src/preprocessors/HttpInspect/user_interface/hi_ui

00001 /**
00002 **  @file       hi_ui_config.c
00003 **
00004 **  @author     Daniel Roelker <droelker@sourcefire.com>
00005 **
00006 **  @brief      This file contains library calls to configure HttpInspect.
00007 **
00008 **  Copyright (C) 2003-2005 Sourcefire,Inc.
00009 **
00010 **  This file deals with configuring HttpInspect processing.  It contains
00011 **  routines to set a default configuration, add server configurations, etc.
00012 **
00013 **  NOTES:
00014 **
00015 **  - 2.10.03:  Initial Developments.  DJR
00016 **  - 2.4.05:   Added tab_uri_delimiter config option.  AJM.
00017 */
00018 #include <stdlib.h>
00019 #include <stdio.h>
00020 #include <string.h>
00021 #include <sys/types.h>
00022 #ifndef WIN32
00023 #include <sys/socket.h>
00024 #include <netinet/in.h>
00025 #include <arpa/inet.h>
00026 #endif
00027 
00028 #include "hi_return_codes.h"
00029 #include "hi_util_xmalloc.h"
00030 #include "hi_ui_server_lookup.h"
00031 #include "hi_ui_config.h"
00032 
00033 /*
00034 **  NAME
00035 **    hi_ui_config_init_global_conf::
00036 */
00037 /**
00038 **  Initialize the HttpInspect global configuration.
00039 **
00040 **  The main point of this function is to initialize the server
00041 **  lookup type.  We also do things like memset, etc.
00042 **
00043 **  @param GlobalConf pointer to the global configuration
00044 **
00045 **  @return integer
00046 **
00047 **  @retval HI_SUCCESS function successful
00048 **  @retval HI_MEM_ALLOC_FAIL could not allocate memory
00049 */
00050 int hi_ui_config_init_global_conf(HTTPINSPECT_GLOBAL_CONF *GlobalConf)
00051 {
00052     int iRet;
00053 
00054     memset(GlobalConf, 0x00, sizeof(HTTPINSPECT_GLOBAL_CONF));
00055 
00056     if((iRet = hi_ui_server_lookup_init(&GlobalConf->server_lookup)))
00057     {
00058         return iRet;
00059     }
00060 
00061     return HI_SUCCESS;
00062 }
00063 
00064 /*
00065 **  NAME
00066 **    hi_ui_config_default::
00067 */
00068 /**
00069 **  This function sets the global and the global_server default configuration.
00070 **
00071 **  In order to change the default configuration of HttpInspect, you must
00072 **  change this function.
00073 **
00074 **  @param GlobalConf pointer to the global configuration structure
00075 **  
00076 **  @return integer
00077 **
00078 **  @retval HI_INVALID_ARG  Fatal Error.  Undefined pointer to GlobalConf
00079 **  @retval HI_MEM_ALLOC_FAIL Fatal Error.  Memory Allocation Failed
00080 */
00081 int hi_ui_config_default(HTTPINSPECT_GLOBAL_CONF *GlobalConf)
00082 {
00083     if(GlobalConf == NULL)
00084     {
00085         return HI_INVALID_ARG;
00086     }
00087 
00088     /*
00089     **  Set Global Configurations
00090     */
00091     GlobalConf->inspection_type = HI_UI_CONFIG_STATELESS;
00092 
00093     /*
00094     **  Set Global Server Configurations
00095     */
00096     GlobalConf->global_server.port_count = 1;
00097     GlobalConf->global_server.ports[80] = 1;
00098 
00099     GlobalConf->global_server.flow_depth = 300;
00100     
00101     GlobalConf->global_server.chunk_length = 500000;
00102 
00103     GlobalConf->global_server.ascii.on = 1;
00104 
00105     GlobalConf->global_server.utf_8.on = 1;
00106 
00107     GlobalConf->global_server.multiple_slash.on = 1;
00108 
00109     GlobalConf->global_server.directory.on = 1;
00110 
00111     GlobalConf->global_server.webroot.on = 1;
00112     GlobalConf->global_server.webroot.alert = 1;
00113 
00114     GlobalConf->global_server.apache_whitespace.on = 1;
00115 
00116     GlobalConf->global_server.iis_delimiter.on = 1;
00117 
00118     GlobalConf->global_server.non_strict = 1;
00119 
00120     return HI_SUCCESS;
00121 }
00122 
00123 /*
00124 **  NAME
00125 **    hi_ui_config_reset_global::
00126 */
00127 /**
00128 **  This function resets the global parameters, THIS IS NOT THE GLOBAL
00129 **  SERVER CONFIGURATION.
00130 **
00131 **  @param GlobalConf pointer to the global configuration structure
00132 **
00133 **  @return integer
00134 **
00135 **  @return HI_SUCCESS function successful
00136 */
00137 int hi_ui_config_reset_global(HTTPINSPECT_GLOBAL_CONF *GlobalConf)
00138 {
00139     GlobalConf->inspection_type = 0;
00140     GlobalConf->iis_unicode_map = 0;
00141 
00142     return HI_SUCCESS;
00143 }
00144     
00145 /*
00146 **  NAME
00147 **    hi_ui_config_reset_server::
00148 */
00149 /**
00150 **  This function resets a server construct.
00151 **
00152 **  @param ServerConf pointer to the HTTPINSPECT_CONF structure
00153 **
00154 **  @return integer
00155 **
00156 **  @return HI_SUCCESS function successful
00157 */
00158 int hi_ui_config_reset_server(HTTPINSPECT_CONF *ServerConf)
00159 {
00160     memset(ServerConf, 0x00, sizeof(HTTPINSPECT_CONF));
00161 
00162     return HI_SUCCESS;
00163 }
00164 
00165 /*
00166 **  NAME
00167 **    hi_ui_set_profile_apache::
00168 */
00169 /**
00170 **  Set an HTTPINSPECT_CONF to mimic apache configuration.
00171 **
00172 **  This sets a server configuration to imitate an apache web server,
00173 **  and should reduce false positives against systems on which certain
00174 **  attacks or evasions do not work.  We hope to still log an event,
00175 **  but one that is less priority.
00176 **
00177 **  @param ServerConf pointer to structure HTTPINSPECT_CONF
00178 **
00179 **  @return integer
00180 **
00181 **  @retval HI_SUCCESS function successful
00182 **  @retval HI_MEM_ALLOC_FAIL memory allocation failed
00183 */
00184 int hi_ui_config_set_profile_apache(HTTPINSPECT_CONF *ServerConf)
00185 {
00186     /*
00187     **  Reset the structure so we can assume zeros.
00188     */
00189     hi_ui_config_reset_server(ServerConf);
00190 
00191     ServerConf->flow_depth = 300;
00192 
00193     ServerConf->non_strict = 1;
00194 
00195     ServerConf->chunk_length = 500000; 
00196 
00197     ServerConf->ascii.on = 1;
00198 
00199     ServerConf->multiple_slash.on = 1;
00200 
00201     ServerConf->directory.on = 1;
00202 
00203     ServerConf->webroot.on = 1;
00204     ServerConf->webroot.alert = 1;
00205 
00206     ServerConf->apache_whitespace.on = 1;
00207 
00208     ServerConf->utf_8.on = 1;
00209 
00210     ServerConf->tab_uri_delimiter = 1;
00211 
00212     return HI_SUCCESS;
00213 }
00214     
00215 /*
00216 **  NAME
00217 **    hi_ui_set_profile_iis::
00218 */
00219 /**
00220 **  Set an HTTPINSPECT_CONF to mimic IIS configuration.
00221 **
00222 **  This sets a server configuration to imitate an IIS web server,
00223 **  and should reduce false positives against systems on which certain
00224 **  attacks or evasions do not work.  We hope to still log an event,
00225 **  but one that is less priority.
00226 **
00227 **  @param ServerConf pointer to structure HTTPINSPECT_CONF
00228 **
00229 **  @return integer
00230 **
00231 **  @retval HI_SUCCESS function successful
00232 **  @retval HI_MEM_ALLOC_FAIL memory allocation failed
00233 */
00234 int hi_ui_config_set_profile_iis(HTTPINSPECT_CONF *ServerConf,
00235                                  int *iis_unicode_map)
00236 {
00237     if(iis_unicode_map == NULL)
00238     {
00239         return HI_INVALID_ARG;
00240     }
00241 
00242     /*
00243     **  Reset the structure so we can assume zeros.
00244     */
00245     hi_ui_config_reset_server(ServerConf);
00246 
00247     ServerConf->flow_depth = 300;
00248 
00249     ServerConf->chunk_length = 500000; 
00250 
00251     ServerConf->iis_unicode_map = iis_unicode_map;
00252 
00253     ServerConf->ascii.on = 1;
00254 
00255     ServerConf->multiple_slash.on = 1;
00256 
00257     ServerConf->directory.on = 1;
00258 
00259     ServerConf->webroot.on = 1;
00260     ServerConf->webroot.alert = 1;
00261 
00262     ServerConf->double_decoding.on    = 1;
00263     ServerConf->double_decoding.alert = 1;
00264 
00265     ServerConf->u_encoding.on         = 1;
00266     ServerConf->u_encoding.alert      = 1;
00267 
00268     ServerConf->bare_byte.on          = 1;
00269     ServerConf->bare_byte.alert       = 1;
00270 
00271     ServerConf->iis_unicode.on        = 1;
00272     ServerConf->iis_unicode.alert     = 1;
00273 
00274     ServerConf->iis_backslash.on      = 1;
00275 
00276     ServerConf->iis_delimiter.on      = 1;
00277 
00278     ServerConf->apache_whitespace.on  = 1;
00279 
00280     ServerConf->non_strict = 1;
00281 
00282     return HI_SUCCESS;
00283 }
00284 
00285 /*
00286 **  NAME
00287 **    hi_ui_set_profile_all::
00288 */
00289 /**
00290 **  Set an HTTPINSPECT_CONF to catch all attacks and evasions.
00291 **
00292 **  This basically turns on all the tricks and most of the
00293 **  alerts, so you won't miss anything that HttpInspect does.
00294 **
00295 **  @param ServerConf pointer to structure HTTPINSPECT_CONF
00296 **
00297 **  @return integer
00298 **
00299 **  @retval HI_SUCCESS function successful
00300 **  @retval HI_MEM_ALLOC_FAIL memory allocation failed
00301 */
00302 int hi_ui_config_set_profile_all(HTTPINSPECT_CONF *ServerConf,
00303                                  int *iis_unicode_map)
00304 {
00305     if(iis_unicode_map == NULL)
00306     {
00307         return HI_INVALID_ARG;
00308     }
00309 
00310     /*
00311     **  Reset the structure so we can assume zeros.
00312     */
00313     hi_ui_config_reset_server(ServerConf);
00314 
00315     ServerConf->flow_depth   = 300;
00316 
00317     ServerConf->chunk_length = 500000; 
00318 
00319     ServerConf->iis_unicode_map = iis_unicode_map;
00320 
00321     ServerConf->ascii.on = 1;
00322 
00323     ServerConf->multiple_slash.on = 1;
00324 
00325     ServerConf->directory.on = 1;
00326 
00327     ServerConf->webroot.on = 1;
00328     ServerConf->webroot.alert = 1;
00329 
00330     ServerConf->double_decoding.on    = 1;
00331     ServerConf->double_decoding.alert = 1;
00332 
00333     ServerConf->u_encoding.on         = 1;
00334     ServerConf->u_encoding.alert      = 1;
00335 
00336     ServerConf->bare_byte.on          = 1;
00337     ServerConf->bare_byte.alert       = 1;
00338 
00339     ServerConf->iis_unicode.on        = 1;
00340     ServerConf->iis_unicode.alert     = 1;
00341 
00342     ServerConf->iis_backslash.on      = 1;
00343 
00344     ServerConf->iis_delimiter.on      = 1;
00345 
00346     ServerConf->apache_whitespace.on     = 1;
00347 
00348     ServerConf->non_strict = 1;
00349 
00350     ServerConf->tab_uri_delimiter = 1;
00351 
00352     return HI_SUCCESS;
00353 }
00354 
00355 /*
00356 **  NAME
00357 **    hi_ui_config_add_server::
00358 */
00359 /**
00360 **  Add a server config to the HttpInspect configuration.
00361 **
00362 **  This function takes an IP address of a server and an HttpInspect
00363 **  configuration, and assigns the configuration to the IP address in
00364 **  a lookup table.
00365 **
00366 **  @param GlobalConf pointer to the global configuration
00367 **  @param ServerIp   the IP address of the server (in network byte order)
00368 **  @param ServerConf pointer to the server configuration
00369 **
00370 **  @return integer
00371 **
00372 **  @retval HI_SUCCESS function successful
00373 **  @retval HI_MEM_ALLOC_FAIL could not allocate memory
00374 **  @retval HI_NON_FATAL_ERR server has already been added
00375 */
00376 int hi_ui_config_add_server(HTTPINSPECT_GLOBAL_CONF *GlobalConf,
00377                             unsigned long ServerIP, HTTPINSPECT_CONF *ServerConf)
00378 {
00379     int iRet;
00380 
00381     if((iRet = hi_ui_server_lookup_add(GlobalConf->server_lookup, ServerIP, 
00382                                        ServerConf)))
00383     {
00384         /*
00385         **  Already added key will return a generic non-fatal
00386         **  error.
00387         */
00388         return iRet;
00389     }
00390 
00391     return HI_SUCCESS;
00392 
00393 }