static int parse_request(prelude_client_t *client, int rtype, char *request, prelude_string_t *out) { config_t *cfg; void *context = client; char pname[256], iname[256]; prelude_option_t *last = NULL; int ret = 0, last_cmd = 0, ent; char *str, *value, *prev = NULL, *ptr = NULL; unsigned int line = 0; ret = _config_open(&cfg, prelude_client_get_config_filename(client)); if ( ret < 0 ) return ret; value = request; strsep(&value, "="); while ( (str = (option_strsep(&request))) ) { if ( ! request ) { last_cmd = 1; ptr = value; } *pname = 0; *iname = 0; ent = ret = sscanf(str, "%255[^[][%255[^]]", pname, iname); if ( ret < 1 ) { prelude_string_sprintf(out, "Error parsing option path"); break; } ret = parse_single(&context, &last, last_cmd, rtype, pname, (ent == 2) ? iname : ptr, out); if ( ret < 0 ) break; config_save_value(cfg, rtype, last, last_cmd, &prev, pname, (ent == 2) ? iname : ptr, &line); } _config_close(cfg); free(prev); return ret; }
void prelude_logging(const char *filename, const char *virname, const char *virhash, int virsize){ int ret; idmef_message_t *idmef = NULL; idmef_alert_t *alert; idmef_classification_t *class; prelude_string_t *str; idmef_target_t *target; idmef_file_t *file; ret = idmef_message_new(&idmef); if ( ret < 0 ) goto err; ret = idmef_message_new_alert(idmef, &alert); if ( ret < 0 ) goto err; ret = idmef_alert_new_classification(alert, &class); if ( ret < 0 ) goto err; ret = idmef_classification_new_text(class, &str); if ( ret < 0 ) goto err; prelude_string_set_constant(str, "Virus Found"); ret = idmef_alert_new_target(alert, &target, 0); if ( ret < 0 ) goto err; ret = idmef_target_new_file(target, &file, 0); if ( ret < 0 ) goto err; ret = idmef_file_new_path(file, &str); if ( ret < 0 ) goto err; prelude_string_set_ref(str, filename); if ( virname != NULL ) { ret = add_string_additional_data(alert, "virname", virname); if ( ret < 0 ) goto err; } if ( virhash != NULL){ ret = add_string_additional_data(alert, "virhash", virhash); if ( ret < 0 ) goto err; } ret = add_int_additional_data(alert, "virsize", virsize); if ( ret < 0 ) goto err; logg("le client : %s", prelude_client_get_config_filename(prelude_client)); prelude_client_send_idmef(prelude_client, idmef); idmef_message_destroy(idmef); return; err: if (idmef != NULL) idmef_message_destroy(idmef); logg("%s error: %s", prelude_strsource(ret), prelude_strerror(ret)); return; }