📄 snort_httpinspect.c
字号:
ServerConf->u_encoding.on = 0; ServerConf->u_encoding.alert = 0; ConfOpt = &ServerConf->base36; if((iRet = ProcessConfOpt(ConfOpt, BASE36, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(NON_RFC_CHAR, pcToken)) { if((iRet = ProcessNonRfcChar(ServerConf, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(MULTI_SLASH, pcToken)) { ConfOpt = &ServerConf->multiple_slash; if((iRet = ProcessConfOpt(ConfOpt, MULTI_SLASH, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(IIS_BACKSLASH, pcToken)) { ConfOpt = &ServerConf->iis_backslash; if((iRet = ProcessConfOpt(ConfOpt, IIS_BACKSLASH, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(DIRECTORY, pcToken)) { ConfOpt = &ServerConf->directory; if((iRet = ProcessConfOpt(ConfOpt, DIRECTORY, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(APACHE_WS, pcToken)) { ConfOpt = &ServerConf->apache_whitespace; if((iRet = ProcessConfOpt(ConfOpt, APACHE_WS, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(IIS_DELIMITER, pcToken)) { ConfOpt = &ServerConf->iis_delimiter; if((iRet = ProcessConfOpt(ConfOpt, IIS_DELIMITER, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(WEBROOT, pcToken)) { ConfOpt = &ServerConf->webroot; if((iRet = ProcessConfOpt(ConfOpt, WEBROOT, ErrorString, ErrStrLen))) { return iRet; } } else { snprintf(ErrorString, ErrStrLen, "Invalid keyword '%s' for server configuration.", pcToken); return -1; } } while((pcToken = strtok(NULL, CONF_SEPARATORS))); return 0;}static int PrintConfOpt(HTTPINSPECT_CONF_OPT *ConfOpt, char *Option){ if(!ConfOpt || !Option) { return HI_INVALID_ARG; } if(ConfOpt->on) { LogMessage(" %s: YES alert: %s\n", Option, ConfOpt->alert ? "YES" : "NO"); } else { LogMessage(" %s: OFF\n", Option); } return 0;}static int PrintServerConf(HTTPINSPECT_CONF *ServerConf){ char buf[STD_BUF+1]; int iCtr; int iNonRfcChar = 0; if(!ServerConf) { return HI_INVALID_ARG; } memset(buf, 0, STD_BUF+1); snprintf(buf, STD_BUF, " Ports: "); /* ** Print out all the applicable ports. */ for(iCtr = 0; iCtr < 65536; iCtr++) { if(ServerConf->ports[iCtr]) { sfsnprintfappend(buf, STD_BUF, "%d ", iCtr); } } LogMessage("%s\n", buf); LogMessage(" Flow Depth: %d\n", ServerConf->flow_depth); LogMessage(" Max Chunk Length: %d\n", ServerConf->chunk_length); LogMessage(" Inspect Pipeline Requests: %s\n", ServerConf->no_pipeline ? "NO" : "YES"); LogMessage(" URI Discovery Strict Mode: %s\n", ServerConf->non_strict ? "NO" : "YES"); LogMessage(" Allow Proxy Usage: %s\n", ServerConf->allow_proxy ? "YES" : "NO"); LogMessage(" Disable Alerting: %s\n", ServerConf->no_alerts ? "YES":"NO"); LogMessage(" Oversize Dir Length: %d\n", ServerConf->long_dir); LogMessage(" Only inspect URI: %s\n", ServerConf->uri_only ? "YES" : "NO"); PrintConfOpt(&ServerConf->ascii, "Ascii"); PrintConfOpt(&ServerConf->double_decoding, "Double Decoding"); PrintConfOpt(&ServerConf->u_encoding, "%U Encoding"); PrintConfOpt(&ServerConf->bare_byte, "Bare Byte"); PrintConfOpt(&ServerConf->base36, "Base36"); PrintConfOpt(&ServerConf->utf_8, "UTF 8"); PrintConfOpt(&ServerConf->iis_unicode, "IIS Unicode"); PrintConfOpt(&ServerConf->multiple_slash, "Multiple Slash"); PrintConfOpt(&ServerConf->iis_backslash, "IIS Backslash"); PrintConfOpt(&ServerConf->directory, "Directory Traversal"); PrintConfOpt(&ServerConf->webroot, "Web Root Traversal"); PrintConfOpt(&ServerConf->apache_whitespace, "Apache WhiteSpace"); PrintConfOpt(&ServerConf->iis_delimiter, "IIS Delimiter"); if(ServerConf->iis_unicode_map_filename) { LogMessage(" IIS Unicode Map Filename: %s\n", ServerConf->iis_unicode_map_filename); LogMessage(" IIS Unicode Map Codepage: %d\n", ServerConf->iis_unicode_codepage); } else if(ServerConf->iis_unicode_map) { LogMessage(" IIS Unicode Map: " "GLOBAL IIS UNICODE MAP CONFIG\n"); } else { LogMessage(" IIS Unicode Map: NOT CONFIGURED\n"); } /* ** Print out the non-rfc chars */ memset(buf, 0, STD_BUF+1); snprintf(buf, STD_BUF, " Non-RFC Compliant Characters: "); for(iCtr = 0; iCtr < 256; iCtr++) { if(ServerConf->non_rfc_chars[iCtr]) { sfsnprintfappend(buf, STD_BUF, "0x%.2x ", (u_char)iCtr); iNonRfcChar = 1; } } if(!iNonRfcChar) { sfsnprintfappend(buf, STD_BUF, "NONE"); } LogMessage("%s\n", buf); return 0;}static int ProcessUniqueServerConf(HTTPINSPECT_GLOBAL_CONF *GlobalConf, char *ErrorString, int ErrStrLen){ char *pcToken; unsigned long Ip; struct in_addr ip_addr; HTTPINSPECT_CONF *ServerConf; static int s_iDefaultServer = 0; int iRet; pcToken = strtok(NULL, CONF_SEPARATORS); if(!pcToken) { snprintf(ErrorString, ErrStrLen, "No arguments to '%s' token.", SERVER); return -1; } /* ** Check for the default configuration first */ if(!strcmp(SERVER_DEFAULT, pcToken)) { if(s_iDefaultServer) { snprintf(ErrorString, ErrStrLen, "Cannot configure '%s' settings more than once.", GLOBAL_SERVER); return -1; } s_iDefaultServer = 1; ServerConf = &GlobalConf->global_server; /* ** Reset the global server configuration */ if(hi_ui_config_reset_server(ServerConf)) { snprintf(ErrorString, ErrStrLen, "Cannot reset the HttpInspect default server configuration."); return -1; } if((iRet = ProcessServerConf(GlobalConf, ServerConf, ErrorString, ErrStrLen))) { return iRet; } /* ** Start writing out the Default Server Config */ LogMessage(" DEFAULT SERVER CONFIG:\n"); } else { /* ** Convert string to IP address */ Ip = inet_addr(pcToken); if(Ip == INADDR_NONE) { snprintf(ErrorString, ErrStrLen, "Invalid IP to '%s' token.", SERVER); return -1; } /* ** allocate the memory for the server configuration */ ServerConf = malloc(sizeof(HTTPINSPECT_CONF)); if(!ServerConf) { snprintf(ErrorString, ErrStrLen, "Could not allocate memory for server configuration."); return -1; } memset(ServerConf, 0x00, sizeof(HTTPINSPECT_CONF)); if((iRet = ProcessServerConf(GlobalConf, ServerConf, ErrorString, ErrStrLen))) { return iRet; } if((iRet = hi_ui_config_add_server(GlobalConf, Ip, ServerConf))) { /* ** Check for already added servers */ if(iRet == HI_NONFATAL_ERR) { snprintf(ErrorString, ErrStrLen, "Duplicate server configuration."); return -1; } else { snprintf(ErrorString, ErrStrLen, "Error when adding server configuration."); return -1; } } ip_addr.s_addr = Ip; /* ** Print out the configuration header */ LogMessage(" SERVER: %s\n", inet_ntoa(ip_addr)); } /* ** Finish printing out the server configuration */ PrintServerConf(ServerConf); return 0;}static int