gchar *
sim_event_get_text_escape_fields_values (SimEvent *event)
{
int i;
gchar *e_fields[N_TEXT_FIELDS];
gchar *fields[N_TEXT_FIELDS];
GString * st;
GdaConnection *conn;
gchar *src_mac = NULL, *dst_mac = NULL;
conn = sim_database_get_conn (ossim.dbossim);
st = g_string_new ("");
if (st == NULL)
return NULL;
if (event->src_mac)
src_mac = sim_mac_to_db_string (event->src_mac);
if (event->dst_mac)
dst_mac = sim_mac_to_db_string (event->dst_mac);
fields[SimTextFieldUsername] = event->username;
fields[SimTextFieldPassword] = event->password;
fields[SimTextFieldFilename] = event->filename;
fields[SimTextFieldUserdata1] = event->userdata1;
fields[SimTextFieldUserdata2] = event->userdata2;
fields[SimTextFieldUserdata3] = event->userdata3;
fields[SimTextFieldUserdata4] = event->userdata4;
fields[SimTextFieldUserdata5] = event->userdata5;
fields[SimTextFieldUserdata6] = event->userdata6;
fields[SimTextFieldUserdata7] = event->userdata7;
fields[SimTextFieldUserdata8] = event->userdata8;
fields[SimTextFieldUserdata9] = event->userdata9;
fields[SimTextFieldRulename] = event->rulename;
fields[SimTextFieldValue] = event->value;
for (i = 0; i< N_TEXT_FIELDS; i++)
{
if (fields[i] != NULL)
{
e_fields[i] = sim_str_escape (fields[i], conn, 0);
g_string_append_printf (st, "'%s'%s", e_fields[i], i != (N_TEXT_FIELDS-1) ? "," : "");
g_free (e_fields[i]);
}
else
{
g_string_append_printf (st, "'%s'%s","", i != (N_TEXT_FIELDS-1) ? "," : "");
}
}
g_free (src_mac);
g_free (dst_mac);
return g_string_free (st,FALSE);
}
void
sim_db_update_host_properties (SimDatabase *database,
SimUuid *context_id,
SimUuid *sensor_id,
SimIdmEntry *entry,
SimIdmEntryChanges *changes,
gboolean is_ip_update)
{
gchar *query;
gchar *values;
gchar *property, *e_property;
const gchar *host_id_str;
const gchar *ip_str;
host_id_str = sim_uuid_get_db_string (sim_idm_entry_get_host_id (entry));
ip_str = sim_inet_get_db_string (sim_idm_entry_get_ip (entry));
// 'host' and 'host_sensor_reference' table
if (changes->host_id)
{
query = g_strdup_printf ("INSERT IGNORE INTO host (id, ctx, asset, threshold_c, threshold_a) VALUES (%s, %s, %d, %d, %d)", host_id_str, sim_uuid_get_db_string (context_id), 2, 30, 30);
sim_database_execute_no_query (database, query);
g_free (query);
query = g_strdup_printf ("INSERT IGNORE INTO host_sensor_reference (host_id, sensor_id) VALUES (%s, %s)", host_id_str, sim_uuid_get_db_string (sensor_id));
sim_database_execute_no_query (database, query);
g_free (query);
}
if (changes->hostname)
{
query = g_strdup_printf ("UPDATE host SET hostname = '%s' WHERE id = %s AND ctx = %s", sim_idm_entry_get_hostname (entry), host_id_str, sim_uuid_get_db_string (context_id));
sim_database_execute_no_query (database, query);
g_free (query);
}
if (changes->fqdns)
{
query = g_strdup_printf ("UPDATE host SET fqdns = '%s' WHERE id = %s AND ctx = %s", sim_idm_entry_get_fqdns (entry), host_id_str, sim_uuid_get_db_string (context_id));
sim_database_execute_no_query (database, query);
g_free (query);
}
query = NULL;
// 'host_ip' table
if (changes->ip || changes->mac)
{
const gchar *mac_text;
gchar *mac_bin;
mac_text = sim_idm_entry_get_mac (entry);
if (is_ip_update)
{
if (mac_text)
{
mac_bin = sim_mac_to_db_string (mac_text);
query = g_strdup_printf ("UPDATE host_ip SET ip=%s, mac=%s "
"WHERE host_id = %s",
ip_str,
mac_bin,
host_id_str);
g_free (mac_bin);
}
else
{
query = g_strdup_printf ("UPDATE host_ip SET ip=%s "
"WHERE host_id = %s",
ip_str,
host_id_str);
}
}
else
{
if (mac_text)
{
mac_bin = sim_mac_to_db_string (mac_text);
query = g_strdup_printf ("REPLACE host_ip (host_id, ip, mac) VALUES (%s, %s, %s)", host_id_str, ip_str, mac_bin);
g_free (mac_bin);
}
else
{
query = g_strdup_printf ("REPLACE host_ip (host_id, ip) VALUES (%s, %s)", host_id_str, ip_str);
}
}
}
if (query)
{
sim_database_execute_no_query (database, query);
g_free (query);
}
// 'host_properties' table
if (changes->username)
{
property = (gchar *)sim_idm_entry_get_username (entry);
/* Delete old usernames */
query = g_strdup_printf ("DELETE FROM host_properties WHERE host_id = %s AND property_ref = %d", host_id_str, SIM_HOST_PROP_USERNAME);
sim_database_execute_no_query (database, query);
g_free (query);
if (property != NULL && strlen(property) > 0)
{
/* Here, I need to SPLIT the user name. I need a row for each one */
gchar **usernames = NULL;
gchar **username_loop= NULL;
usernames = username_loop = g_strsplit (property, ",", -1);
while (*username_loop)
{
e_property = sim_database_str_escape (database, *username_loop, 0);
query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_USERNAME, sim_idm_entry_get_source_id (entry), e_property);
sim_database_execute_no_query (database, query);
g_free (query);
g_free (e_property);
username_loop++;
}
g_strfreev (usernames);
}
}
if (changes->os)
{
//ENG-99163 We cannot use replace here, becuase value is part of the primary key.
