📄 spo_database.c
字号:
*to=0; return(char *)to_start;}/* Function: Insert(char * query, DatabaseData * data) * * Purpose: Database independent function for SQL inserts * * Arguments: query (An SQL insert) * * Returns: 1 if successful, 0 if fail */int Insert(char * query, DatabaseData * data){ int result = 0;#ifdef ENABLE_POSTGRESQL if(!strcasecmp(data->dbtype,POSTGRESQL)) { data->p_result = PQexec(data->p_connection,query); if(!(PQresultStatus(data->p_result) != PGRES_COMMAND_OK)) { result = 1; } else { if(PQerrorMessage(data->p_connection)[0] != '\0') { ErrorMessage("database: postgresql_error: %s\n", PQerrorMessage(data->p_connection)); } } }#endif#ifdef ENABLE_MYSQL if(!strcasecmp(data->dbtype,MYSQL)) { if(!(mysql_query(data->m_sock,query))) { result = 1; } else { if(mysql_errno(data->m_sock)) { ErrorMessage("database: mysql_error: %s\n", mysql_error(data->m_sock)); } } }#endif#ifdef ENABLE_UNIXODBC if(!strcasecmp(data->dbtype,UNIXODBC)) { if(SQLAllocStmt(data->u_connection, &data->u_statement) == SQL_SUCCESS) if(SQLPrepare(data->u_statement, query, SQL_NTS) == SQL_SUCCESS) if(SQLExecute(data->u_statement) == SQL_SUCCESS) result = 1; }#endif#ifdef ENABLE_ORACLE if(!strcasecmp(data->dbtype,ORACLE)) { if (OCIStmtPrepare(data->o_statement, data->o_error, query, strlen(query), OCI_NTV_SYNTAX, OCI_DEFAULT) || OCIStmtExecute(data->o_servicecontext, data->o_statement, data->o_error, 1, 0, NULL, NULL, OCI_COMMIT_ON_SUCCESS)) { OCIErrorGet(data->o_error, 1, NULL, &data->o_errorcode, data->o_errormsg, sizeof(data->o_errormsg), OCI_HTYPE_ERROR); ErrorMessage("database: oracle_error: %s\n", data->o_errormsg); } else { result = 1; } }#endif#ifdef DEBUG if(result) { printf("database(debug): (%s) executed\n", query); } else { printf("database(debug): (%s) failed\n", query); }#endif return result;}/* Function: Select(char * query, DatabaeData * data) * * Purpose: Database independent function for SQL selects that * return a non zero int * * Arguments: query (An SQL insert) * * Returns: result of query if successful, 0 if fail */int Select(char * query, DatabaseData * data){ int result = 0;#ifdef ENABLE_POSTGRESQL if(!strcasecmp(data->dbtype,POSTGRESQL)) { data->p_result = PQexec(data->p_connection,query); if((PQresultStatus(data->p_result) == PGRES_TUPLES_OK)) { if(PQntuples(data->p_result)) { if((PQntuples(data->p_result)) > 1) { ErrorMessage("database: warning (%s) returned more than one result\n", query); result = 0; } else { result = atoi(PQgetvalue(data->p_result,0,0)); } } } if(!result) { if(PQerrorMessage(data->p_connection)[0] != '\0') { ErrorMessage("database: postgresql_error: %s\n",PQerrorMessage(data->p_connection)); } } }#endif#ifdef ENABLE_MYSQL if(!strcasecmp(data->dbtype,MYSQL)) { if(mysql_query(data->m_sock,query)) { result = 0; } else { if(!(data->m_result = mysql_use_result(data->m_sock))) { result = 0; } else { if((data->m_row = mysql_fetch_row(data->m_result))) { if(data->m_row[0] != NULL) { result = atoi(data->m_row[0]); } } } } mysql_free_result(data->m_result); if(!result) { if(mysql_errno(data->m_sock)) { ErrorMessage("database: mysql_error: %s\n", mysql_error(data->m_sock)); } } }#endif#ifdef ENABLE_UNIXODBC if(!strcasecmp(data->dbtype,UNIXODBC)) { if(SQLAllocStmt(data->u_connection, &data->u_statement) == SQL_SUCCESS) if(SQLPrepare(data->u_statement, query, SQL_NTS) == SQL_SUCCESS) if(SQLExecute(data->u_statement) == SQL_SUCCESS) if(SQLRowCount(data->u_statement, &data->u_rows) == SQL_SUCCESS) if(data->u_rows) { if(data->u_rows > 1) { ErrorMessage("database: warning (%s) returned more than one result\n", query); result = 0; } else { if(SQLFetch(data->u_statement) == SQL_SUCCESS) if(SQLGetData(data->u_statement,1,SQL_INTEGER,&data->u_col, sizeof(data->u_col), NULL) == SQL_SUCCESS) result = (int)data->u_col; } } }#endif#ifdef ENABLE_ORACLE if(!strcasecmp(data->dbtype,ORACLE)) { if (OCIStmtPrepare(data->o_statement, data->o_error, query, strlen(query), OCI_NTV_SYNTAX, OCI_DEFAULT) || OCIStmtExecute(data->o_servicecontext, data->o_statement, data->o_error, 0, 0, NULL, NULL, OCI_DEFAULT) || OCIDefineByPos (data->o_statement, &data->o_define, data->o_error, 1, &result, sizeof(result), SQLT_INT, 0, 0, 0, OCI_DEFAULT) || OCIStmtFetch (data->o_statement, data->o_error, 1, OCI_FETCH_NEXT, OCI_DEFAULT)) { OCIErrorGet(data->o_error, 1, NULL, &data->o_errorcode, data->o_errormsg, sizeof(data->o_errormsg), OCI_HTYPE_ERROR); ErrorMessage("database: oracle_error: %s\n", data->o_errormsg); } }#endif#ifdef DEBUG if(result) { printf("database(debug): (%s) returned %u\n", query, result); } else { printf("database(debug): (%s) failed\n", query); }#endif return result;}/* Function: Connect(DatabaseData * data) * * Purpose: Database independent function to initiate a database * connection */void Connect(DatabaseData * data){#ifdef ENABLE_MYSQL int