*** * Using this file is deprecated, use svn log. *** 2004-02-08 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/common.c (prelude_get_gmt_offset): fix shadowing parameters. 2004-02-06 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/idmef-message.c (idmef_message_new): simplify. * bindings/: regenerated. * src/include/extract.h (extract_characters_safe): check that length is at least 2 byte for safety. * src/idmef-util.c (idmef_additionaldata_data_to_string): make size a pointer. Uppon return, size is updated to fit the length of additional data. 2004-02-05 Yoann Vandoorselaere <yoann@prelude-ids.org> * bindings/libprelude.i: Include common.h, s/prelude_get_process_name_and_path/prelude_get_file_name_and_path/ Regenerated bindings. 2004-02-03 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/sensor.c (get_process_name): use prelude_get_file_name_and_path. * src/idmef-criterion-value.c (get_tm_and_offset): update for prelude_get_gmt_offset() API change. * src/common.c (prelude_get_gmt_offset): moved from idmef-util.c. Re-worked so that it is provided with the local time. * src/idmef-util.c (idmef_additionaldata_data_to_string): API change. Stop using a static buffer, use the buffer provided as argument. When the additional data type is byte or character, directly return the content of the data. (prelude_get_process_name_and_path): moved from here. * src/common.c (prelude_get_file_name_and_path): rewrite prelude_get_process_name_and_path() and put it here. 2004-01-31 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-value.c (idmef_value_clone) bug fix, enum type was not cloned correctly (forget to copy the object_type field of idmef_value) 2004-01-28 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-criterion-value.c: add the "last" keyword for non linear time values relation '=' with this keyword will not work as expected for the moment (because it requires to be transformed into a criteria (to have a range) and not a simple criterion) btw, it can be done manually with two idmef_criterion while waiting for a correct implementation 2004-01-25 Nicolas Delon <delon.nicolas@wanadoo.fr> * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.pm: fit idmef-criteria changes * bindings/python/_prelude.c: regenerated * bindings/python/prelude.py: (IDMEFMessage.__getitem__) bug fix, check if c_value != None before destroying it * src/idmef-criteria-string.yac.y: fit idmef-criteria changes bug fix, check yyparse return value * src/idmef-criteria.c: * src/include/idmef-criteria.h: perform validity checks for idmef criterion replace idmef_value in idmef_criterion by the new idmef_criterion_value abstraction layer * src/idmef-criterion-value.c: * src/include/idmef-criterion-value.h: new files create a new abtraction layer uppon the value in a idmef-criterion this allow the use of complex date description (idmef_criterion_value_non_linear_time) * src/idmef-util.c: * src/include/idmef-util.h: (prelude_get_gmt_offset) new function 2004-01-17 Yoann Vandoorselaere <yoann@prelude-ids.org> * configure.in: correct python and perl check. Check that the required header file is present. Fix build failure on system missing headers file. * src/prelude-log.c (syslog_log, strip_return): strip '\n' character at the head and tail of the buffer when logging to syslog(). * src/prelude-getopt.c (get_missing_options): carry more information. 2004-01-14 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/sensor.c (prelude_analyzer_fill_infos): remove crappy bugged code trying to copy the node to the analyzer, and use a simple refcount. 2004-01-13 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/daemonize.c (prelude_daemonize): nicer output... 2004-01-14 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-time.c: (idmef_time_get_db_timestamp) add a space character between date and hour to make postgresql happy 2004-01-11 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/config-engine.c (strip_value): fix NULL return for 1 characters entry... * sensor-adduser/sensor-adduser.c (set_sensor_name): dup optarg. * src/sensor.c (setup_analyzer_node_location) (setup_analyzer_node_name, setup_analyzer_node_address_address) (setup_analyzer_node_address_netmask) (setup_analyzer_node_address_vlan_name) (prelude_analyzer_fill_infos): fix invalid memory references... String coming from prelude-getopt should be strdup'd. 2004-01-10 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/config-engine.c (is_section): do not match a section if the '[' characters is preceded by other characters. (strip_value): handle quoted entry. (cmp_section): remove. handle tab everywhere, refactorize code. 2004-01-09 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-getopt.c (search_option): use strcasecmp to search the option. (get_missing_options): complete rewrite of the code getting missing option from the configuration file, so that we don't lookup option on a per option basis, but in the order they were specified in the config file. This allow the caller to much easily deal with option that depend on each other. Mainly LML now can deal with different logfile with different format. * src/config-engine.c (is_line_commented, is_section): consistency fix, handle tab. (config_get): use new helper function. The return value now have to be freed. (config_get_next): new function. Allow the caller to parse the whole configuration file. (parse_buffer): impl. separate entry and value from the buffer. (strip_value): impl. Strip out extra value characters. (get_section): impl. Return section name. (load_file_in_memory): do not use prelude_read_multiline(), as it would cause problem when reporting line number, and we don't care about multiline handling here. 2004-01-07 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-message.c: * src/include/idmef-message.h: * src/include/idmef-tree.h: drop the cache feature, since idmef_object_get' rework (performance has been improved) this is no more necessary idmef_message_set do not destroy object and value anymore * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.pm: fit idmef-message changes * bindings/python/_prelude.c: regenerated * bindings/python/prelude.py: fit idmef-message changes 2004-01-06 Yoann Vandoorselaere <yoann@prelude-ids.org> * configure.in: call AC_SYS_LARGEFILE * src/prelude-client-mgr.c: include config.h 64 bits file offset are now activated for fallover files. No more 2Gb limitation. 2004-01-05 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-getopt.c (call_option_from_cb_list): don't leak value returned by lookup_variable_if_needed(). 2004-01-02 Nicolas Delon <delon.nicolas@wanadoo.fr> * bindings/python/prelude.py: bug fix: bad variable name * src/idmef-time.c: (idmef_time_get_idmef_timestamp) (idmef_time_get_ntp_timestamp) (idmef_time_get_timestamp) bug fix (bug was introduced the 2003-12-29): 0 was returned instead of the len of the buffer (idmef_time_set_db_timestamp) (idmef_time_new_db_timestamp) new functions, set an idmef_time_t with a datetime db field (idmef_time_set_ntp_timestamp) convert time in UTC (idmef_time_set_ntp_timestamp) convert time in localtime * src/include/idmef-time.h: cleanup 2004-01-01 Nicolas Delon <delon.nicolas@wanadoo.fr> * bindings/perl/Prelude.c: * bindings/python/_prelude.c: regenerated * src/idmef-data.c: * src/include/idmef-data.h: (idmef_data_is_empty) new function * src/idmef-string.c: * src/include/idmef-string.h: (idmef_string_is_empty) new function * src/idmef-time.c: (idmef_time_get_db_timestamp) feed buffer with "NULL" if the given pointer is NULL and add simple quote to the db timestamp string * src/idmef-util.c: (idmef_additionaldata_data_to_string) instead of writing to a given buffer, return a const char * thats point to a function static buffer (if a conversion was needed) or to the data field within the additional_data given Happy new year to our ChangeLog readers ! ;) 2003-12-29 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-time.c: (idmef_time_get_idmef_timestamp) (idmef_time_get_ntp_timestamp) (idmef_time_get_timestamp) bug fix: also check if the snprintf return value is not bigger than the given size * src/include/idmef-util.h: MAX_NTP_TIMESTAMP_SIZE: include the trailing nul byte in the size, it fix a bug in libpreludedb 2003-12-29 Nicolas Delon <delon.nicolas@wanadoo.fr> * bindings/python/prelude.py: cleanup 2003-12-28 Nicolas Delon <delon.nicolas@wanadoo.fr> * bindings/libprelude.i: (prelude_alert_fill_infos) (prelude_heartbeat_fill_infos) setup process name and path with prelude_get_process_name_and_path * bindings/perl/Prelude.c: * bindings/python/_prelude.c: regenerated * bindings/perl/Prelude.pm: * bindings/python/prelude.py: fit prelude_alert_fill_infos last changes * src/idmef-util.c: * src/include/idmef-util.h: (prelude_get_process_name_and_path) new function * src/sensor.c: (get_process_name) updated to use prelude_get_process_name_and_path 2003-12-28 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-client.c (prelude_client_send_msg): after writing a message, check that the tcp connection is still established, otherwise, handle breakage and trigger failover. (is_tcp_connection_still_established): moved from prelude-io.c. (start_inet_connection): (start_unix_connection): s/socket_io/sys_io/ * src/prelude-io.c: remove the socket_io IO type. The check issued by this type really shouldn't be done here. (sys_pending): implement, using FIONREAD. * src/prelude-message.c (set_data, prelude_msg_forward): datatype safety. 2003-12-27 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-value.c: (idmef_value_to_string) bug fix, enum type was not handled since idmef-value.c rework (it was not handled at idmef-value-type level but enum need the object_type field in addition of the enum value to be converted into string, so the conversion must be done at idmef-value level) 2003-12-27 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/prelude-strbuf.c: (prelude_strbuf_is_empty) change return value returns 1 (true/yes) if strbuf is empty and 0 (false/no) otherwise it is more natural than 0 and -1 (return values < 0 are used as error code, and we don't have any error here) moreover, it was the way libpreludedb's strbuf works, and when libpreludedb has been changed to use prelude-strbuf instead of strbuf, it has been broken by now everything works fine 2003-12-26 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-value.c: (idmef_value_get_idmef_type) also return object_type if value's type is type_enum * bindings/libprelude.i: bind idmef-type.h * bindings/perl/Prelude.c: * bindings/python/_prelude.c: regenerated * bindings/perl/Prelude.pm: * bindings/python/prelude.py: return enums as strings 2003-12-26 Nicolas Delon <delon.nicolas@wanadoo.fr> * configure.in: don't regenerate the .c source files of bindings during ./configure 2003-12-26 Nicolas Delon <delon.nicolas@wanadoo.fr> * bindings/python/_prelude.c: regenerated * bindings/python/prelude.py: cleanup * src/idmef-criteria.c: (idmef_criteria_clone) bug fix, the way the operators were handled was buggy * bindings/generate.sh: new script that simply call the generate.sh of perl and python directories 2003-12-25 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/idmef-data.c (idmef_data_new): revert previous change (unsigned char pointer to void pointer), cause it was causing problem for binding. * src/idmef-wrappers-gen/GenerateIDMEFMessageSendC.pm (struct): don't call prelude_msgbuf_mark_end() on idmef_message_send(). Doing so is up to the caller, who might want to add more information to the written alert. * src/idmef-data.c (idmef_data_new_dup): (idmef_data_new_nodup): (idmef_data_new_ref): (idmef_data_set_dup): (idmef_data_set_nodup): (idmef_data_set_ref): (idmef_data_get_data): * src/idmef-string.c (idmef_string_new_ref_fast): str is const. 