int cgiMain() {
int ret;
FILE *fp;
static char title[] = "Help and additional Information";
if (! (fp = fopen(HELP_TEMPL, "r")))
int_error("Error cant open help file");
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title, NULL, cgiOut);
/* -------------------------------------------------------------------------- *
* start the form output *
* ---------------------------------------------------------------------------*/
for(;;) {
ret = getc(fp);
if(ret == EOF) break;
fprintf(cgiOut, "%c", ret);
}
pagefoot(NULL);
fclose(fp);
return(0);
}
void handle_error(const char *file, int lineno, const char *msg)
{
static char title[] = "System Error Information";
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title, NULL, cgiOut);
fprintf(cgiOut, "<h3>%s Error</h3>\n", CLIENT_SW_VERSION);
fprintf(cgiOut, "<hr>");
fprintf(cgiOut, "<ul><li>File: %s Line: %d</li></ul>\n", file, lineno);
fprintf(cgiOut, "<p>Error: %s</p>\n", msg);
fprintf(cgiOut, "<h3>Additional Information</h3>\n");
fprintf(cgiOut, "<hr>");
fprintf(cgiOut, "<p>");
ERR_print_errors_fp(cgiOut);
fprintf(cgiOut, "</p>");
fprintf(cgiOut, "<p>");
fprintf(cgiOut, "For most common errors, please see section 5 under <a href=\"help.cgi\">Help</a>.\n");
fprintf(cgiOut, "If the problem persists, please contact me at <a href=\"mailto:%s\">%s</a>\n", CONTACT_EMAIL, CONTACT_EMAIL);
fprintf(cgiOut, "with the info above and include a description what triggered the error.");
fprintf(cgiOut, "</p>");
pagefoot(NULL);
exit(-1);
}
int cgiMain() {
int ret;
FILE *fp = NULL;
static char templ[41];
static char title[41];
if (! (cgiFormString("templ", templ, sizeof(templ)) == cgiFormSuccess))
int_error("Error getting >templ< from calling URL");
if (strcmp(templ, "help") == 0) {
snprintf(title, sizeof(title), "%s", "Help and additional Information");
if (! (fp = fopen(HELP_TEMPL, "r")))
int_error("Error can't open help file");
}
else if (strcmp(templ, "index") == 0) {
snprintf(title, sizeof(title), "%s", "Index");
if (! (fp = fopen(INDEX_TEMPL, "r")))
int_error("Error can't open index file");
}
else if (strcmp(templ, "policy") == 0) {
snprintf(title, sizeof(title), "%s", "CA Policy");
if (! (fp = fopen(POLICY_TEMPL, "r")))
int_error("Error can't open policy file");
}
else {
int_error("Error unknown template file");
}
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title);
for(;;) {
ret = getc(fp);
if(ret == EOF) break;
fprintf(cgiOut, "%c", ret);
}
pagefoot();
fclose(fp);
return 0;
}
int cgiMain() {
#ifdef MYSQL_DB
static MYSQL *dbh; /* database connect handle */
static MYSQL_RES *result; /* database query results */
static MYSQL_ROW values; /* query data returned */
unsigned int colcount =0; /* number of returned columns */
int server_version; /* returned server version */
#endif
#ifdef ORACLE_DB
sqlo_db_handle_t dbh; /* database handle */
sqlo_stmt_handle_t sth1; /* statement handle 1 */
char server_version[1024]=""; /* string for returned server version */
int stat =0; /* status of sqlo calls */
int handle =0; /* handle of the interrupt handler */
//const char ** colnames; /* column names */
const char ** values; /* values */
#endif
char sqlquery_str[1024] =""; /* SQL query string */
int allrows =0; /* number of returned rows */
int rowcount =0; /* row iteration counter */
div_t oddline_calc; /* calculates even/odd row color */
int top_count =0; /* how many top ip to display */
char start_date[11] =""; /* selected start date */
char start_time[6] =""; /* selected start time */
char end_date[11] =""; /* selected end date */
char end_time[6] =""; /* selected end time */
char order_by[13] =""; /* sort list by column */
char sort_order[5] =""; /* ascending or descending */
char **form_data; /* string array for query data */
char title[256] = ""; /* cgi title string */
struct tm *tm_ptr; /* containing time structure */
time_t now, old; /* containing timestamp */
char err_str[2048] = ""; /* use for combined error string */
int period = 0; /* the period to display */
char dataunit[255] = "0 Bytes"; /* holds the calculated KB/MB */
_abort_flag = 0;
#ifdef ORACLE_DB
/* ------------------------------------------------------------------- *
* ORACLE_HOME is needed for OCI8 to find tnsnames.ora *
* ------------------------------------------------------------------- */
putenv(WEB_ORACLE_ENV);
/* initialize the connection */
if (SQLO_SUCCESS != sqlo_init(SQLO_OFF, 1, 100))
cgi_error("Error: Failed to init libsqlora8.");
/* register the interrupt handler */
sqlo_register_int_handler(&handle, sigint_handler);
/* login to the database */
if (SQLO_SUCCESS != sqlo_connect(&dbh, WEB_TNS_STRING))
cgi_error("Error: Cannot connect to database.");
RETURN_ON_ABORT; /* finish if SIGINT was catched */
if (SQLO_SUCCESS != sqlo_server_version(dbh, server_version,
sizeof(server_version)))
cgi_error(sqlo_geterror(dbh));
RETURN_ON_ABORT; /* finish if SIGINT was catched */
/* enable autocommit, each statement is commited as a single transaction */
stat = sqlo_set_autocommit(dbh, 1);
#endif
#ifdef MYSQL_DB
/* initialize the connection */
dbh = mysql_init(NULL);
if(dbh == NULL) cgi_error("Error: Failed to init MySQL DB.");
/* login to the database */
if (mysql_real_connect(dbh, MYSQLIP, EDACSADMIN, ADMIN_PASS, DB_NAME, DB_PORT, NULL, 0) == 0)
cgi_error("Error: Cannot connect to database.");
/* Get the database version */
server_version = mysql_get_server_version(dbh);
#endif
/* we load the cgi form values into form_data */
if (cgiFormEntries(&form_data) != cgiFormSuccess)
cgi_error("Error: Could not retrieve form data.");
if(form_data[0] == NULL) {
/* ------------------------------------------------------------------- *
* Start the HTML output to display the query selection *
* ------------------------------------------------------------------- */
/* define the CGI title */
snprintf(title, sizeof(title), "Top IP Address Session Activity");
pagehead(title);
fprintf(cgiOut, "<div id=\"content\">\n");
fprintf(cgiOut, "<form action=\"ip-toplast.cgi\" method=\"get\">\n");
fprintf(cgiOut, "<table class=\"inner\" width=100%%>\n");
/* 1st row, display headers */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\">Number of IP</th>");
fprintf(cgiOut, "<th class=\"inner\">Time Frame</th>");
fprintf(cgiOut, "<th class=\"inner\">Top by</th>");
fprintf(cgiOut, "<th class=\"inner\">Sort Order</th>");
fprintf(cgiOut, "</tr>\n");
/* 2nd row */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\"><input type=radio value=\"24\" checked name=\"start\">Last Day</td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "</tr>\n");
/* 3rd row, request values */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner-ctr\">(choose one)</td>");
fprintf(cgiOut, "<td class=\"inner\"><input type=radio value=\"168\" name=\"start\">Last Week</td>");
fprintf(cgiOut, "<td class=\"inner-ctr\">(choose one)</td>");
fprintf(cgiOut, "<td class=\"inner\"><input type=radio value=\"desc\" checked name=\"sort_order\">");
fprintf(cgiOut, "Top</td>");
fprintf(cgiOut, "</tr>\n");
/* 4th row, request values */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner-ctr\"><select name=\"top_count\" size=\"1\">");
fprintf(cgiOut, "<option value=\"5\">Top 5 IP</option>");
fprintf(cgiOut, "<option selected value=\"10\">Top 10 IP</option>");
fprintf(cgiOut, "<option value=\"20\">Top 20 IP</option>");
fprintf(cgiOut, "<option value=\"50\">Top 50 IP</option>");
fprintf(cgiOut, "</select></td>");
fprintf(cgiOut, "<td class=\"inner\"><input type=radio value=\"720\" name=\"start\">Last Month</td>");
fprintf(cgiOut, "<td class=\"inner-ctr\"><select name=\"order_by\" size=\"1\">");
fprintf(cgiOut, "<option value=\"elapsed_mins\">Elapsed Time</option>");
fprintf(cgiOut, "<option value=\"bytes_in\">Bytes In</option>");
fprintf(cgiOut, "<option selected value=\"bytes_out\">Bytes Out</option>");
fprintf(cgiOut, "<option value=\"packets_in\">Packets In</option>");
fprintf(cgiOut, "<option value=\"packets_out\">Packets Out</option>");
fprintf(cgiOut, "<option value=\"sessions\">Session Count</option>");
fprintf(cgiOut, "</select></td>");
fprintf(cgiOut, "<td class=\"inner\"><input type=radio name=\"sort_order\" value=\"asc\">Bottom</td>");
fprintf(cgiOut, "</tr>\n");
/* 5th row */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\">");
fprintf(cgiOut, "<input type=radio value=\"2160\" name=\"start\">Last 3 Months</td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "</tr>\n");
/* 6th and last row, close the frame */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" colspan=4><input type=submit value=\"Run Query\"></td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "<h3>Additional Information</h3>\n");
fprintf(cgiOut, "<hr>\n");
fprintf(cgiOut, "<p>\n");
fprintf(cgiOut, "This query returns a list of top IP addresses of the \"Order By\" selection for the last time period choosen.");
fprintf(cgiOut, " It will give you a quick view who is possibly missusing the service, i.e. transferring large amounts of data in or out.");
fprintf(cgiOut, "<ul>");
fprintf(cgiOut, "<li>Select the number of top IP to display (5, 10, 20, 50) from the drop down list.");
fprintf(cgiOut, "<li>The time frame can be selected from the radio menu, time is counting back from now.");
fprintf(cgiOut, "<li>The results list is grouped by the \"Order By\" list, and sorted \"Top\" down or \"Bottom\" up.");
fprintf(cgiOut, "</ul>");
fprintf(cgiOut, "</p>\n");
} /* end if for displaying the query request */
else {
/* ------------------------------------------------------------------- *
* check if we got all information to make the SQL query *
* --------------------------------------------------------------------*/
if ( cgiFormIntegerBounded("top_count", &top_count, 1, 50, 10)
!= cgiFormSuccess )
cgi_error("Error retrieving IP top count.");
if ( cgiFormIntegerBounded("start", &period, 1, 2160, 24)
!= cgiFormSuccess )
cgi_error("Error retrieving start period information.");
if ( cgiFormString("order_by", order_by, sizeof(order_by))
!= cgiFormSuccess )
cgi_error("Error retrieving order_by information.");
if ( cgiFormString("sort_order", sort_order, sizeof(sort_order))
!= cgiFormSuccess )
cgi_error("Error retrieving sort_order information.");
/* ------------------------------------------------------------------- *
* The calculate query start and end time from given period in hours *
* ------------------------------------------------------------------- */
now = time(NULL);
tm_ptr = localtime(&now);
strftime(end_date, sizeof(end_date), "%d.%m.%Y", (tm_ptr));
strftime(end_time, sizeof(end_time), "%H:%M", tm_ptr);
old = time(NULL) - (period * 3600);
tm_ptr = localtime(&old);
strftime(start_date, sizeof(start_date), "%d.%m.%Y", tm_ptr);
strftime(start_time, sizeof(start_time), "%H:%M", tm_ptr);
/* ------------------------------------------------------------------- *
* check we got all parts and can start doing the SQL query below *
* --------------------------------------------------------------------*/
#ifdef ORACLE_DB
snprintf(sqlquery_str, sizeof(sqlquery_str), "SELECT IP_ADDR, TO_CHAR(SUM(BYTES_IN), '999,999,999,999') BYTES_IN, TO_CHAR(SUM(BYTES_OUT), '999,999,999,999') BYTES_OUT, TO_CHAR(SUM(PACKETS_IN), '999,999,999,999') PACKETS_IN, TO_CHAR(SUM(PACKETS_OUT), '999,999,999,999') PACKETS_OUT, TO_CHAR(SUM(ELAPSED_MINS), '99,999.99') ELAPSED_MINS, COUNT (IP_ADDR) AS SESSIONS FROM %s.V_EDACS WHERE BYTES_IN IS NOT NULL AND START_DATE BETWEEN TO_DATE('%s %s', 'dd.mm.yyyy hh24:mi') and TO_DATE ('%s %s', 'dd.mm.yyyy hh24:mi') GROUP BY IP_ADDR ORDER BY %s %s",
EDACSADMIN, start_date, start_time, end_date,
end_time, order_by, sort_order);
/* initialize the statement handle */
sth1 = SQLO_STH_INIT;
/* opens a cursor for the query statement */
if ( 0 > (sqlo_open2(&sth1, dbh, sqlquery_str, 0, NULL))) {
if(DEBUG == 0) cgi_error(sqlo_geterror(dbh));
else snprintf(err_str, sizeof(err_str), "DB error %s\n\nQuery string %s",
sqlo_geterror(dbh), sqlquery_str);
cgi_error(err_str);
}
RETURN_ON_ABORT; /* finish if SIGINT was catched */
/* get the output column names */
//if (SQLO_SUCCESS != sqlo_ocol_names2(sth1, &colcount, &colnames))
// cgi_error("Error getting the DB columns with sqlo_ocol_names2()");
// RETURN_ON_ABORT; /* finish if SIGINT was catched */
#endif
#ifdef MYSQL_DB
snprintf(sqlquery_str, sizeof(sqlquery_str), "SELECT ip_addr, SUM(bytes_in) bytes_in, SUM(BYTES_OUT) bytes_out, TRUNCATE((bytes_in+bytes_out)/SUM(TIME_TO_SEC(elapsed_mins)),2) throughput, FORMAT(SUM(packets_in), 0) packets_in, FORMAT(SUM(packets_out), 0) packet_out, SEC_TO_TIME(SUM(TIME_TO_SEC(elapsed_mins))) elapsed_mins, COUNT(ip_addr) AS SESSIONS FROM v_edacs WHERE bytes_in IS NOT NULL AND start_date BETWEEN STR_TO_DATE('%s %s', '%s') and STR_TO_DATE('%s %s', '%s') GROUP BY ip_addr ORDER BY %s %s",
start_date, start_time, "%d.%m.%Y %H:%i",
end_date, end_time, "%d.%m.%Y %H:%i",
order_by, sort_order);
/* Prepare and execute the SQL statement */
if(mysql_query(dbh, sqlquery_str) != 0) {
if(DEBUG == 0) cgi_error(mysql_error(dbh));
else snprintf(err_str, sizeof(err_str), "DB error %s\n\nQuery string %s",
mysql_error(dbh), sqlquery_str);
cgi_error(err_str);
}
/* get query results set */
result = mysql_store_result(dbh);
if (result == NULL) {
snprintf(err_str, sizeof(err_str), "No results for query: %s\n", sqlquery_str);
cgi_error( err_str);
}
allrows = mysql_num_rows(result);
colcount = mysql_num_fields(result);
#endif
/* ------------------------------------------------------------------------ *
* start the html output *
* -------------------------------------------------------------------------*/
snprintf(title, sizeof(title), "Top %d IP Address Activity by %s", top_count, order_by);
pagehead(title);
fprintf(cgiOut, "<div id=\"content\">\n");
fprintf(cgiOut, "<p>\n");
fprintf(cgiOut, "<b>Top:</b> %d <b>Selection:</b> %s <b>Timeperiod:</b> %s %s - %s %s <b>Data Records:</b> %d",
top_count, order_by, start_date, start_time, end_date, end_time, allrows);
fprintf(cgiOut, "</p>\n");
fprintf(cgiOut, "<table class=\"inner\" width=100%%>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\">#</th>\n");
fprintf(cgiOut, "<th class=\"inner\">IP Address</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Data In</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Data Out</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Throughput</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Packets In</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Packets Out</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Elapsed Time</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Sessions</th>\n");
fprintf(cgiOut, "</tr>\n");
/* fetch the data */
#ifdef ORACLE_DB
while ( SQLO_SUCCESS == (stat = (sqlo_fetch(sth1, 1)))) {
/* get one record */
values = sqlo_values(sth1, NULL, 1);
#endif
#ifdef MYSQL_DB
while((values = mysql_fetch_row(result)) != NULL) {
#endif
rowcount++;
/* check for even/odd rows */
oddline_calc = div(rowcount, 2);
if(oddline_calc.rem) fprintf(cgiOut, "<tr class=\"odd\">\n");
else fprintf(cgiOut, "<tr class=\"even\">\n");
fprintf(cgiOut, "<td>%d</td>\n", rowcount);
fprintf(cgiOut, "<td>");
fprintf(cgiOut, "<a href=ip-actlast.cgi?start=%d&sort_order=%s&ipaddr=%s&order_by=start_date>",
period, sort_order, values[0]);
fprintf(cgiOut, "%s</a></td>", values[0]);
fprintf(cgiOut, "<td class=\"right\">%s</td>", calc_units(values[1], dataunit));
fprintf(cgiOut, "<td class=\"right\">%s</td>", calc_units(values[2], dataunit));
fprintf(cgiOut, "<td class=\"right\">%s/s</td>", calc_units(values[3], dataunit));
fprintf(cgiOut, "<td class=\"right\">%s</td>", values[4]);
fprintf(cgiOut, "<td class=\"right\">%s</td>", values[5]);
fprintf(cgiOut, "<td class=\"right\">%s</td>", values[6]);
fprintf(cgiOut, "<td class=\"right\">%s</td>", values[7]);
fprintf(cgiOut, "</tr>\n");
if ( rowcount == top_count) break;
} /* end while row */
#ifdef ORACLE_DB
if (SQLO_SUCCESS != sqlo_close(sth1))
cgi_error("Error Closing the SQL statment handle.");
RETURN_ON_ABORT; /* finish if SIGINT was catched */
#endif
#ifdef MYSQL_DB
mysql_close(dbh);
#endif
/* ----------------------------------------------------------------- *
* IF there was no data for the selection, display a notification *
* ----------------------------------------------------------------- */
if(rowcount == 0) {
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td colspan=9>");
fprintf(cgiOut, "No data found for top %d IP by %s between %s %s and %s %s.",
top_count, order_by, start_date, start_time, end_date, end_time);
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
} /* end if rowcount is zero */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" colspan=9>");
fprintf(cgiOut, " ");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
} /* end else we were called with form data */
pageside();
pagefoot();
return(0);
}
int cgiMain() {
static char title[] = "Create a new Scan Configuration";
char ip[16];
int port;
char user[81];
char pass[81];
char cert[81];
char encr[81];
int prefs_counter = 0;
int rules_counter = 0;
int pdeps_counter = 0;
int even_counter = 0;
int odd_counter = 0;
SSL *ssl;
int i = 0;
char altcolor[16] = "class=\"odd\"";
#ifdef DEBUG
char error_string[255] = "";
if(! (debugfile = fopen(DEBUGFILE, "w"))) {
snprintf(error_string, sizeof(error_string),
"Cannot open debug file %s for writing.", DEBUGFILE);
int_error(error_string);
}
#endif
/* -------------------------------------------------------------------------- *
* check if we got called from scantemplates to create a new template file *
* ---------------------------------------------------------------------------*/
cgiFormString("template", templatefilestr, sizeof(templatefilestr));
/* -------------------------------------------------------------------------- *
* check if we got all information to make a scan server connection *
* ---------------------------------------------------------------------------*/
if ( cgiFormString("ip", ip, sizeof(ip)) != cgiFormSuccess )
int_error("Error retrieving OpenVAS server IP address.");
if ( cgiFormInteger("port", &port, SCANNER_PORT) != cgiFormSuccess )
int_error("Error retrieving OpenVAS server port number.");
if ( port <= 0 || port > 65535 )
int_error("Error OpenVAS server port number not in a valid port range.");
if ( cgiFormString("encr", encr, sizeof(encr)) != cgiFormSuccess )
int_error("Error retrieving OpenVAS server protocol encryption type.");
if ( cgiFormString("user", user, sizeof(user)) != cgiFormSuccess )
int_error("Error retrieving OpenVAS remote user name.");
if ( cgiFormString("pass", pass, sizeof(pass)) != cgiFormSuccess )
int_error("Error retrieving OpenVAS remote user password.");
if ( cgiFormString("cert", cert, sizeof(cert)) != cgiFormSuccess )
int_error("Error retrieving OpenVAS client certificate name.");
/* -------------------------------------------------------------------------- *
* make a SSL connection to the OpenVAS Server. *
* ---------------------------------------------------------------------------*/
ssl = scanner_connect(ip, port, encr, cert);
/* -------------------------------------------------------------------------- *
* Handle the login to the OpenVAS Server. *
* ---------------------------------------------------------------------------*/
scanner_login(ssl, user, pass);
/* -------------------------------------------------------------------------- *
* Get the list of plugins from the OpenVAS Server and *
* create the list of categories. *
* ---------------------------------------------------------------------------*/
plugs_counter = 0;
plugs_counter = scanner_getplugs(ssl);
if (plugs_counter == 0)
int_error("Error: Could not receive plugins from OpenVAS server.");
scanner_getgroups();
/* -------------------------------------------------------------------------- *
* Get the preferences list from the OpenVAS Server. *
* ---------------------------------------------------------------------------*/
prefs_counter = scanner_getprefs(ssl);
if (prefs_counter == 0)
int_error("Could not receive preferences from OpenVAS server.");
/* -------------------------------------------------------------------------- *
* Get the rules list from the OpenVAS Server. *
* ---------------------------------------------------------------------------*/
rules_counter = scanner_getrules(ssl);
/* it isn't unusual to have no rules so the count can be zero. */
/* -------------------------------------------------------------------------- *
* Get the preferences dependency list from the OpenVAS Server. *
* ---------------------------------------------------------------------------*/
pdeps_counter = scanner_getpdeps(ssl);
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title, NULL, cgiOut);
/* -------------------------------------------------------------------------- *
* start the form output *
* ---------------------------------------------------------------------------*/
if(strcmp(templatefilestr, "create") == 0)
fprintf(cgiOut, "<form action=\"scanverify.cgi\" method=\"post\">");
else
fprintf(cgiOut, "<form action=\"scanprocess.cgi\" method=\"post\">");
fprintf(cgiOut, "<table width=\"100%%\">");
fprintf(cgiOut, "<tr>\n");
if(strcmp(templatefilestr, "create") == 0) {
fprintf(cgiOut, "<th colspan=2>");
fprintf(cgiOut, "New OpenVAS Scan Template");
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "<td bgcolor=CFCFCF align=\"center\" bordercolor=CFCFCF");
fprintf(cgiOut, " width=270>");
fprintf(cgiOut, "Configuration Name:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\">");
fprintf(cgiOut, "<input type=text name=s-name size=35 maxlength=35>");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th colspan=2>");
fprintf(cgiOut, "<input type=\"submit\" value=\"Save Template\">");
fprintf(cgiOut, "</th>");
}
else {
fprintf(cgiOut, "<th colspan=4>");
fprintf(cgiOut, "Scan Target IP Address and optional Login Credentials");
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>");
fprintf(cgiOut, "<td bgcolor=CFCFCF align=\"center\">");
fprintf(cgiOut, "IP Address:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\">");
fprintf(cgiOut, "<input type=text name=t-ip size=15 maxlength=15 value=%s>",
DEFAULT_TARGET_IP);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td bgcolor=CFCFCF align=\"center\">");
fprintf(cgiOut, "Credentials:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\">");
fprintf(cgiOut, "<select name=\"c-type\">");
fprintf(cgiOut, "<option value=\"none\" selected>No Credentials</option>");
fprintf(cgiOut, "<option value=\"ssh-pass\">SSH Passphrase</option>");
fprintf(cgiOut, "<option value=\"smb-pass\">SMB User Login</option></select>");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>");
fprintf(cgiOut, "<td bgcolor=CFCFCF align=\"center\">");
fprintf(cgiOut, "User Name:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\">");
fprintf(cgiOut, "<input type=text name=c-user size=15 maxlength=15>");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td bgcolor=CFCFCF align=\"center\">");
fprintf(cgiOut, "Passphrase:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\">");
fprintf(cgiOut, "<input type=password name=c-pass size=18 maxlength=30>");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>");
fprintf(cgiOut, "<th colspan=4>");
fprintf(cgiOut, "<input type=\"submit\" value=\"Start Scan\">");
fprintf(cgiOut, "</th>");
}
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "</table>");
/* forward login information to either scanprocess.cgi or scanverify.cgi */
fprintf(cgiOut,"<input type=hidden name=ip value=%s>",ip);
fprintf(cgiOut,"<input type=hidden name=port value=%d>",port);
fprintf(cgiOut,"<input type=hidden name=encr value=%s>",encr);
fprintf(cgiOut,"<input type=hidden name=user value=%s>",user);
/* Escape the password string, it can contain HTML reserved chars like '>' */
fprintf(cgiOut,"<input type=hidden name=pass value=");
cgiHtmlEscape(pass);
fprintf(cgiOut,">");
fprintf(cgiOut,"<input type=hidden name=cert value=%s>",cert);
fprintf(cgiOut, "<p>");
fprintf(cgiOut, "<table width=\"100%%\">");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th colspan=6>");
fprintf(cgiOut, "OpenVAS Scanner Plugin Family List");
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "<tr>");
for(i=0; i<famly_counter; i++) {
fprintf(cgiOut, "<td bgcolor=CFCFCF align=\"center\" bordercolor=CFCFCF>");
fprintf(cgiOut, "<input type=checkbox name=\"%s\">", famlylist[i].name);
fprintf(cgiOut, "</td>");
if( i == 1 || (i % 2) != 0 ) {
if ( odd_counter == 1 || (odd_counter % 2) != 0 )
strncpy(altcolor, "class=\"odd\"", sizeof(altcolor));
else
strncpy(altcolor, "class=\"even\"", sizeof(altcolor));
odd_counter++;
} else {
if ( even_counter == 1 || (even_counter % 2) != 0 )
strncpy(altcolor, "class=\"odd\"", sizeof(altcolor));
else
strncpy(altcolor, "class=\"even\"", sizeof(altcolor));
even_counter++;
}
fprintf(cgiOut, "<td %s>", altcolor);
fprintf(cgiOut, "%s", famlylist[i].name);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td %s style=\"text-align: right;\">", altcolor);
fprintf(cgiOut, "%d", famlylist[i].plugscount);
fprintf(cgiOut, "</td>");
/* we want to display 2 columns of 3 cells (checkbox | Family Name | *
* Plugin Count) to shorten the length of the overall Family list. */
if( i == 1 || (i % 2) != 0 ) fprintf(cgiOut, "</tr><tr>\n");
}
/* if famly_counter is a uneven number we miss a cell at the last row *
* so we better insert a "dummy". */
if( (famly_counter % 2) != 0 ) {
fprintf(cgiOut, "<td bgcolor=CFCFCF bordercolor=CFCFCF> </td>\n");
fprintf(cgiOut, "<td bgcolor=FFFFFF colspan=2> </td>\n");
}
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "<tr>");
fprintf(cgiOut, "<th colspan=6>");
fprintf(cgiOut, "Total: %d Plugins", plugs_counter );
fprintf(cgiOut, " in %d Families.", famly_counter );
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "<p>");
fprintf(cgiOut, "<table width=\"100%%\">");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th colspan=2>");
fprintf(cgiOut, "INOVASC Client");
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "<tr>");
fprintf(cgiOut, "<td align=\"center\" bgcolor=\"#CFCFCF\"");
fprintf(cgiOut, "bordercolor=\"#CFCFCF\" width=180>");
fprintf(cgiOut, "Version:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\"bgcolor=\"#FFFFFF\">");
fprintf(cgiOut, "%s\n", CLIENT_SW_VERSION);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>");
fprintf(cgiOut, "<td align=\"center\" bgcolor=CFCFCF bordercolor=CFCFCF>");
fprintf(cgiOut, "Copyright:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\"bgcolor=\"#FFFFFF\">");
fprintf(cgiOut, "%s\n", CLIENT_COPYRIGHTS);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "<tr>");
fprintf(cgiOut, "<td align=\"center\" bgcolor=CFCFCF bordercolor=CFCFCF>");
fprintf(cgiOut, "Status:");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td align=\"center\"bgcolor=\"#FFFFFF\">");
fprintf(cgiOut, "<b>%s</b> login to server <b>%s</b> successful.",
user, ip);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th colspan=2>");
fprintf(cgiOut, " ");
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "</table>\n");
/* -------------------------------------------------------------------------- *
* end the html output *
* ---------------------------------------------------------------------------*/
pagefoot(NULL);
#ifdef DEBUG
if(debugfile != NULL) fclose(debugfile);
#endif
fclose(cgiOut);
return(0);
}
int cgiMain() {
static char title[256] = "";
static char subtitle[256] = "";
char sorting[16] = "desc";
time_t now = time(NULL);
time_t start = time(NULL);
time_t expiration = time(NULL);
double available_secs = 0;
double remaining_secs = 0;
struct dirent **certstore_files = NULL;
int pagenumber = 1;
int certcounter = 0;
int tempcounter = 0;
int pagecounter = 0;
int dispcounter = 0;
int dispmaxlines = 0;
int certvalidity = 0;
div_t disp_calc;
div_t oddline_calc;
double percent = 0;
cert = X509_new();
certsubject = X509_NAME_new();
char **form_data = NULL; /* string array for query data */
/* get the current time */
now = time(NULL);
/* ------------------------------------------------------------------------- *
* If we are called without arguments, we display the cert search criteria *
* ------------------------------------------------------------------------- */
