pax_global_header00006660000000000000000000000064125303414360014513gustar00rootroot0000000000000052 comment=78e2e904346598b8eb965126533aa8d3516c118c snoopy-snoopy-2.3.1/000077500000000000000000000000001253034143600143725ustar00rootroot00000000000000snoopy-snoopy-2.3.1/.gitignore000066400000000000000000000017031253034143600163630ustar00rootroot00000000000000### Files produced by autotools # Makefile.in /aclocal.m4 /autom4te.cache /autoscan.log /build/aux/ar-lib /build/aux/compile /build/aux/config.guess /build/aux/config.sub /build/aux/depcomp /build/aux/install-sh /build/aux/ltmain.sh /build/aux/missing /build/aux/test-driver /build/m4/libtool.m4 /build/m4/lt*.m4 /configure /config.h /config.log /config.status /config.h.in~ /stamp-h? ### Files produced by ./configure # Makefile /libtool # Temporary files created during ./configure run /conf*/ /confdefs.h /conftest.c /conftest.err /libtoolT ### Files produced by build process # .dirstamp *.a *.o *.la *.lo .deps/ .libs/ /src/libsnoopy.so /bin/snoopy-disable /bin/snoopy-enable /bin/snoopy-test-all-data-sources /bin/snoopy-test-output /bin/snoopy-detect /bin/snoopy-dev-helper /contrib/rhel/snoopy.spec /contrib/sles/snoopy.spec /etc/snoopy.ini ### Coverity files # /cov-int* /build/coverity-settings.sh.conf ### Distribution related files # /debian snoopy-snoopy-2.3.1/.travis.yml000066400000000000000000000002371253034143600165050ustar00rootroot00000000000000language: c compiler: - gcc - clang before_script: - "./bootstrap.sh" script: - "./configure --enable-config-file --enable-filtering" - "make" snoopy-snoopy-2.3.1/COPYING000066400000000000000000000431271253034143600154340ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. snoopy-snoopy-2.3.1/ChangeLog000066400000000000000000000310751253034143600161520ustar00rootroot00000000000000------------------------------------------------------------------------------- Snoopy Logger ChangeLog ------------------------------------------------------------------------------- 2015-05-24 - Version 2.3.1 -------------------------- o Bugfix (#68 @ GitHub): fixed build failure on SLES - mismatching prototype in error.c/.h (reported by GitHub user @tparkercbn). 2015-05-11 - Version 2.3.0 -------------------------- o Feature: new data source: datetime (returns current date and time in ISO8601 format). o Feature (#54 @ GitHub): new data sources: timestamp, timestamp_ms and timestamp_us o Feature (#55 @ GitHub): file output is now configurable with ./configure flag --with-default-output=OUTPUT_SPEC. o Feature (#53 @ GitHub): file output provider implemented. Snoopy is now capable of logging directly to file, if filesystem permissions do not prevent it. o Bugfixes: resolved all nine Coverity bugs (#80899-#80909), covering various resource leaks, unchecked string writes etc. o Bugfixes: resolved six additional coverity bugs (82437-82442) o Refactoring build process: config file comments now reflect which data sources, filters and outputs are available in given Snoopy installation/ package/build. o Refactoring build process: all data sources, filters and outputs can now be enabled/disabled individually by ./configure flags. This should make Snoopy less vulnerable if securing installation by reducing attack surface is desired. Each group (data sources, filters and outputs) can also be disabled with a single --enable-all-* ./configure flag. o Refactoring build process: removed all stale files which are copied/symlinked by autoreconf; updated makefiles to enable building outside of source tree; renamed some outputs to maintain naming consistency; reduced complexity and size of configure.ac by abstracting certain functionality into dedicated macros; moved as many build-time files as possible from root into build/aux/ directory; o Enhancement: specify in debian build recipe that libsnoopy package is to supersed old 'snoopy' package. (Contributed by Frederic Mora) o Refactoring: do not include filtering code if filtering is not enabled on ./configure line. o Refactoring #50 (GitHub): change ./configure flag --enable-filter to --enable-filtering, to prepare Snoopy for future changes (per-datasource, per-filter and per-output configure flags). o Bug #49 (GitHub): reset configuration values back to their corresponding defaults when running final cleanup. This prevents buffer overflows on next Snoopy invocations when config file is not found anymore. o Enhancement #48: do not include code for config file in the final library when config file is not enabled at all (via ./configure argument). o Feature #45: new filter that excludes snoopy log entries from certain processes. (Code contributed by Frederic Mora) o Bug #44 / Enhancement #42: upgraded iniparser compotent to latest git version, the one that was included before was causing problems in threaded environments (java). o Refactoring #41: change term "input provider" to "data source", to more accurately reflect what is actually going on in that part of code. o Enhancement #42: upgraded included iniparser component to latest git version. This hopefully resolves issues with threaded processes. o Repository refactoring: removed all files that are created/copied by autotools suite, and added them to gitignore. o Include documentation in release packages from now on. 2015-04-27 - Version 2.2.8 --------------------------- o Bugfix #39: prevent double freeing of message_format and filter_chain variables when snoopy.ini suddenly disappears from filesystem. (reported by Ariel Zach) o Bugfix #39-2: Fix invalid parsing in rpname input provider - check the line that is read from /proc/PID/status and verify that it is non-empty and that it actually contains colon character before attempting to parse it. (reported and initial fix authored by Ariel Zach) o Bugfix #46: prevent bufffer overflow in cmdline input provider (reported by Ariel Zach) o Bugfix and refactoring: rpname input provider was leaking some memory, and it was made more logically structured (variables and if conditions were changed to more logical and coherent naming, to align it better with the rest of Snoopy code). o Bugfix #47: Bugfix #39 inadvertently introduced a doublefree bug when filter chain was specified in snoopy.ini. (reported by Ariel Zach) 2015-03-26 - Version 2.2.7 --------------------------- o Feature: added new input provider %{rpname} - gets root process name (submitted by Ariel Zach) 2015-03-06 - Version 2.2.6 --------------------------- o Feature: added new input provider %{env_all} - logs whole environment o Feature: added new input provider %{pid} - provides process id o Feature: added new input provider %{ppid} - provides parent process id o Bugfix: Fixed improper return value checking in all input providers that work with literal usernames and groups. This was causing shutdown hangs on RH/CentOS 7 systems that use systemd, with additional special conitions: - compiled-in message_format must have included these input providers, - when only configured in snoopy.ini, they did not trigger this bug. 2015-03-04 - Version 2.2.5 --------------------------- o Bugfix: devlog output provider was not resetting configuration to original values after it called socket output provider as its subroutine. o Bugfix: added support for 'make install DESTDIR=...' in etc/Makefile.am o Bugfix: fixed installation of snoopy.ini in nonexistent directory 2015-01-27 - Version 2.2.4 --------------------------- o Bugfix: devlog output was not implemented properly, it was missing log facility and log level specification. This resulted in Snoopy output appearing on user's console, as everything was treated with EMERG severity. On CentOS/RH messages of this severity are forwarded to console by default. o Bugfix: Install configuration file with .NEW suffix, and warn the user. 2015-01-27 - Version 2.2.3 --------------------------- o Bugfix: fixed compilation issues on pre 2.09 glibc platforms (SOCK_NONBLOCK, SOCK_CLOEXEC missing) 2015-01-20 - Version 2.2.2 --------------------------- o Bugfix: fixed compilation issues on pre 2.12 glibc platforms (getsid) 2015-01-11 - Version 2.2.1 --------------------------- o Feature: added support for configurable output selection o Feature: added dummy input provider: snoopy_version o Bugfix: changed default output provider from syslog to devlog (non-blocking socket as workaround for systemd's buffered/blocking /dev/log socket) 2015-01-11 - Version 2.2.0 --------------------------- o Never released. 2014-11-08 - Version 2.1.0 --------------------------- o Enhancement: strict checking of ./configure --with-syslog-* values o Enhancement: enabled configuration of syslog facility and level from configuration file 2014-11-07 - Version 2.0.1 --------------------------- o Bugfix: fixed uninitialized pointer in filter/exclude_uid.c and only_uid.c o Enhancement: prefix all iniparser errors with "SNOOPY " prefix, so it is evident where errors are coming from o Bugfix: changed --with-config-file to --enable-config-file. Having two ways to specify where configuration file exists is redundant and confusing. 2014-11-05 - Version 2.0.0 --------------------------- o Feature: Added support for custom message format specification at configuration time o Feature: New input providers: - egroup (thanks Sébastien Gross) - env (thanks Taylor Kimball) - eusername (thanks Sébastien Gross) - group (thanks Sébastien Gross) - login (thanks Sébastien Gross) - username (thanks Sébastien Gross) - tty_uid (thanks Tony Malkowski) - tty_username o Feature: Implemented internal filtering, with the following filters available: - exclude_uid - only_root - only_uid o Feature: Added optional support for INI configuration file o Feature: Added envp data to intputdatastorage if execve() is used. Prepared for future inputs to consume it. o Feature: Created snoopy-enable and snoopy-disable system scripts. o Distro packaging: added debian/ubuntu packaging data (by Sebastien Gross) o Distro packaging: added rhel/centos package spec file (by Jeremy Brown) o Refactoring: Separated data gathering into separate functions, to be used at will - now they are called "input providers" o Refactoring: Removed external filtering, to be replaced with internal filtering capability in the making o Refactoring: Removed logging exclusion via prefix, was created for exclusion of logging of external filter commands o Refactoring: switched to autotools completely o Refactoring: all builds now use -Wall and -Werror o Refactoring: removed --enable-cwd-logging (superseded by message formatting options and input provider) o Refactoring: Snoopy library is now called libsnoopy.so instead of snoopy.so, to conform to autotools syntax o Refactoring: ./configure: removed many bugs, added proper syntax and error messages to help user decide what she wants o Refactoring: added 'proper' (unified) error handling o Refactoring: moved input testing to separate executable, which does not get installed, but is only intended for development/debugging o Refactoring: created proper initialization/shutdown methods o Documentation: added into about writing new input providers o Bugfix: fixed compilation failure on debian in inputs/cwd.c (thanks Sébastien Gross) o Bugfix: missing snoopy.ini in distribution tarball (thanks Jeremy Brown) o Bugfix: When uninstalling, also disable Snoopy (remove from /etc/ld.so.preload). 2013-04-06 - Version 1.9.0 --------------------------- o Bugfix: fixed bug with unclosed /dev/log descriptor which caused hangs o Feature: System-dependent exec() argument length support added (thanks Jeff Schroeder) o Refactoring: README updated with Markdown format, for nicer display at github 2013-02-03 - Version 1.8.1 --------------------------- o Bugfix: enable.sh was not /bin/sh compliant, fixed (thanks "phe") 2011-03-06 - Version 1.8.0 --------------------------- o Feature: syslog facility is now configurable o Feature: syslog level is now configurable o Feature: external filter support available o Feature: single path prefix filtering available 2010-10-10 - Version 1.7.10 --------------------------- o Fixed bug with long command lines (thanks Luis Fernando Muñoz Mejías) 2010-10-10 - Version 1.7.6 --------------------------- o Quick fix of buggy patch applied in previous release 2010-10-10 - Version 1.7.5 --------------------------- o Build for 64bit machines and destdir support for RPMs (Aldemira) o Fixed 1-byte memory leak introduced in previous release 2010-09-24 - Version 1.7.2 --------------------------- o Logs current tty (initial patch provided by Aldemira user on SourceForge) 2010-02-11 - Version 1.6.1 --------------------------- o Logs current working directory 2010-02-09 - Version 1.6.0 --------------------------- o Uses autotools now o Changed installation procedure o Rewritten logging function to avoid memory leaks o No more segfaults on 64bit platforms o Program name and argument lengths limited to 4096 bytes o Many thanks to otheus for supplying a patch on SourceForge one and a half years ago, it helped tremendously. 2010-02-09 - Version 1.5.0 --------------------------- o Updated to compile and work without segfaults on 32bit and 64bit platforms o Project maintenance taken over by Bostjan Skufca Sun December 10 - Version 1.3 ------------------------------ o Altered logging mechanism for performance o Added new way of logging (can choose) o Added an integrity check (optional) Wed October 25 - Version 1.2a ----------------------------- o ROOT_ONLY behavior now works again, thanks to adrian.head@bytecomm.com.au for notifying us! Thu October 10 - Version 1.2 ----------------------------- o Fixed small bug with rather adverse side effects. Thu August 17 - Version 1.1 ---------------------------- o Added support for execv(). Although execv() calls execve() [as described in the man page], execv() calls don't seem to log. They now do. Will investigate this issue a bit further. o Made logging code modular, as to accomodate for the extra overload that execv() brought. Thu August 3 - Version 1.00 ---------------------------- o Cleaned up the codebase a bit o Added the output of username and sid (PID of the login shell) to the logged output o Fixed install.sh to be compatible with older (v1.0) bash shells snoopy-snoopy-2.3.1/Makefile.am000066400000000000000000000024061253034143600164300ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### Local configuration changes # AUTOMAKE_OPTIONS = foreign subdir-objects ACLOCAL_AMFLAGS = -I build/m4 # Process etc/ before other subdirs # If snoopy has config file enabled, then there is a small time frame # between installation of library and subsequent installation of # initial configuration file where iniparser emits an error about # configuration file not being found. Therefore we first install # configuration file and only then the snoopy library itself. SUBDIRS = \ src \ bin \ etc \ doc EXTRA_DIST +=\ bootstrap.sh \ README.md enable: install echo ; \ $(top_srcdir)/bin/snoopy-enable ; \ echo ; disable: echo ; \ $(top_srcdir)/bin/snoopy-disable \ echo ; # Disable it if we are uninstalling it, to avoid error messages # about missing library that should be preloaded. uninstall-local: disable ### Clean these files additionally # # Clean release files clean-local: rm -f snoopy-*.tar.gz* ; \ rm -f snoopy-latest-*.txt ; \ rm -rf cov-int* ; # Clean all files that were generated by bootstrap.sh or autoscan maintainer-clean-local: rm -f aclocal.m4 ; \ rm -f autoscan.log ; \ rm -fr build/aux/ ; \ rm -fr build/m4/ ; \ rm -f configure ; snoopy-snoopy-2.3.1/README.md000066400000000000000000000127141253034143600156560ustar00rootroot00000000000000a# Snoopy Logger [![Flattr Snoopy Logger project](http://api.flattr.com/button/flattr-badge-large.png)](https://flattr.com/submit/auto?user_id=a2o&url=https://github.com/a2o/snoopy&title=Snoopy Logger) Snoopy is a tiny library that logs all executed commands (+ arguments) on your system. * [Snoopy Logger](#snoopy-logger) * [0. News](#1-news) * [1. Installation](#1-installation) * [1.1 Version information](#11-version-information) * [2. Output](#2-output) * [3. Configuration](#3-configuration) * [4. Support](#4-support) * [4.1 Commercial support](#41-commercial-support) * [5. How does Snoopy actually work?](#5-how-does-snoopy-actually-work) * [6. Contributing to Snoopy development](#6-contributing-to-snoopy-development) * [7. License](#7-license) * [8. Credits](#8-credits) ## 0. News 2015-05-12: **Snoopy 2.3.0 released!** This Snoopy version contains many improvements, bugfixes, new features and quite improved build process. All users are encouraged to upgrade to Snoopy version 2.3.0+ as soon as possible. ## 1. Installation The easiest way to start using Snoopy is to execute one of the following commands (as root). To install the latest **STABLE** version of Snoopy, use this command: wget -q -O - https://github.com/a2o/snoopy/raw/stable/bin/snoopy-install.sh | sh To install the latest **DEVELOPMENT** version of Snoopy, use this: wget -q -O - https://github.com/a2o/snoopy/raw/master/bin/snoopy-install.sh | sh That is it. Detailed installation instructions are available here: [doc/INSTALL.md](doc/INSTALL.md) ### 1.1 Version information Latest Snoopy version information: * stable: http://source.a2o.si/download/snoopy/snoopy-2.3.1.tar.gz ## 2. Output This is what typical Snoopy output looks like: 2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK 2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK 2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f /var/log/messages These are default output locations on various Linux distributions: * CentOS: /var/log/secure * Debian: /var/log/auth.log * Ubuntu: /var/log/auth.log * others: /var/log/messages (potentially, not necessarily) For actual output destination check your syslog configuration. ## 3. Configuration Most parts of Snoopy are/can be/should be configured at build time. However, since version 2.0.0 Snoopy supports optional configuration file. Snoopy's automated installation procedure enables configuration file support by default. Configuration file path is /etc/snoopy.ini. For additional information consult comments in default configuration file [etc/snoopy.ini](etc/snoopy.ini) and read appropriate sections of [doc/INSTALL.md](doc/INSTALL.md). ## 4. Support **Only latest released version of Snoopy is "supported"!** Any version that is not the latest (stable or development) is not supported. Please do not submit any bugfix/feature/change requests related to old (unsupported) Snoopy versions. **If you encounter an issue with Snoopy, proceed with the following steps:** 1. make sure you are using the latest version of Snoopy! 1. this DOES NOT mean the last version 'apt-get install snoopy' provides, 2. this means the latest version available at https://github.com/a2o/snoopy/! 2. consult FAQ first: [doc/FAQ.md](doc/FAQ.md), 3. search the internets (using Google for example), 4. search the Snoopy issue tracker: https://github.com/a2o/snoopy/issues/, 5. if the problem still persist, create a new issue, but you must: 1. make sure your issue is reproducible using the latest version of Snoopy, 2. provide the following data: 1. Snoopy version used and how did you install it? 2. Linux distribution you are using? 3. Which software is crashing because of Snoopy (whole system, one program)? 4. Trace of your program that crashes. 3. if possible, provide a patch that fixes (or at least tries to fix) the issue. ### 4.1 Commercial support Commercial support for Snoopy is available. Contact current maintainer via email for details. ## 5. How does Snoopy actually work? See [doc/internals/README.md](doc/internals/README.md) ## 6. Contributing to Snoopy development See [doc/CONTRIBUTING.md](doc/CONTRIBUTING.md) ## 7. License Snoopy is released under GNU General Public License version 2. Snoopy was originally released under GNU GPLv2 license, and during the course of it's life various people contributed code to it under the same license. Therefore Snoopy continues to be released under GNU GPLv2 license, as this is the only license all contributors agreed to, up to this point. Should some entity (individual or corporation) desire to obtain Snoopy under a different license (commercial, for example), a consent from all contributors will be required. ## 8. Credits Snoopy development is currently located at the following URI: http://github.com/a2o/snoopy/ Snoopy Logger was originally created and maintained by: Marius Aamodt Eriksen Mike Baker List of contributors is available at the following locations: - in the Snoopy's ChangeLog file; - in the list of pull requests on GitHub. Snoopy is currently maintained by: Bostjan Skufca snoopy-snoopy-2.3.1/bin/000077500000000000000000000000001253034143600151425ustar00rootroot00000000000000snoopy-snoopy-2.3.1/bin/Makefile.am000066400000000000000000000015411253034143600171770ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### Use includes from src/ directory # AM_CFLAGS += -I$(top_srcdir)/src ### Scripts to enable/disable snoopy # sbin_SCRIPTS = \ snoopy-enable \ snoopy-disable ### Test programs # # Some development/testing programs here # bin_PROGRAMS = \ snoopy-test-output snoopy_test_output_SOURCES = \ snoopy-test-output.c snoopy_test_output_LDADD = \ ../src/libsnoopy_no_execve.la noinst_PROGRAMS = \ snoopy-detect \ snoopy-dev-helper \ snoopy-test-all-data-sources snoopy_detect_SOURCES = \ snoopy-detect.c snoopy_dev_helper_SOURCES = \ snoopy-dev-helper.c snoopy_dev_helper_LDADD = \ ../src/libsnoopy_no_execve.la snoopy_test_all_data_sources_SOURCES = \ snoopy-test-all-data-sources.c snoopy_test_all_data_sources_LDADD = \ ../src/libsnoopy_no_execve.la snoopy-snoopy-2.3.1/bin/snoopy-detect.c000066400000000000000000000025061253034143600201060ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: detect.c -- simple execve() wrapper detection * * Copyright (c) 2000 Marius Aamodt Eriksen * Copyright (c) 2000 Mike Baker * * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #ifndef RTLD_DEFAULT # define RTLD_DEFAULT ((void *) 0) #endif int main(void) { char *libc = ((size_t)-1 > 0xffffffffUL) ? "/lib64/libc.so.6" : "/lib/libc.so.6"; void *handle = dlopen(libc, RTLD_LAZY); //simple test to see if the execve in memory matches libc.so.6 if (dlsym(handle, "execve") != dlsym(RTLD_DEFAULT, "execve")) printf("something fishy...\n"); else printf("secure\n"); return 0; } snoopy-snoopy-2.3.1/bin/snoopy-dev-helper.c000066400000000000000000000033641253034143600206740ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy-dev-helper.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "configuration.h" #include "inputdatastorage.h" #include "message.h" #include "misc.h" int main (int argc, char **argv) { char *logMessage = NULL; /* Initialize snoopy */ snoopy_init(); /* Fake init */ snoopy_inputdatastorage_store_filename(argv[0]); snoopy_inputdatastorage_store_argv(argv); // Init log message as empty string logMessage = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE); logMessage[0] = '\0'; printf("Snoopy: testing custom message formatting:\n\n"); printf("Message format used: \n%s\n\n", SNOOPY_LOG_MESSAGE_FORMAT); snoopy_message_generateFromFormat(logMessage, SNOOPY_LOG_MESSAGE_FORMAT); printf("Produced output:\n%s\n\n", logMessage); /* Housekeeping */ free(logMessage); snoopy_cleanup(); return 0; } snoopy-snoopy-2.3.1/bin/snoopy-disable.in000077500000000000000000000021751253034143600204320ustar00rootroot00000000000000#!/bin/sh # This is a script that disables system-wide snoopy installation. # You have to run this script as a privileged user. # This script is also run when you execute "make disable". ### Where is the library installed? # LIBDIR="@SNOOPY_LIBDIR@" ### Check user that is running this script # touch /etc/ld.so.preload if [ ! -w /etc/ld.so.preload ]; then echo echo 'SNOOPY ERROR: /etc/ld.so.preload not writable - are you running this script as a unprivileged user?' echo exit 1 fi ### Do the actual installation # COUNT=`grep -Ec "/(lib)?snoopy.so" /etc/ld.so.preload` if [ "$COUNT" -gt "1" ]; then echo echo "SNOOPY ERROR: Multiple instances of (lib)snoopy.so found in /etc/ld.so.preload. Unable to proceed." echo exit 1 elif [ "$COUNT" -eq "1" ]; then echo -n "SNOOPY: Removing from /etc/ld.so.preload: " cat /etc/ld.so.preload | grep -E "/(lib)?snoopy.so" sed -i "/\/\(lib\)\?snoopy.so/d" /etc/ld.so.preload echo "SNOOPY: Disabled." echo "SNOOPY: Hint: Your system needs to be restarted to finish snoopy cleanup." else echo "SNOOPY: Snoopy is NOT enabled on this system." fi snoopy-snoopy-2.3.1/bin/snoopy-enable.in000077500000000000000000000026151253034143600202540ustar00rootroot00000000000000#!/bin/sh # This is a script that enables snoopy system-wide. # You have to run this script as a privileged user. # This script is also run when you execute "make enable". ### Where is the library installed? # LIBDIR="@SNOOPY_LIBDIR@" ### Check snoopy installation # if [ ! -x $LIBDIR/libsnoopy.so ]; then echo echo "SNOOPY ERROR: $LIBDIR/libsnoopy.so is not installed or is not executable" echo exit 1 fi ### Check user that is running this script # touch /etc/ld.so.preload if [ ! -w /etc/ld.so.preload ]; then echo echo 'SNOOPY ERROR: /etc/ld.so.preload not writable - are you running this script as a unprivileged user?' echo exit 1 fi ### Do the actual installation # COUNT=`grep -Ec "/(lib)?snoopy.so" /etc/ld.so.preload` if [ "$COUNT" -gt "1" ]; then echo echo "SNOOPY ERROR: Multiple instances of (lib)snoopy.so found in /etc/ld.so.preload. Unable to proceed." echo exit 1 elif [ "$COUNT" -eq "1" ]; then echo -n "SNOOPY: Removing from /etc/ld.so.preload: " cat /etc/ld.so.preload | grep -E "/(lib)?snoopy.so" sed -i "/\/\(lib\)\?snoopy.so/d" /etc/ld.so.preload fi echo "SNOOPY: Adding to /etc/ld.so.preload: $LIBDIR/libsnoopy.so" echo "$LIBDIR/libsnoopy.so" >> /etc/ld.so.preload echo "SNOOPY: Hint #1: Reboot your machine to load snoopy system-wide." echo "SNOOPY: Hint #2: Check your log files for output." echo "SNOOPY: Enabled." snoopy-snoopy-2.3.1/bin/snoopy-install.sh000077500000000000000000000105321253034143600204750ustar00rootroot00000000000000#!/bin/bash ### Configuration # SNOOPY_DOWNLOAD_URI_PREFIX="http://source.a2o.si/download/snoopy" SNOOPY_INSTALL_LOGFILE="`pwd`/snoopy-install.log" ### Check if running as root # if [ "`id -u`" != "0" ]; then echo "SNOOPY INSTALL ERROR: This installation must be run as root." echo "Hint: 'sudo COMMAND' perhaps?" exit 1 fi ### Install distro-dependent build prerequisites # echo "SNOOPY INSTALL: Installing distro-specific packages 'gcc' and 'make'..." if [ -f /etc/debian_version ]; then # Debian, Ubuntu # About /dev/null: http://askubuntu.com/questions/372810/how-to-prevent-script-not-to-stop-after-apt-get apt-get -y install gcc gzip make tar wget < "/dev/null" elif [ -f /etc/redhat-release ]; then # RHEL, Fedora, CentOS yum install -y gcc gzip make tar wget else # Check if gcc and make are present if ! which which &> /dev/null; then echo "SNOOPY INSTALL ERROR: 'which' program not found!" echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." exit 1 fi if ! which gcc &> /dev/null; then echo "SNOOPY INSTALL ERROR: GCC compiler not found!" echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." exit 1 fi if ! which make &> /dev/null; then echo "SNOOPY INSTALL ERROR: 'make' program not found!" echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." exit 1 fi if ! which tar &> /dev/null; then echo "SNOOPY INSTALL ERROR: 'tar' program not found!" echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." exit 1 fi if ! which gzip &> /dev/null; then echo "SNOOPY INSTALL ERROR: 'gzip' program not found!" echo "SNOOPY INSTALL ERROR: Install it and rerun this installer." exit 1 fi fi ### Start bash subshell, to evaluate potential errors # ( set -e set -u ### Starting installation # rm -f $SNOOPY_INSTALL_LOGFILE touch $SNOOPY_INSTALL_LOGFILE echo "SNOOPY INSTALL: Starting installation, log file name: $SNOOPY_INSTALL_LOGFILE" ### Get last stable Snoopy release # echo -n "SNOOPY INSTALL: Getting latest Snoopy version: " SNOOPY_PACKAGE_FILENAME=`wget -q -O - $SNOOPY_DOWNLOAD_URI_PREFIX/snoopy-latest-package-filename.txt` SNOOPY_PACKAGE_DIRNAME=`echo "$SNOOPY_PACKAGE_FILENAME" | sed -e 's/\.tar.gz$//'` echo "$SNOOPY_PACKAGE_FILENAME" ### Download Snoopy package # echo -n "SNOOPY INSTALL: Downloading $SNOOPY_DOWNLOAD_URI_PREFIX/$SNOOPY_PACKAGE_FILENAME... " rm -f $SNOOPY_PACKAGE_FILENAME wget $SNOOPY_DOWNLOAD_URI_PREFIX/$SNOOPY_PACKAGE_FILENAME >> $SNOOPY_INSTALL_LOGFILE 2>&1 echo "done." ### Untar, build and configure # echo -n "SNOOPY INSTALL: Unpacking $SNOOPY_PACKAGE_FILENAME... " rm -rf $SNOOPY_PACKAGE_DIRNAME tar -xzf $SNOOPY_PACKAGE_FILENAME cd $SNOOPY_PACKAGE_DIRNAME echo "done." echo -n "SNOOPY INSTALL: Configuring... " ./configure --enable-config-file --sysconfdir=/etc --enable-filtering >> $SNOOPY_INSTALL_LOGFILE 2>&1 echo "done." echo -n "SNOOPY INSTALL: Building... " make >> $SNOOPY_INSTALL_LOGFILE 2>&1 echo "done." echo -n "SNOOPY INSTALL: Installing... " make install >> $SNOOPY_INSTALL_LOGFILE 2>&1 echo "done." echo -n "SNOOPY INSTALL: Enabling... " make enable >> $SNOOPY_INSTALL_LOGFILE 2>&1 echo "done." ### Tell the user what to do next # echo echo "SNOOPY LOGGER is now installed and enabled." echo echo "TIP #1: If Snoopy is to be enabled for all processes, you need" echo " to restart your system, or at least all services on it." echo echo "TIP #2: If you ever need to disable Snoopy, you should use provided" echo " 'snoopy-disable' script. Use 'snoopy-enable' to reenable it." echo echo "TIP #3: Snoopy output can usually be found somewhere in /var/log/*" echo " Check your syslog configuration for details." echo echo "TIP #4: Configuration file location: /etc/snoopy.ini" echo " See included comments for additional configuration options." echo echo "Snoopy wishes you a happy logging experience:)" echo ### End bash subshell # ) if [ "$?" != "0" ]; then echo echo echo "Last 5 lines of Snoopy installation log file:" tail -n5 $SNOOPY_INSTALL_LOGFILE echo echo "SNOOPY INSTALL ERROR: Something weird happened!" echo "SNOOPY INSTALL ERROR: Please inspect log file for details ($SNOOPY_INSTALL_LOGFILE)" exit 1 fi ### All done # true snoopy-snoopy-2.3.1/bin/snoopy-test-all-data-sources.c000066400000000000000000000076721253034143600227640ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy-test-all-data-sources.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "configuration.h" #include "error.h" #include "inputdatastorage.h" #include "datasourceregistry.h" #include "misc.h" /* * We do not use separate .h file here */ int main (int argc, char **argv); void snoopy_test_all_datasources (); int snoopy_get_datasource_name_length_max (); int main (int argc, char **argv) { /* Initialize snoopy */ snoopy_init(); snoopy_inputdatastorage_store_filename(argv[0]); snoopy_inputdatastorage_store_argv(argv); /* Run the main function */ snoopy_test_all_datasources(); /* Housekeeping */ snoopy_cleanup(); return 0; } /* * snoopy_test_all_datasources * * Description: * Loops through all data source and prints what they return * * Params: * (none) * * Return: * void */ void snoopy_test_all_datasources () { int datasourceNameLengthMax; char *datasourceResult = NULL; char *datasourceArgs = NULL; int i; int j; /* Initialize variables and spaces */ datasourceResult = malloc(SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE + 1); datasourceNameLengthMax = snoopy_get_datasource_name_length_max(); /* Loop throught all data sources and just append the output */ i = 0; while (strcmp(snoopy_datasourceregistry_names[i], "") != 0) { datasourceResult[0] = '\0'; int datasourceResultSize = -1; /* Which arguments to pass to data source */ if (strcmp(snoopy_datasourceregistry_names[i], "env") == 0) { datasourceArgs = "HOME"; } else { datasourceArgs = ""; } /* Execute the data source function */ datasourceResultSize = snoopy_datasourceregistry_ptrs[i](datasourceResult, datasourceArgs); if (datasourceResultSize > SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE) { snoopy_error_handler("Maximum data source message size exceeded"); } /* Copy content, append */ printf("%s:", snoopy_datasourceregistry_names[i]); for (j=0 ; j<=(datasourceNameLengthMax-strlen(snoopy_datasourceregistry_names[i])) ; j++) { printf(" "); } printf("%s\n", datasourceResult); /* Go to next data source */ i++; } /* Memory housekeeping */ free(datasourceResult); } /* * snoopy_get_max_datasource_name_length * * Description: * Loops through all data sources and returns length of the longest data source name * * Params: * (none) * * Return: * int max data source name length */ int snoopy_get_datasource_name_length_max () { int datasourceNameLengthMax; int i; datasourceNameLengthMax = 0; i = 0; while (strcmp(snoopy_datasourceregistry_names[i], "") != 0) { if (strlen(snoopy_datasourceregistry_names[i]) > datasourceNameLengthMax) { datasourceNameLengthMax = strlen(snoopy_datasourceregistry_names[i]); } /* Go to next data source provider */ i++; } return datasourceNameLengthMax; } snoopy-snoopy-2.3.1/bin/snoopy-test-output.c000066400000000000000000000065521253034143600211600ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy-test-output.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "configuration.h" #if defined(SNOOPY_FILTERING_ENABLED) #include "filtering.h" #endif #include "inputdatastorage.h" #include "log.h" #include "message.h" #include "misc.h" int main (int argc, char **argv) { char *logMessage = NULL; /* Initialize snoopy */ snoopy_init(); /* Initialize empty log message */ logMessage = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE); logMessage[0] = '\0'; snoopy_inputdatastorage_store_filename(argv[0]); snoopy_inputdatastorage_store_argv(argv); if (SNOOPY_TRUE == snoopy_configuration.config_file_enabled) { printf("Configuration file is enabled: %s\n", snoopy_configuration.config_file_path); if (SNOOPY_TRUE == snoopy_configuration.config_file_found) { printf("Configuration file found.\n"); } else { printf("WARNING: Configuration file does not exist!\n"); } if (SNOOPY_TRUE == snoopy_configuration.config_file_parsed) { printf("Configuration file was parsed sucessfully.\n"); } else { printf("WARNING: Configuration file parsing FAILED!\n"); } } else { printf("INFO: Configuration file is NOT enabled.\n"); } snoopy_message_generateFromFormat(logMessage, snoopy_configuration.message_format); printf("Message generated:\n"); printf("\n"); printf("%s\n", logMessage); printf("\n"); #if defined(SNOOPY_FILTERING_ENABLED) /* Should message be passed to syslog or not? */ if ( (SNOOPY_FALSE == snoopy_configuration.filtering_enabled) || ( (SNOOPY_TRUE == snoopy_configuration.filtering_enabled) && (SNOOPY_FILTER_PASS == snoopy_filtering_check_chain(logMessage, snoopy_configuration.filter_chain)) ) ) { #endif snoopy_log_dispatch(logMessage, SNOOPY_LOG_MESSAGE); printf("Message sent to output '%s(%s)'.\n", snoopy_configuration.output, snoopy_configuration.output_arg); printf("If snoopy is already enabled on your system, you should see two identical messages.\n"); printf("If you are testing snoopy via LD_PRELOAD environmental variable, you will see another identical message.\n"); #if defined(SNOOPY_FILTERING_ENABLED) } else { printf("Message NOT sent to syslog. One of the filters dropped it.\n"); } #endif /* Housekeeping */ free(logMessage); snoopy_cleanup(); return 0; } snoopy-snoopy-2.3.1/bootstrap.sh000077500000000000000000000013401253034143600167440ustar00rootroot00000000000000#!/bin/bash ### Signal success # set +x echo -e "\nStarting AutoTools run:\n" ### Shell setup # # Treat all errors as fatal and trace the progress # set -e set -x ### Clear cache # if [ -d autom4te.cache ]; then rm -rf autom4te.cache fi ### Bug in aclocal: manually create m4 directory if it does not exist # if [ ! -d build/m4 ]; then mkdir -p build/m4 fi ### Run autotools # #libtoolize --install --copy --force #aclocal #automake --add-missing --copy #autoconf #autoreconf -i # This is the new recommended way autoreconf -i -v ### Remove stale/backup files # rm -f config.h.in~ ### Signal success and exit # set +x echo -e "\nAutoTools run was completed sucessfully. You should run ./configure now.\n" snoopy-snoopy-2.3.1/build/000077500000000000000000000000001253034143600154715ustar00rootroot00000000000000snoopy-snoopy-2.3.1/build/Makefile.am.common000066400000000000000000000005161253034143600210160ustar00rootroot00000000000000BUILT_SOURCES = CLEANFILES = DISTCLEANFILES = EXTRA_DIST = EXTRA_LTLIBRARIES = EXTRA_PROGRAMS = MAINTAINERCLEANFILES = TESTS = check_PROGRAMS = CLEANFILES += *.o #CLEANFILES += $(EXTRA_LTLIBRARIES) $(EXTRA_PROGRAMS) $(check_PROGRAMS) #DISTCLEANFILES += $(BUILT_SOURCES) MAINTAINERCLEANFILES += Makefile.in AM_CFLAGS = -Wall -Werror snoopy-snoopy-2.3.1/build/snoopy.m4000066400000000000000000000144041253034143600172650ustar00rootroot00000000000000# # SNOOPY LOGGER # # File: snoopy.m4 # # Copyright (c) 2015 Bostjan Skufca # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # ### ### Macros for adding data source enable/disable options to ./configure ### # AU_DEFUN([SNOOPY_CONFIGURE_DATASOURCE_ENABLE], [ AC_ARG_ENABLE(datasource-$1, [AC_HELP_STRING( [--disable-datasource-$1], [disable data source "$1". This datasource provides $2. [default=enabled]] )], [ if test "x$enableval" = "xyes"; then enable_datasource_$1=yes elif test "x$enableval" = "xno"; then enable_datasource_$1=no else AC_MSG_ERROR([--disable-datasource-$1 does not take any arguments, got: $enableval]) fi ], [enable_datasource_$1=$enable_all_datasources] ) AS_IF([test "x$enable_datasource_$1" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_DATASOURCE_ENABLED_$1, 1, [Is data source "$1" available?]) ]) AM_CONDITIONAL([DATASOURCE_ENABLED_$1], [test "x$enable_datasource_$1" == "xyes"]) AC_SUBST([enable_datasource_$1]) ]) AU_DEFUN([SNOOPY_CONFIGURE_DATASOURCE_DISABLE], [ AC_ARG_ENABLE(datasource-$1, [AC_HELP_STRING( [--enable-datasource-$1], [enable data source "$1". This datasource provides $2. [default=disabled]] )], [ if test "x$enableval" = "xyes"; then enable_datasource_$1=yes elif test "x$enableval" = "xno"; then enable_datasource_$1=no else AC_MSG_ERROR([--enable-datasource-$1 does not take any arguments, got: $enableval]) fi ], [enable_datasource_$1=no] ) AS_IF([test "x$enable_datasource_$1" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_DATASOURCE_ENABLED_$1, 1, [Is data source "$1" available?]) ]) AM_CONDITIONAL([DATASOURCE_ENABLED_$1], [test "x$enable_datasource_$1" == "xyes"]) AC_SUBST([enable_datasource_$1]) ]) ### ### Macros for adding filter enable/disable options to ./configure ### # AU_DEFUN([SNOOPY_CONFIGURE_FILTER_ENABLE], [ AC_ARG_ENABLE(filter-$1, [AC_HELP_STRING( [--disable-filter-$1], [disable filter "$1". $2 [default=enabled]] )], [ if test "x$enableval" = "xyes"; then enable_filter_$1=yes elif test "x$enableval" = "xno"; then enable_filter_$1=no else AC_MSG_ERROR([--disable-filter-$1 does not take any arguments, got: $enableval]) fi ], [enable_filter_$1=$enable_all_filters] ) AS_IF([test "x$enable_filter_$1" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_FILTER_ENABLED_$1, 1, [Is filter "$1" available?]) ]) AM_CONDITIONAL([FILTER_ENABLED_$1], [test "x$enable_filter_$1" == "xyes"]) AC_SUBST([enable_filter_$1]) ]) AU_DEFUN([SNOOPY_CONFIGURE_FILTER_DISABLE], [ AC_ARG_ENABLE(filter-$1, [AC_HELP_STRING( [--enable-filter-$1], [enable filter "$1". $2 [default=disabled]] )], [ if test "x$enableval" = "xyes"; then enable_filter_$1=yes elif test "x$enableval" = "xno"; then enable_filter_$1=no else AC_MSG_ERROR([--enable-filter-$1 does not take any arguments, got: $enableval]) fi ], [enable_filter_$1=no] ) AS_IF([test "x$enable_filter_$1" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_FILTER_ENABLED_$1, 1, [Is filter "$1" available?]) ]) AM_CONDITIONAL([FILTER_ENABLED_$1], [test "x$enable_filter_$1" == "xyes"]) AC_SUBST([enable_filter_$1]) ]) ### ### Macros for adding output enable/disable options to ./configure ### # AU_DEFUN([SNOOPY_CONFIGURE_OUTPUT_ENABLE_FORCE], [ AC_DEFINE(SNOOPY_CONF_OUTPUT_ENABLED_$1, 1, [Is output "$1" available? Forced "Yes".]) AM_CONDITIONAL([OUTPUT_ENABLED_$1], [test "x$enable_output_$1" == "xyes"]) AC_SUBST([enable_output_$1], [yes]) ]) AU_DEFUN([SNOOPY_CONFIGURE_OUTPUT_ENABLE], [ AC_ARG_ENABLE(output-$1, [AC_HELP_STRING( [--disable-output-$1], [disable output "$1". $2 [default=enabled]] )], [ if test "x$enableval" = "xyes"; then enable_output_$1=yes elif test "x$enableval" = "xno"; then enable_output_$1=no else AC_MSG_ERROR([--disable-output-$1 does not take any arguments, got: $enableval]) fi ], [enable_output_$1=$enable_all_outputs] ) AS_IF([test "x$enable_output_$1" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_OUTPUT_ENABLED_$1, 1, [Is output "$1" available?]) ]) AM_CONDITIONAL([OUTPUT_ENABLED_$1], [test "x$enable_output_$1" == "xyes"]) AC_SUBST([enable_output_$1]) ]) AU_DEFUN([SNOOPY_CONFIGURE_OUTPUT_DISABLE], [ AC_ARG_ENABLE(output-$1, [AC_HELP_STRING( [--enable-output-$1], [enable output "$1". $2 [default=disabled]] )], [ if test "x$enableval" = "xyes"; then enable_output_$1=yes elif test "x$enableval" = "xno"; then enable_output_$1=no else AC_MSG_ERROR([--enable-output-$1 does not take any arguments, got: $enableval]) fi ], [enable_output_$1=no] ) AS_IF([test "x$enable_output_$1" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_OUTPUT_ENABLED_$1, 1, [Is output "$1" available?]) ]) AM_CONDITIONAL([OUTPUT_ENABLED_$1], [test "x$enable_output_$1" == "xyes"]) AC_SUBST([enable_output_$1]) ]) snoopy-snoopy-2.3.1/config.h.in000066400000000000000000000160351253034143600164220ustar00rootroot00000000000000/* config.h.in. Generated from configure.ac by autoheader. */ /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H /* Define to 1 if you have the `getcwd' function. */ #undef HAVE_GETCWD /* Define to 1 if you have the `getsid' function. */ #undef HAVE_GETSID /* Define to 1 if you have the `gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the `dl' library (-ldl). */ #undef HAVE_LIBDL /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H /* Define to 1 if your system has a GNU libc compatible `malloc' function, and to 0 otherwise. */ #undef HAVE_MALLOC /* Define to 1 if you have the `memmove' function. */ #undef HAVE_MEMMOVE /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `memset' function. */ #undef HAVE_MEMSET /* Define to 1 if you have the `socket' function. */ #undef HAVE_SOCKET /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strchr' function. */ #undef HAVE_STRCHR /* Define to 1 if you have the `strdup' function. */ #undef HAVE_STRDUP /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strstr' function. */ #undef HAVE_STRSTR /* Define to 1 if you have the `strtol' function. */ #undef HAVE_STRTOL /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_TIME_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* INI configuration file path to use */ #undef SNOOPY_CONF_CONFIG_FILE /* Is data source "cmdline" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline /* Is data source "cwd" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_cwd /* Is data source "datetime" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_datetime /* Is data source "egid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_egid /* Is data source "egroup" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_egroup /* Is data source "env" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_env /* Is data source "env_all" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_env_all /* Is data source "euid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_euid /* Is data source "eusername" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_eusername /* Is data source "filename" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_filename /* Is data source "gid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_gid /* Is data source "group" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_group /* Is data source "login" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_login /* Is data source "pid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_pid /* Is data source "ppid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_ppid /* Is data source "rpname" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_rpname /* Is data source "sid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_sid /* Is data source "snoopy_version" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version /* Is data source "timestamp" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp /* Is data source "timestamp_ms" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms /* Is data source "timestamp_us" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us /* Is data source "tty" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_tty /* Is data source "tty_uid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid /* Is data source "tty_username" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username /* Is data source "uid" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_uid /* Is data source "username" available? */ #undef SNOOPY_CONF_DATASOURCE_ENABLED_username /* Enable error logging */ #undef SNOOPY_CONF_ERROR_LOGGING_ENABLED /* Enable filtering */ #undef SNOOPY_CONF_FILTERING_ENABLED /* Custom filter chain to use */ #undef SNOOPY_CONF_FILTER_CHAIN_custom /* Is filter "exclude_spawns_of" available? */ #undef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of /* Is filter "exclude_uid" available? */ #undef SNOOPY_CONF_FILTER_ENABLED_exclude_uid /* Is filter "only_root" available? */ #undef SNOOPY_CONF_FILTER_ENABLED_only_root /* Is filter "only_uid" available? */ #undef SNOOPY_CONF_FILTER_ENABLED_only_uid /* Custom message format to use */ #undef SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom /* Default output provider */ #undef SNOOPY_CONF_OUTPUT_DEFAULT /* Default output arguments */ #undef SNOOPY_CONF_OUTPUT_DEFAULT_ARG /* Is output "devlog" available? */ #undef SNOOPY_CONF_OUTPUT_ENABLED_devlog /* Is output "file" available? */ #undef SNOOPY_CONF_OUTPUT_ENABLED_file /* Is output "socket" available? Forced "Yes". */ #undef SNOOPY_CONF_OUTPUT_ENABLED_socket /* Is output "syslog" available? */ #undef SNOOPY_CONF_OUTPUT_ENABLED_syslog /* Only log commands executed by root */ #undef SNOOPY_CONF_ROOT_ONLY /* Syslog facility to use by default */ #undef SNOOPY_CONF_SYSLOG_FACILITY /* Syslog level to use by default */ #undef SNOOPY_CONF_SYSLOG_LEVEL /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Version number of package */ #undef VERSION /* Define to `int' if doesn't define. */ #undef gid_t /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus #undef inline #endif /* Define to rpl_malloc if the replacement function should be used. */ #undef malloc /* Define to `int' if does not define. */ #undef pid_t /* Define to `unsigned int' if does not define. */ #undef size_t /* Define to `int' if doesn't define. */ #undef uid_t snoopy-snoopy-2.3.1/configure.ac000066400000000000000000000650421253034143600166670ustar00rootroot00000000000000### ### Snoopy configure.ac ### ### Initialize autotools # AC_PREREQ([2.63]) AC_INIT( [Snoopy Logger], [2.3.1], [https://github.com/a2o/snoopy/issues/], [snoopy], [https://github.com/a2o/snoopy/]) ### Configure autotools # AC_CONFIG_SRCDIR([src/libsnoopy.c]) # Check if we are in correct directory tree AC_CONFIG_AUX_DIR([build/aux]) AC_CONFIG_MACRO_DIR([build/m4]) m4_include([build/snoopy.m4]) AM_INIT_AUTOMAKE([1.11 gnu silent-rules subdir-objects -Wall -Werror]) dnl Option AM_PROG_AR dnl dnl Required for building Snoopy from git on Ubuntu 14.04 (for development, and dnl by package build receipe. It must appear before LT_INIT. dnl dnl Snoopy development priorities: dnl - git/master version is targeted at modern Linux distributions - this dnl means we mostly care if git/master is buildable on fresh/latest-version dnl distros (ignore building on legacy systems here); dnl - source distribution packages are built on modern Linux distributions, thus dnl what git/master contains follows this assumption; dnl - building Snoopy from source packages should be possible on as dnl many Linux distros as feasible; dnl - compatibility for building distro-specific packages comes in only here and dnl burden of bending the Snoopy source to distro-packaging-specific needs dnl is placed on distro-specific package maintainer. dnl dnl Given the priorities above, we include AM_PROG_AR as dependency, as it: dnl - is needed to build Snoopy from source on Ubuntu, which is somewhat used for dnl Snoopy development; dnl - it does not interfere when building Snoopy from source packages; dnl - it only interferes when building Snoopy from git, and only on older dnl platforms (RH/CentOS 6, see GitHub issue #38). dnl dnl Should someone have problems with AM_PROG_AR, they should either: dnl - figure a way to conditionally remove it from configure.ac on certain distros, or dnl - comment it out manually. dnl dnl The removal was considered for Snoopy 2.3.0, but was ultimately rejected because dnl of arguments specified above. dnl AM_PROG_AR dnl Enable libtool LT_INIT([disable-static]) dnl Checks for programs. dnl dnl DO NOT REMOVE: CXX, AWK, CPP, RANLIB dnl Sometimes autoscan will suggest removing them, next time it will change dnl its mind and suggest putting them back in. Let's just keep them and be dnl done with it already. dnl AC_PROG_CXX AC_PROG_AWK AC_PROG_CC AC_PROG_CPP AC_PROG_GREP AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET dnl dnl AC_PROG_RANLIB dnl dnl bootstrap.sh output: dnl libtoolize: `AC_PROG_RANLIB' is rendered obsolete by `LT_INIT' dnl autoscan output: dnl configure.ac: warning: missing AC_PROG_RANLIB wanted by: ltmain.sh:2455 dnl dnl Libtoolize warning seems less harmful, therefore we leave this option in, for now. dnl AC_PROG_RANLIB AC_PROG_SED dnl Checks for libraries. dnl FIXME: Replace `main' with a function in `-ldl': AC_CHECK_LIB([dl], [main]) dnl Checks for header files. AC_CHECK_HEADERS([ \ limits.h \ stdlib.h \ string.h \ sys/socket.h \ sys/time.h \ syslog.h \ time.h \ unistd.h \ ]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_INLINE AC_TYPE_PID_T AC_TYPE_SIZE_T AC_TYPE_UID_T dnl Checks for library functions. AC_FUNC_MALLOC AC_CHECK_FUNCS([ \ getcwd \ getsid \ gettimeofday \ memmove \ memset \ socket \ strchr \ strdup \ strstr \ strtol \ ]) dnl Substitute these variables when creating (Make)files below - GENERIC AC_SUBST([PREFIX]) AC_SUBST([SYSCONFDIR]) dnl Substitute these variables when creating (Make)files below - CUSTOM dnl $libdir contains '${exec_prefix}' if not specified as ./configure --libdir=... dnl ${exec_prefix} contains 'NONE' if not specified as ./configure --exec-prefix=... SNOOPY_LIBDIR="`eval echo ${libdir} | sed -e s@^NONE@$prefix@ | sed -e s@^NONE@/usr/local@`" AC_SUBST([SNOOPY_LIBDIR]) ### Generate these header files # AC_CONFIG_HEADERS([config.h]) ### Generate these (Make)files # AC_CONFIG_FILES([Makefile bin/Makefile contrib/rhel/snoopy.spec contrib/sles/snoopy.spec doc/Makefile doc/internals/Makefile etc/Makefile etc/snoopy.ini src/Makefile src/datasource/Makefile src/filter/Makefile src/lib/Makefile src/output/Makefile]) AC_CONFIG_FILES([bin/snoopy-disable], [chmod +x bin/snoopy-disable]) AC_CONFIG_FILES([bin/snoopy-enable], [chmod +x bin/snoopy-enable]) dnl ============================================================================ dnl Decide where things are installed if test "x$prefix" = "xNONE" ; then PREFIX="/usr/local" else PREFIX="$prefix" fi if test "x$sysconfdir" = "x\${prefix}/etc" ; then SYSCONFDIR="$PREFIX/etc" else SYSCONFDIR="$sysconfdir" fi dnl ============================================================================ AC_ARG_ENABLE(config-file, [AC_HELP_STRING( [--enable-config-file], [enable INI configuration file parsing. If enabled, then path is SYSCONFDIR/snoopy.ini [default=disabled]] )], [ if test "x$enableval" = "xyes"; then config_file_path="$SYSCONFDIR/snoopy.ini" elif test "x$enableval" = "xno"; then config_file_path="" else AC_MSG_ERROR([--enable-config-file does not take an argument: $enableval]) fi ], # Not specified on command line [config_file_path=""] ) AS_IF([test "x$config_file_path" != "x"], [ AC_DEFINE_UNQUOTED(SNOOPY_CONF_CONFIG_FILE, "$config_file_path", [INI configuration file path to use]) ]) dnl CONFIG_FILE_ENABLED is used in: dnl - src/Makefile.am dnl - etc/Makefile.am AM_CONDITIONAL([CONFIG_FILE_ENABLED], [test "x$config_file_path" != "x"]) dnl ============================================================================ dnl ======= ENABLE ERROR LOGGING =============================================== dnl ============================================================================ AC_ARG_ENABLE(error-logging, [AC_HELP_STRING( [--enable-error-logging], [enable error logging through configured output - use only if you are developing Snoopy or having problems configuring it [default=disabled]] )], [ if test "x$enableval" = "xyes"; then enable_error_logging=yes # Specified as --enable-error-logging elif test "x$enableval" = "xno"; then enable_error_logging=no # Specified as --disable-error-logging else AC_MSG_ERROR([--enable-error-logging does not take an argument: $enableval]) fi ], [enable_error_logging=no] # Unspecified as ./configure argument ) AS_IF([test "x$enable_error_logging" = "xyes"], [ AC_DEFINE_UNQUOTED(SNOOPY_CONF_ERROR_LOGGING_ENABLED, 1, [Enable error logging]) ]) dnl ============================================================================ dnl ======= DEFAULT MESSAGE FORMAT ============================================= dnl ============================================================================ AC_ARG_WITH(message-format, [AC_HELP_STRING( [--with-message-format=FORMAT], [format to use to log messages with. For default value and available options, see etc/snoopy.ini and src/snoopy.h] )], [ if test "x$withval" = "x" -o "x$withval" = "xyes"; then AC_MSG_ERROR([--with-message-format requires an appropriate value (message format specification). See etc/snoopy.ini for syntax. To use default log message format, remove this argument from ./configure line.]) elif test "x$withval" = "xno"; then AC_MSG_ERROR([using --without-message-format is not supported, log message format is required, or omit this argument altogether to enable default log message format.]) else with_message_format="$withval" fi ], [with_message_format=""] ) AS_IF([test "x$with_message_format" != "x"], [ AC_DEFINE_UNQUOTED(SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom, "$with_message_format", [Custom message format to use]) ]) dnl ============================================================================ dnl ======= Enable/disable all data sources at once ============================ dnl ============================================================================ AC_ARG_ENABLE(all-datasources, [AC_HELP_STRING( [--disable-all-datasources], [disables all data sources at once. Use --enable-datasource-NAME to reenable individual data sources. [default=enabled]] )], [ if test "x$enableval" = "xyes"; then enable_all_datasources=yes elif test "x$enableval" = "xno"; then enable_all_datasources=no else AC_MSG_ERROR([--enable-all-datasources does not take an argument: $enableval]) fi ], [enable_all_datasources=yes] ) # ============================================================================== # ======= START section: ENABLE INDIVIDUAL DATA SOURCES ======================== # ============================================================================== SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [cmdline], [full command line including arguments]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [cwd], [current working directory]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [datetime], [current date and time in ISO 8601 format]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [egid], [effective GID]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [egroup], [effective literal group name]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [env], [particular environment variable]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [env_all], [all environment variables]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [euid], [effective UID]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [eusername], [effective literal username]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [filename], [full filename of process being executed]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [gid], [GID of process performing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [group], [literal group name of process performing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [login], [login username of user doing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [pid], [PID of process performing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [ppid], [parent PID of process performing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [rpname], [real parent name found up the process tree]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [sid], [session leader PID]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [snoopy_version], [installed Snoopy version]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [timestamp], [current Unix timestamp]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [timestamp_ms], [millisecond part of current Unix timestamp]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [timestamp_us], [microsecond part of current Unix timestamp]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [tty], [path to TTY performing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [tty_uid], [UID of TTY performing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [tty_username], [literal username of TTY performing the execution]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [uid], [numeric UID that executed the process]) SNOOPY_CONFIGURE_DATASOURCE_ENABLE( [username], [literal username of UID that executed the process]) # ============================================================================== # ======= END section: ENABLE INDIVIDUAL DATA SOURCES ========================== # ============================================================================== dnl ============================================================================ dnl ============================================================================ dnl ======= START section: FILTERING =========================================== dnl ============================================================================ dnl ============================================================================ dnl ============================================================================ dnl ======= SPECIAL FILTER: root-only ========================================== dnl ============================================================================ AC_ARG_ENABLE(root-only, [AC_HELP_STRING( [--enable-root-only], [only log commands executed by root. This is a special filter, with better performance than general filtering subsystem. If command is not run as root, Snoopy terminates very early, having almost no performance penalty. [default=disabled]] )], [ if test "x$enableval" = "xyes"; then enable_root_only=yes elif test "x$enableval" = "xno"; then enable_root_only=no else AC_MSG_ERROR([--enable-root-only does not take an argument: $enableval]) fi ], [enable_root_only=no] ) AS_IF([test "x$enable_root_only" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_ROOT_ONLY, 1, [Only log commands executed by root]) ]) dnl ============================================================================ dnl ======= ENABLE FILTERING =================================================== dnl ============================================================================ AC_ARG_ENABLE(filtering, [AC_HELP_STRING( [--enable-filtering], [enable general message filtering [default=disabled]] )], [ if test "x$enableval" = "xyes"; then enable_filtering=yes elif test "x$enableval" = "xno"; then enable_filtering=no else AC_MSG_ERROR([--enable-filtering does not take an argument: $enableval]) fi ], [enable_filtering=no] ) AS_IF([test "x$enable_filtering" = "xyes"], [ AC_DEFINE(SNOOPY_CONF_FILTERING_ENABLED, 1, [Enable filtering]) ]) AM_CONDITIONAL([FILTERING_ENABLED], [test "x$enable_filtering" == "xyes"]) dnl ============================================================================ dnl ======= WITH FILTER CHAIN ================================================== dnl ============================================================================ AC_ARG_WITH(filter-chain, [AC_HELP_STRING( [--with-filter-chain=CHAINSPEC], [default filter chain to use. See src/snoopy.h and src/filter/ for available filters [default=empty]] )], [ if test "x$withval" = "x" -o "x$withval" = "xno"; then # We allow it here, as it might be desired to not have any # filter chain configured by default, but will be configured # later, using configuration file. # Allowed: empty, no with_filter_chain="" elif test "x$withval" = "xyes"; then # This must be an error. AC_MSG_ERROR([--with-filter-chain requires an appropriate value (filter chain specification), even empty string will do (--with-filter-chain=""). To disable filtering by default, use --without-filter-chain. Filter chain can later be specified and consequentially enabled by using configuration file. For this to work, configuration file (--with-config-file) and general filtering (--enable-filter) must be enabled.]) else with_filter_chain="$withval" fi ], [with_filter_chain=""] ) AS_IF([test "x$with_filter_chain" != "x"], [ AC_DEFINE_UNQUOTED(SNOOPY_CONF_FILTER_CHAIN_custom, "$with_filter_chain", [Custom filter chain to use]) ]) # ============================================================================== # ======= Enable/disable all filters at once =================================== # ============================================================================== AC_ARG_ENABLE(all-filters, [AC_HELP_STRING( [--disable-all-filters], [disables all filters at once. This does not disable filtering in general. It only causes that none of filters is going to be built unless explicitly enabling it by specifying --enable-filter-NAME at ./confgure time. [default=enabled]] )], [ if test "x$enableval" = "xyes"; then enable_all_filters=yes elif test "x$enableval" = "xno"; then enable_all_filters=no else AC_MSG_ERROR([--enable-all-filters does not take an argument: $enableval]) fi ], [enable_all_filters=yes] ) # ============================================================================== # ======= START section: ENABLE INDIVIDUAL FILTERS ============================= # ============================================================================== SNOOPY_CONFIGURE_FILTER_ENABLE( [exclude_spawns_of], [This filter drops messages that originate for specified process trees.]) SNOOPY_CONFIGURE_FILTER_ENABLE( [exclude_uid], [This filter drops messages that match given UIDs.]) SNOOPY_CONFIGURE_FILTER_ENABLE( [only_root], [This filter passes only messages generated by root.]) SNOOPY_CONFIGURE_FILTER_ENABLE( [only_uid], [This filter passes only messages that match given UIDs.]) # ============================================================================== # ======= END section: ENABLE INDIVIDUAL FILTERS =============================== # ============================================================================== dnl ============================================================================ dnl ============================================================================ dnl ======= END section: FILTERING ============================================= dnl ============================================================================ dnl ============================================================================ dnl ============================================================================ dnl ============================================================================ dnl ======= START section: OUTPUTS ============================================= dnl ============================================================================ dnl ============================================================================ # ============================================================================== # ======= Enable/disable all outputs at once =================================== # ============================================================================== AC_ARG_ENABLE(all-outputs, [AC_HELP_STRING( [--disable-all-outputs], [disables all outputs at once. Use --enable-output-NAME to reenable individual outputs. [default=enabled]] )], [ if test "x$enableval" = "xyes"; then enable_all_outputs=yes elif test "x$enableval" = "xno"; then enable_all_outputs=no else AC_MSG_ERROR([--enable-all-outputs does not take an argument: $enableval]) fi ], [enable_all_outputs=yes] ) # ============================================================================== # ======= START section: ENABLE INDIVIDUAL OUTPUTS ============================= # ============================================================================== SNOOPY_CONFIGURE_OUTPUT_ENABLE( [devlog], [This is the default output of Snoopy.]) SNOOPY_CONFIGURE_OUTPUT_ENABLE( [file], [Write directly to file.]) SNOOPY_CONFIGURE_OUTPUT_ENABLE_FORCE( [socket], [Output "socket" is mandatory!]) SNOOPY_CONFIGURE_OUTPUT_DISABLE( [syslog], [WARNING: This output is causing system hangs with SystemD. Do not use it unless you are absolutely certain you know better!]) # ============================================================================== # ======= END section: ENABLE INDIVIDUAL OUTPUTS =============================== # ============================================================================== dnl ============================================================================ AC_ARG_WITH(default-output, [AC_HELP_STRING( [--with-default-output=OUTPUT_SPEC], [default output to use. See snoopy.ini or src/output/* for available values. [default=devlog]] )], [ if test "x$withval" = "x" -o "x$withval" = "xyes"; then # Enabled, but without explicit value AC_MSG_ERROR([--with-default-output requires an appropriate value]) elif test "x$withval" = "xno"; then # Explicitly disabled: --without-... AC_MSG_ERROR([using --without-default-output is not supported, as it makes no sense. Either define it explicitly, or, to use the default value, remove this argument from ./configure line.]) else # Enabled with explicit value definition default_output_val="$withval" # Separate output from argument if echo "$default_output_val" | grep ':' > /dev/null ; then default_output=`echo "$default_output_val" | cut -d: -f1` default_output_arg=`echo "$default_output_val" | cut -d: -f2-` else default_output="$default_output_val" default_output_arg="" fi # Strip "output" suffix if exists if ! echo "$default_output" | grep 'output$' > /dev/null ; then default_output=`echo "$default_output" | sed -e 's/output$//'` fi # Check if given output exist echo DEF_OUT: $default_output if test ! -f src/output/${default_output}output.c ; then AC_MSG_ERROR([--with-default-output value provided is invalid, output does not exist: $default_output]) fi fi ], # Not specified on ./configure line, decided in snoopy.h [ default_output="" default_output_arg="" ] ) AS_IF([test "x$default_output" != "x"], [ AC_DEFINE_UNQUOTED(SNOOPY_CONF_OUTPUT_DEFAULT, ["$default_output"], [Default output provider]) AC_DEFINE_UNQUOTED(SNOOPY_CONF_OUTPUT_DEFAULT_ARG, ["$default_output_arg"], [Default output arguments]) ]) dnl ============================================================================ dnl ============================================================================ dnl ======= END section: OUTPUTS =============================================== dnl ============================================================================ dnl ============================================================================ dnl ============================================================================ dnl ============================================================================ dnl ======= START section: SYSLOG ============================================== dnl ============================================================================ dnl ============================================================================ dnl ============================================================================ AC_ARG_WITH(syslog-facility, [AC_HELP_STRING( [--with-syslog-facility=FACILITY], [syslog facility to use when logging. Check 'man 3 syslog' or 'man openlog' for supported values [default=LOG_AUTHPRIV]] )], [ if test "x$withval" = "x" -o "x$withval" = "xyes"; then # Enabled, but without explicit value AC_MSG_ERROR([--with-syslog-facility requires an appropriate LOG_* value]) elif test "x$withval" = "xno"; then # Explicitly disabled: --without-... AC_MSG_ERROR([using --without-syslog-facility is not supported, syslog log facility is required. Either define it explicitly, or, to use the default value, remove this argument from ./configure line.]) else # Enabled with explicit value definition with_syslog_facility_val="$withval" # Check for value correctness syslog_facility_short=`echo "$with_syslog_facility_val" | awk '{print toupper($0)}' | sed -e 's/^LOG_//' | grep -E '^(AUTH|AUTHPRIV|CRON|DAEMON|FTP|KERN|LOCAL[0-7]|LPR|MAIL|NEWS|SYSLOG|USER|UUCP)$'` if test "x$syslog_facility_short" = "x"; then AC_MSG_ERROR([--with-syslog-facility value provided is invalid: $with_syslog_facility_val]) fi # Prefix value with LOG_ syslog_facility="LOG_$syslog_facility_short" fi ], # Not specified on ./configure line [syslog_facility="LOG_AUTHPRIV"] ) AC_DEFINE_UNQUOTED(SNOOPY_CONF_SYSLOG_FACILITY, [$syslog_facility], [Syslog facility to use by default]) dnl ============================================================================ AC_ARG_WITH(syslog-level, [AC_HELP_STRING( [--with-syslog-level=LEVEL], [syslog level to use when logging. Check 'man 3 syslog' or 'man openlog' for supported values [default=LOG_INFO]] )], [ if test "x$withval" = "x" -o "x$withval" = "xyes"; then # Enabled, but without explicit value AC_MSG_ERROR([--with-syslog-level requires an appropriate LOG_* value]) elif test "x$withval" = "xno"; then # Explicitly disabled: --without-... AC_MSG_ERROR([using --without-syslog-level is not supported, syslog log level is required. Either define it explicitly, or, to use the default value, remove this argument from ./configure line.]) else # Enabled with explicit value definition with_syslog_level_val="$withval" # Check for value correctness syslog_level_short=`echo "$with_syslog_level_val" | awk '{print toupper($0)}' | sed -e 's/^LOG_//' | grep -E '^(EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|DEBUG)$'` if test "x$syslog_level_short" = "x"; then AC_MSG_ERROR([--with-syslog-level value provided is invalid: $with_syslog_level_val]) fi # Prefix value with LOG_ syslog_level="LOG_$syslog_level_short" fi ], # Not specified on command line [syslog_level="LOG_INFO"] ) AC_DEFINE_UNQUOTED(SNOOPY_CONF_SYSLOG_LEVEL, [$syslog_level], [Syslog level to use by default]) dnl ============================================================================ dnl ============================================================================ dnl ======= END section: SYSLOG ================================================ dnl ============================================================================ dnl ============================================================================ dnl ============================================================================ dnl ======= Final output ======================================================= dnl ============================================================================ AC_OUTPUT snoopy-snoopy-2.3.1/configure.scan000066400000000000000000000021641253034143600172240ustar00rootroot00000000000000# -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ([2.69]) AC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS]) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADERS([config.h]) # Checks for programs. AC_PROG_CXX AC_PROG_AWK AC_PROG_CC AC_PROG_CPP AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET AC_PROG_RANLIB # Checks for libraries. # Checks for header files. AC_CHECK_HEADERS([limits.h stdlib.h string.h sys/socket.h sys/time.h syslog.h unistd.h]) # Checks for typedefs, structures, and compiler characteristics. AC_TYPE_PID_T AC_TYPE_SIZE_T AC_TYPE_UID_T # Checks for library functions. AC_FUNC_MALLOC AC_CHECK_FUNCS([getcwd gettimeofday memmove memset socket strchr strdup strstr strtol]) AC_CONFIG_FILES([Makefile bin/Makefile doc/Makefile doc/internals/Makefile etc/Makefile src/Makefile src/datasource/Makefile src/filter/Makefile src/lib/Makefile src/output/Makefile]) AC_OUTPUT snoopy-snoopy-2.3.1/contrib/000077500000000000000000000000001253034143600160325ustar00rootroot00000000000000snoopy-snoopy-2.3.1/contrib/debian/000077500000000000000000000000001253034143600172545ustar00rootroot00000000000000snoopy-snoopy-2.3.1/contrib/debian/README.Build.md000066400000000000000000000020331253034143600215670ustar00rootroot00000000000000# Snoopy Logger Debian / Ubuntu packages generation # You can find recipe to build a Debian/Ubuntu package in `contrib/debian`. You first need to symlink the `contrib/debian` to the project root directory. You also need to install all build dependencies: - debuild - debhelper - autoconf - dh-autoreconf The package is built into parent directory. You can install it using `dpkg`. Basically you need to run following commands: ln -nfs contrib/debian . apt-get install devscripts debhelper autoconf dh-autoreconf debuild --no-tgz-check -I.git -i'\.git/' dpkg -i ../libsnoopy_2.0.0rc5-1_amd64.deb NOTES: Debian package versionning is tricky when working on git repositories. You can keep track on per-commit version number using `git describe --tags`. For example the git version `snoopy-2.0.0rc5-3-g7845db6` should be read as: - `snoopy-2.0.0rc5`: Version as given by `git tag` - `3`: Number of commits ahead of current tag - `g7845db6`: the git commit SHA1 id. The Debian package version should be then `2:2.0.0rc5+git.3-1`. snoopy-snoopy-2.3.1/contrib/debian/README.Debian000066400000000000000000000030011253034143600213070ustar00rootroot00000000000000libsnoopy ========= Log format is: [login:%{login} ssh:(%{env:SSH_CONNECTION}) sid:%{sid} tty:%{tty} (%{tty_uid}/%{tty_username}) uid:%{username}(%{uid})/%{eusername}(%{euid}) gid:%{group}(%{gid})/%{egroup}(%{egid}) cwd:%{cwd}]: %{cmdline} With: - login: literal login name of logged-in user executing this process. Retrive the user login trying in order: - The login information from the processus. - the LOGNAME environment variable. - the SUDO_USER environment variable. return "unknown" otherwise. TIP to use with sudo and keep LOGNAME, add this in /etc/sudoers: Defaults env_reset Defaults env_keep="LOGNAME" - ssh: value of SSH_CONNECTION. - sid: Session leader process ID of current process. - tty: TTY of current process. - tty_uid: UID (User ID) of current controlling terminal, or -1 if not found. - tty_username: litaral username of current controlling terminal. - username: literal username of current process/ - uid: UID (User ID) of current process. - eusername: literal effective user name (User ID) of current process/ - euid: effective UID of current process. - group: literal group name (Group ID) of current process. - gid: GID (Group ID) number of currently running process. - egroup: literal effective group name (Group ID) of current process. - egid: effective UID of current process. - cwd: current working directory of current process. - cmdline: command line of current process. -- Sébastien Gross , Mon, 20 Oct 2014 01:56:35 +0200 snoopy-snoopy-2.3.1/contrib/debian/changelog000066400000000000000000000025511253034143600211310ustar00rootroot00000000000000snoopy (2:2.3.1rc1) UNRELEASED; urgency=medium * Bump version. * Change build options to enable filtering and config file. * Add conflict rules to avoid installing both the snoopy and libsnoopy pkgs -- Fred Mora Tue, 28 Apr 2015 22:01:18 -0400 snoopy (2:2.0.0rc5-1) unstable; urgency=low * Bump to version 2.0.0rc5. -- Sébastien Gross Sun, 19 Oct 2014 23:06:56 +0000 snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low * New automated build from: 1.8.0 - 71ea9e7 -- Sébastien Gross Mon, 19 Sep 2011 09:20:41 +0000 snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low * New automated build from: 1.8.0 - 71ea9e7 -- Sébastien Gross Mon, 19 Sep 2011 09:19:51 +0000 snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low * New automated build from: 1.8.0 - 71ea9e7 -- Sébastien Gross Mon, 19 Sep 2011 09:19:15 +0000 snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low * New automated build from: 1.8.0 - 71ea9e7 -- Sébastien Gross Mon, 19 Sep 2011 09:15:26 +0000 snoopylogger (1:1.8.0+git.6-1) unstable; urgency=low * Initial version -- Sébastien Gross Mon, 21 Mar 2011 14:38:12 +0000 snoopy-snoopy-2.3.1/contrib/debian/compat000066400000000000000000000000021253034143600204520ustar00rootroot000000000000007 snoopy-snoopy-2.3.1/contrib/debian/control000066400000000000000000000014561253034143600206650ustar00rootroot00000000000000Source: snoopy Section: admin Priority: extra Maintainer: Sébastien Gross Build-Depends: debhelper (>= 7.0.50), autoconf (>=2.63), dh-autoreconf Standards-Version: 3.9.3 Homepage: https://github.com/a2o/snoopy Package: libsnoopy Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: snoopy Replaces: snoopy Description: execve() wrapper and logger snoopylogger is merely a shared library that is used as a wrapper to the execve() function provided by libc as to log every call to syslog (authpriv). system administrators may find snoopylogger useful in tasks such as light/heavy system monitoring, tracking other administrator's actions as well as getting a good 'feel' of what's going on in the system (for example apache running cgi scripts). snoopy-snoopy-2.3.1/contrib/debian/copyright000066400000000000000000000025241253034143600212120ustar00rootroot00000000000000This package was debianized by Sébastien Gross on Sun, 20 Mar 2011 18:18:31 +0000. It was downloaded from https://github.com/a2o/snoopy Upstream Author: Marius Bostjan Skufca Copyright: Copyright (C) 2000 Marius Copyright (c) 2015 Bostjan Skufca License: This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. The Debian packaging is (C) 2011, Sébastien Gross and is licensed under the GPL, see above. snoopy-snoopy-2.3.1/contrib/debian/libsnoopy.postinst000077500000000000000000000022761253034143600231110ustar00rootroot00000000000000#!/bin/sh # postinst script for snoopylogger # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package LIB_SNOOPY='/lib/libsnoopy.so' case "$1" in configure) if ! test -e /etc/ld.so.preload; then echo "$LIB_SNOOPY" >> /etc/ld.so.preload fi if ! grep $LIB_SNOOPY /etc/ld.so.preload; then echo "$LIB_SNOOPY" >> /etc/ld.so.preload fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 snoopy-snoopy-2.3.1/contrib/debian/libsnoopy.prerm000077500000000000000000000016471253034143600223540ustar00rootroot00000000000000#!/bin/sh # prerm script for snoopylogger # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|deconfigure) sed -i 's,/lib/libsnoopy.so,,' /etc/ld.so.preload ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 snoopy-snoopy-2.3.1/contrib/debian/rules000077500000000000000000000016501253034143600203360ustar00rootroot00000000000000#!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # to run with quilt use this instead: # dh --with quilt $@ %: dh $* $@ --with autoreconf override_dh_auto_configure: ./configure \ --build=x86_64-linux-gnu \ --prefix=/ \ --includedir=\${prefix}/include \ --mandir=\${prefix}/share/man \ --infodir=\${prefix}/share/info \ --sysconfdir=/etc --localstatedir=/var \ --libexecdir=\${prefix}/lib/snoopy \ --disable-maintainer-mode \ --disable-dependency-tracking \ --enable-filtering \ --enable-config-file \ --with-message-format='[login:%{login} ssh:(%{env:SSH_CONNECTION}) sid:%{sid} tty:%{tty} (%{tty_uid}/%{tty_username}) uid:%{username}(%{uid})/%{eusername}(%{euid}) gid:%{group}(%{gid})/%{egroup}(%{egid}) cwd:%{cwd}]: %{cmdline}' override_dh_install: dh_install rm \ debian/libsnoopy/bin/snoopy-test-output \ debian/libsnoopy/lib/libsnoopy.la snoopy-snoopy-2.3.1/contrib/debian/snoopy.dirs000066400000000000000000000000211253034143600214570ustar00rootroot00000000000000usr/bin usr/sbin snoopy-snoopy-2.3.1/contrib/debian/snoopy.lintian-overrides000066400000000000000000000003571253034143600241700ustar00rootroot00000000000000snoopy changes: changed-by-address-malformed Sébastien Gross libsnoopy: new-package-should-close-itp-bug libsnoopy: maintainer-address-malformed Sébastien Gross snoopy-snoopy-2.3.1/contrib/debian/source.lintian-overrides000066400000000000000000000002231253034143600241310ustar00rootroot00000000000000snoopy source: native-package-with-dash-version snoopy source: maintainer-address-malformed Sébastien Gross snoopy-snoopy-2.3.1/contrib/rhel/000077500000000000000000000000001253034143600167645ustar00rootroot00000000000000snoopy-snoopy-2.3.1/contrib/rhel/snoopy.spec.in000066400000000000000000000017631253034143600216030ustar00rootroot00000000000000Name: snoopy Version: @PACKAGE_VERSION@ Release: 1%{?dist} Summary: Snoopy is a wrapper around execve() that logs all executed commands by all users and processes to syslog. License: GPLv2 URL: https://github.com/a2o/snoopy Source0: snoopy-%{version}.tar.gz %description Snoopy is designed to aid a sysadmin by providing a log of commands executed. Snoopy is completely transparent to the user and applications. It is linked into programs to provide a wrapper around calls to execve(). Logging is done via syslog. %prep %autosetup %build %configure make %{?_smp_mflags} %install %make_install mkdir %{buildroot}/etc install -m 0644 etc/snoopy.ini %{buildroot}/%{_sysconfdir}/snoopy.ini %files %doc ChangeLog COPYING %{_bindir}/* %{_libdir}/* %{_sbindir}/* %{_sysconfdir}/* %post -p /usr/sbin/snoopy-enable %preun -p /usr/sbin/snoopy-disable %changelog * Tue Nov 4 2014 Jeremy Brown 2.0.0rc12-1 - Initial RPM spec for snoopy. snoopy-snoopy-2.3.1/contrib/sles/000077500000000000000000000000001253034143600170005ustar00rootroot00000000000000snoopy-snoopy-2.3.1/contrib/sles/snoopy.spec.in000066400000000000000000000024721253034143600216150ustar00rootroot00000000000000Summary: User monitoring and command logging Name: snoopy Version: @PACKAGE_VERSION@ Release: 1%{dist} URL: https://github.com/a2o/snoopy Group: Applications/Monitoring BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: git, gcc, make License: GPL Packager: Taylor Kimball %description Snoopy Logger, logs all the commands issued by local users on the system. It is very useful to track and monitor the users. %prep %setup -T -c %build git clone https://github.com/a2o/%{name}.git pushd %{name} %configure %{__make} %install pushd %{name} %{__install} -d -m 755 %{buildroot}%{_bindir} %{__install} -d -m 755 %{buildroot}%{_libdir} %{__install} -d -m 755 %{buildroot}%{_sysconfdir} %{__install} -m 755 detect %{buildroot}%{_bindir} %{__install} -m 755 %{name}.so %{buildroot}%{_libdir} echo "%{_libdir}/%{name}.so" >> %{buildroot}%{_sysconfdir}/ld.so.preload %clean rm -rf %{buildroot} %files %defattr(-,root,root,-) %doc %{name}/ChangeLog %{name}/COPYING %{name}/README.filtering %{name}/README.md %{name}/TODO %config(noreplace) %{_sysconfdir}/ld.so.preload %{_bindir}/detect %{_libdir}/%{name}.so %changelog * Fri Sep 12 2014 Taylor Kimball - @PACKAGE_VERSION@-1 - Initial spec. snoopy-snoopy-2.3.1/doc/000077500000000000000000000000001253034143600151375ustar00rootroot00000000000000snoopy-snoopy-2.3.1/doc/CONTRIBUTING.md000066400000000000000000000162661253034143600174030ustar00rootroot00000000000000# Contributing to Snoopy development [![Flattr Snoopy Logger project](http://api.flattr.com/button/flattr-badge-large.png)](https://flattr.com/submit/auto?user_id=a2o&url=https://github.com/a2o/snoopy&title=Snoopy Logger) New ideas are welcome. Most of change requests so far were about additional log data or filtering capabilities, therefore most of development/changes is expected in that area. Table of Contents ================= * [Contributing to Snoopy development](#contributing-to-snoopy-development) * [Basic rules for data source development](#basic-rules-for-data-source-development) * [Filter development rules](#filter-development-rules) * [Creating feature documentation](#creating-feature-documentation) * [Creating pull requests for upstream merges](#creating-pull-requests-for-upstream-merges) ## Basic rules for data source development - data sources are located in src/datasource/; - data source names should be lower case, with underscores for word separation; - data about currently executing process is available in src/inputdatastorage.* files. Consult existing data sources on how to use it (filename for example); - each data source must be self-sufficient. Do not rely on other parts of Snoopy; - each data source must be tidy (free all mallocs, close all file descriptors); - the first argument passed to each provider is a char array to return message into; - data source message must not be longer than SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE; - each data source must have a corresponding header file; - all data sources must build with -Wall -Werror flags (enabled by default); - code indentation: 4 spaces, no tabs; - reserverd data source names: - snoopy* If you have developed a shiny new data source and you would like to start using it with Snoopy, you have to add it to the following files to make Snoopy fully aware of it: - src/datasource/NAME.h (your data source's main header file) - src/datasource/NAME.c (your data source's main source code goes here) - src/datasource/Makefile.am (one reference) - src/datasourceregistry.c (three references - header, name and function name) - configure.ac (one reference) - etc/snoopy.ini.in (one reference in comments, for documentation purposes) - Changelog (short description of new feature) ## Filter development rules Rules for filter development are the same as for new data source development, with the following additional specifics: - filters are located in src/filter/; - each filter is passed two arguments: - logMessage and - filter argument (if any, otherwise an empty string is passed); - filter argument is literal. If it contains multiple arguments (separated by comma, for example), the filter itself must do the parsing/tokenization. - filter MAY modify logMessage. If it does so, the new log message MUST NOT EXCEED the maximum log message size, defined in snoopy.h. - filter MUST return SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP constant; - if SNOOPY_FILTER_DROP is returned by filter, it causes immediate termination of filter chain processing and message is not logged to syslog; - reserved filter names: - snoopy* If you have developed a shiny new filter and you would like to start using it with Snoopy, you have to add it to the following files to make Snoopy fully aware of it: - src/filter/NAME.h (your filter's main header file) - src/filter/NAME.c (your filter's main source code goes here) - src/filter/Makefile.am (one reference) - src/filterregistry.c (three references - header, name and function name) - configure.ac (one reference) - etc/snoopy.ini.in (one reference in comments, for documentation purposes) - Changelog (short description of new feature) ## Output development rules Rules for new output development are the same as for new filter development, with the following additional specifics: - outputs are located in src/output/; - as output names are generally very generic, files and functions are suffixed with "...output"; - each output is passed three arguments: - logMessage - flag whether logMessage is a regular Snoopy log message or an error message - output argument string (might not be used by output) - output argument is literal. If it contains multiple arguments (separated by comma, for example), the output itself must do the parsing/tokenization. - reserved output names: - snoopy* If you have developed a shiny new output and you would like to start using it with Snoopy, you have to add it to the following files to make Snoopy fully aware of it: - src/output/NAME.h (your output's main header file) - src/output/NAME.c (your output's main source code goes here) - src/output/Makefile.am (one reference) - src/outputregistry.c (three references - header, name and function name) - src/configfile.c (one reference) - src/snoopy.h (one reference (or more if this is the new default output)) - configure.ac (one reference) - etc/snoopy.ini.in (one reference in comments, for documentation purposes) - Changelog (short description of new feature) ## Creating feature documentation Here is a brief description of Snoopy documentation structure. File /README.md: - general information and quick install instructions; Directory /doc/: - documentation which is useful to average Snoopy user; - /doc/INSTALL.md: detailed installation instructions; - /doc/FAQ.md: location of answers to frequently asked questions; - /doc/DATA-SOURCES.md: general, data-sources-specific information; - /doc/DATA-SOURCE_complex_data_source_name.md: documentation for advanced and configurable data source called "complex_data_source_name", which has its code located in src/datasource/complex_data_source_name.c; (also, do not include "_name" suffix in data source's name:); - /doc/FILTERING.md: filtering-specific information; - /doc/FILTER_complex_filter_name.md: documentation for advanced filter called "complex_filter_name", which has its code located in src/filter/complex_filter_name.c; Directory /doc/internals/: - location of documetation useful to Snoopy developers and contributors; - /doc/internals/README.md: main document about Snoopy internals ## Creating pull requests for upstream merges Commits: - your commits should be easily readable, with concise comments; - your commits should follow the KISS principle: do one thing, and do it well. Branching: - branch name: feature/my-shiny-new-snoopy-feature-title for new features; - branch name: bugfix/my-totally-non-hackish-workaround for bugfixes; - branch name: master (avoiding creating dedicated branch) may only be used for trivial fixes. Pull requests: - do not create pull requests from master branch, unless absolutely sure to do so; - one pull request should contain one change only (one bugfix or one feature at a time); - if you have developed multiple features and/or bugfixes, create separate branches for each one of them, and request merges for each branch; - the cleaner you code/change/changeset is, the faster it will be merged. That is it. Happy coding! :) snoopy-snoopy-2.3.1/doc/FAQ.md000066400000000000000000000037121253034143600160730ustar00rootroot00000000000000# Snoopy Logger FAQ ### 1. Snoopy hangs my RedHat/Fedora/CentOS/other system **OBSOLETE, FIXED IN SNOOPY 1.9.0** Due to bug described at the URIs below, **please make sure you test your Snoopy installation before you deploy it to production**. The bug manifests itself at shutdown, when system hangs instead of finishing the whole shutdown procedure. So far this has only been reproduced on Fedora, and there is a reference to Hyper-Threading, but no one has come up with a valid solution, only workarounds. Bug descriptions: * https://bugzilla.redhat.com/show_bug.cgi?id=745603 * https://github.com/a2o/snoopy/issues/1 How to test: * Configure, build, install, enable * Make sure it is working by tailing log files * Reboot #1 * Reboot #2. If second reboot is successful, you are on the safe side Distributions known to work OK (all 64-bit, all tested with 2.0.0+ versions): * CentOS 6.5 * Debian 7 * Ubuntu Server 12.04.01, 14.04 * Slackware 12.2+ ### 2. Snoopy hangs my RH/CentOS/(other-systemd-based) system **HAPPY ANNOUNCEMENT: Snoopy version 2.2.0 resolved boot problems on RHEL/CentOS 7.** More info: https://github.com/a2o/snoopy/issues/28 ~DO NOT INSTALL Snoopy on CentOS 7 just yet!~~ ~For currently unknown reason, when Snoopy is installed, CentOS 7 does not boot.~~ ~Here is the issue tracker entry:~~ ~https://github.com/a2o/snoopy/issues/28~~ ### 3. PulseAudio fills logs when Snoopy is installed Issue was originally reported here: https://github.com/a2o/snoopy/issues/29 Transcript of original content (a bit condensed): If, like us, you have users running desktop environments, you'll find pulseaudio filling your logs because of Snoopy. Workaround: * edit /etc/pulse/client.conf * if exists, uncomment line that starts with "autospawn" and change value to "no" * if not, add a line "autospawn = no" That should fix your issue. (Thanks to https://github.com/sykosoft for reporting this and providing a solution.) snoopy-snoopy-2.3.1/doc/FILTER_exclude_spawns_of.md000066400000000000000000000124031253034143600222360ustar00rootroot00000000000000# The exclude_spawns_of filter ## Purpose of the filter When Snoopy is installed, it will generate a log message for every executable that runs. This includes the programs invoked by cron and other system daemons. All these messages create noise in the logs and tends to drown useful information. So filtering out messages created by cron jobs is therefore a useful feature. That's what the exclude_spawns_of filter does. ## Terms used In this page, we use the following terms: - Process tree: this is the graph of processes running on your system, starting at init (process 1) at the top, and going down from parent to child processes. - Ancestor: A process _A_ is the ancestor of process _P_ if you can start from _P_ in the process tree and go up one or more levels until you find _A_. - Descendant: A process _D_ is a descendant of process _P_ if _P_ is the ancestor of _D_. A synonym for _spawn_. ## Setting up the filter The filter takes a comma-separated list of program names as a parameter. If the current process is a descendant of one of the named programs, the filter will drop the message. So if you want to avoid logging programs executed by cron jobs or their descendants, just put filter_chain = "exclude_spawns_of:cron" in the `snoopy.ini` file. The list of program names after the `exclude_spawns_of:` is called the _black list_. It is a list of ancestors for which the log message should be dropped. Of course, your filter chain can include other filters. See snoopy.ini for examples. If you also want to avoid logging the executables launched by `mydaemon`, you can add it to the black list: filter_chain = "exclude_spawns_of:cron,mydaemon" Do not put spaces around the colon or the commas! ## The gory details The filter walks up the process tree and examines the ancestors of the current process, starting from the parent of the current process. For each ancestor, the filter compares the name of the executable with the black list. If there is a match, the filter drops the message. A name listed in the black list can be a binary name or a script name. If you have a doubt, find the program that you want to add in the list and run the command cat /proc/nnnn/stat where _nnnn_ is the PID of the program. The output of the command will list a name between parentheses in the second word. That name (without the parentheses!) is what you need to add in the black list. If the filter encounters an error, it will pass the message. ## Installing and testing the filter ### Compiling If you install from source, make sure that the following options are passed to `./configure`: --enable-filtering --enable-config-file For debian, these options are in `debian/rules`. ### Installing The filter is installed along with the rest of Snoopy, there is no separate package. ### Setting up We assume you are running as root or sudoing as needed. If you installed from a package that was correctly configured, you should see the file `/etc/snoopy.ini` in your system. If this file is missing, it means that the version of Snoopy you installed was compiled without the `--enable-config-file` option. It cannot be used here. Please install a different version. We are going to modify the ini file to make sure the filter works. Change the default message format in `/etc/snoopy.ini`. For example, we add the PID of the process: message_format = "[pid:%{pid} uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" Next, we will create an easy-to-test black list. Add the following line in `/etc/snoopy.ini`: filter_chain = "exclude_spawns_of:cron,sh" We specified that Snoopy should not log programs spawned by cron and sh. We assume here that you run bash as the standard shell. You can verify that this is the case with the command: getent passwd $USER The last string in the command output is your login shell, `bash` by default. ### Verifying that Snoopy reads the ini file Let's enable Snoopy with the command: snoopy-enable You can check that the `/etc/ld.so.preload` file now contains something like `/lib/libsnoopy.so`. Open another window and run `tail -f /var/log/auth.log` to check that Snoopy works. Snoopy works only for processes started after it's enabled, so let's invoke a new shell with the command bash Within that new shell, run ls. You will see a message in `auth.log` that looks like this: ``` Apr 24 21:41:57 fred-vm-ub1 snoopy[2320]: [pid:2320 uid:1000 sid:1872 tty:/dev/pts/0 cwd:/home/fmora filename:/bin/ls]: ls ``` This shows that Snoopy read the ini file and parsed the `message_format` parameter. ### Testing the filter Remember that your default shell is bash, and that you added the `sh` shell to the black list. So let's run the command `sh` to start an instance of this shell. You should see that Snoopy records it in the log (since its ancestors are not blacklisted). However, type `ls` or other commands within the new `sh` shell. You should see that Snoopy does not log these commands, since they are a descendant of the blacklisted `sh`. Start a bash shell within sh by typing `bash`. Within bash, type `ls` or other commands. Snoopy does not log them. This is because these commands are still descendants from the blacklisted `sh`. This shows that the filter works. You can now set the black list as you need. snoopy-snoopy-2.3.1/doc/INSTALL.md000066400000000000000000000207231253034143600165730ustar00rootroot00000000000000# Snoopy Logger Installation Instructions * [Snoopy Logger Installation Instructions](#snoopy-logger-installation-instructions) * [Available installation methods:](#available-installation-methods) * [1. Automated installation procedure](#1-automated-installation-procedure) * [2. Installing Snoopy from distribution package repositories](#2-installing-snoopy-from-distribution-package-repositories) * [2.1 Building distribution-specific packages yourself](#21-building-distribution-specific-packages-yourself) * [3. Building Snoopy from sources](#3-building-snoopy-from-sources) * [3.1 Download options](#31-download-options) * [3.2 Installation procedure](#32-installation-procedure) * [3.3 Build configuration](#33-build-configuration) * [3.3.1 Configuring log output](#331-configuring-log-output) * [3.3.2 Configuring filtering](#332-configuring-filtering) * [3.3.3 Optional configuration file support](#333-optional-configuration-file-support) * [4 How to enable/activate Snoopy](#4-how-to-enableactivate-snoopy) * [4.1 Enable for specific program](#41-enable-for-specific-program) * [4.2 Enable system-wide Snoopy on 32-bit-only or 64-bit-only systems](#42-enable-system-wide-snoopy-on-32-bit-only-or-64-bit-only-systems) * [4.3 For multilib systems](#43-for-multilib-systems) * [4.4 For multilib systems with LD_PRELOAD_* environmental variables](#44-for-multilib-systems-with-ld_preload_-environmental-variables) * [5 Snoopy output](#5-snoopy-output) * [6 How to disable Snoopy](#6-how-to-disable-snoopy) ## Available installation methods: * automated installation procedure (preferred, installs latest version), or * using packages provided by your Linux distribution, or * building it manually. ### 1. Automated installation procedure To start automated installation procedure for **STABLE** version of Snoopy, run this command: wget -q -O - https://github.com/a2o/snoopy/raw/stable/bin/snoopy-install.sh | sh To start automated installation procedure for **DEVELOPMENT** version of Snoopy, run this command: wget -q -O - https://github.com/a2o/snoopy/raw/master/bin/snoopy-install.sh | sh **WARNING: This manual is for latest Snoopy version only. Any version that is not the latest is not supported. Please do not submit any bug/feature/change requests related to unsupported versions.** ### 2. Installing Snoopy from distribution package repositories This is generally simple, if some maintainer already created snoopy package for you. How to install distribution-provided packages is out of scope of this manual. Generally you would do something like this: apt-get install snoopy yum install snoopy zypper install snoopy #### 2.1 Building distribution-specific packages yourself The following Linux distributions have their corresponding package definition files available in the contrib/ directory: * Debian/Ubuntu, in contrib/debian/ * RHEL/CentOS/Fedora, in contrib/rhel/ * SLES/OpenSUSE, in contrib/sles/ The contents of contrib/ directory is user-supplied and therefore not supported. Patches however are gladly accepted. ### 3. Building Snoopy from sources #### 3.1 Downloading source You can download Snoopy release tarballs from this location: http://source.a2o.si/download/snoopy/ You can clone the latest Snoopy sources from GitHub: ``` git clone https://github.com/a2o/snoopy.git ``` #### 3.2 Installation procedure Snoopy supports various features that can be enabled by supplying arguments to configure command. Consult `./configure --help' for more information. # Only if you are building directly from git repository: ./bootstrap.sh # Check configuration options, see section 3.3 for details: ./configure --help # Then continue with normal build procedure: ./configure [OPTIONS] make make install # At this point, Snoopy is **installed but not yet enabled**. # Enable it make enable # Reboot your system for Snoopy to be picked by all programs. reboot #### 3.3 Build configuration ##### 3.3.1 Configuring log output Snoopy already has default log message format configured, but by using "./configure --with-message-format=FORMAT" you can adjust it to your needs. Log message format specification example: --with-message-format="text1:%{datasource1} text2:%{datasource2} text3:%{datasource3:arg}" Text outside %{...} is considered literal and is copied as-is to final log message. On the other hand, text found within %{...} has special meaning: it retrieves data from specified data source. If data source specification contains a colon, then text before colon is considered data source name, and text following the colon is passed as an argument to the data source provider in question. ##### 3.3.2 Configuring filtering Snoopy supports message filtering. Filtering support must be enabled at build time, here is an example: # REQUIRED TO ENABLE FILTERING FEATURE --enable-filtering # HOW TO DEFINE FILTER CHAINS --with-filter-chain="FILTER_CHAIN_SPEC" By default, if FILTER_CHAIN_SPEC is not configured. An empty string is used instead, which effectively disables filtering and all Snoopy messages are passed to the configured output. See sample configuration file etc/snoopy.ini for list and description of supported filter configurations. ##### 3.3.3 Optional configuration file support Snoopy supports optional configuration file, which may help with development and/or configuration endeavours. Configuration file must be enabled at build time: --enable-config-file Configuration file is installed as SYSCONFDIR/snoopy.ini. SYSCONFDIR can be changed with --sysconfdir=PATH configuration directive. See sample configuration file etc/snoopy.ini for list and description of supported configuration directives. ### 4 How to enable/activate Snoopy #### 4.1 Enable for specific program If you wish to monitor only certain applications you can do so through the LD_PRELOAD environmental variable - simply set it to the full path to libsnoopy.so shared library before starting the application. Example: export LD_PRELOAD=/usr/local/lib/libsnoopy.so # default path lynx http://linux.com/ unset LD_PRELOAD #### 4.2 Enable system-wide Snoopy on 32-bit-only or 64-bit-only systems WARNING: Using this method on multilib systems (64-bit systems capable WARNING: of running 32-bit applications) can cause malfunction because WARNING: preload config file /etc/ld.so.preload makes no distinction WARNING: between 32- and 64-bit programs and shared libraries. # Use special Snoopy-enabling script snoopy-enable # Or enable it using build tools make enable Explanation: An entry is created in /etc/ld.so.preload file which causes execv() and execve() system calls to be intercepted by Snoopy and logged via syslog. #### 4.3 For multilib systems Content of /etc/ld.so.preload should include the following line: /usr/local/$LIB/libsnoopy.so This applies only when you have installed both 32bit and 64bit version of the library in the appropriate paths. #### 4.4 For multilib systems with LD_PRELOAD_* environmental variables On systems that support LD_PRELOAD_32 and LD_PRELOAD_64 you can use those variables to force loading of Snoopy. If you with to enable it system-wide, ensure that correct values are held by those variables at boot time. Consult section 4.a of this README on how to set environmental variables. Setting them at boot time is usually distro- dependent. Users are also required to compile 32-bit version of library. To do so on 64-bit systems it is usually enough to set appropriate CFLAGS: CFLAGS=-m32 ./configure [OPTIONS] Of course your system must be cross-compilation capable. Consult your OS documentation for details on this subject. ### 5 Snoopy output The exact location of your Snoopy output depends on your syslog configuration. Usually it gets stored in one of the following files: /var/log/auth* /var/log/messages /var/log/secure ### 6 How to disable Snoopy The simplest way is by using special script: snoopy-disable To manually disable Snoopy, simply edit /etc/ld.so.preload and remove reference to libsnoopy.so. Also unset any environmental variable that references Snoopy (LD_PRELOAD, LD_PRELOAD_32 and LD_PRELOAD_64). Then you may also delete Snoopy shared library from your system. Default installation path of Snoopy shared library is: /usr/local/lib/libsnoopy.so snoopy-snoopy-2.3.1/doc/Makefile.am000066400000000000000000000004541253034143600171760ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### First process all required subdirs # SUBDIRS = internals ### Include documentation in final release package # EXTRA_DIST +=\ CONTRIBUTING.md \ FAQ.md \ FILTER_exclude_spawns_of.md \ INSTALL.md snoopy-snoopy-2.3.1/doc/internals/000077500000000000000000000000001253034143600171365ustar00rootroot00000000000000snoopy-snoopy-2.3.1/doc/internals/Makefile.am000066400000000000000000000002571253034143600211760ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### Include documentation in final release package # EXTRA_DIST +=\ README.md snoopy-snoopy-2.3.1/doc/internals/README.md000066400000000000000000000024651253034143600204240ustar00rootroot00000000000000# Snoopy Logger Internals ## How does Snoopy actually work? Snoopy installs itself as a preloaded library that provides a wrapper around execv() and execve() syscall. Logging is done via syslog. Snoopy should be completely transparent to users and to applications. ## Architectural note execv() calls are now explicitly logged. Although, according to the man page for execv(), it is supposed to call execve(). To this date the reason why execv() calls weren't being logged is unknown, but we are working to find out why. ## Further information * Read the code. * Start at [../../src/libsnoopy.c](../../src/libsnoopy.c). This is essential. Here the execv()/execve() syscalls are intercepted and forwarded to internal Snoopy functions. Once Snoopy is done, execution is forwarded back to real execv()/execve() syscall. * Continue with [../../src/log.c](../../src/log.c). Here you can learn how Snoopy log message is generated (using data sources) and dispatched to configured output. * Configuration file parsing code is here: [../../src/configfile.c](../../src/configfile.c). * Data sources are located here: [../../src/datasource/](../../src/datasource/). * Filters are located here: [../../src/filter/](../../src/filter/). * Outputs are located here: [../../src/output/](../../src/output/). snoopy-snoopy-2.3.1/doc/releasing/000077500000000000000000000000001253034143600171105ustar00rootroot00000000000000snoopy-snoopy-2.3.1/doc/releasing/RELEASE-HOWTO.txt000066400000000000000000000025531253034143600216340ustar00rootroot00000000000000################################################################################ ### ### How to release a new version of Snoopy Logger ### ################################################################################ Steps: 1. Run these tools to ensure that code quality consistency: 1a. Run autoscan and compare results: - 'autoscan' - use 'git diff' to see if anything changed from previous run - add suggestions to configure.ac - compare configure.scan to configure.ac - update config.h.in - commit 1b. Create build and upload it to Coverity: - ./doc/releasing/bin/submit-to-coverity.sh - check coverity for errors, fix them 2. Update documentation TOCs - use this tool: https://github.com/ekalinin/github-markdown-toc - commit 3. Update version info: - 1. in ChangeLog - 2. in configure.ac - 3. in README.md (displayed on GitHub front page) - commit with sign-off, with exact message "Release X.Y.Z" on the first line - git add ChangeLog configure.ac README.md - git commit -s -m "Release X.Y.Z" 4. Create git tag: - called 'snoopy-X.Y.Z' # For github to provide proper Snoopy release tarball name - we do not use that anymore - git tag snoopy-X.Y.Z 5. Release it - cd to the repo root - run "./doc/releasing/bin/create-release.sh snoopy-x.y.z" snoopy-snoopy-2.3.1/doc/releasing/bin/000077500000000000000000000000001253034143600176605ustar00rootroot00000000000000snoopy-snoopy-2.3.1/doc/releasing/bin/create-release.sh000077500000000000000000000147341253034143600231110ustar00rootroot00000000000000#!/bin/bash ### Settings # PUBLIC_GIT_REMOTE_NAME="github-a2o" ### Check working directory if [ ! -d "doc/releasing" ]; then echo "ERROR: You have to run this script in the root of the git repository" exit 1 fi ### Check release tag RELEASE_TAG="$1" if [ "x$RELEASE_TAG" == "x" ]; then echo "ERROR: No release tag specified. Please use: $0 snoopy-X.Y.Z" exit 1 fi ### Check if release tag is properly formatted if [[ ! "$RELEASE_TAG" =~ ^snoopy- ]]; then echo "ERROR: Release tag is not properly formatted - snoopy-x.y.z format is required" exit 1 fi RELEASE_VERSION=`echo "$RELEASE_TAG" | sed -e 's/snoopy-//'` ### Check if release tag exists RES=`git tag | grep "^$RELEASE_TAG\$"` if [ "$RES" != "$RELEASE_TAG" ]; then echo "ERROR: Release tag does not exist, please create it with: git tag snoopy-X.Y.Z" exit 2 fi ### Check if first line of tagged commit contains "Release X.Y.Z" RES=`git log -1 --pretty="%B" $RELEASE_TAG | head -n1 | grep "^Release $RELEASE_VERSION\$" -c` if [ "$RES" -ne "1" ]; then echo "ERROR: Release commit does not contain this message as first line: 'Release $RELEASE_VERSION'" exit 2 fi ### Check if git remote with required name exists RES=`git remote | grep "^$PUBLIC_GIT_REMOTE_NAME\$" -c` if [ "$RES" -ne "1" ]; then echo "ERROR: Required git remote not found: '$GIT_REMOTE_NAME'" exit 2 fi ### Check for uncommited changes in the current repo # # Uncommited changes are allowed, but only in special locations # RES=`git status -s | grep -v ' doc/releasing/' | grep -c .` if [ "$RES" -ne "0" ]; then echo "ERROR: There are unallowed uncommited changes in git repository. Please commit/stash and try again." echo git status -s echo exit 2 fi ### Paths and filenames DIR_REPO=`pwd` FILENAME_RELEASE="snoopy-$RELEASE_VERSION.tar.gz" FILENAME_RELEASE_MD5="snoopy-$RELEASE_VERSION.tar.gz.md5" FILENAME_RELEASE_SHA1="snoopy-$RELEASE_VERSION.tar.gz.sha1" FILENAME_RELEASE_SIZE="snoopy-$RELEASE_VERSION.tar.gz.size" FILENAME_LATEST_VERSION="snoopy-latest-version.txt" FILENAME_LATEST_PACKAGE_FILENAME="snoopy-latest-package-filename.txt" FILE_RELEASE="$DIR_REPO/$FILENAME_RELEASE" FILE_RELEASE_MD5="$DIR_REPO/$FILENAME_RELEASE_MD5" FILE_RELEASE_SHA1="$DIR_REPO/$FILENAME_RELEASE_SHA1" FILE_RELEASE_SIZE="$DIR_REPO/$FILENAME_RELEASE_SIZE" FILE_LATEST_VERSION="$DIR_REPO/$FILENAME_LATEST_VERSION" FILE_LATEST_PACKAGE_FILENAME="$DIR_REPO/$FILENAME_LATEST_PACKAGE_FILENAME" PUBLIC_DL_SSH_HOST="source.a2o.si" PUBLIC_DL_SSH_PATH="/var/www/source.a2o.si/public/download/snoopy" PUBLIC_DL_URI_PREFIX="http://source.a2o.si/download/snoopy" ### Determine if this version is stable or development release if [[ $RELEASE_VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then RELEASE_IS_STABLE="1" else RELEASE_IS_STABLE="0" fi ### Check that release dirs and files do not exists if [ -e $FILE_RELEASE ]; then echo "ERROR: Release file already exists: $FILE_RELEASE" exit 10 fi if [ -e $FILE_RELEASE_MD5 ]; then echo "ERROR: Release MD5 file already exists: $FILE_RELEASE_MD5" exit 10 fi if [ -e $FILE_RELEASE_SHA1 ]; then echo "ERROR: Release SHA1 file already exists: $FILE_RELEASE_SHA1" exit 10 fi if [ -e $FILE_RELEASE_SIZE ]; then echo "ERROR: Release SIZE file already exists: $FILE_RELEASE_SIZE" exit 10 fi ### Check if we can connect to SSH host echo "SSH TEST: Checking SSH connectivity for final release tarball upload." echo "SSH TEST: If you are promted for account password (not private key password), it does not work." echo "SSH TEST: If that happens, just hit CTRL+C and fix the problem before trying publish a release." ssh $PUBLIC_DL_SSH_HOST true if [ "$?" != "0" ]; then echo "ERROR: Failed to test-connect to the $PUBLIC_DL_SSH_HOST via SSH. Aborting." fi ### Remember current git branch GIT_BRANCH_CUR=`git rev-parse --abbrev-ref HEAD` ### Checkout git checkout $RELEASE_TAG ### Check for release in configure.ac RES=`cat configure.ac | fgrep $RELEASE_VERSION | cat` if [ "x$RES" == "x" ]; then echo "ERROR: Release tag $RELEASE_TAG not found in configure.ac file." exit 20 fi ### Check for release in ChangeLog RES=`cat ChangeLog | grep "$RELEASE_VERSION\$" | cat` if [ "x$RES" == "x" ]; then echo "ERROR: Release version $RELEASE_VERSION not found in ChangeLog file." exit 20 fi ### Check for release in README.md RES=`cat README.md | grep snoopy-$RELEASE_VERSION\.t | cat` if [ "x$RES" == "x" ]; then echo "ERROR: Release version $RELEASE_VERSION not found in README.md file." exit 20 fi ### Create release package ./bootstrap.sh && ./configure && make clean && make dist && ### Checkout back master branch git checkout $GIT_BRANCH_CUR && ### Create package md5sum $FILENAME_RELEASE > $FILE_RELEASE_MD5 && sha1sum $FILENAME_RELEASE > $FILE_RELEASE_SHA1 && wc -c $FILENAME_RELEASE > $FILE_RELEASE_SIZE && # These two are used by snoopy-install.sh script echo "$RELEASE_VERSION" > $FILE_LATEST_VERSION && echo "$FILENAME_RELEASE" > $FILE_LATEST_PACKAGE_FILENAME && ### Upload release files echo && echo "RELEASING: Uploading release package files to http://source.a2o.si/download/snoopy/..." && echo && scp \ $FILE_RELEASE \ $FILE_RELEASE_MD5 \ $FILE_RELEASE_SHA1 \ $FILE_RELEASE_SIZE \ $PUBLIC_DL_SSH_HOST:$PUBLIC_DL_SSH_PATH \ && echo && ### If stable release, update latest stable package version metadata if [ "$RELEASE_IS_STABLE" == "1" ]; then echo "RELEASING: This is a stable release." && echo "RELEASING: Updating files that indicate latest package version..." && echo && scp \ $FILE_LATEST_VERSION \ $FILE_LATEST_PACKAGE_FILENAME \ $PUBLIC_DL_SSH_HOST:$PUBLIC_DL_SSH_PATH \ && ssh $PUBLIC_DL_SSH_HOST \ ln -sf $FILENAME_RELEASE $PUBLIC_DL_SSH_PATH/snoopy-latest.tar.gz else echo "RELEASING: This is NOT a stable release." && echo "RELEASING: Skipped updating files that indicate latest package version." echo fi && echo && echo "COMPLETE: $RELEASE_TAG has been released." && echo "DL URI: $PUBLIC_DL_URI_PREFIX/$FILENAME_RELEASE" && echo ### Push code and tags to GitHub # # Doing this once with --tags argument only does not push actual code, only tags # echo && echo "RELEASING: Pushing code and tags to GitHub..." && echo && git push $PUBLIC_GIT_REMOTE_NAME && git push $PUBLIC_GIT_REMOTE_NAME --tags && ### Remove created package files echo && echo "CLEANUP: Running 'make clean'... (output suppressed)" && echo && make clean > /dev/null && ### All done. true snoopy-snoopy-2.3.1/doc/releasing/bin/submit-to-coverity.sh000077500000000000000000000041561253034143600240120ustar00rootroot00000000000000#!/bin/bash ### Configure shell # set -e ### Settings # COVERITY_SETTINGS_FILE="./build/coverity-settings.sh.conf" BUILD_DIR="cov-int" BUILD_FILE_PREFIX="cov-int-snoopy" ### Help function # displayHelp() { echo echo "To automatically submit build to Coverity, some environment variables must be defined:" echo echo "export COVERITY_EMAIL=\"\"" echo "export COVERITY_TOKEN=\"\"" echo "export COVERITY_BUILD_VERSION=\"\"" echo } ### Include Coverity settings file # if [ -f $COVERITY_SETTINGS_FILE ]; then echo "Reading Coverity settings file $COVERITY_SETTINGS_FILE" . $COVERITY_SETTINGS_FILE else echo "Coverity settings file does not exist: $COVERITY_SETTINGS_FILE" fi ### Check if all environmental variables are set # if [ "x$COVERITY_EMAIL" == "x" ]; then echo "ERROR: COVERITY_EMAIL is not set." displayHelp exit 1 fi if [ "x$COVERITY_TOKEN" == "x" ]; then echo "ERROR: COVERITY_TOKEN is not set." displayHelp exit 1 fi if [ "x$COVERITY_BUILD_VERSION" == "x" ]; then echo "ERROR: COVERITY_BUILD_VERSION is not set." displayHelp exit 1 fi if ! which cov-build; then echo "ERROR: Unable to find cov-build." echo echo "export PATH=/path/to/cov-analysis-linux64-a.b.c/bin:\$PATH" echo displayHelp exit 1 fi ### Create build first # # Clean ./bootstrap.sh ./configure make distclean # Configure for real ./configure \ --enable-config-file \ --enable-filtering rm -rf $BUILD_DIR mkdir -p $BUILD_DIR cov-build \ --dir=$BUILD_DIR \ make tar \ -c -z \ -f ${BUILD_FILE_PREFIX}-${COVERITY_BUILD_VERSION}.tar.gz \ $BUILD_DIR ### Submit to Coverity # curl \ --form email="$COVERITY_EMAIL" \ --form token="$COVERITY_TOKEN" \ --form version="$COVERITY_VERSION" \ --form description="$COVERITY_DESCRIPTION" \ --form file=@${BUILD_FILE_PREFIX}-${COVERITY_BUILD_VERSION}.tar.gz \ https://scan.coverity.com/builds?project=Snoopy+Logger ### Tell the user what has been done # echo echo "Submitted file to Coverity: ${BUILD_FILE_PREFIX}-${COVERITY_BUILD_VERSION}.tar.gz" echo "All done." echo snoopy-snoopy-2.3.1/etc/000077500000000000000000000000001253034143600151455ustar00rootroot00000000000000snoopy-snoopy-2.3.1/etc/Makefile.am000066400000000000000000000027601253034143600172060ustar00rootroot00000000000000include $(top_srcdir)/build/Makefile.am.common AUTOMAKE_OPTIONS = foreign subdir-objects ACLOCAL_AMFLAGS = -I build/m4 if CONFIG_FILE_ENABLED install-exec-local: if [ ! -f $(DESTDIR)$(sysconfdir)/snoopy.ini ]; then \ echo ; \ echo "Installing configuration file: $(DESTDIR)$(sysconfdir)/snoopy.ini" ; \ echo ; \ if [ ! -e $(DESTDIR)$(sysconfdir) ]; then \ install -d $(DESTDIR)$(sysconfdir) ; \ fi ; \ install -m 644 snoopy.ini $(DESTDIR)$(sysconfdir)/snoopy.ini ; \ else \ if diff -u snoopy.ini $(DESTDIR)$(sysconfdir)/snoopy.ini; then \ echo ; \ echo "No changes to configuration file are required: $(DESTDIR)$(sysconfdir)/snoopy.ini" ; \ echo ; \ else \ install -m 644 snoopy.ini $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ; \ echo ; \ echo "Existing config file: $(DESTDIR)$(sysconfdir)/snoopy.ini" ; \ echo " New config file: $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW" ; \ echo ; \ echo "WARNING: CONFIGURATION FILE CHANGES NEED MANUAL REVIEW" ; \ echo ; \ fi ; \ fi ; \ if [ -f $(DESTDIR)$(sysconfdir)/snoopy.ini ]; then \ if [ -x $(DESTDIR)$(sysconfdir)/snoopy.ini ]; then \ chmod 644 $(DESTDIR)$(sysconfdir)/snoopy.ini ; \ fi ; \ fi ; \ if [ -f $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ]; then \ if [ -x $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ]; then \ chmod 644 $(DESTDIR)$(sysconfdir)/snoopy.ini.NEW ; \ fi ; \ fi ; endif snoopy-snoopy-2.3.1/etc/snoopy.ini.in000066400000000000000000000170171253034143600176100ustar00rootroot00000000000000;;; REQUIRED Section ; [snoopy] ;;; Log Message Format specification ; ; May consist of: ; - arbitrary text, which is copied to log message as-is, ; - calls to data sources without arguments: %{datasourcename} ; - calls to data sources with argument : %{datasourcename:arg1} ; - calls to data sources with arguments: %{datasourcename:arg1,arg2} <--- if data source supports it ; ; List of available data sources: ; - %{cmdline} ; (available=@enable_datasource_cmdline@) Full command line, with arguments ; - %{cwd} ; (available=@enable_datasource_cwd@) Current working directory ; - %{datetime} ; (available=@enable_datasource_datetime@) Date and time in ISO 8601 format ; - %{egid} ; (available=@enable_datasource_egid@) Effective gid that executed the command ; - %{egroup} ; (available=@enable_datasource_egroup@) Effective group name that executed the command ; - %{env:VAR} ; (available=@enable_datasource_env@) Environmental variable named 'VAR' ; - %{env_all} ; (available=@enable_datasource_env_all@) All environmental varibles, comma separated ; - %{euid} ; (available=@enable_datasource_euid@) Effective uid that executed the command ; - %{eusername} ; (available=@enable_datasource_eusername@) Effective username that executed the command ; - %{filename} ; (available=@enable_datasource_filename@) Full path to executable ; - %{gid} ; (available=@enable_datasource_gid@) Group id that executed the command ; - %{group} ; (available=@enable_datasource_group@) Group name that executed the command ; - %{login} ; (available=@enable_datasource_login@) Login name (tries getlogin_r() first, then SUDO_USER env variabe, and LOGNAME env as last resort) ; - %{pid} ; (available=@enable_datasource_pid@) ID of process that executed the command ; - %{ppid} ; (available=@enable_datasource_ppid@) Parent process ID of process that executed the command ; - %{rpname} ; (available=@enable_datasource_rpname@) Root process name of process that executed the command ; - %{sid} ; (available=@enable_datasource_sid@) Process id of session group process leader ; - %{snoopy_version} ; (available=@enable_datasource_snoopy_version@) Snoopy version ; - %{timestamp} ; (available=@enable_datasource_timestamp@) Current Unix timestamp ; - %{timestamp_ms} ; (available=@enable_datasource_timestamp_ms@) Millisecond part of current Unix timestamp ; - %{timestamp_us} ; (available=@enable_datasource_timestamp_us@) Microsecond part of current Unix timestamp ; - %{tty} ; (available=@enable_datasource_tty@) Which TTY the command was run on ; - %{tty_uid} ; (available=@enable_datasource_tty_uid@) TTY uid ; - %{tty_username} ; (available=@enable_datasource_tty_username@) TTY username ; - %{uid} ; (available=@enable_datasource_uid@) User id that executed the command ; - %{username} ; (available=@enable_datasource_username@) Username that executed the command ; ; Availability (yes/no): ; This flag signifies whether this build of Snoopy has particular data source ; built-in or not. If particular data source is not available and its use is ; desired, then Snoopy must be rebuilt with flags that enable given data ; source. ; ; Default value: ; "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" ; ; Example: ;message_format = "useless static log entry that gets logged on every program execution" ;message_format = "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" ;;; Filter Chain specification ; ; Must comply with the following rules: ; - one or more filters may be specified, separated by semicolon, ; - each filter may contain argument that follows the colon, ; - filter may accept multiple arguments, separated by comma, ; - filter chain must not contain any spaces (allowed in filter arguments, but generally discouraged). ; ; List of available filters: ; - exclude_spawns_of ; (available=@enable_filter_exclude_spawns_of@) Exclude log entries that occur in specified process trees ; - exclude_uid ; (available=@enable_filter_exclude_uid@) Exclude these UIDs from logging ; - only_root ; (available=@enable_filter_only_root@) Only log root commands ; - only_uid ; (available=@enable_filter_only_uid@) Only log commands executed by these UIDs ; ; Availability (yes/no): ; This flag signifies whether this build of Snoopy has particular filter ; built-in or not. If particular filter is not available and its use is ; desired, then Snoopy must be rebuilt with flags that enable given filter. ; ; Sample definitions with explanations: ; - filter_chain = "exclude_uid:0" # Log all commands, except the ones executed by root ; - filter_chain = "exclude_uid:1,2,3" # Log all commands, except those executed by users with UIDs 1, 2 and 3 ; - filter_chain = "only_uid:0" # Log only root commands ; - filter_chain = "exclude_spawns_of:cron,my_daemon" # Do not log commands spawned by cron or my_daemon ; - filter_chain = "filter1:arg11;filter2:arg21,arg22;filter3:arg31,32,33" ; ; Default value: ; "" (empty string) ; ; Examples: ;filter_chain = "" ;filter_chain = "only_uid:0" ;filter_chain = "only_uid:10000" ;filter_chain = "exclude_uid:0" ;;; Output ; ; Where messages get sent to ; ; List of available outputs: ; - devlog ; (available=@enable_output_devlog@) Default, writes directly to /dev/log. ; - file ; (available=@enable_output_file@) Write directly to file. ; - socket ; (available=@enable_output_socket@) Built-in output. As argument it requires an absolute path of socket to write to. ; - syslog ; (available=@enable_output_syslog@) Previuosly-default (WARNING: DO NOT USE syslog OUTPUT WITH systemd - IT WILL HANG YOUR SYSTEM ON BOOT) ; ; Availability (yes/no): ; This flag signifies whether this build of Snoopy has particular output ; built-in or not. If particular output is not available and its use is ; desired, then Snoopy must be rebuilt with flags that enable given output. ; ; List of outputs pending implementation (patches welcome!): ; - console ; TODO ; - journald ; TODO ; ; Default value: ; devlog ; (previously 'syslog' was default value, but due to systemd issues default was changed) ; (to raw device writing as syslogd blocks syslog() calls if journald is not running) ; ; Example: ;output = console ;output = devlog ;output = file:/var/log/snoopy.log ;output = socket:/var/run/socket-for-snoopy.sock ;;; Error Logging ; ; Whether to log error messages or not. ; This should generally be disabled, as it may generate lots of error logs. ; ; The most appropriate usage of this parameter is when: ; - you are developing new data source ; - you are trying to configure message format and are having problems with it ; ; Default value: ; no (unless changed by ./configure --enable-error-logging to yes) ; ; Example: ;error_logging = yes ;;; Syslog Facility ; ; What syslog facility to use. Can be prefixed with 'LOG_'. ; ; Possible values: ; One of AUTH|AUTHPRIV|CRON|DAEMON|FTP|KERN|LOCAL[0-7]|LPR|MAIL|NEWS|SYSLOG|USER|UUCP ; ; Default value: ; LOG_AUTHPRIV (unless changed by ./configure --with-syslog-facility=FACILITY) ; ; Example: ;syslog_facility = LOG_AUTHPRIV ;;; Syslog Level ; ; What syslog level to use. Can be prefixed with 'LOG_'. ; ; Possible values: ; One of EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|DEBUG ; ; Default value: ; LOG_INFO (unless changed by ./configure --with-syslog-level=LEVEL) ; ; Example: ;syslog_level = LOG_INFO snoopy-snoopy-2.3.1/src/000077500000000000000000000000001253034143600151615ustar00rootroot00000000000000snoopy-snoopy-2.3.1/src/Makefile.am000066400000000000000000000024621253034143600172210ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### First process all required subdirs # SUBDIRS = datasource output ### Create main library, but without execve() wrappers # noinst_LTLIBRARIES = \ libsnoopy_no_execve.la libsnoopy_no_execve_la_SOURCES = \ configuration.c \ configuration.h \ error.c \ error.h \ inputdatastorage.c \ inputdatastorage.h \ datasourceregistry.c \ datasourceregistry.h \ log.c \ log.h \ message.c \ message.h \ misc.c \ misc.h \ outputregistry.c \ outputregistry.h \ snoopy.h libsnoopy_no_execve_la_LIBADD = \ datasource/libsnoopy_datasources_all.la \ output/libsnoopy_outputs_all.la # If config file is enabled, build and link these too if CONFIG_FILE_ENABLED SUBDIRS += \ lib libsnoopy_no_execve_la_SOURCES += \ configfile.c \ configfile.h libsnoopy_no_execve_la_LIBADD += \ lib/libiniparser.la endif # If filtering is enabled, add these too if FILTERING_ENABLED SUBDIRS += \ filter libsnoopy_no_execve_la_SOURCES += \ filtering.c \ filtering.h \ filterregistry.c \ filterregistry.h libsnoopy_no_execve_la_LIBADD += \ filter/libsnoopy_filters_all.la endif ### Create main library, whole # lib_LTLIBRARIES = \ libsnoopy.la libsnoopy_la_SOURCES = \ libsnoopy.c libsnoopy_la_LIBADD = \ libsnoopy_no_execve.la snoopy-snoopy-2.3.1/src/configfile.c000066400000000000000000000265001253034143600174350ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: configfile.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "configfile.h" #include "configuration.h" /* * Include iniparser-related resources */ #include "lib/iniparser/src/iniparser.h" /* * snoopy_configfile_load_file * * Description: * Parses INI configuration file and overrides snoopy * configuration with changed values. * * Params: * file Path log INI configuration file * * Return: * int 0 on success, -1 on error openinf file, other int for other errors */ int snoopy_configfile_load ( char *iniFilePath ) { dictionary *ini ; char *confValString; // Temporary query result space int confValInt; // Temporary query result space /* Tell snoopy we are using configuration file */ snoopy_configuration.config_file_path = iniFilePath; /* Parse the INI configuration file first */ ini = iniparser_load(iniFilePath); if (NULL == ini) { // TODO snoopy error handling return -1; } snoopy_configuration.config_file_found = SNOOPY_TRUE; /* Pick out snoopy configuration variables */ confValInt = iniparser_getboolean(ini, "snoopy:error_logging", -1); if (-1 != confValInt) { snoopy_configuration.error_logging_enabled = confValInt; } confValString = iniparser_getstring(ini, "snoopy:message_format", NULL); if (NULL != confValString) { snoopy_configuration.message_format = strdup(confValString); snoopy_configuration.message_format_malloced = SNOOPY_TRUE; } confValString = iniparser_getstring(ini, "snoopy:filter_chain", NULL); if (NULL != confValString) { snoopy_configuration.filter_chain = strdup(confValString); snoopy_configuration.filter_chain_malloced = SNOOPY_TRUE; } confValString = iniparser_getstring(ini, "snoopy:output", NULL); if (NULL != confValString) { snoopy_configfile_parse_output(confValString); } confValString = iniparser_getstring(ini, "snoopy:syslog_facility", NULL); if (NULL != confValString) { snoopy_configfile_parse_syslog_facility(confValString); } confValString = iniparser_getstring(ini, "snoopy:syslog_level", NULL); if (NULL != confValString) { snoopy_configfile_parse_syslog_level(confValString); } /* Housekeeping */ snoopy_configuration.config_file_parsed = SNOOPY_TRUE; // We have sucessfully parsed configuration file iniparser_freedict(ini); return 0; } /* * snoopy_configfile_parse_output * * Description: * Parses configuration setting syslog_output and * sets appropriate internal configuration variable(s). * Uses default setting if unknown value. * * Params: * confVal Value from configuration file * * Return: * void */ void snoopy_configfile_parse_output ( char *confValOrig ) { char *confVal; char *outputName; char *outputArg; // Do not assign null to it explicitly, as you get "Explicit null dereference" Coverity error. // If you do not assign it, Coverity complains with "Uninitialized pointer read". char *saveptr1 = ""; // First clone the config value, as it gets freed by iniparser confVal = strdup(confValOrig); // Check if configured value contains argument(s) if (NULL == strchr(confVal, ':')) { outputName = confVal; snoopy_configuration.output_arg = ""; snoopy_configuration.output_arg_malloced = SNOOPY_FALSE; outputArg = ""; } else { // Separate output name from its arguments outputName = strtok_r(confVal, ":", &saveptr1); outputArg = strtok_r(NULL , ":", &saveptr1); // THINK What if conf.output_arg was set in previous call to this function, // and is already malloced? We need to detect that and free previous // allocation. snoopy_configuration.output_arg = strdup(outputArg); snoopy_configuration.output_arg_malloced = SNOOPY_TRUE; } // Determine output name if (strcmp(outputName, SNOOPY_OUTPUT_DEVLOG) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_DEVLOG; } else if (strcmp(outputName, SNOOPY_OUTPUT_FILE ) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_FILE; } else if (strcmp(outputName, SNOOPY_OUTPUT_SOCKET) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_SOCKET; } else if (strcmp(outputName, SNOOPY_OUTPUT_SYSLOG) == 0) { snoopy_configuration.output = SNOOPY_OUTPUT_SYSLOG; } else { snoopy_configuration.output = SNOOPY_OUTPUT_DEFAULT; } // Housekeeping free(confVal); } /* * snoopy_configfile_parse_syslog_facility * * Description: * Parses configuration setting syslog_facility and * sets appropriate config variable. * Uses default setting if unknown value. * * Params: * confVal Value from configuration file * * Return: * void */ void snoopy_configfile_parse_syslog_facility ( char *confVal ) { char *confValCleaned; // First cleanup the value confValCleaned = snoopy_configfile_syslog_value_cleanup(confVal); // Evaluate and set configuration flag if (strcmp(confValCleaned, "AUTH") == 0) { snoopy_configuration.syslog_facility = LOG_AUTH; } else if (strcmp(confValCleaned, "AUTHPRIV") == 0) { snoopy_configuration.syslog_facility = LOG_AUTHPRIV; } else if (strcmp(confValCleaned, "CRON") == 0) { snoopy_configuration.syslog_facility = LOG_CRON; } else if (strcmp(confValCleaned, "DAEMON") == 0) { snoopy_configuration.syslog_facility = LOG_DAEMON; } else if (strcmp(confValCleaned, "FTP") == 0) { snoopy_configuration.syslog_facility = LOG_FTP; } else if (strcmp(confValCleaned, "KERN") == 0) { snoopy_configuration.syslog_facility = LOG_KERN; } else if (strcmp(confValCleaned, "LOCAL0") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL0; } else if (strcmp(confValCleaned, "LOCAL1") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL1; } else if (strcmp(confValCleaned, "LOCAL2") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL2; } else if (strcmp(confValCleaned, "LOCAL3") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL3; } else if (strcmp(confValCleaned, "LOCAL4") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL4; } else if (strcmp(confValCleaned, "LOCAL5") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL5; } else if (strcmp(confValCleaned, "LOCAL6") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL6; } else if (strcmp(confValCleaned, "LOCAL7") == 0) { snoopy_configuration.syslog_facility = LOG_LOCAL7; } else if (strcmp(confValCleaned, "LPR") == 0) { snoopy_configuration.syslog_facility = LOG_LPR; } else if (strcmp(confValCleaned, "MAIL") == 0) { snoopy_configuration.syslog_facility = LOG_MAIL; } else if (strcmp(confValCleaned, "NEWS") == 0) { snoopy_configuration.syslog_facility = LOG_NEWS; } else if (strcmp(confValCleaned, "SYSLOG") == 0) { snoopy_configuration.syslog_facility = LOG_SYSLOG; } else if (strcmp(confValCleaned, "USER") == 0) { snoopy_configuration.syslog_facility = LOG_USER; } else if (strcmp(confValCleaned, "UUCP") == 0) { snoopy_configuration.syslog_facility = LOG_UUCP; } else { snoopy_configuration.syslog_facility = SNOOPY_SYSLOG_FACILITY; } } /* * snoopy_configfile_parse_syslog_level * * Description: * Parses configuration setting syslog_level and * sets appropriate config variable. * Uses default setting if unknown value. * * Params: * confVal Value from configuration file * * Return: * void */ void snoopy_configfile_parse_syslog_level ( char *confVal ) { char *confValCleaned; // First cleanup the value confValCleaned = snoopy_configfile_syslog_value_cleanup(confVal); // Evaluate and set configuration flag if (strcmp(confValCleaned, "EMERG") == 0) { snoopy_configuration.syslog_level = LOG_EMERG; } else if (strcmp(confValCleaned, "ALERT") == 0) { snoopy_configuration.syslog_level = LOG_ALERT; } else if (strcmp(confValCleaned, "CRIT") == 0) { snoopy_configuration.syslog_level = LOG_CRIT; } else if (strcmp(confValCleaned, "ERR") == 0) { snoopy_configuration.syslog_level = LOG_ERR; } else if (strcmp(confValCleaned, "WARNING") == 0) { snoopy_configuration.syslog_level = LOG_WARNING; } else if (strcmp(confValCleaned, "NOTICE") == 0) { snoopy_configuration.syslog_level = LOG_NOTICE; } else if (strcmp(confValCleaned, "INFO") == 0) { snoopy_configuration.syslog_level = LOG_INFO; } else if (strcmp(confValCleaned, "DEBUG") == 0) { snoopy_configuration.syslog_level = LOG_DEBUG; } else { snoopy_configuration.syslog_level = SNOOPY_SYSLOG_LEVEL; } } /* * snoopy_configfile_syslog_value_cleanup * * Description: * Convert existing string to upper case, and remove LOG_ prefix * * Params: * confVal Pointer to string to change and to be operated on * * Return: * char * Pointer to cleaned string (either the same as initial argument, * or 4 characters advanced, to remove LOG_ prefix */ char *snoopy_configfile_syslog_value_cleanup (char *confVal) { char *confValCleaned; // Initialize - just in case confValCleaned = confVal; // Convert to upper case snoopy_configfile_strtoupper(confVal); // Remove LOG_ prefix confValCleaned = snoopy_configfile_syslog_value_remove_prefix(confVal); return confValCleaned; } /* * snoopy_configfile_syslog_value_remove_prefix * * Description: * Remove the LOG_ prefix, return pointer to new string (either equal * or +4 chars advanced) * * Params: * string Pointer to string to remove LOG_ prefix * * Return: * char * Pointer to non LOG_ part of the string */ char *snoopy_configfile_syslog_value_remove_prefix (char *confVal) { if (0 == strncmp(confVal, "LOG_", 4)) { return confVal+4; } else { return confVal; } } /* * snoopy_configfile_strtoupper * * Description: * Convert existing string to upper case * * Params: * string Pointer to string to change and to be operated on * * Return: * void */ void snoopy_configfile_strtoupper (char *s) { while (*s) { if ((*s >= 'a' ) && (*s <= 'z')) { *s -= ('a'-'A'); } s++; } } snoopy-snoopy-2.3.1/src/configfile.h000066400000000000000000000024221253034143600174370ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: configfile.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Functions to load/parse config file */ int snoopy_configfile_load (char *iniFilePath); void snoopy_configfile_parse_output (char *confVal); void snoopy_configfile_parse_syslog_facility (char *confVal); void snoopy_configfile_parse_syslog_level (char *confVal); char *snoopy_configfile_syslog_value_cleanup (char *confVal); char *snoopy_configfile_syslog_value_remove_prefix (char *confVal); void snoopy_configfile_strtoupper (char *s); snoopy-snoopy-2.3.1/src/configuration.c000066400000000000000000000125531253034143600202020ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: configuration.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "configuration.h" /* * Include configfile-related resources */ #ifdef SNOOPY_CONFIG_FILE #include "configfile.h" #endif /* * Storage of snoopy configuration, with default values */ snoopy_configuration_type snoopy_configuration = { .initialized = SNOOPY_TRUE, #ifdef SNOOPY_CONFIG_FILE .config_file_enabled = SNOOPY_TRUE, #else .config_file_enabled = SNOOPY_FALSE, #endif .config_file_path = "", .config_file_found = SNOOPY_FALSE, .config_file_parsed = SNOOPY_FALSE, #ifdef SNOOPY_ERROR_LOGGING_ENABLED .error_logging_enabled = SNOOPY_TRUE, #else .error_logging_enabled = SNOOPY_FALSE, #endif .message_format = SNOOPY_LOG_MESSAGE_FORMAT, .message_format_malloced = SNOOPY_FALSE, #ifdef SNOOPY_FILTERING_ENABLED .filtering_enabled = SNOOPY_TRUE, #else .filtering_enabled = SNOOPY_FALSE, #endif .filter_chain = SNOOPY_FILTER_CHAIN, .filter_chain_malloced = SNOOPY_FALSE, .output = SNOOPY_OUTPUT_DEFAULT, .output_arg = SNOOPY_OUTPUT_DEFAULT_ARG, .output_arg_malloced = SNOOPY_FALSE, .syslog_facility = SNOOPY_CONF_SYSLOG_FACILITY, .syslog_level = SNOOPY_CONF_SYSLOG_LEVEL, }; /* * snoopy_configuration_ctor * * Description: * Populates snoopy_configuration config variable storage with * correct values, either from configuration file (if enabled) * or from ./configure arguments, or defaults are used as last * case scenario. * * Params: * (none) * * Return: * void */ void snoopy_configuration_ctor () { /* Parse INI file if enabled */ #ifdef SNOOPY_CONFIG_FILE snoopy_configfile_load(SNOOPY_CONFIG_FILE); #endif } /* * snoopy_configuration_dtor * * Description: * Frees all configuration-related malloced resources, and sets * corresponding config settings back to their default values. * * Params: * (none) * * Return: * void */ void snoopy_configuration_dtor () { /* * Reset config setting: message_format */ if (SNOOPY_TRUE == snoopy_configuration.message_format_malloced) { free(snoopy_configuration.message_format); /* * Set this to false - REQUIRED * * This needs to be done as a special condition can occur at boot/shutdown: * - snoopy is loaded when snoopy.ini is visible (mounted, present) * - snoopy parses it, and sets message_format and ..._malloced to TRUE * - on shutdown, snoopy.ini might disappear * - snoopy_configuration_ctor() tries to parse config file, and as it is * not found, it does no alteration of snoopy_configuraton struct * - snoopy_configuration.message_format_malloced is left set to TRUE * - when snoopy_configuration_dtor() is called, it tries to free the * const char[] that contains the compiled-in message format */ snoopy_configuration.message_format_malloced = SNOOPY_FALSE; /* * Set this to default value - REQUIRED * * Otherwise on next Snoopy run there will be no message format defined, * which would in best-case scenario cause no snoopy output, but in * worst-case scenarion there would be a segfault and possible system * crash. */ snoopy_configuration.message_format = SNOOPY_LOG_MESSAGE_FORMAT; } /* * Reset config setting: filter_chain */ if (SNOOPY_TRUE == snoopy_configuration.filter_chain_malloced) { free(snoopy_configuration.filter_chain); /* Set this to false - REQUIRED (see above) */ snoopy_configuration.filter_chain_malloced = SNOOPY_FALSE; /* Set this to default value - REQUIRED (see above) */ snoopy_configuration.filter_chain = SNOOPY_FILTER_CHAIN; } /* * Reset config setting: output */ if (SNOOPY_TRUE == snoopy_configuration.output_arg_malloced) { free(snoopy_configuration.output_arg); /* Set this to false - REQUIRED (see above) */ snoopy_configuration.output_arg_malloced = SNOOPY_FALSE; /* Set this to default value - REQUIRED (see above) */ snoopy_configuration.output = SNOOPY_OUTPUT_DEFAULT; snoopy_configuration.output_arg = SNOOPY_OUTPUT_DEFAULT_ARG; } } snoopy-snoopy-2.3.1/src/configuration.h000066400000000000000000000030371253034143600202040ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: configuration.