1 /*****
2 *
3 * Copyright (C) 2003-2015 CS-SI. All Rights Reserved.
4 * Author: Nicolas Delon <nicolas.delon@prelude-ids.com>
5 *
6 * This file is part of the PreludeDB library.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2, or (at your option)
11 * any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 *
22 *****/
23
24 #include "config.h"
25
26 #include <stdlib.h>
27 #include <stdio.h>
28 #include <string.h>
29 #include <sys/types.h>
30 #include <time.h>
31
32 #include <libprelude/prelude-error.h>
33 #include <libprelude/idmef.h>
34 #include <libprelude/idmef-tree-wrap.h>
35
36 #include "preludedb-sql-settings.h"
37 #include "preludedb-sql.h"
38 #include "preludedb-error.h"
39
40 #include "classic-get.h"
41
42 #define db_log(sql) prelude_log(PRELUDE_LOG_ERR, "%s\n", prelude_sql_error(sql))
43 #define log_memory_exhausted() prelude_log(PRELUDE_LOG_ERR, "memory exhausted !\n")
44
45 #define get_(type, name) \
46 static int _get_ ## name (preludedb_sql_t *sql, preludedb_sql_row_t *row, \
47 int index, \
48 void *parent, int (*parent_new_child)(void *parent, type **child)) \
49 { \
50 preludedb_sql_field_t *field; \
51 type *value; \
52 int ret; \
53 \
54 ret = preludedb_sql_row_get_field(row, index, &field); \
55 if ( ret <= 0 ) \
56 return ret; \
57 \
58 ret = parent_new_child(parent, &value); \
59 if ( ret < 0 ) \
60 return ret; \
61 \
62 return preludedb_sql_field_to_ ## name (field, value); \
63 }
64
65 get_(uint8_t, uint8)
66 get_(uint16_t, uint16)
67 get_(uint32_t, uint32)
68 get_(float, float)
69
70 #define get_uint8(sql, row, index, parent, parent_new_child) \
71 _get_uint8(sql, row, index, parent, (int (*)(void *, uint8_t **)) parent_new_child)
72
73 #define get_uint16(sql, row, index, parent, parent_new_child) \
74 _get_uint16(sql, row, index, parent, (int (*)(void *, uint16_t **)) parent_new_child)
75
76 #define get_uint32(sql, row, index, parent, parent_new_child) \
77 _get_uint32(sql, row, index, parent, (int (*)(void *, uint32_t **)) parent_new_child)
78
79 #define get_float(sql, row, index, parent, parent_new_child) \
80 _get_float(sql, row, index, parent, (int (*)(void *, float **)) parent_new_child)
81
82
83 int classic_unescape_binary_safe(preludedb_sql_t *sql, preludedb_sql_field_t *field,
84 idmef_additional_data_type_t type, unsigned char **output, size_t *outsize);
85
86
_get_string(preludedb_sql_t * sql,preludedb_sql_row_t * row,int index,void * parent,int (* parent_new_child)(void * parent,prelude_string_t ** child))87 static int _get_string(preludedb_sql_t *sql, preludedb_sql_row_t *row,
88 int index,
89 void *parent, int (*parent_new_child)(void *parent, prelude_string_t **child))
90 {
91 preludedb_sql_field_t *field;
92 prelude_string_t *string;
93 int ret;
94
95 ret = preludedb_sql_row_get_field(row, index, &field);
96 if ( ret <= 0 )
97 return ret;
98
99 ret = parent_new_child(parent, &string);
100 if ( ret < 0 )
101 return ret;
102
103 ret = prelude_string_set_dup_fast(string,
104 preludedb_sql_field_get_value(field),
105 preludedb_sql_field_get_len(field));
106
107 return (ret < 0) ? ret : 1;
108 }
109
110
_get_string_listed(preludedb_sql_t * sql,preludedb_sql_row_t * row,int index,void * parent,int (* parent_new_child)(void * parent,prelude_string_t ** child,int pos))111 static int _get_string_listed(preludedb_sql_t *sql, preludedb_sql_row_t *row,
112 int index,
113 void *parent, int (*parent_new_child)(void *parent, prelude_string_t **child, int pos))
114 {
115 preludedb_sql_field_t *field;
116 prelude_string_t *string;
117 int ret;
118
119 ret = preludedb_sql_row_get_field(row, index, &field);
120 if ( ret <= 0 )
121 return ret;
122
123 ret = parent_new_child(parent, &string, IDMEF_LIST_APPEND);
124 if ( ret < 0 )
125 return ret;
126
127 ret = prelude_string_set_dup_fast(string,
128 preludedb_sql_field_get_value(field),
129 preludedb_sql_field_get_len(field));
130
131 return (ret < 0) ? ret : 1;
132 }
133
134
135
_get_enum(preludedb_sql_t * sql,preludedb_sql_row_t * row,int index,void * parent,int (* parent_new_child)(void * parent,int ** child),int (* convert_enum)(const char *))136 static int _get_enum(preludedb_sql_t *sql, preludedb_sql_row_t *row,
137 int index,
138 void *parent, int (*parent_new_child)(void *parent, int **child), int (*convert_enum)(const char *))
139 {
140 preludedb_sql_field_t *field;
141 int *enum_val;
142 int ret;
143
144 ret = preludedb_sql_row_get_field(row, index, &field);
145 if ( ret <= 0 )
146 return ret;
147
148 ret = parent_new_child(parent, &enum_val);
149 if ( ret < 0 )
150 return ret;
151
152 *enum_val = convert_enum(preludedb_sql_field_get_value(field));
153
154 return 1;
155 }
156
157
158
_get_timestamp(preludedb_sql_t * sql,preludedb_sql_row_t * row,int time_index,int gmtoff_index,int usec_index,void * parent,int (* parent_new_child)(void * parent,idmef_time_t ** child))159 static int _get_timestamp(preludedb_sql_t *sql, preludedb_sql_row_t *row,
160 int time_index, int gmtoff_index, int usec_index,
161 void *parent, int (*parent_new_child)(void *parent, idmef_time_t **child))
162 {
163 preludedb_sql_field_t *time_field, *gmtoff_field, *usec_field = NULL;
164 const char *tmp;
165 int32_t gmtoff;
166 uint32_t usec = 0;
167 idmef_time_t *time;
168 int ret;
169
170 ret = preludedb_sql_row_get_field(row, time_index, &time_field);
171 if ( ret <= 0 )
172 return ret;
173
174 ret = preludedb_sql_row_get_field(row, gmtoff_index, &gmtoff_field);
175 if ( ret <= 0 )
176 return (ret < 0) ? ret : -1;
177
178 if ( usec_index != -1 ) {
179 ret = preludedb_sql_row_get_field(row, usec_index, &usec_field);
180 if ( ret <= 0 )
181 return (ret < 0) ? ret : -1;
182
183 ret = preludedb_sql_field_to_uint32(usec_field, &usec);
184 if ( ret < 0 )
185 return ret;
186 }
187
188 tmp = preludedb_sql_field_get_value(time_field);
189
190 ret = preludedb_sql_field_to_int32(gmtoff_field, &gmtoff);
191 if ( ret < 0 )
192 return ret;
193
194 ret = parent_new_child(parent, &time);
195 if ( ret < 0 )
196 return ret;
197
198 return preludedb_sql_time_from_timestamp(time, tmp, gmtoff, usec);
199 }
200
201 #define get_string(sql, row, index, parent, parent_new_child) \
202 _get_string(sql, row, index, parent, (int (*)(void *, prelude_string_t **)) parent_new_child)
203
204 #define get_string_listed(sql, row, index, parent, parent_new_child) \
205 _get_string_listed(sql, row, index, parent, (int (*)(void *, prelude_string_t **, int)) parent_new_child)
206
207 #define get_enum(sql, row, index, parent, parent_new_child, convert_enum) \
208 _get_enum(sql, row, index, parent, (int (*)(void *, int **)) parent_new_child, convert_enum)
209
210 #define get_timestamp(sql, row, time_index, gmtoff_index, usec_index, parent, parent_new_child) \
211 _get_timestamp(sql, row, time_index, gmtoff_index, usec_index, parent, (int (*)(void *, idmef_time_t **)) parent_new_child)
212
213
214
get_analyzer_time(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,void * parent,int (* parent_new_child)(void * parent,idmef_time_t ** child))215 static int get_analyzer_time(preludedb_sql_t *sql,
216 uint64_t message_ident,
217 char parent_type,
218 void *parent,
219 int (*parent_new_child)(void *parent, idmef_time_t **child))
220 {
221 preludedb_sql_table_t *table;
222 preludedb_sql_row_t *row;
223 int ret;
224
225 ret = preludedb_sql_query_sprintf(sql, &table,
226 "SELECT time, gmtoff, usec "
227 "FROM Prelude_AnalyzerTime "
228 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 "",
229 parent_type, message_ident);
230 if ( ret <= 0 )
231 return ret;
232
233 ret = preludedb_sql_table_fetch_row(table, &row);
234 if ( ret <= 0 )
235 goto error;
236
237 ret = get_timestamp(sql, row, 0, 1, 2, parent, parent_new_child);
238
239 error:
240 preludedb_sql_table_destroy(table);
241
242 return ret;
243 }
244
get_detect_time(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)245 static int get_detect_time(preludedb_sql_t *sql,
246 uint64_t message_ident,
247 idmef_alert_t *alert)
248 {
249 preludedb_sql_table_t *table;
250 preludedb_sql_row_t *row;
251 int ret;
252
253 ret = preludedb_sql_query_sprintf(sql, &table,
254 "SELECT time, gmtoff, usec "
255 "FROM Prelude_DetectTime "
256 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
257 message_ident);
258
259 if ( ret <= 0 )
260 return ret;
261
262 ret = preludedb_sql_table_fetch_row(table, &row);
263 if ( ret <= 0 )
264 goto error;
265
266 ret = get_timestamp(sql, row, 0, 1, 2, alert, idmef_alert_new_detect_time);
267
268 error:
269 preludedb_sql_table_destroy(table);
270
271 return ret;
272 }
273
get_create_time(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,void * parent,int (* parent_new_child)(void * parent,idmef_time_t ** time))274 static int get_create_time(preludedb_sql_t *sql,
275 uint64_t message_ident,
276 char parent_type,
277 void *parent,
278 int (*parent_new_child)(void *parent, idmef_time_t **time))
279 {
280 preludedb_sql_table_t *table;
281 preludedb_sql_row_t *row;
282 int ret;
283
284 ret = preludedb_sql_query_sprintf(sql, &table,
285 "SELECT time, gmtoff, usec "
286 "FROM Prelude_CreateTime "
287 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 "",
288 parent_type, message_ident);
289 if ( ret <= 0 )
290 return ret;
291
292 ret = preludedb_sql_table_fetch_row(table, &row);
293 if ( ret <= 0 )
294 goto error;
295
296 ret = get_timestamp(sql, row, 0, 1, 2, parent, parent_new_child);
297
298 error:
299 preludedb_sql_table_destroy(table);
300
301 return ret;
302 }
303
get_user_id(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,int file_index,int file_access_index,void * parent,prelude_bool_t listed,int (* _parent_new_child)(void *,idmef_user_id_t ** child))304 static int get_user_id(preludedb_sql_t *sql,
305 uint64_t message_ident,
306 char parent_type,
307 int parent_index,
308 int file_index,
309 int file_access_index,
310 void *parent, prelude_bool_t listed,
311 int (*_parent_new_child)(void *, idmef_user_id_t **child))
312 {
313 preludedb_sql_table_t *table;
314 preludedb_sql_row_t *row;
315 idmef_user_id_t *user_id;
316 int ret;
317
318 ret = preludedb_sql_query_sprintf(sql, &table,
319 "SELECT ident, type, name, number, tty "
320 "FROM Prelude_UserId "
321 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND "
322 "_parent0_index = %d AND _parent1_index = %d AND _parent2_index = %d AND _index != -1 "
323 "ORDER BY _index ASC",
324 parent_type, message_ident, parent_index, file_index, file_access_index);
325 if ( ret <= 0 )
326 return ret;
327
328 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
329
330 if ( listed ) {
331 int (*parent_new_child)(void *parent, idmef_user_id_t **, int) =
332 (int (*)(void *, idmef_user_id_t **, int)) _parent_new_child;
333 ret = parent_new_child(parent, &user_id, IDMEF_LIST_APPEND);
334 } else {
335 int (*parent_new_child)(void *parent, idmef_user_id_t **) = _parent_new_child;
336 ret = parent_new_child(parent, &user_id);
337 }
338
339 if ( ret < 0 )
340 goto error;
341
342 ret = get_string(sql, row, 0, user_id, idmef_user_id_new_ident);
343 if ( ret < 0 )
344 goto error;
345
346 ret = get_enum(sql, row, 1, user_id, idmef_user_id_new_type, idmef_user_id_type_to_numeric);
347 if ( ret < 0 )
348 goto error;
349
350 ret = get_string(sql, row, 2, user_id, idmef_user_id_new_name);
351 if ( ret < 0 )
352 goto error;
353
354 ret = get_uint32(sql, row, 3, user_id, idmef_user_id_new_number);
355 if ( ret < 0 )
356 goto error;
357
358 ret = get_string(sql, row, 4, user_id, idmef_user_id_new_tty);
359 if ( ret < 0 )
360 goto error;
361 }
362
363 error:
364 preludedb_sql_table_destroy(table);
365
366 return ret;
367 }
368
get_user(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,void * parent,int (* parent_new_child)(void * parent,idmef_user_t ** child))369 static int get_user(preludedb_sql_t *sql,
370 uint64_t message_ident,
371 char parent_type,
372 int parent_index,
373 void *parent,
374 int (*parent_new_child)(void *parent, idmef_user_t **child))
375 {
376 preludedb_sql_table_t *table;
377 preludedb_sql_row_t *row;
378 idmef_user_t *user;
379 int ret;
380
381 ret = preludedb_sql_query_sprintf(sql, &table,
382 "SELECT ident, category "
383 "FROM Prelude_User "
384 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d",
385 parent_type, message_ident, parent_index);
386 if ( ret <= 0 )
387 return ret;
388
389 ret = preludedb_sql_table_fetch_row(table, &row);
390 if ( ret <= 0 )
391 goto error;
392
393 ret = parent_new_child(parent, &user);
394 if ( ret < 0 )
395 goto error;
396
397 ret = get_string(sql, row, 0, user, idmef_user_new_ident);
398 if ( ret < 0 )
399 goto error;
400
401 ret = get_enum(sql, row, 1, user, idmef_user_new_category, idmef_user_category_to_numeric);
402 if ( ret < 0 )
403 goto error;
404
405 ret = get_user_id(sql, message_ident, parent_type, parent_index, 0, 0, user,
406 TRUE, (int (*)(void *, idmef_user_id_t **)) idmef_user_new_user_id);
407
408 error:
409 preludedb_sql_table_destroy(table);
410
411 return ret;
412 }
413
get_process_arg(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,char parent_index,void * parent,int (* parent_new_child)(void * parent,prelude_string_t ** child,int pos))414 static int get_process_arg(preludedb_sql_t *sql,
415 uint64_t message_ident,
416 char parent_type,
417 char parent_index,
418 void *parent,
419 int (*parent_new_child)(void *parent, prelude_string_t **child, int pos))
420 {
421 preludedb_sql_table_t *table;
422 preludedb_sql_row_t *row;
423 int ret;
424
425 ret = preludedb_sql_query_sprintf(sql, &table,
426 "SELECT arg "
427 "FROM Prelude_ProcessArg "
428 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64
429 " AND _parent0_index = %d AND _index != -1 ORDER BY _index ASC",
430 parent_type, message_ident, parent_index);
431 if ( ret <= 0 )
432 return ret;
433
434 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
435
436 ret = get_string_listed(sql, row, 0, parent, parent_new_child);
437 if ( ret < 0 )
438 goto error;
439 }
440
441 error:
442 preludedb_sql_table_destroy(table);
443
444 return ret;
445 }
446
get_process_env(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,void * parent,int (* parent_new_child)(void * parent,prelude_string_t ** child,int pos))447 static int get_process_env(preludedb_sql_t *sql,
448 uint64_t message_ident,
449 char parent_type,
450 int parent_index,
451 void *parent,
452 int (*parent_new_child)(void *parent, prelude_string_t **child, int pos))
453 {
454 preludedb_sql_table_t *table;
455 preludedb_sql_row_t *row;
456 int ret;
457
458 ret = preludedb_sql_query_sprintf(sql, &table,
459 "SELECT env "
460 "FROM Prelude_ProcessEnv "
461 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64
462 " AND _parent0_index = %d AND _index != -1 ORDER BY _index ASC",
463 parent_type, message_ident, parent_index);
464 if ( ret <= 0 )
465 return ret;
466
467 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
468
469 ret = get_string_listed(sql, row, 0, parent, parent_new_child);
470 if ( ret < 0 )
471 goto error;
472 }
473
474 error:
475 preludedb_sql_table_destroy(table);
476
477 return ret;
478 }
479
get_process(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,void * parent,int (* parent_new_child)(void * parent,idmef_process_t ** child))480 static int get_process(preludedb_sql_t *sql,
481 uint64_t message_ident,
482 char parent_type,
483 int parent_index,
484 void *parent,
485 int (*parent_new_child)(void *parent, idmef_process_t **child))
486 {
487 preludedb_sql_table_t *table;
488 preludedb_sql_row_t *row;
489 idmef_process_t *process;
490 int ret;
491
492 ret = preludedb_sql_query_sprintf(sql, &table,
493 "SELECT ident, name, pid, path "
494 "FROM Prelude_Process "
495 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d",
496 parent_type, message_ident, parent_index);
497 if ( ret <= 0 )
498 return ret;
499
500 ret = preludedb_sql_table_fetch_row(table, &row);
501 if ( ret <= 0 )
502 goto error;
503
504 ret = parent_new_child(parent, &process);
505 if ( ret < 0 )
506 goto error;
507
508 ret = get_string(sql, row, 0, process, idmef_process_new_ident);
509 if ( ret < 0 )
510 goto error;
511
512 ret = get_string(sql, row, 1, process, idmef_process_new_name);
513 if ( ret < 0 )
514 goto error;
515
516 ret = get_uint32(sql, row, 2, process, idmef_process_new_pid);
517 if ( ret < 0 )
518 goto error;
519
520 ret = get_string(sql, row, 3, process, idmef_process_new_path);
521 if ( ret < 0 )
