⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 spo_alert_arubaaction.c

📁 著名的入侵检测系统snort的最新版本的源码
💻 C
📖 第 1 页 / 共 2 页
字号:
🔍
12 
	if (xmllenrem < 1) {		ErrorMessage("aruba_action: configuration parameters too "				"long\n");		FatalError("Unable to parse configuration parameters for Aruba"				"Action output plugin.\n");		return;	}	snprintf(cmdbufp, xmllenrem, "<version>1.0</version>");	xmllenrem -= strlen(cmdbufp);	cmdbufp += strlen(cmdbufp);	if (xmllenrem < 1) {		ErrorMessage("aruba_action: configuration parameters too "				"long\n");		FatalError("Unable to parse configuration parameters for Aruba"				"Action output plugin.\n");		return;	}	snprintf(cmdbufp, xmllenrem, "</aruba>");	xmllenrem -= strlen(cmdbufp);	cmdbufp += strlen(cmdbufp);	cmdbufp = NULL;	postlen = snprintf(post, MAX_POST_LEN-1,			"POST /auth/command.xml HTTP/1.0\r\n"			"User-Agent: snort\r\n"			"Host: %s\r\n"			"Pragma: no-cache\r\n"			"Content-Length: %lu\r\n"			"Content-Type: application/xml\r\n"			"\r\n"			"%s",#ifdef SUP_IP6			inet_ntoa(&data->aswitch),#else			inet_ntoa(data->aswitch),#endif			(unsigned long)strlen(cmdbuf), cmdbuf        );		/* Send the action command to the switch */	if (ArubaSwitchSend(data, (u_int8_t *)post, postlen) != postlen) {		ErrorMessage("aruba_action: Error sending data to Aruba "				"switch.\n");		close(data->fd);		return;	}	/* Read the response from the switch */	if (ArubaSwitchRecv(data, (u_int8_t *)response, MAX_RESPONSE_LEN) < 0) {		ErrorMessage("aruba_action: Error reading response from Aruba"				" switch\n");		close(data->fd);		return;	}	/* Extract the result code from the response */	responsecode = strstr(response, "<code>");	if (responsecode == NULL) {		ErrorMessage("aruba_action: Error extracting response code "				"from Aruba switch\n");		close(data->fd);		return;	}	/* Advance beyond "<code>" */	responsecode += (strlen("<code>"));	/* Lookup code message */	//responsecodei = 0;	if (sscanf(responsecode, "%d", &responsecodei) != 1) {		ErrorMessage("aruba_action: Invalid response code returned from"				" the Aruba switch.\n");		return;	}	if (responsecodei != 0) {		responsemsg = NULL;		for (i=0; response_lookup[i].name != NULL; i++) {			if (response_lookup[i].type == responsecodei) {				responsemsg = response_lookup[i].name;				break;			}		}		if (responsemsg == NULL) {			ErrorMessage("aruba_action: Switch returned error "					"status of %d \"unknown\"\n",					responsecodei);		} else {			ErrorMessage("aruba_action: Switch returned error "					"status of %d \"%s\"\n",					responsecodei, responsemsg);		}		close(data->fd);		return;	}	close(data->fd);			return;}int ArubaSwitchSend(SpoAlertArubaActionData *data, uint8_t *post, int len){	return(write(data->fd, post, len));}int ArubaSwitchRecv(SpoAlertArubaActionData *data, uint8_t *recv, int maxlen){	return(read(data->fd, recv, maxlen));}int ArubaSwitchConnect(SpoAlertArubaActionData *data){	struct sockaddr_in sa4;	struct sockaddr_in6 sa6;	data->fd = socket(AF_INET, SOCK_STREAM, 0);	if (data->fd < 0) {		ErrorMessage("aruba_action: socket error\n");		return -1;	}#ifdef SUP_IP6    if(data->aswitch.family == AF_INET) {	    sa4.sin_addr.s_addr = data->aswitch.ip32[0];#else	    sa4.sin_addr.s_addr = (unsigned int)(data->aswitch.s_addr);#endif    	sa4.sin_family = AF_INET;    	sa4.sin_port = htons(80);    	if (connect(data->fd, (struct sockaddr *)&sa4, sizeof(sa4)) < 0) {    		perror("connect");    		ErrorMessage("aruba_action: Unable to connect to switch\n");    		close(data->fd);    		return -1;    	}#ifdef SUP_IP6    }     else {	    memcpy(&sa6.sin6_addr, data->aswitch.ip8, 16);    	sa6.sin6_family = AF_INET6;    	sa6.sin6_port = htons(80);       	if (connect(data->fd, (struct sockaddr *)&sa6, sizeof(sa6)) < 0) {    		perror("connect");    		ErrorMessage("aruba_action: Unable to connect to switch\n");    		close(data->fd);    		return -1;    	}    }  #endif#ifdef SUP_IP6    if(data->aswitch.family == AF_INET) {	    sa4.sin_addr.s_addr = data->aswitch.ip32[0];    	sa4.sin_family = AF_INET;    	sa4.sin_port = htons(80);    	if (connect(data->fd, (struct sockaddr *)&sa4, sizeof(sa4)) < 0) {    		perror("connect");    		ErrorMessage("aruba_action: Unable to connect to switch\n");    		close(data->fd);    		return -1;    	}    }     else {	    memcpy(&sa6.sin6_addr, data->aswitch.ip8, 16);#else	    memcpy(&sa6.sin6_addr, &data->aswitch, 16);#endif    	sa6.sin6_family = AF_INET6;    	sa6.sin6_port = htons(80);       	if (connect(data->fd, (struct sockaddr *)&sa6, sizeof(sa6)) < 0) {    		perror("connect");    		ErrorMessage("aruba_action: Unable to connect to switch\n");    		close(data->fd);    		return -1;    	}#ifdef SUP_IP6    }  #endif     	return data->fd;}/* * Function: ParseAlertArubaActionArgs(char *) * * Purpose: Process the preprocessor arguments from the rules file and  *          initialize the preprocessor's data struct.  This function doesn't *          have to exist if it makes sense to parse the args in the init  *          function. * * Arguments: args => argument list * * Returns: void function * */SpoAlertArubaActionData *ParseAlertArubaActionArgs(char *args){	char **toks, **action_toks;	int num_toks, num_action_toks, i;	SpoAlertArubaActionData *data;	data = (SpoAlertArubaActionData *)SnortAlloc(sizeof(SpoAlertArubaActionData));	if(args == NULL) {		ErrorMessage("aruba_action: you must specify arguments for the "				"Aruba Action plugin\n");		FatalError("No output plugin arguments specified\n");		return NULL;	}	DEBUG_WRAP(DebugMessage(DEBUG_LOG, "ParseAlertArubaActionArgs: %s\n",			args););	toks = mSplit(args, " ", 4, &num_toks, 0);	if (num_toks != 4) {		ErrorMessage("aruba_action: incorrect number of arguments "				"specified (%d)\n", num_toks);		FatalError("Invalid argument count\n");		return NULL;	}#ifdef SUP_IP6 // XXX could probably be changed to a macro	if (sfip_pton(toks[0], &data->aswitch) == 0) #else	if (inet_aton(toks[0], &data->aswitch) == 0) #endif    {		ErrorMessage("aruba_action: invalid Aruba switch address "				"specified (%s)\n", toks[0]);		FatalError("Invalid Aruba switch address.\n");		return NULL;	}	for (i=0; secret_lookup[i].name != NULL; i++) {		if (strncmp(toks[1], secret_lookup[i].name, 				strlen(secret_lookup[i].name)) == 0) {			data->secret_type = secret_lookup[i].type;			break;		}	}	if (data->secret_type == ARUBA_SECRET_UNKNOWN) {		ErrorMessage("aruba_action: unknown secret type \"%s\"\n",				toks[1]);		FatalError("Unsupported secret type specified\n");		return NULL;	}	data->secret = (char *)SnortAlloc(strlen(toks[2])+1);	strncpy(data->secret, toks[2], strlen(toks[2]));	/* action can be "blacklist" or "setrole:rolename", parse */	for (i=0; action_lookup[i].name != NULL; i++) {		if (strncmp(action_lookup[i].name, toks[3], 				strlen(action_lookup[i].name)) == 0) {			data->action_type = action_lookup[i].type;			break;		}	}	if (data->action_type == ARUBA_ACTION_UNKNOWN) {		ErrorMessage("aruba_action: unknown action type \"%s\"\n",				toks[3]);		FatalError("Unsupported action type specified\n");		return NULL;	}	/* Break out role name for setrole action */	if (data->action_type == ARUBA_ACTION_SETROLE) {		action_toks = mSplit(toks[3], ":", 2, &num_action_toks, 0);		if (num_action_toks != 2) {			ErrorMessage("aruba_action: malformed setrole action "					"specification \"%s\"\n", toks[3]);			FatalError("Improperly formatted action\n");			return NULL;		} 		data->role_name = (char *)SnortAlloc(strlen(action_toks[1])+1);		strncpy(data->role_name, action_toks[1], 				strlen(action_toks[1]));	}		/* free toks */	mSplitFree(&toks, num_toks);	return data;}void AlertArubaActionCleanExitFunc(int signal, void *arg){	SpoAlertArubaActionData *data = (SpoAlertArubaActionData *)arg;	DEBUG_WRAP(DebugMessage(DEBUG_LOG,"AlertArubaActionCleanExitFunc\n"););	free(data->secret);	free(data->role_name);	free(data);}void AlertArubaActionRestartFunc(int signal, void *arg){	SpoAlertArubaActionData *data = (SpoAlertArubaActionData *)arg;		DEBUG_WRAP(DebugMessage(DEBUG_LOG,"AlertArubaActionRestartFunc\n"););	free(data->secret);	free(data->role_name);	free(data);}
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -