Merge pull request #536 from cgzones/analysisd

analysisd: fix compiler warnings

src/Makefile

@@ -1109,7 +1109,7 @@ ossec-logtest: ${analysisd_test_o} ${output_o} ${format_o} analysisd/testrule-te
 ossec-analysisd: ${analysisd_live_o} analysisd/analysisd-live.o ${output_o} ${format_o} alerts.a cdb.a decoders-live.a ${ossec_libs} ${ZLIB_LIB} ${JSON_LIB}
 	${OSSEC_CCBIN} ${OSSEC_CFLAGS} $^ ${OSSEC_LDFLAGS} -o $@
 
-ossec-makelists: analysisd/makelists-live.o ${analysisd_live_o} ${output_o} ${format_o} alerts.a cdb.a decoders-test.a ${ossec_libs} ${ZLIB_LIB} ${JSON_LIB}
+ossec-makelists: analysisd/makelists-live.o ${analysisd_live_o} ${output_o} ${format_o} alerts.a cdb.a decoders-live.a ${ossec_libs} ${ZLIB_LIB} ${JSON_LIB}
 	${OSSEC_CCBIN} ${OSSEC_CFLAGS} $^ ${OSSEC_LDFLAGS} -o $@
 
 

src/analysisd/accumulator.c

@@ -15,13 +15,37 @@
 #include "accumulator.h"
 #include "eventinfo.h"
 
-/* Global variables */
-OSHash *acm_store = NULL;
+/* Local variables */
+static OSHash *acm_store = NULL;
 
 /* Counters for Purging */
-int  acm_lookups = 0;
-int  acm_purge_ts = 0;
-
+static int    acm_lookups = 0;
+static time_t acm_purge_ts = 0;
+
+/* Accumulator Constants */
+#define OS_ACM_EXPIRE_ELM      120
+#define OS_ACM_PURGE_INTERVAL  300
+#define OS_ACM_PURGE_COUNT     200
+
+/* Accumulator Max Values */
+#define OS_ACM_MAXKEY 256
+#define OS_ACM_MAXELM 81
+
+typedef struct _OS_ACM_Store {
+    time_t timestamp;
+    char *dstuser;
+    char *srcuser;
+    char *dstip;
+    char *srcip;
+    char *dstport;
+    char *srcport;
+    char *data;
+} OS_ACM_Store;
+
+/* Internal Functions */
+static int acm_str_replace(char **dst, const char *src);
+static OS_ACM_Store *InitACMStore(void);
+static void FreeACMStore(OS_ACM_Store *obj);
 
 /* Start the Accumulator module */
 int Accumulate_Init()
@@ -56,7 +80,7 @@ Eventinfo *Accumulate(Eventinfo *lf)
     char _key[OS_ACM_MAXKEY];
     OS_ACM_Store *stored_data = 0;
 
-    int  current_ts;
+    time_t  current_ts;
     struct timeval tp;
 
     if ( lf == NULL ) {
@@ -192,7 +216,7 @@ Eventinfo *Accumulate(Eventinfo *lf)
 void Accumulate_CleanUp()
 {
     struct timeval tp;
-    int current_ts = 0;
+    time_t current_ts = 0;
     int expired = 0;
 
     OSHashNode *curr;
@@ -230,7 +254,7 @@ void Accumulate_CleanUp()
             /* Check for a valid element */
             if ( stored_data != NULL ) {
                 /* Check for expiration */
-                debug2("accumulator: DEBUG: CleanUp() elm:%d, curr:%d", stored_data->timestamp, current_ts);
+                debug2("accumulator: DEBUG: CleanUp() elm:%ld, curr:%ld", stored_data->timestamp, current_ts);
                 if ( stored_data->timestamp < current_ts - OS_ACM_EXPIRE_ELM ) {
                     debug2("accumulator: DEBUG: CleanUp() Expiring '%s'", key);
                     if ( OSHash_Delete(acm_store, key) != NULL ) {
@@ -295,7 +319,7 @@ int acm_str_replace(char **dst, const char *src)
     }
 
     /* Make sure we have data to write */
-    int slen = strlen(src);
+    size_t slen = strlen(src);
     if ( slen <= 0  || slen > OS_ACM_MAXELM - 1 ) {
         return -1;
     }

src/analysisd/accumulator.h

@@ -10,45 +10,12 @@
 #ifndef __ACCUMULATOR_H
 #define __ACCUMULATOR_H
 
-/* Accumulator queues */
-#ifdef TESTRULE
-#define ACM_CACHE "var/accumulator-cache"
-#else
-#define ACM_CACHE "/var/accumulator-queue"
-#endif
-
 #include "eventinfo.h"
 
-/* Accumulator Max Values */
-#define OS_ACM_MAXKEY 256
-#define OS_ACM_MAXELM 81
-#define OS_ACM_MAXDATA 2048
-
-typedef struct _OS_ACM_Store {
-    int timestamp;
-    char *dstuser;
-    char *srcuser;
-    char *dstip;
-    char *srcip;
-    char *dstport;
-    char *srcport;
-    char *data;
-} OS_ACM_Store;
-
-/* Accumulator Constants */
-#define OS_ACM_EXPIRE_ELM      120
-#define OS_ACM_PURGE_INTERVAL  300
-#define OS_ACM_PURGE_COUNT     200
-
 /* Accumulator Functions */
 int Accumulate_Init(void);
 Eventinfo *Accumulate(Eventinfo *lf);
 void Accumulate_CleanUp(void);
 
-/* Internal Functions */
-int acm_str_replace(char **dst, const char *src);
-OS_ACM_Store *InitACMStore(void);
-void FreeACMStore(OS_ACM_Store *obj);
-
 #endif /* __ACCUMULATOR_H */
 

src/analysisd/active-response.c

@@ -10,6 +10,9 @@
 #include "shared.h"
 #include "active-response.h"
 
+/* Active response commands */
+static OSList *ar_commands;
+OSList *active_responses;
 
 /* Initialize active response */
 void AR_Init()

src/analysisd/active-response.h

@@ -22,11 +22,8 @@ void AR_Init(void);
  */
 int AR_ReadConfig(const char *cfgfile);
 
-/* Active response commands */
-OSList *ar_commands;
-
 /* Active response information */
-OSList *active_responses;
+extern OSList *active_responses;
 
 #endif /* _AR__H */
 

src/analysisd/alerts/exec.c

@@ -18,15 +18,14 @@
 #include "eventinfo.h"
 
 
-void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
+void OS_Exec(int execq, int arq, const Eventinfo *lf, const active_response *ar)
 {
     char exec_msg[OS_SIZE_1024 + 1];
-    char *ip;
-    char *user;
-    char *filename;
-    int do_free_filename = 0;
+    const char *ip;
+    const char *user;
+    char *filename = NULL;
 
-    ip = user = filename = "-";
+    ip = user = "-";
 
     /* Clean the IP */
     if (lf->srcip && (ar->ar_cmd->expect & SRCIP)) {
@@ -45,7 +44,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
 
         /* Check if it is a hostname */
         if (Config.hostname_white_list) {
-            int srcip_size;
+            size_t srcip_size;
             OSMatch **wl;
 
             srcip_size = strlen(ip);
@@ -68,7 +67,6 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
     /* Get filename */
     if (lf->filename && (ar->ar_cmd->expect & FILENAME)) {
         filename = os_shell_escape(lf->filename);
-        do_free_filename = 1;
     }
 
     /* Active Response on the server
@@ -83,17 +81,17 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
         }
 
         snprintf(exec_msg, OS_SIZE_1024,
-                 "%s %s %s %d.%ld %d %s %s",
+                 "%s %s %s %ld.%ld %d %s %s",
                  ar->name,
                  user,
                  ip,
                  lf->time,
                  __crt_ftell,
                  lf->generated_rule->sigid,
                  lf->location,
-                 filename);
+                 filename ? filename : "-");
 
-        if (OS_SendUnix(*execq, exec_msg, 0) < 0) {
+        if (OS_SendUnix(execq, exec_msg, 0) < 0) {
             merror("%s: Error communicating with execd.", ARGV0);
         }
     }
@@ -106,7 +104,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
          * generated by the local analysisd, so prepend a false id tag */
         if (lf->location[0] == '(') {
             snprintf(exec_msg, OS_SIZE_1024,
-                     "%s %c%c%c %s %s %s %s %d.%ld %d %s %s",
+                     "%s %c%c%c %s %s %s %s %ld.%ld %d %s %s",
                      lf->location,
                      (ar->location & ALL_AGENTS) ? ALL_AGENTS_C : NONE_C,
                      (ar->location & REMOTE_AGENT) ? REMOTE_AGENT_C : NONE_C,
@@ -122,7 +120,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
                      filename);
         } else {
             snprintf(exec_msg, OS_SIZE_1024,
-                     "(local_source) %s %c%c%c %s %s %s %s %d.%ld %d %s %s",
+                     "(local_source) %s %c%c%c %s %s %s %s %ld.%ld %d %s %s",
                      lf->location,
                      (ar->location & ALL_AGENTS) ? ALL_AGENTS_C : NONE_C,
                      (ar->location & REMOTE_AGENT) ? REMOTE_AGENT_C : NONE_C,
@@ -138,7 +136,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
                      filename);
         }
 
-        if ((rc = OS_SendUnix(*arq, exec_msg, 0)) < 0) {
+        if ((rc = OS_SendUnix(arq, exec_msg, 0)) < 0) {
             if (rc == OS_SOCKBUSY) {
                 merror("%s: AR socket busy.", ARGV0);
             } else {
@@ -151,9 +149,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
     cleanup:
 
     /* Clean up Memory */
-    if ( filename != NULL && do_free_filename == 1 ) {
-        free(filename);
-    }
+    free(filename);
 
     return;
 }

src/analysisd/alerts/exec.h

@@ -13,7 +13,7 @@
 #include "eventinfo.h"
 #include "active-response.h"
 
-void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar);
+void OS_Exec(int execq, int arq, const Eventinfo *lf, const active_response *ar);
 
 #endif
 

src/analysisd/alerts/getloglocation.c

@@ -10,12 +10,16 @@
 /* Get the log directory/file based on the day/month/year */
 
 #include "getloglocation.h"
+/* Global definitions */
+FILE *_eflog;
+FILE *_aflog;
+FILE *_fflog;
 
 /* Global variables */
-int  __crt_day;
-char __elogfile[OS_FLSIZE + 1];
-char __alogfile[OS_FLSIZE + 1];
-char __flogfile[OS_FLSIZE + 1];
+static int  __crt_day;
+static char __elogfile[OS_FLSIZE + 1];
+static char __alogfile[OS_FLSIZE + 1];
+static char __flogfile[OS_FLSIZE + 1];
 
 
 void OS_InitLog()
@@ -37,7 +41,7 @@ void OS_InitLog()
     umask(0027);
 }
 
-int OS_GetLogLocation(Eventinfo *lf)
+int OS_GetLogLocation(const Eventinfo *lf)
 {
     /* Check what directories to create
      * Check if the year directory is there

src/analysisd/alerts/getloglocation.h

@@ -19,11 +19,12 @@ void OS_InitFwLog(void);
 /* Get the log file based on the date/logtype
  * Returns 0 on success or -1 on error
  */
-int OS_GetLogLocation(Eventinfo *lf);
+int OS_GetLogLocation(const Eventinfo *lf);
 
-FILE *_eflog;
-FILE *_aflog;
-FILE *_fflog;
+/* Global declarations */
+extern FILE *_eflog;
+extern FILE *_aflog;
+extern FILE *_fflog;
 
 #endif /* __GETLL_H */
 

src/analysisd/alerts/log.c

@@ -101,8 +101,8 @@ static void GeoIP_Lookup(const char *ip, char *buffer, const size_t length)
 #endif /* LIBGEOIP_ENABLED */
 
 /* Drop/allow patterns */
-OSMatch FWDROPpm;
-OSMatch FWALLOWpm;
+static OSMatch FWDROPpm;
+static OSMatch FWALLOWpm;
 
 /* Allow custom alert output tokens */
 typedef enum e_custom_alert_tokens_id {
@@ -121,7 +121,7 @@ typedef enum e_custom_alert_tokens_id {
     CUSTOM_ALERT_TOKEN_LAST
 } CustomAlertTokenID;
 
-char CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LAST][15] = {
+static const char CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LAST][15] = {
     { "$TIMESTAMP" },
     { "$FTELL" },
     { "$RULEALERT" },
@@ -140,7 +140,7 @@ char CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LAST][15] = {
  * The string must be null terminated and contain
  * any necessary new lines, tabs, etc.
  */
-void OS_Store(Eventinfo *lf)
+void OS_Store(const Eventinfo *lf)
 {
     if (strcmp(lf->location, "ossec-keepalive") == 0) {
         return;
@@ -181,7 +181,7 @@ void OS_LogOutput(Eventinfo *lf)
     }
 #endif
     printf(
-        "** Alert %d.%ld:%s - %s\n"
+        "** Alert %ld.%ld:%s - %s\n"
         "%d %s %02d %s %s%s%s\nRule: %d (level %d) -> '%s'"
         "%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n%.1256s\n",
         lf->time,
@@ -266,7 +266,7 @@ void OS_Log(Eventinfo *lf)
 #endif
     /* Writing to the alert log file */
     fprintf(_aflog,
-            "** Alert %d.%ld:%s - %s\n"
+            "** Alert %ld.%ld:%s - %s\n"
             "%d %s %02d %s %s%s%s\nRule: %d (level %d) -> '%s'"
             "%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n%.1256s\n",
             lf->time,
@@ -333,7 +333,7 @@ void OS_Log(Eventinfo *lf)
     return;
 }
 
-void OS_CustomLog(Eventinfo *lf, char *format)
+void OS_CustomLog(const Eventinfo *lf, const char *format)
 {
     char *log;
     char *tmp_log;
@@ -342,7 +342,7 @@ void OS_CustomLog(Eventinfo *lf, char *format)
     /* Replace all the tokens */
     os_strdup(format, log);
 
-    snprintf(tmp_buffer, 1024, "%d", lf->time);
+    snprintf(tmp_buffer, 1024, "%ld", lf->time);
     tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_TIMESTAMP], tmp_buffer);
     if (log) {
         os_free(log);

src/analysisd/alerts/log.h

@@ -19,8 +19,8 @@
 
 void OS_LogOutput(Eventinfo *lf);
 void OS_Log(Eventinfo *lf);
-void OS_CustomLog(Eventinfo *lf, char *format);
-void OS_Store(Eventinfo *lf);
+void OS_CustomLog(const Eventinfo *lf, const char *format);
+void OS_Store(const Eventinfo *lf);
 int FW_Log(Eventinfo *lf);
 
 #endif