522 goto error;
523
524 ret = get_process_arg(sql, message_ident, parent_type, parent_index, process,
525 (int (*)(void *, prelude_string_t **, int)) idmef_process_new_arg);
526 if ( ret < 0 )
527 goto error;
528
529 ret = get_process_env(sql, message_ident, parent_type, parent_index, process,
530 (int (*)(void *, prelude_string_t **, int)) idmef_process_new_env);
531
532 error:
533 preludedb_sql_table_destroy(table);
534
535 return ret;
536 }
537
get_web_service_arg(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,idmef_web_service_t * web_service)538 static int get_web_service_arg(preludedb_sql_t *sql,
539 uint64_t message_ident,
540 char parent_type,
541 int parent_index,
542 idmef_web_service_t *web_service)
543 {
544 preludedb_sql_table_t *table;
545 preludedb_sql_row_t *row;
546 int ret;
547
548 ret = preludedb_sql_query_sprintf(sql, &table,
549 "SELECT arg "
550 "FROM Prelude_WebServiceArg "
551 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64
552 " AND _parent0_index = %d AND _index != -1 ORDER BY _index ASC",
553 parent_type, message_ident, parent_index);
554 if ( ret <= 0 )
555 return ret;
556
557 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
558
559 ret = get_string_listed(sql, row, 0, web_service, idmef_web_service_new_arg);
560 if ( ret < 0 )
561 goto error;
562 }
563
564 error:
565 preludedb_sql_table_destroy(table);
566
567 return ret;
568 }
569
get_web_service(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,idmef_service_t * service)570 static int get_web_service(preludedb_sql_t *sql,
571 uint64_t message_ident,
572 char parent_type,
573 int parent_index,
574 idmef_service_t *service)
575 {
576 preludedb_sql_table_t *table;
577 preludedb_sql_row_t *row;
578 idmef_web_service_t *web_service;
579 int ret;
580
581 ret = preludedb_sql_query_sprintf(sql, &table,
582 "SELECT url, cgi, http_method "
583 "FROM Prelude_WebService "
584 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d",
585 parent_type, message_ident, parent_index);
586 if ( ret <= 0 )
587 return ret;
588
589 ret = preludedb_sql_table_fetch_row(table, &row);
590 if ( ret <= 0 )
591 goto error;
592
593 ret = idmef_service_new_web_service(service, &web_service);
594 if ( ret < 0 )
595 goto error;
596
597 ret = get_string(sql, row, 0, web_service, idmef_web_service_new_url);
598 if ( ret < 0 )
599 goto error;
600
601 ret = get_string(sql, row, 1, web_service, idmef_web_service_new_cgi);
602 if ( ret < 0 )
603 goto error;
604
605 ret = get_string(sql, row, 2, web_service, idmef_web_service_new_http_method);
606 if ( ret < 0 )
607 goto error;
608
609 ret = get_web_service_arg(sql, message_ident, parent_type, parent_index, web_service);
610
611 error:
612 preludedb_sql_table_destroy(table);
613
614 return ret;
615 }
616
get_snmp_service(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,idmef_service_t * service)617 static int get_snmp_service(preludedb_sql_t *sql,
618 uint64_t message_ident,
619 char parent_type,
620 int parent_index,
621 idmef_service_t *service)
622 {
623 preludedb_sql_table_t *table;
624 preludedb_sql_row_t *row;
625 idmef_snmp_service_t *snmp_service;
626 int ret;
627
628 ret = preludedb_sql_query_sprintf(sql, &table,
629 "SELECT snmp_oid, message_processing_model, security_model, security_name, "
630 "security_level, context_name, context_engine_id, command "
631 "FROM Prelude_SnmpService "
632 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d",
633 parent_type, message_ident, parent_index);
634 if ( ret <= 0 )
635 return ret;
636
637 ret = preludedb_sql_table_fetch_row(table, &row);
638 if ( ret <= 0 )
639 goto error;
640
641 ret = idmef_service_new_snmp_service(service, &snmp_service);
642 if ( ret < 0 )
643 goto error;
644
645 ret = get_string(sql, row, 0, snmp_service, idmef_snmp_service_new_oid);
646 if ( ret < 0 )
647 goto error;
648
649 ret = get_uint32(sql, row, 1, snmp_service, idmef_snmp_service_new_message_processing_model);
650 if ( ret < 0 )
651 goto error;
652
653 ret = get_uint32(sql, row, 2, snmp_service, idmef_snmp_service_new_security_model);
654 if ( ret < 0 )
655 goto error;
656
657 ret = get_string(sql, row, 3, snmp_service, idmef_snmp_service_new_security_name);
658 if ( ret < 0 )
659 goto error;
660
661 ret = get_uint32(sql, row, 4, snmp_service, idmef_snmp_service_new_security_level);
662 if ( ret < 0 )
663 goto error;
664
665 ret = get_string(sql, row, 5, snmp_service, idmef_snmp_service_new_context_name);
666 if ( ret < 0 )
667 goto error;
668
669 ret = get_string(sql, row, 6, snmp_service, idmef_snmp_service_new_context_engine_id);
670 if ( ret < 0 )
671 goto error;
672
673 ret = get_string(sql, row, 7, snmp_service, idmef_snmp_service_new_command);
674
675 error:
676 preludedb_sql_table_destroy(table);
677
678 return ret;
679 }
680
get_service(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,void * parent,int (* parent_new_child)(void * parent,idmef_service_t ** child))681 static int get_service(preludedb_sql_t *sql,
682 uint64_t message_ident,
683 char parent_type,
684 int parent_index,
685 void *parent,
686 int (*parent_new_child)(void *parent, idmef_service_t **child))
687 {
688 preludedb_sql_table_t *table;
689 preludedb_sql_row_t *row;
690 idmef_service_t *service;
691 int ret;
692
693 ret = preludedb_sql_query_sprintf(sql, &table,
694 "SELECT ident, ip_version, name, port, iana_protocol_number, iana_protocol_name, portlist, protocol "
695 "FROM Prelude_Service "
696 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d",
697 parent_type, message_ident, parent_index);
698 if ( ret <= 0 )
699 return 0;
700
701 ret = preludedb_sql_table_fetch_row(table, &row);
702 if ( ret <= 0 )
703 goto error;
704
705 ret = parent_new_child(parent, &service);
706 if ( ret < 0 )
707 goto error;
708
709 ret = get_string(sql, row, 0, service, idmef_service_new_ident);
710 if ( ret < 0 )
711 goto error;
712
713 ret = get_uint8(sql, row, 1, service, idmef_service_new_ip_version);
714 if ( ret < 0 )
715 goto error;
716
717 ret = get_string(sql, row, 2, service, idmef_service_new_name);
718 if ( ret < 0 )
719 goto error;
720
721 ret = get_uint16(sql, row, 3, service, idmef_service_new_port);
722 if ( ret < 0 )
723 goto error;
724
725 ret = get_uint8(sql, row, 4, service, idmef_service_new_iana_protocol_number);
726 if ( ret < 0 )
727 goto error;
728
729 ret = get_string(sql, row, 5, service, idmef_service_new_iana_protocol_name);
730 if ( ret < 0 )
731 goto error;
732
733 ret = get_string(sql, row, 6, service, idmef_service_new_portlist);
734 if ( ret < 0 )
735 goto error;
736
737 ret = get_string(sql, row, 7, service, idmef_service_new_protocol);
738 if ( ret < 0 )
739 goto error;
740
741 ret = get_web_service(sql, message_ident, parent_type, parent_index, service);
742 if ( ret < 0 )
743 goto error;
744
745 ret = get_snmp_service(sql, message_ident, parent_type, parent_index, service);
746
747 error:
748 preludedb_sql_table_destroy(table);
749
750 return ret;
751 }
752
get_address(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,void * parent,int (* parent_new_child)(void * parent,idmef_address_t ** child,int pos))753 static int get_address(preludedb_sql_t *sql,
754 uint64_t message_ident,
755 char parent_type,
756 int parent_index,
757 void *parent,
758 int (*parent_new_child)(void *parent, idmef_address_t **child, int pos))
759 {
760 preludedb_sql_table_t *table;
761 preludedb_sql_row_t *row;
762 idmef_address_t *idmef_address;
763 int ret;
764
765 ret = preludedb_sql_query_sprintf(sql, &table,
766 "SELECT ident, category, vlan_name, vlan_num, address, netmask "
767 "FROM Prelude_Address "
768 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64
769 " AND _parent0_index = %d AND _index != -1 ORDER BY _index ASC",
770 parent_type, message_ident, parent_index);
771 if ( ret <= 0 )
772 return ret;
773
774 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
775
776 ret = parent_new_child(parent, &idmef_address, IDMEF_LIST_APPEND);
777 if ( ret < 0 )
778 goto error;
779
780 ret = get_string(sql, row, 0, idmef_address, idmef_address_new_ident);
781 if ( ret < 0 )
782 goto error;
783
784 ret = get_enum(sql, row, 1, idmef_address, idmef_address_new_category, idmef_address_category_to_numeric);
