2003-12-11 Yoann Vandoorselaere * src/prelude-strbuf.c (prelude_strbuf_get_len): new function, return used length of current buffer. (prelude_strbuf_dont_own): new function, tell prelude_strbuf to not free the buffer uppon destroy. (prelude_strbuf_new): set STRBUF_OWN_DATA. (prelude_strbuf_destroy): don't free buffer if STRBUF_OWN_DATA is not set. * src/include/Makefile.am (include_HEADERS): install prelude-inet.h 2003-12-10 Nicolas Delon * bindings/python/prelude.py: fit idmef_{time,util} changes * src/include/idmef-util.h: * src/include/sensor.h: remove prototypes of functions that do not exist anymore * bindings/perl/Prelude.c: regenerated * bindings/python/_prelude.c: regenerated 2003-12-09 Yoann Vandoorselaere * merge from libprelude-0-8 2003-12-08 Yoann Vandoorselaere * src/include/extract.h: merge some of the libprelude-0-8 fix. Kill warning. * src/prelude-message.c: * src/prelude-message-buffered.c: merge from HEAD. Needed for database caching. * src/idmef-value-type.c (time_write): correct prefix. * src/idmef-util.c: remove time function. * src/common.c: * src/client-ident.c: * sensor-adduser/sensor-adduser.c: merge from libprelude-0-8. * src/idmef-time.c (idmef_time_get_db_timestamp): (idmef_time_get_ntp_timestamp): (idmef_time_get_idmef_timestamp): (idmef_time_get_timestamp): move idmef-util time based function to idmef-time. 2003-12-06 Nicolas Delon * examples/*: some test code for libprelude in different languages 2003-12-05 Nicolas Delon * src/idmef-criteria-string.yac.y: remove log error message when the idmef criteria string is bad * src/idmef-message.c: (idmef_message_get) takes an idmef_object instead of a char * representing the object name (the problem with the old behaviour was that the function could return NULL either for an invalid object or for a non-existent value in the message, the new behaviour make this stuff more straight forward (because the idmef object is already built)) * src/sensor.c: (prelude_analyzer_fill_infos) check if analyzer_node is non NULL before copying it it avoids a segfault if prelude_analyzer_fill_infos is called without a prelude_sensor_init previous call * bindings/*: a python binding for libprelude has been implemented 2003-11-22 Nicolas Delon * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: fix a bug in *_get_child functions for the case where child is an enum (a pointer to the enum was returned instead of the enum encapsulated in an idmef_value) * src/idmef-tree-wrap.c: regenerated 2003-11-20 Nicolas Delon * bindings/perl/Prelude.pm: update documentation 2003-11-18 Nicolas Delon * src/include/idmef-tree.h: add some explanations about how to use IS_LISTED * src/idmef-wrappers-gen/GenerateIDMEFTreeData.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: * src/idmef-type.c: * src/include/idmef-type.h: change the behaviour of *_get_child functions before changes, they always returned an idmef_value_t value by now, the type of returned value depend of the value of the child: if the child is a terminal element => idmef_value_t * if the child is a list => struct list_head * if the child is a non-terminal element => pointer to the element * src/include/idmef-tree-data.h: * src/include/idmef-tree-wrap.h: * src/idmef-tree-wrap.c: regenerated * src/idmef-object.c: (idmef_object_get) (idmef_object_get_internal) (idmef_object_get_list_internal) (idmef_object_get_nth_internal) functions have been totally rewritten using the changes of *_get_child functions, the code is much more clean and easier to understand and since we don't use the idmef_value container anymore for intermediate elements of the object, the resulting code is about 3.5x faster than before doing a benchmark value lists handling is also much smarter since we now use hierarchical lists and instead of a single flat list * bindings/perl/Prelude.pm: support value list 2003-11-18 Nicolas Delon * src/idmef-object.c: * src/include/idmef-object.h: (idmef_object_list_get_size) new function cs fixes * bindings/perl/Prelude.pm: fixes in documentation * bindings/perl/Prelude.c: regenerated 2003-11-16 Nicolas Delon * src/idmef-selection.c: * src/include/idmef-selection.h: * src/include/idmef-aggregate-func.h: files removed the features provided by these files have been exported and adapted to libpreludedb * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.i: idmef-selection stuff removed * src/include/idmef.h: idmef-selection stuff removed * bindings/perl/Prelude.pm: (IDMEFMessage::get) * src/idmef-object.c: (idmef_object_get_internal) check idmef_value_get_nth return value thanks to LeRoutier for pointing that out * src/idmef-object.c: * src/include/idmef-object.h: support for listed idmef_object 2003-11-16 Yoann Vandoorselaere * src/idmef-object.c: make code more readable. 2003-11-15 Krzysztof Zaraska * src/idmef-criteria-string.lex.l: (strndup): set errno value. * src/idmef-criteria-string.lex.c: regenerated. 2003-11-14 Krzysztof Zaraska * configure.in: check for strndup(3). * src/idmef-criteria-string.lex.l: cleaned includes. Implement strndup(3) locally for use if not on a system with GNU libc. * src/idmef-criteria-string.lex.c: regenerated. 2003-11-14 Krzysztof Zaraska * src/idmef-criteria-string.yac.c: * src/idmef-criteria-string.yac.h: * src/idmef-criteria-string.lex.c: new file. Include pregenerated lexer and parser, because the required version of flex is not present in many OS/distros and upgrade may not be an option. 2003-11-14 Nicolas Delon * bindings/perl/Prelude.pm: write documentation in perlpod format 2003-11-05 Nicolas Delon * src/prelude-hash.c: * src/include/prelude-hash.h: new files, hash.h has been splited in two parts: prelude-hash.h (the hash API) and prelude-hash.c (the hash implementation) the public functions and the main structure are now prefixed with "prelude_" code has been cleaned, and various bugs fixed * src/idmef-message.c: fit the modifications of prelude-hash code cleanup and bug fixes * src/idmef-object.c: fit the modifications of prelude-hash 2003-11-05 Nicolas Delon * src/include/idmef-value-type.h: use a #define for relation_is_null and relation_is_not_null entries in idmef_relation_t, fix the two values * src/idmef-wrappers-gen/GenerateIDMEFTreeData.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreePrintC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeToStringC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: rename all *_find_{string,numeric} functions in *_to_{string,numeric} * src/idmef-tree-print.c: * src/idmef-tree-to-string.c: * src/idmef-tree-wrap.c: * src/include/idmef-tree-data.h: * src/include/idmef-tree-wrap.h: regenerated * src/idmef-type.c: * src/include/idmef-type.h: fit *_to_{string,numeric} changes * src/idmef-value.c: fit *_to_{string,numeric} changes * src/idmef-util.c: * src/include/idmef-util.h: remove wrapper functions (*_to_string uppon *_find_string) * bindings/perl/Prelude.c: regenerated 2003-11-05 Nicolas Delon * src/idmef-value-type.c: (time_write) new function * src/include/idmef-value-type.h: assign a value to relation_is_null and relation_is_not_null (they are used by libpreludedb) * src/prelude-strbuf.c: fix an include error 2003-10-31 Yoann Vandoorselaere * src/prelude-strbuf.c (prelude_strbuf_vprintf): implemented, take a va_list argument. Call ourself back recursively in case snprintf fail, but realloc succeed (instead of looping). Include strbuf.c from libpreludedb into libprelude. The source file got a face lift, and all functions and datatype were prefixed by prelude_ as this is going to be a public API. 2003-10-30 Nicolas Delon * src/idmef-criteria.c: some fixes needed by the last idmef-value changes 2003-10-30 Yoann Vandoorselaere * bindings/perl/Prelude.pm (value2scalar($)): fit idmef-time API changes. * src/idmef-wrapper-gen: updated to fit the API modifications. * src/idmef-util.c (idmef_get_db_timestamp): (idmef_get_idmef_timestamp): (idmef_get_timestamp): (idmef_get_ntp_timestamp): fit idmef-time.c API consistency fix. * src/idmef-time.c (idmef_time_get_sec): (idmef_time_get_usec): _get_ prefix. * src/idmef-type.c: fit idmef-value changes. * src/idmef-time.c: cleanup. (idmef_time_get_time): implemented. Return time as second, including usec. (parse_time_gmt): reworked. * src/idmef-value-object.c: * src/idmef-object.c: fit idmef-value API change. * src/idmef-value.c: code cleanup. Use idmef-value-type. * src/idmef-value-type.c: new abstraction to the different type used by idmef-value.c. Also handle relation between type. * src/include/Makefile.am (include_HEADERS): * src/Makefile.am (libprelude_la_SOURCES): add idmef-value-type... * bindings/perl/Prelude.i: include idmef-value-type.h. 2003-10-29 Nicolas Delon * src/idmef-data.c: (idmef_data_new_dup) (idmef_data_copy_dup) bug fix (introduced in latest idmef-data.c changes) malloc was called with the wrong variable representing the data len 2003-10-29 Nicolas Delon * bindings/perl/Prelude.pm: (IDMEFMessage::set) fix a memory leak in error handling code * bindings/perl/Prelude.pm: * bindings/perl/Prelude.i: handle idmef_data type * bindings/perl/Prelude.c: regenerated 2003-10-28 Yoann Vandoorselaere * src/idmef-string.c: * src/include/idmef-string.h: rewrote using function rather than macro, so that theses function get included into the Perl Bindings. Theses function are just wrapper around idmef-data. * src/idmef-data.c (idmef_data_get_data): return type is not const. * src/include/idmef-data.h (idmef_data): (idmef_data_len): added backward compatibility. Added a list_head entry to the structure. Make the data pointer an union, in order to avoid warning when we are manipulating read-only buffer. * src/include/idmef-string.h: bind to idmef-data API. * src/idmef-string.c: removed. * src/idmef-wrappers-gen/GenerateIDMEFTreePrintC.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageSendC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeToStringC.pm: fit idmef_data and idmef_string API change. * src/idmef-value.c: s/uchar_t/unsigned char/ * src/idmef-data.c (idmef_data_set_ref): (idmef_data_copy_ref): (idmef_data_copy_dup): call idmef_data_destroy_internal. * src/idmef-data.c: cleanup. API consistency fix. * src/include/idmef-data.h: fully documented the API using gtk-doc. 2003-10-25 Nicolas Delon * bindings/perl/Prelude.pm: (IDMEFSelection) new class 2003-10-25 Nicolas Delon * bindings/perl/Prelude.pm: (IDMEFMessage::set) support time string format * src/idmef-time.c: * src/include/idmef-time.h: (idmef_time_new_string) cleanup (the function has been divided into four different functions) idmef_time_new_string and idmef_time_new_ntp_timestamp have been renamed in s/new/set/ functions, take an already allocated idmef_time_t pointer as a first argument, *_new_* functions are just wrappers now * bindings/perl/Prelude.c: regenerated 2003-10-23 Nicolas Delon * src/include/idmef-string.h: struct idmef_string is listed now (this feature is used in idmef-tree) * src/include/idmef-tree.h: elements like idmef_process args now directly use listed feature of idmef_string instead of an intermediate structure (idmef_process_arg_t in this case) old versions of prelude-lml (0.8.3) and prelude-nids (0.8.1) which still worked with libprelude db-work, won't anymore * src/idmef-wrappers-gen/GenerateIDMEFMessageIdH.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvC.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageSendC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeData.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreePrintC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeToStringC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/IDMEFTree.pm: changes were required to fit idmef-tree.h modifications * src/idmef-wrappers-gen/generator.pl: bug fix in file autogeneration * src/idmef-message-recv.c: * src/idmef-message-send.c: * src/idmef-tree-print.c: * src/idmef-tree-to-string.c: * src/idmef-tree-wrap.c: * src/include/idmef-message-id.h: * src/include/idmef-message-recv.h: * src/include/idmef-message-send.h: * src/include/idmef-tree-data.h: * src/include/idmef-tree-print.h: * src/include/idmef-tree-to-string.h: * src/include/idmef-tree-wrap.h: regenerated * bindings/perl/Prelude.c: regenerated 2003-10-21 Nicolas Delon * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: fix function prototype issue (functions like idmef_analyzer_new_process returned void * instead of idmef_process_t *) * src/idmef-tree-wrap.c: * src/include/idmef-tree-wrap.h: regenerated * src/sensor.c: has been ported to the new API, fixes will need to be done when refcount will be supported in idmef-tree-wrap 2003-10-21 Nicolas Delon * src/idmef-object.c: (idmef_object_new_fast) cleanup (the function has been divided in three functions) * src/include/hash.h: functions prototype fixes 2003-10-20 Nicolas Delon * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: code review: fixes and cleanup (IDMEFAlert) (IDMEFHeartbeat) two new convenient packages to create alerts and heartbeats more quickly * bindings/perl/Prelude.c: regenerated 2003-10-17 Nicolas Delon * src/idmef-criteria-string.yac.y: (was src/idmef-criteria-string.y previously) * src/idmef-criteria-string.lex.l: (new file) yylex has been reimplemented using flex to generate this scanner NB: we use the reentrancy feature of flex, so you'll need a decent version that support this feature like 2.5.31 or 2.5.27, not the old 2.5.4 that distribs like gentoo have by default 2003-10-12 Nicolas Delon * bindings/perl/Prelude.pm: (IDMEFMessage::DESTROY) (PreludeMsgBuf::DESTROY) (IDMEFCriteria::DESTROY) "bug" fix/workaround some code like this: perl -e "use Prelude; $message = new IDMEFMessage" (note that I did not use "my") leads to call IDMEFMessage::DESTROY -> idmef_message_destroy with a NULL pointer (because the swig intermediate object has been destroyed before the top IDMEFMessage::DESTROY is called itself) this is very bizarre, and only happen for non-my variable at perl exit stage, perl -e "use Prelude; my $message = new IDMEFMessage" will work perl -e "use Prelude; $message = new IDMEFMessage; $message = undef" will also work indeed, perl is great language ;) 2003-10-12 Nicolas Delon * src/idmef-wrappers-gen/GenerateIDMEFTreeToStringC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeToStringH.pm: new files they generate src/idmef-tree-to-string.c and src/include/idmef-tree-to-string.h the functions they provide act like idmef-tree-print's functions but write to a given sized buffer instead * src/idmef-wrappers-gen/generator.pl: updated for src/idmef-wrappers-gen/GenerateIDMEFTreeToStringC.pm src/idmef-wrappers-gen/GenerateIDMEFTreeToStringH.pm * src/idmef-tree-to-string.c: * src/include/idmef-tree-to-string.h: generated * src/idmef-criteria.c: * src/include/idmef-criteria.h: (idmef_criterion_clone) (idmef_criteria_clone) (idmef_criterion_print) (idmef_criteria_print) (idmef_criterion_to_string) (idmef_criteria_to_string) new functions * src/idmef-util.c: * src/include/idmef-util.h: idmef_additional_data_to_string has been renamed in idmef_additionaldata_data_to_string and has been reworked to have a more logical behaviour * src/include/idmef-util.h: (MY_CONCAT) (MY_SNPRINTF) new macros, used by functions in *-to-string functions which do an intensive use of concatenation operations * src/idmef-value.c: (idmef_value_clone) it has been reworked to do a *real* recursive clone a new private function idmef_value_list_clone has also been created for this purpose * bindings/perl/Prelude.i: updated to use idmef-tree-to-string * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.pm: (IDMEFMessage::tostring) (IDMEFCriteria::clone) (IDMEFCriteria::print) (IDMEFCriteria::tostring) new functions (IDMEFCriteria::add) some fixes 2003-10-08 Nicolas Delon * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.pm: (IDMEFCriteria) fit idmef-criteria.c changes * src/idmef-criteria-string.y: * src/include/idmef-criteria-string.h: fit idmef-criteria.c changes, grammar rules has been rewritten so that the idmef_criteria structure is the perfect representation of the criteria string * src/idmef-criteria.c: * src/include/idmef-criteria.h: complete rework of the criteria API, it has been cleaned up and the problem of operators (just one for the whole chain) has been solved * src/idmef-time.c: (idmef_time_new_ntp_timestamp) memory leak fix (the new allocated idmef_time structure was not freed if strncmp returned a non-zero value), the function has been cleaned up 2003-09-23 Nicolas Delon * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.pm: (IDMEFCriterion::and) (IDMEFCriterion::or) those functions can take directly a criterion string, does not work yet because of the underlying functions * src/idmef-value.c: * src/include/idmef-value.h: (idmef_value_set_own_data) (idmef_value_dont_have_own_data) new functions idmef_value_set_own_data is a private function called by idmef_value_{dont_,}have_own_data functions * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: bug fix, in _get_*_value generated functions, set idmef_value to not to own data for primitive types which are struct * src/idmef-tree-wrap.c: regenerated 2003-09-23 Krzysztof Zaraska * src/include/idmef-object.h: * src/idmef-object.c: (idmef_object_get_internal): removed unused feature of creating object lists. Clean up. Added a ton of comments, so a potential reader (yes, that's you!) can understand it. ;p (idmef_object_get): modified accordingly. API change, object_list_t object is no longer needed. * src/idmef-message.c: modified accordingly. * src/idmef-object-list.c: * src/include/idmef-object-list.h: removed. * src/Makefile.am: * src/include/Makefile.am: * src/include/idmef.h: * src/idmef-message.c: * src/idmef-object.c: updated accordingly. 2003-09-21 Nicolas Delon * bindings/perl/Prelude.c: regenerated * src/idmef-criteria-string.y: (bufs2crit) use idmef_object_new_fast instead of idmef_object_new * src/idmef-data.c: (idmef_data_to_string) the function returns the len of buf when successful * src/idmef-string.c: (idmef_time_new_string) handle date-only strings, some fixes/improvements (my_timegm) new function, from man (3) timegm on Linux, use this one instead of timegm which is not POSIX * src/idmef-util.c: * src/include/idmef-util.h: (idmef_get_ntp_timestamp) the function returns the len of buf when successful (idmef_get_db_timestamp) fix a bug, the function returned 0 instead of a negative value if gmtime_r failed the function returns the len of buf when successful (idmef_get_idmef_timestamp) fix two bugs: - utc time was used to build the string instead of localtime - gmt offset was badly calculated (using tm_hour field of struct tm) the function has been mostly rewritten has been modified to return the len of the written buffer (idmef_get_timestamp) has been modified to return the len of the written buffer * src/idmef-value.c: (idmef_value_to_string) add support for idmef_time has been modified to return the len of the written buffer 2003-09-19 Nicolas Delon * bindings/perl/Prelude.i: add idmef-object-value.h in the interface * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.pm: move IDMEFMessage::_value2scalar in Prelude::value2scalar * src/idmef-selection.c: don't call idmef_selection_find_object in idmef_selection_add_selected_object anymore * src/idmef-string.c: (idmef_string_copy_content) check malloc's return value (idmef_string_new_dup_fast) (idmef_string_set_dup_fast) (idmef_string_clone) fix several bugs ala openssh, the string's len field is now updated once the malloc has been successful (idmef_string_destroy_internal) set len field to 0 when string is internally destroyed * src/idmef-value.c: (idmef_value_create) see 2003-06-01 the own_data field in set to 1, it avoids memory leaks when a string, time, data is (was not) destroyed own_data's stuff should be removed since we always own the data 2003-09-18 Nicolas Delon * bindings/perl/Prelude.i: include idmef-tree-print.h so that the IDMEFMessage::print function of Prelude.pm can work * bindings/perl/Prelude.c: regenerated * bindings/perl/Prelude.pm: (IDMEFMessage::get) check the return value of Prelude::idmef_message_get_fast * src/idmef-message.c: (idmef_message_disable_cache) bug fix, set message->cache to NULL after it has been destroyed (idmef_message_get_fast) bug fix, function rework, object was used after it has been destroyed * src/idmef-object-value.c: (idmef_object_value_list_add) use list_add_tail instead of list_add to have objects in the right order * src/idmef-selection.c: * src/include/idmef-selection.h: (idmef_selected_object_new) function's prototype rework (idmef_selected_object_get_group_by) bug fix, order was returned instead of group 2003-09-15 Nicolas Delon * src/idmef-selection.c: * src/include/idmef-selection.h: big cleanup, add support for order and "group by" in idmef_selected_object * bindings/perl/Prelude.i: bug fix, remove inclusion of sql.h * bindings/perl/Prelude.c: regenerated 2003-09-12 Nicolas Delon * bindings/perl/Prelude.i: cleanup, do not cut & paste the prototypes of functions used, instead, include directly the needed headers * bindings/perl/Prelude.c: regenerated * src/include/sensor.h: remove function's prototypes that does not exist anymore 2003-09-09 Nicolas Delon * bindings/perl/Prelude.pm: (IDMEFMessage::new) (PreludeMsgBuf::new) (IDMEFCriterion::new) bug fix, check function's return value before blessing the return value, if return value is NULL perl function will return undef package IDMEFObject has been removed (it was not needed) * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: bug fix, in listed structure the list was not initialized which caused a segfault in the case the structure was not putted in a list and destroyed (for example: address = idmef_address_new(); idmef_address_destroy(address)) * src/idmef-tree-wrap.c: regenerated 2003-09-02 Nicolas Delon * src/idmef-time.c: (idmef_time_new_string) fix a memory leak (str was never freed) 2003-09-01 Krzysztof Zaraska * src/idmef-object.c: (idmef_object_destroy): unlock the mutex before destroying it * src/idmef-message.c: (idmef_message_set): don't destroy existing_object_value, hash_destroy() already does that implicitely. 2003-08-31 Nicolas Delon * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: use idmef_send_message instead of idmef_msg_send * bindings/perl/Prelude.c: regenerated * src/sensor.c: bug fix, analyzerid was not always present in the analyzer, workaround for compatibility with prelude-nids & prelude-lml we want to be sure that analyzerid is always present 2003-08-31 Krzysztof Zaraska * src/idmef-object.c: (idmef_object_make_child): handle top-level object and enum types correctly. (idmef_object_destroy): don't free() object->name, as it isn't malloc()'ed. (I wonder how there were no crashes, merely warnings from FreeBSD malloc). Looks like we need some serious valgrind sessions. (idmef_object_clone): initialize the mutex in the correct object (the new one, not the old one). * src/include/idmef-time.h: * src/idmef-time.c: (idmef_time_new_string): implemented. (idmef_time_new_ntp_timestamp): implemented correctly (added missing epoch convertion) * src/idmef-value.c: (idmef_value_new_generic): use idmef_time_new_string() instead of idmef_time_new_ntp_timestamp(). * src/ntp.c: imported (from FreeBSD NTP distribution) stuff needed for timestamp -> timeval convertions. Cleanup. * src/include/ntp.h: ditto. fixed a #define'd module name (_LIBPRELUDE_NTP_H instead of _MANAGER_NTP_H). 2003-08-30 Nicolas Delon * bindings/perl/Prelude.pm: (IDMEFCriterion::new): changed to also use idmef_criterion_new_chain if no there is no argument (that was the previous behaviour) * src/idmef-object-value.c: (idmef_object_value_new) when this function has been moved from idmef_message to idmef-object-value.c, <<< ret->object = object; ret->value = value; >>> has been modified in: <<< ret->object = idmef_object_ref(object); ret->value = idmef_value_ref(value); >>> this new behaviour introduced a memory leak in libpreludedb (because refcount never fall to zero) the previous (and more logical) implementation has been restored (idmef_object_value_destroy) fix a memory leak, the fields of objval where freed but objval itself was not freed * src/idmef-value-object.c: * src/idmef-value.c: * src/include/idmef-value-object.h: * src/include/idmef-value.h: some function prototypes has been fixed (a "const" has been added) 2003-08-14 Krzysztof Zaraska * bindings/perl/Prelude.pm: (IDMEFCriterion::new): changed to use idmef_criterion_new_string. 2003-08-13 Krzysztof Zaraska * bindings/perl/Prelude.i: modified to reflect recent API changes. * bindings/perl/Prelude.c: regenerated. 2003-08-13 Krzysztof Zaraska * src/include/idmef-criteria-string.h: * src/idmef-criteria-string.y: new files. The long-awaited IDMEF criteria parser! * src/Makefile.am: * src/include/Makefile.am: * src/include/idmef.h: modified accordingly. * configure.in: check for Yacc. 2003-08-12 Krzysztof Zaraska * src/include/idmef-aggregate-functions.h: new file. * src/include/idmef.h: modified accordingly. * src/include/idmef-selection.h: * src/idmef-selection.c: added handling for aggregate functions, selection element is now object+aggregate function to be performed on the object, instead of object. Handle NULL arguments gracefully. 2003-08-02 Nicolas Delon * src/include/extract-idmef.h: new file move idmef structure related functions from extract.h to this new file * src/include/extract.h: see above * src/idmef-wrappers-gen/generator.pl: create a Makefile-like system to generate files * src/idmef-wrappers-gen/Generate.pm: new file create a new base class for all Generate*.pm that provides the "new" and "output" functions * src/idmef-wrappers-gen/GenerateIDMEFMessageIdH.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvC.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvH.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageSendC.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageSendH.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeData.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreePrintC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreePrintH.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: modified to inherite Generate.pm * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvC.pm: generated code now does an include of "extract-idmef.h" (see above) * src/idmef-message-recv.c: regenerated 2003-08-01 Nicolas Delon * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvC.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvH.pm: some changes has been made so that this code and prelude-manager decode plugins code can work together * src/idmef-message-recv.c: * src/include/idmef-message-recv.h: regenerated * src/idmef-wrappers-gen/GenerateIDMEFMessageSendC: * src/idmef-wrappers-gen/GenerateIDMEFMessageSendH: * src/include/idmef-msg-send.h: some changes has been made to be compatible with current prelude-nids * src/idmef-message-send.c: * src/include/idmef-message-send.h: regenerated 2003-07-26 Krzysztof Zaraska * src/include/idmef-object.h: * src/idmef-object.c: (idmef_object_has_lists): implemented. * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: when converting enum types to string, and the value for 0 is not defined, return the string containing the word "NULL". * src/idmef_wrappers-gen/idmef-tree-wrap.c: regenerated 2003-07-17 Nicolas Delon * src/idmef-object.c: since object cache has been introduced, idmef-object.c was not thread-safe anymore, changes has been made so that it is thread-safe again * src/idmef-time.c: * src/include/idmef-time.h: (idmef_time_new_gettimeofday) new function, create a new idmef_time from gettimeofday * src/idmef-wrappers-gen/GenerateIDMEFMessageIdH.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvC.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageRecvH.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageSendC.pm: * src/idmef-wrappers-gen/GenerateIDMEFMessageSendH.pm: * src/idmef-wrappers-gen/generator.pl: * src/idmef-util.c: * src/include/extract.h: idmef_message sending and receiving code has been rewritten using code generator NB: this libprelude is now INCOMPATIBLE with libprelude 0.8 for sensor/manager communication, it means that a manager using libprelude 0.8 will not work with a sensor using this libprelude, and vice versa. NB2: prelude-lml and prelude-nids are still source compatible with this libprelude prelude-manager has been patched in db-work to use idmef_message_recv.c instead of its idmef_message_read which is now deprecated. * src/idmef-message-send.c: * src/include/idmef-message-send.h: * src/idmef-message-recv.c: * src/include/idmef-message-recv.h: new files generated * src/include/idmef-message-id-format.h: new file * src/idmef-msg-send.c: this file is not used anymore, and should be removed from the cvs soon 2003-07-09 Nicolas Delon * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: support of time type return value of function like IDMEFMessage::set that returns an integer to indicate if the function failed or not has changed: before the changes, functions returned a value < 0 if the function failed or a value >= 0 otherwise now, the functions return 0 if the function failed or another value otherwise this choice has been done to follow the perl's "conventions" in this domain * bindings/perl/Prelude.c: regenerated 2003-07-08 Nicolas Delon * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: fix a bug when idmef-value is a list * bindings/perl/Prelude.c: regenerated * src/include/idmef-tree.h: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/IDMEFTree.pm: fix two bugs in the new implementation of enum conversion: add a case 0: return "NULL" for enum which has no 0 value for numeric to string conversion, return the string representation without the prefix (if there is a prefix) enum's prefix support has been reimplemented cleanly * src/idmef-tree-wrap.c: regenerated 2003-07-06 Nicolas Delon * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: add the function print for IDMEFMessage * bindings/perl/Prelude.c: regenerated * src/ssl-gencrypto.c: little changes has been made so that it can be compiled with openssl 0.9.7 2003-07-02 Krzysztof Zaraska * src/include/idmef-data.h: * src/idmef-data.c: (idmef_data_to_string): implemented. * src/idmef_value.c: (idmef_value_new_generic): add handling for int16_t and uint16_t. Add convertion errors detection. (idmef_value_to_string): add handling for int16_t, uint16_t and idmef_data_t. * src/include/idmef-value.h: (idmef_value_new_struct): rename to idmef_value_new_struct_hdr to avoid conflict with macro from idmef-value.c. 2003-07-01 Krzysztof Zaraska * src/idmef-message.c(idmef_message_set): handle multiple values for ambiguous objects * src/include/idmef-object.h: * src/idmef-object.c: (idmef_object_get_numeric): handle NO_FORBIDDEN correctly (idmef_object_is_ambiguous): implemented * src/idmef-type.c: (idmef_type_enum_find_string): fixed type mismath 2003-06-29 Nicolas Delon * bindings/perl/Prelude.pm: (IDMEFMessage/get) support an object list as argument and return a value list it will return the first element of the list in a scalar context (to keep the old behaviour) 2003-06-29 Nicolas Delon * bindings/perl/Prelude.i: fix a bug in from/to uint64_t type conversion thanks to docelic for pointing that out * bindings/perl/Prelude.c: regenerated 2003-06-28 Krzysztof Zaraska * src/idmef-message.c: removed idmef_object_value_t and related stuff * src/include/idmef-object-value.h: * src/idmef-object-value.c: idmef_object_value_t and related functions are now public * src/include/idmef.h: * src/include/Makefile.am: * src/Makefile.am: modified accordingly. * src/include/hash.h: (hash_elem_destroy): implemented * src/idmef-object.c: * src/include/idmef-object.h: store object name, object and value types inside structure. (idmef_object_get_idmef_type): (idmef_object_get_value_type): modified accordingly (idmef_object_set): if child number is not given, use -1 as child number (thus making idmef_type_new_child() to add the child after the last present one). (idmef_object_new_fast): handle a top-level object (empty name) (invalidate): implemented. (removes object from cache) (idmef_object_set_number): implemented. (idmef_object_undefine_number): implemented. (idmef_object_get_number): implemented. (idmef_object_make_child): (idmef_object_make_parent): adapted to structure changes; remove object from cache if modified; modify object's name or set to empty after the object is modified. (idmef_object_get_name): if object name is empty, re-create it. (build_name): code moved from idmef_object_get_name * src/idmef-time.c: * src/include/idmef-time.h: (idmef_time_new): print an error message if calloc() fails (idmef_time_new_ntp_timestamp): implemented (idmef_time_copy): implemented * src/idmef-type.c: (idmef_type_new_child): allow n < 0 * src/idmef-value.c: (idmef_value_new_generic): handle idmef_time_t * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: in *_new_child, when n<0, add a child after the last added child. * src/include/idmef-tree-data.h: * src/include/idmef-tree-wrap.h: * src/include/idmef-tree-print.h: * src/idmef-tree-wrap.c: * src/idmef-tree-print.c: regenerated. 2003-06-25 Nicolas Delon * src/idmef-wrappers-gen/GenerateIDMEFTreePrintC.pm: print idmef_time in a human readable format, and print list more nicely * src/idmef-tree-print.c: regenerated 2003-06-24 Nicolas Delon * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: fix a bug that leads to a segfault, idmef_*_destroy was called instead of idmef_*_destroy_internal in some functions, for example, idmef_analyzer_destroy instead of idmef_analyzer_destroy_internal in idmef_alert_set_analyzer function * src/idmef-tree-wrap.c: regenerated * src/idmef-util.c: IDMEF enum to string converters modified to call the new converters of idmef-tree-wrap.c (for backward compatibility) * src/idmef-wrappers-gen/GenerateIDMEFTreePrintC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreePrintH.pm: new files generate src/idmef-tree-print.c and src/include/idmef-tree-print.h it provides functions to print any part of the idmef-tree this bunch of functions have been implemented for debugging purpose * src/idmef-tree-print.c: * src/include/idmef-tree-print.h: new files generated 2003-06-23 Krzysztof Zaraska * src/idmef-message.c: (idmef_message_get_fast): avoid NULL pointer dereference in case when object name is incorrect. * src/idmef-object.c: hitting a leaf node prematurely does not signify a tree integrity error, do not scare the user ;) 2003-06-23 Krzysztof Zaraska * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: add some hacks to handle enum values correctly, working around naming inconsistencies between idmef-tree.h and idmef-util.c. This is necessary to get DB extraction to work correctly. (I will not comment what I think about all that, I don't want to curse). * src/idmef-tree-wrap.c: * src/include/idmef-tree-wrap.h: * src/include/idmef-tree-data.h: regenerated. 2003-06-22 Nicolas Delon * bindings/perl/Prelude.c: * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: * src/idmef-tree-wrap.c: * src/idmef-type.c: * src/idmef-value-object.c: * src/idmef-value.c: * src/idmef-wrappers-gen/GenerateIDMEFTreeData.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: * src/include/idmef-object.h: * src/include/idmef-tree-data.h: * src/include/idmef-tree-wrap.h: * src/include/idmef-type.h: * src/include/idmef-value.h: better enum type management 2003-06-22 Krzysztof Zaraska * src/idmef-object.c: (idmef_object_set): libpreludeDB fixed, don't use idmef_type_value_check_compatibility() anymore, back to old implementation. * src/idmef-type.c: * src/include/idmef-type.h: (idmef_type_value_check_compatiblity): removed. 2003-06-02 Krzysztof Zaraska * README: add NTP license information. Update mailing list information. 2003-06-01 Krzysztof Zaraska * src/idmef-value.c: (idmef_value_create): don't set own_data. This reflects the change in behavior of idmef_value_new_{string,time,data} introduced on 2003-05-19, and fixes a related double free bug. 2003-06-01 Krzysztof Zaraska * src/idmef-object.c: (idmef_object_get_internal): fix a double free bug. 2003-06-01 Krzysztof Zaraska * src/idmef-cache.c: * src/include/idmef-cache.h: removed. * src/Makefile.am: * src/include/Makefile.am: * src/include/idmef.h: modified accordingly. * src/include/idmef-criteria.h: * src/idmef-criteria.c: (idmef_criterion_match_chain): (idmef_criterion_match): operate on idmef_message_t, not idmef_cache_t * src/idmef-message.c: (idmef_message_get): (idmef_message_get_fast): if cache is enabled, and requested object is not in the cache, extract it from the tree and add to cache. Fixed memory leaks; the caller must use idmef_value_destroy() on returned value container. 2003-05-29 Nicolas Delon * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: support of idmef_criterion, idmef_string, idmef_value * bindings/perl/Prelude.c: regenerated * src/idmef-message.c: (idmef_message_get_fast): new function, avoid the string copy of idmef_message_get * src/idmef-value.c: * src/include/idmef-value.h: create new accessor functions (idmef_value_get_*) to get the internal value of idmef_value 2003-05-27 Krzysztof Zaraska * src/idmef-object.c(idmef_object_new_internal): fix a bug causing an empty list to be returned instead of a single value under some conditions. * src/idmef-message.c(idmef_message_get): uncomment new implementation (above bug fixed). 2003-05-26 Nicolas Delon * bindings/perl/Prelude.i: * bindings/perl/Prelude.pm: update copyright info 2003-05-26 Nicolas Delon * configure.in: * Makefile.am: * bindings/*: new files, introduce perl binding for libprelude 2003-05-21 Nicolas Delon * src/include/idmef.h: fix wrong include's path 2003-05-21 Nicolas Delon * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: in the generated code, remove some blank characters to fit prelude's coding style * src/idmef-tree-wrap.c: * src/include/idmef-tree-wrap.h: * src/include/idmef-tree-data.h: regenerated 2003-05-20 Nicolas Delon * src/idmef-object.c: * src/include/idmef-object.h: (idmef_object_new_fast) new function, this object constructor avoid the string copy unlike idmef_object_new and idmef_object_new_v * src/idmef-util.c: add a pointer check to avoid a segfault when addtional_data contains no data 2003-05-20 Nicolas Delon * src/idmef-time.c: * src/include/idmef-time.h: (idmef_time_set_sec): (idmef_time_set_usec): new functions 2003-05-20 Nicolas Delon * src/idmef-time.c: * src/include/idmef-time.h: (idmef_time_{sec,usec,destroy_internal}): rewrite them as functions and not as macros 2003-05-20 Nicolas Delon * src/idmef-value.c: * src/include/idmef-value.h: (idmef_value_new_{string,time,data}): update function's prototypes 2003-05-19 Nicolas Delon * src/idmef-selection.c: * src/include/idmef-selection.h: new files, provides functions to manipulate a selection of idmef_object * src/idmef-criteria.c: add a function idmef_criterion_get_first_object that returns the first idmef_object of a criterion chain * src/idmef-message.c: (idmef_message_get): check if message argument is not null * src/idmef-object.c: * src/idmef-type.c: add a idmef_type_value_check_compatibility function to workaround the issue of sql table bad integer's type * src/idmef-value.c: (idmef_value_new_string): (idmef_value_new_time): (idmef_value_new_data): the argument is not cloned anymore, it is just pointer-copied by now to conform with the other libprelude function's behaviour 2003-05-18 Nicolas Delon * src/idmef-criteria.c: (idmef_criterion_new): by now, we just make a pointer copy of object and value arguments, so that the function's behaviour is more logical 2003-05-15 Krzysztof Zaraska * src/string-matching.c: use a version of file from libprelude-0-8 branch instead of HEAD. The HEAD version caused NIDS from 0-8 to report absurd alerts. 2003-05-14 Nicolas Delon * src/idmef-tree-func.c: * src/include/idmef-tree-func.h: back to the old implementation + minor changes to fit modifications of idmef_time and idmef_data, the implementation based on idmef-tree-wrap did not work because of the specific memory management model of idmef-tree-func (static structure, no free for some fields, and so on...) 2003-05-13 Nicolas Delon * src/idmef-data.c: * src/include/idmef-data.h: new files, introduce new primitive data structure: idmef_data_t this structure will be used for raw data like buffer overflow content, packet payload and things like that * src/include/idmef-tree.h: change fields dlen and data in idmef_additional_data_t into a single idmef_data_t field in idmef_overflow_alert_t buffer's type change from uchar_t * to idmef_data_t *, size is also a pointer now, those both fields are pointers to be respectful towards the idmef draft: """ size Zero or one. INTEGER. The size, in bytes, of the overflow (i.e., the number of bytes the attacker sent). buffer Zero or one. BYTE[]. Some or all of the overflow data itself (dependent on how much the analyzer can capture). """ * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: changes to support pointers to non-structure pritimives types (i.e uint32_t *) * src/idmef-util.c: changes reflecting the new idmef_time_t and idmef_data_t data structures * src/idmef-value.c: support of idmef_data_t * src/sensor.c: in prelude_analyzer_fill_infos replace idmef_string_set by idmef_string_set_ref * src/idmef-message.c * src/include/idmef-message.h: idmef_message_new does no longer takes an argument to configure cache, by now, the cache is disabled by default, idmef_message_enable_cache must be called to enable cache (this must be done after idmef_message_new), also introduce a idmef_message_disable_cache that disables cache on a previous cache enable message 2003-05-08 Nicolas Delon * src/idmef-tree-func.c: add an include of stdarg.h needed by idmef-object.h * src/idmef-string.c: * src/include/idmef-string.h: clean up the code fix a bug in idmef_string_new_constant_fast add a bunch of functions manipulating idmef_string that should fit all developper's need it terms of memory management. * src/idmef-value.c: minor change reflecting idmef-string.h changes 2003-05-07 Krzysztof Zaraska * src/include/idmef-tree-func.h: * src/idmef-tree-func.c: include a backwards-compatible _OLDAPI_idmef_message_new() function. Include idmef-message.h and dependencied. Don't expand _OLAPI_* macros inside idmef-tree-func.c. * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: implement *_new_* methods correctly. * src/include/idmef-tree-data.h: * src/include/idmef-tree-wrap.h: * src/idmef-tree-wrap.c: regenerated. * src/idmef-object.c: do correct error checking on return value for vsnprintf() 2003-05-07 Nicolas Delon * src/include/hash.h: new file, provides hash manipulation functions * src/idmef-object.c: add a cache for caching the created objects idmef_object_new's prototype has changed for a printf-like prototype new function idmef_object_new_v, same as idmef_object_new but it takes a va_list as a second argument * src/idmef-message.c: * src/include/idmef-message.h: new file, provides high level IDMEF message API, it will replace idmef-cache * src/idmef-time.c: * src/include/idmef-time.h: provide time manipulation functions * src/idmef-value.c: change memory management behaviour, idmef_value now always owns its own copy of idmef_string or idmef_time (more generally pointer to structure) (code should be cleaned up) * src/idmef-wrappers-gen/GenerateIDMEFTreeData.