/*
Process the 'config threshold: memcap #bytes, option2-name option2-value, ...'
config threshold: memcap #bytes
*/
void ProcessThresholdOptions(char *options)
{
int i = 0;
char ** args;
int nargs;
char ** oargs;
int noargs;
if( !s_enabled )
return ;
args = mSplit(options,",",10,&nargs,0); /* get rule option pairs */
for(i=0;i<nargs;i++)
{
oargs = mSplit(options," ",2,&noargs,0); /* get rule option pairs */
if( strcmp(oargs[0],"memcap") == 0 )
{
s_memcap = xatou(oargs[1],"config threshold: memcap");
}
else
{
FatalError("Threshold-RuleOptionParse: unknown argument\n");
}
}
mSplitFree(&args, nargs);
mSplitFree(&oargs, noargs);
}
static void StreamParseIpArgs (char* args, StreamIpPolicy* policy)
{
char* *toks;
int num_toks;
int i;
policy->session_timeout = STREAM_DEFAULT_SSN_TIMEOUT;
if ( !args || !*args )
return;
toks = mSplit(args, ",", 0, &num_toks, 0);
for (i = 0; i < num_toks; i++)
{
int s_toks;
char* *stoks = mSplit(toks[i], " ", 2, &s_toks, 0);
if (s_toks == 0)
{
ParseError("Missing parameter in Stream IP config.\n");
}
if(!strcasecmp(stoks[0], "timeout"))
{
char* endPtr = NULL;
if(stoks[1])
{
policy->session_timeout = strtoul(stoks[1], &endPtr, 10);
}
if (!stoks[1] || (endPtr == &stoks[1][0]))
{
ParseError("Invalid timeout in config file. Integer parameter required.\n");
}
if ((policy->session_timeout > STREAM_MAX_SSN_TIMEOUT) ||
(policy->session_timeout < STREAM_MIN_SSN_TIMEOUT))
{
ParseError("Invalid timeout in config file. Must be between %d and %d\n",
STREAM_MIN_SSN_TIMEOUT, STREAM_MAX_SSN_TIMEOUT);
}
if (s_toks > 2)
{
ParseError("Invalid Stream IP Policy option. Missing comma?\n");
}
}
else
{
ParseError("Invalid Stream IP policy option\n");
}
mSplitFree(&stoks, s_toks);
}
mSplitFree(&toks, num_toks);
}
void ParseReferenceSystemConfig(char *args)
{
char **toks;
char *name = NULL;
char *url = NULL;
int num_toks;
int i;
/* 2 tokens: name <url> */
toks = mSplit(args, " ", 2, &num_toks, 0);
name = toks[0];
if(num_toks == 2)
{
url = toks[1];
while(isspace((int)*url))
url++;
if(url[0] == '\0')
url = NULL;
}
ReferenceSystemAdd(name, url);
for(i = 0; i < num_toks; i++)
free(toks[i]);
return;
}
/*
* Function: GenHomenet(char *)
*
* Purpose: Translate the command line character string into its equivalent
* 32-bit network byte ordered value (with netmask)
*
* Arguments: netdata => The address/CIDR block
*
* Returns: void function
*/
void GenHomenet(char *netdata)
{
struct in_addr net; /* place to stick the local network data */
char **toks; /* dbl ptr to store mSplit return data in */
int num_toks; /* number of tokens mSplit returns */
int nmask; /* temporary netmask storage */
/* break out the CIDR notation from the IP address */
toks = mSplit(netdata, "/", 2, &num_toks, 0);
if(num_toks > 1)
{
/* convert the CIDR notation into a real live netmask */
nmask = atoi(toks[1]);
if((nmask > 0) && (nmask < 33))
{
pv.netmask = netmasks[nmask];
}
else
{
FatalError("Bad CIDR block [%s:%d], 1 to 32 please!\n",
toks[1], nmask);
}
}
else
{
FatalError("No netmask specified for home network!\n");
}
pv.netmask = htonl(pv.netmask);
DEBUG_WRAP(DebugMessage(DEBUG_INIT, "homenet netmask = %#8lX\n", pv.netmask););
//function to assign the RpcDecodePorts array
static void RpcDecodePortsAssign(uint8_t *RpcDecodePorts, char *portlist)
{
int num;
int num_toks;
char **toks;
if( portlist == NULL || *portlist == '\0')
{
portlist = RPC_DECODE_DEFAULT_PORTS;
}
toks = mSplit(portlist, " \t", 0, &num_toks, 0);
for(num = 0; num < num_toks; num++)
{
if(isdigit((int)toks[num][0]))
{
char *num_p = NULL; /* used to determine last position in string */
long t_num;
t_num = strtol(toks[num], &num_p, 10);
if(*num_p != '\0')
{
ParseError("Port Number invalid format: %s.", toks[num]);
}
else if(t_num < 0 || t_num > MAXPORTS-1 )
{
ParseError("Port Number out of range: %d.", t_num);
}
RpcDecodePorts[(t_num/8)] |= 1<<(t_num%8);
}
}
mSplitFree(&toks, num_toks);
}
int parse_conf()
{
FILE *fp;
char line[512];
char *remote_server = NULL;
uint16_t remote_port = 0;
char *p;
char **toks;
int num_toks;
if ((fp = fopen("/opt/utc/conf/water_mark.conf", "rb")) == NULL) {
E("-------open config file /opt/utc/conf/water_mark.conf fail.\n");
return -1;
}
while(fgets(line, 512, fp)) {
if (*line == '#')
continue;
toks = mSplit(line, "=", 2, &num_toks, 0);
if(num_toks != 2)
goto free_toks;
_strim(toks[0]);
_strim(toks[1]);
printf("[%s]--[%s]\n",toks[0], toks[1]);
if (strncmp(toks[0], "HIGH_WATER_MARK", strlen("HIGH_WATER_MARK")) == 0) {
high_water_mark = (uint64_t)atoi(toks[1]);
if (high_water_mark <= 0) {
mSplitFree(&toks, num_toks);
fclose(fp);
return 1;
}
}
if (strncmp(toks[0], "HASH_LEVEL_WATER", strlen("HASH_LEVEL_WATER")) == 0) {
hash_level_water_mark = (uint64_t)atoi(toks[1]);
if (hash_level_water_mark < 0) {
mSplitFree(&toks, num_toks);
fclose(fp);
return 1;
}
}
free_toks:
memset(line, 0x00, 512);
mSplitFree(&toks, num_toks);
}
fclose(fp);
return 0;
}
/*
Parse basic CIDR block - [!]a.b.c.d/bits
*/
static void parseCIDR( THDX_STRUCT * thdx, char * s )
{
#ifdef SUP_IP6
sfip_pton(s, &thdx->ip_address);
#else
char **args;
int nargs;
if (*s == '!')
{
thdx->not_flag = 1;
s++;
while( (*s <= ' ') && (*s > 0) ) s++; /* skip whitespace */
}
args = mSplit( s , "/", 2, &nargs, 0 ); /* get rule option pairs */
if( !nargs || nargs > 2 )
{
FatalError("%s(%d) => Suppress-Parse: argument pairing error\n", file_name, file_line);
}
/*
* Keep IP in network order
*/
thdx->ip_address = inet_addr( args[0] );
if( nargs == 2 )
{
int i;
int nbits;
int mask;
nbits = xatou( args[1],"suppress: cidr mask bits" );
mask = 1 << 31;
for( i=0; i<nbits; i++ )
{
thdx->ip_mask |= mask;
mask >>= 1;
}
/*
Put mask in network order
*/
thdx->ip_mask = htonl(thdx->ip_mask);
}
/*
* Function: SetPorts(char *)
*
* Purpose: Reads the list of port numbers from the argument string and
* parses them into the port list data struct
*
* Arguments: portlist => argument list
*
* Returns: void function
*
*/
void SetPorts(char *portlist)
{
char **toks;
int num_toks;
int num_ports = 0;
int num;
if(portlist == NULL)
{
FatalError("ERROR %s (%d)=> No arguments to http_decode preprocessor!\n", file_name, file_line);
}
/* tokenize the argument list */
toks = mSplit(portlist, " ", 31, &num_toks, '\\');
/* convert the tokens and place them into the port list */
for(num = 0; num < num_toks; num++)
{
if(!strncmp(NOUNICODE, toks[num], sizeof NOUNICODE))
{
check_iis_unicode = 0;
}
else if(!strncmp(NOCGINULL, toks[num], sizeof NOCGINULL))
{
check_cgi_null = 0;
}
else
{
HttpDecodePorts.ports[num_ports++] = atoi(toks[num]);
}
}
HttpDecodePorts.num_entries = num_ports;
#ifdef DEBUG
printf("Decoding HTTP on %d ports: ", HttpDecodePorts.num_entries);
for(num_ports = 0; num_ports < HttpDecodePorts.num_entries; num_ports++)
{
printf("%d ", HttpDecodePorts.ports[num_ports]);
}
printf("\n");
#endif
}
int parse_ipc_conf()
{
char ipc_path[128] = {0};
FILE *fp;
char line[1024];
char *p;
char **toks;
int num_toks;
strncpy(ipc_path, pv.conf_path, 128);
strcat(ipc_path, "/sft_ipc.conf");
if ((fp = fopen(ipc_path, "rb")) == NULL) {
E("-------open log config file [%s] fail.\n", pv.conf_path);
return -1;
}
while(fgets(line, 1024, fp)) {
if (*line == '#')
continue;
toks = mSplit(line, "=", 2, &num_toks, 0);
if(unlikely(num_toks != 2))
goto free_toks;
_strim(toks[0]);
trim_specific(toks[1], "\"");
printf("[%s]--[%s]\n",toks[0], toks[1]);
if (strncmp(toks[0], "remote_server", strlen("remote_server")) == 0 && is_ipv4_addr(toks[1])) {
pv.peer_ip = strdup(toks[1]);
} else if (strncmp(toks[0], "remote_port", strlen("remote_port")) == 0 && atoi(toks[1]) > 0) {
pv.peer_port = (uint16_t) atoi(toks[1]);
}
free_toks:
memset(line, 0x00, 1024);
mSplitFree(&toks, num_toks);
}
fclose(fp);
printf("peer addr is %s:%u\n",pv.peer_ip, pv.peer_port);
return 0;
}
void ParseReference(char *args, OptTreeNode *otn)
{
char **toks;
int num_toks;
int i;
/* 2 tokens: system, id */
toks = mSplit(args, ",", 2, &num_toks, 0);
if(num_toks != 2)
{
LogMessage("WARNING %s(%d): invalid Reference spec '%s'. Ignored\n",
file_name, file_line, args);
goto exit;
}
otn->sigInfo.refs = AddReference(otn->sigInfo.refs, toks[0], toks[1]);
exit:
for(i = 0; i < num_toks; i++)
free(toks[i]);
return;
}
static void StreamParseUdpArgs(StreamUdpConfig *config, char *args, StreamUdpPolicy *s5UdpPolicy)
{
char **toks;
int num_toks;
int i;
char *index;
char **stoks = NULL;
int s_toks;
char *endPtr = NULL;
if (s5UdpPolicy == NULL)
return;
s5UdpPolicy->session_timeout = STREAM_DEFAULT_SSN_TIMEOUT;
s5UdpPolicy->flags = 0;
if(args != NULL && strlen(args) != 0)
{
toks = mSplit(args, ",", 6, &num_toks, 0);
i=0;
while(i < num_toks)
{
index = toks[i];
while(isspace((int)*index)) index++;
stoks = mSplit(index, " ", 3, &s_toks, 0);
if (s_toks == 0)
{
FatalError("%s(%d) => Missing parameter in Stream UDP config.\n",
file_name, file_line);
}
if(!strcasecmp(stoks[0], "timeout"))
{
if(stoks[1])
{
s5UdpPolicy->session_timeout = strtoul(stoks[1], &endPtr, 10);
}
if (!stoks[1] || (endPtr == &stoks[1][0]) || *endPtr)
{
FatalError("%s(%d) => Invalid timeout in config file. Integer parameter required.\n",
file_name, file_line);
}
if ((s5UdpPolicy->session_timeout > STREAM_MAX_SSN_TIMEOUT) ||
(s5UdpPolicy->session_timeout < STREAM_MIN_SSN_TIMEOUT))
{
FatalError("%s(%d) => Invalid timeout in config file. "
"Must be between %d and %d\n",
file_name, file_line,
STREAM_MIN_SSN_TIMEOUT, STREAM_MAX_SSN_TIMEOUT);
}
if (s_toks > 2)
{
FatalError("%s(%d) => Invalid Stream UDP Policy option. Missing comma?\n",
file_name, file_line);
}
}
else if (!strcasecmp(stoks[0], "ignore_any_rules"))
{
s5UdpPolicy->flags |= STREAM_CONFIG_IGNORE_ANY;
if (s_toks > 1)
{
FatalError("%s(%d) => Invalid Stream UDP Policy option. Missing comma?\n",
file_name, file_line);
}
}
else
{
FatalError("%s(%d) => Invalid Stream UDP Policy option\n",
file_name, file_line);
}
mSplitFree(&stoks, s_toks);
i++;
}
mSplitFree(&toks, num_toks);
}
if (s5UdpPolicy->bound_addrs == NULL)
{
if (config->default_policy != NULL)
{
FatalError("%s(%d) => Default Stream UDP Policy already set. "
"This policy must be bound to a specific host or "
"network.\n", file_name, file_line);
}
config->default_policy = s5UdpPolicy;
}
else
{
if (s5UdpPolicy->flags & STREAM_CONFIG_IGNORE_ANY)
{
FatalError("%s(%d) => \"ignore_any_rules\" option can be used only"
" with Default Stream UDP Policy\n", file_name, file_line);
}
}
}
/* initialize the output processor for this particular instantiation */
OpAlertSyslog2_Data *OpAlertSyslog2_ParseArgs(char *args)
{
OpAlertSyslog2_Data *data;
char **toks;
int num_toks;
int i;
int header_length = -1;
char *index;
if(pv.verbose)
LogMessage("Parsing %s arguments: %s\n", MODULE_NAME, args);
if(!(data = (OpAlertSyslog2_Data *)calloc(1, sizeof(OpAlertSyslog2_Data))))
{
FatalError("Out of memory creating %s configuration\n", MODULE_NAME);
return NULL;
}
data->facility = -1;
data->severity = -1;
data->socket = -1;
if(args)
{
toks = mSplit(args, ";", 8, &num_toks, 0);
/* XXX error check */
for(i = 0; i < num_toks; i++)
{
char *token = toks[i];
char **subtoks;
int num_subtoks;
long value;
StripWhitespace(&token);
if(*token == '\0')
continue;
/* split the token on ':' */
subtoks = mSplit(token, ":", 2, &num_subtoks, 0);
/* XXX error check */
if(strcasecmp("facility", subtoks[0]) == 0)
{
if(data->facility >= 0)
{
FatalError("%s: Multiple %s arguments\n",
MODULE_NAME, subtoks[0]);
}
/* Process facility Argument */
if(num_subtoks != 2)
{
FatalError("%s: Invalid %s argument: %s\n",
MODULE_NAME, subtoks[0], subtoks[1]);
}
if(String2Long(subtoks[1], &value) == 0)
{
if(value > MAX_FACILITY)
FatalError("%s: Invalid %s argument: %s\n"
