X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=src%2Fshared%2Ffile_op.c;h=d7860a12c4b52c386190a8a33635f3fcf7127983;hb=927951d1c1ad45ba9e7325f07d996154a91c911b;hp=be8754f0646c4b12a4344503ac23d16c413252fc;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/shared/file_op.c b/src/shared/file_op.c index be8754f..d7860a1 100755 --- a/src/shared/file_op.c +++ b/src/shared/file_op.c @@ -1,220 +1,307 @@ -/* @(#) $Id: file_op.c,v 1.32 2009/06/24 18:53:08 dcid Exp $ */ +/* @(#) $Id: ./src/shared/file_op.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation */ -/* Functions to handle operation with files +/* Functions to handle operation with files */ #include "shared.h" +#ifndef WIN32 +#include +#endif /* Vista product information. */ #ifdef WIN32 #ifndef PRODUCT_UNLICENSED #define PRODUCT_UNLICENSED 0xABCDABCD +#endif +#ifndef PRODUCT_UNLICENSED_C #define PRODUCT_UNLICENSED_C "Product Unlicensed " #endif #ifndef PRODUCT_BUSINESS #define PRODUCT_BUSINESS 0x00000006 +#endif +#ifndef PRODUCT_BUSINESS_C #define PRODUCT_BUSINESS_C "Business Edition " #endif #ifndef PRODUCT_BUSINESS_N #define PRODUCT_BUSINESS_N 0x00000010 +#endif +#ifndef PRODUCT_BUSINESS_N_C #define PRODUCT_BUSINESS_N_C "Business Edition " #endif #ifndef PRODUCT_CLUSTER_SERVER #define PRODUCT_CLUSTER_SERVER 0x00000012 +#endif +#ifndef PRODUCT_CLUSTER_SERVER_C #define PRODUCT_CLUSTER_SERVER_C "Cluster Server Edition " #endif #ifndef PRODUCT_DATACENTER_SERVER #define PRODUCT_DATACENTER_SERVER 0x00000008 +#endif +#ifndef PRODUCT_DATACENTER_SERVER_C #define PRODUCT_DATACENTER_SERVER_C "Datacenter Edition (full) " #endif #ifndef PRODUCT_DATACENTER_SERVER_CORE #define PRODUCT_DATACENTER_SERVER_CORE 0x0000000C +#endif +#ifndef PRODUCT_DATACENTER_SERVER_CORE_C #define PRODUCT_DATACENTER_SERVER_CORE_C "Datacenter Edition (core) " #endif #ifndef PRODUCT_DATACENTER_SERVER_CORE_V #define PRODUCT_DATACENTER_SERVER_CORE_V 0x00000027 +#endif +#ifndef PRODUCT_DATACENTER_SERVER_CORE_V_C #define PRODUCT_DATACENTER_SERVER_CORE_V_C "Datacenter Edition (core) " -#endif +#endif #ifndef PRODUCT_DATACENTER_SERVER_V #define PRODUCT_DATACENTER_SERVER_V 0x00000025 +#endif +#ifndef PRODUCT_DATACENTER_SERVER_V_C #define PRODUCT_DATACENTER_SERVER_V_C "Datacenter Edition (full) " #endif #ifndef PRODUCT_ENTERPRISE #define PRODUCT_ENTERPRISE 0x00000004 +#endif +#ifndef PRODUCT_ENTERPRISE_C #define PRODUCT_ENTERPRISE_C "Enterprise Edition " #endif #ifndef PRODUCT_ENTERPRISE_N #define PRODUCT_ENTERPRISE_N 0x0000001B +#endif +#ifndef PRODUCT_ENTERPRISE_N_C #define PRODUCT_ENTERPRISE_N_C "Enterprise Edition " #endif #ifndef PRODUCT_ENTERPRISE_SERVER #define PRODUCT_ENTERPRISE_SERVER 0x0000000A +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_C #define PRODUCT_ENTERPRISE_SERVER_C "Enterprise Edition (full) " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_CORE #define PRODUCT_ENTERPRISE_SERVER_CORE 0x0000000E +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_CORE_C #define PRODUCT_ENTERPRISE_SERVER_CORE_C "Enterprise Edition (core) " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V #define PRODUCT_ENTERPRISE_SERVER_CORE_V 0x00000029 +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_CORE_V_C #define