diff -rup aide-0.12-rc1-orig/config.h.in aide-0.12-rc1/config.h.in --- aide-0.12-rc1-orig/config.h.in 2006-07-15 13:44:27.000000000 -0400 +++ aide-0.12-rc1/config.h.in 2006-10-11 10:32:02.000000000 -0400 @@ -279,16 +279,16 @@ /* use bundled GNU regex */ #undef REGEX -/* The size of `unsigned int', as computed by sizeof. */ +/* The size of a `unsigned int', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_INT -/* The size of `unsigned long', as computed by sizeof. */ +/* The size of a `unsigned long', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_LONG -/* The size of `unsigned long long', as computed by sizeof. */ +/* The size of a `unsigned long long', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_LONG_LONG -/* The size of `unsigned short', as computed by sizeof. */ +/* The size of a `unsigned short', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_SHORT /* Define to 1 if you have the ANSI C header files. */ @@ -315,9 +315,15 @@ /* use mhash library */ #undef WITH_MHASH +/* use POSIX ACLs */ +#undef WITH_POSIX_ACL + /* postgresql support */ #undef WITH_PSQL +/* use SELinux */ +#undef WITH_SELINUX + /* use ACL on Solaris */ #undef WITH_SUN_ACL @@ -331,6 +337,9 @@ /* Select 64 bits filesystem interface */ #undef _FILE_OFFSET_BITS +/* unhide _GLIBC symbols */ +#undef _GNU_SOURCE + /* Additional functionality from LFS */ #undef _LARGEFILE64_SOURCE diff -rup aide-0.12-rc1-orig/configure.in aide-0.12-rc1/configure.in --- aide-0.12-rc1-orig/configure.in 2006-05-31 05:09:03.000000000 -0400 +++ aide-0.12-rc1/configure.in 2006-10-11 12:41:49.000000000 -0400 @@ -57,6 +57,9 @@ AC_ARG_WITH(extra-link-libs, [LIBS="$LIBS $withval"] ) +dnl Do the right thing for glibc... +AC_DEFINE(_GNU_SOURCE,1,[unhide _GLIBC symbols]) + dnl This is borrowed from libtool if test $ac_cv_prog_gcc = yes; then @@ -338,7 +341,7 @@ AC_ARG_WITH([curl], ) -AC_MSG_CHECKING(for acl-support) +AC_MSG_CHECKING(for sun-acl-support) AC_ARG_WITH(sun-acl, AC_HELP_STRING([--with-sun-acl], [use ACL on solaris (no checking)]), @@ -349,8 +352,31 @@ AC_ARG_WITH(sun-acl, [AC_MSG_RESULT(no)] ) +AC_MSG_CHECKING(for posix-acl-support) +AC_ARG_WITH(posix-acl, + AC_HELP_STRING([--with-posix-acl], + [use POSIX ACLs (no checking)]), + [AC_DEFINE(WITH_POSIX_ACL,1,[use POSIX ACLs]) + AC_DEFINE(WITH_ACL,1,[use ACL]) + ACLLIB="-lacl" + AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no)] +) + AC_SUBST(ACLLIB) +AC_MSG_CHECKING(for selinux-support) +AC_ARG_WITH(selinux, + AC_HELP_STRING([--with-selinux], + [use SELinux (no checking)]), + [AC_DEFINE(WITH_SELINUX,1,[use SELinux]) + SELINUXLIB="-lselinux" + AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no)] +) + +AC_SUBST(SELINUXLIB) + # Check whether LFS has explicitly been disabled AC_ARG_ENABLE(lfs,[ --disable-lfs Disable large file support on 32-bit platforms], [aide_lfs_choice=$enableval], [aide_lfs_choice=yes]) @@ -531,21 +557,27 @@ AC_CHECK_LIB([mhash],[mhash_get_block_si AC_DEFINE(WITH_MHASH,1,[use mhash library])], [AC_MSG_ERROR(You must have libmhash installed as a static library.)] ) +# [AC_MSG_WARN(You should have libmhash installed as a static library.)] AC_SUBST(CRYPTLIB) AC_ARG_WITH([confighmactype], AC_HELP_STRING([--with-confighmactype=TYPE], - [Hash type to use for checking config. Valid values are md5 and sha1.]), + [Hash type to use for checking config. Valid values are md5, sha1, sha256 and sha512.]), [if test "x$withval" = "xmd5" ;then CONFIGHMACTYPE="MHASH_MD5" - else - if test "x$withval" = "xsha1" ;then + else if test "x$withval" = "xsha1" ;then CONFIGHMACTYPE="MHASH_SHA1" - else - echo "Valid parameters for --with-confighmactype are md5, sha1" - exit 1 - fi + else if test "x$withval" = "xsha256" ;then + CONFIGHMACTYPE="MHASH_SHA256" + else if test "x$withval" = "xsha512" ;then + CONFIGHMACTYPE="MHASH_SHA512" + else + echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512" + exit 1 + fi + fi + fi fi AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])], [ diff -rup aide-0.12-rc1-orig/doc/aide.conf.5 aide-0.12-rc1/doc/aide.conf.5 --- aide-0.12-rc1-orig/doc/aide.conf.5 2006-07-15 14:19:00.000000000 -0400 +++ aide-0.12-rc1/doc/aide.conf.5 2006-10-11 12:49:49.000000000 -0400 @@ -30,11 +30,11 @@ valid urls. .IP "database" The url from which database is read. There can only be one of these lines. If there are multiple database lines then the first is used. -The default value is "/usr/local/etc/aide.db". +The default value is "/tmp/james/etc/aide.db". .IP "database_out" The url to which the new database is written to. There can only be one of these lines. If there are multiple database_out lines then the -first is used. The default value is "/usr/local/etc/aide.db.new". +first is used. The default value is "/tmp/james/etc/aide.db.new". .IP "database_new" The url from which the other database for \-\-compare is read. There is no default for this one. diff -rup aide-0.12-rc1-orig/doc/aide.conf.in aide-0.12-rc1/doc/aide.conf.in --- aide-0.12-rc1-orig/doc/aide.conf.in 2006-07-15 12:42:58.000000000 -0400 +++ aide-0.12-rc1/doc/aide.conf.in 2006-10-11 13:34:03.000000000 -0400 @@ -76,23 +76,29 @@ report_url=stdout #m: mtime #a: atime #c: ctime +#acl: Access Control Lists +#selinux SELinux security context +#xattrs: Extended file attributes #S: check for growing size #I: ignore changed filename #md5: md5 checksum #sha1: sha1 checksum +#sha256: sha256 checksum +#sha512: sha512 checksum #rmd160: rmd160 checksum #tiger: tiger checksum -#R: p+i+n+u+g+s+m+c+md5 -#L: p+i+n+u+g +#whirlpool: whirlpool checksum +#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 +#L: p+i+n+u+g+acl+selinux+xattrs #E: Empty group -#>: Growing logfile p+u+g+i+n+S +#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs #The following are available if you have mhash support enabled. #haval: haval checksum #gost: gost checksum #crc32: crc32 checksum # Rule definition -All=R+a+sha1+rmd160 +All=R+a+sha1+rmd160+sha256+sha512+whirlpool # report_attributes is a special rule definition # the attributes listed in it are alway displayed for changed files @@ -107,7 +113,7 @@ All=R+a+sha1+rmd160 # Attributes that can be used to verify that aide in intact # by people that have downloaded it from the web. # Let's be paranoid -Norm=s+n+b+md5+sha1+rmd160 +Norm=s+n+b+selinux+xattrs+md5+sha1+rmd160+sha256+sha512+whirlpool # The commented rules are just examples the rest are used by # make check diff -rup aide-0.12-rc1-orig/doc/Makefile.in aide-0.12-rc1/doc/Makefile.in --- aide-0.12-rc1-orig/doc/Makefile.in 2006-07-15 14:20:24.000000000 -0400 +++ aide-0.12-rc1/doc/Makefile.in 2006-10-11 12:49:28.000000000 -0400 @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.7.9 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ -# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 -# Free Software Foundation, Inc. +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -32,7 +32,6 @@ # the Free Software Foundation, 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # - srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ @@ -40,7 +39,6 @@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ top_builddir = .. - am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 @@ -54,6 +52,26 @@ POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +subdir = doc +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(srcdir)/aide.1.in $(srcdir)/aide.conf.5.in \ + $(srcdir)/aide.conf.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/version.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = aide.conf aide.1 aide.conf.5 +SOURCES = +DIST_SOURCES = +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" +man5dir = $(mandir)/man5 +NROFF = nroff +MANS = $(man_MANS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLLIB = @ACLLIB@ ACLOCAL = @ACLOCAL@ AIDE_USE_LOCALE = @AIDE_USE_LOCALE@ @@ -78,7 +96,6 @@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GREP = @GREP@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -105,82 +122,88 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PSQLLIB = @PSQLLIB@ RANLIB = @RANLIB@ +SELINUXLIB = @SELINUXLIB@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ -YFLAGS = @YFLAGS@ ac_ct_CC = @ac_ct_CC@ +ac_ct_RANLIB = @ac_ct_RANLIB@ +ac_ct_STRIP = @ac_ct_STRIP@ am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ curlconfig = @curlconfig@ datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ exec_prefix = @exec_prefix@ host_alias = @host_alias@ -htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ -localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ +mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ -psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ - CLEANFILES = *~ - man_MANS = aide.1 aide.conf.5 - EXTRA_DIST = aide.1 aide.conf.5 manual.html -subdir = doc -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = aide.conf aide.1 aide.conf.5 -DIST_SOURCES = - -NROFF = nroff -MANS = $(man_MANS) -DIST_COMMON = $(srcdir)/Makefile.in Makefile.am aide.1.in \ - aide.conf.5.in aide.conf.in all: all-am .SUFFIXES: -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/Makefile -Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) -aide.conf: $(top_builddir)/config.status aide.conf.in +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +aide.conf: $(top_builddir)/config.status $(srcdir)/aide.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ -aide.1: $(top_builddir)/config.status aide.1.in +aide.1: $(top_builddir)/config.status $(srcdir)/aide.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ -aide.conf.5: $(top_builddir)/config.status aide.conf.5.in +aide.conf.5: $(top_builddir)/config.status $(srcdir)/aide.conf.5.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ uninstall-info-am: - -man1dir = $(mandir)/man1 install-man1: $(man1_MANS) $(man_MANS) @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(man1dir) + test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)" @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ @@ -199,8 +222,8 @@ install-man1: $(man1_MANS) $(man_MANS) inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \ - $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ done uninstall-man1: @$(NORMAL_UNINSTALL) @@ -220,14 +243,12 @@ uninstall-man1: inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \ - rm -f $(DESTDIR)$(man1dir)/$$inst; \ + echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ done - -man5dir = $(mandir)/man5 install-man5: $(man5_MANS) $(man_MANS) @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(man5dir) + test -z "$(man5dir)" || $(mkdir_p) "$(DESTDIR)$(man5dir)" @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ @@ -246,8 +267,8 @@ install-man5: $(man5_MANS) $(man_MANS) inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \ - $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ done uninstall-man5: @$(NORMAL_UNINSTALL) @@ -267,8 +288,8 @@ uninstall-man5: inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \ - rm -f $(DESTDIR)$(man5dir)/$$inst; \ + echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ done tags: TAGS TAGS: @@ -276,10 +297,6 @@ TAGS: ctags: CTAGS CTAGS: -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - -top_distdir = .. -distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ @@ -293,7 +310,7 @@ distdir: $(DISTFILES) dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ if test "$$dir" != "$$file" && test "$$dir" != "."; then \ dir="/$$dir"; \ - $(mkinstalldirs) "$(distdir)$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ else \ dir=''; \ fi; \ @@ -311,9 +328,10 @@ distdir: $(DISTFILES) check-am: all-am check: check-am all-am: Makefile $(MANS) - installdirs: - $(mkinstalldirs) $(DESTDIR)$(man1dir) $(DESTDIR)$(man5dir) + for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done install: install-am install-exec: install-exec-am install-data: install-data-am @@ -334,7 +352,7 @@ clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: - -rm -f $(CONFIG_CLEAN_FILES) + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -351,6 +369,8 @@ dvi: dvi-am dvi-am: +html: html-am + info: info-am info-am: @@ -386,8 +406,8 @@ uninstall-am: uninstall-info-am uninstal uninstall-man: uninstall-man1 uninstall-man5 .PHONY: all all-am check check-am clean clean-generic distclean \ - distclean-generic distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-exec \ + distclean-generic distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-exec \ install-exec-am install-info install-info-am install-man \ install-man1 install-man5 install-strip installcheck \ installcheck-am installdirs maintainer-clean \ diff -rup aide-0.12-rc1-orig/include/base64.h aide-0.12-rc1/include/base64.h --- aide-0.12-rc1-orig/include/base64.h 2003-01-16 05:37:34.000000000 -0500 +++ aide-0.12-rc1/include/base64.h 2006-10-10 02:16:13.000000000 -0400 @@ -43,7 +43,7 @@ char* encode_base64(byte* src,size_t ssize); -byte* decode_base64(char* src,size_t ssize); +byte* decode_base64(char* src,size_t ssize,size_t *); /* Returns decoded length */ size_t length_base64(char* src,size_t ssize); diff -rup aide-0.12-rc1-orig/include/commandconf.h aide-0.12-rc1/include/commandconf.h --- aide-0.12-rc1-orig/include/commandconf.h 2003-01-16 05:37:34.000000000 -0500 +++ aide-0.12-rc1/include/commandconf.h 2006-10-11 03:39:53.000000000 -0400 @@ -31,7 +31,7 @@ int commandconf(const char mode,const ch int conf_input_wrapper(char* buf, int max_size, FILE* in); int db_input_wrapper(char* buf, int max_size, int db); -list* append_rxlist(char*,int,list*); +list* append_rxlist(char*,DB_ATTR_TYPE,list*); void do_define(char*,char*); @@ -41,9 +41,9 @@ int do_ifxdef(int,char*); int do_ifxhost(int,char*); -void do_groupdef(char*,int); +void do_groupdef(char*,DB_ATTR_TYPE); -int get_groupval(char*); +DB_ATTR_TYPE get_groupval(char*); void putbackvariable(char*); diff -rup aide-0.12-rc1-orig/include/compare_db.h aide-0.12-rc1/include/compare_db.h --- aide-0.12-rc1-orig/include/compare_db.h 2003-01-16 05:37:34.000000000 -0500 +++ aide-0.12-rc1/include/compare_db.h 2006-10-10 21:04:09.000000000 -0400 @@ -48,6 +48,6 @@ void init_rxlst(list* rxlst); * compare_dbline() * Return RETOK if same RETFAIL if not */ -int compare_dbline(db_line* old,db_line* new,int ignorelist); +int compare_dbline(db_line* old,db_line* new,DB_ATTR_TYPE ignorelist); #endif diff -rup aide-0.12-rc1-orig/include/db_config.h aide-0.12-rc1/include/db_config.h --- aide-0.12-rc1-orig/include/db_config.h 2005-12-19 05:52:21.000000000 -0500 +++ aide-0.12-rc1/include/db_config.h 2006-10-11 13:11:03.000000000 -0400 @@ -35,6 +35,10 @@ /* Warning! if acl in database is corrupted then this will break down. See and fix db.c */ +#ifndef WITH_ACL +# error "No ACL support ... but Sun ACL support." +#endif + #include <sys/acl.h> typedef struct acl_type{ int entries; @@ -43,6 +47,43 @@ typedef struct acl_type{ #endif +#ifdef WITH_POSIX_ACL /* POSIX acl works for Sun ACL, AIUI but anyway... */ +#include <sys/acl.h> +#ifndef WITH_ACL +# error "No ACL support ... but POSIX ACL support." +#endif +#endif + +typedef struct acl_type { + char *acl_a; /* ACCESS */ + char *acl_d; /* DEFAULT, directories only */ +} acl_type; + +#define WITH_XATTR 1 /* FIXME: autoconf */ + +#ifdef WITH_XATTR /* Do generic user Xattrs. */ +#include <sys/xattr.h> +#include <attr/xattr.h> +#endif + +typedef struct xattr_node +{ + char *key; + byte *val; + size_t vsz; +} xattr_node; + +typedef struct xattrs_type +{ + size_t num; + size_t sz; + struct xattr_node *ents; +} xattrs_type; + +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#endif + #ifdef WITH_MHASH #include <mhash.h> #endif @@ -104,53 +145,74 @@ typedef enum { db_checkmask, /* "checkmask"*/ db_allownewfile, /* "allownewfile */ db_allowrmfile, /* "allowrmfile" */ + db_sha256, /* "sha256", */ + db_sha512, /* "sha512", */ + db_whirlpool, /* "whirlpool", */ + db_selinux, /* "selinux", */ + db_xattrs, /* "xattrs", */ db_unknown } DB_FIELD; /* "unknown" */ /* db_unknown must be last because it is used to determine size of DB_FILED */ +/* FIXME: THIS IS A HACK, somethimes we use AIDE_OFF_TYPE instead + * because that's what internal functions take. This bitmap needs to die. */ +#define DB_ATTR_TYPE unsigned long long +#define DB_ATTR_UNDEF ((DB_ATTR_TYPE) -1) + /* WE need this for rx_rules since enums are not orrable (horrible) */ -#define DB_FILENAME (1<<0) /* "name", */ -#define DB_LINKNAME (1<<1) /* "lname", */ -#define DB_PERM (1<<2) /* "perm", */ -#define DB_UID (1<<3) /* "uid", */ -#define DB_GID (1<<4) /* "gid", */ -#define DB_SIZE (1<<5) /* "size", */ -#define DB_ATIME (1<<6) /* "atime", */ -#define DB_CTIME (1<<7) /* "ctime", */ -#define DB_MTIME (1<<8) /* "mtime", */ -#define DB_INODE (1<<9) /* "inode", */ -#define DB_BCOUNT (1<<10) /* "bcount", */ -#define DB_LNKCOUNT (1<<11) /* "lcount", */ -#define DB_MD5 (1<<12) /* "md5", */ -#define DB_SHA1 (1<<13) /* "sha1", */ -#define DB_RMD160 (1<<14) /* "rmd160", */ -#define DB_TIGER (1<<15) /* "tiger", */ +#define DB_FILENAME (1LLU<<0) /* "name", */ +#define DB_LINKNAME (1LLU<<1) /* "lname", */ +#define DB_PERM (1LLU<<2) /* "perm", */ +#define DB_UID (1LLU<<3) /* "uid", */ +#define DB_GID (1LLU<<4) /* "gid", */ +#define DB_SIZE (1LLU<<5) /* "size", */ +#define DB_ATIME (1LLU<<6) /* "atime", */ +#define DB_CTIME (1LLU<<7) /* "ctime", */ +#define DB_MTIME (1LLU<<8) /* "mtime", */ +#define DB_INODE (1LLU<<9) /* "inode", */ +#define DB_BCOUNT (1LLU<<10) /* "bcount", */ +#define DB_LNKCOUNT (1LLU<<11) /* "lcount", */ +#define DB_MD5 (1LLU<<12) /* "md5", */ +#define DB_SHA1 (1LLU<<13) /* "sha1", */ +#define DB_RMD160 (1LLU<<14) /* "rmd160", */ +#define DB_TIGER (1LLU<<15) /* "tiger", */ /* We want to matk these newertheless we have a hash-functon or not. */ -#define DB_CRC32 (1<<16) /* "crc32", */ -#define DB_HAVAL (1<<17) /* "haval", */ -#define DB_GOST (1<<18) /* "gost", */ -#define DB_CRC32B (1<<19) /* "crc32b", */ -#define DB_ATTR (1<<20) /* "attr" */ -#define DB_ACL (1<<21) /* "acl" */ -#define DB_BSIZE (1<<22) /* "bsize" */ -#define DB_RDEV (1<<23) /* "rdev" */ -#define DB_DEV (1<<24) /* "dev" */ - -#define DB_CHECKMASK (1<<25) /* "checkmask"*/ -#define DB_SIZEG (1<<26) /* "unknown" */ -#define DB_CHECKINODE (1<<27) /* "checkinode"*/ -#define DB_NEWFILE (1<<28) /* "allow new file" */ -#define DB_RMFILE (1<<29) /* "allot rm file" */ +#define DB_CRC32 (1LLU<<16) /* "crc32", */ +#define DB_HAVAL (1LLU<<17) /* "haval", */ +#define DB_GOST (1LLU<<18) /* "gost", */ +#define DB_CRC32B (1LLU<<19) /* "crc32b", */ +// #define DB_ATTR (1LLU<<20) /* "attr" */ +#define DB_ACL (1LLU<<21) /* "acl" */ +#define DB_BSIZE (1LLU<<22) /* "bsize" */ +#define DB_RDEV (1LLU<<23) /* "rdev" */ +#define DB_DEV (1LLU<<24) /* "dev" */ + +#define DB_CHECKMASK (1LLU<<25) /* "checkmask"*/ +#define DB_SIZEG (1LLU<<26) /* "unknown" */ +#define DB_CHECKINODE (1LLU<<27) /* "checkinode"*/ +#define DB_NEWFILE (1LLU<<28) /* "allow new file" */ +#define DB_RMFILE (1LLU<<29) /* "allot rm file" */ +#define DB_SHA256 (1LLU<<30) /* "sha256", */ +#define DB_SHA512 (1LLU<<31) /* "sha512", */ +#define DB_SELINUX (1LLU<<32) /* "selinux", */ +#define DB_XATTRS (1LLU<<33) /* "xattrs", */ +#define DB_WHIRLPOOL (1LLU<<34) /* "whirlpool", */ #define DB_HASHES (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|DB_HAVAL| \ - DB_GOST|DB_CRC32B) + DB_GOST|DB_CRC32B|DB_SHA256|DB_SHA512|DB_WHIRLPOOL) -const static char* db_names[] = { +/* This is stupid, should be functions, but static data means if it isn't used + * but this header is included we get a warning ... so kill the warning */ +#ifdef __GNUC__ +# define DB__ATTR_USED() __attribute__ ((used)) +#endif + +static DB__ATTR_USED() const char* db_names[] = { "name", "lname", "perm", @@ -178,9 +240,14 @@ const static char* db_names[] = { "dev", "checkmask", "unknown", - "allownewfiles"} ; + "allownewfiles", + "sha256", + "sha512", + "selinux", + "xattrs", + "whirlpool"} ; -const static int db_value[] = { +static DB__ATTR_USED() const int db_value[] = { db_filename, /* "name", */ db_linkname, /* "lname", */ db_perm, /* "perm", */ @@ -209,18 +276,23 @@ const static int db_value[] = { db_checkmask, /* "checkmask" */ db_allownewfile, /* "allownewfile" */ db_allowrmfile, /* "allowrmfile" */ + db_sha256, /* "sha256", */ + db_sha512, /* "sha512", */ + db_selinux, /* "selinux", */ + db_xattrs, /* "xattrs", */ + db_whirlpool, /* "whirlpool", */ db_unknown }; /* "unknown" */ /* db_namealias && db_aliasvalue are here to support earlier database * names that are no longer used. */ -const static char* db_namealias[] = { +static DB__ATTR_USED() const char* db_namealias[] = { "count" } ; -const static int db_aliasvalue[] = { +static DB__ATTR_USED() const int db_aliasvalue[] = { db_lnkcount } ; /* "count", */ -const static int db_alias_size=1; +static DB__ATTR_USED() const int db_alias_size=1; /* TIMEBUFSIZE should be exactly ceil(sizeof(time_t)*8*ln(2)/ln(10)) * Now it is ceil(sizeof(time_t)*2.5) @@ -337,7 +409,7 @@ typedef struct db_config { time_t end_time; int symlinks_found; - int attr; + DB_ATTR_TYPE attr; #ifdef WITH_ACL int no_acl_on_symlinks; @@ -358,10 +430,13 @@ typedef struct db_line { byte* gost; byte* crc32b; -#ifdef WITH_ACL + byte* sha256; + byte* sha512; + + byte* whirlpool; + acl_type* acl; /* Something here.. */ -#endif mode_t perm; mode_t perm_o; /* Permission for tree traverse */ @@ -379,8 +454,12 @@ typedef struct db_line { char* filename; char* linkname; + char *cntx; + + xattrs_type* xattrs; + /* Attributes .... */ - int attr; + DB_ATTR_TYPE attr; } db_line; diff -rup aide-0.12-rc1-orig/include/db_sql.h aide-0.12-rc1/include/db_sql.h --- aide-0.12-rc1-orig/include/db_sql.h 2004-10-23 07:15:48.000000000 -0400 +++ aide-0.12-rc1/include/db_sql.h 2006-10-11 05:07:20.000000000 -0400 @@ -22,7 +22,7 @@ #define _DB_SQL_H_INCLUDED -const static char* db_sql_types[] = { +static __attribute__ ((used)) const char* db_sql_types[] = { "text unique primary key",/* "name", */ "text", /* "lname", */ "int", /* "perm", */ diff -rup aide-0.12-rc1-orig/include/do_md.h aide-0.12-rc1/include/do_md.h --- aide-0.12-rc1-orig/include/do_md.h 2003-01-16 05:37:34.000000000 -0500 +++ aide-0.12-rc1/include/do_md.h 2006-10-11 02:25:22.000000000 -0400 @@ -31,5 +31,6 @@ list* do_md(list* file_lst,db_config* conf); +void acl2line(db_line* line); #endif /* _DO_MD_H_INCLUDED */ diff -rup aide-0.12-rc1-orig/include/gen_list.h aide-0.12-rc1/include/gen_list.h --- aide-0.12-rc1-orig/include/gen_list.h 2003-01-16 05:37:34.000000000 -0500 +++ aide-0.12-rc1/include/gen_list.h 2006-10-10 21:11:12.000000000 -0400 @@ -29,7 +29,7 @@ typedef struct rx_rule { char* rx; /* Regular expression in text form */ regex_t* crx; /* Compiled regexp */ - int attr; /* Which attributes to save */ + DB_ATTR_TYPE attr; /* Which attributes to save */ long conf_lineno; /* line no. of rule definition*/ } rx_rule; @@ -62,11 +62,11 @@ void populate_tree(seltree* tree); char* strrxtok(char*); -int check_list_for_match(list*,char*,int*); +int check_list_for_match(list*,char*,DB_ATTR_TYPE*); -int check_rxtree(char* filename,seltree* tree, int* attr); +int check_rxtree(char* filename,seltree* tree, DB_ATTR_TYPE* attr); -db_line* get_file_attrs(char* filename,int attr); +db_line* get_file_attrs(char* filename,DB_ATTR_TYPE attr); seltree* get_seltree_node(seltree* tree,char* path); diff -rup aide-0.12-rc1-orig/include/md.h aide-0.12-rc1/include/md.h --- aide-0.12-rc1-orig/include/md.h 2005-04-06 05:50:02.000000000 -0400 +++ aide-0.12-rc1/include/md.h 2006-10-11 13:21:45.000000000 -0400 @@ -32,7 +32,7 @@ #ifdef WITH_MHASH #include <mhash.h> -#define HASH_MHASH_COUNT 18 +#define HASH_MHASH_COUNT MHASH_WHIRLPOOL /* WHIRLPOOL == 22 on 2006-10-11 */ #define MHASH_RMD160 MHASH_RIPEMD160 #define MHASH_HAVAL MHASH_HAVAL256 #endif @@ -59,6 +59,8 @@ #define HASH_TIGER160_LEN 20 #define HASH_MD4_LEN 16 #define HASH_SHA256_LEN 32 +#define HASH_SHA512_LEN 64 +#define HASH_WHIRLPOOL_LEN 64 #define HASH_ADLER32_LEN 4 #define HASH_CRC32B_LEN 4 #define HASH_CRC32_LEN 4 @@ -69,7 +71,8 @@ */ #define HASH_USE_MHASH (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|\ - DB_HAVAL|DB_GOST|DB_CRC32B) + DB_HAVAL|DB_GOST|DB_CRC32B|\ + DB_SHA256|DB_SHA512|DB_WHIRLPOOL) #define HASH_USE_LIBGCRYPT (0) @@ -100,18 +103,20 @@ typedef struct md_container { char tiger160[HASH_TIGER160_LEN]; char md4[HASH_MD4_LEN]; char sha256[HASH_SHA256_LEN]; + char sha512[HASH_SHA512_LEN]; char adler32[HASH_ADLER32_LEN]; + char whirlpool[HASH_WHIRLPOOL_LEN]; /* Attr which are to be calculated. */ - int calc_attr; + DB_ATTR_TYPE calc_attr; /* Attr which are not (yet) to be calculated. After init hold's hashes which are not calculated :) */ - int todo_attr; + DB_ATTR_TYPE todo_attr; /* Variables needed to cope with the library. diff -rup aide-0.12-rc1-orig/include/symboltable.h aide-0.12-rc1/include/symboltable.h --- aide-0.12-rc1-orig/include/symboltable.h 2003-01-16 05:37:34.000000000 -0500 +++ aide-0.12-rc1/include/symboltable.h 2006-10-11 02:22:57.000000000 -0400 @@ -26,7 +26,7 @@ typedef struct symba { char* name; char* value; - int ival; + DB_ATTR_TYPE ival; } symba; diff -rup aide-0.12-rc1-orig/Makefile.in aide-0.12-rc1/Makefile.in --- aide-0.12-rc1-orig/Makefile.in 2006-07-15 14:20:24.000000000 -0400 +++ aide-0.12-rc1/Makefile.in 2006-10-11 12:49:29.000000000 -0400 @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.7.9 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ -# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 -# Free Software Foundation, Inc. +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -32,7 +32,6 @@ # the Free Software Foundation, 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # - srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ @@ -40,7 +39,6 @@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ top_builddir = . - am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 @@ -54,6 +52,42 @@ POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +subdir = . +DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/aide.spec.in \ + $(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \ + ChangeLog INSTALL NEWS depcomp install-sh missing \ + mkinstalldirs ylwrap +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/version.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno configure.status.lineno +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = aide.spec +SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-exec-recursive install-info-recursive \ + install-recursive installcheck-recursive installdirs-recursive \ + pdf-recursive ps-recursive uninstall-info-recursive \ + uninstall-recursive +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + { test ! -d $(distdir) \ + || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -fr $(distdir); }; } +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +distuninstallcheck_listfiles = find . -type f -print +distcleancheck_listfiles = find . -type f -print ACLLIB = @ACLLIB@ ACLOCAL = @ACLOCAL@ AIDE_USE_LOCALE = @AIDE_USE_LOCALE@ @@ -78,7 +112,6 @@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GREP = @GREP@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -105,86 +138,76 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PSQLLIB = @PSQLLIB@ RANLIB = @RANLIB@ +SELINUXLIB = @SELINUXLIB@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ -YFLAGS = @YFLAGS@ ac_ct_CC = @ac_ct_CC@ +ac_ct_RANLIB = @ac_ct_RANLIB@ +ac_ct_STRIP = @ac_ct_STRIP@ am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ curlconfig = @curlconfig@ - datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ exec_prefix = @exec_prefix@ host_alias = @host_alias@ -htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ -localedir = $(datadir)/locale localstatedir = @localstatedir@ mandir = @mandir@ +mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ -psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ - SUBDIRS = src doc - +localedir = $(datadir)/locale CLEANFILES = *~ - DIST_SOURCES = src/conf_lex.l src/db_lex.l DIST_SUBDIRS = $(SUBDIRS) EXTRA_DIST = Todo LICENSE-snprintf.txt README-snprintf -subdir = . -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = config.h -CONFIG_CLEAN_FILES = aide.spec - -RECURSIVE_TARGETS = info-recursive dvi-recursive pdf-recursive \ - ps-recursive install-info-recursive uninstall-info-recursive \ - all-recursive install-data-recursive install-exec-recursive \ - installdirs-recursive install-recursive uninstall-recursive \ - check-recursive installcheck-recursive -DIST_COMMON = README $(srcdir)/Makefile.in $(srcdir)/configure AUTHORS \ - COPYING ChangeLog INSTALL Makefile.am NEWS acinclude.m4 \ - aclocal.m4 aide.spec.in config.h.in configure configure.in \ - depcomp install-sh missing mkinstalldirs ylwrap all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: - -am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ - configure.lineno -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) +am--refresh: + @: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \ + cd $(srcdir) && $(AUTOMAKE) --gnu \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile +.PRECIOUS: Makefile -$(top_builddir)/config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck -$(srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) - cd $(srcdir) && $(AUTOCONF) -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in acinclude.m4 +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) config.h: stamp-h1 @@ -196,14 +219,14 @@ config.h: stamp-h1 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h - -$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_srcdir) && $(AUTOHEADER) - touch $(srcdir)/config.h.in + rm -f stamp-h1 + touch $@ distclean-hdr: -rm -f config.h stamp-h1 -aide.spec: $(top_builddir)/config.status aide.spec.in +aide.spec: $(top_builddir)/config.status $(srcdir)/aide.spec.in cd $(top_builddir) && $(SHELL) ./config.status $@ uninstall-info-am: @@ -214,7 +237,13 @@ uninstall-info-am: # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @set fnord $$MAKEFLAGS; amf=$$2; \ + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ @@ -226,7 +255,7 @@ $(RECURSIVE_TARGETS): local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ + || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ @@ -234,7 +263,13 @@ $(RECURSIVE_TARGETS): mostlyclean-recursive clean-recursive distclean-recursive \ maintainer-clean-recursive: - @set fnord $$MAKEFLAGS; amf=$$2; \ + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ @@ -255,7 +290,7 @@ maintainer-clean-recursive: local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ + || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ @@ -266,14 +301,6 @@ ctags-recursive: test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done -ETAGS = etags -ETAGSFLAGS = - -CTAGS = ctags -CTAGSFLAGS = - -tags: TAGS - ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -282,19 +309,22 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ mkid -fID $$unique +tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ - if (etags --etags-include --version) >/dev/null 2>&1; then \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ + empty_fix=.; \ else \ include_option=--include; \ + empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - test -f $$subdir/TAGS && \ + test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ @@ -304,10 +334,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCE done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ - test -z "$(ETAGS_ARGS)$$tags$$unique" \ - || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique - + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) @@ -330,24 +361,11 @@ GTAGS: distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - -top_distdir = . -distdir = $(PACKAGE)-$(VERSION) - -am__remove_distdir = \ - { test ! -d $(distdir) \ - || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -fr $(distdir); }; } - -GZIP_ENV = --best -distuninstallcheck_listfiles = find . -type f -print -distcleancheck_listfiles = find . -type f -print distdir: $(DISTFILES) $(am__remove_distdir) mkdir $(distdir) - $(mkinstalldirs) $(distdir)/. $(distdir)/doc + $(mkdir_p) $(distdir)/. $(distdir)/doc @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ list='$(DISTFILES)'; for file in $$list; do \ @@ -359,7 +377,7 @@ distdir: $(DISTFILES) dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ if test "$$dir" != "$$file" && test "$$dir" != "."; then \ dir="/$$dir"; \ - $(mkinstalldirs) "$(distdir)$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ else \ dir=''; \ fi; \ @@ -376,13 +394,15 @@ distdir: $(DISTFILES) done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - test -d $(distdir)/$$subdir \ - || mkdir $(distdir)/$$subdir \ + test -d "$(distdir)/$$subdir" \ + || $(mkdir_p) "$(distdir)/$$subdir" \ || exit 1; \ + distdir=`$(am__cd) $(distdir) && pwd`; \ + top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" \ - distdir=../$(distdir)/$$subdir \ + top_distdir="$$top_distdir" \ + distdir="$$distdir/$$subdir" \ distdir) \ || exit 1; \ fi; \ @@ -396,19 +416,46 @@ distdir: $(DISTFILES) ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r $(distdir) dist-gzip: distdir - $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 + $(am__remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) $(am__remove_distdir) dist dist-all: distdir - $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist - $(am__remove_distdir) - GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(AMTAR) xf - + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac chmod -R a-w $(distdir); chmod a+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst @@ -428,19 +475,20 @@ distcheck: dist distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ - (cd ../.. && $(mkinstalldirs) "$$dc_destdir") \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ - && $(MAKE) $(AM_MAKEFLAGS) dist-gzip \ - && rm -f $(distdir).tar.gz \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck $(am__remove_distdir) - @echo "$(distdir).tar.gz is ready for distribution" | \ - sed 'h;s/./=/g;p;x;p;x' + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}' distuninstallcheck: @cd $(distuninstallcheck_dir) \ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ @@ -464,7 +512,6 @@ check: check-recursive all-am: Makefile config.h installdirs: installdirs-recursive installdirs-am: - install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive @@ -485,7 +532,7 @@ clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: - -rm -f $(CONFIG_CLEAN_FILES) + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -503,6 +550,8 @@ dvi: dvi-recursive dvi-am: +html: html-recursive + info: info-recursive info-am: @@ -539,22 +588,20 @@ uninstall-am: uninstall-info-am uninstall-info: uninstall-info-recursive -.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am check check-am clean \ - clean-generic clean-recursive ctags ctags-recursive dist \ - dist-all dist-gzip distcheck distclean distclean-generic \ - distclean-hdr distclean-recursive distclean-tags distcleancheck \ - distdir distuninstallcheck dvi dvi-am dvi-recursive info \ - info-am info-recursive install install-am install-data \ - install-data-am install-data-recursive install-exec \ - install-exec-am install-exec-recursive install-info \ - install-info-am install-info-recursive install-man \ - install-recursive install-strip installcheck installcheck-am \ - installdirs installdirs-am installdirs-recursive \ +.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am am--refresh check \ + check-am clean clean-generic clean-recursive ctags \ + ctags-recursive dist dist-all dist-bzip2 dist-gzip dist-hook \ + dist-shar dist-tarZ dist-zip distcheck distclean \ + distclean-generic distclean-hdr distclean-recursive \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-man install-strip \ + installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic \ maintainer-clean-recursive mostlyclean mostlyclean-generic \ - mostlyclean-recursive pdf pdf-am pdf-recursive ps ps-am \ - ps-recursive tags tags-recursive uninstall uninstall-am \ - uninstall-info-am uninstall-info-recursive uninstall-recursive + mostlyclean-recursive pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am uninstall-info-am check: update-db diff -rup aide-0.12-rc1-orig/src/aide.c aide-0.12-rc1/src/aide.c --- aide-0.12-rc1-orig/src/aide.c 2006-03-29 10:11:57.000000000 -0500 +++ aide-0.12-rc1/src/aide.c 2006-10-11 13:11:46.000000000 -0400 @@ -109,7 +109,7 @@ int read_param(int argc,char**argv) { "update", no_argument, NULL, 'u'}, { "config-check", no_argument, NULL, 'D'}, { "compare", no_argument, NULL, 'E'}, - { NULL } + { NULL,0,NULL,0 } }; while(1){ @@ -340,9 +340,14 @@ void setdefaults_before_config() do_groupdef("tiger",DB_TIGER); do_groupdef("sha1",DB_SHA1); do_groupdef("rmd160",DB_RMD160); -#ifdef WITH_ACL + do_groupdef("sha256",DB_SHA256); + do_groupdef("sha512",DB_SHA512); + do_groupdef("whirlpool",DB_WHIRLPOOL); do_groupdef("acl",DB_ACL); -#endif + + do_groupdef("xattrs",DB_XATTRS); + do_groupdef("selinux",DB_SELINUX); + #ifdef WITH_MHASH do_groupdef("crc32",DB_CRC32); /* @@ -354,9 +359,9 @@ void setdefaults_before_config() #endif do_groupdef("R",DB_PERM|DB_INODE|DB_LNKCOUNT|DB_UID|DB_GID|DB_SIZE| - DB_MTIME|DB_CTIME|DB_MD5); - do_groupdef("L",DB_PERM|DB_INODE|DB_LNKCOUNT|DB_UID|DB_GID); - do_groupdef(">",DB_PERM|DB_INODE|DB_LNKCOUNT|DB_UID|DB_GID|DB_SIZEG); + DB_MTIME|DB_CTIME|DB_MD5|DB_XATTRS|DB_SELINUX|DB_ACL); + do_groupdef("L",DB_PERM|DB_INODE|DB_LNKCOUNT|DB_UID|DB_GID|DB_XATTRS|DB_SELINUX|DB_ACL); + do_groupdef(">",DB_PERM|DB_INODE|DB_LNKCOUNT|DB_UID|DB_GID|DB_SIZEG|DB_XATTRS|DB_SELINUX|DB_ACL); do_groupdef("E",0); diff -rup aide-0.12-rc1-orig/src/base64.c aide-0.12-rc1/src/base64.c --- aide-0.12-rc1-orig/src/base64.c 2005-12-19 05:52:21.000000000 -0500 +++ aide-0.12-rc1/src/base64.c 2006-10-10 02:12:18.000000000 -0400 @@ -174,7 +174,7 @@ char* encode_base64(byte* src,size_t ssi } /* FIXME Possible buffer overflow on outputs larger than B64_BUF */ -byte* decode_base64(char* src,size_t ssize) +byte* decode_base64(char* src,size_t ssize, size_t *ret_len) { byte* outbuf; byte* retbuf; @@ -252,6 +252,8 @@ byte* decode_base64(char* src,size_t ssi free(outbuf); + if (ret_len) *ret_len = pos; + return retbuf; } diff -rup aide-0.12-rc1-orig/src/commandconf.c aide-0.12-rc1/src/commandconf.c --- aide-0.12-rc1-orig/src/commandconf.c 2006-03-29 08:27:50.000000000 -0500 +++ aide-0.12-rc1/src/commandconf.c 2006-10-11 13:29:11.000000000 -0400 @@ -403,7 +403,7 @@ int check_dboo(DB_FIELD a){ return check_db_order(conf->db_out_order,conf->db_out_size,a); } -void update_db_out_order(int attr) +void update_db_out_order(DB_ATTR_TYPE attr) { /* First we add those attributes that must be there */ if (check_dboo(db_linkname)==RETOK) { @@ -472,14 +472,29 @@ void update_db_out_order(int attr) if((attr&DB_CRC32B) && (check_dboo(db_crc32b)!=RETFAIL)){ conf->db_out_order[conf->db_out_size++]=db_crc32b; } + if((attr&DB_WHIRLPOOL) && (check_dboo(db_whirlpool)!=RETFAIL)){ + conf->db_out_order[conf->db_out_size++]=db_whirlpool; + } /* #endif */ + if((attr&DB_SHA256) && (check_dboo(db_sha256)!=RETFAIL)){ + conf->db_out_order[conf->db_out_size++]=db_sha256; + } + if((attr&DB_SHA512) && (check_dboo(db_sha512)!=RETFAIL)){ + conf->db_out_order[conf->db_out_size++]=db_sha512; + } #ifdef WITH_ACL if((attr&DB_ACL) && (check_dboo(db_acl)!=RETFAIL)){ conf->db_out_order[conf->db_out_size++]=db_acl; } #endif + if((attr&DB_XATTRS) && (check_dboo(db_xattrs)!=RETFAIL)){ + conf->db_out_order[conf->db_out_size++]=db_xattrs; + } + if((attr&DB_SELINUX) && (check_dboo(db_selinux)!=RETFAIL)){ + conf->db_out_order[conf->db_out_size++]=db_selinux; + } if((attr&DB_CHECKMASK) && (check_dboo(db_checkmask)!=RETFAIL)){ conf->db_out_order[conf->db_out_size++]=db_checkmask; } @@ -681,7 +696,7 @@ int do_ifxhost(int mode,char* name) return (handle_endif(doit,1)); } -list* append_rxlist(char* rx,int attr,list* rxlst) +list* append_rxlist(char* rx,DB_ATTR_TYPE attr,list* rxlst) { extern long conf_lineno; /* defined & set in conf_lex.l */ @@ -698,7 +713,7 @@ list* append_rxlist(char* rx,int attr,li return rxlst; } -void do_groupdef(char* group,int value) +void do_groupdef(char* group,DB_ATTR_TYPE value) { list* r=NULL; symba* s=NULL; @@ -714,9 +729,10 @@ void do_groupdef(char* group,int value) conf->groupsyms=list_append(conf->groupsyms,(void*)s); } -int get_groupval(char* group) +DB_ATTR_TYPE get_groupval(char* group) { list* r=NULL; + if((r=list_find(group,conf->groupsyms))){ return (((symba*)r->data)->ival); } @@ -888,7 +904,7 @@ void* get_conf_key() { strcat(m,aide_key_8); strcat(m,aide_key_9); - r=decode_base64(m,strlen(m)); + r=decode_base64(m,strlen(m),NULL); memset(m,0,strlen(m)); free(m); @@ -950,7 +966,7 @@ void* get_db_key() { strcat(m,db_key_8); strcat(m,db_key_9); - r=decode_base64(m,strlen(m)); + r=decode_base64(m,strlen(m),NULL); memset(m,0,strlen(m)); free(m); diff -rup aide-0.12-rc1-orig/src/compare_db.c aide-0.12-rc1/src/compare_db.c --- aide-0.12-rc1-orig/src/compare_db.c 2006-07-15 12:46:40.000000000 -0400 +++ aide-0.12-rc1/src/compare_db.c 2006-10-11 13:32:35.000000000 -0400 @@ -23,6 +23,7 @@ #include <string.h> #include <time.h> #include <sys/stat.h> +#include <math.h> #include "base64.h" #include "report.h" @@ -45,11 +46,11 @@ const int old_col = 12; const int new_col = 40; -const int part_len = 40; /* usable length of line[] */ -char oline[40]; -char nline[40]; -const char* entry_format= " %-9s: %-34s, %-34s\n"; -const char* entry_format_justnew=" %-9s: %-34c %-34s\n"; +const int part_len = 33; /* usable length of line[] */ +char oline[33]; +char nline[33]; +const char* entry_format= " %-9s: %-33s, %s\n"; +const char* entry_format_justnew=" %-9s: %-33c %s\n"; /*************/ static int get_ignorelist() { @@ -99,8 +100,34 @@ list* find_line_match(db_line* line,list return NULL; } -#ifdef WITH_ACL -int compare_single_acl(aclent_t* a1,aclent_t* a2) { +#ifdef WITH_POSIX_ACL +int compare_acl(acl_type* a1,acl_type* a2) +{ + if (a1==NULL && a2==NULL) { + return RETOK; + } + if (a1==NULL || a2==NULL) { + return RETFAIL; + } + + if (!a1->acl_a != !a2->acl_a) { + return RETFAIL; + } + if (!a1->acl_d != !a2->acl_d) { + return RETFAIL; + } + + if (a1->acl_a && strcmp(a1->acl_a, a2->acl_a)) + return RETFAIL; + if (a1->acl_d && strcmp(a1->acl_d, a2->acl_d)) + return RETFAIL; + + return RETOK; +} +#endif + +#ifdef WITH_SUN_ACL +static int compare_single_acl(aclent_t* a1,aclent_t* a2) { if (a1->a_type!=a2->a_type || a1->a_id!=a2->a_id || a1->a_perm!=a2->a_perm) { @@ -134,13 +161,73 @@ int compare_acl(acl_type* a1,acl_type* a } #endif +static int cmp_xattr_node(const void *c1, const void *c2) +{ + const xattr_node *x1 = c1; + const xattr_node *x2 = c2; + + return (strcmp(x1->key, x2->key)); +} + +int compare_xattrs(xattrs_type* x1,xattrs_type* x2) +{ + size_t num = 0; + + if (x1 && (x1->num == 0)) x1 = NULL; + if (x2 && (x2->num == 0)) x2 = NULL; + + if (x1==NULL && x2==NULL) { + return RETOK; + } + if (x1==NULL || x2==NULL) { + return RETFAIL; + } + + if (x1->num != x2->num) { + return RETFAIL; + } + + qsort(x1->ents, x1->num, sizeof(xattr_node), cmp_xattr_node); + qsort(x2->ents, x2->num, sizeof(xattr_node), cmp_xattr_node); + + while (num++ < x1->num) + { + const char *x1key = NULL; + const byte *x1val = NULL; + size_t x1vsz = 0; + const char *x2key = NULL; + const byte *x2val = NULL; + size_t x2vsz = 0; + + x1key = x1->ents[num - 1].key; + x1val = x1->ents[num - 1].val; + x1vsz = x1->ents[num - 1].vsz; + + x2key = x2->ents[num - 1].key; + x2val = x2->ents[num - 1].val; + x2vsz = x2->ents[num - 1].vsz; + + if (strcmp(x1key, x2key) || + x1vsz != x2vsz || + memcmp(x1val, x2val, x1vsz)) + return RETFAIL; + } + + return RETOK; +} + +static int bytecmp(byte *b1, byte *b2, size_t len) +{ + return strncmp((char *)b1, (char *)b2, len); +} + int compare_md_entries(byte* e1,byte* e2,int len) { error(255,"Debug, compare_md_entries %p %p\n",e1,e2); if(e1!=NULL && e2!=NULL){ - if(strncmp(e1,e2,len)!=0){ + if(bytecmp(e1,e2,len)!=0){ return RETFAIL; }else{ return RETOK; @@ -156,6 +243,21 @@ int compare_md_entries(byte* e1,byte* e2 return RETFAIL; } +static int compare_str(const char *s1, const char *s2) +{ + if(s1==NULL){ + if(s2!=NULL){ + return RETFAIL; + } + }else if(s2==NULL){ + return RETFAIL; + }else if (strcmp(s1,s2)!=0){ + return RETFAIL; + } + + return RETOK; +} + /* We assume @@ -165,7 +267,7 @@ int compare_md_entries(byte* e1,byte* e2 - ignorelist kertoo mitä ei saa vertailla */ -int compare_dbline(db_line* l1,db_line* l2,int ignorelist) +int compare_dbline(db_line* l1,db_line* l2,DB_ATTR_TYPE ignorelist) { #define easy_compare(a,b) \ @@ -184,20 +286,11 @@ int compare_dbline(db_line* l1,db_line* } - int ret=0; + DB_ATTR_TYPE ret=0; if (!(DB_LINKNAME&ignorelist)) { - if(l1->linkname==NULL){ - if(l2->linkname!=NULL){ - ret|=DB_LINKNAME; - //return RETFAIL; - } - }else if(l2->linkname==NULL){ - ret|=DB_LINKNAME; - //return RETFAIL; - }else if(strcmp(l1->linkname,l2->linkname)!=0){ + if(compare_str(l1->linkname, l2->linkname)){ ret|=DB_LINKNAME; - //return RETFAIL; } } @@ -238,17 +331,22 @@ int compare_dbline(db_line* l1,db_line* easy_md_compare(DB_MD5,md5,HASH_MD5_LEN); - error(255,"Debug, %s, %p %p %i %i\n",l1->filename,l1->md5,l2->md5,ret&DB_MD5,ignorelist); + error(255,"Debug, %s, %p %p %llx %llx\n", + l1->filename,l1->md5,l2->md5,ret&DB_MD5,ignorelist); easy_md_compare(DB_SHA1,sha1,HASH_SHA1_LEN); easy_md_compare(DB_RMD160,rmd160,HASH_RMD160_LEN); easy_md_compare(DB_TIGER,tiger,HASH_TIGER_LEN); + easy_md_compare(DB_SHA256,sha256,HASH_SHA256_LEN); + easy_md_compare(DB_SHA512,sha512,HASH_SHA512_LEN); + #ifdef WITH_MHASH easy_md_compare(DB_CRC32,crc32,HASH_CRC32_LEN); easy_md_compare(DB_HAVAL,haval,HASH_HAVAL256_LEN); easy_md_compare(DB_GOST,gost,HASH_GOST_LEN); easy_md_compare(DB_CRC32B,crc32b,HASH_CRC32B_LEN); + easy_md_compare(DB_WHIRLPOOL,whirlpool,HASH_WHIRLPOOL_LEN); #endif #ifdef WITH_ACL @@ -258,10 +356,20 @@ int compare_dbline(db_line* l1,db_line* } } #endif + if (!(DB_XATTRS&ignorelist)) { + if(compare_xattrs(l1->xattrs,l2->xattrs)) { + ret|=DB_XATTRS; + } + } + if (!(DB_SELINUX&ignorelist)) { + if(compare_str(l1->cntx,l2->cntx)) { + ret|=DB_SELINUX; + } + } return ret; } -void print_lname_changes(char*old,char*new) +void print_str_changes(char*old,char*new,const char *name) { int ok = 0; @@ -281,46 +389,120 @@ void print_lname_changes(char*old,char*n ok = 1; } if(ok) - error(2,(char*)entry_format,"Lname",oline,nline); + error(2,(char*)entry_format,name,oline,nline); return; } #ifdef WITH_ACL -void print_single_acl(acl_type* acl){ - char* aclt; - +void print_single_acl(acl_type* acl) +{ if (acl==NULL) { - error(2,"<NULL>"); + error(2,"<NULL>\n"); } else { - +#ifdef WITH_POSIX_ACL + if (!acl->acl_a) + error(2,"A:<NONE>\n "); + else + error(2,"A:\n----\n%s----\n ",acl->acl_a); + if (!acl->acl_d) + error(2,"D:<NONE>\n"); + else + error(2,"D:\n----\n%s----\n",acl->acl_d); +#endif +#ifdef WITH_SUN_ACL aclt=acltotext(acl->acl,acl->entries); if (aclt==NULL) { - error(2,"ERROR"); + error(2,"ERROR\n"); } else { - error(2,"%s ,",aclt); + error(2,"%s ,\n",aclt); free(aclt); } +#endif } } void print_acl_changes(acl_type* old,acl_type* new) { if (compare_acl(old,new)==RETFAIL) { - error(2,"Acl: old = "); + error(2,"ACL: old = "); print_single_acl(old); - error(2,"\n new = "); + error(2," new = "); print_single_acl(new); } - } #endif +static size_t xstrnspn(const char *s1, size_t len, const char *srch) +{ + const char *os1 = s1; + + while (len-- && strchr(srch, *s1)) + ++s1; + + return (s1 - os1); +} + +#define PRINTABLE_XATTR_VALS \ + "0123456789" \ + "abcdefghijklmnopqrstuvwxyz" \ + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ + ".-_:;,[]{}<>()!@#$%^&*|\\/?~" + +void print_single_xattrs(xattrs_type* xattrs) +{ + if (xattrs==NULL) { + error(2,"num=0\n"); + } else { + size_t num = 0; + int width = 0; + + error(2,"num=%d\n", xattrs->num); + + width = log10(xattrs->num); /* make them the same width */ + + while (num++ < xattrs->num) + { + char *val = NULL; + size_t len = 0; + + val = (char *)xattrs->ents[num - 1].val; + + len = xstrnspn(val, xattrs->ents[num - 1].vsz, PRINTABLE_XATTR_VALS); + + if ((len == xattrs->ents[num - 1].vsz) || + ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) + error(2," [%.*zd] %s = %s\n", width, num, + xattrs->ents[num - 1].key, val); + else + { + val = encode_base64(xattrs->ents[num - 1].val, + xattrs->ents[num - 1].vsz); + error(2," [%.*zd] %s <=> %s\n", width, num, + xattrs->ents[num - 1].key, val); + free(val); + } + + } + } +} + +void print_xattrs_changes(xattrs_type* old,xattrs_type* new) { + + if (compare_xattrs(old,new)==RETFAIL) { + error(2,"XAttrs: old = "); + print_single_xattrs(old); + error(2," new = "); + print_single_xattrs(new); + } + +} + void print_md_changes(byte*old,byte*new,int len,char* name) { int ok = 0; if(old!=NULL && new!=NULL){ - if(strncmp(old,new,len)!=0){ + if(bytecmp(old,new,len)!=0){ snprintf(oline,part_len,"%s",encode_base64(old,len)); snprintf(nline,part_len,"%s",encode_base64(new,len)); ok = 1; @@ -330,14 +512,14 @@ void print_md_changes(byte*old,byte*new, return; } if(old==NULL){ - snprintf(oline,part_len,"NA"); + snprintf(oline,part_len,"<NONE>"); } else { snprintf(oline,part_len,"%s",encode_base64(old,len)); ok = 1; } /* OLD one */ if(new==NULL){ - snprintf(nline,part_len,"NA"); + snprintf(nline,part_len,"<NONE>"); }else { snprintf(nline,part_len,"%s",encode_base64(new,len)); ok = 1; @@ -371,19 +553,19 @@ void print_time_changes(const char* name nt = localtime(&(new_time)); if (!justnew) { if( is_time_null(ot) ) { - snprintf(oline,part_len,"NA"); + snprintf(oline,part_len,"<NONE>"); } else { snprintf(oline,part_len, - "%0.4u-%0.2u-%0.2u %0.2u:%0.2u:%0.2u", + "%.4u-%.2u-%.2u %.2u:%.2u:%.2u", ot->tm_year+1900, ot->tm_mon+1, ot->tm_mday, ot->tm_hour, ot->tm_min, ot->tm_sec); } } if( is_time_null(nt) ) { - snprintf(nline,part_len,"NA"); + snprintf(nline,part_len,"<NONE>"); } else { snprintf(nline,part_len, - "%0.4u-%0.2u-%0.2u %0.2u:%0.2u:%0.2u", + "%.4u-%.2u-%.2u %.2u:%.2u:%.2u", nt->tm_year+1900, nt->tm_mon+1, nt->tm_mday, nt->tm_hour, nt->tm_min, nt->tm_sec); } @@ -440,7 +622,8 @@ void print_string_changes(const char* na } -void print_dbline_changes(db_line* old,db_line* new,int ignorelist,int forced_attrs) +void print_dbline_changes(db_line* old,db_line* new, + DB_ATTR_TYPE ignorelist,DB_ATTR_TYPE forced_attrs) { char* tmp=NULL; char* tmp2=NULL; @@ -457,7 +640,7 @@ void print_dbline_changes(db_line* old,d } if(!(DB_LINKNAME&ignorelist)){ - print_lname_changes(old->linkname,new->linkname); + print_str_changes(old->linkname,new->linkname, "Lname"); } if (!(DB_SIZE&ignorelist)) { if(old->size!=new->size||(DB_SIZE&forced_attrs)){ @@ -547,6 +730,18 @@ void print_dbline_changes(db_line* old,d "TIGER"); } + if (!(DB_SHA256&ignorelist)) { + print_md_changes(old->sha256,new->sha256, + HASH_SHA256_LEN, + "SHA256"); + } + + if (!(DB_SHA512&ignorelist)) { + print_md_changes(old->sha512,new->sha512, + HASH_SHA512_LEN, + "SHA512"); + } + #ifdef WITH_MHASH if (!(DB_CRC32&ignorelist)) { print_md_changes(old->crc32,new->crc32, @@ -571,6 +766,12 @@ void print_dbline_changes(db_line* old,d HASH_CRC32B_LEN, "CRC32B"); } + + if (!(DB_WHIRLPOOL&ignorelist)) { + print_md_changes(old->whirlpool,new->whirlpool, + HASH_WHIRLPOOL_LEN, + "WHIRLPOOL"); + } #endif #ifdef WITH_ACL @@ -578,6 +779,12 @@ void print_dbline_changes(db_line* old,d print_acl_changes(old->acl,new->acl); } #endif + if (!(DB_XATTRS&ignorelist)) { + print_xattrs_changes(old->xattrs,new->xattrs); + } + if (!(DB_SELINUX&ignorelist)) { + print_str_changes(old->cntx,new->cntx, "SELinux"); + } return; } @@ -653,7 +860,7 @@ void print_report_header(int nfil,int na if(conf->config_version) error(2,_("Config version used: %s\n"),conf->config_version); - error(2,_("Start timestamp: %0.4u-%0.2u-%0.2u %0.2u:%0.2u:%0.2u\n"), + error(2,_("Start timestamp: %.4u-%.2u-%.2u %.2u:%.2u:%.2u\n"), st->tm_year+1900, st->tm_mon+1, st->tm_mday, st->tm_hour, st->tm_min, st->tm_sec); error(0,_("\nSummary:\n Total number of files:\t%i\n Added files:\t\t\t%i\n" @@ -663,7 +870,7 @@ void print_report_header(int nfil,int na void print_report_footer(struct tm* st) { - error(2,_("\nEnd timestamp: %0.4u-%0.2u-%0.2u %0.2u:%0.2u:%0.2u\n"), + error(2,_("\nEnd timestamp: %.4u-%.2u-%.2u %.2u:%.2u:%.2u\n"), st->tm_year+1900, st->tm_mon+1, st->tm_mday, st->tm_hour, st->tm_min, st->tm_sec); } @@ -682,11 +889,11 @@ void compare_db(list* new,db_config* con long nadd=0; long nfil=0; long filesindir=0; - int tempignore=0; + DB_ATTR_TYPE tempignore=0; int initdbwarningprinted=0; - int ignorelist; - int forced_attrs; + DB_ATTR_TYPE ignorelist; + DB_ATTR_TYPE forced_attrs; error(200,_("compare_db()\n")); @@ -708,7 +915,7 @@ void compare_db(list* new,db_config* con forced_attrs=get_report_attributes(); - if (forced_attrs==-1) { + if (forced_attrs==DB_ATTR_UNDEF) { forced_attrs=0; } @@ -734,7 +941,8 @@ void compare_db(list* new,db_config* con int localignorelist=old->attr ^ ((db_line*)r->data)->attr; if ((localignorelist&(~(DB_NEWFILE|DB_RMFILE)))!=0) { - error(2,"File %s in databases has different attributes, %i,%i\n",old->filename,old->attr,((db_line*)r->data)->attr); + error(2,"File %s in databases has different attributes, %llx,%llx\n", + old->filename,old->attr,((db_line*)r->data)->attr); } localignorelist|=ignorelist; @@ -828,7 +1036,7 @@ void compare_db(list* new,db_config* con error(2,_("Detailed information about changes:\n")); error(2,_("---------------------------------------------------\n\n")); for(r=changedold,l=changednew;r;r=r->next,l=l->next){ - int localignorelist=((db_line*)l->data)->attr^((db_line*)r->data)->attr; + DB_ATTR_TYPE localignorelist=((db_line*)l->data)->attr^((db_line*)r->data)->attr; localignorelist|=ignorelist; print_dbline_changes((db_line*)r->data, (db_line*)l->data,localignorelist,forced_attrs); diff -rup aide-0.12-rc1-orig/src/conf_yacc.y aide-0.12-rc1/src/conf_yacc.y --- aide-0.12-rc1-orig/src/conf_yacc.y 2006-07-15 12:02:45.000000000 -0400 +++ aide-0.12-rc1/src/conf_yacc.y 2006-10-11 13:11:30.000000000 -0400 @@ -31,7 +31,7 @@ #include "symboltable.h" #include "commandconf.h" -int retval=0; +DB_ATTR_TYPE retval=0; extern int conflex(); void conferror(const char*); @@ -42,7 +42,7 @@ extern long conf_lineno; %} %union { char* s; - int i; + DB_ATTR_TYPE i; } @@ -102,6 +102,9 @@ extern long conf_lineno; %token <i> TATIME %token <i> TCTIME %token <i> TMTIME +%token <i> TACL +%token <i> TXATTRS +%token <i> TSELINUX /* hash funktions */ @@ -111,6 +114,9 @@ extern long conf_lineno; %token <i> TMD2 %token <i> TMD4 %token <i> TMD5 +%token <i> TSHA256 +%token <i> TSHA512 +%token <i> TWHIRLPOOL /* predefs */ @@ -184,7 +190,7 @@ expr : expr '+' expr { $$ =$1 | $3 ; } primary : hash { $$ =$1 ; } | other { $$ =$1 ; } | - TSTRING { if((retval=get_groupval($1))>=0) { + TSTRING { if((retval=get_groupval($1)) != DB_ATTR_UNDEF) { $$=retval; } else { @@ -199,10 +205,12 @@ other : TRIGHTS { $$ =$1 ;} | TUSER {$$ | TLINKCOUNT {$$ =$1 ;} | TSIZE {$$ =$1 ;} | TGROWINGSIZE {$$ =$1 ;} | TATIME {$$ =$1 ;} | TCTIME {$$ =$1 ;} | TMTIME {$$ =$1 ;} | TL {$$ = $1;} - | TR {$$ = $1;} ; + | TR {$$ = $1;} | TACL {$$ =$1 ;} | TXATTRS {$$ =$1 ;} + | TSELINUX {$$ =$1 ;}; hash : TTIGER { $$ =$1 ;} | TSHA1 { $$ =$1 ;} | TRMD160 { $$ =$1 ;} - | TMD5 {$$ =$1 ;} ; + | TMD5 {$$ =$1 ;} | TSHA256 { $$ =$1 ;} | TSHA512 { $$ =$1 ;} + | TWHIRLPOOL { $$ =$1 ;}; definestmt : TDEFINE TSTRING TSTRING { do_define($2,$3); }; @@ -252,8 +260,10 @@ verbose : TVERBOSE TSTRING { do_verbdef( report : TREPORT_URL TSTRING { do_repurldef($2); } ; beginconfigstmt : TBEGIN_CONFIG TSTRING { +#ifdef WITH_MHASH conf->do_configmd=1; conf->old_confmdstr=strdup($2); +#endif } ; endconfigstmt : TEND_CONFIG { diff -rup aide-0.12-rc1-orig/src/db.c aide-0.12-rc1/src/db.c --- aide-0.12-rc1-orig/src/db.c 2006-03-29 02:58:19.000000000 -0500 +++ aide-0.12-rc1/src/db.c 2006-10-11 13:18:25.000000000 -0400 @@ -197,14 +197,41 @@ db_line* db_readline(int db){ } -byte* base64tobyte(char* src,int len) +byte* base64tobyte(char* src,int len,size_t *ret_len) { if(strcmp(src,"0")!=0){ - return decode_base64(src,len); + return decode_base64(src,len,ret_len); } return NULL; } +static char *db_readchar(char *s) +{ + if (s == NULL) + return (NULL); + + if (s[0] == '0') + { + if (s[1] == '\0') + return (NULL); + + if (s[1] == '-') + return (strdup("")); + + if (s[1] == '0') + { + memmove(s, s+1, strlen(s+1)+1); + // Hope this removes core + // dumping in some environments. Has something to do with + // memory (de)allocation. + } + } + + decode_string(s); + + return strdup(s); +} + db_line* db_char2line(char** ss,int db){ int i; @@ -241,10 +268,10 @@ db_line* db_char2line(char** ss,int db){ line->crc32b=NULL; line->haval=NULL; line->gost=NULL; + line->whirlpool=NULL; #endif -#ifdef WITH_ACL - line->acl=0; -#endif + line->sha256=NULL; + line->sha512=NULL; line->perm=0; line->uid=0; line->gid=0; @@ -257,6 +284,9 @@ db_line* db_char2line(char** ss,int db){ line->size=0; line->filename=NULL; line->linkname=NULL; + line->acl=NULL; + line->xattrs=NULL; + line->cntx=NULL; line->attr=conf->attr; /* attributes from @@dbspec */ @@ -273,28 +303,7 @@ db_line* db_char2line(char** ss,int db){ break; } case db_linkname : { - char *s = ss[(*db_order)[i]]; - if(ss[(*db_order)[i]]!=NULL){ - if(ss[(*db_order)[i]][0]=='0'){ - if(ss[(*db_order)[i]][1]=='\0'){ - line->linkname=NULL; - break; - }else if(ss[(*db_order)[i]][1]=='-'){ - line->linkname=strdup(""); - break; - }else if(ss[(*db_order)[i]][1]=='0'){ - memmove(s,s+1,strlen(s+1)+1); - // Hope this removes core - // dumping in some environments. Has something to do with - // memory (de)allocation. - } - } - decode_string(s); - line->linkname=strdup(s); - } else { - error(0,_("db_char2line():Error while reading database\n")); - abort(); - } + line->linkname = db_readchar(ss[(*db_order)[i]]); break; } case db_mtime : { @@ -332,47 +341,62 @@ db_line* db_char2line(char** ss,int db){ } case db_md5 : { line->md5=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); break; } case db_sha1 : { line->sha1=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); break; } case db_rmd160 : { line->rmd160=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); break; } case db_tiger : { line->tiger=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); break; } #ifdef WITH_MHASH case db_crc32 : { line->crc32=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); break; } case db_gost : { line->gost=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); break; } case db_haval : { line->haval=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); break; } case db_crc32b : { line->crc32b=base64tobyte(ss[(*db_order)[i]], - strlen(ss[(*db_order)[i]])); + strlen(ss[(*db_order)[i]]), NULL); + break; + } + case db_whirlpool : { + line->whirlpool=base64tobyte(ss[(*db_order)[i]], + strlen(ss[(*db_order)[i]]), NULL); break; } #endif -#ifdef WITH_ACL + case db_sha256 : { + line->sha256=base64tobyte(ss[(*db_order)[i]], + strlen(ss[(*db_order)[i]]), NULL); + break; + } + case db_sha512 : { + line->sha512=base64tobyte(ss[(*db_order)[i]], + strlen(ss[(*db_order)[i]]), NULL); + break; + } +#ifdef WITH_SUN_ACL case db_acl : { char* endp,*pos; int entries,lc; @@ -400,6 +424,70 @@ db_line* db_char2line(char** ss,int db){ break; } #endif +#ifdef WITH_POSIX_ACL + case db_acl : { + char *tval = NULL; + + tval = strtok(ss[(*db_order)[i]], ","); + + line->acl = NULL; + + if (tval[0] == '0') + line->acl = NULL; + else if (!strcmp(tval, "POSIX")) + { + line->acl = malloc(sizeof(acl_type)); + line->acl->acl_a = NULL; + line->acl->acl_d = NULL; + + tval = strtok(NULL, ","); + line->acl->acl_a = (char *)base64tobyte(tval, strlen(tval), NULL); + tval = strtok(NULL, ","); + line->acl->acl_d = (char *)base64tobyte(tval, strlen(tval), NULL); + } + /* else, it's broken... */ + break; + } +#endif + case db_xattrs : { + size_t num = 0; + char *tval = NULL; + + tval = strtok(ss[(*db_order)[i]], ","); + num = readlong(tval, "xattrs"); + if (num) + { + line->xattrs = malloc(sizeof(xattrs_type)); + line->xattrs->ents = calloc(sizeof(xattr_node), num); + line->xattrs->sz = num; + line->xattrs->num = num; + num = 0; + while (num < line->xattrs->num) + { + byte *val = NULL; + size_t vsz = 0; + + tval = strtok(NULL, ","); + line->xattrs->ents[num].key = db_readchar(strdup(tval)); + tval = strtok(NULL, ","); + val = base64tobyte(tval, strlen(tval), &vsz); + line->xattrs->ents[num].val = val; + line->xattrs->ents[num].vsz = vsz; + + ++num; + } + } + break; + } + + case db_selinux : { + byte *val = NULL; + + val = base64tobyte(ss[(*db_order)[i]], strlen(ss[(*db_order)[i]]),NULL); + line->cntx = (char *)val; + break; + } + case db_perm : { line->perm=readoct(ss[(*db_order)[i]],"permissions"); break; @@ -411,7 +499,7 @@ db_line* db_char2line(char** ss,int db){ } case db_attr : { - line->attr=readint(ss[(*db_order)[i]],"attr"); + line->attr=readlong(ss[(*db_order)[i]],"attr"); break; } @@ -434,7 +522,7 @@ db_line* db_char2line(char** ss,int db){ time_t base64totime_t(char* s){ - byte* b=decode_base64(s,strlen(s)); + byte* b=decode_base64(s,strlen(s),NULL); char* endp; if (b==NULL||strcmp(s,"0")==0) { @@ -444,7 +532,7 @@ time_t base64totime_t(char* s){ return 0; } else { - time_t t = strtol(b,&endp,10); + time_t t = strtol((char *)b,&endp,10); if (endp[0]!='\0') { error(0,"Error converting base64\n"); @@ -645,10 +733,16 @@ void free_db_line(db_line* dl) checked_free(dl->filename); checked_free(dl->linkname); +#ifdef WITH_MHASH checked_free(dl->crc32); checked_free(dl->crc32b); checked_free(dl->gost); checked_free(dl->haval); +#endif + + checked_free(dl->sha256); + checked_free(dl->sha512); + checked_free(dl->whirlpool); } const char* aide_key_5=CONFHMACKEY_05; const char* db_key_5=DBHMACKEY_05; diff -rup aide-0.12-rc1-orig/src/db_disk.c aide-0.12-rc1/src/db_disk.c --- aide-0.12-rc1-orig/src/db_disk.c 2006-04-13 08:58:07.000000000 -0400 +++ aide-0.12-rc1/src/db_disk.c 2006-10-11 02:11:37.000000000 -0400 @@ -20,7 +20,9 @@ */ #include "aide.h" -#define _POSIX_C_SOURCE 199506L +#ifndef _POSIX_C_SOURCE +# define _POSIX_C_SOURCE 199506L +#endif #include <unistd.h> #include <stdio.h> #include <string.h> @@ -66,7 +68,7 @@ seltree *tree; long td = -1; int rdres = 0; -int attr; +DB_ATTR_TYPE attr; char *start_path = "/"; int root_handled = 0; diff -rup aide-0.12-rc1-orig/src/db_file.c aide-0.12-rc1/src/db_file.c --- aide-0.12-rc1-orig/src/db_file.c 2006-04-11 05:30:44.000000000 -0400 +++ aide-0.12-rc1/src/db_file.c 2006-10-11 13:20:05.000000000 -0400 @@ -264,7 +264,7 @@ int db_file_read_spec(int db){ conf->attr=1; } } - if (conf->attr==-1) { + if (conf->attr==DB_ATTR_UNDEF) { conf->attr=0; error(0,"Database does not have attr field.\nComparation may be incorrect\nGenerating attr-field from dbspec\nIt might be a good Idea to regenerate databases. Sorry.\n"); for(i=0;i<conf->db_in_size;i++) { @@ -593,6 +593,8 @@ int db_writechar(char* s,FILE* file,int char* r=NULL; int retval=0; + (void)file; + if(i) { dofprintf(" "); } @@ -627,6 +629,8 @@ int db_writechar(char* s,FILE* file,int int db_writeint(long i,FILE* file,int a) { + (void)file; + if(a) { dofprintf(" "); } @@ -636,6 +640,8 @@ int db_writeint(long i,FILE* file,int a) } int db_writelong(AIDE_OFF_TYPE i,FILE* file,int a) { + (void)file; + if(a) { dofprintf(" "); } @@ -648,12 +654,13 @@ int db_writelong(AIDE_OFF_TYPE i,FILE* f } -int db_write_byte_base64(byte*data,size_t len,FILE* file,int i,int th, - int attr ) +int db_write_byte_base64(byte*data,size_t len,FILE* file,int i, + DB_ATTR_TYPE th, DB_ATTR_TYPE attr ) { char* tmpstr=NULL; int retval=0; + (void)file; if (data!=NULL&&th&attr) { tmpstr=encode_base64(data,len); @@ -681,6 +688,8 @@ int db_write_time_base64(time_t i,FILE* char* tmpstr=NULL; int retval=0; + (void)file; + if(a){ dofprintf(" "); } @@ -701,7 +710,7 @@ int db_write_time_base64(time_t i,FILE* sprintf(ptr,"%li",i); - tmpstr=encode_base64(ptr,strlen(ptr)); + tmpstr=encode_base64((byte *)ptr,strlen(ptr)); retval=dofprintf(tmpstr); free(tmpstr); free(ptr); @@ -712,6 +721,8 @@ int db_write_time_base64(time_t i,FILE* int db_writeoct(long i, FILE* file,int a) { + (void)file; + if(a) { dofprintf(" "); } @@ -779,7 +790,7 @@ int db_writespec_file(db_config* conf) } for(i=0;i<conf->db_out_size;i++){ for(j=0;j<db_unknown;j++){ - if(db_value[j]==conf->db_out_order[i]){ + if((int)db_value[j]==(int)conf->db_out_order[i]){ retval=dofprintf("%s ",db_names[j]); if(retval==0){ return RETFAIL; @@ -795,8 +806,9 @@ int db_writespec_file(db_config* conf) return RETOK; } +int db_writeacl(acl_type* acl,FILE* file,int a) +{ #ifdef WITH_SUN_ACL -int db_writeacl(acl_type* acl,FILE* file,int a){ int i; if(a) { @@ -814,13 +826,45 @@ int db_writeacl(acl_type* acl,FILE* file acl->acl[i].a_perm); } } +#endif +#ifdef WITH_POSIX_ACL + if(a) { + dofprintf(" "); + } + + if (acl==NULL) { + dofprintf("0"); + } else { + dofprintf("POSIX"); /* This is _very_ incompatible */ + + dofprintf(","); + if (acl->acl_a) + db_write_byte_base64((byte*)acl->acl_a, strlen(acl->acl_a), file,0,1,1); + else + dofprintf("0"); + dofprintf(","); + if (acl->acl_d) + db_write_byte_base64((byte*)acl->acl_d, strlen(acl->acl_d), file,0,1,1); + else + dofprintf("0"); + } +#endif +#ifndef WITH_ACL + if(a) { /* compat. */ + dofprintf(" "); + } + + dofprintf("0"); +#endif + return RETOK; } -#endif int db_writeline_file(db_line* line,db_config* conf, url_t* url){ int i; + (void)url; + for(i=0;i<conf->db_out_size;i++){ switch (conf->db_out_order[i]) { case db_filename : { @@ -930,9 +974,32 @@ int db_writeline_file(db_line* line,db_c DB_GOST,line->attr); break; } + case db_sha256 : { + db_write_byte_base64(line->sha256, + HASH_SHA256_LEN, + conf->db_out,i, + DB_SHA256,line->attr); + + break; + } + case db_sha512 : { + db_write_byte_base64(line->sha512, + HASH_SHA512_LEN, + conf->db_out,i, + DB_SHA512,line->attr); + + break; + } + case db_whirlpool : { + db_write_byte_base64(line->whirlpool, + HASH_WHIRLPOOL_LEN, + conf->db_out,i, + DB_WHIRLPOOL,line->attr); + + break; + } case db_attr : { - db_writeint(line->attr, - conf->db_out,i); + db_writelong(line->attr, conf->db_out,i); break; } #ifdef WITH_ACL @@ -941,6 +1008,37 @@ int db_writeline_file(db_line* line,db_c break; } #endif + case db_xattrs : { + xattr_node *xattr = NULL; + size_t num = 0; + + // if (!line->xattrs || !(line->attr & DB_XATTRS)) + if (!line->xattrs) + { + db_writelong(0, conf->db_out, i); + break; + } + + db_writelong(line->xattrs->num, conf->db_out, i); + + xattr = line->xattrs->ents; + while (num < line->xattrs->num) + { + dofprintf(","); + db_writechar(xattr->key, conf->db_out, 0); + dofprintf(","); + db_write_byte_base64(xattr->val, xattr->vsz, conf->db_out, 0, 1, 1); + + ++xattr; + ++num; + } + break; + } + case db_selinux : { + db_write_byte_base64((byte*)line->cntx, strlen(line->cntx), + conf->db_out, i, 1, 1); + break; + } case db_checkmask : { db_writeoct(line->attr,conf->db_out,i); break; diff -rup aide-0.12-rc1-orig/src/db_sql.c aide-0.12-rc1/src/db_sql.c --- aide-0.12-rc1-orig/src/db_sql.c 2005-04-06 05:50:26.000000000 -0400 +++ aide-0.12-rc1/src/db_sql.c 2006-10-09 02:06:10.000000000 -0400 @@ -542,6 +542,11 @@ char* db_get_sql(db_line* line,db_config /* TODO */ break; } + case db_xattrs : { + error(0,"TODO db_xattrs write to db_sql.c"); + /* TODO */ + break; + } case db_checkmask : { sql_writeoct(line->attr,s,i); break; diff -rup aide-0.12-rc1-orig/src/do_md.c aide-0.12-rc1/src/do_md.c --- aide-0.12-rc1-orig/src/do_md.c 2006-05-31 05:17:26.000000000 -0400 +++ aide-0.12-rc1/src/do_md.c 2006-10-11 11:19:21.000000000 -0400 @@ -19,10 +19,12 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#define _POSIX_C_SOURCE 200112L - #include "aide.h" +#ifndef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 200112L +#endif + #include <limits.h> #include <stdio.h> #include <stdlib.h> @@ -63,7 +65,7 @@ /* #include <gcrypt.h> */ -void md_init_fail(const char* s,db_line* db,byte** hash,unsigned i) { +void md_init_fail(const char* s,db_line* db,byte** hash,DB_ATTR_TYPE i) { error(0,"Message digest %s initialise failed\nDisabling %s for file %s\n",s,s,db->filename); db->attr=db->attr&(~i); (*hash)=0; @@ -84,6 +86,8 @@ void free_hashes(db_line* dl){ free_hash(gost); free_hash(crc32b); #endif + free_hash(sha256); + free_hash(sha512); } /* Not use any more. calc_md is the new function. @@ -332,8 +336,52 @@ void fs2db_line(struct AIDE_STAT_TYPE* f } -#ifdef WITH_ACL void acl2line(db_line* line) { + acl_type *ret = NULL; + +#ifdef WITH_POSIX_ACL + if(DB_ACL&line->attr) { + acl_t acl_a; + acl_t acl_d; + char *tmp = NULL; + + acl_a = acl_get_file(line->filename, ACL_TYPE_ACCESS); + acl_d = acl_get_file(line->filename, ACL_TYPE_DEFAULT); + if ((acl_a == NULL) && (errno == ENOTSUP)) + return; + if (acl_a == NULL) + error(0, "Tried to read access ACL on %s but failed with: %m\n", + line->filename); + if ((acl_d == NULL) && (errno != EACCES)) /* ignore DEFAULT on files */ + { + acl_free(acl_a); + error(0, "Tried to read default ACL on %s but failed with: %m\n", + line->filename); + } + + /* assume memory allocs work, like rest of AIDE code... */ + ret = malloc(sizeof(acl_type)); + + /* use tmp, so free() can be called instead of acl_free() */ + tmp = acl_to_text(acl_a, NULL); + ret->acl_a = strdup(tmp); + acl_free(tmp); + + if (!acl_d) + ret->acl_d = NULL; + else + { + tmp = acl_to_text(acl_d, NULL); + if (!*tmp) + ret->acl_d = NULL; + else + ret->acl_d = strdup(tmp); + acl_free(tmp); + } + } + line->acl = ret; +#endif +#ifdef WITH_SUN_ACL if(DB_ACL&line->attr) { /* There might be a bug here. */ int res; line->acl=malloc(sizeof(acl_type)); @@ -360,8 +408,8 @@ void acl2line(db_line* line) { }else{ line->acl=NULL; } -} #endif +} void no_hash(db_line* line) { line->attr&=~DB_HASHES; diff -rup aide-0.12-rc1-orig/src/error.c aide-0.12-rc1/src/error.c --- aide-0.12-rc1-orig/src/error.c 2006-01-22 07:00:55.000000000 -0500 +++ aide-0.12-rc1/src/error.c 2006-10-11 01:56:16.000000000 -0400 @@ -35,6 +35,7 @@ /*for locale support*/ #include "locale-aide.h" /*for locale support*/ +#include "util.h" int cmp_url(url_t* url1,url_t* url2){ diff -rup aide-0.12-rc1-orig/src/gen_list.c aide-0.12-rc1/src/gen_list.c --- aide-0.12-rc1-orig/src/gen_list.c 2006-07-15 11:25:17.000000000 -0400 +++ aide-0.12-rc1/src/gen_list.c 2006-10-11 13:26:56.000000000 -0400 @@ -33,6 +33,7 @@ #endif #include <errno.h> #include <time.h> + #include "report.h" #include "gnu_regex.h" #include "list.h" @@ -56,6 +57,7 @@ #include <gcrypt.h> */ #include "md.h" +#include "do_md.h" void hsymlnk(db_line* line); void fs2db_line(struct AIDE_STAT_TYPE* fs,db_line* line); @@ -65,10 +67,10 @@ void no_hash(db_line* line); char* strrxtok(char* rx) { char*p=NULL; - int i=0; + size_t i=0; /* The following code assumes that the first character is a slash */ - int lastslash=1; + size_t lastslash=1; p=strdup(rx); p[0]='/'; @@ -103,8 +105,8 @@ char* strrxtok(char* rx) char* strlastslash(char*str) { char* p=NULL; - int lastslash=1; - int i=0; + size_t lastslash=1; + size_t i=0; for(i=1;i<strlen(str);i++){ if(str[i]=='/'){ @@ -354,11 +356,130 @@ void gen_seltree(list* rxlist,seltree* t */ free(rxtok); } +} + +static xattrs_type *xattr_new(void) +{ + xattrs_type *ret = NULL; + + ret = malloc(sizeof(xattrs_type)); + ret->num = 0; + ret->sz = 2; + ret->ents = malloc(sizeof(xattr_node) * ret->sz); + + return (ret); +} + +static void *xzmemdup(const void *ptr, size_t len) +{ /* always keeps a 0 at the end... */ + void *ret = NULL; + ret = malloc(len+1); + memcpy(ret, ptr, len); + ((char*)ret)[len] = 0; + + return (ret); +} + +static void xattr_add(xattrs_type *xattrs, + const char *key, const char *val, size_t vsz) +{ + if (xattrs->num >= xattrs->sz) + { + xattrs->sz <<= 1; + xattrs->ents = realloc(xattrs->ents, sizeof(xattr_node) * xattrs->sz); + } + + xattrs->ents[xattrs->num].key = strdup(key); + xattrs->ents[xattrs->num].val = xzmemdup(val, vsz); + xattrs->ents[xattrs->num].vsz = vsz; + + xattrs->num += 1; +} + +/* should be in do_md ? */ +static void xattrs2line(db_line *line) +{ /* get all generic user xattrs. */ + xattrs_type *xattrs = NULL; + static ssize_t xsz = 1024; + static char *xatrs = NULL; + ssize_t xret = -1; + + if (!(DB_XATTRS&line->attr)) + return; + + xattrs = xattr_new(); + + /* assume memory allocs work, like rest of AIDE code... */ + if (!xatrs) xatrs = malloc(xsz); + + while (((xret = listxattr(line->filename, xatrs, xsz)) == -1) && + (errno == ERANGE)) + { + xsz <<= 1; + xatrs = realloc(xatrs, xsz); + } + + if (xret == -1) + error(0, "listxattrs failed for %s:%m\n", line->filename); + else + { + const char *attr = xatrs; + static ssize_t asz = 1024; + static char *val = NULL; + + if (!val) val = malloc(asz); + + while (xret > 0) + { + size_t len = strlen(attr); + ssize_t aret = 0; + + if (strncmp(attr, "user.", strlen("user.")) && + strncmp(attr, "root.", strlen("root."))) + goto next_attr; /* only store normal xattrs, and SELinux */ + + while (((aret = getxattr(line->filename, attr, val, asz)) == -1) && + (errno == ERANGE)) + { + asz <<= 1; + val = realloc (val, asz); + } + + if (aret != -1) + xattr_add(xattrs, attr, val, aret); + else if (errno != ENOATTR) + error(0, "getxattr failed for %s:%m\n", line->filename); + + next_attr: + attr += len + 1; + xret -= len + 1; + } + } + line->xattrs = xattrs; } -list* add_file_to_list(list* listp,char*filename,int attr,int* addok) +/* should be in do_md ? */ +static void selinux2line(db_line *line) +{ + char *cntx = NULL; + + if (!