MODULE_NAME, subtoks[0], subtoks[1]);
else
data->facility = value;
}
else
{
/* search for match in facility map */
int j = 0;
while(facility_map[j].keyword)
{
if(strcasecmp(facility_map[j].keyword, subtoks[1]) == 0)
{
data->facility = facility_map[j].value;
break;
}
j++;
}
if(data->facility < 0)
{
FatalError("%s: Invalid %s argument: %s\n",
MODULE_NAME, subtoks[0], subtoks[1]);
}
}
}
else if(strcasecmp("severity", subtoks[0]) == 0)
{
if(data->severity >= 0)
{
FatalError("%s: Multiple %s arguments\n",
MODULE_NAME, subtoks[0]);
}
/* Process severity Argument */
if(num_subtoks != 2)
{
FatalError("%s: Invalid %s argument: %s\n",
MODULE_NAME, subtoks[0], subtoks[1]);
}
if(String2Long(subtoks[1], &value) == 0)
{
if(value > MAX_FACILITY)
FatalError("%s: Invalid %s argument: %s\n"
MODULE_NAME, subtoks[0], subtoks[1]);
else
data->severity = value;
}
else
{
/* search for match in severity map */
int j = 0;
while(severity_map[j].keyword)
{
if(strcasecmp(severity_map[j].keyword, subtoks[1]) == 0)
{
data->severity = severity_map[j].value;
break;
}
j++;
}
if(data->severity < 0)
{
FatalError("%s: Invalid %s argument: %s\n",
MODULE_NAME, subtoks[0], subtoks[1]);
}
}
}
else if(strcasecmp("hostname", subtoks[0]) == 0)
{
if(data->hostname)
{
FatalError("%s: Multiple %s arguments\n",
MODULE_NAME, subtoks[0]);
}
/* Must be < 255 bytes and must contain only alphanumeric
* names and embedded '-'s */
if(IsValidHostname(subtoks[1]) != 1)
FatalError("%s: %s argument is not a valid hostname: %s\n",
MODULE_NAME, subtoks[0], subtoks[1]);
if(!(data->hostname = strdup(subtoks[1])))
FatalError("%s: Out of memory processing config\n");
}
else if(strcasecmp("tag", subtoks[0]) == 0)
{
if(data->tag)
{
FatalError("%s: Multiple %s arguments\n",
MODULE_NAME, subtoks[0]);
}
if(IsValidSyslogTag(subtoks[1]) != 1)
FatalError("%s: %s argument is not a valid syslog tag: "
"%s\n", MODULE_NAME, subtoks[0], subtoks[1]);
if(!(data->tag = strdup(subtoks[1])))
FatalError("%s: Out of memory processing config\n");
}
else if(strcasecmp("syslog_host", subtoks[0]) == 0)
{
if(data->syslog_host)
{
FatalError("%s: Multiple %s arguments\n",
MODULE_NAME, subtoks[0]);
}
if(!(data->syslog_host = strdup(subtoks[1])))
FatalError("%s: Out of memory processing config\n");
}
else if(strcasecmp("syslog_port", subtoks[0]) == 0)
{
if(data->syslog_port > 0)
{
FatalError("%s: Multiple %s arguments\n",
MODULE_NAME, subtoks[0]);
}
if(String2Long(subtoks[1], &value) != 0)
FatalError("%s: Invalid %s argument: %s\n",
MODULE_NAME, subtoks[0], subtoks[1]);
if(value < 1 || value > 65535)
FatalError("%s: Invalid %s argument: %s\n",
MODULE_NAME, subtoks[0], subtoks[1]);
data->syslog_port = value;
}
else if(strcasecmp("withpid", subtoks[0]) == 0)
{
if(num_subtoks != 1)
{
FatalError("%s: %s does not take arguments\n",
MODULE_NAME, subtoks[0]);
}
data->pid_flag = 1;
}
else
{
FatalError("%s: Unknown argument: %s\n",
MODULE_NAME, subtoks[0]);
}
FreeToks(subtoks, num_subtoks);
}
FreeToks(toks, num_toks);
}
if(data->facility == -1)
data->facility = DEFAULT_FACILITY;
if(data->severity == -1)
data->severity = DEFAULT_SEVERITY;
if(!data->tag)
{
if(!(data->tag = strdup(PROGRAM_NAME)))
FatalError("%s: Out of memory processing config\n");
}
if(!data->hostname)
{
char hostname[255];
char *index;
if(gethostname(hostname, 255) != 0)
FatalError("%s: Unable to get hostname\n");
/* since we may get a FQDN, munge the hostname */
if((index = strchr(hostname, '.')))
*index = '\0';
if(!(data->hostname = strdup(hostname)))
FatalError("%s: Out of memory processing config\n");
}
if(!data->syslog_host)
{
if(!(data->syslog_host = strdup(DEFAULT_SYSLOG_HOST)))
FatalError("%s: Out of memory processing config\n");
}
if(data->syslog_port == 0)
data->syslog_port = DEFAULT_SYSLOG_PORT;
/* calculate the syslog priority */
data->priority = data->facility * 8 + data->severity;
/* allocate the message buffer */
if(!(data->message_buffer = calloc(MESSAGE_LENGTH, sizeof(char))))
FatalError("%s: Out of memory starting output plugin\n");
/* copy in the basic string */
if(data->pid_flag)
header_length = snprintf(data->message_buffer, MESSAGE_LENGTH,
"<%u>XXX XX XX:XX:XX %s %s[%u]: ",
data->priority, data->hostname, data->tag, getpid());
else
header_length = snprintf(data->message_buffer, MESSAGE_LENGTH,
"<%u>XXX XX XX:XX:XX %s %s: ",
data->priority, data->hostname, data->tag);
if(header_length > MESSAGE_LENGTH)
FatalError("%s: Message header length is too long: %i\n",
header_length);
data->header_length = header_length;
if(!(index = strchr(data->message_buffer, '>')))
FatalError("%s: Error calculating priority field length\n");
data->month_offset = index - data->message_buffer + 1;
data->timestamp_offset = data->month_offset + 4;
if(pv.verbose)
{
}
return data;
}
void ParseClassificationConfig(char *args)
{
char **toks;
int num_toks;
int i;
char *data;
ClassType *newNode;
toks = mSplit(args, ",",3, &num_toks, '\\');
if(num_toks != 3)
{
ErrorMessage("%s(%d): Invalid classification config: %s\n",
args);
goto exit;
}
/* create the new node */
if(!(newNode = (ClassType *)malloc(sizeof(ClassType))))
{
FatalError("Out of memory in ParseClassificationConfig\n");
}
memset(newNode, 0, sizeof(ClassType));
data = toks[0];
while(isspace((int)*data))
data++;
newNode->type = strdup(data); /* XXX: oom check */
data = toks[1];
while(isspace((int)*data))
data++;
newNode->name = strdup(data); /* XXX: oom check */
data = toks[2];
while(isspace((int)*data))
data++;
/* XXX: error checking needed */
newNode->priority = atoi(data); /* XXX: oom check */
if(AddClassificationConfig(newNode) == -1)
{
ErrorMessage("%s(%d): Duplicate classification \"%s\""
"found, ignoring this line\n", file_name, file_line,
newNode->type);
if(newNode)
{
if(newNode->name)
free(newNode->name);
if(newNode->type)
free(newNode->type);
free(newNode);
}
}
exit:
for(i = 0; i < num_toks; i++)
free(toks[i]);
return;
}
}
else
{
fprintf(fp, "[Xref => %s]", ref_node->id);
}
}
void ParseReference(Barnyard2Config *bc, char *args, SigNode *sn)
{
char **toks, *system, *id;
int num_toks;
DEBUG_WRAP(DebugMessage(DEBUG_MAPS, "map: parsing reference %s\n", args););
/* 2 tokens: system, id */
toks = mSplit(args, ",", 2, &num_toks, 0);
if(num_toks != 2)
{
LogMessage("WARNING: invalid Reference spec '%s'. Ignored\n", args);
}
else
{
system = toks[0];
while ( isspace((int) *system) )
system++;
id = toks[1];
while ( isspace((int) *id) )
id++;
sn->refs = AddReference(bc, &sn->refs, system, id);
OpSyslog_Data *OpSyslog_ParseArgs(char *args)
{
OpSyslog_Data *op_data = NULL;
op_data = (OpSyslog_Data *)SnortAlloc(sizeof(OpSyslog_Data));
if(args != NULL)
{
char **toks;
int num_toks;
int i;
/* parse out your args */
toks = mSplit(args, ",", 31, &num_toks, '\\');
for(i = 0; i < num_toks; ++i)
{
char **stoks;
int num_stoks;
char *index = toks[i];
while(isspace((int)*index))
++index;
stoks = mSplit(index, " ", 2, &num_stoks, 0);
if(strcasecmp("port", stoks[0]) == 0)
{
if(num_stoks > 1 )
op_data->port = strtoul(stoks[1], NULL, 0);
else
LogMessage("Argument Error in %s(%i): %s\n", file_name,
file_line, index);
}
else if(strcasecmp("server", stoks[0]) == 0)
{
if(num_stoks > 1 && !op_data->server )
op_data->server = strdup(stoks[1]);
else
LogMessage("Argument Error in %s(%i): %s\n", file_name,
file_line, index);
}
else if(strcasecmp("sensor_name", stoks[0]) == 0)
{
if(num_stoks > 1 && !op_data->sensor_name )
op_data->sensor_name = strdup(stoks[1]);
else
LogMessage("Argument Error in %s(%i): %s\n", file_name,
file_line, index);
}
else if(strcasecmp("protocol", stoks[0]) == 0)
{
if(num_stoks > 1)
{
if(strcasecmp("udp", stoks[1]) == 0)
op_data->proto = 0;
else
op_data->proto = 1;
}
else
LogMessage("Argument Error in %s(%i): %s\n", file_name,
file_line, index);
}
else if(strcasecmp("detail", stoks[0]) == 0)
{
if(num_stoks > 1)
{
if(strcasecmp("full", stoks[1]) == 0)
op_data->detail = 1;
}
else
LogMessage("Argument Error in %s(%i): %s\n", file_name,
file_line, index);
}
else if(strcasecmp("delimiters", stoks[0]) == 0)
{
if(num_stoks >= 1)
{
if( (strlen(stoks[1]) > 3) ||
(strlen(stoks[1]) < 3))
{
LogMessage("Invalid delimiters configured [%s], default will be used \n",stoks[1]);
}
else
{
if(stoks[1][0] == '"' &&
stoks[1][2] == '"')
{
op_data->delim = stoks[1][1];
}
else
{
LogMessage("Invalid delimiters configured [%s], default will be used \n",stoks[1]);
}
}
}
}
else if(strcasecmp("separators", stoks[0]) == 0)
{
if(num_stoks >= 1)
{
if( (strlen(stoks[1]) > 3) ||
(strlen(stoks[1]) < 3))
{
LogMessage("Invalid field separator configured [%s], default will be used \n",stoks[1]);
}
else
{
if(stoks[1][0] == '"' &&
stoks[1][2] == '"')
{
op_data->field_separators = stoks[1][1];
}
else
{
LogMessage("Invalid field separator configured [%s], default will be used. \n",stoks[1]);
}
}
}
}
else if(strcasecmp("operation_mode", stoks[0]) == 0)
{
if(num_stoks >=1)
{
if(strcasecmp("default",stoks[1]))
{
op_data->operation_mode = 0;
}
else if(strcasecmp("complete",stoks[1]))
{
op_data->operation_mode = 1;
}
else
{
LogMessage("Invalid operation_mode defined [%s], will use default mode \n",stoks[1]);
}
}
else
{
LogMessage("Invalid operation_mode defined, will use default mode \n");
}
}
else if(strcasecmp("local", stoks[0]) == 0)
{
op_data->local_logging = 1;
}
else if(strcasecmp("log_facility", stoks[0]) == 0)
{
if(num_stoks >=1)
{
if(!strcasecmp("LOG_KERN", stoks[1]))
{
op_data->syslog_priority |= LOG_KERN;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_KERN");
}
else if(!strcasecmp("LOG_MAIL", stoks[1]))
{
op_data->syslog_priority |= LOG_MAIL;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_MAIL");
}
else if(!strcasecmp("LOG_DAEMON", stoks[1]))
{
op_data->syslog_priority |= LOG_DAEMON;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_DAEMON");
}
else if(!strcasecmp("LOG_AUTH", stoks[1]))
{
op_data->syslog_priority |= LOG_AUTH;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_AUTH");
}
else if(!strcasecmp("LOG_SYSLOG", stoks[1]))
{
op_data->syslog_priority |= LOG_SYSLOG;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_SYSLOG");
}
else if(!strcasecmp("LOG_LPR", stoks[1]))
{
op_data->syslog_priority |= LOG_LPR;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LPR");
}
else if(!strcasecmp("LOG_NEWS", stoks[1]))
{
op_data->syslog_priority |= LOG_NEWS;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_NEWS");
}
else if(!strcasecmp("LOG_UUCP", stoks[1]))
{
op_data->syslog_priority |= LOG_UUCP;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_UUCP");
}
else if(!strcasecmp("LOG_CRON", stoks[1]))
{
op_data->syslog_priority |= LOG_CRON;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_CRON");
}
else if(!strcasecmp("LOG_AUTHPRIV", stoks[1]))
{
op_data->syslog_priority |= LOG_AUTHPRIV;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_AUTHPRIV");
}
else if(!strcasecmp("LOG_FTP", stoks[1]))
{
op_data->syslog_priority |= LOG_FTP;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_FTP");
}
else if(!strcasecmp("LOG_LOCAL1", stoks[1]))
{
op_data->syslog_priority |= LOG_LOCAL1;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL1");
}
else if(!strcasecmp("LOG_LOCAL2", stoks[1]))
{
op_data->syslog_priority |= LOG_LOCAL2;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL2");
}
else if(!strcasecmp("LOG_LOCAL3", stoks[1]))
{
op_data->syslog_priority |= LOG_LOCAL3;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL3");
}
else if(!strcasecmp("LOG_LOCAL4", stoks[1]))
{
op_data->syslog_priority |= LOG_LOCAL4;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL4");
}
else if(!strcasecmp("LOG_LOCAL5", stoks[1]))
{
op_data->syslog_priority |= LOG_LOCAL5;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL5");
}
else if(!strcasecmp("LOG_LOCAL6", stoks[1]))
{
op_data->syslog_priority |= LOG_LOCAL6;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL6");
}
else if(!strcasecmp("LOG_LOCAL7", stoks[1]))
{
op_data->syslog_priority |= LOG_LOCAL7;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL7");
}
else if(!strcasecmp("LOG_USER", stoks[1]))
{
op_data->syslog_priority |= LOG_USER;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_USER");
}
else
{
LogMessage("[%s()]: Unknown log_facility defined [%s], using \"LOG_USER\" as default \n",
__FUNCTION__,
stoks[1]);
op_data->syslog_priority |= LOG_USER;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_USER");
}
}
else
{
LogMessage("No default log_facility defined, using LOG_USER as default \n");
op_data->syslog_priority |= LOG_USER;
}
}
else if(strcasecmp("log_priority", stoks[0]) == 0)
{
if(num_stoks >=1)
{
if(!strcasecmp("LOG_EMERG",stoks[1]))
{
op_data->syslog_priority |= LOG_EMERG;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_EMERG");
}
else if(!strcasecmp("LOG_ALERT", stoks[1]))
{
op_data->syslog_priority |= LOG_ALERT;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_ALERT");
}
else if(!strcasecmp("LOG_CRIT", stoks[1]))
{
op_data->syslog_priority |=LOG_CRIT;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_CRIT");
}
else if(!strcasecmp("LOG_ERR", stoks[1]))
{
op_data->syslog_priority |=LOG_ERR;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_ERR");
}
else if(!strcasecmp("LOG_WARNING", stoks[1]))
{
op_data->syslog_priority |= LOG_WARNING;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_WARNING");
}
else if(!strcasecmp("LOG_NOTICE", stoks[1]))
{
op_data->syslog_priority |= LOG_NOTICE;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_NOTICE");
}
else if(!strcasecmp("LOG_INFO", stoks[1]))
{
op_data->syslog_priority |=LOG_INFO;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_INFO");
}
else if(!strcasecmp("LOG_DEBUG", stoks[1]))
{
op_data->syslog_priority |= LOG_DEBUG;
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_DEBUG");
}
else
{
LogMessage("[%s()]: Unknown log_priority defined [%s], using \"LOG_INFO\" as default \n",
__FUNCTION__,
stoks[1]);
op_data->syslog_priority |= LOG_INFO;
}
}
else
{
LogMessage("No default log_priority defined, using LOG_INFO as default \n");
op_data->syslog_priority |= LOG_INFO;
}
}
else
{
fprintf(stderr, "WARNING %s (%d) => Unrecognized argument for "
"SyslogFull plugin: %s\n", file_name, file_line, index);
}
}
/* free your mSplit tokens */
mSplitFree(&toks, num_toks);
}
/* Default */
if(op_data->sensor_name == NULL)
{
FatalError("You must specify a sensor name\n");
}
if(op_data->syslog_priority == 0)
{
op_data->syslog_priority = LOG_INFO | LOG_USER;
snprintf(op_data->syslog_tx_facility,16,"%s","LOG_USER");
snprintf(op_data->syslog_tx_priority,16,"%s","LOG_INFO");
}
if(op_data->local_logging == 1)
{
LogMessage("Local logging enabled, WILL NOT send information to a remote syslog \n");
}
if( op_data->local_logging == 0)
{
if(op_data->port == 0)
{
LogMessage("Using default Syslog port [%u] \n",op_data->port);
op_data->port = 514;
}
if( op_data->server == NULL)
{
FatalError("You must specify a valid server \n");
}
}
if(op_data->operation_mode == 0)
{
LogMessage("using operation_mode: default \n");
}
else if(op_data->operation_mode == 1)
{
LogMessage("using operation_mode: complete \n");
if(op_data->delim == 0)
{
LogMessage("Using default delimiters for syslog messages \"|\"\n");
op_data->delim = '|';
}
else
{
LogMessage("Using \"%c\" as delimiters for syslog messages \n",op_data->delim);
}
if(op_data->field_separators == 0)
{
LogMessage("Using default field separators for syslog messages \" \"\n");
op_data->field_separators= ' ';
}
else
{
LogMessage("Using \"%c\" as field separators for syslog messages \n",op_data->field_separators);
}
}
else
{
LogMessage("Defaulting operation_mode to default. \n");
op_data->operation_mode = 0;
}
return op_data;
}
/*
* Function: ParseIP(char *, IpAddrSet *)
*
* Purpose: Convert a supplied IP address to it's network order 32-bit long
* value. Also convert the CIDR block notation into a real
* netmask.
*
* Arguments: char *addr => address string to convert
* IpAddrSet * =>
*
*
* Returns: 0 for normal addresses, 1 for an "any" address
*/
int ParseIP(char *paddr, IpAddrSet *address_data)
{
char **toks; /* token dbl buffer */
int num_toks; /* number of tokens found by mSplit() */
int cidr = 1; /* is network expressed in CIDR format */
int nmask; /* netmask temporary storage */
char *addr; /* string to parse, eventually a
* variable-contents */
struct hostent *host_info; /* various struct pointers for stuff */
struct sockaddr_in sin; /* addr struct */
addr = paddr;
if(*addr == '!')
{
address_data->addr_flags |= EXCEPT_IP;
addr++; /* inc past the '!' */
}
/* check for wildcards */
if(!strcasecmp(addr, "any"))
{
address_data->ip_addr = 0;
address_data->netmask = 0;
return 1;
}
/* break out the CIDR notation from the IP address */
toks = mSplit(addr, "/", 2, &num_toks, 0);
/* "/" was not used as a delimeter, try ":" */
if(num_toks == 1)
{
mSplitFree(&toks, num_toks);
toks = mSplit(addr, ":", 2, &num_toks, 0);
}
/*
* if we have a mask spec and it is more than two characters long, assume
* it is netmask format
*/
if((num_toks > 1) && strlen(toks[1]) > 2)
{
cidr = 0;
}
switch(num_toks)
{
case 1:
address_data->netmask = netmasks[32];
break;
case 2:
if(cidr)
{
/* convert the CIDR notation into a real live netmask */
nmask = atoi(toks[1]);
/* it's pain to differ whether toks[1] is correct if netmask */
/* is /0, so we deploy some sort of evil hack with isdigit */
if(!isdigit((int) toks[1][0]))
nmask = -1;
if((nmask > -1) && (nmask < 33))
{
address_data->netmask = netmasks[nmask];
}
else
{
FatalError("ERROR %s(%d): Invalid CIDR block for IP addr "
"%s\n", file_name, file_line, addr);
}
}
else
{
/* convert the netmask into its 32-bit value */
/* broadcast address fix from
* Steve Beaty <*****@*****.**>
*/
/*
* if the address is the (v4) broadcast address, inet_addr *
* returns -1 which usually signifies an error, but in the *
* broadcast address case, is correct. we'd use inet_aton() *
* here, but it's less portable.
*/
if(!strncmp(toks[1], "255.255.255.255", 15))
{
address_data->netmask = INADDR_BROADCAST;
}
else if((address_data->netmask = inet_addr(toks[1])) == -1)
{
FatalError("ERROR %s(%d): Unable to parse rule netmask "
"(%s)\n", file_name, file_line, toks[1]);
}
}
break;
default:
FatalError("ERROR %s(%d) => Unrecognized IP address/netmask %s\n",
file_name, file_line, addr);
break;
}
#ifndef WORDS_BIGENDIAN
/*
* since PC's store things the "wrong" way, shuffle the bytes into the
* right order. Non-CIDR netmasks are already correct.
*/
if(cidr)
{
address_data->netmask = htonl(address_data->netmask);
}
#endif
/* convert names to IP addrs */
if(isalpha((int) toks[0][0]))
{
/* get the hostname and fill in the host_info struct */
if((host_info = gethostbyname(toks[0])))
{
/* protecting against malicious DNS servers */
if(host_info->h_length <= sizeof(sin.sin_addr))
{
bcopy(host_info->h_addr, (char *) &sin.sin_addr, host_info->h_length);
}
else
{
bcopy(host_info->h_addr, (char *) &sin.sin_addr, sizeof(sin.sin_addr));
}
}
else if((sin.sin_addr.s_addr = inet_addr(toks[0])) == INADDR_NONE)
{
FatalError("ERROR %s(%d): Couldn't resolve hostname %s\n",
file_name, file_line, toks[0]);
}
address_data->ip_addr = ((u_long) (sin.sin_addr.s_addr) &
(address_data->netmask));
mSplitFree(&toks, num_toks);
return 1;
}
/* convert the IP addr into its 32-bit value */
/* broadcast address fix from Steve Beaty <*****@*****.**> */
/*
* if the address is the (v4) broadcast address, inet_addr returns -1 *
* which usually signifies an error, but in the broadcast address case, *
* is correct. we'd use inet_aton() here, but it's less portable.