x; #endif#ifdef ENABLE_POSTGRESQL if(!strcasecmp(data->dbtype,POSTGRESQL)) { data->p_connection = PQsetdbLogin(data->host,data->port,NULL,NULL,data->dbname,data->user,data->password); if(PQstatus(data->p_connection) == CONNECTION_BAD) { PQfinish(data->p_connection); FatalError("database: Connection to database '%s' failed\n", data->dbname); } }#endif#ifdef ENABLE_MYSQL if(!strcasecmp(data->dbtype,MYSQL)) { data->m_sock = mysql_init(NULL); if(data->m_sock == NULL) { FatalError("database: Connection to database '%s' failed\n", data->dbname); } if(data->port != NULL) { x = atoi(data->port); } else { x = 0; } if(mysql_real_connect(data->m_sock, data->host, data->user, data->password, data->dbname, x, NULL, 0) == 0) { if(mysql_errno(data->m_sock)) { FatalError("database: mysql_error: %s\n", mysql_error(data->m_sock)); } FatalError("database: Failed to logon to database '%s'\n", data->dbname); } }#endif#ifdef ENABLE_UNIXODBC if(!strcasecmp(data->dbtype,UNIXODBC)) { if(!(SQLAllocEnv(&data->u_handle) == SQL_SUCCESS)) { exit(-5); } if(!(SQLAllocConnect(data->u_handle, &data->u_connection) == SQL_SUCCESS)) { exit(-6); } if(!(SQLConnect(data->u_connection, data->dbname, SQL_NTS, data->user, SQL_NTS, data->password, SQL_NTS) == SQL_SUCCESS)) { exit(-7); } }#endif#ifdef ENABLE_ORACLE if(!strcasecmp(data->dbtype,ORACLE)) { if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL) || OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) || OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) || OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL) || OCILogon(data->o_environment, data->o_error, &data->o_servicecontext,data->user, strlen(data->user), data->password, strlen(data->password), data->dbname, strlen(data->dbname)) || OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_statement, OCI_HTYPE_STMT, 0, NULL)) { FatalError("database: Connection to database '%s' failed\n", data->dbname); } }#endif}/* Function: Disconnect(DatabaseData * data) * * Purpose: Database independent function to close a connection */void Disconnect(DatabaseData * data){ printf("database: Closing %s connection to database \"%s\"\n", data->dbtype, data->dbname); if(data) {#ifdef ENABLE_POSTGRESQL if(!strcasecmp(data->dbtype,POSTGRESQL)) { if(data->p_connection) PQfinish(data->p_connection); }#endif#ifdef ENABLE_MYSQL if(!strcasecmp(data->dbtype,MYSQL)) { if(data->m_sock) mysql_close(data->m_sock); }#endif#ifdef ENABLE_UNIXODBC if(!strcasecmp(data->dbtype,UNIXODBC)) { if(data->u_handle) { SQLDisconnect(data->u_connection); SQLFreeHandle(SQL_HANDLE_ENV, data->u_handle); } }#endif }}void DatabasePrintUsage(){ puts("\nUSAGE: database plugin\n"); puts(" output database: [log | alert], [type of database], [parameter list]\n"); puts(" [log | alert] selects whether the plugin will use the alert or"); puts(" log facility.\n"); puts(" For the first argument, you must supply the type of database."); puts(" The possible values are mysql, postgresql, unixodbc, and oracle."); puts(" (oracle support is beta in snort release 1.7)\n"); puts(" The parameter list consists of key value pairs. The proper"); puts(" format is a list of key=value pairs each separated a space.\n"); puts(" The only parameter that is absolutely necessary is \"dbname\"."); puts(" All other parameters are optional but may be necessary"); puts(" depending on how you have configured your RDBMS.\n"); puts(" dbname - the name of the database you are connecting to\n"); puts(" host - the host the RDBMS is on\n"); puts(" port - the port number the RDBMS is listening on\n"); puts(" user - connect to the database as this user\n"); puts(" password - the password for given user\n"); puts(" sensor_name - specify your own name for this snort sensor. If you"); puts(" do not specify a name one will be generated automatically\n"); puts(" encoding - specify a data encoding type (hex, base64, or ascii)\n"); puts(" detail - specify a detail level (full or fast)\n"); puts(" The configuration I am currently using is MySQL with the database"); puts(" name of \"snort\". The user \"jed@localhost\" has INSERT and SELECT"); puts(" privileges on the \"snort\" database and does not require a password."); puts(" The following line enables snort to log to this database.\n"); puts(" output database: log, mysql, dbname=snort user=jed host=localhost\n");}void SpoDatabaseCleanExitFunction(int signal, void *arg){ DatabaseData *data = (DatabaseData *)arg;#ifdef DEBUG printf("database(debug): entered SpoDatabaseCleanExitFunction\n");#endif Disconnect(data); if(data) free(data);}void SpoDatabaseRestartFunction(int signal, void *arg){ DatabaseData *data = (DatabaseData *)arg;#ifdef DEBUG printf("database(debug): entered SpoDatabaseRestartFunction\n");#endif Disconnect(data); if(data) free(data);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -