Changeset 1641
- Timestamp:
- 06/30/08 23:31:07 (2 months ago)
- Files:
-
- honeytrap/trunk/src/modules/htm_submitPostgres.c (modified) (25 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeytrap/trunk/src/modules/htm_submitPostgres.c
r1636 r1641 43 43 44 44 const char module_name[] = "submitPostgres"; 45 const char module_version[] = "0.1. 0";45 const char module_version[] = "0.1.1"; 46 46 47 47 static const char *config_keywords[] = { 48 "sensor_id", 48 49 "db_host", 49 50 "db_port", … … 54 55 55 56 struct pg_conn *db_connection; 56 char *db_host = NULL, 57 char *sensor_id = NULL, 58 *db_host = NULL, 57 59 *db_port = NULL, 58 60 *db_name = NULL, … … 61 63 *db_info = NULL; 62 64 63 #define MAX_SQL_BUFFER 10485760 // 10 MB64 #define MAX_URI_SIZE 204865 66 65 67 66 void plugin_init(void) { 68 /* TODO: register sensor in db, if not existent */69 67 plugin_register_hooks(); 70 68 register_plugin_confopts(module_name, config_keywords, sizeof(config_keywords)/sizeof(char *)); … … 73 71 exit(EXIT_FAILURE); 74 72 } 73 74 // check if all needed options are given 75 if (db_host == NULL) { 76 fprintf(stderr, " SubmitPostgres Error - Incomplete configuration: Database host missing.\n"); 77 exit(EXIT_FAILURE); 78 } 79 if (db_name == NULL) { 80 fprintf(stderr, " SubmitPostgres Error - Incomplete configuration: Database name missing.\n"); 81 exit(EXIT_FAILURE); 82 } 83 if (db_user == NULL) { 84 fprintf(stderr, " SubmitPostgres Error - Incomplete configuration: Database user missing.\n"); 85 exit(EXIT_FAILURE); 86 } 87 if (db_pass == NULL) { 88 fprintf(stderr, " SubmitPostgres Error - Incomplete configuration: Database password missing.\n"); 89 exit(EXIT_FAILURE); 90 } 91 if (sensor_id == NULL) { 92 fprintf(stderr, " SubmitPostgres Error - Incomplete configuration: Sensor ID missing.\n"); 93 exit(EXIT_FAILURE); 94 } 95 75 96 return; 76 97 } … … 95 116 conf_node *confopt = NULL; 96 117 97 if ((confopt = check_keyword(tree, node->keyword)) == NULL) return (NULL);118 if ((confopt = check_keyword(tree, node->keyword)) == NULL) return NULL; 98 119 99 120 while (node->val) { 100 121 if ((value = malloc(node->val->size+1)) == NULL) { 101 perror(" Error - Unable to allocate memory");122 fprintf(stderr, " SubmitPostgres Error - Unable to allocate memory: %s.", strerror(errno)); 102 123 exit(EXIT_FAILURE); 103 124 } … … 117 138 } else if OPT_IS("db_pass") { 118 139 db_pass = value; 140 } else if OPT_IS("sensor_id") { 141 sensor_id = value; 119 142 } else { 120 fprintf(stderr, " Error - Invalid configuration option for plugin %s: %s\n", module_name, node->keyword);143 fprintf(stderr, " SubmitPostgres Error - Invalid configuration option for plugin %s: %s\n", module_name, node->keyword); 121 144 exit(EXIT_FAILURE); 122 145 } 123 146 } 124 return(node); 147 148 return node; 125 149 } 126 150 … … 134 158 } 135 159 } 136 if (db_host == NULL) {137 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Database connection info is incomplete: Host missing.\n");138 return(-1);139 }140 if (db_name == NULL) {141 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Database connection info is incomplete: Database name missing.\n");142 return(-1);143 }144 if (db_user == NULL) {145 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Database connection info is incomplete: User missing.\n");146 return(-1);147 }148 if (db_pass == NULL) {149 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Database connection info is incomplete: Password missing.\n");150 return(-1);151 }152 160 153 161 if (asprintf(&db_info, "port=%s host=%s user=%s password=%s dbname=%s", db_port, db_host, db_user, db_pass, db_name) == -1) { 154 162 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Unable to allocate memory: %s.\n", strerror(errno)); 155 return (-1);163 return -1; 156 164 } 157 165 … … 160 168 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Could not connect to database: %s.\n", PQerrorMessage(db_connection)); 161 169 PQfinish(db_connection); 162 return (-1);170 return -1; 163 171 } 164 172 logmsg(LOG_DEBUG, 1, "SubmitPostgres - Database connection established.\n"); … … 166 174 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Could not set database character encoding to UTF8: %s.\n", PQerrorMessage(db_connection)); 167 175 PQfinish(db_connection); 168 return (-1);169 } 170 return (0);176 return -1; 177 } 178 return 0; 171 179 } 172 180 173 181 174 182 void db_disconnect(void) { 175 / * disconnect from database */183 // disconnect from database 176 184 PQfinish(db_connection); 177 185 free(db_info); … … 188 196 if (download->dl_type == NULL) { 189 197 logmsg(LOG_WARN, 1, "SubmitPostgres Warning - Could not build URI: Unknown protocol type.\n"); 190 return (NULL);198 return NULL; 191 199 } 192 200 … … 202 210 } 203 211 204 return (uri);212 return uri; 205 213 } 206 214 … … 214 222 char *locationID = NULL; 215 223 216 // no data - nothing to do224 // no data - nothing to do 217 225 if ((attack->a_conn.payload.size == 0) || (attack->a_conn.payload.data == NULL)) { 218 226 logmsg(LOG_DEBUG, 1, "SubmitPostgres - No data received, nothing to save.\n"); 219 return (0);227 return 0; 220 228 } 221 229 … … 225 233 if (db_connect() != 0) { 226 234 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Unable to connect to database: %s.\n", PQerrorMessage(db_connection)); 227 return (-1);235 return -1; 228 236 } 229 237 logmsg(LOG_DEBUG, 1, "SubmitPostgres - Connection to database established.\n"); … … 235 243 PQclear(res); 236 244 db_disconnect(); 237 return (-1);245 return -1; 238 246 } 239 247 PQclear(res); … … 243 251 if (attack->a_conn.payload.size > 0 && attack->a_conn.payload.data != NULL) { 244 252 logmsg(LOG_DEBUG, 1, "SubmitPostgres - Submitting attack string.\n"); 245 if ((query = malloc(MAX_SQL_BUFFER + 1)) == NULL) {246 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Unable to allocate memory: %s.\n", strerror(errno));247 return(-1);248 }249 memset(query, 0, MAX_SQL_BUFFER + 1);250 251 253 // escape attack string 252 254 if ((esc_bytea = PQescapeByteaConn(db_connection, attack->a_conn.payload.data, attack->a_conn.payload.size, &length)) == NULL) { 253 255 logmsg(LOG_ERR, 1, "Database error - Could not escape attack string: %s.\n", PQerrorMessage(db_connection)); 254 256 db_disconnect(); 255 return (-1);257 return -1; 256 258 } 257 259 … … 259 261 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Unable to allocate memory: %s.\n", strerror(errno)); 260 262 db_disconnect(); 261 return (-1);263 return -1; 262 264 } 263 265 if ((strftime(starttime, 40, "%Y-%m-%d %T %Z", localtime(&attack->start_time)) == 0) || … … 265 267 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Unable to convert timestamps.