gchar * sim_event_get_text_escape_fields_values (SimEvent *event) { int i; gchar *e_fields[N_TEXT_FIELDS]; gchar *fields[N_TEXT_FIELDS]; GString * st; GdaConnection *conn; gchar *src_mac = NULL, *dst_mac = NULL; conn = sim_database_get_conn (ossim.dbossim); st = g_string_new (""); if (st == NULL) return NULL; if (event->src_mac) src_mac = sim_mac_to_db_string (event->src_mac); if (event->dst_mac) dst_mac = sim_mac_to_db_string (event->dst_mac); fields[SimTextFieldUsername] = event->username; fields[SimTextFieldPassword] = event->password; fields[SimTextFieldFilename] = event->filename; fields[SimTextFieldUserdata1] = event->userdata1; fields[SimTextFieldUserdata2] = event->userdata2; fields[SimTextFieldUserdata3] = event->userdata3; fields[SimTextFieldUserdata4] = event->userdata4; fields[SimTextFieldUserdata5] = event->userdata5; fields[SimTextFieldUserdata6] = event->userdata6; fields[SimTextFieldUserdata7] = event->userdata7; fields[SimTextFieldUserdata8] = event->userdata8; fields[SimTextFieldUserdata9] = event->userdata9; fields[SimTextFieldRulename] = event->rulename; fields[SimTextFieldValue] = event->value; for (i = 0; i< N_TEXT_FIELDS; i++) { if (fields[i] != NULL) { e_fields[i] = sim_str_escape (fields[i], conn, 0); g_string_append_printf (st, "'%s'%s", e_fields[i], i != (N_TEXT_FIELDS-1) ? "," : ""); g_free (e_fields[i]); } else { g_string_append_printf (st, "'%s'%s","", i != (N_TEXT_FIELDS-1) ? "," : ""); } } g_free (src_mac); g_free (dst_mac); return g_string_free (st,FALSE); }
void sim_db_update_host_properties (SimDatabase *database, SimUuid *context_id, SimUuid *sensor_id, SimIdmEntry *entry, SimIdmEntryChanges *changes, gboolean is_ip_update) { gchar *query; gchar *values; gchar *property, *e_property; const gchar *host_id_str; const gchar *ip_str; host_id_str = sim_uuid_get_db_string (sim_idm_entry_get_host_id (entry)); ip_str = sim_inet_get_db_string (sim_idm_entry_get_ip (entry)); // 'host' and 'host_sensor_reference' table if (changes->host_id) { query = g_strdup_printf ("INSERT IGNORE INTO host (id, ctx, asset, threshold_c, threshold_a) VALUES (%s, %s, %d, %d, %d)", host_id_str, sim_uuid_get_db_string (context_id), 2, 30, 30); sim_database_execute_no_query (database, query); g_free (query); query = g_strdup_printf ("INSERT IGNORE INTO host_sensor_reference (host_id, sensor_id) VALUES (%s, %s)", host_id_str, sim_uuid_get_db_string (sensor_id)); sim_database_execute_no_query (database, query); g_free (query); } if (changes->hostname) { query = g_strdup_printf ("UPDATE host SET hostname = '%s' WHERE id = %s AND ctx = %s", sim_idm_entry_get_hostname (entry), host_id_str, sim_uuid_get_db_string (context_id)); sim_database_execute_no_query (database, query); g_free (query); } if (changes->fqdns) { query = g_strdup_printf ("UPDATE host SET fqdns = '%s' WHERE id = %s AND ctx = %s", sim_idm_entry_get_fqdns (entry), host_id_str, sim_uuid_get_db_string (context_id)); sim_database_execute_no_query (database, query); g_free (query); } query = NULL; // 'host_ip' table if (changes->ip || changes->mac) { const gchar *mac_text; gchar *mac_bin; mac_text = sim_idm_entry_get_mac (entry); if (is_ip_update) { if (mac_text) { mac_bin = sim_mac_to_db_string (mac_text); query = g_strdup_printf ("UPDATE host_ip SET ip=%s, mac=%s " "WHERE host_id = %s", ip_str, mac_bin, host_id_str); g_free (mac_bin); } else { query = g_strdup_printf ("UPDATE host_ip SET ip=%s " "WHERE host_id = %s", ip_str, host_id_str); } } else { if (mac_text) { mac_bin = sim_mac_to_db_string (mac_text); query = g_strdup_printf ("REPLACE host_ip (host_id, ip, mac) VALUES (%s, %s, %s)", host_id_str, ip_str, mac_bin); g_free (mac_bin); } else { query = g_strdup_printf ("REPLACE host_ip (host_id, ip) VALUES (%s, %s)", host_id_str, ip_str); } } } if (query) { sim_database_execute_no_query (database, query); g_free (query); } // 'host_properties' table if (changes->username) { property = (gchar *)sim_idm_entry_get_username (entry); /* Delete old usernames */ query = g_strdup_printf ("DELETE FROM host_properties WHERE host_id = %s AND property_ref = %d", host_id_str, SIM_HOST_PROP_USERNAME); sim_database_execute_no_query (database, query); g_free (query); if (property != NULL && strlen(property) > 0) { /* Here, I need to SPLIT the user name. I need a row