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Array holding snoopy configuration data in one place */ typedef struct { int initialized; int config_file_enabled; char *config_file_path; int config_file_found; int config_file_parsed; int error_logging_enabled; char *message_format; int message_format_malloced; int filtering_enabled; char *filter_chain; int filter_chain_malloced; char *output; char *output_arg; int output_arg_malloced; int syslog_facility; int syslog_level; } snoopy_configuration_type; extern snoopy_configuration_type snoopy_configuration; /* * Functions to manage and utilise configuration */ void snoopy_configuration_ctor (); void snoopy_configuration_dtor (); snoopy-snoopy-2.3.1/src/datasource/000077500000000000000000000000001253034143600173135ustar00rootroot00000000000000snoopy-snoopy-2.3.1/src/datasource/Makefile.am000066400000000000000000000071761253034143600213620ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### Include # AM_CFLAGS += -I$(top_srcdir)/src ### Create one library with all snoopy data sources collected in it # noinst_LTLIBRARIES = libsnoopy_datasources_all.la ### Data sources collection is made of the following files # # Please maintain alphabetical order, equal to what `ls` would do. # libsnoopy_datasources_all_la_SOURCES = # Data source: cmdline # if DATASOURCE_ENABLED_cmdline libsnoopy_datasources_all_la_SOURCES += \ cmdline.c \ cmdline.h endif # Data source: cwd # if DATASOURCE_ENABLED_cwd libsnoopy_datasources_all_la_SOURCES += \ cwd.c \ cwd.h endif # Data source: datetime # if DATASOURCE_ENABLED_datetime libsnoopy_datasources_all_la_SOURCES += \ datetime.c \ datetime.h endif # Data source: egid # if DATASOURCE_ENABLED_egid libsnoopy_datasources_all_la_SOURCES += \ egid.c \ egid.h endif # Data source: egroup # if DATASOURCE_ENABLED_egroup libsnoopy_datasources_all_la_SOURCES += \ egroup.c \ egroup.h endif # Data source: env # if DATASOURCE_ENABLED_env libsnoopy_datasources_all_la_SOURCES += \ env.c \ env.h endif # Data source: env_all # if DATASOURCE_ENABLED_env_all libsnoopy_datasources_all_la_SOURCES += \ env_all.c \ env_all.h endif # Data source: euid # if DATASOURCE_ENABLED_euid libsnoopy_datasources_all_la_SOURCES += \ euid.c \ euid.h endif # Data source: eusername # if DATASOURCE_ENABLED_eusername libsnoopy_datasources_all_la_SOURCES += \ eusername.c \ eusername.h endif # Data source: filename # if DATASOURCE_ENABLED_filename libsnoopy_datasources_all_la_SOURCES += \ filename.c \ filename.h endif # Data source: gid # if DATASOURCE_ENABLED_gid libsnoopy_datasources_all_la_SOURCES += \ gid.c \ gid.h endif # Data source: group # if DATASOURCE_ENABLED_group libsnoopy_datasources_all_la_SOURCES += \ group.c \ group.h endif # Data source: login # if DATASOURCE_ENABLED_login libsnoopy_datasources_all_la_SOURCES += \ login.c \ login.h endif # Data source: pid # if DATASOURCE_ENABLED_pid libsnoopy_datasources_all_la_SOURCES += \ pid.c \ pid.h endif # Data source: ppid # if DATASOURCE_ENABLED_ppid libsnoopy_datasources_all_la_SOURCES += \ ppid.c \ ppid.h endif # Data source: rpname # if DATASOURCE_ENABLED_rpname libsnoopy_datasources_all_la_SOURCES += \ rpname.c \ rpname.h endif # Data source: sid # if DATASOURCE_ENABLED_sid libsnoopy_datasources_all_la_SOURCES += \ sid.c \ sid.h endif # Data source: snoopy_version # if DATASOURCE_ENABLED_snoopy_version libsnoopy_datasources_all_la_SOURCES += \ snoopy_version.c \ snoopy_version.h endif # Data source: timestamp # if DATASOURCE_ENABLED_timestamp libsnoopy_datasources_all_la_SOURCES += \ timestamp.c \ timestamp.h endif # Data source: timestamp_ms # if DATASOURCE_ENABLED_timestamp_ms libsnoopy_datasources_all_la_SOURCES += \ timestamp_ms.c \ timestamp_ms.h endif # Data source: timestamp_us # if DATASOURCE_ENABLED_timestamp_us libsnoopy_datasources_all_la_SOURCES += \ timestamp_us.c \ timestamp_us.h endif # Data source: tty # if DATASOURCE_ENABLED_tty libsnoopy_datasources_all_la_SOURCES += \ tty.c \ tty.h endif # Data source: tty_uid # if DATASOURCE_ENABLED_tty_uid libsnoopy_datasources_all_la_SOURCES += \ tty_uid.c \ tty_uid.h endif # Data source: tty_username # if DATASOURCE_ENABLED_tty_username libsnoopy_datasources_all_la_SOURCES += \ tty_username.c \ tty_username.h endif # Data source: uid # if DATASOURCE_ENABLED_uid libsnoopy_datasources_all_la_SOURCES += \ uid.c \ uid.h endif # Data source: username # if DATASOURCE_ENABLED_username libsnoopy_datasources_all_la_SOURCES += \ username.c \ username.h endif snoopy-snoopy-2.3.1/src/datasource/cmdline.c000066400000000000000000000054741253034143600211040ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/cmdline.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: cmdline * * Description: * Returns command line of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include "inputdatastorage.h" #include #include #include /* Helper */ #define min(a,b) a= cmdLineSizeRet) { break; } n += snprintf(cmdLine+n, cmdLineSizeRet-n, "%s", snoopy_inputdatastorage_argv[i]); if (n >= cmdLineSizeRet) { break; } cmdLine[n] = ' '; n++; } /* * Conclude string - add \0 at the end * - if last character is space * - or if last character is ordinary character from incompletely copied argument */ n--; cmdLine[n] = '\0'; /* Copy the result to the string pointed by return pointer */ snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", cmdLine); free(cmdLine); return cmdLineSizeRet; } snoopy-snoopy-2.3.1/src/datasource/cmdline.h000066400000000000000000000016361253034143600211050ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/cmdline.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: cmdline */ int snoopy_datasource_cmdline (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/cwd.c000066400000000000000000000025511253034143600202370ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/cwd.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: cwd * * Description: * Returns current working directory of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_cwd (char *result, char *arg) { char cwdBuf[PATH_MAX+1]; if (getcwd(cwdBuf, PATH_MAX+1)) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", cwdBuf); } return -1; } snoopy-snoopy-2.3.1/src/datasource/cwd.h000066400000000000000000000016221253034143600202420ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/cwd.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: cwd */ int snoopy_datasource_cwd (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/datetime.c000066400000000000000000000036441253034143600212620ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/datetime.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: datetime * * Description: * Returns current date and time in ISO 8601 forma. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_datetime (char *result, char *arg) { time_t curTime; struct tm *curLocalTime; char timeBuffer[80]; // Get current time if ((time_t) -1 == time(&curTime)) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error @ time(): %d)", errno); } // Convert to local time curLocalTime = localtime( &curTime); if (NULL == curLocalTime) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error @ localtime())"); } // Format it if (0 == strftime(timeBuffer, 80, "%FT%T%z", curLocalTime)) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error @ strftime())"); } // Copy it return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", timeBuffer); } snoopy-snoopy-2.3.1/src/datasource/datetime.h000066400000000000000000000016341253034143600212640ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/datetime.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: datetime */ int snoopy_datasource_datetime (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/egid.c000066400000000000000000000024221253034143600203670ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/egid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: egid * * Description: * Returns effective GID of currently running process * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_egid (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getegid()); } snoopy-snoopy-2.3.1/src/datasource/egid.h000066400000000000000000000016251253034143600204000ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/egid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: egid */ int snoopy_datasource_egid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/egroup.c000066400000000000000000000044371253034143600207700ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/egroup.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: egroup * * Description: * Returns literal effective group name (Group ID) of current process * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include #include #include int snoopy_datasource_egroup (char *result, char *arg) { struct group gr; struct group *gr_gid = NULL; char *buffgr_gid = NULL; size_t buffgrsize_gid = 0; int messageLength = 0; /* Allocate memory */ buffgrsize_gid = sysconf(_SC_GETGR_R_SIZE_MAX); if (-1 == buffgrsize_gid) { buffgrsize_gid = 16384; } buffgr_gid = malloc(buffgrsize_gid); if (NULL == buffgr_gid) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); } /* Try to get data */ if (0 != getgrgid_r(getegid(), &gr, buffgr_gid, buffgrsize_gid, &gr_gid)) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getgrgid_r)"); } else { if (NULL == gr_gid) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); } else { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", gr_gid->gr_name); } } /* Cleanup and return */ free(buffgr_gid); return messageLength; } snoopy-snoopy-2.3.1/src/datasource/egroup.h000066400000000000000000000016331253034143600207700ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/egroup.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: egroup */ int snoopy_datasource_egroup (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/env.c000066400000000000000000000027651253034143600202610ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/env.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: env * * Description: * Returns environmental variable value, if set * * Params: * result: pointer to string, to write result into * arg: which environmental variable to get * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include int snoopy_datasource_env (char *result, char *arg) { char *env = getenv(arg); /* Return empty string if environmental variable does not exist */ if (NULL == env) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); } return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", env); } snoopy-snoopy-2.3.1/src/datasource/env.h000066400000000000000000000016221253034143600202550ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/env.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: env */ int snoopy_datasource_env (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/env_all.c000066400000000000000000000062721253034143600211060ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/env_all.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: env_all * * Description: * Returns all environmental variables * * Params: * result: pointer to string, to write result into * arg: (ignored) - TODO which environmental variables to ignore * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include /* * Use this extenal variable */ extern char **environ; int snoopy_datasource_env_all (char *result, char *arg) { int resultSize = 0; // Current size of message to be returned back - does not include trailing null character // Loop through all environmental variables char *envItem = *environ; // Get first environmental variable int i = 1; for ( ; NULL!=envItem ; i++) { int remResultSize = 0; remResultSize = SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE - resultSize; // Add comma if required - must be still 5 characters available for this (,...\0) if ((i > 1) && (remResultSize >= 5)) { result[resultSize] = ','; result[resultSize+1] = '\0'; resultSize++; remResultSize--; } // TODO Add support for excluding certain environmental variables via *arg // Do we append whole environmental variable, or just part of it? // +3 to account for ... and +1 for null character if (strlen(envItem) + 3 + 1 < remResultSize) { int strSizeCopied = 0; // Append whole ENV variable strSizeCopied = snprintf(&result[resultSize], remResultSize, "%s", envItem); resultSize += strSizeCopied; } else { int strSizeToCopy = 0; // This one includes null char, therefore the actual string length that will be copied is X-1 characters + \0 strSizeToCopy = remResultSize - 3; // -4 to account for "...\0" snprintf(&result[resultSize], strSizeToCopy, "%s", envItem); resultSize += strSizeToCopy - 1; // Account for added \0 at the end - we do not use strSizeCopied here, which already includes it strSizeToCopy = 4; // -4 to account for "...\0" snprintf(&result[resultSize], strSizeToCopy, "..."); resultSize += strSizeToCopy-1; break; } // Get next environmental variable envItem = *(environ+i); } return resultSize; } snoopy-snoopy-2.3.1/src/datasource/env_all.h000066400000000000000000000016311253034143600211050ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/env_all.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: env_all */ int snoopy_datasource_env_all (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/euid.c000066400000000000000000000024111253034143600204030ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/euid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: euid * * Description: * Returns effective UID of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_euid (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", geteuid()); } snoopy-snoopy-2.3.1/src/datasource/euid.h000066400000000000000000000016251253034143600204160ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/euid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: euid */ int snoopy_datasource_euid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/eusername.c000066400000000000000000000044671253034143600214560ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/eusername.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: eusername * * Description: * Returns literal effective user name (User ID) of current process * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include #include #include int snoopy_datasource_eusername (char *result, char *arg) { struct passwd pwd; struct passwd *pwd_uid = NULL; char *buffpwd_uid = NULL; size_t buffpwdsize_uid = 0; int messageLength = 0; /* Allocate memory */ buffpwdsize_uid = sysconf(_SC_GETPW_R_SIZE_MAX); if (-1 == buffpwdsize_uid) { buffpwdsize_uid = 16384; } buffpwd_uid = malloc(buffpwdsize_uid); if (NULL == buffpwd_uid) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); } /* Try to get data */ if (0 != getpwuid_r(geteuid(), &pwd, buffpwd_uid, buffpwdsize_uid, &pwd_uid)) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getpwuid_r)"); } else { if (NULL == pwd_uid) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); } else { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", pwd_uid->pw_name); } } /* Cleanup and return */ free(buffpwd_uid); return messageLength; } snoopy-snoopy-2.3.1/src/datasource/eusername.h000066400000000000000000000016441253034143600214550ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/eusername.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: eusername */ int snoopy_datasource_eusername (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/filename.c000066400000000000000000000024461253034143600212450ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/filename.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: filename * * Description: * Returns filename of program about to be executed * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include "inputdatastorage.h" #include int snoopy_datasource_filename (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", snoopy_inputdatastorage_filename); } snoopy-snoopy-2.3.1/src/datasource/filename.h000066400000000000000000000016411253034143600212460ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/filename.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: filename */ int snoopy_datasource_filename (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/gid.c000066400000000000000000000024271253034143600202270ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/gid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: gid * * Description: * Returns GID (Group ID) number of currently running process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_gid (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getgid()); } snoopy-snoopy-2.3.1/src/datasource/gid.h000066400000000000000000000016221253034143600202300ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/gid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: gid */ int snoopy_datasource_gid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/group.c000066400000000000000000000044201253034143600206130ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/group.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: group * * Description: * Returns literal group name (Group ID) of current process * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include #include #include int snoopy_datasource_group (char *result, char *arg) { struct group gr; struct group *gr_gid = NULL; char *buffgr_gid = NULL; size_t buffgrsize_gid = 0; int messageLength = 0; /* Allocate memory */ buffgrsize_gid = sysconf(_SC_GETGR_R_SIZE_MAX); if (-1 == buffgrsize_gid) { buffgrsize_gid = 16384; } buffgr_gid = malloc(buffgrsize_gid); if(NULL == buffgr_gid) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); } /* Try to get data */ if (0 != getgrgid_r(getgid(), &gr, buffgr_gid, buffgrsize_gid, &gr_gid)) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getgrgid_r)"); } else { if (NULL == gr_gid) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); } else { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", gr_gid->gr_name); } } /* Cleanup and return */ free(buffgr_gid); return messageLength; } snoopy-snoopy-2.3.1/src/datasource/group.h000066400000000000000000000016301253034143600206200ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/group.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: group */ int snoopy_datasource_group (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/login.c000066400000000000000000000050341253034143600205710ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/login.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: login * * Description: * Returns literal login name of logged-in user executing this process * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include #define SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithoutNull 254 #define SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithNull 255 int snoopy_datasource_login (char *result, char *arg) { int loginSizeMaxWithoutNull = SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithoutNull; int loginSizeMaxWithNull = SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithNull; static char login[SNOOPY_DATASOURCE_LOGIN_loginSizeMaxWithNull]; char *loginptr = NULL; /* * Retrive the user login trying in order: * - The login information from the processus. * - the SUDO_USER environment variable. * - the LOGNAME environment variable. * * TIP to use with sudo and keep LOGNAME, add this in /etc/sudoers: * Defaults env_reset * Defaults env_keep="LOGNAME" */ if (0 != getlogin_r(login, loginSizeMaxWithNull)) { loginptr = getenv("SUDO_USER"); if (!loginptr) { loginptr = getenv("LOGNAME"); } if (!loginptr) { strcpy(login, "(unknown)"); } else { strncpy(login, loginptr, loginSizeMaxWithoutNull); // Coverity suggests using -1 size here if (strlen(loginptr) > loginSizeMaxWithoutNull) { login[loginSizeMaxWithoutNull] = '\0'; } } } return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", login); } snoopy-snoopy-2.3.1/src/datasource/login.h000066400000000000000000000016301253034143600205740ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/login.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: login */ int snoopy_datasource_login (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/pid.c000066400000000000000000000024031253034143600202320ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/pid.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: pid * * Description: * Returns PID (process ID) of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_pid (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getpid()); } snoopy-snoopy-2.3.1/src/datasource/pid.h000066400000000000000000000016151253034143600202430ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/pid.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: pid */ int snoopy_datasource_pid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/ppid.c000066400000000000000000000024171253034143600204170ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/ppid.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: ppid * * Description: * Returns PPID (parent process ID) of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_ppid (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getppid()); } snoopy-snoopy-2.3.1/src/datasource/ppid.h000066400000000000000000000016201253034143600204170ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/ppid.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: ppid */ int snoopy_datasource_ppid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/rpname.c000066400000000000000000000124071253034143600207450ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/rpname.c * * Copyright (c) 2015 Ariel Zach * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #define _GNU_SOURCE #include "snoopy.h" #include #include #include #include #include #include #include #define PID_ROOT 1 #define PID_EMPTY 0 #define PROC_PID_STATUS_KEY_NAME "Name" #define PROC_PID_STATUS_KEY_PPID "PPid" #define PROC_PID_STATUS_VAL_MAX_LENGTH NAME_MAX // Pid is max 2^2 (7-digit number), name can be max 255 bytes #define PROC_PID_STATUS_VAL_MAX_LENGTH_STR PROC_PID_STATUS_VAL_MAX_LENGTH + 1 // +1 for null termination #define UNKNOWN_STR "(unknown)" /* Read /proc/{pid}/status file and extract the property */ char* read_proc_property (int pid, char* prop_name) { char pid_file[50]; FILE *fp; char *line = NULL; size_t lineLen = 0; char *k; char *v; size_t vLen = 0; char returnValue[PROC_PID_STATUS_VAL_MAX_LENGTH_STR] = ""; /* Open file or return */ sprintf(pid_file, "/proc/%d/status", pid); fp = fopen(pid_file, "r"); if (NULL == fp) { return NULL; } /* Read line by line */ while (getline(&line, &lineLen, fp) != -1) { /* If line is empty, bail out - no such thing in /proc/PID/status */ if (0 == lineLen) { goto RETURN_FREE_LINE_AND_CLOSE_FILE; } /* * The format must be "prop_name: value". * Otherwise bail out altogether - something must be wrong with this /proc/PID/status file */ if (NULL == strstr(line, ":")) { goto RETURN_FREE_LINE_AND_CLOSE_FILE; } /* * Separate line content into two tokens: key and value * If separation fails, continue to the next line ("Groups:" key is one such example) */ k = strtok(line, ":"); v = strtok(NULL, ":"); if (NULL == v) { continue; } /* The key we are looking for? */ if (strcmp(prop_name, k) == 0) { /* Yes! */ v++; // There is one tab in front of PID number vLen = strlen(v); v[vLen-1] = 0; // Terminate the newline at the end of value vLen--; // Length is now shorter for 1 character /* * Choose string copy mode depending on length of PID * - prevent segfault if sth happens to MAX PID in future */ if (vLen > PROC_PID_STATUS_VAL_MAX_LENGTH) { strncpy(returnValue, v, PROC_PID_STATUS_VAL_MAX_LENGTH); returnValue[PROC_PID_STATUS_VAL_MAX_LENGTH_STR-1] = 0; // Change newline into null character } else { strncpy(returnValue, v, PROC_PID_STATUS_VAL_MAX_LENGTH_STR); } // Do a cleanup and return a string duplicate, which should be freed by the caller free(line); fclose(fp); return strdup(returnValue); } /* * Line is not freed between subsequent iteration as the same buffer is reused * (and realloc()-ed if required) */ } RETURN_FREE_LINE_AND_CLOSE_FILE: /* Only free if this was actually allocated */ if (NULL != line) { free(line); } fclose(fp); return NULL; } /* Get parent pid */ int get_parent_pid (int pid) { char *ppid_str; int ppid_int; ppid_str = read_proc_property(pid, PROC_PID_STATUS_KEY_PPID); if (NULL != ppid_str) { ppid_int = atoi(ppid_str); free(ppid_str); return ppid_int; } return PID_EMPTY; } /* Find root process name */ int get_rpname (int pid, char *result) { int parentPid; char *name; size_t nameLen; parentPid = get_parent_pid(pid); if (PID_ROOT == parentPid) { name = read_proc_property(pid, PROC_PID_STATUS_KEY_NAME); if (NULL != name) { nameLen = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", name); free(name); } else { nameLen = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", UNKNOWN_STR); } return nameLen; } else if (PID_EMPTY == parentPid) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", UNKNOWN_STR); } else { return get_rpname(parentPid, result); } } int snoopy_datasource_rpname (char *result, char *arg) { return get_rpname(getpid(), result); } snoopy-snoopy-2.3.1/src/datasource/rpname.h000066400000000000000000000021111253034143600207410ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/rpname.h * * Copyright (c) 2015 Ariel Zach * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: rpname */ char* trim_whitespace (char *str); char* read_proc_property (int pid, char* prop_name); int get_parent_pid (int pid); void get_rpname (int pid, int result); int snoopy_datasource_rpname (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/sid.c000066400000000000000000000025541253034143600202440ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/sid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: sid * * Description: * Returns SID (Session leader process ID) of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include /* Needed to get getpgid and getsid on older glibc */ #define _XOPEN_SOURCE 500 #include #include int snoopy_datasource_sid (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getsid(0)); } snoopy-snoopy-2.3.1/src/datasource/sid.h000066400000000000000000000016221253034143600202440ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/sid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: sid */ int snoopy_datasource_sid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/snoopy_version.c000066400000000000000000000026051253034143600225560ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/snoopy_version.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: snoopy_version * * Description: * Dummy data source that returns Snoopy version. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include /* Needed to get getpgid and getsid on older glibc */ #define _XOPEN_SOURCE 500 #include #include int snoopy_datasource_snoopy_version (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", SNOOPY_VERSION); } snoopy-snoopy-2.3.1/src/datasource/snoopy_version.h000066400000000000000000000016631253034143600225660ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/snoopy_version.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: snoopy_version */ int snoopy_datasource_snoopy_version (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/timestamp.c000066400000000000000000000027571253034143600214750ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/timestamp.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: timestamp * * Description: * Returns current Unix timestamp. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_timestamp (char *result, char *arg) { struct timeval tv; int retVal; retVal = gettimeofday(&tv, NULL); if (0 == retVal) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%d", (int) tv.tv_sec); } else { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error: %d)", errno); } } snoopy-snoopy-2.3.1/src/datasource/timestamp.h000066400000000000000000000016371253034143600214760ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/timestamp.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: timestamp */ int snoopy_datasource_timestamp (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/timestamp_ms.c000066400000000000000000000030251253034143600221610ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/timestamp_ms.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: timestamp_ms * * Description: * Returns milliseconds part of current Unix timestamp. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_timestamp_ms (char *result, char *arg) { struct timeval tv; int retVal; retVal = gettimeofday(&tv, NULL); if (0 == retVal) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%03d", (int) tv.tv_usec/1000); } else { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error: %d)", errno); } } snoopy-snoopy-2.3.1/src/datasource/timestamp_ms.h000066400000000000000000000016501253034143600221700ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/timestamp_ms.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: timestamp_ms */ int snoopy_datasource_timestamp_ms (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/timestamp_us.c000066400000000000000000000030201253034143600221640ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/timestamp_us.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: timestamp_us * * Description: * Returns milliseconds part of current Unix timestamp. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_timestamp_us (char *result, char *arg) { struct timeval tv; int retVal; retVal = gettimeofday(&tv, NULL); if (0 == retVal) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%06d", (int) tv.tv_usec); } else { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(error: %d)", errno); } } snoopy-snoopy-2.3.1/src/datasource/timestamp_us.h000066400000000000000000000016501253034143600222000ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/timestamp_us.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: timestamp_us */ int snoopy_datasource_timestamp_us (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/tty.c000066400000000000000000000026111253034143600202770ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/tty.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: tty * * Description: * Returns TTY of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include int snoopy_datasource_tty (char *result, char *arg) { char *ttyName = NULL; ttyName = ttyname(0); if (NULL == ttyName) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(none)"); } return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", ttyName); } snoopy-snoopy-2.3.1/src/datasource/tty.h000066400000000000000000000016221253034143600203050ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/tty.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: tty */ int snoopy_datasource_tty (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/tty_uid.c000066400000000000000000000034211253034143600211400ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/tty_uid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: tty_uid * * Description: * Returns UID (User ID) of current controlling terminal, or -1 if not found. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include #include int snoopy_datasource_tty_uid (char *result, char *arg) { char *ttyPath = NULL; struct stat statbuffer; long ttyUid; /* Get tty path */ ttyPath = ttyname(0); if (NULL == ttyPath) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(none)"); } /* Get owner of tty */ if (-1 == stat(ttyPath, &statbuffer)) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(unable to stat() %s)", ttyPath); } ttyUid = statbuffer.st_uid; return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%ld", ttyUid); } snoopy-snoopy-2.3.1/src/datasource/tty_uid.h000066400000000000000000000016361253034143600211530ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/tty_uid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: tty_uid */ int snoopy_datasource_tty_uid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/tty_username.c000066400000000000000000000055731253034143600222100ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/tty_username.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: tty_username * * Description: * Returns litaral username of current controlling terminal * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include #include #include #include int snoopy_datasource_tty_username (char *result, char *arg) { /* Variables for tty-to-uid conversion */ char *ttyPath = NULL; struct stat statbuffer; uid_t ttyUid; /* Variables for uid-to-username conversion */ struct passwd pwd; struct passwd *pwd_uid = NULL; char *buffpwd_uid = NULL; size_t buffpwdsize_uid = 0; int messageLength = 0; /* Get tty path */ ttyPath = ttyname(0); if (NULL == ttyPath) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(none)"); } /* Get UID of tty */ if (-1 == stat(ttyPath, &statbuffer)) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(unable to stat() %s)", ttyPath); } ttyUid = statbuffer.st_uid; /* Allocate memory for pwd structure */ buffpwdsize_uid = sysconf(_SC_GETPW_R_SIZE_MAX); if (-1 == buffpwdsize_uid) { buffpwdsize_uid = 16384; } buffpwd_uid = malloc(buffpwdsize_uid); if (NULL == buffpwd_uid) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); } /* Try to get data */ if (0 != getpwuid_r(ttyUid, &pwd, buffpwd_uid, buffpwdsize_uid, &pwd_uid)) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getpwuid_r)"); } else { if (NULL == pwd_uid) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); } else { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", pwd_uid->pw_name); } } /* Cleanup and return */ free(buffpwd_uid); return messageLength; } snoopy-snoopy-2.3.1/src/datasource/tty_username.h000066400000000000000000000016551253034143600222120ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/tty_username.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: tty_username */ int snoopy_datasource_tty_username (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/uid.c000066400000000000000000000024051253034143600202410ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/uid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: uid * * Description: * Returns UID (User ID) of current process. * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include int snoopy_datasource_uid (char *result, char *arg) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%u", getuid()); } snoopy-snoopy-2.3.1/src/datasource/uid.h000066400000000000000000000016221253034143600202460ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/uid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: uid */ int snoopy_datasource_uid (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasource/username.c000066400000000000000000000044231253034143600213010ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/username.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: username * * Description: * Returns literal username of current process * * Params: * result: pointer to string, to write result into * * Return: * number of characters in the returned string */ #include "snoopy.h" #include #include #include #include #include int snoopy_datasource_username (char *result, char *arg) { struct passwd pwd; struct passwd *pwd_uid = NULL; char *buffpwd_uid = NULL; size_t buffpwdsize_uid = 0; int messageLength = 0; /* Allocate memory */ buffpwdsize_uid = sysconf(_SC_GETPW_R_SIZE_MAX); if (-1 == buffpwdsize_uid) { buffpwdsize_uid = 16384; } buffpwd_uid = malloc(buffpwdsize_uid); if (NULL == buffpwd_uid) { return snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(malloc)"); } /* Try to get data */ if (0 != getpwuid_r(getuid(), &pwd, buffpwd_uid, buffpwdsize_uid, &pwd_uid)) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "ERROR(getpwuid_r)"); } else { if (NULL == pwd_uid) { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "(undefined)"); } else { messageLength = snprintf(result, SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE, "%s", pwd_uid->pw_name); } } /* Cleanup and return */ free(buffpwd_uid); return messageLength; } snoopy-snoopy-2.3.1/src/datasource/username.h000066400000000000000000000016411253034143600213050ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/datasource/username.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY DATA SOURCE: username */ int snoopy_datasource_username (char *result, char *arg); snoopy-snoopy-2.3.1/src/datasourceregistry.c000066400000000000000000000201741253034143600212540ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: datasourceregistry.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include relevant header files */ #include "snoopy.h" #include "datasourceregistry.h" #include /* * Include headers of all datasource functions */ #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline #include "datasource/cmdline.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cwd #include "datasource/cwd.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_datetime #include "datasource/datetime.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egid #include "datasource/egid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egroup #include "datasource/egroup.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env #include "datasource/env.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env_all #include "datasource/env_all.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_euid #include "datasource/euid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_eusername #include "datasource/eusername.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_filename #include "datasource/filename.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_gid #include "datasource/gid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_group #include "datasource/group.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_login #include "datasource/login.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_pid #include "datasource/pid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_ppid #include "datasource/ppid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_rpname #include "datasource/rpname.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_sid #include "datasource/sid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version #include "datasource/snoopy_version.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp #include "datasource/timestamp.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms #include "datasource/timestamp_ms.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us #include "datasource/timestamp_us.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty #include "datasource/tty.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid #include "datasource/tty_uid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username #include "datasource/tty_username.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_uid #include "datasource/uid.h" #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_username #include "datasource/username.h" #endif /* * Two arrays holding data about all data sources */ char *snoopy_datasourceregistry_names[] = { #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline "cmdline", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cwd "cwd", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_datetime "datetime", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egid "egid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egroup "egroup", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env "env", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env_all "env_all", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_euid "euid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_eusername "eusername", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_filename "filename", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_gid "gid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_group "group", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_login "login", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_pid "pid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_ppid "ppid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_rpname "rpname", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_sid "sid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version "snoopy_version", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp "timestamp", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms "timestamp_ms", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us "timestamp_us", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty "tty", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid "tty_uid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username "tty_username", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_uid "uid", #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_username "username", #endif "", }; int (*snoopy_datasourceregistry_ptrs []) (char *result, char *arg) = { #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cmdline snoopy_datasource_cmdline, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_cwd snoopy_datasource_cwd, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_datetime snoopy_datasource_datetime, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egid snoopy_datasource_egid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_egroup snoopy_datasource_egroup, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env snoopy_datasource_env, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_env_all snoopy_datasource_env_all, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_euid snoopy_datasource_euid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_eusername snoopy_datasource_eusername, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_filename snoopy_datasource_filename, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_gid snoopy_datasource_gid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_group snoopy_datasource_group, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_login snoopy_datasource_login, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_pid snoopy_datasource_pid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_ppid snoopy_datasource_ppid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_rpname snoopy_datasource_rpname, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_sid snoopy_datasource_sid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_snoopy_version snoopy_datasource_snoopy_version, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp snoopy_datasource_timestamp, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_ms snoopy_datasource_timestamp_ms, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_timestamp_us snoopy_datasource_timestamp_us, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty snoopy_datasource_tty, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_uid snoopy_datasource_tty_uid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_tty_username snoopy_datasource_tty_username, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_uid snoopy_datasource_uid, #endif #ifdef SNOOPY_CONF_DATASOURCE_ENABLED_username snoopy_datasource_username, #endif }; /* * isRegistered() * * Return true if data source exists, otherwise return false */ int snoopy_datasourceregistry_isRegistered (char *providerName) { if (snoopy_datasourceregistry_getIndex(providerName) == -1) { return SNOOPY_FALSE; } else { return SNOOPY_TRUE; } } /* * getIndex() * * Return index of given data source, or -1 if not found */ int snoopy_datasourceregistry_getIndex (char *providerName) { int i; i = 0; while (strcmp(snoopy_datasourceregistry_names[i], "") != 0) { if (strcmp(snoopy_datasourceregistry_names[i], providerName) == 0) { return i; } i++; } return -1; } /* * call() * * Call the given data source and return its output */ int snoopy_datasourceregistry_call (char *providerName, char *returnMessage, char *providerArg) { int idx; idx = snoopy_datasourceregistry_getIndex(providerName); if (idx == -1) { return -1; } return snoopy_datasourceregistry_ptrs[idx](returnMessage, providerArg); } snoopy-snoopy-2.3.1/src/datasourceregistry.h000066400000000000000000000024411253034143600212560ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: datasourceregistry.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Two arrays holding data about datasource functions */ extern char *snoopy_datasourceregistry_names[]; extern int (*snoopy_datasourceregistry_ptrs []) (char *datasource, char *arg); /* * Functions to manage and utilise datasource providers */ int snoopy_datasourceregistry_call (char *providerName, char *returnMessage, char *providerArg); int snoopy_datasourceregistry_getIndex (char *providerName); int snoopy_datasourceregistry_isRegistered (char *providerName); snoopy-snoopy-2.3.1/src/error.c000066400000000000000000000030031253034143600164520ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: error.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "error.h" #include "configuration.h" #include "log.h" /* * snoopy_error_handler * * Description: * Does the actual error handling. If configured, it sends it * to syslog. * * Params: * (none) * * Return: * void */ void snoopy_error_handler (char *errorMsg) { /* Only send error to syslog if configured like that */ if (SNOOPY_TRUE == snoopy_configuration.error_logging_enabled) { snoopy_log_dispatch(errorMsg, SNOOPY_LOG_ERROR); } } snoopy-snoopy-2.3.1/src/error.h000066400000000000000000000015711253034143600164670ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: error.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Error-handling functions */ void snoopy_error_handler(char *errorMsg); snoopy-snoopy-2.3.1/src/filter/000077500000000000000000000000001253034143600164465ustar00rootroot00000000000000snoopy-snoopy-2.3.1/src/filter/Makefile.am000066400000000000000000000016721253034143600205100ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### Include # AM_CFLAGS += -I$(top_srcdir)/src ### Create one library with all snoopy filters collected in it # noinst_LTLIBRARIES = libsnoopy_filters_all.la ### Filter collection is made of the following files # # Please maintain alphabetical order, equal to what `ls` would do # libsnoopy_filters_all_la_SOURCES = ### Filter: exclude_spawns_of # if FILTER_ENABLED_exclude_spawns_of libsnoopy_filters_all_la_SOURCES += \ exclude_spawns_of.c \ exclude_spawns_of.h endif ### Filter: exclude_uid # if FILTER_ENABLED_exclude_uid libsnoopy_filters_all_la_SOURCES += \ exclude_uid.c \ exclude_uid.h endif ### Filter: only_root # if FILTER_ENABLED_only_root libsnoopy_filters_all_la_SOURCES += \ only_root.c \ only_root.h endif ### Filter: only_uid # if FILTER_ENABLED_only_uid libsnoopy_filters_all_la_SOURCES += \ only_uid.c \ only_uid.h endif snoopy-snoopy-2.3.1/src/filter/exclude_spawns_of.c000066400000000000000000000142221253034143600223230ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/exclude_spawns_of.c * * Copyright (c) 2015 Datto, Inc. All rights reserved. * Author: Fred Mora - fmora@datto.com * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: exclude_spawns_of * * Description: * Excludes all log messages for executables that have the specified program name in their ancestors. * Strategy: We parse arg to create the "list of specified programs" (LoSP). * Then, we walk up the parent process ID (PPID) chain and we check if each executable name is part * of the LoSP. * * Params: * logMessage: Pointer to string that contains formatted log message (may be manipulated) * arg: Comma-separated list of program names for the spawns of which log messages are dropped. * * Return: * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP */ #include "snoopy.h" #include #include #include #include #include #define PROGLISTSEP ',' int find_ancestor_in_list(char **name_list); int find_string_in_array(char *str, char **str_array); char **string_to_token_array(char *str); int snoopy_filter_exclude_spawns_of(char *msg, char *arg) { char **losp; // List of specified programs derived from arg int is_ancestor_in_list = 0; // Turn comma-separated arg into array of program name strings losp = string_to_token_array(arg); if (losp == NULL) { // If failure, we cannot filter anything, just pass the message return SNOOPY_FILTER_PASS; } // Check if one of the program names in losp is an ancestor is_ancestor_in_list = find_ancestor_in_list(losp); free(losp); return (is_ancestor_in_list == 1) ? SNOOPY_FILTER_DROP : SNOOPY_FILTER_PASS; // Error means pass } // Helper functions /** * Description: * Walks the /proc tree from /proc/currentPID and iterate parent PIDs up to PID 1. For each PID, check if the * executable name is in name_list. * Params: * name_list: Ptr to array of char ptr. Each element point to the name of an executable. * Return: * 1 if the executable name of an ancestor process is found in name_list * 0 if there are no ancestor that have a name found in name_list * -1 if error. */ int find_ancestor_in_list(char **name_list) { pid_t ppid; char stat_path[32]; // Path "/proc/nnnn/stat" where nnnn = some PID FILE *statf; int rc, found; char *ancestor_name; // The following var are read from /proc/nnnn/stat char *st_comm; //Exec file name. Points to buffer that will be malloc'd. pid_t st_pid; char st_state; if (name_list == NULL) { return -1; } ppid = getppid(); // We start with the parent while (ppid != 1) { // Create the path to /proc//stat sprintf(stat_path, "/proc/%d/stat", ppid); statf = fopen(stat_path, "r"); if (statf == NULL) { return -1; } // Grab the first few elements from the stat pseudo-file. Format from man 5 proc. rc = fscanf(statf, "%d %ms %c %d", &st_pid, &st_comm, &st_state, &ppid); if (rc == EOF) { fclose(statf); return -1; } // stat provides st_comm as the name between parentheses. Get rid of the parens. ancestor_name = st_comm + 1; st_comm[strlen(st_comm) - 1] = '\0'; found = find_string_in_array(ancestor_name, name_list); free(st_comm); if (found) { fclose(statf); return 1; } fclose(statf); } return 0; // Nothing found } /** * Description: * Searches for a string in an array of strings. All strings are zero-terminated. * Params: * str: Ptr to the string we are looking for in str_array. * str_array: Ptr to array of char ptr, each of them pointing to a string to compare to str. * Return: * 1 if str matches one of the strings in str_array * 0 if there are no matches or if either argument is NULL. */ int find_string_in_array(char *str, char **str_array) { if ((str == NULL) || (str_array == NULL)) { return 0; } char **p = str_array; while (*p != NULL) { if (strcmp(str, *p) == 0) { return 1; } p++; } return 0; } /** * Description: * Tokenizes string str using comma as a separator. Returns an array of individual tokens between delimiters. * * Params: * str: string to be tokenized. The string is modified as per strtok (delimiters replaced with \0).. * Returns: * Ptr to array of char ptr. Each element point to an individual substring between delimiters. * The last element is the NULL pointer to act as a delimiter. * The returned pointer should be freed by the caller after use. * If str is NULL or empty, or if error, returns NULL. */ char **string_to_token_array(char *str) { char *p; int i; int sepcount = 0; int token_count; char **token_array; // Return value char *saveptr = NULL; // For strtok_r() if ((str == NULL) || (*str == '\0')) { return NULL; } // Count the occurences of PROGLISTSEP p = strchr(str, PROGLISTSEP); while (p != NULL) { sepcount++; p=strchr(p+1, PROGLISTSEP); } // Allocate storage for token_array: one more than the separator count, and one more for the NULL delimiter. token_count = sepcount +1; token_array = calloc(token_count + 1, sizeof(p)); if (token_array == NULL) { return NULL; } // Fill in token_array with ptrs to individual tokens char delim[] = { PROGLISTSEP, '\0'}; // Make a string of delimiters p = str; for (i = 0; i < token_count; i++) { token_array[i] = strtok_r(p, delim, &saveptr); p = NULL; } token_array[token_count] = NULL; return(token_array); } snoopy-snoopy-2.3.1/src/filter/exclude_spawns_of.h000066400000000000000000000017171253034143600223350ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/exclude_spawns_of.h * * Copyright (c) 2015 Datto, Inc. All rights reserved. * Author: Fred Mora - fmora@datto.com * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: exclude_spawns_of */ int snoopy_filter_exclude_spawns_of (char *msg, char *arg); snoopy-snoopy-2.3.1/src/filter/exclude_uid.c000066400000000000000000000046601253034143600211120ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/exclude_uid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: exclude_uid * * Description: * Excludes all log messages comming from specified UIDs * * Params: * logMessage: pointer to string that contains formatted log message (may be manipulated) * arg: Comma-separated list of UIDs for which log messages are dropped, passed for others * * Return: * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP */ #include "snoopy.h" #include #include #include #include #include int snoopy_filter_exclude_uid (char *msg, char *arg) { uid_t curUid; // Actual UID of running process int j; char *str1; // Do not assign null to it explicitly, as you get "Explicit null dereference" Coverity error. // If you do not assign it, Coverity complains with "Uninitialized pointer read". char *saveptr1 = ""; /* Get uid of current process */ curUid = getuid(); /* Loop through all UIDs passed to the filter as argument */ for (j=1, str1=arg; ; j++, str1=NULL) { char *argCurUidStr; // Literal UID uid_t argCurUid; // Actual UID to be used for comparison // Get next literal UID argCurUidStr = strtok_r(str1, ",", &saveptr1); if (NULL == argCurUidStr) { break; } // Convert literal UID to numeric type argCurUid = atol(argCurUidStr); // If UID matches, drop the message if (argCurUid == curUid) { return SNOOPY_FILTER_DROP; } } // None of the UIDs matched so far, therefore we are passing this message on return SNOOPY_FILTER_PASS; } snoopy-snoopy-2.3.1/src/filter/exclude_uid.h000066400000000000000000000016321253034143600211130ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/exclude_uid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: exclude_uid */ int snoopy_filter_exclude_uid (char *msg, char *arg); snoopy-snoopy-2.3.1/src/filter/only_root.c000066400000000000000000000025711253034143600206430ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/only_root.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: only_root * * Description: * Only logs messages from root (uid=0 actually) * * Params: * msg: pointer to string that contains formatted log message (may be manipulated) * arg: arguments passed to this filter * * Return: * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP */ #include "snoopy.h" #include #include #include int snoopy_filter_only_root (char *msg, char *arg) { if (0 == getuid()) { return SNOOPY_FILTER_PASS; } else { return SNOOPY_FILTER_DROP; } } snoopy-snoopy-2.3.1/src/filter/only_root.h000066400000000000000000000016241253034143600206460ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/only_root.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: only_root */ int snoopy_filter_only_root (char *msg, char *arg); snoopy-snoopy-2.3.1/src/filter/only_uid.c000066400000000000000000000046461253034143600204460ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/only_uid.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: only_uid * * Description: * Excludes all log messages not comming from specific UID * * Params: * logMessage: pointer to string that contains formatted log message (may be manipulated) * arg: Comma-separated list of UIDs for which log message is passed on, dropped for all others * * Return: * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP */ #include "snoopy.h" #include #include #include #include #include int snoopy_filter_only_uid (char *msg, char *arg) { uid_t curUid; // Actual UID of running process int j; char *str1; // Do not assign null to it explicitly, as you get "Explicit null dereference" Coverity error. // If you do not assign it, Coverity complains with "Uninitialized pointer read". char *saveptr1 = ""; /* Get uid of current process */ curUid = getuid(); /* Loop through all UIDs passed to the filter as argument */ for (j=1, str1=arg; ; j++, str1=NULL) { char *argCurUidStr; // Literal UID uid_t argCurUid; // Actual UID to be used for comparison // Get next literal UID argCurUidStr = strtok_r(str1, ",", &saveptr1); if (NULL == argCurUidStr) { break; } // Convert literal UID to numeric type argCurUid = atol(argCurUidStr); // Compare and return PASS if matches if (argCurUid == curUid) { return SNOOPY_FILTER_PASS; } } // None of the UIDs matched so far, therefore we are dropping this return SNOOPY_FILTER_DROP; } snoopy-snoopy-2.3.1/src/filter/only_uid.h000066400000000000000000000016211253034143600204410ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/filter/only_uid.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY FILTER: only_uid */ int snoopy_filter_only_uid (char *msg, char *arg); snoopy-snoopy-2.3.1/src/filtering.c000066400000000000000000000102361253034143600173120ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: filtering.c * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "configuration.h" #include "filterregistry.h" #include "message.h" /* * snoopy_filtering_check_chain * * Description: * Determines whether given message should be send to syslog or not * * Params: * logMessage: message about to be sent to syslog * chain: filter chain to check * * Return: * SNOOPY_FILTER_PASS or SNOOPY_FILTER_DROP */ int snoopy_filtering_check_chain ( char *logMessage, char *filterChain ) { char filterChainCopy[SNOOPY_FILTER_CHAIN_MAX_SIZE]; // Must be here, or strtok_r segfaults int filterChainCopySize; int j; char *str; char *rest; char *filterSpec; // Single filter specification from defined filter chain char *fcPos_filterSpecArg; // Pointer to argument part of single filter specification in a filter chain // Copy the filter chain specification to separate string, to be used in strtok_r filterChainCopySize = strlen(filterChain); if (filterChainCopySize > SNOOPY_FILTER_CHAIN_MAX_SIZE - 1) { filterChainCopySize = SNOOPY_FILTER_CHAIN_MAX_SIZE - 1; } strncpy(filterChainCopy, filterChain, filterChainCopySize); filterChainCopy[filterChainCopySize] = '\0'; // Loop through all filters for (j=1, str=filterChainCopy; ; j++, str=NULL) { char filterName[SNOOPY_FILTER_NAME_MAX_SIZE]; char *filterNamePtr; size_t filterNameSize; char filterArg[SNOOPY_FILTER_ARG_MAX_SIZE]; char *filterArgPtr; // Parse the remaining filter chain specification for next filterSpec filterSpec = strtok_r(str, ";", &rest); if (NULL == filterSpec) { // We are at the end of filtering chain break; } // If filter tag contains ":", then split it into filter name and filter argument fcPos_filterSpecArg = strstr(filterSpec, ":"); if (NULL == fcPos_filterSpecArg) { // filterSpec == filterName, there is no argument filterName[0] = '\0'; filterNamePtr = filterSpec; filterArg[0] = '\0'; filterArgPtr = filterArg; } else { // Change the colon to null character, which effectively splits the string in two parts. // Then point to first and second part with corresponding variables. filterNameSize = fcPos_filterSpecArg - filterSpec; filterName[0] = '\0'; strncpy(filterName, filterSpec, filterNameSize); filterName[filterNameSize] = '\0'; filterNamePtr = filterName; filterArgPtr = fcPos_filterSpecArg + 1; } // Check if filter actually exists if (! snoopy_filterregistry_isRegistered(filterNamePtr)) { snoopy_message_append(logMessage, "ERROR(Filter not found - "); snoopy_message_append(logMessage, filterNamePtr); snoopy_message_append(logMessage, ")"); break; } // Consult the filter, and return immediately if message should be dropped if (SNOOPY_FILTER_DROP == snoopy_filterregistry_call(filterNamePtr, logMessage, filterArgPtr)) { return SNOOPY_FILTER_DROP; } } return SNOOPY_FILTER_PASS; } snoopy-snoopy-2.3.1/src/filtering.h000066400000000000000000000015661253034143600173250ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: filtering.h * * Copyright (c) 2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ int snoopy_filtering_check_chain ( char *logMessage, char *chain ); snoopy-snoopy-2.3.1/src/filterregistry.c000066400000000000000000000060721253034143600204100ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: filterregistry.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include relevant header files */ #include "snoopy.h" #include "filterregistry.h" #include /* * Include headers of all filter functions */ #ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of #include "filter/exclude_spawns_of.h" #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_uid #include "filter/exclude_uid.h" #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_only_root #include "filter/only_root.h" #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_only_uid #include "filter/only_uid.h" #endif /* * Two arrays holding data about filter functions */ char *snoopy_filterregistry_names[] = { #ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of "exclude_spawns_of", #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_uid "exclude_uid", #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_only_root "only_root", #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_only_uid "only_uid", #endif "", }; int (*snoopy_filterregistry_ptrs []) (char *logMessage, char *arg) = { #ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_spawns_of snoopy_filter_exclude_spawns_of, #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_exclude_uid snoopy_filter_exclude_uid, #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_only_root snoopy_filter_only_root, #endif #ifdef SNOOPY_CONF_FILTER_ENABLED_only_uid snoopy_filter_only_uid, #endif }; /* * isRegistered() * * Return true if filter filter exists, otherwise return false */ int snoopy_filterregistry_isRegistered (char *filterName) { if (snoopy_filterregistry_getIndex(filterName) == -1) { return SNOOPY_FALSE; } else { return SNOOPY_TRUE; } } /* * getIndex() * * Return index of given filter, or -1 if not found */ int snoopy_filterregistry_getIndex (char *filterName) { int i; i = 0; while (strcmp(snoopy_filterregistry_names[i], "") != 0) { if (strcmp(snoopy_filterregistry_names[i], filterName) == 0) { return i; } i++; } return -1; } /* * call() * * Call the given filter and return its output */ int snoopy_filterregistry_call (char *filterName, char *logMessage, char *filterArg) { int idx; idx = snoopy_filterregistry_getIndex(filterName); if (idx == -1) { return -1; } return snoopy_filterregistry_ptrs[idx](logMessage, filterArg); } snoopy-snoopy-2.3.1/src/filterregistry.h000066400000000000000000000023661253034143600204170ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: filterregistry.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Two arrays holding data about filter functions */ extern char *snoopy_filterregistry_names[]; extern int (*snoopy_filterregistry_ptrs []) (char *logMessage, char *arg); /* * Functions to manage and utilise filter providers */ int snoopy_filterregistry_call (char *filterName, char *logMessage, char *filterArg); int snoopy_filterregistry_getIndex (char *filterName); int snoopy_filterregistry_isRegistered (char *filterName); snoopy-snoopy-2.3.1/src/inputdatastorage.c000066400000000000000000000037321253034143600207100ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: inputdatastorage.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Includes */ #include "snoopy.h" #include "inputdatastorage.h" /* * Create these storage locations for inputs to consume */ const char *snoopy_inputdatastorage_filename; char **snoopy_inputdatastorage_argv; char **snoopy_inputdatastorage_envp; /* * snoopy_inputdatastorage_store_filename() * * Description: * Store filename of execv()/execve() syscall * * Params: * filename: filename to store * * Return: * void */ void snoopy_inputdatastorage_store_filename ( const char *filename ) { snoopy_inputdatastorage_filename = filename; } /* * snoopy_inputdatastorage_store_argv() * * Description: * Store argv[] of execv()/execve() syscall * * Params: * argv: argv pointer to store * * Return: * void */ void snoopy_inputdatastorage_store_argv ( char * argv[] ) { snoopy_inputdatastorage_argv = argv; } /* * snoopy_inputdatastorage_store_envp() * * Description: * Store envp[] of execve() syscall * * Params: * envp: environment array pointer to store * * Return: * void */ void snoopy_inputdatastorage_store_envp ( char * envp[] ) { snoopy_inputdatastorage_envp = envp; } snoopy-snoopy-2.3.1/src/inputdatastorage.h000066400000000000000000000024131253034143600207100ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: inputdatastorage.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "snoopy.h" /* * Store execution data for inputs to consume */ extern const char *snoopy_inputdatastorage_filename; extern char **snoopy_inputdatastorage_argv; extern char **snoopy_inputdatastorage_envp; /* * Functions to use to do the actual storing */ void snoopy_inputdatastorage_store_filename ( const char *filename ); void snoopy_inputdatastorage_store_argv ( char * argv[] ); void snoopy_inputdatastorage_store_envp ( char * envp[] ); snoopy-snoopy-2.3.1/src/lib/000077500000000000000000000000001253034143600157275ustar00rootroot00000000000000snoopy-snoopy-2.3.1/src/lib/Makefile.am000066400000000000000000000005331253034143600177640ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### INI file parser # if CONFIG_FILE_ENABLED noinst_LTLIBRARIES = \ libiniparser.la libiniparser_la_SOURCES = \ iniparser/src/dictionary.c \ iniparser/src/dictionary.h \ iniparser/src/iniparser.c \ iniparser/src/iniparser.h endif snoopy-snoopy-2.3.1/src/lib/iniparser/000077500000000000000000000000001253034143600177235ustar00rootroot00000000000000snoopy-snoopy-2.3.1/src/lib/iniparser/AUTHORS000066400000000000000000000003661253034143600210000ustar00rootroot00000000000000Author: Nicolas Devillard This tiny library has received countless contributions and I have not kept track of all the people who contributed. Let them be thanked for their ideas, code, suggestions, corrections, enhancements! snoopy-snoopy-2.3.1/src/lib/iniparser/INSTALL000066400000000000000000000005411253034143600207540ustar00rootroot00000000000000 iniParser installation instructions ----------------------------------- - Modify the Makefile to suit your environment. - Type 'make' to make the library. - Type 'make check' to make the test program. - Type 'test/iniexample' to launch the test program. - Type 'test/parse' to launch torture tests. Enjoy! N. Devillard Wed Mar 2 21:14:17 CET 2011 snoopy-snoopy-2.3.1/src/lib/iniparser/LICENSE000066400000000000000000000020731253034143600207320ustar00rootroot00000000000000Copyright (c) 2000-2011 by Nicolas Devillard. MIT License Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. snoopy-snoopy-2.3.1/src/lib/iniparser/README000066400000000000000000000004471253034143600206100ustar00rootroot00000000000000 Welcome to iniParser -- version 3.1 released 08 Apr 2012 This modules offers parsing of ini files from the C level. See a complete documentation in HTML format, from this directory open the file html/index.html with any HTML-capable browser. Enjoy! N.Devillard Sun Apr 8 16:38:09 CEST 2012 snoopy-snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_CHANGES000066400000000000000000000001621253034143600225120ustar00rootroot00000000000000Snoopy changes to iniparser =========================== o Changed all error messages to include "snoopy " prefix snoopy-snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_URI000066400000000000000000000001111253034143600220730ustar00rootroot00000000000000http://ndevilla.free.fr/iniparser/ https://github.com/ndevilla/iniparser snoopy-snoopy-2.3.1/src/lib/iniparser/SNOOPY_LIB_VERSION000066400000000000000000000000641253034143600225700ustar00rootroot00000000000000git commit c8633b72816420bde5c0c247df850ca2c30e6d53 snoopy-snoopy-2.3.1/src/lib/iniparser/src/000077500000000000000000000000001253034143600205125ustar00rootroot00000000000000snoopy-snoopy-2.3.1/src/lib/iniparser/src/dictionary.c000066400000000000000000000276021253034143600230320ustar00rootroot00000000000000/*-------------------------------------------------------------------------*/ /** @file dictionary.c @author N. Devillard @brief Implements a dictionary for string variables. This module implements a simple dictionary object, i.e. a list of string/string associations. This object is useful to store e.g. informations retrieved from a configuration file (ini files). */ /*--------------------------------------------------------------------------*/ /*--------------------------------------------------------------------------- Includes ---------------------------------------------------------------------------*/ #include "dictionary.h" #include #include #include #include /** Maximum value size for integers and doubles. */ #define MAXVALSZ 1024 /** Minimal allocated number of entries in a dictionary */ #define DICTMINSZ 128 /** Invalid key token */ #define DICT_INVALID_KEY ((char*)-1) /*--------------------------------------------------------------------------- Private functions ---------------------------------------------------------------------------*/ /* Doubles the allocated size associated to a pointer */ /* 'size' is the current allocated size. */ static void * mem_double(void * ptr, size_t size) { void * newptr ; newptr = calloc(2*size, 1); if (newptr==NULL) { return NULL ; } memcpy(newptr, ptr, size); free(ptr); return newptr ; } /*-------------------------------------------------------------------------*/ /** @brief Duplicate a string @param s String to duplicate @return Pointer to a newly allocated string, to be freed with free() This is a replacement for strdup(). This implementation is provided for systems that do not have it. */ /*--------------------------------------------------------------------------*/ char * xstrdup(const char * s) { char * t ; size_t len ; if (!s) return NULL ; len = strlen(s) + 1 ; t = malloc(len) ; if (t) { memcpy(t, s, len) ; } return t ; } /*--------------------------------------------------------------------------- Function codes ---------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/ /** @brief Compute the hash key for a string. @param key Character string to use for key. @return 1 unsigned int on at least 32 bits. This hash function has been taken from an Article in Dr Dobbs Journal. This is normally a collision-free function, distributing keys evenly. The key is stored anyway in the struct so that collision can be avoided by comparing the key itself in last resort. */ /*--------------------------------------------------------------------------*/ unsigned dictionary_hash(const char * key) { size_t len ; unsigned hash ; size_t i ; len = strlen(key); for (hash=0, i=0 ; i>6) ; } hash += (hash <<3); hash ^= (hash >>11); hash += (hash <<15); return hash ; } /*-------------------------------------------------------------------------*/ /** @brief Create a new dictionary object. @param size Optional initial size of the dictionary. @return 1 newly allocated dictionary objet. This function allocates a new dictionary object of given size and returns it. If you do not know in advance (roughly) the number of entries in the dictionary, give size=0. */ /*--------------------------------------------------------------------------*/ dictionary * dictionary_new(size_t size) { dictionary * d ; /* If no size was specified, allocate space for DICTMINSZ */ if (sizesize = size ; d->val = calloc(size, sizeof *d->val); d->key = calloc(size, sizeof *d->key); d->hash = calloc(size, sizeof *d->hash); } return d ; } /*-------------------------------------------------------------------------*/ /** @brief Delete a dictionary object @param d dictionary object to deallocate. @return void Deallocate a dictionary object and all memory associated to it. */ /*--------------------------------------------------------------------------*/ void dictionary_del(dictionary * d) { size_t i ; if (d==NULL) return ; for (i=0 ; isize ; i++) { if (d->key[i]!=NULL) free(d->key[i]); if (d->val[i]!=NULL) free(d->val[i]); } free(d->val); free(d->key); free(d->hash); free(d); return ; } /*-------------------------------------------------------------------------*/ /** @brief Get a value from a dictionary. @param d dictionary object to search. @param key Key to look for in the dictionary. @param def Default value to return if key not found. @return 1 pointer to internally allocated character string. This function locates a key in a dictionary and returns a pointer to its value, or the passed 'def' pointer if no such key can be found in dictionary. The returned character pointer points to data internal to the dictionary object, you should not try to free it or modify it. */ /*--------------------------------------------------------------------------*/ char * dictionary_get(dictionary * d, const char * key, char * def) { unsigned hash ; size_t i ; hash = dictionary_hash(key); for (i=0 ; isize ; i++) { if (d->key[i]==NULL) continue ; /* Compare hash */ if (hash==d->hash[i]) { /* Compare string, to avoid hash collisions */ if (!strcmp(key, d->key[i])) { return d->val[i] ; } } } return def ; } /*-------------------------------------------------------------------------*/ /** @brief Set a value in a dictionary. @param d dictionary object to modify. @param key Key to modify or add. @param val Value to add. @return int 0 if Ok, anything else otherwise If the given key is found in the dictionary, the associated value is replaced by the provided one. If the key cannot be found in the dictionary, it is added to it. It is Ok to provide a NULL value for val, but NULL values for the dictionary or the key are considered as errors: the function will return immediately in such a case. Notice that if you dictionary_set a variable to NULL, a call to dictionary_get will return a NULL value: the variable will be found, and its value (NULL) is returned. In other words, setting the variable content to NULL is equivalent to deleting the variable from the dictionary. It is not possible (in this implementation) to have a key in the dictionary without value. This function returns non-zero in case of failure. */ /*--------------------------------------------------------------------------*/ int dictionary_set(dictionary * d, const char * key, const char * val) { size_t i ; unsigned hash ; if (d==NULL || key==NULL) return -1 ; /* Compute hash for this key */ hash = dictionary_hash(key) ; /* Find if value is already in dictionary */ if (d->n>0) { for (i=0 ; isize ; i++) { if (d->key[i]==NULL) continue ; if (hash==d->hash[i]) { /* Same hash value */ if (!strcmp(key, d->key[i])) { /* Same key */ /* Found a value: modify and return */ if (d->val[i]!=NULL) free(d->val[i]); d->val[i] = val ? xstrdup(val) : NULL ; /* Value has been modified: return */ return 0 ; } } } } /* Add a new value */ /* See if dictionary needs to grow */ if (d->n==d->size) { /* Reached maximum size: reallocate dictionary */ d->val = mem_double(d->val, d->size * sizeof *d->val) ; d->key = mem_double(d->key, d->size * sizeof *d->key) ; d->hash = mem_double(d->hash, d->size * sizeof *d->hash) ; if ((d->val==NULL) || (d->key==NULL) || (d->hash==NULL)) { /* Cannot grow dictionary */ return -1 ; } /* Double size */ d->size *= 2 ; } /* Insert key in the first empty slot. Start at d->n and wrap at d->size. Because d->n < d->size this will necessarily terminate. */ for (i=d->n ; d->key[i] ; ) { if(++i == d->size) i = 0; } /* Copy key */ d->key[i] = xstrdup(key); d->val[i] = val ? xstrdup(val) : NULL ; d->hash[i] = hash; d->n ++ ; return 0 ; } /*-------------------------------------------------------------------------*/ /** @brief Delete a key in a dictionary @param d dictionary object to modify. @param key Key to remove. @return void This function deletes a key in a dictionary. Nothing is done if the key cannot be found. */ /*--------------------------------------------------------------------------*/ void dictionary_unset(dictionary * d, const char * key) { unsigned hash ; size_t i ; if (key == NULL) { return; } hash = dictionary_hash(key); for (i=0 ; isize ; i++) { if (d->key[i]==NULL) continue ; /* Compare hash */ if (hash==d->hash[i]) { /* Compare string, to avoid hash collisions */ if (!strcmp(key, d->key[i])) { /* Found key */ break ; } } } if (i>=d->size) /* Key not found */ return ; free(d->key[i]); d->key[i] = NULL ; if (d->val[i]!=NULL) { free(d->val[i]); d->val[i] = NULL ; } d->hash[i] = 0 ; d->n -- ; return ; } /*-------------------------------------------------------------------------*/ /** @brief Dump a dictionary to an opened file pointer. @param d Dictionary to dump @param f Opened file pointer. @return void Dumps a dictionary onto an opened file pointer. Key pairs are printed out as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as output file pointers. */ /*--------------------------------------------------------------------------*/ void dictionary_dump(dictionary * d, FILE * out) { size_t i ; if (d==NULL || out==NULL) return ; if (d->n<1) { fprintf(out, "empty dictionary\n"); return ; } for (i=0 ; isize ; i++) { if (d->key[i]) { fprintf(out, "%20s\t[%s]\n", d->key[i], d->val[i] ? d->val[i] : "UNDEF"); } } return ; } /* Test code */ #ifdef TESTDIC #define NVALS 20000 int main(int argc, char *argv[]) { dictionary * d ; char * val ; int i ; char cval[90] ; /* Allocate dictionary */ printf("allocating...\n"); d = dictionary_new(0); /* Set values in dictionary */ printf("setting %d values...\n", NVALS); for (i=0 ; in != 0) { printf("error deleting values\n"); } printf("deallocating...\n"); dictionary_del(d); return 0 ; } #endif /* vim: set ts=4 et sw=4 tw=75 */ snoopy-snoopy-2.3.1/src/lib/iniparser/src/dictionary.h000066400000000000000000000156311253034143600230360ustar00rootroot00000000000000 /*-------------------------------------------------------------------------*/ /** @file dictionary.h @author N. Devillard @brief Implements a dictionary for string variables. This module implements a simple dictionary object, i.e. a list of string/string associations. This object is useful to store e.g. informations retrieved from a configuration file (ini files). */ /*--------------------------------------------------------------------------*/ #ifndef _DICTIONARY_H_ #define _DICTIONARY_H_ /*--------------------------------------------------------------------------- Includes ---------------------------------------------------------------------------*/ #include #include #include #include #ifdef __cplusplus extern "C" { #endif /*--------------------------------------------------------------------------- New types ---------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/ /** @brief Dictionary object This object contains a list of string/string associations. Each association is identified by a unique string key. Looking up values in the dictionary is speeded up by the use of a (hopefully collision-free) hash function. */ /*-------------------------------------------------------------------------*/ typedef struct _dictionary_ { int n ; /** Number of entries in dictionary */ int size ; /** Storage size */ char ** val ; /** List of string values */ char ** key ; /** List of string keys */ unsigned * hash ; /** List of hash values for keys */ } dictionary ; /*--------------------------------------------------------------------------- Function prototypes ---------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/ /** @brief Compute the hash key for a string. @param key Character string to use for key. @return 1 unsigned int on at least 32 bits. This hash function has been taken from an Article in Dr Dobbs Journal. This is normally a collision-free function, distributing keys evenly. The key is stored anyway in the struct so that collision can be avoided by comparing the key itself in last resort. */ /*--------------------------------------------------------------------------*/ unsigned dictionary_hash(const char * key); /*-------------------------------------------------------------------------*/ /** @brief Create a new dictionary object. @param size Optional initial size of the dictionary. @return 1 newly allocated dictionary objet. This function allocates a new dictionary object of given size and returns it. If you do not know in advance (roughly) the number of entries in the dictionary, give size=0. */ /*--------------------------------------------------------------------------*/ dictionary * dictionary_new(size_t size); /*-------------------------------------------------------------------------*/ /** @brief Delete a dictionary object @param d dictionary object to deallocate. @return void Deallocate a dictionary object and all memory associated to it. */ /*--------------------------------------------------------------------------*/ void dictionary_del(dictionary * vd); /*-------------------------------------------------------------------------*/ /** @brief Get a value from a dictionary. @param d dictionary object to search. @param key Key to look for in the dictionary. @param def Default value to return if key not found. @return 1 pointer to internally allocated character string. This function locates a key in a dictionary and returns a pointer to its value, or the passed 'def' pointer if no such key can be found in dictionary. The returned character pointer points to data internal to the dictionary object, you should not try to free it or modify it. */ /*--------------------------------------------------------------------------*/ char * dictionary_get(dictionary * d, const char * key, char * def); /*-------------------------------------------------------------------------*/ /** @brief Set a value in a dictionary. @param d dictionary object to modify. @param key Key to modify or add. @param val Value to add. @return int 0 if Ok, anything else otherwise If the given key is found in the dictionary, the associated value is replaced by the provided one. If the key cannot be found in the dictionary, it is added to it. It is Ok to provide a NULL value for val, but NULL values for the dictionary or the key are considered as errors: the function will return immediately in such a case. Notice that if you dictionary_set a variable to NULL, a call to dictionary_get will return a NULL value: the variable will be found, and its value (NULL) is returned. In other words, setting the variable content to NULL is equivalent to deleting the variable from the dictionary. It is not possible (in this implementation) to have a key in the dictionary without value. This function returns non-zero in case of failure. */ /*--------------------------------------------------------------------------*/ int dictionary_set(dictionary * vd, const char * key, const char * val); /*-------------------------------------------------------------------------*/ /** @brief Delete a key in a dictionary @param d dictionary object to modify. @param key Key to remove. @return void This function deletes a key in a dictionary. Nothing is done if the key cannot be found. */ /*--------------------------------------------------------------------------*/ void dictionary_unset(dictionary * d, const char * key); /*-------------------------------------------------------------------------*/ /** @brief Dump a dictionary to an opened file pointer. @param d Dictionary to dump @param f Opened file pointer. @return void Dumps a dictionary onto an opened file pointer. Key pairs are printed out as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as output file pointers. */ /*--------------------------------------------------------------------------*/ void dictionary_dump(dictionary * d, FILE * out); /*-------------------------------------------------------------------------*/ /** @brief Duplicate a string @param s String to duplicate @return Pointer to a newly allocated string, to be freed with free() This is a replacement for strdup(). This implementation is provided for systems that do not have it. */ /*--------------------------------------------------------------------------*/ char * xstrdup(const char * s); #ifdef __cplusplus } #endif #endif snoopy-snoopy-2.3.1/src/lib/iniparser/src/iniparser.c000066400000000000000000000630501253034143600226560ustar00rootroot00000000000000 /*-------------------------------------------------------------------------*/ /** @file iniparser.c @author N. Devillard @brief Parser for ini files. */ /*--------------------------------------------------------------------------*/ /*---------------------------- Includes ------------------------------------*/ #include #include "iniparser.h" /*---------------------------- Defines -------------------------------------*/ #define ASCIILINESZ (1024) #define INI_INVALID_KEY ((char*)-1) /*--------------------------------------------------------------------------- Private to this module ---------------------------------------------------------------------------*/ /** * This enum stores the status for each parsed line (internal use only). */ typedef enum _line_status_ { LINE_UNPROCESSED, LINE_ERROR, LINE_EMPTY, LINE_COMMENT, LINE_SECTION, LINE_VALUE } line_status ; /*-------------------------------------------------------------------------*/ /** @brief Convert a string to lowercase. @param s String to convert. This function modifies the string passed, the modified string contains a lowercased version of the input string. */ /*--------------------------------------------------------------------------*/ static void strlwc(char * s) { int i ; if (s==NULL) return; i=0 ; while (s[i]) { s[i] = (char)tolower((int)s[i]); i++ ; } } /*-------------------------------------------------------------------------*/ /** @brief Remove blanks at the beginning and the end of a string. @param s String to parse. This function modifies the input string and returns a modified string which is identical to the input string, except that all blank characters at the end and the beg. of the string have been removed. */ /*--------------------------------------------------------------------------*/ static void strstrip(char * s) { if (s==NULL) return ; char *last = s + strlen(s); char *dest = s; while (isspace((int)*s) && *s) s++; while (last > s) { if (!isspace((int)*(last-1))) break ; last -- ; } *last = (char)0; memmove(dest, s, last - s + 1); } /*-------------------------------------------------------------------------*/ /** @brief Get number of sections in a dictionary @param d Dictionary to examine @return int Number of sections found in dictionary This function returns the number of sections found in a dictionary. The test to recognize sections is done on the string stored in the dictionary: a section name is given as "section" whereas a key is stored as "section:key", thus the test looks for entries that do not contain a colon. This clearly fails in the case a section name contains a colon, but this should simply be avoided. This function returns -1 in case of error. */ /*--------------------------------------------------------------------------*/ int iniparser_getnsec(dictionary * d) { int i ; int nsec ; if (d==NULL) return -1 ; nsec=0 ; for (i=0 ; isize ; i++) { if (d->key[i]==NULL) continue ; if (strchr(d->key[i], ':')==NULL) { nsec ++ ; } } return nsec ; } /*-------------------------------------------------------------------------*/ /** @brief Get name for section n in a dictionary. @param d Dictionary to examine @param n Section number (from 0 to nsec-1). @return Pointer to char string This function locates the n-th section in a dictionary and returns its name as a pointer to a string statically allocated inside the dictionary. Do not free or modify the returned string! This function returns NULL in case of error. */ /*--------------------------------------------------------------------------*/ char * iniparser_getsecname(dictionary * d, int n) { int i ; int foundsec ; if (d==NULL || n<0) return NULL ; foundsec=0 ; for (i=0 ; isize ; i++) { if (d->key[i]==NULL) continue ; if (strchr(d->key[i], ':')==NULL) { foundsec++ ; if (foundsec>n) break ; } } if (foundsec<=n) { return NULL ; } return d->key[i] ; } /*-------------------------------------------------------------------------*/ /** @brief Dump a dictionary to an opened file pointer. @param d Dictionary to dump. @param f Opened file pointer to dump to. @return void This function prints out the contents of a dictionary, one element by line, onto the provided file pointer. It is OK to specify @c stderr or @c stdout as output files. This function is meant for debugging purposes mostly. */ /*--------------------------------------------------------------------------*/ void iniparser_dump(dictionary * d, FILE * f) { int i ; if (d==NULL || f==NULL) return ; for (i=0 ; isize ; i++) { if (d->key[i]==NULL) continue ; if (d->val[i]!=NULL) { fprintf(f, "[%s]=[%s]\n", d->key[i], d->val[i]); } else { fprintf(f, "[%s]=UNDEF\n", d->key[i]); } } return ; } /*-------------------------------------------------------------------------*/ /** @brief Save a dictionary to a loadable ini file @param d Dictionary to dump @param f Opened file pointer to dump to @return void This function dumps a given dictionary into a loadable ini file. It is Ok to specify @c stderr or @c stdout as output files. */ /*--------------------------------------------------------------------------*/ void iniparser_dump_ini(dictionary * d, FILE * f) { int i ; int nsec ; char * secname ; if (d==NULL || f==NULL) return ; nsec = iniparser_getnsec(d); if (nsec<1) { /* No section in file: dump all keys as they are */ for (i=0 ; isize ; i++) { if (d->key[i]==NULL) continue ; fprintf(f, "%s = %s\n", d->key[i], d->val[i]); } return ; } for (i=0 ; isize ; j++) { if (d->key[j]==NULL) continue ; if (!strncmp(d->key[j], keym, secsize-1)) { fprintf(f, "%-30s = %s\n", d->key[j]+secsize-1, d->val[j] ? d->val[j] : ""); } } fprintf(f, "\n"); free(keym); return ; } /*-------------------------------------------------------------------------*/ /** @brief Get the number of keys in a section of a dictionary. @param d Dictionary to examine @param s Section name of dictionary to examine @return Number of keys in section */ /*--------------------------------------------------------------------------*/ int iniparser_getsecnkeys(dictionary * d, char * s) { int secsize, nkeys ; char *keym; int j ; nkeys = 0; if (d==NULL) return nkeys; if (! iniparser_find_entry(d, s)) return nkeys; secsize = (int)strlen(s)+2; keym = malloc(secsize); snprintf(keym, secsize, "%s:", s); for (j=0 ; jsize ; j++) { if (d->key[j]==NULL) continue ; if (!strncmp(d->key[j], keym, secsize-1)) nkeys++; } free(keym); return nkeys; } /*-------------------------------------------------------------------------*/ /** @brief Get the number of keys in a section of a dictionary. @param d Dictionary to examine @param s Section name of dictionary to examine @return pointer to statically allocated character strings This function queries a dictionary and finds all keys in a given section. Each pointer in the returned char pointer-to-pointer is pointing to a string allocated in the dictionary; do not free or modify them. This function returns NULL in case of error. */ /*--------------------------------------------------------------------------*/ char ** iniparser_getseckeys(dictionary * d, char * s) { char **keys; int i, j ; char *keym; int secsize, nkeys ; keys = NULL; if (d==NULL) return keys; if (! iniparser_find_entry(d, s)) return keys; nkeys = iniparser_getsecnkeys(d, s); keys = (char**) malloc(nkeys*sizeof(char*)); secsize = (int)strlen(s) + 2; keym = malloc(secsize); snprintf(keym, secsize, "%s:", s); i = 0; for (j=0 ; jsize ; j++) { if (d->key[j]==NULL) continue ; if (!strncmp(d->key[j], keym, secsize-1)) { keys[i] = d->key[j]; i++; } } free(keym); return keys; } /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key @param d Dictionary to search @param key Key string to look for @param def Default value to return if key not found. @return pointer to statically allocated character string This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the pointer passed as 'def' is returned. The returned char pointer is pointing to a string allocated in the dictionary, do not free or modify it. */ /*--------------------------------------------------------------------------*/ char * iniparser_getstring(dictionary * d, const char * key, char * def) { char * lc_key ; char * sval ; if (d==NULL || key==NULL) return def ; lc_key = xstrdup(key); strlwc(lc_key); sval = dictionary_get(d, lc_key, def); free(lc_key); return sval ; } /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key, convert to an int @param d Dictionary to search @param key Key string to look for @param notfound Value to return in case of error @return integer This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned. Supported values for integers include the usual C notation so decimal, octal (starting with 0) and hexadecimal (starting with 0x) are supported. Examples: "42" -> 42 "042" -> 34 (octal -> decimal) "0x42" -> 66 (hexa -> decimal) Warning: the conversion may overflow in various ways. Conversion is totally outsourced to strtol(), see the associated man page for overflow handling. Credits: Thanks to A. Becker for suggesting strtol() */ /*--------------------------------------------------------------------------*/ int iniparser_getint(dictionary * d, const char * key, int notfound) { char * str ; str = iniparser_getstring(d, key, INI_INVALID_KEY); if (str==INI_INVALID_KEY) return notfound ; return (int)strtol(str, NULL, 0); } /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key, convert to a double @param d Dictionary to search @param key Key string to look for @param notfound Value to return in case of error @return double This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned. */ /*--------------------------------------------------------------------------*/ double iniparser_getdouble(dictionary * d, const char * key, double notfound) { char * str ; str = iniparser_getstring(d, key, INI_INVALID_KEY); if (str==INI_INVALID_KEY) return notfound ; return atof(str); } /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key, convert to a boolean @param d Dictionary to search @param key Key string to look for @param notfound Value to return in case of error @return integer This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned. A true boolean is found if one of the following is matched: - A string starting with 'y' - A string starting with 'Y' - A string starting with 't' - A string starting with 'T' - A string starting with '1' A false boolean is found if one of the following is matched: - A string starting with 'n' - A string starting with 'N' - A string starting with 'f' - A string starting with 'F' - A string starting with '0' The notfound value returned if no boolean is identified, does not necessarily have to be 0 or 1. */ /*--------------------------------------------------------------------------*/ int iniparser_getboolean(dictionary * d, const char * key, int notfound) { char * c ; int ret ; c = iniparser_getstring(d, key, INI_INVALID_KEY); if (c==INI_INVALID_KEY) return notfound ; if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { ret = 1 ; } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { ret = 0 ; } else { ret = notfound ; } return ret; } /*-------------------------------------------------------------------------*/ /** @brief Finds out if a given entry exists in a dictionary @param ini Dictionary to search @param entry Name of the entry to look for @return integer 1 if entry exists, 0 otherwise Finds out if a given entry exists in the dictionary. Since sections are stored as keys with NULL associated values, this is the only way of querying for the presence of sections in a dictionary. */ /*--------------------------------------------------------------------------*/ int iniparser_find_entry( dictionary * ini, const char * entry ) { int found=0 ; if (iniparser_getstring(ini, entry, INI_INVALID_KEY)!=INI_INVALID_KEY) { found = 1 ; } return found ; } /*-------------------------------------------------------------------------*/ /** @brief Set an entry in a dictionary. @param ini Dictionary to modify. @param entry Entry to modify (entry name) @param val New value to associate to the entry. @return int 0 if Ok, -1 otherwise. If the given entry can be found in the dictionary, it is modified to contain the provided value. If it cannot be found, -1 is returned. It is Ok to set val to NULL. */ /*--------------------------------------------------------------------------*/ int iniparser_set(dictionary * ini, const char * entry, const char * val) { int result = 0; char *lc_entry = xstrdup(entry); strlwc(lc_entry); result = dictionary_set(ini, lc_entry, val) ; free(lc_entry); return result; } /*-------------------------------------------------------------------------*/ /** @brief Delete an entry in a dictionary @param ini Dictionary to modify @param entry Entry to delete (entry name) @return void If the given entry can be found, it is deleted from the dictionary. */ /*--------------------------------------------------------------------------*/ void iniparser_unset(dictionary * ini, const char * entry) { char* lc_entry = xstrdup(entry); strlwc(lc_entry); dictionary_unset(ini, lc_entry); free(lc_entry); } /*-------------------------------------------------------------------------*/ /** @brief Load a single line from an INI file @param input_line Input line, may be concatenated multi-line input @param section Output space to store section @param key Output space to store key @param value Output space to store value @return line_status value */ /*--------------------------------------------------------------------------*/ static line_status iniparser_line( int line_size, const char * input_line, char ** section_out, char ** key_out, char ** value_out) { line_status sta ; int len = line_size-1; char * line = malloc(line_size); char * key = NULL; char * value = NULL; char * equals = NULL; if (!line) { fprintf(stderr, "SNOOPY iniparser: memory alloc error\n"); return LINE_ERROR; } *line = 0; strcpy(line, input_line); strstrip(line); len = (int)strlen(line); /* only allocate necessary space for key & val */ equals = strchr(line, '='); if (equals) { value = malloc((len + line) - equals + 1); key = malloc(equals - line + 1); *value = 0; } else { key = malloc(line_size + 1); } if (!key || (equals && !value)) { fprintf(stderr, "SNOOPY iniparser: memory alloc error\n"); sta = LINE_ERROR; goto out; } *key = 0; sta = LINE_UNPROCESSED ; if (len<1) { /* Empty line */ sta = LINE_EMPTY ; } else if (line[0]=='#' || line[0]==';') { /* Comment line */ sta = LINE_COMMENT ; } else if (line[0]=='[' && line[len-1]==']') { /* Section name */ sscanf(line, "[%[^]]", key); strstrip(key); strlwc(key); sta = LINE_SECTION ; *section_out=key; /* don't free key's memory */ key = NULL; } else if (equals && (sscanf (line, "%[^=] = \"%[^\"]\"", key, value) == 2 || sscanf (line, "%[^=] = '%[^\']'", key, value) == 2 || sscanf (line, "%[^=] = %[^;#]", key, value) == 2)) { /* Usual key=value, with or without comments */ strstrip(key); strlwc(key); strstrip(value); /* * sscanf cannot handle '' or "" as empty values * this is done here */ if (!strcmp(value, "\"\"") || (!strcmp(value, "''"))) { value[0]=0 ; } *key_out = key; *value_out = value; key = NULL; value = NULL; sta = LINE_VALUE ; } else if (equals && (sscanf(line, "%[^=] = %[;#]", key, value)==2 || sscanf(line, "%[^=] %[=]", key, value) == 2)) { /* * Special cases: * key= * key=; * key=# */ strstrip(key); strlwc(key); value[0]=0 ; *key_out = key; *value_out = value; /* don't free out params key or val's memory */ key = NULL; value = NULL; sta = LINE_VALUE ; } else { /* Generate syntax error */ sta = LINE_ERROR ; } out: if (line) { free(line); line = NULL; } if (key) { free(key); key = NULL; } if (value) { free(value); value= NULL; } return sta ; } /*-------------------------------------------------------------------------*/ /** @brief Parse an ini file and return an allocated dictionary object @param ininame Name of the ini file to read. @return Pointer to newly allocated dictionary This is the parser for ini files. This function is called, providing the name of the file to be read. It returns a dictionary object that should not be accessed directly, but through accessor functions instead. The returned dictionary must be freed using iniparser_freedict(). */ /*--------------------------------------------------------------------------*/ dictionary * iniparser_load(const char * ininame) { FILE * in = NULL ; char line [ASCIILINESZ+1] ; char *section = xstrdup(""); char *current_section = NULL; char *key = NULL; char *val = NULL; char* full_line = NULL; char* prev_line = NULL; int len ; int lineno=0 ; int errs=0; int seckey_size=0; dictionary * dict = NULL ; if ((in=fopen(ininame, "r"))==NULL) { fprintf(stderr, "SNOOPY iniparser: cannot open %s\n", ininame); goto out; } dict = dictionary_new(0) ; if (!dict) { goto out; } memset(line, 0, ASCIILINESZ); while (fgets(line, ASCIILINESZ, in)!=NULL) { int prev_line_len = 0; int multi_line = 0; int total_size = 0; if (key) { free(key); key = NULL; } if (val) { free(val); val = NULL; } lineno++ ; len = (int)strlen(line)-1; if (len==0) continue; /* Safety check against buffer overflows */ if (line[len]!='\n' && !feof(in)) { fprintf(stderr, "SNOOPY iniparser: input line too long in %s (%d)\n", ininame, lineno); errs++; goto out; } /* Get rid of \n and spaces at end of line */ while ((len>=0) && ((line[len]=='\n') || (isspace(line[len])))) { line[len]=0 ; len-- ; } if (len < 0) { /* Line was entirely \n and/or spaces */ len = 0; } /* Detect multi-line */ if (line[len]=='\\') { multi_line = 1; } if (multi_line) { /* Multi-line value */ /* length without trailing '\' */ /* remove multi-line indicator before appending*/ line[len] = 0; len--; } /* * If processing a multi-line then append it the previous portion, * at this point 'full_line' has the previously read portion of a * multi-line line (or NULL) */ prev_line = full_line; prev_line_len=0; if (prev_line) { prev_line_len = strlen(prev_line); } /* len is not strlen(line) but strlen(line) -1 */ total_size = (len+1) + prev_line_len + 1; full_line = malloc(total_size); if (!full_line) { fprintf(stderr, "SNOOPY iniparser: out of mem\n"); errs++; goto out; } memset(full_line, 0, total_size); if (prev_line) { strcpy(full_line, prev_line); } strcpy(full_line + prev_line_len, line); free(prev_line); prev_line = NULL; if (multi_line) { continue ; } switch (iniparser_line(total_size, full_line, ¤t_section, &key, &val)) { case LINE_EMPTY: case LINE_COMMENT: break ; case LINE_SECTION: if (section) { free(section); section=NULL; } errs = dictionary_set(dict, current_section, NULL); section = current_section; break ; case LINE_VALUE: { char *seckey; /* section + ':' + key + eos */ seckey_size = strlen(section) + strlen(key) +2; seckey = malloc(seckey_size); if (!seckey) { errs++; fprintf(stderr, "SNOOPY iniparser: out of mem\n"); goto out; } snprintf(seckey, seckey_size, "%s:%s", section, key); errs = dictionary_set(dict, seckey, val) ; free(seckey); seckey = NULL; } break ; case LINE_ERROR: fprintf(stderr, "SNOOPY iniparser: syntax error in %s (%d):\n", ininame, lineno); fprintf(stderr, "-> %s\n", full_line); errs++ ; break; default: break ; } memset(line, 0, ASCIILINESZ); if (full_line) { free(full_line); full_line = NULL; } if (errs<0) { fprintf(stderr, "SNOOPY iniparser: memory allocation failure\n"); break ; } } out: if (errs) { dictionary_del(dict); dict = NULL ; } if (val) { free(val); val = NULL; } if (key) { free(key); key = NULL; } if (section) { free(section); section = NULL; } if (full_line) { free(full_line); full_line = NULL; } if (prev_line) { free(prev_line); prev_line = NULL; } if (in) { fclose(in); } return dict ; } /*-------------------------------------------------------------------------*/ /** @brief Free all memory associated to an ini dictionary @param d Dictionary to free @return void Free all memory associated to an ini dictionary. It is mandatory to call this function before the dictionary object gets out of the current context. */ /*--------------------------------------------------------------------------*/ void iniparser_freedict(dictionary * d) { dictionary_del(d); } /* vim: set ts=4 et sw=4 tw=75 */ snoopy-snoopy-2.3.1/src/lib/iniparser/src/iniparser.h000066400000000000000000000265731253034143600226740ustar00rootroot00000000000000 /*-------------------------------------------------------------------------*/ /** @file iniparser.h @author N. Devillard @brief Parser for ini files. */ /*--------------------------------------------------------------------------*/ #ifndef _INIPARSER_H_ #define _INIPARSER_H_ /*--------------------------------------------------------------------------- Includes ---------------------------------------------------------------------------*/ #include #include #include /* * The following #include is necessary on many Unixes but not Linux. * It is not needed for Windows platforms. * Uncomment it if needed. */ /* #include */ #include "dictionary.h" #ifdef __cplusplus extern "C" { #endif /*-------------------------------------------------------------------------*/ /** @brief Get number of sections in a dictionary @param d Dictionary to examine @return int Number of sections found in dictionary This function returns the number of sections found in a dictionary. The test to recognize sections is done on the string stored in the dictionary: a section name is given as "section" whereas a key is stored as "section:key", thus the test looks for entries that do not contain a colon. This clearly fails in the case a section name contains a colon, but this should simply be avoided. This function returns -1 in case of error. */ /*--------------------------------------------------------------------------*/ int iniparser_getnsec(dictionary * d); /*-------------------------------------------------------------------------*/ /** @brief Get name for section n in a dictionary. @param d Dictionary to examine @param n Section number (from 0 to nsec-1). @return Pointer to char string This function locates the n-th section in a dictionary and returns its name as a pointer to a string statically allocated inside the dictionary. Do not free or modify the returned string! This function returns NULL in case of error. */ /*--------------------------------------------------------------------------*/ char * iniparser_getsecname(dictionary * d, int n); /*-------------------------------------------------------------------------*/ /** @brief Save a dictionary to a loadable ini file @param d Dictionary to dump @param f Opened file pointer to dump to @return void This function dumps a given dictionary into a loadable ini file. It is Ok to specify @c stderr or @c stdout as output files. */ /*--------------------------------------------------------------------------*/ void iniparser_dump_ini(dictionary * d, FILE * f); /*-------------------------------------------------------------------------*/ /** @brief Save a dictionary section to a loadable ini file @param d Dictionary to dump @param s Section name of dictionary to dump @param f Opened file pointer to dump to @return void This function dumps a given section of a given dictionary into a loadable ini file. It is Ok to specify @c stderr or @c stdout as output files. */ /*--------------------------------------------------------------------------*/ void iniparser_dumpsection_ini(dictionary * d, char * s, FILE * f); /*-------------------------------------------------------------------------*/ /** @brief Dump a dictionary to an opened file pointer. @param d Dictionary to dump. @param f Opened file pointer to dump to. @return void This function prints out the contents of a dictionary, one element by line, onto the provided file pointer. It is OK to specify @c stderr or @c stdout as output files. This function is meant for debugging purposes mostly. */ /*--------------------------------------------------------------------------*/ void iniparser_dump(dictionary * d, FILE * f); /*-------------------------------------------------------------------------*/ /** @brief Get the number of keys in a section of a dictionary. @param d Dictionary to examine @param s Section name of dictionary to examine @return Number of keys in section */ /*--------------------------------------------------------------------------*/ int iniparser_getsecnkeys(dictionary * d, char * s); /*-------------------------------------------------------------------------*/ /** @brief Get the number of keys in a section of a dictionary. @param d Dictionary to examine @param s Section name of dictionary to examine @return pointer to statically allocated character strings This function queries a dictionary and finds all keys in a given section. Each pointer in the returned char pointer-to-pointer is pointing to a string allocated in the dictionary; do not free or modify them. This function returns NULL in case of error. */ /*--------------------------------------------------------------------------*/ char ** iniparser_getseckeys(dictionary * d, char * s); /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key @param d Dictionary to search @param key Key string to look for @param def Default value to return if key not found. @return pointer to statically allocated character string This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the pointer passed as 'def' is returned. The returned char pointer is pointing to a string allocated in the dictionary, do not free or modify it. */ /*--------------------------------------------------------------------------*/ char * iniparser_getstring(dictionary * d, const char * key, char * def); /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key, convert to an int @param d Dictionary to search @param key Key string to look for @param notfound Value to return in case of error @return integer This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned. Supported values for integers include the usual C notation so decimal, octal (starting with 0) and hexadecimal (starting with 0x) are supported. Examples: - "42" -> 42 - "042" -> 34 (octal -> decimal) - "0x42" -> 66 (hexa -> decimal) Warning: the conversion may overflow in various ways. Conversion is totally outsourced to strtol(), see the associated man page for overflow handling. Credits: Thanks to A. Becker for suggesting strtol() */ /*--------------------------------------------------------------------------*/ int iniparser_getint(dictionary * d, const char * key, int notfound); /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key, convert to a double @param d Dictionary to search @param key Key string to look for @param notfound Value to return in case of error @return double This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned. */ /*--------------------------------------------------------------------------*/ double iniparser_getdouble(dictionary * d, const char * key, double notfound); /*-------------------------------------------------------------------------*/ /** @brief Get the string associated to a key, convert to a boolean @param d Dictionary to search @param key Key string to look for @param notfound Value to return in case of error @return integer This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned. A true boolean is found if one of the following is matched: - A string starting with 'y' - A string starting with 'Y' - A string starting with 't' - A string starting with 'T' - A string starting with '1' A false boolean is found if one of the following is matched: - A string starting with 'n' - A string starting with 'N' - A string starting with 'f' - A string starting with 'F' - A string starting with '0' The notfound value returned if no boolean is identified, does not necessarily have to be 0 or 1. */ /*--------------------------------------------------------------------------*/ int iniparser_getboolean(dictionary * d, const char * key, int notfound); /*-------------------------------------------------------------------------*/ /** @brief Set an entry in a dictionary. @param ini Dictionary to modify. @param entry Entry to modify (entry name) @param val New value to associate to the entry. @return int 0 if Ok, -1 otherwise. If the given entry can be found in the dictionary, it is modified to contain the provided value. If it cannot be found, -1 is returned. It is Ok to set val to NULL. */ /*--------------------------------------------------------------------------*/ int iniparser_set(dictionary * ini, const char * entry, const char * val); /*-------------------------------------------------------------------------*/ /** @brief Delete an entry in a dictionary @param ini Dictionary to modify @param entry Entry to delete (entry name) @return void If the given entry can be found, it is deleted from the dictionary. */ /*--------------------------------------------------------------------------*/ void iniparser_unset(dictionary * ini, const char * entry); /*-------------------------------------------------------------------------*/ /** @brief Finds out if a given entry exists in a dictionary @param ini Dictionary to search @param entry Name of the entry to look for @return integer 1 if entry exists, 0 otherwise Finds out if a given entry exists in the dictionary. Since sections are stored as keys with NULL associated values, this is the only way of querying for the presence of sections in a dictionary. */ /*--------------------------------------------------------------------------*/ int iniparser_find_entry(dictionary * ini, const char * entry) ; /*-------------------------------------------------------------------------*/ /** @brief Parse an ini file and return an allocated dictionary object @param ininame Name of the ini file to read. @return Pointer to newly allocated dictionary This is the parser for ini files. This function is called, providing the name of the file to be read. It returns a dictionary object that should not be accessed directly, but through accessor functions instead. The returned dictionary must be freed using iniparser_freedict(). */ /*--------------------------------------------------------------------------*/ dictionary * iniparser_load(const char * ininame); /*-------------------------------------------------------------------------*/ /** @brief Free all memory associated to an ini dictionary @param d Dictionary to free @return void Free all memory associated to an ini dictionary. It is mandatory to call this function before the dictionary object gets out of the current context. */ /*--------------------------------------------------------------------------*/ void iniparser_freedict(dictionary * d); #ifdef __cplusplus } #endif #endif snoopy-snoopy-2.3.1/src/libsnoopy.c000066400000000000000000000037501253034143600173500ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy.c -- execve() logging wrapper * * Copyright (c) 2000 Marius Aamodt Eriksen * Copyright (c) 2000 Mike Baker * Copyright (c) 2010-2015 Bostjan Skufca * * Part hacked on flight KL 0617, 30,000 ft or so over the Atlantic :) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include DL */ #include /* * Include snoopy logging facilities */ #include "log.h" /* * Helpers to find pointer to overloaded function */ #if defined(RTLD_NEXT) # define REAL_LIBC RTLD_NEXT #else # define REAL_LIBC ((void *) -1L) #endif #define FN(ptr,type,name,args) ptr = (type (*)args)dlsym (REAL_LIBC, name) /* * Function wrapper - execv() */ int execv (const char *filename, char *const argv[]) { static int (*func)(const char *, char **); FN(func,int,"execv",(const char *, char **const)); snoopy_log_syscall_execv(filename, argv); return (*func) (filename, (char **) argv); } /* * Function wrapper - execve() */ int execve (const char *filename, char *const argv[], char *const envp[]) { static int (*func)(const char *, char **, char **); FN(func,int,"execve",(const char *, char **const, char **const)); snoopy_log_syscall_execve(filename, argv, envp); return (*func) (filename, (char**) argv, (char **) envp); } snoopy-snoopy-2.3.1/src/log.c000066400000000000000000000101621253034143600161060ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: log.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "log.h" #include "configuration.h" #if defined(SNOOPY_FILTERING_ENABLED) #include "filtering.h" #endif #include "inputdatastorage.h" #include "message.h" #include "misc.h" #include "outputregistry.h" /* * snoopy_log_syscall_execv * * Description: * Log the call to syscall execv() * * Params: * filename: filename of program being executed * argv: arguments being passed to execv() * * Return: * void */ void snoopy_log_syscall_execv ( const char *filename, char *const argv[] ) { char *envp[] = { NULL }; snoopy_inputdatastorage_store_filename(filename); snoopy_inputdatastorage_store_argv((char**)argv); snoopy_inputdatastorage_store_envp(envp); snoopy_log_syscall("execv"); } /* * snoopy_log_syscall_execve * * Description: * Log the call to syscall execve() * * Params: * filename: filename of program being executed * argv: arguments being passed to execve() * envp: environment being passed to execve() * * Return: * void */ void snoopy_log_syscall_execve ( const char *filename, char *const argv[], char *const envp[] ) { snoopy_inputdatastorage_store_filename(filename); snoopy_inputdatastorage_store_argv((char**)argv); snoopy_inputdatastorage_store_envp((char**)envp); snoopy_log_syscall("execve"); } /* * snoopy_log_syscall * * Description: * Log the call to one of the syscalls * * Params: * syscallName: system call name to log * * Return: * void */ void snoopy_log_syscall ( const char *syscallName ) { char *logMessage = NULL; /* Do not log non-root commands if this is requested */ #if defined(SNOOPY_CONF_ROOT_ONLY) if ((geteuid() != 0) && (getuid() != 0)) { return; } #endif /* Initialize snoopy */ snoopy_init(); /* Initialize empty log message */ logMessage = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE); logMessage[0] = '\0'; /* Generate log message in specified format */ snoopy_message_generateFromFormat(logMessage, snoopy_configuration.message_format); #if defined(SNOOPY_FILTERING_ENABLED) /* Should message be passed to syslog or not? */ if ( (SNOOPY_FALSE == snoopy_configuration.filtering_enabled) || ( (SNOOPY_TRUE == snoopy_configuration.filtering_enabled) && (SNOOPY_FILTER_PASS == snoopy_filtering_check_chain(logMessage, snoopy_configuration.filter_chain)) ) ) { #endif snoopy_log_dispatch(logMessage, SNOOPY_LOG_MESSAGE); #if defined(SNOOPY_FILTERING_ENABLED) } #endif /* Housekeeping */ free(logMessage); snoopy_cleanup(); } /* * snoopy_log_dispatch * * Description: * Dispatch given message to configured output * * Params: * logMessage: message to dispatch * errorOrMessage: is this a message or an error? * * Return: * void */ void snoopy_log_dispatch ( char *logMessage, int errorOrMessage ) { /* Dispatch only if non-zero size */ if (0 == strlen(logMessage)) { return; } // Dispatch to configured output snoopy_outputregistry_dispatch(logMessage, errorOrMessage); } snoopy-snoopy-2.3.1/src/log.h000066400000000000000000000023271253034143600161170ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: log.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Syscall-interception-handling functions */ void snoopy_log_syscall_execv ( const char *filename, char *const argv[] ); void snoopy_log_syscall_execve ( const char *filename, char *const argv[], char *const envp[] ); void snoopy_log_syscall ( const char *syscallName ); /* * Log message dispatching functions */ void snoopy_log_dispatch ( char *logMessage, int errorOrMessage ); snoopy-snoopy-2.3.1/src/message.c000066400000000000000000000125321253034143600167540ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: message.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "message.h" #include "configuration.h" #include "error.h" #include "inputdatastorage.h" #include "datasourceregistry.h" #include "misc.h" /* * snoopy_message_generateFromFormat * * Description: * Generates log message as specified by messageFormat, using * data sources where requested. * * Params: * logMessage: destination string to return message in * logMessageFormat: log message format to use * * Return: * void */ void snoopy_message_generateFromFormat ( char *logMessage, char *logMessageFormat ) { char *fmtPos_cur; char *fmtPos_nextFormatTag; char *fmtPos_nextFormatTagClose; char *msgPos_cur; fmtPos_cur = logMessageFormat; fmtPos_nextFormatTag = logMessageFormat; msgPos_cur = logMessage; // Loop all the way to the end of log message format specification while (strlen(fmtPos_nextFormatTag) > 0) { int lengthToCopy; char fmtStaticText[SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE]; char dataSourceTag[100]; int dataSourceTagLength; char *fmtPos_dataSourceTagArg; char *dataSourceNamePtr; char *dataSourceArgPtr; char dataSourceArg[SNOOPY_DATASOURCE_ARG_MAX_SIZE]; char dataSourceMsg[SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE]; // If no data source tag is found, just copy the text and bail out fmtPos_nextFormatTag = strstr(fmtPos_cur, "%{"); if (NULL == fmtPos_nextFormatTag) { snoopy_message_append(logMessage, fmtPos_cur); break; } // Otherwise copy text up to the next data source tag lengthToCopy = fmtPos_nextFormatTag - fmtPos_cur + 1; // + 1 for null termination if (lengthToCopy > SNOOPY_LOG_MESSAGE_MAX_SIZE-strlen(logMessage)) { lengthToCopy = SNOOPY_LOG_MESSAGE_MAX_SIZE-strlen(logMessage); } fmtStaticText[0] = '\0'; snprintf(fmtStaticText, lengthToCopy, "%s", fmtPos_cur); snoopy_message_append(logMessage, fmtStaticText); msgPos_cur += lengthToCopy; // Get data source tag fmtPos_nextFormatTagClose = strstr(fmtPos_nextFormatTag, "}"); if (NULL == fmtPos_nextFormatTagClose) { snoopy_message_append(logMessage, " ERROR: Closing data source tag not found: '}'"); break; } dataSourceTag[0] = '\0'; dataSourceTagLength = (fmtPos_nextFormatTagClose-1) - (fmtPos_nextFormatTag+2) + 2; snprintf(dataSourceTag, dataSourceTagLength, "%s", fmtPos_nextFormatTag + 2); // If data source tag contains ":", then split it into data source name and data source argument fmtPos_dataSourceTagArg = strstr(dataSourceTag, ":"); if (NULL == fmtPos_dataSourceTagArg) { // Format tag == data source name ATM dataSourceNamePtr = dataSourceTag; dataSourceArg[0] = '\0'; dataSourceArgPtr = dataSourceArg; } else { // Change the colon to null string, and copy fist and second part to corresponding variables fmtPos_dataSourceTagArg[0] = '\0'; dataSourceNamePtr = dataSourceTag; dataSourceArgPtr = fmtPos_dataSourceTagArg + 1; } // Check if data source actually exists if (! snoopy_datasourceregistry_isRegistered(dataSourceNamePtr)) { snoopy_message_append(logMessage, "ERROR(Data source not found - "); snoopy_message_append(logMessage, dataSourceNamePtr); snoopy_message_append(logMessage, ")"); break; } // Call the provider, and append the results to log message dataSourceMsg[0] = '\0'; snoopy_datasourceregistry_call(dataSourceNamePtr, dataSourceMsg, dataSourceArgPtr); snoopy_message_append(logMessage, dataSourceMsg); // Where to start next iteration fmtPos_cur = fmtPos_nextFormatTagClose + 1; msgPos_cur = fmtPos_nextFormatTagClose + 1; } } /* * snoopy_message_append * * Description: * Appends content to the end of log message, watching for * buffer overrun. * * Params: * logMessage: message container to append to * appendThis: content to append to logMessage * * Return: * void */ void snoopy_message_append ( char *logMessage, char *appendThis ) { return snoopy_string_append(logMessage, appendThis, SNOOPY_LOG_MESSAGE_MAX_SIZE); } snoopy-snoopy-2.3.1/src/message.h000066400000000000000000000017461253034143600167660ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: message.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ void snoopy_message_generateFromFormat ( char *logMessage, char *logMessageFormat ); void snoopy_message_append ( char *logMessage, char *appendThis ); snoopy-snoopy-2.3.1/src/misc.c000066400000000000000000000047061253034143600162670ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: misc.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include all required C resources */ #include #include #include /* * Include all snoopy-related resources */ #include "snoopy.h" #include "misc.h" #include "configuration.h" #include "error.h" /* * snoopy_init * * Description: * Handles snoopy initialization/startup specifics * * Params: * (none) * * Return: * void */ void snoopy_init () { snoopy_configuration_ctor(); } /* * snoopy_cleanup * * Description: * Handles all snoopy deinitialization/shutdown specifics * * Params: * (none) * * Return: * void */ void snoopy_cleanup () { snoopy_configuration_dtor(); } /* * snoopy_string_append * * Description: * Appends content to the end of string, watching for * buffer overrun. * * Params: * destString: string container to append to * appendThis: content to append to destString * destStringMaxLength: maximum length of dest string, including \0 * * Return: * void */ void snoopy_string_append ( char *destString, char *appendThis, int destStringMaxLength ) { int destStringSize = -1; int destStringSizeRemaining = -1; int appendThisSize = -1; /* Verify the limits */ destStringSize = strlen(destString); appendThisSize = strlen(appendThis); destStringSizeRemaining = destStringMaxLength - destStringSize; if (destStringSizeRemaining < appendThisSize) { snoopy_error_handler("Maximum destination string size exceeded"); } /* Copy to the destination string */ strcat(&destString[destStringSize], appendThis); } snoopy-snoopy-2.3.1/src/misc.h000066400000000000000000000020031253034143600162600ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: misc.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Init/shutdown functions */ void snoopy_init (); void snoopy_cleanup (); /* * String functions */ void snoopy_string_append ( char *destString, char *appendThis, int destStringMaxLength ); snoopy-snoopy-2.3.1/src/output/000077500000000000000000000000001253034143600165215ustar00rootroot00000000000000snoopy-snoopy-2.3.1/src/output/Makefile.am000066400000000000000000000016601253034143600205600ustar00rootroot00000000000000### Include common Makefile configuration # include $(top_srcdir)/build/Makefile.am.common ### Include # AM_CFLAGS += -I$(top_srcdir)/src ### Create one library with all snoopy outputs collected in it # noinst_LTLIBRARIES = libsnoopy_outputs_all.la ### Filter collection is made of the following files # # Please maintain alphabetical order, equal to what `ls` would do. # libsnoopy_outputs_all_la_SOURCES = # Output: devlog # if OUTPUT_ENABLED_devlog libsnoopy_outputs_all_la_SOURCES += \ devlogoutput.c \ devlogoutput.h endif # Output: file # if OUTPUT_ENABLED_file libsnoopy_outputs_all_la_SOURCES += \ fileoutput.c \ fileoutput.h endif # Output: socket # # This one is always enabled, unconditionally # libsnoopy_outputs_all_la_SOURCES += \ socketoutput.c \ socketoutput.h # Output: syslog # if OUTPUT_ENABLED_syslog libsnoopy_outputs_all_la_SOURCES += \ syslogoutput.c \ syslogoutput.h endif snoopy-snoopy-2.3.1/src/output/devlogoutput.c000066400000000000000000000036641253034143600214370ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/devlogoutput.c * * Copyright (c) 2014-2015 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: devlogoutput * * Description: * Sends given message directly to /dev/log socket, without using syslog() syscall * * Params: * message: message to send * * Return: * void */ #include #include #include #include "snoopy.h" #include "configuration.h" #include "output/socketoutput.h" int snoopy_output_devlogoutput (char *logMessage, int errorOrMessage, char *arg) { char *logMessageWithPrefix = NULL; int retVal; /* Generate final message - add prefix which is otherwise added by syslog() syscall */ logMessageWithPrefix = malloc(SNOOPY_LOG_MESSAGE_MAX_SIZE + 100); // +100 ought to be enough logMessageWithPrefix[0] = '\0'; sprintf(logMessageWithPrefix, "<%d>snoopy[%d]: %s", snoopy_configuration.syslog_facility | snoopy_configuration.syslog_level, getpid(), logMessage ); /* Pass execution to another output provider */ retVal = snoopy_output_socketoutput(logMessageWithPrefix, errorOrMessage, "/dev/log"); /* Housekeeping */ free(logMessageWithPrefix); return retVal; } snoopy-snoopy-2.3.1/src/output/devlogoutput.h000066400000000000000000000017061253034143600214370ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/devlogoutput.h * * Copyright (c) 2014-2015 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: directly to /dev/log */ int snoopy_output_devlogoutput (char *logMessage, int errorOrMessage, char *arg); snoopy-snoopy-2.3.1/src/output/fileoutput.c000066400000000000000000000031231253034143600210640ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/fileoutput.c * * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: fileoutput (called like this because is system library * * Description: * Sends given message to socket * * Params: * message: message to send * * Return: * void */ #include #include #include #include "snoopy.h" #include "configuration.h" int snoopy_output_fileoutput (char *logMessage, int errorOrMessage, char *arg) { FILE *fp; int charCount; // Check if output file is properly configured if (0 == strcmp(arg, "")) { return -1; } // Try to open file in append mode fp = fopen(arg, "a"); if (NULL == fp) { return -2; } // Try to print to file charCount = fprintf(fp, "%s\n", logMessage); fclose(fp); return charCount; } snoopy-snoopy-2.3.1/src/output/fileoutput.h000066400000000000000000000016771253034143600211050ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/fileoutput.h * * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: write directly to file */ int snoopy_output_fileoutput (char *logMessage, int errorOrMessage, char *arg); snoopy-snoopy-2.3.1/src/output/socketoutput.c000066400000000000000000000050341253034143600214400ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/socketoutput.c * * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: socketoutput (called like this because is system library) * * Description: * Sends given message to socket * * Params: * message: message to send * * Return: * void */ #include #include #include #include #include #include #include #include "snoopy.h" #include "configuration.h" int snoopy_output_socketoutput (char *logMessage, int errorOrMessage, char *arg) { int s; struct sockaddr_un remote; int remoteLength; /* Dispatch only if non-zero size */ if (0 == strlen(logMessage)) { return 0; } #if (defined(__GLIBC__) && (2 == __GLIBC__) && (__GLIBC_MINOR__ < 9)) /* Prepare socket - non-blocking sockets are not supported on older glibc */ if ((s = socket(AF_LOCAL, SOCK_DGRAM, 0)) == -1) { #else /* Prepare socket - NON BLOCKING (systemd blocks /dev/log if journald is not running) */ if ((s = socket(AF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0)) == -1) { #endif return -1; } remote.sun_family = AF_LOCAL; strncpy(remote.sun_path, arg, 107); // Coverity suggests -1 here if (strlen(arg) > 107) { remote.sun_path[107] = '\0'; } remoteLength = strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(s, (struct sockaddr *)&remote, remoteLength) == -1) { close(s); return -2; } /* Send message - returns -1 on error, chars sent on success */ if (send(s, logMessage, strlen(logMessage), MSG_DONTWAIT|MSG_NOSIGNAL) == -1) { close(s); return -3; } /* Return success status */ close(s); return 1; } snoopy-snoopy-2.3.1/src/output/socketoutput.h000066400000000000000000000016631253034143600214510ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/socketoutput.h * * Copyright (c) 2014 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: socket */ int snoopy_output_socketoutput (char *logMessage, int errorOrMessage, char *arg); snoopy-snoopy-2.3.1/src/output/syslogoutput.c000066400000000000000000000034261253034143600214730ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/syslogoutput.c * * Copyright (c) 2015 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: syslogouput (called like this because is system library * * Description: * Sends given message to syslog * * Params: * message: message to send * * Return: * void */ #include #include #include #include #include #include #include "snoopy.h" #include "configuration.h" int snoopy_output_syslogoutput (char *logMessage, int errorOrMessage, char *arg) { /* Dispatch only if non-zero size */ if (0 == strlen(logMessage)) { return 0; } /* Prepare logging stuff */ openlog("snoopy", LOG_PID, snoopy_configuration.syslog_facility); /* Log error or ordinary message */ if (SNOOPY_LOG_ERROR == errorOrMessage) { syslog(LOG_ERR, "ERROR: %s", logMessage); } else { syslog(snoopy_configuration.syslog_level, "%s", logMessage); } /* Close the syslog file descriptor */ closelog(); return 1; } snoopy-snoopy-2.3.1/src/output/syslogoutput.h000066400000000000000000000016631253034143600215010ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: snoopy/output/syslogoutput.h * * Copyright (c) 2014 Bostjan Skufca (bostjan _A_T_ a2o.si) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * SNOOPY OUTPUT: syslog */ int snoopy_output_syslogoutput (char *logMessage, int errorOrMessage, char *arg); snoopy-snoopy-2.3.1/src/outputregistry.c000066400000000000000000000073321253034143600204630ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: outputregistry.c * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Include relevant header files */ #include "snoopy.h" #include "outputregistry.h" #include "configuration.h" #include /* * Include headers of all output functions * * Please maintain alphabetical order, equal to what `ls` would do. */ //#ifdef SNOOPY_CONF_OUTPUT_ENABLED_console //#include "output/consoleoutput.h" //#endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_devlog #include "output/devlogoutput.h" #endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_file #include "output/fileoutput.h" #endif //#ifdef SNOOPY_CONF_OUTPUT_ENABLED_journald //#include "output/journaldoutput.h" //#endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_socket #include "output/socketoutput.h" #endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_syslog #include "output/syslogoutput.h" #endif /* * Two arrays holding data about output functions * * Please maintain alphabetical order, equal to what `ls` would do. */ char *snoopy_outputregistry_names[] = { //#ifdef SNOOPY_CONF_OUTPUT_ENABLED_console // "console", //#endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_devlog "devlog", #endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_file "file", #endif //#ifdef SNOOPY_CONF_OUTPUT_ENABLED_journald // "journald", //#endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_socket "socket", #endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_syslog "syslog", #endif "", }; int (*snoopy_outputregistry_ptrs []) (char *logMessage, int errorOrMessage, char *arg) = { //#ifdef SNOOPY_CONF_OUTPUT_ENABLED_console // snoopy_output_consoleoutput, //#endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_devlog snoopy_output_devlogoutput, #endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_file snoopy_output_fileoutput, #endif //#ifdef SNOOPY_CONF_OUTPUT_ENABLED_journald // snoopy_output_journaldoutput, //#endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_socket snoopy_output_socketoutput, #endif #ifdef SNOOPY_CONF_OUTPUT_ENABLED_syslog snoopy_output_syslogoutput, #endif }; /* * isRegistered() * * Return true if output provider exists, otherwise return false */ int snoopy_outputregistry_isRegistered (char *providerName) { if (snoopy_outputregistry_getIndex(providerName) == -1) { return SNOOPY_FALSE; } else { return SNOOPY_TRUE; } } /* * getIndex() * * Return index of given output provider, or -1 if not found */ int snoopy_outputregistry_getIndex (char *providerName) { int i; i = 0; while (strcmp(snoopy_outputregistry_names[i], "") != 0) { if (strcmp(snoopy_outputregistry_names[i], providerName) == 0) { return i; } i++; } return -1; } /* * dispatch() * * Dispatch the message to configured outputProvider */ int snoopy_outputregistry_dispatch (char *logMessage, int errorOrMessage) { int idx; idx = snoopy_outputregistry_getIndex(snoopy_configuration.output); if (idx == -1) { return -1; } return snoopy_outputregistry_ptrs[idx](logMessage, errorOrMessage, snoopy_configuration.output_arg); } snoopy-snoopy-2.3.1/src/outputregistry.h000066400000000000000000000023771253034143600204740ustar00rootroot00000000000000/* * SNOOPY LOGGER * * File: outputregistry.h * * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * Two arrays holding data about output functions */ extern char *snoopy_outputregistry_names[]; extern int (*snoopy_outputregistry_ptrs []) (char *logMessage, int errorOrMessage, char *arg); /* * Functions to manage and utilise output providers */ int snoopy_outputregistry_isRegistered (char *providerName); int snoopy_outputregistry_getIndex (char *providerName); int snoopy_outputregistry_dispatch (char *logMessage, int errorOrMessage); snoopy-snoopy-2.3.1/src/snoopy.h000066400000000000000000000147631253034143600166740ustar00rootroot00000000000000/* * SNOOPY LOGGER * * snoopy.h * Copyright (c) 2014-2015 Bostjan Skufca * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * Include ./configured constants */ #include "config.h" /** * Include all required system headers */ /* This should generaly be done wherever unistd.h is required. */ /* But sysconf is needed here, and all files include snoopy.h. */ /* Needed to get getpgid and getsid on older glibc */ /* This must be the first file to be included, or implicit inclusion (by i.e. ) does the wrong thing */ #define _XOPEN_SOURCE 500 #include /* Needed for GLIBC macros here */ #include /** * SNOOPY_MAX_ARG_LENGTH * * Maximum length of arguments passed to execv(e) functions */ #define SNOOPY_SYSCONF_ARG_MAX ((-1 == sysconf(_SC_ARG_MAX)) ? 4096 : sysconf(_SC_ARG_MAX)) /** * SNOOPY_DATASOURCE_ARG_MAX_SIZE * * Maximum length of a string argument to each data source */ #define SNOOPY_DATASOURCE_ARG_MAX_SIZE 1024 /** * SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE * * Maximum length of a string returned from any data source function, * including terminating null character. */ #define SNOOPY_DATASOURCE_MESSAGE_MAX_SIZE 1024 /** * SNOOPY_FILTER_CHAIN_MAX_SIZE * * Maximum length of filter chain definition */ #define SNOOPY_FILTER_CHAIN_MAX_SIZE 4096 /** * SNOOPY_FILTER_NAME_MAX_SIZE * * Maximum length of each filter name */ #define SNOOPY_FILTER_NAME_MAX_SIZE 1024 /** * SNOOPY_FILTER_ARG_MAX_SIZE * * Maximum length of a string argument to each filter */ #define SNOOPY_FILTER_ARG_MAX_SIZE 1024 /** * SNOOPY_LOG_MESSAGE_MAX_SIZE * * Maximum length of single (whole) log message, * including terminating null character. */ #define SNOOPY_LOG_MESSAGE_MAX_SIZE 16383 /** * SNOOPY_LOG_MESSAGE_FORMAT_default * * Default format of snoopy log message */ #define SNOOPY_VERSION PACKAGE_VERSION /** * SNOOPY_LOG_MESSAGE_FORMAT_default * * Default format of snoopy log message */ #define SNOOPY_LOG_MESSAGE_FORMAT_default \ "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}" /** * SNOOPY_LOG_MESSAGE_FORMAT * * Actual log message format to use * * Message format may contain: * - any arbitrary text is copied litaraly * - text between "%{" and "}" is considered special - it calls data source * - %{data_source} calls data source named 'data_source' without argument * - %{data_source:arg} calls data source named 'data_source', and passed the given argument to it */ #ifdef SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom #define SNOOPY_LOG_MESSAGE_FORMAT SNOOPY_CONF_LOG_MESSAGE_FORMAT_custom #else #define SNOOPY_LOG_MESSAGE_FORMAT SNOOPY_LOG_MESSAGE_FORMAT_default #endif /** * SNOOPY_TRUE * SNOOPY_FALSE */ #define SNOOPY_TRUE 1 #define SNOOPY_FALSE 0 /** * SNOOPY_LOG_ERROR * SNOOPY_LOG_MESSAGE */ #define SNOOPY_LOG_ERROR 1 #define SNOOPY_LOG_MESSAGE 2 /** * FIlter return values * * SNOOPY_FILTER_PASS - message should be passed on * SNOOPY_FILTER_DROP - message should be dropped */ #define SNOOPY_FILTER_PASS 1 #define SNOOPY_FILTER_DROP 0 /** * SNOOPY_FILTERING_ENABLED * * Whether filtering is enabled or not */ #ifdef SNOOPY_CONF_FILTERING_ENABLED #define SNOOPY_FILTERING_ENABLED 1 #endif /** * SNOOPY_FILTER_CHAIN_default * * Default snoopy filter chain specification */ #define SNOOPY_FILTER_CHAIN_default "" /** * SNOOPY_FILTER_CHAIN * * Actual filter chain specification to use * * Filter chain format: * - example: filter1; filter2; filter3:arg1; filter3:arg2 * - you may pass argument to filter by suffixing it with :arg * - spaces are ignored */ #ifdef SNOOPY_CONF_FILTER_CHAIN_custom #define SNOOPY_FILTER_CHAIN SNOOPY_CONF_FILTER_CHAIN_custom #else #define SNOOPY_FILTER_CHAIN SNOOPY_FILTER_CHAIN_default #endif /** * SNOOPY_CONFIG_FILE * * Path to INI configuration file, if enabled * * If configuration file is enabled, this constant is defined * and holds absolute path to it */ #ifdef SNOOPY_CONF_CONFIG_FILE #define SNOOPY_CONFIG_FILE SNOOPY_CONF_CONFIG_FILE #endif /** * SNOOPY_OUTPUT * * Where is the outlet of snoopy messages * * By default, messages get sent to syslog. Groundwork for other outputs * is provided to facilitate unforseen uses. */ #define SNOOPY_OUTPUT_DEVLOG "devlog" #define SNOOPY_OUTPUT_FILE "file" #define SNOOPY_OUTPUT_SOCKET "socket" #define SNOOPY_OUTPUT_SYSLOG "syslog" #ifdef SNOOPY_CONF_OUTPUT_DEFAULT #define SNOOPY_OUTPUT_DEFAULT SNOOPY_CONF_OUTPUT_DEFAULT #define SNOOPY_OUTPUT_DEFAULT_ARG SNOOPY_CONF_OUTPUT_DEFAULT_ARG #else /* SNOOPY_CONF_OUTPUT_DEFAULT */ #if (defined(__GLIBC__) && (2 == __GLIBC__) && (__GLIBC_MINOR__ < 9)) /* Use 'syslog' on older linuxes that od not support SOCK_CLOEXEC and SOCK_NONBLOCK */ #define SNOOPY_OUTPUT_DEFAULT SNOOPY_OUTPUT_SYSLOG #else /* Otherwise do not use 'syslog' (was default before), because systemd is funny (blocks the syslog() call */ #define SNOOPY_OUTPUT_DEFAULT SNOOPY_OUTPUT_DEVLOG #endif #define SNOOPY_OUTPUT_DEFAULT_ARG "" #endif /* SNOOPY_CONF_OUTPUT_DEFAULT */ /** * SNOOPY_LOG_ERRORS * * Whether errors are logged or not? * * If error logging is enabled, then all errors that occur when using snoopy * will be sent to syslog. This is to aid developers and integrators with * their endeavours. */ #ifdef SNOOPY_CONF_ERROR_LOGGING_ENABLED #define SNOOPY_ERROR_LOGGING_ENABLED SNOOPY_CONF_ERROR_LOGGING_ENABLED #endif /** * SNOOPY_SYSLOG_* * * Syslog configuration settings * * If error logging is enabled, then all errors that occur when using snoopy * will be sent to syslog. This is to aid developers and integrators with * their endeavours. */ #define SNOOPY_SYSLOG_FACILITY SNOOPY_CONF_SYSLOG_FACILITY #define SNOOPY_SYSLOG_LEVEL SNOOPY_CONF_SYSLOG_LEVEL