bugfix: server neautentizuje klienta pokud nema nastavene SubjectAltNames ve svem SSL certifikatu

src/warden-server/lib/Warden.pm

@@ -39,6 +39,7 @@ my $etc = "$lib/../etc";
 ################################################################################
 #			READING OF CONFIGURATION VARIABLES
 ################################################################################
+# load server configuration
 my $conf_file = "$etc/warden-server.conf";
 WardenCommon::loadConf($conf_file);
 
@@ -47,6 +48,7 @@ WardenCommon::loadConf($conf_file);
 ################################################################################
 #				DB CONNECT
 ################################################################################
+# create database handler
 our $DBH = DBI->connect("DBI:mysql:database=$WardenCommon::DB_NAME;host=$WardenCommon::DB_HOST", $WardenCommon::DB_USER, $WardenCommon::DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1})
            || die "Could not connect to database '$WardenCommon::DB_NAME' at '$WardenCommon::DB_HOST': $DBI::errstr";
 
@@ -65,6 +67,7 @@ sub sendMsg
   my $syslog_msg = shift;
   my $soap_msg   = shift;
 
+  # send message via syslog
   WardenCommon::sendMsg($WardenCommon::SYSLOG, $WardenCommon::SYSLOG_VERBOSE, $WardenCommon::SYSLOG_FACILITY, $severity,
 			$syslog_msg, $soap_msg, $FILENAME);
 }
@@ -85,9 +88,12 @@ sub getAltNames
   my $der = decode_base64(join("", @a));
   my $decoded= Crypt::X509->new(cert => $der);
 
-  foreach my $tmp (@{$decoded->SubjectAltName}) {
-    if($tmp =~ s/dNSName=//){
-      push(@an_array, $DBH->quote($tmp));
+  # obtain Subject Alternative Names from SSL certificate (if any exist)
+  if (defined $decoded->SubjectAltName) {
+    foreach my $tmp (@{$decoded->SubjectAltName}) {
+      if($tmp =~ s/dNSName=//){
+        push(@an_array, $DBH->quote($tmp));
+      }
     }
   }
 
@@ -140,7 +146,7 @@ sub authorizeClient
     }
   }
 
-  # obtain registration info about clients
+  # obtain registration information about clients
   my ($client_id, $ip_net_client, $receive_own, $ip_net_client_list);
   my $correct_ip_source = 0;
   my %ret;
@@ -213,12 +219,14 @@ sub saveNewEvent
   my $priority		= $data->{'PRIORITY'};
   my $timeout		= $data->{'TIMEOUT'};
 
+  # authorize incoming client
   my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
   if (defined %client) {
     sendMsg("debug",
             "Incoming event: [client_id: '$client{'client_id'}', service: '$service', detected: '$detected', type: '$type', source_type: '$source_type', source: '$source', target_proto: '$target_proto', target_port: '$target_port', attack_scale: '$attack_scale', note: '$note', priority: '$priority', timeout: '$timeout']",
              undef);
 
+    # check event entries 'event_type' and 'source_type' (based on VALIDATION HASH)
     if (%WardenCommon::VALID_STRINGS) {	# check if hash is not empty - use VALIDATION HASH
       if (!(exists $WardenCommon::VALID_STRINGS{'type'} && grep $type eq $_, @{$WardenCommon::VALID_STRINGS{'type'}})) {
         sendMsg("err",
@@ -238,6 +246,7 @@ sub saveNewEvent
               "Unknown detected time format: '$detected'");
     }
 
+    # check other event entries
     my @change_list;
     if (defined $target_port && $target_port !~ /^\d+\z/) {
       push(@change_list, "target_port: '$target_port'");
@@ -266,6 +275,7 @@ sub saveNewEvent
               undef);
     }
 
+    # save new event into database
     $sth = $DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
     unless (defined $sth) {
       sendMsg("err",
@@ -315,6 +325,7 @@ sub getNewEvents
   # authorize incoming client
   my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, $function_name);
   if (defined %client) {
+    # obtain events from database
     my $query = "SELECT id, hostname, service, detected, events.type, source_type, source, target_proto, target_port, attack_scale, note, priority, timeout FROM events INNER JOIN clients ON events.client_id = clients.client_id WHERE events.type != 'test' AND id > ? AND events.valid = 't'";
     my @params = ($last_id);
 
@@ -346,9 +357,9 @@ sub getNewEvents
               "Internal 'execute' server error");
     }
 
-    # obtain items of events stored in events table
+    # obtain event entries from query
     while (my @result = $sth->fetchrow()) {
-      # create SOAP data object set values
+      # create SOAP object
       $event = SOAP::Data->name(event => \SOAP::Data->value(
         SOAP::Data->name(ID		=> $result[0]),
         SOAP::Data->name(HOSTNAME	=> $result[1]),
@@ -404,8 +415,10 @@ sub getLastId
 
   my $function_name = 'getLastId';
 
+  # authorize incoming client
   my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
   if (defined %client) {
+    # obtain max event ID
     my $sth = $DBH->prepare("SELECT max(id) FROM events;");
     unless (defined $sth) {
       sendMsg("err",
@@ -445,8 +458,10 @@ sub getClientInfo
 
   my $function_name = 'getClientInfo';
 
+  # authorize incoming client
   my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
   if (defined %client) {
+    # obtain all valid clients from DB
     my $sth = $DBH->prepare("SELECT * FROM clients WHERE valid = 't' ORDER BY client_id ASC;");
     unless (defined $sth) {
       sendMsg("err",
@@ -461,6 +476,7 @@ sub getClientInfo
               "Internal 'execute' server error");
     }
 
+    # create SOAP object
     while ( my @result = $sth->fetchrow() ) {
       $client = SOAP::Data->name(client => \SOAP::Data->value(
         SOAP::Data->name(CLIENT_ID		=> $result[0]),
@@ -478,6 +494,7 @@ sub getClientInfo
       push(@clients, $client);
     }
 
+    # log information message
     my $sum = scalar @clients;
     sendMsg("info",
             "Sent information about $sum registered clients from Warden server '$ENV{'SERVER_NAME'}' to client '$client{'client_id'}'",