2003-12-20 Nicolas Delon <delon.nicolas@wanadoo.fr> * bindings/libprelude.i: * bindings/perl/Prelude.pm: cleanup * bindings/perl/Prelude.c: regenerated * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvC.pm: (extract_string_safe) bug fix, idmef_string_new_ref_fast was called with len + 1, but len already takes the final NULL byte in account * src/idmef-message-recv.c: regenerated 2003-12-18 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/prelude-io.c: (is_tcp_connection_still_established) handle the case where poll returns 0 (which means that no fd have been selected) 2003-12-18 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/prelude-strbuf.c: * src/include/prelude-strbuf.h: (prelude_strbuf_cat) (prelude_strbuf_ncat) new functions 2003-12-16 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-value-type.c: in read functions for integer types: handle both decimal and hexadecimal value 2003-12-14 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-message.c: * src/include/idmef-tree.h (idmef_message_set_pmsg) (idmef_message_destroy) add the ability to attach a prelude_msg to the corresponding idmef_message * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: do not generate _ref function prototype for function that don't have refcount * src/include/idmef-tree-wrap.h: regenerated 2003-12-13 Nicolas Delon <delon.nicolas@wanadoo.fr> * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: * src/idmef-wrappers-gen/IDMEFTree.pm: * src/include/idmef-tree.h: implement refcount support * src/idmef-tree-wrap.c: * src/include/idmef-tree-wrap.h: regenerated 2003-12-12 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/idmef-wrappers-gen/GenerateIDMEFMessageSendC.pm (header): use prelude_hton64(). * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm (header): add missing includes. 2003-10-16 Yoann Vandoorselaere <yoann@prelude-ids.org> * configure.in: move test that might add library path to the libprelude-config output at the end of the other library check in order to avoid any perturbation. * libprelude-config.in: Invert @libprelude_libs@ and $libdirs. $libdirs define where the path to libprelude when @libprelude_libs@ define other system library path. This could result in linking to the wrong version of libprelude being linked when dual libprelude version were installed. 2003-09-30 Stephane Loeuillet <stephane.loeuillet@tiscali.fr> * README : update references to IRC channel and mailing list which were not changed since project has quit sourceforge and openproject changed its name 2003-09-30 Yoann Vandoorselaere <yoann@prelude-ids.org> * NEWS: updated. * configure.in: bump version number to 0.8.7. * src/prelude-inet.c (addrinfo_new): set default sin_family to AF_INET. Fix a crash on system without getaddrinfo(). 2003-09-21 Yoann Vandoorselaere <yoann@prelude-ids.org> * NEWS: updated. * src/string-matching.c: removed. It's now part of prelude-nids. Release libprelude-0.8.6. 2003-08-09 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * autogen.sh: add AC_PROG_CPP so the preprocessor is detected before the OpenSSL presence test, so the OpenSSL detection works correctly (unfortunately, this makes sense...) 2003-08-09 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/prelude-inet.c: fix includes so it builds on FreeBSD 2003-08-09 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/idmef-msg-send.c (idmef_send_alert): Handle tool, overflow, and correlation alert. (idmef_send_correlation_alert): (idmef_send_overflow_alert): (idmef_send_tool_alert): (idmef_send_alertident_list): (idmef_send_alertident): implemented. 2003-08-08 Yoann Vandoorselaere <yoann@prelude-ids.org> * sensor-adduser/sensor-adduser.c (setup_sensor_files): fix a typo (';' after an if statement). The block was never executed, resulting in an incorrect sensor-adduser output. * configure.in: stop overwriting CFLAGS. 2003-08-06 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-inet.c (is_ipv6_loopback): new function, replace the dirty IN6_IS_ADDR_LOOPBACK macro. (prelude_inet_addr_is_loopback): use is_ipv6_loopback(). (prelude_inet_getaddrinfo): provide the service argument to the getaddrinfo_compat() function. (getaddrinfo_compat): take care of the service argument. Translate service to a 16 bits integer and provide it to the addrinfo_new() function. (addrinfo_new): take a port argument. Theses change fix a bug where the library would connect to a random port in case getaddrinfo() was not available on the system. Fix the getaddrinfo() fallback. * src/daemonize.c (lockfile_write_pid): * src/prelude-path.c (prelude_get_auth_filename): (prelude_get_ssl_cert_filename): (prelude_get_ssl_key_filename): (prelude_get_backup_filename): cast uid_t and pid_t to integer. This fix compilation warning on 64bits architectures. 2003-07-17 Sylvain GIL <prelude-code@toootella.org> * configure.in: removed CFLAGS resetting (fixed #91) 2003-06-13 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-inet.c (gai_strerror_compat): implemented. (prelude_inet_gai_strerror): implemented. 2003-06-11 Stéphane Loeuillet <stephane.loeuillet@tiscali.fr> * autogen.sh : remove hardcoded aclocal include directory which broke configure/Makefile generation on systems with several autoconf versions (mdk 9.1 and others) * sensors-default.conf : corrected typo in default sensor config file which made sensors without an address even if you filled this section 2003-06-11 Yoann Vandoorselaere <yoann@prelude-ids.org> * sensor-adduser/ssl-register.c (recv_manager_certificate): fix warning. * src/prelude-client.c (generic_connect): made really generic. Now handle both UNIX and TCP connection. (inet_connect): (unix_connect): deprecated by new generic_connect() implementation. (prelude_client_destroy): free sockaddr. (resolve_addr): implemented. Use the prelude-inet interface, providing the ability to resolve Ipv6 address. (do_connect): provide information about where we are connecting. Theses change provide the ability for a prelude-client to connect using both Ipv4 or Ipv6. Also the prelude-client code has been reworked so that connection using UNIX and TCP socket share more code. * configure.in: check wether Ipv6 is available on this system, and define HAVE_IPV6 if it is. Also check for inet_ntop and getaddrinfo. * src/prelude-inet.c (prelude_inet_getaddrinfo): (prelude_inet_freeaddrinfo): (prelude_inet_ntop): (prelude_inet_sockaddr_get_inaddr): (prelude_inet_addr_is_loopback): implemented theses functions, as well as fallback in case they aren't present on the system. * src/prelude-client-mgr.c (parse_address): use strrchr() instead of strchr() so that we can handle Ipv6 address. 2003-06-08 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/ssl-registration-msg.c (prelude_ssl_recv_cert): remove un-needed cast. * sensor-adduser/sensor-adduser.c (generate_sensor_ident): fix GCC strict-aliasing warning by using an union. * src/prelude-io.c (prelude_io_read_delimited): make buf pointer an unsigned char. * src/idmef-msg-send.c (idmef_send_uint64): use prelude_hton64(), instead of re-implementing it. 2003-06-07 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/include/extract.h (extract_uint64): fix GCC strict-aliasing warning by using an union. * src/common.c (prelude_hton64): fix convertion problem. Fix GCC strict-aliasing warning. 2003-06-03 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/string-matching.c: (BoyerMoore_StringMatching): (BoyerMoore_CI_StringMatching); return -1 on error, or the index where the string matched on success. 2003-05-16 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/common.c (prelude_read_multiline): forbid multiline comment (fix #0000078). This function now handle comment by itself. 2003-05-14 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-async.c (wait_timer_and_data): (wait_data): unlock the mutex before exiting. 2003-05-11 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/timer.c (walk_and_wake_up_timer): fix once for all long time race in this function. * Included patch from Sylvain Gil <prelude-code@tootella.org>, that fix libprelude compilation under MacOSX: * configure.in (macosx): fixed search for libpthread search for poll() in libpoll if not found in libc 2003-05-06 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/plugin-common.c (plugin_print_stats): don't print anything if p_count member is not set. * src/include/plugin-common-prv.h (plugin_run): (plugin_run_with_return_value): don't compute stats by default. This avoid us 2 gettimeofday() syscall by plugin ran. (plugin_compute_stats): new macro, that can be used to call plugin_run and plugin_run_with_return_value. 2003-05-03 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-async.c (prelude_async_exit): stop using pthread_cancel(). set a global stop_processing variable to 1, and then join the thread. (wait_data): (wait_timer_and_data): if stop_processing is set, and there is no data remaining, exit the thread. * configure.in: update version number to 0.8.6, so that Prelude programs might update their requirements. * src/Makefile.am (DEFS): use @pthread_cflags@ * configure.in (CFLAGS): put pthread cflags in the pthread_cflags variable. * libprelude-config.in: add a --pthread-cflags option. This is done in order to avoid non threaded program to compile with pthread related option (which might slow down program execution due to extra locking used by libc in this case). 2003-05-02 Yoann Vandoorselaere <yoann@prelude-ids.org> * Makefile.am (install-data-local): remove un-needed / after $DESTDIR. * src/plugin-common.c (plugin_load_single): correct english in error output. 2003-04-30 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/timer.c (timer_reset): don't use timer_mutex_unlock_if_needed() here, as timer_init_unlocked() will reset flags to 0. backup flags, and call timer_unlock() if it's set to TIMER_CALLED_FROM_CB. * src/prelude-async.c: re-establish post 0.8 behavior of defaulting to enable asynchronous timer. * src/timer.c: Asynchronous timer race fix. Timer are now unlocked when the callback call timer_destroy / timer_reset. It make the operation of gathering a timer -> executing it atomic. Also, merge part of the HEAD code, and avoid to lock mutex if the asynchronous timer aren't used. * src/include/timer.h: add a flags member to the timer structure. 2003-04-28 Yoann Vandoorselaere <yoann@prelude-ids.org> * configure.in: bump version number to 0.8.5. * autogen.sh: remove obsolete hack. 2003-04-27 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/timer.c (timer_unlock_critical_region): (timer_lock_critical_region): implemented. Provide the ability to deny asynchronous timer wake up. This fix bug #0000019. Program relying on asynchronous timer modifying shared data should rely on this. * src/prelude-getopt.c (is_an_argument): check if string is an argument, or an option, permit to handle some arguments starting with a '-'. More work is needed thought (need an escape character). (check_option_reqarg): (check_option_noarg): (check_option_optarg): use is_an_argument(). * src/prelude-async.c (prelude_async_set_flags): (prelude_async_get_flags): revert previous change, and implement the following function, in order to avoid API breakage. 2003-03-23 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/ssl-gencrypto.c (add_DN_object): * src/prelude-log.c (syslog_log): Handle snprintf error better. 2003-03-12 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-async.c (prelude_async_init): take a flags argument. Implemented the possibility to enable/disable asynchronous timer. (wait_data): new function, won't trigger timer wakeup. 2003-03-06 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-client.c (prelude_client_connect): Don't try to send Wide option message until Prelude 0.9. 2003-02-04 Yoann Vandoorselaere <yoann@prelude-ids.org> * Changed my mail address everywhere. * src/sensor.c (get_process_name): don't modify argv. * src/daemonize.c (prelude_daemonize): close stdin, stdout, and stderr. 2003-02-03 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/config-engine.c (get_variable_content): Fix config_get(). We were calling config_get() with a value of 0 for the line argument. Line should be a pointer to a valid memory address. This fix a possible SIGSEGV. 