int prepare_default_response(char *filename, uint16_t port, uint16_t proto) {
int answer_fd, ccopy;
u_char buffer[100];
FILE* answer_file = NULL;
def_resp *last_response, *new_response;
/* allocate memory for new response */
if ((new_response = (def_resp *) malloc(sizeof(struct def_resp))) == NULL) {
perror(" Error - Unable to allocate memory");
return(-1);
} else {
new_response->port = port;
new_response->proto = proto;
new_response->size = 0;
new_response->response = NULL;
new_response->next = NULL;
}
if (!response_list) response_list = new_response;
else {
/* spool to end of the list and attach new response */
last_response = response_list;
while (last_response->next) last_response = last_response->next;
last_response->next = new_response;
}
/* read response */
if ((proto != TCP) && (proto != UDP)) {
fprintf(stderr, " Error - Protocol %u is not supported.\n", proto);
return(-1);
}
DEBUG_FPRINTF(stdout, " Loading default response for port %u/%s.\n", port, PROTO(proto));
if (((answer_fd = open(filename, O_NOCTTY | O_RDONLY, 0640)) == -1) || (!(answer_file = fopen(filename, "rb")))) {
DEBUG_FPRINTF(stdout, " Warning - Unable to open file '%s'\n", filename);
} else {
ccopy = 0;
while((ccopy = fread(buffer, 1, 100, answer_file))) {
if ((new_response->response = (u_char *) realloc(new_response->response, new_response->size + ccopy)) == NULL) {
perror(" Error - Unable to allocate memory");
return(-1);
} else {
memcpy(new_response->response + new_response->size, buffer, ccopy);
new_response->size += ccopy;
}
}
if (new_response->size != 0) {
DEBUG_FPRINTF(stdout, " Default response string for port %u/%s successfully loaded.\n",
port, PROTO(proto));
} else DEBUG_FPRINTF(stdout, " Warning - Default response file '%s' is empty.\n", filename);
}
fclose(answer_file);
close(answer_fd);
return(0);
}
int load_default_responses(char *dir) {
struct stat statbuf;
struct dirent **namelist;
int n;
uint16_t port;
char *full_path;
DIR *respdir;
full_path = NULL;
if ((respdir = opendir(dir)) == NULL) {
perror(" Error - Unable to open response directory");
exit(EXIT_FAILURE);
}
DEBUG_FPRINTF(stdout, " Searching for response files in %s\n", dir);
if ((n = scandir(dir, &namelist, 0, alphasort)) < 0) {
perror(" Error - Unable to scan response directory");
exit(EXIT_FAILURE);
} else while(n--) {
stat(namelist[n]->d_name, &statbuf);
if ((fnmatch("*_tcp", namelist[n]->d_name, 0) == 0) || (fnmatch("*_udp", namelist[n]->d_name, 0) == 0)) {
/* found a default response file */
if ((full_path = (char *) malloc(strlen(dir) + strlen(namelist[n]->d_name) + 2)) == NULL) {
perror(" Error - Unable to allocate memory");
exit(EXIT_FAILURE);
}
snprintf(full_path, strlen(dir)+strlen(namelist[n]->d_name)+2, "%s/%s", dir, namelist[n]->d_name);
DEBUG_FPRINTF(stdout, " Response file found: %s\n", full_path);
port = atoi(namelist[n]->d_name);
if (fnmatch("*_tcp", namelist[n]->d_name, 0) == 0)
prepare_default_response(full_path, port, TCP);
else if (fnmatch("*_udp", namelist[n]->d_name, 0) == 0)
prepare_default_response(full_path, port, UDP);
}
free(namelist[n]);
}
free(namelist);
return(0);
}
/* PROGRAM: dsmMandatoryFieldsGet - find cached file metadata. This cache
* is stored in shared memory
*
* RETURNS: DSM_S_SUCCES
*
*/
dsmStatus_t
dsmMandatoryFieldsGet(dsmContext_t *pcontext,
struct meta_filectl *pmetactl, /* mand. table from shm */
