projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
* lintian fixes
[ossec-hids.git]
/
src
/
rootcheck
/
win-common.c
diff --git
a/src/rootcheck/win-common.c
b/src/rootcheck/win-common.c
index
1d6b602
..
10a4545
100644
(file)
--- a/
src/rootcheck/win-common.c
+++ b/
src/rootcheck/win-common.c
@@
-1,26
+1,27
@@
-/* @(#) $Id: win-common.c,v 1.15 2009/06/24 18:53:08 dcid Exp $ */
+/* @(#) $Id: ./src/rootcheck/win-common.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
* Foundation
*/
-
-
+
+
#include "shared.h"
#include "rootcheck.h"
#include "shared.h"
#include "rootcheck.h"
-#ifdef WIN32
+#ifdef WIN32
/** Registry checking values **/
/* Global variables */
HKEY rk_sub_tree;
/** Registry checking values **/
/* Global variables */
HKEY rk_sub_tree;
-
+
/* Default values */
#define MAX_KEY_LENGTH 255
#define MAX_KEY 2048
/* Default values */
#define MAX_KEY_LENGTH 255
#define MAX_KEY 2048
@@
-33,18
+34,18
@@
HKEY rk_sub_tree;
*/
int os_check_ads(char *full_path)
{
*/
int os_check_ads(char *full_path)
{
- HANDLE file_h;
+ HANDLE file_h;
WIN32_STREAM_ID sid;
void *context = NULL;
WIN32_STREAM_ID sid;
void *context = NULL;
- char stream_name[MAX_PATH +1];
- char final_name[MAX_PATH +1];
+ char stream_name[MAX_PATH +1];
+ char final_name[MAX_PATH +1];
DWORD dwRead, shs, dw1, dw2;
/* Opening file */
DWORD dwRead, shs, dw1, dw2;
/* Opening file */
- file_h = CreateFile(full_path,
+ file_h = CreateFile(full_path,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
@@
-52,8
+53,8
@@
int os_check_ads(char *full_path)
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_POSIX_SEMANTICS,
NULL);
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_POSIX_SEMANTICS,
NULL);
- if (file_h == INVALID_HANDLE_VALUE)
- {
+ if (file_h == INVALID_HANDLE_VALUE)
+ {
return 0;
}
return 0;
}
@@
-67,7
+68,7
@@
int os_check_ads(char *full_path)
while(1)
{
while(1)
{
- if(BackupRead(file_h, (LPBYTE) &sid, shs, &dwRead,
+ if(BackupRead(file_h, (LPBYTE) &sid, shs, &dwRead,
FALSE, FALSE, &context) == 0)
{
break;
FALSE, FALSE, &context) == 0)
{
break;
@@
-79,8
+80,8
@@
int os_check_ads(char *full_path)
stream_name[0] = '\0';
stream_name[MAX_PATH] = '\0';
stream_name[0] = '\0';
stream_name[MAX_PATH] = '\0';
- if(BackupRead(file_h, (LPBYTE)stream_name,
- sid.dwStreamNameSize,
+ if(BackupRead(file_h, (LPBYTE)stream_name,
+ sid.dwStreamNameSize,
&dwRead, FALSE, FALSE, &context))
{
if(dwRead != 0)
&dwRead, FALSE, FALSE, &context))
{
if(dwRead != 0)
@@
-90,9
+91,9
@@
int os_check_ads(char *full_path)
char op_msg[OS_SIZE_1024 +1];
snprintf(final_name, MAX_PATH, "%s", full_path);
char op_msg[OS_SIZE_1024 +1];
snprintf(final_name, MAX_PATH, "%s", full_path);
-
+
max_path_size = strlen(final_name);
max_path_size = strlen(final_name);
-
+
/* Copying from wide char to char. */
while((i < dwRead) && (max_path_size < MAX_PATH))
/* Copying from wide char to char. */
while((i < dwRead) && (max_path_size < MAX_PATH))
@@
-122,7
+123,7
@@
int os_check_ads(char *full_path)
}
/* Getting next */
}
/* Getting next */
- if(!BackupSeek(file_h, sid.Size.LowPart, sid.Size.HighPart,
+ if(!BackupSeek(file_h, sid.Size.LowPart, sid.Size.HighPart,
&dw1, &dw2, &context))
{
break;
&dw1, &dw2, &context))
{
break;
@@
-153,7
+154,7
@@
char *__os_winreg_getkey(char *reg_entry)
/* Setting sub tree */
if((strcmp(reg_entry, "HKEY_LOCAL_MACHINE") == 0) ||
/* Setting sub tree */
if((strcmp(reg_entry, "HKEY_LOCAL_MACHINE") == 0) ||
- (strcmp(reg_entry, "HKLM") == 0))
+ (strcmp(reg_entry, "HKLM") == 0))
{
rk_sub_tree = HKEY_LOCAL_MACHINE;
}
{
rk_sub_tree = HKEY_LOCAL_MACHINE;
}
@@
-178,7
+179,7
@@
char *__os_winreg_getkey(char *reg_entry)
{
/* Setting sub tree to null */
rk_sub_tree = NULL;
{
/* Setting sub tree to null */
rk_sub_tree = NULL;
-
+
/* Returning tmp_str to the previous value */
if(tmp_str && (*tmp_str == '\0'))
*tmp_str = '\\';
/* Returning tmp_str to the previous value */
if(tmp_str && (*tmp_str == '\0'))
*tmp_str = '\\';
@@
-263,7
+264,7
@@
int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
value_buffer[MAX_VALUE_NAME] = '\0';
data_buffer[MAX_VALUE_NAME] = '\0';
var_storage[MAX_VALUE_NAME] = '\0';
value_buffer[MAX_VALUE_NAME] = '\0';
data_buffer[MAX_VALUE_NAME] = '\0';
var_storage[MAX_VALUE_NAME] = '\0';
-
+
/* Getting each value */
for(i=0;i<value_count;i++)
/* Getting each value */
for(i=0;i<value_count;i++)
@@
-276,7
+277,7
@@
int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
var_storage[0] = '\0';
rc = RegEnumValue(hKey, i, value_buffer, &value_size,
var_storage[0] = '\0';
rc = RegEnumValue(hKey, i, value_buffer, &value_size,
- NULL, &data_type, data_buffer, &data_size);
+ NULL, &data_type, (LPBYTE)data_buffer, &data_size);
/* No more values available */
/* No more values available */
@@
-305,22
+306,22
@@
int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
*/
if(!reg_value)
{
*/
if(!reg_value)
{
- return(1);
+ return(1);
}
}
-
+
/* Writing value into a string */
switch(data_type)
{
int size_available;
/* Writing value into a string */
switch(data_type)
{
int size_available;
-
+
case REG_SZ:
case REG_EXPAND_SZ:
snprintf(var_storage, MAX_VALUE_NAME, "%s", data_buffer);
break;
case REG_MULTI_SZ:
case REG_SZ:
case REG_EXPAND_SZ:
snprintf(var_storage, MAX_VALUE_NAME, "%s", data_buffer);
break;
case REG_MULTI_SZ:
-
+
/* Printing multiple strings */
size_available = MAX_VALUE_NAME -3;
mt_data = data_buffer;
/* Printing multiple strings */
size_available = MAX_VALUE_NAME -3;
mt_data = data_buffer;
@@
-331,15
+332,15
@@
int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
{
strncat(var_storage, mt_data, size_available);
strncat(var_storage, " ", 2);
{
strncat(var_storage, mt_data, size_available);
strncat(var_storage, " ", 2);
- size_available = MAX_VALUE_NAME -
+ size_available = MAX_VALUE_NAME -
(strlen(var_storage) +2);
}
mt_data += strlen(mt_data) +1;
}
(strlen(var_storage) +2);
}
mt_data += strlen(mt_data) +1;
}
-
+
break;
case REG_DWORD:
break;
case REG_DWORD:
- snprintf(var_storage, MAX_VALUE_NAME,
+ snprintf(var_storage, MAX_VALUE_NAME,
"%x",(unsigned int)*data_buffer);
break;
default:
"%x",(unsigned int)*data_buffer);
break;
default:
@@
-374,19
+375,19
@@
int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
return(0);
}
return(0);
}
-
+
/* int __os_winreg_open_key(char *subkey)
* Open the registry key
*/
/* int __os_winreg_open_key(char *subkey)
* Open the registry key
*/
-int __os_winreg_open_key(char *subkey, char *full_key_name,
+int __os_winreg_open_key(char *subkey, char *full_key_name,
char *reg_option, char *reg_value)
{
int ret = 1;
HKEY oshkey;
char *reg_option, char *reg_value)
{
int ret = 1;
HKEY oshkey;
-
+
if(RegOpenKeyEx(rk_sub_tree, subkey, 0, KEY_READ,&oshkey) != ERROR_SUCCESS)
{
return(0);
if(RegOpenKeyEx(rk_sub_tree, subkey, 0, KEY_READ,&oshkey) != ERROR_SUCCESS)
{
return(0);
@@
-399,8
+400,8
@@
int __os_winreg_open_key(char *subkey, char *full_key_name,
ret = __os_winreg_querykey(oshkey, subkey, full_key_name,
reg_option, reg_value);
}
ret = __os_winreg_querykey(oshkey, subkey, full_key_name,
reg_option, reg_value);
}
-
-
+
+
RegCloseKey(oshkey);
return(ret);
}
RegCloseKey(oshkey);
return(ret);
}
@@
-413,7
+414,7
@@
int is_registry(char *entry_name, char *reg_option, char *reg_value)
{
char *rk;
{
char *rk;
-
+
rk = __os_winreg_getkey(entry_name);
if(rk_sub_tree == NULL || rk == NULL)
{
rk = __os_winreg_getkey(entry_name);
if(rk_sub_tree == NULL || rk == NULL)
{