00001
00002
00009
00010
00011 #include "policy-xml.h"
00012 #include "policy-build.h"
00013 #include "policy-dump.h"
00014 #include "policy-snort.h"
00015 #include "memory.h"
00016 #include "plugin.h"
00017 #include "naming.h"
00018 #include <unistd.h>
00019 #include <errno.h>
00020
00021 #ifndef DEBUG_POLICY_XML
00022 #ifdef DEBUG
00023 #define DEBUG_POLICY_XML DEBUG
00024 #else
00025 #define DEBUG_POLICY_XML 0
00026 #endif
00027 #endif
00028
00029 DEFINE_LL *defs;
00030
00031
00036
00037 BYTE *convertStringToBArray(char *arr){
00038 BYTE *s;
00039 unsigned long arr_sz;
00040 unsigned long i,j;
00041 BYTE c;
00042 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00043 printf("Enter convertStringToBArray(char*arr(%s))\n",arr);
00044 }
00045 if(!arr) return (BYTE*)0;
00046
00047 arr_sz = strlen(arr);
00048 if(arr_sz%2){
00049 printf("ERR: Array size must be an even number of hex characters\n");
00050 return (BYTE*)0;
00051 }
00052 s = (BYTE*)malloc_safe(arr_sz/2);
00053 if(!s){
00054 printf("ERR: malloc failed\n");
00055 return (BYTE*)0;
00056 }
00057 for(j=0,i=0;j<arr_sz;j++){
00058 switch(arr[j]){
00059 case '0': c = 0x00; break;
00060 case '1': c = 0x01; break;
00061 case '2': c = 0x02; break;
00062 case '3': c = 0x03; break;
00063 case '4': c = 0x04; break;
00064 case '5': c = 0x05; break;
00065 case '6': c = 0x06; break;
00066 case '7': c = 0x07; break;
00067 case '8': c = 0x08; break;
00068 case '9': c = 0x09; break;
00069 case 'a':
00070 case 'A': c = 0x0a; break;
00071 case 'b':
00072 case 'B': c = 0x0b; break;
00073 case 'c':
00074 case 'C': c = 0x0c; break;
00075 case 'd':
00076 case 'D': c = 0x0d; break;
00077 case 'e':
00078 case 'E': c = 0x0e; break;
00079 case 'f':
00080 case 'F': c = 0x0f; break;
00081 default:
00082 c = 0x00;
00083 printf("ERR: Character %c encountered. Only 1234567890aAbBcCdDeEfF allowed. Using 0\n",arr[j]);
00084 }
00085 if(j%2){
00086 s[i] |= c;
00087 i++;
00088 }
00089 else {
00090 s[i] = (c<<4) & 0xf0;
00091 }
00092 }
00093
00094
00095 return (BYTE*)s;
00096 }
00097
00098
00105
00106 int buildXmlSnort(xmlDocPtr doc, xmlNodePtr node, POLICY_HEAD* pol_hd, POLICY_OUTPUT* pol_o){
00107 char *source;
00108 char *filename;
00109 char *rules;
00110 unsigned long rules_sz;
00111 FILE *fd;
00112 char *inline_rules;
00113 unsigned long got;
00114
00115 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00116 printf("Enter buildXmlSnort(xmlDocPtr doc(%p),xmlNodePtr node(%p),POLICY_HEAD*pol_hd(%p),POLICY_OUTPUT*pol_o(%p))\n",doc,node,pol_hd,pol_o);
00117 }
00118 if(!doc || !node) return 0;
00119
00120 source = xmlGetProp(node, (xmlChar*)"source");
00121 if(!source){
00122 printf("ERR: XML: Oops - you forgot to give the snort source\n");
00123 return 0;
00124 }
00125
00126 if(!strcmp(source, "file")){
00127 filename = xmlGetProp(node, (xmlChar*)"filename");
00128 if(!filename){
00129 printf("ERR: XML: Duh, if you give file as source, you need to give a filename as well\n");
00130 }
00131
00132 fd = fopen(filename, "r");
00133 if(!fd){
00134 printf("ERR: fopen of file=(%s) failed\n",filename);
00135 return 0;
00136 }
00137 if(fseek(fd, 0, SEEK_END)==-1){
00138 printf("ERR: File fd=(%p) filename=(%s) fseek failed\n",fd,filename);
00139 return 0;
00140 }
00141 rules_sz = ftell(fd);
00142 if(rules_sz<=0){
00143 printf("ERR: Snort file has size (%ld)\n",rules_sz);
00144 return 0;
00145 }
00146 rewind(fd);
00147 rules = (char*)malloc(rules_sz+1);
00148 if(!rules){
00149 printf("ERR: XML: Malloc failed\n");
00150 return 0;
00151 }
00152 got = fread(rules, 1, rules_sz, fd);
00153 if(got!=rules_sz){
00154 printf("ERR: fread returned different size to sz. Got %ld instead of %ld\n",got,rules_sz);
00155 free(rules);
00156 return 0;
00157 }
00158 fclose(fd);
00159
00160 rules[rules_sz]=(char)0;
00161 }
00162 else {
00163 inline_rules = xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
00164 if(!inline_rules){
00165 printf("ERR: XML: Duh, if you specify inline snort rules - you need to actually include them!\n");
00166 return 0;
00167 }
00168 rules_sz = strlen(inline_rules);
00169 if(!rules_sz){
00170 printf("ERR: XML: Duh, if you specify inline snort rules - you need to actually include them!\n");
00171 return 0;
00172 }
00173 rules = (char*)malloc_safe(rules_sz+1);
00174 if(!rules){
00175 printf("ERR: XML: malloc failed\n");
00176 return 0;
00177 }
00178 inline_rules[rules_sz] = (char)0;
00179 strcpy(rules, inline_rules);
00180
00181 }
00182 rules_sz+=1;
00183
00184 return parseSnortRules(pol_hd, pol_o, rules, rules_sz);
00185 }
00186
00187
00193
00194 int buildXmlDefault(xmlDocPtr doc, xmlNodePtr node, POLICY_HEAD* pol_hd){
00195 POLICY_OUTPUT *o;
00196 xmlNodePtr cur;
00197 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00198 printf("Enter buildXmlDefault(xmlDocPtr doc(%p), xmlNodePtr node(%p),POLICY_HEAD*pol_hd(%p)\n",doc,node,pol_hd);
00199 }
00200
00201 if(!doc || !node || !pol_hd) return 0;
00202
00203 if(!(pol_hd->def)){
00204 o = (POLICY_OUTPUT*)malloc_safe(sizeof(POLICY_OUTPUT));
00205 if(!o){
00206 printf("ERR: XML: malloc failed\n");
00207 return 0;
00208 }
00209 o->name = (char*)0;
00210 o->args = (char*)0;
00211 o->oNext = (POLICY_OUTPUT*)0;
00212 o->tNext = (POLICY_TEST*)0;
00213 }
00214 else o = pol_hd->def;
00215
00216 cur = node->xmlChildrenNode;
00217 while(cur){
00218 if(!xmlStrcmp(cur->name, (xmlChar*)"output")){
00219 buildXmlOutput(doc, cur, o);
00220 }
00221 else printf("WARN: XML: Unknown or malplaced tag %s\n",cur->name);
00222 cur = cur->next;
00223 }
00224
00225 return 0;
00226 }
00227
00228
00234
00235 int buildXmlOutput(xmlDocPtr doc, xmlNodePtr node, POLICY_OUTPUT* pol_o){
00236 char *name;
00237 char *arg;
00238 char *sEof;
00239 char eof;
00240 POLICY_OUTPUT *new_o;
00241 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00242 printf("Enter buildXmlOutput(xmlDocPtr doc(%p),xmlNodePtr node(%p),POLICY_OUTPUT*pol_o(%p))\n",doc,node,pol_o);
00243 }
00244 if(!doc || !node || !pol_o) return 0;
00245
