int prepare_default_response(char *filename, uint16_t port, uint16_t proto) { int answer_fd, ccopy; u_char buffer[100]; FILE* answer_file = NULL; def_resp *last_response, *new_response; /* allocate memory for new response */ if ((new_response = (def_resp *) malloc(sizeof(struct def_resp))) == NULL) { perror(" Error - Unable to allocate memory"); return(-1); } else { new_response->port = port; new_response->proto = proto; new_response->size = 0; new_response->response = NULL; new_response->next = NULL; } if (!response_list) response_list = new_response; else { /* spool to end of the list and attach new response */ last_response = response_list; while (last_response->next) last_response = last_response->next; last_response->next = new_response; } /* read response */ if ((proto != TCP) && (proto != UDP)) { fprintf(stderr, " Error - Protocol %u is not supported.\n", proto); return(-1); } DEBUG_FPRINTF(stdout, " Loading default response for port %u/%s.\n", port, PROTO(proto)); if (((answer_fd = open(filename, O_NOCTTY | O_RDONLY, 0640)) == -1) || (!(answer_file = fopen(filename, "rb")))) { DEBUG_FPRINTF(stdout, " Warning - Unable to open file '%s'\n", filename); } else { ccopy = 0; while((ccopy = fread(buffer, 1, 100, answer_file))) { if ((new_response->response = (u_char *) realloc(new_response->response, new_response->size + ccopy)) == NULL) { perror(" Error - Unable to allocate memory"); return(-1); } else { memcpy(new_response->response + new_response->size, buffer, ccopy); new_response->size += ccopy; } } if (new_response->size != 0) { DEBUG_FPRINTF(stdout, " Default response string for port %u/%s successfully loaded.\n", port, PROTO(proto)); } else DEBUG_FPRINTF(stdout, " Warning - Default response file '%s' is empty.\n", filename); } fclose(answer_file); close(answer_fd); return(0); }
int load_default_responses(char *dir) { struct stat statbuf; struct dirent **namelist; int n; uint16_t port; char *full_path; DIR *respdir; full_path = NULL; if ((respdir = opendir(dir)) == NULL) { perror(" Error - Unable to open response directory"); exit(EXIT_FAILURE); } DEBUG_FPRINTF(stdout, " Searching for response files in %s\n", dir); if ((n = scandir(dir, &namelist, 0, alphasort)) < 0) { perror(" Error - Unable to scan response directory"); exit(EXIT_FAILURE); } else while(n--) { stat(namelist[n]->d_name, &statbuf); if ((fnmatch("*_tcp", namelist[n]->d_name, 0) == 0) || (fnmatch("*_udp", namelist[n]->d_name, 0) == 0)) { /* found a default response file */ if ((full_path = (char *) malloc(strlen(dir) + strlen(namelist[n]->d_name) + 2)) == NULL) { perror(" Error - Unable to allocate memory"); exit(EXIT_FAILURE); } snprintf(full_path, strlen(dir)+strlen(namelist[n]->d_name)+2, "%s/%s", dir, namelist[n]->d_name); DEBUG_FPRINTF(stdout, " Response file found: %s\n", full_path); port = atoi(namelist[n]->d_name); if (fnmatch("*_tcp", namelist[n]->d_name, 0) == 0) prepare_default_response(full_path, port, TCP); else if (fnmatch("*_udp", namelist[n]->d_name, 0) == 0) prepare_default_response(full_path, port, UDP); } free(namelist[n]); } free(namelist); return(0); }
