diff -Nru snoopy-1.8.0/bin/Makefile.am snoopy-2.3.1/bin/Makefile.am --- snoopy-1.8.0/bin/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,49 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### Use includes from src/ directory +# +AM_CFLAGS += -I$(top_srcdir)/src + + + +### Scripts to enable/disable snoopy +# +sbin_SCRIPTS = \ + snoopy-enable \ + snoopy-disable + + + +### Test programs +# +# Some development/testing programs here +# +bin_PROGRAMS = \ + snoopy-test-output +snoopy_test_output_SOURCES = \ + snoopy-test-output.c +snoopy_test_output_LDADD = \ + ../src/libsnoopy_no_execve.la + + +noinst_PROGRAMS = \ + snoopy-detect \ + snoopy-dev-helper \ + snoopy-test-all-data-sources + +snoopy_detect_SOURCES = \ + snoopy-detect.c + +snoopy_dev_helper_SOURCES = \ + snoopy-dev-helper.c +snoopy_dev_helper_LDADD = \ + ../src/libsnoopy_no_execve.la + +snoopy_test_all_data_sources_SOURCES = \ + snoopy-test-all-data-sources.c +snoopy_test_all_data_sources_LDADD = \ + ../src/libsnoopy_no_execve.la diff -Nru snoopy-1.8.0/bin/snoopy-detect.c snoopy-2.3.1/bin/snoopy-detect.c --- snoopy-1.8.0/bin/snoopy-detect.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/snoopy-detect.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,41 @@ +/* + * SNOOPY LOGGER + * + * File: detect.c -- simple execve() wrapper detection + * + * Copyright (c) 2000 Marius Aamodt Eriksen + * Copyright (c) 2000 Mike Baker + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#include +#include + +#ifndef RTLD_DEFAULT +# define RTLD_DEFAULT ((void *) 0) +#endif + +int main(void) { + char *libc = ((size_t)-1 > 0xffffffffUL) ? "/lib64/libc.so.6" : "/lib/libc.so.6"; + void *handle = dlopen(libc, RTLD_LAZY); + //simple test to see if the execve in memory matches libc.so.6 + if (dlsym(handle, "execve") != dlsym(RTLD_DEFAULT, "execve")) + printf("something fishy...\n"); + else + printf("secure\n"); + return 0; +} diff -Nru snoopy-1.8.0/bin/snoopy-dev-helper.c snoopy-2.3.1/bin/snoopy-dev-helper.c --- snoopy-1.8.0/bin/snoopy-dev-helper.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/snoopy-dev-helper.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,69 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy-dev-helper.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "configuration.h" +#include "inputdatastorage.h" +#include "message.h" +#include "misc.h" + + + +int main (int argc, char **argv) +{ + char *logMessage = NULL; + + /* Initialize snoopy */ + snoopy_init(); + + /* Fake init */ + snoopy_inputdatastorage_store_filename(argv[0]); + snoopy_inputdatastorage_store_argv(argv); + + // Init log message as empty string + logMessage = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE); + logMessage[0] = '\0'; + + printf("Snoopy: testing custom message formatting:\n\n"); + printf("Message format used: \n%s\n\n", SNOOPY_LOG_MESSAGE_FORMAT); + snoopy_message_generateFromFormat(logMessage, SNOOPY_LOG_MESSAGE_FORMAT); + printf("Produced output:\n%s\n\n", logMessage); + + + /* Housekeeping */ + free(logMessage); + snoopy_cleanup(); + return 0; +} diff -Nru snoopy-1.8.0/bin/snoopy-disable.in snoopy-2.3.1/bin/snoopy-disable.in --- snoopy-1.8.0/bin/snoopy-disable.in 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/snoopy-disable.in 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,45 @@ +#!/bin/sh + + + +# This is a script that disables system-wide snoopy installation. +# You have to run this script as a privileged user. +# This script is also run when you execute "make disable". + + + +### Where is the library installed? +# +LIBDIR="@SNOOPY_LIBDIR@" + + + +### Check user that is running this script +# +touch /etc/ld.so.preload +if [ ! -w /etc/ld.so.preload ]; then + echo + echo 'SNOOPY ERROR: /etc/ld.so.preload not writable - are you running this script as a unprivileged user?' + echo + exit 1 +fi + + + +### Do the actual installation +# +COUNT=`grep -Ec "/(lib)?snoopy.so" /etc/ld.so.preload` +if [ "$COUNT" -gt "1" ]; then + echo + echo "SNOOPY ERROR: Multiple instances of (lib)snoopy.so found in /etc/ld.so.preload. Unable to proceed." + echo + exit 1 +elif [ "$COUNT" -eq "1" ]; then + echo -n "SNOOPY: Removing from /etc/ld.so.preload: " + cat /etc/ld.so.preload | grep -E "/(lib)?snoopy.so" + sed -i "/\/\(lib\)\?snoopy.so/d" /etc/ld.so.preload + echo "SNOOPY: Disabled." + echo "SNOOPY: Hint: Your system needs to be restarted to finish snoopy cleanup." +else + echo "SNOOPY: Snoopy is NOT enabled on this system." +fi diff -Nru snoopy-1.8.0/bin/snoopy-enable.in snoopy-2.3.1/bin/snoopy-enable.in --- snoopy-1.8.0/bin/snoopy-enable.in 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/snoopy-enable.in 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,57 @@ +#!/bin/sh + + + +# This is a script that enables snoopy system-wide. +# You have to run this script as a privileged user. +# This script is also run when you execute "make enable". + + + +### Where is the library installed? +# +LIBDIR="@SNOOPY_LIBDIR@" + + + +### Check snoopy installation +# +if [ ! -x $LIBDIR/libsnoopy.so ]; then + echo + echo "SNOOPY ERROR: $LIBDIR/libsnoopy.so is not installed or is not executable" + echo + exit 1 +fi + + + +### Check user that is running this script +# +touch /etc/ld.so.preload +if [ ! -w /etc/ld.so.preload ]; then + echo + echo 'SNOOPY ERROR: /etc/ld.so.preload not writable - are you running this script as a unprivileged user?' + echo + exit 1 +fi + + + +### Do the actual installation +# +COUNT=`grep -Ec "/(lib)?snoopy.so" /etc/ld.so.preload` +if [ "$COUNT" -gt "1" ]; then + echo + echo "SNOOPY ERROR: Multiple instances of (lib)snoopy.so found in /etc/ld.so.preload. Unable to proceed." + echo + exit 1 +elif [ "$COUNT" -eq "1" ]; then + echo -n "SNOOPY: Removing from /etc/ld.so.preload: " + cat /etc/ld.so.preload | grep -E "/(lib)?snoopy.so" + sed -i "/\/\(lib\)\?snoopy.so/d" /etc/ld.so.preload +fi +echo "SNOOPY: Adding to /etc/ld.so.preload: $LIBDIR/libsnoopy.so" +echo "$LIBDIR/libsnoopy.so" >> /etc/ld.so.preload +echo "SNOOPY: Hint #1: Reboot your machine to load snoopy system-wide." +echo "SNOOPY: Hint #2: Check your log files for output." +echo "SNOOPY: Enabled." diff -Nru snoopy-1.8.0/bin/snoopy-install.sh snoopy-2.3.1/bin/snoopy-install.sh --- snoopy-1.8.0/bin/snoopy-install.sh 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/snoopy-install.sh 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,169 @@ +#!/bin/bash + + + +### Configuration +# +SNOOPY_DOWNLOAD_URI_PREFIX="http://source.a2o.si/download/snoopy" +SNOOPY_INSTALL_LOGFILE="`pwd`/snoopy-install.log" + + + +### Check if running as root +# +if [ "`id -u`" != "0" ]; then + echo "SNOOPY INSTALL ERROR: This installation must be run as root." + echo "Hint: 'sudo COMMAND' perhaps?" + exit 1 +fi + + + +### Install distro-dependent build prerequisites +# +echo "SNOOPY INSTALL: Installing distro-specific packages 'gcc' and 'make'..." +if [ -f /etc/debian_version ]; then + # Debian, Ubuntu + # About /dev/null: http://askubuntu.com/questions/372810/how-to-prevent-script-not-to-stop-after-apt-get + apt-get -y install gcc gzip make tar wget < "/dev/null" +elif [ -f /etc/redhat-release ]; then + # RHEL, Fedora, CentOS + yum install -y gcc gzip make tar wget +else + # Check if gcc and make are present + if ! which which &> /dev/null; then + echo "SNOOPY INSTALL ERROR: 'which' program not found!" + echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." + exit 1 + fi + + if ! which gcc &> /dev/null; then + echo "SNOOPY INSTALL ERROR: GCC compiler not found!" + echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." + exit 1 + fi + + if ! which make &> /dev/null; then + echo "SNOOPY INSTALL ERROR: 'make' program not found!" + echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." + exit 1 + fi + + if ! which tar &> /dev/null; then + echo "SNOOPY INSTALL ERROR: 'tar' program not found!" + echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." + exit 1 + fi + + if ! which gzip &> /dev/null; then + echo "SNOOPY INSTALL ERROR: 'gzip' program not found!" + echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." + exit 1 + fi +fi + + + +### Start bash subshell, to evaluate potential errors +# +( +set -e +set -u + + + +### Starting installation +# +rm -f $SNOOPY_INSTALL_LOGFILE +touch $SNOOPY_INSTALL_LOGFILE +echo "SNOOPY INSTALL: Starting installation, log file name: $SNOOPY_INSTALL_LOGFILE" + + + +### Get last stable Snoopy release +# +echo -n "SNOOPY INSTALL: Getting latest Snoopy version: " +SNOOPY_PACKAGE_FILENAME=`wget -q -O - $SNOOPY_DOWNLOAD_URI_PREFIX/snoopy-latest-package-filename.txt` +SNOOPY_PACKAGE_DIRNAME=`echo "$SNOOPY_PACKAGE_FILENAME" | sed -e 's/\.tar.gz$//'` +echo "$SNOOPY_PACKAGE_FILENAME" + + + +### Download Snoopy package +# +echo -n "SNOOPY INSTALL: Downloading $SNOOPY_DOWNLOAD_URI_PREFIX/$SNOOPY_PACKAGE_FILENAME... " +rm -f $SNOOPY_PACKAGE_FILENAME +wget $SNOOPY_DOWNLOAD_URI_PREFIX/$SNOOPY_PACKAGE_FILENAME >> $SNOOPY_INSTALL_LOGFILE 2>&1 +echo "done." + + + +### Untar, build and configure +# +echo -n "SNOOPY INSTALL: Unpacking $SNOOPY_PACKAGE_FILENAME... " +rm -rf $SNOOPY_PACKAGE_DIRNAME +tar -xzf $SNOOPY_PACKAGE_FILENAME +cd $SNOOPY_PACKAGE_DIRNAME +echo "done." + + + +echo -n "SNOOPY INSTALL: Configuring... " +./configure --enable-config-file --sysconfdir=/etc --enable-filtering >> $SNOOPY_INSTALL_LOGFILE 2>&1 +echo "done." + +echo -n "SNOOPY INSTALL: Building... " +make >> $SNOOPY_INSTALL_LOGFILE 2>&1 +echo "done." + +echo -n "SNOOPY INSTALL: Installing... " +make install >> $SNOOPY_INSTALL_LOGFILE 2>&1 +echo "done." + +echo -n "SNOOPY INSTALL: Enabling... " +make enable >> $SNOOPY_INSTALL_LOGFILE 2>&1 +echo "done." + + + +### Tell the user what to do next +# +echo +echo "SNOOPY LOGGER is now installed and enabled." +echo +echo "TIP #1: If Snoopy is to be enabled for all processes, you need" +echo " to restart your system, or at least all services on it." +echo +echo "TIP #2: If you ever need to disable Snoopy, you should use provided" +echo " 'snoopy-disable' script. Use 'snoopy-enable' to reenable it." +echo +echo "TIP #3: Snoopy output can usually be found somewhere in /var/log/*" +echo " Check your syslog configuration for details." +echo +echo "TIP #4: Configuration file location: /etc/snoopy.ini" +echo " See included comments for additional configuration options." +echo +echo "Snoopy wishes you a happy logging experience:)" +echo + + + +### End bash subshell +# +) +if [ "$?" != "0" ]; then + echo + echo + echo "Last 5 lines of Snoopy installation log file:" + tail -n5 $SNOOPY_INSTALL_LOGFILE + echo + echo "SNOOPY INSTALL ERROR: Something weird happened!" + echo "SNOOPY INSTALL ERROR: Please inspect log file for details ($SNOOPY_INSTALL_LOGFILE)" + exit 1 +fi + + + +### All done +# +true diff -Nru snoopy-1.8.0/bin/snoopy-test-all-data-sources.c snoopy-2.3.1/bin/snoopy-test-all-data-sources.c --- snoopy-1.8.0/bin/snoopy-test-all-data-sources.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/snoopy-test-all-data-sources.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,161 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy-test-all-data-sources.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "configuration.h" +#include "error.h" +#include "inputdatastorage.h" +#include "datasourceregistry.h" +#include "misc.h" + + + +/* + * We do not use separate .h file here + */ +int main (int argc, char **argv); +void snoopy_test_all_datasources (); +int snoopy_get_datasource_name_length_max (); + + + +int main (int argc, char **argv) +{ + /* Initialize snoopy */ + snoopy_init(); + snoopy_inputdatastorage_store_filename(argv[0]); + snoopy_inputdatastorage_store_argv(argv); + + /* Run the main function */ + snoopy_test_all_datasources(); + + /* Housekeeping */ + snoopy_cleanup(); + return 0; +} + + + +/* + * snoopy_test_all_datasources + * + * Description: + * Loops through all data source and prints what they return + * + * Params: + * (none) + * + * Return: + * void + */ +void snoopy_test_all_datasources () +{ + int datasourceNameLengthMax; + char *datasourceResult = NULL; + char *datasourceArgs = NULL; + int i; + int j; + + /* Initialize variables and spaces */ + datasourceResult = malloc(SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE + 1); + datasourceNameLengthMax = snoopy_get_datasource_name_length_max(); + + /* Loop throught all data sources and just append the output */ + i = 0; + while (strcmp(snoopy_datasourceregistry_names[i], "") != 0) { + datasourceResult[0] = '\0'; + int datasourceResultSize = -1; + + /* Which arguments to pass to data source */ + if (strcmp(snoopy_datasourceregistry_names[i], "env") == 0) { + datasourceArgs = "HOME"; + } else { + datasourceArgs = ""; + } + + /* Execute the data source function */ + datasourceResultSize = snoopy_datasourceregistry_ptrs[i](datasourceResult, datasourceArgs); + if (datasourceResultSize > SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE) { + snoopy_error_handler("Maximum data source message size exceeded"); + } + + /* Copy content, append */ + printf("%s:", snoopy_datasourceregistry_names[i]); + for (j=0 ; j<=(datasourceNameLengthMax-strlen(snoopy_datasourceregistry_names[i])) ; j++) { + printf(" "); + } + printf("%s\n", datasourceResult); + + /* Go to next data source */ + i++; + } + + /* Memory housekeeping */ + free(datasourceResult); +} + + + +/* + * snoopy_get_max_datasource_name_length + * + * Description: + * Loops through all data sources and returns length of the longest data source name + * + * Params: + * (none) + * + * Return: + * int max data source name length + */ +int snoopy_get_datasource_name_length_max () +{ + int datasourceNameLengthMax; + int i; + + datasourceNameLengthMax = 0; + i = 0; + while (strcmp(snoopy_datasourceregistry_names[i], "") != 0) { + if (strlen(snoopy_datasourceregistry_names[i]) > datasourceNameLengthMax) { + datasourceNameLengthMax = strlen(snoopy_datasourceregistry_names[i]); + } + + /* Go to next data source provider */ + i++; + } + + return datasourceNameLengthMax; +} diff -Nru snoopy-1.8.0/bin/snoopy-test-output.c snoopy-2.3.1/bin/snoopy-test-output.c --- snoopy-1.8.0/bin/snoopy-test-output.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bin/snoopy-test-output.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,110 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy-test-output.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "configuration.h" +#if defined(SNOOPY_FILTERING_ENABLED) +#include "filtering.h" +#endif +#include "inputdatastorage.h" +#include "log.h" +#include "message.h" +#include "misc.h" + + + +int main (int argc, char **argv) +{ + char *logMessage = NULL; + + /* Initialize snoopy */ + snoopy_init(); + + /* Initialize empty log message */ + logMessage = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE); + logMessage[0] = '\0'; + + snoopy_inputdatastorage_store_filename(argv[0]); + snoopy_inputdatastorage_store_argv(argv); + + if (SNOOPY_TRUE == snoopy_configuration.config_file_enabled) { + printf("Configuration file is enabled: %s\n", snoopy_configuration.config_file_path); + if (SNOOPY_TRUE == snoopy_configuration.config_file_found) { + printf("Configuration file found.\n"); + } else { + printf("WARNING: Configuration file does not exist!\n"); + } + if (SNOOPY_TRUE == snoopy_configuration.config_file_parsed) { + printf("Configuration file was parsed sucessfully.\n"); + } else { + printf("WARNING: Configuration file parsing FAILED!\n"); + } + } else { + printf("INFO: Configuration file is NOT enabled.\n"); + } + + snoopy_message_generateFromFormat(logMessage, snoopy_configuration.message_format); + printf("Message generated:\n"); + printf("\n"); + printf("%s\n", logMessage); + printf("\n"); + +#if defined(SNOOPY_FILTERING_ENABLED) + /* Should message be passed to syslog or not? */ + if ( + (SNOOPY_FALSE == snoopy_configuration.filtering_enabled) + || + ( + (SNOOPY_TRUE == snoopy_configuration.filtering_enabled) + && + (SNOOPY_FILTER_PASS == snoopy_filtering_check_chain(logMessage, snoopy_configuration.filter_chain)) + ) + ) { +#endif + snoopy_log_dispatch(logMessage, SNOOPY_LOG_MESSAGE); + printf("Message sent to output '%s(%s)'.\n", snoopy_configuration.output, snoopy_configuration.output_arg); + printf("If snoopy is already enabled on your system, you should see two identical messages.\n"); + printf("If you are testing snoopy via LD_PRELOAD environmental variable, you will see another identical message.\n"); +#if defined(SNOOPY_FILTERING_ENABLED) + } else { + printf("Message NOT sent to syslog. One of the filters dropped it.\n"); + } +#endif + + /* Housekeeping */ + free(logMessage); + snoopy_cleanup(); + return 0; +} diff -Nru snoopy-1.8.0/bootstrap.sh snoopy-2.3.1/bootstrap.sh --- snoopy-1.8.0/bootstrap.sh 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/bootstrap.sh 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,57 @@ +#!/bin/bash + + + +### Signal success +# +set +x +echo -e "\nStarting AutoTools run:\n" + + + +### Shell setup +# +# Treat all errors as fatal and trace the progress +# +set -e +set -x + + + +### Clear cache +# +if [ -d autom4te.cache ]; then + rm -rf autom4te.cache +fi + + + +### Bug in aclocal: manually create m4 directory if it does not exist +# +if [ ! -d build/m4 ]; then + mkdir -p build/m4 +fi + + + +### Run autotools +# +#libtoolize --install --copy --force +#aclocal +#automake --add-missing --copy +#autoconf +#autoreconf -i # This is the new recommended way +autoreconf -i -v + + + +### Remove stale/backup files +# +rm -f config.h.in~ + + + +### Signal success and exit +# +set +x +echo -e "\nAutoTools run was completed sucessfully. You should run ./configure now.\n" diff -Nru snoopy-1.8.0/build/Makefile.am.common snoopy-2.3.1/build/Makefile.am.common --- snoopy-1.8.0/build/Makefile.am.common 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/build/Makefile.am.common 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,16 @@ +BUILT_SOURCES = +CLEANFILES = +DISTCLEANFILES = +EXTRA_DIST = +EXTRA_LTLIBRARIES = +EXTRA_PROGRAMS = +MAINTAINERCLEANFILES = +TESTS = +check_PROGRAMS = + +CLEANFILES += *.o +#CLEANFILES += $(EXTRA_LTLIBRARIES) $(EXTRA_PROGRAMS) $(check_PROGRAMS) +#DISTCLEANFILES += $(BUILT_SOURCES) +MAINTAINERCLEANFILES += Makefile.in + +AM_CFLAGS = -Wall -Werror diff -Nru snoopy-1.8.0/build/snoopy.m4 snoopy-2.3.1/build/snoopy.m4 --- snoopy-1.8.0/build/snoopy.m4 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/build/snoopy.m4 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,206 @@ +# +# SNOOPY LOGGER +# +# File: snoopy.m4 +# +# Copyright (c) 2015 Bostjan Skufca +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# + + + +### +### Macros for adding data source enable/disable options to ./configure +### +# +AU_DEFUN([SNOOPY_CONFIGURE_DATASOURCE_ENABLE], +[ + AC_ARG_ENABLE(datasource-$1, + [AC_HELP_STRING( + [--disable-datasource-$1], + [disable data source "$1". This datasource provides $2. [default=enabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_datasource_$1=yes + elif test "x$enableval" = "xno"; then + enable_datasource_$1=no + else + AC_MSG_ERROR([--disable-datasource-$1 does not take any arguments, got: $enableval]) + fi + ], + [enable_datasource_$1=$enable_all_datasources] + ) + + AS_IF([test "x$enable_datasource_$1" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_DATASOURCE_ENABLED_$1, 1, [Is data source "$1" available?]) + ]) + AM_CONDITIONAL([DATASOURCE_ENABLED_$1], [test "x$enable_datasource_$1" == "xyes"]) + AC_SUBST([enable_datasource_$1]) +]) + + +AU_DEFUN([SNOOPY_CONFIGURE_DATASOURCE_DISABLE], +[ + AC_ARG_ENABLE(datasource-$1, + [AC_HELP_STRING( + [--enable-datasource-$1], + [enable data source "$1". This datasource provides $2. [default=disabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_datasource_$1=yes + elif test "x$enableval" = "xno"; then + enable_datasource_$1=no + else + AC_MSG_ERROR([--enable-datasource-$1 does not take any arguments, got: $enableval]) + fi + ], + [enable_datasource_$1=no] + ) + + AS_IF([test "x$enable_datasource_$1" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_DATASOURCE_ENABLED_$1, 1, [Is data source "$1" available?]) + ]) + AM_CONDITIONAL([DATASOURCE_ENABLED_$1], [test "x$enable_datasource_$1" == "xyes"]) + AC_SUBST([enable_datasource_$1]) +]) + + + +### +### Macros for adding filter enable/disable options to ./configure +### +# +AU_DEFUN([SNOOPY_CONFIGURE_FILTER_ENABLE], +[ + AC_ARG_ENABLE(filter-$1, + [AC_HELP_STRING( + [--disable-filter-$1], + [disable filter "$1". $2 [default=enabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_filter_$1=yes + elif test "x$enableval" = "xno"; then + enable_filter_$1=no + else + AC_MSG_ERROR([--disable-filter-$1 does not take any arguments, got: $enableval]) + fi + ], + [enable_filter_$1=$enable_all_filters] + ) + + AS_IF([test "x$enable_filter_$1" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_FILTER_ENABLED_$1, 1, [Is filter "$1" available?]) + ]) + AM_CONDITIONAL([FILTER_ENABLED_$1], [test "x$enable_filter_$1" == "xyes"]) + AC_SUBST([enable_filter_$1]) +]) + + +AU_DEFUN([SNOOPY_CONFIGURE_FILTER_DISABLE], +[ + AC_ARG_ENABLE(filter-$1, + [AC_HELP_STRING( + [--enable-filter-$1], + [enable filter "$1". $2 [default=disabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_filter_$1=yes + elif test "x$enableval" = "xno"; then + enable_filter_$1=no + else + AC_MSG_ERROR([--enable-filter-$1 does not take any arguments, got: $enableval]) + fi + ], + [enable_filter_$1=no] + ) + + AS_IF([test "x$enable_filter_$1" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_FILTER_ENABLED_$1, 1, [Is filter "$1" available?]) + ]) + AM_CONDITIONAL([FILTER_ENABLED_$1], [test "x$enable_filter_$1" == "xyes"]) + AC_SUBST([enable_filter_$1]) +]) + + + +### +### Macros for adding output enable/disable options to ./configure +### +# +AU_DEFUN([SNOOPY_CONFIGURE_OUTPUT_ENABLE_FORCE], +[ + AC_DEFINE(SNOOPY_CONF_OUTPUT_ENABLED_$1, 1, [Is output "$1" available? Forced "Yes".]) + AM_CONDITIONAL([OUTPUT_ENABLED_$1], [test "x$enable_output_$1" == "xyes"]) + AC_SUBST([enable_output_$1], [yes]) +]) + + +AU_DEFUN([SNOOPY_CONFIGURE_OUTPUT_ENABLE], +[ + AC_ARG_ENABLE(output-$1, + [AC_HELP_STRING( + [--disable-output-$1], + [disable output "$1". $2 [default=enabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_output_$1=yes + elif test "x$enableval" = "xno"; then + enable_output_$1=no + else + AC_MSG_ERROR([--disable-output-$1 does not take any arguments, got: $enableval]) + fi + ], + [enable_output_$1=$enable_all_outputs] + ) + + AS_IF([test "x$enable_output_$1" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_OUTPUT_ENABLED_$1, 1, [Is output "$1" available?]) + ]) + AM_CONDITIONAL([OUTPUT_ENABLED_$1], [test "x$enable_output_$1" == "xyes"]) + AC_SUBST([enable_output_$1]) +]) + + +AU_DEFUN([SNOOPY_CONFIGURE_OUTPUT_DISABLE], +[ + AC_ARG_ENABLE(output-$1, + [AC_HELP_STRING( + [--enable-output-$1], + [enable output "$1". $2 [default=disabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_output_$1=yes + elif test "x$enableval" = "xno"; then + enable_output_$1=no + else + AC_MSG_ERROR([--enable-output-$1 does not take any arguments, got: $enableval]) + fi + ], + [enable_output_$1=no] + ) + + AS_IF([test "x$enable_output_$1" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_OUTPUT_ENABLED_$1, 1, [Is output "$1" available?]) + ]) + AM_CONDITIONAL([OUTPUT_ENABLED_$1], [test "x$enable_output_$1" == "xyes"]) + AC_SUBST([enable_output_$1]) +]) diff -Nru snoopy-1.8.0/ChangeLog snoopy-2.3.1/ChangeLog --- snoopy-1.8.0/ChangeLog 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/ChangeLog 2015-05-24 12:25:02.000000000 +0000 @@ -1,8 +1,226 @@ ------------------------------------------------------------------------------- - SnoopyLogger ChangeLog + Snoopy Logger ChangeLog ------------------------------------------------------------------------------- +2015-05-24 - Version 2.3.1 +-------------------------- +o Bugfix (#68 @ GitHub): fixed build failure on SLES - mismatching prototype + in error.c/.h (reported by GitHub user @tparkercbn). + + +2015-05-11 - Version 2.3.0 +-------------------------- +o Feature: new data source: datetime (returns current date and time in + ISO8601 format). +o Feature (#54 @ GitHub): new data sources: timestamp, timestamp_ms and timestamp_us +o Feature (#55 @ GitHub): file output is now configurable with ./configure flag + --with-default-output=OUTPUT_SPEC. +o Feature (#53 @ GitHub): file output provider implemented. Snoopy is now capable of logging + directly to file, if filesystem permissions do not prevent it. +o Bugfixes: resolved all nine Coverity bugs (#80899-#80909), covering various + resource leaks, unchecked string writes etc. +o Bugfixes: resolved six additional coverity bugs (82437-82442) +o Refactoring build process: config file comments now reflect which data + sources, filters and outputs are available in given Snoopy installation/ + package/build. +o Refactoring build process: all data sources, filters and outputs can now be + enabled/disabled individually by ./configure flags. This should make Snoopy + less vulnerable if securing installation by reducing attack surface is + desired. Each group (data sources, filters and outputs) can also be + disabled with a single --enable-all-* ./configure flag. +o Refactoring build process: removed all stale files which are copied/symlinked + by autoreconf; updated makefiles to enable building outside of source tree; + renamed some outputs to maintain naming consistency; reduced complexity and + size of configure.ac by abstracting certain functionality into dedicated + macros; moved as many build-time files as possible from root into + build/aux/ directory; +o Enhancement: specify in debian build recipe that libsnoopy package is to + supersed old 'snoopy' package. + (Contributed by Frederic Mora) +o Refactoring: do not include filtering code if filtering is not enabled on + ./configure line. +o Refactoring #50 (GitHub): change ./configure flag --enable-filter to + --enable-filtering, to prepare Snoopy for future changes (per-datasource, + per-filter and per-output configure flags). +o Bug #49 (GitHub): reset configuration values back to their corresponding + defaults when running final cleanup. This prevents buffer overflows on + next Snoopy invocations when config file is not found anymore. +o Enhancement #48: do not include code for config file in the final library + when config file is not enabled at all (via ./configure argument). +o Feature #45: new filter that excludes snoopy log entries from certain + processes. + (Code contributed by Frederic Mora) +o Bug #44 / Enhancement #42: upgraded iniparser compotent to latest git + version, the one that was included before was causing problems in + threaded environments (java). +o Refactoring #41: change term "input provider" to "data source", to more + accurately reflect what is actually going on in that part of code. +o Enhancement #42: upgraded included iniparser component to latest git version. + This hopefully resolves issues with threaded processes. +o Repository refactoring: removed all files that are created/copied by + autotools suite, and added them to gitignore. +o Include documentation in release packages from now on. + + +2015-04-27 - Version 2.2.8 +--------------------------- +o Bugfix #39: prevent double freeing of message_format and filter_chain + variables when snoopy.ini suddenly disappears from filesystem. + (reported by Ariel Zach) +o Bugfix #39-2: Fix invalid parsing in rpname input provider - check the line + that is read from /proc/PID/status and verify that it is non-empty and that + it actually contains colon character before attempting to parse it. + (reported and initial fix authored by Ariel Zach) +o Bugfix #46: prevent bufffer overflow in cmdline input provider + (reported by Ariel Zach) +o Bugfix and refactoring: rpname input provider was leaking some memory, and + it was made more logically structured (variables and if conditions were + changed to more logical and coherent naming, to align it better with the + rest of Snoopy code). +o Bugfix #47: Bugfix #39 inadvertently introduced a doublefree bug when + filter chain was specified in snoopy.ini. + (reported by Ariel Zach) + + +2015-03-26 - Version 2.2.7 +--------------------------- +o Feature: added new input provider %{rpname} - gets root process name + (submitted by Ariel Zach) + + +2015-03-06 - Version 2.2.6 +--------------------------- +o Feature: added new input provider %{env_all} - logs whole environment +o Feature: added new input provider %{pid} - provides process id +o Feature: added new input provider %{ppid} - provides parent process id +o Bugfix: Fixed improper return value checking in all input providers that + work with literal usernames and groups. This was causing shutdown hangs on + RH/CentOS 7 systems that use systemd, with additional special conitions: + - compiled-in message_format must have included these input providers, + - when only configured in snoopy.ini, they did not trigger this bug. + + +2015-03-04 - Version 2.2.5 +--------------------------- +o Bugfix: devlog output provider was not resetting configuration to original + values after it called socket output provider as its subroutine. +o Bugfix: added support for 'make install DESTDIR=...' in etc/Makefile.am +o Bugfix: fixed installation of snoopy.ini in nonexistent directory + + +2015-01-27 - Version 2.2.4 +--------------------------- +o Bugfix: devlog output was not implemented properly, it was missing log + facility and log level specification. This resulted in Snoopy output + appearing on user's console, as everything was treated with EMERG + severity. On CentOS/RH messages of this severity are forwarded to console + by default. +o Bugfix: Install configuration file with .NEW suffix, and warn the user. + + +2015-01-27 - Version 2.2.3 +--------------------------- +o Bugfix: fixed compilation issues on pre 2.09 glibc platforms + (SOCK_NONBLOCK, SOCK_CLOEXEC missing) + + +2015-01-20 - Version 2.2.2 +--------------------------- +o Bugfix: fixed compilation issues on pre 2.12 glibc platforms (getsid) + + +2015-01-11 - Version 2.2.1 +--------------------------- +o Feature: added support for configurable output selection +o Feature: added dummy input provider: snoopy_version +o Bugfix: changed default output provider from syslog to devlog (non-blocking + socket as workaround for systemd's buffered/blocking /dev/log socket) + + +2015-01-11 - Version 2.2.0 +--------------------------- +o Never released. + + +2014-11-08 - Version 2.1.0 +--------------------------- +o Enhancement: strict checking of ./configure --with-syslog-* values +o Enhancement: enabled configuration of syslog facility and level from + configuration file + + +2014-11-07 - Version 2.0.1 +--------------------------- +o Bugfix: fixed uninitialized pointer in filter/exclude_uid.c and only_uid.c +o Enhancement: prefix all iniparser errors with "SNOOPY " prefix, so it is + evident where errors are coming from +o Bugfix: changed --with-config-file to --enable-config-file. Having two ways + to specify where configuration file exists is redundant and confusing. + + +2014-11-05 - Version 2.0.0 +--------------------------- +o Feature: Added support for custom message format specification at + configuration time +o Feature: New input providers: + - egroup (thanks Sébastien Gross) + - env (thanks Taylor Kimball) + - eusername (thanks Sébastien Gross) + - group (thanks Sébastien Gross) + - login (thanks Sébastien Gross) + - username (thanks Sébastien Gross) + - tty_uid (thanks Tony Malkowski) + - tty_username +o Feature: Implemented internal filtering, with the following filters available: + - exclude_uid + - only_root + - only_uid +o Feature: Added optional support for INI configuration file +o Feature: Added envp data to intputdatastorage if execve() is used. Prepared + for future inputs to consume it. +o Feature: Created snoopy-enable and snoopy-disable system scripts. + +o Distro packaging: added debian/ubuntu packaging data (by Sebastien Gross) +o Distro packaging: added rhel/centos package spec file (by Jeremy Brown) + +o Refactoring: Separated data gathering into separate functions, to be + used at will - now they are called "input providers" +o Refactoring: Removed external filtering, to be replaced with internal + filtering capability in the making +o Refactoring: Removed logging exclusion via prefix, was created for + exclusion of logging of external filter commands +o Refactoring: switched to autotools completely +o Refactoring: all builds now use -Wall and -Werror +o Refactoring: removed --enable-cwd-logging (superseded by message formatting + options and input provider) +o Refactoring: Snoopy library is now called libsnoopy.so instead of snoopy.so, + to conform to autotools syntax +o Refactoring: ./configure: removed many bugs, added proper syntax and error + messages to help user decide what she wants +o Refactoring: added 'proper' (unified) error handling +o Refactoring: moved input testing to separate executable, which does not get + installed, but is only intended for development/debugging +o Refactoring: created proper initialization/shutdown methods + +o Documentation: added into about writing new input providers +o Bugfix: fixed compilation failure on debian in inputs/cwd.c (thanks Sébastien Gross) +o Bugfix: missing snoopy.ini in distribution tarball (thanks Jeremy Brown) +o Bugfix: When uninstalling, also disable Snoopy (remove from /etc/ld.so.preload). + + +2013-04-06 - Version 1.9.0 +--------------------------- +o Bugfix: fixed bug with unclosed /dev/log descriptor which caused hangs +o Feature: System-dependent exec() argument length support added (thanks Jeff Schroeder) +o Refactoring: README updated with Markdown format, for nicer display at github + + +2013-02-03 - Version 1.8.1 +--------------------------- +o Bugfix: enable.sh was not /bin/sh compliant, fixed (thanks "phe") + + 2011-03-06 - Version 1.8.0 --------------------------- o Feature: syslog facility is now configurable diff -Nru snoopy-1.8.0/config.h.in snoopy-2.3.1/config.h.in --- snoopy-1.8.0/config.h.in 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/config.h.in 2015-05-24 12:25:02.000000000 +0000 @@ -1,8 +1,17 @@ /* config.h.in. Generated from configure.ac by autoheader. */ +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + /* Define to 1 if you have the `getcwd' function. */ #undef HAVE_GETCWD +/* Define to 1 if you have the `getsid' function. */ +#undef HAVE_GETSID + +/* Define to 1 if you have the `gettimeofday' function. */ +#undef HAVE_GETTIMEOFDAY + /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H @@ -16,33 +25,70 @@ to 0 otherwise. */ #undef HAVE_MALLOC +/* Define to 1 if you have the `memmove' function. */ +#undef HAVE_MEMMOVE + /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + +/* Define to 1 if you have the `socket' function. */ +#undef HAVE_SOCKET + /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H +/* Define to 1 if you have the `strchr' function. */ +#undef HAVE_STRCHR + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H +/* Define to 1 if you have the `strstr' function. */ +#undef HAVE_STRSTR + +/* Define to 1 if you have the `strtol' function. */ +#undef HAVE_STRTOL + /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TIME_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H +/* Define to 1 if you have the header file. */ +#undef HAVE_TIME_H + /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + +/* Name of package */ +#undef PACKAGE + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT @@ -55,33 +101,153 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME -/* "http://sourceforge.net/projects/snoopylogger/" */ +/* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION -/* Enable logging of Current Working Directory */ -#undef SNOOPY_CWD_LOGGING +/* INI configuration file path to use */ +#undef SNOOPY_CONF_CONFIG_FILE + +/* Is data source "cmdline" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline + +/* Is data source "cwd" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_cwd + +/* Is data source "datetime" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_datetime + +/* Is data source "egid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_egid + +/* Is data source "egroup" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_egroup + +/* Is data source "env" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_env + +/* Is data source "env_all" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_env_all + +/* Is data source "euid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_euid + +/* Is data source "eusername" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_eusername + +/* Is data source "filename" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_filename + +/* Is data source "gid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_gid + +/* Is data source "group" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_group + +/* Is data source "login" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_login + +/* Is data source "pid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_pid -/* Prefix to commands excluded from logging */ -#undef SNOOPY_EXCLUDE_PREFIX +/* Is data source "ppid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_ppid -/* Enable external filtering support */ -#undef SNOOPY_EXTERNAL_FILTER +/* Is data source "rpname" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_rpname -/* External filter command to use */ -#undef SNOOPY_EXTERNAL_FILTER_COMMAND +/* Is data source "sid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_sid -/* Syslog facility to use */ -#undef SNOOPY_SYSLOG_FACILITY +/* Is data source "snoopy_version" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version -/* Syslog level to use */ -#undef SNOOPY_SYSLOG_LEVEL +/* Is data source "timestamp" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp + +/* Is data source "timestamp_ms" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms + +/* Is data source "timestamp_us" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us + +/* Is data source "tty" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_tty + +/* Is data source "tty_uid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid + +/* Is data source "tty_username" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username + +/* Is data source "uid" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_uid + +/* Is data source "username" available? */ +#undef SNOOPY_CONF_DATASOURCE_ENABLED_username + +/* Enable error logging */ +#undef SNOOPY_CONF_ERROR_LOGGING_ENABLED + +/* Enable filtering */ +#undef SNOOPY_CONF_FILTERING_ENABLED + +/* Custom filter chain to use */ +#undef SNOOPY_CONF_FILTER_CHAIN_custom + +/* Is filter "exclude_spawns_of" available? */ +#undef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of + +/* Is filter "exclude_uid" available? */ +#undef SNOOPY_CONF_FILTER_ENABLED_exclude_uid + +/* Is filter "only_root" available? */ +#undef SNOOPY_CONF_FILTER_ENABLED_only_root + +/* Is filter "only_uid" available? */ +#undef SNOOPY_CONF_FILTER_ENABLED_only_uid + +/* Custom message format to use */ +#undef SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom + +/* Default output provider */ +#undef SNOOPY_CONF_OUTPUT_DEFAULT + +/* Default output arguments */ +#undef SNOOPY_CONF_OUTPUT_DEFAULT_ARG + +/* Is output "devlog" available? */ +#undef SNOOPY_CONF_OUTPUT_ENABLED_devlog + +/* Is output "file" available? */ +#undef SNOOPY_CONF_OUTPUT_ENABLED_file + +/* Is output "socket" available? Forced "Yes". */ +#undef SNOOPY_CONF_OUTPUT_ENABLED_socket + +/* Is output "syslog" available? */ +#undef SNOOPY_CONF_OUTPUT_ENABLED_syslog + +/* Only log commands executed by root */ +#undef SNOOPY_CONF_ROOT_ONLY + +/* Syslog facility to use by default */ +#undef SNOOPY_CONF_SYSLOG_FACILITY + +/* Syslog level to use by default */ +#undef SNOOPY_CONF_SYSLOG_LEVEL /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS +/* Version number of package */ +#undef VERSION + +/* Define to `int' if doesn't define. */ +#undef gid_t + /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus @@ -91,5 +257,11 @@ /* Define to rpl_malloc if the replacement function should be used. */ #undef malloc +/* Define to `int' if does not define. */ +#undef pid_t + /* Define to `unsigned int' if does not define. */ #undef size_t + +/* Define to `int' if doesn't define. */ +#undef uid_t diff -Nru snoopy-1.8.0/configure.ac snoopy-2.3.1/configure.ac --- snoopy-1.8.0/configure.ac 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/configure.ac 2015-05-24 12:25:02.000000000 +0000 @@ -1,156 +1,653 @@ -# -*- Autoconf -*- -# Process this file with autoconf to produce a configure script. +### +### Snoopy configure.ac +### + -AC_PREREQ([2.63]) -AC_INIT([Snoopy Logger], [1.8.0], [http://sourceforge.net/projects/snoopylogger/], [snoopy]) -AC_DEFINE(PACKAGE_URL, [], "http://sourceforge.net/projects/snoopylogger/") -AC_CONFIG_SRCDIR([config.h.in]) -AC_CONFIG_HEADERS([config.h]) -# Checks for programs. +### Initialize autotools +# +AC_PREREQ([2.63]) +AC_INIT( + [Snoopy Logger], + [2.3.1], + [https://github.com/a2o/snoopy/issues/], + [snoopy], + [https://github.com/a2o/snoopy/]) + + +### Configure autotools +# +AC_CONFIG_SRCDIR([src/libsnoopy.c]) # Check if we are in correct directory tree +AC_CONFIG_AUX_DIR([build/aux]) +AC_CONFIG_MACRO_DIR([build/m4]) +m4_include([build/snoopy.m4]) +AM_INIT_AUTOMAKE([1.11 gnu silent-rules subdir-objects -Wall -Werror]) + + +dnl Option AM_PROG_AR +dnl +dnl Required for building Snoopy from git on Ubuntu 14.04 (for development, and +dnl by package build receipe. It must appear before LT_INIT. +dnl +dnl Snoopy development priorities: +dnl - git/master version is targeted at modern Linux distributions - this +dnl means we mostly care if git/master is buildable on fresh/latest-version +dnl distros (ignore building on legacy systems here); +dnl - source distribution packages are built on modern Linux distributions, thus +dnl what git/master contains follows this assumption; +dnl - building Snoopy from source packages should be possible on as +dnl many Linux distros as feasible; +dnl - compatibility for building