*/
if(!strncmp(toks[0], "255.255.255.255", 15))
{
address_data->ip_addr = INADDR_BROADCAST;
}
else if((address_data->ip_addr = inet_addr(toks[0])) == -1)
{
FatalError("ERROR %s(%d): Rule IP addr (%s) didn't translate\n",
file_name, file_line, toks[0]);
}
else
{
/* set the final homenet address up */
address_data->ip_addr = ((u_long) (address_data->ip_addr) &
(address_data->netmask));
}
mSplitFree(&toks, num_toks);
return 0;
}
int parse_log_conf()
{
char syslog_path[128] = {0};
FILE *fp;
char line[1024];
char *remote_server = NULL;
uint16_t remote_port = 0;
char *p;
char **toks;
int num_toks;
strncpy(syslog_path, pv.conf_path, 128);
strcat(syslog_path, "/sft_syslog.conf");
if ((fp = fopen(syslog_path, "rb")) == NULL) {
E("-------open log config file [%s] fail.\n", pv.conf_path);
return -1;
}
while(fgets(line, 1024, fp)) {
if (*line == '#')
continue;
toks = mSplit(line, "=", 2, &num_toks, 0);
if(unlikely(num_toks != 2))
goto free_toks;
_strim(toks[0]);
trim_specific(toks[1], "\"");
printf("[%s]--[%s]\n",toks[0], toks[1]);
if (strncmp(toks[0], "enableSYSLOG", strlen("enableSYSLOG")) == 0) {
if (strncmp(toks[1], "1", 1) == 0) {
pv.urlog = 1;
pv.qqlog = 1;
D("syslog is enabled!\n");
} else {
pv.urlog = 0;
pv.qqlog = 0;
D("syslog is disabled!\n");
}
} else if (strncmp(toks[0], "remote_server", strlen("remote_server")) == 0 && is_ipv4_addr(toks[1])) {
remote_server = strdup(toks[1]);
} else if (strncmp(toks[0], "remote_port", strlen("remote_port")) == 0 && atoi(toks[1]) > 0) {
remote_port = (uint16_t) atoi(toks[1]);
}
free_toks:
memset(line, 0x00, 1024);
mSplitFree(&toks, num_toks);
}
fclose(fp);
printf("peer addr is %s:%u\n",remote_server, remote_port);
if (pv.urlog && pv.qqlog && remote_server && remote_port) {
if (pv.syslog_sd)
close(pv.syslog_sd);
pv.syslog_sd = socket(PF_INET, SOCK_DGRAM, 0);
if (pv.syslog_sd<0) {
perror("socket()");
exit(1);
}
pv.syslog_peer_addr.sin_family = AF_INET;
pv.syslog_peer_addr.sin_port = htons(remote_port);
inet_pton(AF_INET, remote_server, &pv.syslog_peer_addr.sin_addr);
D("connect remote syslog server\n");
}
return 0;
}
int updateUser(USER_INFO *userInfo, char *pass)
{
int i;
FILE *pf ;
FILE *pTmp;
MD5_CTX c;
unsigned char md[16];
char password[16*2];
//
// 判断是否存在相同的用户名
//
if (haveUser(userInfo) == 0)
return USER_NO_EXIST;
//
// 计算口令的摘要
//
MD5_Init(&c);
MD5_Update(&c,pass,strlen(pass));
MD5_Final(md,&c);
memset(&c,0,sizeof(c));
//
// 将摘要转换为十六进制字符
//
for (i=0; i<16; i++)
sprintf(password+(i*2),"%02x",md[i]);
//
// 打开用户文件
//
pf = fopen(USER_FILE,"r");
if (pf)
{
char tempFile[STD_BUF];
char buf[STD_BUF];
//
// 生成临时文件名
//
sprintf(tempFile,"%s.temp",USER_FILE);
pTmp = fopen(tempFile,"w");
while((pTmp)&&(fgets(buf, STD_BUF, pf) != NULL))
{
char *index = buf;
//
// 去掉空白符
//
while(*index == ' ' || *index == '\t')
index++;
//
// 注释行,空行去掉。以字符“#”和“;”开始的行为注释行。
//
if((*index != '#') && (*index != 0x0a) && (*index != ';') && (index != NULL))
{
int k;
char **toks;
int num_toks;
//
// 分解字段
//
toks = mSplit(index, " \t", 5, &num_toks, 0);
if ((num_toks == 4)||(num_toks == 3))
{
if ((unsigned int)atoi(toks[0])!=userInfo->id)
{
//
// 其他用户信息写入临时文件
//
fwrite(buf,strlen(buf),1,pTmp);
}
else
{
char buf[20];
//
// 写入新的数据
//
sprintf(buf,"\n%d\t",userInfo->id);
fwrite(buf,strlen(buf),1,pTmp);
fwrite(userInfo->name,strlen(userInfo->name),1,pTmp);
fwrite("\t",1,1,pTmp);
fwrite(password,sizeof(password),1,pTmp);
fwrite("\t",1,1,pTmp);
fwrite(userInfo->email,strlen(userInfo->email),1,pTmp);
}
}
//
// 释放mSplit分配的内存
//
for(k=0;k<num_toks;k++)
free(toks[k]);
free(toks);
}
else
{
//
// 将注释行写入文件
//
fwrite(buf,strlen(buf),1,pTmp);
}
}
fclose(pf);
if (pTmp)
{
fclose(pTmp);
unlink(USER_FILE); // 删除原文件:可能出现同步问题.
rename(tempFile,USER_FILE); // 改名为新文件
return OK;
}
else
return OPEN_TEMP_FILE_FALSE ;
}
else
return OPEN_USER_FILE_FALSE ;
}
void listUser(char *operate)
{
char buf[STD_BUF];
FILE *pf;
int oper;
int line = 0;
//
// 打开用户数据文件
//
pf = fopen(USER_FILE,"r");
if (pf)
{
if (strcmp(operate,"删除")==0)
{
printf("<FORM name=\"request\" action=\"/cgi-bin/delUser.cgi\" method=POST\">"
"<BR><P><P><TABLE width=\"60%\" border=\"1\" bordercolorlight=\"#808080\" bordercolordark=\"#FFFFFF\" cellpadding=\"0\" cellspacing=\"0\" id=\"AutoNumber1\" height=\"1\" align=center >");
//
// 输出表栏
//
printf("<tr><th height=\"24\" bgcolor=\"#E1E1E1\"><span style=\"font-weight: 400\">用户名</span></th><th height=\"24\" bgcolor=\"#E1E1E1\"><span style=\"font-weight: 400\">邮件地址</span></th><th height=\"24\" bgcolor=\"#E1E1E1\"><span style=\"font-weight: 400\">删除</span></th></tr>");
oper = 1;
}
while(fgets(buf, STD_BUF, pf) != NULL)
{
char *index = buf;
//
// 去掉空白符
//
while(*index == ' ' || *index == '\t')
index++;
//
// 注释行,空行去掉。以字符“#”和“;”开始的行为注释行。
//
if((*index != '#') && (*index != 0x0a) && (*index != ';') && (index != NULL))
{
char **toks;
int num_toks,i;
//
// 分解字段
//
toks = mSplit(index, " \t", 5, &num_toks, 0);
if ((num_toks == 4)||(num_toks == 3))
{
if (oper == 1)
{
//printf("<tr bgColor=#ffffff onmouseout=\"this.style.backgroundColor='#FFFFff'\" onmouseover=\"this.style.backgroundColor='#D7F1FB'\">");
printf("<tr bgColor=#ffffff onmouseout=\"this.style.backgroundColor='#FFFFff'\" "
"onmouseover=\"this.style.backgroundColor='#D7F1FB'\">"
"<th align=\"left\" height=\"24\" ><span style=\"font-weight: 400\">");
DisplayEncodeHttp(toks[1]);
printf("</span></th><th align=\"left\" height=\"24\" ><span style=\"font-weight: 400\">");
DisplayEncodeHttp(toks[3]);
printf("</span></th><th height=\"24\" ><span style=\"font-weight: 400\">"
"<input type=\"checkbox\" name=\"record%d\"></span></th></tr>",line);
//printf("<td height=\"24\" ><span style=\"font-weight: 400\">%s</span></td>",toks[order[i]]);
}
printf("<input type=\"hidden\" name=delKey%d value=\"",line++);
DisplayEncodeHttp(toks[1]);
printf("\">\n");
}
for (i=0;i<num_toks;i++)
free(toks[i]);
free(toks);
}
}
fclose(pf);
printf("<input type=hidden name=numDel value=%d>",line);
printf("</table><P><P><center><input type=submit value=\"确认删除\">");
}
}
static void StreamParseIcmpArgs(char *args, StreamIcmpPolicy *s5IcmpPolicy)
{
char **toks;
int num_toks;
int i;
char **stoks = NULL;
int s_toks;
char *endPtr = NULL;
s5IcmpPolicy->session_timeout = STREAM_DEFAULT_SSN_TIMEOUT;
//s5IcmpPolicy->flags = 0;
if(args != NULL && strlen(args) != 0)
{
toks = mSplit(args, ",", 0, &num_toks, 0);
for (i = 0; i < num_toks; i++)
{
stoks = mSplit(toks[i], " ", 2, &s_toks, 0);
if (s_toks == 0)
{
FatalError("%s(%d) => Missing parameter in Stream ICMP config.\n",
file_name, file_line);
}
if(!strcasecmp(stoks[0], "timeout"))
{
if(stoks[1])
{
s5IcmpPolicy->session_timeout = strtoul(stoks[1], &endPtr, 10);
}
if (!stoks[1] || (endPtr == &stoks[1][0]) || *endPtr)
{
FatalError("%s(%d) => Invalid timeout in config file. Integer parameter required.\n",
file_name, file_line);
}
if ((s5IcmpPolicy->session_timeout > STREAM_MAX_SSN_TIMEOUT) ||
(s5IcmpPolicy->session_timeout < STREAM_MIN_SSN_TIMEOUT))
{
FatalError("%s(%d) => Invalid timeout in config file. "
"Must be between %d and %d\n",
file_name, file_line,
STREAM_MIN_SSN_TIMEOUT, STREAM_MAX_SSN_TIMEOUT);
}
if (s_toks > 2)
{
FatalError("%s(%d) => Invalid Stream ICMP Policy option. Missing comma?\n",
file_name, file_line);
}
}
else
{
FatalError("%s(%d) => Invalid Stream ICMP policy option\n",
file_name, file_line);
}
mSplitFree(&stoks, s_toks);
}
mSplitFree(&toks, num_toks);
}
}
int delUser(int numDel,char **delKey)
{
FILE *pf ;
FILE *pTmp;
//
// 打开用户文件
//
pf = fopen(USER_FILE,"r");
if (pf)
{
char tempFile[STD_BUF];
char buf[STD_BUF];
//
// 生成临时文件名
//
sprintf(tempFile,"%s.temp",USER_FILE);
pTmp = fopen(tempFile,"w");
while((pTmp)&&(fgets(buf, STD_BUF, pf) != NULL))
{
char *index = buf;
//
// 去掉空白符
//
while(*index == ' ' || *index == '\t')
index++;
//
// 注释行,空行去掉。以字符“#”和“;”开始的行为注释行。
//
if((*index != '#') && (*index != 0x0a) && (*index != ';') && (index != NULL))
{
char **toks;
int num_toks;
int k;
//
// 分解字段
//
toks = mSplit(index, " \t", 5, &num_toks, 0);
if ((num_toks == 4)||(num_toks == 3))
{
int k=0;
//
// 判断是否是删除的用户
//
for(k=0;k<numDel;k++)
{
if (strcmp(delKey[k],toks[1])==0)
{
if (strlen(delKey[k])>strlen(toks[0]))
strcpy(delKey[k],toks[0]);
else
{
char *p;
p=(char*)malloc(strlen(toks[0])+1);
if (p)
{
free(delKey[k]);
delKey[k]=p;
strcpy(delKey[k],toks[0]);
}
}
break;
}
}
if (k>=numDel)
{
//
// 其他用户信息写入临时文件
//
fputs(buf,pTmp);
fwrite("\n",1,1,pTmp);
}
}
//
// 释放mSplit分配的内存
//
for(k=0;k<num_toks;k++)
free(toks[k]);
free(toks);
}
else
{
//
// 将注释行写入文件
//
fputs(buf,pTmp);
}
}
fclose(pf);
if (pTmp)
{
fclose(pTmp);
unlink(USER_FILE); // 删除原文件:可能出现同步问题.
rename(tempFile,USER_FILE); // 改名为新文件
//
// 删除访问控制文件中的被删除的用户使用的资源。
//
return delMultiRecord(0,numDel,delKey,ACCESS_FILE,NULL);
}
else
return OPEN_TEMP_FILE_FALSE ;
}
else
return OPEN_USER_FILE_FALSE ;
}
/*
* Function: ParseIP(char *, IpAddrSet *)
*
* Purpose: Convert a supplied IP address to it's network order 32-bit long
* value. Also convert the CIDR block notation into a real
* netmask.
*
* Arguments: char *addr => address string to convert
* IpAddrSet * =>
*
*
* Returns: 0 for normal addresses, 1 for an "any" address
*/
int ParseIP(char *paddr, IpAddrSet *ias, int negate) //, IpAddrNode *node)
{
char **toks; /* token dbl buffer */
int num_toks; /* number of tokens found by mSplit() */
int cidr = 1; /* is network expressed in CIDR format */
int nmask = -1; /* netmask temporary storage */
char *addr; /* string to parse, eventually a
* variable-contents */
struct hostent *host_info; /* various struct pointers for stuff */
struct sockaddr_in sin; /* addr struct */
char broadcast_addr_set = 0;
IpAddrNode *address_data = (IpAddrNode*)SnortAlloc(sizeof(IpAddrNode));
if(!paddr || !ias)
return 1;
addr = paddr;
if(*addr == '!')
{
negate = !negate;
// address_data->addr_flags |= EXCEPT_IP;
addr++; /* inc past the '!' */
}
/* check for wildcards */
if(!strcasecmp(addr, "any"))
{
if(negate)
{
FatalError("%s(%d) => !any is not allowed\n", file_name, file_line);
}
/* Make first node 0, which matches anything */
if(!ias->iplist)
{
ias->iplist = (IpAddrNode*)SnortAlloc(sizeof(IpAddrNode));
}
ias->iplist->ip_addr = 0;
ias->iplist->netmask = 0;
free(address_data);
return 1;
}
/* break out the CIDR notation from the IP address */
toks = mSplit(addr, "/", 2, &num_toks, 0);
/* "/" was not used as a delimeter, try ":" */
if(num_toks == 1)
{
mSplitFree(&toks, num_toks);
toks = mSplit(addr, ":", 2, &num_toks, 0);
}
/*
* if we have a mask spec and it is more than two characters long, assume
* it is netmask format
*/
if((num_toks > 1) && strlen(toks[1]) > 2)
{
cidr = 0;
}
switch(num_toks)
{
case 1:
address_data->netmask = netmasks[32];
break;
case 2:
if(cidr)
{
/* convert the CIDR notation into a real live netmask */
nmask = atoi(toks[1]);
/* it's pain to differ whether toks[1] is correct if netmask */
/* is /0, so we deploy some sort of evil hack with isdigit */
if(!isdigit((int) toks[1][0]))
nmask = -1;
/* if second char is != '\0', it must be a digit
* by Daniel B. Cid, [email protected]
*/
if((toks[1][1] != '\0')&&(!isdigit((int) toks[1][1]) ))
nmask = -1;
if((nmask > -1) && (nmask < 33))
{
address_data->netmask = netmasks[nmask];
}
else
{
FatalError("%s(%d): Invalid CIDR block for IP addr "
"%s\n", file_name, file_line, addr);
}
}
else
{
/* convert the netmask into its 32-bit value */
/* broadcast address fix from
* Steve Beaty <*****@*****.**>
*/
/*
* if the address is the (v4) broadcast address, inet_addr *
* returns -1 which usually signifies an error, but in the *
* broadcast address case, is correct. we'd use inet_aton() *
* here, but it's less portable.