PRODUCT_ENTERPRISE_SERVER_CORE_V_C "Enterprise Edition (core) " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_IA64 #define PRODUCT_ENTERPRISE_SERVER_IA64 0x0000000F +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_IA64_C #define PRODUCT_ENTERPRISE_SERVER_IA64_C "Enterprise Edition for Itanium-based Systems " #endif #ifndef PRODUCT_ENTERPRISE_SERVER_V #define PRODUCT_ENTERPRISE_SERVER_V 0x00000026 +#endif +#ifndef PRODUCT_ENTERPRISE_SERVER_V_C #define PRODUCT_ENTERPRISE_SERVER_V_C "Enterprise Edition (full) " #endif #ifndef PRODUCT_HOME_BASIC #define PRODUCT_HOME_BASIC 0x00000002 +#endif +#ifndef PRODUCT_HOME_BASIC_C #define PRODUCT_HOME_BASIC_C "Home Basic Edition " #endif #ifndef PRODUCT_HOME_BASIC_N #define PRODUCT_HOME_BASIC_N 0x00000005 +#endif +#ifndef PRODUCT_HOME_BASIC_N_C #define PRODUCT_HOME_BASIC_N_C "Home Basic Edition " #endif #ifndef PRODUCT_HOME_PREMIUM #define PRODUCT_HOME_PREMIUM 0x00000003 +#endif +#ifndef PRODUCT_HOME_PREMIUM_C #define PRODUCT_HOME_PREMIUM_C "Home Premium Edition " #endif #ifndef PRODUCT_HOME_PREMIUM_N #define PRODUCT_HOME_PREMIUM_N 0x0000001A +#endif +#ifndef PRODUCT_HOME_PREMIUM_N_C #define PRODUCT_HOME_PREMIUM_N_C "Home Premium Edition " #endif #ifndef PRODUCT_HOME_SERVER #define PRODUCT_HOME_SERVER 0x00000013 +#endif +#ifndef PRODUCT_HOME_SERVER_C #define PRODUCT_HOME_SERVER_C "Home Server Edition " #endif #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT 0x0000001E +#endif +#ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C #define PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT_C "Essential Business Server Management Server " #endif #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING 0x00000020 +#endif +#ifndef PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C #define PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING_C "Essential Business Server Messaging Server " #endif #ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY 0x0000001F +#endif +#ifndef PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C #define PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY_C "Essential Business Server Security Server " #endif #ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS #define PRODUCT_SERVER_FOR_SMALLBUSINESS 0x00000018 +#endif +#ifndef PRODUCT_SERVER_FOR_SMALLBUSINESS_C #define PRODUCT_SERVER_FOR_SMALLBUSINESS_C "Small Business Edition " #endif #ifndef PRODUCT_SMALLBUSINESS_SERVER #define PRODUCT_SMALLBUSINESS_SERVER 0x00000009 +#endif +#ifndef PRODUCT_SMALLBUSINESS_SERVER_C #define PRODUCT_SMALLBUSINESS_SERVER_C "Small Business Server " #endif #ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM 0x00000019 +#endif +#ifndef PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C #define PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_C "Small Business Server Premium Edition " #endif #ifndef PRODUCT_STANDARD_SERVER #define PRODUCT_STANDARD_SERVER 0x00000007 +#endif +#ifndef PRODUCT_STANDARD_SERVER_C #define PRODUCT_STANDARD_SERVER_C "Standard Edition " #endif #ifndef PRODUCT_STANDARD_SERVER_CORE #define PRODUCT_STANDARD_SERVER_CORE 0x0000000D +#endif +#ifndef PRODUCT_STANDARD_SERVER_CORE_C #define PRODUCT_STANDARD_SERVER_CORE_C "Standard Edition (core) " #endif #ifndef PRODUCT_STANDARD_SERVER_CORE_V #define PRODUCT_STANDARD_SERVER_CORE_V 0x00000028 +#endif +#ifndef PRODUCT_STANDARD_SERVER_CORE_V_C #define PRODUCT_STANDARD_SERVER_CORE_V_C "Standard Edition " #endif #ifndef PRODUCT_STANDARD_SERVER_V #define PRODUCT_STANDARD_SERVER_V 0x00000024 +#endif +#ifndef PRODUCT_STANDARD_SERVER_V_C #define PRODUCT_STANDARD_SERVER_V_C "Standard Edition " #endif #ifndef PRODUCT_STARTER #define PRODUCT_STARTER 0x0000000B +#endif +#ifndef PRODUCT_STARTER_C #define PRODUCT_STARTER_C "Starter Edition " #endif #ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER #define PRODUCT_STORAGE_ENTERPRISE_SERVER 0x00000017 +#endif +#ifndef PRODUCT_STORAGE_ENTERPRISE_SERVER_C #define PRODUCT_STORAGE_ENTERPRISE_SERVER_C "Storage Server Enterprise Edition " #endif #ifndef PRODUCT_STORAGE_EXPRESS_SERVER #define PRODUCT_STORAGE_EXPRESS_SERVER 0x00000014 +#endif +#ifndef PRODUCT_STORAGE_EXPRESS_SERVER_C #define PRODUCT_STORAGE_EXPRESS_SERVER_C "Storage Server Express Edition " #endif #ifndef PRODUCT_STORAGE_STANDARD_SERVER #define PRODUCT_STORAGE_STANDARD_SERVER 0x00000015 +#endif +#ifndef PRODUCT_STORAGE_STANDARD_SERVER_C #define PRODUCT_STORAGE_STANDARD_SERVER_C "Storage Server Standard Edition " #endif #ifndef PRODUCT_STORAGE_WORKGROUP_SERVER #define PRODUCT_STORAGE_WORKGROUP_SERVER 0x00000016 +#endif +#ifndef PRODUCT_STORAGE_WORKGROUP_SERVER_C #define PRODUCT_STORAGE_WORKGROUP_SERVER_C "Storage Server Workgroup Edition " #endif #ifndef PRODUCT_ULTIMATE #define PRODUCT_ULTIMATE 0x00000001 +#endif +#ifndef PRODUCT_ULTIMATE_C #define PRODUCT_ULTIMATE_C "Ultimate Edition " #endif #ifndef PRODUCT_ULTIMATE_N #define PRODUCT_ULTIMATE_N 0x0000001C +#endif +#ifndef PRODUCT_ULTIMATE_N_C #define PRODUCT_ULTIMATE_N_C "Ultimate Edition " #endif #ifndef PRODUCT_WEB_SERVER #define PRODUCT_WEB_SERVER 0x00000011 +#endif +#ifndef PRODUCT_WEB_SERVER_C #define PRODUCT_WEB_SERVER_C "Web Server Edition " #endif #ifndef PRODUCT_WEB_SERVER_CORE #define PRODUCT_WEB_SERVER_CORE 0x0000001D +#endif +#ifndef PRODUCT_WEB_SERVER_CORE_C #define PRODUCT_WEB_SERVER_CORE_C "Web Server Edition " #endif #endif /* WIN32 */ +#ifdef WIN32 +#include +#include +#include +#endif /* Sets the name of the starting program */ @@ -250,7 +337,7 @@ int CreatePID(char *name, int pid) { char file[256]; FILE *fp; - + if(isChroot()) { snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,pid); @@ -264,18 +351,20 @@ int CreatePID(char *name, int pid) fp = fopen(file,"a"); if(!fp) return(-1); - + fprintf(fp,"%d\n",pid); - + + chmod(file, 0640); + fclose(fp); - + return(0); } int DeletePID(char *name) { char file[256]; - + if(isChroot()) { snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,(int)getpid()); @@ -288,9 +377,9 @@ int DeletePID(char *name) if(File_DateofChange(file) < 0) return(-1); - - unlink(file); - + + unlink(file); + return(0); } @@ -309,7 +398,7 @@ int UnmergeFiles(char *finalpath, char *optdir) finalfp = fopen(finalpath, "r"); if(!finalfp) { - merror("%s: ERROR: Unable to read merged file: '%s'.", + merror("%s: ERROR: Unable to read merged file: '%s'.", __local_name, finalpath); return(0); } @@ -322,7 +411,7 @@ int UnmergeFiles(char *finalpath, char *optdir) break; } - + /* Initiator. */ if(buf[0] != '!') continue; @@ -360,7 +449,7 @@ int UnmergeFiles(char *finalpath, char *optdir) if(!fp) { ret = 0; - merror("%s: ERROR: Unable to unmerge file '%s'.", + merror("%s: ERROR: Unable to unmerge file '%s'.", __local_name, final_name); } @@ -430,7 +519,7 @@ int MergeAppendFile(char *finalpath, char *files) finalfp = fopen(finalpath, "w"); if(!finalfp) { - merror("%s: ERROR: Unable to create merged file: '%s'.", + merror("%s: ERROR: Unable to create merged file: '%s'.", __local_name, finalpath); return(0); } @@ -443,7 +532,7 @@ int MergeAppendFile(char *finalpath, char *files) finalfp = fopen(finalpath, "a"); if(!finalfp) { - merror("%s: ERROR: Unable to create merged file: '%s'.", + merror("%s: ERROR: Unable to append merged file: '%s'.", __local_name, finalpath); return(0); } @@ -501,7 +590,7 @@ int MergeFiles(char *finalpath, char **files) finalfp = fopen(finalpath, "w"); if(!finalfp) { - merror("%s: ERROR: Unable to create merged file: '%s'.", + merror("%s: ERROR: Unable to create merged file: '%s'.", __local_name, finalpath); return(0); } @@ -551,6 +640,81 @@ int MergeFiles(char *finalpath, char **files) #ifndef WIN32 +/* Get basename of path */ +char *basename_ex(char *path) +{ + return (basename(path)); +} + +/* Rename file or directory */ +int rename_ex(const char *source, const char *destination) +{ + if (rename(source, destination)) { + log2file( + RENAME_ERROR, + __local_name, + source, + destination, + errno, + strerror(errno) + ); + + return (-1); + } + + return (0); +} + +/* Create a temporary file */ +int mkstemp_ex(char *tmp_path) +{ + int fd; + + fd = mkstemp(tmp_path); + + if (fd == -1) { + log2file( + MKSTEMP_ERROR, + __local_name, + tmp_path, + errno, + strerror(errno) + ); + + return (-1); + } + + /* mkstemp() only implicitly does this in POSIX 2008 */ + if (fchmod(fd, 0600) == -1) { + close(fd); + + log2file( + CHMOD_ERROR, + __local_name, + tmp_path, + errno, + strerror(errno) + ); + + if (unlink(tmp_path)) { + log2file( + DELETE_ERROR, + __local_name, + tmp_path, + errno, + strerror(errno) + ); + } + + return (-1); + } + + close(fd); + return (0); +} + + + /* getuname; Get uname and returns a string with it. * Memory must be freed after use */ @@ -566,13 +730,13 @@ char *getuname() if(ret == NULL) return(NULL); - snprintf(ret, 255, "%s %s %s %s %s - %s %s", + snprintf(ret, 255, "%s %s %s %s %s - %s %s", uts_buf.sysname, uts_buf.nodename, uts_buf.release, uts_buf.version, uts_buf.machine, - __name, __version); + __ossec_name, __version); return(ret); } @@ -582,9 +746,9 @@ char *getuname() ret = calloc(256, sizeof(char)); if(ret == NULL) return(NULL); - + snprintf(ret, 255, "No system info available - %s %s", - __name, __version); + __ossec_name, __version); return(ret); } @@ -641,7 +805,7 @@ void goDaemonLight() /* Going to / */ chdir("/"); - + return; } @@ -699,7 +863,7 @@ void goDaemon() /* Going to / */ chdir("/"); - + /* Closing stdin, stdout and stderr */ /* fclose(stdin); @@ -713,7 +877,7 @@ void goDaemon() open("/dev/null", O_RDWR); open("/dev/null", O_RDWR); */ - + return; } @@ -732,13 +896,21 @@ int checkVista() } - /* We check if the system is vista (most be called during the startup. */ + /* We check if the system is vista (must be called during the startup.) */ if(strstr(m_uname, "Windows Server 2008") || - strstr(m_uname, "Vista")) + strstr(m_uname, "Vista") || + strstr(m_uname, "Windows 7") || + strstr(m_uname, "Windows 8") || + strstr(m_uname, "Windows Server 2012")) { isVista = 1; - verbose("%s: INFO: System is Vista or Windows Server 2008.", - __local_name); + verbose("%s: INFO: System is Vista or newer (%s).", + __local_name, m_uname); + } + else + { + verbose("%s: INFO: System is older than Vista (%s).", + __local_name, m_uname); } free(m_uname); @@ -746,6 +918,263 @@ int checkVista() return(isVista); } +/* Get basename of path */ +char *basename_ex(char *path) +{ + return (PathFindFileNameA(path)); +} + +/* Rename file or directory */ +int rename_ex(const char *source, const char *destination) +{ + if (!MoveFileEx(source, destination, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) { + log2file( + "%s: ERROR: Could not move (%s) to (%s) which returned (%lu)", + __local_name, + source, + destination, + GetLastError() + ); + + return (-1); + } + + return (0); +} + +/* Create a temporary file */ +int mkstemp_ex(char *tmp_path) +{ + DWORD dwResult; + int result; + int status = -1; + + HANDLE h = NULL; + PACL pACL = NULL; + PSECURITY_DESCRIPTOR pSD = NULL; + EXPLICIT_ACCESS ea[2]; + SECURITY_ATTRIBUTES sa; + + PSID pAdminGroupSID = NULL; + PSID pSystemGroupSID = NULL; + SID_IDENTIFIER_AUTHORITY SIDAuthNT = {SECURITY_NT_AUTHORITY}; + +#if defined(_MSC_VER) && _MSC_VER >= 1500 + result = _mktemp_s(tmp_path, strlen(tmp_path) + 1); + + if (result != 0) { + log2file( + "%s: ERROR: Could not create temporary file (%s) which returned (%d)", + __local_name, + tmp_path, + result + ); + + return (-1); + } +#else + if (_mktemp(tmp_path) == NULL) { + log2file( + "%s: ERROR: Could not create temporary file (%s) which returned [(%d)-(%s)]", + __local_name, + tmp_path, + errno, + strerror(errno) + ); + + return (-1); + } +#endif + + /* Create SID for the BUILTIN\Administrators group */ + result = AllocateAndInitializeSid( + &SIDAuthNT, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + &pAdminGroupSID + ); + + if (!result) { + log2file( + "%s: ERROR: Could not create BUILTIN\\Administrators group SID which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Create SID for the SYSTEM group */ + result = AllocateAndInitializeSid( + &SIDAuthNT, + 1, + SECURITY_LOCAL_SYSTEM_RID, + 0, 0, 0, 0, 0, 0, 0, + &pSystemGroupSID + ); + + if (!result) { + log2file( + "%s: ERROR: Could not create SYSTEM group SID which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Initialize an EXPLICIT_ACCESS structure for an ACE */ + ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS)); + + /* Add Administrators group */ + ea[0].grfAccessPermissions = GENERIC_ALL; + ea[0].grfAccessMode = SET_ACCESS; + ea[0].grfInheritance = NO_INHERITANCE; + ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; + ea[0].Trustee.ptstrName = (LPTSTR)pAdminGroupSID; + + /* Add SYSTEM group */ + ea[1].grfAccessPermissions = GENERIC_ALL; + ea[1].grfAccessMode = SET_ACCESS; + ea[1].grfInheritance = NO_INHERITANCE; + ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; + ea[1].Trustee.ptstrName = (LPTSTR)pSystemGroupSID; + + /* Set entries in ACL */ + dwResult = SetEntriesInAcl(2, ea, NULL, &pACL); + + if (dwResult != ERROR_SUCCESS) { + log2file( + "%s: ERROR: Could not set ACL entries which returned (%lu)", + __local_name, + dwResult + ); + + goto cleanup; + } + + /* Initialize security descriptor */ + pSD = (PSECURITY_DESCRIPTOR)LocalAlloc( + LPTR, + SECURITY_DESCRIPTOR_MIN_LENGTH + ); + + if (pSD == NULL) { + log2file( + "%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of a LocalAlloc() failure which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { + log2file( + "%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of an InitializeSecurityDescriptor() failure which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Set owner */ + if (!SetSecurityDescriptorOwner(pSD, NULL, FALSE)) { + log2file( + "%s: ERROR: Could not set owner which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Set group owner */ + if (!SetSecurityDescriptorGroup(pSD, NULL, FALSE)) { + log2file( + "%s: ERROR: Could not set group owner which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Add ACL to security descriptor */ + if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) { + log2file( + "%s: ERROR: Could not set SECURITY_DESCRIPTOR DACL which returned (%lu)", + __local_name, + GetLastError() + ); + + goto cleanup; + } + + /* Initialize security attributes structure */ + sa.nLength = sizeof (SECURITY_ATTRIBUTES); + sa.lpSecurityDescriptor = pSD; + sa.bInheritHandle = FALSE; + + h = CreateFileA( + tmp_path, + GENERIC_WRITE, + 0, + &sa, + CREATE_NEW, + FILE_ATTRIBUTE_NORMAL, + NULL + ); + + if (h == INVALID_HANDLE_VALUE) { + log2file( + "%s: ERROR: Could not create temporary file (%s) which returned (%lu)", + __local_name, + tmp_path, + GetLastError() + ); + + goto cleanup; + } + + if (!CloseHandle(h)) { + log2file( + "%s: ERROR: Could not close file handle to (%s) which returned (%lu)", + __local_name, + tmp_path, + GetLastError() + ); + + goto cleanup; + } + + /* Success */ + status = 0; + +cleanup: + if (pAdminGroupSID) { + FreeSid(pAdminGroupSID); + } + + if (pSystemGroupSID) { + FreeSid(pSystemGroupSID); + } + + if (pACL) { + LocalFree(pACL); + } + + if (pSD) { + LocalFree(pSD); + } + + return (status); +} /** get uname for windows **/ @@ -759,7 +1188,7 @@ char *getuname() typedef BOOL (WINAPI *PGPI)(DWORD, DWORD, DWORD, DWORD, PDWORD); - /* Extracted from ms web site + /* Extracted from ms web site * http://msdn.microsoft.com/library/en-us/sysinfo/base/getting_the_system_version.asp */ OSVERSIONINFOEX osvi; @@ -775,25 +1204,55 @@ char *getuname() if(!(bOsVersionInfoEx = GetVersionEx ((OSVERSIONINFO *) &osvi))) { osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); - if (!GetVersionEx((OSVERSIONINFO *)&osvi)) + if (!GetVersionEx((OSVERSIONINFO *)&osvi)) return(NULL); } /* Allocating the memory */ os_calloc(OS_SIZE_1024 +1, sizeof(char), ret); ret[OS_SIZE_1024] = '\0'; - + switch(osvi.dwPlatformId) { /* Test for the Windows NT product family. */ case VER_PLATFORM_WIN32_NT: - if(osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0 ) + if(osvi.dwMajorVersion == 6) { - if(osvi.wProductType == VER_NT_WORKSTATION ) - strncat(ret, "Microsoft Windows Vista ", ret_size -1); - else + if(osvi.dwMinorVersion == 0) + { + if(osvi.wProductType == VER_NT_WORKSTATION ) + strncat(ret, "Microsoft Windows Vista ", ret_size -1); + else + { + strncat(ret, "Microsoft Windows Server 2008 ", ret_size -1); + } + } + else if(osvi.dwMinorVersion == 1) + { + if(osvi.wProductType == VER_NT_WORKSTATION ) + strncat(ret, "Microsoft Windows 7 ", ret_size -1); + else + { + strncat(ret, "Microsoft Windows Server 2008 R2 ", ret_size -1); + } + } + else if(osvi.dwMinorVersion == 2) + { + if(osvi.wProductType == VER_NT_WORKSTATION ) + strncat(ret, "Microsoft Windows 8 ", ret_size -1); + else + { + strncat(ret, "Microsoft Windows Server 2012 ", ret_size -1); + } + } + else if(osvi.dwMinorVersion == 3) { - strncat(ret, "Microsoft Windows Server 2008 ", ret_size -1); + if(osvi.wProductType == VER_NT_WORKSTATION ) + strncat(ret, "Microsoft Windows 8.1 ", ret_size -1); + else + { + strncat(ret, "Microsoft Windows Server 2012 R2 ", ret_size -1); + } } ret_size-=strlen(ret) +1; @@ -801,7 +1260,7 @@ char *getuname() /* Getting product version. */ pGPI = (PGPI) GetProcAddress( - GetModuleHandle(TEXT("kernel32.dll")), + GetModuleHandle(TEXT("kernel32.dll")), "GetProductInfo"); pGPI( 6, 0, 0, 0, &dwType); @@ -926,7 +1385,7 @@ char *getuname() strncat(ret, PRODUCT_WEB_SERVER_CORE_C, ret_size -1); break; } - + ret_size-=strlen(ret) +1; } @@ -934,18 +1393,18 @@ char *getuname() else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2) { pGNSI = (PGNSI) GetProcAddress( - GetModuleHandle("kernel32.dll"), + GetModuleHandle("kernel32.dll"), "GetNativeSystemInfo"); if(NULL != pGNSI) pGNSI(&si); if( GetSystemMetrics(89) ) - strncat(ret, "Microsoft Windows Server 2003 R2 ", + strncat(ret, "Microsoft Windows Server 2003 R2 ", ret_size -1); else if(osvi.wProductType == VER_NT_WORKSTATION && si.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_AMD64) { - strncat(ret, + strncat(ret, "Microsoft Windows XP Professional x64 Edition ", ret_size -1 ); } @@ -953,7 +1412,7 @@ char *getuname() { strncat(ret, "Microsoft Windows Server 2003, ",ret_size-1); } - + ret_size-=strlen(ret) +1; } @@ -963,7 +1422,7 @@ char *getuname() ret_size-=strlen(ret) +1; } - + else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0) { strncat(ret, "Microsoft Windows 2000 ", ret_size -1); @@ -995,15 +1454,15 @@ char *getuname() strncat(ret, "Workstation 4.0 ", ret_size -1); else if( osvi.wSuiteMask & VER_SUITE_PERSONAL ) strncat(ret, "Home Edition ", ret_size -1); - else + else strncat(ret, "Professional ",ret_size -1); /* Fixing size */ - ret_size-=strlen(ret) +1; + ret_size-=strlen(ret) +1; } /* Test for the server type. */ - else if( osvi.wProductType == VER_NT_SERVER || + else if( osvi.wProductType == VER_NT_SERVER || osvi.wProductType == VER_NT_DOMAIN_CONTROLLER ) { if(osvi.dwMajorVersion==5 && osvi.dwMinorVersion==2) @@ -1012,7 +1471,7 @@ char *getuname() PROCESSOR_ARCHITECTURE_IA64 ) { if( osvi.wSuiteMask & VER_SUITE_DATACENTER ) - strncat(ret, + strncat(ret, "Datacenter Edition for Itanium-based Systems ", ret_size -1); else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE ) @@ -1020,7 +1479,7 @@ char *getuname() "Enterprise Edition for Itanium-based Systems ", ret_size -1); - ret_size-=strlen(ret) +1; + ret_size-=strlen(ret) +1; } else