if (cgiFormEntries(&form_data) != cgiFormSuccess)
int_error("Error: Could not retrieve CGI form data.");
if(form_data[0] == NULL) {
start_tm = *gmtime(&now);
snprintf(title, sizeof(title), "Search existing Certificates");
pagehead(title);
fprintf(cgiOut, "<form action=\"certsearch.cgi\" method=\"get\">");
fprintf(cgiOut, "<table>");
/* Search for Subject String */
fprintf(cgiOut, "<tr><th colspan=\"5\">Search by Name</th></tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"cnt\" rowspan=\"2\">\n");
fprintf(cgiOut, "<input type=\"radio\" value=\"dn\" name=\"search\" />");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "Distinguished Name Field:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
fprintf(cgiOut, "<select name=\"field\">");
fprintf(cgiOut, "<option value=\"countryName\">Country</option>");
fprintf(cgiOut, "<option value=\"stateOrProvinceName\">State</option>");
fprintf(cgiOut, "<option value=\"localityName\">Location</option>");
fprintf(cgiOut, "<option value=\"organizationName\">Organisation</option>");
fprintf(cgiOut, "<option value=\"organizationalUnitName\">Department</option>");
fprintf(cgiOut, "<option value=\"emailAddress\">E-Mail Addr</option>");
fprintf(cgiOut, "<option selected=\"selected\" value=\"commonName\">Common Name</option>");
fprintf(cgiOut, "<option value=\"surname\">Surname</option>");
fprintf(cgiOut, "<option value=\"givenName\">Given Name</option>");
fprintf(cgiOut, "</select>");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "Search String<br />[20 chars max]:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
fprintf(cgiOut, "<input type=\"text\" size=\"15\" name=\"dnvalue\" value=\"changeme.com\" />");
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"desc\" colspan=\"4\">\n");
fprintf(cgiOut, "Search for certificates that have the given string in the selected DN field. ");
fprintf(cgiOut, "The search is case sensitive, so results for country=us can be different from country=US and country=Us.");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
/* Search for Expiration Date */
fprintf(cgiOut, "<tr><th colspan=\"5\">Search by Expiration Date</th></tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"cnt\" rowspan=\"2\">\n");
fprintf(cgiOut, "<input type=\"radio\" value=\"exp\" name=\"search\" checked=\"checked\" />");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "Expiration Date is<br />between Start Date:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
strftime(membio_buf, sizeof(membio_buf), "%d.%m.%Y", &start_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"9\" name=\"exp_startdate\" value=\"%s\" /> ", membio_buf);
strftime(membio_buf, sizeof(membio_buf), "%H:%M", &start_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"3\" name=\"exp_starttime\" value=\"%s\" />", membio_buf);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "and End Date<br />[default 90 days]:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
/* set second time 3 months (90 days) into the future: 86400s/d*90d=7776000s */
expiration = now + 7776000;
expiration_tm = *gmtime(&expiration);
strftime(membio_buf, sizeof(membio_buf), "%d.%m.%Y", &expiration_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"9\" name=\"exp_enddate\" value=\"%s\" /> ", membio_buf);
strftime(membio_buf, sizeof(membio_buf), "%H:%M", &expiration_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"3\" name=\"exp_endtime\" value=\"%s\" />", membio_buf);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"desc\" colspan=\"4\">\n");
fprintf(cgiOut, "Search for certificates that expire(d) between the selected start and end date. ");
fprintf(cgiOut, "By default, the search is pre-set to find certificates that expire in the next 3 months.");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
/* Search for Enabled Date */
fprintf(cgiOut, "<tr><th colspan=\"5\">Search by Creation Date</th></tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"cnt\" rowspan=\"2\">\n");
fprintf(cgiOut, "<input type=\"radio\" value=\"ena\" name=\"search\" />");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "Enabled Date is<br />between Start Date:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
/* set second time 3 months (90 days) into the past: 86400s/d*90d=7776000s */
expiration = now - 7776000;
expiration_tm = *gmtime(&expiration);
strftime(membio_buf, sizeof(membio_buf), "%d.%m.%Y", &expiration_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"9\" name=\"ena_startdate\" value=\"%s\" /> ", membio_buf);
strftime(membio_buf, sizeof(membio_buf), "%H:%M", &expiration_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"3\" name=\"ena_starttime\" value=\"%s\" />", membio_buf);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "and End Date<br />[default now]:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
strftime(membio_buf, sizeof(membio_buf), "%d.%m.%Y", &start_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"9\" name=\"ena_enddate\" value=\"%s\" /> ", membio_buf);
strftime(membio_buf, sizeof(membio_buf), "%H:%M", &start_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"3\" name=\"ena_endtime\" value=\"%s\" />", membio_buf);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"desc\" colspan=\"4\">\n");
fprintf(cgiOut, "Search for certificates that become valid between the selected start and end date. ");
fprintf(cgiOut, "By default, the search is pre-set to show certificates created in the past 3 months.");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
/* Search for Revocation Date */
fprintf(cgiOut, "<tr><th colspan=\"5\">Search by Revocation Date</th></tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"cnt\" rowspan=\"2\">\n");
fprintf(cgiOut, "<input type=\"radio\" value=\"rev\" name=\"search\" />");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "Revocation Date is<br />between Start Date:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
/* set second time 3 months (90 days) into the past: 86400s/d*90d=7776000s */
expiration = now - 7776000;
expiration_tm = *gmtime(&expiration);
strftime(membio_buf, sizeof(membio_buf), "%d.%m.%Y", &expiration_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"9\" name=\"rev_startdate\" value=\"%s\" /> ", membio_buf);
strftime(membio_buf, sizeof(membio_buf), "%H:%M", &expiration_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"3\" name=\"rev_starttime\" value=\"%s\"/>", membio_buf);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "and End Date<br />[now]:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
strftime(membio_buf, sizeof(membio_buf), "%d.%m.%Y", &start_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"9\" name=\"rev_enddate\" value=\"%s\" /> ", membio_buf);
strftime(membio_buf, sizeof(membio_buf), "%H:%M", &start_tm);
fprintf(cgiOut, "<input type=\"text\" size=\"3\" name=\"rev_endtime\" value=\"%s\" />", membio_buf);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"desc\" colspan=\"4\">\n");
fprintf(cgiOut, "Search for certificates that have been revoked between the selected start and end date. ");
fprintf(cgiOut, " By default, the search is pre-set to show certificates revoked in the past 3 months.");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
/* Search for Serial Number */
fprintf(cgiOut, "<tr><th colspan=\"5\">Search by Serial Number</th></tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"cnt\" rowspan=\"2\">\n");
fprintf(cgiOut, "<input type=\"radio\" value=\"ser\" name=\"search\" />");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "Serial Number is<br />between Start Serial:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
fprintf(cgiOut, "<input type=\"text\" size=\"14\" name=\"startserial\" ");
fprintf(cgiOut, "value=\"%s\" style=\"text-align:right;\" />", startserstr);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "<td class=\"type\">\n");
fprintf(cgiOut, "and End Serial<br />[max 10e11]:");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "<td class=\"center\">\n");
fprintf(cgiOut, "<input type=\"text\" size=\"14\" name=\"endserial\" ");
fprintf(cgiOut, "value=\"%s\" style=\"text-align:right;\" />", endserstr);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"desc\" colspan=\"4\">\n");
fprintf(cgiOut, "Search for certificates whose serial number is between the given ");
fprintf(cgiOut, "start and end serial number in decimal format. To find a particular certificate, set start and end serial to be equal.");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th colspan=\"5\">");
fprintf(cgiOut, "<input type=\"submit\" value=\"Search Certificates\" />");
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "</form>\n");
pagefoot();
}
else {
/* ------------------------------------------------------------------- *
* check if we got the CGI form data *
* --------------------------------------------------------------------*/
if ( cgiFormString("search", search, sizeof(search))
!= cgiFormSuccess )
int_error("Error retrieving CGI form search type.");
else {
if (strcmp(search, "dn") == 0) {
if ( cgiFormString("field", field, sizeof(field))
!= cgiFormSuccess )
int_error("Error retrieving CGI form DN search field information.");
if ( cgiFormString("dnvalue", dnvalue, sizeof(dnvalue))
!= cgiFormSuccess )
int_error("Error retrieving CGI form DN search dnvalue information.");
snprintf(title, sizeof(title), "Search Certs by Subject");
snprintf(subtitle, sizeof(subtitle), "Certificates with DN %s=%s", field, dnvalue);
}
else if (strcmp(search, "exp") == 0) {
if ( cgiFormString("exp_startdate", exp_startdate, sizeof(exp_startdate))
!= cgiFormSuccess )
int_error("Error retrieving CGI form expiration start date.");
if ( cgiFormString("exp_starttime", exp_starttime, sizeof(exp_starttime))
!= cgiFormSuccess )
int_error("Error retrieving CGI form expiration start time.");
if ( cgiFormString("exp_enddate", exp_enddate, sizeof(exp_enddate))
!= cgiFormSuccess )
int_error("Error retrieving CGI form expiration end date.");
if ( cgiFormString("exp_endtime", exp_endtime, sizeof(exp_endtime))
!= cgiFormSuccess )
int_error("Error retrieving CGI form expiration end time.");
strncat(exp_startstr, exp_startdate, sizeof(exp_startstr)-1);
strncat(exp_startstr, " ", 1); /* add a space between date and time */
strncat(exp_startstr, exp_starttime, sizeof(exp_startstr)-strlen(exp_startstr)-1);
strncat(exp_endstr, exp_enddate, sizeof(exp_endstr)-1);
strncat(exp_endstr, " ", 1); /* add a space between date and time */
strncat(exp_endstr, exp_endtime, sizeof(exp_endstr)-strlen(exp_endstr)-1);
snprintf(title, sizeof(title), "Search Certs by Expiration");
snprintf(subtitle, sizeof(subtitle), "Certificates with expiration between %s and %s", exp_startstr, exp_endstr);
}
else if (strcmp(search, "ena") == 0) {
if ( cgiFormString("ena_startdate", ena_startdate, sizeof(ena_startdate))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable start date.");
if ( cgiFormString("ena_starttime", ena_starttime, sizeof(ena_starttime))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable start time.");
if ( cgiFormString("ena_enddate", ena_enddate, sizeof(ena_enddate))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable end date.");
if ( cgiFormString("ena_endtime", ena_endtime, sizeof(ena_endtime))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable end time.");
strncat(ena_startstr, ena_startdate, sizeof(ena_startstr)-1);
strncat(ena_startstr, " ", 1); /* add a space between date and time */
strncat(ena_startstr, ena_starttime, sizeof(ena_startstr)-strlen(ena_startstr)-1);
strncat(ena_endstr, ena_enddate, sizeof(ena_endstr)-1);
strncat(ena_endstr, " ", 1); /* add a space between date and time */
strncat(ena_endstr, ena_endtime, sizeof(ena_endstr)-strlen(ena_endstr)-1);
snprintf(title, sizeof(title), "Search Certs by Start Date");
snprintf(subtitle, sizeof(subtitle), "Certificates with start date between %s and %s", ena_startstr, ena_endstr);
}
else if (strcmp(search, "rev") == 0) {
if ( cgiFormString("rev_startdate", rev_startdate, sizeof(rev_startdate))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable start date.");
if ( cgiFormString("rev_starttime", rev_starttime, sizeof(rev_starttime))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable start time.");
if ( cgiFormString("rev_enddate", rev_enddate, sizeof(rev_enddate))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable end date.");
if ( cgiFormString("rev_endtime", rev_endtime, sizeof(rev_endtime))
!= cgiFormSuccess )
int_error("Error retrieving CGI form enable end time.");
strncat(rev_startstr, rev_startdate, sizeof(rev_startstr)-1);
strncat(rev_startstr, " ", 1); /* add a space between date and time */
strncat(rev_startstr, rev_starttime, sizeof(rev_startstr)-strlen(rev_startstr)-1);
strncat(rev_endstr, rev_enddate, sizeof(rev_endstr)-1);
strncat(rev_endstr, " ", 1); /* add a space between date and time */
strncat(rev_endstr, rev_endtime, sizeof(rev_endstr)-strlen(rev_endstr)-1);
snprintf(title, sizeof(title), "Search Revoked Certificates");
snprintf(subtitle, sizeof(subtitle), "Certificates revoked between %s and %s", rev_startstr, rev_endstr);
}
else if (strcmp(search, "ser") == 0) {
if ( cgiFormString("startserial", startserstr, sizeof(startserstr))
!= cgiFormSuccess )
int_error("Error retrieving CGI form start serial value.");
if ( cgiFormString("endserial", endserstr, sizeof(endserstr))
!= cgiFormSuccess )
int_error("Error retrieving CGI form end serial value.");
snprintf(title, sizeof(title), "Search Certs by Serial Number");
snprintf(subtitle, sizeof(subtitle), "Certificates with serial number between %s and %s", startserstr, endserstr);
}
else int_error("Error CGI form retrieving a valid search type.");
}
/* -------------------------------------------------------------------------- *
* We got CGI arguments, first we get a list of .pem files from the cert dir *
* ---------------------------------------------------------------------------*/
certcounter = scandir(CACERTSTORE, &certstore_files, file_select, hexsort);
// It can happen that our search does not return any certs. This is not an error.
//if(certcounter<=0) int_error("Error: No certificate files found.");
/* -------------------------------------------------------------------------- *
* calculate how many pages we get with MAXCERTDISPLAY *
* ---------------------------------------------------------------------------*/
if(certcounter<=MAXCERTDISPLAY) pagecounter = 1;
else {
disp_calc = div(certcounter, MAXCERTDISPLAY);
/* if the count of certs divided by MAXCERTDISPLAY has no remainder */
if(disp_calc.rem == 0) pagecounter = disp_calc.quot;
/* with a remainder, we must prepare an extra page for the rest */
else pagecounter = disp_calc.quot +1;
}
/* -------------------------------------------------------------------------- *
* Check if we have been subsequently called with a pagenumber & sort request *
* ---------------------------------------------------------------------------*/
if(cgiFormInteger("page", &pagenumber, 1) == cgiFormSuccess)
if(pagenumber > pagecounter || pagenumber <=0)
int_error("Error: Page does not exist.");
if(cgiFormString("sort", sorting, sizeof(sorting)) != cgiFormSuccess)
strncpy(sorting, "desc", sizeof(sorting));
/* -------------------------------------------------------------------------- *
* now we know how many certs we have in total and we can build the page(s). *
* For every MAXCERTDISPLAY certs we start a new page and cycle through by *
* calling ourself with the requested certs in range. *
* ---------------------------------------------------------------------------*/
if(strcmp(sorting, "asc") == 0) {
if(certcounter <= MAXCERTDISPLAY) {
dispmaxlines = certcounter;
tempcounter = 0;
}
else
if(pagenumber == pagecounter &&
( pagecounter * MAXCERTDISPLAY) - certcounter != 0) {
tempcounter = (pagecounter * MAXCERTDISPLAY) - MAXCERTDISPLAY;
dispmaxlines = certcounter - ((pagecounter-1) * MAXCERTDISPLAY);
}
else {
tempcounter = (pagenumber * MAXCERTDISPLAY) - MAXCERTDISPLAY;
dispmaxlines = MAXCERTDISPLAY;
}
}
if(strcmp(sorting, "desc") == 0) {
if(certcounter <= MAXCERTDISPLAY) {
dispmaxlines = certcounter;
tempcounter = certcounter;
}
else
if(pagenumber == pagecounter &&
( pagecounter * MAXCERTDISPLAY) - certcounter != 0) {
tempcounter = certcounter - ((pagecounter-1) * MAXCERTDISPLAY);
dispmaxlines = certcounter - ((pagecounter-1) * MAXCERTDISPLAY);
}
else {
tempcounter = certcounter - (pagenumber*MAXCERTDISPLAY) + MAXCERTDISPLAY;
dispmaxlines = MAXCERTDISPLAY;
}
}
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title);
//debugging only:
//printf("Number of certs: %d\n", certcounter);
//printf("Num tempcounter: %d\n", tempcounter);
//printf("Number of pages: %d\n", pagecounter);
//printf("Div Quotient: %d\n", disp_calc.quot);
//printf("Div Remainder: %d\n", disp_calc.rem);
//fprintf(cgiOut, "</BODY></HTML>\n");
//exit(0);
/* -------------------------------------------------------------------------- *
* start the form output *
* ---------------------------------------------------------------------------*/
fprintf(cgiOut, "<h3>%s</h3>\n", subtitle);
fprintf(cgiOut, "<p></p>\n");
fprintf(cgiOut, "<table>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th width=\"20\">");
fprintf(cgiOut, "#");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th width=\"495\">");
fprintf(cgiOut, "Certificate Subject Information");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th width=\"60\" colspan=\"2\">");
fprintf(cgiOut, "Expires");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th width=\"65\">");
fprintf(cgiOut, "Action");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
/* if our search did not return any certs, we display a note instead */
if(certcounter<=0) {
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"even\" colspan=\"5\">");
fprintf(cgiOut, "Could not find any certificates for the given search criteria.");
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
}
for(dispcounter=0; dispcounter < dispmaxlines; dispcounter++) {
/* zero certificate values and flags */
certvalidity = 0;
percent = 0;
available_secs = 0;
remaining_secs = 0;
cert = X509_new();
certsubject = X509_NAME_new();
if(strcmp(sorting, "desc") == 0) tempcounter--;
snprintf(certfilestr, sizeof(certfilestr), "%s/%s",
CACERTSTORE, certstore_files[tempcounter]->d_name);
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th rowspan=\"2\">");
fprintf(cgiOut, "%d", tempcounter+1);
fprintf(cgiOut, "</th>\n");
oddline_calc = div(tempcounter+1, 2);
if(oddline_calc.rem)
fprintf(cgiOut, "<td rowspan=\"2\" class=\"odd\">");
else
fprintf(cgiOut, "<td rowspan=\"2\" class=\"even\">");
if ( (certfile = fopen(certfilestr, "r")) != NULL) {
PEM_read_X509(certfile, &cert, NULL, NULL);
/* ---------------------------------------------------------- *
* Display the subject data. Use the UTF-8 flag to show *
* Japanese Kanji. This also needs the separator flag to work *
* ---------------------------------------------------------- */
certsubject = X509_get_subject_name(cert);
X509_NAME_print_ex_fp(cgiOut, certsubject, 0,
ASN1_STRFLGS_UTF8_CONVERT|XN_FLAG_SEP_CPLUS_SPC);
/* store certificate start date for later eval */
start_date = X509_get_notBefore(cert);
/* store certificate expiration date for later eval */
expiration_date = X509_get_notAfter(cert);
/* check the start and end dates in the cert */
if (X509_cmp_current_time (X509_get_notBefore (cert)) >= 0)
/* flag the certificate as not valid yet */
certvalidity = 0;
else
if (X509_cmp_current_time (X509_get_notAfter (cert)) <= 0)
/* flag the certificate as expired */
certvalidity = 0;
else
/* flag the certificate is still valid */
certvalidity = 1;
fclose(certfile);
}
else
fprintf(cgiOut, "Error: Can't open certificate file %s for reading.",
certfilestr);
fprintf(cgiOut, "</td>\n");
if(certvalidity == 0) {
/* expiration bar display column */
fprintf(cgiOut, "<th rowspan=\"2\">\n");
fprintf(cgiOut, "<table class=\"led\">\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "</th>\n");
/* remaining days before expiration column */
fprintf(cgiOut, "<th class=\"exnok\" rowspan=\"2\">");
fprintf(cgiOut, "Inval.<br />/Expd");
fprintf(cgiOut, "</th>\n");
}
if(certvalidity == 1) {
/* ------ START get the certificate lifetime in seconds ------ */
/* copy the start date into a string */
membio = BIO_new(BIO_s_mem());
ASN1_TIME_print(membio, start_date);
BIO_gets(membio, membio_buf, sizeof(membio_buf));
BIO_free(membio);
/* parse the start date string into a time struct */
memset (&start_tm, '\0', sizeof(start_tm));
strptime(membio_buf, "%h %d %T %Y %z", &start_tm);
start = mktime(&start_tm);
/* ------ START get the certificate remaining time in seconds ------ */
/* copy the expiration date into a string */
membio = BIO_new(BIO_s_mem());
ASN1_TIME_print(membio, expiration_date);
BIO_gets(membio, membio_buf, sizeof(membio_buf));
BIO_free(membio);
/* parse the expiration date string into a time struct */
memset (&expiration_tm, '\0', sizeof(expiration_tm));
strptime(membio_buf, "%h %d %T %Y %z", &expiration_tm);
/* get the current time */
expiration = mktime(&expiration_tm);
/* get the time difference between expiration time and current time */
remaining_secs = difftime(expiration, now);
/* ------ END get the certificate remaining time in seconds ------ */
/* get the time difference between start and expiration time */
available_secs = difftime(expiration, start);
/* ------ END get the certificate lifetime in seconds ------ */
/* ------ START calculate percentage of lifetime left ------ */
/* remaining_secs *100 */
/* ------------------- = X, rounded down with floor() */
/* available_secs */
percent = floor((remaining_secs*100)/available_secs);
/* ------ END calculate percentage of lifetime left ------ */
/* expiration bar display column */
fprintf(cgiOut, "<th rowspan=\"2\">");
fprintf(cgiOut, "<table class=\"led\">\n");
if (percent >= 90) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#00FF00></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 80) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#00FF33></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 70) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#99FF33></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 60) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#FFFF00></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 50) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#FFCC00></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 40) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#FF9900></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 30) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#FF6600></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 20) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#FF3300></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 10) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=#FF0000></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "</th>");
/* remaining days before expiration column */
//fprintf(cgiOut, membio_buf);
if (percent < 10) fprintf(cgiOut, "<th class=\"exnok\" rowspan=\"2\">\n");
else fprintf(cgiOut, "<th class=\"exok\" rowspan=\"2\">\n");
if(floor(remaining_secs/63072000) > 0) fprintf(cgiOut, "%.f<br />years", remaining_secs/31536000);
else if(floor(remaining_secs/86400) > 0 ) fprintf(cgiOut, "%.f<br />days", remaining_secs/86400);
else if(floor(remaining_secs/3600) > 0 ) fprintf(cgiOut, "%.f<br />hours", remaining_secs/3600);
else if(floor(remaining_secs/60) > 0 ) fprintf(cgiOut, "%.f<br />mins", remaining_secs/60);
else fprintf(cgiOut, "%.f<br />secs", remaining_secs);
fprintf(cgiOut, "</th>\n");
}
/* action column */
fprintf(cgiOut, "<th>");
fprintf(cgiOut, "<form action=\"getcert.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certstore_files[tempcounter]->d_name);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"pem\" />\n");
fprintf(cgiOut, "<input class=\"getcert\" type=\"submit\" value=\"Detail\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th>");
fprintf(cgiOut, "<form action=\"getcert.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certstore_files[tempcounter]->d_name);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"text\" />\n");
fprintf(cgiOut, "<input class=\"getcert\" type=\"submit\" value=\"Renew\" />\n");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
if(strcmp(sorting, "asc") == 0) tempcounter++;
}
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th colspan=\"5\">");
fprintf(cgiOut, "Total # of certs: %d | ", certcounter);
fprintf(cgiOut, "Page %d of %d", pagenumber, pagecounter);
fprintf(cgiOut, "</th>");
fprintf(cgiOut, "</tr>");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "<p></p>\n");
fprintf(cgiOut, "<table>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th>");
fprintf(cgiOut, "<form action=\"certsearch.cgi\" method=\"post\">");
fprintf(cgiOut, "<input type=\"hidden\" name=\"sort\" ");
fprintf(cgiOut, "value=\"desc\" />\n");
resubmit();
fprintf(cgiOut, "<input type=\"submit\" name=\"sort\"");
fprintf(cgiOut, " value=\"Latest Certs first\" />");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th>");
fprintf(cgiOut, "<form action=\"certsearch.cgi\" method=\"post\">");
fprintf(cgiOut, "<input type=\"hidden\" name=\"sort\" ");
fprintf(cgiOut, "value=\"asc\">\n");
resubmit();
fprintf(cgiOut, "<input type=\"submit\" name=\"sort\"");
fprintf(cgiOut, " value=\"Oldest Certs first\">");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "</th>\n");
// filler 1
fprintf(cgiOut, "<th width=\"15\">");
fprintf(cgiOut, " ");
fprintf(cgiOut, "</th>\n");
// goto page 1
fprintf(cgiOut, "<th width=\"5\">");
fprintf(cgiOut, "<form action=\"certsearch.cgi\" method=\"post\">");
resubmit();
fprintf(cgiOut, "<input type=\"submit\" value=\"<<\" />");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "</th>\n");
// goto page before
fprintf(cgiOut, "<th width=\"5\">");
fprintf(cgiOut, "<form action=\"certsearch.cgi\" method=\"post\">");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", certcounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", pagecounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"page\" ");
fprintf(cgiOut, "value=\"");
tempcounter = 0;
if(pagenumber > 1) tempcounter = pagenumber - 1;
else tempcounter = 1;
fprintf(cgiOut, "%d", tempcounter);
fprintf(cgiOut, "\" />\n");
resubmit();
fprintf(cgiOut, "<input type=\"submit\" value=\"< 1\">");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "</th>\n");
// goto page after
fprintf(cgiOut, "<th width=\"5\">");
fprintf(cgiOut, "<form action=\"certsearch.cgi\" method=\"post\">");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", certcounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", pagecounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"page\" ");
fprintf(cgiOut, "value=\"");
tempcounter = 0;
if(pagecounter > pagenumber) tempcounter = pagenumber + 1;
else tempcounter = pagecounter;
fprintf(cgiOut, "%d", tempcounter);
fprintf(cgiOut, "\" />\n");
resubmit();
fprintf(cgiOut, "<input type=\"submit\" value=\"1 >\" />");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "</th>\n");
// goto last page
fprintf(cgiOut, "<th width=\"5\">");
fprintf(cgiOut, "<form action=\"certsearch.cgi\" method=\"post\">");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", certcounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", pagecounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"page\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", pagecounter);
fprintf(cgiOut, "\" />\n");
resubmit();
fprintf(cgiOut, "<input type=\"submit\" value=\">>\" />");
fprintf(cgiOut, "</form>");
fprintf(cgiOut, "</th>\n");
// goto page number
fprintf(cgiOut, "<th width=\"120\">\n");
fprintf(cgiOut, "<form class=\"setpage\" action=\"certsearch.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", certcounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", pagecounter);
fprintf(cgiOut, "\" />\n");
resubmit();
fprintf(cgiOut, "<input class=\"goto\" type=\"submit\" value=\"Goto\" />\n");
fprintf(cgiOut, " ");
fprintf(cgiOut, "<input class=\"page\" type=\"text\" name=\"page\" ");
fprintf(cgiOut, "value=\"%d\" />\n", pagecounter);
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
/* ---------------------------------------------------------------------------*
* end the html output *
* ---------------------------------------------------------------------------*/
pagefoot();
}
return(0);
}
int cgiMain() {
X509 *cert;
BIO *outbio;
char format[5] = "";
char certfilepath[255] = "";
char expfilepath[255] = "";
char pemfileurl[255] = "";
char derfileurl[255] = "";
char p12fileurl[255] = "";
char certnamestr[81] = "";
char certfilestr[81] = "[n/a]";
FILE *certfile = NULL;
/* the title can't be static because we possibly change it for the CA cert */
char title[41] = "Display Certificate";
if (! (cgiFormString("cfilename", certfilestr, sizeof(certfilestr)) == cgiFormSuccess))
int_error("Error getting >cfilename< from calling form");
if (cgiFormString("format", format, sizeof(format)) == cgiFormSuccess) {
if (! (strcmp(format, "text") || strcmp(format, "pem")))
int_error("Error getting correct format parameter in URL");
}
else strcpy(format, "pem");
/* -------------------------------------------------------------------------- *
* Since we gonna display the file, we must make sure no "../../.." is passed *
* from the calling URL or else sensitive files could be read and we have a *
* huge security problem. We scan and must reject all occurrences of '..' '/' *
* ---------------------------------------------------------------------------*/
if ( strstr(certfilestr, "..") ||
strchr(certfilestr, '/') ||
(! strstr(certfilestr, ".pem")) )
int_error("Error incorrect data in >cfilename<");
/* -------------------------------------------------------------------------- *
* check if should display the CA cert, or open the requested filename *
* ---------------------------------------------------------------------------*/
if (strcmp(certfilestr, "cacert.pem") == 0) {
if (! (certfile = fopen(CACERT, "r")))
int_error("Error can't open CA certificate file");
strncpy(title, "Display Root CA Certificate", sizeof(title));
} else {
snprintf(certfilepath, sizeof(certfilepath), "%s/%s", CACERTSTORE,
certfilestr);
if (! (certfile = fopen(certfilepath, "r")))
int_error("Error cant open Certificate file");
}
/* -------------------------------------------------------------------------- *
* decode the certificate and define BIO output stream *
* ---------------------------------------------------------------------------*/
outbio = BIO_new(BIO_s_file());
BIO_set_fp(outbio, cgiOut, BIO_NOCLOSE);
if (! (cert = PEM_read_X509(certfile,NULL,NULL,NULL)))
int_error("Error loading cert into memory");
/* -------------------------------------------------------------------------- *
* strip off the file format extension from the file name *
* ---------------------------------------------------------------------------*/
strncpy(certnamestr, certfilestr, sizeof(certnamestr));
strtok(certnamestr, ".");
/* -------------------------------------------------------------------------- *
* check if there are exported pem|der|p12 versions of this certificate *
* ---------------------------------------------------------------------------*/
snprintf(expfilepath, sizeof(expfilepath), "%s/%s.pem",
CERTEXPORTDIR, certnamestr);
if (fopen(expfilepath, "r"))
snprintf(pemfileurl, sizeof(pemfileurl), "%s/%s.pem",
CERTEXPORTURL, certnamestr);
snprintf(expfilepath, sizeof(expfilepath), "%s/%s.der",
CERTEXPORTDIR, certnamestr);
if (fopen(expfilepath, "r"))
snprintf(derfileurl, sizeof(derfileurl), "%s/%s.der",
CERTEXPORTURL, certnamestr);
snprintf(expfilepath, sizeof(expfilepath), "%s/%s.p12",
CERTEXPORTDIR, certnamestr);
if (fopen(expfilepath, "r"))
snprintf(p12fileurl, sizeof(p12fileurl), "%s/%s.p12",
CERTEXPORTURL, certnamestr);
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title);
if (strcmp(certfilestr, "cacert.pem") == 0)
display_cert(cert, "WebCert Root CA", "wct_chain", -1);
else
display_cert(cert, "Server/System/Application", "wct_chain", -1);
fprintf(cgiOut, "<p></p>\n");
fprintf(cgiOut, "<table>\n");
fprintf(cgiOut, "<tr>\n");
// Print View
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Print Page\" ");
fprintf(cgiOut, "onclick=\"print(); return false;\" />");
fprintf(cgiOut, "</th>\n");
if (strlen(p12fileurl) == 0) {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certexport.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"Export P12\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certfilestr);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"p12\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
}
else {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Get P12\" ");
fprintf(cgiOut, "onclick=\"self.location.href='%s'\" />\n", p12fileurl);
fprintf(cgiOut, "</th>\n");
}
if (strlen(pemfileurl) == 0) {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certexport.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"Export PEM\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certfilestr);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"pem\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
}
else {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Get PEM\" ");
fprintf(cgiOut, "onclick=\"self.location.href='%s'\" />", pemfileurl);
fprintf(cgiOut, "</th>\n");
}
if (strlen(derfileurl) == 0) {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certexport.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"Export DER\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certfilestr);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"der\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
}
else {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Get DER\" ");
fprintf(cgiOut, "onclick=\"self.location.href='%s'\" />\n", derfileurl);
fprintf(cgiOut, "</th>\n");
}
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
// If we show the Root CA cert, we also provide the retired Root CA certs (hardcoded)
if (strcmp(certfilestr, "cacert.pem") == 0) {
fprintf(cgiOut, "<p></p>\n");
fprintf(cgiOut, "<h3>Retired WebCert Root CA certificates:</h3>\n");
fprintf(cgiOut, "<hr />\n");
fprintf(cgiOut, "<p><strong>2007-12-07</strong> 1024 bit RSA WebCert Root CA certificate with SHA-1 signature: ");
fprintf(cgiOut, "<a href=\"../export/webcert-20071207_1021.pem\">webcert-20071207_1021.pem</a></p>\n");
fprintf(cgiOut, "<p><strong>2004-12-18</strong> 1024 bit RSA WebCert Root CA certificate with MD5 signature: ");
fprintf(cgiOut, "<a href=\"../export/webcert-20041218_0138.pem\">webcert-20041218_0138.pem</a></p>\n");
}
pagefoot();
BIO_free(outbio);
return(0);
}
int cgiMain() {
#ifdef MYSQL_DB
static MYSQL *dbh; /* database connect handle */
static MYSQL_RES *result; /* database query results */
static MYSQL_ROW values; /* query data returned */
unsigned int colcount =0; /* number of returned columns */
int server_version; /* returned server version */
#endif
#ifdef ORACLE_DB
sqlo_db_handle_t dbh; /* database handle */
sqlo_stmt_handle_t sth1; /* statement handle 1 */
char server_version[1024]=""; /* string for returned server version */
int stat =0; /* status of sqlo calls */
int handle =0; /* handle of the interrupt handler */
//const char ** colnames; /* column names */
const char ** values; /* values */
#endif
char sqlquery_str[1024] =""; /* SQL query string */
char **form_data; /* string array for query data */
char username[49] =""; /* selected username */
char first_start_date[11]=""; /* first connect start date */
char first_start_time[6] =""; /* first connect start time */
char first_end_date[11] =""; /* first connect end date */
char first_end_time[6] =""; /* first connect end time */
char last_start_date[11] =""; /* last connect start date */
char last_start_time[6] =""; /* last connect start time */
char last_end_date[11] =""; /* last connect end date */
char last_end_time[6] =""; /* last connect end time */
char title[256] = ""; /* cgi title string */
int allrows =0; /* number of returned rows */
int rowcount =0; /* row iteration counter */
div_t oddline_calc; /* calculates even/odd row color */
char err_str[2048] =""; /* use for combined error string */
_abort_flag = 0;
/* we load the cgi form values into form_data */
if (cgiFormEntries(&form_data) != cgiFormSuccess)
/* ------------------------------------------------------------------- *
* If we are not called with arguments, we display a error message. *
* ------------------------------------------------------------------- */
cgi_error("Error: Could not retrieve form data.");
/* ------------------------------------------------------------------- *
* check if we got all information to make the SQL query *
* --------------------------------------------------------------------*/
if ( cgiFormString("username", username, sizeof(username))
!= cgiFormSuccess )
cgi_error("Error retrieving the username.");
#ifdef ORACLE_DB
/* ------------------------------------------------------------------- *
* ORACLE_HOME is needed for OCI8 to find tnsnames.ora *
* ------------------------------------------------------------------- */
putenv(WEB_ORACLE_ENV);
/* initialize the connection */
if (SQLO_SUCCESS != sqlo_init(SQLO_OFF, 1, 100))
cgi_error("Error: Failed to init libsqlora8.");
/* register the interrupt handler */
sqlo_register_int_handler(&handle, sigint_handler);
/* login to the database */
if (SQLO_SUCCESS != sqlo_connect(&dbh, WEB_TNS_STRING))
cgi_error("Error: Cannot connect to database.");
RETURN_ON_ABORT; /* finish if SIGINT was catched */
if (SQLO_SUCCESS != sqlo_server_version(dbh, server_version,
sizeof(server_version)))
cgi_error(sqlo_geterror(dbh));
RETURN_ON_ABORT; /* finish if SIGINT was catched */
/* enable autocommit, each statement is commited as a single transaction */
stat = sqlo_set_autocommit(dbh, 1);
/* define the SQL query */
snprintf(sqlquery_str, sizeof(sqlquery_str), "SELECT %s, %s, %s, %s, %s, %s, %s, %s, %s FROM %s.EDACS_REMOTE WHERE USERNAME='******' ORDER BY IP_OR_PHONE",
"IP_OR_PHONE", /* 00 */
"TO_CHAR(FIRST_CONNECT, 'dd-mm-yyyy')", /* 01 */
"TO_CHAR(FIRST_CONNECT, 'hh24:mi:ss')", /* 02 */
"TO_CHAR(FIRST_CONNECT+INTERVAL '1' MINUTE, 'dd-mm-yyyy')", /* 03 */
"TO_CHAR(FIRST_CONNECT+INTERVAL '1' MINUTE, 'hh24:mi')", /* 04 */
"TO_CHAR(LAST_CONNECT, 'dd-mm-yyyy')", /* 05 */
"TO_CHAR(LAST_CONNECT, 'hh24:mi:ss')", /* 06 */
"TO_CHAR(LAST_CONNECT+INTERVAL '1' MINUTE, 'dd-mm-yyyy')", /* 07 */
"TO_CHAR(LAST_CONNECT+INTERVAL '1' MINUTE, 'hh24:mi')", /* 08 */
EDACSADMIN, username);
// cgi_error(sqlquery_str); /* DEBUG output of the SQL string */
/* initialize the statement handle */
sth1 = SQLO_STH_INIT;
/* opens a cursor for the query statement */
if ( 0 > (sqlo_open2(&sth1, dbh, sqlquery_str, 0, NULL)))
cgi_error(sqlo_geterror(dbh));
RETURN_ON_ABORT; /* finish if SIGINT was catched */
/* get the output column names */
//if (SQLO_SUCCESS != sqlo_ocol_names2(sth1, &colcount, &colnames))
// cgi_error("Error getting the DB columns with sqlo_ocol_names2()");
//RETURN_ON_ABORT; /* finish if SIGINT was catched */
#endif
#ifdef MYSQL_DB
/* initialize the connection */
dbh = mysql_init(NULL);
if(dbh == NULL) cgi_error("Error: Failed to init MySQL DB.");
/* login to the database */
if (mysql_real_connect(dbh, MYSQLIP, EDACSADMIN, ADMIN_PASS, DB_NAME, DB_PORT, NULL, 0) == 0)
cgi_error("Error: Cannot connect to database.");
/* Get the database version */
server_version = mysql_get_server_version(dbh);
/* create the SQL query string */
snprintf(sqlquery_str, sizeof(sqlquery_str), "SELECT %s, %s, %s, %s, %s, %s, %s, %s, %s FROM edacs_remote WHERE username='******' ORDER BY ip_or_phone",
"ip_or_phone", /* 00 */
"DATE_FORMAT(first_connect, '%d-%m-%Y')", /* 01 */
"DATE_FORMAT(first_connect, '%H:%i:%s')", /* 02 */
"DATE_FORMAT(first_connect+INTERVAL '1' MINUTE, '%d-%m-%Y')", /* 03 */
