📄 parse.c

📁 一百个病毒的源代码包括熊猫烧香等极其具有研究价值
💻 C
📖 第 1 页 / 共 2 页
字号:
12 下一页
/*** Modular Logfile Analyzer** Copyright 2000 Jan Kneschke <jan@kneschke.de>**** Homepage: http://www.kneschke.de/projekte/modlogan**    This program is free software; you can redistribute it and/or modify    it under the terms of the GNU General Public License as published by    the Free Software Foundation; either version 2 of the License, or    (at your option) any later version, and provided that the above    copyright and permission notice is included with all distributed    copies of this or derived software.    This program is distributed in the hope that it will be useful,    but WITHOUT ANY WARRANTY; without even the implied warranty of    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    GNU General Public License for more details.    You should have received a copy of the GNU General Public License    along with this program; if not, write to the Free Software    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA**** $Id: parse.c,v 1.10 2000/11/17 15:17:38 jk Exp $*/#include <stdlib.h>#include <stdio.h>#include <string.h>#include <time.h>#include <ctype.h>#include <errno.h>#include "mlocale.h"#include "mplugins.h"#include "mrecord.h"#include "mdatatypes.h"#include "misc.h"#include "plugin_config.h"int find_os (mconfig *ext_conf, char *str) {	config_input *conf = ext_conf->input;	mlist *l = conf->match_os;	if (!str || !l) return 0;		while (*str == ' ') str++;		while (l) {		data_Match *data = (data_Match *)l->data;				if (data && strmatch(data->match, str)) {#if 0			printf("OS found: %s\n", str);#endif			return 1;		}				l = l->next;	}		return 0;}int find_ua (mconfig *ext_conf, char *str) {	config_input *conf = ext_conf->input;	mlist *l = conf->match_ua;	if (!str || !l) return 0;		while (*str == ' ') str++;		while (l) {		data_Match *data = (data_Match *)l->data;				if (data && strmatch(data->match, str)) {#if 0			printf("UA found: %s\n", str);#endif			return 1;		}				l = l->next;	}		return 0;}int parse_timestamp(mconfig *ext_conf, const char *_date, const char *_time, mlogrec *record) {#define N 20 + 1	int ovector[3 * N], n;	char buf[10];	struct tm tm;	config_input *conf = ext_conf->input;		char *str = NULL;		str = malloc(strlen(_date) + strlen(_time) + 2);	strcpy(str, _date);	strcat(str, " ");	strcat(str, _time);		if ((n = pcre_exec(conf->match_timestamp, conf->match_timestamp_extra, str, strlen(str), 0, 0, ovector, 3 * N)) < 0) {		if (n == PCRE_ERROR_NOMATCH) {			fprintf(stderr, "%s.%d: string doesn't match: %s\n", __FILE__, __LINE__, str);		} else {			fprintf(stderr, "%s.%d: execution error while matching: %d\n", __FILE__, __LINE__, n);		}		return -1;	}		pcre_copy_substring(str, ovector, n, 1, buf, sizeof(buf));	tm.tm_year = strtol(buf, NULL, 10)-1900;	pcre_copy_substring(str, ovector, n, 3, buf, sizeof(buf));	tm.tm_mday = strtol(buf, NULL, 10);	pcre_copy_substring(str, ovector, n, 2, buf, sizeof(buf));	tm.tm_mon = strtol(buf, NULL, 10)-1;		pcre_copy_substring(str, ovector, n, 4, buf, sizeof(buf));	tm.tm_hour = strtol(buf, NULL, 10);	pcre_copy_substring(str, ovector, n, 5, buf, sizeof(buf));	tm.tm_min = strtol(buf, NULL, 10);	pcre_copy_substring(str, ovector, n, 6, buf, sizeof(buf));	tm.tm_sec = strtol(buf, NULL, 10);		record->timestamp = mktime (&tm);		return 0;#undef  N}int parse_useragent(mconfig *ext_conf,const char *str, mlogrec_web_extclf *record) {/* get user agent */	char *pc1 = (char *)str, *pc3, *pc2 = (char *)str, *buf_copy;		buf_copy = malloc(strlen(str)+1);	strcpy(buf_copy, str);		str = urlescape((char *)str);		if ((pc3 = strchr(pc1, '(') )) {		if (strstr(pc3, "compatible")) {			int finished = 0;						pc1 = pc2 = (pc3+1);						while (!finished) {				while (*pc2 && !(*pc2 == ';' || *pc2 == ')')) pc2++;				if (!*pc2) {					if (ext_conf->debug_level > 0)						fprintf(stderr, "%s: '%s'\n", _("the 'Useragent' field of the logfile is incorrect"),buf_copy);					free(buf_copy);					return -1;				} else if (*pc2 == ')') {					finished = 1;				}								while (*pc1 == ' ') pc1++;								*pc2 = '\0';				if (!record->req_useragent && find_ua(ext_conf, pc1)) {					record->req_useragent = malloc(pc2-pc1+1);					strcpy(record->req_useragent, pc1);				} else if (!record->req_useros && find_os(ext_conf, pc1)) {					record->req_useros = malloc(pc2-pc1+1);					strcpy(record->req_useros, pc1);				}				pc1 = ++pc2;			}					} else {			int finished = 0;						pc2 = pc3;			*pc2 = '\0';						if (!find_ua(ext_conf, pc1)) {//				printf("UA- unknown: %s\n", pc4);			}						record->req_useragent = malloc(pc2-pc1+1);			strcpy(record->req_useragent, pc1);						pc1 = pc2 = (pc3+1);			while (!finished) {				while (*pc2 && !(*pc2 == ';' || *pc2 == ')')) pc2++;				if (!*pc2) {					if (ext_conf->debug_level > 0)						fprintf(stderr, "%s: '%s'\n", _("the 'Useragent' field of the logfile is incorrect"),buf_copy);					free(buf_copy);					return -1;				} else if (*pc2 == ')') {					finished = 1;				}				while (*pc1 == ' ') pc1++;								*pc2 = '\0';																if (!record->req_useros && find_os(ext_conf, pc1)) {					record->req_useros = malloc(strlen(pc1)+1);					strcpy(record->req_useros, pc1);				}				pc1 = ++pc2;			}		}#if 0		if (!record->req_useragent) {			printf("UA unknown: %s\n", pc4);		}				if (!record->req_useros) {			printf("OS unknown: %s\n", pc4);		}#endif	} else {		record->req_useragent = malloc(strlen(str)+1);		strcpy(record->req_useragent, str);	}		free(buf_copy);		return 0;}int parse_referrer(mconfig *ext_conf,const char *str, mlogrec_web_extclf *record) {#define N 20 + 1	int ovector[3 * N], n;	config_input *conf = ext_conf->input;	const char **list;		if ((n = pcre_exec(conf->match_referrer, conf->match_referrer_extra, str, strlen(str), 0, 0, ovector, 3 * N)) < 0) {		if (n == PCRE_ERROR_NOMATCH) {			fprintf(stderr, "%s.%d: string doesn't match: %s\n", __FILE__, __LINE__, str);		} else {			fprintf(stderr, "%s.%d: execution error while matching: %d\n", __FILE__, __LINE__, n);		}		return -1;	}		if (n >= 2) {		/* everything has matched, take the different pieces and be happy :) */		pcre_get_substring_list(str, ovector, n, &list);			record->ref_url = malloc(strlen((char *)list[1])+1);		strcpy(record->ref_url, (char *)list[1]);				if (n > 3) {			record->ref_getvars = malloc(strlen((char *)list[3])+1);			strcpy(record->ref_getvars, (char *)list[3]);		}#ifdef DEBUG_INPUT				fprintf(stderr, "%s.%d: %s, %s\n", __FILE__, __LINE__, record->ref_url, record->ref_getvars);#endif		free(list);	} else {		fprintf(stderr, "%s.%d: Matched fields below minimum: %d\n", __FILE__, __LINE__, n);		return -1;	}				return 0;#undef  N}#define M_MSIIS_FIELD_DATE		1#define M_MSIIS_FIELD_TIME		2#define M_MSIIS_FIELD_CLIENT_IP		3#define M_MSIIS_FIELD_USERNAME		4#define M_MSIIS_FIELD_SITENAME		5#define M_MSIIS_FIELD_SERVERNAME	6#define M_MSIIS_FIELD_SERVER_IP		7#define M_MSIIS_FIELD_SERVER_PORT	8#define M_MSIIS_FIELD_REQ_METHOD	9#define M_MSIIS_FIELD_URI_STEM		10#define M_MSIIS_FIELD_URI_QUERY		11#define M_MSIIS_FIELD_STATUS		12#define M_MSIIS_FIELD_WIN32_STATUS	13#define M_MSIIS_FIELD_BYTES_SEND	14#define M_MSIIS_FIELD_BYTES_RECEIVED	15#define M_MSIIS_FIELD_TIME_TAKEN	16#define M_MSIIS_FIELD_REQ_PROTOCOL	17#define M_MSIIS_FIELD_REQ_HOST		18#define M_MSIIS_FIELD_USER_AGENT	19#define M_MSIIS_FIELD_COOKIE		20#define M_MSIIS_FIELD_REFERRER		21typedef struct {	char	*field;	int	id;	char	*match;} msiis_field_def;const msiis_field_def def[] =
12 下一页
💿 文件大小 3350 K
👤 上传用户 fpeisheng
📂 所属分类其他
🏷️ 相关标签

#病毒 #源代码 #价值 #猫
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -