/** * \brief Main function of wrekavoc client * * \param argc number ao argument passed to binaries file * \param argv pointer to Array pointer that contains arguments * \return exit code * \see --- * */ int main (int argc, char **argv) { char xmldoc[SIZE_OF_STRING] = "\0"; strcat (xmldoc, getenv ("HOME")); strcat (xmldoc, CLIENT_CONF_DIR); if (opendir (xmldoc) == NULL) mkdir (xmldoc, 0755); strcat (xmldoc, CLIENT_CONF_FILE); /* Is there enough parameters */ if (argc <= 1) { printf ("Usage: %s <script>|<-c host [rhost] >|<-r [script] >|<-q>\n", argv[0]); return (0); } /* Option -r reset all wrekavocd */ if (argc <= 3 && argv[1][0] == '-' && argv[1][1] == 'r') { if (argc <= 2) Back2normalHost (xmldoc); else { buildXml (argv[2], "/tmp/wrekavoc.reset"); Back2normalHost ("/tmp/wrekavoc.reset"); } } /* Option -c : check host */ else if (argc <= 4 && argv[1][0] == '-' && argv[1][1] == 'c') { if (argc == 3) checkHost (argv[2], "a"); else if (argc == 4) checkHost (argv[2], argv[3]); } /* Option -q : quit all wrekavocd */ else if (argc == 2 && argv[1][0] == '-' && argv[1][1] == 'q') { killHost (xmldoc); } /* Normal : transfert data to nodes */ else { /* Create xml structure from script */ printf ("Building Xml...\n\n"); buildXml (argv[1], xmldoc); /* Check if xml structure is ok */ printf ("Checking Xml...\n\n"); checkXml (xmldoc); /* Send xml structure to nodes */ printf ("Sending Xml...\n"); sendXml (xmldoc); } printf ("\nAction finished!\n"); return 0; }
void AttributeMap::load( dbID id ) { QSqlQuery q1; q1.prepare("SELECT id, name, valueIsList, relationTable, relationIDColumn, relationStringColumn FROM attributes WHERE hostObject=:hostObject AND hostId=:hostId"); q1.bindValue(":hostObject", mHost); q1.bindValue(":hostId", id.toInt()); q1.exec(); checkHost(); while ( q1.next() ) { QString h = q1.value( 1 ).toString(); bool isList = q1.value( 2 ).toBool(); QString relTable = q1.value( 3 ).toString(); QString relIDCol = q1.value( 4 ).toString(); QString relStrCol = q1.value( 5 ).toString(); Attribute attr( h ); attr.setListValue( isList ); attr.setValueRelation( relTable, relIDCol, relStrCol ); QSqlQuery q2; q2.prepare("SELECT value FROM attributeValues WHERE attributeId=:id"); q2.bindValue(":id", q1.value(0).toInt()); q2.exec(); QStringList values; QString str; while ( q2.next() ) { if ( isList ) { values << q2.value( 0 ).toString(); } else { str = q2.value( 0 ).toString(); // kDebug() << " attribute string " << h <<": " << str; } } // kDebug() << " attribute list " << h <<": " << values; if ( isList ) { attr.setRawValue( QVariant( values ) ); } else { attr.setRawValue( QVariant( str ) ); } attr.setPersistant( true ); insert( h, attr ); } }
result_t Url::parse(exlib::string url, bool parseQueryString, bool slashesDenoteHost) { bool bHost; clear(); m_slashes = false; trimUrl(url, url); const char* c_str = url.c_str(); bool hasHash = qstrchr(c_str, '#') != NULL; if (!slashesDenoteHost && !hasHash && isUrlSlash(*c_str)) { parsePath(c_str); parseQuery(c_str); parseHash(c_str); if (parseQueryString) { m_queryParsed = new HttpCollection(); m_queryParsed->parse(m_query); } return 0; } parseProtocol(c_str); bHost = checkHost(c_str); if (slashesDenoteHost || m_protocol.length() > 0 || bHost) m_slashes = ((isUrlSlash(*c_str) && isUrlSlash(c_str[1])) && (m_protocol.length() <= 0 || m_protocol.compare("javascript:"))); if (m_protocol.compare("javascript:") && m_slashes) { c_str += 2; parseAuth(c_str); parseHost(c_str); } parsePath(c_str); parseQuery(c_str); parseHash(c_str); if (parseQueryString) { m_queryParsed = new HttpCollection(); m_queryParsed->parse(m_query); } return 0; }
void scanner(char *ipRange) { char *wee[10]; char *begin[10]; char *end[10]; tokenise(ipRange, wee, "-"); int octaB, octaE, octbB, octbE, octcB, octcE; tokenise(wee[0], begin, "."); tokenise(wee[1], end, "."); octaB = atoi(begin[0]); // YYY.XXX.XXX.XXX octaE = atoi(end[0]); octbB = atoi(begin[1]); octbE = atoi(end[1]); octcB = atoi(begin[2]); octcE = atoi(end[2]); int loop1; for (loop1=octaB; loop1<=octaE; loop1++) { int loop2; for (loop2=octbB; loop2<=octbE; loop2++) { int loop3; for (loop3=octcB; loop3<=octcE; loop3++) { int loop4; for (loop4=0; loop4<=255; loop4++) { char* host; asprintf(&host, "%i.%i.%i.%i", loop1, loop2,loop3, loop4); //printf("\n\rScanning: %s", host); if (scanHost(host) == 0 && checkHost(host) == 0) // This will run scanHost THEN checkHost right? { syslog(LOG_DEBUG, "Oh a sheep!"); //printf("\n\r - %s is vulnerable", host); infectHost(host); } } } } } }