2002-01-23 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * sensor-adduser/ssl-register.c: * src/ssl-registration-msg.c: * src/include/ssl-registration-msg.h: Modified to use arbitrary length certificate buffer. This fixes a buffer overrun in sensor-adduser utility occuring after reading large generated SSL certificate during adding a sensor which will be using SSL communication. Although this could lead to local arbitrary code execution, the risk is mitigated by the fact that attacker would need to have write access to the file containing the certificate, which is by default chmod'ed 600 and owned by the user sensor is run as (usually root), or write access to the directory containing the file (by default owned by root and chmod'ed 755). None of these two conditions should occur on a properly configured system, and none of them occurs in default configuration (as they would introduce obvious security problems related to key management). Additionally, the exploitation would have to occur in a time frame between creating the certificate file and reading it. A corresponding fix has been made in manager-adduser utility in prelude-manager module. Note however, that the issue in manager-adduser did not have any security implications, as the oversized certificate was rejected immediately after receiving. 2003-01-22 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/prelude-getopt.c: removed argv_index from the prelude_optlist structure. (check_option_optarg): (check_option_reqarg): (check_option_noarg): (check_option): pass argv_index as a pointer. Stop zeroing processed argument, we don't want to modify the argv array because the application might still need it. (parse_argument): take a pointer to an argv_index integer. This simplify the code a little. This set of change simplify the parse_argument function a lot, and avoid modifying argv at parsing time. (print_options): don't try to AND match flags if set to zero. Fix a bug where option would not be printed if flags is set to zero. (search_option): fix a possible NULL strcmp that would result in a SIGSEGV for option without longname. 2003-01-21 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/ssl-gencrypto.c (prelude_ssl_gen_crypto): fix compilation with OpenSSL 0.9.7. 2002-12-18 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message.c (prelude_msg_dynamic_new): remove un-necessary arguments. Tag and priority can be set using prelude_msg_set_tag() / prelude_msg_set_priority(). * src/prelude-message-buffered.c: fit prelude-message API change. Cleanup. (prelude_msgbuf_get_msg): implemented. Permit to set message specific option (priority, tag). * src/prelude-getopt-wide.c (prelude_option_send_request): fit prelude-message-buffered API change. * sensor-adduser/sensor-adduser.c (print_help): fit prelude-getopt API change. 2002-11-22 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c: input_validation_regex, not input_validation_rexex. (prelude_option_new): (prelude_option_set_longopt): (prelude_option_get_longopt): (prelude_option_set_description): (prelude_option_get_description): (prelude_option_set_has_arg): (prelude_option_get_has_arg): (prelude_option_set_help): (prelude_option_get_help): (prelude_option_set_input_validation_regex): (prelude_option_get_input_validation_regex): (prelude_option_set_input_type): (prelude_option_get_input_type): implemented. (prelude_option_wide_get_msg): make the option message carry the originating sensor ID. * src/prelude-getopt-wide.c (read_option_list): (prelude_option_send_request): (prelude_option_recv_reply): (prelude_option_read_option_list): implemented. Theses function are helper for the one who want to use the administrative console. * src/client-ident.c (declare_ident_to_manager): use prelude_hton64(). * src/common.c (prelude_hton64): new public function. * src/prelude-getopt.c (check_option_reqarg): fix a priority problem when assigning optarg. This could result in a SIGSEGV. 2002-11-13 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt-wide.c: New functions, read an option request, apply it, and rACK it. This code was written by both Chia-liang Kao <clkao@clkao.org> and myself. 2002-11-13 Chia-liang Kao <clkao@clkao.org> * src/prelude-getopt.c: (search_option): take flags and walk_children when doing search. (prelude_option_invoke_set): (prelude_option_invoke_get): implemented. 2002-11-13 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client.c (prelude_client_connect): check the return value of prelude_option_wide_get_msg(). Don't try to send option message if it return NULL. * src/prelude-getopt.c (prelude_option_wide_get_msg): return NULL if there is no root_optlist. Fix a possible SIGSEGV on client that doesn't use prelude-getopt. 2002-11-12 Yoann Vandoorselaere <yoann@mandrakesoft.com> * COPYING.OpenSSL: * README: Permit linking with OpenSSL so that Debian package might be distributed. 2002-11-11 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/prelude-client.h: add PRELUDE_CLIENT_TYPE_MANAGER_PARENT and PRELUDE_CLIENT_TYPE_MANAGER_CHILDREN types. * src/prelude-client.c: remove unused RECONNECT_TIME_WAIT definition. (prelude_client_set_state): (prelude_client_get_state): implemented. (prelude_client_forward): (prelude_client_is_alive): (prelude_client_send_msg): check that the CONNECTED state is set. (prelude_client_connect): allocate the file descriptor here. Make the type of the client part of the message. (prelude_client_set_fd): new function. Close currently opened file descriptor if needed, and set the client FD. By default, the client doesn't own the passed FD. (prelude_client_new): don't allocate the file descriptor here, because the caller might furnish it's own FD. Only allocate the file descriptor by ourself on prelude_client_connect(). (prelude_client_close): (prelude_client_destroy): (handle_connection_breakage): call close_client_fd(). (close_client_fd): impl. Set the CONNECTED state to zero, and destroy the client file descriptor if the CLIENT_OWN_FD bit is set. * src/prelude-client-mgr.c (add_new_client): new function, add a client to the client-mgr. (prelude_client_mgr_tell_client_alive): Tell client-mgr that a given client in the set is alive. (prelude_client_mgr_tell_client_dead): Tell client-mgr that a given client in the set is dead. (prelude_client_mgr_search_client): search a client in the client-mgr list using the address and client type criteria. (search_client): search a given client in the client-mgr list. (walk_manager_lists): return 0 if there is no client in the list. (broadcast_message): on emission failure, only initialize the timer if use_timer is set. (prelude_client_mgr_add_client): new public function, add a client to a given client-mgr, allocating a client-mgr if not already done. * acinclude.m4: remove an errnous parenthesis, leading in AC_DATATYPE_GENERIC not finding any possible replacement for socklen_t. 2002-10-21 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/string-matching.c (BoyerMoore_CI_StringMatching): (BoyerMoore_StringMatching): return the index where we matched the pattern on success and -1 on error. 2002-09-23 Yoann Vandoorselaere <yoann@mandrakesoft.com> * NEWS: updated. * configure.in: bump version to 0.8.4 * src/sensor.c (parse_argument): return -1 here in case of the manager client creation fail. Fix a possible free() of a NULL pointer. 2002-09-16 Guillaume Pelat <endymion@linux-secure.com> * sensor-adduser/plaintext.c(setup_plaintext): * src/common.c(prelude_read_multiline): * src/config-engine.c(cmp_entry): (create_new_line): * src/prelude-client.c(handle_plaintext_connection): * src/prelude-getopt.c(check_option_optarg): (check_option_reqarg): (lookup_variable_if_needed): * src/ssl-gencrypto.c(get_full_hostname): Fix potential signed/unsigned integer problems. 2002-09-15 Yoann Vandoorselaere <yoann@mandrakesoft.com> * acinclude.m4: new AC_DATATYPE_GENERIC() macro, that check for a datatype and possible replacement. * configure.in: Enable OpenSSL conditionaly. Check for the socklen_t datatype, and provide a replacement if not found. This fix a compilation problem on Solaris. * src/Makefile.am: * sensor-adduser/Makefile.am: Stop compiling empty source file when SSL support is disabled. Don't compile the sources at all instead. 2002-09-10 Yoann Vandoorselaere <yoann@mandrakesoft.com> * NEWS: updated. * configure.in: bump version number to 0.8.3 2002-09-09 Yoann Vandoorselaere <yoann@mandrakesoft.com> * sensor-adduser/sensor-adduser.c (register_sensor_ident): When searching if an ident is already registered for this sensor, do exact compareason... So that two sensor with the same prefix, but different suffix won't match. (register_sensor_ident): move the call to fchmod() at the beginning of the function, so it is called each time the file is opened... For safety. 2002-09-07 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/idmef-msg-send.c (idmef_send_uint64): if we're running on a big endian system, don't send an uninitialized value. 2002-09-04 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (get_from_config): check process_option_cfg_hook() return value. Abort the whole process if it return an error. (section_get_all): config_get_section() doesn't return a prelude_option_x error code. If config_get_section() return -1, then return 0, it just mean there are no more section of this name. (prelude_option_destroy): use list_for_each_safe(). 2002-09-03 Guillaume Pelat <endymion@linux-secure.com> * src/daemonize.c (lockfile_get_exclusive): Fix possible file descriptor leak. * src/config-engine.c (load_file_in_memory): Fix possible file descriptor leak. 2002-08-29 Yoann Vandoorselaere <yoann@mandrakesoft.com> * NEWS: update release notes. * configure.in: bump version to 0.8.2. * src/prelude-getopt.c (check_option_optarg): set optarg to NULL if arg len is 0. (check_option_reqarg): ditto. (check_option): ditto in case of option no_argument. (call_option_cb): cleanup. (call_option_from_cb_list): only free arg if it is not NULL. 2002-08-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * sensor-adduser/ssl-register.c (ask_configuration): included patch from Sebastien Guilbaud <sguilbaud@oceanet-technology.com>, fix an infinite loop when asking for SSL setup confirmation. * configure.in: correct check for OpenSSL and profiling. 2002-08-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * NEWS: updated. * configure.in: bump version number to 0.8.1. 2002-08-22 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/plugin-common.c (plugin_subscribe): Walk the list in reverse order so that we work as a LIFO and a plugin loading another, both subscribing from plugin_init(), won't end up with undefined result. 2002-08-21 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/plugin-common.c (plugin_load_single): delete the plugin entry on error. Fix a possible SIGSEGV if plugin_init return NULL. (plugin_search_by_name): test that pe->plugin is not NULL before dereferencing it. 2002-08-09 Yoann Vandoorselaere <yoann@mandrakesoft.com> Included patch from Guillaume Pelat <endymion@linux-secure.com> with slight modifications : * src/ssl-settings.c: Removed ask_manager_addr() and ask_configuration() that were unused. * sensor-adduser/ssl-register.c (ask_configuration): Handle fgets() error return, fix recursive loop in case the user answer "no" to the confirmation question. * src/prelude-auth.c (ask_username): handle fgets() NULL return. (parse_auth_line): free username before returning if we got an error. (comfirm_account_creation): check buf after filling it on the first time (do while, instead of while), buf content may be random before fgets() is called. Increase buf length, because it's not clear if fgets() will stop reading after size-1 byte is read (glibc fgets won't thought, but SUSv2 specify it should). Let enough room for the user to type "yes" or "no" if he want to. 2002-08-04 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client.c (unix_connect): Small bug found by Guillaume Pelat <endymion@linux-secure.com>, directly call prelude_get_socket_filename() with addr.sun_path as argument. 2002-07-30 Yoann Vandoorselaere <yoann@mandrakesoft.com> * configure.in: update version number to 0.8.0. 2002-07-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (parse_argument): respect option priority with command line option. call_option_cb() do this for us. 2002-07-25 Yoann Vandoorselaere <yoann@mandrakesoft.com> * docs/api/Makefile.am: remove check for gtk-doc on make dist... As we cannot force distcheck to pass the --enable-gtkdoc configure argument, it would fail anyway. 