distro-specific packages comes in only here and +dnl burden of bending the Snoopy source to distro-packaging-specific needs +dnl is placed on distro-specific package maintainer. +dnl +dnl Given the priorities above, we include AM_PROG_AR as dependency, as it: +dnl - is needed to build Snoopy from source on Ubuntu, which is somewhat used for +dnl Snoopy development; +dnl - it does not interfere when building Snoopy from source packages; +dnl - it only interferes when building Snoopy from git, and only on older +dnl platforms (RH/CentOS 6, see GitHub issue #38). +dnl +dnl Should someone have problems with AM_PROG_AR, they should either: +dnl - figure a way to conditionally remove it from configure.ac on certain distros, or +dnl - comment it out manually. +dnl +dnl The removal was considered for Snoopy 2.3.0, but was ultimately rejected because +dnl of arguments specified above. +dnl +AM_PROG_AR + +dnl Enable libtool +LT_INIT([disable-static]) + + + +dnl Checks for programs. +dnl +dnl DO NOT REMOVE: CXX, AWK, CPP, RANLIB +dnl Sometimes autoscan will suggest removing them, next time it will change +dnl its mind and suggest putting them back in. Let's just keep them and be +dnl done with it already. +dnl +AC_PROG_CXX +AC_PROG_AWK AC_PROG_CC +AC_PROG_CPP +AC_PROG_GREP AC_PROG_INSTALL AC_PROG_LN_S +AC_PROG_MAKE_SET +dnl +dnl AC_PROG_RANLIB +dnl +dnl bootstrap.sh output: +dnl libtoolize: `AC_PROG_RANLIB' is rendered obsolete by `LT_INIT' +dnl autoscan output: +dnl configure.ac: warning: missing AC_PROG_RANLIB wanted by: ltmain.sh:2455 +dnl +dnl Libtoolize warning seems less harmful, therefore we leave this option in, for now. +dnl +AC_PROG_RANLIB + +AC_PROG_SED -# Checks for libraries. -# FIXME: Replace `main' with a function in `-ldl': + + +dnl Checks for libraries. +dnl FIXME: Replace `main' with a function in `-ldl': AC_CHECK_LIB([dl], [main]) -# Checks for header files. -AC_CHECK_HEADERS([limits.h stdlib.h string.h syslog.h unistd.h]) +dnl Checks for header files. +AC_CHECK_HEADERS([ \ + limits.h \ + stdlib.h \ + string.h \ + sys/socket.h \ + sys/time.h \ + syslog.h \ + time.h \ + unistd.h \ +]) -# Checks for typedefs, structures, and compiler characteristics. +dnl Checks for typedefs, structures, and compiler characteristics. AC_C_INLINE +AC_TYPE_PID_T AC_TYPE_SIZE_T +AC_TYPE_UID_T -# Checks for library functions. +dnl Checks for library functions. AC_FUNC_MALLOC -AC_CHECK_FUNCS([getcwd]) +AC_CHECK_FUNCS([ \ + getcwd \ + getsid \ + gettimeofday \ + memmove \ + memset \ + socket \ + strchr \ + strdup \ + strstr \ + strtol \ +]) + +dnl Substitute these variables when creating (Make)files below - GENERIC +AC_SUBST([PREFIX]) +AC_SUBST([SYSCONFDIR]) + +dnl Substitute these variables when creating (Make)files below - CUSTOM +dnl $libdir contains '${exec_prefix}' if not specified as ./configure --libdir=... +dnl ${exec_prefix} contains 'NONE' if not specified as ./configure --exec-prefix=... +SNOOPY_LIBDIR="`eval echo ${libdir} | sed -e s@^NONE@$prefix@ | sed -e s@^NONE@/usr/local@`" +AC_SUBST([SNOOPY_LIBDIR]) + + + +### Generate these header files +# +AC_CONFIG_HEADERS([config.h]) + + +### Generate these (Make)files +# +AC_CONFIG_FILES([Makefile + bin/Makefile + contrib/rhel/snoopy.spec + contrib/sles/snoopy.spec + doc/Makefile + doc/internals/Makefile + etc/Makefile + etc/snoopy.ini + src/Makefile + src/datasource/Makefile + src/filter/Makefile + src/lib/Makefile + src/output/Makefile]) +AC_CONFIG_FILES([bin/snoopy-disable], [chmod +x bin/snoopy-disable]) +AC_CONFIG_FILES([bin/snoopy-enable], [chmod +x bin/snoopy-enable]) + + -AC_CONFIG_FILES([ - Makefile - snoopy-filter.sh - contrib/sles/snoopy.spec +dnl ============================================================================ + +dnl Decide where things are installed +if test "x$prefix" = "xNONE" ; then + PREFIX="/usr/local" +else + PREFIX="$prefix" +fi + +if test "x$sysconfdir" = "x\${prefix}/etc" ; then + SYSCONFDIR="$PREFIX/etc" +else + SYSCONFDIR="$sysconfdir" +fi + + + +dnl ============================================================================ +AC_ARG_ENABLE(config-file, + [AC_HELP_STRING( + [--enable-config-file], + [enable INI configuration file parsing. If enabled, then path is SYSCONFDIR/snoopy.ini [default=disabled]] + )], + [ + if test "x$enableval" = "xyes"; then + config_file_path="$SYSCONFDIR/snoopy.ini" + elif test "x$enableval" = "xno"; then + config_file_path="" + else + AC_MSG_ERROR([--enable-config-file does not take an argument: $enableval]) + fi + ], + # Not specified on command line + [config_file_path=""] +) + +AS_IF([test "x$config_file_path" != "x"], [ + AC_DEFINE_UNQUOTED(SNOOPY_CONF_CONFIG_FILE, "$config_file_path", [INI configuration file path to use]) ]) +dnl CONFIG_FILE_ENABLED is used in: +dnl - src/Makefile.am +dnl - etc/Makefile.am +AM_CONDITIONAL([CONFIG_FILE_ENABLED], [test "x$config_file_path" != "x"]) + +dnl ============================================================================ +dnl ======= ENABLE ERROR LOGGING =============================================== dnl ============================================================================ -AC_ARG_ENABLE(cwd-logging, +AC_ARG_ENABLE(error-logging, [AC_HELP_STRING( - [--disable-cwd-logging], - [disable logging of Current Working Directory [default=enabled]] + [--enable-error-logging], + [enable error logging through configured output - use only if you are developing Snoopy or having problems configuring it [default=disabled]] )], [ - if test "$enableval" == "yes"; then - enable_cwd_logging=yes - fi + if test "x$enableval" = "xyes"; then + enable_error_logging=yes # Specified as --enable-error-logging + elif test "x$enableval" = "xno"; then + enable_error_logging=no # Specified as --disable-error-logging + else + AC_MSG_ERROR([--enable-error-logging does not take an argument: $enableval]) + fi ], - [enable_cwd_logging=yes] + [enable_error_logging=no] # Unspecified as ./configure argument ) -AS_IF([test "x$enable_cwd_logging" == "xyes"], [ - AC_DEFINE(SNOOPY_CWD_LOGGING, 1, [Enable logging of Current Working Directory]) +AS_IF([test "x$enable_error_logging" = "xyes"], [ + AC_DEFINE_UNQUOTED(SNOOPY_CONF_ERROR_LOGGING_ENABLED, 1, [Enable error logging]) ]) dnl ============================================================================ -AC_ARG_WITH(exclude-prefix, +dnl ======= DEFAULT MESSAGE FORMAT ============================================= +dnl ============================================================================ +AC_ARG_WITH(message-format, [AC_HELP_STRING( - [--with-exclude-prefix=PREFIX], - [prefix to commands excluded from logging. - This feature is mainly intended to specify path to commands which are used by external filter so snoopy does not enter infinite loop. - WARNING WARNING WARNING: Do not change unless you are absolutely sure you know what you are doing - [default=/usr/local/snoopy/bin] - ] + [--with-message-format=FORMAT], + [format to use to log messages with. For default value and available options, see etc/snoopy.ini and src/snoopy.h] )], - [], - [with_exclude_prefix=/usr/local/snoopy/bin] + [ + if test "x$withval" = "x" -o "x$withval" = "xyes"; then + AC_MSG_ERROR([--with-message-format requires an appropriate value (message format specification). See etc/snoopy.ini for syntax. To use default log message format, remove this argument from ./configure line.]) + elif test "x$withval" = "xno"; then + AC_MSG_ERROR([using --without-message-format is not supported, log message format is required, or omit this argument altogether to enable default log message format.]) + else + with_message_format="$withval" + fi + ], + [with_message_format=""] ) -AC_DEFINE_UNQUOTED(SNOOPY_EXCLUDE_PREFIX, ["$with_exclude_prefix"], [Prefix to commands excluded from logging]) +AS_IF([test "x$with_message_format" != "x"], [ + AC_DEFINE_UNQUOTED(SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom, "$with_message_format", [Custom message format to use]) +]) + + + +dnl ============================================================================ +dnl ======= Enable/disable all data sources at once ============================ +dnl ============================================================================ +AC_ARG_ENABLE(all-datasources, + [AC_HELP_STRING( + [--disable-all-datasources], + [disables all data sources at once. Use --enable-datasource-NAME to reenable individual data sources. [default=enabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_all_datasources=yes + elif test "x$enableval" = "xno"; then + enable_all_datasources=no + else + AC_MSG_ERROR([--enable-all-datasources does not take an argument: $enableval]) + fi + ], + [enable_all_datasources=yes] +) + + + +# ============================================================================== +# ======= START section: ENABLE INDIVIDUAL DATA SOURCES ======================== +# ============================================================================== +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [cmdline], [full command line including arguments]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [cwd], [current working directory]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [datetime], [current date and time in ISO 8601 format]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [egid], [effective GID]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [egroup], [effective literal group name]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [env], [particular environment variable]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [env_all], [all environment variables]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [euid], [effective UID]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [eusername], [effective literal username]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [filename], [full filename of process being executed]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [gid], [GID of process performing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [group], [literal group name of process performing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [login], [login username of user doing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [pid], [PID of process performing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [ppid], [parent PID of process performing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [rpname], [real parent name found up the process tree]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [sid], [session leader PID]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [snoopy_version], [installed Snoopy version]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [timestamp], [current Unix timestamp]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [timestamp_ms], [millisecond part of current Unix timestamp]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [timestamp_us], [microsecond part of current Unix timestamp]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [tty], [path to TTY performing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [tty_uid], [UID of TTY performing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [tty_username], [literal username of TTY performing the execution]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [uid], [numeric UID that executed the process]) +SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [username], [literal username of UID that executed the process]) +# ============================================================================== +# ======= END section: ENABLE INDIVIDUAL DATA SOURCES ========================== +# ============================================================================== + + + + + +dnl ============================================================================ +dnl ============================================================================ +dnl ======= START section: FILTERING =========================================== +dnl ============================================================================ +dnl ============================================================================ + + +dnl ============================================================================ +dnl ======= SPECIAL FILTER: root-only ========================================== +dnl ============================================================================ +AC_ARG_ENABLE(root-only, + [AC_HELP_STRING( + [--enable-root-only], + [only log commands executed by root. This is a special filter, with better performance than general filtering subsystem. If command is not run as root, Snoopy terminates very early, having almost no performance penalty. [default=disabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_root_only=yes + elif test "x$enableval" = "xno"; then + enable_root_only=no + else + AC_MSG_ERROR([--enable-root-only does not take an argument: $enableval]) + fi + ], + [enable_root_only=no] +) + +AS_IF([test "x$enable_root_only" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_ROOT_ONLY, 1, [Only log commands executed by root]) +]) + + + +dnl ============================================================================ +dnl ======= ENABLE FILTERING =================================================== +dnl ============================================================================ +AC_ARG_ENABLE(filtering, + [AC_HELP_STRING( + [--enable-filtering], + [enable general message filtering [default=disabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_filtering=yes + elif test "x$enableval" = "xno"; then + enable_filtering=no + else + AC_MSG_ERROR([--enable-filtering does not take an argument: $enableval]) + fi + ], + [enable_filtering=no] +) -AC_SUBST(SNOOPY_EXCLUDE_PREFIX, ["$with_exclude_prefix"]) +AS_IF([test "x$enable_filtering" = "xyes"], [ + AC_DEFINE(SNOOPY_CONF_FILTERING_ENABLED, 1, [Enable filtering]) +]) +AM_CONDITIONAL([FILTERING_ENABLED], [test "x$enable_filtering" == "xyes"]) dnl ============================================================================ -AC_ARG_ENABLE(external-filter, +dnl ======= WITH FILTER CHAIN ================================================== +dnl ============================================================================ +AC_ARG_WITH(filter-chain, [AC_HELP_STRING( - [--enable-external-filter], - [enable external filtering support [default=disabled]] + [--with-filter-chain=CHAINSPEC], + [default filter chain to use. See src/snoopy.h and src/filter/ for available filters [default=empty]] )], [ - if test "$enableval" == "yes"; then - enable_external_filter=yes - fi + if test "x$withval" = "x" -o "x$withval" = "xno"; then + # We allow it here, as it might be desired to not have any + # filter chain configured by default, but will be configured + # later, using configuration file. + # Allowed: empty, no + with_filter_chain="" + elif test "x$withval" = "xyes"; then + # This must be an error. + AC_MSG_ERROR([--with-filter-chain requires an appropriate value (filter chain specification), even empty string will do (--with-filter-chain=""). To disable filtering by default, use --without-filter-chain. Filter chain can later be specified and consequentially enabled by using configuration file. For this to work, configuration file (--with-config-file) and general filtering (--enable-filter) must be enabled.]) + else + with_filter_chain="$withval" + fi ], - [enable_external_filter=no] + [with_filter_chain=""] ) -AS_IF([test "x$enable_external_filter" == "xyes"], [ - AC_DEFINE(SNOOPY_EXTERNAL_FILTER, 1, [Enable external filtering support]) +AS_IF([test "x$with_filter_chain" != "x"], [ + AC_DEFINE_UNQUOTED(SNOOPY_CONF_FILTER_CHAIN_custom, "$with_filter_chain", [Custom filter chain to use]) ]) -AC_SUBST(SNOOPY_EXTERNAL_FILTER, ["$enable_external_filter"]) +# ============================================================================== +# ======= Enable/disable all filters at once =================================== +# ============================================================================== +AC_ARG_ENABLE(all-filters, + [AC_HELP_STRING( + [--disable-all-filters], + [disables all filters at once. This does not disable filtering in general. It only causes that none of filters is going to be built unless explicitly enabling it by specifying --enable-filter-NAME at ./confgure time. [default=enabled]] + )], + [ + if test "x$enableval" = "xyes"; then + enable_all_filters=yes + elif test "x$enableval" = "xno"; then + enable_all_filters=no + else + AC_MSG_ERROR([--enable-all-filters does not take an argument: $enableval]) + fi + ], + [enable_all_filters=yes] +) + + + +# ============================================================================== +# ======= START section: ENABLE INDIVIDUAL FILTERS ============================= +# ============================================================================== +SNOOPY_CONFIGURE_FILTER_ENABLE( [exclude_spawns_of], [This filter drops messages that originate for specified process trees.]) +SNOOPY_CONFIGURE_FILTER_ENABLE( [exclude_uid], [This filter drops messages that match given UIDs.]) +SNOOPY_CONFIGURE_FILTER_ENABLE( [only_root], [This filter passes only messages generated by root.]) +SNOOPY_CONFIGURE_FILTER_ENABLE( [only_uid], [This filter passes only messages that match given UIDs.]) +# ============================================================================== +# ======= END section: ENABLE INDIVIDUAL FILTERS =============================== +# ============================================================================== + + + +dnl ============================================================================ +dnl ============================================================================ +dnl ======= END section: FILTERING ============================================= +dnl ============================================================================ +dnl ============================================================================ + + + + + +dnl ============================================================================ +dnl ============================================================================ +dnl ======= START section: OUTPUTS ============================================= dnl ============================================================================ -AC_ARG_WITH(filter-command, +dnl ============================================================================ + + +# ============================================================================== +# ======= Enable/disable all outputs at once =================================== +# ============================================================================== +AC_ARG_ENABLE(all-outputs, [AC_HELP_STRING( - [--with-filter-command=CMD], - [external filter command to use. - WARNING WARNING WARNING: Do not change unless you are absolutely sure you know what you are doing - [default=/usr/local/snoopy/bin/snoopy-filter.sh] - ] + [--disable-all-outputs], + [disables all outputs at once. Use --enable-output-NAME to reenable individual outputs. [default=enabled]] )], - [], - [with_filter_command=/usr/local/snoopy/bin/snoopy-filter.sh] + [ + if test "x$enableval" = "xyes"; then + enable_all_outputs=yes + elif test "x$enableval" = "xno"; then + enable_all_outputs=no + else + AC_MSG_ERROR([--enable-all-outputs does not take an argument: $enableval]) + fi + ], + [enable_all_outputs=yes] ) -AS_IF( - [test "x$enable_external_filter" == "xyes"], + + +# ============================================================================== +# ======= START section: ENABLE INDIVIDUAL OUTPUTS ============================= +# ============================================================================== +SNOOPY_CONFIGURE_OUTPUT_ENABLE( [devlog], [This is the default output of Snoopy.]) +SNOOPY_CONFIGURE_OUTPUT_ENABLE( [file], [Write directly to file.]) +SNOOPY_CONFIGURE_OUTPUT_ENABLE_FORCE( [socket], [Output "socket" is mandatory!]) +SNOOPY_CONFIGURE_OUTPUT_DISABLE( [syslog], [WARNING: This output is causing system hangs with SystemD. Do not use it unless you are absolutely certain you know better!]) +# ============================================================================== +# ======= END section: ENABLE INDIVIDUAL OUTPUTS =============================== +# ============================================================================== + + +dnl ============================================================================ +AC_ARG_WITH(default-output, + [AC_HELP_STRING( + [--with-default-output=OUTPUT_SPEC], + [default output to use. See snoopy.ini or src/output/* for available values. [default=devlog]] + )], + [ + if test "x$withval" = "x" -o "x$withval" = "xyes"; then + # Enabled, but without explicit value + AC_MSG_ERROR([--with-default-output requires an appropriate value]) + elif test "x$withval" = "xno"; then + # Explicitly disabled: --without-... + AC_MSG_ERROR([using --without-default-output is not supported, as it makes no sense. Either define it explicitly, or, to use the default value, remove this argument from ./configure line.]) + else + # Enabled with explicit value definition + default_output_val="$withval" + + # Separate output from argument + if echo "$default_output_val" | grep ':' > /dev/null ; then + default_output=`echo "$default_output_val" | cut -d: -f1` + default_output_arg=`echo "$default_output_val" | cut -d: -f2-` + else + default_output="$default_output_val" + default_output_arg="" + fi + + # Strip "output" suffix if exists + if ! echo "$default_output" | grep 'output$' > /dev/null ; then + default_output=`echo "$default_output" | sed -e 's/output$//'` + fi + + # Check if given output exist +echo DEF_OUT: $default_output + if test ! -f src/output/${default_output}output.c ; then + AC_MSG_ERROR([--with-default-output value provided is invalid, output does not exist: $default_output]) + fi + fi + ], + + # Not specified on ./configure line, decided in snoopy.h [ - AS_IF( - [test `echo "$with_filter_command" | grep -c "^$with_exclude_prefix" | cat` == "0"], - [AC_ERROR([Invalid option combination: filter command $with_filter_command must match exclude prefix $with_exclude_prefix])] - ) - AC_DEFINE_UNQUOTED(SNOOPY_EXTERNAL_FILTER_COMMAND, ["$with_filter_command"], [External filter command to use]) + default_output="" + default_output_arg="" ] ) -AC_SUBST(SNOOPY_FILTER_COMMAND, ["$with_filter_command"]) +AS_IF([test "x$default_output" != "x"], [ + AC_DEFINE_UNQUOTED(SNOOPY_CONF_OUTPUT_DEFAULT, ["$default_output"], [Default output provider]) + AC_DEFINE_UNQUOTED(SNOOPY_CONF_OUTPUT_DEFAULT_ARG, ["$default_output_arg"], [Default output arguments]) +]) + +dnl ============================================================================ +dnl ============================================================================ +dnl ======= END section: OUTPUTS =============================================== +dnl ============================================================================ +dnl ============================================================================ + + + +dnl ============================================================================ +dnl ============================================================================ +dnl ======= START section: SYSLOG ============================================== +dnl ============================================================================ +dnl ============================================================================ + dnl ============================================================================ AC_ARG_WITH(syslog-facility, [AC_HELP_STRING( - [--with-syslog-facility=FACILITY], - [facility to use when logging, check 'man 3 syslog' or 'man openlog' [default=LOG_AUTHPRIV]] + [--with-syslog-facility=FACILITY], + [syslog facility to use when logging. Check 'man 3 syslog' or 'man openlog' for supported values [default=LOG_AUTHPRIV]] )], - [], - [with_syslog_facility=LOG_AUTHPRIV] + [ + if test "x$withval" = "x" -o "x$withval" = "xyes"; then + # Enabled, but without explicit value + AC_MSG_ERROR([--with-syslog-facility requires an appropriate LOG_* value]) + elif test "x$withval" = "xno"; then + # Explicitly disabled: --without-... + AC_MSG_ERROR([using --without-syslog-facility is not supported, syslog log facility is required. Either define it explicitly, or, to use the default value, remove this argument from ./configure line.]) + else + # Enabled with explicit value definition + with_syslog_facility_val="$withval" + + # Check for value correctness + syslog_facility_short=`echo "$with_syslog_facility_val" | awk '{print toupper($0)}' | sed -e 's/^LOG_//' | grep -E '^(AUTH|AUTHPRIV|CRON|DAEMON|FTP|KERN|LOCAL[0-7]|LPR|MAIL|NEWS|SYSLOG|USER|UUCP)$'` + if test "x$syslog_facility_short" = "x"; then + AC_MSG_ERROR([--with-syslog-facility value provided is invalid: $with_syslog_facility_val]) + fi + + # Prefix value with LOG_ + syslog_facility="LOG_$syslog_facility_short" + fi + ], + # Not specified on ./configure line + [syslog_facility="LOG_AUTHPRIV"] ) -AC_DEFINE_UNQUOTED(SNOOPY_SYSLOG_FACILITY, [$with_syslog_facility], [Syslog facility to use]) - +AC_DEFINE_UNQUOTED(SNOOPY_CONF_SYSLOG_FACILITY, [$syslog_facility], [Syslog facility to use by default]) dnl ============================================================================ AC_ARG_WITH(syslog-level, [AC_HELP_STRING( - [--with-syslog-level=LEVEL], - [facility to use when logging, check 'man 3 syslog' or 'man openlog' [default=LOG_INFO]] + [--with-syslog-level=LEVEL], + [syslog level to use when logging. Check 'man 3 syslog' or 'man openlog' for supported values [default=LOG_INFO]] )], - [], - [with_syslog_level=LOG_INFO] + [ + if test "x$withval" = "x" -o "x$withval" = "xyes"; then + # Enabled, but without explicit value + AC_MSG_ERROR([--with-syslog-level requires an appropriate LOG_* value]) + elif test "x$withval" = "xno"; then + # Explicitly disabled: --without-... + AC_MSG_ERROR([using --without-syslog-level is not supported, syslog log level is required. Either define it explicitly, or, to use the default value, remove this argument from ./configure line.]) + else + # Enabled with explicit value definition + with_syslog_level_val="$withval" + + # Check for value correctness + syslog_level_short=`echo "$with_syslog_level_val" | awk '{print toupper($0)}' | sed -e 's/^LOG_//' | grep -E '^(EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|DEBUG)$'` + if test "x$syslog_level_short" = "x"; then + AC_MSG_ERROR([--with-syslog-level value provided is invalid: $with_syslog_level_val]) + fi + + # Prefix value with LOG_ + syslog_level="LOG_$syslog_level_short" + fi + ], + # Not specified on command line + [syslog_level="LOG_INFO"] ) -AC_DEFINE_UNQUOTED(SNOOPY_SYSLOG_LEVEL, [$with_syslog_level], [Syslog level to use]) +AC_DEFINE_UNQUOTED(SNOOPY_CONF_SYSLOG_LEVEL, [$syslog_level], [Syslog level to use by default]) +dnl ============================================================================ +dnl ============================================================================ +dnl ======= END section: SYSLOG ================================================ +dnl ============================================================================ +dnl ============================================================================ + + + +dnl ============================================================================ +dnl ======= Final output ======================================================= dnl ============================================================================ AC_OUTPUT diff -Nru snoopy-1.8.0/configure.scan snoopy-2.3.1/configure.scan --- snoopy-1.8.0/configure.scan 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/configure.scan 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,43 @@ +# -*- Autoconf -*- +# Process this file with autoconf to produce a configure script. + +AC_PREREQ([2.69]) +AC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS]) +AC_CONFIG_SRCDIR([config.h.in]) +AC_CONFIG_HEADERS([config.h]) + +# Checks for programs. +AC_PROG_CXX +AC_PROG_AWK +AC_PROG_CC +AC_PROG_CPP +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_MAKE_SET +AC_PROG_RANLIB + +# Checks for libraries. + +# Checks for header files. +AC_CHECK_HEADERS([limits.h stdlib.h string.h sys/socket.h sys/time.h syslog.h unistd.h]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_TYPE_PID_T +AC_TYPE_SIZE_T +AC_TYPE_UID_T + +# Checks for library functions. +AC_FUNC_MALLOC +AC_CHECK_FUNCS([getcwd gettimeofday memmove memset socket strchr strdup strstr strtol]) + +AC_CONFIG_FILES([Makefile + bin/Makefile + doc/Makefile + doc/internals/Makefile + etc/Makefile + src/Makefile + src/datasource/Makefile + src/filter/Makefile + src/lib/Makefile + src/output/Makefile]) +AC_OUTPUT diff -Nru snoopy-1.8.0/contrib/debian/changelog snoopy-2.3.1/contrib/debian/changelog --- snoopy-1.8.0/contrib/debian/changelog 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/changelog 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,43 @@ +snoopy (2:2.3.1rc1) UNRELEASED; urgency=medium + + * Bump version. + * Change build options to enable filtering and config file. + * Add conflict rules to avoid installing both the snoopy and libsnoopy pkgs + + -- Fred Mora Tue, 28 Apr 2015 22:01:18 -0400 + +snoopy (2:2.0.0rc5-1) unstable; urgency=low + + * Bump to version 2.0.0rc5. + + -- Sébastien Gross Sun, 19 Oct 2014 23:06:56 +0000 + +snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low + + * New automated build from: 1.8.0 - 71ea9e7 + + -- Sébastien Gross Mon, 19 Sep 2011 09:20:41 +0000 + +snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low + + * New automated build from: 1.8.0 - 71ea9e7 + + -- Sébastien Gross Mon, 19 Sep 2011 09:19:51 +0000 + +snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low + + * New automated build from: 1.8.0 - 71ea9e7 + + -- Sébastien Gross Mon, 19 Sep 2011 09:19:15 +0000 + +snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low + + * New automated build from: 1.8.0 - 71ea9e7 + + -- Sébastien Gross Mon, 19 Sep 2011 09:15:26 +0000 + +snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low + + * Initial version + + -- Sébastien Gross Mon, 21 Mar 2011 14:38:12 +0000 diff -Nru snoopy-1.8.0/contrib/debian/compat snoopy-2.3.1/contrib/debian/compat --- snoopy-1.8.0/contrib/debian/compat 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/compat 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1 @@ +7 diff -Nru snoopy-1.8.0/contrib/debian/control snoopy-2.3.1/contrib/debian/control --- snoopy-1.8.0/contrib/debian/control 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/control 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,22 @@ +Source: snoopy +Section: admin +Priority: extra +Maintainer: Sébastien Gross +Build-Depends: debhelper (>= 7.0.50), + autoconf (>=2.63), dh-autoreconf +Standards-Version: 3.9.3 +Homepage: https://github.com/a2o/snoopy + +Package: libsnoopy +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: snoopy +Replaces: snoopy +Description: execve() wrapper and logger + snoopylogger is merely a shared library that is used as a wrapper + to the execve() function provided by libc as to log every call + to syslog (authpriv). system administrators may find snoopylogger + useful in tasks such as light/heavy system monitoring, tracking other + administrator's actions as well as getting a good 'feel' of + what's going on in the system (for example apache running cgi + scripts). diff -Nru snoopy-1.8.0/contrib/debian/copyright snoopy-2.3.1/contrib/debian/copyright --- snoopy-1.8.0/contrib/debian/copyright 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/copyright 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,36 @@ +This package was debianized by Sébastien Gross +on Sun, 20 Mar 2011 18:18:31 +0000. + +It was downloaded from https://github.com/a2o/snoopy + +Upstream Author: + + Marius + Bostjan Skufca + +Copyright: + + Copyright (C) 2000 Marius + Copyright (c) 2015 Bostjan Skufca + +License: + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Debian packaging is (C) 2011, Sébastien Gross +and is licensed under the GPL, see above. diff -Nru snoopy-1.8.0/contrib/debian/libsnoopy.postinst snoopy-2.3.1/contrib/debian/libsnoopy.postinst --- snoopy-1.8.0/contrib/debian/libsnoopy.postinst 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/libsnoopy.postinst 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,48 @@ +#!/bin/sh +# postinst script for snoopylogger +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +LIB_SNOOPY='/lib/libsnoopy.so' + +case "$1" in + configure) + if ! test -e /etc/ld.so.preload; then + echo "$LIB_SNOOPY" >> /etc/ld.so.preload + fi + if ! grep $LIB_SNOOPY /etc/ld.so.preload; then + echo "$LIB_SNOOPY" >> /etc/ld.so.preload + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff -Nru snoopy-1.8.0/contrib/debian/libsnoopy.prerm snoopy-2.3.1/contrib/debian/libsnoopy.prerm --- snoopy-1.8.0/contrib/debian/libsnoopy.prerm 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/libsnoopy.prerm 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,41 @@ +#!/bin/sh +# prerm script for snoopylogger +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + sed -i 's,/lib/libsnoopy.so,,' /etc/ld.so.preload + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff -Nru snoopy-1.8.0/contrib/debian/README.Build.md snoopy-2.3.1/contrib/debian/README.Build.md --- snoopy-1.8.0/contrib/debian/README.Build.md 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/README.Build.md 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,32 @@ +# Snoopy Logger Debian / Ubuntu packages generation # + +You can find recipe to build a Debian/Ubuntu package in +`contrib/debian`. You first need to symlink the `contrib/debian` to the +project root directory. You also need to install all build dependencies: + +- debuild +- debhelper +- autoconf +- dh-autoreconf + +The package is built into parent directory. You can install it using `dpkg`. + +Basically you need to run following commands: + + ln -nfs contrib/debian . + apt-get install devscripts debhelper autoconf dh-autoreconf + debuild --no-tgz-check -I.git -i'\.git/' + dpkg -i ../libsnoopy_2.0.0rc5-1_amd64.deb + + +NOTES: Debian package versionning is tricky when working on git +repositories. You can keep track on per-commit version number using `git +describe --tags`. + +For example the git version `snoopy-2.0.0rc5-3-g7845db6` should be read as: + +- `snoopy-2.0.0rc5`: Version as given by `git tag` +- `3`: Number of commits ahead of current tag +- `g7845db6`: the git commit SHA1 id. + +The Debian package version should be then `2:2.0.0rc5+git.3-1`. diff -Nru snoopy-1.8.0/contrib/debian/README.Debian snoopy-2.3.1/contrib/debian/README.Debian --- snoopy-1.8.0/contrib/debian/README.Debian 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/README.Debian 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,36 @@ +libsnoopy +========= + +Log format is: + +[login:%{login} ssh:(%{env:SSH_CONNECTION}) sid:%{sid} tty:%{tty} (%{tty_uid}/%{tty_username}) uid:%{username}(%{uid})/%{eusername}(%{euid}) gid:%{group}(%{gid})/%{egroup}(%{egid}) cwd:%{cwd}]: %{cmdline} + +With: + +- login: literal login name of logged-in user executing this process. + Retrive the user login trying in order: + - The login information from the processus. + - the LOGNAME environment variable. + - the SUDO_USER environment variable. + return "unknown" otherwise. + + TIP to use with sudo and keep LOGNAME, add this in /etc/sudoers: + Defaults env_reset + Defaults env_keep="LOGNAME" +- ssh: value of SSH_CONNECTION. +- sid: Session leader process ID of current process. +- tty: TTY of current process. +- tty_uid: UID (User ID) of current controlling terminal, or -1 if not found. +- tty_username: litaral username of current controlling terminal. +- username: literal username of current process/ +- uid: UID (User ID) of current process. +- eusername: literal effective user name (User ID) of current process/ +- euid: effective UID of current process. +- group: literal group name (Group ID) of current process. +- gid: GID (Group ID) number of currently running process. +- egroup: literal effective group name (Group ID) of current process. +- egid: effective UID of current process. +- cwd: current working directory of current process. +- cmdline: command line of current process. + + -- Sébastien Gross , Mon, 20 Oct 2014 01:56:35 +0200 diff -Nru snoopy-1.8.0/contrib/debian/rules snoopy-2.3.1/contrib/debian/rules --- snoopy-1.8.0/contrib/debian/rules 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/rules 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,32 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# to run with quilt use this instead: +# dh --with quilt $@ +%: + dh $* $@ --with autoreconf + +override_dh_auto_configure: + ./configure \ + --build=x86_64-linux-gnu \ + --prefix=/ \ + --includedir=\${prefix}/include \ + --mandir=\${prefix}/share/man \ + --infodir=\${prefix}/share/info \ + --sysconfdir=/etc --localstatedir=/var \ + --libexecdir=\${prefix}/lib/snoopy \ + --disable-maintainer-mode \ + --disable-dependency-tracking \ + --enable-filtering \ + --enable-config-file \ + --with-message-format='[login:%{login} ssh:(%{env:SSH_CONNECTION}) sid:%{sid} tty:%{tty} (%{tty_uid}/%{tty_username}) uid:%{username}(%{uid})/%{eusername}(%{euid}) gid:%{group}(%{gid})/%{egroup}(%{egid}) cwd:%{cwd}]: %{cmdline}' + + +override_dh_install: + dh_install + rm \ + debian/libsnoopy/bin/snoopy-test-output \ + debian/libsnoopy/lib/libsnoopy.la diff -Nru snoopy-1.8.0/contrib/debian/snoopy.dirs snoopy-2.3.1/contrib/debian/snoopy.dirs --- snoopy-1.8.0/contrib/debian/snoopy.dirs 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/snoopy.dirs 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,2 @@ +usr/bin +usr/sbin diff -Nru snoopy-1.8.0/contrib/debian/snoopy.lintian-overrides snoopy-2.3.1/contrib/debian/snoopy.lintian-overrides --- snoopy-1.8.0/contrib/debian/snoopy.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/snoopy.lintian-overrides 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,3 @@ +snoopy changes: changed-by-address-malformed Sébastien Gross +libsnoopy: new-package-should-close-itp-bug +libsnoopy: maintainer-address-malformed Sébastien Gross diff -Nru snoopy-1.8.0/contrib/debian/source.lintian-overrides snoopy-2.3.1/contrib/debian/source.lintian-overrides --- snoopy-1.8.0/contrib/debian/source.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/debian/source.lintian-overrides 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,2 @@ +snoopy source: native-package-with-dash-version +snoopy source: maintainer-address-malformed Sébastien Gross diff -Nru snoopy-1.8.0/contrib/rhel/snoopy.spec.in snoopy-2.3.1/contrib/rhel/snoopy.spec.in --- snoopy-1.8.0/contrib/rhel/snoopy.spec.in 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/contrib/rhel/snoopy.spec.in 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,37 @@ +Name: snoopy +Version: @PACKAGE_VERSION@ +Release: 1%{?dist} +Summary: Snoopy is a wrapper around execve() that logs all executed commands by all users and processes to syslog. +License: GPLv2 +URL: https://github.com/a2o/snoopy +Source0: snoopy-%{version}.tar.gz + +%description +Snoopy is designed to aid a sysadmin by providing a log of commands executed. Snoopy is completely transparent to the user and applications. It is linked into programs to provide a wrapper around calls to execve(). Logging is done via syslog. + +%prep +%autosetup + +%build +%configure +make %{?_smp_mflags} + +%install +%make_install + +mkdir %{buildroot}/etc +install -m 0644 etc/snoopy.ini %{buildroot}/%{_sysconfdir}/snoopy.ini + +%files +%doc ChangeLog COPYING +%{_bindir}/* +%{_libdir}/* +%{_sbindir}/* +%{_sysconfdir}/* + +%post -p /usr/sbin/snoopy-enable +%preun -p /usr/sbin/snoopy-disable + +%changelog +* Tue Nov 4 2014 Jeremy Brown 2.0.0rc12-1 +- Initial RPM spec for snoopy. diff -Nru snoopy-1.8.0/contrib/sles/snoopy.spec.in snoopy-2.3.1/contrib/sles/snoopy.spec.in --- snoopy-1.8.0/contrib/sles/snoopy.spec.in 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/contrib/sles/snoopy.spec.in 2015-05-24 12:25:02.000000000 +0000 @@ -1,53 +1,46 @@ -%define version @PACKAGE_VERSION@ -%define release 1 -%define enable 1 - -Summary: User monitoring and command logging -Name: snoopy -Version: %{version} -Release: %{release} -URL: https://sourceforge.net/projects/snoopylogger/ -Source: https://downloads.sourceforge.net/project/snoopylogger/snoopy-%{version}.tar.gz -Group: Applications/Monitoring -BuildRoot: %{_tmppath}/%{name}-buildroot -#BuildRequires: readline-devel -License: GNU GPL -Patch1: %{name}-%{version}_64bit.patch -Patch2: %{name}-%{version}_ttyname.patch -Packager: Aldemir Akpinar +Summary: User monitoring and command logging +Name: snoopy +Version: @PACKAGE_VERSION@ +Release: 1%{dist} +URL: https://github.com/a2o/snoopy +Group: Applications/Monitoring +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: git, gcc, make +License: GPL +Packager: Taylor Kimball %description Snoopy Logger, logs all the commands issued by local users on the system. It is very useful to track and monitor the users. %prep -%setup -q -%patch1 -%patch2 +%setup -T -c %build - +git clone https://github.com/a2o/%{name}.git +pushd %{name} %configure -make DESTDIR=%{buildroot} +%{__make} %install -rm -rf %{buildroot} -make install DESTDIR=%{buildroot} - -%if %enable -install -d -m 755 $RPM_BUILD_ROOT/etc -if [ ! -f /etc/ld.so.preload ];then -echo "%{_libdir}/snoopy.so" >> $RPM_BUILD_ROOT/etc/ld.so.preload -fi -%endif +pushd %{name} +%{__install} -d -m 755 %{buildroot}%{_bindir} +%{__install} -d -m 755 %{buildroot}%{_libdir} +%{__install} -d -m 755 %{buildroot}%{_sysconfdir} +%{__install} -m 755 detect %{buildroot}%{_bindir} +%{__install} -m 755 %{name}.so %{buildroot}%{_libdir} +echo "%{_libdir}/%{name}.so" >> %{buildroot}%{_sysconfdir}/ld.so.preload %clean rm -rf %{buildroot} -#%post - %files -%defattr(644 root root 755) -%doc COPYING ChangeLog README* RELEASES -%config /etc/ld.so.preload -%{_libdir}/snoopy.so +%defattr(-,root,root,-) +%doc %{name}/ChangeLog %{name}/COPYING %{name}/README.filtering %{name}/README.md %{name}/TODO +%config(noreplace) %{_sysconfdir}/ld.so.preload +%{_bindir}/detect +%{_libdir}/%{name}.so + +%changelog +* Fri Sep 12 2014 Taylor Kimball - @PACKAGE_VERSION@-1 +- Initial spec. diff -Nru snoopy-1.8.0/debian/changelog snoopy-2.3.1/debian/changelog --- snoopy-1.8.0/debian/changelog 2012-08-20 21:31:13.000000000 +0000 +++ snoopy-2.3.1/debian/changelog 2015-06-20 04:45:32.000000000 +0000 @@ -1,3 +1,23 @@ +snoopy (2.3.1-2) unstable; urgency=medium + + * Add automake to build-depends (closes: #788323) + + -- Zed Pobre Sat, 20 Jun 2015 00:44:43 -0400 + +snoopy (2.3.1-1) unstable; urgency=high + + * New upstream version, new upstream homepage + * Updated copyright file + * Fixes the boot loop with systemd (closes: #784682) + * This also changes the logging procedure in a way that prevents system + lockups when a remote logserver stops responding properly. + * There is a new configuration file option that is NOT being used by + this package to minimize usage overhead. If you need this feature, + you will need to recompile the package (see the comments in + debian/rules). + + -- Zed Pobre Tue, 19 May 2015 15:02:19 -0400 + snoopy (1.8.0-5) unstable; urgency=low * Add Slovak Debconf translation (closes: #685370) diff -Nru snoopy-1.8.0/debian/compat snoopy-2.3.1/debian/compat --- snoopy-1.8.0/debian/compat 2012-08-20 21:31:13.000000000 +0000 +++ snoopy-2.3.1/debian/compat 2015-06-20 04:45:32.000000000 +0000 @@ -1 +1 @@ -8 +9 diff -Nru snoopy-1.8.0/debian/control snoopy-2.3.1/debian/control --- snoopy-1.8.0/debian/control 2012-08-20 21:31:13.000000000 +0000 +++ snoopy-2.3.1/debian/control 2015-06-20 04:45:32.000000000 +0000 @@ -2,11 +2,11 @@ Section: admin Priority: optional Maintainer: Zed Pobre -Build-Depends: debhelper (>= 8), autoconf -Standards-Version: 3.9.3 -Homepage: http://sourceforge.net/projects/snoopylogger/ -Vcs-Git: git://anonscm.debian.org/collab-maint/snoopy.git -Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/snoopy.git +Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1), autoconf, automake, libtool +Standards-Version: 3.9.6 +Homepage: https://github.com/a2o/snoopy/ +Vcs-Git: https://github.com/a2o/snoopy.git +Vcs-Browser: https://github.com/a2o/snoopy Package: snoopy Architecture: any @@ -17,5 +17,5 @@ to syslog (authpriv). system administrators may find snoopy useful in tasks such as light/heavy system monitoring, tracking other administrator's actions as well as getting a good 'feel' of - what's going on in the system (for example apache running cgi + what's going on in the system (for example Apache running cgi scripts). diff -Nru snoopy-1.8.0/debian/copyright snoopy-2.3.1/debian/copyright --- snoopy-1.8.0/debian/copyright 2012-08-20 21:31:13.000000000 +0000 +++ snoopy-2.3.1/debian/copyright 2015-06-20 04:45:32.000000000 +0000 @@ -1,9 +1,9 @@ Format: http://dep.debian.net/deps/dep5/ Upstream-Name: snoopylogger Upstream-Contact: Boštjan Škufca -Source: git://snoopylogger.git.sourceforge.net/gitroot/snoopylogger/snoopylogger +Source: https://github.com/a2o/snoopy.git Comment: - Source for Snoopy 1.3 was originally downloaded from + Source for Snoopy 1.3 was originally downloaded from http://www.citi.umich.edu/u/marius/snoopy/ but has since been removed from that location. The canonical source location is now on SourceForge (http://sourceforge.net/projects/snoopylogger/), and the 1.3 tar.gz file @@ -13,7 +13,7 @@ Source for the versions tagged 1.0, 1.1, 1.2, 1.6.0, 1.6.1 were taken from the tarballs at SourceForge. . - All remaining source is taken from the SourceForge Git repository listed + All remaining source is taken from the GitHub Git repository listed in the Source field above. License: GPL-2+ This program is free software; you can redistribute it and/or modify @@ -35,9 +35,22 @@ 2000-2010 Mike Baker , 2010-2011 Boštjan Škufca License: GPL-2+ + See above. Files: debian/* Copyright: 2001 Aubin Paul , 2002-2010 Marc Haber , - 2011 Zed Pobre + 2011-2015 Zed Pobre License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 + (exactly) as published by the Free Software Foundation. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. diff -Nru snoopy-1.8.0/debian/docs snoopy-2.3.1/debian/docs --- snoopy-1.8.0/debian/docs 2012-08-20 21:31:13.000000000 +0000 +++ snoopy-2.3.1/debian/docs 2015-06-20 04:45:32.000000000 +0000 @@ -1,2 +1,4 @@ -README -TODO +README.md +doc/CONTRIBUTING.md +doc/FAQ.md +doc/FILTER_exclude_spawns_of.md diff -Nru snoopy-1.8.0/debian/overrides/lintian/snoopy snoopy-2.3.1/debian/overrides/lintian/snoopy --- snoopy-1.8.0/debian/overrides/lintian/snoopy 2012-08-20 21:31:13.000000000 +0000 +++ snoopy-2.3.1/debian/overrides/lintian/snoopy 2015-06-20 04:45:32.000000000 +0000 @@ -1,2 +1,3 @@ -snoopy: sharedobject-in-library-directory-missing-soname lib/snoopy.so +snoopy: non-dev-pkg-with-shlib-symlink +snoopy: package-name-doesnt-match-sonames snoopy: sharedobject-in-library-directory-not-actually-a-shlib lib/snoopy.so diff -Nru snoopy-1.8.0/debian/rules snoopy-2.3.1/debian/rules --- snoopy-1.8.0/debian/rules 2012-08-20 21:31:13.000000000 +0000 +++ snoopy-2.3.1/debian/rules 2015-06-20 04:45:32.000000000 +0000 @@ -1,11 +1,29 @@ #!/usr/bin/make -f + +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + %: dh $@ override_dh_auto_configure: + libtoolize -f + aclocal + automake --add-missing autoconf dh_auto_configure -- --libdir=/lib + # If you want to use the optional filtering and configuration + # file, comment out the above dh_auto_configure and uncomment + # the one below: + #dh_auto_configure -- --libdir=lib --enable-config-file --enable-filtering + +override_dh_install: + dh_install + ln -s libsnoopy.so.0.0.0 debian/snoopy/lib/snoopy.so + rm -f debian/snoopy/lib/libsnoopy.la + override_dh_clean: dh_clean - rm -f configure + find . -name Makefile.in -exec rm {} \+ + rm -f aclocal.m4 compile configure test-driver diff -Nru snoopy-1.8.0/detect.c snoopy-2.3.1/detect.c --- snoopy-1.8.0/detect.c 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/detect.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -/* detect.c -- simple execve() wrapper detection - * $Id: detect.c 5 2010-02-09 20:00:51Z bostjanskufca $ - * Copyright (c) 2000 marius@linux.com,mbm@linux.com - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ - -#include -#include - -#ifndef RTLD_DEFAULT -# define RTLD_DEFAULT ((void *) 0) -#endif - -int main(void) { - void *handle = dlopen("/lib/libc.so.6", RTLD_LAZY); - //simple test to see if the execve in memory matches libc.so.6 - if (dlsym(handle, "execve") != dlsym(RTLD_DEFAULT, "execve")) - printf("something fishy...\n"); - else - printf("secure\n"); - return 0; -} diff -Nru snoopy-1.8.0/dev-scripts/make-release.sh snoopy-2.3.1/dev-scripts/make-release.sh --- snoopy-1.8.0/dev-scripts/make-release.sh 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/dev-scripts/make-release.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,108 +0,0 @@ -#!/bin/bash - - - -### Check working directory -if [ ! -d "dev-scripts" ]; then - echo "ERROR: You have to run this script in the root of repository" - exit 1 -fi - - - -### Check release tag -RELEASE_TAG="$1" -if [ "x$RELEASE_TAG" == "x" ]; then - echo "ERROR: No release tag specified. Please use: $0 X.Y.Z" - exit 1 -fi - - - -### Check if release tag exists -RES=`git tag | grep "^$RELEASE_TAG\$"` -if [ "$RES" != "$RELEASE_TAG" ]; then - echo "ERROR: Release tag does not exist, please create it with: git tag X.Y.Z" - exit 2 -fi - - - -### Check for uncommited changes in the current repo -#RES=`git diff` -#if [ "x$RES" != "x" ]; then -# echo "ERROR: Uncommited changes in current working copy. Please commit/stash and try again." -# exit 3 -#fi - - -### Paths and filenames -DIR_REPO=`pwd` -DIR_REPO_PARENT=`dirname $DIR_REPO` -DIRNAME_RELEASE="snoopy-$RELEASE_TAG" -FILENAME_RELEASE="snoopy-$RELEASE_TAG.tar.gz" -DIR_RELEASE="$DIR_REPO_PARENT/$DIRNAME_RELEASE" -FILE_RELEASE="$DIR_REPO_PARENT/$DIRNAME_RELEASE.tar.gz" - - - -### Check if release dirs and files do not exists -if [ -e $DIR_RELEASE ]; then - echo "ERROR: Release directory already exists: $DIR_RELEASE" - exit 10 -fi -if [ -e $FILE_RELEASE ]; then - echo "ERROR: Release file already exists: $FILE_RELEASE" - exit 11 -fi - - - -### Checkout -git checkout $RELEASE_TAG - - - -### Check for release tags -RES=`cat configure.ac | fgrep $RELEASE_TAG | cat` -if [ "x$RES" == "x" ]; then - echo "ERROR: Release tag $RELEASE_TAG not found in configure.ac file." - exit 20 -fi - - - -### Create release directory -mkdir -p $DIR_RELEASE && -cp -pR $DIR_REPO/* $DIR_RELEASE && -cd $DIR_RELEASE && -rm -rf dev-scripts && -autoheader && -autoconf - - - -### Compare configure.ac and configure.ac.generated -diff configure.ac configure.ac.generated -if [ "$?" != "0" ]; then - echo "ERROR: configure.ac and configure.ac.generated differ." - exit 40 -fi - - - -### Create package -cd .. && -tar -c -z -f $FILENAME_RELEASE $DIRNAME_RELEASE && -rm -rf $DIRNAME_RELEASE - - - -### Check out master branch again -cd $DIR_REPO && -git checkout master - - - -### Signal success -echo "Release complete. File: $FILE_RELEASE" diff -Nru snoopy-1.8.0/dev-scripts/scp-release.sh snoopy-2.3.1/dev-scripts/scp-release.sh --- snoopy-1.8.0/dev-scripts/scp-release.sh 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/dev-scripts/scp-release.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -#!/bin/bash - -if [ "x$1" == "x" ]; then - echo "ERROR: No file specified, please use: $0 file-to-copy-to-sourceforge" - exit 1 -fi - -scp $1 bostjanskufca,snoopylogger@frs.sourceforge.net:/home/frs/project/s/sn/snoopylogger/ diff -Nru snoopy-1.8.0/doc/CONTRIBUTING.md snoopy-2.3.1/doc/CONTRIBUTING.md --- snoopy-1.8.0/doc/CONTRIBUTING.md 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/CONTRIBUTING.md 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,165 @@ +# Contributing to Snoopy development + +[![Flattr Snoopy Logger project](http://api.flattr.com/button/flattr-badge-large.png)](https://flattr.com/submit/auto?user_id=a2o&url=https://github.com/a2o/snoopy&title=Snoopy Logger) + +New ideas are welcome. Most of change requests so far were about additional +log data or filtering capabilities, therefore most of development/changes +is expected in that area. + + + +Table of Contents +================= + + * [Contributing to Snoopy development](#contributing-to-snoopy-development) + * [Basic rules for data source development](#basic-rules-for-data-source-development) + * [Filter development rules](#filter-development-rules) + * [Creating feature documentation](#creating-feature-documentation) + * [Creating pull requests for upstream merges](#creating-pull-requests-for-upstream-merges) + + + +## Basic rules for data source development + +- data sources are located in src/datasource/; +- data source names should be lower case, with underscores for word separation; +- data about currently executing process is available in src/inputdatastorage.* + files. Consult existing data sources on how to use it (filename for example); +- each data source must be self-sufficient. Do not rely on other parts of Snoopy; +- each data source must be tidy (free all mallocs, close all file descriptors); +- the first argument passed to each provider is a char array to return message into; +- data source message must not be longer than SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE; +- each data source must have a corresponding header file; +- all data sources must build with -Wall -Werror flags (enabled by default); +- code indentation: 4 spaces, no tabs; +- reserverd data source names: + - snoopy* + +If you have developed a shiny new data source and you would like to start using +it with Snoopy, you have to add it to the following files to make Snoopy fully +aware of it: + +- src/datasource/NAME.h (your data source's main header file) +- src/datasource/NAME.c (your data source's main source code goes here) +- src/datasource/Makefile.am (one reference) +- src/datasourceregistry.c (three references - header, name and function name) +- configure.ac (one reference) +- etc/snoopy.ini.in (one reference in comments, for documentation purposes) +- Changelog (short description of new feature) + + +## Filter development rules + +Rules for filter development are the same as for new data source development, +with the following additional specifics: + +- filters are located in src/filter/; +- each filter is passed two arguments: + - logMessage and + - filter argument (if any, otherwise an empty string is passed); +- filter argument is literal. If it contains multiple arguments (separated by + comma, for example), the filter itself must do the parsing/tokenization. +- filter MAY modify logMessage. If it does so, the new log message MUST NOT + EXCEED the maximum log message size, defined in snoopy.h. +- filter MUST return SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP constant; +- if SNOOPY_FILTER_DROP is returned by filter, it causes immediate termination + of filter chain processing and message is not logged to syslog; +- reserved filter names: + - snoopy* + +If you have developed a shiny new filter and you would like to start using +it with Snoopy, you have to add it to the following files to make Snoopy fully +aware of it: + +- src/filter/NAME.h (your filter's main header file) +- src/filter/NAME.c (your filter's main source code goes here) +- src/filter/Makefile.am (one reference) +- src/filterregistry.c (three references - header, name and function name) +- configure.ac (one reference) +- etc/snoopy.ini.in (one reference in comments, for documentation purposes) +- Changelog (short description of new feature) + + + +## Output development rules + +Rules for new output development are the same as for new filter development, +with the following additional specifics: + +- outputs are located in src/output/; +- as output names are generally very generic, files and functions are suffixed with "...output"; +- each output is passed three arguments: + - logMessage + - flag whether logMessage is a regular Snoopy log message or an error message + - output argument string (might not be used by output) +- output argument is literal. If it contains multiple arguments (separated by + comma, for example), the output itself must do the parsing/tokenization. +- reserved output names: + - snoopy* + +If you have developed a shiny new output and you would like to start using +it with Snoopy, you have to add it to the following files to make Snoopy fully +aware of it: + +- src/output/NAME.h (your output's main header file) +- src/output/NAME.c (your output's main source code goes here) +- src/output/Makefile.am (one reference) +- src/outputregistry.c (three references - header, name and function name) +- src/configfile.c (one reference) +- src/snoopy.h (one reference (or more if this is the new default output)) +- configure.ac (one reference) +- etc/snoopy.ini.in (one reference in comments, for documentation purposes) +- Changelog (short description of new feature) + + + +## Creating feature documentation + +Here is a brief description of Snoopy documentation structure. + +File /README.md: +- general information and quick install instructions; + +Directory /doc/: +- documentation which is useful to average Snoopy user; +- /doc/INSTALL.md: detailed installation instructions; +- /doc/FAQ.md: location of answers to frequently asked questions; + +- /doc/DATA-SOURCES.md: general, data-sources-specific information; +- /doc/DATA-SOURCE_complex_data_source_name.md: documentation for advanced + and configurable data source called "complex_data_source_name", which + has its code located in src/datasource/complex_data_source_name.c; + (also, do not include "_name" suffix in data source's name:); + +- /doc/FILTERING.md: filtering-specific information; +- /doc/FILTER_complex_filter_name.md: documentation for advanced filter called + "complex_filter_name", which has its code located in + src/filter/complex_filter_name.c; + +Directory /doc/internals/: +- location of documetation useful to Snoopy developers and contributors; +- /doc/internals/README.md: main document about Snoopy internals + + + +## Creating pull requests for upstream merges + +Commits: +- your commits should be easily readable, with concise comments; +- your commits should follow the KISS principle: do one thing, and do it well. + +Branching: +- branch name: feature/my-shiny-new-snoopy-feature-title for new features; +- branch name: bugfix/my-totally-non-hackish-workaround for bugfixes; +- branch name: master (avoiding creating dedicated branch) may only be used for trivial fixes. + +Pull requests: +- do not create pull requests from master branch, unless absolutely sure to do so; +- one pull request should contain one change only + (one bugfix or one feature at a time); +- if you have developed multiple features and/or bugfixes, create separate + branches for each one of them, and request merges for each branch; +- the cleaner you code/change/changeset is, + the faster it will be merged. + +That is it. Happy coding! :) diff -Nru snoopy-1.8.0/doc/FAQ.md snoopy-2.3.1/doc/FAQ.md --- snoopy-1.8.0/doc/FAQ.md 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/FAQ.md 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,74 @@ +# Snoopy Logger FAQ + + + + + +### 1. Snoopy hangs my RedHat/Fedora/CentOS/other system + +**OBSOLETE, FIXED IN SNOOPY 1.9.0** + +Due to bug described at the URIs below, **please make sure you test your Snoopy +installation before you deploy it to production**. The bug manifests itself at +shutdown, when system hangs instead of finishing the whole shutdown procedure. + +So far this has only been reproduced on Fedora, and there is a reference to +Hyper-Threading, but no one has come up with a valid solution, only workarounds. + + +Bug descriptions: + +* https://bugzilla.redhat.com/show_bug.cgi?id=745603 +* https://github.com/a2o/snoopy/issues/1 + + +How to test: + +* Configure, build, install, enable +* Make sure it is working by tailing log files +* Reboot #1 +* Reboot #2. If second reboot is successful, you are on the safe side + + +Distributions known to work OK (all 64-bit, all tested with 2.0.0+ versions): + +* CentOS 6.5 +* Debian 7 +* Ubuntu Server 12.04.01, 14.04 +* Slackware 12.2+ + + + + + +### 2. Snoopy hangs my RH/CentOS/(other-systemd-based) system + +**HAPPY ANNOUNCEMENT: Snoopy version 2.2.0 resolved boot problems on RHEL/CentOS 7.** +More info: https://github.com/a2o/snoopy/issues/28 + +~DO NOT INSTALL Snoopy on CentOS 7 just yet!~~ +~For currently unknown reason, when Snoopy is installed, CentOS 7 does not boot.~~ +~Here is the issue tracker entry:~~ +~https://github.com/a2o/snoopy/issues/28~~ + + + + + +### 3. PulseAudio fills logs when Snoopy is installed + +Issue was originally reported here: https://github.com/a2o/snoopy/issues/29 + +Transcript of original content (a bit condensed): + + If, like us, you have users running desktop environments, you'll find pulseaudio + filling your logs because of Snoopy. + + Workaround: + * edit /etc/pulse/client.conf + * if exists, uncomment line that starts with "autospawn" and change value to "no" + * if not, add a line "autospawn = no" + + That should fix your issue. + +(Thanks to https://github.com/sykosoft for reporting this and providing a solution.) diff -Nru snoopy-1.8.0/doc/FILTER_exclude_spawns_of.md snoopy-2.3.1/doc/FILTER_exclude_spawns_of.md --- snoopy-1.8.0/doc/FILTER_exclude_spawns_of.md 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/FILTER_exclude_spawns_of.md 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,120 @@ +# The exclude_spawns_of filter + +## Purpose of the filter + +When Snoopy is installed, it will generate a log message for every executable +that runs. This includes the programs invoked by cron and other system +daemons. All these messages create noise in the logs and tends to drown useful +information. So filtering out messages created by cron jobs is therefore a +useful feature. That's what the exclude_spawns_of filter does. + +## Terms used + +In this page, we use the following terms: + +- Process tree: this is the graph of processes running on your system, starting at init (process 1) at the top, and going down from parent to child processes. +- Ancestor: A process _A_ is the ancestor of process _P_ if you can start from _P_ in the process tree and go up one or more levels until you find _A_. +- Descendant: A process _D_ is a descendant of process _P_ if _P_ is the ancestor of _D_. A synonym for _spawn_. + + +## Setting up the filter + +The filter takes a comma-separated list of program names as a parameter. If the current process is a descendant of one of the named programs, the filter will drop the message. + +So if you want to avoid logging programs executed by cron jobs or their descendants, just put + + filter_chain = "exclude_spawns_of:cron" + +in the `snoopy.ini` file. + +The list of program names after the `exclude_spawns_of:` is called the _black list_. It is a list of ancestors for which the log message should be dropped. + +Of course, your filter chain can include other filters. See snoopy.ini for examples. + +If you also want to avoid logging the executables launched by `mydaemon`, you can add it to the black list: + + filter_chain = "exclude_spawns_of:cron,mydaemon" + +Do not put spaces around the colon or the commas! + +## The gory details + +The filter walks up the process tree and examines the ancestors of the current process, starting from the parent of the current process. For each ancestor, the filter compares the name of the executable with the black list. If there is a match, the filter drops the message. + +A name listed in the black list can be a binary name or a script name. If you have a doubt, find the program that you want to add in the list and run the command + + cat /proc/nnnn/stat + +where _nnnn_ is the PID of the program. The output of the command will list a name between parentheses in the second word. That name (without the parentheses!) is what you need to add in the black list. + +If the filter encounters an error, it will pass the message. + +## Installing and testing the filter + +### Compiling + +If you install from source, make sure that the following options are passed to `./configure`: + + --enable-filtering + --enable-config-file + +For debian, these options are in `debian/rules`. + +### Installing + +The filter is installed along with the rest of Snoopy, there is no separate package. + +### Setting up + +We assume you are running as root or sudoing as needed. + +If you installed from a package that was correctly configured, you should see the file `/etc/snoopy.ini` in your system. If this file is missing, it means that the version of Snoopy you installed was compiled without the `--enable-config-file` option. It cannot be used here. Please install a different version. + + We are going to modify the ini file to make sure the filter works. + +Change the default message format in `/etc/snoopy.ini`. For example, we add the PID of the process: + + message_format = "[pid:%{pid} uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" + +Next, we will create an easy-to-test black list. Add the following line in `/etc/snoopy.ini`: + + filter_chain = "exclude_spawns_of:cron,sh" + +We specified that Snoopy should not log programs spawned by cron and sh. We assume here that you run bash as the standard shell. You can verify that this is the case with the command: + + getent passwd $USER + +The last string in the command output is your login shell, `bash` by default. + +### Verifying that Snoopy reads the ini file + +Let's enable Snoopy with the command: + + snoopy-enable + +You can check that the `/etc/ld.so.preload` file now contains something like `/lib/libsnoopy.so`. + +Open another window and run `tail -f /var/log/auth.log` to check that Snoopy works. + +Snoopy works only for processes started after it's enabled, so let's invoke a new shell with the command + + bash + +Within that new shell, run ls. You will see a message in `auth.log` that looks like this: +``` +Apr 24 21:41:57 fred-vm-ub1 snoopy[2320]: [pid:2320 uid:1000 sid:1872 tty:/dev/pts/0 cwd:/home/fmora filename:/bin/ls]: ls +``` + +This shows that Snoopy read the ini file and parsed the `message_format` parameter. + +### Testing the filter + +Remember that your default shell is bash, and that you added the `sh` shell to the black list. So let's run the command `sh` to start an instance of this shell. You should see that Snoopy records it in the log (since its ancestors are not blacklisted). + +However, type `ls` or other commands within the new `sh` shell. You should see that Snoopy does not log these commands, since they are a descendant of the blacklisted `sh`. + +Start a bash shell within sh by typing `bash`. Within bash, type `ls` or other commands. Snoopy does not log them. This is because these commands are still descendants from the blacklisted `sh`. + +This shows that the filter works. You can now set the black list as you need. + + diff -Nru snoopy-1.8.0/doc/INSTALL.md snoopy-2.3.1/doc/INSTALL.md --- snoopy-1.8.0/doc/INSTALL.md 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/INSTALL.md 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,269 @@ +# Snoopy Logger Installation Instructions + + + + * [Snoopy Logger Installation Instructions](#snoopy-logger-installation-instructions) + * [Available installation methods:](#available-installation-methods) + * [1. Automated installation procedure](#1-automated-installation-procedure) + * [2. Installing Snoopy from distribution package repositories](#2-installing-snoopy-from-distribution-package-repositories) + * [2.1 Building distribution-specific packages yourself](#21-building-distribution-specific-packages-yourself) + * [3. Building Snoopy from sources](#3-building-snoopy-from-sources) + * [3.1 Download options](#31-download-options) + * [3.2 Installation procedure](#32-installation-procedure) + * [3.3 Build configuration](#33-build-configuration) + * [3.3.1 Configuring log output](#331-configuring-log-output) + * [3.3.2 Configuring filtering](#332-configuring-filtering) + * [3.3.3 Optional configuration file support](#333-optional-configuration-file-support) + * [4 How to enable/activate Snoopy](#4-how-to-enableactivate-snoopy) + * [4.1 Enable for specific program](#41-enable-for-specific-program) + * [4.2 Enable system-wide Snoopy on 32-bit-only or 64-bit-only systems](#42-enable-system-wide-snoopy-on-32-bit-only-or-64-bit-only-systems) + * [4.3 For multilib systems](#43-for-multilib-systems) + * [4.4 For multilib systems with LD_PRELOAD_* environmental variables](#44-for-multilib-systems-with-ld_preload_-environmental-variables) + * [5 Snoopy output](#5-snoopy-output) + * [6 How to disable Snoopy](#6-how-to-disable-snoopy) + + + +## Available installation methods: + +* automated installation procedure (preferred, installs latest version), or +* using packages provided by your Linux distribution, or +* building it manually. + + + + + +### 1. Automated installation procedure + +To start automated installation procedure for **STABLE** version of Snoopy, +run this command: + + wget -q -O - https://github.com/a2o/snoopy/raw/stable/bin/snoopy-install.sh | sh + +To start automated installation procedure for **DEVELOPMENT** version of Snoopy, +run this command: + + wget -q -O - https://github.com/a2o/snoopy/raw/master/bin/snoopy-install.sh | sh + +**WARNING: This manual is for latest Snoopy version only. Any version that is not the latest is not supported. Please do not submit any bug/feature/change requests related to unsupported versions.** + + + + + +### 2. Installing Snoopy from distribution package repositories + +This is generally simple, if some maintainer already created snoopy package for you. +How to install distribution-provided packages is out of scope of this manual. + +Generally you would do something like this: + + apt-get install snoopy + yum install snoopy + zypper install snoopy + + + +#### 2.1 Building distribution-specific packages yourself + +The following Linux distributions have their corresponding package definition +files available in the contrib/ directory: + +* Debian/Ubuntu, in contrib/debian/ +* RHEL/CentOS/Fedora, in contrib/rhel/ +* SLES/OpenSUSE, in contrib/sles/ + +The contents of contrib/ directory is user-supplied and therefore not supported. Patches +however are gladly accepted. + + + + + +### 3. Building Snoopy from sources + +#### 3.1 Downloading source + +You can download Snoopy release tarballs from this location: http://source.a2o.si/download/snoopy/ + +You can clone the latest Snoopy sources from GitHub: +``` +git clone https://github.com/a2o/snoopy.git +``` + + +#### 3.2 Installation procedure + +Snoopy supports various features that can be enabled by supplying arguments +to configure command. Consult `./configure --help' for more information. + + # Only if you are building directly from git repository: + ./bootstrap.sh + + # Check configuration options, see section 3.3 for details: + ./configure --help + + # Then continue with normal build procedure: + ./configure [OPTIONS] + make + make install + + # At this point, Snoopy is **installed but not yet enabled**. + # Enable it + make enable + + # Reboot your system for Snoopy to be picked by all programs. + reboot + + + +#### 3.3 Build configuration + +##### 3.3.1 Configuring log output + +Snoopy already has default log message format configured, but by using +"./configure --with-message-format=FORMAT" you can adjust it to your +needs. + +Log message format specification example: + + --with-message-format="text1:%{datasource1} text2:%{datasource2} text3:%{datasource3:arg}" + +Text outside %{...} is considered literal and is copied as-is to final +log message. On the other hand, text found within %{...} has special +meaning: it retrieves data from specified data source. If data source +specification contains a colon, then text before colon is considered +data source name, and text following the colon is passed as an argument +to the data source provider in question. + + + +##### 3.3.2 Configuring filtering + +Snoopy supports message filtering. Filtering support must be +enabled at build time, here is an example: + + # REQUIRED TO ENABLE FILTERING FEATURE + --enable-filtering + + # HOW TO DEFINE FILTER CHAINS + --with-filter-chain="FILTER_CHAIN_SPEC" + +By default, if FILTER_CHAIN_SPEC is not configured. An empty string is +used instead, which effectively disables filtering and all Snoopy messages +are passed to the configured output. + +See sample configuration file etc/snoopy.ini for list and description +of supported filter configurations. + + +##### 3.3.3 Optional configuration file support + +Snoopy supports optional configuration file, which may help with +development and/or configuration endeavours. Configuration file must +be enabled at build time: + + --enable-config-file + +Configuration file is installed as SYSCONFDIR/snoopy.ini. SYSCONFDIR +can be changed with --sysconfdir=PATH configuration directive. +See sample configuration file etc/snoopy.ini for list and description +of supported configuration directives. + + + + + +### 4 How to enable/activate Snoopy + +#### 4.1 Enable for specific program + +If you wish to monitor only certain applications you can do so through +the LD_PRELOAD environmental variable - simply set it to the full path +to libsnoopy.so shared library before starting the application. + +Example: + + export LD_PRELOAD=/usr/local/lib/libsnoopy.so # default path + lynx http://linux.com/ + unset LD_PRELOAD + + + +#### 4.2 Enable system-wide Snoopy on 32-bit-only or 64-bit-only systems + +WARNING: Using this method on multilib systems (64-bit systems capable +WARNING: of running 32-bit applications) can cause malfunction because +WARNING: preload config file /etc/ld.so.preload makes no distinction +WARNING: between 32- and 64-bit programs and shared libraries. + + # Use special Snoopy-enabling script + snoopy-enable + + # Or enable it using build tools + make enable + +Explanation: + +An entry is created in /etc/ld.so.preload file which causes execv() +and execve() system calls to be intercepted by Snoopy and logged via +syslog. + + + +#### 4.3 For multilib systems + +Content of /etc/ld.so.preload should include the following line: + + /usr/local/$LIB/libsnoopy.so + +This applies only when you have installed both 32bit and 64bit version +of the library in the appropriate paths. + + + +#### 4.4 For multilib systems with LD_PRELOAD_* environmental variables + +On systems that support LD_PRELOAD_32 and LD_PRELOAD_64 you can use +those variables to force loading of Snoopy. If you with to enable it +system-wide, ensure that correct values are held by those variables +at boot time. Consult section 4.a of this README on how to set +environmental variables. Setting them at boot time is usually distro- +dependent. +Users are also required to compile 32-bit version of library. To do so +on 64-bit systems it is usually enough to set appropriate CFLAGS: + + CFLAGS=-m32 ./configure [OPTIONS] + +Of course your system must be cross-compilation capable. Consult your +OS documentation for details on this subject. + + + + + +### 5 Snoopy output + +The exact location of your Snoopy output depends on your syslog +configuration. Usually it gets stored in one of the following files: + + /var/log/auth* + /var/log/messages + /var/log/secure + + + +### 6 How to disable Snoopy + +The simplest way is by using special script: + + snoopy-disable + +To manually disable Snoopy, simply edit /etc/ld.so.preload and remove +reference to libsnoopy.so. Also unset any environmental variable that +references Snoopy (LD_PRELOAD, LD_PRELOAD_32 and LD_PRELOAD_64). Then +you may also delete Snoopy shared library from your system. Default +installation path of Snoopy shared library is: + + /usr/local/lib/libsnoopy.so diff -Nru snoopy-1.8.0/doc/internals/Makefile.am snoopy-2.3.1/doc/internals/Makefile.am --- snoopy-1.8.0/doc/internals/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/internals/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,10 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### Include documentation in final release package +# +EXTRA_DIST +=\ + README.md diff -Nru snoopy-1.8.0/doc/internals/README.md snoopy-2.3.1/doc/internals/README.md --- snoopy-1.8.0/doc/internals/README.md 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/internals/README.md 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,36 @@ +# Snoopy Logger Internals + + + +## How does Snoopy actually work? + +Snoopy installs itself as a preloaded library that provides a wrapper +around execv() and execve() syscall. Logging is done via syslog. + +Snoopy should be completely transparent to users and to applications. + + + +## Architectural note + +execv() calls are now explicitly logged. Although, according to the +man page for execv(), it is supposed to call execve(). To this date +the reason why execv() calls weren't being logged is unknown, but we +are working to find out why. + + + +## Further information + +* Read the code. +* Start at [../../src/libsnoopy.c](../../src/libsnoopy.c). This is essential. + Here the execv()/execve() syscalls are intercepted and forwarded to internal + Snoopy functions. Once Snoopy is done, execution is forwarded back to + real execv()/execve() syscall. +* Continue with [../../src/log.c](../../src/log.c). Here you can learn how + Snoopy log message is generated (using data sources) and dispatched to + configured output. +* Configuration file parsing code is here: [../../src/configfile.c](../../src/configfile.c). +* Data sources are located here: [../../src/datasource/](../../src/datasource/). +* Filters are located here: [../../src/filter/](../../src/filter/). +* Outputs are located here: [../../src/output/](../../src/output/). diff -Nru snoopy-1.8.0/doc/Makefile.am snoopy-2.3.1/doc/Makefile.am --- snoopy-1.8.0/doc/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,19 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### First process all required subdirs +# +SUBDIRS = internals + + + +### Include documentation in final release package +# +EXTRA_DIST +=\ + CONTRIBUTING.md \ + FAQ.md \ + FILTER_exclude_spawns_of.md \ + INSTALL.md diff -Nru snoopy-1.8.0/doc/releasing/bin/create-release.sh snoopy-2.3.1/doc/releasing/bin/create-release.sh --- snoopy-1.8.0/doc/releasing/bin/create-release.sh 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/releasing/bin/create-release.sh 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,259 @@ +#!/bin/bash + + + +### Settings +# +PUBLIC_GIT_REMOTE_NAME="github-a2o" + + + +### Check working directory +if [ ! -d "doc/releasing" ]; then + echo "ERROR: You have to run this script in the root of the git repository" + exit 1 +fi + + + +### Check release tag +RELEASE_TAG="$1" +if [ "x$RELEASE_TAG" == "x" ]; then + echo "ERROR: No release tag specified. Please use: $0 snoopy-X.Y.Z" + exit 1 +fi + + + +### Check if release tag is properly formatted +if [[ ! "$RELEASE_TAG" =~ ^snoopy- ]]; then + echo "ERROR: Release tag is not properly formatted - snoopy-x.y.z format is required" + exit 1 +fi +RELEASE_VERSION=`echo "$RELEASE_TAG" | sed -e 's/snoopy-//'` + + + +### Check if release tag exists +RES=`git tag | grep "^$RELEASE_TAG\$"` +if [ "$RES" != "$RELEASE_TAG" ]; then + echo "ERROR: Release tag does not exist, please create it with: git tag snoopy-X.Y.Z" + exit 2 +fi + + + +### Check if first line of tagged commit contains "Release X.Y.Z" +RES=`git log -1 --pretty="%B" $RELEASE_TAG | head -n1 | grep "^Release $RELEASE_VERSION\$" -c` +if [ "$RES" -ne "1" ]; then + echo "ERROR: Release commit does not contain this message as first line: 'Release $RELEASE_VERSION'" + exit 2 +fi + + + +### Check if git remote with required name exists +RES=`git remote | grep "^$PUBLIC_GIT_REMOTE_NAME\$" -c` +if [ "$RES" -ne "1" ]; then + echo "ERROR: Required git remote not found: '$GIT_REMOTE_NAME'" + exit 2 +fi + + + +### Check for uncommited changes in the current repo +# +# Uncommited changes are allowed, but only in special locations +# +RES=`git status -s | grep -v ' doc/releasing/' | grep -c .` +if [ "$RES" -ne "0" ]; then + echo "ERROR: There are unallowed uncommited changes in git repository. Please commit/stash and try again." + echo + git status -s + echo + exit 2 +fi + + + +### Paths and filenames +DIR_REPO=`pwd` +FILENAME_RELEASE="snoopy-$RELEASE_VERSION.tar.gz" +FILENAME_RELEASE_MD5="snoopy-$RELEASE_VERSION.tar.gz.md5" +FILENAME_RELEASE_SHA1="snoopy-$RELEASE_VERSION.tar.gz.sha1" +FILENAME_RELEASE_SIZE="snoopy-$RELEASE_VERSION.tar.gz.size" +FILENAME_LATEST_VERSION="snoopy-latest-version.txt" +FILENAME_LATEST_PACKAGE_FILENAME="snoopy-latest-package-filename.txt" +FILE_RELEASE="$DIR_REPO/$FILENAME_RELEASE" +FILE_RELEASE_MD5="$DIR_REPO/$FILENAME_RELEASE_MD5" +FILE_RELEASE_SHA1="$DIR_REPO/$FILENAME_RELEASE_SHA1" +FILE_RELEASE_SIZE="$DIR_REPO/$FILENAME_RELEASE_SIZE" +FILE_LATEST_VERSION="$DIR_REPO/$FILENAME_LATEST_VERSION" +FILE_LATEST_PACKAGE_FILENAME="$DIR_REPO/$FILENAME_LATEST_PACKAGE_FILENAME" +PUBLIC_DL_SSH_HOST="source.a2o.si" +PUBLIC_DL_SSH_PATH="/var/www/source.a2o.si/public/download/snoopy" +PUBLIC_DL_URI_PREFIX="http://source.a2o.si/download/snoopy" + +### Determine if this version is stable or development release +if [[ $RELEASE_VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + RELEASE_IS_STABLE="1" +else + RELEASE_IS_STABLE="0" +fi + + + + + + +### Check that release dirs and files do not exists +if [ -e $FILE_RELEASE ]; then + echo "ERROR: Release file already exists: $FILE_RELEASE" + exit 10 +fi +if [ -e $FILE_RELEASE_MD5 ]; then + echo "ERROR: Release MD5 file already exists: $FILE_RELEASE_MD5" + exit 10 +fi +if [ -e $FILE_RELEASE_SHA1 ]; then + echo "ERROR: Release SHA1 file already exists: $FILE_RELEASE_SHA1" + exit 10 +fi +if [ -e $FILE_RELEASE_SIZE ]; then + echo "ERROR: Release SIZE file already exists: $FILE_RELEASE_SIZE" + exit 10 +fi + + + +### Check if we can connect to SSH host +echo "SSH TEST: Checking SSH connectivity for final release tarball upload." +echo "SSH TEST: If you are promted for account password (not private key password), it does not work." +echo "SSH TEST: If that happens, just hit CTRL+C and fix the problem before trying publish a release." +ssh $PUBLIC_DL_SSH_HOST true +if [ "$?" != "0" ]; then + echo "ERROR: Failed to test-connect to the $PUBLIC_DL_SSH_HOST via SSH. Aborting." +fi + + + +### Remember current git branch +GIT_BRANCH_CUR=`git rev-parse --abbrev-ref HEAD` + + + +### Checkout +git checkout $RELEASE_TAG + + + +### Check for release in configure.ac +RES=`cat configure.ac | fgrep $RELEASE_VERSION | cat` +if [ "x$RES" == "x" ]; then + echo "ERROR: Release tag $RELEASE_TAG not found in configure.ac file." + exit 20 +fi + +### Check for release in ChangeLog +RES=`cat ChangeLog | grep "$RELEASE_VERSION\$" | cat` +if [ "x$RES" == "x" ]; then + echo "ERROR: Release version $RELEASE_VERSION not found in ChangeLog file." + exit 20 +fi + +### Check for release in README.md +RES=`cat README.md | grep snoopy-$RELEASE_VERSION\.t | cat` +if [ "x$RES" == "x" ]; then + echo "ERROR: Release version $RELEASE_VERSION not found in README.md file." + exit 20 +fi + + + +### Create release package +./bootstrap.sh && +./configure && +make clean && +make dist && + + + +### Checkout back master branch +git checkout $GIT_BRANCH_CUR && + + + +### Create package +md5sum $FILENAME_RELEASE > $FILE_RELEASE_MD5 && +sha1sum $FILENAME_RELEASE > $FILE_RELEASE_SHA1 && +wc -c $FILENAME_RELEASE > $FILE_RELEASE_SIZE && + +# These two are used by snoopy-install.sh script +echo "$RELEASE_VERSION" > $FILE_LATEST_VERSION && +echo "$FILENAME_RELEASE" > $FILE_LATEST_PACKAGE_FILENAME && + + + +### Upload release files +echo && +echo "RELEASING: Uploading release package files to http://source.a2o.si/download/snoopy/..." && +echo && +scp \ + $FILE_RELEASE \ + $FILE_RELEASE_MD5 \ + $FILE_RELEASE_SHA1 \ + $FILE_RELEASE_SIZE \ + $PUBLIC_DL_SSH_HOST:$PUBLIC_DL_SSH_PATH \ + && +echo && + + + +### If stable release, update latest stable package version metadata +if [ "$RELEASE_IS_STABLE" == "1" ]; then + echo "RELEASING: This is a stable release." && + echo "RELEASING: Updating files that indicate latest package version..." && + echo && + scp \ + $FILE_LATEST_VERSION \ + $FILE_LATEST_PACKAGE_FILENAME \ + $PUBLIC_DL_SSH_HOST:$PUBLIC_DL_SSH_PATH \ + && + + ssh $PUBLIC_DL_SSH_HOST \ + ln -sf $FILENAME_RELEASE $PUBLIC_DL_SSH_PATH/snoopy-latest.tar.gz +else + echo "RELEASING: This is NOT a stable release." && + echo "RELEASING: Skipped updating files that indicate latest package version." + echo +fi && + +echo && +echo "COMPLETE: $RELEASE_TAG has been released." && +echo "DL URI: $PUBLIC_DL_URI_PREFIX/$FILENAME_RELEASE" && +echo + + + +### Push code and tags to GitHub +# +# Doing this once with --tags argument only does not push actual code, only tags +# +echo && +echo "RELEASING: Pushing code and tags to GitHub..." && +echo && +git push $PUBLIC_GIT_REMOTE_NAME && +git push $PUBLIC_GIT_REMOTE_NAME --tags && + + + +### Remove created package files +echo && +echo "CLEANUP: Running 'make clean'... (output suppressed)" && +echo && +make clean > /dev/null && + + + +### All done. +true diff -Nru snoopy-1.8.0/doc/releasing/bin/submit-to-coverity.sh snoopy-2.3.1/doc/releasing/bin/submit-to-coverity.sh --- snoopy-1.8.0/doc/releasing/bin/submit-to-coverity.sh 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/releasing/bin/submit-to-coverity.sh 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,117 @@ +#!/bin/bash + + + +### Configure shell +# +set -e + + + +### Settings +# +COVERITY_SETTINGS_FILE="./build/coverity-settings.sh.conf" +BUILD_DIR="cov-int" +BUILD_FILE_PREFIX="cov-int-snoopy" + + + +### Help function +# +displayHelp() +{ + echo + echo "To automatically submit build to Coverity, some environment variables must be defined:" + echo + echo "export COVERITY_EMAIL=\"\"" + echo "export COVERITY_TOKEN=\"\"" + echo "export COVERITY_BUILD_VERSION=\"\"" + echo +} + + + +### Include Coverity settings file +# +if [ -f $COVERITY_SETTINGS_FILE ]; then + echo "Reading Coverity settings file $COVERITY_SETTINGS_FILE" + . $COVERITY_SETTINGS_FILE +else + echo "Coverity settings file does not exist: $COVERITY_SETTINGS_FILE" +fi + + + +### Check if all environmental variables are set +# +if [ "x$COVERITY_EMAIL" == "x" ]; then + echo "ERROR: COVERITY_EMAIL is not set." + displayHelp + exit 1 +fi +if [ "x$COVERITY_TOKEN" == "x" ]; then + echo "ERROR: COVERITY_TOKEN is not set." + displayHelp + exit 1 +fi +if [ "x$COVERITY_BUILD_VERSION" == "x" ]; then + echo "ERROR: COVERITY_BUILD_VERSION is not set." + displayHelp + exit 1 +fi +if ! which cov-build; then + echo "ERROR: Unable to find cov-build." + echo + echo "export PATH=/path/to/cov-analysis-linux64-a.b.c/bin:\$PATH" + echo + displayHelp + exit 1 +fi + + + +### Create build first +# + +# Clean +./bootstrap.sh +./configure +make distclean + +# Configure for real +./configure \ + --enable-config-file \ + --enable-filtering + +rm -rf $BUILD_DIR +mkdir -p $BUILD_DIR + +cov-build \ + --dir=$BUILD_DIR \ + make + +tar \ + -c -z \ + -f ${BUILD_FILE_PREFIX}-${COVERITY_BUILD_VERSION}.tar.gz \ + $BUILD_DIR + + + +### Submit to Coverity +# +curl \ + --form email="$COVERITY_EMAIL" \ + --form token="$COVERITY_TOKEN" \ + --form version="$COVERITY_VERSION" \ + --form description="$COVERITY_DESCRIPTION" \ + --form file=@${BUILD_FILE_PREFIX}-${COVERITY_BUILD_VERSION}.tar.gz \ + https://scan.coverity.com/builds?project=Snoopy+Logger + + + +### Tell the user what has been done +# +echo +echo "Submitted file to Coverity: ${BUILD_FILE_PREFIX}-${COVERITY_BUILD_VERSION}.tar.gz" +echo "All done." +echo diff -Nru snoopy-1.8.0/doc/releasing/RELEASE-HOWTO.txt snoopy-2.3.1/doc/releasing/RELEASE-HOWTO.txt --- snoopy-1.8.0/doc/releasing/RELEASE-HOWTO.txt 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/doc/releasing/RELEASE-HOWTO.txt 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,46 @@ +################################################################################ +### +### How to release a new version of Snoopy Logger +### +################################################################################ + +Steps: + + +1. Run these tools to ensure that code quality consistency: + + 1a. Run autoscan and compare results: + - 'autoscan' + - use 'git diff' to see if anything changed from previous run + - add suggestions to configure.ac + - compare configure.scan to configure.ac + - update config.h.in + - commit + + 1b. Create build and upload it to Coverity: + - ./doc/releasing/bin/submit-to-coverity.sh + - check coverity for errors, fix them + + +2. Update documentation TOCs + - use this tool: https://github.com/ekalinin/github-markdown-toc + - commit + + +3. Update version info: + - 1. in ChangeLog + - 2. in configure.ac + - 3. in README.md (displayed on GitHub front page) + - commit with sign-off, with exact message "Release X.Y.Z" on the first line + - git add ChangeLog configure.ac README.md + - git commit -s -m "Release X.Y.Z" + + +4. Create git tag: + - called 'snoopy-X.Y.Z' # For github to provide proper Snoopy release tarball name - we do not use that anymore + - git tag snoopy-X.Y.Z + + +5. Release it + - cd to the repo root + - run "./doc/releasing/bin/create-release.sh snoopy-x.y.z" diff -Nru snoopy-1.8.0/enable.sh snoopy-2.3.1/enable.sh --- snoopy-1.8.0/enable.sh 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/enable.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ -#!/bin/sh - -# A script that enables snoopy logging for system wide installation. -# You have to run it as privileged user. -# $Id: enable.sh 18 2010-02-10 01:44:14Z bostjanskufca $ - - - -### Where is the library installed? -LIBDIR=$1 -if [ "x$LIBDIR" == "x" ]; then - echo "ERROR: No argument given, libdir expected" - exit 1 -fi - - - -### Check snoopy installation -if [ ! -x $LIBDIR/snoopy.so ]; then - echo "ERROR: $LIBDIR/snoopy.so is not installed or is not executable" - exit 1 -fi - - - -### Check user that is running this script -touch /etc/ld.so.preload -if [ ! -w /etc/ld.so.preload ]; then - echo 'ERROR: /etc/ld.so.preload not writable - are you running this script as a unprivileged user?' - exit 1 -fi - - - -### Do the actual install -if [ `grep -c "^$LIBDIR/snoopy.so" /etc/ld.so.preload` == 0 ]; then - echo "$LIBDIR/snoopy.so" >> /etc/ld.so.preload - echo "Snoopy enabled in /etc/ld.so.preload. Check syslog messages for output." -else - echo "Snoopy already enabled in /etc/ld.so.preload. Check syslog messages for output." -fi diff -Nru snoopy-1.8.0/etc/Makefile.am snoopy-2.3.1/etc/Makefile.am --- snoopy-1.8.0/etc/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/etc/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,41 @@ +include $(top_srcdir)/build/Makefile.am.common + +AUTOMAKE_OPTIONS = foreign subdir-objects +ACLOCAL_AMFLAGS = -I build/m4 + +if CONFIG_FILE_ENABLED +install-exec-local: + if [ ! -f $(DESTDIR)$(sysconfdir)/snoopy.ini ]; then \ + echo ; \ + echo "Installing configuration file: $(DESTDIR)$(sysconfdir)/snoopy.ini" ; \ + echo ; \ + if [ ! -e $(DESTDIR)$(sysconfdir) ]; then \ + install -d $(DESTDIR)$(sysconfdir) ; \ + fi ; \ + install -m 644 snoopy.ini $(DESTDIR)$(sysconfdir)/snoopy.ini ; \ + else \ + if diff -u snoopy.ini $(DESTDIR)$(sysconfdir)/snoopy.ini; then \ + echo ; \ + echo "No changes to configuration file are required: $(DESTDIR)$(sysconfdir)/snoopy.ini" ; \ + echo ; \ + else \ + install -m 644 snoopy.ini $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ; \ + echo ; \ + echo "Existing config file: $(DESTDIR)$(sysconfdir)/snoopy.ini" ; \ + echo " New config file: $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW" ; \ + echo ; \ + echo "WARNING: CONFIGURATION FILE CHANGES NEED MANUAL REVIEW" ; \ + echo ; \ + fi ; \ + fi ; \ + if [ -f $(DESTDIR)$(sysconfdir)/snoopy.ini ]; then \ + if [ -x $(DESTDIR)$(sysconfdir)/snoopy.ini ]; then \ + chmod 644 $(DESTDIR)$(sysconfdir)/snoopy.ini ; \ + fi ; \ + fi ; \ + if [ -f $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ]; then \ + if [ -x $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ]; then \ + chmod 644 $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ; \ + fi ; \ + fi ; +endif diff -Nru snoopy-1.8.0/etc/snoopy.ini.in snoopy-2.3.1/etc/snoopy.ini.in --- snoopy-1.8.0/etc/snoopy.ini.in 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/etc/snoopy.ini.in 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,170 @@ +;;; REQUIRED Section +; +[snoopy] + + + +;;; Log Message Format specification +; +; May consist of: +; - arbitrary text, which is copied to log message as-is, +; - calls to data sources without arguments: %{datasourcename} +; - calls to data sources with argument : %{datasourcename:arg1} +; - calls to data sources with arguments: %{datasourcename:arg1,arg2} <--- if data source supports it +; +; List of available data sources: +; - %{cmdline} ; (available=@enable_datasource_cmdline@) Full command line, with arguments +; - %{cwd} ; (available=@enable_datasource_cwd@) Current working directory +; - %{datetime} ; (available=@enable_datasource_datetime@) Date and time in ISO 8601 format +; - %{egid} ; (available=@enable_datasource_egid@) Effective gid that executed the command +; - %{egroup} ; (available=@enable_datasource_egroup@) Effective group name that executed the command +; - %{env:VAR} ; (available=@enable_datasource_env@) Environmental variable named 'VAR' +; - %{env_all} ; (available=@enable_datasource_env_all@) All environmental varibles, comma separated +; - %{euid} ; (available=@enable_datasource_euid@) Effective uid that executed the command +; - %{eusername} ; (available=@enable_datasource_eusername@) Effective username that executed the command +; - %{filename} ; (available=@enable_datasource_filename@) Full path to executable +; - %{gid} ; (available=@enable_datasource_gid@) Group id that executed the command +; - %{group} ; (available=@enable_datasource_group@) Group name that executed the command +; - %{login} ; (available=@enable_datasource_login@) Login name (tries getlogin_r() first, then SUDO_USER env variabe, and LOGNAME env as last resort) +; - %{pid} ; (available=@enable_datasource_pid@) ID of process that executed the command +; - %{ppid} ; (available=@enable_datasource_ppid@) Parent process ID of process that executed the command +; - %{rpname} ; (available=@enable_datasource_rpname@) Root process name of process that executed the command +; - %{sid} ; (available=@enable_datasource_sid@) Process id of session group process leader +; - %{snoopy_version} ; (available=@enable_datasource_snoopy_version@) Snoopy version +; - %{timestamp} ; (available=@enable_datasource_timestamp@) Current Unix timestamp +; - %{timestamp_ms} ; (available=@enable_datasource_timestamp_ms@) Millisecond part of current Unix timestamp +; - %{timestamp_us} ; (available=@enable_datasource_timestamp_us@) Microsecond part of current Unix timestamp +; - %{tty} ; (available=@enable_datasource_tty@) Which TTY the command was run on +; - %{tty_uid} ; (available=@enable_datasource_tty_uid@) TTY uid +; - %{tty_username} ; (available=@enable_datasource_tty_username@) TTY username +; - %{uid} ; (available=@enable_datasource_uid@) User id that executed the command +; - %{username} ; (available=@enable_datasource_username@) Username that executed the command +; +; Availability (yes/no): +; This flag signifies whether this build of Snoopy has particular data source +; built-in or not. If particular data source is not available and its use is +; desired, then Snoopy must be rebuilt with flags that enable given data +; source. +; +; Default value: +; "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" +; +; Example: +;message_format = "useless static log entry that gets logged on every program execution" +;message_format = "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" + + + +;;; Filter Chain specification +; +; Must comply with the following rules: +; - one or more filters may be specified, separated by semicolon, +; - each filter may contain argument that follows the colon, +; - filter may accept multiple arguments, separated by comma, +; - filter chain must not contain any spaces (allowed in filter arguments, but generally discouraged). +; +; List of available filters: +; - exclude_spawns_of ; (available=@enable_filter_exclude_spawns_of@) Exclude log entries that occur in specified process trees +; - exclude_uid ; (available=@enable_filter_exclude_uid@) Exclude these UIDs from logging +; - only_root ; (available=@enable_filter_only_root@) Only log root commands +; - only_uid ; (available=@enable_filter_only_uid@) Only log commands executed by these UIDs +; +; Availability (yes/no): +; This flag signifies whether this build of Snoopy has particular filter +; built-in or not. If particular filter is not available and its use is +; desired, then Snoopy must be rebuilt with flags that enable given filter. +; +; Sample definitions with explanations: +; - filter_chain = "exclude_uid:0" # Log all commands, except the ones executed by root +; - filter_chain = "exclude_uid:1,2,3" # Log all commands, except those executed by users with UIDs 1, 2 and 3 +; - filter_chain = "only_uid:0" # Log only root commands +; - filter_chain = "exclude_spawns_of:cron,my_daemon" # Do not log commands spawned by cron or my_daemon +; - filter_chain = "filter1:arg11;filter2:arg21,arg22;filter3:arg31,32,33" +; +; Default value: +; "" (empty string) +; +; Examples: +;filter_chain = "" +;filter_chain = "only_uid:0" +;filter_chain = "only_uid:10000" +;filter_chain = "exclude_uid:0" + + + +;;; Output +; +; Where messages get sent to +; +; List of available outputs: +; - devlog ; (available=@enable_output_devlog@) Default, writes directly to /dev/log. +; - file ; (available=@enable_output_file@) Write directly to file. +; - socket ; (available=@enable_output_socket@) Built-in output. As argument it requires an absolute path of socket to write to. +; - syslog ; (available=@enable_output_syslog@) Previuosly-default (WARNING: DO NOT USE syslog OUTPUT WITH systemd - IT WILL HANG YOUR SYSTEM ON BOOT) +; +; Availability (yes/no): +; This flag signifies whether this build of Snoopy has particular output +; built-in or not. If particular output is not available and its use is +; desired, then Snoopy must be rebuilt with flags that enable given output. +; +; List of outputs pending implementation (patches welcome!): +; - console ; TODO +; - journald ; TODO +; +; Default value: +; devlog +; (previously 'syslog' was default value, but due to systemd issues default was changed) +; (to raw device writing as syslogd blocks syslog() calls if journald is not running) +; +; Example: +;output = console +;output = devlog +;output = file:/var/log/snoopy.log +;output = socket:/var/run/socket-for-snoopy.sock + + + +;;; Error Logging +; +; Whether to log error messages or not. +; This should generally be disabled, as it may generate lots of error logs. +; +; The most appropriate usage of this parameter is when: +; - you are developing new data source +; - you are trying to configure message format and are having problems with it +; +; Default value: +; no (unless changed by ./configure --enable-error-logging to yes) +; +; Example: +;error_logging = yes + + + +;;; Syslog Facility +; +; What syslog facility to use. Can be prefixed with 'LOG_'. +; +; Possible values: +; One of AUTH|AUTHPRIV|CRON|DAEMON|FTP|KERN|LOCAL[0-7]|LPR|MAIL|NEWS|SYSLOG|USER|UUCP +; +; Default value: +; LOG_AUTHPRIV (unless changed by ./configure --with-syslog-facility=FACILITY) +; +; Example: +;syslog_facility = LOG_AUTHPRIV + + + +;;; Syslog Level +; +; What syslog level to use. Can be prefixed with 'LOG_'. +; +; Possible values: +; One of EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|DEBUG +; +; Default value: +; LOG_INFO (unless changed by ./configure --with-syslog-level=LEVEL) +; +; Example: +;syslog_level = LOG_INFO diff -Nru snoopy-1.8.0/.gitignore snoopy-2.3.1/.gitignore --- snoopy-1.8.0/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/.gitignore 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,68 @@ +### Files produced by autotools +# +Makefile.in +/aclocal.m4 +/autom4te.cache +/autoscan.log +/build/aux/ar-lib +/build/aux/compile +/build/aux/config.guess +/build/aux/config.sub +/build/aux/depcomp +/build/aux/install-sh +/build/aux/ltmain.sh +/build/aux/missing +/build/aux/test-driver +/build/m4/libtool.m4 +/build/m4/lt*.m4 +/configure +/config.h +/config.log +/config.status +/config.h.in~ +/stamp-h? + + +### Files produced by ./configure +# +Makefile +/libtool + +# Temporary files created during ./configure run +/conf*/ +/confdefs.h +/conftest.c +/conftest.err +/libtoolT + + +### Files produced by build process +# +.dirstamp +*.a +*.o +*.la +*.lo +.deps/ +.libs/ +/src/libsnoopy.so +/bin/snoopy-disable +/bin/snoopy-enable +/bin/snoopy-test-all-data-sources +/bin/snoopy-test-output +/bin/snoopy-detect +/bin/snoopy-dev-helper +/contrib/rhel/snoopy.spec +/contrib/sles/snoopy.spec +/etc/snoopy.ini + + +### Coverity files +# +/cov-int* +/build/coverity-settings.sh.conf + + +### Distribution related files +# +/debian diff -Nru snoopy-1.8.0/Makefile.am snoopy-2.3.1/Makefile.am --- snoopy-1.8.0/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,61 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### Local configuration changes +# +AUTOMAKE_OPTIONS = foreign subdir-objects +ACLOCAL_AMFLAGS = -I build/m4 + + + +# Process etc/ before other subdirs +# If snoopy has config file enabled, then there is a small time frame +# between installation of library and subsequent installation of +# initial configuration file where iniparser emits an error about +# configuration file not being found. Therefore we first install +# configuration file and only then the snoopy library itself. +SUBDIRS = \ + src \ + bin \ + etc \ + doc + +EXTRA_DIST +=\ + bootstrap.sh \ + README.md + +enable: install + echo ; \ + $(top_srcdir)/bin/snoopy-enable ; \ + echo ; + +disable: + echo ; \ + $(top_srcdir)/bin/snoopy-disable \ + echo ; + +# Disable it if we are uninstalling it, to avoid error messages +# about missing library that should be preloaded. +uninstall-local: disable + + + +### Clean these files additionally +# + +# Clean release files +clean-local: + rm -f snoopy-*.tar.gz* ; \ + rm -f snoopy-latest-*.txt ; \ + rm -rf cov-int* ; + +# Clean all files that were generated by bootstrap.sh or autoscan +maintainer-clean-local: + rm -f aclocal.m4 ; \ + rm -f autoscan.log ; \ + rm -fr build/aux/ ; \ + rm -fr build/m4/ ; \ + rm -f configure ; diff -Nru snoopy-1.8.0/Makefile.in snoopy-2.3.1/Makefile.in --- snoopy-1.8.0/Makefile.in 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,70 +0,0 @@ -# Makefile for snoopy -# $Id: Makefile.in 21 2010-02-11 19:58:54Z bostjanskufca $ - - - -CC=@CC@ -CFLAGS=@CFLAGS@ @DEFS@ -LIBS=-ldl -LDFLAGS=@LDFLAGS@ @LIBS@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -LIBDIR=@libdir@ -SNOOPY_EXCLUDE_PREFIX=@SNOOPY_EXCLUDE_PREFIX@ -SNOOPY_EXTERNAL_FILTER=@SNOOPY_EXTERNAL_FILTER@ -SNOOPY_FILTER_COMMAND=@SNOOPY_FILTER_COMMAND@ -SNOOPY_FILTER_COMMAND_DIR=`dirname @SNOOPY_FILTER_COMMAND@` - - -all: snoopy.so detect - -snoopy.so: snoopy.c snoopy.h config.h - $(CC) $(CFLAGS) -shared -O3 -fomit-frame-pointer -fPIC snoopy.c -osnoopy.so $(LDFLAGS) - -detect: detect.c - $(CC) detect.c -odetect $(LDFLAGS) - - - -install: all -ifeq ($(SNOOPY_EXTERNAL_FILTER), yes) - install -m 755 -d $(SNOOPY_EXCLUDE_PREFIX) - install -m 755 -d $(SNOOPY_FILTER_COMMAND_DIR) - if test ! -e $(SNOOPY_EXCLUDE_PREFIX)/grep; then \ - ln -s /usr/bin/grep $(SNOOPY_EXCLUDE_PREFIX)/grep; \ - fi - if test ! -e $(SNOOPY_EXCLUDE_PREFIX)/sed; then \ - ln -s /usr/bin/sed $(SNOOPY_EXCLUDE_PREFIX)/sed; \ - fi - if test ! -e $(SNOOPY_FILTER_COMMAND); then \ - install -m 755 snoopy-filter.sh $(SNOOPY_FILTER_COMMAND); \ - fi - @echo - @echo Your external filter is installed here: - @echo $(SNOOPY_FILTER_COMMAND) - @echo -endif - install -m 755 -d $(DESTDIR)$(LIBDIR) - install -m 755 snoopy.so $(DESTDIR)$(LIBDIR)/snoopy.so - @echo -e "\nSnoopy shared library installed in $(DESTDIR)$(LIBDIR)." - @echo -e "Run 'make enable' to actually enable snoopy logging.\n" - - - -enable: - ./enable.sh $(DESTDIR)$(LIBDIR) - - - -clean: - rm -f detect snoopy.so - rm -f snoopy-filter.sh - rm -f contrib/sles/snoopy.spec - -distclean: clean - rm -f autoscan.log config.h config.log config.status - rm -rf autom4te.cache - rm -f Makefile - -realclean: distclean - rm -f configure configure.scan diff -Nru snoopy-1.8.0/README snoopy-2.3.1/README --- snoopy-1.8.0/README 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/README 1970-01-01 00:00:00.000000000 +0000 @@ -1,77 +0,0 @@ - - - ------------------------------------------------------------------------------- -Snoopy 1.8 - -By: - bostjan@a2o.si - marius@umich.edu - mbm@linux.com ------------------------------------------------------------------------------- - - - -D E S C R I P T I O N - - Snoopy is designed to aid the taks of a sysadmin by providing a log of - commands executed. Snoopy is completely transparent to the user and - applications it hooks in as a library providing a wrapper around calls - to execve() calls. Logging is done via syslogd and written to authpriv - allowing secure offsite logging of activity, generally the authpriv is - stored as /var/log/auth.log. - - - -N O T E - - execv() calls are now explicitly logged. Although, according to the - man page for execv(), it is supposed to call execve(). To this date - the reason why execv() calls weren't being logged is unknown, but we - are working to find out why. - - - -U S A G E - - Snoopy is able to log all users or just root, this functionality is - configured at compile through the snoopy.h header, #define ROOT_ONLY 1 - will restrict logging to root activities. Installation is as follows: - - # If you have pulled snoopy from GIT, you must run autoconf first: - autoheader - autoconf - - # Check configuration options: - ./configure --help - - # Then continue with normal build procedure: - ./configure [OPTIONS] - make - make install - - # Then you can actually enable snoopy: - make enable - - Snoopy is placed in /etc/ld.so.preload to trap all occurances of exec, - if you wish to monitor only certain applications you can do so through - the $LD_PRELOAD environment variable - simply set it to - /usr/local/lib/snoopy.so before loading the application. For example: - - export LD_PRELOAD=/usr/local/lib/snoopy.so - lynx http://linux.com/ - unset LD_PRELOAD - - To remove snoopy later, simply edit /etc/ld.so.preload and remove the - reference to snoopy.so and delete /usr/local/lib/snoopy.so. - - - -O U T P U T - - The exact location of your snoopy output depends on your syslog - configuration. Usually it gets stored in one of the following files: - - /var/log/auth* - /var/log/messages - /var/log/secure diff -Nru snoopy-1.8.0/README.filtering snoopy-2.3.1/README.filtering --- snoopy-1.8.0/README.filtering 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/README.filtering 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ --------------------------------------------------------------------------------- - Snoopy filtering support - - - since version 1.8.0 --------------------------------------------------------------------------------- - - - -D E S C R I P T I O N - - Snoopy supports basic prefix filtering and external filtering. These options - can be enabled on command line and further customized by modifying external - filter script. - - - -W A R N I N G -W A R N I N G -W A R N I N G - - EXTERNAL FILTER MUST RESIDE IN THE EXCLUDE PREFIX PATH. IT MUST NOT USE ANY - PROGRAMS THAT RESIDE OUTSITE THE EXCLUDE PREFIX PATH. DISREGARDING THIS - WARNING WILL CAUSE INFINITE LOOPS ON YOUR SYSTEM AND RENDER IT UNUSABLE. YOUR - SYSTEM WILL CRASH. - - There, you have been warned. - - - -H O W T O E N A B L E - - # Enable it with configure option: - ./configure --enable-external-filter - - # Then proceed with normal build. When installing, sample filter - # script is installed for you to start with. To get its location, - # read the output from 'make install'. - make - make install - - - -F I L T E R S C R I P T - - Please refer to the filter script for additional information about - customization. diff -Nru snoopy-1.8.0/README.md snoopy-2.3.1/README.md --- snoopy-1.8.0/README.md 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/README.md 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,164 @@ +a# Snoopy Logger + +[![Flattr Snoopy Logger project](http://api.flattr.com/button/flattr-badge-large.png)](https://flattr.com/submit/auto?user_id=a2o&url=https://github.com/a2o/snoopy&title=Snoopy Logger) + +Snoopy is a tiny library that logs all executed commands (+ arguments) on your system. + + + + * [Snoopy Logger](#snoopy-logger) + * [0. News](#1-news) + * [1. Installation](#1-installation) + * [1.1 Version information](#11-version-information) + * [2. Output](#2-output) + * [3. Configuration](#3-configuration) + * [4. Support](#4-support) + * [4.1 Commercial support](#41-commercial-support) + * [5. How does Snoopy actually work?](#5-how-does-snoopy-actually-work) + * [6. Contributing to Snoopy development](#6-contributing-to-snoopy-development) + * [7. License](#7-license) + * [8. Credits](#8-credits) + + + +## 0. News + +2015-05-12: +**Snoopy 2.3.0 released!** This Snoopy version contains many +improvements, bugfixes, new features and quite improved build process. +All users are encouraged to upgrade to Snoopy version 2.3.0+ as soon +as possible. + + +## 1. Installation + +The easiest way to start using Snoopy is to execute one of the following +commands (as root). + +To install the latest **STABLE** version of Snoopy, use this command: + + wget -q -O - https://github.com/a2o/snoopy/raw/stable/bin/snoopy-install.sh | sh + +To install the latest **DEVELOPMENT** version of Snoopy, use this: + + wget -q -O - https://github.com/a2o/snoopy/raw/master/bin/snoopy-install.sh | sh + +That is it. +Detailed installation instructions are available here: [doc/INSTALL.md](doc/INSTALL.md) + + +### 1.1 Version information + +Latest Snoopy version information: +* stable: http://source.a2o.si/download/snoopy/snoopy-2.3.1.tar.gz + + + + + +## 2. Output + +This is what typical Snoopy output looks like: + + 2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK + 2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK + 2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f /var/log/messages + +These are default output locations on various Linux distributions: + +* CentOS: /var/log/secure +* Debian: /var/log/auth.log +* Ubuntu: /var/log/auth.log +* others: /var/log/messages (potentially, not necessarily) + +For actual output destination check your syslog configuration. + + + +## 3. Configuration + +Most parts of Snoopy are/can be/should be configured at build time. + +However, since version 2.0.0 Snoopy supports optional configuration file. +Snoopy's automated installation procedure enables configuration file support +by default. Configuration file path is /etc/snoopy.ini. + +For additional information consult comments in default configuration file +[etc/snoopy.ini](etc/snoopy.ini) and read appropriate sections of +[doc/INSTALL.md](doc/INSTALL.md). + + + +## 4. Support + +**Only latest released version of Snoopy is "supported"!** +Any version that is not the latest (stable or development) is not supported. +Please do not submit any bugfix/feature/change requests related to old (unsupported) Snoopy versions. + +**If you encounter an issue with Snoopy, proceed with the following steps:** + +1. make sure you are using the latest version of Snoopy! + 1. this DOES NOT mean the last version 'apt-get install snoopy' provides, + 2. this means the latest version available at https://github.com/a2o/snoopy/! +2. consult FAQ first: [doc/FAQ.md](doc/FAQ.md), +3. search the internets (using Google for example), +4. search the Snoopy issue tracker: https://github.com/a2o/snoopy/issues/, +5. if the problem still persist, create a new issue, but you must: + 1. make sure your issue is reproducible using the latest version of Snoopy, + 2. provide the following data: + 1. Snoopy version used and how did you install it? + 2. Linux distribution you are using? + 3. Which software is crashing because of Snoopy (whole system, one program)? + 4. Trace of your program that crashes. + 3. if possible, provide a patch that fixes (or at least tries to fix) the issue. + +### 4.1 Commercial support + +Commercial support for Snoopy is available. Contact current maintainer via email for details. + + + +## 5. How does Snoopy actually work? + +See [doc/internals/README.md](doc/internals/README.md) + + + +## 6. Contributing to Snoopy development + +See [doc/CONTRIBUTING.md](doc/CONTRIBUTING.md) + + + +## 7. License + +Snoopy is released under GNU General Public License version 2. + +Snoopy was originally released under GNU GPLv2 license, and during the course of +it's life various people contributed code to it under the same license. Therefore +Snoopy continues to be released under GNU GPLv2 license, as this is the only +license all contributors agreed to, up to this point. + +Should some entity (individual or corporation) desire to obtain Snoopy under a +different license (commercial, for example), a consent from all contributors +will be required. + + + +## 8. Credits + +Snoopy development is currently located at the following URI: + http://github.com/a2o/snoopy/ + +Snoopy Logger was originally created and maintained by: + Marius Aamodt Eriksen + Mike Baker + +List of contributors is available at the following locations: +- in the Snoopy's ChangeLog file; +- in the list of pull requests on GitHub. + +Snoopy is currently maintained by: + Bostjan Skufca diff -Nru snoopy-1.8.0/snoopy.c snoopy-2.3.1/snoopy.c --- snoopy-1.8.0/snoopy.c 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/snoopy.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,235 +0,0 @@ -/* snoopy.c -- execve() logging wrapper - * Copyright (c) 2000 marius@linux.com,mbm@linux.com - * - * $Id: snoopy.c 30 2010-02-13 16:31:16Z bostjanskufca $ - * - * Part hacked on flight KL 0617, 30,000 ft or so over the Atlantic :) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ -#include "config.h" -#include "snoopy.h" -#include -#include -#include -#include -#include -#include -#include -#include - -#define min(a,b) a= logStringSize) - break; - logString[n++] = ' '; - } - logString[logStringSize-1] = '\0'; - - - /* Create logMessage */ - #if defined(SNOOPY_CWD_LOGGING) - getCwdRet = getcwd(cwd, PATH_MAX+1); - sprintf(logMessage, "[uid:%d sid:%d tty:%s cwd:%s filename:%s]: %s", getuid(), getsid(0), ttyPath, cwd, filename, logString); - #else - sprintf(logMessage, "[uid:%d sid:%d tty:%s filename:%s]: %s", getuid(), getsid(0), ttyPath, filename, logString); - #endif - - - /* Prepare logging stuff */ - openlog("snoopy", LOG_PID, SNOOPY_SYSLOG_FACILITY); - - - /* Filter it */ - #if defined(SNOOPY_EXTERNAL_FILTER) - filterCommandMaxSize = logMessageMaxSize; - filterOutputMaxSize = logMessageMaxSize; - filterCommand = malloc(filterCommandMaxSize); - filterOutput = malloc(filterOutputMaxSize); - - /* Check filter command - existance */ - fp = fopen(SNOOPY_EXTERNAL_FILTER_COMMAND, "r"); - if (fp) { - fclose(fp); - } else { - syslog(LOG_ALERT, "External snoopy filter does not exist: %s", SNOOPY_EXTERNAL_FILTER_COMMAND); - goto extFilterEnd; - } - - /* Check filter command - executable */ - if (access(SNOOPY_EXTERNAL_FILTER_COMMAND, X_OK)) { - syslog(LOG_ALERT, "External snoopy filter is not executable: %s", SNOOPY_EXTERNAL_FILTER_COMMAND); - goto extFilterEnd; - } - - /* Construct filter command */ - sprintf(filterCommand, "%s '%s'", SNOOPY_EXTERNAL_FILTER_COMMAND, logMessage); - - /* Execute it */ - fp = popen(filterCommand, "r"); - if (fp == NULL) { - syslog(LOG_ALERT, "Unable to execute external snoopy filter: %s", SNOOPY_EXTERNAL_FILTER_COMMAND); - goto extFilterEnd; - } - - /* Read output and close file descriptor */ - filterOutputPtr = filterOutput; - *filterOutput = '\0'; - while (!feof(fp)) { - fgets(buffer, bufferSize, fp); - - if ((strlen(filterOutput) + strlen(buffer)) > filterOutputMaxSize) { - syslog(LOG_ALERT, "Snoopy external filter output is too large"); - goto extFilterEnd; - } - - strcpy(filterOutputPtr, buffer); - filterOutputPtr += strlen(buffer); - } - - /* Finish execution and check exit status */ - status = pclose(fp); - if (status != 0) { - syslog(LOG_ALERT, "External snoopy filter returned non-zero status: %d", status); - } - - /* Move contents to logMessage */ - strcpy(logMessage, filterOutput); - extFilterEnd: - #endif /* defined(SNOOPY_EXTERNAL_FILTER) */ - - - /* Log it */ - if (strlen(logMessage) > 0) { - syslog(SNOOPY_SYSLOG_LEVEL, "%s", logMessage); - } - - - /* Free the logString memory */ - free(logString); - free(logMessage); - - #if defined(SNOOPY_EXTERNAL_FILTER) - free(filterCommand); - free(filterOutput); - #endif -} - - - -int execve(const char *filename, char *const argv[], char *const envp[]) -{ - static int (*func)(const char *, char **, char **); - - FN(func,int,"execve",(const char *, char **const, char **const)); - snoopy_log(filename, argv); - - return (*func) (filename, (char**) argv, (char **) envp); -} - - - -int execv(const char *filename, char *const argv[]) { - static int (*func)(const char *, char **); - - FN(func,int,"execv",(const char *, char **const)); - snoopy_log(filename, argv); - - return (*func) (filename, (char **) argv); -} diff -Nru snoopy-1.8.0/snoopy-filter.sh.in snoopy-2.3.1/snoopy-filter.sh.in --- snoopy-1.8.0/snoopy-filter.sh.in 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/snoopy-filter.sh.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -#!/bin/sh - -# -# Sample snoopy external filter -# -# Log message is received as first argument, which is stored in variable $1. -# Whatever this script returns is the message that snoopy sends to syslog. -# Non-zero exit status will be logged to syslog. -# -# -# WARNING -# WARNING This filter should be a standalone executable. -# WARNING If it uses external programs, make sure the path to those programs -# WARNING was specified in EXCLUDE_PREFIX when ./configuring snoopy. -# WARNING -# WARNING Otherwise snoopy enters infinite loop which will hang your system. -# WARNING - -# External programs used by this filter -SNOOPY_EXCLUDE_PREFIX="@SNOOPY_EXCLUDE_PREFIX@" -SNOOPY_GREP="$SNOOPY_EXCLUDE_PREFIX/grep" -SNOOPY_SED="$SNOOPY_EXCLUDE_PREFIX/sed" - -# Here we just output whatever we have received with slight modification -if [ "x$1" != "x" ]; then - echo "$@" | $SNOOPY_SED -e 's/bash/bush/g' -fi diff -Nru snoopy-1.8.0/snoopy.h snoopy-2.3.1/snoopy.h --- snoopy-1.8.0/snoopy.h 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/snoopy.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -/* - * - * $Id: snoopy.h 17 2010-02-10 01:25:39Z bostjanskufca $ - * - */ - -/** - * SNOOPY_ROOT_ONLY - * - * Log only the actions running under uid 0, set 1 to enable - */ -#define SNOOPY_ROOT_ONLY 0 - -/** - * SNOOPY_MAX_ARG_LENGTH - * - * Maximum size of any argument. - */ -#define SNOOPY_MAX_ARG_LENGTH 4096 diff -Nru snoopy-1.8.0/src/configfile.c snoopy-2.3.1/src/configfile.c --- snoopy-1.8.0/src/configfile.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/configfile.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,352 @@ +/* + * SNOOPY LOGGER + * + * File: configfile.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "configfile.h" +#include "configuration.h" + + + +/* + * Include iniparser-related resources + */ +#include "lib/iniparser/src/iniparser.h" + + + +/* + * snoopy_configfile_load_file + * + * Description: + * Parses INI configuration file and overrides snoopy + * configuration with changed values. + * + * Params: + * file Path log INI configuration file + * + * Return: + * int 0 on success, -1 on error openinf file, other int for other errors + */ +int snoopy_configfile_load ( + char *iniFilePath +) { + dictionary *ini ; + char *confValString; // Temporary query result space + int confValInt; // Temporary query result space + + + /* Tell snoopy we are using configuration file */ + snoopy_configuration.config_file_path = iniFilePath; + + /* Parse the INI configuration file first */ + ini = iniparser_load(iniFilePath); + if (NULL == ini) { + // TODO snoopy error handling + return -1; + } + snoopy_configuration.config_file_found = SNOOPY_TRUE; + + + /* Pick out snoopy configuration variables */ + confValInt = iniparser_getboolean(ini, "snoopy:error_logging", -1); + if (-1 != confValInt) { + snoopy_configuration.error_logging_enabled = confValInt; + } + + confValString = iniparser_getstring(ini, "snoopy:message_format", NULL); + if (NULL != confValString) { + snoopy_configuration.message_format = strdup(confValString); + snoopy_configuration.message_format_malloced = SNOOPY_TRUE; + } + + confValString = iniparser_getstring(ini, "snoopy:filter_chain", NULL); + if (NULL != confValString) { + snoopy_configuration.filter_chain = strdup(confValString); + snoopy_configuration.filter_chain_malloced = SNOOPY_TRUE; + } + + confValString = iniparser_getstring(ini, "snoopy:output", NULL); + if (NULL != confValString) { + snoopy_configfile_parse_output(confValString); + } + + confValString = iniparser_getstring(ini, "snoopy:syslog_facility", NULL); + if (NULL != confValString) { + snoopy_configfile_parse_syslog_facility(confValString); + } + + confValString = iniparser_getstring(ini, "snoopy:syslog_level", NULL); + if (NULL != confValString) { + snoopy_configfile_parse_syslog_level(confValString); + } + + + /* Housekeeping */ + snoopy_configuration.config_file_parsed = SNOOPY_TRUE; // We have sucessfully parsed configuration file + iniparser_freedict(ini); + return 0; +} + + + +/* + * snoopy_configfile_parse_output + * + * Description: + * Parses configuration setting syslog_output and + * sets appropriate internal configuration variable(s). + * Uses default setting if unknown value. + * + * Params: + * confVal Value from configuration file + * + * Return: + * void + */ +void snoopy_configfile_parse_output ( + char *confValOrig +) { + char *confVal; + char *outputName; + char *outputArg; + + // Do not assign null to it explicitly, as you get "Explicit null dereference" Coverity error. + // If you do not assign it, Coverity complains with "Uninitialized pointer read". + char *saveptr1 = ""; + + // First clone the config value, as it gets freed by iniparser + confVal = strdup(confValOrig); + + // Check if configured value contains argument(s) + if (NULL == strchr(confVal, ':')) { + outputName = confVal; + snoopy_configuration.output_arg = ""; + snoopy_configuration.output_arg_malloced = SNOOPY_FALSE; + outputArg = ""; + } else { + // Separate output name from its arguments + outputName = strtok_r(confVal, ":", &saveptr1); + outputArg = strtok_r(NULL , ":", &saveptr1); + + // THINK What if conf.output_arg was set in previous call to this function, + // and is already malloced? We need to detect that and free previous + // allocation. + snoopy_configuration.output_arg = strdup(outputArg); + snoopy_configuration.output_arg_malloced = SNOOPY_TRUE; + } + + // Determine output name + if (strcmp(outputName, SNOOPY_OUTPUT_DEVLOG) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_DEVLOG; } + else if (strcmp(outputName, SNOOPY_OUTPUT_FILE ) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_FILE; } + else if (strcmp(outputName, SNOOPY_OUTPUT_SOCKET) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_SOCKET; } + else if (strcmp(outputName, SNOOPY_OUTPUT_SYSLOG) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_SYSLOG; } + else { + snoopy_configuration.output = SNOOPY_OUTPUT_DEFAULT; + } + + // Housekeeping + free(confVal); +} + + + +/* + * snoopy_configfile_parse_syslog_facility + * + * Description: + * Parses configuration setting syslog_facility and + * sets appropriate config variable. + * Uses default setting if unknown value. + * + * Params: + * confVal Value from configuration file + * + * Return: + * void + */ +void snoopy_configfile_parse_syslog_facility ( + char *confVal +) { + char *confValCleaned; + + // First cleanup the value + confValCleaned = snoopy_configfile_syslog_value_cleanup(confVal); + + // Evaluate and set configuration flag + if (strcmp(confValCleaned, "AUTH") == 0) { snoopy_configuration.syslog_facility = LOG_AUTH; } + else if (strcmp(confValCleaned, "AUTHPRIV") == 0) { snoopy_configuration.syslog_facility = LOG_AUTHPRIV; } + else if (strcmp(confValCleaned, "CRON") == 0) { snoopy_configuration.syslog_facility = LOG_CRON; } + else if (strcmp(confValCleaned, "DAEMON") == 0) { snoopy_configuration.syslog_facility = LOG_DAEMON; } + else if (strcmp(confValCleaned, "FTP") == 0) { snoopy_configuration.syslog_facility = LOG_FTP; } + else if (strcmp(confValCleaned, "KERN") == 0) { snoopy_configuration.syslog_facility = LOG_KERN; } + else if (strcmp(confValCleaned, "LOCAL0") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL0; } + else if (strcmp(confValCleaned, "LOCAL1") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL1; } + else if (strcmp(confValCleaned, "LOCAL2") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL2; } + else if (strcmp(confValCleaned, "LOCAL3") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL3; } + else if (strcmp(confValCleaned, "LOCAL4") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL4; } + else if (strcmp(confValCleaned, "LOCAL5") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL5; } + else if (strcmp(confValCleaned, "LOCAL6") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL6; } + else if (strcmp(confValCleaned, "LOCAL7") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL7; } + else if (strcmp(confValCleaned, "LPR") == 0) { snoopy_configuration.syslog_facility = LOG_LPR; } + else if (strcmp(confValCleaned, "MAIL") == 0) { snoopy_configuration.syslog_facility = LOG_MAIL; } + else if (strcmp(confValCleaned, "NEWS") == 0) { snoopy_configuration.syslog_facility = LOG_NEWS; } + else if (strcmp(confValCleaned, "SYSLOG") == 0) { snoopy_configuration.syslog_facility = LOG_SYSLOG; } + else if (strcmp(confValCleaned, "USER") == 0) { snoopy_configuration.syslog_facility = LOG_USER; } + else if (strcmp(confValCleaned, "UUCP") == 0) { snoopy_configuration.syslog_facility = LOG_UUCP; } + else { + snoopy_configuration.syslog_facility = SNOOPY_SYSLOG_FACILITY; + } +} + + + +/* + * snoopy_configfile_parse_syslog_level + * + * Description: + * Parses configuration setting syslog_level and + * sets appropriate config variable. + * Uses default setting if unknown value. + * + * Params: + * confVal Value from configuration file + * + * Return: + * void + */ +void snoopy_configfile_parse_syslog_level ( + char *confVal +) { + char *confValCleaned; + + // First cleanup the value + confValCleaned = snoopy_configfile_syslog_value_cleanup(confVal); + + // Evaluate and set configuration flag + if (strcmp(confValCleaned, "EMERG") == 0) { snoopy_configuration.syslog_level = LOG_EMERG; } + else if (strcmp(confValCleaned, "ALERT") == 0) { snoopy_configuration.syslog_level = LOG_ALERT; } + else if (strcmp(confValCleaned, "CRIT") == 0) { snoopy_configuration.syslog_level = LOG_CRIT; } + else if (strcmp(confValCleaned, "ERR") == 0) { snoopy_configuration.syslog_level = LOG_ERR; } + else if (strcmp(confValCleaned, "WARNING") == 0) { snoopy_configuration.syslog_level = LOG_WARNING; } + else if (strcmp(confValCleaned, "NOTICE") == 0) { snoopy_configuration.syslog_level = LOG_NOTICE; } + else if (strcmp(confValCleaned, "INFO") == 0) { snoopy_configuration.syslog_level = LOG_INFO; } + else if (strcmp(confValCleaned, "DEBUG") == 0) { snoopy_configuration.syslog_level = LOG_DEBUG; } + else { + snoopy_configuration.syslog_level = SNOOPY_SYSLOG_LEVEL; + } +} + + + +/* + * snoopy_configfile_syslog_value_cleanup + * + * Description: + * Convert existing string to upper case, and remove LOG_ prefix + * + * Params: + * confVal Pointer to string to change and to be operated on + * + * Return: + * char * Pointer to cleaned string (either the same as initial argument, + * or 4 characters advanced, to remove LOG_ prefix + */ +char *snoopy_configfile_syslog_value_cleanup (char *confVal) +{ + char *confValCleaned; + + // Initialize - just in case + confValCleaned = confVal; + + // Convert to upper case + snoopy_configfile_strtoupper(confVal); + + // Remove LOG_ prefix + confValCleaned = snoopy_configfile_syslog_value_remove_prefix(confVal); + + return confValCleaned; +} + + + +/* + * snoopy_configfile_syslog_value_remove_prefix + * + * Description: + * Remove the LOG_ prefix, return pointer to new string (either equal + * or +4 chars advanced) + * + * Params: + * string Pointer to string to remove LOG_ prefix + * + * Return: + * char * Pointer to non LOG_ part of the string + */ +char *snoopy_configfile_syslog_value_remove_prefix (char *confVal) +{ + if (0 == strncmp(confVal, "LOG_", 4)) { + return confVal+4; + } else { + return confVal; + } +} + + + +/* + * snoopy_configfile_strtoupper + * + * Description: + * Convert existing string to upper case + * + * Params: + * string Pointer to string to change and to be operated on + * + * Return: + * void + */ +void snoopy_configfile_strtoupper (char *s) +{ + while (*s) { + if ((*s >= 'a' ) && (*s <= 'z')) { + *s -= ('a'-'A'); + } + s++; + } +} diff -Nru snoopy-1.8.0/src/configfile.h snoopy-2.3.1/src/configfile.h --- snoopy-1.8.0/src/configfile.