PrintGlobalConf(HTTPINSPECT_GLOBAL_CONF *GlobalConf){ LogMessage("HttpInspect Config:\n"); LogMessage(" GLOBAL CONFIG\n"); LogMessage(" Max Pipeline Requests: %d\n", GlobalConf->max_pipeline_requests); LogMessage(" Inspection Type: %s\n", GlobalConf->inspection_type ? "STATEFUL" : "STATELESS"); LogMessage(" Detect Proxy Usage: %s\n", GlobalConf->proxy_alert ? "YES" : "NO"); LogMessage(" IIS Unicode Map Filename: %s\n", GlobalConf->iis_unicode_map_filename); LogMessage(" IIS Unicode Map Codepage: %d\n", GlobalConf->iis_unicode_codepage); return 0;}/*** NAME** HttpInspectSnortConf::*//**** This function takes the HttpInspect configuration line from the ** snort.conf and creats an HttpInspect configuration.**** This routine takes care of the snort specific configuration processing** and calls the generic routines to add specific server configurations.** It sets the configuration structure elements in this routine.**** The ErrorString is passed in as a pointer, and the ErrStrLen tells** us the length of the pointer.**** @param GlobalConf a pointer to the global configuration.** @param args a pointer to argument string.** @param iGlobal whether this is the global configuration or a server** @param ErrorString a pointer for an error string.** @param ErrStrLen the length of the error string.**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 success** @retval 1 generic non-fatal error** @retval -1 generic fatal error** @retval -2 ErrorString is undefined*/int HttpInspectSnortConf(HTTPINSPECT_GLOBAL_CONF *GlobalConf, char *args, int iGlobal, char *ErrorString, int ErrStrLen){ char *pcToken; static int s_iGlobal = 0; int iRet; /* ** Check input variables */ if(ErrorString == NULL) { return -2; } if(GlobalConf == NULL) { snprintf(ErrorString, ErrStrLen, "Global configuration variable undefined."); return -1; } if(args == NULL) { snprintf(ErrorString, ErrStrLen, "No arguments to HttpInspect configuration."); return -1; } /* ** Find out what is getting configured */ pcToken = strtok(args, CONF_SEPARATORS); if(pcToken == NULL) { snprintf(ErrorString, ErrStrLen, "No arguments to HttpInspect configuration."); return -1; } /* ** Global Configuration Processing ** We only process the global configuration once, but always check for ** user mistakes, like configuring more than once. That's why we ** still check for the global token even if it's been checked. */ if((s_iGlobal || iGlobal) && !strcmp(pcToken, GLOBAL)) { /* ** Don't allow user to configure twice */ if(s_iGlobal) { snprintf(ErrorString, ErrStrLen, "Cannot configure '%s' settings more than once.", GLOBAL); return -1; } /* ** Reset the Global configuration */ if(hi_ui_config_reset_global(GlobalConf)) { snprintf(ErrorString, ErrStrLen, "Cannot reset the HttpInspect global configuration."); return -1; } /* ** Reset the global server, so if there isn't one specified, we ** honor that. */ if(hi_ui_config_reset_server(&GlobalConf->global_server)) { snprintf(ErrorString, ErrStrLen, "Cannot reset the HttpInspect default server configuration."); return -1; } if((iRet = ProcessGlobalConf(GlobalConf, ErrorString, ErrStrLen))) { return iRet; } s_iGlobal = 1;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -