// main.cpp // SNF_Client.exe // // (C) 2006-2008 ARM Research Labs, LLC. // See www.armresearch.com for the copyright terms. // // This program implements a client command line interface for systems using // SNF_Server. The operation is simple--- Given a file name to scan, pass the // file name to the SNF scanner on localhost and return the result code. #if defined(WIN32) || defined(WIN64) #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include "timing.hpp" #include "networking.hpp" #include "threading.hpp" #include "snf_xci.hpp" #include "config.h" using namespace std; // Introduce standard namespace. const char* VERSION_INFO = "SNF Client Version " PACKAGE_VERSION " Build: " __DATE__ " " __TIME__; time_t Timestamp() { // Get an ordinary timestamp. time_t rawtime; // Grab raw time from time(&rawtime); // the system clock. return rawtime; } string Timestamp(time_t t) { // Convert time_t to a timestamp. char TimestampBfr[20]; // Create a small buffer. tm* gmt; // Get a ptr to a tm structure. gmt = gmtime(&t); // Fill it with UTC. sprintf(TimestampBfr,"%04d%02d%02d%02d%02d%02d\0", // Format yyyymmddhhmmss gmt->tm_year+1900, gmt->tm_mon+1, gmt->tm_mday, gmt->tm_hour, gmt->tm_min, gmt->tm_sec ); return string(TimestampBfr); // Return a string. } string ErrorMessage(int argc, char** argv, string ErrorText) { // Create an error message. ostringstream FailurePreamble; // Setup a stringstream for formatting. string TimestampString = Timestamp(Timestamp()); // Get the UTC timestamp. FailurePreamble << TimestampString << ", "; // Start with the timestamp and for(int a = 1; a < argc; a++) { // then roll in all of the command FailurePreamble << "arg" << a << "=" << argv[a]; // line parameters. Follow that with if(a < argc-1) { FailurePreamble << ", "; } // a colon and the error itself. else { FailurePreamble << " : "; } } FailurePreamble << ErrorText << endl; // Tack on the error text. return FailurePreamble.str(); // Return the completed string. } int main(int argc, char* argv[]) { // Accept command line parms. // Figure out what we're going to do and create a suitable RequestString. bool DebugMode = false; // This will be our debug mode. string argv0(argv[0]); // Capture how we were called. if( string::npos != argv0.find("Debug") || // If we find "Debug" or string::npos != argv0.find("debug") // "debug" in our command path ) { // then we are in DebugMode. DebugMode = true; // Set the flag and tell the cout << "Debug Mode" << endl; // watchers. } string FileToScan; // What will we be scanning? string RequestString; // What will we send to the server? bool ItIsACommand = false; // Is it a command? bool ItIsAScan = false; // Is it a scan? bool GetXHDRs = false; // GetXHDRs with scan? bool ItIsAGBUdb = false; // Is it a GBUdb Request? bool ItIsAReport = false; // Is it a Status Report Request? switch(argc) { case 2: { // This is either a file or a command. FileToScan = argv[1]; // Status Report? -------------------------------------------------- if(0 == FileToScan.find("-status.second")) { // Status Second Report? If so: ItIsAReport = true; // Set the flag & format the request. RequestString = ""; } else if(0 == FileToScan.find("-status.minute")) { // Status Minute Report? If so: ItIsAReport = true; // Set the flag & format the request. RequestString = ""; } else if(0 == FileToScan.find("-status.hour")) { // Status Hour Report? If so: ItIsAReport = true; // Set the flag & format the request. RequestString = ""; } else if(0 == FileToScan.find("-shutdown")) { // If argv1 is -shutdown: ItIsACommand = true; // Set the command flag. if(DebugMode) { cout << "Command: shutdown" << endl; } // In debug - tell what we are doing. // Format the request. RequestString = "\n"; } else if('-' == FileToScan.at(0)) { // If argv1 still looks like -something goto BadCommandLine; // Complain and show the help text. } else { // If it does not then it is a file. ItIsAScan = true; // Set the scan flag. if(DebugMode) { cout << "Scan: " << FileToScan << endl; } // In debug - tell what we are doing. // Format the request. RequestString = "\n"); } break; } case 3: { // Special Scan Mode string CommandString = argv[1]; // -command FileToScan = argv[2]; // What file to scan? // XHeader Scan? --------------------------------------------------- if(0 == CommandString.find("-xhdr")) { // Scan file and show x headers. ItIsAScan = true; // Set the scan flag. GetXHDRs = true; // Turn on XHDRs for the scan. if(DebugMode) { cout << "(xhdr)Scan: " << FileToScan << endl; // In debug - tell what we are doing. } // Format the request. RequestString = "\n"); } else // Source Scan? ---------------------------------------------------- if(0 == CommandString.find("-source=")) { // Scan file with forced source. ItIsAScan = true; // Set the scan flag. const int