2002-07-23 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (setup_manager_addr): dup manager_cfg_line. (parse_argument): free manager_cfg_line. * src/prelude-getopt.c (call_option_from_cb_list): free(cb->arg). * src/prelude-client.c (prelude_client_close): new function, close a client. (prelude_client_new): set connection_broken to 1 if we are not connected. 2002-07-22 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client.c (prelude_client_get_fd): new function, return the prelude_io_t used to talk to the client. 2002-07-19 Yoann Vandoorselaere <yoann@mandrakesoft.com> * README: add a statement saying "This library is released under the GPL with the additional exemption that compiling, linking, and/or using OpenSSL is allowed." It appear that GPL software linking to OpenSSL have to specify this statement, for legal reason. Please read http://www.openssl.org/support/faq.html#LEGAL2 for more informations. 2002-07-17 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (parse_argument): move the call to prelude_client_ident_init() here, so that ident is declared before connecting to the Manager, and after processing options. * src/prelude-getopt.c (option_get_all): don't call the option callback if the option was called from command line. (process_option_cfg_hook): don't check called_from_cli here. (section_get_all): only call the parent option callback if it wasn't provided on command line. 2002-07-11 Yoann Vandoorselaere <yoann@prelude-ids.org> * src/sensor.c (prelude_sensor_init): Move the call to prelude_client_ident_init() after argument parsing. This fix a bug where command line option does not work if the sensor is not registered. 2002-07-03 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (parse_argument): set called_from_cli when we see a parent option on command line. 2002-06-27 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (prelude_option_get_private_data): (prelude_option_set_private_data): new function, allow to associate private data with an option, maybe usefull in the callback. * sensor-adduser/sensor-adduser.c: * src/sensor.c: fit the latest prelude-getopt change. * src/prelude-getopt.c: make the set() callback take a prelude_option_t as argument, thus allowing more generic operation to be performed in the callback. 2002-06-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/common.c: include stdio.h. * src/config-engine.c (load_file_in_memory): use prelude_read_multiline(). * src/common.c (prelude_read_multiline): new function, handle reading line separated by the '\' character. 2002-06-19 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/sensor.c: fix crash in prelude_sensor_init on Linux when passed NULL argv value. Correct function name in comment. 2002-06-18 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/plugin-common.c (plugin_search_by_name): use strcasecmp, we just don't care about the case here. 2002-06-17 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/idmef-tree-func.c (free_time): (free_inode): (free_linkage): (free_access): (free_file): (idmef_inode_change_time_new): (idmef_linkage_file_new): (idmef_file_access_permission_new): (idmef_file_create_time_new): (idmef_file_modify_time_new): (idmef_file_access_time_new): (idmef_file_inode_new): (idmef_file_access_new): (idmef_file_linkage_new): (idmef_target_file_new): implemented. (free_source_or_target): if type is target, free file_list. * src/idmef-msg-send.c (idmef_send_file_access): use idmef_send_string_list for permission. (idmef_send_inode): return if inode is NULL. change_time is a pointer. 2002-06-14 Yoann Vandoorselaere <yoann@mandrakesoft.com> * Makefile.am: use $(DESTDIR) as the prefix for installing stuffs. 2002-06-10 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c: fix warning. (process_option_cfg_hook): parent option called from command line completly override config file option. * autogen.sh: Override libtool configure.in by a configure.in that'll require autoconf2.50, and re-generate configure script. This fix some problem when dealing with certain environment variable. * configure.in (gtk_doc_min_version): only enable gtkdoc if requested. 2002-06-07 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (prelude_option_add): don't overwrite specified priority for parent option. (section_get_all): process sub option, and flush the callback that run without order when leaving the parent. This allow to have the parent called before other option if option_run_first was specified. (section_get_all): (option_get_all): new function, call the option callback the same number of time the option/section is in the config file. * src/sensor.c (parse_argument): make the address option a children of "node address". Make node address run first so that it can allocate the idmef_address_t structure. (setup_address): allocate a new idmef_address_t structure. * src/config-engine.c (config_get): (config_get_section): take a line argument, indicating where we should start the search. (search_section): take a 'line' argument, telling where to start the search. (search_entry): ditto. 2002-06-06 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/config-engine.c (search_section): if last_index is set, and there is no section specified, use last_index and last_section. This allow searching for several section, with the same name. (config_get_section): on success, set last_index and last_section. 2002-06-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (parse_argument): setup manager_list here. Make option work as expected. * src/prelude-getopt.c (prelude_option_parse_arguments): cleanup cb_called on return. * src/sensor.c (parse_argument): add node and analyzer configuration only option. (prelude_analyzer_fill_information): new function, setup an analyzer. * sensors-default.conf (manager-addr): Add commentary for generic analyzer informations. * src/sensor.c (prelude_heartbeat_register_cb): don't initialize timer and send initial heartbeat if heartbeat_repeat_time is 0. 2002-06-03 Yoann Vandoorselaere <yoann@mandrakesoft.com> * sensor-adduser/ssl-register.c (send_own_certificate): remove certificate in case of error. (recv_manager_certificate): ditto. (ssl_add_certificate): ditto. 2002-06-01 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (parse_argument): set --manager-addr option to be ran last, so that applications that change user throught prelude-getopt don't get a message telling to run sensor-adduser with --uid 0 when it should be another uid. * src/ssl-gencrypto.c (add_DN_object): use X509_NAME_add_entry() together with X509_NAME_ENTRY_create_by_NID() so that we work on with older OpenSSL version. * src/client-ident.c (prelude_client_set_analyzer_id): new function. * sensor-adduser/sensor-adduser.c (setup_sensor_files): don't call generate_sensor_ident here. Take the ident as argument. (main): generate the ident here, and use the prelude_client_set_analyzer_id function so that the ident will be used to generate the SSL certificate subject. 2002-05-31 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (setup_heartbeat_repeat_time): impl - set heartbeat timer timeout. (prelude_heartbeat_register_cb): new function, setup the heartbeat timer and callback, and send an initial heartbeat. (prelude_heartbeat_send): new function, send an hearbeat. (parse_argument): stop providing short option, there is much chance that we'll conflict with the apps. (parse_argument): new global option, "heartbeat-time", to set timer heartbeat timeout. * src/idmef-msg-send.c (idmef_send_alert): fix a typo, send analyzer time instead of sending twice detect time. 2002-05-30 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/idmef-msg-send.c (idmef_send_create_time): don't get create time here since it prevent caller to override the value. (idmef_send_analyzer): get analyzerID with prelude_client_get_analyzerid(), and send it. (idmef_send_string): made inline. (idmef_send_uint64): ditto (idmef_send_uint32): ditto (idmef_send_uint16): ditto (idmef_send_analyzer): get and send analyzerid. * src/idmef-tree-func.c (idmef_alert_new): get create time here. * src/include/idmef-tree-func.h (idmef_additional_data_set_data): new inline function. * src/idmef-msg-send.c (idmef_send_additional_data): don't use idmef_send_string for AdditionalData data field. * src/include/idmef-tree.h: AdditionalData data field is not an idmef_string_t... 2002-05-30 Laurent Oudot <oudot.laurent@wanadoo.fr> * sensor-adduser/sensor-adduser.c: very small change from "passwrd" to "password" in a getpass. 2002-05-24 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/timer.c (timer_flush): new function, expire remaining timer. (walk_and_wake_up_timer): remove debugging code. 2002-05-21 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * configure.in: cleanup in pthread detection code (*BSD mainly). Fixed a gcc 3.1 compilation warning caused by using -I/usr/include . 2002-05-21 Yoann Vandoorselaere <yoann@mandrakesoft.com> * sensor-adduser/sensor-adduser.c (handle_argument): explain better what the different command line option does. * src/client-ident.c: include stdlib.h. 2002-5-17 Baptiste Malguy <baptiste@malguy.net> * src/include/prelude-message-id.h: added some definition for counter-measure stuff. 2002-05-16 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/ssl-registration-msg.c (prelude_ssl_save_cert): * src/ssl-gencrypto.c (prelude_ssl_gen_crypto): * src/prelude-auth.c (open_auth_file): Show more information on error. Use -1 instead of 0 as the fchown() GID argument. This avoid problem when sensor-adduser is used by a non priviledged user. 2002-05-16 Baptiste Malguy <baptiste@malguy.net> * src/include/*.h: added some #ifndef/#define and #endif in the header files for dependency inclusion purposes. 2002-05-15 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (parse_argument): don't lookup variable here. (check_option): take a size argument. (check_option_reqarg): (check_option_optarg): modified theses function so that option with multiple arguments are taken into account without the arguments needing to be quoted. (call_option_from_cb_list): call lookup_variable_if_needed() here. (call_option_cb): copy the argument. (lookup_variable_if_needed): ability to lookup several variable in one buffer. * src/client-ident.c (declare_ident_to_manager): On big endian system, copy sensor_ident to nident so that we don't send an uninitialized value. Fix last remaining prefix problem. * Makefile.am (install-data-local): create sensors_spool_dir. * src/prelude-path.c: remove BACKUP_DIR. (prelude_get_backup_filename): use SENSORS_SPOOL_DIR. * src/Makefile.am (DEFS): define SENSORS_SPOOL_DIR. * configure.in (sensors_spool_dir): configure spool directory. * src/common.c (prelude_resolve_addr): document this function. 2002-05-14 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message.c (set_data): check call_alloc_cb return value. Avoid a possible NULL pointer dereference on out of memory condition. * src/prelude-message-buffered.c: remove unused send_msg_cb member. (flush_msg_cb): print an error if prelude_msg_dynamic_new() return NULL. 2002-05-14 Vincent Glaume <glaume@enseirb.fr> * src/include/prelude-path.h: (prelude_get_socket_filename) has a new prototype. * src/prelude-path.c (prelude_get_socket_filename): builds a filename based on a port number for the unix socket, which allows to use several unix sockets. * src/prelude-client.c: complies to the new unix socket management. 2002-05-13 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client.c (prelude_client_connect): send ident before sending option list. 2002-05-08 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/prelude-message-id.h: remove deprecated MSG ID. * src/client-ident.c: removed code for requesting an ID to the Manager, since we now generate the ident number ourselv. (prelude_client_ident_init): read the ident generated by sensor-adduser from the ident file. * sensor-adduser/sensor-adduser.c (elf_hash): (time_hash): (generate_sensor_ident): (register_sensor_ident): (setup_sensor_files): generate, and register sensor ident. * configure.in (sensors_config_dir): declare sensor_ident_file. * Makefile.am (install-data-local): remove sensor_ident_dir. 2002-05-06 Yoann Vandoorselaere <yoann@mandrakesoft.com> * docs/api/Makefile.am: included PATCH from Yann Droneaud <meuh@sherkan.tuxfamily.net> so that make distcheck work again with newest automake. 2002-05-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> make dist should now work. Also localstatedir is now respected. (Existing sensors / manager installation should re-create sensors account). * configure.in (sensors_config_dir): declare sensor_ident_dir. * Makefile.am (install-data-local): move authentication file to configuration dir. * configure.in: modify call to AC_DEFINE() so that we don't need acconfig.h anymore. 2002-04-30 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client-mgr.c (prelude_client_mgr_new): take a new type argument. For each created client, the specified type will be associated. * src/sensor.c: get rid of the is_caller_a_sensor variable. (setup_manager_addr): set client type to PRELUDE_CLIENT_TYPE_SENSOR. * src/prelude-client.c (prelude_client_new): default client type is PRELUDE_CLIENT_TYPE_OTHER. (prelude_client_connect): pass the client type to prelude_client_ident_send(). (prelude_client_set_type): new function, set client type. * src/client-ident.c (prelude_client_ident_send): now take a client_type argument. Only declare ident if type is PRELUDE_CLIENT_TYPE_SENSOR or PRELUDE_CLIENT_TYPE_MANAGER. * src/string-matching.c: (BoyerMoore_StringMatching): (BoyerMoore_CI_StringMatching): Fix a grave problem that could result in reading uninitialized memory. Made the code of theses function readable. 2002-04-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * configure.in: autoconf 2.52 still have the AC_C_BIGENDIAN bug - require 2.53. 2002-04-27 Yoann Vandoorselaere <yoann@mandrakesoft.com> * configure.in: use AM_PROG_LIBTOOL, for older libtool/automake installation. * src/plugin-common.c: remove dlfcn.h - not needed anymore with libltdl. (plugin_load_single): return -1 if the plugin is already loaded so that we don't count the plugin twice. (plugin_load_from_dir): remove the filename extension, so that libltdl decide of the best extension to use on this architecture. (plugin_load_single): use libltdl function. As there is often several file associated with a libtool plugin (from which the plugin can be loaded), and because libtool load the one that suit it best (for sake of compatibility), we have to check if we do not already have an handle for this plugin. (is_plugin_already_loaded): search a plugin by handle. * src/Makefile.am (INCLUDES): add libltdl include PATH. * configure.in: setup libltdl. * autogen.sh: libtoolize --ltdl * Makefile.am (SUBDIRS): libltdl. Theses change fix possible portability problem with dynamically loadable plugin API (OpenBSD plugin loading didn't work before this). 2002-04-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * configure.in: require autoconf 2.50, not 2.53. 2002-04-25 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message.c (set_data): s/unsigned char/uint8_t/ 2002-04-24 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-path.c (prelude_get_socket_filename): return a const char pointer. * src/include/list.h (list_entry): * src/prelude-message.c (set_data): avoid void pointer arithmetic. * src/include/extract.h: (byte): create a second byte macro conditionaly compiled depending on the byte order. (extract_uint64): do not try to translate from network byte order to host byte order if WORDS_BIGENDIAN is defined. (align_uint32): (align_uint64): (align_uint16): shift each byte. * src/idmef-msg-send.c (idmef_send_uint64): only translate analyzer ident to network byte order if we are on a little endian system. s/ntohl/htonl/. * src/client-ident.c (declare_ident_to_manager): only translate analyzer ident to network byte order if we are on a little endian system. * configure.in: prereq autoconf 2.53. use AC_C_BIGENDIAN macro to determine host byte order, libprelude-config --cflags also include this definition. * README: update. 2002-04-16 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/extract.h: stop using memmove for alignment care ! Checksum performance test resulted in ~ 600MB/s without alignment care, and ~ 20MB/s with it (memmove). The new version (which cast every byte of the buffer to a single 8 bits integer and OR them all) run at ~ 200MB/s, which is way better. 2002-04-15 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/list.h: included modified patch from Vincent Glaume <glaume@enseirb.fr> adding function to walk the list in reverse order. 2002-04-14 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (process_option_cfg_hook): (get_max_char): slight cleanup. * src/config-engine.c (config_get_section): don't check if the line is a comment here. (search_section): do it here. This fix a bug where we wouldn't find an option because a commented one would match. * src/prelude-getopt.c (print_wrapped): don't print \0 at the end of the line. This fix bug #0000029 (control character at end of help lines). 2002-04-13 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-io.c (handle_ssl_error): new function, handle SSL error nicely. (ssl_read): (ssl_write): correct SSL error handling. Should help with some SSL communication problem. 2002-04-11 Yoann Vandoorselaere <yoann@mandrakesoft.com> * Makefile.am (install-data-local): sensors-default.conf: should be world readable. So that non root sensor know where to reach the Prelude Manager. * src/include/extract.h: (align_uint16): (align_uint32): (align_uint64): (align_ipv4_addr): network to host order translation is done in extract_xx function. Alignment is done in align_xx function. 2002-04-09 Yoann Vandoorselaere <yoann@mandrakesoft.com> * configure.in: stop using profile-arcs for optimised build. GCC generate bugged code with it. 2002-04-08 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client-mgr.c (broadcast_saved_message): print how many bytes we flushed... * src/prelude-message.c (prelude_msg_forward): use memcpy() to copy dlen. * src/plugin-common.c (plugin_search_by_name): new function, search a plugin by name. * Makefile.am (install-data-local): Only install default configuration file if it does not exit... If a configuration file is already present, warn the user and install in sensors-default.conf-dist. 2002-04-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-auth.c (parse_auth_line): stop using strtok here. strtok() was causing problem on empty password, because it wouldn't return an empty token. * src/prelude-message.c (msg_mark_end): use memcpy instead of shifting dlen and copying it 8bits by 8bits. This fix problem on big endian machine. Thanks to Vincent Glaume <glaume@enseirb.fr> who helped a lot on this issue. 2002-04-05 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/include/idmef-tree.h: added missing comment labeling idmef_alertident_t. 2002-04-04 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/extract.h: include string.h for memmove. (extract_uint64): fix a problem with extract_uint64 on machine that need aligned access. * src/prelude-client.c (get_manager_setup): (read_plaintext_authentication_result): * sensor-adduser/sensor-adduser.c (get_manager_setup): don't give up until an error occur or we get prelude_msg_finished. 2002-03-29 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (process_option_cfg_hook): handle case when there is several entry of the same name in the configuration file. Call the callback once for each entry then. * src/config-engine.c: (search_entry): (config_get): Modified so that when passed a NULL section and entry, it will try to search a different entry of the same name and within the same section as the previously searched one. 2002-03-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/idmef-tree-func.h (idmef_string_set): remove errornous period after while(0), new idmef_string_copy() macro. 2002-03-28 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * INSTALL: * README: minor language corrections 2002-03-25 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/extract.h (extract_uint16): (extract_uint32): (extract_uint64): (extract_ipv4_addr): theses function are now inlined. (extract_uint8_safe): (extract_uint16_safe): (extract_uint32_safe): (extract_uint64_safe): (extract_string_safe): New function, check buffer size before doing anything. * src/prelude-message.c (slice_message_header): (prelude_msg_get): * src/client-ident.c (recv_ident): * src/extract.c: obsoleted, theses function are now inline. * configure.in: put NEED_ALIGNED_ACCESS in libprelude-config --cflags. 2002-03-19 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-io.c (ssl_close): avoid a leak when SSL_shutdown return 0. (ssl_close): don't close the fd two time. 2002-03-14 Yoann Vandoorselaere <yoann@mandrakesoft.com> * Makefile.am (install-data-hook): stop using sticky bit on directory, permission for directory are 755 now. (except for the idents directory - not changed yet). * src/ssl-registration-msg.c (prelude_ssl_save_cert): stop using the BIO API here, and use the standard IO function so that we can now stop using the umask() hack. The function now take an UID argument, and the saved certificate is owned by this userID. * src/ssl-gencrypto.c (prelude_ssl_gen_crypto): take an UID argument, use fchown() to set the created file UID. * src/prelude-client-mgr.c (file_error): new function, tell the user sensors required files are not installed. * src/prelude-auth.c (open_auth_file): fchown the created file to the specified UID. (prelude_auth_create_account): (prelude_auth_create_account_noprompt): take an UID argument. * sensor-adduser/ssl-register.c (send_own_certificate): prelude_ssl_gen_crypto take an UID argument. (recv_manager_certificate): prelude_ssl_save_cert take an UID argument. * sensor-adduser/sensor-adduser.c (setup_sensor_files): new function, create sensors related file, with the needed sensors permission. (main): ssl_add_certificate and create_plaintext_user_account take an UID argument. * sensor-adduser/plaintext.c (create_plaintext_user_account): take an uid argument, call prelude_auth_create_account with this argument. 2002-03-12 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/daemonize.c (get_absolute_filename): new function, get absolute filename if provided filename is relative (fix a bug on exit where the lockfile wouldn't be deleted because we chdir to /). (lockfile_write_pid): use provided pid argument, don't call getpid(). * src/prelude-getopt.c (call_option_cb): simplify, handle option_run_first and option_run_last definition. (prelude_option_add): parent option have option_run_last priority. (call_option_cb): fix and simplify. (parse_argument): reset saved_index to 0. This could trigger a bug while parsing option. (prelude_option_add): set default priority to option_run_no_order. 2002-03-11 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (get_missing_options): add missing call to call_option_from_cb_list(). * src/extract.c (extract_ipv4_addr): only align when needed. * src/prelude-getopt.c (call_option_cb): new function, call option in priority order if needed. (parse_argument): if we meet an unknown option and we are at depth 0, continue parsing, so that it won't abort the whole process. * src/sensor.c (prelude_sensor_init): don't call prelude_async_init ourself, this is the sensor responssability. 2002-03-07 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/client-ident.c: * src/extract.c: * src/idmef-msg-send.c: * src/prelude-io.c: * src/prelude-message.c: fix warnings on compilation 2002-03-02 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * configure.in: fixed pthreads-related gcc flags on FreeBSD/OpenBSD 2002-02-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client.c (inet_connect): re-enable the Nagle algorithm for now. * src/idmef-tree-func.c (idmef_alert_new): set analyzerid field. 2002-02-27 Yoann Vandoorselaere <yoann@mandrakesoft.com> * configure.in: check for pthread in several directory, including /usr/pkg. * src/prelude-client.c: include string.h 2002-02-21 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/config-engine.c: fixed includes for FreeBSD compatibility. 2002-02-21 Yoann Vandoorselaere <yoann@mandrakesoft.com> * configure.in: check if alignment is needed. * src/extract.c: only align data if needed. 