(DB_SELINUX&line->attr)) + return; + + if (lgetfilecon_raw(line->filename, &cntx) == -1) + { + error(0, "lgetfilecon_raw failed for %s:%m\n", line->filename); + return; + } + + line->cntx = strdup(cntx); + + freecon(cntx); +} + +list* add_file_to_list(list* listp,char*filename,DB_ATTR_TYPE attr,int* addok) { db_line* fil=NULL; time_t cur_time; @@ -445,8 +566,8 @@ list* add_file_to_list(list* listp,char* if(conf->no_acl_on_symlinks!=1) { fil->attr&=(~DB_ACL); } -#endif - +#endif + if(conf->warn_dead_symlinks==1) { struct AIDE_STAT_TYPE fs; int sres; @@ -567,35 +688,6 @@ list* add_file_to_list(list* listp,char* fil->bcount=0; } -#ifdef WITH_ACL - if(DB_ACL&fil->attr) { /* There might be a bug here. */ - int res; - fil->acl=malloc(sizeof(acl_type)); - fil->acl->entries=acl(fil->filename,GETACLCNT,0,NULL); - if (fil->acl->entries==-1) { - char* er=strerror(errno); - fil->acl->entries=0; - if (er==NULL) { - error(0,"ACL query failed for %s. strerror failed for %i\n",fil->filename,errno); - } else { - error(0,"ACL query failed for %s:%s\n",fil->filename,er); - } - } else { - fil->acl->acl=malloc(sizeof(aclent_t)*fil->acl->entries); - res=acl(fil->filename,GETACL,fil->acl->entries,fil->acl->acl); - if (res==-1) { - error(0,"ACL error %s\n",strerror(errno)); - } else { - if (res!=fil->acl->entries) { - error(0,"Tried to read %i acl but got %i\n",fil->acl->entries,res); - } - } - } - }else{ - fil->acl=NULL; - } - -#endif if(S_ISDIR(fs.st_mode)||S_ISCHR(fs.st_mode) ||S_ISBLK(fs.st_mode)||S_ISFIFO(fs.st_mode) @@ -630,13 +722,18 @@ list* add_file_to_list(list* listp,char* fil->haval=DB_HAVAL&fil->attr?(byte*)"":NULL; #endif } + + xattrs2line(fil); /* NOTE ... this is a lie, code never gets here */ + + // selinux2line(fil); + listp=list_append(listp,(void*)fil); *addok=RETOK; return listp; } -int check_list_for_match(list* rxrlist,char* text,int* attr) +int check_list_for_match(list* rxrlist,char* text,DB_ATTR_TYPE* attr) { list* r=NULL; int retval=1; @@ -654,7 +751,7 @@ int check_list_for_match(list* rxrlist,c //this is used to check if $text if equal to a node in $rxrlist //should be used to check equ_rx_lst only -int check_list_for_equal(list* rxrlist,char* text,int* attr) +int check_list_for_equal(list* rxrlist,char* text,DB_ATTR_TYPE* attr) { list* r=NULL; int retval=1; @@ -695,7 +792,7 @@ int check_list_for_equal(list* rxrlist,c *16, this is a recursed call */ -int check_node_for_match(seltree*node,char*text,int retval,int* attr) +int check_node_for_match(seltree*node,char*text,int retval,DB_ATTR_TYPE* attr) { int top=0; @@ -753,7 +850,7 @@ int check_node_for_match(seltree*node,ch return retval; } -list* traverse_tree(seltree* tree,list* file_lst,int attr) +list* traverse_tree(seltree* tree,list* file_lst,DB_ATTR_TYPE attr) { list* r=NULL; seltree* a=NULL; @@ -764,7 +861,7 @@ list* traverse_tree(seltree* tree,list* int addfile=0; char* fullname=NULL; int e=0; - int matchattr=attr; + DB_ATTR_TYPE matchattr=attr; # ifndef HAVE_READDIR_R long td=-1; # endif @@ -960,7 +1057,7 @@ list* gen_list(list* prxlist,list* nrxli * strip_dbline() * strips given dbline */ -void strip_dbline(db_line* line,int attr) +void strip_dbline(db_line* line,DB_ATTR_TYPE attr) { #define checked_free(x) if(x!=NULL) free(x) @@ -1034,12 +1131,24 @@ void strip_dbline(db_line* line,int attr line->haval=NULL; } #endif + if(!(attr&DB_SHA256)){ + checked_free(line->sha256); + line->sha256=NULL; + } + if(!(attr&DB_SHA512)){ + checked_free(line->sha512); + line->sha512=NULL; + } #ifdef WITH_ACL if(!(attr&DB_ACL)){ - checked_free(line->acl); + checked_free(line->acl); /* FIXME: ... needs more */ line->acl=NULL; } #endif + if(!(attr&DB_XATTRS)){ + checked_free(line->xattrs); /* FIXME: ... needs more */ + line->xattrs=NULL; + } } /* @@ -1048,11 +1157,12 @@ void strip_dbline(db_line* line,int attr * status = what to do with this node * attr attributes to add */ -void add_file_to_tree(seltree* tree,db_line* file,int db,int status,int attr) +void add_file_to_tree(seltree* tree,db_line* file,int db,int status, + DB_ATTR_TYPE attr) { seltree* node=NULL; - int localignorelist=0; - int ignorelist=0; + DB_ATTR_TYPE localignorelist=0; + DB_ATTR_TYPE ignorelist=0; node=get_seltree_node(tree,file->filename); @@ -1090,14 +1200,15 @@ void add_file_to_tree(seltree* tree,db_l ignorelist=get_groupval("ignore_list"); - if (ignorelist==-1) { + if (ignorelist==DB_ATTR_UNDEF) { ignorelist=0; } if((node->checked&DB_OLD)&&(node->checked&DB_NEW)){ localignorelist=(node->new_data->attr^node->old_data->attr); if (localignorelist!=0) { - error(2,"File %s in databases has different attributes, %i,%i\n",node->old_data->filename,node->old_data->attr,node->new_data->attr); + error(2,"File %s in databases has different attributes, %llx,%llx\n", + node->old_data->filename,node->old_data->attr,node->new_data->attr); } localignorelist|=ignorelist; @@ -1145,7 +1256,7 @@ void add_file_to_tree(seltree* tree,db_l localignorelist=(oldData->attr^newData->attr)&(~(DB_NEWFILE|DB_RMFILE)); if (localignorelist!=0) { - error(5,"File \"%s\" \"%s\" in databases has different attributes (here3), %i,%i\n", + error(5,"File \"%s\" \"%s\" in databases has different attributes (here3), %llx,%llx\n", newData->filename,oldData->filename,oldData->attr,newData->attr); } @@ -1170,7 +1281,7 @@ void add_file_to_tree(seltree* tree,db_l } } -int check_rxtree(char* filename,seltree* tree,int* attr) +int check_rxtree(char* filename,seltree* tree,DB_ATTR_TYPE* attr) { int retval=0; char * tmp=NULL; @@ -1203,7 +1314,7 @@ int check_rxtree(char* filename,seltree* return retval; } -db_line* get_file_attrs(char* filename,int attr) +db_line* get_file_attrs(char* filename,DB_ATTR_TYPE attr) { struct AIDE_STAT_TYPE fs; int sres=0; @@ -1285,9 +1396,11 @@ db_line* get_file_attrs(char* filename,i /* ACL stuff */ -#ifdef WITH_ACL acl2line(line); -#endif + + xattrs2line(line); + + selinux2line(line); if (attr&DB_HASHES && S_ISREG(fs.st_mode)) { calc_md(&fs,line); @@ -1373,8 +1486,8 @@ void populate_tree(seltree* tree) db_line* old=NULL; db_line* new=NULL; int initdbwarningprinted=0; - int ignorelist=0; - int attr=0; + DB_ATTR_TYPE ignorelist=0; + DB_ATTR_TYPE attr=0; seltree* node=NULL; /* With this we avoid unnecessary checking of removed files. */ @@ -1386,7 +1499,7 @@ void populate_tree(seltree* tree) ignorelist=get_groupval("ignore_list"); - if (ignorelist==-1) { + if (ignorelist==DB_ATTR_UNDEF) { ignorelist=0; } diff -rup aide-0.12-rc1-orig/src/Makefile.am aide-0.12-rc1/src/Makefile.am --- aide-0.12-rc1-orig/src/Makefile.am 2006-03-29 02:58:19.000000000 -0500 +++ aide-0.12-rc1/src/Makefile.am 2006-10-11 10:07:34.000000000 -0400 @@ -50,16 +50,16 @@ aide_SOURCES = \ INCLUDES = -I$(top_srcdir)/include -LDADD = @CRYPTLIB@ @ACLLIB@ +LDADD = @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ -AM_LDFLAGS = @LDFLAGS@ @LD_STATIC_FLAG@ +AM_LDFLAGS = @LDFLAGS@ @LD_STATIC_FLAG@ -lm AM_CFLAGS = @CFLAGS@ @MAINTAINER_MODE_TRUE@ -Wall -g CLEANFILES = conf_yacc.h conf_yacc.c conf_lex.c db_lex.c *~ LEX_OUTPUT_ROOT = lex.yy -AM_YFLAGS= -d +# AM_YFLAGS= -d db_lex2.c:db_lex.c diff -rup aide-0.12-rc1-orig/src/Makefile.in aide-0.12-rc1/src/Makefile.in --- aide-0.12-rc1-orig/src/Makefile.in 2006-07-15 14:20:25.000000000 -0400 +++ aide-0.12-rc1/src/Makefile.in 2006-10-11 12:49:29.000000000 -0400 @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.7.9 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ -# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 -# Free Software Foundation, Inc. +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -43,7 +43,6 @@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ top_builddir = .. - am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 @@ -57,6 +56,45 @@ POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +bin_PROGRAMS = aide$(EXEEXT) +subdir = src +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in conf_yacc.c +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/version.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +PROGRAMS = $(bin_PROGRAMS) +am_aide_OBJECTS = conf_yacc.$(OBJEXT) conf_lex2.$(OBJEXT) \ + getopt.$(OBJEXT) getopt1.$(OBJEXT) gnu_regex.$(OBJEXT) \ + error.$(OBJEXT) md.$(OBJEXT) db.$(OBJEXT) \ + commandconf.$(OBJEXT) db_file.$(OBJEXT) db_disk.$(OBJEXT) \ + db_lex2.$(OBJEXT) db_sql.$(OBJEXT) gen_list.$(OBJEXT) \ + list.$(OBJEXT) do_md.$(OBJEXT) base64.$(OBJEXT) \ + symboltable.$(OBJEXT) compare_db.$(OBJEXT) be.$(OBJEXT) \ + util.$(OBJEXT) snprintf.$(OBJEXT) fopen.$(OBJEXT) \ + aide.$(OBJEXT) +aide_OBJECTS = $(am_aide_OBJECTS) +aide_LDADD = $(LDADD) +aide_DEPENDENCIES = +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) +SOURCES = $(aide_SOURCES) +DIST_SOURCES = $(aide_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLLIB = @ACLLIB@ ACLOCAL = @ACLOCAL@ AIDE_USE_LOCALE = @AIDE_USE_LOCALE@ @@ -81,7 +119,6 @@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GREP = @GREP@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -108,48 +145,43 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PSQLLIB = @PSQLLIB@ RANLIB = @RANLIB@ +SELINUXLIB = @SELINUXLIB@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ -YFLAGS = @YFLAGS@ ac_ct_CC = @ac_ct_CC@ +ac_ct_RANLIB = @ac_ct_RANLIB@ +ac_ct_STRIP = @ac_ct_STRIP@ am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ curlconfig = @curlconfig@ datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ exec_prefix = @exec_prefix@ host_alias = @host_alias@ -htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ -localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ +mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ -psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ - -bin_PROGRAMS = aide - aide_SOURCES = \ conf_yacc.y \ conf_lex2.c \ @@ -176,83 +208,54 @@ aide_SOURCES = \ fopen.c \ aide.c - INCLUDES = -I$(top_srcdir)/include - -LDADD = @CRYPTLIB@ @ACLLIB@ - -AM_LDFLAGS = @LDFLAGS@ @LD_STATIC_FLAG@ - +LDADD = @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ +AM_LDFLAGS = @LDFLAGS@ @LD_STATIC_FLAG@ -lm AM_CFLAGS = @CFLAGS@ @MAINTAINER_MODE_TRUE@ -Wall -g - CLEANFILES = conf_yacc.h conf_yacc.c conf_lex.c db_lex.c *~ - -AM_YFLAGS = -d -subdir = src -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -bin_PROGRAMS = aide$(EXEEXT) -PROGRAMS = $(bin_PROGRAMS) - -am_aide_OBJECTS = conf_yacc.$(OBJEXT) conf_lex2.$(OBJEXT) \ - getopt.$(OBJEXT) getopt1.$(OBJEXT) gnu_regex.$(OBJEXT) \ - error.$(OBJEXT) md.$(OBJEXT) db.$(OBJEXT) commandconf.$(OBJEXT) \ - db_file.$(OBJEXT) db_disk.$(OBJEXT) db_lex2.$(OBJEXT) \ - db_sql.$(OBJEXT) gen_list.$(OBJEXT) list.$(OBJEXT) \ - do_md.$(OBJEXT) base64.$(OBJEXT) symboltable.$(OBJEXT) \ - compare_db.$(OBJEXT) be.$(OBJEXT) util.$(OBJEXT) \ - snprintf.$(OBJEXT) fopen.$(OBJEXT) aide.$(OBJEXT) -aide_OBJECTS = $(am_aide_OBJECTS) -aide_LDADD = $(LDADD) -aide_DEPENDENCIES = -aide_LDFLAGS = - -DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/aide.Po ./$(DEPDIR)/base64.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/be.Po ./$(DEPDIR)/commandconf.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/compare_db.Po ./$(DEPDIR)/conf_lex2.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/conf_yacc.Po ./$(DEPDIR)/db.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/db_disk.Po ./$(DEPDIR)/db_file.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/db_lex2.Po ./$(DEPDIR)/db_sql.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/do_md.Po ./$(DEPDIR)/error.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/fopen.Po ./$(DEPDIR)/gen_list.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/getopt.Po ./$(DEPDIR)/getopt1.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/gnu_regex.Po ./$(DEPDIR)/list.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/md.Po ./$(DEPDIR)/snprintf.Po \ -@AMDEP_TRUE@ ./$(DEPDIR)/symboltable.Po ./$(DEPDIR)/util.Po -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) -DIST_SOURCES = $(aide_SOURCES) -DIST_COMMON = $(srcdir)/Makefile.in Makefile.am conf_yacc.c conf_yacc.h -SOURCES = $(aide_SOURCES) - all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj .y -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/Makefile -Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(bindir) + test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)" @list='$(bin_PROGRAMS)'; for p in $$list; do \ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ if test -f $$p \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \ - $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f || exit 1; \ + echo " $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ + $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ else :; fi; \ done @@ -260,23 +263,18 @@ uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(bin_PROGRAMS)'; for p in $$list; do \ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f $(DESTDIR)$(bindir)/$$f"; \ - rm -f $(DESTDIR)$(bindir)/$$f; \ + echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ + rm -f "$(DESTDIR)$(bindir)/$$f"; \ done clean-binPROGRAMS: -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) -conf_yacc.h: conf_yacc.c - @if test ! -f $@; then \ - rm -f conf_yacc.c; \ - $(MAKE) conf_yacc.c; \ - else :; fi aide$(EXEEXT): $(aide_OBJECTS) $(aide_DEPENDENCIES) @rm -f aide$(EXEEXT) $(LINK) $(aide_LDFLAGS) $(aide_OBJECTS) $(aide_LDADD) $(LIBS) mostlyclean-compile: - -rm -f *.$(OBJEXT) core *.core + -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @@ -307,34 +305,27 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@ .c.o: -@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ -@am__fastdepCC_TRUE@ -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ -@am__fastdepCC_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ -@am__fastdepCC_TRUE@ fi +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$< +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ -@am__fastdepCC_TRUE@ -c -o $@ `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi`; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ -@am__fastdepCC_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ -@am__fastdepCC_TRUE@ fi +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi` +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .y.c: - $(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$< + $(YACCCOMPILE) $< if test -f y.tab.h; then \ to=`echo "$*_H" | sed \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \ -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \ - sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \ + sed -e "/^#/!b" -e "s/Y_TAB_H/$$to/g" -e "s|y\.tab\.h|$*.h|" \ + y.tab.h >$*.ht; \ rm -f y.tab.h; \ if cmp -s $*.ht $*.h; then \ rm -f $*.ht ;\ @@ -349,14 +340,6 @@ distclean-compile: rm -f y.tab.c uninstall-info-am: -ETAGS = etags -ETAGSFLAGS = - -CTAGS = ctags -CTAGSFLAGS = - -tags: TAGS - ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -365,6 +348,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ mkid -fID $$unique +tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) @@ -376,10 +360,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEP done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ - test -z "$(ETAGS_ARGS)$$tags$$unique" \ - || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique - + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) @@ -402,10 +387,6 @@ GTAGS: distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - -top_distdir = .. -distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ @@ -419,7 +400,7 @@ distdir: $(DISTFILES) dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ if test "$$dir" != "$$file" && test "$$dir" != "."; then \ dir="/$$dir"; \ - $(mkinstalldirs) "$(distdir)$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ else \ dir=''; \ fi; \ @@ -437,9 +418,10 @@ distdir: $(DISTFILES) check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) - installdirs: - $(mkinstalldirs) $(DESTDIR)$(bindir) + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done install: install-am install-exec: install-exec-am install-data: install-data-am @@ -460,13 +442,12 @@ clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: - -rm -f $(CONFIG_CLEAN_FILES) + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -rm -f conf_yacc.c - -rm -f conf_yacc.h clean: clean-am clean-am: clean-binPROGRAMS clean-generic mostlyclean-am @@ -481,6 +462,8 @@ dvi: dvi-am dvi-am: +html: html-am + info: info-am info-am: @@ -516,16 +499,18 @@ uninstall-am: uninstall-binPROGRAMS unin .PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ clean-generic ctags distclean distclean-compile \ - distclean-generic distclean-tags distdir dvi dvi-am info \ - info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-exec install-exec-am install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ + distclean-generic distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-man install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ uninstall-am uninstall-binPROGRAMS uninstall-info-am +# AM_YFLAGS= -d + db_lex2.c:db_lex.c db_lex.c:db_lex.l diff -rup aide-0.12-rc1-orig/src/md.c aide-0.12-rc1/src/md.c --- aide-0.12-rc1-orig/src/md.c 2005-04-06 05:50:26.000000000 -0400 +++ aide-0.12-rc1/src/md.c 2006-10-11 13:31:51.000000000 -0400 @@ -35,8 +35,9 @@ stored. Only a speed issue. */ -int hash_mhash2attr(int i) { - int r=0; +DB_ATTR_TYPE hash_mhash2attr(int i) { + DB_ATTR_TYPE r=0; +#ifdef WITH_MHASH switch (i) { case MHASH_CRC32: { r=DB_CRC32; @@ -92,6 +93,15 @@ int hash_mhash2attr(int i) { break; } case MHASH_SHA256: { + r=DB_SHA256; + break; + } + case MHASH_SHA512: { + r=DB_SHA512; + break; + } + case MHASH_WHIRLPOOL: { + r=DB_WHIRLPOOL; break; } case MHASH_ADLER32: { @@ -100,7 +110,7 @@ int hash_mhash2attr(int i) { default: break; } - +#endif return r; } @@ -125,9 +135,9 @@ int init_md(struct md_container* md) { #ifdef WITH_MHASH error(255,"Mhash library initialization\n"); for(i=0;i<=HASH_MHASH_COUNT;i++) { - if (((hash_mhash2attr(i))&(HASH_USE_MHASH)&md->todo_attr)!=0) { - int h=hash_mhash2attr(i); - error(255,"inserting %i\n",h); + if (((hash_mhash2attr(i)&HASH_USE_MHASH)&md->todo_attr)!=0) { + DB_ATTR_TYPE h=hash_mhash2attr(i); + error(255,"inserting %llu\n",h); md->mhash_mdh[i]=mhash_init(i); if (md->mhash_mdh[i]!=MHASH_FAILED) { md->calc_attr|=h; @@ -209,7 +219,10 @@ int close_md(struct md_container* md) { get_libgcrypt_hash(DB_MD5,GCRY_MD_MD5,md5,HASH_MD5_LEN); get_libgcrypt_hash(DB_SHA1,GCRY_MD_SHA1,sha1,HASH_SHA1_LEN); get_libgcrypt_hash(DB_TIGER,GCRY_MD_TIGER,tiger,HASH_TIGER_LEN); - get_libgcrypt_hash(DB_RMD160,GCRY_MD_RMD160,rmd160,HASH_RMD160_LEN); + get_libgcrypt_hash(DB_RMD160,GCRY_MD_RMD160,rmd160,HASH_RMD160_LEN); + + get_libgcrypt_hash(DB_SHA256,GCRY_MD_SHA256,sha256,HASH_SHA256_LEN); + get_libgcrypt_hash(DB_SHA512,GCRY_MD_SHA512,sha512,HASH_SHA512_LEN); /*. There might be more hashes in the library. Add those here.. */ @@ -230,6 +243,9 @@ int close_md(struct md_container* md) { get_mhash_hash(MHASH_HAVAL,haval); get_mhash_hash(MHASH_GOST,gost); get_mhash_hash(MHASH_CRC32B,crc32b); + get_mhash_hash(MHASH_SHA256,sha256); + get_mhash_hash(MHASH_SHA512,sha512); + get_mhash_hash(MHASH_WHIRLPOOL,whirlpool); /* There might be more hashes in the library we want to use. @@ -275,6 +291,10 @@ void md2line(struct md_container* md,str copyhash(DB_HAVAL,haval,HASH_HAVAL_LEN); copyhash(DB_GOST,gost,HASH_GOST_LEN); copyhash(DB_CRC32B,crc32b,HASH_CRC32B_LEN); + + copyhash(DB_SHA256,sha256,HASH_SHA256_LEN); + copyhash(DB_SHA512,sha512,HASH_SHA512_LEN); + copyhash(DB_WHIRLPOOL,whirlpool,HASH_WHIRLPOOL_LEN); } /* const char* aide_key_14=KEY_14; diff -rup aide-0.12-rc1-orig/src/snprintf.c aide-0.12-rc1/src/snprintf.c --- aide-0.12-rc1-orig/src/snprintf.c 2005-04-06 06:16:30.000000000 -0400 +++ aide-0.12-rc1/src/snprintf.c 2006-10-11 13:14:27.000000000 -0400 @@ -410,10 +410,12 @@ int portable_vsnprintf(char *str, size_t /* declarations */ +#if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) static char credits[] = "\n\ @(#)snprintf.c, v2.2: Mark Martinec, <mark.martinec@ijs.si>\n\ @(#)snprintf.c, v2.2: Copyright 1999, Mark Martinec. Frontier Artistic License applies.\n\ @(#)snprintf.c, v2.2: http://www.ijs.si/software/snprintf/\n"; +#endif #if defined(NEED_ASPRINTF) int asprintf(char **ptr, const char *fmt, /*args*/ ...) { diff -rup aide-0.12-rc1-orig/src/gen_list.c aide-0.12-rc1/src/gen_list.c --- aide-0.12-rc1-orig/src/gen_list.c 2006-10-11 15:57:24.000000000 -0400 +++ aide-0.12-rc1/src/gen_list.c 2006-10-11 16:06:49.000000000 -0400 @@ -408,21 +408,21 @@ static void xattrs2line(db_line *line) if (!(DB_XATTRS&line->attr)) return; - xattrs = xattr_new(); - /* assume memory allocs work, like rest of AIDE code... */ if (!xatrs) xatrs = malloc(xsz); - while (((xret = listxattr(line->filename, xatrs, xsz)) == -1) && + while (((xret = llistxattr(line->filename, xatrs, xsz)) == -1) && (errno == ERANGE)) { xsz <<= 1; xatrs = realloc(xatrs, xsz); } - if (xret == -1) + if ((xret == -1) && (errno == ENOSYS)) + { /* do nothing */ } + else if (xret == -1) error(0, "listxattrs failed for %s:%m\n", line->filename); - else + else if (xret) { const char *attr = xatrs; static ssize_t asz = 1024; @@ -430,6 +430,8 @@ static void xattrs2line(db_line *line) if (!val) val = malloc(asz); + xattrs = xattr_new(); + while (xret > 0) { size_t len = strlen(attr); --- aide-0.12_rc1/src/gen_list.c 2006-10-11 16:11:22.000000000 -0400 +++ aide-0.12-rc1/src/gen_list.c 2006-10-11 21:09:47.000000000 -0400 @@ -1061,12 +1061,11 @@ list* gen_list(list* prxlist,list* nrxli */ void strip_dbline(db_line* line,DB_ATTR_TYPE attr) { -#define checked_free(x) if(x!=NULL) free(x) +#define checked_free(x) do { free(x); x=NULL; } while (0) /* filename is always needed, hence it is never stripped */ if(!(attr&DB_LINKNAME)){ checked_free(line->linkname); - line->linkname=NULL; } if(!(attr&DB_PERM)){ line->perm=0; @@ -1101,55 +1100,53 @@ void strip_dbline(db_line* line,DB_ATTR_ if(!(attr&DB_MD5)){ checked_free(line->md5); - line->md5=NULL; } if(!(attr&DB_SHA1)){ checked_free(line->sha1); - line->sha1=NULL; } if(!(attr&DB_RMD160)){ checked_free(line->rmd160); - line->rmd160=NULL; } if(!(attr&DB_TIGER)){ checked_free(line->tiger); - line->tiger=NULL; } #ifdef WITH_MHASH if(!(attr&DB_CRC32)){ checked_free(line->crc32); - line->crc32=NULL; } if(!(attr&DB_CRC32B)){ checked_free(line->crc32b); - line->crc32b=NULL; } if(!(attr&DB_GOST)){ checked_free(line->gost); - line->gost=NULL; } if(!(attr&DB_HAVAL)){ checked_free(line->haval); - line->haval=NULL; } #endif if(!(attr&DB_SHA256)){ checked_free(line->sha256); - line->sha256=NULL; } if(!(attr&DB_SHA512)){ checked_free(line->sha512); - line->sha512=NULL; } #ifdef WITH_ACL if(!(attr&DB_ACL)){ - checked_free(line->acl); /* FIXME: ... needs more */ - line->acl=NULL; + if (line->acl) + { + free(line->acl->acl_a); + free(line->acl->acl_d); + } + checked_free(line->acl); } #endif if(!(attr&DB_XATTRS)){ - checked_free(line->xattrs); /* FIXME: ... needs more */ - line->xattrs=NULL; + if (line->xattrs) + free(line->xattrs->ents); + checked_free(line->xattrs); + } + if(!(attr&DB_SELINUX)){ + checked_free(line->cntx); } } --- aide-0.12_rc1/src/db.c 2006-10-11 16:11:22.000000000 -0400 +++ aide-0.12-rc1/src/db.c 2006-10-11 21:11:03.000000000 -0400 @@ -724,7 +724,7 @@ void free_db_line(db_line* dl) return; } -#define checked_free(x) if(x!=NULL) { free(x); x=NULL; } +#define checked_free(x) do { free(x); x=NULL; } while (0) checked_free(dl->md5); checked_free(dl->sha1); @@ -743,6 +743,20 @@ void free_db_line(db_line* dl) checked_free(dl->sha256); checked_free(dl->sha512); checked_free(dl->whirlpool); + + if (dl->acl) + { +#ifdef WITH_ACL + free(dl->acl->acl_a); + free(dl->acl->acl_d); +#endif + } + checked_free(dl->acl); + + if (dl->xattrs) + free(dl->xattrs->ents); + checked_free(dl->xattrs); + checked_free(dl->cntx); } const char* aide_key_5=CONFHMACKEY_05; const char* db_key_5=DBHMACKEY_05;