SourceIPIndex = CommandString.find("=") + 1; // Find source after "-source=" IP4Address SourceIP = CommandString.substr(SourceIPIndex); // Extract the source IP. if(DebugMode) { cout << "([" << (string) SourceIP // In debug - tell what we are doing. << "])Scan: " << FileToScan << endl; } // Format the request. RequestString = "\n"); } else // GBUdb test? ----------------------------------------------------- if(0 == CommandString.find("-test")) { // GBUdb test IP ItIsAGBUdb = true; // Set the GBUdb flag. // Format the request. RequestString = "\n"); } else // GBUdb good? ----------------------------------------------------- if(0 == CommandString.find("-good")) { // GBUdb good IP event ItIsAGBUdb = true; // Set the GBUdb flag. // Format the request. RequestString = "\n"); } else // GBUdb bad? ------------------------------------------------------ if(0 == CommandString.find("-bad")) { // GBUdb bad IP event ItIsAGBUdb = true; // Set the GBUdb flag. // Format the request. RequestString = "\n"); } else // GBUdb drop? ----------------------------------------------------- if(0 == CommandString.find("-drop")) { // GBUdb drop IP ItIsAGBUdb = true; // Set the GBUdb flag. // Format the request. RequestString = "\n"); } else // Compatibility Scan? --------------------------------------------- if(CommandString.at(0) != '-') { // If we don't see -: ItIsAScan = true; // Set the scan flag. FileToScan = argv[2]; // Grab the message_file_name for if(DebugMode) { // a compatability scan and if cout << "(compat)Scan: " << FileToScan << endl; // debugging then announce it. } // Format the request. RequestString = "\n"); } else goto BadCommandLine; // If no match here, give help. break; } case 4: { string Command1String = argv[1]; // -command1 string Command2String = argv[2]; // -command2 FileToScan = argv[3]; // What file to scan? // XHeader Scan W/ Source IP? -------------------------------------- if(0 == Command1String.find("-source=")) { // If things are refersed string tmp = Command2String; // swap them to the order we Command2String = Command1String; // are expecting. If we're wrong Command1String = tmp; // then that case will be handled } // next step. if( 0 == Command1String.find("-xhdr") && 0 == Command2String.find("-source=") ) { // Scan file and show x headers. ItIsAScan = true; // Set the scan flag. GetXHDRs = true; // Turn on XHDRs for the scan. const int SourceIPIndex = Command2String.find("=") + 1; // Find source after "-source=" IP4Address SourceIP = Command1String.substr(SourceIPIndex); // Extract the source IP. if(DebugMode) { cout << "(xhdr [" << (string) SourceIP // In debug - tell what we are doing. << "])Scan: " << FileToScan << endl; } // Format the request. RequestString = "\n"); } else goto BadCommandLine; // If no match here, give help. break; } case 6: { // GBUdb set mode. string CommandString = argv[1]; // -command // GBUdb set? ------------------------------------------------------ if(0 == CommandString.find("-set")) { // GBUdb set IP ItIsAGBUdb = true; // Set the GBUdb flag. // Format the request. RequestString = "\n"); // Finish off our request. } else goto BadCommandLine; // If no match here, give help. break; } // Bad Command Line ---------------------------------------------------- default: { // If we don't know: show help. BadCommandLine: // Shortcut for others. cout << endl << VERSION_INFO << endl << endl << "Help:" << endl << endl << " To scan a message file use: " << endl << " SNFClient.exe [-xhdr] [-source=] " << endl << " or: SNFClient.exe " << endl << endl << " To test an IP with GBUdb use: " << endl << " SNFClient.exe -test " << endl << endl << " To update GBUdb records use: " << endl << " SNFClient.exe -set " << endl << " or: SNFClient.exe -drop " << endl << " or: SNFClient.exe -good " << endl << " or: SNFClient.exe -bad " << endl << endl << " To check SNFServer status use: " << endl << " SNFClient.exe -status.second" << endl << " or: SNFClient.exe -status.minute" << endl << " or: SNFClient.exe -status.hour" << endl << endl << " To shut down the SNFServer use: " << endl << " SNFClient.exe -shutdown" << endl << endl << " For more information see www.armresearch.com" << endl << " (C) 2007-2008 Arm Research Labs, LLC." << endl; return 0; // Return 0 on help. } } // If we're in debug mode this is a good time to emit our request string if(DebugMode) { cout << RequestString << endl; } // If debugging, show our request. // Since we're gonna do this -- prepare for an error string ERRFname; // The default error log name will ERRFname = argv[0]; // be the program file name with ERRFname.append(".err"); // .err tagged on the end. const int FailSafeResult = 0; // Fail Safe result code. const int StatusReportError = 99; // Unknown Error Code for status failures. // Connect to the server and get the result... string