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/configfile.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,34 @@ +/* + * SNOOPY LOGGER + * + * File: configfile.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Functions to load/parse config file + */ +int snoopy_configfile_load (char *iniFilePath); +void snoopy_configfile_parse_output (char *confVal); +void snoopy_configfile_parse_syslog_facility (char *confVal); +void snoopy_configfile_parse_syslog_level (char *confVal); +char *snoopy_configfile_syslog_value_cleanup (char *confVal); +char *snoopy_configfile_syslog_value_remove_prefix (char *confVal); +void snoopy_configfile_strtoupper (char *s); diff -Nru snoopy-1.8.0/src/configuration.c snoopy-2.3.1/src/configuration.c --- snoopy-1.8.0/src/configuration.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/configuration.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,196 @@ +/* + * SNOOPY LOGGER + * + * File: configuration.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "configuration.h" + + + +/* + * Include configfile-related resources + */ +#ifdef SNOOPY_CONFIG_FILE +#include "configfile.h" +#endif + + + +/* + * Storage of snoopy configuration, with default values + */ +snoopy_configuration_type snoopy_configuration = { + .initialized = SNOOPY_TRUE, + +#ifdef SNOOPY_CONFIG_FILE + .config_file_enabled = SNOOPY_TRUE, +#else + .config_file_enabled = SNOOPY_FALSE, +#endif + .config_file_path = "", + .config_file_found = SNOOPY_FALSE, + .config_file_parsed = SNOOPY_FALSE, + +#ifdef SNOOPY_ERROR_LOGGING_ENABLED + .error_logging_enabled = SNOOPY_TRUE, +#else + .error_logging_enabled = SNOOPY_FALSE, +#endif + + .message_format = SNOOPY_LOG_MESSAGE_FORMAT, + .message_format_malloced = SNOOPY_FALSE, + +#ifdef SNOOPY_FILTERING_ENABLED + .filtering_enabled = SNOOPY_TRUE, +#else + .filtering_enabled = SNOOPY_FALSE, +#endif + .filter_chain = SNOOPY_FILTER_CHAIN, + .filter_chain_malloced = SNOOPY_FALSE, + + .output = SNOOPY_OUTPUT_DEFAULT, + .output_arg = SNOOPY_OUTPUT_DEFAULT_ARG, + .output_arg_malloced = SNOOPY_FALSE, + + .syslog_facility = SNOOPY_CONF_SYSLOG_FACILITY, + .syslog_level = SNOOPY_CONF_SYSLOG_LEVEL, +}; + + + +/* + * snoopy_configuration_ctor + * + * Description: + * Populates snoopy_configuration config variable storage with + * correct values, either from configuration file (if enabled) + * or from ./configure arguments, or defaults are used as last + * case scenario. + * + * Params: + * (none) + * + * Return: + * void + */ +void snoopy_configuration_ctor () +{ + /* Parse INI file if enabled */ +#ifdef SNOOPY_CONFIG_FILE + snoopy_configfile_load(SNOOPY_CONFIG_FILE); +#endif +} + + + +/* + * snoopy_configuration_dtor + * + * Description: + * Frees all configuration-related malloced resources, and sets + * corresponding config settings back to their default values. + * + * Params: + * (none) + * + * Return: + * void + */ +void snoopy_configuration_dtor () +{ + /* + * Reset config setting: message_format + */ + if (SNOOPY_TRUE == snoopy_configuration.message_format_malloced) { + free(snoopy_configuration.message_format); + + /* + * Set this to false - REQUIRED + * + * This needs to be done as a special condition can occur at boot/shutdown: + * - snoopy is loaded when snoopy.ini is visible (mounted, present) + * - snoopy parses it, and sets message_format and ..._malloced to TRUE + * - on shutdown, snoopy.ini might disappear + * - snoopy_configuration_ctor() tries to parse config file, and as it is + * not found, it does no alteration of snoopy_configuraton struct + * - snoopy_configuration.message_format_malloced is left set to TRUE + * - when snoopy_configuration_dtor() is called, it tries to free the + * const char[] that contains the compiled-in message format + */ + snoopy_configuration.message_format_malloced = SNOOPY_FALSE; + + /* + * Set this to default value - REQUIRED + * + * Otherwise on next Snoopy run there will be no message format defined, + * which would in best-case scenario cause no snoopy output, but in + * worst-case scenarion there would be a segfault and possible system + * crash. + */ + snoopy_configuration.message_format = SNOOPY_LOG_MESSAGE_FORMAT; + } + + + /* + * Reset config setting: filter_chain + */ + if (SNOOPY_TRUE == snoopy_configuration.filter_chain_malloced) { + free(snoopy_configuration.filter_chain); + + /* Set this to false - REQUIRED (see above) */ + snoopy_configuration.filter_chain_malloced = SNOOPY_FALSE; + + /* Set this to default value - REQUIRED (see above) */ + snoopy_configuration.filter_chain = SNOOPY_FILTER_CHAIN; + } + + + /* + * Reset config setting: output + */ + if (SNOOPY_TRUE == snoopy_configuration.output_arg_malloced) { + free(snoopy_configuration.output_arg); + + /* Set this to false - REQUIRED (see above) */ + snoopy_configuration.output_arg_malloced = SNOOPY_FALSE; + + /* Set this to default value - REQUIRED (see above) */ + snoopy_configuration.output = SNOOPY_OUTPUT_DEFAULT; + snoopy_configuration.output_arg = SNOOPY_OUTPUT_DEFAULT_ARG; + } +} diff -Nru snoopy-1.8.0/src/configuration.h snoopy-2.3.1/src/configuration.h --- snoopy-1.8.0/src/configuration.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/configuration.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,60 @@ +/* + * SNOOPY LOGGER + * + * File: configuration.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Array holding snoopy configuration data in one place + */ +typedef struct { + int initialized; + + int config_file_enabled; + char *config_file_path; + int config_file_found; + int config_file_parsed; + + int error_logging_enabled; + + char *message_format; + int message_format_malloced; + + int filtering_enabled; + char *filter_chain; + int filter_chain_malloced; + + char *output; + char *output_arg; + int output_arg_malloced; + + int syslog_facility; + int syslog_level; +} snoopy_configuration_type; +extern snoopy_configuration_type snoopy_configuration; + + + +/* + * Functions to manage and utilise configuration + */ +void snoopy_configuration_ctor (); +void snoopy_configuration_dtor (); diff -Nru snoopy-1.8.0/src/datasource/cmdline.c snoopy-2.3.1/src/datasource/cmdline.c --- snoopy-1.8.0/src/datasource/cmdline.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/cmdline.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,102 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/cmdline.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: cmdline + * + * Description: + * Returns command line of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include "inputdatastorage.h" +#include +#include +#include + + + +/* Helper */ +#define min(a,b) a= cmdLineSizeRet) { + break; + } + n += snprintf(cmdLine+n, cmdLineSizeRet-n, "%s", snoopy_inputdatastorage_argv[i]); + + if (n >= cmdLineSizeRet) { + break; + } + cmdLine[n] = ' '; + n++; + } + + /* + * Conclude string - add \0 at the end + * - if last character is space + * - or if last character is ordinary character from incompletely copied argument + */ + n--; + cmdLine[n] = '\0'; + + /* Copy the result to the string pointed by return pointer */ + snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", cmdLine); + + free(cmdLine); + return cmdLineSizeRet; +} diff -Nru snoopy-1.8.0/src/datasource/cmdline.h snoopy-2.3.1/src/datasource/cmdline.h --- snoopy-1.8.0/src/datasource/cmdline.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/cmdline.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/cmdline.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: cmdline + */ +int snoopy_datasource_cmdline (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/cwd.c snoopy-2.3.1/src/datasource/cwd.c --- snoopy-1.8.0/src/datasource/cwd.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/cwd.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,52 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/cwd.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: cwd + * + * Description: + * Returns current working directory of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_cwd (char *result, char *arg) +{ + char cwdBuf[PATH_MAX+1]; + + if (getcwd(cwdBuf, PATH_MAX+1)) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", cwdBuf); + } + return -1; +} diff -Nru snoopy-1.8.0/src/datasource/cwd.h snoopy-2.3.1/src/datasource/cwd.h --- snoopy-1.8.0/src/datasource/cwd.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/cwd.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/cwd.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: cwd + */ +int snoopy_datasource_cwd (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/datetime.c snoopy-2.3.1/src/datasource/datetime.c --- snoopy-1.8.0/src/datasource/datetime.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/datetime.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,68 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/datetime.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: datetime + * + * Description: + * Returns current date and time in ISO 8601 forma. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_datetime (char *result, char *arg) +{ + time_t curTime; + struct tm *curLocalTime; + char timeBuffer[80]; + + // Get current time + if ((time_t) -1 == time(&curTime)) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error @ time(): %d)", errno); + } + + // Convert to local time + curLocalTime = localtime( &curTime); + if (NULL == curLocalTime) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error @ localtime())"); + } + + // Format it + if (0 == strftime(timeBuffer, 80, "%FT%T%z", curLocalTime)) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error @ strftime())"); + } + + // Copy it + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", timeBuffer); +} diff -Nru snoopy-1.8.0/src/datasource/datetime.h snoopy-2.3.1/src/datasource/datetime.h --- snoopy-1.8.0/src/datasource/datetime.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/datetime.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/datetime.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: datetime + */ +int snoopy_datasource_datetime (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/egid.c snoopy-2.3.1/src/datasource/egid.c --- snoopy-1.8.0/src/datasource/egid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/egid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,47 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/egid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: egid + * + * Description: + * Returns effective GID of currently running process + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_egid (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getegid()); +} diff -Nru snoopy-1.8.0/src/datasource/egid.h snoopy-2.3.1/src/datasource/egid.h --- snoopy-1.8.0/src/datasource/egid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/egid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/egid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: egid + */ +int snoopy_datasource_egid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/egroup.c snoopy-2.3.1/src/datasource/egroup.c --- snoopy-1.8.0/src/datasource/egroup.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/egroup.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,78 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/egroup.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: egroup + * + * Description: + * Returns literal effective group name (Group ID) of current process + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include +#include +#include + + + +int snoopy_datasource_egroup (char *result, char *arg) +{ + struct group gr; + struct group *gr_gid = NULL; + char *buffgr_gid = NULL; + size_t buffgrsize_gid = 0; + int messageLength = 0; + + /* Allocate memory */ + buffgrsize_gid = sysconf(_SC_GETGR_R_SIZE_MAX); + if (-1 == buffgrsize_gid) { + buffgrsize_gid = 16384; + } + buffgr_gid = malloc(buffgrsize_gid); + if (NULL == buffgr_gid) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); + } + + /* Try to get data */ + if (0 != getgrgid_r(getegid(), &gr, buffgr_gid, buffgrsize_gid, &gr_gid)) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getgrgid_r)"); + } else { + if (NULL == gr_gid) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); + } else { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", gr_gid->gr_name); + } + } + + /* Cleanup and return */ + free(buffgr_gid); + return messageLength; +} diff -Nru snoopy-1.8.0/src/datasource/egroup.h snoopy-2.3.1/src/datasource/egroup.h --- snoopy-1.8.0/src/datasource/egroup.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/egroup.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/egroup.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: egroup + */ +int snoopy_datasource_egroup (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/env_all.c snoopy-2.3.1/src/datasource/env_all.c --- snoopy-1.8.0/src/datasource/env_all.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/env_all.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,101 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/env_all.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: env_all + * + * Description: + * Returns all environmental variables + * + * Params: + * result: pointer to string, to write result into + * arg: (ignored) - TODO which environmental variables to ignore + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include + +#include + + +/* + * Use this extenal variable + */ +extern char **environ; + + + +int snoopy_datasource_env_all (char *result, char *arg) +{ + int resultSize = 0; // Current size of message to be returned back - does not include trailing null character + + // Loop through all environmental variables + char *envItem = *environ; // Get first environmental variable + int i = 1; + for ( ; NULL!=envItem ; i++) { + int remResultSize = 0; + remResultSize = SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE - resultSize; + + // Add comma if required - must be still 5 characters available for this (,...\0) + if ((i > 1) && (remResultSize >= 5)) { + result[resultSize] = ','; + result[resultSize+1] = '\0'; + resultSize++; + remResultSize--; + } + + // TODO Add support for excluding certain environmental variables via *arg + + // Do we append whole environmental variable, or just part of it? + // +3 to account for ... and +1 for null character + if (strlen(envItem) + 3 + 1 < remResultSize) { + int strSizeCopied = 0; + + // Append whole ENV variable + strSizeCopied = snprintf(&result[resultSize], remResultSize, "%s", envItem); + resultSize += strSizeCopied; + + } else { + int strSizeToCopy = 0; + + // This one includes null char, therefore the actual string length that will be copied is X-1 characters + \0 + strSizeToCopy = remResultSize - 3; // -4 to account for "...\0" + snprintf(&result[resultSize], strSizeToCopy, "%s", envItem); + resultSize += strSizeToCopy - 1; // Account for added \0 at the end - we do not use strSizeCopied here, which already includes it + + strSizeToCopy = 4; // -4 to account for "...\0" + snprintf(&result[resultSize], strSizeToCopy, "..."); + resultSize += strSizeToCopy-1; + break; + } + + // Get next environmental variable + envItem = *(environ+i); + } + + return resultSize; +} diff -Nru snoopy-1.8.0/src/datasource/env_all.h snoopy-2.3.1/src/datasource/env_all.h --- snoopy-1.8.0/src/datasource/env_all.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/env_all.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/env_all.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: env_all + */ +int snoopy_datasource_env_all (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/env.c snoopy-2.3.1/src/datasource/env.c --- snoopy-1.8.0/src/datasource/env.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/env.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,54 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/env.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: env + * + * Description: + * Returns environmental variable value, if set + * + * Params: + * result: pointer to string, to write result into + * arg: which environmental variable to get + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include + + + +int snoopy_datasource_env (char *result, char *arg) +{ + char *env = getenv(arg); + + /* Return empty string if environmental variable does not exist */ + if (NULL == env) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); + } + + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", env); +} diff -Nru snoopy-1.8.0/src/datasource/env.h snoopy-2.3.1/src/datasource/env.h --- snoopy-1.8.0/src/datasource/env.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/env.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/env.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: env + */ +int snoopy_datasource_env (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/euid.c snoopy-2.3.1/src/datasource/euid.c --- snoopy-1.8.0/src/datasource/euid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/euid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,47 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/euid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: euid + * + * Description: + * Returns effective UID of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_euid (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", geteuid()); +} diff -Nru snoopy-1.8.0/src/datasource/euid.h snoopy-2.3.1/src/datasource/euid.h --- snoopy-1.8.0/src/datasource/euid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/euid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/euid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: euid + */ +int snoopy_datasource_euid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/eusername.c snoopy-2.3.1/src/datasource/eusername.c --- snoopy-1.8.0/src/datasource/eusername.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/eusername.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,78 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/eusername.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: eusername + * + * Description: + * Returns literal effective user name (User ID) of current process + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include +#include +#include + + + +int snoopy_datasource_eusername (char *result, char *arg) +{ + struct passwd pwd; + struct passwd *pwd_uid = NULL; + char *buffpwd_uid = NULL; + size_t buffpwdsize_uid = 0; + int messageLength = 0; + + /* Allocate memory */ + buffpwdsize_uid = sysconf(_SC_GETPW_R_SIZE_MAX); + if (-1 == buffpwdsize_uid) { + buffpwdsize_uid = 16384; + } + buffpwd_uid = malloc(buffpwdsize_uid); + if (NULL == buffpwd_uid) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); + } + + /* Try to get data */ + if (0 != getpwuid_r(geteuid(), &pwd, buffpwd_uid, buffpwdsize_uid, &pwd_uid)) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getpwuid_r)"); + } else { + if (NULL == pwd_uid) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); + } else { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", pwd_uid->pw_name); + } + } + + /* Cleanup and return */ + free(buffpwd_uid); + return messageLength; +} diff -Nru snoopy-1.8.0/src/datasource/eusername.h snoopy-2.3.1/src/datasource/eusername.h --- snoopy-1.8.0/src/datasource/eusername.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/eusername.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/eusername.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: eusername + */ +int snoopy_datasource_eusername (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/filename.c snoopy-2.3.1/src/datasource/filename.c --- snoopy-1.8.0/src/datasource/filename.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/filename.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,46 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/filename.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: filename + * + * Description: + * Returns filename of program about to be executed + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include "inputdatastorage.h" +#include + + + +int snoopy_datasource_filename (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", snoopy_inputdatastorage_filename); +} diff -Nru snoopy-1.8.0/src/datasource/filename.h snoopy-2.3.1/src/datasource/filename.h --- snoopy-1.8.0/src/datasource/filename.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/filename.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/filename.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: filename + */ +int snoopy_datasource_filename (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/gid.c snoopy-2.3.1/src/datasource/gid.c --- snoopy-1.8.0/src/datasource/gid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/gid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,47 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/gid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: gid + * + * Description: + * Returns GID (Group ID) number of currently running process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_gid (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getgid()); +} diff -Nru snoopy-1.8.0/src/datasource/gid.h snoopy-2.3.1/src/datasource/gid.h --- snoopy-1.8.0/src/datasource/gid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/gid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/gid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: gid + */ +int snoopy_datasource_gid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/group.c snoopy-2.3.1/src/datasource/group.c --- snoopy-1.8.0/src/datasource/group.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/group.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,78 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/group.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: group + * + * Description: + * Returns literal group name (Group ID) of current process + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include +#include +#include + + + +int snoopy_datasource_group (char *result, char *arg) +{ + struct group gr; + struct group *gr_gid = NULL; + char *buffgr_gid = NULL; + size_t buffgrsize_gid = 0; + int messageLength = 0; + + /* Allocate memory */ + buffgrsize_gid = sysconf(_SC_GETGR_R_SIZE_MAX); + if (-1 == buffgrsize_gid) { + buffgrsize_gid = 16384; + } + buffgr_gid = malloc(buffgrsize_gid); + if(NULL == buffgr_gid) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); + } + + /* Try to get data */ + if (0 != getgrgid_r(getgid(), &gr, buffgr_gid, buffgrsize_gid, &gr_gid)) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getgrgid_r)"); + } else { + if (NULL == gr_gid) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); + } else { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", gr_gid->gr_name); + } + } + + /* Cleanup and return */ + free(buffgr_gid); + return messageLength; +} diff -Nru snoopy-1.8.0/src/datasource/group.h snoopy-2.3.1/src/datasource/group.h --- snoopy-1.8.0/src/datasource/group.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/group.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/group.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: group + */ +int snoopy_datasource_group (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/login.c snoopy-2.3.1/src/datasource/login.c --- snoopy-1.8.0/src/datasource/login.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/login.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,80 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/login.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: login + * + * Description: + * Returns literal login name of logged-in user executing this process + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +#define SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithoutNull 254 +#define SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithNull 255 + + +int snoopy_datasource_login (char *result, char *arg) +{ + int loginSizeMaxWithoutNull = SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithoutNull; + int loginSizeMaxWithNull = SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithNull; + static char login[SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithNull]; + char *loginptr = NULL; + + /* + * Retrive the user login trying in order: + * - The login information from the processus. + * - the SUDO_USER environment variable. + * - the LOGNAME environment variable. + * + * TIP to use with sudo and keep LOGNAME, add this in /etc/sudoers: + * Defaults env_reset + * Defaults env_keep="LOGNAME" + */ + if (0 != getlogin_r(login, loginSizeMaxWithNull)) { + loginptr = getenv("SUDO_USER"); + if (!loginptr) { + loginptr = getenv("LOGNAME"); + } + if (!loginptr) { + strcpy(login, "(unknown)"); + } else { + strncpy(login, loginptr, loginSizeMaxWithoutNull); // Coverity suggests using -1 size here + if (strlen(loginptr) > loginSizeMaxWithoutNull) { + login[loginSizeMaxWithoutNull] = '\0'; + } + } + } + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", login); +} diff -Nru snoopy-1.8.0/src/datasource/login.h snoopy-2.3.1/src/datasource/login.h --- snoopy-1.8.0/src/datasource/login.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/login.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/login.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: login + */ +int snoopy_datasource_login (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/Makefile.am snoopy-2.3.1/src/datasource/Makefile.am --- snoopy-1.8.0/src/datasource/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,231 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### Include +# +AM_CFLAGS += -I$(top_srcdir)/src + + + +### Create one library with all snoopy data sources collected in it +# +noinst_LTLIBRARIES = libsnoopy_datasources_all.la + + + +### Data sources collection is made of the following files +# +# Please maintain alphabetical order, equal to what `ls` would do. +# +libsnoopy_datasources_all_la_SOURCES = + +# Data source: cmdline +# +if DATASOURCE_ENABLED_cmdline +libsnoopy_datasources_all_la_SOURCES += \ + cmdline.c \ + cmdline.h +endif + +# Data source: cwd +# +if DATASOURCE_ENABLED_cwd +libsnoopy_datasources_all_la_SOURCES += \ + cwd.c \ + cwd.h +endif + +# Data source: datetime +# +if DATASOURCE_ENABLED_datetime +libsnoopy_datasources_all_la_SOURCES += \ + datetime.c \ + datetime.h +endif + +# Data source: egid +# +if DATASOURCE_ENABLED_egid +libsnoopy_datasources_all_la_SOURCES += \ + egid.c \ + egid.h +endif + +# Data source: egroup +# +if DATASOURCE_ENABLED_egroup +libsnoopy_datasources_all_la_SOURCES += \ + egroup.c \ + egroup.h +endif + +# Data source: env +# +if DATASOURCE_ENABLED_env +libsnoopy_datasources_all_la_SOURCES += \ + env.c \ + env.h +endif + +# Data source: env_all +# +if DATASOURCE_ENABLED_env_all +libsnoopy_datasources_all_la_SOURCES += \ + env_all.c \ + env_all.h +endif + +# Data source: euid +# +if DATASOURCE_ENABLED_euid +libsnoopy_datasources_all_la_SOURCES += \ + euid.c \ + euid.h +endif + +# Data source: eusername +# +if DATASOURCE_ENABLED_eusername +libsnoopy_datasources_all_la_SOURCES += \ + eusername.c \ + eusername.h +endif + +# Data source: filename +# +if DATASOURCE_ENABLED_filename +libsnoopy_datasources_all_la_SOURCES += \ + filename.c \ + filename.h +endif + +# Data source: gid +# +if DATASOURCE_ENABLED_gid +libsnoopy_datasources_all_la_SOURCES += \ + gid.c \ + gid.h +endif + +# Data source: group +# +if DATASOURCE_ENABLED_group +libsnoopy_datasources_all_la_SOURCES += \ + group.c \ + group.h +endif + +# Data source: login +# +if DATASOURCE_ENABLED_login +libsnoopy_datasources_all_la_SOURCES += \ + login.c \ + login.h +endif + +# Data source: pid +# +if DATASOURCE_ENABLED_pid +libsnoopy_datasources_all_la_SOURCES += \ + pid.c \ + pid.h +endif + +# Data source: ppid +# +if DATASOURCE_ENABLED_ppid +libsnoopy_datasources_all_la_SOURCES += \ + ppid.c \ + ppid.h +endif + +# Data source: rpname +# +if DATASOURCE_ENABLED_rpname +libsnoopy_datasources_all_la_SOURCES += \ + rpname.c \ + rpname.h +endif + +# Data source: sid +# +if DATASOURCE_ENABLED_sid +libsnoopy_datasources_all_la_SOURCES += \ + sid.c \ + sid.h +endif + +# Data source: snoopy_version +# +if DATASOURCE_ENABLED_snoopy_version +libsnoopy_datasources_all_la_SOURCES += \ + snoopy_version.c \ + snoopy_version.h +endif + +# Data source: timestamp +# +if DATASOURCE_ENABLED_timestamp +libsnoopy_datasources_all_la_SOURCES += \ + timestamp.c \ + timestamp.h +endif + +# Data source: timestamp_ms +# +if DATASOURCE_ENABLED_timestamp_ms +libsnoopy_datasources_all_la_SOURCES += \ + timestamp_ms.c \ + timestamp_ms.h +endif + +# Data source: timestamp_us +# +if DATASOURCE_ENABLED_timestamp_us +libsnoopy_datasources_all_la_SOURCES += \ + timestamp_us.c \ + timestamp_us.h +endif + +# Data source: tty +# +if DATASOURCE_ENABLED_tty +libsnoopy_datasources_all_la_SOURCES += \ + tty.c \ + tty.h +endif + +# Data source: tty_uid +# +if DATASOURCE_ENABLED_tty_uid +libsnoopy_datasources_all_la_SOURCES += \ + tty_uid.c \ + tty_uid.h +endif + +# Data source: tty_username +# +if DATASOURCE_ENABLED_tty_username +libsnoopy_datasources_all_la_SOURCES += \ + tty_username.c \ + tty_username.h +endif + +# Data source: uid +# +if DATASOURCE_ENABLED_uid +libsnoopy_datasources_all_la_SOURCES += \ + uid.c \ + uid.h +endif + +# Data source: username +# +if DATASOURCE_ENABLED_username +libsnoopy_datasources_all_la_SOURCES += \ + username.c \ + username.h +endif diff -Nru snoopy-1.8.0/src/datasource/pid.c snoopy-2.3.1/src/datasource/pid.c --- snoopy-1.8.0/src/datasource/pid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/pid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,47 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/pid.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: pid + * + * Description: + * Returns PID (process ID) of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_pid (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getpid()); +} diff -Nru snoopy-1.8.0/src/datasource/pid.h snoopy-2.3.1/src/datasource/pid.h --- snoopy-1.8.0/src/datasource/pid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/pid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/pid.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: pid + */ +int snoopy_datasource_pid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/ppid.c snoopy-2.3.1/src/datasource/ppid.c --- snoopy-1.8.0/src/datasource/ppid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/ppid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,47 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/ppid.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: ppid + * + * Description: + * Returns PPID (parent process ID) of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_ppid (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getppid()); +} diff -Nru snoopy-1.8.0/src/datasource/ppid.h snoopy-2.3.1/src/datasource/ppid.h --- snoopy-1.8.0/src/datasource/ppid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/ppid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/ppid.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: ppid + */ +int snoopy_datasource_ppid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/rpname.c snoopy-2.3.1/src/datasource/rpname.c --- snoopy-1.8.0/src/datasource/rpname.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/rpname.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,182 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/rpname.c + * + * Copyright (c) 2015 Ariel Zach + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#define _GNU_SOURCE +#include "snoopy.h" +#include +#include +#include +#include +#include +#include +#include + +#define PID_ROOT 1 +#define PID_EMPTY 0 + +#define PROC_PID_STATUS_KEY_NAME "Name" +#define PROC_PID_STATUS_KEY_PPID "PPid" + +#define PROC_PID_STATUS_VAL_MAX_LENGTH NAME_MAX // Pid is max 2^2 (7-digit number), name can be max 255 bytes +#define PROC_PID_STATUS_VAL_MAX_LENGTH_STR PROC_PID_STATUS_VAL_MAX_LENGTH + 1 // +1 for null termination + + +#define UNKNOWN_STR "(unknown)" + + + +/* Read /proc/{pid}/status file and extract the property */ +char* read_proc_property (int pid, char* prop_name) +{ + char pid_file[50]; + FILE *fp; + char *line = NULL; + size_t lineLen = 0; + char *k; + char *v; + size_t vLen = 0; + char returnValue[PROC_PID_STATUS_VAL_MAX_LENGTH_STR] = ""; + + /* Open file or return */ + sprintf(pid_file, "/proc/%d/status", pid); + fp = fopen(pid_file, "r"); + if (NULL == fp) { + return NULL; + } + + /* Read line by line */ + while (getline(&line, &lineLen, fp) != -1) { + + /* If line is empty, bail out - no such thing in /proc/PID/status */ + if (0 == lineLen) { + goto RETURN_FREE_LINE_AND_CLOSE_FILE; + } + + /* + * The format must be "prop_name: value". + * Otherwise bail out altogether - something must be wrong with this /proc/PID/status file + */ + if (NULL == strstr(line, ":")) { + goto RETURN_FREE_LINE_AND_CLOSE_FILE; + } + + /* + * Separate line content into two tokens: key and value + * If separation fails, continue to the next line ("Groups:" key is one such example) + */ + k = strtok(line, ":"); + v = strtok(NULL, ":"); + if (NULL == v) { + continue; + } + + /* The key we are looking for? */ + if (strcmp(prop_name, k) == 0) { + /* Yes! */ + v++; // There is one tab in front of PID number + vLen = strlen(v); + v[vLen-1] = 0; // Terminate the newline at the end of value + vLen--; // Length is now shorter for 1 character + + /* + * Choose string copy mode depending on length of PID + * - prevent segfault if sth happens to MAX PID in future + */ + if (vLen > PROC_PID_STATUS_VAL_MAX_LENGTH) { + strncpy(returnValue, v, PROC_PID_STATUS_VAL_MAX_LENGTH); + returnValue[PROC_PID_STATUS_VAL_MAX_LENGTH_STR-1] = 0; // Change newline into null character + } else { + strncpy(returnValue, v, PROC_PID_STATUS_VAL_MAX_LENGTH_STR); + } + + // Do a cleanup and return a string duplicate, which should be freed by the caller + free(line); + fclose(fp); + return strdup(returnValue); + } + + /* + * Line is not freed between subsequent iteration as the same buffer is reused + * (and realloc()-ed if required) + */ + } + + RETURN_FREE_LINE_AND_CLOSE_FILE: + /* Only free if this was actually allocated */ + if (NULL != line) { + free(line); + } + fclose(fp); + return NULL; +} + + + +/* Get parent pid */ +int get_parent_pid (int pid) +{ + char *ppid_str; + int ppid_int; + + ppid_str = read_proc_property(pid, PROC_PID_STATUS_KEY_PPID); + if (NULL != ppid_str) { + ppid_int = atoi(ppid_str); + free(ppid_str); + return ppid_int; + } + + return PID_EMPTY; +} + + + +/* Find root process name */ +int get_rpname (int pid, char *result) +{ + int parentPid; + char *name; + size_t nameLen; + + parentPid = get_parent_pid(pid); + if (PID_ROOT == parentPid) { + name = read_proc_property(pid, PROC_PID_STATUS_KEY_NAME); + if (NULL != name) { + nameLen = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", name); + free(name); + } else { + nameLen = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", UNKNOWN_STR); + } + return nameLen; + } else if (PID_EMPTY == parentPid) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", UNKNOWN_STR); + } else { + return get_rpname(parentPid, result); + } +} + + + +int snoopy_datasource_rpname (char *result, char *arg) +{ + return get_rpname(getpid(), result); +} diff -Nru snoopy-1.8.0/src/datasource/rpname.h snoopy-2.3.1/src/datasource/rpname.h --- snoopy-1.8.0/src/datasource/rpname.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/rpname.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,32 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/rpname.h + * + * Copyright (c) 2015 Ariel Zach + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: rpname + */ +char* trim_whitespace (char *str); +char* read_proc_property (int pid, char* prop_name); +int get_parent_pid (int pid); +void get_rpname (int pid, int result); +int snoopy_datasource_rpname (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/sid.c snoopy-2.3.1/src/datasource/sid.c --- snoopy-1.8.0/src/datasource/sid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/sid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,49 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/sid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: sid + * + * Description: + * Returns SID (Session leader process ID) of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +/* Needed to get getpgid and getsid on older glibc */ +#define _XOPEN_SOURCE 500 +#include +#include + + + +int snoopy_datasource_sid (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getsid(0)); +} diff -Nru snoopy-1.8.0/src/datasource/sid.h snoopy-2.3.1/src/datasource/sid.h --- snoopy-1.8.0/src/datasource/sid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/sid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/sid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: sid + */ +int snoopy_datasource_sid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/snoopy_version.c snoopy-2.3.1/src/datasource/snoopy_version.c --- snoopy-1.8.0/src/datasource/snoopy_version.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/snoopy_version.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,49 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/snoopy_version.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: snoopy_version + * + * Description: + * Dummy data source that returns Snoopy version. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +/* Needed to get getpgid and getsid on older glibc */ +#define _XOPEN_SOURCE 500 +#include +#include + + + +int snoopy_datasource_snoopy_version (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", SNOOPY_VERSION); +} diff -Nru snoopy-1.8.0/src/datasource/snoopy_version.h snoopy-2.3.1/src/datasource/snoopy_version.h --- snoopy-1.8.0/src/datasource/snoopy_version.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/snoopy_version.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/snoopy_version.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: snoopy_version + */ +int snoopy_datasource_snoopy_version (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/timestamp.c snoopy-2.3.1/src/datasource/timestamp.c --- snoopy-1.8.0/src/datasource/timestamp.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/timestamp.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,55 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/timestamp.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: timestamp + * + * Description: + * Returns current Unix timestamp. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_timestamp (char *result, char *arg) +{ + struct timeval tv; + int retVal; + + retVal = gettimeofday(&tv, NULL); + if (0 == retVal) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%d", (int) tv.tv_sec); + } else { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error: %d)", errno); + } +} diff -Nru snoopy-1.8.0/src/datasource/timestamp.h snoopy-2.3.1/src/datasource/timestamp.h --- snoopy-1.8.0/src/datasource/timestamp.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/timestamp.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/timestamp.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: timestamp + */ +int snoopy_datasource_timestamp (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/timestamp_ms.c snoopy-2.3.1/src/datasource/timestamp_ms.c --- snoopy-1.8.0/src/datasource/timestamp_ms.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/timestamp_ms.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,55 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/timestamp_ms.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: timestamp_ms + * + * Description: + * Returns milliseconds part of current Unix timestamp. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_timestamp_ms (char *result, char *arg) +{ + struct timeval tv; + int retVal; + + retVal = gettimeofday(&tv, NULL); + if (0 == retVal) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%03d", (int) tv.tv_usec/1000); + } else { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error: %d)", errno); + } +} diff -Nru snoopy-1.8.0/src/datasource/timestamp_ms.h snoopy-2.3.1/src/datasource/timestamp_ms.h --- snoopy-1.8.0/src/datasource/timestamp_ms.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/timestamp_ms.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/timestamp_ms.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: timestamp_ms + */ +int snoopy_datasource_timestamp_ms (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/timestamp_us.c snoopy-2.3.1/src/datasource/timestamp_us.c --- snoopy-1.8.0/src/datasource/timestamp_us.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/timestamp_us.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,55 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/timestamp_us.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: timestamp_us + * + * Description: + * Returns milliseconds part of current Unix timestamp. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_timestamp_us (char *result, char *arg) +{ + struct timeval tv; + int retVal; + + retVal = gettimeofday(&tv, NULL); + if (0 == retVal) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%06d", (int) tv.tv_usec); + } else { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error: %d)", errno); + } +} diff -Nru snoopy-1.8.0/src/datasource/timestamp_us.h snoopy-2.3.1/src/datasource/timestamp_us.h --- snoopy-1.8.0/src/datasource/timestamp_us.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/timestamp_us.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/timestamp_us.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: timestamp_us + */ +int snoopy_datasource_timestamp_us (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/tty.c snoopy-2.3.1/src/datasource/tty.c --- snoopy-1.8.0/src/datasource/tty.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/tty.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,53 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/tty.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: tty + * + * Description: + * Returns TTY of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include + + + +int snoopy_datasource_tty (char *result, char *arg) +{ + char *ttyName = NULL; + + ttyName = ttyname(0); + if (NULL == ttyName) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(none)"); + } + + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", ttyName); +} diff -Nru snoopy-1.8.0/src/datasource/tty.h snoopy-2.3.1/src/datasource/tty.h --- snoopy-1.8.0/src/datasource/tty.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/tty.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/tty.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: tty + */ +int snoopy_datasource_tty (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/tty_uid.c snoopy-2.3.1/src/datasource/tty_uid.c --- snoopy-1.8.0/src/datasource/tty_uid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/tty_uid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,64 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/tty_uid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: tty_uid + * + * Description: + * Returns UID (User ID) of current controlling terminal, or -1 if not found. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include +#include + + + +int snoopy_datasource_tty_uid (char *result, char *arg) +{ + char *ttyPath = NULL; + struct stat statbuffer; + long ttyUid; + + /* Get tty path */ + ttyPath = ttyname(0); + if (NULL == ttyPath) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(none)"); + } + + /* Get owner of tty */ + if (-1 == stat(ttyPath, &statbuffer)) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(unable to stat() %s)", ttyPath); + } + ttyUid = statbuffer.st_uid; + + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%ld", ttyUid); +} diff -Nru snoopy-1.8.0/src/datasource/tty_uid.h snoopy-2.3.1/src/datasource/tty_uid.h --- snoopy-1.8.0/src/datasource/tty_uid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/tty_uid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/tty_uid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: tty_uid + */ +int snoopy_datasource_tty_uid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/tty_username.c snoopy-2.3.1/src/datasource/tty_username.c --- snoopy-1.8.0/src/datasource/tty_username.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/tty_username.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,97 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/tty_username.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: tty_username + * + * Description: + * Returns litaral username of current controlling terminal + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include +#include +#include +#include + + + +int snoopy_datasource_tty_username (char *result, char *arg) +{ + /* Variables for tty-to-uid conversion */ + char *ttyPath = NULL; + struct stat statbuffer; + uid_t ttyUid; + + /* Variables for uid-to-username conversion */ + struct passwd pwd; + struct passwd *pwd_uid = NULL; + char *buffpwd_uid = NULL; + size_t buffpwdsize_uid = 0; + int messageLength = 0; + + /* Get tty path */ + ttyPath = ttyname(0); + if (NULL == ttyPath) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(none)"); + } + + /* Get UID of tty */ + if (-1 == stat(ttyPath, &statbuffer)) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(unable to stat() %s)", ttyPath); + } + ttyUid = statbuffer.st_uid; + + /* Allocate memory for pwd structure */ + buffpwdsize_uid = sysconf(_SC_GETPW_R_SIZE_MAX); + if (-1 == buffpwdsize_uid) { + buffpwdsize_uid = 16384; + } + buffpwd_uid = malloc(buffpwdsize_uid); + if (NULL == buffpwd_uid) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); + } + + /* Try to get data */ + if (0 != getpwuid_r(ttyUid, &pwd, buffpwd_uid, buffpwdsize_uid, &pwd_uid)) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getpwuid_r)"); + } else { + if (NULL == pwd_uid) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); + } else { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", pwd_uid->pw_name); + } + } + + /* Cleanup and return */ + free(buffpwd_uid); + return messageLength; +} diff -Nru snoopy-1.8.0/src/datasource/tty_username.h snoopy-2.3.1/src/datasource/tty_username.h --- snoopy-1.8.0/src/datasource/tty_username.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/tty_username.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/tty_username.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: tty_username + */ +int snoopy_datasource_tty_username (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/uid.c snoopy-2.3.1/src/datasource/uid.c --- snoopy-1.8.0/src/datasource/uid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/uid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,47 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/uid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: uid + * + * Description: + * Returns UID (User ID) of current process. + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_datasource_uid (char *result, char *arg) +{ + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getuid()); +} diff -Nru snoopy-1.8.0/src/datasource/uid.h snoopy-2.3.1/src/datasource/uid.h --- snoopy-1.8.0/src/datasource/uid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/uid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/uid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: uid + */ +int snoopy_datasource_uid (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasource/username.c snoopy-2.3.1/src/datasource/username.c --- snoopy-1.8.0/src/datasource/username.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/username.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,78 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/username.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: username + * + * Description: + * Returns literal username of current process + * + * Params: + * result: pointer to string, to write result into + * + * Return: + * number of characters in the returned string + */ +#include "snoopy.h" +#include +#include +#include +#include +#include + + + +int snoopy_datasource_username (char *result, char *arg) +{ + struct passwd pwd; + struct passwd *pwd_uid = NULL; + char *buffpwd_uid = NULL; + size_t buffpwdsize_uid = 0; + int messageLength = 0; + + /* Allocate memory */ + buffpwdsize_uid = sysconf(_SC_GETPW_R_SIZE_MAX); + if (-1 == buffpwdsize_uid) { + buffpwdsize_uid = 16384; + } + buffpwd_uid = malloc(buffpwdsize_uid); + if (NULL == buffpwd_uid) { + return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); + } + + /* Try to get data */ + if (0 != getpwuid_r(getuid(), &pwd, buffpwd_uid, buffpwdsize_uid, &pwd_uid)) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getpwuid_r)"); + } else { + if (NULL == pwd_uid) { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); + } else { + messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", pwd_uid->pw_name); + } + } + + /* Cleanup and return */ + free(buffpwd_uid); + return messageLength; +} diff -Nru snoopy-1.8.0/src/datasource/username.h snoopy-2.3.1/src/datasource/username.h --- snoopy-1.8.0/src/datasource/username.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasource/username.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/datasource/username.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY DATA SOURCE: username + */ +int snoopy_datasource_username (char *result, char *arg); diff -Nru snoopy-1.8.0/src/datasourceregistry.c snoopy-2.3.1/src/datasourceregistry.c --- snoopy-1.8.0/src/datasourceregistry.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasourceregistry.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,338 @@ +/* + * SNOOPY LOGGER + * + * File: datasourceregistry.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include relevant header files + */ +#include "snoopy.h" +#include "datasourceregistry.h" +#include + + + +/* + * Include headers of all datasource functions + */ +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline +#include "datasource/cmdline.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cwd +#include "datasource/cwd.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_datetime +#include "datasource/datetime.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egid +#include "datasource/egid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egroup +#include "datasource/egroup.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env +#include "datasource/env.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env_all +#include "datasource/env_all.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_euid +#include "datasource/euid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_eusername +#include "datasource/eusername.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_filename +#include "datasource/filename.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_gid +#include "datasource/gid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_group +#include "datasource/group.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_login +#include "datasource/login.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_pid +#include "datasource/pid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_ppid +#include "datasource/ppid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_rpname +#include "datasource/rpname.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_sid +#include "datasource/sid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version +#include "datasource/snoopy_version.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp +#include "datasource/timestamp.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms +#include "datasource/timestamp_ms.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us +#include "datasource/timestamp_us.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty +#include "datasource/tty.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid +#include "datasource/tty_uid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username +#include "datasource/tty_username.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_uid +#include "datasource/uid.h" +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_username +#include "datasource/username.h" +#endif + + + +/* + * Two arrays holding data about all data sources + */ +char *snoopy_datasourceregistry_names[] = { +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline + "cmdline", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cwd + "cwd", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_datetime + "datetime", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egid + "egid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egroup + "egroup", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env + "env", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env_all + "env_all", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_euid + "euid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_eusername + "eusername", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_filename + "filename", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_gid + "gid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_group + "group", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_login + "login", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_pid + "pid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_ppid + "ppid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_rpname + "rpname", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_sid + "sid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version + "snoopy_version", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp + "timestamp", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms + "timestamp_ms", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us + "timestamp_us", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty + "tty", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid + "tty_uid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username + "tty_username", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_uid + "uid", +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_username + "username", +#endif + "", +}; + +int (*snoopy_datasourceregistry_ptrs []) (char *result, char *arg) = { +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline + snoopy_datasource_cmdline, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cwd + snoopy_datasource_cwd, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_datetime + snoopy_datasource_datetime, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egid + snoopy_datasource_egid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egroup + snoopy_datasource_egroup, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env + snoopy_datasource_env, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env_all + snoopy_datasource_env_all, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_euid + snoopy_datasource_euid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_eusername + snoopy_datasource_eusername, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_filename + snoopy_datasource_filename, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_gid + snoopy_datasource_gid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_group + snoopy_datasource_group, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_login + snoopy_datasource_login, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_pid + snoopy_datasource_pid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_ppid + snoopy_datasource_ppid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_rpname + snoopy_datasource_rpname, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_sid + snoopy_datasource_sid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version + snoopy_datasource_snoopy_version, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp + snoopy_datasource_timestamp, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms + snoopy_datasource_timestamp_ms, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us + snoopy_datasource_timestamp_us, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty + snoopy_datasource_tty, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid + snoopy_datasource_tty_uid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username + snoopy_datasource_tty_username, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_uid + snoopy_datasource_uid, +#endif +#ifdef SNOOPY_CONF_DATASOURCE_ENABLED_username + snoopy_datasource_username, +#endif +}; + + + +/* + * isRegistered() + * + * Return true if data source exists, otherwise return false + */ +int snoopy_datasourceregistry_isRegistered (char *providerName) +{ + if (snoopy_datasourceregistry_getIndex(providerName) == -1) { + return SNOOPY_FALSE; + } else { + return SNOOPY_TRUE; + } +} + + + +/* + * getIndex() + * + * Return index of given data source, or -1 if not found + */ +int snoopy_datasourceregistry_getIndex (char *providerName) +{ + int i; + + i = 0; + while (strcmp(snoopy_datasourceregistry_names[i], "") != 0) { + if (strcmp(snoopy_datasourceregistry_names[i], providerName) == 0) { + return i; + } + i++; + } + return -1; +} + + + +/* + * call() + * + * Call the given data source and return its output + */ +int snoopy_datasourceregistry_call (char *providerName, char *returnMessage, char *providerArg) +{ + int idx; + + idx = snoopy_datasourceregistry_getIndex(providerName); + if (idx == -1) { + return -1; + } + + return snoopy_datasourceregistry_ptrs[idx](returnMessage, providerArg); +} diff -Nru snoopy-1.8.0/src/datasourceregistry.h snoopy-2.3.1/src/datasourceregistry.h --- snoopy-1.8.0/src/datasourceregistry.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/datasourceregistry.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,38 @@ +/* + * SNOOPY LOGGER + * + * File: datasourceregistry.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Two arrays holding data about datasource functions + */ +extern char *snoopy_datasourceregistry_names[]; +extern int (*snoopy_datasourceregistry_ptrs []) (char *datasource, char *arg); + + + +/* + * Functions to manage and utilise datasource providers + */ +int snoopy_datasourceregistry_call (char *providerName, char *returnMessage, char *providerArg); +int snoopy_datasourceregistry_getIndex (char *providerName); +int snoopy_datasourceregistry_isRegistered (char *providerName); diff -Nru snoopy-1.8.0/src/error.c snoopy-2.3.1/src/error.c --- snoopy-1.8.0/src/error.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/error.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,66 @@ +/* + * SNOOPY LOGGER + * + * File: error.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "error.h" +#include "configuration.h" +#include "log.h" + + + +/* + * snoopy_error_handler + * + * Description: + * Does the actual error handling. If configured, it sends it + * to syslog. + * + * Params: + * (none) + * + * Return: + * void + */ +void snoopy_error_handler (char *errorMsg) +{ + /* Only send error to syslog if configured like that */ + if (SNOOPY_TRUE == snoopy_configuration.error_logging_enabled) { + snoopy_log_dispatch(errorMsg, SNOOPY_LOG_ERROR); + } +} diff -Nru snoopy-1.8.0/src/error.h snoopy-2.3.1/src/error.h --- snoopy-1.8.0/src/error.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/error.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: error.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Error-handling functions + */ +void snoopy_error_handler(char *errorMsg); diff -Nru snoopy-1.8.0/src/filter/exclude_spawns_of.c snoopy-2.3.1/src/filter/exclude_spawns_of.c --- snoopy-1.8.0/src/filter/exclude_spawns_of.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/exclude_spawns_of.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,208 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/exclude_spawns_of.c + * + * Copyright (c) 2015 Datto, Inc. All rights reserved. + * Author: Fred Mora - fmora@datto.com + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + +/* + * SNOOPY FILTER: exclude_spawns_of + * + * Description: + * Excludes all log messages for executables that have the specified program name in their ancestors. + * Strategy: We parse arg to create the "list of specified programs" (LoSP). + * Then, we walk up the parent process ID (PPID) chain and we check if each executable name is part + * of the LoSP. + * + * Params: + * logMessage: Pointer to string that contains formatted log message (may be manipulated) + * arg: Comma-separated list of program names for the spawns of which log messages are dropped. + * + * Return: + * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP + */ + +#include "snoopy.h" +#include +#include +#include +#include +#include + +#define PROGLISTSEP ',' + +int find_ancestor_in_list(char **name_list); +int find_string_in_array(char *str, char **str_array); +char **string_to_token_array(char *str); + +int snoopy_filter_exclude_spawns_of(char *msg, char *arg) +{ + char **losp; // List of specified programs derived from arg + int is_ancestor_in_list = 0; + + // Turn comma-separated arg into array of program name strings + losp = string_to_token_array(arg); + if (losp == NULL) { + // If failure, we cannot filter anything, just pass the message + return SNOOPY_FILTER_PASS; + } + + // Check if one of the program names in losp is an ancestor + is_ancestor_in_list = find_ancestor_in_list(losp); + free(losp); + return (is_ancestor_in_list == 1) ? SNOOPY_FILTER_DROP : SNOOPY_FILTER_PASS; // Error means pass +} + +// Helper functions + +/** + * Description: + * Walks the /proc tree from /proc/currentPID and iterate parent PIDs up to PID 1. For each PID, check if the + * executable name is in name_list. + * Params: + * name_list: Ptr to array of char ptr. Each element point to the name of an executable. + * Return: + * 1 if the executable name of an ancestor process is found in name_list + * 0 if there are no ancestor that have a name found in name_list + * -1 if error. + */ +int find_ancestor_in_list(char **name_list) +{ + pid_t ppid; + char stat_path[32]; // Path "/proc/nnnn/stat" where nnnn = some PID + FILE *statf; + int rc, found; + char *ancestor_name; + // The following var are read from /proc/nnnn/stat + char *st_comm; //Exec file name. Points to buffer that will be malloc'd. + pid_t st_pid; + char st_state; + + if (name_list == NULL) { + return -1; + } + ppid = getppid(); // We start with the parent + while (ppid != 1) { + // Create the path to /proc//stat + sprintf(stat_path, "/proc/%d/stat", ppid); + statf = fopen(stat_path, "r"); + if (statf == NULL) { + return -1; + } + + // Grab the first few elements from the stat pseudo-file. Format from man 5 proc. + rc = fscanf(statf, "%d %ms %c %d", &st_pid, &st_comm, &st_state, &ppid); + if (rc == EOF) { + fclose(statf); + return -1; + } + // stat provides st_comm as the name between parentheses. Get rid of the parens. + ancestor_name = st_comm + 1; + st_comm[strlen(st_comm) - 1] = '\0'; + found = find_string_in_array(ancestor_name, name_list); + + free(st_comm); + if (found) { + fclose(statf); + return 1; + } + + fclose(statf); + } + + return 0; // Nothing found +} + +/** + * Description: + * Searches for a string in an array of strings. All strings are zero-terminated. + * Params: + * str: Ptr to the string we are looking for in str_array. + * str_array: Ptr to array of char ptr, each of them pointing to a string to compare to str. + * Return: + * 1 if str matches one of the strings in str_array + * 0 if there are no matches or if either argument is NULL. + */ +int find_string_in_array(char *str, char **str_array) +{ + if ((str == NULL) || (str_array == NULL)) { + return 0; + } + char **p = str_array; + while (*p != NULL) { + if (strcmp(str, *p) == 0) { + return 1; + } + p++; + } + return 0; +} + +/** + * Description: + * Tokenizes string str using comma as a separator. Returns an array of individual tokens between delimiters. + * + * Params: + * str: string to be tokenized. The string is modified as per strtok (delimiters replaced with \0).. + * Returns: + * Ptr to array of char ptr. Each element point to an individual substring between delimiters. + * The last element is the NULL pointer to act as a delimiter. + * The returned pointer should be freed by the caller after use. + * If str is NULL or empty, or if error, returns NULL. + */ + +char **string_to_token_array(char *str) +{ + char *p; + int i; + int sepcount = 0; + int token_count; + char **token_array; // Return value + char *saveptr = NULL; // For strtok_r() + + if ((str == NULL) || (*str == '\0')) { + return NULL; + } + + // Count the occurences of PROGLISTSEP + p = strchr(str, PROGLISTSEP); + while (p != NULL) { + sepcount++; + p=strchr(p+1, PROGLISTSEP); + } + + // Allocate storage for token_array: one more than the separator count, and one more for the NULL delimiter. + token_count = sepcount +1; + token_array = calloc(token_count + 1, sizeof(p)); + if (token_array == NULL) { + return NULL; + } + + // Fill in token_array with ptrs to individual tokens + char delim[] = { PROGLISTSEP, '\0'}; // Make a string of delimiters + p = str; + for (i = 0; i < token_count; i++) { + token_array[i] = strtok_r(p, delim, &saveptr); + p = NULL; + } + token_array[token_count] = NULL; + return(token_array); +} + diff -Nru snoopy-1.8.0/src/filter/exclude_spawns_of.h snoopy-2.3.1/src/filter/exclude_spawns_of.h --- snoopy-1.8.0/src/filter/exclude_spawns_of.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/exclude_spawns_of.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,29 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/exclude_spawns_of.h + * + * Copyright (c) 2015 Datto, Inc. All rights reserved. + * Author: Fred Mora - fmora@datto.com + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY FILTER: exclude_spawns_of + */ +int snoopy_filter_exclude_spawns_of (char *msg, char *arg); diff -Nru snoopy-1.8.0/src/filter/exclude_uid.c snoopy-2.3.1/src/filter/exclude_uid.c --- snoopy-1.8.0/src/filter/exclude_uid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/exclude_uid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,83 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/exclude_uid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY FILTER: exclude_uid + * + * Description: + * Excludes all log messages comming from specified UIDs + * + * Params: + * logMessage: pointer to string that contains formatted log message (may be manipulated) + * arg: Comma-separated list of UIDs for which log messages are dropped, passed for others + * + * Return: + * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP + */ +#include "snoopy.h" +#include +#include +#include +#include +#include + + + +int snoopy_filter_exclude_uid (char *msg, char *arg) +{ + uid_t curUid; // Actual UID of running process + int j; + char *str1; + + // Do not assign null to it explicitly, as you get "Explicit null dereference" Coverity error. + // If you do not assign it, Coverity complains with "Uninitialized pointer read". + char *saveptr1 = ""; + + + /* Get uid of current process */ + curUid = getuid(); + + /* Loop through all UIDs passed to the filter as argument */ + for (j=1, str1=arg; ; j++, str1=NULL) { + char *argCurUidStr; // Literal UID + uid_t argCurUid; // Actual UID to be used for comparison + + // Get next literal UID + argCurUidStr = strtok_r(str1, ",", &saveptr1); + if (NULL == argCurUidStr) { + break; + } + + // Convert literal UID to numeric type + argCurUid = atol(argCurUidStr); + + // If UID matches, drop the message + if (argCurUid == curUid) { + return SNOOPY_FILTER_DROP; + } + } + + // None of the UIDs matched so far, therefore we are passing this message on + return SNOOPY_FILTER_PASS; +} diff -Nru snoopy-1.8.0/src/filter/exclude_uid.h snoopy-2.3.1/src/filter/exclude_uid.h --- snoopy-1.8.0/src/filter/exclude_uid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/exclude_uid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/exclude_uid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY FILTER: exclude_uid + */ +int snoopy_filter_exclude_uid (char *msg, char *arg); diff -Nru snoopy-1.8.0/src/filter/Makefile.am snoopy-2.3.1/src/filter/Makefile.am --- snoopy-1.8.0/src/filter/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,55 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### Include +# +AM_CFLAGS += -I$(top_srcdir)/src + + + +### Create one library with all snoopy filters collected in it +# +noinst_LTLIBRARIES = libsnoopy_filters_all.la + + + +### Filter collection is made of the following files +# +# Please maintain alphabetical order, equal to what `ls` would do +# +libsnoopy_filters_all_la_SOURCES = + +### Filter: exclude_spawns_of +# +if FILTER_ENABLED_exclude_spawns_of +libsnoopy_filters_all_la_SOURCES += \ + exclude_spawns_of.c \ + exclude_spawns_of.h +endif + +### Filter: exclude_uid +# +if FILTER_ENABLED_exclude_uid +libsnoopy_filters_all_la_SOURCES += \ + exclude_uid.c \ + exclude_uid.h +endif + +### Filter: only_root +# +if FILTER_ENABLED_only_root +libsnoopy_filters_all_la_SOURCES += \ + only_root.c \ + only_root.h +endif + +### Filter: only_uid +# +if FILTER_ENABLED_only_uid +libsnoopy_filters_all_la_SOURCES += \ + only_uid.c \ + only_uid.h +endif diff -Nru snoopy-1.8.0/src/filter/only_root.c snoopy-2.3.1/src/filter/only_root.c --- snoopy-1.8.0/src/filter/only_root.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/only_root.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,52 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/only_root.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY FILTER: only_root + * + * Description: + * Only logs messages from root (uid=0 actually) + * + * Params: + * msg: pointer to string that contains formatted log message (may be manipulated) + * arg: arguments passed to this filter + * + * Return: + * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP + */ +#include "snoopy.h" +#include +#include +#include + + + +int snoopy_filter_only_root (char *msg, char *arg) +{ + if (0 == getuid()) { + return SNOOPY_FILTER_PASS; + } else { + return SNOOPY_FILTER_DROP; + } +} diff -Nru snoopy-1.8.0/src/filter/only_root.h snoopy-2.3.1/src/filter/only_root.h --- snoopy-1.8.0/src/filter/only_root.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/only_root.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/only_root.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY FILTER: only_root + */ +int snoopy_filter_only_root (char *msg, char *arg); diff -Nru snoopy-1.8.0/src/filter/only_uid.c snoopy-2.3.1/src/filter/only_uid.c --- snoopy-1.8.0/src/filter/only_uid.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/only_uid.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,83 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/only_uid.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY FILTER: only_uid + * + * Description: + * Excludes all log messages not comming from specific UID + * + * Params: + * logMessage: pointer to string that contains formatted log message (may be manipulated) + * arg: Comma-separated list of UIDs for which log message is passed on, dropped for all others + * + * Return: + * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP + */ +#include "snoopy.h" +#include +#include +#include +#include +#include + + + +int snoopy_filter_only_uid (char *msg, char *arg) +{ + uid_t curUid; // Actual UID of running process + int j; + char *str1; + + // Do not assign null to it explicitly, as you get "Explicit null dereference" Coverity error. + // If you do not assign it, Coverity complains with "Uninitialized pointer read". + char *saveptr1 = ""; + + + /* Get uid of current process */ + curUid = getuid(); + + /* Loop through all UIDs passed to the filter as argument */ + for (j=1, str1=arg; ; j++, str1=NULL) { + char *argCurUidStr; // Literal UID + uid_t argCurUid; // Actual UID to be used for comparison + + // Get next literal UID + argCurUidStr = strtok_r(str1, ",", &saveptr1); + if (NULL == argCurUidStr) { + break; + } + + // Convert literal UID to numeric type + argCurUid = atol(argCurUidStr); + + // Compare and return PASS if matches + if (argCurUid == curUid) { + return SNOOPY_FILTER_PASS; + } + } + + // None of the UIDs matched so far, therefore we are dropping this + return SNOOPY_FILTER_DROP; +} diff -Nru snoopy-1.8.0/src/filter/only_uid.h snoopy-2.3.1/src/filter/only_uid.h --- snoopy-1.8.0/src/filter/only_uid.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filter/only_uid.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/filter/only_uid.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY FILTER: only_uid + */ +int snoopy_filter_only_uid (char *msg, char *arg); diff -Nru snoopy-1.8.0/src/filtering.c snoopy-2.3.1/src/filtering.c --- snoopy-1.8.0/src/filtering.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filtering.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,126 @@ +/* + * SNOOPY LOGGER + * + * File: filtering.c + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" + +#include "configuration.h" +#include "filterregistry.h" +#include "message.h" + + + +/* + * snoopy_filtering_check_chain + * + * Description: + * Determines whether given message should be send to syslog or not + * + * Params: + * logMessage: message about to be sent to syslog + * chain: filter chain to check + * + * Return: + * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP + */ +int snoopy_filtering_check_chain ( + char *logMessage, + char *filterChain +) { + char filterChainCopy[SNOOPY_FILTER_CHAIN_MAX_SIZE]; // Must be here, or strtok_r segfaults + int filterChainCopySize; + int j; + char *str; + char *rest; + char *filterSpec; // Single filter specification from defined filter chain + char *fcPos_filterSpecArg; // Pointer to argument part of single filter specification in a filter chain + + // Copy the filter chain specification to separate string, to be used in strtok_r + filterChainCopySize = strlen(filterChain); + if (filterChainCopySize > SNOOPY_FILTER_CHAIN_MAX_SIZE - 1) { + filterChainCopySize = SNOOPY_FILTER_CHAIN_MAX_SIZE - 1; + } + strncpy(filterChainCopy, filterChain, filterChainCopySize); + filterChainCopy[filterChainCopySize] = '\0'; + + // Loop through all filters + for (j=1, str=filterChainCopy; ; j++, str=NULL) { + char filterName[SNOOPY_FILTER_NAME_MAX_SIZE]; + char *filterNamePtr; + size_t filterNameSize; + char filterArg[SNOOPY_FILTER_ARG_MAX_SIZE]; + char *filterArgPtr; + + // Parse the remaining filter chain specification for next filterSpec + filterSpec = strtok_r(str, ";", &rest); + if (NULL == filterSpec) { + // We are at the end of filtering chain + break; + } + + // If filter tag contains ":", then split it into filter name and filter argument + fcPos_filterSpecArg = strstr(filterSpec, ":"); + if (NULL == fcPos_filterSpecArg) { + // filterSpec == filterName, there is no argument + filterName[0] = '\0'; + filterNamePtr = filterSpec; + filterArg[0] = '\0'; + filterArgPtr = filterArg; + } else { + // Change the colon to null character, which effectively splits the string in two parts. + // Then point to first and second part with corresponding variables. + filterNameSize = fcPos_filterSpecArg - filterSpec; + filterName[0] = '\0'; + strncpy(filterName, filterSpec, filterNameSize); + filterName[filterNameSize] = '\0'; + filterNamePtr = filterName; + filterArgPtr = fcPos_filterSpecArg + 1; + } + + // Check if filter actually exists + if (! snoopy_filterregistry_isRegistered(filterNamePtr)) { + snoopy_message_append(logMessage, "ERROR(Filter not found - "); + snoopy_message_append(logMessage, filterNamePtr); + snoopy_message_append(logMessage, ")"); + break; + } + + // Consult the filter, and return immediately if message should be dropped + if (SNOOPY_FILTER_DROP == snoopy_filterregistry_call(filterNamePtr, logMessage, filterArgPtr)) { + return SNOOPY_FILTER_DROP; + } + } + return SNOOPY_FILTER_PASS; +} diff -Nru snoopy-1.8.0/src/filtering.h snoopy-2.3.1/src/filtering.h --- snoopy-1.8.0/src/filtering.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filtering.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: filtering.h + * + * Copyright (c) 2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +int snoopy_filtering_check_chain ( + char *logMessage, + char *chain +); diff -Nru snoopy-1.8.0/src/filterregistry.c snoopy-2.3.1/src/filterregistry.c --- snoopy-1.8.0/src/filterregistry.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filterregistry.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,140 @@ +/* + * SNOOPY LOGGER + * + * File: filterregistry.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include relevant header files + */ +#include "snoopy.h" +#include "filterregistry.h" +#include + + + +/* + * Include headers of all filter functions + */ +#ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of +#include "filter/exclude_spawns_of.h" +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_uid +#include "filter/exclude_uid.h" +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_only_root +#include "filter/only_root.h" +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_only_uid +#include "filter/only_uid.h" +#endif + + + +/* + * Two arrays holding data about filter functions + */ +char *snoopy_filterregistry_names[] = { +#ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of + "exclude_spawns_of", +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_uid + "exclude_uid", +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_only_root + "only_root", +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_only_uid + "only_uid", +#endif + "", +}; + +int (*snoopy_filterregistry_ptrs []) (char *logMessage, char *arg) = { +#ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of + snoopy_filter_exclude_spawns_of, +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_uid + snoopy_filter_exclude_uid, +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_only_root + snoopy_filter_only_root, +#endif +#ifdef SNOOPY_CONF_FILTER_ENABLED_only_uid + snoopy_filter_only_uid, +#endif +}; + + + +/* + * isRegistered() + * + * Return true if filter filter exists, otherwise return false + */ +int snoopy_filterregistry_isRegistered (char *filterName) +{ + if (snoopy_filterregistry_getIndex(filterName) == -1) { + return SNOOPY_FALSE; + } else { + return SNOOPY_TRUE; + } +} + + + +/* + * getIndex() + * + * Return index of given filter, or -1 if not found + */ +int snoopy_filterregistry_getIndex (char *filterName) +{ + int i; + + i = 0; + while (strcmp(snoopy_filterregistry_names[i], "") != 0) { + if (strcmp(snoopy_filterregistry_names[i], filterName) == 0) { + return i; + } + i++; + } + return -1; +} + + + +/* + * call() + * + * Call the given filter and return its output + */ +int snoopy_filterregistry_call (char *filterName, char *logMessage, char *filterArg) +{ + int idx; + + idx = snoopy_filterregistry_getIndex(filterName); + if (idx == -1) { + return -1; + } + + return snoopy_filterregistry_ptrs[idx](logMessage, filterArg); +} diff -Nru snoopy-1.8.0/src/filterregistry.h snoopy-2.3.1/src/filterregistry.h --- snoopy-1.8.0/src/filterregistry.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/filterregistry.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,38 @@ +/* + * SNOOPY LOGGER + * + * File: filterregistry.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Two arrays holding data about filter functions + */ +extern char *snoopy_filterregistry_names[]; +extern int (*snoopy_filterregistry_ptrs []) (char *logMessage, char *arg); + + + +/* + * Functions to manage and utilise filter providers + */ +int snoopy_filterregistry_call (char *filterName, char *logMessage, char *filterArg); +int snoopy_filterregistry_getIndex (char *filterName); +int snoopy_filterregistry_isRegistered (char *filterName); diff -Nru snoopy-1.8.0/src/inputdatastorage.c snoopy-2.3.1/src/inputdatastorage.c --- snoopy-1.8.0/src/inputdatastorage.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/inputdatastorage.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,98 @@ +/* + * SNOOPY LOGGER + * + * File: inputdatastorage.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Includes + */ +#include "snoopy.h" +#include "inputdatastorage.h" + + + +/* + * Create these storage locations for inputs to consume + */ +const char *snoopy_inputdatastorage_filename; +char **snoopy_inputdatastorage_argv; +char **snoopy_inputdatastorage_envp; + + + +/* + * snoopy_inputdatastorage_store_filename() + * + * Description: + * Store filename of execv()/execve() syscall + * + * Params: + * filename: filename to store + * + * Return: + * void + */ +void snoopy_inputdatastorage_store_filename ( + const char *filename +) { + snoopy_inputdatastorage_filename = filename; +} + + + +/* + * snoopy_inputdatastorage_store_argv() + * + * Description: + * Store argv[] of execv()/execve() syscall + * + * Params: + * argv: argv pointer to store + * + * Return: + * void + */ +void snoopy_inputdatastorage_store_argv ( + char * argv[] +) { + snoopy_inputdatastorage_argv = argv; +} + + + +/* + * snoopy_inputdatastorage_store_envp() + * + * Description: + * Store envp[] of execve() syscall + * + * Params: + * envp: environment array pointer to store + * + * Return: + * void + */ +void snoopy_inputdatastorage_store_envp ( + char * envp[] +) { + snoopy_inputdatastorage_envp = envp; +} diff -Nru snoopy-1.8.0/src/inputdatastorage.h snoopy-2.3.1/src/inputdatastorage.h --- snoopy-1.8.0/src/inputdatastorage.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/inputdatastorage.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,46 @@ +/* + * SNOOPY LOGGER + * + * File: inputdatastorage.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ +#include "snoopy.h" + + + +/* + * Store execution data for inputs to consume + */ +extern const char *snoopy_inputdatastorage_filename; +extern char **snoopy_inputdatastorage_argv; +extern char **snoopy_inputdatastorage_envp; + + + +/* + * Functions to use to do the actual storing + */ +void snoopy_inputdatastorage_store_filename ( + const char *filename +); +void snoopy_inputdatastorage_store_argv ( + char * argv[] +); +void snoopy_inputdatastorage_store_envp ( + char * envp[] +); diff -Nru snoopy-1.8.0/src/lib/iniparser/AUTHORS snoopy-2.3.1/src/lib/iniparser/AUTHORS --- snoopy-1.8.0/src/lib/iniparser/AUTHORS 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/AUTHORS 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,6 @@ +Author: Nicolas Devillard + +This tiny library has received countless contributions and I have +not kept track of all the people who contributed. Let them be thanked +for their ideas, code, suggestions, corrections, enhancements! + diff -Nru snoopy-1.8.0/src/lib/iniparser/INSTALL snoopy-2.3.1/src/lib/iniparser/INSTALL --- snoopy-1.8.0/src/lib/iniparser/INSTALL 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/INSTALL 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,15 @@ + +iniParser installation instructions +----------------------------------- + +- Modify the Makefile to suit your environment. +- Type 'make' to make the library. +- Type 'make check' to make the test program. +- Type 'test/iniexample' to launch the test program. +- Type 'test/parse' to launch torture tests. + + + +Enjoy! +N. Devillard +Wed Mar 2 21:14:17 CET 2011 diff -Nru snoopy-1.8.0/src/lib/iniparser/LICENSE snoopy-2.3.1/src/lib/iniparser/LICENSE --- snoopy-1.8.0/src/lib/iniparser/LICENSE 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/LICENSE 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,21 @@ +Copyright (c) 2000-2011 by Nicolas Devillard. +MIT License + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + diff -Nru snoopy-1.8.0/src/lib/iniparser/README snoopy-2.3.1/src/lib/iniparser/README --- snoopy-1.8.0/src/lib/iniparser/README 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/README 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,12 @@ + +Welcome to iniParser -- version 3.1 +released 08 Apr 2012 + +This modules offers parsing of ini files from the C level. +See a complete documentation in HTML format, from this directory +open the file html/index.html with any HTML-capable browser. + +Enjoy! + +N.Devillard +Sun Apr 8 16:38:09 CEST 2012 diff -Nru snoopy-1.8.0/src/lib/iniparser/SNOOPY_LIB_CHANGES snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_CHANGES --- snoopy-1.8.0/src/lib/iniparser/SNOOPY_LIB_CHANGES 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_CHANGES 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,4 @@ +Snoopy changes to iniparser +=========================== + +o Changed all error messages to include "snoopy " prefix diff -Nru snoopy-1.8.0/src/lib/iniparser/SNOOPY_LIB_URI snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_URI --- snoopy-1.8.0/src/lib/iniparser/SNOOPY_LIB_URI 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_URI 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,2 @@ +http://ndevilla.free.fr/iniparser/ +https://github.com/ndevilla/iniparser diff -Nru snoopy-1.8.0/src/lib/iniparser/SNOOPY_LIB_VERSION snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_VERSION --- snoopy-1.8.0/src/lib/iniparser/SNOOPY_LIB_VERSION 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_VERSION 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1 @@ +git commit c8633b72816420bde5c0c247df850ca2c30e6d53 diff -Nru snoopy-1.8.0/src/lib/iniparser/src/dictionary.c snoopy-2.3.1/src/lib/iniparser/src/dictionary.c --- snoopy-1.8.0/src/lib/iniparser/src/dictionary.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/src/dictionary.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,402 @@ +/*-------------------------------------------------------------------------*/ +/** + @file dictionary.c + @author N. Devillard + @brief Implements a dictionary for string variables. + + This module implements a simple dictionary object, i.e. a list + of string/string associations. This object is useful to store e.g. + informations retrieved from a configuration file (ini files). +*/ +/*--------------------------------------------------------------------------*/ + +/*--------------------------------------------------------------------------- + Includes + ---------------------------------------------------------------------------*/ +#include "dictionary.h" + +#include +#include +#include +#include + +/** Maximum value size for integers and doubles. */ +#define MAXVALSZ 1024 + +/** Minimal allocated number of entries in a dictionary */ +#define DICTMINSZ 128 + +/** Invalid key token */ +#define DICT_INVALID_KEY ((char*)-1) + +/*--------------------------------------------------------------------------- + Private functions + ---------------------------------------------------------------------------*/ + +/* Doubles the allocated size associated to a pointer */ +/* 'size' is the current allocated size. */ +static void * mem_double(void * ptr, size_t size) +{ + void * newptr ; + + newptr = calloc(2*size, 1); + if (newptr==NULL) { + return NULL ; + } + memcpy(newptr, ptr, size); + free(ptr); + return newptr ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Duplicate a string + @param s String to duplicate + @return Pointer to a newly allocated string, to be freed with free() + + This is a replacement for strdup(). This implementation is provided + for systems that do not have it. + */ +/*--------------------------------------------------------------------------*/ +char * xstrdup(const char * s) +{ + char * t ; + size_t len ; + if (!s) + return NULL ; + + len = strlen(s) + 1 ; + t = malloc(len) ; + if (t) { + memcpy(t, s, len) ; + } + return t ; +} + +/*--------------------------------------------------------------------------- + Function codes + ---------------------------------------------------------------------------*/ +/*-------------------------------------------------------------------------*/ +/** + @brief Compute the hash key for a string. + @param key Character string to use for key. + @return 1 unsigned int on at least 32 bits. + + This hash function has been taken from an Article in Dr Dobbs Journal. + This is normally a collision-free function, distributing keys evenly. + The key is stored anyway in the struct so that collision can be avoided + by comparing the key itself in last resort. + */ +/*--------------------------------------------------------------------------*/ +unsigned dictionary_hash(const char * key) +{ + size_t len ; + unsigned hash ; + size_t i ; + + len = strlen(key); + for (hash=0, i=0 ; i>6) ; + } + hash += (hash <<3); + hash ^= (hash >>11); + hash += (hash <<15); + return hash ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Create a new dictionary object. + @param size Optional initial size of the dictionary. + @return 1 newly allocated dictionary objet. + + This function allocates a new dictionary object of given size and returns + it. If you do not know in advance (roughly) the number of entries in the + dictionary, give size=0. + */ +/*--------------------------------------------------------------------------*/ +dictionary * dictionary_new(size_t size) +{ + dictionary * d ; + + /* If no size was specified, allocate space for DICTMINSZ */ + if (sizesize = size ; + d->val = calloc(size, sizeof *d->val); + d->key = calloc(size, sizeof *d->key); + d->hash = calloc(size, sizeof *d->hash); + } + return d ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a dictionary object + @param d dictionary object to deallocate. + @return void + + Deallocate a dictionary object and all memory associated to it. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_del(dictionary * d) +{ + size_t i ; + + if (d==NULL) return ; + for (i=0 ; isize ; i++) { + if (d->key[i]!=NULL) + free(d->key[i]); + if (d->val[i]!=NULL) + free(d->val[i]); + } + free(d->val); + free(d->key); + free(d->hash); + free(d); + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get a value from a dictionary. + @param d dictionary object to search. + @param key Key to look for in the dictionary. + @param def Default value to return if key not found. + @return 1 pointer to internally allocated character string. + + This function locates a key in a dictionary and returns a pointer to its + value, or the passed 'def' pointer if no such key can be found in + dictionary. The returned character pointer points to data internal to the + dictionary object, you should not try to free it or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * dictionary_get(dictionary * d, const char * key, char * def) +{ + unsigned hash ; + size_t i ; + + hash = dictionary_hash(key); + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + /* Compare hash */ + if (hash==d->hash[i]) { + /* Compare string, to avoid hash collisions */ + if (!strcmp(key, d->key[i])) { + return d->val[i] ; + } + } + } + return def ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Set a value in a dictionary. + @param d dictionary object to modify. + @param key Key to modify or add. + @param val Value to add. + @return int 0 if Ok, anything else otherwise + + If the given key is found in the dictionary, the associated value is + replaced by the provided one. If the key cannot be found in the + dictionary, it is added to it. + + It is Ok to provide a NULL value for val, but NULL values for the dictionary + or the key are considered as errors: the function will return immediately + in such a case. + + Notice that if you dictionary_set a variable to NULL, a call to + dictionary_get will return a NULL value: the variable will be found, and + its value (NULL) is returned. In other words, setting the variable + content to NULL is equivalent to deleting the variable from the + dictionary. It is not possible (in this implementation) to have a key in + the dictionary without value. + + This function returns non-zero in case of failure. + */ +/*--------------------------------------------------------------------------*/ +int dictionary_set(dictionary * d, const char * key, const char * val) +{ + size_t i ; + unsigned hash ; + + if (d==NULL || key==NULL) return -1 ; + + /* Compute hash for this key */ + hash = dictionary_hash(key) ; + /* Find if value is already in dictionary */ + if (d->n>0) { + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (hash==d->hash[i]) { /* Same hash value */ + if (!strcmp(key, d->key[i])) { /* Same key */ + /* Found a value: modify and return */ + if (d->val[i]!=NULL) + free(d->val[i]); + d->val[i] = val ? xstrdup(val) : NULL ; + /* Value has been modified: return */ + return 0 ; + } + } + } + } + /* Add a new value */ + /* See if dictionary needs to grow */ + if (d->n==d->size) { + + /* Reached maximum size: reallocate dictionary */ + d->val = mem_double(d->val, d->size * sizeof *d->val) ; + d->key = mem_double(d->key, d->size * sizeof *d->key) ; + d->hash = mem_double(d->hash, d->size * sizeof *d->hash) ; + if ((d->val==NULL) || (d->key==NULL) || (d->hash==NULL)) { + /* Cannot grow dictionary */ + return -1 ; + } + /* Double size */ + d->size *= 2 ; + } + + /* Insert key in the first empty slot. Start at d->n and wrap at + d->size. Because d->n < d->size this will necessarily + terminate. */ + for (i=d->n ; d->key[i] ; ) { + if(++i == d->size) i = 0; + } + /* Copy key */ + d->key[i] = xstrdup(key); + d->val[i] = val ? xstrdup(val) : NULL ; + d->hash[i] = hash; + d->n ++ ; + return 0 ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a key in a dictionary + @param d dictionary object to modify. + @param key Key to remove. + @return void + + This function deletes a key in a dictionary. Nothing is done if the + key cannot be found. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_unset(dictionary * d, const char * key) +{ + unsigned hash ; + size_t i ; + + if (key == NULL) { + return; + } + + hash = dictionary_hash(key); + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + /* Compare hash */ + if (hash==d->hash[i]) { + /* Compare string, to avoid hash collisions */ + if (!strcmp(key, d->key[i])) { + /* Found key */ + break ; + } + } + } + if (i>=d->size) + /* Key not found */ + return ; + + free(d->key[i]); + d->key[i] = NULL ; + if (d->val[i]!=NULL) { + free(d->val[i]); + d->val[i] = NULL ; + } + d->hash[i] = 0 ; + d->n -- ; + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump + @param f Opened file pointer. + @return void + + Dumps a dictionary onto an opened file pointer. Key pairs are printed out + as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as + output file pointers. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_dump(dictionary * d, FILE * out) +{ + size_t i ; + + if (d==NULL || out==NULL) return ; + if (d->n<1) { + fprintf(out, "empty dictionary\n"); + return ; + } + for (i=0 ; isize ; i++) { + if (d->key[i]) { + fprintf(out, "%20s\t[%s]\n", + d->key[i], + d->val[i] ? d->val[i] : "UNDEF"); + } + } + return ; +} + + +/* Test code */ +#ifdef TESTDIC +#define NVALS 20000 +int main(int argc, char *argv[]) +{ + dictionary * d ; + char * val ; + int i ; + char cval[90] ; + + /* Allocate dictionary */ + printf("allocating...\n"); + d = dictionary_new(0); + + /* Set values in dictionary */ + printf("setting %d values...\n", NVALS); + for (i=0 ; in != 0) { + printf("error deleting values\n"); + } + printf("deallocating...\n"); + dictionary_del(d); + return 0 ; +} +#endif +/* vim: set ts=4 et sw=4 tw=75 */ diff -Nru snoopy-1.8.0/src/lib/iniparser/src/dictionary.h snoopy-2.3.1/src/lib/iniparser/src/dictionary.h --- snoopy-1.8.0/src/lib/iniparser/src/dictionary.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/src/dictionary.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,185 @@ + +/*-------------------------------------------------------------------------*/ +/** + @file dictionary.h + @author N. Devillard + @brief Implements a dictionary for string variables. + + This module implements a simple dictionary object, i.e. a list + of string/string associations. This object is useful to store e.g. + informations retrieved from a configuration file (ini files). +*/ +/*--------------------------------------------------------------------------*/ + +#ifndef _DICTIONARY_H_ +#define _DICTIONARY_H_ + +/*--------------------------------------------------------------------------- + Includes + ---------------------------------------------------------------------------*/ + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/*--------------------------------------------------------------------------- + New types + ---------------------------------------------------------------------------*/ + + +/*-------------------------------------------------------------------------*/ +/** + @brief Dictionary object + + This object contains a list of string/string associations. Each + association is identified by a unique string key. Looking up values + in the dictionary is speeded up by the use of a (hopefully collision-free) + hash function. + */ +/*-------------------------------------------------------------------------*/ +typedef struct _dictionary_ { + int n ; /** Number of entries in dictionary */ + int size ; /** Storage size */ + char ** val ; /** List of string values */ + char ** key ; /** List of string keys */ + unsigned * hash ; /** List of hash values for keys */ +} dictionary ; + + +/*--------------------------------------------------------------------------- + Function prototypes + ---------------------------------------------------------------------------*/ + +/*-------------------------------------------------------------------------*/ +/** + @brief Compute the hash key for a string. + @param key Character string to use for key. + @return 1 unsigned int on at least 32 bits. + + This hash function has been taken from an Article in Dr Dobbs Journal. + This is normally a collision-free function, distributing keys evenly. + The key is stored anyway in the struct so that collision can be avoided + by comparing the key itself in last resort. + */ +/*--------------------------------------------------------------------------*/ +unsigned dictionary_hash(const char * key); + +/*-------------------------------------------------------------------------*/ +/** + @brief Create a new dictionary object. + @param size Optional initial size of the dictionary. + @return 1 newly allocated dictionary objet. + + This function allocates a new dictionary object of given size and returns + it. If you do not know in advance (roughly) the number of entries in the + dictionary, give size=0. + */ +/*--------------------------------------------------------------------------*/ +dictionary * dictionary_new(size_t size); + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a dictionary object + @param d dictionary object to deallocate. + @return void + + Deallocate a dictionary object and all memory associated to it. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_del(dictionary * vd); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get a value from a dictionary. + @param d dictionary object to search. + @param key Key to look for in the dictionary. + @param def Default value to return if key not found. + @return 1 pointer to internally allocated character string. + + This function locates a key in a dictionary and returns a pointer to its + value, or the passed 'def' pointer if no such key can be found in + dictionary. The returned character pointer points to data internal to the + dictionary object, you should not try to free it or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * dictionary_get(dictionary * d, const char * key, char * def); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Set a value in a dictionary. + @param d dictionary object to modify. + @param key Key to modify or add. + @param val Value to add. + @return int 0 if Ok, anything else otherwise + + If the given key is found in the dictionary, the associated value is + replaced by the provided one. If the key cannot be found in the + dictionary, it is added to it. + + It is Ok to provide a NULL value for val, but NULL values for the dictionary + or the key are considered as errors: the function will return immediately + in such a case. + + Notice that if you dictionary_set a variable to NULL, a call to + dictionary_get will return a NULL value: the variable will be found, and + its value (NULL) is returned. In other words, setting the variable + content to NULL is equivalent to deleting the variable from the + dictionary. It is not possible (in this implementation) to have a key in + the dictionary without value. + + This function returns non-zero in case of failure. + */ +/*--------------------------------------------------------------------------*/ +int dictionary_set(dictionary * vd, const char * key, const char * val); + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a key in a dictionary + @param d dictionary object to modify. + @param key Key to remove. + @return void + + This function deletes a key in a dictionary. Nothing is done if the + key cannot be found. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_unset(dictionary * d, const char * key); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump + @param f Opened file pointer. + @return void + + Dumps a dictionary onto an opened file pointer. Key pairs are printed out + as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as + output file pointers. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_dump(dictionary * d, FILE * out); + +/*-------------------------------------------------------------------------*/ +/** + @brief Duplicate a string + @param s String to duplicate + @return Pointer to a newly allocated string, to be freed with free() + + This is a replacement for strdup(). This implementation is provided + for systems that do not have it. + */ +/*--------------------------------------------------------------------------*/ +char * xstrdup(const char * s); + +#ifdef __cplusplus +} +#endif + +#endif diff -Nru snoopy-1.8.0/src/lib/iniparser/src/iniparser.c snoopy-2.3.1/src/lib/iniparser/src/iniparser.c --- snoopy-1.8.0/src/lib/iniparser/src/iniparser.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/src/iniparser.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,907 @@ + +/*-------------------------------------------------------------------------*/ +/** + @file iniparser.c + @author N. Devillard + @brief Parser for ini files. +*/ +/*--------------------------------------------------------------------------*/ +/*---------------------------- Includes ------------------------------------*/ +#include +#include "iniparser.h" + +/*---------------------------- Defines -------------------------------------*/ +#define ASCIILINESZ (1024) +#define INI_INVALID_KEY ((char*)-1) + +/*--------------------------------------------------------------------------- + Private to this module + ---------------------------------------------------------------------------*/ +/** + * This enum stores the status for each parsed line (internal use only). + */ +typedef enum _line_status_ { + LINE_UNPROCESSED, + LINE_ERROR, + LINE_EMPTY, + LINE_COMMENT, + LINE_SECTION, + LINE_VALUE +} line_status ; + +/*-------------------------------------------------------------------------*/ +/** + @brief Convert a string to lowercase. + @param s String to convert. + + This function modifies the string passed, the modified string + contains a lowercased version of the input string. + */ +/*--------------------------------------------------------------------------*/ + +static void strlwc(char * s) +{ + int i ; + + if (s==NULL) return; + i=0 ; + while (s[i]) { + s[i] = (char)tolower((int)s[i]); + i++ ; + } +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Remove blanks at the beginning and the end of a string. + @param s String to parse. + + This function modifies the input string and returns a modified string + which is identical to the input string, except that all blank + characters at the end and the beg. of the string have been removed. + */ +/*--------------------------------------------------------------------------*/ +static void strstrip(char * s) +{ + if (s==NULL) return ; + + char *last = s + strlen(s); + char *dest = s; + + while (isspace((int)*s) && *s) s++; + while (last > s) { + if (!isspace((int)*(last-1))) + break ; + last -- ; + } + *last = (char)0; + + memmove(dest, s, last - s + 1); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get number of sections in a dictionary + @param d Dictionary to examine + @return int Number of sections found in dictionary + + This function returns the number of sections found in a dictionary. + The test to recognize sections is done on the string stored in the + dictionary: a section name is given as "section" whereas a key is + stored as "section:key", thus the test looks for entries that do not + contain a colon. + + This clearly fails in the case a section name contains a colon, but + this should simply be avoided. + + This function returns -1 in case of error. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getnsec(dictionary * d) +{ + int i ; + int nsec ; + + if (d==NULL) return -1 ; + nsec=0 ; + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (strchr(d->key[i], ':')==NULL) { + nsec ++ ; + } + } + return nsec ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get name for section n in a dictionary. + @param d Dictionary to examine + @param n Section number (from 0 to nsec-1). + @return Pointer to char string + + This function locates the n-th section in a dictionary and returns + its name as a pointer to a string statically allocated inside the + dictionary. Do not free or modify the returned string! + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ +char * iniparser_getsecname(dictionary * d, int n) +{ + int i ; + int foundsec ; + + if (d==NULL || n<0) return NULL ; + foundsec=0 ; + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (strchr(d->key[i], ':')==NULL) { + foundsec++ ; + if (foundsec>n) + break ; + } + } + if (foundsec<=n) { + return NULL ; + } + return d->key[i] ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump. + @param f Opened file pointer to dump to. + @return void + + This function prints out the contents of a dictionary, one element by + line, onto the provided file pointer. It is OK to specify @c stderr + or @c stdout as output files. This function is meant for debugging + purposes mostly. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_dump(dictionary * d, FILE * f) +{ + int i ; + + if (d==NULL || f==NULL) return ; + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (d->val[i]!=NULL) { + fprintf(f, "[%s]=[%s]\n", d->key[i], d->val[i]); + } else { + fprintf(f, "[%s]=UNDEF\n", d->key[i]); + } + } + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Save a dictionary to a loadable ini file + @param d Dictionary to dump + @param f Opened file pointer to dump to + @return void + + This function dumps a given dictionary into a loadable ini file. + It is Ok to specify @c stderr or @c stdout as output files. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_dump_ini(dictionary * d, FILE * f) +{ + int i ; + int nsec ; + char * secname ; + + if (d==NULL || f==NULL) return ; + + nsec = iniparser_getnsec(d); + if (nsec<1) { + /* No section in file: dump all keys as they are */ + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + fprintf(f, "%s = %s\n", d->key[i], d->val[i]); + } + return ; + } + for (i=0 ; isize ; j++) { + if (d->key[j]==NULL) + continue ; + if (!strncmp(d->key[j], keym, secsize-1)) { + fprintf(f, + "%-30s = %s\n", + d->key[j]+secsize-1, + d->val[j] ? d->val[j] : ""); + } + } + fprintf(f, "\n"); + free(keym); + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return Number of keys in section + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getsecnkeys(dictionary * d, char * s) +{ + int secsize, nkeys ; + char *keym; + int j ; + + nkeys = 0; + + if (d==NULL) return nkeys; + if (! iniparser_find_entry(d, s)) return nkeys; + + secsize = (int)strlen(s)+2; + keym = malloc(secsize); + snprintf(keym, secsize, "%s:", s); + + for (j=0 ; jsize ; j++) { + if (d->key[j]==NULL) + continue ; + if (!strncmp(d->key[j], keym, secsize-1)) + nkeys++; + } + free(keym); + return nkeys; + +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return pointer to statically allocated character strings + + This function queries a dictionary and finds all keys in a given section. + Each pointer in the returned char pointer-to-pointer is pointing to + a string allocated in the dictionary; do not free or modify them. + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ +char ** iniparser_getseckeys(dictionary * d, char * s) +{ + + char **keys; + + int i, j ; + char *keym; + int secsize, nkeys ; + + keys = NULL; + + if (d==NULL) return keys; + if (! iniparser_find_entry(d, s)) return keys; + + nkeys = iniparser_getsecnkeys(d, s); + + keys = (char**) malloc(nkeys*sizeof(char*)); + + secsize = (int)strlen(s) + 2; + keym = malloc(secsize); + snprintf(keym, secsize, "%s:", s); + + i = 0; + + for (j=0 ; jsize ; j++) { + if (d->key[j]==NULL) + continue ; + if (!strncmp(d->key[j], keym, secsize-1)) { + keys[i] = d->key[j]; + i++; + } + } + free(keym); + return keys; + +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key + @param d Dictionary to search + @param key Key string to look for + @param def Default value to return if key not found. + @return pointer to statically allocated character string + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the pointer passed as 'def' is returned. + The returned char pointer is pointing to a string allocated in + the dictionary, do not free or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * iniparser_getstring(dictionary * d, const char * key, char * def) +{ + char * lc_key ; + char * sval ; + + if (d==NULL || key==NULL) + return def ; + + lc_key = xstrdup(key); + strlwc(lc_key); + sval = dictionary_get(d, lc_key, def); + free(lc_key); + return sval ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to an int + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + Supported values for integers include the usual C notation + so decimal, octal (starting with 0) and hexadecimal (starting with 0x) + are supported. Examples: + + "42" -> 42 + "042" -> 34 (octal -> decimal) + "0x42" -> 66 (hexa -> decimal) + + Warning: the conversion may overflow in various ways. Conversion is + totally outsourced to strtol(), see the associated man page for overflow + handling. + + Credits: Thanks to A. Becker for suggesting strtol() + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getint(dictionary * d, const char * key, int notfound) +{ + char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); + if (str==INI_INVALID_KEY) return notfound ; + return (int)strtol(str, NULL, 0); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a double + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return double + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + */ +/*--------------------------------------------------------------------------*/ +double iniparser_getdouble(dictionary * d, const char * key, double notfound) +{ + char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); + if (str==INI_INVALID_KEY) return notfound ; + return atof(str); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a boolean + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + A true boolean is found if one of the following is matched: + + - A string starting with 'y' + - A string starting with 'Y' + - A string starting with 't' + - A string starting with 'T' + - A string starting with '1' + + A false boolean is found if one of the following is matched: + + - A string starting with 'n' + - A string starting with 'N' + - A string starting with 'f' + - A string starting with 'F' + - A string starting with '0' + + The notfound value returned if no boolean is identified, does not + necessarily have to be 0 or 1. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getboolean(dictionary * d, const char * key, int notfound) +{ + char * c ; + int ret ; + + c = iniparser_getstring(d, key, INI_INVALID_KEY); + if (c==INI_INVALID_KEY) return notfound ; + if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { + ret = 1 ; + } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { + ret = 0 ; + } else { + ret = notfound ; + } + return ret; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Finds out if a given entry exists in a dictionary + @param ini Dictionary to search + @param entry Name of the entry to look for + @return integer 1 if entry exists, 0 otherwise + + Finds out if a given entry exists in the dictionary. Since sections + are stored as keys with NULL associated values, this is the only way + of querying for the presence of sections in a dictionary. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_find_entry( + dictionary * ini, + const char * entry +) +{ + int found=0 ; + if (iniparser_getstring(ini, entry, INI_INVALID_KEY)!=INI_INVALID_KEY) { + found = 1 ; + } + return found ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Set an entry in a dictionary. + @param ini Dictionary to modify. + @param entry Entry to modify (entry name) + @param val New value to associate to the entry. + @return int 0 if Ok, -1 otherwise. + + If the given entry can be found in the dictionary, it is modified to + contain the provided value. If it cannot be found, -1 is returned. + It is Ok to set val to NULL. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_set(dictionary * ini, const char * entry, const char * val) +{ + int result = 0; + char *lc_entry = xstrdup(entry); + strlwc(lc_entry); + result = dictionary_set(ini, lc_entry, val) ; + free(lc_entry); + return result; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete an entry in a dictionary + @param ini Dictionary to modify + @param entry Entry to delete (entry name) + @return void + + If the given entry can be found, it is deleted from the dictionary. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_unset(dictionary * ini, const char * entry) +{ + char* lc_entry = xstrdup(entry); + strlwc(lc_entry); + dictionary_unset(ini, lc_entry); + free(lc_entry); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Load a single line from an INI file + @param input_line Input line, may be concatenated multi-line input + @param section Output space to store section + @param key Output space to store key + @param value Output space to store value + @return line_status value + */ +/*--------------------------------------------------------------------------*/ +static line_status iniparser_line( + int line_size, + const char * input_line, + char ** section_out, + char ** key_out, + char ** value_out) +{ + line_status sta ; + int len = line_size-1; + char * line = malloc(line_size); + char * key = NULL; + char * value = NULL; + char * equals = NULL; + + if (!line) { + fprintf(stderr, "SNOOPY iniparser: memory alloc error\n"); + return LINE_ERROR; + } + + *line = 0; + + + strcpy(line, input_line); + strstrip(line); + len = (int)strlen(line); + + /* only allocate necessary space for key & val */ + equals = strchr(line, '='); + if (equals) { + value = malloc((len + line) - equals + 1); + key = malloc(equals - line + 1); + *value = 0; + } else { + key = malloc(line_size + 1); + } + + if (!key || (equals && !value)) { + fprintf(stderr, "SNOOPY iniparser: memory alloc error\n"); + sta = LINE_ERROR; + goto out; + } + + *key = 0; + + sta = LINE_UNPROCESSED ; + if (len<1) { + /* Empty line */ + sta = LINE_EMPTY ; + } else if (line[0]=='#' || line[0]==';') { + /* Comment line */ + sta = LINE_COMMENT ; + } else if (line[0]=='[' && line[len-1]==']') { + /* Section name */ + sscanf(line, "[%[^]]", key); + strstrip(key); + strlwc(key); + sta = LINE_SECTION ; + *section_out=key; + /* don't free key's memory */ + key = NULL; + } else if (equals && (sscanf (line, "%[^=] = \"%[^\"]\"", key, value) == 2 + || sscanf (line, "%[^=] = '%[^\']'", key, value) == 2 + || sscanf (line, "%[^=] = %[^;#]", key, value) == 2)) { + /* Usual key=value, with or without comments */ + strstrip(key); + strlwc(key); + strstrip(value); + /* + * sscanf cannot handle '' or "" as empty values + * this is done here + */ + if (!strcmp(value, "\"\"") || (!strcmp(value, "''"))) { + value[0]=0 ; + } + *key_out = key; + *value_out = value; + key = NULL; + value = NULL; + sta = LINE_VALUE ; + } else if (equals && (sscanf(line, "%[^=] = %[;#]", key, value)==2 + || sscanf(line, "%[^=] %[=]", key, value) == 2)) { + /* + * Special cases: + * key= + * key=; + * key=# + */ + strstrip(key); + strlwc(key); + value[0]=0 ; + *key_out = key; + *value_out = value; + + /* don't free out params key or val's memory */ + key = NULL; + value = NULL; + sta = LINE_VALUE ; + } else { + /* Generate syntax error */ + sta = LINE_ERROR ; + } + +out: + if (line) { + free(line); + line = NULL; + } + if (key) { + free(key); + key = NULL; + } + if (value) { + free(value); + value= NULL; + } + return sta ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Parse an ini file and return an allocated dictionary object + @param ininame Name of the ini file to read. + @return Pointer to newly allocated dictionary + + This is the parser for ini files. This function is called, providing + the name of the file to be read. It returns a dictionary object that + should not be accessed directly, but through accessor functions + instead. + + The returned dictionary must be freed using iniparser_freedict(). + */ +/*--------------------------------------------------------------------------*/ +dictionary * iniparser_load(const char * ininame) +{ + FILE * in = NULL ; + + char line [ASCIILINESZ+1] ; + char *section = xstrdup(""); + char *current_section = NULL; + char *key = NULL; + char *val = NULL; + char* full_line = NULL; + char* prev_line = NULL; + + int len ; + int lineno=0 ; + int errs=0; + int seckey_size=0; + + dictionary * dict = NULL ; + + if ((in=fopen(ininame, "r"))==NULL) { + fprintf(stderr, "SNOOPY iniparser: cannot open %s\n", ininame); + goto out; + } + + dict = dictionary_new(0) ; + if (!dict) { + goto out; + } + + memset(line, 0, ASCIILINESZ); + + while (fgets(line, ASCIILINESZ, in)!=NULL) { + int prev_line_len = 0; + int multi_line = 0; + int total_size = 0; + + if (key) { + free(key); + key = NULL; + } + if (val) { + free(val); + val = NULL; + } + + lineno++ ; + len = (int)strlen(line)-1; + if (len==0) + continue; + /* Safety check against buffer overflows */ + if (line[len]!='\n' && !feof(in)) { + fprintf(stderr, + "SNOOPY iniparser: input line too long in %s (%d)\n", + ininame, + lineno); + errs++; + goto out; + } + /* Get rid of \n and spaces at end of line */ + while ((len>=0) && + ((line[len]=='\n') || (isspace(line[len])))) { + line[len]=0 ; + len-- ; + } + + if (len < 0) { /* Line was entirely \n and/or spaces */ + len = 0; + } + + /* Detect multi-line */ + if (line[len]=='\\') { + multi_line = 1; + } + if (multi_line) { + /* Multi-line value */ + /* length without trailing '\' */ + /* remove multi-line indicator before appending*/ + line[len] = 0; + len--; + } + + /* + * If processing a multi-line then append it the previous portion, + * at this point 'full_line' has the previously read portion of a + * multi-line line (or NULL) + */ + prev_line = full_line; + prev_line_len=0; + if (prev_line) { + prev_line_len = strlen(prev_line); + } + + /* len is not strlen(line) but strlen(line) -1 */ + total_size = (len+1) + prev_line_len + 1; + + full_line = malloc(total_size); + if (!full_line) { + fprintf(stderr, + "SNOOPY iniparser: out of mem\n"); + errs++; + goto out; + } + + memset(full_line, 0, total_size); + + if (prev_line) { + strcpy(full_line, prev_line); + } + + strcpy(full_line + prev_line_len, line); + free(prev_line); + prev_line = NULL; + + if (multi_line) { + continue ; + } + + switch (iniparser_line(total_size, full_line, ¤t_section, &key, &val)) { + case LINE_EMPTY: + case LINE_COMMENT: + break ; + + case LINE_SECTION: + if (section) { + free(section); + section=NULL; + } + errs = dictionary_set(dict, current_section, NULL); + section = current_section; + break ; + + case LINE_VALUE: + { + char *seckey; + /* section + ':' + key + eos */ + seckey_size = strlen(section) + strlen(key) +2; + seckey = malloc(seckey_size); + if (!seckey) { + errs++; + fprintf(stderr, + "SNOOPY iniparser: out of mem\n"); + goto out; + } + snprintf(seckey, seckey_size, "%s:%s", section, key); + errs = dictionary_set(dict, seckey, val) ; + free(seckey); + seckey = NULL; + } + break ; + + case LINE_ERROR: + fprintf(stderr, "SNOOPY iniparser: syntax error in %s (%d):\n", + ininame, + lineno); + fprintf(stderr, "-> %s\n", full_line); + errs++ ; + break; + + default: + break ; + } + memset(line, 0, ASCIILINESZ); + if (full_line) { + free(full_line); + full_line = NULL; + } + if (errs<0) { + fprintf(stderr, "SNOOPY iniparser: memory allocation failure\n"); + break ; + } + } +out: + if (errs) { + dictionary_del(dict); + dict = NULL ; + } + if (val) { + free(val); + val = NULL; + } + if (key) { + free(key); + key = NULL; + } + if (section) { + free(section); + section = NULL; + } + if (full_line) { + free(full_line); + full_line = NULL; + } + if (prev_line) { + free(prev_line); + prev_line = NULL; + } + if (in) { + fclose(in); + } + return dict ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Free all memory associated to an ini dictionary + @param d Dictionary to free + @return void + + Free all memory associated to an ini dictionary. + It is mandatory to call this function before the dictionary object + gets out of the current context. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_freedict(dictionary * d) +{ + dictionary_del(d); +} + +/* vim: set ts=4 et sw=4 tw=75 */ diff -Nru snoopy-1.8.0/src/lib/iniparser/src/iniparser.h snoopy-2.3.1/src/lib/iniparser/src/iniparser.h --- snoopy-1.8.0/src/lib/iniparser/src/iniparser.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/iniparser/src/iniparser.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,315 @@ + +/*-------------------------------------------------------------------------*/ +/** + @file iniparser.h + @author N. Devillard + @brief Parser for ini files. +*/ +/*--------------------------------------------------------------------------*/ + +#ifndef _INIPARSER_H_ +#define _INIPARSER_H_ + +/*--------------------------------------------------------------------------- + Includes + ---------------------------------------------------------------------------*/ + +#include +#include +#include + +/* + * The following #include is necessary on many Unixes but not Linux. + * It is not needed for Windows platforms. + * Uncomment it if needed. + */ +/* #include */ + +#include "dictionary.