⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 spo_database.c

📁 Linux snort-2.4.4源代码
💻 C
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
    if( !pv.quiet_flag ) printf("%s ",KEYWORD_ORACLE);    if(!strncasecmp(type,KEYWORD_ORACLE,strlen(KEYWORD_ORACLE)))        data->shared->dbtype_id = DB_ORACLE; #endif#ifdef ENABLE_MSSQL    if( !pv.quiet_flag ) printf("%s ",KEYWORD_MSSQL);    if(!strncasecmp(type,KEYWORD_MSSQL,strlen(KEYWORD_MSSQL)))        data->shared->dbtype_id = DB_MSSQL; #endif    if( !pv.quiet_flag ) printf(")\n");    if( !pv.quiet_flag ) printf("database: configured to use %s\n", type);    if(data->shared->dbtype_id == 0)    {        if ( !strncasecmp(type, KEYWORD_MYSQL, strlen(KEYWORD_MYSQL)) ||             !strncasecmp(type, KEYWORD_POSTGRESQL, strlen(KEYWORD_POSTGRESQL)) ||             !strncasecmp(type, KEYWORD_ODBC, strlen(KEYWORD_ODBC)) ||             !strncasecmp(type, KEYWORD_MSSQL, strlen(KEYWORD_MSSQL))  ||             !strncasecmp(type, KEYWORD_ORACLE, strlen(KEYWORD_ORACLE)) )        {            ErrorMessage("database: '%s' support is not compiled into this build of snort\n\n", type);            FatalError("If this build of snort was obtained as a binary distribution (e.g., rpm,\n"                       "or Windows), then check for alternate builds that contains the necessary\n"                       "'%s' support.\n\n"                       "If this build of snort was compiled by you, then re-run the\n"                       "the ./configure script using the '--with-%s' switch.\n"                       "For non-standard installations of a database, the '--with-%s=DIR'\n"                       "syntax may need to be used to specify the base directory of the DB install.\n\n"                       "See the database documentation for cursory details (doc/README.database).\n"                       "and the URL to the most recent database plugin documentation.\n",                       type, type, type);        }        else        {           FatalError("database: '%s' is an unknown database type.  The supported\n"                      "          databases include: MySQL (mysql), PostgreSQL (postgresql),\n"                      "          ODBC (odbc), Oracle (oracle), and Microsoft SQL Server (mssql)\n",                      type);        }    }    dbarg = strtok(NULL, " =");    while(dbarg != NULL)    {        a1 = NULL;        a1 = strtok(NULL, ", ");        if(!strncasecmp(dbarg,KEYWORD_HOST,strlen(KEYWORD_HOST)))        {            data->shared->host = a1;            if( !pv.quiet_flag ) printf("database:          host = %s\n", data->shared->host);        }        if(!strncasecmp(dbarg,KEYWORD_PORT,strlen(KEYWORD_PORT)))        {            data->port = a1;            if( !pv.quiet_flag ) printf("database:          port = %s\n", data->port);        }        if(!strncasecmp(dbarg,KEYWORD_USER,strlen(KEYWORD_USER)))        {            data->user = a1;            if( !pv.quiet_flag ) printf("database:          user = %s\n", data->user);        }        if(!strncasecmp(dbarg,KEYWORD_PASSWORD,strlen(KEYWORD_PASSWORD)))        {            if( !pv.quiet_flag ) printf("database: password is set\n");            data->password = a1;        }        if(!strncasecmp(dbarg,KEYWORD_DBNAME,strlen(KEYWORD_DBNAME)))        {            data->shared->dbname = a1;            if( !pv.quiet_flag ) printf("database: database name = %s\n", data->shared->dbname);        }        if(!strncasecmp(dbarg,KEYWORD_SENSORNAME,strlen(KEYWORD_SENSORNAME)))        {            data->sensor_name = a1;            if( !pv.quiet_flag ) printf("database:   sensor name = %s\n", data->sensor_name);        }        if(!strncasecmp(dbarg,KEYWORD_ENCODING,strlen(KEYWORD_ENCODING)))        {            if(!strncasecmp(a1, KEYWORD_ENCODING_HEX, strlen(KEYWORD_ENCODING_HEX)))            {                data->encoding = ENCODING_HEX;            }            else if(!strncasecmp(a1, KEYWORD_ENCODING_BASE64, strlen(KEYWORD_ENCODING_BASE64)))            {                data->encoding = ENCODING_BASE64;            }            else if(!strncasecmp(a1, KEYWORD_ENCODING_ASCII, strlen(KEYWORD_ENCODING_ASCII)))            {                data->encoding = ENCODING_ASCII;            }            else            {                FatalError("database: unknown  (%s)", a1);            }            if( !pv.quiet_flag ) printf("database: data encoding = %s\n", a1);        }        if(!strncasecmp(dbarg,KEYWORD_DETAIL,strlen(KEYWORD_DETAIL)))        {            if(!strncasecmp(a1, KEYWORD_DETAIL_FULL, strlen(KEYWORD_DETAIL_FULL)))            {                data->detail = DETAIL_FULL;            }            else if(!strncasecmp(a1, KEYWORD_DETAIL_FAST, strlen(KEYWORD_DETAIL_FAST)))            {                data->detail = DETAIL_FAST;            }            else            {                FatalError("database: unknown detail level (%s)", a1);            }             if( !pv.quiet_flag ) printf("database: detail level  = %s\n", a1);        }        if(!strncasecmp(dbarg,KEYWORD_IGNOREBPF,strlen(KEYWORD_IGNOREBPF)))        {            if(!strncasecmp(a1, KEYWORD_IGNOREBPF_NO, strlen(KEYWORD_IGNOREBPF_NO)) ||               !strncasecmp(a1, KEYWORD_IGNOREBPF_ZERO, strlen(KEYWORD_IGNOREBPF_ZERO)))            {                data->ignore_bpf = 0;            }            else if(!strncasecmp(a1, KEYWORD_IGNOREBPF_YES, strlen(KEYWORD_IGNOREBPF_YES)) ||                    !strncasecmp(a1, KEYWORD_IGNOREBPF_ONE, strlen(KEYWORD_IGNOREBPF_ONE)))            {                data->ignore_bpf = 1;            }            else            {                FatalError("database: unknown ignore_bpf argument (%s)", a1);            }            if( !pv.quiet_flag ) printf("database: ignore_bpf = %s\n", a1);        }        dbarg = strtok(NULL, "=");    }     if(data->shared->dbname == NULL)    {        ErrorMessage("database: must enter database name in configuration file\n\n");        DatabasePrintUsage();        FatalError("");    }    return data;}void FreeQueryNode(SQLQuery * node){    if(node)    {        FreeQueryNode(node->next);        node->next = NULL;        free(node->val);        node->val = NULL;        free(node);    }}SQLQuery * NewQueryNode(SQLQuery * parent, int query_size){    SQLQuery * rval;    if(query_size == 0)    {        query_size = MAX_QUERY_LENGTH;    }    if(parent)    {        while(parent->next)        {            parent = parent->next;        }        parent->next = (SQLQuery *)SnortAlloc(sizeof(SQLQuery));        rval = parent->next;    }    else    {        rval = (SQLQuery *)SnortAlloc(sizeof(SQLQuery));    }    rval->val = (char *)SnortAlloc(query_size);    rval->next = NULL;    return rval;}  /******************************************************************************* * Function: Database(Packet *, char * msg, void *arg) * * Purpose: Insert data into the database * * Arguments: p   => pointer to the current packet data struct  *            msg => pointer to the signature message * * Returns: void function * ******************************************************************************/void Database(Packet *p, char *msg, void *arg, Event *event){    DatabaseData *data = (DatabaseData *)arg;    SQLQuery * query;    SQLQuery * root;    char *timestamp_string       , *insert_fields       , *insert_values       , *sig_name       , *sig_class       , *ref_system_name       , *ref_node_id_string       , *ref_tag       , *packet_data       , *packet_data_not_escaped;    int  i       , insert_fields_len       , insert_values_len       , ok_transaction;    char *select0 = NULL,         *select1 = NULL,         *insert0 = NULL;    unsigned int sig_id;    int ref_system_id;    unsigned int ref_id, class_id=0;    ClassType *class_ptr;    ReferenceNode *refNode;    query = NewQueryNode(NULL, 0);    root = query;#ifdef ENABLE_DB_TRANSACTIONS    BeginTransaction(data);#endif        if(msg == NULL)    {        msg = "";    }    /*** Build the query for the Event Table ***/    /* Generate a default-formatted timestamp now */    if(p != NULL)    {        timestamp_string = GetTimestamp((struct timeval *) &p->pkth->ts, data->tz);    }    else    {        timestamp_string = GetCurrentTimestamp();    }#ifdef ENABLE_MSSQL    if(data->shared->dbtype_id == DB_MSSQL)    {        /* SQL Server uses a date format which is slightly         * different from the ISO-8601 standard generated         * by GetTimestamp() and GetCurrentTimestamp().  