ResultString; // We need our result string. bool ConnectSuccess = false; // We need our success flag. // Max time in this loop should be (100*50ms) = 5 seconds per try times // 10 tries = 50 seconds, plus (9*500ms) = 4.5 secs for re-tries. ~ 55 secs. const int ResultBufferSize = 4096; char ResultBuffer[ResultBufferSize+1]; // Make an oversize buffer for the answer. memset(ResultBuffer, 0, sizeof(ResultBuffer)); // Set the entire thing to nulls. const int Tries = 20; // How many times to try this. Sleeper SleepAfterAttempt(100); // How long to sleep between attempts. const int OpenTries = 90; // How many tries at opening. Sleeper WaitForOpen(10); // How long to wait for an open cycle. const int ReadTries = 900; // How many tries at reading. Sleeper SleepBeforeReading(10); // How long to pause before reading. /* ** 20 * 100ms = 2 seconds for all tries. ** 90 * 10ms = 900ms for a failed connection. ** 900 * 10ms = 9 seconds for a failed read. ** ** Approximate wait for can't connect = 2.0 + (20 * 0.9) = ~ 20.0 seconds. ** Maximum impossible wait = 2.0 + (0.9 * 20) + (9.0 * 20) = 200.0 seconds. */ for(int tryagain = Tries; (0",ResultString.length())) { // If we don't have the end yet. continue; // Try again. } else { // If we got to end of line ConnectSuccess = true; // Success! break; // We're done. } } SNFServer.close(); // No need for our connection after that. } } catch(...) { } // Ignore errors for now. if(!ConnectSuccess) SleepAfterAttempt(); // Pause for a moment before trying again.. } if(!ConnectSuccess) { // If no connection success complain! if(DebugMode) { cout << FileToScan << ": "; cout << "Could Not Connect!" << endl; } ofstream ERRF(ERRFname.c_str(), ios::out | ios::ate | ios::app); ERRF << ErrorMessage(argc, argv, "Could Not Connect!"); ERRF.close(); if(ItIsAReport) { // If this was a status request then return StatusReportError; // return a failure value. } // In all other cases return zero as a else return FailSafeResult; // Fail Safe. } // At this point we should have a usable result. if(DebugMode) { cout << ResultString << endl; } // In debug, show the result string. snf_xci Reader(ResultString); // Interpret the data and check for if(Reader.bad()) { // a proper read. If it was bad then if(DebugMode) { cout << FileToScan << ": "; cout << "Bad result from server!" << endl; cout << ResultString << endl; } ofstream ERRF(ERRFname.c_str(), ios::out | ios::ate | ios::app); ERRF << ErrorMessage(argc, argv, // complain and spit out what we got "Bad result from server! " + ResultString); // for debugging purposes. return FailSafeResult; // Return our failsafe value. } if(0 < Reader.xci_error_message.length()) { // If the result was a general error if(DebugMode) { cout << FileToScan << ": "; cout << "XCI Error!: " << Reader.xci_error_message << endl; } ofstream ERRF(ERRFname.c_str(), ios::out | ios::ate | ios::app); ERRF << ErrorMessage(argc, argv, "XCI Error!: " + Reader.xci_error_message); // then spit that out return FailSafeResult; // and return the failsafe. } // If we got here we've successfully parsed the results. if(ItIsACommand) { // If it was a command then cout << " [Server Says: " << Reader.xci_server_response << "]" << endl; // show the response. } else if(ItIsAScan) { // If it was a scan then int ResultCode = Reader.scanner_result_code; // grab the result code. if(0 < Reader.scanner_result_xhdr.length()) { // If we have xheaders show them. cout << endl << Reader.scanner_result_xhdr << endl; } if(DebugMode) { cout << "(" << ResultCode << ")"; } if( (0 < ResultCode) && (64 > ResultCode) ) { // If the result code means SPAM if(DebugMode) { cout << "[spam]" << endl; } return ResultCode; // Return the result code. } else if(0 == ResultCode) { if(DebugMode) { cout << "[clean]" << endl; } return 0; } else { if(DebugMode) { cout << "[Fail Safe!]" << endl; } return FailSafeResult; } } else if(ItIsAGBUdb) { // If it was a GBUdb function then show cout // the results to whomever is watching. << "GBUdb Record for " << Reader.gbudb_result_ip << endl << " Type Flag: " << Reader.gbudb_result_type << endl << " Bad Count: " << Reader.gbudb_result_bad_count << endl << " Good Count: " << Reader.gbudb_result_good_count << endl << "Probability: " << Reader.gbudb_result_probability << endl << " Confidence: " << Reader.gbudb_result_confidence << endl << " Range: " << Reader.gbudb_result_range << endl << " Code: " << Reader.gbudb_result_code << endl << endl; return Reader.gbudb_result_code; } else if(ItIsAReport) { // If it was a report request then cout // output the report. Add a handy << endl << "" << endl // XML comment to help humans. << Reader.report_response << endl; return 0; } // You can't get here from there. if(DebugMode) { cout << "End Of Logic [Fail Safe!!]" << endl; } return FailSafeResult; }