2010-07-21 Dario Rodriguez <dario.rodriguez@artica.es>
* win32/pandora_agent_conf.cc, pandora_agent_conf.h: Added logic to search existing collections in config file, and checking for ".." substrings in path for security reasons. * win32/pandora_windows_service.h, pandora_windows_service.cc: Added logic to remove incoherences between collections directory and collection list of config file. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3045 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
parent
fdd9062bb5
commit
a2fec2bb0f
|
@ -1,3 +1,12 @@
|
|||
2010-07-21 Dario Rodriguez <dario.rodriguez@artica.es>
|
||||
|
||||
* win32/pandora_agent_conf.cc, pandora_agent_conf.h: Added logic to search
|
||||
existing collections in config file, and checking for ".." substrings in
|
||||
path for security reasons.
|
||||
* win32/pandora_windows_service.h, pandora_windows_service.cc: Added logic
|
||||
to remove incoherences between collections directory and collection list
|
||||
of config file.
|
||||
|
||||
2010-07-20 Dario Rodriguez <dario.rodriguez@artica.es>
|
||||
|
||||
* win32/pandora_agent_conf.cc, pandora_agent_conf.h: Added a variable to
|
||||
|
@ -7,11 +16,11 @@
|
|||
|
||||
2010-07-16 Dario Rodriguez <dario.rodriguez@artica.es>
|
||||
|
||||
* misc/pandora_file.cc: fixed error that caused double free.
|
||||
* win32/misc/pandora_file.cc: fixed error that caused double free.
|
||||
|
||||
2010-07-16 Dario Rodriguez <dario.rodriguez@artica.es>
|
||||
|
||||
* misc/pandora_file.cc: fixed unclosed directory with function closedir
|
||||
* win32/misc/pandora_file.cc: fixed unclosed directory with function closedir
|
||||
and control posible delete errors.
|
||||
|
||||
2010-07-16 Dario Rodriguez <dario.rodriguez@artica.es>
|
||||
|
|
|
@ -103,8 +103,12 @@ Pandora::Pandora_Agent_Conf::setFile (string filename) {
|
|||
aux = new Collection();
|
||||
|
||||
aux->name = trim (collection_name);
|
||||
|
||||
/*Check for ".." substring for security issues*/
|
||||
if ( collection_name.find("..") == string::npos ) {
|
||||
aux->verify = 0;
|
||||
collection_list->push_back (*aux);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
/*Check if is a module*/
|
||||
|
@ -185,6 +189,28 @@ Pandora::Pandora_Agent_Conf::setCurrentCollectionVerify() {
|
|||
collection_it->verify = 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check is there is a collection with the same name in the list
|
||||
*
|
||||
* @param The name of the collection to check.
|
||||
*
|
||||
* @return True if there is a collection with the same name.
|
||||
*/
|
||||
bool
|
||||
Pandora::Pandora_Agent_Conf::isInCollectionList(string name) {
|
||||
list<Collection>::iterator p;
|
||||
string name_md5;
|
||||
for (p = collection_list->begin();p != collection_list->end();p++) {
|
||||
name_md5 = p->name+".md5";
|
||||
if ( (strcmp(p->name.c_str(), name.c_str()) == 0) ||
|
||||
(strcmp(name_md5.c_str(), name.c_str()) == 0)){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set iterator pointing to the first collection of the list.
|
||||
*
|
||||
|
|
|
@ -61,6 +61,7 @@ namespace Pandora {
|
|||
void goNextCollection ();
|
||||
|
||||
bool isLastCollection ();
|
||||
bool isInCollectionList(string name);
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -33,6 +33,10 @@
|
|||
#include <cstdlib>
|
||||
#include <ctime>
|
||||
#include <direct.h>
|
||||
#include <sys/types.h>
|
||||
#include <dirent.h>
|
||||
#include <sys/stat.h>
|
||||
#include <pandora_agent_conf.h>
|
||||
|
||||
using namespace std;
|
||||
using namespace Pandora;
|
||||
|
@ -633,8 +637,50 @@ Pandora_Windows_Service::unzipCollection(string zip_path, string dest_dir) {
|
|||
CloseHandle (pi.hProcess);
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* Check the disk for collections installed
|
||||
*/
|
||||
|
||||
void
|
||||
Pandora_Windows_Service::purgeDiskCollections () {
|
||||
|
||||
DIR *dir;
|
||||
struct dirent *dir_content;
|
||||
struct stat file;
|
||||
string tmp, filepath;
|
||||
|
||||
filepath = Pandora::getPandoraInstallDir() +"collections\\";
|
||||
/*Open the directory*/
|
||||
dir = opendir (filepath.c_str ());
|
||||
|
||||
/*Read the directory looking for files and folders*/
|
||||
dir_content = readdir(dir);
|
||||
|
||||
while (dir_content != NULL) {
|
||||
|
||||
stat(tmp.c_str(),&file);
|
||||
|
||||
/*If is a folder, check for . and .. */
|
||||
if ( (strcmp(dir_content->d_name,".") != 0) && (strcmp(dir_content->d_name,"..") != 0) ) {
|
||||
/*If the file is not in collection list, delete the file*/
|
||||
if(! conf->isInCollectionList(dir_content->d_name) ) {
|
||||
tmp = filepath+dir_content->d_name;
|
||||
Pandora_File::removeDir(tmp);
|
||||
}
|
||||
}
|
||||
|
||||
/*Next item*/
|
||||
dir_content = readdir(dir);
|
||||
}
|
||||
|
||||
/*Close dir oppened*/
|
||||
closedir(dir);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check collections to sync it between server and agent
|
||||
*/
|
||||
void
|
||||
Pandora_Windows_Service::checkCollections () {
|
||||
|
||||
int flag, i;
|
||||
|
@ -836,6 +882,7 @@ Pandora_Windows_Service::checkCollections () {
|
|||
/*Go to next collection*/
|
||||
conf->goNextCollection();
|
||||
}
|
||||
purgeDiskCollections ();
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -47,6 +47,7 @@ namespace Pandora {
|
|||
long transfer_interval;
|
||||
bool started;
|
||||
void *udp_server;
|
||||
list<string> collection_disk;
|
||||
|
||||
string getXmlHeader ();
|
||||
int copyDataFile (string filename);
|
||||
|
@ -73,8 +74,10 @@ namespace Pandora {
|
|||
void checkCollections ();
|
||||
void addCollectionsPath();
|
||||
void checkConfig ();
|
||||
void purgeDiskCollections ();
|
||||
|
||||
Pandora_Windows_Service ();
|
||||
|
||||
public:
|
||||
void pandora_run ();
|
||||
void pandora_init ();
|
||||
|
|
Loading…
Reference in New Issue