ib_status_t ib_capture_acquire( const ib_tx_t *tx, const char *collection_name, ib_field_t **field ) { assert(tx != NULL); assert(tx->var_store != NULL); ib_status_t rc; ib_var_source_t *source; /* Look up the capture list */ collection_name = get_collection_name(collection_name); // @todo Acquire source at configuration time. rc = ib_var_source_acquire(&source, tx->mm, ib_engine_var_config_get(tx->ib), collection_name, strlen(collection_name) ); if (rc != IB_OK) { return rc; } rc = ib_var_source_get(source, field, tx->var_store); if ( rc == IB_ENOENT || (rc == IB_OK && (*field)->type != IB_FTYPE_LIST) ) { rc = ib_var_source_initialize( source, field, tx->var_store, IB_FTYPE_LIST ); } if (rc != IB_OK) { return rc; } return IB_OK; }
/* Called when module is loaded. */ static ib_status_t geoip_init(ib_engine_t *ib, ib_module_t *m, void *cbdata) { ib_status_t rc; GeoIP *geoip_db = NULL; module_data_t *mod_data; mod_data = ib_mpool_calloc(ib_engine_pool_main_get(ib), sizeof(*mod_data), 1); if (mod_data == NULL) { return IB_EALLOC; } ib_log_debug(ib, "Initializing default GeoIP database..."); geoip_db = GeoIP_new(GEOIP_MMAP_CACHE); if (geoip_db == NULL) { ib_log_debug(ib, "Failed to initialize GeoIP database."); return IB_EUNKNOWN; } ib_log_debug(ib, "Initializing GeoIP database complete."); ib_log_debug(ib, "Registering handler..."); /* Store off pointer to our module data structure */ mod_data->geoip_db = geoip_db; /* And point the generic module data at it */ m->data = mod_data; rc = ib_hook_tx_register(ib, handle_context_tx_event, geoip_lookup, mod_data); if (rc != IB_OK) { ib_log_debug( ib, "Failed to register tx hook: %s", ib_status_to_string(rc)); return rc; } ib_log_debug(ib, "Done registering handler."); rc = ib_var_source_register( &(mod_data->geoip_source), ib_engine_var_config_get(ib), IB_S2SL("GEOIP"), IB_PHASE_NONE, IB_PHASE_NONE ); if (rc != IB_OK) { ib_log_warning(ib, "GeoIP failed to register \"GEOIP\" var: %s", ib_status_to_string(rc) ); /* Continue */ } if (rc != IB_OK) { ib_log_debug(ib, "Failed to load GeoIP module."); return rc; } geoip_directive_map[0].cbdata_cb = mod_data; ib_log_debug(ib, "GeoIP module loaded."); return IB_OK; }
/** * Called to initialize the user agent module (when the module is loaded). * * Registers a handler for the request_header_finished_event event. * * @param[in,out] ib IronBee object * @param[in] m Module object * @param[in] cbdata (unused) * * @returns Status code */ static ib_status_t modua_init(ib_engine_t *ib, ib_module_t *m, void *cbdata) { ib_status_t rc; modua_match_rule_t *failed_rule; unsigned int failed_frule_num; /* Register the user agent callback */ rc = ib_hook_tx_register(ib, request_header_finished_event, modua_user_agent, m); if (rc != IB_OK) { ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc)); } /* Register the remote address callback */ rc = ib_hook_tx_register(ib, request_header_finished_event, modua_remoteip, m); if (rc != IB_OK) { ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc)); } /* Initializations */ rc = modua_ruleset_init(&failed_rule, &failed_frule_num); if (rc != IB_OK) { ib_log_error(ib, "User agent rule initialization failed" " on rule %s field rule #%d: %s", failed_rule->label, failed_frule_num, ib_status_to_string(rc)); } /* Get the rules */ modua_match_ruleset = modua_ruleset_get( ); if (modua_match_ruleset == NULL) { ib_log_error(ib, "Failed to get user agent rule list: %s", ib_status_to_string(rc)); return rc; } ib_log_debug(ib, "Found %d match rules", modua_match_ruleset->num_rules); rc = ib_var_source_register( NULL, ib_engine_var_config_get(ib), IB_S2SL("remote_addr"), IB_PHASE_NONE, IB_PHASE_NONE ); if (rc != IB_OK && rc != IB_EEXIST) { ib_log_warning(ib, "User agent failed to register \"remote_addr\": %s", ib_status_to_string(rc) ); /* Continue. */ } rc = ib_var_source_register( NULL, ib_engine_var_config_get(ib), IB_S2SL("UA"), IB_PHASE_NONE, IB_PHASE_NONE ); if (rc != IB_OK) { ib_log_warning(ib, "User agent failed to register \"UA\": %s", ib_status_to_string(rc) ); /* Continue. */ } rc = ib_hook_context_register(ib, context_close_event, modua_ctx_close, m); if (rc != IB_OK) { ib_log_error(ib, "Could not register context close hook: %s", ib_status_to_string(rc)); return rc; } return IB_OK; }
/** * Called at context close. Initialized user-agent target. * * @param[in] ib Engine * @param[in] ctx Context * @param[in] event Event triggering the callback * @param[in] cbdata Callback data (module). * * @returns Status code */ static ib_status_t modua_ctx_close( ib_engine_t *ib, ib_context_t *ctx, ib_state_event_type_t event, void *cbdata ) { ib_module_t *m = (ib_module_t *)cbdata; if (ib_context_type(ctx) == IB_CTYPE_MAIN) { modua_config_t *cfg; ib_var_target_t *target; ib_status_t rc; rc = ib_context_module_config(ctx, m, &cfg); if (rc != IB_OK) { ib_log_error(ib, "Can't fetch configuration: %s", ib_status_to_string(rc)); return rc; } rc = ib_var_target_acquire_from_string( &target, ib_engine_pool_main_get(ib), ib_engine_var_config_get(ib), IB_S2SL("request_headers:User-Agent"), NULL, NULL ); if (rc != IB_OK) { ib_log_error(ib, "Error acquiring target for User-Agent header: %s", ib_status_to_string(rc)); return rc; } cfg->user_agent = target; rc = ib_var_target_acquire_from_string( &target, ib_engine_pool_main_get(ib), ib_engine_var_config_get(ib), IB_S2SL("request_headers:X-Forwarded-For"), NULL, NULL ); if (rc != IB_OK) { ib_log_error(ib, "Error acquiring target for X-Forwarded-For header: %s", ib_status_to_string(rc)); return rc; } cfg->forwarded_for = target; rc = ib_var_source_acquire( &(cfg->remote_addr), ib_engine_pool_main_get(ib), ib_engine_var_config_get(ib), IB_S2SL("remote_addr") ); if (rc != IB_OK) { ib_log_error(ib, "Error acquiring source for remote_addr" " header: %s", ib_status_to_string(rc)); return rc; } } return IB_OK; }
/** * Parse the user agent header, splitting into component fields. * * Attempt to tokenize the user agent string passed in, storing the * result in the DPI associated with the transaction. * * @param[in] ib IronBee object * @param[in,out] tx Transaction object * @param[in] bs Byte string containing the agent string * * @returns Status code */ static ib_status_t modua_agent_fields(ib_engine_t *ib, ib_tx_t *tx, const ib_bytestr_t *bs) { const modua_match_rule_t *rule = NULL; ib_field_t *agent_list = NULL; char *product = NULL; char *platform = NULL; char *extra = NULL; char *agent; char *buf; size_t len; ib_status_t rc; ib_var_source_t *source; /* Get the length of the byte string */ len = ib_bytestr_length(bs); /* Allocate memory for a copy of the string to split up below. */ buf = (char *)ib_mpool_calloc(tx->mp, 1, len+1); if (buf == NULL) { ib_log_error_tx(tx, "Failed to allocate %zd bytes for agent string", len+1); return IB_EALLOC; } /* Copy the string out */ memcpy(buf, ib_bytestr_const_ptr(bs), len); buf[len] = '\0'; ib_log_debug_tx(tx, "Found user agent: '%s'", buf); /* Copy the agent string */ agent = (char *)ib_mpool_strdup(tx->mp, buf); if (agent == NULL) { ib_log_error_tx(tx, "Failed to allocate copy of agent string"); return IB_EALLOC; } /* Parse the user agent string */ rc = modua_parse_uastring(buf, &product, &platform, &extra); if (rc != IB_OK) { ib_log_debug_tx(tx, "Failed to parse User Agent string '%s'", agent); return IB_OK; } /* Categorize the parsed string */ rule = modua_match_cat_rules(product, platform, extra); if (rule == NULL) { ib_log_debug_tx(tx, "No rule matched" ); } else { ib_log_debug_tx(tx, "Matched to rule #%d / category '%s'", rule->rule_num, rule->category ); } /* Build a new list. */ rc = ib_var_source_acquire( &source, tx->mp, ib_engine_var_config_get(ib), IB_S2SL("UA") ); if (rc != IB_OK) { ib_log_alert_tx(tx, "Unable to acquire source for UserAgent list."); return rc; } rc = ib_var_source_initialize( source, &agent_list, tx->var_store, IB_FTYPE_LIST ); if (rc != IB_OK) { ib_log_alert_tx(tx, "Unable to add UserAgent list to DPI."); return rc; } /* Store Agent */ rc = modua_store_field(ib, tx->mp, agent_list, "agent", agent); if (rc != IB_OK) { return rc; } /* Store product */ rc = modua_store_field(ib, tx->mp, agent_list, "PRODUCT", product); if (rc != IB_OK) { return rc; } /* Store Platform */ rc = modua_store_field(ib, tx->mp, agent_list, "OS", platform); if (rc != IB_OK) { return rc; } /* Store Extra */ rc = modua_store_field(ib, tx->mp, agent_list, "extra", extra); if (rc != IB_OK) { return rc; } /* Store Extra */ if (rule != NULL) { rc = modua_store_field(ib, tx->mp, agent_list, "category", rule->category); } else { rc = modua_store_field(ib, tx->mp, agent_list, "category", NULL ); } if (rc != IB_OK) { return rc; } /* Done */ return IB_OK; }
VarConfig Engine::var_config() const { return VarConfig(ib_engine_var_config_get(ib())); }