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: * src/idmef-wrappers-gen/IDMEFTree.pm: code cleaned up, *_set_* functions reintroduced, functions make more checks * src/idmef-wrappers-gen/GenerateIDMEFMessageIdH.pm: * src/idmef-wrappers-gen/GenerateIDMEFMsgSendC.pm: new files, in developpement, not currently used, will generate src/include/idmef-message-id.h and idmef-msg-send.c * src/include/idmef-tree-data.h: * src/include/idmef-tree-wrap.h: * src/idmef-tree-wrap.c: regenerated * src/idmef-criteria.c: fix a memory leak in idmef_criterion_destroy * src/idmef-string.c: * src/idmef-string.h: add a function idmef_string_copy_content that also copy the embedded string in idmef_string_t correct a bug in idmef_string_new (ret->string was a pointer copy to s (the source string) instead of a pointer to str (the new allocated string) * src/idmef-tree-func.c: replace idmef_create_time_t by idmef_time_t 2003-05-05 Krzysztof Zaraska * src/include/idmef-tree-func.h: * src/idmef-tree-func.c: practically rewritten, almost everything implemented using calls to idmef-tree-wrap.c. Only conflicting function names are now prefixed with _OLDAPI_. Added a cast in _OLDAPI_idmef_additional_data_set_data() to avoid warnings. * src/include/idmef-string.h: * src/idmef-string.c: rewritten. Use uint32_t instead of uint16_t for length field. Implement API and memory management fully compatible with idmef-tree-wrap.c. Old API compatibility is maintained, but old code requires recompilation and minor tweaking (change const char * to char *). * src/include/extract.h: * src/idmef-util.c: use char * instead of const char * (compatibility with idmef-string.h) * src/idmef-value.c: minor changes reflecting idmef-string.h changes. 2003-04-27 Krzysztof Zaraska * src/include/idmef-value.h: use relation_greater and relation_less instead of relation_greater_then and relation_less_then. Thanks to Nicolas Delon for pointing that out. This ain't Slashdot, spelling errors will not be tolerated ;). * src/idmef-value.c: modified accordingly * src/idmef-value-object.c: fix a compilation warning. 2003-04-05 Krzysztof Zaraska * src/include/idmef-object-list.c: * src/idmef-object-list.c: new file. * src/include/idmef.h: * src/include/Makefile.am: * src/Makefile.am: updated accordingly. * src/idmef-object.c: (idmef_object_get_internal): use idmef_object_list_t ** instead of idmef_object_t ***. * src/idmef-cache.c: updated accordingly. 2003-04-03 Krzysztof Zaraska * src/include/idmef-cache.c: * src/idmef-cache.c: (idmef_cached_object_get_nth_object): (idmef_cached_object_get_nth_value): (idmef_cached_object_get_count): implemented. (idmef_cache_build): adapted to API changes in idmef-object.[ch] (idmef_cached_object_set): use 'cached' instead of 'object'. (idmef_cache_purge): clear object_list. * src/innclude/idmef-object.h: * src/idmef-object.c: (idmef_object_get): (idmef_object_get_internal): API change. Modified to fully support enumeration. Added a comment describing what this code is supposed to do. (add_object): implemented. (idmef_object_clone): set the refcount to 1 (be compatible with idmef_object_new()). * src/idmef-value.c: (idmef_value_get_count): return 1 if container contains a single value and not a list. (idmef_value_to_string): check the return value of snprintf(). handle enum and void * container content. 2003-04-01 Krzysztof Zaraska * src/include/idmef-value.h: * src/idmef-value.c: (idmef_value_get_count): implemented. * src/idmef-value.c(idmef_value_get_nth): check if n>=0 to avoid integer overflow. 2003-04-01 Krzysztof Zaraska * src/idmef-object.c: * src/include/idmef-object.h: implemented idmef_object_ref(). * src/idmef-criteria.c: * src/idmef-cache.c: * src/idmef-object.c: use idmef_value_ref() and idmef_object_ref() everywhere instead of idmef_value_clone() and idmef_object_clone(). 2003-03-16 Krzysztof Zaraska * src/idmef-object.c: (idmef_object_clone): copy also enumeration data. 2003-03-07 Krzysztof Zaraska * src/include/list.h: add list_get_next() macro * src/idmef-wrappers-gen/h2wrap.pl: * src/idmef-wrappers-gen/gendata.pl: * src/idmef-wrappers-gen/genwrappers.sh: removed. * src/idmef-wrappers-gen/GenerateDebug.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeData.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: * src/idmef-wrappers-gen/IDMEFTree.pm: * src/idmef-wrappers-gen/generator.pl: new file. New implementation of scripts generating IDMEF wrappers done by Nicolas Delon * README: updated accordingly * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapC.pm: * src/idmef-wrappers-gen/GenerateIDMEFTreeWrapH.pm: don't generate *_iterate() functions anymore in favor of *_get_next() * src/include/idmef-tree-wrap.h: * src/idmef-tree-wrap.c: regenerated 2003-03-05 Krzysztof Zaraska * src/idmef-object.c: (idmef_object_get_idmef_type): (idmef_object_get_type): return -1 on error instead of NULL to get return type casting right. Somehow this was compiling correctly on my FreeBSD-CURRENT?!. 2003-02-28 Krzysztof Zaraska * src/idmef-value.c: (idmef_value_new_generic): if type is char *, void * or string, strdup() the input buffer and set own_data. (idmef_value_get): if type is char *, void * or string, clear own_data. 2003-02-28 Krzysztof Zaraska * src/idmef-value-object.c: * src/include/idmef-value-object.h: new file. * src/include/idmef.h: * src/include/Makefile.am: * src/Makefile.am: modified accordingly. * src/include/idmef-object.h: * src/idmef-object.c: added object enumeration support (idmef_object_set): (idmef_object_get_idmef_type): (idmef_object_get_type): implemented. (idmef_object_get_numeric): take enumeration into account while sorting. * src/idmef-wrappers-gen/h2wrap.pl: * src/idmef-wrappers-gen/gendata.pl: don't generate *_set functions (to be reintroduced later). Modified generated code to handle enumeration. Add code to generate *_new and *_find functions. Update copyright info. * src/idmef-tree-wrap.c: * src/include/idmef-tree-wrap.h: * src/include/idmef-tree-data.h: regenerated. * src/include/idmef-value.h: * src/idmef-value.c: implement lists using arrays rather then list.h. Handle enumeration. Add a reference counter to help avoid memory copying. Allow creating enum values from a given char * value representation. (idmef_value_list_empty): (idmef_value_new_enum_generic): (idmef_value_new_generic): (idmef_value_get_nth): (idmef_value_ref): (idmef_value_get): implemented. * src/include/idmef-type.h: * src/idmef-type.c: (idmef_type_child_is_list): (idmef_type_get_child_enum_type): (idmef_type_is_enum): (idmef_type_enum_find_value): (idmef_type_new_child): implemented. * src/include/idmef-cache.h: * src/include/idmef-type.h: * src/include/idmef-object.h: * src/include/idmef-value.h: * src/idmef-cache.c: * src/idmef-type.c: * src/idmef-object.c: * src/idmef-value.c: Update copyright info. 2003-01-15 Krzysztof Zaraska * src/include/idmef-criteria.h: * src/idmef-criteria.c: update copyright notice. (idmef_criterion_set_operator): implemented. 2003-01-14 Krzysztof Zaraska * src/include/idmef-cache.h * src/idmef-cache.c: (idmef_cache_index): check if cache has been already indexed (idmef_cache_reindex): set cache->objects_table to NULL after destroying old index, so new one will be generated (idmef_cached_object_get_object): (idmef_cached_object_set): (idmef_cache_get_object_count): (idmef_cache_get_object): implemented. (idmef_cache_purge): don't destroy index * src/include/idmef-criteria.h: * src/idmef-criteria.c: (idmef_criterion_get_criteria_list): removed (idmef_criterion_get_next): implemented * src/idmef-object.c: (idmef_object_get_name): check if we hit depth limit. * src/include/idmef-value.h: * src/idmef-value.c: (idmef_value_is_list): implemented. (idmef_value_get_value): implemented. 2003-01-07 Krzysztof Zaraska * src/idmef-criteria.c: (idmef_criterion_is_chain): (idmef_criterion_get_operator): (idmef_criterion_get_criteria_list): (idmef_criterion_get_object): (idmef_criterion_get_relation): (idmef_criterion_get_value): implemented some useful utility functions. (idmef_criterion_match): removed unnecessary local variables. * src/include/idmef-criteria.h: modified accordingly. Added operator_error value to idmef_operator_t. 2003-01-07 Krzysztof Zaraska * src/include/idmef.h: new file. Include all needed idmef-* headers for new interface in the correct order, so programmers' life is easier ;) * src/include/Makefile.am: modified accordingly. 2003-01-04 Krzysztof Zaraska * src/idmef-value.c: * src/include/idmef-value.h: (idmef_value_have_own_data): new function. Inform the idmef_value_destroy destructor to destroy held idmef_string_t *, char * or void * object. Has not effect for numeric and object types. (idmef_value_destroy): updated accordingly. 2002-12-23 Krzysztof Zaraska * src/idmef-value.c: * src/include/idmef-value.h: * src/idmef-criteria.c: * src/include/idmef-criteria.h: matching engine partially reimplemented, so idmef_value_t lists should be handled correctly. String comparisions moved to idmef-value.c. Fixed a bug in matching criteria chains. Declaration of idmef_relation_t moved to idmef-value.h. This code needs thorough testing and possibly improvements in error handling. 2002-12-22 Krzysztof Zaraska * src/idmef-object.c(idmef_object_get_name): implement correctly. Add checks for idmef_type_* return values, since glibc functions cannot be trusted to handle NULLs smoothly. * src/include/idmef-type.h: * src/idmef-type.c: style fixes. Add missing copyright notice. (idmef_type_get_child_name): new function. 2002-12-22 Krzysztof Zaraska * src/include/idmef-criteria.h: add missing #ifdef's 2002-12-22 Krzysztof Zaraska * src/include/idmef-criteria.h: * src/idmef-criteria.c: new file. In-memory criteria matching engine. * src/include/Makefile.am: * src/Makefile.am: modified accordingly * src/include/idmef-value.h: * src/idmef-value.c: (idmef_value_get_string_value): new function. (idmef_value_compare): new function. (idmef_value_create): declare as static * src/idmef-cache.c(idmef_cache_purge): free cache index if exists (fixes a memory leak). 2002-12-01 Krzysztof Zaraska * src/idmef-object.c: (idmef_object_make_child): new function. Make object an identifier for its own child (idmef_object_make_parent): new function. Make object an identifier for its own parent * src/include/idmef-object.h: update accordingly 2002-12-01 Krzysztof Zaraska * src/idmef-object.c: coding style fixes * src/idmef-object.c(idmef_object_new): create empty object when NULL name is given * src/idmef-object.c: use uint8_t instead of uint16_t for object depth * src/idmef-object.c: place id[] inside idmef_object, with limited length (avoiding extra malloc()) 2002-11-30 Krzysztof Zaraska * src/idmef-cache.c: coding style fixes * src/idmef-cache.c: (idmef_cache_register_object): fix a bug in list ordering (idmef_cache_index): new function. Generate an index into list of objects in cache (idmef_cache_reindex): new function. Regenerate index. (idmef_cache_destroy): free index table if exists (idmef_cache_find_object): find requested object in cache using binary search on index table * src/include/idmef-cache.h: update accordingly 2002-11-30 Krzysztof Zaraska * src/idmef-cache.c(idmef_object_register): * src/include/idmef-cache.h: rename function to idmef_cache_register_object. * src/idmef-cache.c(idmef_cache_new): fix memory allocation size error 2002-11-16 Krzysztof Zaraska * src/idmef-object.c(idmef_object_show_numeric): rename to idmef_object_get_numeric() * src/idmef-type.c: new file. idmef_type_* functions moved from src/idmef-object.c * src/Makefile.am: update accordingly * src/include/idmef-type.h: * src/include/idmef-object.h: * src/idmef-object.c: update accordingly * src/Makefile.am: don't install idmef-tree-data.h * src/idmef-type.c: * src/include/idmef-type.h: new function idmef_type_get_name() * src/idmef-type.c: * src/include/idmef-type.h: new function idmef_type_get_child_type() * src/include/idmef-object.h: * src/idmef-object.c: new function idmef_object_get_text() * src/include/idmef-type.h: define idmef_child_t here instead of idmef-tree-wrap.h * src/idmef-wrappers-gen/h2wrap.pl: update accordingly * src/idmef-wrappers-gen/gendata.pl: suppress leading "idmef_" in name field of type descriptions * src/include/idmef-tree-wrap.h: * src/idmef-tree-wrap.c: regenerate * src/include/idmef-type.h: #include "idmef-value.h" * src/include/idmef-value.h: #include "idmef-type.h" * src/idmef-object.c: don't include "idmef-tree-data.h" * src/idmef-value.c(idmef_value_new_enum_internal): remove errorneus declaration as static. * src/include/idmef-cache.h: add missing prototype for idmef_cache_destroy() * src/idmef-object.c(idmef_object_get_internal): declare as static * src/include/idmef-type.h: define idmef_object_t and idmef_child_t using signed types. This allows using negative value to indicate an error. * src/idmef-type.c: add necessary checks for negative input values * src/include/idmef-tree.h: cleanup 2002-11-15 Krzysztof Zaraska * src/idmef-value.c(idmef_value_new_enum_internal): declare as static * src/idmef-string.c(idmef_string_destroy_internal): add comment explaining why it can't be static (for now) 2002-11-15 Krzysztof Zaraska * src/idmef-object.c: * src/idmef-cache.c: * src/idmef-value.c: * src/include/idmef-object.h: * src/include/idmef-cache.h: * src/include/idmef-value.h: move structure definitions from .h to .c; define public structures as opaque 2002-11-11 Krzysztof Zaraska * src/idmef-string.c: * src/include/idmef-string.h: new file. idmef_string_t and related functions moved out of idmef-tree.h and idmef-tree-func.h * src/idmef-tree-wrap.c: * src/idmef-object.c: * src/idmef-cache.c: * src/idmef-value.c: * src/include/idmef-tree-wrap.h: * src/include/idmef-type.h: * src/include/idmef-object.h: * src/include/idmef-cache.h: * src/include/idmef-value.h: * src/include/idmef-tree.h: introduction of IDMEF wrappers * src/idmef-tree-func.c: * src/include/idmef-tree-func.h: due to symbol conflicts with idmef-tree-wrap.[ch], prefix all function names with _OLDAPI_. idmef_func_name() is #define'd as _OLDAPI_idmef_func_name(). * src/Makefile.am: * src/include/Makefile.am: updated accordingly * src/idmef-wrappers-gen/: directory containing scripts needed to regenerate IDMEF wrappers. 2002-10-21 Yoann Vandoorselaere * src/string-matching.c (BoyerMoore_CI_StringMatching): (BoyerMoore_StringMatching): return the index where we matched the pattern on success and -1 on error. 2002-09-23 Yoann Vandoorselaere * NEWS: updated. * configure.in: bump version to 0.8.4 * src/sensor.c (parse_argument): return -1 here in case of the manager client creation fail. Fix a possible free() of a NULL pointer. 2002-09-16 Guillaume Pelat * sensor-adduser/plaintext.c(setup_plaintext): * src/common.c(prelude_read_multiline): * src/config-engine.c(cmp_entry): (create_new_line): * src/prelude-client.c(handle_plaintext_connection): * src/prelude-getopt.c(check_option_optarg): (check_option_reqarg): (lookup_variable_if_needed): * src/ssl-gencrypto.c(get_full_hostname): Fix potential signed/unsigned integer problems. 