gchar*
sim_event_get_alarm_insert_clause(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp=time;
gchar *query;
gint c;
gint a;
gchar uuidtext[37];
gchar uuidtext_backlog[37];
g_return_val_if_fail(event, NULL);
g_return_val_if_fail(SIM_IS_EVENT (event), NULL);
if (event->risk_c < 0)
event->risk_c = 0;
else if (event->risk_c > 10)
event->risk_c = 10;
if (event->risk_a < 0)
event->risk_a = 0;
else if (event->risk_a > 10)
event->risk_a = 10;
c = rint(event->risk_c);
a = rint(event->risk_a);
if(event->time_str)
timestamp=event->time_str;
else
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
uuid_unparse_upper(event->uuid, uuidtext);
uuid_unparse_upper(event->uuid_backlog, uuidtext_backlog);
query
= g_strdup_printf(
"REPLACE INTO alarm "
"(event_id, backlog_id, timestamp, plugin_id, plugin_sid, "
"protocol, src_ip, dst_ip, src_port, dst_port, "
"risk, snort_sid, snort_cid,uuid_backlog,uuid_event) "
" VALUES ('%u', '%u', '%s', %d, %d, %d, %u, %u, %d, %d, %d, %u, %u,'%s','%s')",
event->id, event->backlog_id, timestamp, event->plugin_id,
event->plugin_sid, event->protocol,
(event->src_ia) ? sim_inetaddr_ntohl(event->src_ia) : -1,
(event->dst_ia) ? sim_inetaddr_ntohl(event->dst_ia) : -1,
event->src_port, event->dst_port, (a > c) ? a : c, event->snort_sid,
event->snort_cid,
(!uuid_is_null(event->uuid_backlog) ? uuidtext_backlog : ""),
(!uuid_is_null(event->uuid) ? uuidtext : ""));
return query;
}
/* Log information about external modification of a process,
* using MessageTracer formatting. Assumes that both the caller
* and target are appropriately locked.
* Currently prints following information -
* 1. Caller process name (truncated to 16 characters)
* 2. Caller process Mach-O UUID
* 3. Target process name (truncated to 16 characters)
* 4. Target process Mach-O UUID
*/
void
fslog_extmod_msgtracer(proc_t caller, proc_t target)
{
if ((caller != PROC_NULL) && (target != PROC_NULL)) {
/*
* Print into buffer large enough for "ThisIsAnApplicat(BC223DD7-B314-42E0-B6B0-C5D2E6638337)",
* including space for escaping, and NUL byte included in sizeof(uuid_string_t).
*/
uuid_string_t uuidstr;
char c_name[2*MAXCOMLEN + 2 /* () */ + sizeof(uuid_string_t)];
char t_name[2*MAXCOMLEN + 2 /* () */ + sizeof(uuid_string_t)];
strlcpy(c_name, caller->p_comm, sizeof(c_name));
uuid_unparse_upper(caller->p_uuid, uuidstr);
strlcat(c_name, "(", sizeof(c_name));
strlcat(c_name, uuidstr, sizeof(c_name));
strlcat(c_name, ")", sizeof(c_name));
if (0 != escape_str(c_name, strlen(c_name), sizeof(c_name))) {
return;
}
strlcpy(t_name, target->p_comm, sizeof(t_name));
uuid_unparse_upper(target->p_uuid, uuidstr);
strlcat(t_name, "(", sizeof(t_name));
strlcat(t_name, uuidstr, sizeof(t_name));
strlcat(t_name, ")", sizeof(t_name));
if (0 != escape_str(t_name, strlen(t_name), sizeof(t_name))) {
return;
}
#if DEBUG
printf("EXTMOD: %s(%d) -> %s(%d)\n",
c_name,
proc_pid(caller),
t_name,
proc_pid(target));
#endif
kern_asl_msg(LOG_DEBUG, "messagetracer",
5,
"com.apple.message.domain", "com.apple.kernel.external_modification", /* 0 */
"com.apple.message.signature", c_name, /* 1 */
"com.apple.message.signature2", t_name, /* 2 */
"com.apple.message.result", "noop", /* 3 */
"com.apple.message.summarize", "YES", /* 4 */
NULL);
}
}
struct sg_uuid_str sg_uuid_gen(enum sg_uuid_method method, int uppercase)
{
uuid_t uu;
struct sg_uuid_str us;
assert(method >= SGUUIDMETHOD_DEFAULT && method <= SGUUIDMETHOD_TIME_MAC);
memset(&us, 0, sizeof(struct sg_uuid_str));
switch (method) {
case SGUUIDMETHOD_DEFAULT:
uuid_generate(uu);
break;
case SGUUIDMETHOD_RANDOM:
uuid_generate_random(uu);
break;
case SGUUIDMETHOD_TIME_MAC:
uuid_generate_time(uu);
break;
case SGUUIDMETHOD_TIME_MAC_SAFE:
uuid_generate_time_safe(uu);
break;
default:
sg_log_err("UUID method error.");
return us;
}
if (uppercase == 0)
uuid_unparse_lower(uu, us.buf);
else
uuid_unparse_upper(uu, us.buf);
return us;
}
string BeatBoard::SessionManager::createSessionId() {
uuid_t uuid;
char buff[1024];
uuid_generate(uuid);
uuid_unparse_upper(uuid, buff);
return string(buff);
}
static OSString *
createStringFromUUID(const uuid_t uu)
{
char buf[64];
uuid_unparse_upper(uu, buf);
return OSString::withCString(buf);
}
DNSServiceErrorType
RegisterWorkstationService(MyDNSServiceState *ref, CFStringRef serviceName)
{
char name[64];
DNSServiceErrorType error = kDNSServiceErr_BadParam;
if (CFStringGetCString(serviceName, name, sizeof(name), kCFStringEncodingUTF8)) {
uuid_t compUUID;
CFDataRef cfTXTRecord = NULL;