785 if ( ret < 0 )
786 goto error;
787
788 ret = get_string(sql, row, 2, idmef_address, idmef_address_new_vlan_name);
789 if ( ret < 0 )
790 goto error;
791
792 ret = get_uint32(sql, row, 3, idmef_address, idmef_address_new_vlan_num);
793 if ( ret < 0 )
794 goto error;
795
796 ret = get_string(sql, row, 4, idmef_address, idmef_address_new_address);
797 if ( ret < 0 )
798 goto error;
799
800 ret = get_string(sql, row, 5, idmef_address, idmef_address_new_netmask);
801 if ( ret < 0 )
802 goto error;
803 }
804
805 error:
806 preludedb_sql_table_destroy(table);
807
808 return ret;
809 }
810
get_node(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,int parent_index,void * parent,int (* parent_new_child)(void * parent,idmef_node_t ** node))811 static int get_node(preludedb_sql_t *sql,
812 uint64_t message_ident,
813 char parent_type,
814 int parent_index,
815 void *parent,
816 int (*parent_new_child)(void *parent, idmef_node_t **node))
817 {
818 preludedb_sql_table_t *table;
819 preludedb_sql_row_t *row;
820 idmef_node_t *node;
821 int ret;
822
823 ret = preludedb_sql_query_sprintf(sql, &table,
824 "SELECT ident, category, location, name "
825 "FROM Prelude_Node "
826 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d",
827 parent_type, message_ident, parent_index);
828 if ( ret <= 0 )
829 return ret;
830
831 ret = preludedb_sql_table_fetch_row(table, &row);
832 if ( ret <= 0 )
833 goto error;
834
835 ret = parent_new_child(parent, &node);
836 if ( ret < 0 )
837 goto error;
838
839 ret = get_string(sql, row, 0, node, idmef_node_new_ident);
840 if ( ret < 0 )
841 goto error;
842
843 ret = get_enum(sql, row, 1, node, idmef_node_new_category, idmef_node_category_to_numeric);
844 if ( ret < 0 )
845 goto error;
846
847 ret = get_string(sql, row, 2, node, idmef_node_new_location);
848 if ( ret < 0 )
849 goto error;
850
851 ret = get_string(sql, row, 3, node, idmef_node_new_name);
852 if ( ret < 0 )
853 goto error;
854
855 ret = get_address(sql, message_ident, parent_type, parent_index, node,
856 (int (*)(void *, idmef_address_t **, int)) idmef_node_new_address);
857
858 error:
859 preludedb_sql_table_destroy(table);
860
861 return ret;
862 }
863
get_analyzer(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,void * parent,int (* parent_new_child)(void * parent,idmef_analyzer_t ** child,int pos))864 static int get_analyzer(preludedb_sql_t *sql,
865 uint64_t message_ident,
866 char parent_type,
867 void *parent,
868 int (*parent_new_child)(void *parent, idmef_analyzer_t **child, int pos))
869 {
870 preludedb_sql_table_t *table;
871 preludedb_sql_row_t *row;
872 idmef_analyzer_t *analyzer;
873 int ret;
874 int index;
875
876 ret = preludedb_sql_query_sprintf(sql, &table,
877 "SELECT analyzerid, name, manufacturer, model, version, class, ostype, osversion "
878 "FROM Prelude_Analyzer "
879 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _index != -1 "
880 "ORDER BY _index ASC",
881 parent_type, message_ident);
882 if ( ret <= 0 )
883 return ret;
884
885 index = 0;
886 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
887 ret = parent_new_child(parent, &analyzer, IDMEF_LIST_APPEND);
888 if ( ret < 0 )
889 goto error;
890
891 ret = get_string(sql, row, 0, analyzer, idmef_analyzer_new_analyzerid);
892 if ( ret < 0 )
893 goto error;
894
895 ret = get_string(sql, row, 1, analyzer, idmef_analyzer_new_name);
896 if ( ret < 0 )
897 goto error;
898
899 ret = get_string(sql, row, 2, analyzer, idmef_analyzer_new_manufacturer);
900 if ( ret < 0 )
901 goto error;
902
903 ret = get_string(sql, row, 3, analyzer, idmef_analyzer_new_model);
904 if ( ret < 0 )
905 goto error;
906
907 ret = get_string(sql, row, 4, analyzer, idmef_analyzer_new_version);
908 if ( ret < 0 )
909 goto error;
910
911 ret = get_string(sql, row, 5, analyzer, idmef_analyzer_new_class);
912 if ( ret < 0 )
913 goto error;
914
915 ret = get_string(sql, row, 6, analyzer, idmef_analyzer_new_ostype);
916 if ( ret < 0 )
917 goto error;
918
919 ret = get_string(sql, row, 7, analyzer, idmef_analyzer_new_osversion);
920 if ( ret < 0 )
921 goto error;
922
923 ret = get_node(sql, message_ident, parent_type, index, analyzer,
924 (int (*)(void *, idmef_node_t **)) idmef_analyzer_new_node);
925 if ( ret < 0 )
926 goto error;
927
928 ret = get_process(sql, message_ident, parent_type, index, analyzer,
929 (int (*)(void *, idmef_process_t **)) idmef_analyzer_new_process);
930 if ( ret < 0 )
931 goto error;
932
933 index++;
934 }
935
936 error:
937 preludedb_sql_table_destroy(table);
938
939 return ret;
940 }
941
get_action(preludedb_sql_t * sql,uint64_t message_ident,idmef_assessment_t * assessment)942 static int get_action(preludedb_sql_t *sql,
943 uint64_t message_ident,
944 idmef_assessment_t *assessment)
945 {
946 preludedb_sql_table_t *table;
947 preludedb_sql_row_t *row;
948 idmef_action_t *action;
949 int ret;
950
951 ret = preludedb_sql_query_sprintf(sql, &table,
952 "SELECT category, description "
953 "FROM Prelude_Action "
954 "WHERE _message_ident = %" PRELUDE_PRIu64 " AND _index != -1 "
955 "ORDER BY _index ASC",
956 message_ident);
957 if ( ret <= 0 )
958 return ret;
959
960 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
961
962 ret = idmef_assessment_new_action(assessment, &action, IDMEF_LIST_APPEND);
963 if ( ret < 0 )
964 return ret;
965
966 ret = get_enum(sql, row, 0, action, idmef_action_new_category, idmef_action_category_to_numeric);
967 if ( ret < 0 )
968 goto error;
969
970 ret = get_string(sql, row, 1, action, idmef_action_new_description);
971 if ( ret < 0 )
972 goto error;
973 }
974
975 error:
976 preludedb_sql_table_destroy(table);
977
978 return ret;
979 }
980
get_confidence(preludedb_sql_t * sql,uint64_t message_ident,idmef_assessment_t * assessment)981 static int get_confidence(preludedb_sql_t *sql,
982 uint64_t message_ident,
983 idmef_assessment_t *assessment)
984 {
985 preludedb_sql_table_t *table;
986 preludedb_sql_row_t *row;
987 idmef_confidence_t *confidence;
988 int ret;
989
990 ret = preludedb_sql_query_sprintf(sql, &table,
991 "SELECT rating, confidence "
992 "FROM Prelude_Confidence "
993 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
994 message_ident);
995 if ( ret <= 0 )
996 return ret;
997
998 ret = preludedb_sql_table_fetch_row(table, &row);
999 if ( ret <= 0 )
1000 goto error;
1001
1002 ret = idmef_assessment_new_confidence(assessment, &confidence);
1003 if ( ret < 0 )
1004 goto error;
1005
1006 ret = get_enum(sql, row, 0, confidence, idmef_confidence_new_rating, idmef_confidence_rating_to_numeric);
1007 if ( ret < 0 )
1008 goto error;
1009
1010 ret = get_float(sql, row, 1, confidence, idmef_confidence_new_confidence);
1011
1012 error:
1013 preludedb_sql_table_destroy(table);
1014
1015 return ret;
1016 }
1017
get_impact(preludedb_sql_t * sql,uint64_t message_ident,idmef_assessment_t * assessment)1018 static int get_impact(preludedb_sql_t *sql,
1019 uint64_t message_ident,
1020 idmef_assessment_t *assessment)
1021 {
1022 preludedb_sql_table_t *table;
1023 preludedb_sql_row_t *row;
1024 idmef_impact_t *impact;
1025 int ret;
1026
1027 ret = preludedb_sql_query_sprintf(sql, &table,
1028 "SELECT severity, completion, type, description "
1029 "FROM Prelude_Impact "
1030 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
1031 message_ident);
1032 if ( ret <= 0 )
1033 return ret;
1034
1035 ret = preludedb_sql_table_fetch_row(table, &row);
1036 if ( ret <= 0 )
1037 goto error;
1038
1039 ret = idmef_assessment_new_impact(assessment, &impact);
1040 if ( ret < 0 )
1041 goto error;
1042
1043 ret = get_enum(sql, row, 0, impact, idmef_impact_new_severity, idmef_impact_severity_to_numeric);
1044 if ( ret < 0 )
1045 goto error;
1046
1047 ret = get_enum(sql, row, 1, impact, idmef_impact_new_completion, idmef_impact_completion_to_numeric);
1048 if ( ret < 0 )
1049 goto error;
1050
1051 ret = get_enum(sql, row, 2, impact, idmef_impact_new_type, idmef_impact_type_to_numeric);
1052 if ( ret < 0 )
1053 goto error;
1054
1055 ret = get_string(sql, row, 3, impact, idmef_impact_new_description);
1056
1057 error:
1058 preludedb_sql_table_destroy(table);
1059
1060 return ret;
1061 }
1062
get_assessment(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)1063 static int get_assessment(preludedb_sql_t *sql,
1064 uint64_t message_ident,
1065 idmef_alert_t *alert)
1066 {
1067 preludedb_sql_table_t *table;
1068 idmef_assessment_t *assessment;
1069 int ret;
1070
1071 ret = preludedb_sql_query_sprintf(sql, &table,
1072 "SELECT _message_ident "
1073 "FROM Prelude_Assessment "
1074 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
1075 message_ident);
1076 if ( ret <= 0 )
1077 return ret;
1078
1079 preludedb_sql_table_destroy(table);
1080
1081 ret = idmef_alert_new_assessment(alert, &assessment);
1082 if ( ret < 0 )
1083 goto error;
1084
1085 ret = get_impact(sql, message_ident, assessment);
1086 if ( ret < 0 )
1087 goto error;
1088
1089 ret = get_confidence(sql, message_ident, assessment);
1090 if ( ret < 0 )
1091 goto error;
1092
1093 ret = get_action(sql, message_ident, assessment);
1094 if ( ret < 0 )
1095 goto error;
1096
1097 error:
1098 return ret;
1099 }
1100
get_file_access_permission(preludedb_sql_t * sql,uint64_t message_ident,int target_index,int file_index,int file_access_index,idmef_file_access_t * parent)1101 static int get_file_access_permission(preludedb_sql_t *sql,
1102 uint64_t message_ident,
1103 int target_index,
1104 int file_index,
1105 int file_access_index,
1106 idmef_file_access_t *parent)
1107 {
1108 preludedb_sql_table_t *table;
1109 preludedb_sql_row_t *row;
1110 int ret;
1111
1112 ret = preludedb_sql_query_sprintf(sql, &table,
1113 "SELECT permission "
1114 "FROM Prelude_FileAccess_Permission "
1115 "WHERE _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d AND "
1116 "_parent1_index = %d AND _parent2_index = %d AND _index != -1 "
1117 "ORDER BY _index ASC",
1118 message_ident, target_index, file_index, file_access_index);
1119 if ( ret <= 0 )
1120 return ret;
1121
1122 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1123
1124 ret = get_string_listed(sql, row, 0, parent, idmef_file_access_new_permission);
1125 if ( ret < 0 )
1126 goto error;
1127 }
1128
1129 error:
1130 preludedb_sql_table_destroy(table);
1131
1132 return ret;
1133 }
1134
get_file_access(preludedb_sql_t * sql,uint64_t message_ident,int target_index,int file_index,idmef_file_t * file)1135 static int get_file_access(preludedb_sql_t *sql,
1136 uint64_t message_ident,
1137 int target_index,
1138 int file_index,
1139 idmef_file_t *file)
1140 {
1141 preludedb_sql_table_t *table;
1142 preludedb_sql_row_t *row;
1143 preludedb_sql_field_t *field;
1144 idmef_file_access_t *file_access;
1145 uint32_t file_access_count;
1146 unsigned int cnt;
1147 int ret;
1148
1149 ret = preludedb_sql_query_sprintf(sql, &table,
1150 "SELECT COUNT(*) "
1151 "FROM Prelude_FileAccess "
1152 "WHERE _message_ident = %" PRELUDE_PRIu64
1153 " AND _parent0_index = %d AND _parent1_index = %d AND _index != -1",
1154 message_ident, target_index, file_index);
1155 if ( ret <= 0 )
1156 return ret;
1157
1158 ret = preludedb_sql_table_fetch_row(table, &row);
1159 if ( ret <= 0 )
1160 goto error;
1161
1162 ret = preludedb_sql_row_get_field(row, 0, &field);
1163 if ( ret <= 0 )
1164 goto error;
1165
1166 ret = preludedb_sql_field_to_uint32(field, &file_access_count);
1167 if ( ret < 0 )
1168 goto error;
1169
1170 for ( cnt = 0; cnt < file_access_count; cnt++ ) {
1171
1172 ret = idmef_file_new_file_access(file, &file_access, IDMEF_LIST_APPEND);
1173 if ( ret < 0 )
1174 goto error;
1175
1176 ret = get_user_id(sql, message_ident, 'F', target_index, file_index, cnt,
1177 file_access, FALSE, (int (*)(void *, idmef_user_id_t **)) idmef_file_access_new_user_id);
1178 if ( ret < 0 )
1179 goto error;
1180
1181 ret = get_file_access_permission(sql, message_ident, target_index, file_index, cnt, file_access);
1182 if ( ret < 0 )
1183 goto error;
1184 }
1185
1186 error:
1187 preludedb_sql_table_destroy(table);
1188
1189 return ret;
1190 }
1191
get_linkage(preludedb_sql_t * sql,uint64_t message_ident,int target_index,int file_index,idmef_file_t * file)1192 static int get_linkage(preludedb_sql_t *sql,
1193 uint64_t message_ident,
1194 int target_index,
1195 int file_index,
1196 idmef_file_t *file)
1197 {
1198 preludedb_sql_table_t *table;
1199 preludedb_sql_row_t *row;
1200 idmef_linkage_t *linkage;
1201 int ret;
1202
1203 ret = preludedb_sql_query_sprintf(sql, &table,
1204 "SELECT category, name, path "
1205 "FROM Prelude_Linkage "
1206 "WHERE _message_ident = %" PRELUDE_PRIu64
1207 " AND _parent0_index = %d AND _parent1_index = %d AND _index != -1 "
1208 "ORDER BY _index ASC",
1209 message_ident, target_index, file_index);
1210 if ( ret <= 0 )
1211 return ret;
1212
1213 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1214
1215 ret = idmef_file_new_linkage(file, &linkage, IDMEF_LIST_APPEND);
1216 if ( ret < 0 )
1217 goto error;
1218
1219 ret = get_enum(sql, row, 0, linkage, idmef_linkage_new_category, idmef_linkage_category_to_numeric);
1220 if ( ret < 0 )
1221 goto error;
1222
1223 ret = get_string(sql, row, 1, linkage, idmef_linkage_new_name);
1224 if ( ret < 0 )
1225 goto error;
1226
1227 ret = get_string(sql, row, 2, linkage, idmef_linkage_new_path);
1228 if ( ret < 0 )
1229 goto error;
1230 }
1231
1232 /* FIXME: file in linkage is not currently supported */
1233
1234 error:
1235 preludedb_sql_table_destroy(table);
1236
1237 return ret;
1238 }
1239
get_inode(preludedb_sql_t * sql,uint64_t message_ident,int target_index,int file_index,idmef_file_t * file)1240 static int get_inode(preludedb_sql_t *sql,
1241 uint64_t message_ident,
1242 int target_index,
1243 int file_index,
1244 idmef_file_t *file)
1245 {
1246 preludedb_sql_table_t *table;
1247 preludedb_sql_row_t *row;
1248 idmef_inode_t *inode;
1249 int ret;
1250
1251 ret = preludedb_sql_query_sprintf(sql, &table,
1252 "SELECT change_time, change_time_gmtoff, number, major_device, minor_device, "
1253 "c_major_device, c_minor_device "
1254 "FROM Prelude_Inode "
1255 "WHERE _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d AND _parent1_index = %d",
1256 message_ident, target_index, file_index);
1257 if ( ret <= 0 )
1258 return ret;
1259
1260 ret = preludedb_sql_table_fetch_row(table, &row);
1261 if ( ret <= 0 )
1262 goto error;
1263
1264 ret = idmef_file_new_inode(file, &inode);
1265 if ( ret < 0 )
1266 goto error;
1267
1268 ret = get_timestamp(sql, row, 0, 1, -1, inode, idmef_inode_new_change_time);
1269 if ( ret < 0 )
1270 goto error;
1271
1272 ret = get_uint32(sql, row, 2, inode, idmef_inode_new_number);
1273 if ( ret < 0 )
1274 goto error;
1275
1276 ret = get_uint32(sql, row, 3, inode, idmef_inode_new_major_device);
1277 if ( ret < 0 )
1278 goto error;
1279
1280 ret = get_uint32(sql, row, 4, inode, idmef_inode_new_minor_device);
1281 if ( ret < 0 )
1282 goto error;
1283
1284 ret = get_uint32(sql, row, 5, inode, idmef_inode_new_c_major_device);
1285 if ( ret < 0 )
1286 goto error;
1287
1288 ret = get_uint32(sql, row, 6, inode, idmef_inode_new_c_minor_device);
1289 if ( ret < 0 )
1290 goto error;
1291
1292 error:
1293 preludedb_sql_table_destroy(table);
1294
1295 return ret;
1296 }
1297
1298
get_checksum(preludedb_sql_t * sql,uint64_t message_ident,int target_index,int file_index,idmef_file_t * file)1299 static int get_checksum(preludedb_sql_t *sql,
1300 uint64_t message_ident,
1301 int target_index,
1302 int file_index,
1303 idmef_file_t *file)
1304 {
1305 preludedb_sql_table_t *table;
1306 preludedb_sql_row_t *row;
1307 idmef_checksum_t *checksum;
1308 int ret;
1309
1310 ret = preludedb_sql_query_sprintf(sql, &table,
1311 "SELECT value, checksum_key, algorithm "
1312 "FROM Prelude_Checksum "
1313 "WHERE _message_ident = %" PRELUDE_PRIu64
1314 " AND _parent0_index = %d AND _parent1_index = %d AND _index != -1 "
1315 "ORDER BY _index ASC",
1316 message_ident, target_index, file_index);
1317 if ( ret <= 0 )
1318 return ret;
1319
1320 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1321
1322 ret = idmef_file_new_checksum(file, &checksum, IDMEF_LIST_APPEND);
1323 if ( ret < 0 )
1324 goto error;
1325
1326 ret = get_string(sql, row, 0, checksum, idmef_checksum_new_value);
1327 if ( ret < 0 )
1328 goto error;
1329
1330 ret = get_string(sql, row, 1, checksum, idmef_checksum_new_key);
1331 if ( ret < 0 )
1332 goto error;
1333
1334 ret = get_enum(sql, row, 2, checksum, idmef_checksum_new_algorithm, idmef_checksum_algorithm_to_numeric);
1335 if ( ret < 0 )
1336 goto error;
1337 }
1338
1339 error:
1340 preludedb_sql_table_destroy(table);
1341
1342 return ret;
1343 }
1344
1345
get_file(preludedb_sql_t * sql,uint64_t message_ident,int target_index,idmef_target_t * target)1346 static int get_file(preludedb_sql_t *sql,
1347 uint64_t message_ident,
1348 int target_index,
1349 idmef_target_t *target)
1350 {
1351 preludedb_sql_table_t *table;
1352 preludedb_sql_row_t *row;
1353 idmef_file_t *file = NULL;
1354 int cnt;
1355 int ret;
1356
1357 ret = preludedb_sql_query_sprintf(sql, &table,
1358 "SELECT ident, category, name, path, create_time, create_time_gmtoff, "
1359 "modify_time, modify_time_gmtoff, access_time, "
1360 "access_time_gmtoff, data_size, disk_size, fstype, file_type "
1361 "FROM Prelude_File "
1362 "WHERE _message_ident = %" PRELUDE_PRIu64 " AND _parent0_index = %d AND _index != -1 "
1363 "ORDER BY _index ASC",
1364 message_ident, target_index);
1365 if ( ret <= 0 )
1366 return ret;
1367
1368 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1369
1370 ret = idmef_target_new_file(target, &file, IDMEF_LIST_APPEND);
1371 if ( ret < 0 )
1372 goto error;
1373
1374 ret = get_string(sql, row, 0, file, idmef_file_new_ident);
1375 if ( ret < 0 )
1376 goto error;
1377
1378 ret = get_enum(sql, row, 1, file, idmef_file_new_category, idmef_file_category_to_numeric);
1379 if ( ret < 0 )
1380 goto error;
1381
1382 ret = get_string(sql, row, 2, file, idmef_file_new_name);
1383 if ( ret < 0 )
1384 goto error;
1385
1386 ret = get_string(sql, row, 3, file, idmef_file_new_path);
1387 if ( ret < 0 )
1388 goto error;
1389
1390 ret = get_timestamp(sql, row, 4, 5, -1, file, idmef_file_new_create_time);
1391 if ( ret < 0 )
1392 goto error;
1393
1394 ret = get_timestamp(sql, row, 6, 7, -1, file, idmef_file_new_modify_time);
1395 if ( ret < 0 )
1396 goto error;
1397
1398 ret = get_timestamp(sql, row, 8, 9, -1, file, idmef_file_new_access_time);
1399 if ( ret < 0 )
1400 goto error;
1401
1402 ret = get_uint32(sql, row, 10, file, idmef_file_new_data_size);
1403 if ( ret < 0 )
1404 goto error;
1405
1406 ret = get_uint32(sql, row, 11, file, idmef_file_new_disk_size);
1407 if ( ret < 0 )
1408 goto error;
1409
1410 ret = get_enum(sql, row, 12, file, idmef_file_new_fstype, idmef_file_fstype_to_numeric);
1411 if ( ret < 0 )
1412 goto error;
1413
1414 ret = get_string(sql, row, 13, file, idmef_file_new_file_type);
1415 if ( ret < 0 )
1416 goto error;
1417 }
1418
1419 file = NULL;
1420 cnt = 0;
1421 while ( (file = idmef_target_get_next_file(target, file)) ) {
1422
1423 ret = get_file_access(sql, message_ident, target_index, cnt, file);
1424 if ( ret < 0 )
1425 goto error;
1426
1427 ret = get_linkage(sql, message_ident, target_index, cnt, file);
1428 if ( ret < 0 )
1429 goto error;
1430
1431 ret = get_inode(sql, message_ident, target_index, cnt, file);
1432 if ( ret < 0 )
1433 goto error;
1434
1435 ret = get_checksum(sql, message_ident, target_index, cnt, file);
1436 if ( ret < 0 )
1437 goto error;
1438
1439 cnt++;
1440 }
1441
1442 error:
1443 preludedb_sql_table_destroy(table);
1444
1445 return ret;
1446 }
1447
get_source(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)1448 static int get_source(preludedb_sql_t *sql,
1449 uint64_t message_ident,
1450 idmef_alert_t *alert)
1451 {
1452 preludedb_sql_table_t *table;
1453 preludedb_sql_row_t *row;
1454 idmef_source_t *source;
1455 int cnt;
1456 int ret;
1457
1458 ret = preludedb_sql_query_sprintf(sql, &table,
1459 "SELECT ident, spoofed, interface "
1460 "FROM Prelude_Source "
1461 "WHERE _message_ident = %" PRELUDE_PRIu64 " AND _index != -1 "
1462 "ORDER BY _index ASC",
1463 message_ident);
1464 if ( ret <= 0 )
1465 return ret;
1466
1467 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1468
1469 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
1470 if ( ret < 0 )
1471 goto error;
1472
1473 ret = get_string(sql, row, 0, source, idmef_source_new_ident);
1474 if ( ret < 0 )
1475 goto error;
1476
1477 ret = get_enum(sql, row, 1, source, idmef_source_new_spoofed, idmef_source_spoofed_to_numeric);
1478 if ( ret < 0 )
1479 goto error;
1480
1481 ret = get_string(sql, row, 2, source, idmef_source_new_interface);
1482 if ( ret < 0 )
1483 goto error;
1484 }
1485
1486 source = NULL;
1487 cnt = 0;
1488 while ( (source = idmef_alert_get_next_source(alert, source)) ) {
1489
1490 ret = get_node(sql, message_ident, 'S', cnt, source, (int (*)(void *, idmef_node_t **)) idmef_source_new_node);
1491 if ( ret < 0 )
1492 goto error;
1493
1494 ret = get_user(sql, message_ident, 'S', cnt, source, (int (*)(void *, idmef_user_t **)) idmef_source_new_user);
1495 if ( ret < 0 )
1496 goto error;
1497
1498 ret = get_process(sql, message_ident, 'S', cnt, source, (int (*)(void *, idmef_process_t **)) idmef_source_new_process);
1499 if ( ret < 0 )
1500 goto error;
1501
1502 ret = get_service(sql, message_ident, 'S', cnt, source, (int (*)(void *, idmef_service_t **)) idmef_source_new_service);
1503 if ( ret < 0 )
1504 goto error;
1505
1506 cnt++;
1507 }
1508
1509 error:
1510 preludedb_sql_table_destroy(table);
1511
1512 return ret;
1513 }
1514
get_target(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)1515 static int get_target(preludedb_sql_t *sql,
1516 uint64_t message_ident,
1517 idmef_alert_t *alert)
1518 {
1519 preludedb_sql_table_t *table;
1520 preludedb_sql_row_t *row;
1521 idmef_target_t *target;
1522 int cnt;
1523 int ret;
1524
1525 ret = preludedb_sql_query_sprintf(sql, &table,
1526 "SELECT ident, decoy, interface "
1527 "FROM Prelude_Target "
1528 "WHERE _message_ident = %" PRELUDE_PRIu64 " AND _index != -1 "
1529 "ORDER BY _index ASC",
1530 message_ident);
1531 if ( ret <= 0 )
1532 return ret;
1533
1534 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1535
1536 ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND);
1537 if ( ret < 0 )
1538 goto error;
1539
1540 ret = get_string(sql, row, 0, target, idmef_target_new_ident);
1541 if ( ret < 0 )
1542 goto error;
1543
1544 ret = get_enum(sql, row, 1, target, idmef_target_new_decoy, idmef_target_decoy_to_numeric);
1545 if ( ret < 0 )
1546 goto error;
1547
1548 ret = get_string(sql, row, 2, target, idmef_target_new_interface);
1549 if ( ret < 0 )
1550 goto error;
1551 }
1552
1553 target = NULL;
1554 cnt = 0;
1555 while ( (target = idmef_alert_get_next_target(alert, target)) ) {
1556
1557 ret = get_node(sql, message_ident, 'T', cnt, target, (int (*)(void *, idmef_node_t **)) idmef_target_new_node);
1558 if ( ret < 0 )
1559 goto error;
1560
1561 ret = get_user(sql, message_ident, 'T', cnt, target, (int (*)(void *, idmef_user_t **)) idmef_target_new_user);
1562 if ( ret < 0 )
1563 goto error;
1564
1565 ret = get_process(sql, message_ident, 'T', cnt, target, (int (*)(void *, idmef_process_t **)) idmef_target_new_process);
1566 if ( ret < 0 )
1567 goto error;
1568
1569 ret = get_service(sql, message_ident, 'T', cnt, target, (int (*)(void *, idmef_service_t **)) idmef_target_new_service);
1570 if ( ret < 0 )
1571 goto error;
1572
1573 ret = get_file(sql, message_ident, cnt, target);
1574 if ( ret < 0 )
1575 goto error;
1576
1577 cnt++;
1578 }
1579
1580 error:
1581 preludedb_sql_table_destroy(table);
1582
1583 return ret;
1584 }
1585
1586
get_additional_data(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,void * parent,int (* parent_new_child)(void *,idmef_additional_data_t **,int pos))1587 static int get_additional_data(preludedb_sql_t *sql,
1588 uint64_t message_ident,
1589 char parent_type,
1590 void *parent,
1591 int (*parent_new_child)(void *, idmef_additional_data_t **, int pos))
1592 {
1593 int ret = 0;
1594 char *svalue = NULL;
1595 size_t svalue_size;
1596 prelude_bool_t svalue_need_free;
1597 preludedb_sql_table_t *table;
1598 preludedb_sql_row_t *row;
1599 idmef_additional_data_type_t type;
1600 idmef_additional_data_t *additional_data;
1601 idmef_data_t *data;
1602 preludedb_sql_field_t *field;
1603
1604 ret = preludedb_sql_query_sprintf(sql, &table,
1605 "SELECT type, meaning, data "
1606 "FROM Prelude_AdditionalData "