2002-02-20 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/idmef-tree-func.c (free_alert): (free_assessment): free action list. * src/common.c (prelude_realloc): new function. Emulate realloc() behavior for system that doesn't comform to ANSI C. * src/prelude-message.c (read_message_header): * src/config-engine.c (op_append_line): (op_insert_line): use prelude_realloc(). * src/prelude-auth.c (get_password_salt): (cmp_cleartext_with_crypted): (prelude_auth_create_account): (get_random_salt): salt end with \0. We're not sure if crypt() require this, so this is for sanity only. * src/prelude-message.c (prelude_msg_new): initialize flush_msg_cb callback to NULL. Avoid an unitialized read. 2002-02-08 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (parse_argument): handle parent option that have an argument... This function really need to be cleaned up. 2002-02-07 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/plugin-common.c (delete_container): use list_for_each_safe. (plugin_del): do not free the container here. * src/prelude-getopt.c (print_options): remove an errornous putchar(). (print_options): description offset should include depth. * sensor-adduser/Makefile.am (sensor_adduser_LDADD): correct libprelude.so linkage. * src/prelude-client.c (read_plaintext_authentication_result): call auth_error() in case of failure authenticating. So that the user know what to do. (auth_error): call exit() here. * src/prelude-path.c (prelude_set_program_name): store userID if not already set. (prelude_set_program_userid): new function. (prelude_get_backup_filename): (prelude_get_ssl_key_filename): (prelude_get_ssl_cert_filename): (prelude_get_auth_filename): do not call getuid(), use provided uid. * src/prelude-auth.c: implement random salt generation. (prelude_auth_read_entry): more detailed return value. Ability to check if we are trying to apply a different password to an already existing user. * sensor-adduser/sensor-adduser.c (set_sensor_uid): call the new prelude_set_program_userid() function. (main): use seteuid() so that file can be created with another userid, without need to call fchown(). * sensor-adduser/plaintext.c (read_plaintext_creation_result): made message a little more detailed. * sensor-adduser/Makefile.am (sensor_adduser_LDADD): correct sensor-adduser linkage... Thanks go to Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> for pointing me to the problem. * INSTALL: updated installation note. * src/prelude-auth.c (prelude_auth_read_entry): remove un-necessary check. 2002-02-06 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/ssl.c (ssl_init_client): use TLSv1, as suggested by Michael Samuel <michael@miknet.net>. * src/ssl-gencrypto.c: cleanup the got, get rid of un-needed thing. Stop using SSL BIO, and use libc IO operation for storing the key. (add_DN_object): subject is host:sensorname:sensorid:random-number. So we can be sure subject are uniq (else we'll end up not finding the good certificate to use with this client on the Manager side). * src/prelude-client.c: prelude_client_t object include an in_addr member (which is the resolved Manager address). (inet_connect): use the previously resolved addr. (auth_error): new function. (do_connect): if resolved address is 127.0.0.1 use UNIX connection. (handle_plaintext_connection): (handle_ssl_connection): call auth_error when necessary, telling the user how to do to setup the sensor. * sensor-adduser/sensor-adduser.c (main): use plaintext for authentication if we're connecting to localhost. SSL otherwise. * sensors-default.conf (manager-addr): unix is deprecated, use 127.0.0.1 (we'll use UNIX internally). 2002-02-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/idmef-msg-send.c (idmef_send_web_service): (idmef_send_web_service_arg): handle web argument list. * src/idmef-tree-func.c (idmef_service_webservice_new): initialize argument list. (idmef_service_webservice_arg_new): new function return a webservice_arg. * src/prelude-message.c (prelude_msg_write): don't send empty message. * sensor-adduser/sensor-adduser.c (set_manager_addr): fix a bug when parsing provided Manager address. 2002-02-04 Yoann Vandoorselaere <yoann@mandrakesoft.com> * sensor-adduser is back from the dead. * src/prelude-auth.c (prelude_auth_create_account_noprompt): new function, take username and password as argument. (prelude_auth_create_account): modified so that it return created username and password. * sensors-default.conf (manager-addr): default entry is only unix, since 127.0.0.1 is now translated to unix. Remove unused groupname entry * src/prelude-client.c (do_connect): When 127.0.0.1 is specified, use an UNIX socket. * src/prelude-path.c (prelude_get_sensor_name): new function, return the sensorname. * src/prelude-client.c (handle_plaintext_connection): correct message in case no authentication files are present. (handle_ssl_connection): ditto. 2002-02-02 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message.c: made API more consistant, and code simpler. 2002-02-01 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message-buffered.c: new prelude-msgbuf API. This API help a lot for message generation, and provide fragmentation and buffering of message. * src/prelude-message.c: big change allowing fragmentation and buffering of message. * src/prelude-client.c (get_manager_setup): handle prelude_msg_get() return value correctly. * src/prelude-client-mgr.c: removed function that used to open file securely and use prelude_open_persistant_tmpfile(). * src/idmef-tree-func.c: use list_add_tail everywhere. We want to insert data at the end of the list. * src/idmef-msg-send.c: convert to use the prelude-msgbuf API. (idmef_msg_send): now take an msgbuf as argument. * src/common.c (prelude_open_persistant_tmpfile): new function. Open a *possibly persistant* file for writing, trying to avoid symlink attack as much as possible. * src/client-ident.c (save_ident): use prelude_open_persistant_tmpfile() in order to open the file securely. 2002-01-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/client-ident.c (prelude_client_get_analyzerid): new function. 2002-01-25 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/idmef-tree.h: replace each occurence of const char * with the idmef_string_t type. This type associate a length with a string. So the sensor won't end up calling strlen which is slow. Also cleanup enumeration, enumeration with no default shouldn't use the value 0 for enumeration member. * src/include/idmef-msg-send.h: add macro to access idmef_string_t. * src/idmef-msg-send.c: made all function public. As they might be used independantly by sensors. 2002-01-23 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (prelude_sensor_send_msg_async): new function. Send message asynchronously. (prelude_sensor_send_msg): renamed from prelude_sensor_send_alert + send alert synchronously. * src/idmef-msg-send.c (idmef_msg_send): use prelude_msg_reset. * src/prelude-message.c (prelude_msg_reset): new function, to be used if the same message is going to be written at several time. * src/idmef-tree-func.c: * src/idmef-msg-send.c: stop trying to count number of item / len. That's just too ugly. Use a static message buffer big enough (prelude_msg_set() will error if input is > buffer size anyway). 2002-01-22 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/idmef-message-id.h: * src/idmef-tree-func.c: * src/idmef-msg-send.c: * src/include/idmef-tree.h: updated to fit the IDMEF draft 6... 2002-01-20 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/common.c: include <sys/types.h> * configure.in: added AC_CANONICAL_SYSTEM macro to fix autoconf 2.5x problem 2002-01-19 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/extract.c: in case the address is not aligned, copy using memmove to an aligned buffer. This need to be further optimised using a macro to know if this host can handle unaligned access. * src/prelude-message.c: avoid alignement problem by using the extract function. * Update everything to fit header change. * src/common.c (prelude_resolve_addr): new function. * src/prelude-log.c: moved all the logging stuff here. 2002-01-18 Yoann Vandoorselaere <yoann@mandrakesoft.com> * revert to using configure.in instead of configure.ac. using autoconf 2.5x result in too much problem. * src/prelude-auth.c (do_auth): (ask_manager_address): (write_auth_infos): (read_auth_result): removed unused. * configure.ac: correct check for profiling. Enable -fprofile-arcs if compiler support it. * src/timer.c (walk_and_wake_up_timer): set prev_remaining to a big negative value, so that the new timer algorithm debuging check won't blow at us because there is lag. (search_previous_timer): if the timer we want to insert expire at the same time as the known to be expiring last timer, replace it. (search_previous_timer): if the timer we want to insert expire at the same time as the known to be expiring first timer, replace it. (search_previous_backward): (search_previous_forward): handle case where we find an entry with the same expire time as our inserted timer. 2002-01-17 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-io.c (prelude_io_read_wait): use an infinite timeout. This is a temporary workaround. Manager-adduser / sensor-adduser should use prelude_message. * src/prelude-client.c: prelude_client_t is a linked object. New helper function to get client informations. * src/sensor.c: wrapper for the new client-mgr function. * src/prelude-client-mgr.c: ability to return the whole client list, and to notify uppon client change throught a callback. * libprelude-config.in: * configure.ac: updated. Libprelude is not linked to the needed library anymore. It's up to the application to do so. Also, libprelude-config --libs will list -lc_r if needed for Posix Thread so that when an application using libprelude try to link, normal libc will be overwritten by -lc_r. This change was needed because crash would happen on FreeBSD using both library at the same time. Credits goes to Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> for finding the problem * src/client-ident.c (prelude_client_ident_send): if is_caller_a_sensor is set, declare the client as being ID 0 (Relay Manager). * src/sensor.c: global variable, telling if the caller is a sensor or not (a Manager for exemple). (prelude_sensor_init): set is_caller_a_sensor to 1. * src/prelude-async.c (prelude_async_add): signal the condition. 2002-01-16 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/client-ident.c (save_ident): identity file should be readable for all. (prelude_client_ident_init): handle error when reading ident file. * src/prelude-io.c (ssl_read): (ssl_write): handle ssl error correctly. 2002-01-15 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/timer.c: now work with a timer_t instead of a timeval structure. This is cleaner as we don't care about useconds anyway. Also updated the algorithm. The new algorithm use O(1) for timer insertion most of the time. And allow us to keep the timer sorted in the timer list. When waking up timer, this avoid us to look at the whole list. We can stop as soon as we meet an un-wokable timer (which is very advantaging where there is a lot of timer arround). (search_previous_timer): new function, deduce, in O(1) time, if the new timer should be the first or the last in the list. In both case insertion is O(1). If none of theses statement are true, then try to guess if the previous timer entry (in regards to the new timer) is located on the beginning or end of the list. Then call the needed insertion function. (search_previous_forward): new function. Search previous timer entry from end of the list to begining of the list. (search_previous_backward): ditto, but do it backward. (walk_and_wake_up_timer): handle wake_up_if_needed() return value. Now that the list is sorted, we can break as soon as we meet a timer we cannot wake. This is disabled for now for integrity checking. (wake_up_if_needed): return 0 if we woke the timer up, or -1 if time remaing before expiration. (time_elapsed): updated avoid some float() calculation. (time_remaining): new function. * src/prelude-client-mgr.c (broadcast_saved_message): (flush_backup_if_needed): Better error handling. Make the difference between communication error, and other error... (broadcast_saved_message): if there is a problem when forwarding the data to the client, then increment the count of connection dead and return a communication error. (parse_config_line): (client_timer_expire): After a successfull reconnection, check the flush_backup_if_needed() return value. If it indicate a communication error, re-init the connection timer. Else continue. * src/prelude-client.c (prelude_client_forward): handle the case where the connection break the same way as in prelude_client_send_msg() * src/prelude-message.c (read_message_data): copy size into a count variable on entering to the function. So that we don't get confused when comparing the amount of byte requested and the amount of byte we got. 2002-01-14 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/ssl-register.c: move here. Obsolete sensor-adduser. Sensor now provide a -c option for creating the authentication file. * I'm too lazy to list all the change. Basically created a new file, prelude-path.c, with function returning path to stuff commonly shared by Prelude Manager and Libprelude. This get rid of some of the path mess. * src/prelude-client-mgr.c (setup_backup_fd): (prelude_client_mgr_new): use new prelude-path API. * src/client-ident.c (PRELUDE_PERSISTANT_DATA_DIR): set to /var/lib/prelude-sensors/idents (save_ident): identity only readable for a given sensor. * src/prelude-message.c: lot of cleanup, code comment. * src/prelude-io.c (prelude_io_get_fdptr): new function. Return file or ssl pointer associated with this file descriptor. 2002-01-11 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/idmef-tree.h: * src/idmef-tree-func.c: * src/idmef-msg-send.c: move list.h inclusion out from the header file. * src/prelude-client.c (handle_plaintext_connection): always use PRELUDE_MSG_AUTH for header tag. use PRELUDE_MSG_AUTH_PLAINTEXT as a subtag. (start_unix_connection): read Manager setup, even in UNIX mode. (handle_plaintext_connection): call read_plaintext_authentication_result(). (read_plaintext_authentication_result): new function. Read authentication result. 2002-01-10 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client.c (handle_plaintext_connection): don't leak auth entry. * src/include/prelude-message-id.h: added ID for authentication. * src/include/prelude-message.h: * src/include/prelude-io.h: add a Swig entry so that swig know how to generate a wrapper. * src/ssl.c (ssl_init_client): free unused data in case of failure. * src/prelude-io.c (sys_write): (sys_close): don't handle case where read return 0. (file_read): (file_write): theses one should never set errno to EINTR or EAGAIN. * src/prelude-client.c (handle_plaintext_connection): read authentication message. This is now done throughr prelude-message, not prelude-io directly. most of the code reworked cause we use prelude-message everywhere now. * src/prelude-auth.c: don't take care of the connecting host anymore. Act as a basic interface to the authentication file. The message reading / writing code is now in the prelude-client / Manager server interface. Keep password crypted on the Manager server. * src/prelude-io.c (prelude_io_read_delimited): return -1 on EOF. 2002-01-07 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/config-engine.c (cmp_entry): remove space at the beginning of the line. * src/idmef-msg-send.c: new interface for sending IDMEF message. This one is to be used by application that are not time critical. Other should still directly use the prelude-message API. * src/idmef-tree-func.c: moved most of the IDMEF creation function from the Manager server to libprelude. 2002-01-06 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/extract.c: added #include <sys/types.h> (FreeBSD compat. fix) 2002-01-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (parse_argument): short option for manager-addr is -m, not -a. * src/client-ident.c: new file. (prelude_client_ident_tell): when called, will tell the other peer what ID we are, unless we are a Manager ourselve. (declare_ident_to_manager): put the ident in network byte order. * src/extract.c: new file, contain type checking function for message extraction. * src/sensor.c (prelude_sensor_init): now take a sensor_name argument. (setup_manager_addr): identifier for client manager is the sensor name. * src/prelude-message.c (prelude_msg_read): it's possible for a message to only contain an header. handle that case well, without returning an error. * src/prelude-client.c (prelude_client_connect): better error handling. Call prelude_client_ident_tell(). * src/prelude-client-mgr.c (parse_config_line): warn if Manager emission can not work at initialisation too. (setup_backup_fd): include program UID, in the filename. This file can't be shared if two instance of the sensor run as different user. * src/include/prelude-message-id.h (PRELUDE_MSG_ID_REPLY): (PRELUDE_MSG_ID_REQUEST): new message ID. * src/sensor.c (prelude_sensor_init): stop initializing if parse_argument() return prelude_option_end or prelude_option_error. * src/prelude-getopt.c (check_option_optarg): check index before dereferencing argv. 2002-01-04 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/config-engine.c (is_line_commented): new function. (search_entry): if the section the entry is in is commented, return an error. (config_get_section): ditto. * src/include/plugin-common.h (plugin_request_new_id): remove plugin_option API. Plugin have to use prelude-getopt API now. * src/sensor.c (parse_argument): removed --help option hook. The application have to call prelude_option_print_help() in order for the user to see library option. (parse_argument): do not use prelude_option_new (dead). (parse_argument): handle prelude_option_parse_arguments return value the right way. * src/prelude-getopt.c: include string.h (search_cli_option): correctly match short option. (check_option_optarg): remove un-necessary code. (check_option_noarg): ditto. (check_option): initialize optarg to NULL for safety. (process_option_cfg_hook): new function: Try to get value for option that weren't set on command line in the config file. Big cleanup and slight API change. * src/prelude-client.c (prelude_client_connect): directly call prelude_option_wide_get_msg(). * src/prelude-client-mgr.c (parse_config_line): remove errornous strtok() function call. * src/plugin-common.c: API change. allow asynchronous plugin subscribtion / un-subscribtion. Cleanup. * src/config-engine.c (cmp_entry): (cmp_section): make the matching case unsensitive. (config_get_section): new function, return 0 if section exist. 2002-01-03 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client-mgr.c (secure_open): avoid symlink attack as much as possible. There is still a race condition because we are working with 'possibly persistant file' and there is no way to open a file that already exist securely (without truncating it or deleting it). 2002-01-02 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (parse_argument): cleanup. Use generic sensor configuration file when needed. * src/prelude-getopt.c (get_missing_options): cleanup. (prelude_option_parse_arguments): only try to get missing option from configuration file if filename is not NULL. * src/prelude-client-mgr.c (parse_config_line): fix case were existing backup wouldn't be flushed. * Makefile.am (install-data-hook): create the config directory, (755), spool directory (1733, for any sensor to be able to fallback to writing to a file). Install a default configuration file, to be used the application doesn't specify one. * src/prelude-getopt.c (prelude_option_parse_arguments): only try to get missing option from configuration file if filename is not NULL. * src/sensor.c (setup_manager_addr): no need to duplicate optarg. * src/prelude-auth.c (prelude_auth_create_account): free client address string. (prelude_auth_send): ditto. * configure.ac: add -O0 -pg to CFLAGS if profiling is enabled. * src/config-engine.c (load_file_in_memory): handle fopen error correctly. * src/prelude-client-mgr.c: use two different file descriptor referencing the same backup file. One is open for writing, in O_APPEND mode. So the file won't get corrupted if different process are writing to it at the same time (write are atomic). (BACKUP_DIR): now /var/spool/prelude This forbid us to use the same file descriptor for reading. 2001-12-30 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/threads.h: workaround for thread enabled thread profiling. This code come from http://sam.zoy.org/doc/programming/gprof.html The authors is presumably Samuel Hocevar <sam@zoy.org>. Only enabled if --enable-profiling is given on command line * Added missing CREDITS file, taken from prelude-nids and updated with the necessary entry. 2001-12-30 Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> * src/include/list.h: added #undef LIST_HEAD to fix FreeBSD conflict with LIST_HEAD from <sys/queue.h>. See comment in the file for details. Also added copyright notice. * sensor-adduser/sensor-adduser.c: * src/prelude-getopt.c: * src/prelude-message.c: added #include <sys/types.h> (FreeBSD fix) 2001-12-29 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (parse_argument): set warning flags to 0 before internally parsing argument to see if libprelude option were passed. Then restore the old warnings flags. * src/prelude-getopt.c (option_err): new function only print error if the passed flag is set in the global flags. * src/sensor.c (parse_argument): When parsing our own (libprelude) option set, don't print warning about unknow option which can be option from the sensor that initialise us. * src/prelude-getopt.c (prelude_option_set_warnings): new function. Set/Get current warning flags for option parsing. 2001-12-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/plugin-common.c (plugin_print_stats): remove \t that was putting garbage in syslog logfile. * src/common.c (prelude_log_set_prefix): (standard_log): (syslog_log): new function that allow to set a global prefix to all prelude_log() call. Passing NULL to prelude_log_set_prefix() remove the prefix. * src/daemonize.c (prelude_daemonize): renamed to prelude_daemonize(). Comment the function. Also, if requested, create an exclusive lockfile held until program exit. * src/prelude-message.c (read_message_content): comment why we return prelude_msg_error if we get an EOF in the middle of a message. (prelude_msg_read): free message on error / eof. * src/prelude-client.c (handle_plaintext_connection): (handle_ssl_connection): (start_inet_connection): (start_unix_connection): fit API change. * src/prelude-client-mgr.c (setup_backup_fd): * src/prelude-io.c (prelude_io_set_file_io): now correspond to libc buffered I/O. (prelude_io_set_sys_io): renamed from set_network_io(). 2001-12-27 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/prelude-message.h: * src/prelude-message.c: new type: prelude_msg_status_t returned by prelude_msg_read. This make the handling of the return value easier. 2001-12-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/idmef-tree.h: ident members are all uint64_t. Add missing IDMEF stuff. * src/include/idmef-message-id.h: more work toward full IDMEF compliance. * src/prelude-auth.c (read_auth_result): Handle case where prelude_io_read_delimited() return 0. This fix a possible crash. 2001-12-19 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c (parse_argument): manager address is a wide option. (prelude_sensor_get_option_msg): return the wide option message for our wide option set. * src/prelude-io.c (prelude_io_read_wait): use poll() in order to wait data. This also fix a bug where we were returning 0 even if we couldn't read the specified amount of bytes. * src/prelude-getopt.c (prelude_option_wide_add): (prelude_option_new): compute message len on each wide option add. (prelude_option_wide_get_msg): generate, and cache a message containing all the wide option. * src/prelude-client.c (prelude_client_connect): send wide option message on connect. * src/prelude-async.c (async_thread): don't catch signals. * configure.ac (CFLAGS): add -DREENTRANT to cflags. 2001-12-14 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-ident.c (setup_filedes_if_needed): new function. Correctly setup filed. Will avoid SIGBUS. * src/include/idmef-tree.h: ident is a 64 bit unsigned integer. * src/include/prelude-ident.h: * src/prelude-ident.c: new ident API. Use to generate unique 64 bits ident, remembered across program run (usage of memory mapped IO). 2001-12-13 Yoann Vandoorselaere <yoann@mandrakesoft.com> * sensor-adduser/Makefile.am: * src/Makefile.am: * configure.ac: Fix : sensor-adduser doesn't compile without OpenSSL. 2001-12-12 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client-mgr.c (prelude_client_mgr_broadcast): (walk_manager_lists): correct warning emmission in case a Manager (or rule of Manager) goes down. 2001-12-11 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c: include ssl.h only if HAVE_SSL is defined. * configure.ac (COMMON_LIBS): applied patch from Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> ("use == operator for test in configure, but valid one is =") 2001-12-10 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/common.c (syslog_log): we have to yse a buffer. (standard_log): use vfprintf(). 2001-12-08 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/plugin-common-prv.h (plugin_run_with_return_value): (plugin_run): specify the member to call in the macro call. 2001-12-06 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client-mgr.c (prelude_client_mgr_get_manager_list): * src/sensor.c (prelude_sensor_get_manager_list): new function. * src/prelude-getopt.c (parse_argument): argv is not const. 2001-12-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/common.h (do_init_nofail): put back do_init / do_init_nofail macro. * src/prelude-getopt.c : Lot of work. Hierarchy of option should now work. Callback have a control over the argument parsing using their return value. A flag is now passed when adding an option, to tell if it is handled throught the command line interface or the configuration file or both. 2001-12-04 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (lookup_variable_if_needed): Take the address of the optarg pointer as argument. Return 0 on success, -1 on error. * src/common.c: * src/include/common.h: Move the log macro code to the prelude_log function. The log macro still exist, and will pass the necessary parameter to prelude_log(). This avoid the logging code to be inlined in the calling function, which was bad because it was making the functions grew at the risk of not fitting the CPU cache anymore. 2001-11-27 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (prelude_option_add): use list_add_tail (item were inserted in the wrong order). prelude_option_t now contain a list of option (prelude_optlist_t). (option_print): new function : print the option hierarchicaly. Start changing the interface in order to allow sub-options. 2001-11-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-getopt.c (handle_option): oops, reverted wrong fix, optarg is always returned and is never NULL. Removed un-needed if error prone. 2001-11-26 Banux <banux@mail.ru> * src/prelude-getopt.c (handle_option): callback is not call if no arg 2001-11-22 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/idmef-tree.h: Pid is a 32 bit integer. 2001-11-21 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message.c (prelude_msg_set): fix assert. 2001-11-19 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-async.c (wait_timer_and_data): use a while loop instead of tail recursivity for now as it might be the cause of a subtle bug. * configure.ac: * src/Makefile.am (libprelude_la_LIBADD): Add autoconf code to search pthread library. 2001-11-16 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/idmef-tree.h: IDMEF structure. * src/include/idmef-message-id.h: ID for IDMEF based message. 2001-11-10 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message.c: (read_message_header): (prelude_msg_get): (prelude_msg_write): (prelude_msg_set): use separate index for read / write. This allow us to send a just read messages. Forwarding between Manager is on it's way. * src/sensor.c (prelude_sensor_send_alert): use asynchrnous broadcasting. * src/prelude-client-mgr.c (walk_manager_lists): Never free the message ourself. This is up to the caller to do it. (broadcast_async_cb): (prelude_client_mgr_broadcast_async): When asynchronous operation are used, free the message ourself. 2001-11-07 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-async.c (get_elapsed_time): new function. (wait_timer_and_data): check the average time we spent waiting on the condition. (which may be > 1 second if the condition was signaled several time). (async_thread): Thread safety on list walking. * src/sensor.c: include prelude-list.h, not list.h 2001-11-06 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client-mgr.c (prelude_client_mgr_broadcast_msg): make this function void. Set the message to be processed asynchronously. * src/sensor.c (prelude_sensor_init): Initialize the asynchronous subsystem. * src/prelude-message.c: prelude_message_t inherit of prelude_async_object_t capability. * src/timer.c: Thread safety. * src/prelude-async.c: New asynchronous queue implementation. 2001-11-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-client-mgr.c (prelude_client_mgr_broadcast_msg): Do not print that failsafe mode is enabled for each message. (broadcast_saved_message): print an error if message forwarding fail. (flush_backup_if_needed): ftruncate doesn't modify the file offset. Seek to the beginning of the file. * src/prelude-client.c (prelude_client_connect): set the connection_broken member here. This'll avoid bug on reconnection. * sensor-adduser/ssl-register.c: include netinet/in.h to fix BSD compilation. Thanks to Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> for reporting this. * sensor-adduser/sensor-adduser.c: include config.h * src/prelude-client.c Address member is not const anymore. (prelude_client_new): duplicate address string. (prelude_client_destroy): free address string. * src/prelude-io.c (copy_forward): forward data by chunk of 8192 bytes. 2001-10-30 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-io.c: compile properly even if SSL is not available. * src/prelude-client-mgr.c (parse_config_string): new function, stop using strtok() which doesn't really fit our need. This also fix a bug where another NULL client would be added causing AND of client emission to fail. * sensor-adduser/sensor-adduser.c (main): Handle case where SSL is not installed. * src/prelude-auth.c: Modify to work with a prelude-io object. * src/prelude-client.c: Fit prelude-auth API change. * src/Makefile.am (libprelude_la_SOURCES): * src/include/Makefile.am (include_HEADERS): remove socket-op.h and socket-op.c, it is obsoleted by the prelude-io API. 2001-10-25 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/sensor.c: remove the prelude_sensor_t private structure. We don't need it anymore. Add a global pointer on a Manager list. (setup_manager_addr): fit the new clients managers API. * src/prelude-client.c: remove reconnection / failsafe (message backup) code. This is moved to prelude-client-mgr.c (prelude_client_new): Ignore the SIGPIPE signal (we'll check at the write return value thought). Support for Manager implicitly closing the connection should be improved thought. (prelude_client_new): Do not connect here. (prelude_client_connect): new function, connect here. (prelude_client_get_address): new function, get the address / port associated with a prelude_client_t object. Change Prelude Report to Prelude Manager in several place. * sensor-adduser/sensor-adduser.c: we don't need networking header here. * src/prelude-client-mgr.c: Finish the implementation of the clients manager. Have to beautify and comment the code a little more thought. Parsing of the configuration line should probably be more robust too. 2001-10-18 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/prelude-message.c (prelude_msg_read): Changed message reading API. This function shoud *never* block, even if a message isn't available for reading. * src/prelude-io.c (prelude_io_read_wait): new function. (prelude_io_read): do not wait for data to arrive. 2001-10-16 Yoann Vandoorselaere <yoann@mandrakesoft.com> * A lot of modification. Complete API change, use OOP model in non time critical place for maintainability reason. 2001-10-09 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/prelude-io.h: * src/prelude-io.c: New standard / SSL - read / write / close abstraction. 2001-10-05 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/auth-common.c (write_account): better error reporting. 2001-10-03 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/alert-read.c (prelude_alert_read): fd is a pointer on a private structure to be passed to the read function cb. 2001-09-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/ssl-config.c: Define KEY_LENGTH and CERT_DAYS moved to this file instead of ssl-config.h, they should be used directly by any SSL related sources files. Remove the ssl config structure cert_directory member and associated function, it's dependant on the user, and shouldn't be computed here. * src/include/alert-read.h: new type readfunc_t, to point on a read function to use. * src/alert-read.c (prelude_alert_read): take a readfunc_t argument identifying the read function to use. 2001-09-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/ssl-config.h: remove manager related definitions. 2001-09-02 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/alert-read.c (prelude_alert_read_msg): * src/include/alert-read.h (prelude_alert_read_msg): buf is void. * src/include/alert-id.h (ID_PRELUDE_NIDS_ALERT): new file, define known alert ID. * src/alert-read.c (prelude_alert_read): better control of the read() return value. (prelude_alert_read): Set the message index to 0. (prelude_alert_read_msg): return 0 when end of message is reached, 1 if we got a message, -1 on error. Handle the end of message character. 2001-09-01 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/alert-read.c: New communication layer. 2001-08-28 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/alert.h: include a sensor_data_len member (16bits). * src/alert-common.c (read_alert): read sensor data id and sensor data len. * src/config-engine.c (cmp_entry): oops, badly synced with last prelude stable branch change. * src/include/alert.h: include inttypes.h alert_t now contain a pointer on the private sensor data, and a 8 bits integer representing the kind of data it is. 2001-08-26 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/libprelude/config-engine.c (cmp_entry): Avoid reading past the end of our buffer when the line is blank. * src/libprelude/plugin-common.c (plugin_config_get): If the argument to pass to the plugin is a variable, try to look it up. If it fail issue a warning. Return only if the argument for this option is required. * src/libprelude/config-engine.c (config_open): (config_close): (config_set): (get_variable_content): Lookup value for the specified variable. (config_get): Call get_variable_content() if the value found is a variable. Made gtk-doc style comment for all theses functions. * src/libprelude/include/Makefile.am (EXTRA_DIST): add variable.h * src/libprelude/Makefile.am (libprelude_la_SOURCES): add variable.c * src/libprelude/variable.c: move the variable implementation to libprelude. Little code cleanup and function documentation. 2001-08-24 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/alert-common.c (read_alert): Return an error if socket_read_nowait() returned 0. This prevent a possible report server if the sensor is interupted while sending an alert. 2001-08-23 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/auth-common.c (auth_file_exist_or_create): (auth_read_entry): (auth_create_account): Documented. Put the cpass variable into the #ifdef scope. include config.h 2001-08-21 Yoann Vandoorselaere <yoann@mandrakesoft.com> * src/include/compat.h: if package is not defined, dump an error telling to include <libprelude/config.h> * Makefile.am (SUBDIRS): process docs subdirectory after src. * src/include/list.h (list_entry): updated to a more recent, documented version, kernel use unsigned long for pointer, we do use void *. Use the inline keyword. * Move to it's own CVS module.