Merge branch 'config-file': feature with optional configuration file …

…support

.gitignore

@@ -19,16 +19,13 @@ Makefile
 
 ### Files produced by build process
 #
+.dirstamp
 *.a
 *.o
 *.la
 *.lo
-/.deps/*
-/*/.deps/*
-/*/*/.deps/*
-/.libs/*
-/*/.libs/*
-/*/*/.libs/*
+.deps
+.libs
 /src/libsnoopy.so
 /bin/snoopy-test-output
 /bin/snoopy-detect

ChangeLog

@@ -3,7 +3,7 @@
 -------------------------------------------------------------------------------
 
 
-2014-FIXME - Version  2.0.0rc5
+2014-FIXME - Version  2.0.0rc6
 ---------------------------
 o Feature: Added support for custom message format specification at
     configuration time
@@ -20,6 +20,8 @@ o Feature: Implemented internal filtering, with the following filters available:
     - exclude_uid
     - only_root
     - only_uid
+o Feature: Added optional support for INI configuration file
+
 o Refactoring: Separated data gathering into separate functions, to be
     used at will - now they are called "input providers"
 o Refactoring: Removed external filtering, to be replaced with internal
@@ -32,6 +34,7 @@ o Refactoring: removed --enable-cwd-logging (superseded by message formatting
     options and input provider)
 o Refactoring: snoopy library is now called libsnoopy.so instead of snoopy.so,
     to conform to autotools syntax
+
 o Documentation: added into about writing new input providers
 o Bugfix: fixed compilation failure on debian in inputs/cwd.c (thanks Sébastien Gross)
 

Makefile.am

@@ -3,7 +3,7 @@ include   $(top_srcdir)/build/Makefile.am.common
 AUTOMAKE_OPTIONS = foreign subdir-objects
 ACLOCAL_AMFLAGS = -I m4
 
-SUBDIRS = src bin
+SUBDIRS = src bin etc
 
 EXTRA_DIST +=\
 	autogen.sh \

README.md

@@ -64,38 +64,33 @@ in question.
 
 ### Configuring filtering
 
-Snoopy supports message filtering. Filtering must be configured at
-build time, here is an example:
+Snoopy supports message filtering. Filtering support must be
+enabled at build time, here is an example:
 
     # REQUIRED TO ENABLE FILTERING FEATURE
     --enable-filter
 
-    # HOW TO DEFINE FILTERS
-    --with-filter-chain="exclude_uid:0"       # Log all commands, except the ones executed by root
-    --with-filter-chain="exclude_uid:1,2,3"   # Log all commands, except those executed by users with UIDs 1, 2 and 3
-    --with-filter-chain="only_uid:0"          # Log only root commands
-    --with-filter-chain="filter1:arg11;filter2:arg21,arg22;filter3:arg31,32,33"
-
-Here you have four filter definitions for your reference, they are
-quite self-explanatory. As you probably noted in the last example,
-multiple filters may be defined in a chain, separated by semicolon.
-
-Each filter chains can contain multiple filter definitions. They are
-processed in order of appearance. If any of the filters decides the
-message should be dropped, the filter chain processing is immediately
-interrupted and message is not passed to syslog.
-
-If filter requires an argument, they may be passed to them by
-specifying a colon after filter name, followed by an argument.
-Argument is passed to the filter as-is. If passing of multiple
-arguments to filter is required, they are passed as single string
-and must be parsed/tokenized by the filter itself (see "only_uid"
-filter for example).
-
-Filter chain specification may not contain any spaces.
-(Acutally spaces are allowed in arguments, but not in filter names
-and between semicolons and filter names, nor between filter names
-and following colons.)
+    # HOW TO DEFINE FILTER CHAINS
+    --with-filter-chain="FILTER_CHAIN_SPEC"
+
+By default, if FILTER_CHAIN_SPEC is not configured, empty string is
+used, which effectively disables filtering.
+
+See sample configuration file etc/snoopy.ini for list and description
+of supported filter configurations.
+
+
+### Optional configuration file support
+
+Snoopy supports optional configuration file, which may help with
+development and/or configuration endeavours. Configuration file must
+be enabled at build time:
+
+    --with-config-file[=PATH]
+
+If PATH is not specified, default path SYSCONFDIR/snoopy.ini is used
+instead. See sample configuration file etc/snoopy.ini for list and
+description of supported configuration directives.
 
 
 

bin/snoopy-test-output.c

@@ -20,6 +20,7 @@
  */
 #include "snoopy.h"
 #include "log.h"
+#include "configuration.h"
 #include "inputdatastorage.h"
 #include "filterregistry.h"
 #include <stdio.h>
@@ -38,30 +39,43 @@ int main (int argc, char **argv)
     snoopy_inputdatastorage_store_filename(argv[0]);
     snoopy_inputdatastorage_store_argv(argv);
 
-    snoopy_log_message_generate(logMessage, SNOOPY_LOG_MESSAGE_FORMAT);
+    snoopy_configuration_ctor();
+    if (SNOOPY_TRUE == snoopy_configuration.config_file_enabled) {
+        printf("Configuration file is enabled: %s\n", snoopy_configuration.config_file_path);
+        if (SNOOPY_TRUE == snoopy_configuration.config_file_parsed) {
+            printf("Configuration file was parsed sucessfully.\n");
+        } else {
+            printf("WARNING: Configuration file parsing FAILED!\n");
+        }
+    } else {
+        printf("INFO: Configuration file is NOT enabled.\n");
+    }
+
+    snoopy_log_message_generate(logMessage, snoopy_configuration.message_format);
     printf("Message generated:\n");
     printf("\n");
     printf("%s\n", logMessage);
     printf("\n");
 
-#if defined(SNOOPY_FILTER_ENABLED)
-    if (SNOOPY_FILTER_PASS == snoopy_log_filter_check_chain(logMessage, SNOOPY_FILTER_CHAIN)) {
-        /* Send it to syslog */
+    if (SNOOPY_TRUE == snoopy_configuration.filter_enabled) {
+        if (SNOOPY_FILTER_PASS == snoopy_log_filter_check_chain(logMessage, snoopy_configuration.filter_chain)) {
+            /* Send it to syslog */
+            snoopy_log_send_to_syslog(logMessage);
+            printf("Message sent to syslog, check your syslog output.\n");
+            printf("If snoopy is already enabled on your system, you should see two identical messages.\n");
+            printf("If you are testing snoopy via LD_PRELOAD environmental variable, you will see another identical message.\n");
+        } else {
+            printf("Message NOT sent to syslog. One of the filters dropped it.\n");
+        }
+    } else {
         snoopy_log_send_to_syslog(logMessage);
         printf("Message sent to syslog, check your syslog output.\n");
         printf("If snoopy is already enabled on your system, you should see two identical messages.\n");
         printf("If you are testing snoopy via LD_PRELOAD environmental variable, you will see another identical message.\n");
-    } else {
-        printf("Message NOT sent to syslog. One of the filters dropped it.\n");
     }
-#else
-    snoopy_log_send_to_syslog(logMessage);
-    printf("Message sent to syslog, check your syslog output.\n");
-    printf("If snoopy is already enabled on your system, you should see two identical messages.\n");
-    printf("If you are testing snoopy via LD_PRELOAD environmental variable, you will see another identical message.\n");
-#endif
 
     /* Housekeeping */
+    snoopy_configuration_dtor();
     free(logMessage);
     return 0;
 }

config.h.in

@@ -77,6 +77,9 @@
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
+/* INI configuration file path to use */
+#undef SNOOPY_CONF_CONFIG_FILE
+
 /* Custom filter chain to use */
 #undef SNOOPY_CONF_FILTER_CHAIN_custom
 

configure.ac

@@ -2,17 +2,17 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.63])
-AC_INIT([Snoopy Logger], [2.0.0rc5], [https://github.com/a2o/snoopy/], [snoopy])
+AC_INIT([Snoopy Logger], [2.0.0rc6], [https://github.com/a2o/snoopy/], [snoopy])
 AC_DEFINE(PACKAGE_URL, [], "https://github.com/a2o/snoopy/")
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADERS([config.h])
 
-# We are using automake and libtool
+dnl We are using automake and libtool
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([1.11 gnu silent-rules subdir-objects -Wall -Werror])
 LT_INIT([disable-static])
 
-# Checks for programs.
+dnl Checks for programs.
 AC_PROG_CXX
 AC_PROG_AWK
 AC_PROG_CC
@@ -22,30 +22,50 @@ AC_PROG_LN_S
 AC_PROG_MAKE_SET
 AC_PROG_RANLIB
 
-# Checks for libraries.
-# FIXME: Replace `main' with a function in `-ldl':
+dnl Checks for libraries.
+dnl FIXME: Replace `main' with a function in `-ldl':
 AC_CHECK_LIB([dl], [main])
 
-# Checks for header files.
+dnl Checks for header files.
 AC_CHECK_HEADERS([limits.h stdlib.h string.h syslog.h unistd.h])
 
-# Checks for typedefs, structures, and compiler characteristics.
+dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_INLINE
 AC_TYPE_SIZE_T
 
-# Checks for library functions.
+dnl Checks for library functions.
 AC_FUNC_MALLOC
 AC_CHECK_FUNCS([getcwd getsid strstr])
 
+dnl Generate these (Make)files
 AC_CONFIG_FILES([Makefile
                  bin/Makefile
                  contrib/sles/snoopy.spec
+                 etc/Makefile
                  src/Makefile
+                 src/lib/Makefile
                  src/filter/Makefile
                  src/input/Makefile])
 
 
 
+dnl ============================================================================
+
+dnl Decide where things are installed
+if test "x$prefix" = "xNONE" ; then
+    PREFIX="/usr/local"
+else
+    PREFIX="$prefix"
+fi
+
+if test "x$sysconfdir" = "x\${prefix}/etc" ; then
+    SYSCONFDIR="$PREFIX/etc"
+else
+    SYSCONFDIR="$sysconfdir"
+fi
+
+
+
 dnl ============================================================================
 AC_ARG_ENABLE(root-only,
     [AC_HELP_STRING(
@@ -129,5 +149,23 @@ AC_DEFINE_UNQUOTED(SNOOPY_SYSLOG_LEVEL, [$with_syslog_level], [Syslog level to u
 
 
 
+dnl ============================================================================
+AC_ARG_WITH(config-file,
+    [AC_HELP_STRING(
+        [--with-config-file=PATH],
+        [enable INI configuration file parsing [default=disabled, if enabled then default path is SYSCONFDIR/snoopy.ini]]
+    )],
+    [
+        if test "$with_config_file" == "yes"; then
+            with_config_file_path="$SYSCONFDIR/snoopy.ini"
+        else
+            with_config_file_path="$with_config_file"
+        fi
+        AC_DEFINE_UNQUOTED(SNOOPY_CONF_CONFIG_FILE, "$with_config_file_path", [INI configuration file path to use])
+    ]
+)
+
+
+
 dnl ============================================================================
 AC_OUTPUT

etc/Makefile.am

@@ -0,0 +1,14 @@
+include   $(top_srcdir)/build/Makefile.am.common
+
+AUTOMAKE_OPTIONS = foreign subdir-objects
+ACLOCAL_AMFLAGS = -I m4
+
+install-exec-local:
+	if [ -f $(sysconfdir)/snoopy.ini ]; then \
+	    echo ; \
+	    echo "CONFIG FILE EXISTS, skipping: $(sysconfdir)/snoopy.ini" ; \
+	    echo ; \
+	else \
+	    echo "Installing: $(sysconfdir)/snoopy.ini" ; \
+	    install snoopy.ini $(sysconfdir)/snoopy.ini ; \
+	fi

etc/snoopy.ini

@@ -0,0 +1,52 @@
+;;; REQUIRED Section
+;
+[snoopy]
+
+
+;;; Log Message Format specification
+;
+; May consist of:
+; - arbitrary text, is copied to log message as-is,
+; - calls to input providers without arguments: %{input}
+; - calls to input providers with    argument : %{input:arg1}
+; - calls to input providers with    arguments: %{input:arg1,arg2}   <--- if input provider supports it
+;
+; Default value:
+;   "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}"
+;
+message_format = "[uid:%{uid} sid:%{sid} tty:%{tty} cwd:%{cwd} filename:%{filename}]: %{cmdline}"
+
+
+;;; Filter Chain specification
+;
+; Example definitions:
+; - filter_chain = "exclude_uid:0"       # Log all commands, except the ones executed by root
+; - filter_chain = "exclude_uid:1,2,3"   # Log all commands, except those executed by users with UIDs 1, 2 and 3
+; - filter_chain = "only_uid:0"          # Log only root commands
+; - filter_chain = "filter1:arg11;filter2:arg21,arg22;filter3:arg31,32,33"
+;
+; Here you have four filter definitions for your reference, they are
+; quite self-explanatory. As you probably noted in the last example,
+; multiple filters may be defined in a chain, separated by semicolon.
+;
+; Each filter chains can contain multiple filter definitions. They are
+; processed in order of appearance. If any of the filters decides the
+; message should be dropped, the filter chain processing is immediately
+; interrupted and message is not passed to syslog.
+;
+; If filter requires an argument, they may be passed to them by
+; specifying a colon after filter name, followed by an argument.
+; Argument is passed to the filter as-is. If passing of multiple
+; arguments to filter is required, they are passed as single string
+; and must be parsed/tokenized by the filter itself (see "only_uid"
+; filter for example).
+;
+; Filter chain specification may not contain any spaces.
+; (Acutally spaces are allowed in arguments, but not in filter names
+; and between semicolons and filter names, nor between filter names
+; and following colons.)
+;
+; Default value:
+;   "" (empty string)
+;
+filter_chain = ""

src/Makefile.am

@@ -6,7 +6,7 @@ include   $(top_srcdir)/build/Makefile.am.common
 
 ### First process all required subdirs
 #
-SUBDIRS = filter input
+SUBDIRS = lib filter input
 
 
 
@@ -16,6 +16,8 @@ noinst_LTLIBRARIES = \
 	libsnoopy_no_execve.la
 
 libsnoopy_no_execve_la_SOURCES = \
+	configuration.c \
+	configuration.h \
 	filterregistry.c \
 	filterregistry.h \
 	inputdatastorage.c \
@@ -27,6 +29,7 @@ libsnoopy_no_execve_la_SOURCES = \
 	snoopy.h
 
 libsnoopy_no_execve_la_LIBADD = \
+	lib/libiniparser.la \
 	filter/libsnoopy_filters_all.la \
 	input/libsnoopy_inputs_all.la