"DATE_FORMAT(first_connect+INTERVAL '1' MINUTE, '%H:%i')", /* 04 */
"DATE_FORMAT(last_connect, '%d-%m-%Y')", /* 05 */
"DATE_FORMAT(last_connect, '%H:%i:%s')", /* 06 */
"DATE_FORMAT(last_connect+INTERVAL '1' MINUTE, '%d-%m-%Y')", /* 07 */
"DATE_FORMAT(last_connect+INTERVAL '1' MINUTE, '%H:%i')", /* 08 */
username);
// cgi_error(sqlquery_str); /* DEBUG output of the SQL string */
/* Prepare and execute the SQL statement */
if(mysql_query(dbh, sqlquery_str) != 0) {
if(DEBUG == 0) cgi_error(mysql_error(dbh));
else snprintf(err_str, sizeof(err_str), "DB error %s\n\nQuery string %s",
mysql_error(dbh), sqlquery_str);
cgi_error(err_str);
}
/* get query results set */
result = mysql_store_result(dbh);
if (result == NULL) {
snprintf(err_str, sizeof(err_str), "No results for query: %s\n", sqlquery_str);
cgi_error( err_str);
}
allrows = mysql_num_rows(result);
colcount = mysql_num_fields(result);
#endif
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
/* define the CGI title */
snprintf(title, sizeof(title), "User Information for '%s'", username);
pagehead(title);
fprintf(cgiOut, "<div id=\"content\">\n");
fprintf(cgiOut, "<table class=\"inner\" width=100%%>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\">#</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Remote IP / Phone</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Active Since</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Last Update</th>\n");
fprintf(cgiOut, "</tr>\n");
/* fetch the data */
#ifdef ORACLE_DB
while ( SQLO_SUCCESS == (stat = (sqlo_fetch(sth1, 1)))) {
/* get one record */
values = sqlo_values(sth1, NULL, 1);
#endif
#ifdef MYSQL_DB
while((values = mysql_fetch_row(result)) != NULL) {
#endif
rowcount++;
/* check for even/odd rows */
oddline_calc = div(rowcount, 2);
if(oddline_calc.rem) fprintf(cgiOut, "<tr class=\"odd\">\n");
else fprintf(cgiOut, "<tr class=\"even\">\n");
/* calculate start and end times for link to session query */
strncpy(first_start_date, values[1], sizeof(first_start_date)-1);
first_start_date[2] = '.';
first_start_date[5] = '.';
first_start_date[10] = '\0'; /* strncpy does not terminate the string, therefore we have to */
strncpy(first_start_time, values[2], sizeof(first_start_time)-1);
first_start_time[5] = '\0'; /* strncpy does not terminate the string, therefore we have to */
strncpy(first_end_date, values[3], sizeof(first_end_date)-1);
first_end_date[2] = '.';
first_end_date[5] = '.';
first_end_date[10] = '\0'; /* strncpy does not terminate the string, therefore we have to */
strncpy(first_end_time, values[4], sizeof(first_end_time)-1);
first_end_time[5] = '\0'; /* strncpy does not terminate the string, therefore we have to */
strncpy(last_start_date, values[5], sizeof(last_start_date)-1);
last_start_date[2] = '.';
last_start_date[5] = '.';
last_start_date[10] = '\0'; /* strncpy does not terminate the string, therefore we have to */
strncpy(last_start_time, values[6], sizeof(last_start_time)-1);
last_start_time[5] = '\0'; /* strncpy does not terminate the string, therefore we have to */
strncpy(last_end_date, values[7], sizeof(last_end_date)-1);
last_end_date[2] = '.';
last_end_date[5] = '.';
last_end_date[10] = '\0'; /* strncpy does not terminate the string, therefore we have to */
strncpy(last_end_time, values[8], sizeof(last_end_time)-1);
last_end_time[5] = '\0'; /* strncpy does not terminate the string, therefore we have to */
fprintf(cgiOut, "<td>%d</td>\n", rowcount);
fprintf(cgiOut, "<td>%s</td>", values[0]);
fprintf(cgiOut, "<td>");
fprintf(cgiOut, "<a href=user-acttime.cgi?start_date=%s&start_time=%s&end_date=%s&end_time=%s&sort_order=asc&username=%s&order_by=start_date>", first_start_date, first_start_time, first_end_date, first_end_time, username);
fprintf(cgiOut, "%s %s</a></td>", values[1], values[2]);
fprintf(cgiOut, "<td>");
fprintf(cgiOut, "<a href=user-acttime.cgi?start_date=%s&start_time=%s&end_date=%s&end_time=%s&sort_order=asc&username=%s&order_by=start_date&select_by=stop_date>", last_start_date, last_start_time, last_end_date, last_end_time, username);
fprintf(cgiOut, "%s %s</a></td>", values[5], values[6]);
fprintf(cgiOut, "</tr>\n");
}
#ifdef ORACLE_DB
if (SQLO_SUCCESS != sqlo_close(sth1))
cgi_error("Error Closing the SQL statment handle.");
RETURN_ON_ABORT; /* finish if SIGINT was catched */
#endif
#ifdef MYSQL_DB
mysql_close(dbh);
#endif
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" colspan=4>");
fprintf(cgiOut, " ");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "<h3>Additional Information</h3>\n");
fprintf(cgiOut, "<hr>\n");
fprintf(cgiOut, "<p>");
fprintf(cgiOut, "This list represents all remote IP addresses or telephone numbers this user connected from.");
fprintf(cgiOut, "<ul>");
fprintf(cgiOut, "<li>The \"Remote IP / Phone\" is the remote ISP IP address of a user in case of a VPN connection, or his telephone number reported when connecting via dial-up. If the value is unknown, the connection came from a line that has caller-ID supression or is a plain old analog modem line.");
fprintf(cgiOut, "<li>The \"Active Since\" is the first time session information was received. The time links to the first recorded session for this user, coming from this particular remote IP or phone.");
fprintf(cgiOut, "<li>The \"Last Update\" time shows when the latest session record was received. The link tries to find the latest session. Sometimes the session is still in progress and incomplete or no data is returned.");
fprintf(cgiOut, "</ul>");
fprintf(cgiOut, "</p>\n");
pageside();
pagefoot();
return(0);
}
int cgiMain() {
#ifdef MYSQL_DB
static MYSQL *dbh; /* database connect handle */
static MYSQL_RES *result; /* database query results */
static MYSQL_ROW values; /* query data returned */
unsigned int colcount =0; /* number of returned columns */
int server_version; /* returned server version */
#endif
#ifdef ORACLE_DB
sqlo_db_handle_t dbh; /* database handle */
sqlo_stmt_handle_t sth1; /* statement handle 1 */
char server_version[1024]=""; /* string for returned server version */
int stat =0; /* status of sqlo calls */
int handle =0; /* handle of the interrupt handler */
const char ** values; /* values */
#endif
char sqlquery_str[1024] =""; /* SQL query string */
int allrows =0; /* number of returned rows */
int rowcount =0; /* row iteration counter */
div_t oddline_calc; /* calculates even/odd row color */
char ipaddr[16] =""; /* selected IP address */
char start_date[11] =""; /* selected start date */
char start_time[6] =""; /* selected start time */
char end_date[11] =""; /* selected end date */
char end_time[6] =""; /* selected end time */
char order_by[13] =""; /* sort list by column */
char sort_order[5] =""; /* ascending or descending */
char **form_data; /* string array for query data */
char title[256] =""; /* cgi title string */
struct tm *tm_ptr; /* containing time structure */
time_t now, old; /* containing timestamp */
char err_str[2048] =""; /* use for combined error string */
int period = 0; /* the period to display */
char dataunit[255] = "0 Bytes"; /* holds the calculated KB/MB */
unsigned long long sum_bin = 0; /* summary of all bytes in */
unsigned long long sum_bout = 0; /* summary of all bytes out */
unsigned long long sum_ball = 0; /* summary of all bytes total */
char sum_buf[255] = "0"; /* summary string buffer */
_abort_flag = 0;
#ifdef ORACLE_DB
/* ------------------------------------------------------------------- *
* ORACLE_HOME is needed for OCI8 to find tnsnames.ora *
* ------------------------------------------------------------------- */
putenv(WEB_ORACLE_ENV);
/* initialize the connection */
if (SQLO_SUCCESS != sqlo_init(SQLO_OFF, 1, 100))
cgi_error("Error: Failed to init libsqlora8.");
/* register the interrupt handler */
sqlo_register_int_handler(&handle, sigint_handler);
/* login to the database */
if (SQLO_SUCCESS != sqlo_connect(&dbh, WEB_TNS_STRING))
cgi_error("Error: Cannot connect to database.");
RETURN_ON_ABORT; /* finish if SIGINT was catched */
if (SQLO_SUCCESS != sqlo_server_version(dbh, server_version,
sizeof(server_version)))
cgi_error(sqlo_geterror(dbh));
RETURN_ON_ABORT; /* finish if SIGINT was catched */
/* enable autocommit, each statement is commited as a single transaction */
stat = sqlo_set_autocommit(dbh, 1);
#endif
#ifdef MYSQL_DB
/* initialize the connection */
dbh = mysql_init(NULL);
if(dbh == NULL) cgi_error("Error: Failed to init MySQL DB.");
/* login to the database */
if (mysql_real_connect(dbh, MYSQLIP, EDACSADMIN, ADMIN_PASS, DB_NAME, DB_PORT, NULL, 0) == 0)
cgi_error("Error: Cannot connect to database.");
/* Get the database version */
server_version = mysql_get_server_version(dbh);
#endif
/* we load the cgi form values into form_data */
if (cgiFormEntries(&form_data) != cgiFormSuccess)
cgi_error("Error: Could not retrieve form data.");
if(form_data[0] == NULL) {
/* ------------------------------------------------------------------- *
* Start the HTML output to display the query selection *
* ------------------------------------------------------------------- */
/* define the CGI title */
snprintf(title, sizeof(title), "Latest IP Address Session Activity");
pagehead(title);
fprintf(cgiOut, "<div id=\"content\">\n");
fprintf(cgiOut, "<form action=\"ip-actlast.cgi\" method=\"get\">\n");
fprintf(cgiOut, "<table class=\"inner\">\n");
/* 1st row, display headers */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" width=150>");
fprintf(cgiOut, "IP Address</th>");
fprintf(cgiOut, "<th class=\"inner\" width=150>");
fprintf(cgiOut, "Time Frame</th>");
fprintf(cgiOut, "<th class=\"inner\" width=150>");
fprintf(cgiOut, "Order By</th>");
fprintf(cgiOut, "<th class=\"inner\" width=150>");
fprintf(cgiOut, "Sort Order</th>");
fprintf(cgiOut, "</tr>\n");
/* 2nd row */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\">");
fprintf(cgiOut, "<input type=radio value=\"6\" checked name=\"start\"> Last 6 Hours</td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "</tr>\n");
/* 3rd row */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner-ctr\">");
fprintf(cgiOut, "(192.168.111.222)</td>");
fprintf(cgiOut, "<td class=\"inner\">");
fprintf(cgiOut, "<input type=radio value=\"12\" name=\"start\"> Last 12 Hours</td>");
fprintf(cgiOut, "<td class=\"inner-ctr\"> (choose one)</td>");
fprintf(cgiOut, "<td class=\"inner\">");
fprintf(cgiOut, "<input type=radio value=\"asc\" checked name=\"sort_order\">");
fprintf(cgiOut, " Ascending</td>");
fprintf(cgiOut, "</tr>\n");
/* 4th row, request values */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner-ctr\">");
fprintf(cgiOut, "<input type=text name=\"ipaddr\" size=\"15\"></td>");
fprintf(cgiOut, "<td class=\"inner\">");
fprintf(cgiOut, "<input type=radio value=\"24\" name=\"start\"> Last 24 Hours</td>");
fprintf(cgiOut, "<td class=\"inner-ctr\"><select name=\"order_by\" size=\"1\">");
fprintf(cgiOut, "<option value=\"router\">Router</option>");
fprintf(cgiOut, "<option value=\"service\">Service</option>");
fprintf(cgiOut, "<option value=\"ip_or_phone\">IP or Phone</option>");
fprintf(cgiOut, "<option selected value=\"start_date\">Start Date</option>");
fprintf(cgiOut, "<option value=\"stop_date\">Stop Date</option>");
fprintf(cgiOut, "<option value=\"elapsed_mins\">Elapsed Time</option>");
fprintf(cgiOut, "<option value=\"bytes_in\">Bytes In</option>");
fprintf(cgiOut, "<option value=\"bytes_out\">Bytes Out</option>");
fprintf(cgiOut, "<option value=\"throughput\">Throughput</option>");
fprintf(cgiOut, "</select></td>");
fprintf(cgiOut, "<td class=\"inner\">");
fprintf(cgiOut, "<input type=radio name=\"sort_order\" value=\"desc\"> Descending</td>");
fprintf(cgiOut, "</tr>\n");
/* 5th row */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\">");
fprintf(cgiOut, "<input type=radio value=\"168\" name=\"start\"> Last Week</td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "<td class=\"inner\"></td>");
fprintf(cgiOut, "</tr>\n");
/* 6th and last row, close the frame */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" colspan=4>");
fprintf(cgiOut, "<input type=submit value=\"Run Query\"></th>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "<h3>Additional Information</h3>\n");
fprintf(cgiOut, "<hr>\n");
fprintf(cgiOut, "<p>\n");
fprintf(cgiOut, "This query returns the list of user sessions for this IP address during the last time period.");
fprintf(cgiOut, "<ul>");
fprintf(cgiOut, "<li>Type the IP address into the text field. If unsure, query the last sessions to see which IP's are given out.");
fprintf(cgiOut, "<li>The time frame can be selected from the radio menu, time is counting back from now.");
fprintf(cgiOut, "<li>Choosing a large time frame can result in a long query and a very large result set (thousands of rows).");
fprintf(cgiOut, "<li>The results list can be ordered using criteria from the \"Order By\" drop down list.");
fprintf(cgiOut, "</ul></font>");