for each one */ gchar **usernames = NULL; gchar **username_loop= NULL; usernames = username_loop = g_strsplit (property, ",", -1); while (*username_loop) { e_property = sim_database_str_escape (database, *username_loop, 0); query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_USERNAME, sim_idm_entry_get_source_id (entry), e_property); sim_database_execute_no_query (database, query); g_free (query); g_free (e_property); username_loop++; } g_strfreev (usernames); } } if (changes->os) { //ENG-99163 We cannot use replace here, becuase value is part of the primary key. // We only should allow one os per host_id. // At this point we know that the revelance of the property>=old property relevance. e_property = sim_database_str_escape (database, sim_idm_entry_get_os (entry), 0); query = g_strdup_printf ("DELETE FROM host_properties WHERE host_id = %s and property_ref=%d", host_id_str, SIM_HOST_PROP_OS); sim_database_execute_no_query (database, query); g_free (query); query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_OS, sim_idm_entry_get_source_id (entry), e_property); sim_database_execute_no_query (database, query); g_free (query); g_free (e_property); } if (changes->cpu) { e_property = sim_database_str_escape (database, sim_idm_entry_get_cpu (entry), 0); query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_CPU, sim_idm_entry_get_source_id (entry), e_property); sim_database_execute_no_query (database, query); g_free (query); g_free (e_property); } if (changes->memory) { query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%d')", host_id_str, SIM_HOST_PROP_MEMORY, sim_idm_entry_get_source_id (entry), sim_idm_entry_get_memory (entry)); sim_database_execute_no_query (database, query); g_free (query); } if (changes->video) { e_property = sim_database_str_escape (database, sim_idm_entry_get_video (entry), 0); query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_VIDEO, sim_idm_entry_get_source_id (entry), e_property); sim_database_execute_no_query (database, query); g_free (query); g_free (e_property); } if (changes->state) { e_property = sim_database_str_escape (database, sim_idm_entry_get_state(entry), 0); query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_STATE, sim_idm_entry_get_source_id (entry), e_property); sim_database_execute_no_query (database, query); g_free (query); g_free (e_property); } // 'host_services' table if (changes->service) { #if 0 // Currently disabled query = g_strdup_printf ("DELETE FROM host_services WHERE host_id = %s AND nagios = 0", host_id_str); sim_database_execute_no_query (database, query); g_free (query); #endif values = sim_idm_entry_service_get_string_db_insert (entry, database); if (values) { query = g_strdup_printf ("INSERT INTO host_services (host_id, host_ip, port, protocol, service, version, source_id) VALUES %s ON DUPLICATE KEY UPDATE service = VALUES(service), source_id = VALUES(source_id)", values); sim_database_execute_no_query (database, query); g_free (query); g_free (values); } } // 'host_software' table if (changes->software) { values = sim_idm_entry_software_get_string_db_insert (entry, database); if (values) { query = g_strdup_printf ("INSERT INTO host_software (host_id, cpe, banner, source_id) VALUES %s ON DUPLICATE KEY UPDATE banner = VALUES(banner), source_id = VALUES(source_id)", values); sim_database_execute_no_query (database, query); g_free (query); g_free (values); } } // Specific code for the web interface if (changes->ip) { // These queries mitigate performance problems with many hosts/nets. // Probably could be resolved with radix trees in the web if (is_ip_update) { query = g_strdup_printf ("DELETE FROM host_net_reference WHERE host_id = %s", host_id_str); sim_database_execute_no_query (database, query); g_free (query); } query = g_strdup_printf ("REPLACE INTO host_net_reference SELECT host.id, net_id FROM host, host_ip, net_cidrs " "WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end AND host_id = %s", host_id_str); sim_database_execute_no_query (database, query); g_free (query); } if (changes->ip || changes->username || changes->hostname || changes->mac || changes->os || changes->cpu || changes->memory || changes->video || changes->service || changes->software || changes->state) { // This query is exclusively used to notify the web server about changes on hosts/nets // // This could be executed in fewer cases by not caching some asset trees on the web sim_database_execute_no_query (database, "REPLACE INTO config (conf, value) VALUES ('latest_asset_change', utc_timestamp())"); } // Specific code for the web interface }
gchar * sim_event_get_insert_clause_values (SimEvent *event) { gchar time[TIMEBUF_SIZE]; gchar *timestamp = time; GString *query; gchar *values; gchar *e_rep_act_src = NULL; gchar *e_rep_act_dst = NULL; gchar *e_src_hostname = NULL; gchar *e_dst_hostname = NULL; gchar *src_mac = NULL, *dst_mac = NULL; GdaConnection *conn; g_return_val_if_fail (SIM_IS_EVENT (event), NULL); conn = sim_database_get_conn (ossim.dbossim); values = sim_event_get_text_escape_fields_values (event); // If we already have the timestamp we use it.. else we calculate it if(event->time_str) timestamp = event->time_str; else strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time)); if (event->str_rep_act_src) e_rep_act_src = sim_str_escape (event->str_rep_act_src, conn, 0); if (event->str_rep_act_dst) e_rep_act_dst = sim_str_escape (event->str_rep_act_dst, conn, 0); if (event->src_hostname) e_src_hostname = sim_str_escape (event->src_hostname, conn, 0); if (event->dst_hostname) e_dst_hostname = sim_str_escape (event->dst_hostname, conn, 0); if (event->src_mac) src_mac = sim_mac_to_db_string (event->src_mac); if (event->dst_mac) dst_mac = sim_mac_to_db_string (event->dst_mac); query = g_string_new (""); g_string_append_printf (query, "(%s", sim_uuid_get_db_string (event->id)); g_string_append_printf (query, ",%s", sim_uuid_get_db_string (sim_context_get_id (event->context))); g_string_append_printf (query, ",'%s'", timestamp); g_string_append_printf (query, ",%f", event->tzone); g_string_append_printf (query, ",%s", sim_uuid_get_db_string (event->sensor_id)); g_string_append_printf (query, ",'%s'", (event->interface) ? event->interface : ""); g_string_append_printf (query, ",%d", event->type); g_string_append_printf (query, ",%d", event->plugin_id); g_string_append_printf (query, ",%d", event->plugin_sid); g_string_append_printf (query, ",%d", event->protocol); g_string_append_printf (query, ",%s", sim_inet_get_db_string (event->src_ia)); g_string_append_printf (query, ",%s", sim_inet_get_db_string (event->dst_ia)); g_string_append_printf (query, ",%s", (event->src_net) ? sim_uuid_get_db_string (sim_net_get_id (event->src_net)) : "NULL"); g_string_append_printf (query, ",%s", (event->dst_net) ? sim_uuid_get_db_string (sim_net_get_id (event->dst_net)) : "NULL"); g_string_append_printf (query, ",%d", event->src_port); g_string_append_printf (query, ",%d", event->dst_port); g_string_append_printf (query, ",%d", event->condition); g_string_append_printf (query, ",%d", event->interval); g_string_append_printf (query, ",%d", 0); //FIXME event->absolute g_string_append_printf (query, ",%d", event->priority); g_string_append_printf (query, ",%d", event->reliability); g_string_append_printf (query, ",%d", event->asset_src); g_string_append_printf (query, ",%d", event->asset_dst); g_string_append_printf (query, ",%d", (gint) event->risk_c); g_string_append_printf (query, ",%d", (gint) event->risk_a); g_string_append_printf (query, ",%d", event->alarm); g_string_append_printf (query, ",%s", values); g_string_append_printf (query, ",%u", event->rep_prio_src); g_string_append_printf (query, ",%u", event->rep_prio_dst); g_string_append_printf (query, ",%u", event->rep_rel_src); g_string_append_printf (query, ",%u", event->rep_rel_dst); g_string_append_printf (query, ",'%s'", (e_rep_act_src) ? e_rep_act_src : ""); g_string_append_printf (query, ",'%s'", (e_rep_act_dst) ? e_rep_act_dst : ""); g_string_append_printf (query, ",'%s'", (e_src_hostname) ? e_src_hostname : ""); g_string_append_printf (query, ",'%s'", (e_dst_hostname) ? e_dst_hostname : ""); g_string_append_printf (query, ",%s", (src_mac) ? src_mac : "NULL"); g_string_append_printf (query, ",%s", (dst_mac) ? dst_mac : "NULL"); g_string_append_printf (query, ",%s", (event->src_id) ? sim_uuid_get_db_string (event->src_id) : "NULL"); g_string_append_printf (query, ",%s)", (event->dst_id) ? sim_uuid_get_db_string (event->dst_id) : "NULL"); g_free (values); return g_string_free (query, FALSE); }