00246 name = xmlGetProp(node, (xmlChar*)"name");
00247 if(!name){
00248 printf("ERR: XML: Oops - you forgot to name the plugin to init\n");
00249 return 0;
00250 }
00251 arg = xmlGetProp(node, (xmlChar*)"arg");
00252 sEof = xmlGetProp(node, (xmlChar*)"eof");
00253
00254 eof = (char)0;
00255 if(sEof){
00256 if(!strcmp(sEof, "yes")){
00257 eof = (char)1;
00258 }
00259 }
00260
00261 new_o = addOutputToOutput(pol_o,name,arg,eof);
00262 if(!new_o){
00263 printf("ERR: XML: Failed to add output to output\n");
00264 return 0;
00265 }
00266
00267 return 1;
00268 }
00269
00270
00275
00276 int buildXmlDefine(xmlDocPtr doc, xmlNodePtr node){
00277 DEFINE_LL *l;
00278 char *id;
00279 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00280 printf("Enter buildXmlDefine(xmlDocPtr doc(%p),xmlNodePtr node(%p)\n",doc,node);
00281 }
00282 if(!doc || !node) return 0;
00283
00284 id = xmlGetProp(node, (xmlChar*)"id");
00285 if(!id){
00286 printf("ERR: XML: Idiot - you forgot the id for one of your defines\n");
00287 return 0;
00288 }
00289
00290 l = defs;
00291 while(l){
00292 if(!strcmp(id, l->id)){
00293 printf("ERR: XML: Blind are we? Or stupid? You've used the same id twice\n");
00294 return 0;
00295 }
00296 if(!l->next){
00297 break;
00298 }
00299 l = l->next;
00300 }
00301 l->next = (DEFINE_LL*)malloc(sizeof(DEFINE_LL));
00302 if(!(l->next)){
00303 printf("ERR: XML: malloc failed\n");
00304 return 0;
00305 }
00306 l->id = id;
00307 l->doc = doc;
00308 l->node = node;
00309 l->next = (DEFINE_LL*)0;
00310
00311 return 1;
00312 }
00313
00314
00321
00322 int buildXmlProtocol(xmlDocPtr doc, xmlNodePtr node, POLICY_HEAD* pol_hd, POLICY_OUTPUT* pol_o){
00323 xmlNodePtr cur;
00324 char *name;
00325 char *type;
00326 char *val;
00327 char *mask;
00328 char *offset;
00329 char *invert;
00330 char *vartype;
00331 char *test;
00332 char *field;
00333 PROTO protonum;
00334 POLICY_TEST *t;
00335
00336 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00337 printf("Enter \n");
00338 }
00339
00340 t = createBlankTest();
00341 if(!t){
00342 printf("ERR: XML: Failed to create blank test in protocol\n");
00343 return 0;
00344 }
00345
00346 name = xmlGetProp(node, (xmlChar*)"name");
00347 protonum = mapProtoNameToNum(name);
00348 if(!protonum){
00349 protonum = PROTO_ANY_NUM;
00350 name = PROTO_ANY_NAME;
00351 }
00352 type = xmlGetProp(node, (xmlChar*)"type");
00353 if(!type){
00354 type = "english";
00355 }
00356 t->p_num = protonum;
00357 t->p_name = strdup_safe(name);
00358 if(!strcmp(type, "masked")){
00359 t->test_type = POLICY_TEST_TYPE_MASKED;
00360 val = xmlGetProp(node, (xmlChar*)"val");
00361 mask = xmlGetProp(node, (xmlChar*)"mask");
00362 if(val || mask){
00363 if(strlen(mask)==strlen(val)){
00364 if(strlen(val)%2 || strlen(mask)%2){
00365 printf("ERR: XML: The val and mask must be ana even number of hex characters\n");
00366 free_safe(t->p_name);
00367 free_safe(t);
00368 return 0;
00369 }
00370 t->m_len = strlen(val)/2;
00371 }
00372 else {
