1 /* SAMHAIN file system integrity testing */ 2 /* Copyright (C) 2015 Rainer Wichmann */ 3 /* */ 4 /* This program is free software; you can redistribute it */ 5 /* and/or modify */ 6 /* it under the terms of the GNU General Public License as */ 7 /* published by */ 8 /* the Free Software Foundation; either version 2 of the License, or */ 9 /* (at your option) any later version. */ 10 /* */ 11 /* This program is distributed in the hope that it will be useful, */ 12 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ 13 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ 14 /* GNU General Public License for more details. */ 15 /* */ 16 /* You should have received a copy of the GNU General Public License */ 17 /* along with this program; if not, write to the Free Software */ 18 /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ 19 20 21 #ifndef SH_DBIO_INT_H 22 #define SH_DBIO_INT_H 23 24 #define SH_DEADFILE 65535 25 26 typedef struct store_info_old { 27 28 UINT32 mode; 29 UINT32 linkmode; 30 31 UINT64 dev; 32 UINT64 rdev; 33 34 UINT32 hardlinks; 35 UINT32 ino; 36 37 UINT64 size; 38 UINT64 atime; 39 UINT64 mtime; 40 UINT64 ctime; 41 42 UINT32 owner; 43 UINT32 group; 44 45 UINT32 attributes; 46 47 char c_attributes[ATTRBUF_SIZE]; /* 16 = 2*UINT64 */ 48 49 unsigned short mark; 50 char c_owner[USER_MAX+2]; 51 char c_group[GROUP_MAX+2]; 52 char c_mode[CMODE_SIZE]; 53 char checksum[KEY_LEN+1]; 54 55 } sh_filestore_old_t; 56 57 typedef struct store_info { 58 59 UINT32 mode; 60 UINT32 linkmode; 61 62 UINT64 dev; 63 UINT64 rdev; 64 65 UINT32 hardlinks; 66 UINT32 ino; 67 68 UINT64 size; 69 UINT64 atime; 70 UINT64 mtime; 71 UINT64 ctime; 72 73 UINT32 owner; 74 UINT32 group; 75 76 UINT32 attributes; 77 78 char c_attributes[ATTRBUF_SIZE]; /* 16 = 2*UINT64 */ 79 80 unsigned short mark; 81 char c_owner[USER_MAX+2]; 82 char c_group[GROUP_MAX+2]; 83 char c_mode[CMODE_SIZE]; 84 char checksum[KEY_LEN+1]; 85 86 /* If 'checkflags' is elsewhere, the compiler would still use 87 * a 6-byte padding to align the whole struct to an 8-byte boundary. 88 * ipad, opad: make explicit what the compiler does on a 64-byte system. 89 */ 90 char ipad[2]; 91 UINT32 checkflags; 92 char opad[4]; 93 94 } sh_filestore_t; 95 96 typedef struct file_info { 97 sh_filestore_t theFile; 98 char * fullpath; 99 char * linkpath; 100 char * attr_string; 101 int fflags; 102 unsigned long modi_mask; 103 struct file_info * next; 104 } sh_file_t; 105 106 //* must fit an int */ 107 #define TABSIZE 65536 108 109 /* must fit an unsigned short */ 110 /* changed for V0.8, as the */ 111 /* database format has changed */ 112 /* changed again for V0.9 */ 113 /* #define REC_MAGIC 19 */ 114 /* changed again for V1.3 */ 115 /* #define REC_MAGIC 20 */ 116 /* changed again for V1.4 */ 117 /* #define REC_MAGIC 21 */ 118 #define OLD_REC_MAGIC 21 119 /* changed again for V3.2 */ 120 #define REC_MAGIC 22 121 122 #define REC_FLAGS_ATTR (1<<8) 123 #define REC_FLAGS_MASK 0xFF00 124 125 /* Insert into database table 126 */ 127 void hashinsert (sh_file_t * tab[TABSIZE], sh_file_t * s); 128 129 /* Internal conversion function 130 */ 131 file_type * sh_hash_create_ft (const sh_file_t * p, char * fileHash); 132 133 /* Print what's in the link path 134 */ 135 int sh_hash_printcontent(char * linkpath); 136 137 /* List database entry 138 */ 139 void sh_hash_list_db_entry (sh_file_t * p); 140 141 /* get the location of the default/main database table 142 */ 143 sh_file_t ** get_default_data_table(); 144 145 /* Write whole database 146 */ 147 int sh_dbIO_writeout(sh_file_t * mtab[TABSIZE], const char * outpath, int truncate); 148 149 /* Load from the default source into hash table 'tab' 150 */ 151 int sh_dbIO_load_db(sh_file_t * tab[TABSIZE]); 152 153 /* Load from the file 'filepath' into hash table 'tab' 154 */ 155 int sh_dbIO_load_db_file(sh_file_t * tab[TABSIZE], const char * filepath); 156 157 #endif 158