dsmDbkey_t fileDbkey, /* dbkey of _file record */
int fileNumber, /* file # of _file record */
dsmBoolean_t fileKey, /* dbkey/file# of _file */
dsmBoolean_t copyFound, /* flag to copy mand. flds */
struct mand *pmand) /* storage for mand. array */
{
dbcontext_t *pdbcontext = pcontext->pdbcontext;
dsmStatus_t returnCode;
int metaSize;
pdbcontext->inservice++; /* postpone signal handler processing */
SETJMP_ERROREXIT(pcontext, returnCode) /* Ensure error exit address set */
if ((returnCode = dsmThreadSafeEntry(pcontext)) != DSM_S_SUCCESS)
{
returnCode = dsmEntryProcessError(pcontext, returnCode,
(TEXT *)"dsmMandatoryFieldsGet");
goto done;
}
MT_LOCK_SCC ();
/* Check if the entry already exists */
dsmMandFindEntry(pcontext, &pmetactl, fileDbkey, fileNumber, fileKey);
if (pmetactl != NULL)
{
DEBUG_FPRINTF(stderr, "dbmanb: cache entry found, returning\n");
if (copyFound != 0)
{
metaSize = (pmetactl->nmand+1)*sizeof(struct mand);
bufcop((TEXT *)pmand, (TEXT *)pmetactl->mand, metaSize);
}
}
MT_UNLK_SCC ();
returnCode = DSM_S_SUCCESS;
done:
dsmThreadSafeExit(pcontext);
pdbcontext->inservice--;
return returnCode;
}
PlugFuncList *add_unload_func_to_list(const char *plugname, const char *funcname, void (*func)(void)) {
PlugFuncList *func_tmp, *func_new;
DEBUG_FPRINTF(stdout, " Hooking plugin %s to 'unload_plugins'.\n", plugname);
if ((func_new = (PlugFuncList *) malloc(sizeof(PlugFuncList))) == NULL) {
logmsg(LOG_ERR, 1, " Error - Unable to allocate memory: %m.\n");
return(NULL);
}
func_new->next = NULL;
/* attach new function to list */
func_tmp = funclist_unload_plugins;
if (func_tmp) {
while(func_tmp->next) func_tmp = func_tmp->next;
func_tmp->next = func_new;
} else funclist_unload_plugins = func_new;
func_new->func = (void *)func;
func_new->plugnam = (char *)plugname;
func_new->funcnam = (char *)funcname;
DEBUG_FPRINTF(stdout, " %s::%s() hooked to 'unload_plugins'.\n", func_new->plugnam, func_new->funcnam);
return(func_new);
}
void register_plugin_confopts(const char *plugname, const char **keywords, int num) {
int i;
char full_name[264], *confopt;
/* assemble plugin config key */
memset(full_name, 0, 264);
strncpy(full_name, "plugin-", 7);
strncpy(&full_name[7], plugname, 256 < strlen(plugname) ? 256 : strlen(plugname));
if (add_keyword(&config_keywords_tree, full_name, NULL, 0) == NULL) {
fprintf(stderr, " Error - Unable to add configuration keyword to tree.\n");
exit(EXIT_FAILURE);
}
DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", plugname);
/* build tree of allowed configuration keywords */
for (i=0; i<num; i++) {
/* assemble full config option path */
if ((confopt = malloc(strlen(full_name)+strlen(keywords[i])+2)) == NULL) {
fprintf(stderr, " Error - Unable to allocate memory: %m.\n");
exit(EXIT_FAILURE);
}
memset(confopt, 0, strlen(plugname)+strlen(keywords[i])+2);
strcat(confopt, plugname);
strcat(confopt, ".");
strcat(confopt, keywords[i]);
/* add config option to tree */
if (add_keyword(&config_keywords_tree, confopt, NULL, 0) == NULL) {
fprintf(stderr, " Error - Unable to add configuration keyword to tree.\n");
exit(EXIT_FAILURE);
}
free(confopt);
}
return;
}
int config_plugin(char *plugin_name) {
int (*plugin_config)();
void (*plugin_init)();
void (*plugin_unload)();
Plugin *last_plugin, *new_plugin;
/* allocate memory for new plugin and attach it to the plugin list */
if ((new_plugin = (Plugin *) malloc(sizeof(Plugin))) == NULL) {
fprintf(stderr, " Error - Unable to allocate memory: %m.\n");
return(-1);
} else {
new_plugin->handle = NULL;
new_plugin->name = NULL;
new_plugin->version = NULL;
new_plugin->next = NULL;
new_plugin->filename = NULL;
}
if (plugin_name == NULL) {
fprintf(stderr, " Error loading plugin - No name given.\n");
return(-1);
} else {
if ((new_plugin->handle = (void *) malloc(sizeof(int))) == NULL) {
fprintf(stderr, " Error loading plugin - Unable to allocate memory: %m.\n");
free(new_plugin);
return(-1);
} else new_plugin->filename = (char *) strdup(plugin_name);
}
dlerror(); /* Clear any existing error */
if (((new_plugin->handle = dlopen(new_plugin->filename, RTLD_NOW)) == NULL) &&
((plugin_error_str = (char *) dlerror()) != NULL)) {
fprintf(stderr, " Unable to initialize plugin: %s\n", plugin_error_str);
unload_on_err(new_plugin);
exit(EXIT_FAILURE);
}
/* determin internal module name and version string */
if (((new_plugin->name = (char *) dlsym(new_plugin->handle, "module_name")) == NULL) &&
((plugin_error_str = (char *) dlerror()) != NULL)) {
/* handle error, the symbol wasn't found */
fprintf(stderr, " Unable to initialize plugin: %s\n", plugin_error_str);
fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename);
unload_on_err(new_plugin);
return(-1);
}
if (((new_plugin->version = (char *) dlsym(new_plugin->handle, "module_version")) == NULL) &&
((plugin_error_str = (char *) dlerror()) != NULL)) {
/* handle error, the symbol wasn't found */
fprintf(stderr, " Unable to initialize plugin %s: %s\n", new_plugin->name, plugin_error_str);
fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename);
unload_on_err(new_plugin);
return(-1);
}
fprintf(stdout, " Loading plugin %s v%s\n", new_plugin->name, new_plugin->version);
DEBUG_FPRINTF(stdout, " Configuring plugin %s.\n", new_plugin->name);
/* resolve module's unload function and add it to unload hook */
if (((plugin_unload = dlsym(new_plugin->handle, "plugin_unload")) == NULL) &&
((plugin_error_str = (char *) dlerror()) != NULL)) {
/* handle error, the symbol wasn't found */
fprintf(stderr, " Unable to initialize plugin %s: %s\n", new_plugin->name, plugin_error_str);
fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename);
unload_on_err(new_plugin);
return(-1);
}
if (!add_unload_func_to_list(new_plugin->name, "plugin_unload", plugin_unload)) {
fprintf(stderr, " Unable to register module for hook 'unload_plugins': %s\n", plugin_error_str);
unload_on_err(new_plugin);
return(-1);
}
/* resolve and call module's config function */
if (((plugin_config = dlsym(new_plugin->handle, "plugin_config")) == NULL) &&
((plugin_error_str = (char *) dlerror()) != NULL)) {
/* handle error, the symbol wasn't found */
fprintf(stderr, "\n Unable to resolve symbol 'plugin_config': %s\n", plugin_error_str);
return(-1);
}
plugin_config();
// resolve module's init function and add it to init hook
if (((plugin_init = dlsym(new_plugin->handle, "plugin_init")) == NULL) &&
((plugin_error_str = (char *) dlerror()) != NULL)) {
/* handle error, the symbol wasn't found */
fprintf(stderr, " Unable to initialize plugin %s: %s\n", new_plugin->name, plugin_error_str);
fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename);
unload_on_err(new_plugin);
return(-1);
}
if (!add_init_func_to_list(new_plugin->name, "plugin_init", plugin_init)) {
fprintf(stderr, " Unable to register module for hook 'init_plugins': %s\n", plugin_error_str);
unload_on_err(new_plugin);
return(-1);
}
/* attach plugin to plugin_list */
if (!plugin_list) plugin_list = new_plugin;
else {
last_plugin = plugin_list;
while(last_plugin->next) last_plugin = last_plugin->next;
last_plugin->next = new_plugin;
}
return(1);
}
int load_plugin(const char *dir, const char* plugname) {
struct stat statbuf;
struct dirent **namelist;
int n, ret;
char *full_path, full_name[264];
DIR *plugindir;
ret = 0;
full_path = NULL;
plugin_list = NULL;
if (strlen(plugname) > 265) {
fprintf(stderr, " Error - Plugin name exceeds maximum length of 256 charakters: %s\n", plugname);
return(-1);
}
/* plugin directory must be configured */
if (!dir) {
fprintf(stderr, " Error - Plugin directory not set while trying to load plugin %s.\n", plugname);
exit(EXIT_FAILURE);
}
if ((plugindir = opendir(dir)) == NULL) {
fprintf(stderr, " Error - Unable to open plugin directory: %m.\n");
exit(EXIT_FAILURE);
}
DEBUG_FPRINTF(stdout, " Looking for plugin %s in %s\n", plugname, dir);
if ((n = scandir(dir, &namelist, 0, alphasort)) < 0) {
fprintf(stderr, " Error - Unable to scan plugin directory: %m.\n");
return(-1);
} else while(n--) {
stat(namelist[n]->d_name, &statbuf);
/* assemble full name */
memset(full_name, 0, 264);
strncpy(full_name, "htm_", 4);
strncpy(&full_name[4], plugname, strlen(plugname));
strncpy(&full_name[4+strlen(plugname)], ".so", 3);
if ((ret = fnmatch(full_name, namelist[n]->d_name, 0)) == 0) {
/* found the plugin */
if ((full_path = (char *) malloc(strlen(dir) + strlen(namelist[n]->d_name) + 2)) == NULL) {
perror(" Error - Unable to allocate memory");
exit(EXIT_FAILURE);
}
snprintf(full_path, strlen(dir)+strlen(namelist[n]->d_name)+2, "%s/%s", dir, namelist[n]->d_name);
DEBUG_FPRINTF(stdout, " Plugin found: %s\n", full_path);
config_plugin(full_path);
free(full_path);
free(namelist[n]);
break;
}
free(namelist[n]);
}
closedir(plugindir);
if (ret != 0) {
fprintf(stderr, " Error - Unable to load plugin %s: %m.\n", full_name);
exit(EXIT_FAILURE);
}
free(namelist);
return(1);
}
/* PROGRAM: dsmMandatoryFieldsCachePut - build mandatory field cache and it
* is stored in shared memory
*
* RETURNS: DSM_S_SUCCES
*
*/
dsmStatus_t
dsmMandatoryFieldsPut(dsmContext_t *pcontext,
struct meta_filectl *pInMetactl, /* new metadata ctl for cache */
struct meta_filectl *pOldmetactl, /* old metadata ctl for cache */
DL_VECT *pdl_vect_in, /* next dl column vector */
DL_VECT *pdl_col_in, /* next dl columns list to use */
int ndl_ent, /* # delayed columns */
int mandtblSize, /* size of mand fld table */
int useCache, /* use shm cache ? */
struct mand *pmand) /* storage for all mand flds */
{
dbcontext_t *pdbcontext = pcontext->pdbcontext;
dbshm_t *pdbshm = pdbcontext->pdbpub;
dsmStatus_t returnCode;
SHPTR *pmandhashtbl, qhashentry;
struct meta_filectl *pmetactl = NULL;
pdbcontext->inservice++; /* postpone signal handler processing */
SETJMP_ERROREXIT(pcontext, returnCode) /* Ensure error exit address set */
if ((returnCode = dsmThreadSafeEntry(pcontext)) != DSM_S_SUCCESS)
{
returnCode = dsmEntryProcessError(pcontext, returnCode,
(TEXT *)"dsmMandatoryFieldsPut");
goto done;
}
/* get the schema cache latch */
MT_LOCK_SCC ();
/* Check if the entry already exists */
dsmMandFindEntry(pcontext, &pmetactl, pInMetactl->fildbk,
pInMetactl->filno, FILE_IDENT_DBKEY);
if (pmetactl != NULL)
{
/* entry had already been made */
goto okdone;
}
/* get ptr to hash table array */
if (pdbshm->qmandctl)
pmandhashtbl = (SHPTR *) QP_TO_P(pdbcontext, pdbshm->qmandctl);
else /* need to allocate it */
{
pmandhashtbl = (SHPTR *)
stRent(pcontext, XSTPOOL(pdbcontext, pdbshm->qdbpool),
SIZE_MAND_HASH * sizeof(SHPTR));
pdbshm->qmandctl = P_TO_QP(pcontext, pmandhashtbl);
}
/* allocate storage in shm */
pmetactl = (struct meta_filectl *)stRent(pcontext,
XSTPOOL(pdbcontext, pdbshm->qdbpool),
(unsigned)(sizeof(struct meta_filectl) + mandtblSize));
pmetactl->fildbk = pInMetactl->fildbk;
pmetactl->filno = pInMetactl->filno;
pmetactl->nmand = pInMetactl->nmand;
pmetactl->schemavers = pInMetactl->schemavers;
if ( (useCache != MANB_USECACHE_NONE) &&
(mandtblSize > 0) )
{
bufcop(pmetactl->mand, pmand, (int) mandtblSize);
}
if ((useCache == MANB_USECACHE_PHYSICAL) &&
(pOldmetactl != NULL))
{
pOldmetactl->filno = 0;
pOldmetactl->fildbk = 0;
}
/* Chain this structure in shared memory. The assumption is that
an entry for this fildbk does not already exist on the cache. */
qhashentry = pmandhashtbl[ABS(pmetactl->filno) % SIZE_MAND_HASH];
pmetactl->qnext = qhashentry;
pmandhashtbl[ABS(pmetactl->filno) % SIZE_MAND_HASH] =
P_TO_QP(pcontext, pmetactl);
DEBUG_FPRINTF(pmetactl, "dbmanb (chained to sh mem):");
okdone:
MT_UNLK_SCC ();
returnCode = DSM_S_SUCCESS;
done:
dsmThreadSafeExit(pcontext);
pdbcontext->inservice--;
return returnCode;
}
PlugFuncList *add_attack_func_to_list(const func_prio priority, const char *plugname, const char *funcname, int (*func)(Attack)) {
PlugFuncList *func_tmp, *func_new;
func_tmp = NULL;
func_new = NULL;
DEBUG_FPRINTF(stdout, " Hooking %s::%s() to 'process_attack' (priority: %d).\n", plugname, funcname, priority);
if ((func_new = (PlugFuncList *) malloc(sizeof(PlugFuncList))) == NULL) {
logmsg(LOG_ERR, 1, " Error - Unable to allocate memory: %m.\n");
return(NULL);
}
func_new->next = NULL;
/* attach new function to list */
switch (priority) {
case PPRIO_DYNSRV:
func_tmp = funclist_attack_dynsrv;
break;
case PPRIO_PERREAD:
func_tmp = funclist_attack_perread;
break;
case PPRIO_PREPROC:
func_tmp = funclist_attack_preproc;
break;
case PPRIO_ANALYZE:
func_tmp = funclist_attack_analyze;
break;
case PPRIO_SAVEDATA:
func_tmp = funclist_attack_savedata;
break;
case PPRIO_POSTPROC:
func_tmp = funclist_attack_postproc;
break;
default:
fprintf(stderr, " Error - Unknown plugin priority.\n");
return(NULL);
}
if (func_tmp) {
while(func_tmp->next) func_tmp = func_tmp->next;
func_tmp->next = func_new;
} else switch (priority) {
case PPRIO_DYNSRV:
funclist_attack_dynsrv = func_new;
break;
case PPRIO_PERREAD:
funclist_attack_perread = func_new;
break;
case PPRIO_PREPROC:
funclist_attack_preproc = func_new;
break;
case PPRIO_ANALYZE:
funclist_attack_analyze = func_new;
break;
case PPRIO_SAVEDATA:
funclist_attack_savedata = func_new;
break;
case PPRIO_POSTPROC:
funclist_attack_postproc = func_new;
break;
default:
fprintf(stderr, " Error - Unknown plugin priority.\n");
return(NULL);
}
func_new->func = (void *)func;
func_new->plugnam = (char *)plugname;
func_new->funcnam = (char *)funcname;
DEBUG_FPRINTF(stdout, " %s::%s() hooked to 'process_attack' (priority: %d).\n", func_new->plugnam, func_new->funcnam, priority);
return(func_new);
}
