1 /* @(#) $Id: ./src/analysisd/lists_list.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 3) as published by the FSF - Free Software
23 ListNode *global_listnode;
24 ListRule *global_listrule;
28 ListNode *_OS_AddList(ListNode *new_listnode);
31 /* Create the ListRule */
32 void OS_CreateListsList()
34 global_listnode = NULL;
35 global_listrule = NULL;
40 /* Get first listnode */
41 ListNode *OS_GetFirstList()
43 ListNode *listnode_pt = global_listnode;
48 ListRule *OS_GetFirstListRule()
50 ListRule *listrule_pt = global_listrule;
54 void OS_ListLoadRules()
56 ListRule *lrule = global_listrule;
61 lrule->db = OS_FindList(lrule->filename);
68 ListRule *_OS_AddListRule(ListRule *new_listrule)
71 if(global_listrule == NULL)
73 global_listrule = new_listrule;
77 ListRule *last_list_rule = global_listrule;
78 while(last_list_rule->next != NULL)
80 last_list_rule = last_list_rule->next;
82 last_list_rule->next = new_listrule;
84 return(global_listrule);
89 /* Add a list in the chain */
90 ListNode *_OS_AddList(ListNode *new_listnode)
92 if(global_listnode == NULL)
95 global_listnode = new_listnode;
99 /* Adding new list to the end */
100 ListNode *last_list_node = global_listnode;
102 while(last_list_node->next != NULL)
104 last_list_node = last_list_node->next;
106 last_list_node->next = new_listnode;
109 return(global_listnode);
112 /* External AddList */
113 int OS_AddList(ListNode *new_listnode)
115 _OS_AddList(new_listnode);
119 ListNode *_OS_FindList(ListNode *_listnode, char *listname)
121 ListNode *last_list_node = OS_GetFirstList();
122 if (last_list_node != NULL) {
125 if (strcmp(last_list_node->txt_filename, listname) == 0 ||
126 strcmp(last_list_node->cdb_filename, listname) == 0)
128 /* Found first match returning */
129 return(last_list_node);
131 last_list_node = last_list_node->next;
132 } while (last_list_node != NULL);
137 ListNode *OS_FindList(char *listname)
139 ListNode *matched = NULL;
140 matched = _OS_FindList(global_listnode, listname);
144 ListRule *OS_AddListRule(ListRule *first_rule_list,
150 ListRule *new_rulelist_pt = NULL;
151 new_rulelist_pt = (ListRule *)calloc(1,sizeof(ListRule));
152 new_rulelist_pt->field = field;
153 new_rulelist_pt->next = NULL;
154 new_rulelist_pt->matcher = matcher;
155 new_rulelist_pt->lookup_type = lookup_type;
156 new_rulelist_pt->filename = listname;
157 if((new_rulelist_pt->db = OS_FindList(listname)) == NULL)
158 new_rulelist_pt->loaded = 0;
160 new_rulelist_pt->loaded = 1;
161 if(first_rule_list == NULL)
163 debug1("Adding First rulelist item: filename: %s field: %d lookup_type: %d",
164 new_rulelist_pt->filename,
165 new_rulelist_pt->field,
166 new_rulelist_pt->lookup_type);
167 first_rule_list = new_rulelist_pt;
171 while(first_rule_list->next)
173 first_rule_list = first_rule_list->next;
175 debug1("Adding rulelist item: filename: %s field: %d lookup_type: %d",
176 new_rulelist_pt->filename,
177 new_rulelist_pt->field,
178 new_rulelist_pt->lookup_type);
179 first_rule_list->next = new_rulelist_pt;
181 return first_rule_list;
184 int _OS_CDBOpen(ListNode *lnode)
187 if (lnode->loaded != 1)
189 if((fd = open(lnode->cdb_filename, O_RDONLY)) == -1)
191 merror(OPEN_ERROR, ARGV0, lnode->cdb_filename, strerror (errno));
194 cdb_init(&lnode->cdb, fd);
200 int OS_DBSearchKeyValue(ListRule *lrule, char *key)
205 if (lrule->db!= NULL)
207 if(_OS_CDBOpen(lrule->db) == -1) return 0;
208 if(cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) {
209 vpos = cdb_datapos(&lrule->db->cdb);
210 vlen = cdb_datalen(&lrule->db->cdb);
212 cdb_read(&lrule->db->cdb, val, vlen, vpos);
213 result = OSMatch_Execute(val, vlen, lrule->matcher);
225 int OS_DBSeachKey(ListRule *lrule, char *key)
227 if (lrule->db != NULL)
229 if(_OS_CDBOpen(lrule->db) == -1) return -1;
230 if( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) return 1;
235 int OS_DBSeachKeyAddress(ListRule *lrule, char *key)
239 if (lrule->db != NULL)
241 if(_OS_CDBOpen(lrule->db) == -1) return -1;
242 //snprintf(_ip,128,"%s",key);
243 //XXX Breka apart string on the . boundtrys a loop over to longest match.
245 if( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) {
251 os_strdup(key, tmpkey);
252 while(strlen(tmpkey) > 0)
254 if(tmpkey[strlen(tmpkey) - 1] == '.')
256 if( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey)) > 0 ) {
261 tmpkey[strlen(tmpkey) - 1] = '\0';
269 int OS_DBSearch(ListRule *lrule, char *key)
271 //XXX - god damn hack!!! Jeremy Rossi
272 if (lrule->loaded == 0)
274 lrule->db = OS_FindList(lrule->filename);
277 switch(lrule->lookup_type)
279 case LR_STRING_MATCH:
280 //debug1("LR_STRING_MATCH");
281 if(OS_DBSeachKey(lrule, key) == 1)
286 case LR_STRING_NOT_MATCH:
287 //debug1("LR_STRING_NOT_MATCH");
288 if(OS_DBSeachKey(lrule, key) == 1)
293 case LR_STRING_MATCH_VALUE:
294 //debug1("LR_STRING_MATCH_VALUE");
298 case LR_ADDRESS_MATCH:
299 //debug1("LR_ADDRESS_MATCH");
300 return OS_DBSeachKeyAddress(lrule, key);
302 case LR_ADDRESS_NOT_MATCH:
303 //debug1("LR_ADDRESS_NOT_MATCH");
304 if(OS_DBSeachKeyAddress(lrule, key) == 0)
309 case LR_ADDRESS_MATCH_VALUE:
310 //debug1("LR_ADDRESS_MATCH_VALUE");
315 debug1("lists_list.c::OS_DBSearch should never hit default");