1607 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64 " AND _index != -1 "
1608 "ORDER BY _index ASC",
1609 parent_type, message_ident);
1610 if ( ret <= 0 )
1611 return ret;
1612
1613 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1614
1615 ret = parent_new_child(parent, &additional_data, IDMEF_LIST_APPEND);
1616 if ( ret < 0 )
1617 goto error;
1618
1619 ret = get_enum(sql, row, 0, additional_data, idmef_additional_data_new_type,
1620 idmef_additional_data_type_to_numeric);
1621 if ( ret < 0 )
1622 goto error;
1623
1624 ret = get_string(sql, row, 1, additional_data, idmef_additional_data_new_meaning);
1625 if ( ret < 0 )
1626 goto error;
1627
1628 ret = preludedb_sql_row_get_field(row, 2, &field);
1629 if ( ret <= 0 )
1630 goto error;
1631
1632 ret = idmef_additional_data_new_data(additional_data, &data);
1633 if ( ret < 0 )
1634 goto error;
1635
1636 type = idmef_additional_data_get_type(additional_data);
1637
1638 ret = classic_unescape_binary_safe(sql, field, type, (unsigned char **) &svalue, &svalue_size);
1639 if ( ret < 0 )
1640 break;
1641
1642 svalue_need_free = TRUE;
1643 switch ( type ) {
1644 case IDMEF_ADDITIONAL_DATA_TYPE_CHARACTER: {
1645 idmef_data_set_char(data, (char) *svalue);
1646 break;
1647 }
1648
1649 case IDMEF_ADDITIONAL_DATA_TYPE_REAL: {
1650 float value;
1651
1652 ret = sscanf(svalue, "%f", &value);
1653 if ( ret <= 0 )
1654 break;
1655
1656 idmef_data_set_float(data, value);
1657 break;
1658 }
1659
1660 case IDMEF_ADDITIONAL_DATA_TYPE_BYTE:
1661 case IDMEF_ADDITIONAL_DATA_TYPE_BOOLEAN: {
1662 uint8_t value;
1663
1664 ret = sscanf(svalue, "%" PRELUDE_SCNu8, &value);
1665 if ( ret <= 0 )
1666 break;
1667
1668 idmef_data_set_byte(data, value);
1669 break;
1670 }
1671
1672 case IDMEF_ADDITIONAL_DATA_TYPE_INTEGER: {
1673 int64_t value;
1674
1675 ret = sscanf(svalue, "%" PRELUDE_SCNd64, &value);
1676 if ( ret <= 0 )
1677 break;
1678
1679 idmef_data_set_int(data, value);
1680 break;
1681 }
1682
1683 case IDMEF_ADDITIONAL_DATA_TYPE_NTPSTAMP: {
1684 uint64_t value;
1685
1686 ret = sscanf(svalue, "%" PRELUDE_SCNu64, &value);
1687 if ( ret <= 0 )
1688 break;
1689
1690 idmef_data_set_int(data, value);
1691 break;
1692 }
1693
1694 case IDMEF_ADDITIONAL_DATA_TYPE_BYTE_STRING:
1695 svalue_need_free = FALSE;
1696 ret = idmef_data_set_byte_string_nodup(data, (unsigned char *) svalue, svalue_size);
1697 break;
1698
1699 case IDMEF_ADDITIONAL_DATA_TYPE_PORTLIST:
1700 case IDMEF_ADDITIONAL_DATA_TYPE_STRING:
1701 case IDMEF_ADDITIONAL_DATA_TYPE_XML: {
1702 svalue_need_free = FALSE;
1703 ret = idmef_data_set_char_string_nodup_fast(data, (char *) svalue, svalue_size);
1704 break;
1705 }
1706
1707 case IDMEF_ADDITIONAL_DATA_TYPE_DATE_TIME: {
1708 idmef_time_t *time;
1709
1710 ret = idmef_time_new_from_string(&time, svalue);
1711 if ( ret < 0 )
1712 return ret;
1713
1714 idmef_data_set_time(data, time);
1715 break;
1716 }
1717
1718 case IDMEF_ADDITIONAL_DATA_TYPE_ERROR:
1719 ret = -1;
1720 }
1721
1722 if ( svalue_need_free )
1723 free(svalue);
1724
1725 if ( ret < 0 )
1726 goto error;
1727 }
1728
1729 error:
1730 preludedb_sql_table_destroy(table);
1731
1732 return ret;
1733 }
1734
get_reference(preludedb_sql_t * sql,uint64_t message_ident,idmef_classification_t * classification)1735 static int get_reference(preludedb_sql_t *sql,
1736 uint64_t message_ident,
1737 idmef_classification_t *classification)
1738 {
1739 preludedb_sql_table_t *table;
1740 preludedb_sql_row_t *row;
1741 idmef_reference_t *reference;
1742 int ret;
1743
1744 ret = preludedb_sql_query_sprintf(sql, &table,
1745 "SELECT origin, name, url, meaning "
1746 "FROM Prelude_Reference "
1747 "WHERE _message_ident = %" PRELUDE_PRIu64 " AND _index != -1 "
1748 "ORDER BY _index ASC",
1749 message_ident);
1750 if ( ret <= 0 )
1751 return ret;
1752
1753 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1754
1755 ret = idmef_classification_new_reference(classification, &reference, IDMEF_LIST_APPEND);
1756 if ( ret < 0 )
1757 goto error;
1758
1759 ret = get_enum(sql, row, 0, reference, idmef_reference_new_origin,
1760 idmef_reference_origin_to_numeric);
1761 if ( ret < 0 )
1762 goto error;
1763
1764 ret = get_string(sql, row, 1, reference, idmef_reference_new_name);
1765 if ( ret < 0 )
1766 goto error;
1767
1768 ret = get_string(sql, row, 2, reference, idmef_reference_new_url);
1769 if ( ret < 0 )
1770 goto error;
1771
1772 ret = get_string(sql, row, 3, reference, idmef_reference_new_meaning);
1773 if ( ret < 0 )
1774 goto error;
1775 }
1776
1777 error:
1778 preludedb_sql_table_destroy(table);
1779
1780 return ret;
1781 }
1782
get_classification(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)1783 static int get_classification(preludedb_sql_t *sql,
1784 uint64_t message_ident,
1785 idmef_alert_t *alert)
1786 {
1787 preludedb_sql_table_t *table;
1788 preludedb_sql_row_t *row;
1789 idmef_classification_t *classification;
1790 int ret;
1791
1792 ret = preludedb_sql_query_sprintf(sql, &table,
1793 "SELECT ident, text "
1794 "FROM Prelude_Classification "
1795 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
1796 message_ident);
1797 if ( ret <= 0 )
1798 return ret;
1799
1800 ret = preludedb_sql_table_fetch_row(table, &row);
1801 if ( ret <= 0 )
1802 goto error;
1803
1804 ret = idmef_alert_new_classification(alert, &classification);
1805 if ( ret < 0 )
1806 goto error;
1807
1808 ret = get_string(sql, row, 0, classification, idmef_classification_new_ident);
1809 if ( ret < 0 )
1810 goto error;
1811
1812 ret = get_string(sql, row, 1, classification, idmef_classification_new_text);
1813 if ( ret < 0 )
1814 goto error;
1815
1816 ret = get_reference(sql, message_ident, classification);
1817 if ( ret < 0 )
1818 goto error;
1819
1820 error:
1821 preludedb_sql_table_destroy(table);
1822
1823 return ret;
1824 }
1825
get_alertident(preludedb_sql_t * sql,uint64_t message_ident,char parent_type,void * parent,int (* parent_new_child)(void * parent,idmef_alertident_t ** child,int pos))1826 static int get_alertident(preludedb_sql_t *sql,
1827 uint64_t message_ident,
1828 char parent_type,
1829 void *parent,
1830 int (*parent_new_child)(void *parent, idmef_alertident_t **child, int pos))
1831 {
1832 preludedb_sql_table_t *table;
1833 preludedb_sql_row_t *row;
1834 idmef_alertident_t *alertident = NULL;
1835 int ret;
1836
1837 ret = preludedb_sql_query_sprintf(sql, &table,
1838 "SELECT alertident, analyzerid "
1839 "FROM Prelude_Alertident "
1840 "WHERE _parent_type = '%c' AND _message_ident = %" PRELUDE_PRIu64" AND _index != -1 "
1841 "ORDER BY _index ASC",
1842 parent_type, message_ident);
1843 if ( ret <= 0 )
1844 return ret;
1845
1846 while ( (ret = preludedb_sql_table_fetch_row(table, &row)) > 0 ) {
1847
1848 ret = parent_new_child(parent, &alertident, IDMEF_LIST_APPEND);
1849 if ( ret < 0 )
1850 goto error;
1851
1852 ret = get_string(sql, row, 0, alertident, idmef_alertident_new_alertident);
1853 if ( ret < 0 )
1854 goto error;
1855
1856 ret = get_string(sql, row, 1, alertident, idmef_alertident_new_analyzerid);
1857 if ( ret < 0 )
1858 goto error;
1859 }
1860
1861 error:
1862 preludedb_sql_table_destroy(table);
1863
1864 return ret;
1865 }
1866
get_tool_alert(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)1867 static int get_tool_alert(preludedb_sql_t *sql,
1868 uint64_t message_ident,
1869 idmef_alert_t *alert)
1870 {
1871 preludedb_sql_table_t *table;
1872 preludedb_sql_row_t *row;
1873 idmef_tool_alert_t *tool_alert;
1874 int ret;
1875
1876 ret = preludedb_sql_query_sprintf(sql, &table,
1877 "SELECT name, command "
1878 "FROM Prelude_ToolAlert "
1879 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
1880 message_ident);
1881 if ( ret <= 0 )
1882 return ret;
1883
1884 ret = preludedb_sql_table_fetch_row(table, &row);
1885 if ( ret <= 0 )
1886 goto error;
1887
1888 ret = idmef_alert_new_tool_alert(alert, &tool_alert);
1889 if ( ret < 0 )
1890 goto error;
1891
1892 ret = get_string(sql, row, 0, tool_alert, idmef_tool_alert_new_name);
1893 if ( ret < 0 )
1894 goto error;
1895
1896 ret = get_string(sql, row, 1, tool_alert, idmef_tool_alert_new_command);
1897 if ( ret < 0 )
1898 goto error;
1899
1900 ret = get_alertident(sql, message_ident, 'T', tool_alert,