// We only should allow one os per host_id.
// At this point we know that the revelance of the property>=old property relevance.
e_property = sim_database_str_escape (database, sim_idm_entry_get_os (entry), 0);
query = g_strdup_printf ("DELETE FROM host_properties WHERE host_id = %s and property_ref=%d", host_id_str, SIM_HOST_PROP_OS);
sim_database_execute_no_query (database, query);
g_free (query);
query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_OS, sim_idm_entry_get_source_id (entry), e_property);
sim_database_execute_no_query (database, query);
g_free (query);
g_free (e_property);
}
if (changes->cpu)
{
e_property = sim_database_str_escape (database, sim_idm_entry_get_cpu (entry), 0);
query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_CPU, sim_idm_entry_get_source_id (entry), e_property);
sim_database_execute_no_query (database, query);
g_free (query);
g_free (e_property);
}
if (changes->memory)
{
query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%d')", host_id_str, SIM_HOST_PROP_MEMORY, sim_idm_entry_get_source_id (entry), sim_idm_entry_get_memory (entry));
sim_database_execute_no_query (database, query);
g_free (query);
}
if (changes->video)
{
e_property = sim_database_str_escape (database, sim_idm_entry_get_video (entry), 0);
query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_VIDEO, sim_idm_entry_get_source_id (entry), e_property);
sim_database_execute_no_query (database, query);
g_free (query);
g_free (e_property);
}
if (changes->state)
{
e_property = sim_database_str_escape (database, sim_idm_entry_get_state(entry), 0);
query = g_strdup_printf ("REPLACE host_properties (host_id, property_ref, source_id, value) VALUES (%s, %d, %d, '%s')", host_id_str, SIM_HOST_PROP_STATE, sim_idm_entry_get_source_id (entry), e_property);
sim_database_execute_no_query (database, query);
g_free (query);
g_free (e_property);
}
// 'host_services' table
if (changes->service)
{
#if 0
// Currently disabled
query = g_strdup_printf ("DELETE FROM host_services WHERE host_id = %s AND nagios = 0", host_id_str);
sim_database_execute_no_query (database, query);
g_free (query);
#endif
values = sim_idm_entry_service_get_string_db_insert (entry, database);
if (values)
{
query = g_strdup_printf ("INSERT INTO host_services (host_id, host_ip, port, protocol, service, version, source_id) VALUES %s ON DUPLICATE KEY UPDATE service = VALUES(service), source_id = VALUES(source_id)", values);
sim_database_execute_no_query (database, query);
g_free (query);
g_free (values);
}
}
// 'host_software' table
if (changes->software)
{
values = sim_idm_entry_software_get_string_db_insert (entry, database);
if (values)
{
query = g_strdup_printf ("INSERT INTO host_software (host_id, cpe, banner, source_id) VALUES %s ON DUPLICATE KEY UPDATE banner = VALUES(banner), source_id = VALUES(source_id)", values);
sim_database_execute_no_query (database, query);
g_free (query);
g_free (values);
}
}
// Specific code for the web interface
if (changes->ip)
{
// These queries mitigate performance problems with many hosts/nets.
// Probably could be resolved with radix trees in the web
if (is_ip_update)
{
query = g_strdup_printf ("DELETE FROM host_net_reference WHERE host_id = %s",
host_id_str);
sim_database_execute_no_query (database, query);
g_free (query);
}
query = g_strdup_printf ("REPLACE INTO host_net_reference SELECT host.id, net_id FROM host, host_ip, net_cidrs "
"WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end AND host_id = %s",
host_id_str);
sim_database_execute_no_query (database, query);
g_free (query);
}
if (changes->ip || changes->username || changes->hostname || changes->mac || changes->os || changes->cpu || changes->memory || changes->video || changes->service || changes->software || changes->state)
{
// This query is exclusively used to notify the web server about changes on hosts/nets
//
// This could be executed in fewer cases by not caching some asset trees on the web
sim_database_execute_no_query (database, "REPLACE INTO config (conf, value) VALUES ('latest_asset_change', utc_timestamp())");
}
// Specific code for the web interface
}
gchar *
sim_event_get_insert_clause_values (SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp = time;
GString *query;
gchar *values;
gchar *e_rep_act_src = NULL;
gchar *e_rep_act_dst = NULL;
gchar *e_src_hostname = NULL;
gchar *e_dst_hostname = NULL;
gchar *src_mac = NULL, *dst_mac = NULL;
GdaConnection *conn;
g_return_val_if_fail (SIM_IS_EVENT (event), NULL);
conn = sim_database_get_conn (ossim.dbossim);
values = sim_event_get_text_escape_fields_values (event);
// If we already have the timestamp we use it.. else we calculate it
if(event->time_str)
timestamp = event->time_str;
else
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
if (event->str_rep_act_src)
e_rep_act_src = sim_str_escape (event->str_rep_act_src, conn, 0);
if (event->str_rep_act_dst)
e_rep_act_dst = sim_str_escape (event->str_rep_act_dst, conn, 0);
if (event->src_hostname)
e_src_hostname = sim_str_escape (event->src_hostname, conn, 0);
if (event->dst_hostname)
e_dst_hostname = sim_str_escape (event->dst_hostname, conn, 0);
if (event->src_mac)
src_mac = sim_mac_to_db_string (event->src_mac);
if (event->dst_mac)
dst_mac = sim_mac_to_db_string (event->dst_mac);
query = g_string_new ("");
g_string_append_printf (query, "(%s", sim_uuid_get_db_string (event->id));
g_string_append_printf (query, ",%s", sim_uuid_get_db_string (sim_context_get_id (event->context)));
g_string_append_printf (query, ",'%s'", timestamp);
g_string_append_printf (query, ",%f", event->tzone);
g_string_append_printf (query, ",%s", sim_uuid_get_db_string (event->sensor_id));
g_string_append_printf (query, ",'%s'", (event->interface) ? event->interface : "");
g_string_append_printf (query, ",%d", event->type);
g_string_append_printf (query, ",%d", event->plugin_id);
g_string_append_printf (query, ",%d", event->plugin_sid);
g_string_append_printf (query, ",%d", event->protocol);
g_string_append_printf (query, ",%s", sim_inet_get_db_string (event->src_ia));
g_string_append_printf (query, ",%s", sim_inet_get_db_string (event->dst_ia));
g_string_append_printf (query, ",%s", (event->src_net) ? sim_uuid_get_db_string (sim_net_get_id (event->src_net)) : "NULL");
g_string_append_printf (query, ",%s", (event->dst_net) ? sim_uuid_get_db_string (sim_net_get_id (event->dst_net)) : "NULL");
g_string_append_printf (query, ",%d", event->src_port);
g_string_append_printf (query, ",%d", event->dst_port);
g_string_append_printf (query, ",%d", event->condition);
g_string_append_printf (query, ",%d", event->interval);
g_string_append_printf (query, ",%d", 0); //FIXME event->absolute
g_string_append_printf (query, ",%d", event->priority);
g_string_append_printf (query, ",%d", event->reliability);
g_string_append_printf (query, ",%d", event->asset_src);
g_string_append_printf (query, ",%d", event->asset_dst);
g_string_append_printf (query, ",%d", (gint) event->risk_c);
g_string_append_printf (query, ",%d", (gint) event->risk_a);
g_string_append_printf (query, ",%d", event->alarm);
g_string_append_printf (query, ",%s", values);
g_string_append_printf (query, ",%u", event->rep_prio_src);
g_string_append_printf (query, ",%u", event->rep_prio_dst);
g_string_append_printf (query, ",%u", event->rep_rel_src);
g_string_append_printf (query, ",%u", event->rep_rel_dst);
g_string_append_printf (query, ",'%s'", (e_rep_act_src) ? e_rep_act_src : "");
g_string_append_printf (query, ",'%s'", (e_rep_act_dst) ? e_rep_act_dst : "");
g_string_append_printf (query, ",'%s'", (e_src_hostname) ? e_src_hostname : "");
g_string_append_printf (query, ",'%s'", (e_dst_hostname) ? e_dst_hostname : "");
g_string_append_printf (query, ",%s", (src_mac) ? src_mac : "NULL");
g_string_append_printf (query, ",%s", (dst_mac) ? dst_mac : "NULL");
g_string_append_printf (query, ",%s", (event->src_id) ? sim_uuid_get_db_string (event->src_id) : "NULL");
g_string_append_printf (query, ",%s)", (event->dst_id) ? sim_uuid_get_db_string (event->dst_id) : "NULL");
g_free (values);
return g_string_free (query, FALSE);
}