\n"); 266 268 db_disconnect(); 267 return (-1);269 return -1; 268 270 } 269 271 … … 275 277 db_disconnect(); 276 278 free(query); 277 return (-1);279 return -1; 278 280 } 279 281 280 if ( snprintf(query, MAX_SQL_BUFFER,282 if (asprintf(&query, 281 283 "SELECT attacks.honeytrap_add_attack_string('%s'::varchar, %d::integer, '%s'::timestamptz, '%s'::timestamptz, '%s'::inet, %s::integer, %d::integer, '%s'::inet, %d::integer, %d, %d::smallint, '%s'::inet, %d::integer, E'%s'::bytea)", 282 284 attack->a_conn.payload.md5sum, … … 293 295 fwd_ip, 294 296 attack->p_conn.r_port, 295 esc_bytea) >= MAX_SQL_BUFFER) { 296 logmsg(LOG_ERR, 1, "Error - Could not save attack: SQL query exceeds maximum size (increase MAX_SQL_BUFFER and recompile).\n"); 297 free(query); 298 return(-1); 299 } 297 esc_bytea) == -1) { 298 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Could not create SQL query: %s.\n", strerror(errno)); 299 return -1; 300 } 300 301 301 302 if (PQresultStatus(res = PQexec(db_connection, query)) != PGRES_TUPLES_OK) { … … 304 305 db_disconnect(); 305 306 free(query); 306 return (-1);307 return -1; 307 308 } 308 309 … … 326 327 327 328 for(i=0;i<attack->dl_count;i++) { 328 if ((query = calloc(1, MAX_SQL_BUFFER + 1)) == NULL) {329 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno));330 return(-1);331 }332 333 329 // escape data 334 330 if ((esc_bytea = PQescapeByteaConn(db_connection, attack->download[i].dl_payload.data, attack->download[i].dl_payload.size, &length)) == NULL) { … … 337 333 db_disconnect(); 338 334 free(query); 339 return (-1);335 return -1; 340 336 } 341 337 … … 349 345 logmsg(LOG_ERR, 1, "SubmitPostgres Error - Unable to allocate memory: %s.\n", strerror(errno)); 350 346 free(url); 351 return (-1);347 return -1; 352 348 } 353 if ( snprintf(query, MAX_SQL_BUFFER, "SELECT malware.sensor_honeytrap_add_sample('%s', '%s', %d, '%s', '%s', '%s', %d, %d, E'%s')",354 attack->download[i].dl_payload.sha512sum,355 "UBN_HT",356 attack_inst,357 url,358 l_ip,359 r_ip,360 attack->a_conn.l_port,361 attack->download->r_port,362 esc_bytea) >= MAX_SQL_BUFFER) {349 if (asprintf(&query, "SELECT malware.sensor_honeytrap_add_sample('%s', '%s', %d, '%s', '%s', '%s', %d, %d, E'%s')", 350 attack->download[i].dl_payload.sha512sum, 351 sensor_id, 352 attack_inst, 353 url, 354 l_ip, 355 r_ip, 356 attack->a_conn.l_port, 357 attack->download->r_port, 358 esc_bytea) == -1) { 363 359 logmsg(LOG_ERR, 1, 364 "SubmitPostgres Error - SQL query exceeds maximum size (increase MAX_SQL_BUFFER and recompile plugin).\n");360 "SubmitPostgres Error - Could not create SQL query: %s.\n", strerror(errno)); 365 361 free(url); 366 free(query); 367 return(-1); 362 return -1; 368 363 } 369 364 free(url); … … 374 369 db_disconnect(); 375 370 free(query); 376 return (-1);371 return -1; 377 372 } 378 373 free(query); … … 385 380 } 386 381 387 / * end transaction and disconnect */382 // end transaction and disconnect 388 383 if (PQresultStatus(res = PQexec(db_connection, "END")) != PGRES_COMMAND_OK) { 389 384 logmsg(LOG_ERR, 1, "SubmitPostgres Error - END command failed: %s.\n", PQerrorMessage(db_connection)); 390 385 PQclear(res); 391 386 db_disconnect(); 392 return (-1);387 return -1; 393 388 } 394 389 395 390 PQclear(res); 396 391 db_disconnect(); 397 return (0);398 } 392 return 0; 393 }