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/*-------------------------------------------------------------------------*/ +/** + @brief Get number of sections in a dictionary + @param d Dictionary to examine + @return int Number of sections found in dictionary + + This function returns the number of sections found in a dictionary. + The test to recognize sections is done on the string stored in the + dictionary: a section name is given as "section" whereas a key is + stored as "section:key", thus the test looks for entries that do not + contain a colon. + + This clearly fails in the case a section name contains a colon, but + this should simply be avoided. + + This function returns -1 in case of error. + */ +/*--------------------------------------------------------------------------*/ + +int iniparser_getnsec(dictionary * d); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Get name for section n in a dictionary. + @param d Dictionary to examine + @param n Section number (from 0 to nsec-1). + @return Pointer to char string + + This function locates the n-th section in a dictionary and returns + its name as a pointer to a string statically allocated inside the + dictionary. Do not free or modify the returned string! + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ + +char * iniparser_getsecname(dictionary * d, int n); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Save a dictionary to a loadable ini file + @param d Dictionary to dump + @param f Opened file pointer to dump to + @return void + + This function dumps a given dictionary into a loadable ini file. + It is Ok to specify @c stderr or @c stdout as output files. + */ +/*--------------------------------------------------------------------------*/ + +void iniparser_dump_ini(dictionary * d, FILE * f); + +/*-------------------------------------------------------------------------*/ +/** + @brief Save a dictionary section to a loadable ini file + @param d Dictionary to dump + @param s Section name of dictionary to dump + @param f Opened file pointer to dump to + @return void + + This function dumps a given section of a given dictionary into a loadable ini + file. It is Ok to specify @c stderr or @c stdout as output files. + */ +/*--------------------------------------------------------------------------*/ + +void iniparser_dumpsection_ini(dictionary * d, char * s, FILE * f); + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump. + @param f Opened file pointer to dump to. + @return void + + This function prints out the contents of a dictionary, one element by + line, onto the provided file pointer. It is OK to specify @c stderr + or @c stdout as output files. This function is meant for debugging + purposes mostly. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_dump(dictionary * d, FILE * f); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return Number of keys in section + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getsecnkeys(dictionary * d, char * s); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return pointer to statically allocated character strings + + This function queries a dictionary and finds all keys in a given section. + Each pointer in the returned char pointer-to-pointer is pointing to + a string allocated in the dictionary; do not free or modify them. + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ +char ** iniparser_getseckeys(dictionary * d, char * s); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key + @param d Dictionary to search + @param key Key string to look for + @param def Default value to return if key not found. + @return pointer to statically allocated character string + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the pointer passed as 'def' is returned. + The returned char pointer is pointing to a string allocated in + the dictionary, do not free or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * iniparser_getstring(dictionary * d, const char * key, char * def); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to an int + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + Supported values for integers include the usual C notation + so decimal, octal (starting with 0) and hexadecimal (starting with 0x) + are supported. Examples: + + - "42" -> 42 + - "042" -> 34 (octal -> decimal) + - "0x42" -> 66 (hexa -> decimal) + + Warning: the conversion may overflow in various ways. Conversion is + totally outsourced to strtol(), see the associated man page for overflow + handling. + + Credits: Thanks to A. Becker for suggesting strtol() + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getint(dictionary * d, const char * key, int notfound); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a double + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return double + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + */ +/*--------------------------------------------------------------------------*/ +double iniparser_getdouble(dictionary * d, const char * key, double notfound); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a boolean + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + A true boolean is found if one of the following is matched: + + - A string starting with 'y' + - A string starting with 'Y' + - A string starting with 't' + - A string starting with 'T' + - A string starting with '1' + + A false boolean is found if one of the following is matched: + + - A string starting with 'n' + - A string starting with 'N' + - A string starting with 'f' + - A string starting with 'F' + - A string starting with '0' + + The notfound value returned if no boolean is identified, does not + necessarily have to be 0 or 1. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getboolean(dictionary * d, const char * key, int notfound); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Set an entry in a dictionary. + @param ini Dictionary to modify. + @param entry Entry to modify (entry name) + @param val New value to associate to the entry. + @return int 0 if Ok, -1 otherwise. + + If the given entry can be found in the dictionary, it is modified to + contain the provided value. If it cannot be found, -1 is returned. + It is Ok to set val to NULL. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_set(dictionary * ini, const char * entry, const char * val); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete an entry in a dictionary + @param ini Dictionary to modify + @param entry Entry to delete (entry name) + @return void + + If the given entry can be found, it is deleted from the dictionary. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_unset(dictionary * ini, const char * entry); + +/*-------------------------------------------------------------------------*/ +/** + @brief Finds out if a given entry exists in a dictionary + @param ini Dictionary to search + @param entry Name of the entry to look for + @return integer 1 if entry exists, 0 otherwise + + Finds out if a given entry exists in the dictionary. Since sections + are stored as keys with NULL associated values, this is the only way + of querying for the presence of sections in a dictionary. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_find_entry(dictionary * ini, const char * entry) ; + +/*-------------------------------------------------------------------------*/ +/** + @brief Parse an ini file and return an allocated dictionary object + @param ininame Name of the ini file to read. + @return Pointer to newly allocated dictionary + + This is the parser for ini files. This function is called, providing + the name of the file to be read. It returns a dictionary object that + should not be accessed directly, but through accessor functions + instead. + + The returned dictionary must be freed using iniparser_freedict(). + */ +/*--------------------------------------------------------------------------*/ +dictionary * iniparser_load(const char * ininame); + +/*-------------------------------------------------------------------------*/ +/** + @brief Free all memory associated to an ini dictionary + @param d Dictionary to free + @return void + + Free all memory associated to an ini dictionary. + It is mandatory to call this function before the dictionary object + gets out of the current context. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_freedict(dictionary * d); + +#ifdef __cplusplus +} +#endif + +#endif diff -Nru snoopy-1.8.0/src/lib/Makefile.am snoopy-2.3.1/src/lib/Makefile.am --- snoopy-1.8.0/src/lib/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/lib/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,18 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### INI file parser +# +if CONFIG_FILE_ENABLED +noinst_LTLIBRARIES = \ + libiniparser.la + +libiniparser_la_SOURCES = \ + iniparser/src/dictionary.c \ + iniparser/src/dictionary.h \ + iniparser/src/iniparser.c \ + iniparser/src/iniparser.h +endif diff -Nru snoopy-1.8.0/src/libsnoopy.c snoopy-2.3.1/src/libsnoopy.c --- snoopy-1.8.0/src/libsnoopy.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/libsnoopy.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,81 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy.c -- execve() logging wrapper + * + * Copyright (c) 2000 Marius Aamodt Eriksen + * Copyright (c) 2000 Mike Baker + * Copyright (c) 2010-2015 Bostjan Skufca + * + * Part hacked on flight KL 0617, 30,000 ft or so over the Atlantic :) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include DL + */ +#include + + + +/* + * Include snoopy logging facilities + */ +#include "log.h" + + + +/* + * Helpers to find pointer to overloaded function + */ +#if defined(RTLD_NEXT) +# define REAL_LIBC RTLD_NEXT +#else +# define REAL_LIBC ((void *) -1L) +#endif + +#define FN(ptr,type,name,args) ptr = (type (*)args)dlsym (REAL_LIBC, name) + + + +/* + * Function wrapper - execv() + */ +int execv (const char *filename, char *const argv[]) { + static int (*func)(const char *, char **); + + FN(func,int,"execv",(const char *, char **const)); + snoopy_log_syscall_execv(filename, argv); + + return (*func) (filename, (char **) argv); +} + + + +/* + * Function wrapper - execve() + */ +int execve (const char *filename, char *const argv[], char *const envp[]) +{ + static int (*func)(const char *, char **, char **); + + FN(func,int,"execve",(const char *, char **const, char **const)); + snoopy_log_syscall_execve(filename, argv, envp); + + return (*func) (filename, (char**) argv, (char **) envp); +} diff -Nru snoopy-1.8.0/src/log.c snoopy-2.3.1/src/log.c --- snoopy-1.8.0/src/log.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/log.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,186 @@ +/* + * SNOOPY LOGGER + * + * File: log.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "log.h" + +#include "configuration.h" +#if defined(SNOOPY_FILTERING_ENABLED) +#include "filtering.h" +#endif +#include "inputdatastorage.h" +#include "message.h" +#include "misc.h" +#include "outputregistry.h" + + + +/* + * snoopy_log_syscall_execv + * + * Description: + * Log the call to syscall execv() + * + * Params: + * filename: filename of program being executed + * argv: arguments being passed to execv() + * + * Return: + * void + */ +void snoopy_log_syscall_execv ( + const char *filename, + char *const argv[] +) { + char *envp[] = { NULL }; + snoopy_inputdatastorage_store_filename(filename); + snoopy_inputdatastorage_store_argv((char**)argv); + snoopy_inputdatastorage_store_envp(envp); + snoopy_log_syscall("execv"); +} + + + +/* + * snoopy_log_syscall_execve + * + * Description: + * Log the call to syscall execve() + * + * Params: + * filename: filename of program being executed + * argv: arguments being passed to execve() + * envp: environment being passed to execve() + * + * Return: + * void + */ +void snoopy_log_syscall_execve ( + const char *filename, + char *const argv[], + char *const envp[] +) { + snoopy_inputdatastorage_store_filename(filename); + snoopy_inputdatastorage_store_argv((char**)argv); + snoopy_inputdatastorage_store_envp((char**)envp); + snoopy_log_syscall("execve"); +} + + + +/* + * snoopy_log_syscall + * + * Description: + * Log the call to one of the syscalls + * + * Params: + * syscallName: system call name to log + * + * Return: + * void + */ +void snoopy_log_syscall ( + const char *syscallName +) { + char *logMessage = NULL; + + /* Do not log non-root commands if this is requested */ +#if defined(SNOOPY_CONF_ROOT_ONLY) + if ((geteuid() != 0) && (getuid() != 0)) { + return; + } +#endif + + /* Initialize snoopy */ + snoopy_init(); + + /* Initialize empty log message */ + logMessage = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE); + logMessage[0] = '\0'; + + /* Generate log message in specified format */ + snoopy_message_generateFromFormat(logMessage, snoopy_configuration.message_format); + +#if defined(SNOOPY_FILTERING_ENABLED) + /* Should message be passed to syslog or not? */ + if ( + (SNOOPY_FALSE == snoopy_configuration.filtering_enabled) + || + ( + (SNOOPY_TRUE == snoopy_configuration.filtering_enabled) + && + (SNOOPY_FILTER_PASS == snoopy_filtering_check_chain(logMessage, snoopy_configuration.filter_chain)) + ) + ) { +#endif + snoopy_log_dispatch(logMessage, SNOOPY_LOG_MESSAGE); +#if defined(SNOOPY_FILTERING_ENABLED) + } +#endif + + /* Housekeeping */ + free(logMessage); + snoopy_cleanup(); +} + + + +/* + * snoopy_log_dispatch + * + * Description: + * Dispatch given message to configured output + * + * Params: + * logMessage: message to dispatch + * errorOrMessage: is this a message or an error? + * + * Return: + * void + */ +void snoopy_log_dispatch ( + char *logMessage, + int errorOrMessage +) { + /* Dispatch only if non-zero size */ + if (0 == strlen(logMessage)) { + return; + } + + // Dispatch to configured output + snoopy_outputregistry_dispatch(logMessage, errorOrMessage); +} diff -Nru snoopy-1.8.0/src/log.h snoopy-2.3.1/src/log.h --- snoopy-1.8.0/src/log.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/log.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,49 @@ +/* + * SNOOPY LOGGER + * + * File: log.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Syscall-interception-handling functions + */ +void snoopy_log_syscall_execv ( + const char *filename, + char *const argv[] +); +void snoopy_log_syscall_execve ( + const char *filename, + char *const argv[], + char *const envp[] +); +void snoopy_log_syscall ( + const char *syscallName +); + + + +/* + * Log message dispatching functions + */ +void snoopy_log_dispatch ( + char *logMessage, + int errorOrMessage +); diff -Nru snoopy-1.8.0/src/Makefile.am snoopy-2.3.1/src/Makefile.am --- snoopy-1.8.0/src/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,77 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### First process all required subdirs +# +SUBDIRS = datasource output + + + +### Create main library, but without execve() wrappers +# +noinst_LTLIBRARIES = \ + libsnoopy_no_execve.la + +libsnoopy_no_execve_la_SOURCES = \ + configuration.c \ + configuration.h \ + error.c \ + error.h \ + inputdatastorage.c \ + inputdatastorage.h \ + datasourceregistry.c \ + datasourceregistry.h \ + log.c \ + log.h \ + message.c \ + message.h \ + misc.c \ + misc.h \ + outputregistry.c \ + outputregistry.h \ + snoopy.h + +libsnoopy_no_execve_la_LIBADD = \ + datasource/libsnoopy_datasources_all.la \ + output/libsnoopy_outputs_all.la + +# If config file is enabled, build and link these too +if CONFIG_FILE_ENABLED +SUBDIRS += \ + lib +libsnoopy_no_execve_la_SOURCES += \ + configfile.c \ + configfile.h +libsnoopy_no_execve_la_LIBADD += \ + lib/libiniparser.la +endif + +# If filtering is enabled, add these too +if FILTERING_ENABLED +SUBDIRS += \ + filter +libsnoopy_no_execve_la_SOURCES += \ + filtering.c \ + filtering.h \ + filterregistry.c \ + filterregistry.h +libsnoopy_no_execve_la_LIBADD += \ + filter/libsnoopy_filters_all.la +endif + + + +### Create main library, whole +# + +lib_LTLIBRARIES = \ + libsnoopy.la + +libsnoopy_la_SOURCES = \ + libsnoopy.c + +libsnoopy_la_LIBADD = \ + libsnoopy_no_execve.la diff -Nru snoopy-1.8.0/src/message.c snoopy-2.3.1/src/message.c --- snoopy-1.8.0/src/message.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/message.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,168 @@ +/* + * SNOOPY LOGGER + * + * File: message.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "message.h" + +#include "configuration.h" +#include "error.h" +#include "inputdatastorage.h" +#include "datasourceregistry.h" +#include "misc.h" + + + +/* + * snoopy_message_generateFromFormat + * + * Description: + * Generates log message as specified by messageFormat, using + * data sources where requested. + * + * Params: + * logMessage: destination string to return message in + * logMessageFormat: log message format to use + * + * Return: + * void + */ +void snoopy_message_generateFromFormat ( + char *logMessage, + char *logMessageFormat +) { + char *fmtPos_cur; + char *fmtPos_nextFormatTag; + char *fmtPos_nextFormatTagClose; + char *msgPos_cur; + + fmtPos_cur = logMessageFormat; + fmtPos_nextFormatTag = logMessageFormat; + msgPos_cur = logMessage; + + // Loop all the way to the end of log message format specification + while (strlen(fmtPos_nextFormatTag) > 0) { + int lengthToCopy; + char fmtStaticText[SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE]; + char dataSourceTag[100]; + int dataSourceTagLength; + char *fmtPos_dataSourceTagArg; + char *dataSourceNamePtr; + char *dataSourceArgPtr; + char dataSourceArg[SNOOPY_DATASOURCE_ARG_MAX_SIZE]; + char dataSourceMsg[SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE]; + + // If no data source tag is found, just copy the text and bail out + fmtPos_nextFormatTag = strstr(fmtPos_cur, "%{"); + if (NULL == fmtPos_nextFormatTag) { + snoopy_message_append(logMessage, fmtPos_cur); + break; + } + + // Otherwise copy text up to the next data source tag + lengthToCopy = fmtPos_nextFormatTag - fmtPos_cur + 1; // + 1 for null termination + if (lengthToCopy > SNOOPY_LOG_MESSAGE_MAX_SIZE-strlen(logMessage)) { + lengthToCopy = SNOOPY_LOG_MESSAGE_MAX_SIZE-strlen(logMessage); + } + fmtStaticText[0] = '\0'; + snprintf(fmtStaticText, lengthToCopy, "%s", fmtPos_cur); + snoopy_message_append(logMessage, fmtStaticText); + msgPos_cur += lengthToCopy; + + // Get data source tag + fmtPos_nextFormatTagClose = strstr(fmtPos_nextFormatTag, "}"); + if (NULL == fmtPos_nextFormatTagClose) { + snoopy_message_append(logMessage, " ERROR: Closing data source tag not found: '}'"); + break; + } + dataSourceTag[0] = '\0'; + dataSourceTagLength = (fmtPos_nextFormatTagClose-1) - (fmtPos_nextFormatTag+2) + 2; + snprintf(dataSourceTag, dataSourceTagLength, "%s", fmtPos_nextFormatTag + 2); + + // If data source tag contains ":", then split it into data source name and data source argument + fmtPos_dataSourceTagArg = strstr(dataSourceTag, ":"); + if (NULL == fmtPos_dataSourceTagArg) { + // Format tag == data source name ATM + dataSourceNamePtr = dataSourceTag; + dataSourceArg[0] = '\0'; + dataSourceArgPtr = dataSourceArg; + } else { + // Change the colon to null string, and copy fist and second part to corresponding variables + fmtPos_dataSourceTagArg[0] = '\0'; + dataSourceNamePtr = dataSourceTag; + dataSourceArgPtr = fmtPos_dataSourceTagArg + 1; + } + + // Check if data source actually exists + if (! snoopy_datasourceregistry_isRegistered(dataSourceNamePtr)) { + snoopy_message_append(logMessage, "ERROR(Data source not found - "); + snoopy_message_append(logMessage, dataSourceNamePtr); + snoopy_message_append(logMessage, ")"); + break; + } + + // Call the provider, and append the results to log message + dataSourceMsg[0] = '\0'; + snoopy_datasourceregistry_call(dataSourceNamePtr, dataSourceMsg, dataSourceArgPtr); + snoopy_message_append(logMessage, dataSourceMsg); + + // Where to start next iteration + fmtPos_cur = fmtPos_nextFormatTagClose + 1; + msgPos_cur = fmtPos_nextFormatTagClose + 1; + } +} + + + +/* + * snoopy_message_append + * + * Description: + * Appends content to the end of log message, watching for + * buffer overrun. + * + * Params: + * logMessage: message container to append to + * appendThis: content to append to logMessage + * + * Return: + * void + */ +void snoopy_message_append ( + char *logMessage, + char *appendThis +) { + return snoopy_string_append(logMessage, appendThis, SNOOPY_LOG_MESSAGE_MAX_SIZE); +} diff -Nru snoopy-1.8.0/src/message.h snoopy-2.3.1/src/message.h --- snoopy-1.8.0/src/message.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/message.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,35 @@ +/* + * SNOOPY LOGGER + * + * File: message.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +void snoopy_message_generateFromFormat ( + char *logMessage, + char *logMessageFormat +); + + + +void snoopy_message_append ( + char *logMessage, + char *appendThis +); diff -Nru snoopy-1.8.0/src/misc.c snoopy-2.3.1/src/misc.c --- snoopy-1.8.0/src/misc.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/misc.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,117 @@ +/* + * SNOOPY LOGGER + * + * File: misc.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include all required C resources + */ +#include +#include +#include + + + +/* + * Include all snoopy-related resources + */ +#include "snoopy.h" +#include "misc.h" + +#include "configuration.h" +#include "error.h" + + + +/* + * snoopy_init + * + * Description: + * Handles snoopy initialization/startup specifics + * + * Params: + * (none) + * + * Return: + * void + */ +void snoopy_init () +{ + snoopy_configuration_ctor(); +} + + + +/* + * snoopy_cleanup + * + * Description: + * Handles all snoopy deinitialization/shutdown specifics + * + * Params: + * (none) + * + * Return: + * void + */ +void snoopy_cleanup () +{ + snoopy_configuration_dtor(); +} + + + +/* + * snoopy_string_append + * + * Description: + * Appends content to the end of string, watching for + * buffer overrun. + * + * Params: + * destString: string container to append to + * appendThis: content to append to destString + * destStringMaxLength: maximum length of dest string, including \0 + * + * Return: + * void + */ +void snoopy_string_append ( + char *destString, + char *appendThis, + int destStringMaxLength +) { + int destStringSize = -1; + int destStringSizeRemaining = -1; + int appendThisSize = -1; + + /* Verify the limits */ + destStringSize = strlen(destString); + appendThisSize = strlen(appendThis); + destStringSizeRemaining = destStringMaxLength - destStringSize; + if (destStringSizeRemaining < appendThisSize) { + snoopy_error_handler("Maximum destination string size exceeded"); + } + + /* Copy to the destination string */ + strcat(&destString[destStringSize], appendThis); +} diff -Nru snoopy-1.8.0/src/misc.h snoopy-2.3.1/src/misc.h --- snoopy-1.8.0/src/misc.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/misc.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,40 @@ +/* + * SNOOPY LOGGER + * + * File: misc.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Init/shutdown functions + */ +void snoopy_init (); +void snoopy_cleanup (); + + + +/* + * String functions + */ +void snoopy_string_append ( + char *destString, + char *appendThis, + int destStringMaxLength +); diff -Nru snoopy-1.8.0/src/output/devlogoutput.c snoopy-2.3.1/src/output/devlogoutput.c --- snoopy-1.8.0/src/output/devlogoutput.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/devlogoutput.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,67 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/devlogoutput.c + * + * Copyright (c) 2014-2015 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: devlogoutput + * + * Description: + * Sends given message directly to /dev/log socket, without using syslog() syscall + * + * Params: + * message: message to send + * + * Return: + * void + */ +#include +#include +#include + +#include "snoopy.h" +#include "configuration.h" +#include "output/socketoutput.h" + + + +int snoopy_output_devlogoutput (char *logMessage, int errorOrMessage, char *arg) +{ + char *logMessageWithPrefix = NULL; + int retVal; + + /* Generate final message - add prefix which is otherwise added by syslog() syscall */ + logMessageWithPrefix = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE + 100); // +100 ought to be enough + logMessageWithPrefix[0] = '\0'; + sprintf(logMessageWithPrefix, "<%d>snoopy[%d]: %s", + snoopy_configuration.syslog_facility | snoopy_configuration.syslog_level, + getpid(), + logMessage + ); + + /* Pass execution to another output provider */ + retVal = snoopy_output_socketoutput(logMessageWithPrefix, errorOrMessage, "/dev/log"); + + /* Housekeeping */ + free(logMessageWithPrefix); + return retVal; +} diff -Nru snoopy-1.8.0/src/output/devlogoutput.h snoopy-2.3.1/src/output/devlogoutput.h --- snoopy-1.8.0/src/output/devlogoutput.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/devlogoutput.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/devlogoutput.h + * + * Copyright (c) 2014-2015 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: directly to /dev/log + */ +int snoopy_output_devlogoutput (char *logMessage, int errorOrMessage, char *arg); diff -Nru snoopy-1.8.0/src/output/fileoutput.c snoopy-2.3.1/src/output/fileoutput.c --- snoopy-1.8.0/src/output/fileoutput.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/fileoutput.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,67 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/fileoutput.c + * + * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: fileoutput (called like this because is system library + * + * Description: + * Sends given message to socket + * + * Params: + * message: message to send + * + * Return: + * void + */ +#include +#include +#include + +#include "snoopy.h" +#include "configuration.h" + + + +int snoopy_output_fileoutput (char *logMessage, int errorOrMessage, char *arg) +{ + FILE *fp; + int charCount; + + // Check if output file is properly configured + if (0 == strcmp(arg, "")) { + return -1; + } + + // Try to open file in append mode + fp = fopen(arg, "a"); + if (NULL == fp) { + return -2; + } + + // Try to print to file + charCount = fprintf(fp, "%s\n", logMessage); + fclose(fp); + return charCount; +} + diff -Nru snoopy-1.8.0/src/output/fileoutput.h snoopy-2.3.1/src/output/fileoutput.h --- snoopy-1.8.0/src/output/fileoutput.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/fileoutput.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/fileoutput.h + * + * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: write directly to file + */ +int snoopy_output_fileoutput (char *logMessage, int errorOrMessage, char *arg); diff -Nru snoopy-1.8.0/src/output/Makefile.am snoopy-2.3.1/src/output/Makefile.am --- snoopy-1.8.0/src/output/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/Makefile.am 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,55 @@ +### Include common Makefile configuration +# +include $(top_srcdir)/build/Makefile.am.common + + + +### Include +# +AM_CFLAGS += -I$(top_srcdir)/src + + + +### Create one library with all snoopy outputs collected in it +# +noinst_LTLIBRARIES = libsnoopy_outputs_all.la + + + +### Filter collection is made of the following files +# +# Please maintain alphabetical order, equal to what `ls` would do. +# +libsnoopy_outputs_all_la_SOURCES = + +# Output: devlog +# +if OUTPUT_ENABLED_devlog +libsnoopy_outputs_all_la_SOURCES += \ + devlogoutput.c \ + devlogoutput.h +endif + +# Output: file +# +if OUTPUT_ENABLED_file +libsnoopy_outputs_all_la_SOURCES += \ + fileoutput.c \ + fileoutput.h +endif + +# Output: socket +# +# This one is always enabled, unconditionally +# +libsnoopy_outputs_all_la_SOURCES += \ + socketoutput.c \ + socketoutput.h + +# Output: syslog +# +if OUTPUT_ENABLED_syslog +libsnoopy_outputs_all_la_SOURCES += \ + syslogoutput.c \ + syslogoutput.h +endif diff -Nru snoopy-1.8.0/src/output/socketoutput.c snoopy-2.3.1/src/output/socketoutput.c --- snoopy-1.8.0/src/output/socketoutput.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/socketoutput.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,94 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/socketoutput.c + * + * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: socketoutput (called like this because is system library) + * + * Description: + * Sends given message to socket + * + * Params: + * message: message to send + * + * Return: + * void + */ +#include +#include +#include +#include +#include +#include +#include + +#include "snoopy.h" +#include "configuration.h" + + + +int snoopy_output_socketoutput (char *logMessage, int errorOrMessage, char *arg) +{ + int s; + struct sockaddr_un remote; + int remoteLength; + + /* Dispatch only if non-zero size */ + if (0 == strlen(logMessage)) { + return 0; + } + +#if (defined(__GLIBC__) && (2 == __GLIBC__) && (__GLIBC_MINOR__ < 9)) + /* Prepare socket - non-blocking sockets are not supported on older glibc */ + if ((s = socket(AF_LOCAL, SOCK_DGRAM, 0)) == -1) { +#else + /* Prepare socket - NON BLOCKING (systemd blocks /dev/log if journald is not running) */ + if ((s = socket(AF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0)) == -1) { +#endif + return -1; + } + + remote.sun_family = AF_LOCAL; + strncpy(remote.sun_path, arg, 107); // Coverity suggests -1 here + if (strlen(arg) > 107) { + remote.sun_path[107] = '\0'; + } + + remoteLength = strlen(remote.sun_path) + sizeof(remote.sun_family); + if (connect(s, (struct sockaddr *)&remote, remoteLength) == -1) { + close(s); + return -2; + } + + + /* Send message - returns -1 on error, chars sent on success */ + if (send(s, logMessage, strlen(logMessage), MSG_DONTWAIT|MSG_NOSIGNAL) == -1) { + close(s); + return -3; + } + + + /* Return success status */ + close(s); + return 1; +} diff -Nru snoopy-1.8.0/src/output/socketoutput.h snoopy-2.3.1/src/output/socketoutput.h --- snoopy-1.8.0/src/output/socketoutput.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/socketoutput.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/socketoutput.h + * + * Copyright (c) 2014 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: socket + */ +int snoopy_output_socketoutput (char *logMessage, int errorOrMessage, char *arg); diff -Nru snoopy-1.8.0/src/output/syslogoutput.c snoopy-2.3.1/src/output/syslogoutput.c --- snoopy-1.8.0/src/output/syslogoutput.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/syslogoutput.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,70 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/syslogoutput.c + * + * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: syslogouput (called like this because is system library + * + * Description: + * Sends given message to syslog + * + * Params: + * message: message to send + * + * Return: + * void + */ +#include +#include +#include +#include +#include +#include + +#include "snoopy.h" +#include "configuration.h" + + + +int snoopy_output_syslogoutput (char *logMessage, int errorOrMessage, char *arg) +{ + /* Dispatch only if non-zero size */ + if (0 == strlen(logMessage)) { + return 0; + } + + /* Prepare logging stuff */ + openlog("snoopy", LOG_PID, snoopy_configuration.syslog_facility); + + /* Log error or ordinary message */ + if (SNOOPY_LOG_ERROR == errorOrMessage) { + syslog(LOG_ERR, "ERROR: %s", logMessage); + } else { + syslog(snoopy_configuration.syslog_level, "%s", logMessage); + } + + /* Close the syslog file descriptor */ + closelog(); + + return 1; +} diff -Nru snoopy-1.8.0/src/output/syslogoutput.h snoopy-2.3.1/src/output/syslogoutput.h --- snoopy-1.8.0/src/output/syslogoutput.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/output/syslogoutput.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,28 @@ +/* + * SNOOPY LOGGER + * + * File: snoopy/output/syslogoutput.h + * + * Copyright (c) 2014 Bostjan Skufca (bostjan _A_T_ a2o.si) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * SNOOPY OUTPUT: syslog + */ +int snoopy_output_syslogoutput (char *logMessage, int errorOrMessage, char *arg); diff -Nru snoopy-1.8.0/src/outputregistry.c snoopy-2.3.1/src/outputregistry.c --- snoopy-1.8.0/src/outputregistry.c 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/outputregistry.c 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,163 @@ +/* + * SNOOPY LOGGER + * + * File: outputregistry.c + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Include relevant header files + */ +#include "snoopy.h" +#include "outputregistry.h" +#include "configuration.h" +#include + + + +/* + * Include headers of all output functions + * + * Please maintain alphabetical order, equal to what `ls` would do. + */ +//#ifdef SNOOPY_CONF_OUTPUT_ENABLED_console +//#include "output/consoleoutput.h" +//#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_devlog +#include "output/devlogoutput.h" +#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_file +#include "output/fileoutput.h" +#endif +//#ifdef SNOOPY_CONF_OUTPUT_ENABLED_journald +//#include "output/journaldoutput.h" +//#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_socket +#include "output/socketoutput.h" +#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_syslog +#include "output/syslogoutput.h" +#endif + + + +/* + * Two arrays holding data about output functions + * + * Please maintain alphabetical order, equal to what `ls` would do. + */ +char *snoopy_outputregistry_names[] = { +//#ifdef SNOOPY_CONF_OUTPUT_ENABLED_console +// "console", +//#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_devlog + "devlog", +#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_file + "file", +#endif +//#ifdef SNOOPY_CONF_OUTPUT_ENABLED_journald +// "journald", +//#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_socket + "socket", +#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_syslog + "syslog", +#endif + "", +}; + +int (*snoopy_outputregistry_ptrs []) (char *logMessage, int errorOrMessage, char *arg) = { +//#ifdef SNOOPY_CONF_OUTPUT_ENABLED_console +// snoopy_output_consoleoutput, +//#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_devlog + snoopy_output_devlogoutput, +#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_file + snoopy_output_fileoutput, +#endif +//#ifdef SNOOPY_CONF_OUTPUT_ENABLED_journald +// snoopy_output_journaldoutput, +//#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_socket + snoopy_output_socketoutput, +#endif +#ifdef SNOOPY_CONF_OUTPUT_ENABLED_syslog + snoopy_output_syslogoutput, +#endif +}; + + + +/* + * isRegistered() + * + * Return true if output provider exists, otherwise return false + */ +int snoopy_outputregistry_isRegistered (char *providerName) +{ + if (snoopy_outputregistry_getIndex(providerName) == -1) { + return SNOOPY_FALSE; + } else { + return SNOOPY_TRUE; + } +} + + + +/* + * getIndex() + * + * Return index of given output provider, or -1 if not found + */ +int snoopy_outputregistry_getIndex (char *providerName) +{ + int i; + + i = 0; + while (strcmp(snoopy_outputregistry_names[i], "") != 0) { + if (strcmp(snoopy_outputregistry_names[i], providerName) == 0) { + return i; + } + i++; + } + return -1; +} + + + +/* + * dispatch() + * + * Dispatch the message to configured outputProvider + */ +int snoopy_outputregistry_dispatch (char *logMessage, int errorOrMessage) +{ + int idx; + + idx = snoopy_outputregistry_getIndex(snoopy_configuration.output); + if (idx == -1) { + return -1; + } + + return snoopy_outputregistry_ptrs[idx](logMessage, errorOrMessage, snoopy_configuration.output_arg); +} diff -Nru snoopy-1.8.0/src/outputregistry.h snoopy-2.3.1/src/outputregistry.h --- snoopy-1.8.0/src/outputregistry.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/outputregistry.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,38 @@ +/* + * SNOOPY LOGGER + * + * File: outputregistry.h + * + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/* + * Two arrays holding data about output functions + */ +extern char *snoopy_outputregistry_names[]; +extern int (*snoopy_outputregistry_ptrs []) (char *logMessage, int errorOrMessage, char *arg); + + + +/* + * Functions to manage and utilise output providers + */ +int snoopy_outputregistry_isRegistered (char *providerName); +int snoopy_outputregistry_getIndex (char *providerName); +int snoopy_outputregistry_dispatch (char *logMessage, int errorOrMessage); diff -Nru snoopy-1.8.0/src/snoopy.h snoopy-2.3.1/src/snoopy.h --- snoopy-1.8.0/src/snoopy.h 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/src/snoopy.h 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,288 @@ +/* + * SNOOPY LOGGER + * + * snoopy.h + * Copyright (c) 2014-2015 Bostjan Skufca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + + +/** + * Include ./configured constants + */ +#include "config.h" + + + +/** + * Include all required system headers + */ + +/* This should generaly be done wherever unistd.h is required. */ +/* But sysconf is needed here, and all files include snoopy.h. */ +/* Needed to get getpgid and getsid on older glibc */ +/* This must be the first file to be included, or implicit inclusion (by i.e. ) does the wrong thing */ +#define _XOPEN_SOURCE 500 +#include + +/* Needed for GLIBC macros here */ +#include + + + +/** + * SNOOPY_MAX_ARG_LENGTH + * + * Maximum length of arguments passed to execv(e) functions + */ +#define SNOOPY_SYSCONF_ARG_MAX ((-1 == sysconf(_SC_ARG_MAX)) ? 4096 : sysconf(_SC_ARG_MAX)) + + + +/** + * SNOOPY_DATASOURCE_ARG_MAX_SIZE + * + * Maximum length of a string argument to each data source + */ +#define SNOOPY_DATASOURCE_ARG_MAX_SIZE 1024 + + + +/** + * SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE + * + * Maximum length of a string returned from any data source function, + * including terminating null character. + */ +#define SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE 1024 + + + +/** + * SNOOPY_FILTER_CHAIN_MAX_SIZE + * + * Maximum length of filter chain definition + */ +#define SNOOPY_FILTER_CHAIN_MAX_SIZE 4096 + + + +/** + * SNOOPY_FILTER_NAME_MAX_SIZE + * + * Maximum length of each filter name + */ +#define SNOOPY_FILTER_NAME_MAX_SIZE 1024 + + + +/** + * SNOOPY_FILTER_ARG_MAX_SIZE + * + * Maximum length of a string argument to each filter + */ +#define SNOOPY_FILTER_ARG_MAX_SIZE 1024 + + + +/** + * SNOOPY_LOG_MESSAGE_MAX_SIZE + * + * Maximum length of single (whole) log message, + * including terminating null character. + */ +#define SNOOPY_LOG_MESSAGE_MAX_SIZE 16383 + + + +/** + * SNOOPY_LOG_MESSAGE_FORMAT_default + * + * Default format of snoopy log message + */ +#define SNOOPY_VERSION PACKAGE_VERSION + + + +/** + * SNOOPY_LOG_MESSAGE_FORMAT_default + * + * Default format of snoopy log message + */ +#define SNOOPY_LOG_MESSAGE_FORMAT_default \ + "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" + + + +/** + * SNOOPY_LOG_MESSAGE_FORMAT + * + * Actual log message format to use + * + * Message format may contain: + * - any arbitrary text is copied litaraly + * - text between "%{" and "}" is considered special - it calls data source + * - %{data_source} calls data source named 'data_source' without argument + * - %{data_source:arg} calls data source named 'data_source', and passed the given argument to it + */ +#ifdef SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom +#define SNOOPY_LOG_MESSAGE_FORMAT SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom +#else +#define SNOOPY_LOG_MESSAGE_FORMAT SNOOPY_LOG_MESSAGE_FORMAT_default +#endif + + + +/** + * SNOOPY_TRUE + * SNOOPY_FALSE + */ +#define SNOOPY_TRUE 1 +#define SNOOPY_FALSE 0 + + + +/** + * SNOOPY_LOG_ERROR + * SNOOPY_LOG_MESSAGE + */ +#define SNOOPY_LOG_ERROR 1 +#define SNOOPY_LOG_MESSAGE 2 + + + +/** + * FIlter return values + * + * SNOOPY_FILTER_PASS - message should be passed on + * SNOOPY_FILTER_DROP - message should be dropped + */ +#define SNOOPY_FILTER_PASS 1 +#define SNOOPY_FILTER_DROP 0 + + + +/** + * SNOOPY_FILTERING_ENABLED + * + * Whether filtering is enabled or not + */ +#ifdef SNOOPY_CONF_FILTERING_ENABLED +#define SNOOPY_FILTERING_ENABLED 1 +#endif + + + +/** + * SNOOPY_FILTER_CHAIN_default + * + * Default snoopy filter chain specification + */ +#define SNOOPY_FILTER_CHAIN_default "" + + + +/** + * SNOOPY_FILTER_CHAIN + * + * Actual filter chain specification to use + * + * Filter chain format: + * - example: filter1; filter2; filter3:arg1; filter3:arg2 + * - you may pass argument to filter by suffixing it with :arg + * - spaces are ignored + */ +#ifdef SNOOPY_CONF_FILTER_CHAIN_custom +#define SNOOPY_FILTER_CHAIN SNOOPY_CONF_FILTER_CHAIN_custom +#else +#define SNOOPY_FILTER_CHAIN SNOOPY_FILTER_CHAIN_default +#endif + + + +/** + * SNOOPY_CONFIG_FILE + * + * Path to INI configuration file, if enabled + * + * If configuration file is enabled, this constant is defined + * and holds absolute path to it + */ +#ifdef SNOOPY_CONF_CONFIG_FILE +#define SNOOPY_CONFIG_FILE SNOOPY_CONF_CONFIG_FILE +#endif + + + +/** + * SNOOPY_OUTPUT + * + * Where is the outlet of snoopy messages + * + * By default, messages get sent to syslog. Groundwork for other outputs + * is provided to facilitate unforseen uses. + */ +#define SNOOPY_OUTPUT_DEVLOG "devlog" +#define SNOOPY_OUTPUT_FILE "file" +#define SNOOPY_OUTPUT_SOCKET "socket" +#define SNOOPY_OUTPUT_SYSLOG "syslog" + +#ifdef SNOOPY_CONF_OUTPUT_DEFAULT + +#define SNOOPY_OUTPUT_DEFAULT SNOOPY_CONF_OUTPUT_DEFAULT +#define SNOOPY_OUTPUT_DEFAULT_ARG SNOOPY_CONF_OUTPUT_DEFAULT_ARG + +#else /* SNOOPY_CONF_OUTPUT_DEFAULT */ + +#if (defined(__GLIBC__) && (2 == __GLIBC__) && (__GLIBC_MINOR__ < 9)) +/* Use 'syslog' on older linuxes that od not support SOCK_CLOEXEC and SOCK_NONBLOCK */ +#define SNOOPY_OUTPUT_DEFAULT SNOOPY_OUTPUT_SYSLOG +#else +/* Otherwise do not use 'syslog' (was default before), because systemd is funny (blocks the syslog() call */ +#define SNOOPY_OUTPUT_DEFAULT SNOOPY_OUTPUT_DEVLOG +#endif +#define SNOOPY_OUTPUT_DEFAULT_ARG "" + +#endif /* SNOOPY_CONF_OUTPUT_DEFAULT */ + + +/** + * SNOOPY_LOG_ERRORS + * + * Whether errors are logged or not? + * + * If error logging is enabled, then all errors that occur when using snoopy + * will be sent to syslog. This is to aid developers and integrators with + * their endeavours. + */ +#ifdef SNOOPY_CONF_ERROR_LOGGING_ENABLED +#define SNOOPY_ERROR_LOGGING_ENABLED SNOOPY_CONF_ERROR_LOGGING_ENABLED +#endif + + + +/** + * SNOOPY_SYSLOG_* + * + * Syslog configuration settings + * + * If error logging is enabled, then all errors that occur when using snoopy + * will be sent to syslog. This is to aid developers and integrators with + * their endeavours. + */ +#define SNOOPY_SYSLOG_FACILITY SNOOPY_CONF_SYSLOG_FACILITY +#define SNOOPY_SYSLOG_LEVEL SNOOPY_CONF_SYSLOG_LEVEL diff -Nru snoopy-1.8.0/TODO snoopy-2.3.1/TODO --- snoopy-1.8.0/TODO 2011-03-06 02:52:18.000000000 +0000 +++ snoopy-2.3.1/TODO 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -$Id: TODO 5 2010-02-09 20:00:51Z bostjanskufca $ diff -Nru snoopy-1.8.0/.travis.yml snoopy-2.3.1/.travis.yml --- snoopy-1.8.0/.travis.yml 1970-01-01 00:00:00.000000000 +0000 +++ snoopy-2.3.1/.travis.yml 2015-05-24 12:25:02.000000000 +0000 @@ -0,0 +1,15 @@ +language: c + + +compiler: + - gcc + - clang + + +before_script: + - "./bootstrap.sh" + + +script: + - "./configure --enable-config-file --enable-filtering" + - "make"