fprintf(cgiOut, "</p>\n");
pageside();
} /* end if for displaying the query request */
else {
/* ------------------------------------------------------------------- *
* check if we got all information to make the SQL query *
* --------------------------------------------------------------------*/
if ( cgiFormString("ipaddr", ipaddr, sizeof(ipaddr))
!= cgiFormSuccess )
cgi_error("Error retrieving the IP address.");
if ( cgiFormIntegerBounded( "start", &period, 1, 2160, 6)
!= cgiFormSuccess )
cgi_error("Error retrieving start period information.");
if ( cgiFormString("order_by", order_by, sizeof(order_by))
!= cgiFormSuccess )
cgi_error("Error retrieving order_by information.");
if ( cgiFormString("sort_order", sort_order, sizeof(sort_order))
!= cgiFormSuccess )
cgi_error("Error retrieving sort_order information.");
/* ------------------------------------------------------------------- *
* The calculate query start and end time from given period in hours *
* ------------------------------------------------------------------- */
now = time(NULL);
tm_ptr = localtime(&now);
strftime(end_date, sizeof(end_date), "%d.%m.%Y", (tm_ptr));
strftime(end_time, sizeof(end_time), "%H:%M", tm_ptr);
old = time(NULL) - (period * 3600);
tm_ptr = localtime(&old);
strftime(start_date, sizeof(start_date), "%d.%m.%Y", tm_ptr);
strftime(start_time, sizeof(start_time), "%H:%M", tm_ptr);
/* ------------------------------------------------------------------- *
* check we got all parts and can start doing the SQL query below *
* --------------------------------------------------------------------*/
#ifdef ORACLE_DB
snprintf(sqlquery_str, sizeof(sqlquery_str), "SELECT USERNAME, ROUTER, SERVICE, IP_OR_PHONE, IP_ADDR, %s, %s, ELAPSED_MINS_STR, TTY, BYTES_IN_STR, BYTES_OUT_STR, PACKETS_IN_STR, PACKETS_OUT_STR, KBS_STR FROM %s.V_EDACS WHERE IP_ADDR = '%s' AND START_DATE BETWEEN TO_DATE('%s %s', 'dd.mm.yyyy hh24:mi') and TO_DATE ('%s %s', 'dd.mm.yyyy hh24:mi') ORDER BY %s %s",
"TO_CHAR(START_DATE, 'dd-mm-yyyy hh24:mi:ss')",
"TO_CHAR(STOP_DATE, 'dd-mm-yyyy hh24:mi:ss')",
EDACSADMIN, ipaddr, start_date, start_time, end_date,
end_time, order_by, sort_order);
/* initialize the statement handle */
sth1 = SQLO_STH_INIT;
/* opens a cursor for the query statement */
if ( 0 > (sqlo_open2(&sth1, dbh, sqlquery_str, 0, NULL))) {
if(DEBUG == 0) cgi_error(sqlo_geterror(dbh));
else snprintf(err_str, sizeof(err_str), "DB error %s\n\nQuery string %s",
sqlo_geterror(dbh), sqlquery_str);
cgi_error(err_str);
}
RETURN_ON_ABORT; /* finish if SIGINT was catched */
/* get the output column names */
//if (SQLO_SUCCESS != sqlo_ocol_names2(sth1, &colcount, &colnames))
// cgi_error("Error getting the DB columns with sqlo_ocol_names2()");
//RETURN_ON_ABORT; /* finish if SIGINT was catched */
#endif
#ifdef MYSQL_DB
snprintf(sqlquery_str, sizeof(sqlquery_str), "SELECT username, router, service, ip_or_phone, ip_addr, %s, %s, elapsed_mins_str, bytes_in, bytes_out, throughput FROM v_edacs WHERE ip_addr = '%s' AND start_date BETWEEN STR_TO_DATE('%s %s', '%s') and STR_TO_DATE('%s %s', '%s') ORDER BY %s %s",
"DATE_FORMAT(start_date, '%d-%m-%Y %H:%i:%s')",
"DATE_FORMAT(stop_date, '%d-%m-%Y %H:%i:%s')",
ipaddr,
start_date, start_time, "%d.%m.%Y %H:%i",
end_date, end_time, "%d.%m.%Y %H:%i",
order_by, sort_order);
/* Prepare and execute the SQL statement */
if(mysql_query(dbh, sqlquery_str) != 0) {
if(DEBUG == 0) cgi_error(mysql_error(dbh));
else snprintf(err_str, sizeof(err_str), "DB error %s\n\nQuery string %s",
mysql_error(dbh), sqlquery_str);
cgi_error(err_str);
}
/* get query results set */
result = mysql_store_result(dbh);
if (result == NULL) {
snprintf(err_str, sizeof(err_str), "No results for query: %s\n", sqlquery_str);
cgi_error( err_str);
}
allrows = mysql_num_rows(result);
colcount = mysql_num_fields(result);
#endif
/* ------------------------------------------------------------------------ *
* start the html output *
* -------------------------------------------------------------------------*/
snprintf(title, sizeof(title), "Latest Session Activity for IP Address %s", ipaddr);
pagehead(title);
fprintf(cgiOut, "<div id=\"content-wide\">\n");
fprintf(cgiOut, "<p>\n");
fprintf(cgiOut, "<b>IP Address:</b> %s <b>Timeperiod:</b> %s %s - %s %s <b>Data Records:</b> %d",
ipaddr, start_date, start_time, end_date, end_time, allrows);
fprintf(cgiOut, "</p>\n");
fprintf(cgiOut, "<table class=\"inner\" width=100%%>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\">#</th>\n");
fprintf(cgiOut, "<th class=\"inner\">User</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Router</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Service</th>\n");
fprintf(cgiOut, "<th class=\"inner\">IP / Phone</th>\n");
fprintf(cgiOut, "<th class=\"inner\">IP Address</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Session Start</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Session End</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Duration</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Data In</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Data Out</th>\n");
fprintf(cgiOut, "<th class=\"inner\">Throughput</th>\n");
fprintf(cgiOut, "</tr>\n");
/* fetch the data */
#ifdef ORACLE_DB
while ( SQLO_SUCCESS == (stat = (sqlo_fetch(sth1, 1)))) {
/* get one record */
values = sqlo_values(sth1, NULL, 1);
#endif
#ifdef MYSQL_DB
while((values = mysql_fetch_row(result)) != NULL) {
#endif
rowcount++;
/* check for even/odd rows */
oddline_calc = div(rowcount, 2);
if(oddline_calc.rem) fprintf(cgiOut, "<tr class=\"odd\">\n");
else fprintf(cgiOut, "<tr class=\"even\">\n");
/* calculate transer data sums */
if (values[8]) sum_bin = sum_bin + atoll(values[8]);
if (values[9]) sum_bout = sum_bout + atoll(values[9]);
fprintf(cgiOut, "<td>%d</td>\n", rowcount);
fprintf(cgiOut, "<td>");
if (values[0]) fprintf(cgiOut, "%s</td>\n", values[0]); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[1]) fprintf(cgiOut, "%s</td>\n", values[1]); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[2]) fprintf(cgiOut, "%s</td>\n", values[2]); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[3]) fprintf(cgiOut, "%s</td>\n", values[3]); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[4]) fprintf(cgiOut, "%s</td>\n", values[4]); else fprintf(cgiOut, "none</td>");
fprintf(cgiOut, "<td>");
if (values[5]) fprintf(cgiOut, "%s</td>\n", values[5]); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[6]) fprintf(cgiOut, "%s</td>\n", values[6]); else fprintf(cgiOut, "in progress</td>");
fprintf(cgiOut, "<td>");
if (values[7]) fprintf(cgiOut, "%s</td>\n", values[7]); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[8]) fprintf(cgiOut, "%s</td>\n", calc_units(values[8], dataunit)); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[9]) fprintf(cgiOut, "%s</td>\n", calc_units(values[9], dataunit)); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "<td>");
if (values[10]) fprintf(cgiOut, "%s/s</td>\n", calc_units(values[10], dataunit)); else fprintf(cgiOut, " </td>");
fprintf(cgiOut, "</tr>\n");
} /* end while fetch row data */
#ifdef ORACLE_DB
if (SQLO_SUCCESS != sqlo_close(sth1))
cgi_error("Error Closing the SQL statment handle.");
RETURN_ON_ABORT; /* finish if SIGINT was catched */
#endif
#ifdef MYSQL_DB
mysql_close(dbh);
#endif
/* ----------------------------------------------------------------- *
* IF there was no data for the selection, display a notification *
* ----------------------------------------------------------------- */
if(rowcount == 0) {
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<td colspan=12>");
fprintf(cgiOut, "No data found for IP address %s between %s %s and %s %s.",
ipaddr, start_date, start_time, end_date, end_time);
fprintf(cgiOut, "</td>\n");
fprintf(cgiOut, "</tr>\n");
} /* end if rowcount is zero */
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" colspan=12>Inbound Data Total:\n");
sprintf(sum_buf, "%llu", sum_bin);
fprintf(cgiOut, " %s Outbound Data Total:", calc_units(sum_buf, dataunit));
sprintf(sum_buf, "%llu", sum_bout);
fprintf(cgiOut, " %s Transfered Data Total:", calc_units(sum_buf, dataunit));
sum_ball = sum_ball + sum_bin + sum_bout;
sprintf(sum_buf, "%llu", sum_ball);
fprintf(cgiOut, " %s</th>\n", calc_units(sum_buf, dataunit));
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
} /* end else we were called with form data */
pagefoot();
return(0);
}
int cgiMain() {
static char title[] = "List of existing Certificates";
char sorting[16] = "desc";
char certfilestr[225] = "";
FILE *certfile = NULL;
BIO *membio = NULL;
BIO *outbio = NULL;
char membio_buf[128] = "";
X509 *cert = NULL;
X509_NAME *certsubject = NULL;
ASN1_TIME *start_date = NULL;
ASN1_TIME *expiration_date = NULL;
struct tm start_tm;
struct tm expiration_tm;
time_t now = time(NULL);
time_t start = time(NULL);
time_t expiration = time(NULL);
double available_secs = 0;
double remaining_secs = 0;
struct dirent **certstore_files = NULL;
int pagenumber = 1;
int certcounter = 0;
int tempcounter = 0;
int pagecounter = 0;
int dispcounter = 0;
int dispmaxlines = 0;
int certvalidity = 0;
div_t disp_calc;
div_t oddline_calc;
double percent = 0;
cert = X509_new();
certsubject = X509_NAME_new();
/* -------------------------------------------------------------------------- *
* Get the list of .pem files from the cert directory *
* ---------------------------------------------------------------------------*/
certcounter = scandir(CACERTSTORE, &certstore_files, file_select, hexsort);
if(certcounter<=0) int_error("Error: No certificate files found.");
/* -------------------------------------------------------------------------- *
* calculate how many pages we get with MAXCERTDISPLAY *
* ---------------------------------------------------------------------------*/
if(certcounter<=MAXCERTDISPLAY) pagecounter = 1;
else {
disp_calc = div(certcounter, MAXCERTDISPLAY);
/* if the count of certs divided by MAXCERTDISPLAY has no remainder */
if(disp_calc.rem == 0) pagecounter = disp_calc.quot;
/* with a remainder, we must prepare an extra page for the rest */
else pagecounter = disp_calc.quot +1;
}
/* -------------------------------------------------------------------------- *
* Check if we have been subsequently called with a pagenumber & sort request *
* ---------------------------------------------------------------------------*/
if(cgiFormInteger("page", &pagenumber, 1) == cgiFormSuccess)
if(pagenumber > pagecounter || pagenumber <=0)
int_error("Error: Page does not exist.");
if(cgiFormString("sort", sorting, sizeof(sorting)) != cgiFormSuccess)
strncpy(sorting, "desc", sizeof(sorting));
/* -------------------------------------------------------------------------- *
* now we know how many certs we have in total and we can build the page(s). *
* For every MAXCERTDISPLAY certs we start a new page and cycle through by *
* calling ourself with the requested certs in range. *
* ---------------------------------------------------------------------------*/
if(strcmp(sorting, "asc") == 0) {
if(certcounter <= MAXCERTDISPLAY) {
dispmaxlines = certcounter;
tempcounter = 0;
}
else
if(pagenumber == pagecounter &&
( pagecounter * MAXCERTDISPLAY) - certcounter != 0) {
tempcounter = (pagecounter * MAXCERTDISPLAY) - MAXCERTDISPLAY;
dispmaxlines = certcounter - ((pagecounter-1) * MAXCERTDISPLAY);
}
else {
tempcounter = (pagenumber * MAXCERTDISPLAY) - MAXCERTDISPLAY;
dispmaxlines = MAXCERTDISPLAY;
}
}
if(strcmp(sorting, "desc") == 0) {
if(certcounter <= MAXCERTDISPLAY) {
dispmaxlines = certcounter;
tempcounter = certcounter;
}
else
if(pagenumber == pagecounter &&
( pagecounter * MAXCERTDISPLAY) - certcounter != 0) {
tempcounter = certcounter - ((pagecounter-1) * MAXCERTDISPLAY);
dispmaxlines = certcounter - ((pagecounter-1) * MAXCERTDISPLAY);
}
else {
tempcounter = certcounter - (pagenumber*MAXCERTDISPLAY) + MAXCERTDISPLAY;
dispmaxlines = MAXCERTDISPLAY;
}
}
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
outbio = BIO_new(BIO_s_file());
BIO_set_fp(outbio, cgiOut, BIO_NOCLOSE);
pagehead(title);
//debugging only:
//printf("Number of certs: %d\n", certcounter);
//printf("Num tempcounter: %d\n", tempcounter);
//printf("Number of pages: %d\n", pagecounter);
//printf("Div Quotient: %d\n", disp_calc.quot);
//printf("Div Remainder: %d\n", disp_calc.rem);
//fprintf(cgiOut, "</BODY></HTML>\n");
//exit(0);
/* -------------------------------------------------------------------------- *
* start the form output *
* ---------------------------------------------------------------------------*/
fprintf(cgiOut, "<table>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th width=\"20\">");
fprintf(cgiOut, "#");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th width=\"495\">");
fprintf(cgiOut, "Certificate Subject Information");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th colspan=\"2\" width=\"60\">");
fprintf(cgiOut, "Expiry");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th width=\"65\">");
fprintf(cgiOut, "Action");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
for(dispcounter=0; dispcounter < dispmaxlines; dispcounter++) {
/* zero certificate values and flags */
certvalidity = 0;
percent = 0;
available_secs = 0;
remaining_secs = 0;
cert = X509_new();
certsubject = X509_NAME_new();
if(strcmp(sorting, "desc") == 0) tempcounter--;
snprintf(certfilestr, sizeof(certfilestr), "%s/%s",
CACERTSTORE, certstore_files[tempcounter]->d_name);
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th rowspan=\"2\">");
fprintf(cgiOut, "%d", tempcounter+1);
fprintf(cgiOut, "</th>\n");
oddline_calc = div(tempcounter+1, 2);
if(oddline_calc.rem)
fprintf(cgiOut, "<td rowspan=\"2\" class=\"odd\">");
else
fprintf(cgiOut, "<td rowspan=\"2\" class=\"even\">");
if ( (certfile = fopen(certfilestr, "r")) != NULL) {
PEM_read_X509(certfile, &cert, NULL, NULL);
certsubject = X509_get_subject_name(cert);
/* display the subject data, use the UTF-8 flag to show *
* Japanese Kanji, also needs the separator flag to work */
X509_NAME_print_ex_fp(cgiOut, certsubject, 0,
ASN1_STRFLGS_UTF8_CONVERT|XN_FLAG_SEP_CPLUS_SPC);
/* store certificate start date for later eval */
start_date = X509_get_notBefore(cert);
/* store certificate expiration date for later eval */
expiration_date = X509_get_notAfter(cert);
/* check the start and end dates in the cert */
if (X509_cmp_current_time (X509_get_notBefore (cert)) >= 0)
/* flag the certificate as not valid yet */
certvalidity = 0;
else
if (X509_cmp_current_time (X509_get_notAfter (cert)) <= 0)
/* flag the certificate as expired */
certvalidity = 0;
else
/* flag the certificate is still valid */
certvalidity = 1;
fclose(certfile);
}
else
fprintf(cgiOut, "Error: Can't open certificate file %s for reading.",
certfilestr);
fprintf(cgiOut, "</td>\n");
if(certvalidity == 0) {
/* expiration bar display column */
fprintf(cgiOut, "<th rowspan=\"2\">\n");
fprintf(cgiOut, "<table class=\"led\">\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "</th>\n");
/* remaining days before expiration column */
fprintf(cgiOut, "<th class=\"exnok\" rowspan=\"2\">\n");
fprintf(cgiOut, "Inval<br />Expd");
fprintf(cgiOut, "</th>\n");
}
if(certvalidity == 1) {
/* ------ START get the certificate lifetime in seconds ------ */
/* copy the start date into a string */
membio = BIO_new(BIO_s_mem());
ASN1_TIME_print(membio, start_date);
BIO_gets(membio, membio_buf, sizeof(membio_buf));
BIO_free(membio);
/* parse the start date string into a time struct */
memset (&start_tm, '\0', sizeof(start_tm));
strptime(membio_buf, "%h %d %T %Y %z", &start_tm);
start = mktime(&start_tm);
/* ------ START get the certificate remaining time in seconds ------ */
/* copy the expiration date into a string */
membio = BIO_new(BIO_s_mem());
ASN1_TIME_print(membio, expiration_date);
BIO_gets(membio, membio_buf, sizeof(membio_buf));
BIO_free(membio);
/* parse the expiration date string into a time struct */
memset (&expiration_tm, '\0', sizeof(expiration_tm));
strptime(membio_buf, "%h %d %T %Y %z", &expiration_tm);
/* get the current time */
now = time(NULL);
expiration = mktime(&expiration_tm);
/* get the time difference between expiration time and current time */
remaining_secs = difftime(expiration, now);
/* ------ END get the certificate remaining time in seconds ------ */
/* get the time difference between start and expiration time */
available_secs = difftime(expiration, start);
/* ------ END get the certificate lifetime in seconds ------ */
/* ------ START calculate percentage of lifetime left ------ */
/* remaining_secs *100 */
/* ------------------- = X, rounded down with floor() */
/* available_secs */
percent = floor((remaining_secs*100)/available_secs);
/* ------ END calculate percentage of lifetime left ------ */
/* expiration bar display column */
fprintf(cgiOut, "<th rowspan=\"2\">\n");
fprintf(cgiOut, "<table class=\"led\">\n");
if (percent >= 90) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#00FF00\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 80) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#00FF33\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 70) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#99FF33\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 60) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#FFFF00\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 50) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#FFCC00\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 40) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#FF9900\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 30) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#FF6600\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 20) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#FF3300\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
if (percent >= 10) fprintf(cgiOut, " <tr><td class=\"led\" bgcolor=\"#FF0000\"></td></tr>\n");
else fprintf(cgiOut, " <tr><td class=\"led-off\"></td></tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "</th>\n");
/* remaining days before expiration column */
//fprintf(cgiOut, membio_buf);
if (percent < 10) fprintf(cgiOut, "<th class=\"exnok\" rowspan=\"2\">\n");
else fprintf(cgiOut, "<th class=\"exok\" rowspan=\"2\">\n");
if(floor(remaining_secs/63072000) > 0) fprintf(cgiOut, "%.f<br />years", remaining_secs/31536000);
else if(floor(remaining_secs/86400) > 0 ) fprintf(cgiOut, "%.f<br />days", remaining_secs/86400);
else if(floor(remaining_secs/3600) > 0 ) fprintf(cgiOut, "%.f<br />hours", remaining_secs/3600);
else if(floor(remaining_secs/60) > 0 ) fprintf(cgiOut, "%.f<br />mins", remaining_secs/60);
else fprintf(cgiOut, "%.f<br />secs", remaining_secs);
fprintf(cgiOut, "</th>\n");
}
/* action column */
fprintf(cgiOut, "<th>");
fprintf(cgiOut, "<form action=\"getcert.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certstore_files[tempcounter]->d_name);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"text\" />\n");
fprintf(cgiOut, "<input class=\"getcert\" type=\"submit\" value=\"Detail\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certrenew.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cert-renew\" ");
fprintf(cgiOut, "value=\"");
PEM_write_bio_X509(outbio, cert);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input class=\"getcert\" type=\"submit\" value=\"Renew\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
if(strcmp(sorting, "asc") == 0) tempcounter++;
}
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th colspan=\"5\">");
fprintf(cgiOut, "Total # of certs: %d | ", certcounter);
fprintf(cgiOut, "Page %d of %d", pagenumber, pagecounter);
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "<p></p>\n");
fprintf(cgiOut, "<table>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certstore.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"sort\" ");
fprintf(cgiOut, "value=\"desc\" />\n");
fprintf(cgiOut, "<input type=\"submit\" name=\"sort\"");
fprintf(cgiOut, " value=\"Latest Certs first\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certstore.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"sort\" ");
fprintf(cgiOut, "value=\"asc\" />\n");
fprintf(cgiOut, "<input type=\"submit\" name=\"sort\"");
fprintf(cgiOut, " value=\"Oldest Certs first\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
// filler 1
fprintf(cgiOut, "<th width=\"15\">");
fprintf(cgiOut, " ");
fprintf(cgiOut, "</th>\n");
// goto page 1
fprintf(cgiOut, "<th width=\"5\">\n");
fprintf(cgiOut, "<form action=\"certstore.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"<<\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
// goto page before
fprintf(cgiOut, "<th width=\"5\">\n");
fprintf(cgiOut, "<form action=\"certstore.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"%d\" />\n", certcounter);
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"%d\" />\n", pagecounter);
fprintf(cgiOut, "<input type=\"hidden\" name=\"page\" ");
fprintf(cgiOut, "value=\"");
tempcounter = 0;
if(pagenumber > 1) tempcounter = pagenumber - 1;
else tempcounter = 1;
fprintf(cgiOut, "%d", tempcounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"< 1\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
// goto page after
fprintf(cgiOut, "<th width=\"5\">\n");
fprintf(cgiOut, "<form action=\"certstore.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"%d\" />\n", certcounter);
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"%d\" />\n", pagecounter);
fprintf(cgiOut, "<input type=\"hidden\" name=\"page\" ");
fprintf(cgiOut, "value=\"");
tempcounter = 0;
if(pagecounter > pagenumber) tempcounter = pagenumber + 1;
else tempcounter = pagecounter;
fprintf(cgiOut, "%d", tempcounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"1 >\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
// goto last page
fprintf(cgiOut, "<th width=\"5\">\n");
fprintf(cgiOut, "<form action=\"certstore.cgi\" method=\"post\">");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"%d\" />\n", certcounter);
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"%d\" />\n", pagecounter);
fprintf(cgiOut, "<input type=\"hidden\" name=\"page\" ");
fprintf(cgiOut, "value=\"%d\" />\n", pagecounter);
fprintf(cgiOut, "<input type=\"submit\" value=\">>\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
// goto page number
fprintf(cgiOut, "<th width=\"120\">\n");
fprintf(cgiOut, "<form class=\"setpage\" action=\"certstore.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"certcounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", certcounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"pagecounter\" ");
fprintf(cgiOut, "value=\"");
fprintf(cgiOut, "%d", pagecounter);
fprintf(cgiOut, "\" />\n");
fprintf(cgiOut, "<input class=\"goto\" type=\"submit\" value=\"Goto\" />\n");
fprintf(cgiOut, "<input class=\"page\" type=\"text\" name=\"page\" ");
fprintf(cgiOut, "value=\"%d\" />\n", pagecounter);
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
/* ---------------------------------------------------------------------------*
* end the html output *
* ---------------------------------------------------------------------------*/
pagefoot();
BIO_free(outbio);
return(0);
}
int cgiMain() {
char router[16] =""; /* selected router IP address */
char title[256] =""; /* cgi title string */
char type[4] =""; /* selected image type [upd|apd] */
int i; /* loop counter */
if ( cgiFormString("router", router, sizeof(router)) != cgiFormSuccess )
cgi_error("Error retrieving the IP address of the router.");
if ( cgiFormString("type", type, sizeof(type)) != cgiFormSuccess )
cgi_error("Error retrieving the image type information.");
if(strcmp(type,"upd") == 0)
snprintf(title, sizeof(title), "Daily User Statistics for Router %s", router);
else if(strcmp(type,"apd") == 0)
snprintf(title, sizeof(title), "Daily Data per User for Router %s", router);
else cgi_error("Error image type is invalid.");
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title);
fprintf(cgiOut, "<div id=\"content\">\n");
fprintf(cgiOut, "<table class=\"inner\" width=100%%>\n");
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\">#</th>\n");
if(strcmp(type,"upd") == 0)
fprintf(cgiOut, "<th class=\"inner\">Unique Users/Day</th>\n");
else if(strcmp(type,"apd") == 0)
fprintf(cgiOut, "<th class=\"inner\">Average Data per User/Day</th>\n");
fprintf(cgiOut, "</tr>\n");
for(i=0;i<DAYSTATS_HIST; i++) {
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" width=20>%d</th>\n", i+1);
fprintf(cgiOut, "<td class=\"inner\">");
if(strcmp(type,"upd") == 0)
fprintf(cgiOut, "<img src=\"../images/usercount-mon%d-%s.png\" border=0>", i, router);
else if(strcmp(type,"apd") == 0)
fprintf(cgiOut, "<img src=\"../images/avgbytes-mon%d-%s.png\" border=0>", i, router);
fprintf(cgiOut, "</td>");
fprintf(cgiOut, "</tr>\n");
}
fprintf(cgiOut, "<tr>\n");
fprintf(cgiOut, "<th class=\"inner\" colspan=3> </th>");
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
fprintf(cgiOut, "<h3>Additional information</h3>\n");
fprintf(cgiOut, "<hr>\n");
fprintf(cgiOut, "<p>");
if(strcmp(type,"upd") == 0) {
fprintf(cgiOut, "This page shows the daily summary for unique users per router");
fprintf(cgiOut, "<ul>");
fprintf(cgiOut, "<li>The number of connections is a summary of all unique users on this router, per day.");
}
else if(strcmp(type,"apd") == 0) {
fprintf(cgiOut, "This page shows the daily summary of the average transfered data per user.");
fprintf(cgiOut, "<ul>");
fprintf(cgiOut, "<li>The data transfer is the summary of all data in and data out, calculated as the average per user.");
}
fprintf(cgiOut, "<li>The graphs are pre-generated on the web server by edacs-chartsgen, which runs through cron.");
fprintf(cgiOut, "</ul>");
fprintf(cgiOut, "</p>\n");
pageside();
pagefoot();
return(0);
}
