pridana podpora pro stahovani vsechny typu zprav pomoci ridiciho prikazu '_any_'

src/warden-client/doc/CHANGELOG

+2012-00-00 v.2.1 stable version
+-------------------------------
+- receiving of all types of messages now supported
+
+
 2012-07-27 v.2.0 stable version and bugfix release of warden-client-2.0.0-beta
 ------------------------------------------------------------------------------
 - Sender client code fixed, so that it will not terminate "parent"

src/warden-client/doc/README.cesnet

@@ -138,6 +138,7 @@ D. Types of events
    * test - clients can use these at will when debugging/testing, these
             messages will be processed and stored, but ignored later
    * other - the rest, uncategorizable yet
+   * _any_ - clients can use these for receiving of all types of messages
 
    In case of complex scenarios with structured info more events with
    particular parts of information can be created.

src/warden-server/doc/CHANGELOG

+2012-00-00 v2.1 stable version
+------------------------------
+- receiving of all types of messages now supported
+
+
 2012-07-27 v2.0 stable version
 ------------------------------
 - MySQL database engine used
@@ -7,6 +12,7 @@
 - added automatic reconnect to DB
 - other minor bugs and issues fixed
 
+
 2012-03-02 v0.1.0 beta version
 ------------------------------
 - initial release of the Warden server

src/warden-server/doc/README

 +----------------------------+
-| README - Warden Server 2.0 |
+| README - Warden Server 2.1 |
 +----------------------------+
 
 Content
@@ -23,7 +23,7 @@ A. Overall Information
 
  2. Version
   
-    2.0 (2012-07-27)
+    2.1 (2012-00-00)
     
  3. Package structure
  
@@ -87,11 +87,11 @@ C. Installation
 
  1. Check SHA1 checksum of the Warden server package archive.
 
-    $ sha1sum -c warden-server-2.0.tar.gz.sig
+    $ sha1sum -c warden-server-2.1.tar.gz.sig
 
  2. Untar it.
 
-    $ tar xzvf warden-server-2.0.tar.gz
+    $ tar xzvf warden-server-2.1.tar.gz
 
  3. Run install.sh. 
   

src/warden-server/lib/Warden.pm

@@ -20,7 +20,7 @@ use DateTime;
 use MIME::Base64;
 use Crypt::X509;
 
-our $VERSION = "2.0";
+our $VERSION = "2.1";
 
 
 ################################################################################
@@ -127,57 +127,56 @@ sub getAltNames
 
 sub authorizeClient
 {
-    my ($alt_names, $ip, $service_type, $client_type, $function_name) = @_;
-
-    my $sth;
-    # obtain cidr based on rigth common name and alternate names, service and client_type
-    if($function_name eq 'saveNewEvent') {
-        $sth = $DBH->prepare(   "SELECT hostname, ip_net_client, receive_own_events 
-                                FROM clients WHERE hostname IN ($alt_names) AND service = ? AND client_type = ? 
-                                ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
-    }
-    elsif($function_name eq 'getNewEvents') {
-        $sth = $DBH->prepare(   "SELECT hostname, ip_net_client, receive_own_events 
-                                FROM clients WHERE hostname IN ($alt_names) AND type = ? AND client_type = ? 
-                                ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
-    }
+  my ($alt_names, $ip, $service_type, $client_type, $function_name) = @_;
+  my $sth;
 
-    if (!defined $sth) { die("Cannot prepare authorization statement in $function_name: $DBI::errstr\n")}
-    $sth->execute($service_type, $client_type);
-    
-    my ($an, $cidr, $receive_own, $cidr_list);
-    my $correct_ip_source = 0;
-    my %ret;
-
-    while(($an, $cidr, $receive_own)  = $sth->fetchrow()) {
-        my $cidr_list = Net::CIDR::Lite-> new -> add($cidr);
-        
-        $ret{'dns'} = $an;
-        $ret{'cidr'} = $cidr;
-        $ret{'receive_own'} = $receive_own;
-           
-        if ($cidr_list->bin_find($ip)) {
-            $correct_ip_source = 1;
-            last;
-        }
-    };
-
-    # check if client is registered
-    if ($sth->rows == 0) {
-        write2log ("err", "Unauthorized access to $function_name from: $ip (CN(AN): $alt_names), used service '$service_type' - client is not registered");
-        die("Access denied - client is not registered at warden server!");
-        return undef;
-    }
+  # obtain cidr based on rigth common name and alternate names, service and client_type
+  if($function_name eq 'saveNewEvent') {
+    $sth = $DBH->prepare("SELECT hostname, ip_net_client, receive_own_events 
+                          FROM clients WHERE hostname IN ($alt_names) AND service = ? AND client_type = ? 
+                          ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
+  } elsif($function_name eq 'getNewEvents') {
+    $sth = $DBH->prepare("SELECT hostname, ip_net_client, receive_own_events 
+                          FROM clients WHERE hostname IN ($alt_names) AND type = ? AND client_type = ? 
+                          ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
+  }
+
+  if (!defined $sth) { die("Cannot prepare authorization statement in $function_name: $DBI::errstr\n")}
+  $sth->execute($service_type, $client_type);
+
+  my ($an, $cidr, $receive_own, $cidr_list);
+  my $correct_ip_source = 0;
+  my %ret;
+
+  while(($an, $cidr, $receive_own)  = $sth->fetchrow()) {
+    my $cidr_list = Net::CIDR::Lite-> new -> add($cidr);
 
-    # check if client has IP from registered CIDR
-    if (!$correct_ip_source) {
-        write2log ("err", "Unauthorized access to $function_name from: $ip (CN(AN): $alt_names), used service '$service_type' - access from bad subnet: Registered subnet '" . $ret{'cidr'} . "'");
-        die("Access denied - access from unauthorized subnet!");
-        return undef;
+    $ret{'dns'} = $an;
+    $ret{'cidr'} = $cidr;
+    $ret{'receive_own'} = $receive_own;
+
+    if ($cidr_list->bin_find($ip)) {
+      $correct_ip_source = 1;
+      last;
     }
+  }
 
-    return %ret;
-}
+  # check if client is registered
+  if ($sth->rows == 0) {
+    write2log ("err", "Unauthorized access to $function_name from: $ip (CN(AN): $alt_names), used service '$service_type' - client is not registered");
+    die("Access denied - client is not registered at warden server!");
+    return undef;
+  }
+
+  # check if client has IP from registered CIDR
+  if (!$correct_ip_source) {
+    write2log ("err", "Unauthorized access to $function_name from: $ip (CN(AN): $alt_names), used service '$service_type' - access from bad subnet: Registered subnet '" . $ret{'cidr'} . "'");
+    die("Access denied - access from unauthorized subnet!");
+    return undef;
+  }
+
+  return %ret;
+} # END of authorizeClient
 
 
 ################################################################################
@@ -205,26 +204,23 @@ sub saveNewEvent
   # parse object (event) parameters
   my $service		= $data->{'SERVICE'};
   my $detected		= $data->{'DETECTED'};
-  my $type		    = $data->{'TYPE'};
+  my $type		= $data->{'TYPE'};
   my $source_type	= $data->{'SOURCE_TYPE'};
   my $source		= $data->{'SOURCE'};
   my $target_proto	= $data->{'TARGET_PROTO'};
   my $target_port	= $data->{'TARGET_PORT'};
   my $attack_scale 	= $data->{'ATTACK_SCALE'};
-  my $note		    = $data->{'NOTE'};
+  my $note		= $data->{'NOTE'};
   my $priority		= $data->{'PRIORITY'};
   my $timeout		= $data->{'TIMEOUT'};
 
-
-   my %client = authorizeClient($alt_names, $ip, $service, $client_type, 'saveNewEvent');
-   if(defined %client) {
+  my %client = authorizeClient($alt_names, $ip, $service, $client_type, 'saveNewEvent');
+  if(defined %client) {
     # insert new events into DB
     $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
     if (!defined $sth) { die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n") }
-
     $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
-
-      return 1;
+    return 1;
   }
 } # END of saveNewEvent
 