00373 printf("ERR: XML: The val and mask must be of the same length\n");
00374 free_safe(t->p_name);
00375 free_safe(t);
00376 return 0;
00377 }
00378 }
00379 else t->m_len = 0;
00380 if(t->m_len){
00381 t->m_val = convertStringToBArray(val);
00382 t->m_mask = convertStringToBArray(mask);
00383 offset = xmlGetProp(node, (xmlChar*)"offset");
00384 if(!offset) t->m_offset = 0;
00385 else t->m_offset = strtoul(offset, (char**)0, 0);
00386 invert = xmlGetProp(node, (xmlChar*)"invert");
00387 if(!invert)
00388 t->m_type = '=';
00389 else if(!strcmp(invert, "yes"))
00390 t->m_type = '!';
00391 else
00392 t->m_type = '=';
00393 }
00394 else {
00395 t->m_val = (BYTE*)0;
00396 t->m_mask = (BYTE*)0;
00397 t->m_offset = 0;
00398 t->m_type = '=';
00399 }
00400 }
00401 else if(!strcmp(type, "variable")){
00402 t->test_type = POLICY_TEST_TYPE_VAR;
00403 val = xmlGetProp(node, (xmlChar*)"val");
00404 t->v_val = strtoul(val, (char**)0, 0);
00405 vartype = xmlGetProp(node, (xmlChar*)"vartype");
00406 if(!vartype) vartype = "U8";
00407 else if(!strcmp(vartype, "8")) t->v_vType = POLICY_TEST_V_TYPE_8;
00408 else if(!strcmp(vartype, "16")) t->v_vType = POLICY_TEST_V_TYPE_16;
00409 else if(!strcmp(vartype, "U16")) t->v_vType = POLICY_TEST_V_TYPE_U16;
00410 else if(!strcmp(vartype, "32")) t->v_vType = POLICY_TEST_V_TYPE_32;
00411 else if(!strcmp(vartype, "U32")) t->v_vType = POLICY_TEST_V_TYPE_U32;
00412 else t->v_vType = POLICY_TEST_V_TYPE_U8;
00413
00414 test = xmlGetProp(node, (xmlChar*)"test");
00415 if(!test) test = "==";
00416 if(!strcmp(test, ">") || !strcmp(test, " >") || !strcmp(test, "> ")){
00417 t->v_tType = strdup(">");
00418 }
00419 else if(!strcmp(test, "<") || !strcmp(test, " <") || !strcmp(test, "< ")){
00420 t->v_tType = strdup("<");
00421 }
00422 else if(!strcmp(test, ">=") || !strcmp(test, "=>")){
00423 t->v_tType = strdup(">=");
00424 }
00425 else if(!strcmp(test, "<=") || !strcmp(test, "=<")){
00426 t->v_tType = strdup("<=");
00427 }
00428 else if(!strcmp(test, "!") || !strcmp(test, "!=")){
00429 t->v_tType = strdup("!=");
00430 }
00431 else {
00432 t->v_tType = strdup("==");
00433 }
00434
00435 offset = xmlGetProp(node, (xmlChar*)"offset");
00436 t->v_offset = strtoul(offset, (char**)0, 0);
00437 }
00438 else if(!strcmp(type, "english")){
00439 val = xmlGetProp(node, (xmlChar*)"val");
00440 test = xmlGetProp(node, (xmlChar*)"test");
00441 field = xmlGetProp(node, (xmlChar*)"field");
00442 if(!mkTest(protonum, val, test, field, t)){
00443 printf("ERR: Failed to create english test\n");
00444 free_safe(t);
00445 return 0;
00446 }
00447 }
00448
00449 if(pol_hd){
00450 if(!attachTestToPolicy(pol_hd, t)){
00451 printf("ERR: XML: Failed to attachTestToPolicy\n");
00452 free_safe(t);
00453 return 0;
00454 }
00455 }
00456 else {
00457 if(!attachTestToOutput(pol_o, t)){
00458 printf("ERR: XML: Failed to attachTestToOutput\n");
00459 free_safe(t);
00460 return 0;
00461 }
00462 }
00463
00464 t->result = addResultToTest(t, (char*)0, 1);
00465 if(!(t->result)){
00466 printf("ERR: XML: Failed to addResultToTest\n");
00467 free_safe(t);
00468 return 0;
00469 }
00470
00471 t->result->match = addOutputToResult(t->result, (char*)0, (char*)0, 0);
00472 if(!(t->result->match)){
00473 printf("ERR: XML: Failed to addOutputToResult\n");
00474 free_safe(t->result);
00475 free_safe(t);
00476 return 0;
00477 }
00478
00479 cur = node->xmlChildrenNode;
00480 while(cur){
00481 if(!xmlStrcmp(cur->name, (xmlChar*)"analysis")){
00482 buildXmlAnalysis(doc, cur, t->result->match);
00483 }
00484 else if(!xmlStrcmp(cur->name, (xmlChar*)"output")){
00485 buildXmlOutput(doc, cur, t->result->match);
00486 }
00487 else if(!xmlStrcmp(cur->name, (xmlChar*)"protocol")){
00488 buildXmlProtocol(doc, cur, (POLICY_HEAD*)0, t->result->match);
00489 }
00490 else if(!xmlStrcmp(cur->name, (xmlChar*)"instance")){
00491 buildXmlInstance(doc, cur, (POLICY_HEAD*)0, t->result->match);
00492 }
00493 else printf("WARN: XML: Unknown or misplaced tag %s\n",cur->name);
00494 cur = cur->next;
00495 }
00496
00497 return 0;
00498 }
00499
00500
00506
00507 int buildXmlAnalysis(xmlDocPtr doc, xmlNodePtr node, POLICY_OUTPUT* pol_o){
00508 POLICY_TEST *t;
00509 PROTO num;
00510 char *name;
00511 char *arg;
00512 char *sProto;
00513 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00514 printf("Enter buildXmlAnalysis(xmlDocPtr doc(%p),xmlNodePtr node(%p),POLICY_OUTPUT*pol_o(%p))\n",doc,node,pol_o);
00515 }
00516 if(!doc || !node || !pol_o) return 0;
00517
00518 name = xmlGetProp(node, (xmlChar*)"name");
00519 if(!name){
00520 printf("ERR: XML: Oops, name missing\n");
00521 return 0;
00522 }
00523 arg = xmlGetProp(node, (xmlChar*)"arg");
00524 sProto = xmlGetProp(node, (xmlChar*)"protocol");
00525 if(sProto){
00526 num = mapProtoNameToNum(sProto);
00527 if(!num) printf("ERR: XML: Unknown proto %s. Using any as proto.\n",sProto);
00528 }
00529 else num = 0;
00530 if(!num){
00531 num = PROTO_ANY_NUM;
00532 sProto = PROTO_ANY_NAME;
00533 }
00534
00535 t = createAnalysisTest(name,arg,sProto,num);
00536 if(!t){
00537 printf("ERR: XML: Failed to create analysis test\n");
00538 return 0;
00539 }
00540 if(!attachTestToOutput(pol_o,t)){
00541 printf("ERR: XML: Failed to attach analysis to test\n");
00542 dumpTest(0, t, 0, (char)1);
00543 return 0;
00544 }
00545
00546 return 0;
00547 }
00548
00549
00556
00557 int buildXmlInstance(xmlDocPtr doc, xmlNodePtr node, POLICY_HEAD *pol_h, POLICY_OUTPUT* pol_o){
00558 DEFINE_LL *l;
00559 char *id;
00560 xmlNodePtr cur;
00561 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00562 printf("Enter buildXmlInstance(xmlDocPtr doc(%p), xmlNodePtr node(%p), POLICY_HEAD*pol_h(%p),POLIC_OUTPUT*pol_o(%p))\n",doc, node,pol_h,pol_o);
00563 }
00564 if(!doc || !node) return 0;
00565
00566 id = xmlGetProp(node, (xmlChar*)"id");
00567 if(!id){
00568 printf("ERR: XML: Doh! You forgot to say which defines to use (i.e. id)\n");
00569 return 0;
00570 }
00571
00572 l = defs;
00573 while(l){
00574 if(strcmp(id, l->id)) break;
00575 l = l->next;
00576 }
00577 if(!l){
00578 printf("ERR: XML: Unknown id %s\n",id);
00579 return 0;
00580 }
00581
00582 cur = l->node->xmlChildrenNode;
00583 while(cur){
00584 if(!xmlStrcmp(cur->name, (xmlChar*)"analysis")){
00585 if(!pol_o){
00586 printf("ERR: XML: Can't instantiate a define containing analysis as first layer\n");
00587 }
00588 else
00589 buildXmlAnalysis(doc, cur, pol_o);
00590 }
00591 else if(!xmlStrcmp(cur->name, (xmlChar*)"protocol")){
00592 buildXmlProtocol(doc, cur, pol_h, pol_o);
00593 }
00594 else if(!xmlStrcmp(cur->name, (xmlChar*)"output")){
00595 if(!pol_o){
00596 printf("ERR: XML: Can't place output on first layer\n");
00597 }
00598 else
00599 buildXmlOutput(doc, cur, pol_o);
00600 }
00601 else if(!xmlStrcmp(cur->name, (xmlChar*)"instance")){
00602 buildXmlInstance(doc, cur, pol_h, pol_o);
00603 }
00604 else printf("WARN: XML: Unknown or malplaced tag %s\n",cur->name);
00605 cur = cur->next;
00606 }
00607
00608
00609 return 1;
00610 }
00611
00612
00618
00619 int buildXmlAnalysisResult(xmlDocPtr doc, xmlNodePtr node, POLICY_TEST* pol_t){
00620 char *sRes;
00621 POLICY_OUTPUT *o;
00622 POLICY_RESULT *r;
00623 xmlNodePtr cur;
00624 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00625 printf("Enter buildXmlAnalysisResult(xmlDocPtr doc(%p),xmlNodePtr node(%p), POLICY_TEST*pol_t(%p))\n",doc,node,pol_t);
00626 }
00627 if(!doc || !node || !pol_t) return 0;
00628 if(pol_t->test_type != POLICY_TEST_TYPE_ANALYSIS){
00629 printf("ERR: XML: Policy test must be of type analysis for an analysisResult\n");
00630 return 0;
00631 }
00632
00633 sRes = xmlGetProp(node, (xmlChar*)"match");
00634 if(!sRes){
00635 sRes = "";
00636 }
00637
00638 r = addResultToTest(pol_t,sRes,0);
00639 if(!r){
00640 printf("ERR: XML: Failed to addResultToTest\n");
00641 return 0;
00642 }
00643
00644 o = addOutputToResult(r,(char*)0,(char*)0,0);
00645 if(!o){
00646 printf("ERR: XML: Failed to add default output to analysisResult\n");
00647 return 0;
00648 }
00649
00650 cur = node->xmlChildrenNode;
00651 while(cur){
00652 if(!xmlStrcmp(cur->name, (xmlChar*)"analysis")){
00653 buildXmlAnalysis(doc, cur, o);
00654 }
00655 else if(!xmlStrcmp(cur->name, (xmlChar*)"protocol")){
00656 buildXmlProtocol(doc, cur, (POLICY_HEAD*)0, o);
00657 }
00658 else if(!xmlStrcmp(cur->name, (xmlChar*)"output")){
00659 buildXmlOutput(doc, cur, o);
00660 }
00661 else if(!xmlStrcmp(cur->name, (xmlChar*)"instance")){
00662 buildXmlInstance(doc, cur, (POLICY_HEAD*)0, o);
00663 }
00664 else printf("WARN: XML: Unknown or malplaced tag %s\n",cur->name);
00665 cur = cur->next;
00666 }
00667
00668
00669 return 1;
00670 }
00671
00672
00677
00678 POLICY_HEAD *buildXmlPolicy(char *mem, unsigned long sz){
00679 POLICY_HEAD *pol;
00680 xmlDocPtr doc;
00681 xmlNodePtr cur;
00682 char *version;
00683 DEFINE_LL *l;
00684
00685 if(!mem) return (POLICY_HEAD*)0;
00686 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00687 printf("Enter buildXmlPolicy(char*mem(%p),ulong sz(%lu))\n", mem, sz);
00688 }
00689
00690 defs = (DEFINE_LL*)0;
00691
00692 LIBXML_TEST_VERSION
00693 xmlKeepBlanksDefault(0);
00694
00695 doc = xmlParseMemory(mem, sz);
00696 if(!doc){
00697 printf("ERR: XML: Parsing failed\n");
00698 return (POLICY_HEAD*)0;
00699 }
00700
00701 cur = xmlDocGetRootElement(doc);
00702 if(!doc){
00703 printf("ERR: XML: Failed to get root element\n");
00704 return (POLICY_HEAD*)0;
00705 }
00706
00707 if(xmlStrcmp(cur->name, (xmlChar*)"rubicon")){
00708 xmlFreeDoc(doc);
00709 printf("ERR: XML: Unknown document - root element must be rubicon\n");
00710 return (POLICY_HEAD*)0;
00711 }
00712 version = xmlGetProp(cur, (xmlChar*)"version");
00713 if(!version){
00714 xmlFreeDoc(doc);
00715 printf("ERR: XML: Version number missing\n");
00716 return (POLICY_HEAD*)0;
00717 }
00718 else if(xmlStrcmp(version, (xmlChar*)"1.1")){
00719 xmlFreeDoc(doc);
00720 printf("ERR: XML: Sorry, only v 1.1 not v %s supported\n", version);
00721 return (POLICY_HEAD*)0;
00722 }
00723
00724 cur = cur->xmlChildrenNode;
00725 if(xmlStrcmp(cur->name, (xmlChar*)"policy")){
00726 xmlFreeDoc(doc);
00727 printf("ERR: XML: Next node after rubicon must be policy\n");
00728 return (POLICY_HEAD*)0;
00729 }
00730
00731 pol = newPolicy();
00732 if(!pol){
00733 xmlFreeDoc(doc);
00734 return (POLICY_HEAD*)0;
00735 }
00736
00737 cur = cur->xmlChildrenNode;
00738 while(cur){
00739 if(!xmlStrcmp(cur->name, (xmlChar*)"init")){
00740 buildXmlInit(doc, cur, pol);
00741 }
00742 else if(!xmlStrcmp(cur->name, (xmlChar*)"input")){
00743 buildXmlInput(doc, cur, pol);
00744 }
00745 else if(!xmlStrcmp(cur->name, (xmlChar*)"default")){
00746 buildXmlDefault(doc, cur, pol);
00747 }
00748 else if(!xmlStrcmp(cur->name, (xmlChar*)"protocol")){
00749 buildXmlProtocol(doc, cur, pol, (POLICY_OUTPUT*)0);
00750 }
00751 else if(!xmlStrcmp(cur->name, (xmlChar*)"define")){
00752 buildXmlDefine(doc, cur);
00753 }
00754 else if(!xmlStrcmp(cur->name, (xmlChar*)"instance")){
00755 buildXmlInstance(doc, cur, pol, (POLICY_OUTPUT*)0);
00756 }
00757 else if(!xmlStrcmp(cur->name, (xmlChar*)"snort")){
00758 buildXmlSnort(doc, cur, pol, (POLICY_OUTPUT*)0);
00759 }
00760 else printf("WARN: XML: Unknown tag %s\n",cur->name);
00761 cur = cur->next;
00762 }
00763
00764 while(defs){
00765 l = defs;
00766 defs = defs->next;
00767 free(l);
00768 }
00769
00770 xmlFreeDoc(doc);
00771
00772 return pol;
00773 }
00774
00775
00779
00780 POLICY_HEAD *buildXmlPolicyFromFile(char *filename){
00781 long sz;
00782 long got;
00783 unsigned long filename_len;
00784 FILE *fd;
00785 char *mem;
00786 char *fullfile;
00787
00788 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00789 printf("Enter buildXmlPolicyFromFile(char*filename(%s))\n", filename);
00790 }
00791
00792 if(!filename) return (POLICY_HEAD*)0;
00793
00794
00795 if(filename[0]=='/'){
00796 fullfile = filename;
00797 }
00798 else {
00799 sz = 256;
00800 filename_len = strlen(filename) + 1;
00801 fullfile = (char*)malloc_safe(sz+filename_len);
00802 if(!fullfile){
00803 printf("ERR: malloc_safe failed\n");
00804 return (POLICY_HEAD*)0;
00805 }
00806 while(!getcwd(fullfile, sz) && errno==ERANGE){
00807 sz+=256;
00808 fullfile = (char*)realloc_safe(fullfile, sz+filename_len);
00809 if(!fullfile){
00810 printf("ERR: realloc failed\n");
00811 return (POLICY_HEAD*)0;
00812 }
00813 }
00814 strcat(fullfile, "/");
00815 strcat(fullfile, filename);
00816 }
00817
00818 if(DEBUG_POLICY_XML>=DEBUG_DO_INTERNALS){
00819 printf("Full filename=%s\n", fullfile);
00820 }
00821
00822 fd = fopen(fullfile, "r");
00823 if(!fd){
00824 printf("ERR: fopen of file=(%s) failed\n",fullfile);
00825 return (POLICY_HEAD*)0;
00826 }
00827 if(fseek(fd, 0, SEEK_END)==-1){
00828 printf("ERR: File fd=(%p) filename=(%s) fseek failed\n",fd,fullfile);
00829 return (POLICY_HEAD*)0;
00830 }
00831 sz = ftell(fd);
00832 if(sz<=0){
00833 printf("ERR: Policy file has size (%ld)\n",sz);
00834 return (POLICY_HEAD*)0;
00835 }
00836 rewind(fd);
00837 mem = (char*)malloc(sz+1);
00838 if(!mem){
00839 printf("ERR: Malloc failed\n");
00840 return (POLICY_HEAD*)0;
00841 }
00842 got = fread(mem, 1, sz, fd);
00843 if(got!=sz){
00844 printf("ERR: fread returned different size to sz. Got %ld instead of %ld\n",got,sz);
00845 free(mem);
00846 return (POLICY_HEAD*)0;
00847 }
00848 fclose(fd);
00849
00850 mem[sz]=(char)0;
00851 return buildXmlPolicy(mem, sz);
00852 }
00853
00854
00860
00861 int buildXmlInit(xmlDocPtr doc, xmlNodePtr node, POLICY_HEAD* pol_hd){
00862 char *name;
00863 char *init;
00864 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00865 printf("Enter buildXmlInit(xmlDocPtr doc(%p),xmlNodePtr node(%p),POLICY_HEAD*pol_hd(%p))\n",doc,node,pol_hd);
00866 }
00867 if(!doc || !node || !pol_hd) return 0;
00868
00869 name = xmlGetProp(node, (xmlChar*)"name");
00870 if(!name){
00871 printf("ERR: XML: Oops - you forgot to name the plugin to init\n");
00872 }
00873 init = xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
00874
00875 if(!addInitToPolicy(pol_hd,name,init)){
00876 printf("ERR: XML: Failed to add init %s to policy\n", name);
00877 return 0;
00878 }
00879 return 1;
00880 }
00881
00882
00888
00889 int buildXmlInput(xmlDocPtr doc, xmlNodePtr node, POLICY_HEAD* pol_hd){
00890 char *name;
00891 char *sWeight;
00892 unsigned short weight;
00893 char *sSrc;
00894 if(DEBUG_POLICY_XML>=DEBUG_DO_ENTRY_SOME){
00895 printf("Enter buildXmlInput(xmlDocPtr doc(%p),xmlDocPtr node(%p),POLICY_HEAD*pol_hd(%p))\n",doc,node,pol_hd);
00896 }
00897
00898 name = xmlGetProp(node, (xmlChar*)"name");
00899 if(!name){
00900 printf("ERR: XML: Oops - you forgot to name the plugin to init\n");
00901 }
00902 sWeight = xmlGetProp(node, (xmlChar*)"weight");
00903 sSrc = xmlGetProp(node, (xmlChar*)"src");
00904
00905 if(!sWeight) weight=1;
00906 else {
00907 weight = (unsigned short)strtoul(sWeight, (char**)0, 0);
00908 }
00909
00910 if(!addInputToPolicy(pol_hd,name,weight,sSrc,0)){
00911 printf("ERR: XML: Failed to add input %s to policy\n", name);
00912 return 0;
00913 }
00914 return 1;
00915 }