/** * Open file and check every ProxyPass* or ProxyR* entry. * - follows include ... directive * - determines serverroot */ static int checkFile(const char *cmd, const char *filename) { int status = 1; int ln = 0; char line[1024]; FILE *f = fopen(filename, "r"); if(f == NULL) { if(ServerRoot[0] != '\0') { char fqfile[2048]; snprintf(fqfile, sizeof(fqfile), "%s/%s", ServerRoot, filename); f = fopen(fqfile, "r"); } } if(f == NULL) { fprintf(stderr,"[%s]: ERROR, could not open file %s\n", cmd, filename); return 0; } while(!qs_getLinef(line, sizeof(line), f)) { char *command = NULL; int cmd_len = 0; int to = 0; while(line[to]) { line[to] = tolower(line[to]); to++; } ln++; command = strstr(line, QS_PROXYP); cmd_len = strlen(QS_PROXYP); if(command == NULL) command = strstr(line, QS_PROXYP_TAB); if(command == NULL) { command = strstr(line, QS_PROXYPR); cmd_len = strlen(QS_PROXYPR); } if(command == NULL) command = strstr(line, QS_PROXYPR_TAB); if(command == NULL) { command = strstr(line, QS_PROXYR); cmd_len = strlen(QS_PROXYR); } if(command == NULL) command = strstr(line, QS_PROXYR_TAB); if(command && strchr(line, '#') == 0) { /* command = cmd url schema://host[:port]/url */ char *abs_url = &command[cmd_len]; int i, j; /* get the url */ for(i=0;(abs_url[i] == ' ') || (abs_url[i] == '\t'); i++); abs_url = &abs_url[i]; /* skip url */ for(i=0;(abs_url[i] != ' ') && (abs_url[i] != '\t') && (abs_url[i] != '\0'); i++); abs_url = &abs_url[i]; /* get schema://host[:port]/url */ for(i=0;(abs_url[i] == ' ') || (abs_url[i] == '\t'); i++); abs_url = &abs_url[i]; /* ping */ if(abs_url && abs_url[0] != '\0' && abs_url[0] != '!') { status = status & checkHost(cmd, filename, ln, abs_url); } } else { /* include commands */ command = strstr(line, QS_INCLUDE); if(command == NULL) command = strstr(line, QS_INCLUDE_TAB); if(command && strchr(line, '#') == 0) { char *file = &command[strlen(QS_INCLUDE)]; int i, j; /* get the value */ for(i=0;(file[i] == ' ') || (file[i] == '\t'); i++); /* delete spaces at the end of the value */ if(&file[i] != '\0') { for(j=i+1;(file[j] != ' ') && (file[j] != '\t') && (file[j] != '\0'); j++); file[j] = '\0'; } file = &file[i]; status = status & checkFile(cmd, file); } else { /* server root */ command = strstr(line, QS_SERVERROOT); if(command == NULL) command = strstr(line, QS_SERVERROOT_TAB); if(command && strchr(line, '#') == 0) { char *sr = &command[strlen(QS_SERVERROOT)]; int i, j; /* get the value */ for(i=0;(sr[i] == ' ') || (sr[i] == '\t'); i++); /* delete spaces at the end of the value */ if(&sr[i] != '\0') { for(j=i+1;(sr[j] != ' ') && (sr[j] != '\t') && (sr[j] != '\0'); j++); sr[j] = '\0'; } strcpy(ServerRoot, &sr[i]); } } } } fclose(f); return status; }
/* * this method saves the attribute together with the host string that * defines the type of object that this attribute is associated to (like * position or document) and the hosts database id. */ void AttributeMap::save( dbID id ) { checkHost(); QSqlQuery attribQuery; attribQuery.prepare( "SELECT id, valueIsList FROM attributes WHERE hostObject=:host AND hostId=:hostId AND name=:name" ); attribQuery.bindValue( ":host", mHost ); attribQuery.bindValue( ":hostId", id.toString() ); Iterator it; for ( it = begin(); it != end(); ++it ) { Attribute att = it.value(); kDebug() << ">> oo- saving attribute with name " << it.key() << " for " << id.toString() << " att-name: " << att.name(); attribQuery.bindValue( ":name", att.name() ); attribQuery.exec(); QString attribId; if ( attribQuery.next() ) { // the attrib exists. Check the values attribId = attribQuery.value(0).toString(); // the id if ( att.value().isNull() || att.mDelete ) { // the value is empty. the existing entry needs to be dropped dbDeleteAttribute( attribId ); return; } } else { // the attrib does not yet exist. Create if att value