struct timespec waitTime = { 0 };
if ( gethostuuid(compUUID, &waitTime) == 0 )
{
CFMutableDictionaryRef txtRecordDict = CFDictionaryCreateMutable( kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks );
uuid_string_t uuidstr;
uuid_unparse_upper( compUUID, uuidstr );
CFStringRef cfUUID = CFStringCreateWithCString( kCFAllocatorDefault, uuidstr, kCFStringEncodingUTF8 );
CFDictionarySetValue( txtRecordDict, CFSTR("uuid"), cfUUID );
DbgLog( kLogInfo, "Workstation service - uuid = %s", uuidstr );
DSCFRelease( cfUUID );
cfTXTRecord = CFNetServiceCreateTXTDataWithDictionary( kCFAllocatorDefault, txtRecordDict );
DSCFRelease( txtRecordDict );
}
else
{
DbgLog( kLogError, "Failed to get host UUID from gethostuuid()" );
}
error = DNSServiceRegister(&ref->service,
kDNSServiceFlagsNoAutoRename,
kDNSServiceInterfaceIndexAny,
name,
kWorkstationType,
NULL,
NULL,
htons(kWorkstationPort),
(cfTXTRecord ? CFDataGetLength(cfTXTRecord) : 0),
(cfTXTRecord ? CFDataGetBytePtr(cfTXTRecord) : NULL),
RegisterWorkstationCallBack,
(void *)ref);
DSCFRelease( cfTXTRecord );
}
if (kDNSServiceErr_NoError == error) {
DbgLog( kLogNotice, "Registered Workstation service - %s.%s", name, kWorkstationType );
MyDNSServiceAddToRunLoop(ref);
}
return error;
}
static int getuuid(unsigned char *puuid)
{
int rc = 0 ;
uuid_t uuid ;
uuid_generate(uuid) ;
uuid_unparse_upper(uuid, (char *) puuid) ;
return rc ;
}
void
panic_init(void)
{
unsigned long uuidlen = 0;
void *uuid;
uuid = getuuidfromheader(&_mh_execute_header, &uuidlen);
if ((uuid != NULL) && (uuidlen == sizeof(uuid_t))) {
uuid_unparse_upper(*(uuid_t *)uuid, kernel_uuid);
}
simple_lock_init(&panic_lock, 0);
panic_is_inited = 1;
panic_caller = 0;
}
static gboolean init_suminfo(LibmsiSummaryInfo *si, GError **error)
{
uuid_t uu;
char uustr[40];
if (!libmsi_summary_info_set_string(si, LIBMSI_PROPERTY_TITLE,
"Installation Database", error))
return FALSE;
if (!libmsi_summary_info_set_string(si, LIBMSI_PROPERTY_KEYWORDS,
"Installer, MSI", error))
return FALSE;
if (!libmsi_summary_info_set_string(si, LIBMSI_PROPERTY_TEMPLATE,
";1033", error))
return FALSE;
if (!libmsi_summary_info_set_string(si, LIBMSI_PROPERTY_APPNAME,
"libmsi msibuild", error))
return FALSE;
if (!libmsi_summary_info_set_int(si, LIBMSI_PROPERTY_VERSION,
200, error))
return FALSE;
if (!libmsi_summary_info_set_int(si, LIBMSI_PROPERTY_SOURCE,
0, error))
return FALSE;
if (!libmsi_summary_info_set_int(si, LIBMSI_PROPERTY_RESTRICT,
0, error))
return FALSE;
uuid_generate(uu);
uustr[0] = '{';
uuid_unparse_upper(uu, uustr + 1);
strcat(uustr, "}");
if (!libmsi_summary_info_set_string(si, LIBMSI_PROPERTY_UUID,
uustr, error))
return FALSE;
return TRUE;
}
void
panic_init(void)
{
unsigned long uuidlen = 0;
void *uuid;
uuid = getuuidfromheader(&_mh_execute_header, &uuidlen);
if ((uuid != NULL) && (uuidlen == sizeof(uuid_t))) {
kernel_uuid = uuid;
uuid_unparse_upper(*(uuid_t *)uuid, kernel_uuid_string);
}
simple_lock_init(&panic_lock, 0);
panic_is_inited = 1;
panic_caller = 0;
if (!PE_parse_boot_argn("assertions", &mach_assert, sizeof(mach_assert))) {
mach_assert = 1;
}
}
int
odkerb_copy_user_record_with_alt_security_identity(CFStringRef principalID, ODRecordRef *out)
{
int retval = -1;
CFStringRef cfAltSecurityIdentity = NULL;
CFErrorRef cfError = NULL;
ODQueryRef cfQueryRef = NULL;
CFArrayRef cfUserRecords = NULL;
int mbrErr = 0;
uuid_t user_uuid = { 0 };
uuid_string_t uuidStr;
char principal[1024];
ODKERB_PARAM_ASSERT(principalID != NULL);
ODKERB_PARAM_ASSERT(out != 0);
*out = NULL;
if (odkerb_configure_search_node() != 0)
goto failure;
CFStringGetCString(principalID, principal, sizeof(principal), kCFStringEncodingUTF8);
mbrErr = mbr_identifier_to_uuid(ID_TYPE_KERBEROS, principal, strlen(principal), user_uuid);
if (mbrErr != 0) {
ODKERB_LOG_CFSTRING(LOG_DEBUG, "No UUID found for principal by mbr_identifier_to_uuid ID_TYPE_KERBEROS", principalID);
goto failure;
}
uuid_unparse_upper(user_uuid, uuidStr);
CFStringRef cfUserUUID = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%s"), uuidStr);
cfQueryRef = ODQueryCreateWithNode(kCFAllocatorDefault,
gSearchNode,
kODRecordTypeUsers,
kODAttributeTypeGUID,
kODMatchEqualTo,
cfUserUUID,
kODAttributeTypeRecordName,
1, &cfError);
if (cfQueryRef == NULL || cfError != NULL) {
ODKERB_LOG_CFERROR(LOG_ERR, "Unable to query the search node", cfError);
goto failure;
}
cfUserRecords = ODQueryCopyResults(cfQueryRef, false, &cfError);
if (cfUserRecords == NULL || cfError != NULL) {
ODKERB_LOG_CFERROR(LOG_ERR, "Unable to find user record", cfError);
goto failure;
}
else if (CFArrayGetCount(cfUserRecords) == 0) {
ODKERB_LOG_CFSTRING(LOG_INFO, "Unable to find user record", cfUserUUID);
goto failure;
}
ODRecordRef cfUserRecord = (ODRecordRef)CFArrayGetValueAtIndex(cfUserRecords, 0);
*out = (ODRecordRef)CFRetain(cfUserRecord);
retval = 0;
failure:
if (cfError != NULL)
odkerb_possibly_reset_search_node(cfError);
CF_SAFE_RELEASE(cfError);
CF_SAFE_RELEASE(cfAltSecurityIdentity);
CF_SAFE_RELEASE(cfQueryRef);
CF_SAFE_RELEASE(cfUserRecords);
return retval;
}
void
sim_event_print(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp = time;
gchar *ip;
int i;
g_return_if_fail(event);
g_return_if_fail(SIM_IS_EVENT (event));
g_print("event");
switch (event->type)
{
case SIM_EVENT_TYPE_DETECTOR:
g_print(" type=\"D\"");
break;
case SIM_EVENT_TYPE_MONITOR:
g_print(" type=\"M\"");
break;
case SIM_EVENT_TYPE_NONE:
g_print(" type=\"N\"");
break;
}
g_print(" id=\"%d\"", event->id);
if (event->time_str)
timestamp = event->time_str;
else if (event->time)
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
g_print(" alarm=\"%d\"", event->alarm);
if (event->sensor)
g_print(" sensor=\"%s\"", event->sensor);
if (event->device)
g_print(" device=\"%s\"", event->device);
if (event->interface)
g_print(" interface=\"%s\"", event->interface);
if (event->plugin_id)
g_print(" plugin_id=\"%d\"", event->plugin_id);
if (event->plugin_sid)
g_print(" plugin_sid=\"%d\"", event->plugin_sid);
if (event->protocol)
g_print(" protocol=\"%d\"", event->protocol);
if (event->src_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->src_ia);
g_print(" src_ia=\"%s\"", ip);
g_free(ip);
}
if (event->src_port)
g_print(" src_port=\"%d\"", event->src_port);
if (event->dst_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->dst_ia);
g_print(" dst_ia=\"%s\"", ip);
g_free(ip);
}
if (event->dst_port)
g_print(" dst_port=\"%d\"", event->dst_port);
if (event->condition)
g_print(" condition=\"%d\"", event->condition);
if (event->value)
g_print(" value=\"%s\"", event->value);
if (event->interval)
g_print(" ineterval=\"%d\"", event->interval);
if (event->priority)
g_print(" priority=\"%d\"", event->priority);
if (event->reliability)
g_print(" reliability=\"%d\"", event->reliability);
if (event->asset_src)
g_print(" asset_src=\"%d\"", event->asset_src);
if (event->asset_dst)
g_print(" asset_dst=\"%d\"", event->asset_dst);
if (event->risk_c)
g_print(" risk_c=\"%lf\"", event->risk_c);
if (event->risk_a)
g_print(" risk_a=\"%lf\"", event->risk_a);
if (event->snort_sid)
g_print(" sid =\"%d\"", event->snort_sid);
if (event->snort_cid)
g_print(" cid =\"%d\"", event->snort_cid);
if (event->data)
g_print(" data=\"%s\"", event->data);
if (event->rep_prio_src)
g_message (" rep_prio_src=\"%u\"", event->rep_prio_src);
if (event->rep_prio_dst)
g_message (" rep_prio_dst=\"%u\"", event->rep_prio_dst);
if (event->rep_rel_src)
g_message (" rep_rel_src=\"%u\"", event->rep_rel_src);
if (event->rep_rel_dst)
g_message (" rep_rel_dst=\"%u\"", event->rep_rel_dst);
if (event->rep_act_src)
g_message (" rep_act_src=\"%s\"", event->rep_act_src);
if (event->rep_act_dst)
g_message (" rep_act_dst=\"%s\"", event->rep_act_dst);
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if (event->textfields[i] != NULL)
{
g_printf(" %s=\"%s\"", sim_text_field_get_name(i),
event->textfields[i]);
}
}
if (!uuid_is_null(event->uuid))
{
gchar uuidtext[37];
uuid_unparse_upper(event->uuid, uuidtext);
g_message(" uuid=\"%s\"", uuidtext);
}
g_print("\n");
}
char *
acl_to_text(acl_t acl, ssize_t *len_p)
{
acl_tag_t tag;
acl_entry_t entry = NULL;
acl_flagset_t flags;
acl_permset_t perms;
uid_t id;
int i, first;
int isgid;
size_t bufsize = 1024;
char *buf = NULL;
if (!_ACL_VALID_ACL(acl)) {
errno = EINVAL;
return NULL;
}
if (len_p == NULL)
if ((len_p = alloca(sizeof(ssize_t))) == NULL)
goto err_nomem;
*len_p = 0;
if ((buf = malloc(bufsize)) == NULL)
goto err_nomem;
if (!raosnprintf(&buf, &bufsize, len_p, "!#acl %d", 1))
goto err_nomem;
if (acl_get_flagset_np(acl, &flags) == 0)
{
for (i = 0, first = 0; acl_flags[i].name != NULL; ++i)
{
if (acl_flags[i].type & ACL_TYPE_ACL
&& acl_get_flag_np(flags, acl_flags[i].flag) != 0)
{
if(!raosnprintf(&buf, &bufsize, len_p, "%s%s",
first++ ? "," : " ", acl_flags[i].name))
goto err_nomem;
}
}
}
for (;acl_get_entry(acl,
entry == NULL ? ACL_FIRST_ENTRY : ACL_NEXT_ENTRY, &entry) == 0;)
{
int valid;
uuid_t *uu;
char *str, uu_str[37];
if (((uu = (uuid_t *) acl_get_qualifier(entry)) == NULL)
|| (acl_get_tag_type(entry, &tag) != 0)
|| (acl_get_flagset_np(entry, &flags) != 0)
|| (acl_get_permset(entry, &perms) != 0)) {
if (uu != NULL) acl_free(uu);
continue;
}
uuid_unparse_upper(*uu, uu_str);
if ((str = uuid_to_name(uu, &id, &isgid)) != NULL) {
valid = raosnprintf(&buf, &bufsize, len_p, "\n%s:%s:%s:%d:%s",
isgid ? "group" : "user",
uu_str,
str,
id,
(tag == ACL_EXTENDED_ALLOW) ? "allow" : "deny");
} else {
valid = raosnprintf(&buf, &bufsize, len_p, "\nuser:%s:::%s",
uu_str,
(tag == ACL_EXTENDED_ALLOW) ? "allow" : "deny");
}
free(str);
acl_free(uu);
if (!valid)
goto err_nomem;
for (i = 0; acl_flags[i].name != NULL; ++i)
{
if (acl_flags[i].type & (ACL_TYPE_DIR | ACL_TYPE_FILE))
{
if(acl_get_flag_np(flags, acl_flags[i].flag) != 0)
{
if(!raosnprintf(&buf, &bufsize, len_p, ",%s",
acl_flags[i].name))
goto err_nomem;
}
}
}
for (i = 0, first = 0; acl_perms[i].name != NULL; ++i)
{
if (acl_perms[i].type & (ACL_TYPE_DIR | ACL_TYPE_FILE))
{
if(acl_get_perm_np(perms, acl_perms[i].perm) != 0)
{
if(!raosnprintf(&buf, &bufsize, len_p, "%s%s",
first++ ? "," : ":", acl_perms[i].name))
goto err_nomem;
}
}
}
}
buf[(*len_p)++] = '\n';
buf[(*len_p)] = 0;
return buf;
err_nomem:
if (buf != NULL)
free(buf);
errno = ENOMEM;
return NULL;
}
void Bptree::search_section(Table_info table,Attribute attribute,bool left_open,std::string left,bool right_open,std::string right,Address* begin,Address* end)
{
uuid_t uu;
int i;
uuid_generate( uu );
printf("\n");
uuid_string_t strc;
uuid_unparse_upper(uu,strc);
Address begin_address(table.database,strc,0);
disk.create_file(begin_address);
get_root(table, attribute);
Address header_address(table.database,filename,0);
Address_byte first_address;
Block header;
buffer->read_data(header_address, &header);
header.get_block_data(ADDRESS_SIZE*2, ADDRESS_SIZE, first_address.byte);
Address now_address(table.database,filename,first_address.address);
Bptree_node *now_node=new_node();
now_node->read_from(now_address);
Key_type *left_key,*right_key;
Block address_file_block;
buffer->write_data(begin_address, &address_file_block);
bool no_left=(left=="inf");
bool no_right=(right=="inf");
switch (attribute.type)
{
case SQL_INT:left_key=new Int_key;break;
case SQL_FLOAT:left_key=new Float_key;break;
case SQL_STRING:left_key=new String_key(attribute.size);break;
}
switch (attribute.type)
{
case SQL_INT:right_key=new Int_key;break;
case SQL_FLOAT:right_key=new Float_key;break;
case SQL_STRING:right_key=new String_key(attribute.size);break;
}
left_key->assign(left);
right_key->assign(right);
int now_int;
if (!no_left)
{
search(table, attribute, left);
if (left_open)
{
now_address=bigger_than_start_address;
now_int=bigger_than_start_int;
}
else
{
now_address=not_smaller_than_start_address;
now_int=not_smaller_than_start_int;
}
}
else
{
now_int=0;
}
Address end_address;
int end_int;
if (!no_right)
{
search(table, attribute, right);
if (right_open)
{
end_address=smaller_than_end_address;
end_int=smaller_than_end_int;
}
else
{
end_address=not_bigger_than_end_address;
end_int=not_bigger_than_end_int;
}
}
else
{
end_address=Address(table.table_name,filename,0);
end_int=0;
}
now_node->read_from(now_address);
Address_byte temp_address;
temp_address.address=begin_address.address_int();
bool new_flag=true;
*begin=Address(table.database,strc,0);
*end=*begin;
while(true)
{
Address tmp_address(table.database,strc,temp_address.address);
if (now_address.file_offset==end_address.file_offset && now_int==end_int)
{
*end=tmp_address;
break;
}
Block block;
if (!new_flag)
{
buffer->read_data(tmp_address,&block);
}
else
{
new_flag=false;
}
Address_byte to_write_address;
to_write_address.address=now_node->link[now_int].address_int();
block.fill_block_data(tmp_address.block_offset, ADDRESS_SIZE, to_write_address.byte);
buffer->write_data(tmp_address, &block);
if (now_int+1==now_node->number)
{
now_address=now_node->link[now_node->max_count];
now_int=0;
if (now_address.file_offset!=0)
now_node->read_from(now_address);
}
else
{
now_int++;
}
temp_address.address+=ADDRESS_SIZE;
if (temp_address.address % BLOCK_SIZE==0)
{
new_flag=true;
}
}
delete now_node;
delete right_key;
delete left_key;
}
int main(int argc, char** argv)
{
Options_t opts;
int rc;
pn_message_t *response_msg = pn_message();
check( response_msg, "Failed to allocate a Message");
pn_message_t *request_msg = pn_message();
check( request_msg, "Failed to allocate a Message");
pn_messenger_t *messenger = pn_messenger( 0 );
check( messenger, "Failed to allocate a Messenger");
parse_options( argc, argv, &opts );
// no need to track outstanding messages
pn_messenger_set_outgoing_window( messenger, 0 );
pn_messenger_set_incoming_window( messenger, 0 );
pn_messenger_set_timeout( messenger, opts.timeout );
if (opts.gateway_addr) {
LOG( "routing all messages via %s\n", opts.gateway_addr );
rc = pn_messenger_route( messenger,
"*", opts.gateway_addr );
check( rc == 0, "pn_messenger_route() failed" );
}
pn_messenger_start(messenger);
char *reply_to = NULL;
if (opts.reply_to) {
LOG("subscribing to %s for replies\n", opts.reply_to);
pn_messenger_subscribe(messenger, opts.reply_to);
reply_to = _strdup(opts.reply_to);
check( reply_to, "Out of memory" );
#if 1
// need to 'fix' the reply-to for use in the message itself:
// no '~' is allowed in that case
char *tilde = strstr( reply_to, "://~" );
if (tilde) {
tilde += 3; // overwrite '~'
memmove( tilde, tilde + 1, strlen( tilde + 1 ) + 1 );
}
#endif
}
// Create a request message
//
const char *command = opts.new_fortune ? "set" : "get";
build_request_message( request_msg,
opts.send_bad_msg ? "bad-command" : command,
opts.address, reply_to,
opts.new_fortune, opts.ttl );
// set a unique identifier for this message, so remote can
// de-duplicate when we re-transmit
uuid_t uuid;
uuid_generate(uuid);
char uuid_str[37];
uuid_unparse_upper(uuid, uuid_str);
pn_data_put_string( pn_message_id( request_msg ),
pn_bytes( sizeof(uuid_str), uuid_str ));
// set the correlation id so we can ensure the response matches
// our request. (re-use uuid just 'cause it's easy!)
pn_data_put_string( pn_message_correlation_id( request_msg ),
pn_bytes( sizeof(uuid_str), uuid_str ));
int send_count = 0;
bool done = false;
// keep re-transmitting until something arrives
do {
LOG("sending request message...\n");
rc = pn_messenger_put( messenger, request_msg );
check(rc == 0, "pn_messenger_put() failed");
send_count++;
if (opts.retry) opts.retry--;
LOG("waiting for response...\n");
rc = pn_messenger_recv( messenger, -1 );
if (rc == PN_TIMEOUT) {
LOG( "Timed-out waiting for a response, retransmitting...\n" );
pn_message_set_delivery_count( request_msg, send_count );
} else {
check(rc == 0, "pn_messenger_recv() failed\n");
while (pn_messenger_incoming( messenger ) > 0) {
rc = pn_messenger_get( messenger, response_msg );
check(rc == 0, "pn_messenger_get() failed");
LOG("response received!\n");
// validate the correlation id
pn_bytes_t cid = pn_data_get_string( pn_message_correlation_id( response_msg ) );
if (cid.size == 0 || strncmp( uuid_str, cid.start, cid.size )) {
LOG( "Correlation Id mismatch! Ignoring this response!\n" );
} else {
process_reply( messenger, response_msg );
done = true;
}
}
}
} while (!done && opts.retry);
if (!done) {
fprintf( stderr, "Retries exhausted, no response received from server!\n" );
}
rc = pn_messenger_stop(messenger);
check(rc == 0, "pn_messenger_stop() failed");
pn_messenger_free(messenger);
pn_message_free( response_msg );
pn_message_free( request_msg );
if (reply_to) free(reply_to);
return 0;
}
gchar*
sim_event_to_string(SimEvent *event)
{
GString *str;
gchar *ip;
gchar * base64;
gint base64_len;
gchar uuidtext[37];
int i;
g_return_if_fail(event);
g_return_if_fail(SIM_IS_EVENT (event));
gchar *e_filename = NULL, *e_username = NULL, *e_password = NULL;
gchar *e_userdata1 = NULL, *e_userdata2 = NULL, *e_userdata3 = NULL, *e_userdata4 = NULL;
gchar *e_userdata5 = NULL, *e_userdata6 = NULL, *e_userdata7 = NULL, *e_userdata8 = NULL;
gchar *e_userdata9 = NULL, *e_data = NULL, *e_log = NULL;
str = g_string_new("event ");
g_string_append_printf(str, "id=\"%u\" ", event->id);
g_string_append_printf(str, "alarm=\"%d\" ", event->alarm);
gchar *aux = sim_event_get_str_from_type(event->type);
if (aux)
{
g_string_append_printf(str, "type=\"%s\" ", aux);
g_free(aux);
}
g_string_append_printf(str, "date=\"%u\" ", event->time);
g_string_append_printf(str, "tzone=\"%4.2f\" ", event->tzone);
if (event->time_str)
g_string_append_printf(str, "fdate=\"%s\" ", event->time_str);
if (event->plugin_id)
g_string_append_printf(str, "plugin_id=\"%d\" ", event->plugin_id);
if (event->plugin_sid)
g_string_append_printf(str, "plugin_sid=\"%d\" ", event->plugin_sid);
if (event->src_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->src_ia);
g_string_append_printf(str, "src_ip=\"%s\" ", ip);
g_free(ip);
}
if (event->src_port)
g_string_append_printf(str, "src_port=\"%d\" ", event->src_port);
if (event->dst_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->dst_ia);
g_string_append_printf(str, "dst_ip=\"%s\" ", ip);
g_free(ip);
}
if (event->dst_port)
g_string_append_printf(str, "dst_port=\"%d\" ", event->dst_port);
if (event->sensor)
g_string_append_printf(str, "sensor=\"%s\" ", event->sensor);
if (event->device)
g_string_append_printf(str, "device=\"%s\" ", event->device);
if (event->interface)
g_string_append_printf(str, "interface=\"%s\" ", event->interface);
if (event->protocol)
{
gchar *value = sim_protocol_get_str_from_type(event->protocol);
g_string_append_printf(str, "protocol=\"%s\" ", value);
g_free(value);
}
if (event->condition)
{
gchar *value = sim_condition_get_str_from_type(event->condition);
g_string_append_printf(str, "condition=\"%s\" ", value);
g_free(value);
}
if (event->value)
g_string_append_printf(str, "value=\"%s\" ", event->value);
if (event->interval)
g_string_append_printf(str, "interval=\"%d\" ", event->interval);
if (event->is_priority_set)
g_string_append_printf(str, "priority=\"%d\" ", event->priority);
if (event->is_reliability_set)
g_string_append_printf(str, "reliability=\"%d\" ", event->reliability);
if (event->asset_src)
g_string_append_printf(str, "asset_src=\"%d\" ", event->asset_src);
if (event->asset_dst)
g_string_append_printf(str, "asset_dst=\"%d\" ", event->asset_dst);
if (event->risk_c)
g_string_append_printf(str, "risk_a=\"%lf\" ", event->risk_a);
if (event->risk_a)
g_string_append_printf(str, "risk_c=\"%lf\" ", event->risk_c);
if (event->snort_sid)
g_string_append_printf(str, "snort_sid=\"%u\" ", event->snort_sid);
if (event->snort_cid)
g_string_append_printf(str, "snort_cid=\"%u\" ", event->snort_cid);
// if (event->data)
// g_string_append_printf(str, "data=\"%s\" ", event->data);
if (event->log && (base64_len = strlen(event->log)))
{
base64 = g_base64_encode(event->log, base64_len);
assert(base64!=NULL);
g_string_append_printf(str, "log=\"%s\" ", base64);
g_free(base64);
}
if (event->rep_prio_src)
g_string_append_printf(str, "rep_prio_src=\"%u\" ", event->rep_prio_src);
if (event->rep_prio_dst)
g_string_append_printf(str, "rep_prio_dst=\"%u\" ", event->rep_prio_dst);
if (event->rep_rel_src)
g_string_append_printf(str, "rep_rel_src=\"%u\" ", event->rep_rel_src);
if (event->rep_rel_dst)
g_string_append_printf(str, "rep_rel_dst=\"%u\" ", event->rep_rel_dst);
if (event->rep_act_src && (base64_len = strlen(event->rep_act_src)))
{
base64 = g_base64_encode( (guchar*)event->rep_act_src, base64_len);
assert (base64 != NULL);
g_string_append_printf(str, "rep_act_src=\"%s\" ", base64);
g_free(base64);
}
if (event->rep_act_dst && (base64_len = strlen(event->rep_act_dst)))
{
base64 = g_base64_encode( (guchar*)event->rep_act_dst, base64_len);
assert (base64 != NULL);
g_string_append_printf(str, "rep_act_dst=\"%s\" ", base64);
g_free(base64);
}
//g_string_append_printf(str, "log=\"%s\" ", event->log);
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if ((event->textfields[i] != NULL) && (base64_len = strlen(event->textfields[i])))
{
base64 = g_base64_encode(event->textfields[i], base64_len);
assert(base64!=NULL);
g_string_append_printf(str, "%s=\"%s\" ", sim_text_field_get_name(i), base64);
g_free(base64);
}
}
if (!uuid_is_null(event->uuid))
{
uuid_unparse_upper(event->uuid, uuidtext);
g_string_append_printf(str, "uuid=\"%s\" ", uuidtext);
}
if (event->packet)
if (event->packet->payloadlen > 0)
{
gchar *payload;
payload = sim_bin2hex(event->packet->payload, event->packet->payloadlen);
g_string_append_printf(str, "payload=\"%s\" ", payload);
g_free(payload);
}
g_string_append_printf(str, "\n");
return g_string_free(str, FALSE);
}
void bingsprec_sync(struct msauth_token* token,
struct bingsprec_params* params,
char* file_name,
struct bingsprec_results* results) {
null_bingsprec_results(results);
uuid_t uuid;
char uuid_str[36 + 1];
uuid_generate(uuid);
uuid_unparse_upper(uuid, uuid_str);
uuid_str[36] = '\0';
char* request = (char*)
malloc(BINGSPREC_REQUEST_MAX_LEN * sizeof(char));
if (request == NULL) {
exit(-1);
}
char instance_id[36 + 1];
FILE* fp_read = fopen(".saved_instance_id", "r");
if (fp_read != NULL) {
if (fread(instance_id, sizeof(char), 36, fp_read)) {
instance_id[36] = '\0';
fclose(fp_read);
} else {
fprintf(stderr, "Error reading from file.\n");
fclose(fp_read);
exit(-1);
}
} else {
/* This is either the first time making a call, the previous
* instance id file was deleted, or we had an error opening the
* file. We'll try creating a new instance id to handle the
* first two cases.
*/
uuid_t instance_uuid;
uuid_generate(instance_uuid);
uuid_unparse_upper(instance_uuid, instance_id);
FILE* fp_write = fopen(".saved_instance_id", "w");
if (fp_write != NULL) {
fputs(instance_id, fp_write);
}
fclose(fp_write);
}
snprintf(request,
BINGSPREC_REQUEST_MAX_LEN * sizeof(char),
"%s/recognize"
"?version=3.0&format=json"
"&scenarios=%s"
"&appid=%s"
"&locale=%s"
"&device.os=%s"
"&maxnbest=%d"
"&result.profanity=%d"
"&instanceid=%s"
"&requestid=%s",
BINGSPREC_BASE_URL,
scenario_to_string(params->scenario),
BINGSPREC_APP_ID,
locale_to_string(params->locale),
params->deviceos,
params->maxnbest,
params->profanity_markup,
instance_id,
uuid_str);
CURL* curl = curl_easy_init();
if (!curl) {
exit(-1);
}
curl_easy_setopt(curl, CURLOPT_VERBOSE, BINGSPREC_VERBOSE);
curl_easy_setopt(curl, CURLOPT_URL, request);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
FILE* file = fopen(file_name, "r");
if (file == NULL) {
fprintf(stderr, "Error opening wav file.\n");
exit(-1);
}
fseek(file, 0, SEEK_END);
unsigned long fileSize = (unsigned long)ftell(file);
rewind(file);
char* audio_data = (char*) malloc(sizeof(char) * fileSize);
if (audio_data == NULL) {
fprintf(stderr, "No membory to allocate audio buffer.\n");
exit(-2);
}
struct bingsprec_wavfile wavFile;
size_t freadres = fread(audio_data, 1, fileSize, file);
if (ferror(file) || freadres != fileSize) {
fprintf(stderr, "Eror reading wav file!\n");
fclose(file);
exit(-1);
}
fclose(file);
wavFile.readPtr = audio_data;
wavFile.sizeLeft = fileSize;
curl_easy_setopt(curl, CURLOPT_READFUNCTION, bingsprec_read_wavfile);
curl_easy_setopt(curl, CURLOPT_READDATA, &wavFile);
char* content_type = (char*)
malloc(BINGSPREC_REQUEST_MAX_LEN * sizeof(char));
snprintf(content_type,
BINGSPREC_REQUEST_MAX_LEN * sizeof(char),
"Content-Type: audio/wav; codec=\"audio/pcm\"; "
"samplerate=%d; "
"sourcerate=%d; "
"trustsourcerate=%s",
params->samplerate,
params->sourcerate,
bool_to_string(params->trustsourcerate));
struct curl_slist* headers = NULL;
headers = curl_slist_append(headers, content_type);
headers = curl_slist_append(headers,
"Accept: application/json;text/xml");
headers = curl_slist_append(headers,
"Host: speech.platform.bing.com");
headers = curl_slist_append(headers,
"Connection: Keep-Alive");
headers = curl_slist_append(headers,
"Transfer-Encoding: chunked");
free(content_type);
size_t token_length = strlen(token->access_token);
// strlen("Authorization: Bearer ") = 22
char auth_header[22 + token_length + 1];
auth_header[0] = '\0';
strcat(auth_header, "Authorization: Bearer ");
strcat(auth_header, token->access_token);
headers = curl_slist_append(headers, auth_header);
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
struct bingsprec_response* resp = bingsprec_new_response();
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
bingsprec_write_response);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, resp);
CURLcode res = curl_easy_perform(curl);
long http_code = 0;
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
if (res == CURLE_OK && http_code == 200) {
parse_json_to_results(resp->str, results);
} else {
fprintf(stderr, "CURL Error:\n%s\n", curl_easy_strerror(res));
}
bingsprec_free_response(resp);
free(request);
free(audio_data);
curl_slist_free_all(headers);
curl_easy_cleanup(curl);
}
gchar*
sim_event_get_replace_clause(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp=time;
gchar *query;
gint c;
gint a;
int i;
/* Temporal HACK */
gchar uuidtext[37];
gchar *values;
gchar * e_rep_act_src = NULL, * e_rep_act_dst = NULL;
g_return_val_if_fail(event, NULL);
g_return_val_if_fail(SIM_IS_EVENT (event), NULL);
c = rint(event->risk_c);
a = rint(event->risk_a);
if (c < 0)
c = 0;
else if (c > 10)
c = 10;
if (a < 0)
a = 0;
else if (a > 10)
a = 10;
if(event->time_str)
timestamp=event->time_str;
else
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
if (event->rep_act_src){
e_rep_act_src = g_new0 (gchar,strlen(event->rep_act_src)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_src,e_rep_act_src);
}
if (event->rep_act_dst){
e_rep_act_dst = g_new0 (gchar,strlen(event->rep_act_dst)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_dst,e_rep_act_dst);
}
uuid_unparse_upper(event->uuid, uuidtext);
values = sim_event_get_text_escape_fields_values(event);
query
= g_strdup_printf(
"REPLACE INTO event "
"(id, timestamp, sensor, interface, type, plugin_id, plugin_sid, "