2002-09-15 Yoann Vandoorselaere * acinclude.m4: new AC_DATATYPE_GENERIC() macro, that check for a datatype and possible replacement. * configure.in: Enable OpenSSL conditionaly. Check for the socklen_t datatype, and provide a replacement if not found. This fix a compilation problem on Solaris. * src/Makefile.am: * sensor-adduser/Makefile.am: Stop compiling empty source file when SSL support is disabled. Don't compile the sources at all instead. 2002-09-10 Yoann Vandoorselaere * NEWS: updated. * configure.in: bump version number to 0.8.3 2002-09-09 Yoann Vandoorselaere * sensor-adduser/sensor-adduser.c (register_sensor_ident): When searching if an ident is already registered for this sensor, do exact compareason... So that two sensor with the same prefix, but different suffix won't match. (register_sensor_ident): move the call to fchmod() at the beginning of the function, so it is called each time the file is opened... For safety. 2002-09-07 Yoann Vandoorselaere * src/idmef-msg-send.c (idmef_send_uint64): if we're running on a big endian system, don't send an uninitialized value. 2002-09-04 Yoann Vandoorselaere * src/prelude-getopt.c (get_from_config): check process_option_cfg_hook() return value. Abort the whole process if it return an error. (section_get_all): config_get_section() doesn't return a prelude_option_x error code. If config_get_section() return -1, then return 0, it just mean there are no more section of this name. (prelude_option_destroy): use list_for_each_safe(). 2002-09-03 Guillaume Pelat * src/daemonize.c (lockfile_get_exclusive): Fix possible file descriptor leak. * src/config-engine.c (load_file_in_memory): Fix possible file descriptor leak. 2002-08-29 Yoann Vandoorselaere * NEWS: update release notes. * configure.in: bump version to 0.8.2. * src/prelude-getopt.c (check_option_optarg): set optarg to NULL if arg len is 0. (check_option_reqarg): ditto. (check_option): ditto in case of option no_argument. (call_option_cb): cleanup. (call_option_from_cb_list): only free arg if it is not NULL. 2002-08-28 Yoann Vandoorselaere * sensor-adduser/ssl-register.c (ask_configuration): included patch from Sebastien Guilbaud , fix an infinite loop when asking for SSL setup confirmation. * configure.in: correct check for OpenSSL and profiling. 2002-08-27 Yoann Vandoorselaere * src/plugin-common.c (delete_container): (plugin_subscribe): avoid possible NULL pointer dereference if [un]subscribe is NULL. 2002-08-26 Yoann Vandoorselaere * NEWS: updated. * configure.in: bump version number to 0.8.1. 2002-08-22 Krzysztof Zaraska * src/idmef-util.c: * src/include/idmef-util.h: * src/ntp.c: * src/include/ntp.h: new files, moved from Prelude Manager as containing generally useful IDMEF functions. 2002-08-22 Yoann Vandoorselaere * src/plugin-common.c (plugin_subscribe): Walk the list in reverse order so that we work as a LIFO and a plugin loading another, both subscribing from plugin_init(), won't end up with undefined result. 2002-08-21 Yoann Vandoorselaere * src/plugin-common.c (plugin_load_single): delete the plugin entry on error. Fix a possible SIGSEGV if plugin_init return NULL. (plugin_search_by_name): test that pe->plugin is not NULL before dereferencing it. 2002-08-09 Yoann Vandoorselaere Included patch from Guillaume Pelat with slight modifications : * src/ssl-settings.c: Removed ask_manager_addr() and ask_configuration() that were unused. * sensor-adduser/ssl-register.c (ask_configuration): Handle fgets() error return, fix recursive loop in case the user answer "no" to the confirmation question. * src/prelude-auth.c (ask_username): handle fgets() NULL return. (parse_auth_line): free username before returning if we got an error. (comfirm_account_creation): check buf after filling it on the first time (do while, instead of while), buf content may be random before fgets() is called. Increase buf length, because it's not clear if fgets() will stop reading after size-1 byte is read (glibc fgets won't thought, but SUSv2 specify it should). Let enough room for the user to type "yes" or "no" if he want to. 2002-08-04 Yoann Vandoorselaere * src/prelude-client.c (unix_connect): Small bug found by Guillaume Pelat , directly call prelude_get_socket_filename() with addr.sun_path as argument. 2002-07-30 Yoann Vandoorselaere * configure.in: update version number to 0.8.0. 2002-07-28 Yoann Vandoorselaere * src/prelude-getopt.c (parse_argument): respect option priority with command line option. call_option_cb() do this for us. 2002-07-25 Yoann Vandoorselaere * docs/api/Makefile.am: remove check for gtk-doc on make dist... As we cannot force distcheck to pass the --enable-gtkdoc configure argument, it would fail anyway. 2002-07-23 Yoann Vandoorselaere * src/sensor.c (setup_manager_addr): dup manager_cfg_line. (parse_argument): free manager_cfg_line. * src/prelude-getopt.c (call_option_from_cb_list): free(cb->arg). * src/prelude-client.c (prelude_client_close): new function, close a client. (prelude_client_new): set connection_broken to 1 if we are not connected. 2002-07-22 Yoann Vandoorselaere * src/prelude-client.c (prelude_client_get_fd): new function, return the prelude_io_t used to talk to the client. 2002-07-19 Yoann Vandoorselaere * README: add a statement saying "This library is released under the GPL with the additional exemption that compiling, linking, and/or using OpenSSL is allowed." It appear that GPL software linking to OpenSSL have to specify this statement, for legal reason. Please read http://www.openssl.org/support/faq.html#LEGAL2 for more informations. 2002-07-17 Yoann Vandoorselaere * src/sensor.c (parse_argument): move the call to prelude_client_ident_init() here, so that ident is declared before connecting to the Manager, and after processing options. * src/prelude-getopt.c (option_get_all): don't call the option callback if the option was called from command line. (process_option_cfg_hook): don't check called_from_cli here. (section_get_all): only call the parent option callback if it wasn't provided on command line. 2002-07-11 Yoann Vandoorselaere * src/sensor.c (prelude_sensor_init): Move the call to prelude_client_ident_init() after argument parsing. This fix a bug where command line option does not work if the sensor is not registered. 2002-07-03 Yoann Vandoorselaere * src/prelude-getopt.c (parse_argument): set called_from_cli when we see a parent option on command line. 2002-06-27 Yoann Vandoorselaere * src/prelude-getopt.c (prelude_option_get_private_data): (prelude_option_set_private_data): new function, allow to associate private data with an option, maybe usefull in the callback. * sensor-adduser/sensor-adduser.c: * src/sensor.c: fit the latest prelude-getopt change. * src/prelude-getopt.c: make the set() callback take a prelude_option_t as argument, thus allowing more generic operation to be performed in the callback. 2002-06-26 Yoann Vandoorselaere * src/common.c: include stdio.h. * src/config-engine.c (load_file_in_memory): use prelude_read_multiline(). * src/common.c (prelude_read_multiline): new function, handle reading line separated by the '\' character. 2002-06-19 Krzysztof Zaraska * src/sensor.c: fix crash in prelude_sensor_init on Linux when passed NULL argv value. Correct function name in comment. 2002-06-18 Yoann Vandoorselaere * src/plugin-common.c (plugin_search_by_name): use strcasecmp, we just don't care about the case here. 2002-06-17 Yoann Vandoorselaere * src/idmef-tree-func.c (free_time): (free_inode): (free_linkage): (free_access): (free_file): (idmef_inode_change_time_new): (idmef_linkage_file_new): (idmef_file_access_permission_new): (idmef_file_create_time_new): (idmef_file_modify_time_new): (idmef_file_access_time_new): (idmef_file_inode_new): (idmef_file_access_new): (idmef_file_linkage_new): (idmef_target_file_new): implemented. (free_source_or_target): if type is target, free file_list. * src/idmef-msg-send.c (idmef_send_file_access): use idmef_send_string_list for permission. (idmef_send_inode): return if inode is NULL. change_time is a pointer. 2002-06-14 Yoann Vandoorselaere * Makefile.am: use $(DESTDIR) as the prefix for installing stuffs. 2002-06-10 Yoann Vandoorselaere * src/prelude-getopt.c: fix warning. (process_option_cfg_hook): parent option called from command line completly override config file option. * autogen.sh: Override libtool configure.in by a configure.in that'll require autoconf2.50, and re-generate configure script. This fix some problem when dealing with certain environment variable. * configure.in (gtk_doc_min_version): only enable gtkdoc if requested. 2002-06-07 Yoann Vandoorselaere * src/prelude-getopt.c (prelude_option_add): don't overwrite specified priority for parent option. (section_get_all): process sub option, and flush the callback that run without order when leaving the parent. This allow to have the parent called before other option if option_run_first was specified. (section_get_all): (option_get_all): new function, call the option callback the same number of time the option/section is in the config file. * src/sensor.c (parse_argument): make the address option a children of "node address". Make node address run first so that it can allocate the idmef_address_t structure. (setup_address): allocate a new idmef_address_t structure. * src/config-engine.c (config_get): (config_get_section): take a line argument, indicating where we should start the search. (search_section): take a 'line' argument, telling where to start the search. (search_entry): ditto. 2002-06-06 Yoann Vandoorselaere * src/config-engine.c (search_section): if last_index is set, and there is no section specified, use last_index and last_section. This allow searching for several section, with the same name. (config_get_section): on success, set last_index and last_section. 2002-06-05 Yoann Vandoorselaere * src/sensor.c (parse_argument): setup manager_list here. Make option work as expected. * src/prelude-getopt.c (prelude_option_parse_arguments): cleanup cb_called on return. * src/sensor.c (parse_argument): add node and analyzer configuration only option. (prelude_analyzer_fill_information): new function, setup an analyzer. * sensors-default.conf (manager-addr): Add commentary for generic analyzer informations. * src/sensor.c (prelude_heartbeat_register_cb): don't initialize timer and send initial heartbeat if heartbeat_repeat_time is 0. 2002-06-03 Yoann Vandoorselaere * sensor-adduser/ssl-register.c (send_own_certificate): remove certificate in case of error. (recv_manager_certificate): ditto. (ssl_add_certificate): ditto. 2002-06-01 Yoann Vandoorselaere * src/sensor.c (parse_argument): set --manager-addr option to be ran last, so that applications that change user throught prelude-getopt don't get a message telling to run sensor-adduser with --uid 0 when it should be another uid. * src/ssl-gencrypto.c (add_DN_object): use X509_NAME_add_entry() together with X509_NAME_ENTRY_create_by_NID() so that we work on with older OpenSSL version. * src/client-ident.c (prelude_client_set_analyzer_id): new function. * sensor-adduser/sensor-adduser.c (setup_sensor_files): don't call generate_sensor_ident here. Take the ident as argument. (main): generate the ident here, and use the prelude_client_set_analyzer_id function so that the ident will be used to generate the SSL certificate subject. 2002-05-31 Yoann Vandoorselaere * src/sensor.c (setup_heartbeat_repeat_time): impl - set heartbeat timer timeout. (prelude_heartbeat_register_cb): new function, setup the heartbeat timer and callback, and send an initial heartbeat. (prelude_heartbeat_send): new function, send an hearbeat. (parse_argument): stop providing short option, there is much chance that we'll conflict with the apps. (parse_argument): new global option, "heartbeat-time", to set timer heartbeat timeout. * src/idmef-msg-send.c (idmef_send_alert): fix a typo, send analyzer time instead of sending twice detect time. 2002-05-30 Yoann Vandoorselaere * src/idmef-msg-send.c (idmef_send_create_time): don't get create time here since it prevent caller to override the value. (idmef_send_analyzer): get analyzerID with prelude_client_get_analyzerid(), and send it. (idmef_send_string): made inline. (idmef_send_uint64): ditto (idmef_send_uint32): ditto (idmef_send_uint16): ditto (idmef_send_analyzer): get and send analyzerid. * src/idmef-tree-func.c (idmef_alert_new): get create time here. * src/include/idmef-tree-func.h (idmef_additional_data_set_data): new inline function. * src/idmef-msg-send.c (idmef_send_additional_data): don't use idmef_send_string for AdditionalData data field. * src/include/idmef-tree.h: AdditionalData data field is not an idmef_string_t... 2002-05-30 Laurent Oudot * sensor-adduser/sensor-adduser.c: very small change from "passwrd" to "password" in a getpass. 2002-05-24 Yoann Vandoorselaere * src/timer.c (timer_flush): new function, expire remaining timer. (walk_and_wake_up_timer): remove debugging code. 2002-05-21 Krzysztof Zaraska * configure.in: cleanup in pthread detection code (*BSD mainly). Fixed a gcc 3.1 compilation warning caused by using -I/usr/include . 2002-05-21 Yoann Vandoorselaere * sensor-adduser/sensor-adduser.c (handle_argument): explain better what the different command line option does. * src/client-ident.c: include stdlib.h. 2002-5-17 Baptiste Malguy * src/include/prelude-message-id.h: added some definition for counter-measure stuff. 2002-05-16 Yoann Vandoorselaere * src/ssl-registration-msg.c (prelude_ssl_save_cert): * src/ssl-gencrypto.c (prelude_ssl_gen_crypto): * src/prelude-auth.c (open_auth_file): Show more information on error. Use -1 instead of 0 as the fchown() GID argument. This avoid problem when sensor-adduser is used by a non priviledged user. 2002-05-16 Baptiste Malguy * src/include/*.h: added some #ifndef/#define and #endif in the header files for dependency inclusion purposes. 2002-05-15 Yoann Vandoorselaere * src/prelude-getopt.c (parse_argument): don't lookup variable here. (check_option): take a size argument. (check_option_reqarg): (check_option_optarg): modified theses function so that option with multiple arguments are taken into account without the arguments needing to be quoted. (call_option_from_cb_list): call lookup_variable_if_needed() here. (call_option_cb): copy the argument. (lookup_variable_if_needed): ability to lookup several variable in one buffer. * src/client-ident.c (declare_ident_to_manager): On big endian system, copy sensor_ident to nident so that we don't send an uninitialized value. Fix last remaining prefix problem. * Makefile.am (install-data-local): create sensors_spool_dir. * src/prelude-path.c: remove BACKUP_DIR. (prelude_get_backup_filename): use SENSORS_SPOOL_DIR. * src/Makefile.am (DEFS): define SENSORS_SPOOL_DIR. * configure.in (sensors_spool_dir): configure spool directory. * src/common.c (prelude_resolve_addr): document this function. 