all source
23 * files in the program, then also delete it here.
31 /* TODO: Pulled this value out of the sky, may or may not be sane */
34 /* ossec-reportd - Runs manual reports. */
42 printf("ERROR: Not compiled. Missing OpenSSL support.\n");
48 int main(int argc, char **argv)
51 // Bucket to keep pids in.
52 int process_pool[POOL_SIZE];
53 // Count of pids we are wait()ing on.
54 int c = 0, test_config = 0, use_ip_address = 0, pid = 0, status, i = 0, active_processes = 0;
55 int gid = 0, client_sock = 0, sock = 0, port = 1515, ret = 0;
56 char *dir = DEFAULTDIR;
58 char *group = GROUPGLOBAL;
59 char *cfg = DEFAULTCPATH;
63 char srcip[IPSIZE +1];
64 struct sockaddr_in _nc;
68 /* Initializing some variables */
69 memset(srcip, '\0', IPSIZE + 1);
70 memset(process_pool, 0x0, POOL_SIZE);
75 /* Setting the name */
77 /* add an option to use the ip on the socket to tie the name to a
79 while((c = getopt(argc, argv, "Vdhiu:g:D:c:m:p:")) != -1)
96 ErrorExit("%s: -u needs an argument",ARGV0);
101 ErrorExit("%s: -g needs an argument",ARGV0);
106 ErrorExit("%s: -D needs an argument",ARGV0);
111 ErrorExit("%s: -c needs an argument",ARGV0);
119 ErrorExit("%s: -%c needs an argument",ARGV0, c);
121 if(port <= 0 || port >= 65536)
123 ErrorExit("%s: Invalid port: %s", ARGV0, optarg);
133 /* Starting daemon -- NB: need to double fork and setsid */
134 debug1(STARTED_MSG,ARGV0);
136 /* Check if the user/group given are valid */
137 gid = Privsep_GetGroup(group);
139 ErrorExit(USER_ERROR,ARGV0,user,group);
143 /* Exit here if test config is set */
148 /* Privilege separation */
149 if(Privsep_SetGroup(gid) < 0)
150 ErrorExit(SETGID_ERROR,ARGV0,group);
153 /* chrooting -- TODO: this isn't a chroot. Should also close
154 unneeded open file descriptors (like stdin/stdout)*/
159 /* Signal manipulation */
163 /* Creating PID files */
164 if(CreatePID(ARGV0, getpid()) < 0)
165 ErrorExit(PID_ERROR,ARGV0);
167 /* Start up message */
168 verbose(STARTUP_MSG, ARGV0, (int)getpid());
171 fp = fopen(KEYSFILE_PATH,"a");
174 merror("%s: ERROR: Unable to open %s (key file)", ARGV0, KEYSFILE_PATH);
180 ctx = os_ssl_keys(0, dir);
183 merror("%s: ERROR: SSL error. Exiting.", ARGV0);
188 /* Connecting via TCP */
189 sock = OS_Bindporttcp(port, NULL, 0);
192 merror("%s: Unable to bind to port %d", ARGV0, port);
195 fcntl(sock, F_SETFL, O_NONBLOCK);
197 debug1("%s: DEBUG: Going into listening mode.", ARGV0);
201 // no need to completely pin the cpu
203 for (i = 0; i < POOL_SIZE; i++)
209 rv = waitpid(process_pool[i], &status, WNOHANG);
211 debug1("%s: DEBUG: Process %d exited", ARGV0, process_pool[i]);
213 active_processes = active_processes - 1;
217 memset(&_nc, 0, sizeof(_nc));
220 if((client_sock = accept(sock, (struct sockaddr *) &_nc, &_ncl)) > 0){
221 if (active_processes >= POOL_SIZE)
223 merror("%s: Error: Max concurrency reached. Unable to fork", ARGV0);
229 active_processes = active_processes + 1;
231 for (i = 0; i < POOL_SIZE; i++)
233 if (! process_pool[i])
235 process_pool[i] = pid;
242 strncpy(srcip, inet_ntoa(_nc.sin_addr),IPSIZE -1);
243 char *agentname = NULL;
245 SSL_set_fd(ssl, client_sock);
246 ret = SSL_accept(ssl);
249 merror("%s: ERROR: SSL Accept error (%d)", ARGV0, ret);
250 ERR_print_errors_fp(stderr);
253 verbose("%s: INFO: New connection from %s", ARGV0, srcip);
255 ret = SSL_read(ssl, buf, sizeof(buf));
260 if(strncmp(buf, "OSSEC A:'", 9) == 0)
263 agentname = tmpstr + 9;
265 while(*tmpstr != '\0')
270 verbose("%s: INFO: Received request for a new agent (%s) from: %s", ARGV0, agentname, srcip);
279 merror("%s: ERROR: Invalid request for new agent from: %s", ARGV0, srcip);
285 char response[2048 +1];
286 char *finalkey = NULL;
287 response[2048] = '\0';
289 if(!OS_IsValidName(agentname))
291 merror("%s: ERROR: Invalid agent name: %s from %s", ARGV0, agentname, srcip);
292 snprintf(response, 2048, "ERROR: Invalid agent name: %s\n\n", agentname);
293 ret = SSL_write(ssl, response, strlen(response));
294 snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
295 ret = SSL_write(ssl, response, strlen(response));
301 /* Checking for a duplicated names. */
302 strncpy(fname, agentname, 2048);
303 while(NameExist(fname))
305 snprintf(fname, 2048, "%s%d", agentname, acount);
309 merror("%s: ERROR: Invalid agent name %s (duplicated)", ARGV0, agentname);
310 snprintf(response, 2048, "ERROR: Invalid agent name: %s\n\n", agentname);
311 ret = SSL_write(ssl, response, strlen(response));
312 snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
313 ret = SSL_write(ssl, response, strlen(response));
321 /* Adding the new agent. */
324 finalkey = OS_AddNewAgent(agentname, srcip, NULL, NULL);
328 finalkey = OS_AddNewAgent(agentname, NULL, NULL, NULL);
332 merror("%s: ERROR: Unable to add agent: %s (internal error)", ARGV0, agentname);
333 snprintf(response, 2048, "ERROR: Internal manager error adding agent: %s\n\n", agentname);
334 ret = SSL_write(ssl, response, strlen(response));
335 snprintf(response, 2048, "ERROR: Unable to add agent.\n\n");
336 ret = SSL_write(ssl, response, strlen(response));
342 snprintf(response, 2048,"OSSEC K:'%s'\n\n", finalkey);
343 verbose("%s: INFO: Agent key generated for %s (requested by %s)", ARGV0, agentname, srcip);
344 ret = SSL_write(ssl, response, strlen(response));
347 merror("%s: ERROR: SSL write error (%d)", ARGV0, ret);
348 merror("%s: ERROR: Agen key not saved for %s", ARGV0, agentname);
349 ERR_print_errors_fp(stderr);
353 verbose("%s: INFO: Agent key created for %s (requested by %s)", ARGV0, agentname, srcip);
359 merror("%s: ERROR: SSL read error (%d)", ARGV0, ret);
360 ERR_print_errors_fp(stderr);
370 /* Shutdown the socket */