1 /**************************************
2  **
3  ** PARSER RULES
4  **
5  ** (a) must set record->host
6  **     (eventually to dummy value)
7  **
8  ** (b) must set record->prefix
9  **     (command)
10  **
11  **
12  **************************************/
13 
14 /* for strptime */
15 #define _XOPEN_SOURCE
16 
17 #include "config_xor.h"
18 #include <string.h>
19 
20 #if defined(HOST_IS_SOLARIS)
21 /* For 'struct timeval' in <sys/time.h> */
22 #define __EXTENSIONS__
23 #endif
24 
25 #include <time.h>
26 
27 #if defined(USE_LOGFILE_MONITOR)
28 
29 #include "samhain.h"
30 #include "sh_pthread.h"
31 #include "sh_log_check.h"
32 #include "sh_string.h"
33 
34 #undef  FIL__
35 #define FIL__  _("sh_log_parse_samba.c")
36 
37 
sh_read_samba(sh_string * record,struct sh_logfile * logfile)38 sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile)
39 {
40   return sh_cont_reader (record, logfile, " \t");
41 }
42 
sh_parse_samba(sh_string * logline,void * fileinfo)43 struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo)
44 {
45   static struct tm old_tm;
46   static time_t    old_time;
47 
48   struct sh_logrecord * record = NULL;
49 
50   static const char *    format0_1 = N_("[%Y/%m/%d %T");
51   static char   format_1[16];
52   static int    format_init = 0;
53 
54   (void) fileinfo;
55 
56   if (!format_init)
57     {
58       sl_strlcpy(format_1, _(format0_1), sizeof(format_1));
59       format_init = 1;
60     }
61 
62   if (logline && sh_string_len(logline) > 0)
63     {
64       size_t lengths[3];
65       unsigned int  fields = 3;
66       char ** array;
67       char * p = strchr(sh_string_str(logline), ',');
68 
69       *p = '\0'; ++p;
70       array = split_array_ws(p, &fields, lengths);
71 
72       if (fields == 3)
73 	{
74 	  struct tm btime;
75 	  char * ptr;
76 
77 	  memset(&btime, 0, sizeof(struct tm));
78 	  btime.tm_isdst = -1;
79 
80 	  ptr = strptime(sh_string_str(logline), format_1, &btime);
81 
82 	  if (ptr && *ptr == '\0') /* no error, whole string consumed */
83 	    {
84 	      record = SH_ALLOC(sizeof(struct sh_logrecord));
85 
86 	      record->timestamp = conv_timestamp(&btime, &old_tm, &old_time);
87 
88 	      p = sh_string_str(logline); ++p;
89 
90 	      record->timestr   = sh_string_new_from_lchar(p, strlen(p));
91 
92 	      record->message   = sh_string_new_from_lchar(array[2], lengths[2]);
93 
94 	      record->pid       = 0;
95 	      record->host      = sh_string_new_from_lchar(sh.host.name,
96 							   strlen(sh.host.name));
97 	    }
98 	}
99       SH_FREE(array);
100     }
101   return record;
102 }
103 
104 #endif
105