diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index 3d64eb0de647751473192202a73529cde966f614..35ff332cf61fe760317a270511be6228ed2a4193 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -48,7 +48,7 @@ WardenCommon::loadConf($conf_file);
# DB CONNECT
################################################################################
our $DBH = DBI->connect("DBI:mysql:database=$WardenCommon::DB_NAME;host=$WardenCommon::DB_HOST", $WardenCommon::DB_USER, $WardenCommon::DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1})
- || die "Could not connect to database: $DBI::errstr";
+ || die "Could not connect to database '$WardenCommon::DB_NAME' at '$WardenCommon::DB_HOST': $DBI::errstr";
@@ -61,9 +61,9 @@ our $DBH = DBI->connect("DBI:mysql:database=$WardenCommon::DB_NAME;host=$WardenC
#-------------------------------------------------------------------------------
sub sendMsg
{
- my $severity = shift;
- my $syslog_msg = shift;
- my $soap_msg = shift;
+ my $severity = shift;
+ my $syslog_msg = shift;
+ my $soap_msg = shift;
WardenCommon::sendMsg($WardenCommon::SYSLOG, $WardenCommon::SYSLOG_VERBOSE, $WardenCommon::SYSLOG_FACILITY, $severity,
$syslog_msg, $soap_msg, $FILENAME);
@@ -102,7 +102,7 @@ sub getAltNames
sub authorizeClient
{
my ($alt_names, $ip, $service_type, $client_type, $function_name) = @_;
- my $sth;
+ my ($sth, $rc);
# obtain cidr based on rigth common name and alternate names, service and client_type
if($function_name eq 'saveNewEvent') {
@@ -115,18 +115,28 @@ sub authorizeClient
$sth = $DBH->prepare("SELECT client_id, ip_net_client, receive_own_events FROM clients WHERE hostname IN ($alt_names) AND client_type = 'r' ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
}
- # check db handler
+ # check if db handler is defined
if (!defined $sth) {
sendMsg("err",
- "Cannot prepare authorization statement in $function_name: $DBH->errstr",
+ "Cannot prepare authorization statement in function 'authorizeClient': $DBH->errstr",
"Internal 'prepare' server error");
}
# execute query for two or none params functions
if ($function_name eq 'saveNewEvent' || $function_name eq 'getNewEvents') {
- $sth->execute($service_type, $client_type);
+ $rc = $sth->execute($service_type, $client_type);
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute authorization statement in function 'authorizeClient': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
} else {
- $sth->execute;
+ $rc = $sth->execute;
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute authorization statement in function 'authorizeClient': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
}
# obtain registration info about clients
@@ -176,7 +186,7 @@ sub authorizeClient
sub saveNewEvent
{
my ($class, $data) = @_;
- my $sth;
+ my ($sth, $rc);
# client network information
my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
@@ -250,13 +260,18 @@ sub saveNewEvent
undef);
}
- $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
+ $sth = $DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
- $sth->execute(undef, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid, $client{'client_id'});
+ $rc = $sth->execute(undef, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid, $client{'client_id'});
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
return 1;
}
} # END of saveNewEvent
@@ -268,7 +283,7 @@ sub saveNewEvent
sub getNewEvents
{
my ($class, $data) = @_;
- my ($sth, @events, $event, @ids);
+ my ($sth, $rc, @events, $event, @ids);
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $client_id);
# client network information
@@ -299,40 +314,60 @@ sub getNewEvents
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
- "Cannot prepare ROE-ANY statement in function '$function_name': $DBH->errstr",
- "Internal 'prepare' server error");
+ "Cannot prepare ROE-ANY statement in function '$function_name': $DBH->errstr",
+ "Internal 'prepare' server error");
+ }
+ $rc = $sth->execute($last_id, $used_limit);
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute ROE-ANY statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
}
- $sth->execute($last_id, $used_limit);
} else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
- "Cannot prepare ROE statement in function '$function_name': $DBH->errstr",
- "Internal 'prepare' server error");
+ "Cannot prepare ROE statement in function '$function_name': $DBH->errstr",
+ "Internal 'prepare' server error");
}
- $sth->execute($last_id, $requested_type, $used_limit);
+ $rc = $sth->execute($last_id, $requested_type, $used_limit);
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute ROE statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
}
} else {
if ($requested_type eq '_any_') {
$sth = $DBH->prepare("SELECT * FROM events e, clients c WHERE e.type != 'test' AND e.id > ? AND e.valid = 't' AND e.client_id = c.client_id AND c.hostname NOT LIKE ? ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
- "Cannot prepare ANY statement in function '$function_name': $DBH->errstr",
- "Internal 'prepare' server error");
+ "Cannot prepare ANY statement in function '$function_name': $DBH->errstr",
+ "Internal 'prepare' server error");
}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '%' . $domain;
- $sth->execute($last_id, $domain, $used_limit);
+ $rc = $sth->execute($last_id, $domain, $used_limit);
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute ANY statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
} else {
$sth = $DBH->prepare("SELECT * FROM events e, clients c WHERE e.type != 'test' AND e.id > ? AND e.type = ? AND e.valid = 't' AND e.client_id = c.client_id AND c.hostname NOT LIKE ? ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
- "Cannot prepare statement in function '$function_name': $DBH->errstr\n",
- "Internal 'prepare' server error");
+ "Cannot prepare statement in function '$function_name': $DBH->errstr\n",
+ "Internal 'prepare' server error");
}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '%' . $domain;
- $sth->execute($last_id, $requested_type, $domain, $used_limit);
+ $rc = $sth->execute($last_id, $requested_type, $domain, $used_limit);
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
}
}
@@ -353,7 +388,17 @@ sub getNewEvents
# obtain hostname and service of events based on client_id from clients table
$sth = $DBH->prepare("SELECT hostname, service FROM clients WHERE client_id = ?;");
- $sth->execute($client_id);
+ if (!defined $sth) {
+ sendMsg("err",
+ "Cannot prepare statement in function '$function_name': $DBH->errstr\n",
+ "Internal 'prepare' server error");
+ }
+ $rc = $sth->execute($client_id);
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
($hostname, $service) = $sth->fetchrow();
# create SOAP data object
@@ -418,7 +463,12 @@ sub getLastId
"Cannot prepare statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
- $sth->execute;
+ my $rc = $sth->execute;
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
my $result = $sth->fetchrow();
return $result;
}
@@ -453,7 +503,12 @@ sub getClientInfo
"Cannot prepare statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
- $sth->execute;
+ my $rc = $sth->execute;
+ if (!$rc) {
+ sendMsg("err",
+ "Cannot execute statement in function '$function_name': $DBH->errstr",
+ "Internal 'execute' server error");
+ }
while ( my @result = $sth->fetchrow() ) {
$client_id = $result[0];