fi
# libmagic
- AC_ARG_WITH(libmagic_includes,
- [ --with-libmagic-includes=DIR libmagic include directory],
- [with_libmagic_includes="$withval"],[with_libmagic_includes=no])
- AC_ARG_WITH(libmagic_libraries,
- [ --with-libmagic-libraries=DIR libmagic library directory],
- [with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"])
-
- if test "$with_libmagic_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}"
- fi
-
- AC_CHECK_HEADER(magic.h,,[AC_ERROR(magic.h not found ...)])
-
- if test "$with_libmagic_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libmagic_libraries}"
- fi
+ enable_magic="no"
+ AC_ARG_ENABLE(libmagic,
+ AS_HELP_STRING([--enable-libmagic], [Enable libmagic support [default=yes]]),
+ ,[enable_magic=yes])
+ if test "$enable_magic" = "yes"; then
+ AC_ARG_WITH(libmagic_includes,
+ [ --with-libmagic-includes=DIR libmagic include directory],
+ [with_libmagic_includes="$withval"],[with_libmagic_includes=no])
+ AC_ARG_WITH(libmagic_libraries,
+ [ --with-libmagic-libraries=DIR libmagic library directory],
+ [with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"])
+
+ if test "$with_libmagic_includes" != "no"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}"
+ fi
- MAGIC=""
- AC_CHECK_LIB(magic, magic_open,, MAGIC="no")
+ AC_CHECK_HEADER(magic.h,,MAGIC="no")
+ if test "$MAGIC" != "no"; then
+ MAGIC=""
+ AC_CHECK_LIB(magic, magic_open,, MAGIC="no")
+ fi
- if test "$MAGIC" = "no"; then
- echo
- echo " ERROR! magic library not found, go get it"
- echo " from http://www.darwinsys.com/file/ or your distribution:"
- echo
- echo " Ubuntu: apt-get install libmagic-dev"
- echo " Fedora: yum install file-devel"
- echo
- exit 1
+ if test "x$MAGIC" != "xno"; then
+ if test "$with_libmagic_libraries" != "no"; then
+ LDFLAGS="${LDFLAGS} -L${with_libmagic_libraries}"
+ fi
+ AC_DEFINE([HAVE_MAGIC],[1],(Libmagic for file handling))
+ else
+ echo
+ echo " WARNING! magic library not found, go get it"
+ echo " from http://www.darwinsys.com/file/ or your distribution:"
+ echo
+ echo " Ubuntu: apt-get install libmagic-dev"
+ echo " Fedora: yum install file-devel"
+ echo
+ enable_magic="no"
+ fi
fi
# Napatech - Using the 3GD API
Unix socket enabled: ${enable_unixsocket}
Detection enabled: ${enable_detection}
+ Libmagic support: ${enable_magic}
libnss support: ${enable_nss}
libnspr support: ${enable_nspr}
libjansson support: ${enable_jansson}
*/
void SigGroupHeadSetFilemagicFlag(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
+#ifdef HAVE_MAGIC
Signature *s = NULL;
uint32_t sig = 0;
break;
}
}
-
+#endif
return;
}
#include "conf.h"
+#ifndef HAVE_MAGIC
+
+static int DetectFilemagicSetupNoSupport (DetectEngineCtx *de_ctx, Signature *s, char *str)
+{
+ SCLogError(SC_ERR_NO_MAGIC_SUPPORT, "no libmagic support built in, needed for filemagic keyword");
+ return -1;
+}
+
+/**
+ * \brief Registration function for keyword: filemagic
+ */
+void DetectFilemagicRegister(void)
+{
+ sigmatch_table[DETECT_FILEMAGIC].name = "filemagic";
+ sigmatch_table[DETECT_FILEMAGIC].desc = "match on the information libmagic returns about a file";
+ sigmatch_table[DETECT_FILEMAGIC].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemagic";
+ sigmatch_table[DETECT_FILEMAGIC].Setup = DetectFilemagicSetupNoSupport;
+}
+
+#else /* HAVE_MAGIC */
+
static int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
uint8_t, File *, Signature *, SigMatch *);
static int DetectFilemagicSetup (DetectEngineCtx *, Signature *, char *);
UtRegisterTest("DetectFilemagicTestParse03", DetectFilemagicTestParse03);
#endif /* UNITTESTS */
}
+
+#endif /* HAVE_MAGIC */
+
#ifndef __DETECT_FILEMAGIC_H__
#define __DETECT_FILEMAGIC_H__
+#ifdef HAVE_MAGIC
#include "util-spm-bm.h"
-#include <magic.h>
typedef struct DetectFilemagicThreadData {
magic_t ctx;
} DetectFilemagicData;
/* prototypes */
-void DetectFilemagicRegister (void);
int FilemagicGlobalLookup(File *file);
+#endif
+void DetectFilemagicRegister (void);
#endif /* __DETECT_FILEMAGIC_H__ */
if (sgh == NULL || sgh->filestore_cnt == 0) {
FileDisableStoring(pflow, direction);
}
-
+#ifdef HAVE_MAGIC
/* see if this sgh requires us to consider file magic */
if (!FileForceMagic() && (sgh == NULL ||
!(sgh->flags & SIG_GROUP_HEAD_HAVEFILEMAGIC)))
SCLogDebug("disabling magic for flow");
FileDisableMagic(pflow, direction);
}
-
+#endif
/* see if this sgh requires us to consider file md5 */
if (!FileForceMd5() && (sgh == NULL ||
!(sgh->flags & SIG_GROUP_HEAD_HAVEFILEMD5)))
} SigTableElmt;
+#ifdef HAVE_MAGIC
#define SIG_GROUP_HEAD_HAVEFILEMAGIC (1 << 20)
+#endif
#define SIG_GROUP_HEAD_HAVEFILEMD5 (1 << 21)
#define SIG_GROUP_HEAD_HAVEFILESIZE (1 << 22)
#define SIG_GROUP_HEAD_HAVEFILESHA1 (1 << 23)
fprintf(fp, "\"filename\": \"");
PrintRawJsonFp(fp, ff->name, ff->name_len);
fprintf(fp, "\", ");
-
+#ifdef HAVE_MAGIC
fprintf(fp, "\"magic\": \"");
if (ff->magic) {
PrintRawJsonFp(fp, (uint8_t *)ff->magic, strlen(ff->magic));
fprintf(fp, "unknown");
}
fprintf(fp, "\", ");
-
+#endif
switch (ff->state) {
case FILE_STATE_CLOSED:
fprintf(fp, "\"state\": \"CLOSED\", ");
snprintf(metafilename, sizeof(metafilename), "%s.meta", filename);
FILE *fp = fopen(metafilename, "a");
if (fp != NULL) {
+#ifdef HAVE_MAGIC
fprintf(fp, "MAGIC: %s\n",
ff->magic ? ff->magic : "<unknown>");
-
+#endif
switch (ff->state) {
case FILE_STATE_CLOSED:
fprintf(fp, "STATE: CLOSED\n");
ff->state == FILE_STATE_ERROR)
{
int file_logged = 0;
-
+#ifdef HAVE_MAGIC
if (FileForceMagic() && ff->magic == NULL) {
FilemagicGlobalLookup(ff);
}
-
+#endif
logger = list;
store = op_thread_data->store;
while (logger && store) {
if (ffc != NULL) {
File *ff;
for (ff = ffc->head; ff != NULL; ff = ff->next) {
+#ifdef HAVE_MAGIC
if (FileForceMagic() && ff->magic == NULL) {
FilemagicGlobalLookup(ff);
}
-
+#endif
SCLogDebug("ff %p", ff);
if (ff->flags & FILE_STORED) {
SCLogDebug("stored flag set");
json_object_set_new(fjs, "filename", json_string(s));
if (s != NULL)
SCFree(s);
+#ifdef HAVE_MAGIC
if (ff->magic)
json_object_set_new(fjs, "magic", json_string((char *)ff->magic));
+#endif
switch (ff->state) {
case FILE_STATE_CLOSED:
json_object_set_new(fjs, "state", json_string("CLOSED"));
#endif
#endif
+#ifdef HAVE_MAGIC
+#include <magic.h>
+#endif
+
#if CPPCHECK==1
#define BUG_ON(x) if (((x))) exit(1)
#else
#endif
#ifdef TLS
strlcat(features, "TLS ", sizeof(features));
+#endif
+#ifdef HAVE_MAGIC
+ strlcat(features, "MAGIC ", sizeof(features));
#endif
if (strlen(features) == 0) {
strlcat(features, "none", sizeof(features));
}
HostInitConfig(HOST_VERBOSE);
-
+#ifdef HAVE_MAGIC
if (MagicInit() != 0)
SCReturnInt(TM_ECODE_FAILED);
-
+#endif
SCAsn1LoadConfig();
CoredumpLoadConfig();
if (suri.run_mode == RUNMODE_CONF_TEST){
SCLogNotice("Configuration provided was successfully loaded. Exiting.");
+#ifdef HAVE_MAGIC
MagicDeinit();
+#endif
exit(EXIT_SUCCESS);
}
SCReferenceConfDeinit();
SCClassConfDeinit();
}
+#ifdef HAVE_MAGIC
MagicDeinit();
+#endif
TmqhCleanup();
TmModuleRunDeInit();
ParseSizeDeinit();
CASE_CODE (SC_ERR_DNP3_CONFIG);
CASE_CODE (SC_ERR_DIR_OPEN);
CASE_CODE(SC_WARN_REMOVE_FILE);
+ CASE_CODE (SC_ERR_NO_MAGIC_SUPPORT);
}
return "UNKNOWN_ERROR";
SC_ERR_DNP3_CONFIG,
SC_ERR_DIR_OPEN,
SC_WARN_REMOVE_FILE,
+ SC_ERR_NO_MAGIC_SUPPORT,
} SCError;
const char *SCErrorToString(SCError);
static int FilePruneFile(File *file)
{
SCEnter();
-
+#ifdef HAVE_MAGIC
if (!(file->flags & FILE_NOMAGIC)) {
/* need magic but haven't set it yet, bail out */
if (file->magic == NULL)
} else {
SCLogDebug("file->flags & FILE_NOMAGIC == true");
}
-
+#endif
uint64_t left_edge = file->content_stored;
if (file->flags & FILE_NOSTORE) {
left_edge = FileSize(file);
if (ff->name != NULL)
SCFree(ff->name);
-
+#ifdef HAVE_MAGIC
/* magic returned by libmagic is strdup'd by MagicLookup. */
if (ff->magic != NULL)
SCFree(ff->magic);
-
+#endif
if (ff->sb != NULL) {
StreamingBufferFree(ff->sb);
}
uint64_t txid; /**< tx this file is part of */
uint32_t file_id;
uint8_t *name;
+#ifdef HAVE_MAGIC
char *magic;
+#endif
struct File_ *next;
#ifdef HAVE_NSS
HASHContext *md5_ctx;
lua_pushnumber(luastate, file->txid);
lua_pushlstring(luastate, (char *)file->name, file->name_len);
lua_pushnumber(luastate, FileSize(file));
- lua_pushstring (luastate, file->magic);
+ lua_pushstring (luastate,
+#ifdef HAVE_MAGIC
+ file->magic
+#else
+ "nomagic"
+#endif
+ );
lua_pushstring(luastate, md5ptr);
lua_pushstring(luastate, sha1ptr);
lua_pushstring(luastate, sha256ptr);
*/
#include "suricata-common.h"
+
+#ifdef HAVE_MAGIC
#include "conf.h"
#include "util-unittest.h"
-#include <magic.h>
static magic_t g_magic_ctx = NULL;
static SCMutex g_magic_lock;
}
#endif /* UNITTESTS */
-
+#endif
void MagicRegisterTests(void)
{
#ifndef __UTIL_MAGIC_H__
#define __UTIL_MAGIC_H__
-#include <magic.h>
-
+#ifdef HAVE_MAGIC
int MagicInit(void);
void MagicDeinit(void);
char *MagicGlobalLookup(const uint8_t *, uint32_t);
char *MagicThreadLookup(magic_t *, const uint8_t *, uint32_t);
+#endif
void MagicRegisterTests(void);
#endif /* __UTIL_MAGIC_H__ */
projects / thirdparty / suricata.git / commitdiff