is not null. if ( att.value().isNull() ) { kDebug() << "oo- skip writing of attribute, value is empty"; } else { kDebug() << "oo- writing of attribute name " << att.name(); QSqlQuery insQuery; insQuery.prepare( "INSERT INTO attributes (hostObject, hostId, name, valueIsList, relationTable, " "relationIDColumn, relationStringColumn) " "VALUES (:host, :hostId, :name, :valueIsList, :relTable, :relIDCol, :relStringCol )" ); insQuery.bindValue( ":host", mHost ); insQuery.bindValue( ":hostId", id.toString() ); insQuery.bindValue( ":name", att.name() ); insQuery.bindValue( ":valueIsList", att.listValue() ); // Write the relation table info. These remain empty for non related attributes. insQuery.bindValue( ":relTable", att.mTable ); insQuery.bindValue( ":relIDCol", att.mIdCol ); insQuery.bindValue( ":relStringCol", att.mStringCol ); insQuery.exec(); dbID attId = KraftDB::self()->getLastInsertID(); attribId = attId.toString(); } } // store the id to be able to drop not longer existent values kDebug() << "adding attribute id " << attribId << " for attribute " << att.name(); // now there is a valid entry in the attribute table. Check the values. QSqlQuery valueQuery( "SELECT id, value FROM attributeValues WHERE attributeId=" + attribId ); typedef QMap<QString, QString> ValueMap; ValueMap valueMap; while ( valueQuery.next() ) { QString idStr = valueQuery.value( 0 ).toString(); // id QString valStr = valueQuery.value( 1 ).toString(); // value valueMap[valStr] = idStr; } // create a stringlist with the current values of the attribute if ( att.listValue() ) { QStringList newValues; newValues = att.mValue.toStringList(); kDebug() << "new values are: " << newValues.join( ", " ); if ( newValues.empty() ) { // delete the entire attribute. dbDeleteValue( attribId ); // deletes all values dbDeleteAttribute( attribId ); valueMap.clear(); } else { // we really have new values QSqlQuery insValue; insValue.prepare( "INSERT INTO attributeValues (attributeId, value) VALUES (:attribId, :val)" ); insValue.bindValue( ":attribId", attribId ); // loop over all existing new values of the attribute. for ( QStringList::Iterator valIt = newValues.begin(); valIt != newValues.end(); ++valIt ) { QString curValue = *valIt; if ( valueMap.contains( curValue ) ) { // the valueMap is already saved. remove it from the valueMap string kDebug() << "Value " << curValue << " is already present with id " << valueMap[curValue]; valueMap.remove( curValue ); } else { // the value is not yet there, insert it. insValue.bindValue( ":val", curValue ); insValue.exec(); } } } } else { // only a single entry for the attribte, update if needed. QString newValue = att.mValue.toString(); // access the attribute object directly to get the numeric kDebug() << "NEW value String: " << newValue; // value in case the attribute is bound to a relation table if ( newValue.isEmpty() ) { // delete the entire attribute dbDeleteValue( attribId ); // deletes all values dbDeleteAttribute( attribId ); valueMap.clear(); } else { if ( valueMap.empty() ) { // there is no entry yet that could be updated. QSqlQuery insertQuery; insertQuery.prepare( "INSERT INTO attributeValues (attributeId, value ) VALUES (:id, :val)" ); insertQuery.bindValue( ":id", attribId ); insertQuery.bindValue( ":val", newValue ); insertQuery.exec(); kDebug() << "insert new attrib value for non list: " << newValue; } else { QString oldValue = valueMap.begin().key(); QString id = valueMap.begin().value(); if ( newValue != oldValue ) { kDebug() << "Updating " << id << " from " << oldValue << " to " << newValue; QSqlQuery updateQuery; updateQuery.prepare( "UPDATE attributeValues SET value=:val WHERE id=:id" ); updateQuery.bindValue( ":val", newValue ); updateQuery.bindValue( ":id", id ); kDebug() << "do the update!"; updateQuery.exec(); } valueMap.remove( oldValue ); } } } // remove all still existing entries in the valueMap because they point to values which are // in the db but were deleted from the attribute if ( ! valueMap.isEmpty() ) { ValueMap::Iterator mapIt; for ( mapIt = valueMap.begin(); mapIt != valueMap.end(); ++mapIt ) { QString valId = mapIt.value(); dbDeleteValue( attribId, valId ); } } } }