Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587
  1. // main.cpp
  2. // SNF_Client.exe
  3. //
  4. // (C) 2006-2008 ARM Research Labs, LLC.
  5. // See www.armresearch.com for the copyright terms.
  6. //
  7. // This program implements a client command line interface for systems using
  8. // SNF_Server. The operation is simple--- Given a file name to scan, pass the
  9. // file name to the SNF scanner on localhost and return the result code.
  10. #if defined(WIN32) || defined(WIN64)
  11. #include <windows.h>
  12. #endif
  13. #include <iostream>
  14. #include <fstream>
  15. #include <sstream>
  16. #include <cstring>
  17. #include <string>
  18. #include <ctime>
  19. #include <cctype>
  20. #include <unistd.h>
  21. #include <dirent.h>
  22. #include <fcntl.h>
  23. #include <sys/types.h>
  24. #include <sys/stat.h>
  25. #include "timing.hpp"
  26. #include "networking.hpp"
  27. #include "threading.hpp"
  28. #include "snf_xci.hpp"
  29. #include "config.h"
  30. using namespace std; // Introduce standard namespace.
  31. const char* VERSION_INFO = "SNF Client Version " PACKAGE_VERSION " Build: " __DATE__ " " __TIME__;
  32. time_t Timestamp() { // Get an ordinary timestamp.
  33. time_t rawtime; // Grab raw time from
  34. time(&rawtime); // the system clock.
  35. return rawtime;
  36. }
  37. string Timestamp(time_t t) { // Convert time_t to a timestamp.
  38. char TimestampBfr[20]; // Create a small buffer.
  39. tm* gmt; // Get a ptr to a tm structure.
  40. gmt = gmtime(&t); // Fill it with UTC.
  41. sprintf(TimestampBfr,"%04d%02d%02d%02d%02d%02d\0", // Format yyyymmddhhmmss
  42. gmt->tm_year+1900,
  43. gmt->tm_mon+1,
  44. gmt->tm_mday,
  45. gmt->tm_hour,
  46. gmt->tm_min,
  47. gmt->tm_sec
  48. );
  49. return string(TimestampBfr); // Return a string.
  50. }
  51. string ErrorMessage(int argc, char** argv, string ErrorText) { // Create an error message.
  52. ostringstream FailurePreamble; // Setup a stringstream for formatting.
  53. string TimestampString = Timestamp(Timestamp()); // Get the UTC timestamp.
  54. FailurePreamble << TimestampString << ", "; // Start with the timestamp and
  55. for(int a = 1; a < argc; a++) { // then roll in all of the command
  56. FailurePreamble << "arg" << a << "=" << argv[a]; // line parameters. Follow that with
  57. if(a < argc-1) { FailurePreamble << ", "; } // a colon and the error itself.
  58. else { FailurePreamble << " : "; }
  59. }
  60. FailurePreamble << ErrorText << endl; // Tack on the error text.
  61. return FailurePreamble.str(); // Return the completed string.
  62. }
  63. int main(int argc, char* argv[]) { // Accept command line parms.
  64. // Figure out what we're going to do and create a suitable RequestString.
  65. bool DebugMode = false; // This will be our debug mode.
  66. string argv0(argv[0]); // Capture how we were called.
  67. if(
  68. string::npos != argv0.find("Debug") || // If we find "Debug" or
  69. string::npos != argv0.find("debug") // "debug" in our command path
  70. ) { // then we are in DebugMode.
  71. DebugMode = true; // Set the flag and tell the
  72. cout << "Debug Mode" << endl; // watchers.
  73. }
  74. string FileToScan; // What will we be scanning?
  75. string RequestString; // What will we send to the server?
  76. bool ItIsACommand = false; // Is it a command?
  77. bool ItIsAScan = false; // Is it a scan?
  78. bool GetXHDRs = false; // GetXHDRs with scan?
  79. bool ItIsAGBUdb = false; // Is it a GBUdb Request?
  80. bool ItIsAReport = false; // Is it a Status Report Request?