if ( si.wProcessorArchitecture== @@ -1032,11 +1491,11 @@ char *getuname() else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE ) strncat(ret, "Enterprise x64 Edition ", ret_size -1 ); - else + else strncat(ret, "Standard x64 Edition ", ret_size -1 ); - ret_size-=strlen(ret) +1; + ret_size-=strlen(ret) +1; } else @@ -1048,10 +1507,10 @@ char *getuname() strncat(ret,"Enterprise Edition ",ret_size -1); else if ( osvi.wSuiteMask == VER_SUITE_BLADE ) strncat(ret,"Web Edition ",ret_size -1 ); - else + else strncat(ret, "Standard Edition ",ret_size -1); - ret_size-=strlen(ret) +1; + ret_size-=strlen(ret) +1; } } else if(osvi.dwMajorVersion==5 && osvi.dwMinorVersion==0) @@ -1060,25 +1519,25 @@ char *getuname() strncat(ret, "Datacenter Server ",ret_size -1); else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE ) strncat(ret, "Advanced Server ",ret_size -1 ); - else + else strncat(ret, "Server ",ret_size -1); - ret_size-=strlen(ret) +1; + ret_size-=strlen(ret) +1; } else if(osvi.dwMajorVersion <= 4) /* Windows NT 4.0 */ { if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE ) strncat(ret, "Server 4.0, Enterprise Edition ", ret_size -1 ); - else + else strncat(ret, "Server 4.0 ",ret_size -1); - + ret_size-=strlen(ret) +1; } } } /* Test for specific product on Windows NT 4.0 SP5 and earlier */ - else + else { HKEY hKey; char szProductType[81]; @@ -1091,7 +1550,7 @@ char *getuname() if(lRet == ERROR_SUCCESS) { char __wv[32]; - + lRet = RegQueryValueEx( hKey, "ProductType", NULL, NULL, (LPBYTE) szProductType, &dwBufLen); RegCloseKey( hKey ); @@ -1108,7 +1567,7 @@ char *getuname() ret_size-=strlen(ret) +1; memset(__wv, '\0', 32); - snprintf(__wv, 31, + snprintf(__wv, 31, "%d.%d ", (int)osvi.dwMajorVersion, (int)osvi.dwMinorVersion); @@ -1121,9 +1580,9 @@ char *getuname() /* Display service pack (if any) and build number. */ - if( osvi.dwMajorVersion == 4 && + if( osvi.dwMajorVersion == 4 && lstrcmpi( osvi.szCSDVersion, "Service Pack 6" ) == 0 ) - { + { HKEY hKey; LONG lRet; char __wp[64]; @@ -1134,8 +1593,8 @@ char *getuname() "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Hotfix\\Q246009", 0, KEY_QUERY_VALUE, &hKey ); if( lRet == ERROR_SUCCESS ) - snprintf(__wp, 63, "Service Pack 6a (Build %d)", - (int)osvi.dwBuildNumber & 0xFFFF ); + snprintf(__wp, 63, "Service Pack 6a (Build %d)", + (int)osvi.dwBuildNumber & 0xFFFF ); else /* Windows NT 4.0 prior to SP6a */ { snprintf(__wp, 63, "%s (Build %d)", @@ -1169,13 +1628,13 @@ char *getuname() { strncat(ret, "Microsoft Windows 95 ", ret_size -1); ret_size-=strlen(ret) +1; - } + } if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 10) { strncat(ret, "Microsoft Windows 98 ", ret_size -1); ret_size-=strlen(ret) +1; - } + } if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 90) { @@ -1183,7 +1642,7 @@ char *getuname() ret_size -1); ret_size-=strlen(ret) +1; - } + } break; case VER_PLATFORM_WIN32s: @@ -1195,12 +1654,12 @@ char *getuname() /* Adding ossec version */ - snprintf(os_v, 128, " - %s %s", __name, __version); + snprintf(os_v, 128, " - %s %s", __ossec_name, __version); strncat(ret, os_v, ret_size -1); - - + + /* Returning system information */ - return(ret); + return(ret); } #endif