/* PROGRAM: dsmMandatoryFieldsGet - find cached file metadata. This cache * is stored in shared memory * * RETURNS: DSM_S_SUCCES * */ dsmStatus_t dsmMandatoryFieldsGet(dsmContext_t *pcontext, struct meta_filectl *pmetactl, /* mand. table from shm */ dsmDbkey_t fileDbkey, /* dbkey of _file record */ int fileNumber, /* file # of _file record */ dsmBoolean_t fileKey, /* dbkey/file# of _file */ dsmBoolean_t copyFound, /* flag to copy mand. flds */ struct mand *pmand) /* storage for mand. array */ { dbcontext_t *pdbcontext = pcontext->pdbcontext; dsmStatus_t returnCode; int metaSize; pdbcontext->inservice++; /* postpone signal handler processing */ SETJMP_ERROREXIT(pcontext, returnCode) /* Ensure error exit address set */ if ((returnCode = dsmThreadSafeEntry(pcontext)) != DSM_S_SUCCESS) { returnCode = dsmEntryProcessError(pcontext, returnCode, (TEXT *)"dsmMandatoryFieldsGet"); goto done; } MT_LOCK_SCC (); /* Check if the entry already exists */ dsmMandFindEntry(pcontext, &pmetactl, fileDbkey, fileNumber, fileKey); if (pmetactl != NULL) { DEBUG_FPRINTF(stderr, "dbmanb: cache entry found, returning\n"); if (copyFound != 0) { metaSize = (pmetactl->nmand+1)*sizeof(struct mand); bufcop((TEXT *)pmand, (TEXT *)pmetactl->mand, metaSize); } } MT_UNLK_SCC (); returnCode = DSM_S_SUCCESS; done: dsmThreadSafeExit(pcontext); pdbcontext->inservice--; return returnCode; }
PlugFuncList *add_unload_func_to_list(const char *plugname, const char *funcname, void (*func)(void)) { PlugFuncList *func_tmp, *func_new; DEBUG_FPRINTF(stdout, " Hooking plugin %s to 'unload_plugins'.\n", plugname); if ((func_new = (PlugFuncList *) malloc(sizeof(PlugFuncList))) == NULL) { logmsg(LOG_ERR, 1, " Error - Unable to allocate memory: %m.\n"); return(NULL); } func_new->next = NULL; /* attach new function to list */ func_tmp = funclist_unload_plugins; if (func_tmp) { while(func_tmp->next) func_tmp = func_tmp->next; func_tmp->next = func_new; } else funclist_unload_plugins = func_new; func_new->func = (void *)func; func_new->plugnam = (char *)plugname; func_new->funcnam = (char *)funcname; DEBUG_FPRINTF(stdout, " %s::%s() hooked to 'unload_plugins'.\n", func_new->plugnam, func_new->funcnam); return(func_new); }
void register_plugin_confopts(const char *plugname, const char **keywords, int num) { int i; char full_name[264], *confopt; /* assemble plugin config key */ memset(full_name, 0, 264); strncpy(full_name, "plugin-", 7); strncpy(&full_name[7], plugname, 256 < strlen(plugname) ? 256 : strlen(plugname)); if (add_keyword(&config_keywords_tree, full_name, NULL, 0) == NULL) { fprintf(stderr, " Error - Unable to add configuration keyword to tree.\n"); exit(EXIT_FAILURE); } DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", plugname); /* build tree of allowed configuration keywords */ for (i=0; i<num; i++) { /* assemble full config option path */ if ((confopt = malloc(strlen(full_name)+strlen(keywords[i])+2)) == NULL) { fprintf(stderr, " Error - Unable to allocate memory: %m.\n"); exit(EXIT_FAILURE); } memset(confopt, 0, strlen(plugname)+strlen(keywords[i])+2); strcat(confopt, plugname); strcat(confopt, "."); strcat(confopt, keywords[i]); /* add config option to tree */ if (add_keyword(&config_keywords_tree, confopt, NULL, 0) == NULL) { fprintf(stderr, " Error - Unable to add configuration keyword to tree.\n"); exit(EXIT_FAILURE); } free(confopt); } return; }
int config_plugin(char *plugin_name) { int (*plugin_config)(); void (*plugin_init)(); void (*plugin_unload)(); Plugin *last_plugin, *new_plugin; /* allocate memory for new plugin and attach it to the plugin list */ if ((new_plugin = (Plugin *) malloc(sizeof(Plugin))) == NULL) { fprintf(stderr, " Error - Unable to allocate memory: %m.\n"); return(-1); } else { new_plugin->handle = NULL; new_plugin->name = NULL; new_plugin->version = NULL; new_plugin->next = NULL; new_plugin->filename = NULL; } if (plugin_name == NULL) { fprintf(stderr, " Error loading plugin - No name given.\n"); return(-1); } else { if ((new_plugin->handle = (void *) malloc(sizeof(int))) == NULL) { fprintf(stderr, " Error loading plugin - Unable to allocate memory: %m.\n"); free(new_plugin); return(-1); } else new_plugin->filename = (char *) strdup(plugin_name); } dlerror(); /* Clear any existing error */ if (((new_plugin->handle = dlopen(new_plugin->filename, RTLD_NOW)) == NULL) && ((plugin_error_str = (char *) dlerror()) != NULL)) { fprintf(stderr, " Unable to initialize plugin: %s\n", plugin_error_str); unload_on_err(new_plugin); exit(EXIT_FAILURE); } /* determin internal module name and version string */ if (((new_plugin->name = (char *) dlsym(new_plugin->handle, "module_name")) == NULL) && ((plugin_error_str = (char *) dlerror()) != NULL)) { /* handle error, the symbol wasn't found */ fprintf(stderr, " Unable to initialize plugin: %s\n", plugin_error_str); fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename); unload_on_err(new_plugin); return(-1); } if (((new_plugin->version = (char *) dlsym(new_plugin->handle, "module_version")) == NULL) && ((plugin_error_str = (char *) dlerror()) != NULL)) { /* handle error, the symbol wasn't found */ fprintf(stderr, " Unable to initialize plugin %s: %s\n", new_plugin->name, plugin_error_str); fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename); unload_on_err(new_plugin); return(-1); } fprintf(stdout, " Loading plugin %s v%s\n", new_plugin->name, new_plugin->version); DEBUG_FPRINTF(stdout, " Configuring plugin %s.\n", new_plugin->name); /* resolve module's unload function and add it to unload hook */ if (((plugin_unload = dlsym(new_plugin->handle, "plugin_unload")) == NULL) && ((plugin_error_str = (char *) dlerror()) != NULL)) { /* handle error, the symbol wasn't found */ fprintf(stderr, " Unable to initialize plugin %s: %s\n", new_plugin->name, plugin_error_str); fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename); unload_on_err(new_plugin); return(-1); } if (!add_unload_func_to_list(new_plugin->name, "plugin_unload", plugin_unload)) { fprintf(stderr, " Unable to register module for hook 'unload_plugins': %s\n", plugin_error_str); unload_on_err(new_plugin); return(-1); } /* resolve and call module's config function */ if (((plugin_config = dlsym(new_plugin->handle, "plugin_config")) == NULL) && ((plugin_error_str = (char *) dlerror()) != NULL)) { /* handle error, the symbol wasn't found */ fprintf(stderr, "\n Unable to resolve symbol 'plugin_config': %s\n", plugin_error_str); return(-1); } plugin_config(); // resolve module's init function and add it to init hook if (((plugin_init = dlsym(new_plugin->handle, "plugin_init")) == NULL) && ((plugin_error_str = (char *) dlerror()) != NULL)) { /* handle error, the symbol wasn't found */ fprintf(stderr, " Unable to initialize plugin %s: %s\n", new_plugin->name, plugin_error_str); fprintf(stderr, " %s seems not to be a honeytrap plugin.\n", new_plugin->filename); unload_on_err(new_plugin); return(-1); } if (!add_init_func_to_list(new_plugin->name, "plugin_init", plugin_init)) { fprintf(stderr, " Unable to register module for hook 'init_plugins': %s\n", plugin_error_str); unload_on_err(new_plugin); return(-1); } /* attach plugin to plugin_list */ if (!plugin_list) plugin_list = new_plugin; else { last_plugin = plugin_list; while(last_plugin->next) last_plugin = last_plugin->next; last_plugin->next = new_plugin; } return(1); }
int load_plugin(const char *dir, const char* plugname) { struct stat statbuf; struct dirent **namelist; int n, ret; char *full_path, full_name[264]; DIR *plugindir; ret = 0; full_path = NULL; plugin_list = NULL; if (strlen(plugname) > 265) { fprintf(stderr, " Error - Plugin name exceeds maximum length of 256 charakters: %s\n", plugname); return(-1); } /* plugin directory must be configured */ if (!dir) { fprintf(stderr, " Error - Plugin directory not set while trying to load plugin %s.\n", plugname); exit(EXIT_FAILURE); } if ((plugindir = opendir(dir)) == NULL) { fprintf(stderr, " Error - Unable to open plugin directory: %m.\n"); exit(EXIT_FAILURE); } DEBUG_FPRINTF(stdout, " Looking for plugin %s in %s\n", plugname, dir); if ((n = scandir(dir, &namelist, 0, alphasort)) < 0) { fprintf(stderr, " Error - Unable to scan plugin directory: %m.\n"); return(-1); } else while(n--) { stat(namelist[n]->d_name, &statbuf); /* assemble full name */ memset(full_name, 0, 264); strncpy(full_name, "htm_", 4); strncpy(&full_name[4], plugname, strlen(plugname)); strncpy(&full_name[4+strlen(plugname)], ".so", 3); if ((ret = fnmatch(full_name, namelist[n]->d_name, 0)) == 0) { /* found the plugin */ if ((full_path = (char *) malloc(strlen(dir) + strlen(namelist[n]->d_name) + 2)) == NULL) { perror(" Error - Unable to allocate memory"); exit(EXIT_FAILURE); } snprintf(full_path, strlen(dir)+strlen(namelist[n]->d_name)+2, "%s/%s", dir, namelist[n]->d_name); DEBUG_FPRINTF(stdout, " Plugin found: %s\n", full_path); config_plugin(full_path); free(full_path); free(namelist[n]); break; } free(namelist[n]); } closedir(plugindir); if (ret != 0) { fprintf(stderr, " Error - Unable to load plugin %s: %m.\n", full_name); exit(EXIT_FAILURE); } free(namelist); return(1); }
/* PROGRAM: dsmMandatoryFieldsCachePut - build mandatory field cache and it * is stored in shared memory * * RETURNS: DSM_S_SUCCES * */ dsmStatus_t dsmMandatoryFieldsPut(dsmContext_t *pcontext, struct meta_filectl *pInMetactl, /* new metadata ctl for cache */ struct meta_filectl *pOldmetactl, /* old metadata ctl for cache */ DL_VECT *pdl_vect_in, /* next dl column vector */ DL_VECT *pdl_col_in, /* next dl columns list to use */ int ndl_ent, /* # delayed columns */ int mandtblSize, /* size of mand fld table */ int useCache, /* use shm cache ? */ struct mand *pmand) /* storage for all mand flds */ { dbcontext_t *pdbcontext = pcontext->pdbcontext; dbshm_t *pdbshm = pdbcontext->pdbpub; dsmStatus_t returnCode; SHPTR *pmandhashtbl, qhashentry; struct meta_filectl *pmetactl = NULL; pdbcontext->inservice++; /* postpone signal handler processing */ SETJMP_ERROREXIT(pcontext, returnCode) /* Ensure error exit address set */ if ((returnCode = dsmThreadSafeEntry(pcontext)) != DSM_S_SUCCESS) { returnCode = dsmEntryProcessError(pcontext, returnCode, (TEXT *)"dsmMandatoryFieldsPut"); goto done; } /* get the schema cache latch */ MT_LOCK_SCC (); /* Check if the entry already exists */ dsmMandFindEntry(pcontext, &pmetactl, pInMetactl->fildbk, pInMetactl->filno, FILE_IDENT_DBKEY); if (pmetactl != NULL) { /* entry had already been made */ goto okdone; } /* get ptr to hash table array */ if (pdbshm->qmandctl) pmandhashtbl = (SHPTR *) QP_TO_P(pdbcontext, pdbshm->qmandctl); else /* need to allocate it */ { pmandhashtbl = (SHPTR *) stRent(pcontext, XSTPOOL(pdbcontext, pdbshm->qdbpool), SIZE_MAND_HASH * sizeof(SHPTR)); pdbshm->qmandctl = P_TO_QP(pcontext, pmandhashtbl); } /* allocate storage in shm */ pmetactl = (struct meta_filectl *)stRent(pcontext, XSTPOOL(pdbcontext, pdbshm->qdbpool), (unsigned)(sizeof(struct meta_filectl) + mandtblSize)); pmetactl->fildbk = pInMetactl->fildbk; pmetactl->filno = pInMetactl->filno; pmetactl->nmand = pInMetactl->nmand; pmetactl->schemavers = pInMetactl->schemavers; if ( (useCache != MANB_USECACHE_NONE) && (mandtblSize > 0) ) { bufcop(pmetactl->mand, pmand, (int) mandtblSize); } if ((useCache == MANB_USECACHE_PHYSICAL) && (pOldmetactl != NULL)) { pOldmetactl->filno = 0; pOldmetactl->fildbk = 0; } /* Chain this structure in shared memory. The assumption is that an entry for this fildbk does not already exist on the cache. */ qhashentry = pmandhashtbl[ABS(pmetactl->filno) % SIZE_MAND_HASH]; pmetactl->qnext = qhashentry; pmandhashtbl[ABS(pmetactl->filno) % SIZE_MAND_HASH] = P_TO_QP(pcontext, pmetactl); DEBUG_FPRINTF(pmetactl, "dbmanb (chained to sh mem):"); okdone: MT_UNLK_SCC (); returnCode = DSM_S_SUCCESS; done: dsmThreadSafeExit(pcontext); pdbcontext->inservice--; return returnCode; }
PlugFuncList *add_attack_func_to_list(const func_prio priority, const char *plugname, const char *funcname, int (*func)(Attack)) { PlugFuncList *func_tmp, *func_new; func_tmp = NULL; func_new = NULL; DEBUG_FPRINTF(stdout, " Hooking %s::%s() to 'process_attack' (priority: %d).\n", plugname, funcname, priority); if ((func_new = (PlugFuncList *) malloc(sizeof(PlugFuncList))) == NULL) { logmsg(LOG_ERR, 1, " Error - Unable to allocate memory: %m.\n"); return(NULL); } func_new->next = NULL; /* attach new function to list */ switch (priority) { case PPRIO_DYNSRV: func_tmp = funclist_attack_dynsrv; break; case PPRIO_PERREAD: func_tmp = funclist_attack_perread; break; case PPRIO_PREPROC: func_tmp = funclist_attack_preproc; break; case PPRIO_ANALYZE: func_tmp = funclist_attack_analyze; break; case PPRIO_SAVEDATA: func_tmp = funclist_attack_savedata; break; case PPRIO_POSTPROC: func_tmp = funclist_attack_postproc; break; default: fprintf(stderr, " Error - Unknown plugin priority.\n"); return(NULL); } if (func_tmp) { while(func_tmp->next) func_tmp = func_tmp->next; func_tmp->next = func_new; } else switch (priority) { case PPRIO_DYNSRV: funclist_attack_dynsrv = func_new; break; case PPRIO_PERREAD: funclist_attack_perread = func_new; break; case PPRIO_PREPROC: funclist_attack_preproc = func_new; break; case PPRIO_ANALYZE: funclist_attack_analyze = func_new; break; case PPRIO_SAVEDATA: funclist_attack_savedata = func_new; break; case PPRIO_POSTPROC: funclist_attack_postproc = func_new; break; default: fprintf(stderr, " Error - Unknown plugin priority.\n"); return(NULL); } func_new->func = (void *)func; func_new->plugnam = (char *)plugname; func_new->funcnam = (char *)funcname; DEBUG_FPRINTF(stdout, " %s::%s() hooked to 'process_attack' (priority: %d).\n", func_new->plugnam, func_new->funcnam, priority); return(func_new); }