We         * need to convert from the ISO-8601 format of:         *   "1998-01-25 23:59:59+14316557"         * to the SQL Server format of:         *   "1998-01-25 23:59:59.143"         */        if( timestamp_string!=NULL && strlen(timestamp_string)>20 )        {            timestamp_string[19] = '.';        }        if( timestamp_string!=NULL && strlen(timestamp_string)>24 )        {            timestamp_string[23] = '\0';        }    }#endif#ifdef ENABLE_ORACLE    if (data->shared->dbtype_id == DB_ORACLE)    {        /* Oracle (everything before 9i) does not support         * date information smaller than 1 second.         * To go along with the TO_DATE() Oracle function         * below, this was written to strip out all the         * excess information. (everything beyond a second)         * Use the Oracle format of:         *   "1998-01-25 23:59:59"         */        if ( timestamp_string!=NULL && strlen(timestamp_string)>20 )        {            timestamp_string[19] = '\0';        }    }#endif#ifdef ENABLE_ODBC    if (data->shared->dbtype_id == DB_ODBC)    {        /* ODBC defines escape sequences for date data.         * These escape sequences are of the format:         *   {literal-type 'value'}         * The Timestamp (ts) escape sequence handles         * date/time values of the format:         *   yyyy-mm-dd hh:mm:ss[.f...]         * where the number of digits to the right of the         * decimal point in a time or timestamp interval         * literal containing a seconds component is         * dependent on the seconds precision, as contained         * in the SQL_DESC_PRECISION descriptor field. (For         * more information, see function SQLSetDescField.)         *         * The number of decimal places within the fraction         * of a second is database dependant.  I wasn't able         * to easily determine the granularity of this         * value using SQL_DESC_PRECISION, so choosing to         * simply discard the fractional part.         */        if( timestamp_string!=NULL && strlen(timestamp_string)>20 )        {            timestamp_string[19] = '\0';        }    }#endif#ifdef ENABLE_POSTGRESQL    if( data->shared->dbtype_id == DB_POSTGRESQL ){        /* From Posgres Documentation         * For timestamp with time zone, the internally stored         * value is always in UTC (GMT). An input value that has         * an explicit time zone specified is converted to UTC         * using the appropriate offset for that time zone. If no         * time zone is stated in the input string, then it is assumed         * to be in the time zone indicated by the system's TimeZone         * parameter, and is converted to UTC using the offset for         * the TimeZone zone         */        if( timestamp_string!=NULL && strlen(timestamp_string)>24 )        {            timestamp_string[23] = '\0';        }    }#endif    /* Write the signature information      *  - Determine the ID # of the signature of this alert      */    select0 = (char *) SnortAlloc(MAX_QUERY_LENGTH+1);    sig_name = snort_escape_string(msg, data);    if ( event->sig_rev == 0 )     {        if( event->sig_id == 0)         {            snprintf(select0, MAX_QUERY_LENGTH,                     "SELECT sig_id "                    "  FROM signature "                    " WHERE sig_name = '%s' "                    "   AND sig_rev IS NULL "                    "   AND sig_sid IS NULL ",                    sig_name);        }        else         {            snprintf(select0, MAX_QUERY_LENGTH,                     "SELECT sig_id "                    "  FROM signature "                    " WHERE sig_name = '%s' "
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -