1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
14 #include "os_regex/os_regex.h"
15 #include "os_net/os_net.h"
22 #define ARGV0 "ossec-execd"
26 OSListNode *timeout_node;
33 char *cfg = DEFAULTCPATH;
36 if ((c = ExecdConfig(cfg)) < 0) {
37 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
40 /* Exit if test_config */
45 /* Active response disabled */
47 verbose(EXEC_DISABLED, ARGV0);
51 /* Create list for timeout */
52 timeout_list = OSList_Create();
54 ErrorExit(LIST_ERROR, ARGV0);
57 /* Start up message */
58 verbose(STARTUP_MSG, ARGV0, getpid());
63 void WinTimeoutRun(int curr_time)
65 /* Check if there is any timed out command to execute */
66 timeout_node = OSList_GetFirstNode(timeout_list);
67 while (timeout_node) {
68 timeout_data *list_entry;
70 list_entry = (timeout_data *)timeout_node->data;
73 if ((curr_time - list_entry->time_of_addition) >
74 list_entry->time_to_block) {
75 ExecCmd_Win32(list_entry->command[0]);
77 /* Delete currently node - already sets the pointer to next */
78 OSList_DeleteCurrentlyNode(timeout_list);
79 timeout_node = OSList_GetCurrentlyNode(timeout_list);
81 /* Clear the memory */
82 FreeTimeoutEntry(list_entry);
86 timeout_node = OSList_GetNextNode(timeout_list);
91 void WinExecdRun(char *exec_msg)
101 char *tmp_msg = NULL;
106 char buffer[OS_MAXSTR + 1];
108 timeout_data *timeout_entry;
113 /* Get application name */
117 tmp_msg = strchr(exec_msg, ' ');
119 merror(EXECD_INV_MSG, ARGV0, exec_msg);
127 tmp_msg = strchr(tmp_msg, ' ');
129 merror(EXECD_INV_MSG, ARGV0, cmd_user);
137 tmp_msg = strchr(tmp_msg, ' ');
139 merror(EXECD_INV_MSG, ARGV0, cmd_ip);
145 /* Get the command to execute (valid name) */
146 command = GetCommandbyName(name, &timeout_value);
149 command = GetCommandbyName(name, &timeout_value);
151 merror(EXEC_INV_NAME, ARGV0, name);
156 /* Command not present */
157 if (command[0] == '\0') {
161 /* Allocate memory for the timeout argument */
162 os_calloc(MAX_ARGS + 2, sizeof(char *), timeout_args);
164 /* Add initial variables to the timeout cmd */
165 snprintf(buffer, OS_MAXSTR, "\"%s\" %s \"%s\" \"%s\" \"%s\"",
166 command, DELETE_ENTRY, cmd_user, cmd_ip, tmp_msg);
167 os_strdup(buffer, timeout_args[0]);
168 timeout_args[1] = NULL;
170 /* Get size for the strncmp */
172 while (buffer[i] != '\0') {
173 if (buffer[i] == ' ') {
183 /* Check if this command was already executed */
184 timeout_node = OSList_GetFirstNode(timeout_list);
187 while (timeout_node) {
188 timeout_data *list_entry;
190 list_entry = (timeout_data *)timeout_node->data;
191 if (strncmp(list_entry->command[0], timeout_args[0], i) == 0) {
192 /* Means we executed this command before
193 * and we don't need to add it again
197 /* Update the timeout */
198 list_entry->time_of_addition = curr_time;
202 /* Continue with the next entry in timeout list */
203 timeout_node = OSList_GetNextNode(timeout_list);
206 /* If it wasn't added before, do it now */
208 snprintf(buffer, OS_MAXSTR, "\"%s\" %s \"%s\" \"%s\" \"%s\"", command,
209 ADD_ENTRY, cmd_user, cmd_ip, tmp_msg);
210 /* Execute command */
211 ExecCmd_Win32(buffer);
213 /* We don't need to add to the list if the timeout_value == 0 */
215 /* Create the timeout entry */
216 os_calloc(1, sizeof(timeout_data), timeout_entry);
217 timeout_entry->command = timeout_args;
218 timeout_entry->time_of_addition = curr_time;
219 timeout_entry->time_to_block = timeout_value;
221 /* Add command to the timeout list */
222 if (!OSList_AddData(timeout_list, timeout_entry)) {
223 merror(LIST_ADD_ERROR, ARGV0);
224 FreeTimeoutEntry(timeout_entry);
228 /* If no timeout, we still need to free it in here */
230 char **ss_ta = timeout_args;
231 while (*timeout_args) {
232 os_free(*timeout_args);
233 *timeout_args = NULL;
240 /* We didn't add it to the timeout list */
242 char **ss_ta = timeout_args;
244 /* Clear the timeout arguments */
245 while (*timeout_args) {
246 os_free(*timeout_args);
247 *timeout_args = NULL;