@@ -239,30 +235,41 @@ sub getNewEvents
   my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
 
   # client network information
-  my $cn	    = $ENV{'SSL_CLIENT_S_DN_CN'};
-  my $alt_names = getAltNames(undef);
-  my $ip	    = $ENV{'REMOTE_ADDR'};
-
-  my $client_type	= "r";	# incoming client MUST be sender
+  my $cn	= $ENV{'SSL_CLIENT_S_DN_CN'};
+  my $alt_names	= getAltNames(undef);
+  my $ip	= $ENV{'REMOTE_ADDR'};
+  my $client_type = "r";	# incoming client MUST be sender
 
   # parse SOAP data object
   my $requested_type = $data->{'REQUESTED_TYPE'};
-  my $last_id		 = $data->{'LAST_ID'};
-
+  my $last_id	     = $data->{'LAST_ID'};
 
   my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, 'getNewEvents');
   if(defined %client) {
-    # check if client want your own events or not
-    if ($client{'receive_own'} eq 't') {
-      $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC;");
-      if (!defined $sth) {die("Cannot prepare ROE statement in getNewEvents: $DBI::errstr\n")}
-      $sth->execute($last_id, $requested_type);
+    if ($client{'receive_own'} eq 't') {	# check if client want your own events or not
+      if ($requested_type eq '_any_') {		  # check if client want each or only one type of messages
+        $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' ORDER BY id ASC;");
+        if (!defined $sth) {die("Cannot prepare ROE-ANY statement in getNewEvents: $DBI::errstr\n")}
+        $sth->execute($last_id);
+      } else {
+        $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC;");
+        if (!defined $sth) {die("Cannot prepare ROE statement in getNewEvents: $DBI::errstr\n")}
+        $sth->execute($last_id, $requested_type);
+      }
     } else {
-      $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC;");
-      if (!defined $sth) {die("Cannot prepare statement in getNewEvents: $DBI::errstr\n")}
-      my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
-      $domain = '\%' . $domain;
-      $sth->execute($last_id, $requested_type, $domain);
+      if ($requested_type eq '_any_') {
+        $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC;");
+        if (!defined $sth) {die("Cannot prepare ANY statement in getNewEvents: $DBI::errstr\n")}
+        my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
+        $domain = '\%' . $domain;
+        $sth->execute($last_id, $domain);
+      } else {
+        $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC;");
+        if (!defined $sth) {die("Cannot prepare statement in getNewEvents: $DBI::errstr\n")}
+        my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
+        $domain = '\%' . $domain;
+        $sth->execute($last_id, $requested_type, $domain);
+      }
     }
 
     # parse items of events stored in DB
@@ -276,19 +283,19 @@ sub getNewEvents
       $source	 	= $result[7];
       $target_proto	= $result[8];
       $target_port 	= $result[9];
-      $attack_scale = $result[10];
+      $attack_scale	= $result[10];
       $note 		= $result[11];
       $priority 	= $result[12];
       $timeout	 	= $result[13];
 
       # create SOAP data object
       $event = SOAP::Data->name(event => \SOAP::Data->value(
-        SOAP::Data->name(ID		    => $id),
+        SOAP::Data->name(ID		=> $id),
         SOAP::Data->name(HOSTNAME	=> $hostname),
         SOAP::Data->name(SERVICE	=> $service),
         SOAP::Data->name(DETECTED	=> $detected),
         SOAP::Data->name(TYPE		=> $type),
-        SOAP::Data->name(SOURCE_TYPE=> $source_type),
+        SOAP::Data->name(SOURCE_TYPE	=> $source_type),
         SOAP::Data->name(SOURCE		=> $source),
         SOAP::Data->name(TARGET_PROTO	=> $target_proto),
         SOAP::Data->name(TARGET_PORT	=> $target_port),