  81. switch(argc) {
  82. case 2: { // This is either a file or a command.
  83. FileToScan = argv[1];
  84. // Status Report? --------------------------------------------------
  85. if(0 == FileToScan.find("-status.second")) { // Status Second Report? If so:
  86. ItIsAReport = true; // Set the flag & format the request.
  87. RequestString = "<snf><xci><report><request><status class='second'/></request></report></xci></snf>";
  88. } else
  89. if(0 == FileToScan.find("-status.minute")) { // Status Minute Report? If so:
  90. ItIsAReport = true; // Set the flag & format the request.
  91. RequestString = "<snf><xci><report><request><status class='minute'/></request></report></xci></snf>";
  92. } else
  93. if(0 == FileToScan.find("-status.hour")) { // Status Hour Report? If so:
  94. ItIsAReport = true; // Set the flag & format the request.
  95. RequestString = "<snf><xci><report><request><status class='hour'/></request></report></xci></snf>";
  96. } else
  97. if(0 == FileToScan.find("-shutdown")) { // If argv1 is -shutdown:
  98. ItIsACommand = true; // Set the command flag.
  99. if(DebugMode) { cout << "Command: shutdown" << endl; } // In debug - tell what we are doing.
  100. // Format the request.
  101. RequestString = "<snf><xci><server><command command=\'shutdown\'/></server></xci></snf>\n";
  102. } else
  103. if('-' == FileToScan.at(0)) { // If argv1 still looks like -something
  104. goto BadCommandLine; // Complain and show the help text.
  105. } else { // If it does not then it is a file.
  106. ItIsAScan = true; // Set the scan flag.
  107. if(DebugMode) { cout << "Scan: " << FileToScan << endl; } // In debug - tell what we are doing.
  108. // Format the request.
  109. RequestString = "<snf><xci><scanner><scan file=\'";
  110. RequestString.append(FileToScan);
  111. RequestString.append("\'/></scanner></xci></snf>\n");
  112. }
  113. break;
  114. }
  115. case 3: { // Special Scan Mode
  116. string CommandString = argv[1]; // -command
  117. FileToScan = argv[2]; // What file to scan?
  118. // XHeader Scan? ---------------------------------------------------
  119. if(0 == CommandString.find("-xhdr")) { // Scan file and show x headers.
  120. ItIsAScan = true; // Set the scan flag.
  121. GetXHDRs = true; // Turn on XHDRs for the scan.
  122. if(DebugMode) {
  123. cout << "(xhdr)Scan: " << FileToScan << endl; // In debug - tell what we are doing.
  124. }
  125. // Format the request.
  126. RequestString = "<snf><xci><scanner><scan file=\'";
  127. RequestString.append(FileToScan);
  128. RequestString.append("\' xhdr=\'yes\'/></scanner></xci></snf>\n");
  129. } else
  130. // Source Scan? ----------------------------------------------------
  131. if(0 == CommandString.find("-source=")) { // Scan file with forced source.
  132. ItIsAScan = true; // Set the scan flag.
  133. const int SourceIPIndex = CommandString.find("=") + 1; // Find source after "-source="
  134. IP4Address SourceIP = CommandString.substr(SourceIPIndex); // Extract the source IP.
  135. if(DebugMode) {
  136. cout << "([" << (string) SourceIP // In debug - tell what we are doing.
  137. << "])Scan: " << FileToScan << endl;
  138. }
  139. // Format the request.
  140. RequestString = "<snf><xci><scanner><scan file=\'";
  141. RequestString.append(FileToScan);
  142. RequestString.append("\' ip=\'");
  143. RequestString.append((string) SourceIP);
  144. RequestString.append("\'/></scanner></xci></snf>\n");
  145. } else
  146. // GBUdb test? -----------------------------------------------------
  147. if(0 == CommandString.find("-test")) { // GBUdb test IP
  148. ItIsAGBUdb = true; // Set the GBUdb flag.
  149. // Format the request.
