From eaca9fcedf8acc471a31064ffeb70259aa306b1c Mon Sep 17 00:00:00 2001 From: Brian Cox Date: Thu, 5 May 2016 00:19:56 -0700 Subject: [PATCH] Support posix_fadvise() where available; optionally enable O_DIRECT/F_NOCACHE if DIRECT_IO=true in tw.cfg; fix internal naming of update 'secure mode' flag for clarity. --- src/core/archive.cpp | 8 ++-- src/core/archive.h | 3 +- src/core/file.h | 3 +- src/core/file_unix.cpp | 19 +++++++- src/fco/fcopropcalc.h | 4 +- src/fs/fspropcalc.cpp | 7 ++- src/fs/fspropcalc.h | 1 + src/tripwire/generatedb.cpp | 5 +++ src/tripwire/generatedb.h | 4 +- src/tripwire/integritycheck.cpp | 10 +++++ src/tripwire/integritycheck.h | 4 +- src/tripwire/policyupdate.cpp | 16 ++++--- src/tripwire/policyupdate.h | 9 ++-- src/tripwire/twcmdline.cpp | 78 +++++++++++++++++++-------------- src/tripwire/twcmdline.h | 6 ++- src/tripwire/updatedb.h | 2 + src/tw/twstrings.h | 2 +- 17 files changed, 127 insertions(+), 54 deletions(-) diff --git a/src/core/archive.cpp b/src/core/archive.cpp index f9e7a16..290544f 100644 --- a/src/core/archive.cpp +++ b/src/core/archive.cpp @@ -678,8 +678,9 @@ void cFileArchive::OpenRead(const TCHAR* filename, uint32 openFlags) uint32 flags = cFile::OPEN_READ; flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 ); flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 ); - flags |= ( ( openFlags & FA_NONBLOCKING ) ? cFile::OPEN_NONBLOCKING :0 ); - + flags |= ( ( openFlags & FA_SCANNING ) ? cFile::OPEN_SCANNING : 0 ); + flags |= ( ( openFlags & FA_DIRECT ) ? cFile::OPEN_DIRECT : 0 ); + mCurrentFilename = filename; mCurrentFile.Open( filename, flags ); isWritable = false; @@ -704,7 +705,8 @@ void cFileArchive::OpenReadWrite(const TCHAR* filename, uint32 openFlags) uint32 flags = cFile::OPEN_WRITE; flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 ); flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 ); - flags |= ( ( openFlags & FA_NONBLOCKING ) ? cFile::OPEN_NONBLOCKING :0 ); + flags |= ( ( openFlags & FA_SCANNING ) ? cFile::OPEN_SCANNING : 0 ); + flags |= ( ( openFlags & FA_DIRECT ) ? cFile::OPEN_DIRECT : 0 ); mCurrentFilename = filename; mCurrentFile.Open( filename, flags ); diff --git a/src/core/archive.h b/src/core/archive.h index e4dccfb..b5e485b 100644 --- a/src/core/archive.h +++ b/src/core/archive.h @@ -260,7 +260,8 @@ public: { FA_OPEN_TEXT = 0x1, FA_OPEN_TRUNCATE = 0x2, - FA_NONBLOCKING = 0x4 + FA_SCANNING = 0x4, + FA_DIRECT = 0x8 }; // TODO: Open should throw diff --git a/src/core/file.h b/src/core/file.h index ebdba9d..1889c9f 100644 --- a/src/core/file.h +++ b/src/core/file.h @@ -98,7 +98,8 @@ public: OPEN_CREATE = 0x00000010, // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set OPEN_TEXT = 0x00000020, OPEN_EXCLUSIVE = 0x00000040, // Use O_CREAT | O_EXCL - OPEN_NONBLOCKING = 0x00000080, // Use non-blocking i/o [Unix] + OPEN_SCANNING = 0x00000080, // Open for scanning; set nonblocking & caching accordingly, where available + OPEN_DIRECT = 0x00000100 // Use O_DIRECT or platform equivalent }; //Ctor, Dtor, CpyCtor, Operator=: diff --git a/src/core/file_unix.cpp b/src/core/file_unix.cpp index 22c259e..a3f1e5f 100644 --- a/src/core/file_unix.cpp +++ b/src/core/file_unix.cpp @@ -169,9 +169,15 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags ) perm |= O_CREAT; #ifdef O_NONBLOCK - if( flags & OPEN_NONBLOCKING ) + if( flags & OPEN_SCANNING ) perm |= O_NONBLOCK; #endif + +#ifdef O_DIRECT + if (flags & OPEN_DIRECT) + perm |= O_DIRECT +#endif + // // actually open the file // @@ -202,6 +208,17 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags ) mpData->mFileName = sFileName; //Set mFileName to the newly opened file. cFile::Rewind(); + +#ifdef F_NOCACHE + if (flags & OPEN_DIRECT) + fcntl(fh, F_NOCACHE, 1); +#endif + +#ifdef HAVE_POSIX_FADVISE + if (flags & OPEN_SCANNING) + posix_fadvise(fh,0,0, POSIX_FADV_DONTNEED); +#endif + } diff --git a/src/fco/fcopropcalc.h b/src/fco/fcopropcalc.h index b74cb4a..f39d30d 100644 --- a/src/fco/fcopropcalc.h +++ b/src/fco/fcopropcalc.h @@ -84,8 +84,10 @@ public: enum CalcFlags { - DO_NOT_MODIFY_PROPERTIES = 0x00000001 // reset any properties that may have been altered due to measurement + DO_NOT_MODIFY_PROPERTIES = 0x00000001, // reset any properties that may have been altered due to measurement + DIRECT_IO = 0x00000002 // use direct i/o when scanning files }; + virtual int GetCalcFlags() const = 0; virtual void SetCalcFlags(int i) = 0; // any calculation flags needed for calculation. diff --git a/src/fs/fspropcalc.cpp b/src/fs/fspropcalc.cpp index 543d3bb..2ad8a49 100644 --- a/src/fs/fspropcalc.cpp +++ b/src/fs/fspropcalc.cpp @@ -45,6 +45,7 @@ #include "fspropcalc.h" #include "fsobject.h" + #if IS_UNIX #include #endif @@ -300,8 +301,10 @@ void cFSPropCalc::VisitFSObject(cFSObject& obj) { pTheArch = &arch; try - { - arch.OpenRead(strName.c_str(), cFileArchive::FA_NONBLOCKING); + { + arch.OpenRead(strName.c_str(), ((mCalcFlags & iFCOPropCalc::DIRECT_IO) ? + cFileArchive::FA_SCANNING | cFileArchive::FA_DIRECT : + cFileArchive::FA_SCANNING) ); } catch (eArchive&) { diff --git a/src/fs/fspropcalc.h b/src/fs/fspropcalc.h index 63f76f8..53a1eae 100644 --- a/src/fs/fspropcalc.h +++ b/src/fs/fspropcalc.h @@ -73,6 +73,7 @@ public: virtual int GetCalcFlags() const; virtual void SetCalcFlags( int i ); + private: cFSPropCalc( const cFSPropCalc& ); void operator =( const cFSPropCalc& ); diff --git a/src/tripwire/generatedb.cpp b/src/tripwire/generatedb.cpp index dbb4ba4..244a051 100644 --- a/src/tripwire/generatedb.cpp +++ b/src/tripwire/generatedb.cpp @@ -147,6 +147,11 @@ void cGenerateDb::Execute( const cFCOSpecList& specList, cHierDatabase& db, iFCO dbIter.SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); pDSIter->SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); } + + if (flags & FLAG_DIRECT_IO) + { + pPC->SetCalcFlags( pPC->GetCalcFlags() | iFCOPropCalc::DIRECT_IO); + } // // iterate over all of the specs... diff --git a/src/tripwire/generatedb.h b/src/tripwire/generatedb.h index c894b4b..22fe8fb 100644 --- a/src/tripwire/generatedb.h +++ b/src/tripwire/generatedb.h @@ -54,10 +54,12 @@ public: enum Flags { - FLAG_ERASE_FOOTPRINTS_GD = 0x00000001 + FLAG_ERASE_FOOTPRINTS_GD = 0x00000001, // when this flag is set, cGenerateDb will attempt to leave no footprints when // creating the database for instance, cGenerateDb will tell the property calculator // to reset access times. + FLAG_DIRECT_IO = 0x00000002 + // Use direct i/o when scanning files }; }; diff --git a/src/tripwire/integritycheck.cpp b/src/tripwire/integritycheck.cpp index 39009a9..4d6a603 100644 --- a/src/tripwire/integritycheck.cpp +++ b/src/tripwire/integritycheck.cpp @@ -483,6 +483,11 @@ void cIntegrityCheck::Execute( uint32 flags ) pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); } + if (flags & FLAG_DIRECT_IO) + { + mpPropCalc->SetCalcFlags(mpPropCalc->GetCalcFlags() | iFCOPropCalc::DIRECT_IO); + } + // // iterate over all of the specs... // @@ -575,6 +580,11 @@ void cIntegrityCheck::ExecuteOnObjectList( const std::list& fcoNames, dbIter.SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); } + + if (flags & FLAG_DIRECT_IO) + { + mpPropCalc->SetCalcFlags(mpPropCalc->GetCalcFlags() | iFCOPropCalc::DIRECT_IO); + } // // iterate over all the objects to integrity check.. diff --git a/src/tripwire/integritycheck.h b/src/tripwire/integritycheck.h index da5dae4..f5a61ca 100644 --- a/src/tripwire/integritycheck.h +++ b/src/tripwire/integritycheck.h @@ -110,9 +110,11 @@ public: // previous enumeration. This flag indicates that any valid properties in the new FCO during // an integrity check that are not valid in the database FCO should be copied to the db's fco. // Yuck! - FLAG_ERASE_FOOTPRINTS_IC = 0x00000010 + FLAG_ERASE_FOOTPRINTS_IC = 0x00000010, // when this flag is set, IC will attempt to leave no footprints when doing an integrity check. // for instance, IC will tell the property calculator to reset access times. + FLAG_DIRECT_IO = 0x00000020 + // Use direct i/o when scanning files }; private: diff --git a/src/tripwire/policyupdate.cpp b/src/tripwire/policyupdate.cpp index 8d5dab2..e559e7f 100644 --- a/src/tripwire/policyupdate.cpp +++ b/src/tripwire/policyupdate.cpp @@ -177,6 +177,11 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError) { icFlags |= cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC; } + + if (flags & FLAG_DIRECT_IO) + { + icFlags |= cIntegrityCheck::FLAG_DIRECT_IO; + } ic.Execute( icFlags ); //TODO-- the second flag I just added probably makes the flag to cUpdateDb::Execute() unnecessary; @@ -208,7 +213,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError) { // this is an error that should be reported to the user. ePolicyUpdateAddedFCO e( pTrans->ToStringDisplay( pIter->FCO()->GetName() ) ); - if( (flags & ANAL) == 0 ) + if( (flags & FLAG_SECURE_MODE) == 0 ) e.SetFlags( eError::NON_FATAL ); else e.SetFlags( eError::SUPRESS_THIRD_MSG ); @@ -229,7 +234,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError) // this is an error that should be reported to the user. ePolicyUpdateRemovedFCO e( pTrans->ToStringDisplay( pRmIter->FCO()->GetName() ) ); - if( (flags & ANAL) == 0 ) + if( (flags & FLAG_SECURE_MODE) == 0 ) e.SetFlags( eError::NON_FATAL ); else e.SetFlags( eError::SUPRESS_THIRD_MSG ); @@ -262,7 +267,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError) // add this to the error bucket ePolicyUpdateChangedFCO e( badPropStr ); - if( (flags & ANAL) == 0 ) + if( (flags & FLAG_SECURE_MODE) == 0 ) e.SetFlags( eError::NON_FATAL ); else e.SetFlags( eError::SUPRESS_THIRD_MSG ); @@ -272,7 +277,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError) } // // now, we will update the database with everything in the report... - // TODO -- don't do this if the anal flag was passed in + // TODO -- don't do this if the secure mode flag was passed in // TW_NOTIFY_NORMAL( TSS_GetString( cTripwire, tripwire::STR_PU_UPDATE_DB ).c_str() ); // @@ -283,7 +288,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError) { updateDBFlags |= cUpdateDb::FLAG_ERASE_FOOTPRINTS_UD; } - + update.Execute( updateDBFlags ); // the last thing that we have to do is to remove everything that is still @@ -303,6 +308,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError) { i.SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); } + const cFCOSpecListCanonicalIter newPolIter( mNewPolicy ); util_PruneExtraObjects( i, newPolIter ); diff --git a/src/tripwire/policyupdate.h b/src/tripwire/policyupdate.h index 4611b3d..210cf8a 100644 --- a/src/tripwire/policyupdate.h +++ b/src/tripwire/policyupdate.h @@ -64,15 +64,18 @@ public: bool Execute( uint32 flags = 0 ) ; // throw (eError) // if false is returned, then there was at least one conflict that came up during the policy - // update, and if tripwire was run in anal mode then the policy update should fail. + // update, and if tripwire was run in secure mode then the policy update should fail. enum Flags { - ANAL = 0x00000001, // if this is set, then we are in anal mode. This affects whether error + FLAG_SECURE_MODE = 0x00000001, // if this is set, then we're in pedantic mode. This affects whether error // messages appear as "Error" or "Warning" - FLAG_ERASE_FOOTPRINTS_PU= 0x00000002 + FLAG_ERASE_FOOTPRINTS_PU= 0x00000002, // when this flag is set, cPolicyUpdate will attempt undo any inadvertant modifications // it may make when executing. + + FLAG_DIRECT_IO = 0x00000004 + // Use direct i/o when scanning files }; private: diff --git a/src/tripwire/twcmdline.cpp b/src/tripwire/twcmdline.cpp index 880b93f..10c6369 100644 --- a/src/tripwire/twcmdline.cpp +++ b/src/tripwire/twcmdline.cpp @@ -433,6 +433,14 @@ static void FillOutConfigInfo(cTWModeCommon* pModeInfo, const cConfigFile& cf) pModeInfo->mbCrossFileSystems = false; } + if(cf.Lookup(TSTRING(_T("DIRECT_IO")), str)) + { + if (_tcsicmp(str.c_str(), _T("true")) == 0) + pModeInfo->mbDirectIO = true; + else + pModeInfo->mbDirectIO = false; + } + // // turn all of the file names into full paths (they're relative to the exe dir) // @@ -621,7 +629,7 @@ bool cTWModeDbInit::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine) // Set the cross file systems flag appropriately. cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems); #endif - + return true; } @@ -663,7 +671,8 @@ int cTWModeDbInit::Execute(cErrorQueue* pQueue) uint32 gdbFlags = 0; gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 ); - + gdbFlags |= ( mpData->mbDirectIO ? cGenerateDb::FLAG_DIRECT_IO : 0 ); + // loop through the genres cGenreSpecListVector::iterator genreIter; for (genreIter = genreSpecList.begin(); genreIter != genreSpecList.end(); ++genreIter) @@ -776,7 +785,7 @@ public: TSTRING mSeverityName; // gets mapped to number, then treated like mSeverityLevel TSTRING mRuleName; // only the named rule will be checked TSTRING mGenreName; // if not empty, specifies the genre to check - bool mbAnal; // are we in anal mode? (only valid with mbUpdate == true) + bool mbSecureMode; // are we in extra-pedantic mode? (only valid with mbUpdate == true) #ifdef GMMS bool mbGmms; // Send violation reports via gmms? @@ -790,7 +799,7 @@ public: // ctor can set up some default values cTWModeIC_i() : cTWModeCommon(), mbUpdate(false), mbPrintToStdout(true), mbEmail(false), mbEncryptReport(false), - mSeverityLevel(-1), mbTrimBySeverity(false), mbAnal(false) + mSeverityLevel(-1), mbTrimBySeverity(false), mbSecureMode(false) #ifdef GMMS , mbGmms(false), mGmmsVerbosity(2) #endif @@ -1080,7 +1089,7 @@ bool cTWModeIC::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine) // Set the cross file systems flag appropriately. cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems); #endif - + return true; } @@ -1223,7 +1232,8 @@ int cTWModeIC::Execute(cErrorQueue* pQueue) uint32 icFlags = 0; icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 ); icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 ); - + icFlags |= ( mpData->mbDirectIO ? cIntegrityCheck::FLAG_DIRECT_IO : 0 ); + ic.ExecuteOnObjectList( fcoNames, icFlags ); // put all info into report @@ -1354,7 +1364,8 @@ int cTWModeIC::Execute(cErrorQueue* pQueue) uint32 icFlags = 0; icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 ); icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 ); - + icFlags |= ( mpData->mbDirectIO ? cIntegrityCheck::FLAG_DIRECT_IO : 0 ); + ic.Execute( icFlags ); // put all display info into report @@ -1531,7 +1542,7 @@ class cTWModeDbUpdate_i : public cTWModeCommon { public: bool mbInteractive; // don't do interactive update; just integrate the report file - bool mbAnal; // are we in anal mode? + bool mbSecureMode; // are we in extra-pedantic mode? //std::string mSitePassphrase; // pass phrase for site key //bool mSiteProvided; @@ -1544,7 +1555,7 @@ public: cFCOReportHeader* mpReportHeader; // ctor can set up some default values - cTWModeDbUpdate_i() : cTWModeCommon(), mbInteractive(true), mbAnal(true), /*mSiteProvided(false),*/ mpReport(0), mpDbFile(0), mpReportHeader(0) {} + cTWModeDbUpdate_i() : cTWModeCommon(), mbInteractive(true), mbSecureMode(true), /*mSiteProvided(false),*/ mpReport(0), mpDbFile(0), mpReportHeader(0) {} }; /////////////////////////////////////////////////////////////////////////////// @@ -1572,7 +1583,7 @@ void cTWModeDbUpdate::InitCmdLineParser(cCmdLineParser& cmdLine) cmdLine.AddArg(cTWCmdLine::MODE_UPDATE_DB, TSTRING(_T("")), TSTRING(_T("update")), cCmdLineParser::PARAM_NONE); cmdLine.AddArg(cTWCmdLine::ACCEPT_ALL, TSTRING(_T("a")), TSTRING(_T("accept-all")), cCmdLineParser::PARAM_NONE); - cmdLine.AddArg(cTWCmdLine::ANAL_LEVEL, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE); + cmdLine.AddArg(cTWCmdLine::SECURE_MODE, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::EDITOR, TSTRING(_T("V")), TSTRING(_T("visual")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::PARAMS, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_NONE); @@ -1601,15 +1612,15 @@ bool cTWModeDbUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine) case cTWCmdLine::ACCEPT_ALL: mpData->mbInteractive = false; break; - case cTWCmdLine::ANAL_LEVEL: + case cTWCmdLine::SECURE_MODE: ASSERT(iter.NumParams() > 0); if(iter.ParamAt(0).compare(_T("high")) == 0) - mpData->mbAnal = true; + mpData->mbSecureMode = true; else if(iter.ParamAt(0).compare(_T("low")) == 0) - mpData->mbAnal = false; + mpData->mbSecureMode = false; else { - // invalid parameter to anal switch... + // invalid parameter to secure mode switch... // TODO -- print this to stderr; how do I display (1) the switch name // and (2) the possible values? // TODO -- move {high, low} somewhere else @@ -1658,14 +1669,14 @@ bool cTWModeDbUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine) // Set the cross file systems flag appropriately. cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems); #endif - + return true; } void cTWModeDbUpdate::Init(const cTWModeIC_i* pICData, cFCODatabaseFile* dbFile, cFCOReportHeader* prh, cFCOReport* pReport, bool bEncryptDb) { mpData->mbInteractive = true; // always interactive - mpData->mbAnal = pICData->mbAnal; + mpData->mbSecureMode = pICData->mbSecureMode; //mpData->mbBackup = pICData->mbBackup; mpData->mDbFile = pICData->mDbFile; mpData->mLocalKeyFile = pICData->mLocalKeyFile; @@ -1819,9 +1830,9 @@ int cTWModeDbUpdate::Execute(cErrorQueue* pQueue) // uint32 udFlags = 0; udFlags |= ( mpData->mbResetAccessTime ? cUpdateDb::FLAG_ERASE_FOOTPRINTS_UD : 0 ); - + cUpdateDb update( dbIter.GetDb(), *mpData->mpReport, pQueue ); - if( (! update.Execute( udFlags )) && mpData->mbAnal ) + if( (! update.Execute( udFlags )) && mpData->mbSecureMode ) { // we will not perform the update; simply exit. TCOUT << TSS_GetString( cTripwire, tripwire::STR_DB_NOT_UPDATED) << std::endl; @@ -1906,10 +1917,10 @@ public: TSTRING mTextPolFile; wc16_string mSitePassphrase; bool mSiteProvided; - bool mbAnal; + bool mbSecureMode; // ctor can set up some default values - cTWModePolUpdate_i() : cTWModeCommon(), mSiteProvided(false), mbAnal(true) {} + cTWModePolUpdate_i() : cTWModeCommon(), mSiteProvided(false), mbSecureMode(true) {} }; /////////////////////////////////////////////////////////////////////////////// @@ -1937,7 +1948,7 @@ void cTWModePolUpdate::InitCmdLineParser(cCmdLineParser& cmdLine) cmdLine.AddArg(cTWCmdLine::TEXT_POL_FILE, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::LOCAL_PASSPHRASE,TSTRING(_T("P")), TSTRING(_T("local-passphrase")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::SITE_PASSPHRASE, TSTRING(_T("Q")), TSTRING(_T("site-passphrase")), cCmdLineParser::PARAM_ONE); - cmdLine.AddArg(cTWCmdLine::ANAL_LEVEL, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE); + cmdLine.AddArg(cTWCmdLine::SECURE_MODE, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE); } /////////////////////////////////////////////////////////////////////////////// @@ -1973,15 +1984,15 @@ bool cTWModePolUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine mpData->mSitePassphrase = cStringUtil::TstrToWstr(iter.ParamAt(0)); mpData->mSiteProvided = true; break; - case cTWCmdLine::ANAL_LEVEL: + case cTWCmdLine::SECURE_MODE: ASSERT(iter.NumParams() > 0); if(iter.ParamAt(0).compare(_T("high")) == 0) - mpData->mbAnal = true; + mpData->mbSecureMode = true; else if(iter.ParamAt(0).compare(_T("low")) == 0) - mpData->mbAnal = false; + mpData->mbSecureMode = false; else { - // invalid parameter to anal switch... + // invalid parameter to secure mode switch... // TODO -- print this to stderr; how do I display (1) the switch name // and (2) the possible values? // TODO -- move {high, low} somewhere else @@ -2025,13 +2036,12 @@ bool cTWModePolUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine // if (cTWUtil::VerifyCfgSiteKey( mstrConfigFile, mpData->mSiteKeyFile ) == false) cTWUtil::PrintErrorMsg(eTWCfgUnencrypted(_T(""), eError::NON_FATAL|eError::SUPRESS_THIRD_MSG)); - - + #if IS_UNIX // Set the cross file systems flag appropriately. cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems); #endif - + return true; } @@ -2133,11 +2143,13 @@ int cTWModePolUpdate::Execute(cErrorQueue* pQueue) // cPolicyUpdate pu( genreIter->GetGenre(), dbIter.GetSpecList(), genreIter->GetSpecList(), dbIter.GetDb(), pQueue ); uint32 puFlags = 0; - puFlags |= mpData->mbAnal ? cPolicyUpdate::ANAL : 0; + puFlags |= mpData->mbSecureMode ? cPolicyUpdate::FLAG_SECURE_MODE : 0; puFlags |= ( mpData->mbResetAccessTime ? cPolicyUpdate::FLAG_ERASE_FOOTPRINTS_PU : 0 ); - if( (! pu.Execute(puFlags)) && (mpData->mbAnal) ) + puFlags |= ( mpData->mbDirectIO ? cPolicyUpdate::FLAG_DIRECT_IO : 0 ); + + if( (! pu.Execute(puFlags)) && (mpData->mbSecureMode) ) { - // they were in anal mode and errors occured; an error condition + // they were in secure mode and errors occured; an error condition TCOUT << TSS_GetString( cTripwire, tripwire::STR_ERR_POL_UPDATE) << std::endl; return 8; } @@ -2163,7 +2175,9 @@ int cTWModePolUpdate::Execute(cErrorQueue* pQueue) // TODO -- turn pQueue into an error bucket uint32 gdbFlags = 0; - gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 ); + gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 ); + gdbFlags |= ( mpData->mbDirectIO ? cGenerateDb::FLAG_DIRECT_IO : 0 ); + cGenerateDb::Execute( dbIter.GetSpecList(), dbIter.GetDb(), dbIter.GetGenreHeader().GetPropDisplayer(), pQueue, gdbFlags ); //TODO -- what other prop displayer stuff do I have to do here? diff --git a/src/tripwire/twcmdline.h b/src/tripwire/twcmdline.h index bb02d2e..b5bb844 100644 --- a/src/tripwire/twcmdline.h +++ b/src/tripwire/twcmdline.h @@ -131,7 +131,7 @@ public: RULE_NAME, GENRE_NAME, ACCEPT_ALL, // update db with entire report - ANAL_LEVEL, + SECURE_MODE, TEXT_POL_FILE, LOCAL_PASSPHRASE, SITE_PASSPHRASE, @@ -174,6 +174,7 @@ class cTWModeCommon bool mbResetAccessTime; // do we reset access time when calculating properties of files? bool mbLogToSyslog; // log significant events and level 0 reports to SYSLOG bool mbCrossFileSystems; // automatically recurse across mount points on Unis FS genre + bool mbDirectIO; // Use direct i/o when scanning files, if platform supports it. cTextReportViewer::ReportingLevel mEmailReportLevel; // What level of email reporting we should use cMailMessage::MailMethod mMailMethod; // What mechanism should we use to send the report @@ -190,7 +191,8 @@ class cTWModeCommon mfLooseDirs(false), mbResetAccessTime(false), mbLogToSyslog(false), - mbCrossFileSystems(false) + mbCrossFileSystems(false), + mbDirectIO(false) { } }; diff --git a/src/tripwire/updatedb.h b/src/tripwire/updatedb.h index a73eaec..34cca8a 100644 --- a/src/tripwire/updatedb.h +++ b/src/tripwire/updatedb.h @@ -76,6 +76,8 @@ public: // when this flag is set, UpdateDb will attempt // undo any inadvertant modifications it may make // when executing. + + }; private: diff --git a/src/tw/twstrings.h b/src/tw/twstrings.h index bb406d1..0277964 100644 --- a/src/tw/twstrings.h +++ b/src/tw/twstrings.h @@ -73,7 +73,7 @@ TSS_BeginStringIds( tw ) STR_ENTER_LOCAL_PASSPHRASE, STR_ENTER_SITE_PASSPHRASE, STR_ENTER_PROVIDED_PASSPHRASE, - STR_DB_NOT_UPDATED, // db update not performed due to anal mode + STR_DB_NOT_UPDATED, // db update not performed due to secure mode STR_IGNORE_PROPS, // ignoring properties STR_NOT_IMPLEMENTED, STR_REPORT_EMPTY,