2002-05-14 Yoann Vandoorselaere * src/prelude-message.c (set_data): check call_alloc_cb return value. Avoid a possible NULL pointer dereference on out of memory condition. * src/prelude-message-buffered.c: remove unused send_msg_cb member. (flush_msg_cb): print an error if prelude_msg_dynamic_new() return NULL. 2002-05-14 Vincent Glaume * src/include/prelude-path.h: (prelude_get_socket_filename) has a new prototype. * src/prelude-path.c (prelude_get_socket_filename): builds a filename based on a port number for the unix socket, which allows to use several unix sockets. * src/prelude-client.c: complies to the new unix socket management. 2002-05-13 Yoann Vandoorselaere * src/prelude-client.c (prelude_client_connect): send ident before sending option list. 2002-05-08 Yoann Vandoorselaere * src/include/prelude-message-id.h: remove deprecated MSG ID. * src/client-ident.c: removed code for requesting an ID to the Manager, since we now generate the ident number ourselv. (prelude_client_ident_init): read the ident generated by sensor-adduser from the ident file. * sensor-adduser/sensor-adduser.c (elf_hash): (time_hash): (generate_sensor_ident): (register_sensor_ident): (setup_sensor_files): generate, and register sensor ident. * configure.in (sensors_config_dir): declare sensor_ident_file. * Makefile.am (install-data-local): remove sensor_ident_dir. 2002-05-06 Yoann Vandoorselaere * docs/api/Makefile.am: included PATCH from Yann Droneaud so that make distcheck work again with newest automake. 2002-05-05 Yoann Vandoorselaere make dist should now work. Also localstatedir is now respected. (Existing sensors / manager installation should re-create sensors account). * configure.in (sensors_config_dir): declare sensor_ident_dir. * Makefile.am (install-data-local): move authentication file to configuration dir. * configure.in: modify call to AC_DEFINE() so that we don't need acconfig.h anymore. 2002-04-30 Yoann Vandoorselaere * src/prelude-client-mgr.c (prelude_client_mgr_new): take a new type argument. For each created client, the specified type will be associated. * src/sensor.c: get rid of the is_caller_a_sensor variable. (setup_manager_addr): set client type to PRELUDE_CLIENT_TYPE_SENSOR. * src/prelude-client.c (prelude_client_new): default client type is PRELUDE_CLIENT_TYPE_OTHER. (prelude_client_connect): pass the client type to prelude_client_ident_send(). (prelude_client_set_type): new function, set client type. * src/client-ident.c (prelude_client_ident_send): now take a client_type argument. Only declare ident if type is PRELUDE_CLIENT_TYPE_SENSOR or PRELUDE_CLIENT_TYPE_MANAGER. * src/string-matching.c: (BoyerMoore_StringMatching): (BoyerMoore_CI_StringMatching): Fix a grave problem that could result in reading uninitialized memory. Made the code of theses function readable. 2002-04-28 Yoann Vandoorselaere * configure.in: autoconf 2.52 still have the AC_C_BIGENDIAN bug - require 2.53. 2002-04-27 Yoann Vandoorselaere * configure.in: use AM_PROG_LIBTOOL, for older libtool/automake installation. * src/plugin-common.c: remove dlfcn.h - not needed anymore with libltdl. (plugin_load_single): return -1 if the plugin is already loaded so that we don't count the plugin twice. (plugin_load_from_dir): remove the filename extension, so that libltdl decide of the best extension to use on this architecture. (plugin_load_single): use libltdl function. As there is often several file associated with a libtool plugin (from which the plugin can be loaded), and because libtool load the one that suit it best (for sake of compatibility), we have to check if we do not already have an handle for this plugin. (is_plugin_already_loaded): search a plugin by handle. * src/Makefile.am (INCLUDES): add libltdl include PATH. * configure.in: setup libltdl. * autogen.sh: libtoolize --ltdl * Makefile.am (SUBDIRS): libltdl. Theses change fix possible portability problem with dynamically loadable plugin API (OpenBSD plugin loading didn't work before this). 2002-04-26 Yoann Vandoorselaere * configure.in: require autoconf 2.50, not 2.53. 2002-04-25 Yoann Vandoorselaere * src/prelude-message.c (set_data): s/unsigned char/uint8_t/ 2002-04-24 Yoann Vandoorselaere * src/prelude-path.c (prelude_get_socket_filename): return a const char pointer. * src/include/list.h (list_entry): * src/prelude-message.c (set_data): avoid void pointer arithmetic. * src/include/extract.h: (byte): create a second byte macro conditionaly compiled depending on the byte order. (extract_uint64): do not try to translate from network byte order to host byte order if WORDS_BIGENDIAN is defined. (align_uint32): (align_uint64): (align_uint16): shift each byte. * src/idmef-msg-send.c (idmef_send_uint64): only translate analyzer ident to network byte order if we are on a little endian system. s/ntohl/htonl/. * src/client-ident.c (declare_ident_to_manager): only translate analyzer ident to network byte order if we are on a little endian system. * configure.in: prereq autoconf 2.53. use AC_C_BIGENDIAN macro to determine host byte order, libprelude-config --cflags also include this definition. * README: update. 2002-04-16 Yoann Vandoorselaere * src/include/extract.h: stop using memmove for alignment care ! Checksum performance test resulted in ~ 600MB/s without alignment care, and ~ 20MB/s with it (memmove). The new version (which cast every byte of the buffer to a single 8 bits integer and OR them all) run at ~ 200MB/s, which is way better. 2002-04-15 Yoann Vandoorselaere * src/include/list.h: included modified patch from Vincent Glaume adding function to walk the list in reverse order. 2002-04-14 Yoann Vandoorselaere * src/prelude-getopt.c (process_option_cfg_hook): (get_max_char): slight cleanup. * src/config-engine.c (config_get_section): don't check if the line is a comment here. (search_section): do it here. This fix a bug where we wouldn't find an option because a commented one would match. * src/prelude-getopt.c (print_wrapped): don't print \0 at the end of the line. This fix bug #0000029 (control character at end of help lines). 2002-04-13 Yoann Vandoorselaere * src/prelude-io.c (handle_ssl_error): new function, handle SSL error nicely. (ssl_read): (ssl_write): correct SSL error handling. Should help with some SSL communication problem. 2002-04-11 Yoann Vandoorselaere * Makefile.am (install-data-local): sensors-default.conf: should be world readable. So that non root sensor know where to reach the Prelude Manager. * src/include/extract.h: (align_uint16): (align_uint32): (align_uint64): (align_ipv4_addr): network to host order translation is done in extract_xx function. Alignment is done in align_xx function. 2002-04-09 Yoann Vandoorselaere * configure.in: stop using profile-arcs for optimised build. GCC generate bugged code with it. 2002-04-08 Yoann Vandoorselaere * src/prelude-client-mgr.c (broadcast_saved_message): print how many bytes we flushed... * src/prelude-message.c (prelude_msg_forward): use memcpy() to copy dlen. * src/plugin-common.c (plugin_search_by_name): new function, search a plugin by name. * Makefile.am (install-data-local): Only install default configuration file if it does not exit... If a configuration file is already present, warn the user and install in sensors-default.conf-dist. 2002-04-05 Yoann Vandoorselaere * src/prelude-auth.c (parse_auth_line): stop using strtok here. strtok() was causing problem on empty password, because it wouldn't return an empty token. * src/prelude-message.c (msg_mark_end): use memcpy instead of shifting dlen and copying it 8bits by 8bits. This fix problem on big endian machine. Thanks to Vincent Glaume who helped a lot on this issue. 2002-04-05 Krzysztof Zaraska * src/include/idmef-tree.h: added missing comment labeling idmef_alertident_t. 2002-04-04 Yoann Vandoorselaere * src/include/extract.h: include string.h for memmove. (extract_uint64): fix a problem with extract_uint64 on machine that need aligned access. * src/prelude-client.c (get_manager_setup): (read_plaintext_authentication_result): * sensor-adduser/sensor-adduser.c (get_manager_setup): don't give up until an error occur or we get prelude_msg_finished. 2002-03-29 Yoann Vandoorselaere * src/prelude-getopt.c (process_option_cfg_hook): handle case when there is several entry of the same name in the configuration file. Call the callback once for each entry then. * src/config-engine.c: (search_entry): (config_get): Modified so that when passed a NULL section and entry, it will try to search a different entry of the same name and within the same section as the previously searched one. 2002-03-28 Yoann Vandoorselaere * src/include/idmef-tree-func.h (idmef_string_set): remove errornous period after while(0), new idmef_string_copy() macro. 2002-03-28 Krzysztof Zaraska * INSTALL: * README: minor language corrections 2002-03-25 Yoann Vandoorselaere * src/include/extract.h (extract_uint16): (extract_uint32): (extract_uint64): (extract_ipv4_addr): theses function are now inlined. (extract_uint8_safe): (extract_uint16_safe): (extract_uint32_safe): (extract_uint64_safe): (extract_string_safe): New function, check buffer size before doing anything. * src/prelude-message.c (slice_message_header): (prelude_msg_get): * src/client-ident.c (recv_ident): * src/extract.c: obsoleted, theses function are now inline. * configure.in: put NEED_ALIGNED_ACCESS in libprelude-config --cflags. 2002-03-19 Yoann Vandoorselaere * src/prelude-io.c (ssl_close): avoid a leak when SSL_shutdown return 0. (ssl_close): don't close the fd two time. 2002-03-14 Yoann Vandoorselaere * Makefile.am (install-data-hook): stop using sticky bit on directory, permission for directory are 755 now. (except for the idents directory - not changed yet). * src/ssl-registration-msg.c (prelude_ssl_save_cert): stop using the BIO API here, and use the standard IO function so that we can now stop using the umask() hack. The function now take an UID argument, and the saved certificate is owned by this userID. * src/ssl-gencrypto.c (prelude_ssl_gen_crypto): take an UID argument, use fchown() to set the created file UID. * src/prelude-client-mgr.c (file_error): new function, tell the user sensors required files are not installed. * src/prelude-auth.c (open_auth_file): fchown the created file to the specified UID. (prelude_auth_create_account): (prelude_auth_create_account_noprompt): take an UID argument. * sensor-adduser/ssl-register.c (send_own_certificate): prelude_ssl_gen_crypto take an UID argument. (recv_manager_certificate): prelude_ssl_save_cert take an UID argument. * sensor-adduser/sensor-adduser.c (setup_sensor_files): new function, create sensors related file, with the needed sensors permission. (main): ssl_add_certificate and create_plaintext_user_account take an UID argument. * sensor-adduser/plaintext.c (create_plaintext_user_account): take an uid argument, call prelude_auth_create_account with this argument. 2002-03-12 Yoann Vandoorselaere * src/daemonize.c (get_absolute_filename): new function, get absolute filename if provided filename is relative (fix a bug on exit where the lockfile wouldn't be deleted because we chdir to /). (lockfile_write_pid): use provided pid argument, don't call getpid(). * src/prelude-getopt.c (call_option_cb): simplify, handle option_run_first and option_run_last definition. (prelude_option_add): parent option have option_run_last priority. (call_option_cb): fix and simplify. (parse_argument): reset saved_index to 0. This could trigger a bug while parsing option. (prelude_option_add): set default priority to option_run_no_order. 2002-03-11 Yoann Vandoorselaere * src/prelude-getopt.c (get_missing_options): add missing call to call_option_from_cb_list(). * src/extract.c (extract_ipv4_addr): only align when needed. * src/prelude-getopt.c (call_option_cb): new function, call option in priority order if needed. (parse_argument): if we meet an unknown option and we are at depth 0, continue parsing, so that it won't abort the whole process. * src/sensor.c (prelude_sensor_init): don't call prelude_async_init ourself, this is the sensor responssability. 2002-03-07 Krzysztof Zaraska * src/client-ident.c: * src/extract.c: * src/idmef-msg-send.c: * src/prelude-io.c: * src/prelude-message.c: fix warnings on compilation 2002-03-02 Krzysztof Zaraska * configure.in: fixed pthreads-related gcc flags on FreeBSD/OpenBSD 2002-02-28 Yoann Vandoorselaere * src/prelude-client.c (inet_connect): re-enable the Nagle algorithm for now. * src/idmef-tree-func.c (idmef_alert_new): set analyzerid field. 2002-02-27 Yoann Vandoorselaere * configure.in: check for pthread in several directory, including /usr/pkg. * src/prelude-client.c: include string.h 2002-02-21 Krzysztof Zaraska * src/config-engine.c: fixed includes for FreeBSD compatibility. 2002-02-21 Yoann Vandoorselaere * configure.in: check if alignment is needed. * src/extract.c: only align data if needed. 2002-02-20 Yoann Vandoorselaere * src/idmef-tree-func.c (free_alert): (free_assessment): free action list. * src/common.c (prelude_realloc): new function. Emulate realloc() behavior for system that doesn't comform to ANSI C. * src/prelude-message.c (read_message_header): * src/config-engine.c (op_append_line): (op_insert_line): use prelude_realloc(). * src/prelude-auth.c (get_password_salt): (cmp_cleartext_with_crypted): (prelude_auth_create_account): (get_random_salt): salt end with \0. We're not sure if crypt() require this, so this is for sanity only. * src/prelude-message.c (prelude_msg_new): initialize flush_msg_cb callback to NULL. Avoid an unitialized read. 2002-02-08 Yoann Vandoorselaere * src/prelude-getopt.c (parse_argument): handle parent option that have an argument... This function really need to be cleaned up. 2002-02-07 Yoann Vandoorselaere * src/plugin-common.c (delete_container): use list_for_each_safe. (plugin_del): do not free the container here. * src/prelude-getopt.c (print_options): remove an errornous putchar(). (print_options): description offset should include depth. * sensor-adduser/Makefile.am (sensor_adduser_LDADD): correct libprelude.so linkage. * src/prelude-client.c (read_plaintext_authentication_result): call auth_error() in case of failure authenticating. So that the user know what to do. (auth_error): call exit() here. * src/prelude-path.c (prelude_set_program_name): store userID if not already set. (prelude_set_program_userid): new function. (prelude_get_backup_filename): (prelude_get_ssl_key_filename): (prelude_get_ssl_cert_filename): (prelude_get_auth_filename): do not call getuid(), use provided uid. * src/prelude-auth.c: implement random salt generation. (prelude_auth_read_entry): more detailed return value. Ability to check if we are trying to apply a different password to an already existing user. * sensor-adduser/sensor-adduser.c (set_sensor_uid): call the new prelude_set_program_userid() function. (main): use seteuid() so that file can be created with another userid, without need to call fchown(). * sensor-adduser/plaintext.c (read_plaintext_creation_result): made message a little more detailed. * sensor-adduser/Makefile.am (sensor_adduser_LDADD): correct sensor-adduser linkage... Thanks go to Krzysztof Zaraska for pointing me to the problem. * INSTALL: updated installation note. * src/prelude-auth.c (prelude_auth_read_entry): remove un-necessary check. 2002-02-06 Yoann Vandoorselaere * src/ssl.c (ssl_init_client): use TLSv1, as suggested by Michael Samuel . * src/ssl-gencrypto.c: cleanup the got, get rid of un-needed thing. Stop using SSL BIO, and use libc IO operation for storing the key. (add_DN_object): subject is host:sensorname:sensorid:random-number. So we can be sure subject are uniq (else we'll end up not finding the good certificate to use with this client on the Manager side). * src/prelude-client.c: prelude_client_t object include an in_addr member (which is the resolved Manager address). (inet_connect): use the previously resolved addr. (auth_error): new function. (do_connect): if resolved address is 127.0.0.1 use UNIX connection. (handle_plaintext_connection): (handle_ssl_connection): call auth_error when necessary, telling the user how to do to setup the sensor. * sensor-adduser/sensor-adduser.c (main): use plaintext for authentication if we're connecting to localhost. SSL otherwise. * sensors-default.conf (manager-addr): unix is deprecated, use 127.0.0.1 (we'll use UNIX internally). 2002-02-05 Yoann Vandoorselaere * src/idmef-msg-send.c (idmef_send_web_service): (idmef_send_web_service_arg): handle web argument list. * src/idmef-tree-func.c (idmef_service_webservice_new): initialize argument list. (idmef_service_webservice_arg_new): new function return a webservice_arg. * src/prelude-message.c (prelude_msg_write): don't send empty message. * sensor-adduser/sensor-adduser.c (set_manager_addr): fix a bug when parsing provided Manager address. 2002-02-04 Yoann Vandoorselaere * sensor-adduser is back from the dead. * src/prelude-auth.c (prelude_auth_create_account_noprompt): new function, take username and password as argument. (prelude_auth_create_account): modified so that it return created username and password. * sensors-default.conf (manager-addr): default entry is only unix, since 127.0.0.1 is now translated to unix. Remove unused groupname entry * src/prelude-client.c (do_connect): When 127.0.0.1 is specified, use an UNIX socket. * src/prelude-path.c (prelude_get_sensor_name): new function, return the sensorname. * src/prelude-client.c (handle_plaintext_connection): correct message in case no authentication files are present. (handle_ssl_connection): ditto. 2002-02-02 Yoann Vandoorselaere * src/prelude-message.c: made API more consistant, and code simpler. 2002-02-01 Yoann Vandoorselaere * src/prelude-message-buffered.c: new prelude-msgbuf API. This API help a lot for message generation, and provide fragmentation and buffering of message. * src/prelude-message.c: big change allowing fragmentation and buffering of message. * src/prelude-client.c (get_manager_setup): handle prelude_msg_get() return value correctly. * src/prelude-client-mgr.c: removed function that used to open file securely and use prelude_open_persistant_tmpfile(). * src/idmef-tree-func.c: use list_add_tail everywhere. We want to insert data at the end of the list. * src/idmef-msg-send.c: convert to use the prelude-msgbuf API. (idmef_msg_send): now take an msgbuf as argument. * src/common.c (prelude_open_persistant_tmpfile): new function. Open a *possibly persistant* file for writing, trying to avoid symlink attack as much as possible. * src/client-ident.c (save_ident): use prelude_open_persistant_tmpfile() in order to open the file securely. 2002-01-26 Yoann Vandoorselaere * src/client-ident.c (prelude_client_get_analyzerid): new function. 2002-01-25 Yoann Vandoorselaere * src/include/idmef-tree.h: replace each occurence of const char * with the idmef_string_t type. This type associate a length with a string. So the sensor won't end up calling strlen which is slow. Also cleanup enumeration, enumeration with no default shouldn't use the value 0 for enumeration member. * src/include/idmef-msg-send.h: add macro to access idmef_string_t. * src/idmef-msg-send.c: made all function public. As they might be used independantly by sensors. 2002-01-23 Yoann Vandoorselaere * src/sensor.c (prelude_sensor_send_msg_async): new function. Send message asynchronously. (prelude_sensor_send_msg): renamed from prelude_sensor_send_alert + send alert synchronously. * src/idmef-msg-send.c (idmef_msg_send): use prelude_msg_reset. * src/prelude-message.c (prelude_msg_reset): new function, to be used if the same message is going to be written at several time. * src/idmef-tree-func.c: * src/idmef-msg-send.c: stop trying to count number of item / len. That's just too ugly. Use a static message buffer big enough (prelude_msg_set() will error if input is > buffer size anyway). 2002-01-22 Yoann Vandoorselaere * src/include/idmef-message-id.h: * src/idmef-tree-func.c: * src/idmef-msg-send.c: * src/include/idmef-tree.h: updated to fit the IDMEF draft 6... 2002-01-20 Krzysztof Zaraska * src/common.c: include * configure.in: added AC_CANONICAL_SYSTEM macro to fix autoconf 2.5x problem 2002-01-19 Yoann Vandoorselaere * src/extract.c: in case the address is not aligned, copy using memmove to an aligned buffer. This need to be further optimised using a macro to know if this host can handle unaligned access. * src/prelude-message.c: avoid alignement problem by using the extract function. * Update everything to fit header change. * src/common.c (prelude_resolve_addr): new function. * src/prelude-log.c: moved all the logging stuff here. 2002-01-18 Yoann Vandoorselaere * revert to using configure.in instead of configure.ac. using autoconf 2.5x result in too much problem. * src/prelude-auth.c (do_auth): (ask_manager_address): (write_auth_infos): (read_auth_result): removed unused. * configure.ac: correct check for profiling. Enable -fprofile-arcs if compiler support it. * src/timer.c (walk_and_wake_up_timer): set prev_remaining to a big negative value, so that the new timer algorithm debuging check won't blow at us because there is lag. (search_previous_timer): if the timer we want to insert expire at the same time as the known to be expiring last timer, replace it. (search_previous_timer): if the timer we want to insert expire at the same time as the known to be expiring first timer, replace it. (search_previous_backward): (search_previous_forward): handle case where we find an entry with the same expire time as our inserted timer. 2002-01-17 Yoann Vandoorselaere * src/prelude-io.c (prelude_io_read_wait): use an infinite timeout. This is a temporary workaround. Manager-adduser / sensor-adduser should use prelude_message. * src/prelude-client.c: prelude_client_t is a linked object. New helper function to get client informations. * src/sensor.c: wrapper for the new client-mgr function. * src/prelude-client-mgr.c: ability to return the whole client list, and to notify uppon client change throught a callback. * libprelude-config.in: * configure.ac: updated. Libprelude is not linked to the needed library anymore. It's up to the application to do so. Also, libprelude-config --libs will list -lc_r if needed for Posix Thread so that when an application using libprelude try to link, normal libc will be overwritten by -lc_r. This change was needed because crash would happen on FreeBSD using both library at the same time. Credits goes to Krzysztof Zaraska for finding the problem * src/client-ident.c (prelude_client_ident_send): if is_caller_a_sensor is set, declare the client as being ID 0 (Relay Manager). * src/sensor.c: global variable, telling if the caller is a sensor or not (a Manager for exemple). (prelude_sensor_init): set is_caller_a_sensor to 1. * src/prelude-async.c (prelude_async_add): signal the condition. 2002-01-16 Yoann Vandoorselaere * src/client-ident.c (save_ident): identity file should be readable for all. (prelude_client_ident_init): handle error when reading ident file. * src/prelude-io.c (ssl_read): (ssl_write): handle ssl error correctly. 2002-01-15 Yoann Vandoorselaere * src/timer.c: now work with a timer_t instead of a timeval structure. This is cleaner as we don't care about useconds anyway. Also updated the algorithm. The new algorithm use O(1) for timer insertion most of the time. And allow us to keep the timer sorted in the timer list. When waking up timer, this avoid us to look at the whole list. We can stop as soon as we meet an un-wokable timer (which is very advantaging where there is a lot of timer arround). (search_previous_timer): new function, deduce, in O(1) time, if the new timer should be the first or the last in the list. In both case insertion is O(1). If none of theses statement are true, then try to guess if the previous timer entry (in regards to the new timer) is located on the beginning or end of the list. Then call the needed insertion function. (search_previous_forward): new function. Search previous timer entry from end of the list to begining of the list. (search_previous_backward): ditto, but do it backward. (walk_and_wake_up_timer): handle wake_up_if_needed() return value. Now that the list is sorted, we can break as soon as we meet a timer we cannot wake. This is disabled for now for integrity checking. (wake_up_if_needed): return 0 if we woke the timer up, or -1 if time remaing before expiration. (time_elapsed): updated avoid some float() calculation. (time_remaining): new function. * src/prelude-client-mgr.c (broadcast_saved_message): (flush_backup_if_needed): Better error handling. Make the difference between communication error, and other error... (broadcast_saved_message): if there is a problem when forwarding the data to the client, then increment the count of connection dead and return a communication error. (parse_config_line): (client_timer_expire): After a successfull reconnection, check the flush_backup_if_needed() return value. If it indicate a communication error, re-init the connection timer. Else continue. * src/prelude-client.c (prelude_client_forward): handle the case where the connection break the same way as in prelude_client_send_msg() * src/prelude-message.c (read_message_data): copy size into a count variable on entering to the function. So that we don't get confused when comparing the amount of byte requested and the amount of byte we got. 2002-01-14 Yoann Vandoorselaere * src/ssl-register.c: move here. Obsolete sensor-adduser. Sensor now provide a -c option for creating the authentication file. * I'm too lazy to list all the change. Basically created a new file, prelude-path.c, with function returning path to stuff commonly shared by Prelude Manager and Libprelude. This get rid of some of the path mess. * src/prelude-client-mgr.c (setup_backup_fd): (prelude_client_mgr_new): use new prelude-path API. * src/client-ident.c (PRELUDE_PERSISTANT_DATA_DIR): set to /var/lib/prelude-sensors/idents (save_ident): identity only readable for a given sensor. * src/prelude-message.c: lot of cleanup, code comment. * src/prelude-io.c (prelude_io_get_fdptr): new function. Return file or ssl pointer associated with this file descriptor. 2002-01-11 Yoann Vandoorselaere * src/include/idmef-tree.h: * src/idmef-tree-func.c: * src/idmef-msg-send.c: move list.h inclusion out from the header file. * src/prelude-client.c (handle_plaintext_connection): always use PRELUDE_MSG_AUTH for header tag. use PRELUDE_MSG_AUTH_PLAINTEXT as a subtag. (start_unix_connection): read Manager setup, even in UNIX mode. (handle_plaintext_connection): call read_plaintext_authentication_result(). (read_plaintext_authentication_result): new function. Read authentication result. 2002-01-10 Yoann Vandoorselaere * src/prelude-client.c (handle_plaintext_connection): don't leak auth entry. * src/include/prelude-message-id.h: added ID for authentication. * src/include/prelude-message.h: * src/include/prelude-io.h: add a Swig entry so that swig know how to generate a wrapper. * src/ssl.c (ssl_init_client): free unused data in case of failure. * src/prelude-io.c (sys_write): (sys_close): don't handle case where read return 0. (file_read): (file_write): theses one should never set errno to EINTR or EAGAIN. * src/prelude-client.c (handle_plaintext_connection): read authentication message. This is now done throughr prelude-message, not prelude-io directly. most of the code reworked cause we use prelude-message everywhere now. * src/prelude-auth.c: don't take care of the connecting host anymore. Act as a basic interface to the authentication file. The message reading / writing code is now in the prelude-client / Manager server interface. Keep password crypted on the Manager server. * src/prelude-io.c (prelude_io_read_delimited): return -1 on EOF. 2002-01-07 Yoann Vandoorselaere * src/config-engine.c (cmp_entry): remove space at the beginning of the line. * src/idmef-msg-send.c: new interface for sending IDMEF message. This one is to be used by application that are not time critical. Other should still directly use the prelude-message API. * src/idmef-tree-func.c: moved most of the IDMEF creation function from the Manager server to libprelude. 2002-01-06 Krzysztof Zaraska * src/extract.c: added #include (FreeBSD compat. fix) 2002-01-05 Yoann Vandoorselaere * src/sensor.c (parse_argument): short option for manager-addr is -m, not -a. * src/client-ident.c: new file. (prelude_client_ident_tell): when called, will tell the other peer what ID we are, unless we are a Manager ourselve. (declare_ident_to_manager): put the ident in network byte order. * src/extract.c: new file, contain type checking function for message extraction. * src/sensor.c (prelude_sensor_init): now take a sensor_name argument. (setup_manager_addr): identifier for client manager is the sensor name. * src/prelude-message.c (prelude_msg_read): it's possible for a message to only contain an header. handle that case well, without returning an error. * src/prelude-client.c (prelude_client_connect): better error handling. Call prelude_client_ident_tell(). * src/prelude-client-mgr.c (parse_config_line): warn if Manager emission can not work at initialisation too. (setup_backup_fd): include program UID, in the filename. This file can't be shared if two instance of the sensor run as different user. * src/include/prelude-message-id.h (PRELUDE_MSG_ID_REPLY): (PRELUDE_MSG_ID_REQUEST): new message ID. * src/sensor.c (prelude_sensor_init): stop initializing if parse_argument() return prelude_option_end or prelude_option_error. * src/prelude-getopt.c (check_option_optarg): check index before dereferencing argv. 2002-01-04 Yoann Vandoorselaere * src/config-engine.c (is_line_commented): new function. (search_entry): if the section the entry is in is commented, return an error. (config_get_section): ditto. * src/include/plugin-common.h (plugin_request_new_id): remove plugin_option API. Plugin have to use prelude-getopt API now. * src/sensor.c (parse_argument): removed --help option hook. The application have to call prelude_option_print_help() in order for the user to see library option. (parse_argument): do not use prelude_option_new (dead). (parse_argument): handle prelude_option_parse_arguments return value the right way. * src/prelude-getopt.c: include string.h (search_cli_option): correctly match short option. (check_option_optarg): remove un-necessary code. (check_option_noarg): ditto. (check_option): initialize optarg to NULL for safety. (process_option_cfg_hook): new function: Try to get value for option that weren't set on command line in the config file. Big cleanup and slight API change. * src/prelude-client.c (prelude_client_connect): directly call prelude_option_wide_get_msg(). * src/prelude-client-mgr.c (parse_config_line): remove errornous strtok() function call. * src/plugin-common.c: API change. allow asynchronous plugin subscribtion / un-subscribtion. Cleanup. * src/config-engine.c (cmp_entry): (cmp_section): make the matching case unsensitive. (config_get_section): new function, return 0 if section exist. 2002-01-03 Yoann Vandoorselaere * src/prelude-client-mgr.c (secure_open): avoid symlink attack as much as possible. There is still a race condition because we are working with 'possibly persistant file' and there is no way to open a file that already exist securely (without truncating it or deleting it). 2002-01-02 Yoann Vandoorselaere * src/sensor.c (parse_argument): cleanup. Use generic sensor configuration file when needed. * src/prelude-getopt.c (get_missing_options): cleanup. (prelude_option_parse_arguments): only try to get missing option from configuration file if filename is not NULL. * src/prelude-client-mgr.c (parse_config_line): fix case were existing backup wouldn't be flushed. * Makefile.am (install-data-hook): create the config directory, (755), spool directory (1733, for any sensor to be able to fallback to writing to a file). Install a default configuration file, to be used the application doesn't specify one. * src/prelude-getopt.c (prelude_option_parse_arguments): only try to get missing option from configuration file if filename is not NULL. * src/sensor.c (setup_manager_addr): no need to duplicate optarg. * src/prelude-auth.c (prelude_auth_create_account): free client address string. (prelude_auth_send): ditto. * configure.ac: add -O0 -pg to CFLAGS if profiling is enabled. * src/config-engine.c (load_file_in_memory): handle fopen error correctly. * src/prelude-client-mgr.c: use two different file descriptor referencing the same backup file. One is open for writing, in O_APPEND mode. So the file won't get corrupted if different process are writing to it at the same time (write are atomic). (BACKUP_DIR): now /var/spool/prelude This forbid us to use the same file descriptor for reading. 2001-12-30 Yoann Vandoorselaere * src/include/threads.h: workaround for thread enabled thread profiling. This code come from http://sam.zoy.org/doc/programming/gprof.html The authors is presumably Samuel Hocevar . Only enabled if --enable-profiling is given on command line * Added missing CREDITS file, taken from prelude-nids and updated with the necessary entry. 2001-12-30 Krzysztof Zaraska * src/include/list.h: added #undef LIST_HEAD to fix FreeBSD conflict with LIST_HEAD from . See comment in the file for details. Also added copyright notice. * sensor-adduser/sensor-adduser.c: * src/prelude-getopt.c: * src/prelude-message.c: added #include (FreeBSD fix) 2001-12-29 Yoann Vandoorselaere * src/sensor.c (parse_argument): set warning flags to 0 before internally parsing argument to see if libprelude option were passed. Then restore the old warnings flags. * src/prelude-getopt.c (option_err): new function only print error if the passed flag is set in the global flags. * src/sensor.c (parse_argument): When parsing our own (libprelude) option set, don't print warning about unknow option which can be option from the sensor that initialise us. * src/prelude-getopt.c (prelude_option_set_warnings): new function. Set/Get current warning flags for option parsing. 2001-12-28 Yoann Vandoorselaere * src/plugin-common.c (plugin_print_stats): remove \t that was putting garbage in syslog logfile. * src/common.c (prelude_log_set_prefix): (standard_log): (syslog_log): new function that allow to set a global prefix to all prelude_log() call. Passing NULL to prelude_log_set_prefix() remove the prefix. * src/daemonize.c (prelude_daemonize): renamed to prelude_daemonize(). Comment the function. Also, if requested, create an exclusive lockfile held until program exit. * src/prelude-message.c (read_message_content): comment why we return prelude_msg_error if we get an EOF in the middle of a message. (prelude_msg_read): free message on error / eof. * src/prelude-client.c (handle_plaintext_connection): (handle_ssl_connection): (start_inet_connection): (start_unix_connection): fit API change. * src/prelude-client-mgr.c (setup_backup_fd): * src/prelude-io.c (prelude_io_set_file_io): now correspond to libc buffered I/O. (prelude_io_set_sys_io): renamed from set_network_io(). 2001-12-27 Yoann Vandoorselaere * src/include/prelude-message.h: * src/prelude-message.c: new type: prelude_msg_status_t returned by prelude_msg_read. This make the handling of the return value easier. 2001-12-26 Yoann Vandoorselaere * src/include/idmef-tree.h: ident members are all uint64_t. Add missing IDMEF stuff. * src/include/idmef-message-id.h: more work toward full IDMEF compliance. * src/prelude-auth.c (read_auth_result): Handle case where prelude_io_read_delimited() return 0. This fix a possible crash. 2001-12-19 Yoann Vandoorselaere * src/sensor.c (parse_argument): manager address is a wide option. (prelude_sensor_get_option_msg): return the wide option message for our wide option set. * src/prelude-io.c (prelude_io_read_wait): use poll() in order to wait data. This also fix a bug where we were returning 0 even if we couldn't read the specified amount of bytes. * src/prelude-getopt.c (prelude_option_wide_add): (prelude_option_new): compute message len on each wide option add. (prelude_option_wide_get_msg): generate, and cache a message containing all the wide option. * src/prelude-client.c (prelude_client_connect): send wide option message on connect. * src/prelude-async.c (async_thread): don't catch signals. * configure.ac (CFLAGS): add -DREENTRANT to cflags. 2001-12-14 Yoann Vandoorselaere * src/prelude-ident.c (setup_filedes_if_needed): new function. Correctly setup filed. Will avoid SIGBUS. * src/include/idmef-tree.h: ident is a 64 bit unsigned integer. * src/include/prelude-ident.h: * src/prelude-ident.c: new ident API. Use to generate unique 64 bits ident, remembered across program run (usage of memory mapped IO). 2001-12-13 Yoann Vandoorselaere * sensor-adduser/Makefile.am: * src/Makefile.am: * configure.ac: Fix : sensor-adduser doesn't compile without OpenSSL. 2001-12-12 Yoann Vandoorselaere * src/prelude-client-mgr.c (prelude_client_mgr_broadcast): (walk_manager_lists): correct warning emmission in case a Manager (or rule of Manager) goes down. 2001-12-11 Yoann Vandoorselaere * src/sensor.c: include ssl.h only if HAVE_SSL is defined. * configure.ac (COMMON_LIBS): applied patch from Krzysztof Zaraska ("use == operator for test in configure, but valid one is =") 2001-12-10 Yoann Vandoorselaere * src/common.c (syslog_log): we have to yse a buffer. (standard_log): use vfprintf(). 2001-12-08 Yoann Vandoorselaere * src/include/plugin-common-prv.h (plugin_run_with_return_value): (plugin_run): specify the member to call in the macro call. 2001-12-06 Yoann Vandoorselaere * src/prelude-client-mgr.c (prelude_client_mgr_get_manager_list): * src/sensor.c (prelude_sensor_get_manager_list): new function. * src/prelude-getopt.c (parse_argument): argv is not const. 2001-12-05 Yoann Vandoorselaere * src/include/common.h (do_init_nofail): put back do_init / do_init_nofail macro. * src/prelude-getopt.c : Lot of work. Hierarchy of option should now work. Callback have a control over the argument parsing using their return value. A flag is now passed when adding an option, to tell if it is handled throught the command line interface or the configuration file or both. 2001-12-04 Yoann Vandoorselaere * src/prelude-getopt.c (lookup_variable_if_needed): Take the address of the optarg pointer as argument. Return 0 on success, -1 on error. * src/common.c: * src/include/common.h: Move the log macro code to the prelude_log function. The log macro still exist, and will pass the necessary parameter to prelude_log(). This avoid the logging code to be inlined in the calling function, which was bad because it was making the functions grew at the risk of not fitting the CPU cache anymore. 2001-11-27 Yoann Vandoorselaere * src/prelude-getopt.c (prelude_option_add): use list_add_tail (item were inserted in the wrong order). prelude_option_t now contain a list of option (prelude_optlist_t). (option_print): new function : print the option hierarchicaly. Start changing the interface in order to allow sub-options. 2001-11-26 Yoann Vandoorselaere * src/prelude-getopt.c (handle_option): oops, reverted wrong fix, optarg is always returned and is never NULL. Removed un-needed if error prone. 2001-11-26 Banux * src/prelude-getopt.c (handle_option): callback is not call if no arg 2001-11-22 Yoann Vandoorselaere * src/include/idmef-tree.h: Pid is a 32 bit integer. 2001-11-21 Yoann Vandoorselaere * src/prelude-message.c (prelude_msg_set): fix assert. 2001-11-19 Yoann Vandoorselaere * src/prelude-async.c (wait_timer_and_data): use a while loop instead of tail recursivity for now as it might be the cause of a subtle bug. * configure.ac: * src/Makefile.am (libprelude_la_LIBADD): Add autoconf code to search pthread library. 2001-11-16 Yoann Vandoorselaere * src/include/idmef-tree.h: IDMEF structure. * src/include/idmef-message-id.h: ID for IDMEF based message. 2001-11-10 Yoann Vandoorselaere * src/prelude-message.c: (read_message_header): (prelude_msg_get): (prelude_msg_write): (prelude_msg_set): use separate index for read / write. This allow us to send a just read messages. Forwarding between Manager is on it's way. * src/sensor.c (prelude_sensor_send_alert): use asynchrnous broadcasting. * src/prelude-client-mgr.c (walk_manager_lists): Never free the message ourself. This is up to the caller to do it. (broadcast_async_cb): (prelude_client_mgr_broadcast_async): When asynchronous operation are used, free the message ourself. 2001-11-07 Yoann Vandoorselaere * src/prelude-async.c (get_elapsed_time): new function. (wait_timer_and_data): check the average time we spent waiting on the condition. (which may be > 1 second if the condition was signaled several time). (async_thread): Thread safety on list walking. * src/sensor.c: include prelude-list.h, not list.h 2001-11-06 Yoann Vandoorselaere * src/prelude-client-mgr.c (prelude_client_mgr_broadcast_msg): make this function void. Set the message to be processed asynchronously. * src/sensor.c (prelude_sensor_init): Initialize the asynchronous subsystem. * src/prelude-message.c: prelude_message_t inherit of prelude_async_object_t capability. * src/timer.c: Thread safety. * src/prelude-async.c: New asynchronous queue implementation. 2001-11-05 Yoann Vandoorselaere * src/prelude-client-mgr.c (prelude_client_mgr_broadcast_msg): Do not print that failsafe mode is enabled for each message. (broadcast_saved_message): print an error if message forwarding fail. (flush_backup_if_needed): ftruncate doesn't modify the file offset. Seek to the beginning of the file. * src/prelude-client.c (prelude_client_connect): set the connection_broken member here. This'll avoid bug on reconnection. * sensor-adduser/ssl-register.c: include netinet/in.h to fix BSD compilation. Thanks to Krzysztof Zaraska for reporting this. * sensor-adduser/sensor-adduser.c: include config.h * src/prelude-client.c Address member is not const anymore. (prelude_client_new): duplicate address string. (prelude_client_destroy): free address string. * src/prelude-io.c (copy_forward): forward data by chunk of 8192 bytes. 2001-10-30 Yoann Vandoorselaere * src/prelude-io.c: compile properly even if SSL is not available. * src/prelude-client-mgr.c (parse_config_string): new function, stop using strtok() which doesn't really fit our need. This also fix a bug where another NULL client would be added causing AND of client emission to fail. * sensor-adduser/sensor-adduser.c (main): Handle case where SSL is not installed. * src/prelude-auth.c: Modify to work with a prelude-io object. * src/prelude-client.c: Fit prelude-auth API change. * src/Makefile.am (libprelude_la_SOURCES): * src/include/Makefile.am (include_HEADERS): remove socket-op.h and socket-op.c, it is obsoleted by the prelude-io API. 2001-10-25 Yoann Vandoorselaere * src/sensor.c: remove the prelude_sensor_t private structure. We don't need it anymore. Add a global pointer on a Manager list. (setup_manager_addr): fit the new clients managers API. * src/prelude-client.c: remove reconnection / failsafe (message backup) code. This is moved to prelude-client-mgr.c (prelude_client_new): Ignore the SIGPIPE signal (we'll check at the write return value thought). Support for Manager implicitly closing the connection should be improved thought. (prelude_client_new): Do not connect here. (prelude_client_connect): new function, connect here. (prelude_client_get_address): new function, get the address / port associated with a prelude_client_t object. Change Prelude Report to Prelude Manager in several place. * sensor-addu