  150. RequestString = "<snf><xci><gbudb><test ip=\'";
  151. RequestString.append(argv[2]);
  152. RequestString.append("\'/></gbudb></xci></snf>\n");
  153. } else
  154. // GBUdb good? -----------------------------------------------------
  155. if(0 == CommandString.find("-good")) { // GBUdb good IP event
  156. ItIsAGBUdb = true; // Set the GBUdb flag.
  157. // Format the request.
  158. RequestString = "<snf><xci><gbudb><good ip=\'";
  159. RequestString.append(argv[2]);
  160. RequestString.append("\'/></gbudb></xci></snf>\n");
  161. } else
  162. // GBUdb bad? ------------------------------------------------------
  163. if(0 == CommandString.find("-bad")) { // GBUdb bad IP event
  164. ItIsAGBUdb = true; // Set the GBUdb flag.
  165. // Format the request.
  166. RequestString = "<snf><xci><gbudb><bad ip=\'";
  167. RequestString.append(argv[2]);
  168. RequestString.append("\'/></gbudb></xci></snf>\n");
  169. } else
  170. // GBUdb drop? -----------------------------------------------------
  171. if(0 == CommandString.find("-drop")) { // GBUdb drop IP
  172. ItIsAGBUdb = true; // Set the GBUdb flag.
  173. // Format the request.
  174. RequestString = "<snf><xci><gbudb><drop ip=\'";
  175. RequestString.append(argv[2]);
  176. RequestString.append("\'/></gbudb></xci></snf>\n");
  177. } else
  178. // Compatibility Scan? ---------------------------------------------
  179. if(CommandString.at(0) != '-') { // If we don't see -<something>:
  180. ItIsAScan = true; // Set the scan flag.
  181. FileToScan = argv[2]; // Grab the message_file_name for
  182. if(DebugMode) { // a compatability scan and if
  183. cout << "(compat)Scan: " << FileToScan << endl; // debugging then announce it.
  184. }
  185. // Format the request.
  186. RequestString = "<snf><xci><scanner><scan file=\'";
  187. RequestString.append(FileToScan);
  188. RequestString.append("\'/></scanner></xci></snf>\n");
  189. } else
  190. goto BadCommandLine; // If no match here, give help.
  191. break;
  192. }
  193. case 4: {
  194. string Command1String = argv[1]; // -command1
  195. string Command2String = argv[2]; // -command2
  196. FileToScan = argv[3]; // What file to scan?
  197. // XHeader Scan W/ Source IP? --------------------------------------
  198. if(0 == Command1String.find("-source=")) { // If things are refersed
  199. string tmp = Command2String; // swap them to the order we
  200. Command2String = Command1String; // are expecting. If we're wrong
  201. Command1String = tmp; // then that case will be handled
  202. } // next step.
  203. if(
  204. 0 == Command1String.find("-xhdr") &&
  205. 0 == Command2String.find("-source=")
  206. ) { // Scan file and show x headers.
  207. ItIsAScan = true; // Set the scan flag.
  208. GetXHDRs = true; // Turn on XHDRs for the scan.
  209. const int SourceIPIndex = Command2String.find("=") + 1; // Find source after "-source="
  210. IP4Address SourceIP = Command1String.substr(SourceIPIndex); // Extract the source IP.
  211. if(DebugMode) {
  212. cout << "(xhdr [" << (string) SourceIP // In debug - tell what we are doing.
  213. << "])Scan: " << FileToScan << endl;
  214. }
  215. // Format the request.
  216. RequestString = "<snf><xci><scanner><scan file=\'";
  217. RequestString.append(FileToScan);
  218. RequestString.append("\' xhdr=\'yes\' ip=\'");
  219. RequestString.append((string) SourceIP);
  220. RequestString.append("\'/></scanner></xci></snf>\n");
  221. } else
  222. goto BadCommandLine; // If no match here, give help.
  223. break;
  224. }
  225. case 6: { // GBUdb set mode.
  226. string CommandString = argv[1]; // -command
  227. // GBUdb set? ------------------------------------------------------
  228. if(0 == CommandString.find("-set")) { // GBUdb set IP
  229. ItIsAGBUdb = true; // Set the GBUdb flag.
  230. // Format the request.
  231. RequestString = "<snf><xci><gbudb><set ip=\'"; // Capture the IP in the request.
  232. RequestString.append(argv[2]);
  233. RequestString.append("\'");
  234. if( // If the type flag is specified
  235. 'g' == argv[3][0] || // it must begin with G B U or I.
  236. 'G' == argv[3][0] ||
  237. 'b' == argv[3][0] ||
  238. 'B' == argv[3][0] ||
  239. 'u' == argv[3][0] ||
  240. 'U' == argv[3][0] ||
  241. 'i' == argv[3][0] ||
  242. 'I' == argv[3][0]
  243. ) { // If we've got a type flag then
  244. RequestString.append(" type=\'"); // capture it in our request.
  245. RequestString.append(argv[3]);
  246. RequestString.append("\'");
  247. } // If the type flag isn't specified
  248. else if('-' != argv[3][0]) goto BadCommandLine; // it must be a - or else an error.
  249. if(isdigit(argv[4][0])) { // Capture the bad count.
  250. RequestString.append(" b=\'"); // If it looks like a number
  251. RequestString.append(argv[4]); // capture it in our request.
  252. RequestString.append("\'");
  253. }
  254. else if('-' != argv[4][0]) goto BadCommandLine; // If not a number it must be -
  255. if(isdigit(argv[5][0])) { // Capture the good count.
  256. RequestString.append(" g=\'"); // If it looks like a number
  257. RequestString.append(argv[5]); // capture it in our request.
  258. RequestString.append("\'");
  259. }
  260. else if('-' != argv[5][0]) goto BadCommandLine; // If not a number it must be -
  261. RequestString.append("/></gbudb></xci></snf>\n"); // Finish off our request.
  262. }
  263. else goto BadCommandLine; // If no match here, give help.
  264. break;
  265. }
  266. // Bad Command Line ----------------------------------------------------
  267. default: { // If we don't know: show help.
  268. BadCommandLine: // Shortcut for others.
  269. cout
  270. << endl
  271. << VERSION_INFO << endl
  272. << endl
  273. << "Help:" << endl
  274. << endl
  275. << " To scan a message file use: " << endl
  276. << " SNFClient.exe [-xhdr] [-source=<IP4Address>] <FileNameToScan>" << endl
  277. << " or: SNFClient.exe <Authenticationxx> <FileNameToScan>" << endl
  278. << endl
  279. << " To test an IP with GBUdb use: " << endl
  280. << " SNFClient.exe -test <IP4Address>" << endl
  281. << endl
  282. << " To update GBUdb records use: " << endl
  283. << " SNFClient.exe -set <IP4Address> <flag> <bad> <good>" << endl
  284. << " or: SNFClient.exe -drop <IP4Address>" << endl
  285. << " or: SNFClient.exe -good <IP4Address>" << endl
  286. << " or: SNFClient.exe -bad <IP4Address>" << endl
  287. << endl
  288. << " To check SNFServer status use: " << endl
  289. << " SNFClient.exe -status.second" << endl
  290. << " or: SNFClient.exe -status.minute" << endl
  291. << " or: SNFClient.exe -status.hour" << endl
  292. << endl
  293. << " To shut down the SNFServer use: " << endl
  294. << " SNFClient.exe -shutdown" << endl
  295. << endl
  296. << " For more information see www.armresearch.com" << endl
  297. << " (C) 2007-2008 Arm Research Labs, LLC." << endl;
  298. return 0; // Return 0 on help.
  299. }
  300. }
  301. // If we're in debug mode this is a good time to emit our request string
  302. if(DebugMode) { cout << RequestString << endl; } // If debugging, show our request.
  303. // Since we're gonna do this -- prepare for an error
  304. string ERRFname; // The default error log name will
  305. ERRFname = argv[0]; // be the program file name with
  306. ERRFname.append(".err"); // .err tagged on the end.
  307. const int FailSafeResult = 0; // Fail Safe result code.
  308. const int StatusReportError = 99; // Unknown Error Code for status failures.
  309. // Connect to the server and get the result...
  310. string ResultString; // We need our result string.
  311. bool ConnectSuccess = false; // We need our success flag.
  312. // Max time in this loop should be (100*50ms) = 5 seconds per try times
  313. // 10 tries = 50 seconds, plus (9*500ms) = 4.5 secs for re-tries. ~ 55 secs.
  314. const int ResultBufferSize = 4096;
  315. char ResultBuffer[ResultBufferSize+1]; // Make an oversize buffer for the answer.
  316. memset(ResultBuffer, 0, sizeof(ResultBuffer)); // Set the entire thing to nulls.
  317. const int Tries = 20; // How many times to try this.
  318. Sleeper SleepAfterAttempt(100); // How long to sleep between attempts.
  319. const int OpenTries = 90; // How many tries at opening.
  320. Sleeper WaitForOpen(10); // How long to wait for an open cycle.
  321. const int ReadTries = 900; // How many tries at reading.
  322. Sleeper SleepBeforeReading(10); // How long to pause before reading.
  323. /*
  324. ** 20 * 100ms = 2 seconds for all tries.
  325. ** 90 * 10ms = 900ms for a failed connection.
  326. ** 900 * 10ms = 9 seconds for a failed read.
  327. **
  328. ** Approximate wait for can't connect = 2.0 + (20 * 0.9) = ~ 20.0 seconds.
  329. ** Maximum impossible wait = 2.0 + (0.9 * 20) + (9.0 * 20) = 200.0 seconds.
  330. */
  331. for(int tryagain = Tries; (0<tryagain) && (!ConnectSuccess); tryagain--) { // Try a few times to get this done.
  332. try {
  333. ResultString = ""; // Clear our result string.
  334. TCPHost SNFServer(9001); // Create connection to server.
  335. SNFServer.makeNonBlocking(); // Make it non-blocking.
  336. for(int tries = OpenTries; 0 < tries; tries--) { // Wait & Watch for a good connection.
  337. try { SNFServer.open(); } catch(...) {} // Try opening the connection.
  338. if(SNFServer.isOpen()) break; // When successful, let's Go!
  339. else WaitForOpen(); // When not successful, pause.
  340. }
  341. if(SNFServer.isOpen()) { // If we have a good connection:
  342. SNFServer.transmit(
  343. RequestString.c_str(), RequestString.length()); // Send the request.
  344. for(int tries = ReadTries; 0 < tries; tries--) { // Try to read the result a few times.
  345. SleepBeforeReading(); // Provide some time for each try.
  346. memset(ResultBuffer, 0, sizeof(ResultBuffer)); // Clear the buffer.
  347. SNFServer.receive(ResultBuffer, ResultBufferSize); // Receive the answer.
  348. ResultString.append(ResultBuffer);
  349. if(string::npos ==
  350. ResultString.rfind("</snf>",ResultString.length())) { // If we don't have the end yet.
  351. continue; // Try again.
  352. } else { // If we got to end of line
  353. ConnectSuccess = true; // Success!
  354. break; // We're done.
  355. }
  356. }
  357. SNFServer.close(); // No need for our connection after that.
  358. }
  359. } catch(...) { } // Ignore errors for now.
  360. if(!ConnectSuccess) SleepAfterAttempt(); // Pause for a moment before trying again..
  361. }
  362. if(!ConnectSuccess) { // If no connection success complain!
  363. if(DebugMode) {
  364. cout << FileToScan << ": ";
  365. cout << "Could Not Connect!" << endl;
  366. }
  367. ofstream ERRF(ERRFname.c_str(), ios::out | ios::ate | ios::app);
  368. ERRF << ErrorMessage(argc, argv, "Could Not Connect!");
  369. ERRF.close();
  370. if(ItIsAReport) { // If this was a status request then
  371. return StatusReportError; // return a failure value.
  372. } // In all other cases return zero as a
  373. else return FailSafeResult; // Fail Safe.
  374. }
  375. // At this point we should have a usable result.
  376. if(DebugMode) { cout << ResultString << endl; } // In debug, show the result string.
  377. snf_xci Reader(ResultString); // Interpret the data and check for
  378. if(Reader.bad()) { // a proper read. If it was bad then
  379. if(DebugMode) {
  380. cout << FileToScan << ": ";
  381. cout << "Bad result from server!" << endl;
  382. cout << ResultString << endl;
  383. }
  384. ofstream ERRF(ERRFname.c_str(), ios::out | ios::ate | ios::app);
  385. ERRF << ErrorMessage(argc, argv, // complain and spit out what we got
  386. "Bad result from server! " + ResultString); // for debugging purposes.
  387. return FailSafeResult; // Return our failsafe value.
  388. }
  389. if(0 < Reader.xci_error_message.length()) { // If the result was a general error
  390. if(DebugMode) {
  391. cout << FileToScan << ": ";
  392. cout << "XCI Error!: " << Reader.xci_error_message << endl;
  393. }
  394. ofstream ERRF(ERRFname.c_str(), ios::out | ios::ate | ios::app);
  395. ERRF << ErrorMessage(argc, argv,
  396. "XCI Error!: " + Reader.xci_error_message); // then spit that out
  397. return FailSafeResult; // and return the failsafe.
  398. }
  399. // If we got here we've successfully parsed the results.
  400. if(ItIsACommand) { // If it was a command then
  401. cout << " [Server Says: " << Reader.xci_server_response << "]" << endl; // show the response.
  402. }
  403. else if(ItIsAScan) { // If it was a scan then
  404. int ResultCode = Reader.scanner_result_code; // grab the result code.
  405. if(0 < Reader.scanner_result_xhdr.length()) { // If we have xheaders show them.
  406. cout << endl << Reader.scanner_result_xhdr << endl;
  407. }
  408. if(DebugMode) { cout << "(" << ResultCode << ")"; }
  409. if( (0 < ResultCode) && (64 > ResultCode) ) { // If the result code means SPAM
  410. if(DebugMode) { cout << "[spam]" << endl; }
  411. return ResultCode; // Return the result code.
  412. } else
  413. if(0 == ResultCode) {
  414. if(DebugMode) { cout << "[clean]" << endl; }
  415. return 0;
  416. } else {
  417. if(DebugMode) { cout << "[Fail Safe!]" << endl; }
  418. return FailSafeResult;
  419. }
  420. }
  421. else if(ItIsAGBUdb) { // If it was a GBUdb function then show
  422. cout // the results to whomever is watching.
  423. << "GBUdb Record for " << Reader.gbudb_result_ip << endl
  424. << " Type Flag: " << Reader.gbudb_result_type << endl
  425. << " Bad Count: " << Reader.gbudb_result_bad_count << endl
  426. << " Good Count: " << Reader.gbudb_result_good_count << endl
  427. << "Probability: " << Reader.gbudb_result_probability << endl
  428. << " Confidence: " << Reader.gbudb_result_confidence << endl
  429. << " Range: " << Reader.gbudb_result_range << endl
  430. << " Code: " << Reader.gbudb_result_code << endl
  431. << endl;
  432. return Reader.gbudb_result_code;
  433. }
  434. else if(ItIsAReport) { // If it was a report request then
  435. cout // output the report. Add a handy
  436. << endl << "<!-- Status Report -->" << endl // XML comment to help humans.
  437. << Reader.report_response << endl;
  438. return 0;
  439. }
  440. // You can't get here from there.
  441. if(DebugMode) { cout << "End Of Logic [Fail Safe!!]" << endl; }
  442. return FailSafeResult;
  443. }