"protocol, src_ip, dst_ip, src_port, dst_port, "
"event_condition, value, time_interval, "
"priority, reliability, asset_src, asset_dst, risk_c, risk_a, alarm, "
"snort_sid, snort_cid, uuid, rep_prio_src, rep_prio_dst, rep_rel_src, "
"rep_rel_dst, rep_act_src, rep_act_dst, %s) "
" VALUES (%d, '%s', '%s', '%s', %d, %d, %d,"
" %d, %u, %u, %d, %d, %d, '%s', %d, %d, %d, %d, %d, %d, %d, %d, %u, %u,'%s',"
" %u, %u, %u, %u, '%s', '%s', %s)",
sim_event_get_sql_fields(), event->id, timestamp,
(event->sensor) ? event->sensor : "",
(event->interface) ? event->interface : "", event->type,
event->plugin_id, event->plugin_sid, event->protocol,
(event->src_ia) ? sim_inetaddr_ntohl(event->src_ia) : -1,
(event->dst_ia) ? sim_inetaddr_ntohl(event->dst_ia) : -1,
event->src_port, event->dst_port, event->condition,
(event->value) ? event->value : "", event->interval, event->priority,
event->reliability, event->asset_src, event->asset_dst, c, a,
event->alarm, event->snort_sid, event->snort_cid,
(!uuid_is_null(event->uuid) ? uuidtext : ""),
event->rep_prio_src, event->rep_prio_dst,
event->rep_rel_src, event->rep_rel_dst,
(event->rep_act_src) ? e_rep_act_src : "",
(event->rep_act_dst) ? e_rep_act_dst : "", values);
g_free(values);
g_free (e_rep_act_src);
g_free (e_rep_act_dst);
return query;
}
gchar*
sim_event_get_insert_clause(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp = time;
gchar *query;
gint c;
gint a;
gchar uuidtext[37];
GString *st;
int i;
gchar * e_rep_act_src = NULL, * e_rep_act_dst = NULL;
gchar *e_fields[N_TEXT_FIELDS];
g_return_val_if_fail(event, NULL);
g_return_val_if_fail(SIM_IS_EVENT (event), NULL);
c = rint(event->risk_c);
a = rint(event->risk_a);
if (c < 0)
c = 0;
else if (c > 10)
c = 10;
if (a < 0)
a = 0;
else if (a > 10)
a = 10;
if(event->time_str)
timestamp = event->time_str;
else
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
if (!uuid_is_null(event->uuid))
{
uuid_unparse_upper(event->uuid, uuidtext);
}
else
{
uuidtext[0] = '\0';
}
if (event->rep_act_src){
e_rep_act_src = g_new0 (gchar,strlen(event->rep_act_src)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_src,e_rep_act_src);
}
if (event->rep_act_dst){
e_rep_act_dst = g_new0 (gchar,strlen(event->rep_act_dst)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_dst,e_rep_act_dst);
}
/* Escape de character data*/
/* ossimdb */
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if (event->textfields[i] != NULL)
{
e_fields[i] = g_new0(gchar, strlen(event->textfields[i]) * 2 + 1);
gda_connection_escape_string(sim_database_get_conn(ossim.dbossim),
event->textfields[i], e_fields[i]);
}
else
{
e_fields[i] = NULL;
}
}
st = g_string_new("INSERT INTO event "
"(id, timestamp, tzone, sensor, interface, type, plugin_id, plugin_sid, "
"protocol, src_ip, dst_ip, src_port, dst_port, "
"event_condition, value, time_interval, "
"priority, reliability, asset_src, asset_dst, risk_c, risk_a, alarm, "
"snort_sid, snort_cid, rep_prio_src, rep_prio_dst, rep_rel_src, rep_rel_dst, rep_act_src, rep_act_dst, uuid ");
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_string_append_printf(st, ",%s", sim_text_field_get_name(i));
}
g_string_append_printf(st, ") VALUES (%d, '%s', %4.2f, '%s', '%s', %d, %d, %d,"
" %d, %u, %u, %d, %d, %d, '%s', %d, %d, %d, %d, %d, %d, %d, %d, %u, %u, "
" %u, %u, %u, %u , '%s' ,'%s','%s' ",
event->id,
timestamp,
event->tzone,
(event->sensor) ? event->sensor : "",
(event->interface) ? event->interface : "",
event->type,
event->plugin_id, event->plugin_sid, event->protocol,
(event->src_ia) ? sim_inetaddr_ntohl(event->src_ia) : -1,
(event->dst_ia) ? sim_inetaddr_ntohl(event->dst_ia) : -1,
event->src_port, event->dst_port, event->condition,
(event->value) ? event->value : "", event->interval, event->priority,
event->reliability, event->asset_src, event->asset_dst, c, a,
event->alarm, event->snort_sid, event->snort_cid,
event->rep_prio_src,
event->rep_prio_dst,
event->rep_rel_src,
event->rep_rel_dst,
(event->rep_act_src) ? e_rep_act_src : "",
(event->rep_act_dst) ? e_rep_act_dst : "",
(uuid_is_null(event->uuid) != 1) ? uuidtext : "");
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_string_append_printf(st, ",'%s'",
event->textfields[i] != NULL ? e_fields[i] : "");
}
g_string_append(st, ");\n");
g_free (e_rep_act_src);
g_free (e_rep_act_dst);
/* Free memory*/
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_free(e_fields[i]);
}
return g_string_free(st, FALSE);
}