1901 (int (*)(void *, idmef_alertident_t **, int)) idmef_tool_alert_new_alertident);
1902
1903 error:
1904 preludedb_sql_table_destroy(table);
1905
1906 return ret;
1907 }
1908
get_correlation_alert(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)1909 static int get_correlation_alert(preludedb_sql_t *sql,
1910 uint64_t message_ident,
1911 idmef_alert_t *alert)
1912 {
1913 preludedb_sql_table_t *table;
1914 preludedb_sql_row_t *row;
1915 idmef_correlation_alert_t *correlation_alert;
1916 int ret;
1917
1918 ret = preludedb_sql_query_sprintf(sql, &table,
1919 "SELECT name "
1920 "FROM Prelude_CorrelationAlert "
1921 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
1922 message_ident);
1923 if ( ret <= 0 )
1924 return ret;
1925
1926 ret = preludedb_sql_table_fetch_row(table, &row);
1927 if ( ret <= 0 )
1928 goto error;
1929
1930 ret = idmef_alert_new_correlation_alert(alert, &correlation_alert);
1931 if ( ret < 0 )
1932 goto error;
1933
1934 ret = get_string(sql, row, 0, correlation_alert, idmef_correlation_alert_new_name);
1935 if ( ret < 0 )
1936 goto error;
1937
1938 ret = get_alertident(sql, message_ident, 'C', correlation_alert,
1939 (int (*)(void *, idmef_alertident_t **, int)) idmef_correlation_alert_new_alertident);
1940
1941 error:
1942 preludedb_sql_table_destroy(table);
1943
1944 return ret;
1945 }
1946
1947
get_overflow_alert(preludedb_sql_t * sql,uint64_t message_ident,idmef_alert_t * alert)1948 static int get_overflow_alert(preludedb_sql_t *sql,
1949 uint64_t message_ident,
1950 idmef_alert_t *alert)
1951 {
1952 preludedb_sql_table_t *table;
1953 preludedb_sql_row_t *row;
1954 idmef_overflow_alert_t *overflow_alert;
1955 preludedb_sql_field_t *field;
1956 idmef_data_t *buffer;
1957 unsigned char *data;
1958 size_t data_size;
1959 int ret;
1960
1961 ret = preludedb_sql_query_sprintf(sql, &table,
1962 "SELECT program, size, buffer "
1963 "FROM Prelude_OverflowAlert "
1964 "WHERE _message_ident = %" PRELUDE_PRIu64 "",
1965 message_ident);
1966 if ( ret <= 0 )
1967 return ret;
1968
1969 ret = preludedb_sql_table_fetch_row(table, &row);
1970 if ( ret <= 0 )
1971 goto error;
1972
1973 ret = idmef_alert_new_overflow_alert(alert, &overflow_alert);
1974 if ( ret < 0 )
1975 goto error;
1976
1977 ret = get_string(sql, row, 0, overflow_alert, idmef_overflow_alert_new_program);
1978 if ( ret < 0 )
1979 goto error;
1980
1981 ret = get_uint32(sql, row, 1, overflow_alert, idmef_overflow_alert_new_size);
1982 if ( ret < 0 )
1983 goto error;
1984
1985 ret = preludedb_sql_row_get_field(row, 2, &field);
1986 if ( ret < 0 )
1987 goto error;
1988
1989 ret = idmef_overflow_alert_new_buffer(overflow_alert, &buffer);
1990 if ( ret < 0 )
1991 goto error;
1992
1993 ret = preludedb_sql_unescape_binary(sql,
1994 preludedb_sql_field_get_value(field),
1995 preludedb_sql_field_get_len(field),
1996 &data, &data_size);
1997
1998 if ( ret < 0 )
1999 goto error;
2000
2001 ret = idmef_data_set_byte_string_nodup(buffer, data, data_size);
2002
2003 error:
2004 preludedb_sql_table_destroy(table);
2005
2006 return ret;
2007 }
2008
2009
get_alert_messageid(preludedb_sql_t * sql,uint64_t ident,idmef_alert_t * alert)2010 static int get_alert_messageid(preludedb_sql_t *sql, uint64_t ident, idmef_alert_t *alert)
2011 {
2012 preludedb_sql_table_t *table;
2013 preludedb_sql_row_t *row;
2014 int ret;
2015
2016 ret = preludedb_sql_query_sprintf(sql, &table, "SELECT messageid FROM Prelude_Alert WHERE _ident = %" PRELUDE_PRIu64 "", ident);
2017 if ( ret < 0 )
2018 return ret;
2019
2020 if ( ret == 0 )
2021 return preludedb_error(PRELUDEDB_ERROR_INVALID_MESSAGE_IDENT);
2022
2023 ret = preludedb_sql_table_fetch_row(table, &row);
2024 if ( ret < 0 )
2025 goto error;
2026
2027 ret = get_string(sql, row, 0, alert, idmef_alert_new_messageid);
2028
2029 error:
2030 preludedb_sql_table_destroy(table);
2031
2032 return (ret < 0) ? ret : 1;
2033 }
2034
2035
classic_get_alert(preludedb_sql_t * sql,uint64_t ident,idmef_message_t ** message)2036 int classic_get_alert(preludedb_sql_t *sql, uint64_t ident, idmef_message_t **message)
2037 {
2038 idmef_alert_t *alert;
2039 int ret;
2040
2041 ret = idmef_message_new(message);
2042 if ( ret < 0 )
2043 return ret;
2044
2045 ret = idmef_message_new_alert(*message, &alert);
2046 if ( ret < 0 )
2047 goto error;
2048
2049 ret = get_alert_messageid(sql, ident, alert);
2050 if ( ret < 0 )
2051 goto error;
2052
2053 ret = get_assessment(sql, ident, alert);
2054 if ( ret < 0 )
2055 goto error;
2056
2057 ret = get_analyzer(sql, ident, 'A', alert, (int (*)(void *, idmef_analyzer_t **, int)) idmef_alert_new_analyzer);
2058 if ( ret < 0 )
2059 goto error;
2060
2061 ret = get_create_time(sql, ident, 'A', alert, (int (*)(void *, idmef_time_t **)) idmef_alert_new_create_time);
2062 if ( ret < 0 )
2063 goto error;
2064
2065 ret = get_detect_time(sql, ident, alert);
2066 if ( ret < 0 )
2067 goto error;
2068
2069 ret = get_analyzer_time(sql, ident, 'A', alert, (int (*)(void *, idmef_time_t **)) idmef_alert_new_analyzer_time);
2070 if ( ret < 0 )
2071 goto error;
2072
2073 ret = get_source(sql, ident, alert);
2074 if ( ret < 0 )
2075 goto error;
2076
2077 ret = get_target(sql, ident, alert);
2078 if ( ret < 0 )
2079 goto error;
2080
2081 ret = get_classification(sql, ident, alert);
2082 if ( ret < 0 )
2083 goto error;
2084
2085 ret = get_additional_data(sql, ident, 'A', alert,
2086 (int (*)(void *, idmef_additional_data_t **, int)) idmef_alert_new_additional_data);
2087 if ( ret < 0 )
2088 goto error;
2089
2090 ret = get_tool_alert(sql, ident, alert);
2091 if ( ret < 0 )
2092 goto error;
2093
2094 ret = get_correlation_alert(sql, ident, alert);
2095 if ( ret < 0 )
2096 goto error;
2097
2098 ret = get_overflow_alert(sql, ident, alert);
2099 if ( ret < 0 )
2100 goto error;
2101
2102 return 0;
2103
2104 error:
2105 idmef_message_destroy(*message);
2106
2107 return ret;
2108 }
2109
2110
2111
_get_heartbeat(preludedb_sql_t * sql,uint64_t ident,idmef_heartbeat_t * heartbeat)2112 static int _get_heartbeat(preludedb_sql_t *sql, uint64_t ident, idmef_heartbeat_t *heartbeat)
2113 {
2114 preludedb_sql_table_t *table;
2115 preludedb_sql_row_t *row;
2116 int ret;
2117
2118 ret = preludedb_sql_query_sprintf(sql, &table, "SELECT messageid, heartbeat_interval FROM Prelude_Heartbeat WHERE _ident = %" PRELUDE_PRIu64 "", ident);
2119 if ( ret < 0 )
2120 return ret;
2121
2122 if ( ret == 0 )
2123 return preludedb_error(PRELUDEDB_ERROR_INVALID_MESSAGE_IDENT);
2124
2125 ret = preludedb_sql_table_fetch_row(table, &row);
2126 if ( ret < 0 )
2127 goto error;
2128
2129 ret = get_string(sql, row, 0, heartbeat, idmef_heartbeat_new_messageid);
2130 if ( ret < 0 )
2131 goto error;
2132
2133 ret = get_uint32(sql, row, 1, heartbeat, idmef_heartbeat_new_heartbeat_interval);
2134
2135 error:
2136 preludedb_sql_table_destroy(table);
2137
2138 return (ret < 0) ? ret : 1;
2139 }
2140
2141
2142
classic_get_heartbeat(preludedb_sql_t * sql,uint64_t ident,idmef_message_t ** message)2143 int classic_get_heartbeat(preludedb_sql_t *sql, uint64_t ident, idmef_message_t **message)
2144 {
2145 idmef_heartbeat_t *heartbeat;
2146 int ret;
2147
2148 ret = idmef_message_new(message);
2149 if ( ret < 0 )
2150 return ret;
2151
2152 ret = idmef_message_new_heartbeat(*message, &heartbeat);
2153 if ( ret < 0 )
2154 goto error;
2155
2156 ret = _get_heartbeat(sql, ident, heartbeat);
2157 if ( ret <= 0 )
2158 goto error;
2159
2160 ret = get_analyzer(sql, ident, 'H', heartbeat, (int (*)(void *, idmef_analyzer_t **, int)) idmef_heartbeat_new_analyzer);
2161 if ( ret < 0 )
2162 goto error;
2163
2164 ret = get_create_time(sql, ident, 'H', heartbeat, (int (*)(void *, idmef_time_t **)) idmef_heartbeat_new_create_time);
2165 if ( ret < 0 )
2166 goto error;
2167
2168 ret = get_analyzer_time(sql, ident, 'H', heartbeat, (int (*)(void *, idmef_time_t **)) idmef_heartbeat_new_analyzer_time);
2169 if ( ret < 0 )
2170 goto error;
2171
2172 ret = get_additional_data(sql, ident, 'H', heartbeat,
2173 (int (*)(void *, idmef_additional_data_t **, int)) idmef_heartbeat_new_additional_data);
2174 if ( ret < 0 )
2175 goto error;
2176
2177 return 0;
2178
2179 error:
2180 idmef_message_destroy(*message);
2181
2182 return ret;
2183 }
2184