Patch8

src/Makefile

@@ -7,6 +7,7 @@ EXTERNAL_LUA=external/lua/
 EXTERNAL_ZLIB=external/zlib-1.2.8/
 LUA_PLAT=posix
 MAXAGENTS?=2048
+REUSE_ID?=no
 # XXX Becareful NO EXTRA Spaces here
 PREFIX?=/var/ossec
 PG_CONFIG?=pg_config
@@ -39,6 +40,10 @@ DEFINES+=-DGROUPGLOBAL=\"${OSSEC_GROUP}\"
 DEFINES+=-DMAILUSER=\"${OSSEC_USER_MAIL}\"
 DEFINES+=-D${uname_S}
 
+ifneq (,$(filter ${REUSE_ID},yes y Y 1))
+	DEFINES+=-DREUSE_ID
+endif
+
 OSSEC_LDFLAGS=${LDFLAGS} -lm
 
 ifneq (${TARGET},winagent)
@@ -491,6 +496,7 @@ help: failtarget
 	@echo "   make DEBUG=1          Build with symbols and without optimization"
 	@echo "   make PREFIX=/path     Install OSSEC to '/path'. Defaults to /var/ossec"
 	@echo "   make MAXAGENTS=NUMBER Set the number of maximum agents to NUMBER. Defaults to 2048"
+	@echo "   make REUSE_ID=yes     Enables agent ID re-use"
 	@echo
 	@echo "Database options: "
 	@echo "   make DATABASE=mysql  Build with MYSQL Support"
@@ -515,6 +521,7 @@ settings:
 	@echo "    DEBUGAD           ${DEBUGAD}"
 	@echo "    PREFIX:           ${PREFIX}"
 	@echo "    MAXAGENTS:        ${MAXAGENTS}"
+	@echo "    REUSE_ID:         ${REUSE_ID}"
 	@echo "    DATABASE:         ${DATABASE}"
 	@echo "    ONEWAY:           ${ONEWAY}"
 	@echo "    CLEANFULL:        ${CLEANFULL}"

src/addagent/manage_agents.h

@@ -33,8 +33,11 @@ int OS_IsValidName(const char *u_name);
 int OS_IsValidID(const char *id);
 int IDExist(const char *id);
 int NameExist(const char *u_name);
+char *IPExist(const char *u_name);
 char *getFullnameById(const char *id);
 char *OS_AddNewAgent(const char *name, const char *ip, const char *id);
+int  OS_RemoveAgent(const char *id);
+double OS_AgentAntiquity(const char *id);
 void FormatID(char *id);
 
 /* Print available agents */

src/addagent/validate.c

@@ -7,6 +7,7 @@
  * Foundation
  */
 
+#include <time.h>
 #include "manage_agents.h"
 #include "os_crypto/md5/md5_op.h"
 
@@ -23,11 +24,9 @@ char *OS_AddNewAgent(const char *name, const char *ip, const char *id)
     char str2[STR_SIZE + 1];
     char *muname;
     char *finals;
-
     char nid[9] = { '\0' }, nid_p[9] = { '\0' };
 
     srandom_init();
-
     muname = getuname();
 
     snprintf(str1, STR_SIZE, "%d%s%d%s", (int)time(0), name, (int)random(), muname);
@@ -66,7 +65,7 @@ char *OS_AddNewAgent(const char *name, const char *ip, const char *id)
         id = nid;
     }
 
-    fp = fopen(KEYSFILE_PATH, "a");
+    fp = fopen(AUTH_FILE, "a");
     if (!fp) {
         return (NULL);
     }
@@ -83,6 +82,72 @@ char *OS_AddNewAgent(const char *name, const char *ip, const char *id)
     return (finals);
 }
 
+int OS_RemoveAgent(const char *u_id) {
+    FILE *fp;
+    int id_exist;
+
+    id_exist = IDExist(u_id);
+
+    if (!id_exist)
+        return 0;
+
+    fp = fopen(isChroot() ? AUTH_FILE : KEYSFILE_PATH, "r+");
+
+    if (!fp)
+        return 0;
+
+#ifndef WIN32
+    chmod(AUTH_FILE, 0440);
+#endif
+
+#ifdef REUSE_ID
+    long fp_seek;
+    size_t fp_read;
+    char *buffer;
+    char buf_discard[OS_BUFFER_SIZE];
+    struct stat fp_stat;
+
+    if (stat(AUTH_FILE, &fp_stat) < 0) {
+        fclose(fp);
+        return 0;
+    }
+
+    buffer = malloc(fp_stat.st_size);
+    if (!buffer) {
+        fclose(fp);
+        return 0;
+    }
+
+    fsetpos(fp, &fp_pos);
+    fp_seek = ftell(fp);
+    fseek(fp, 0, SEEK_SET);
+    fp_read = fread(buffer, sizeof(char), fp_seek, fp);
+    fgets(buf_discard, OS_BUFFER_SIZE - 1, fp);
+
+    if (!feof(fp))
+        fp_read += fread(buffer + fp_read, sizeof(char), fp_stat.st_size, fp);
+
+    fclose(fp);
+    fp = fopen(AUTH_FILE, "w");
+
+    if (!fp) {
+        free(buffer);
+        return 0;
+    }
+
+    fwrite(buffer, sizeof(char), fp_read, fp);
+
+#else
+    /* Remove the agent, but keep the id */
+    fsetpos(fp, &fp_pos);
+    fprintf(fp, "%s #*#*#*#*#*#*#*#*#*#*#", u_id);
+#endif
+    fclose(fp);
+
+    /* Remove counter for ID */
+    OS_RemoveCounter(u_id);
+    return 1;
+}
 
 int OS_IsValidID(const char *id)
 {
@@ -311,6 +376,82 @@ int NameExist(const char *u_name)
     return (0);
 }
 
+/* Returns the ID of an agent, or NULL if not found */
+char *IPExist(const char *u_ip)
+{
+    FILE *fp;
+    char *name, *ip, *pass;
+    char line_read[FILE_SIZE + 1];
+    line_read[FILE_SIZE] = '\0';
+
+    if (!(u_ip && strncmp(u_ip, "any", 3)))
+        return NULL;
+
+    if (isChroot())
+        fp = fopen(AUTH_FILE, "r");
+    else
+        fp = fopen(KEYSFILE_PATH, "r");
+
+    if (!fp)
+        return NULL;
+
+    fseek(fp, 0, SEEK_SET);
+    fgetpos(fp, &fp_pos);
+
+    while (fgets(line_read, FILE_SIZE - 1, fp) != NULL) {
+        if (line_read[0] == '#') {
+            continue;
+        }
+
+        name = strchr(line_read, ' ');
+        if (name) {
+            name++;
+
+            if (*name == '#') {
+                continue;
+            }
+
+            ip = strchr(name, ' ');
+            if (ip) {
+                ip++;
+
+                pass = strchr(ip, ' ');
+                if (pass) {
+                    *pass = '\0';
+                    if (strcmp(u_ip, ip) == 0) {
+                        fclose(fp);
+                        name[-1] = '\0';
+                        return strdup(line_read);
+                    }
+                }
+            }
+        }
+
+        fgetpos(fp, &fp_pos);
+    }
+
+    fclose(fp);
+    return NULL;
+}
+
+/* Returns the number of seconds since last agent connection, or -1 if error. */
+double OS_AgentAntiquity(const char *id)
+{
+    struct stat file_stat;
+    char file_name[OS_FLSIZE];
+    char *full_name = getFullnameById(id);
+
+    if (!full_name)
+        return -1;
+
+    snprintf(file_name, OS_FLSIZE - 1, "%s/%s", AGENTINFO_DIR, full_name);
+
+    if (stat(file_name, &file_stat) < 0)
+        return -1;
+
+    return difftime(time(NULL), file_stat.st_mtime);
+}
+
 /* Print available agents */
 int print_agents(int print_status, int active_only, int csv_output)
 {

src/client-agent/agentd.c

@@ -53,6 +53,7 @@ void AgentdStart(const char *dir, int uid, int gid, const char *user, const char
 
     maxfd = agt->m_queue;
     agt->sock = -1;
+    agt->sock_r = -1;
 
     /* Create PID file */
     if (CreatePID(ARGV0, getpid()) < 0) {

src/client-agent/config.c

@@ -30,6 +30,7 @@ int ClientConf(const char *cfgfile)
     agt->rip_id = 0;
     agt->execdq = 0;
     agt->profile = NULL;
+    agt->protocol = UDP_PROTO;
 
     modules |= CCLIENT;
 
@@ -39,4 +40,3 @@ int ClientConf(const char *cfgfile)
 
     return (1);
 }
-

src/client-agent/receiver-win.c

@@ -20,9 +20,11 @@
 void *receiver_thread(__attribute__((unused)) void *none)
 {
     int recv_b;
+    int sock;
 
     char file[OS_SIZE_1024 + 1];
     char buffer[OS_MAXSTR + 1];
+    char srcip[IPSIZE + 1];
 
     char cleartext[OS_MAXSTR + 1];
     char *tmp_msg;
@@ -66,8 +68,14 @@ void *receiver_thread(__attribute__((unused)) void *none)
             continue;
         }
 
+        if (agt->protocol == TCP_PROTO) {
+            OS_AcceptTCP(agt->sock, srcip, IPSIZE);
+        } else {
+            sock = agt->sock;
+        }
+
         /* Read until no more messages are available */
-        while ((recv_b = recv(agt->sock, buffer, OS_SIZE_1024, 0)) > 0) {
+        while ((recv_b = recv(sock, buffer, OS_SIZE_1024, 0)) > 0) {
             /* Id of zero -- only one key allowed */
             tmp_msg = ReadSecMSG(&keys, buffer, cleartext, 0, recv_b - 1);
             if (tmp_msg == NULL) {
@@ -214,6 +222,10 @@ void *receiver_thread(__attribute__((unused)) void *none)
                        ARGV0);
             }
         }
+
+        if (agt->protocol == TCP_PROTO) {
+            close(sock);
+        }
     }
 
     /* Clean up */

src/client-agent/receiver.c

@@ -27,13 +27,21 @@ void *receive_msg()
     ssize_t recv_b;
     char buffer[OS_MAXSTR + 1];
     char cleartext[OS_MAXSTR + 1];
+    char srcip[IPSIZE + 1];
     char *tmp_msg;
+    int sock;
 
     memset(cleartext, '\0', OS_MAXSTR + 1);
     memset(buffer, '\0', OS_MAXSTR + 1);
 
+    if (agt->protocol == TCP_PROTO) {
+        sock = OS_AcceptTCP(agt->sock, srcip, IPSIZE);
+    } else {
+        sock = agt->sock;
+    }
+
     /* Read until no more messages are available */
-    while ((recv_b = recv(agt->sock, buffer, OS_SIZE_1024, MSG_DONTWAIT)) > 0) {
+    while ((recv_b = recv(sock, buffer, OS_SIZE_1024, MSG_DONTWAIT)) > 0) {
         buffer[recv_b] = '\0';
 
         tmp_msg = ReadSecMSG(&keys, buffer, cleartext, 0, recv_b - 1);
@@ -193,6 +201,10 @@ void *receive_msg()
         }
     }
 
+    if (agt->protocol == TCP_PROTO) {
+        close(sock);
+    }
+
     return (NULL);
 }
 

src/client-agent/sendmsg.c

@@ -17,20 +17,40 @@ int send_msg(int agentid, const char *msg)
 {
     size_t msg_size;
     char crypt_msg[OS_MAXSTR + 1];
-
+ 
     msg_size = CreateSecMSG(&keys, msg, crypt_msg, agentid);
     if (msg_size == 0) {
         merror(SEC_ERROR, ARGV0);
         return (-1);
     }
 
     /* Send msg_size of crypt_msg */
-    if (OS_SendUDPbySize(agt->sock, msg_size, crypt_msg) < 0) {
-        merror(SEND_ERROR, ARGV0, "server");
-        sleep(1);
-        return (-1);
+    if (agt->protocol == UDP_PROTO) {
+        if (OS_SendUDPbySize(agt->sock, msg_size, crypt_msg) < 0) {
+            merror(SEND_ERROR, ARGV0, "server");
+            sleep(1);
+            return (-1);
+        }
+    } else {
+        if (agt->sock_r >= 0) {
+            close(agt->sock_r);
+        }
+
+        agt->sock_r =  OS_ConnectTCP(agt->port,  (const) (char) *strchr(agt->rip[agt->rip_id], ':') != NULL);
+
+
+        if (agt->sock_r < 0) {
+            merror(CONNS_ERROR, ARGV0, agt->rip[agt->rip_id]);
+            sleep(1);
+            return -1;
+        }
+
+        if (OS_SendTCPbySize(agt->sock_r, msg_size, crypt_msg) < 0) {
+            merror(SEND_ERROR, ARGV0, "server");
+            sleep(1);
+            return (-1);
+        }
     }
 
     return (0);
 }
-