*/
if(!strncmp(toks[1], "255.255.255.255", 15))
{
address_data->netmask = INADDR_BROADCAST;
}
else if((address_data->netmask = inet_addr(toks[1])) == INADDR_NONE)
{
FatalError("%s(%d): Unable to parse rule netmask "
"(%s)\n", file_name, file_line, toks[1]);
}
/* Set nmask so we don't try to do a host lookup below.
* The value of 0 is irrelevant. */
nmask = 0;
}
break;
default:
FatalError("%s(%d) => Unrecognized IP address/netmask %s\n",
file_name, file_line, addr);
break;
}
sin.sin_addr.s_addr = inet_addr(toks[0]);
#ifndef WORDS_BIGENDIAN
/*
* since PC's store things the "wrong" way, shuffle the bytes into the
* right order. Non-CIDR netmasks are already correct.
*/
if(cidr)
{
address_data->netmask = htonl(address_data->netmask);
}
#endif
/* broadcast address fix from Steve Beaty <*****@*****.**> */
/* Changed location */
if(!strncmp(toks[0], "255.255.255.255", 15))
{
address_data->ip_addr = INADDR_BROADCAST;
broadcast_addr_set = 1;
}
else if (nmask == -1)
{
/* Try to do a host lookup if the address didn't
* convert to a valid IP and there were not any
* mask bits specified (CIDR or dot notation). */
if(sin.sin_addr.s_addr == INADDR_NONE)
{
/* get the hostname and fill in the host_info struct */
host_info = gethostbyname(toks[0]);
if (host_info)
{
/* protecting against malicious DNS servers */
if(host_info->h_length <= (int)sizeof(sin.sin_addr))
{
bcopy(host_info->h_addr, (char *) &sin.sin_addr, host_info->h_length);
}
else
{
bcopy(host_info->h_addr, (char *) &sin.sin_addr, sizeof(sin.sin_addr));
}
}
/* Using h_errno */
else if(h_errno == HOST_NOT_FOUND)
/*else if((sin.sin_addr.s_addr = inet_addr(toks[0])) == INADDR_NONE)*/
{
FatalError("%s(%d): Couldn't resolve hostname %s\n",
file_name, file_line, toks[0]);
}
}
else
{
/* It was a valid IP address with no netmask specified. */
/* Noop */
}
}
else
{
if(sin.sin_addr.s_addr == INADDR_NONE)
{
/* It was not a valid IP address but had a valid netmask. */
FatalError("%s(%d): Rule IP addr (%s) didn't translate\n",
file_name, file_line, toks[0]);
}
}
/* Only set this if we haven't set it above as 255.255.255.255 */
if (!broadcast_addr_set)
{
address_data->ip_addr = ((u_long) (sin.sin_addr.s_addr) &
(address_data->netmask));
}
mSplitFree(&toks, num_toks);
/* Add new IP address to address set */
if(!negate)
{
IpAddrNode *idx;
if(!ias->iplist)
{
ias->iplist = address_data;
}
else
{
/* Get to the end of the list */
for(idx = ias->iplist; idx->next; idx=idx->next) ;
idx->next = address_data;
}
}
else
{
IpAddrNode *idx;
if(!ias->neg_iplist)
{
ias->neg_iplist = address_data;
}
else
{
/* Get to the end of the list */
for(idx = ias->neg_iplist; idx->next; idx=idx->next) ;
idx->next = address_data;
}
address_data->addr_flags |= EXCEPT_IP;
}
return 0;
}
/*
threshold gen_id #, sig_id #, type limit|threshold|both, track by_src|by_dst, count #, seconds #
8/25/03 - added support for a global threshold, uses sid = 0, and is applied after all other thresholding so
a sid specific threshold or suppress command has precedence...
*/
void ParseSFThreshold( FILE * fp, char * rule )
{
char **args, **oargs;
int nargs, noargs;
THDX_STRUCT thdx;
int count_flag=0;
int seconds_flag=0;
int type_flag=0;
int tracking_flag=0;
/*
int priority_flag=0;
*/
int genid_flag=0;
int sigid_flag=0;
int i;
memset( &thdx, 0, sizeof(THDX_STRUCT) );
while( (*rule <= ' ') && (*rule > 0) ) rule++; /* skip whitespace */
while( (*rule > ' ') ) rule++; /* skip 'threshold' */
args = mSplit(rule,",",15,&nargs,0); /* get rule option pairs */
for( i=0; i<nargs; i++ )
{
oargs = mSplit(args[i]," ",2,&noargs,0); /* get rule option pairs */
if( noargs != 2 )
{
FatalError("Threshold Parse: argument pairing error\n");
}
if( strcmp(oargs[0],"type")==0 )
{
if( strcmp(oargs[1],"limit") == 0 )
{
thdx.type = THD_TYPE_LIMIT;
}
else if( strcmp(oargs[1],"threshold") == 0 )
{
thdx.type = THD_TYPE_THRESHOLD;
}
else if( strcmp(oargs[1],"both") == 0 )
{
thdx.type = THD_TYPE_BOTH;
}
else
{
/* Fatal incorrect threshold type */
FatalError("Threshold-Parse: incorrect 'type' argument \n");
}
type_flag++;
}
else if( strcmp(oargs[0],"track")==0 )
{
if( strcmp(oargs[1],"by_src") == 0 )
{
thdx.tracking = THD_TRK_SRC;
}
else if( strcmp(oargs[1],"by_dst") == 0 )
{
thdx.tracking = THD_TRK_DST;
}
else
{
/* Fatal incorrect threshold type */
FatalError("Threshold-Parse: incorrect tracking type\n");
}
tracking_flag++;
}
else if( strcmp(oargs[0],"count")==0 )
{
thdx.count = xatou(oargs[1],"threshold: count");
count_flag++;
}
else if( strcmp(oargs[0],"seconds")==0 )
{
thdx.seconds = xatou(oargs[1],"threshold: seconds");
seconds_flag++;
}
else if( strcmp(oargs[0],"gen_id")==0 )
{
thdx.gen_id = xatou(oargs[1],"threshold: gen_id");
genid_flag++;
if( oargs[1][0]== '-' )
FatalError("Threshold-Parse: gen_id < 0 not supported '%s %s'\n",oargs[0],oargs[1]);
}
else if( strcmp(oargs[0],"sig_id")==0 )
{
thdx.sig_id = xatou(oargs[1],"threshold: sig_id");
sigid_flag++;
if( oargs[1][0]== '-' )
FatalError("Threshold-Parse: sig_id < 0 not supported '%s %s'\n",oargs[0],oargs[1]);
}
else
{
/* Fatal incorrect threshold type */
FatalError("Threshold-Parse: unsupported option : %s %s\n",oargs[0],oargs[1]);
}
}
if( (count_flag + tracking_flag + type_flag + seconds_flag + genid_flag + sigid_flag) != 6 )
{
/* Fatal - incorrect argument count */
FatalError("Threshold-Parse: incorrect argument count\n");
}
if( sfthreshold_create( &thdx ) )
{
if( thdx.sig_id == 0 )
{
FatalError("Global Threshold-Parse: could not create a threshold object -- only one per gen_id=%u!\n",thdx.gen_id);
}
else
{
if( thdx.gen_id == 0 )
{
FatalError("Global Threshold-Parse: could not create a threshold object -- a gen_id < 0 requires a sig_id < 0, sig_id=%u !\n",thdx.sig_id);
}
else
{
FatalError("Threshold-Parse: could not create a threshold object -- only one per sig_id=%u!\n",thdx.sig_id);
}
}
}
mSplitFree(&args, nargs);
mSplitFree(&oargs, noargs);
}
