modul WardenClientSend.pm, WardenClientReceive.pm a funkce getClientInfo...

modul WardenClientSend.pm, WardenClientReceive.pm a funkce getClientInfo zahrnuty do jedine knihovny klienta WardenClient.pm

modul WardenClientSend.pm, WardenClientReceive.pm a funkce getClientInfo...
d7ed9ad8 · Tomáš Plesník · 405692ab · d7ed9ad8
Commit d7ed9ad8 authored 10 years ago by Tomáš Plesník
--- a/src/warden-client/lib/WardenClient.pm
+++ b/src/warden-client/lib/WardenClient.pm
+# WardenClient.pm
+#
+# Copyright (C) 2011-2015 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.  
+
+package WardenClient;
+
+use strict;
+use warnings;
+
+use SOAP::Lite;
+use File::Basename;
+my $lib = File::Basename::dirname(__FILE__);
+use lib $lib;
+use WardenClientCommon;
+
+our $VERSION = "2.2";
+
+
+#-------------------------------------------------------------------------------
+# saveNewEvent - send new event from detection scripts to warden server
+#-------------------------------------------------------------------------------
+sub saveNewEvent
+{
+  my $event_ref = shift;
+
+  # prepare variables of event 
+  my @event        = @{$event_ref};
+  my $service      = $event[0];
+  my $detected     = $event[1];
+  my $type         = $event[2];
+  my $source_type  = $event[3];
+  my $source       = $event[4];
+  my $target_proto = $event[5];
+  my $target_port  = $event[6];
+  my $attack_scale = $event[7];
+  my $note         = $event[8];
+  my $priority     = $event[9];
+  my $timeout      = $event[10];
+
+  # Issue #596 - Should be removed in Warden client 3.0.
+  # check if obsolete event attribute 'Priority' is used
+  if ((defined $priority) && ($priority >= 0)) {
+    WardenClientCommon::errMsg('Event attribute "Priority" is now obsolete and will be removed in Warden client 3.0', 'warn');
+  }
+  # check if obsolete event attribute 'Timeout' is used
+  if ((defined $timeout) && ($timeout >= 0)) {
+    WardenClientCommon::errMsg('Event attribute "Timeout" is now obsolete and will be removed in Warden client 3.0', 'warn');
+  } 
+  # end of Issue #596 
+    
+  # create SOAP data object
+  my $event;
+  eval {
+    $event = SOAP::Data->name(
+      event => \SOAP::Data->value(
+        SOAP::Data->name(SERVICE      => $service),
+        SOAP::Data->name(DETECTED     => $detected),
+        SOAP::Data->name(TYPE         => $type),
+        SOAP::Data->name(SOURCE_TYPE  => $source_type),
+        SOAP::Data->name(SOURCE       => $source),
+        SOAP::Data->name(TARGET_PROTO => $target_proto),
+        SOAP::Data->name(TARGET_PORT  => $target_port),
+        SOAP::Data->name(ATTACK_SCALE => $attack_scale),
+        SOAP::Data->name(NOTE         => $note),
+        SOAP::Data->name(PRIORITY     => $priority),
+        SOAP::Data->name(TIMEOUT      => $timeout)
+      )
+    );
+  } # end of eval
+  or WardenClientCommon::errMsg('Unknown error when creating SOAP data object, ' . $@);
+
+  # c2s() returns undef on fail
+  my $result = WardenClientCommon::c2s("saveNewEvent", $event);
+
+  defined $result ? return 1 : return 0;  
+ 
+} # End of saveNewEvent
+
+
+#-------------------------------------------------------------------------------
+# getNewEvents - get new events from warden server greater than last received ID
+#-------------------------------------------------------------------------------
+sub getNewEvents
+{
+  my @events;  
+
+    my $warden_path = shift;
+    my $requested_type = shift;
+
+    my $vardir = $warden_path . "/var/";
+    my $etcdir = $warden_path . "/etc/";
+    my $libdir = $warden_path . "/lib/";
+
+    require $libdir . "WardenClientConf.pm";
+    require $libdir . "WardenClientCommon.pm";
+
+    # read the config file
+    my $conf_file = $etcdir . "warden-client.conf";
+    WardenClientConf::loadConf($conf_file);
+
+    # set name of ID file for each client aplication 
+    my ($caller_name) = ($FindBin::Script =~ /^(.*)$/);	# untaint
+    my $id_file = $vardir . $caller_name . "-". ($requested_type || "any") . ".id";
+
+    #-----------------------------------------------------------------------------
+    # get last ID from ID file (if exist) or
+    # get last ID from warden server DB and save it into ID file
+    my $last_id;
+    if (-e $id_file) {
+      open(ID, "< $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+      foreach(<ID>) {
+        $last_id = $_;
+      }
+      close ID;
+    } else {
+      # c2s() returns undef on fail
+      my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getLastId");
+      defined $response or return; # receive data or return undef      
+ 
+      $last_id = $response->result;
+      open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+      print ID $last_id;
+      close ID;
+    }
+
+    #-----------------------------------------------------------------------------
+    # get new events from warden server DB based on gathered last ID 
+
+    my $request_data;
+    eval {
+      # create SOAP data object
+      $request_data = SOAP::Data->name(
+        request => \SOAP::Data->value(
+          SOAP::Data->name(REQUESTED_TYPE        => $requested_type),
+          SOAP::Data->name(LAST_ID               => $last_id),
+          SOAP::Data->name(MAX_RCV_EVENTS_LIMIT  => $WardenClientConf::MAX_RCV_EVENTS_LIMIT)
+        )
+      )
+    } or return errMsg('Unknown error when creating SOAP data object, ' . $@);
+  
+    # call server method getNewEvents
+    my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getNewEvents", $request_data);
+    defined $response or return; # connect to warden server or return undef
+    
+    # parse returned SOAP data object
+    my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+    
+    my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
+    
+    while (scalar @response_list) {
+      my $response_data = shift(@response_list);
+      my @event;
+
+      # parse items of one event
+      $id		= $response_data->{'ID'};
+      $hostname		= $response_data->{'HOSTNAME'};
+      $service		= $response_data->{'SERVICE'};
+      $detected		= $response_data->{'DETECTED'};
+      $type		= $response_data->{'TYPE'};
+      $source_type	= $response_data->{'SOURCE_TYPE'};
+      $source		= $response_data->{'SOURCE'};
+      $target_proto	= $response_data->{'TARGET_PROTO'};
+      $target_port	= $response_data->{'TARGET_PORT'};
+      $attack_scale	= $response_data->{'ATTACK_SCALE'};
+      $note		= $response_data->{'NOTE'};
+      $priority		= $response_data->{'PRIORITY'};
+      $timeout		= $response_data->{'TIMEOUT'};
+
+      # push new event from warden server into @events which is returned
+      @event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+      push (@events, \@event);
+ 
+      # set maximum received ID from current batch
+      if ($id > $last_id) {
+  	    $last_id = $id;
+      }
+    } #end of while loop
+
+    # write last return ID
+    if (defined $last_id) { # must be defined for first check ID
+      open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+      print ID $last_id;
+      close ID;
+    }
+
+  return @events;
+
+} # End of getNewEvents
+
+
+#-------------------------------------------------------------------------------
+# getClientInfo - retrieve information about other clients from Warden server
+#-------------------------------------------------------------------------------
+sub getClientInfo
+{
+  # obtain information about clients on Warden server
+  my $response = c2s("getClientInfo");
+  defined $response or return; # receive data or return undef
+
+  # parse server response (SOAP data object)
+  my @clients;
+  my @response_list = $response->valueof('/Envelope/Body/getClientInfoResponse/client/');
+
+  while (scalar @response_list) {
+    my $response_data = shift(@response_list);
+    my %client;
+    $client{'client_id'}                = $response_data->{'CLIENT_ID'} ;
+    $client{'hostname'}                 = $response_data->{'HOSTNAME'};
+    $client{'registered'}               = $response_data->{'REGISTERED'};
+    $client{'requestor'}                = $response_data->{'REQUESTOR'};
+    $client{'service'}                  = $response_data->{'SERVICE'};
+    $client{'client_type'}              = $response_data->{'CLIENT_TYPE'};
+    $client{'type'}                     = $response_data->{'TYPE'};
+    $client{'receive_own_events'}       = $response_data->{'RECEIVE_OWN_EVENTS'};
+    $client{'description_tags'}         = $response_data->{'DESCRIPTION_TAGS'};
+    $client{'ip_net_client'}            = $response_data->{'IP_NET_CLIENT'};
+    push (@clients,\%client);
+  }
+
+  return @clients;
+}  # End of getClientInfo
+
+1;