|
Packit Service |
384592 |
/*
|
|
Packit Service |
384592 |
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
|
Packit Service |
384592 |
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* You may not use this file except in compliance with
|
|
Packit Service |
384592 |
* the License. You may obtain a copy of the License at
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* If any of the files related to licensing are missing or if you have any
|
|
Packit Service |
384592 |
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
Packit Service |
384592 |
* directly using the email address security@modsecurity.org.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#ifndef _ALP2_H_
|
|
Packit Service |
384592 |
#define _ALP2_H_
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include <apr_time.h>
|
|
Packit Service |
384592 |
#include <apr_uri.h>
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "alp2_pp.h"
|
|
Packit Service |
384592 |
#include "pcre.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* -- Data structures -- */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
typedef struct alp2_msg_t alp2_msg_t;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
struct alp2_msg_t {
|
|
Packit Service |
384592 |
const char *engine_message;
|
|
Packit Service |
384592 |
const char *target;
|
|
Packit Service |
384592 |
const char *id;
|
|
Packit Service |
384592 |
const char *rev;
|
|
Packit Service |
384592 |
const char *msg;
|
|
Packit Service |
384592 |
const char *data;
|
|
Packit Service |
384592 |
const char *file;
|
|
Packit Service |
384592 |
unsigned long file_line;
|
|
Packit Service |
384592 |
size_t offset;
|
|
Packit Service |
384592 |
int severity;
|
|
Packit Service |
384592 |
int warning;
|
|
Packit Service |
384592 |
apr_array_header_t *tags;
|
|
Packit Service |
384592 |
};
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
typedef struct auditlog2_t auditlog2_t;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
struct auditlog2_t {
|
|
Packit Service |
384592 |
apr_pool_t *mp;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Transaction data */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
const char *id;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_time_t timestamp;
|
|
Packit Service |
384592 |
unsigned int duration;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
const char *src_ip;
|
|
Packit Service |
384592 |
unsigned int src_port;
|
|
Packit Service |
384592 |
const char *dst_ip;
|
|
Packit Service |
384592 |
unsigned int dst_port;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Request */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
unsigned int request_line_valid;
|
|
Packit Service |
384592 |
const char *request_line;
|
|
Packit Service |
384592 |
const char *request_method;
|
|
Packit Service |
384592 |
const char *request_uri;
|
|
Packit Service |
384592 |
apr_uri_t *parsed_uri;
|
|
Packit Service |
384592 |
const char *request_protocol;
|
|
Packit Service |
384592 |
apr_table_t *request_headers;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Determine the hostname: The hostname from the URI is
|
|
Packit Service |
384592 |
* used where present, otherwise the value of the Host
|
|
Packit Service |
384592 |
* request header is used.
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* If neither of these two is available we will use the
|
|
Packit Service |
384592 |
* combination of the destination IP and port as hostname.
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* The resulting hostname may have the port attached.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
const char *hostname;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Response */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
const char *response_protocol;
|
|
Packit Service |
384592 |
unsigned int response_status;
|
|
Packit Service |
384592 |
const char *response_message;
|
|
Packit Service |
384592 |
apr_table_t *response_headers;
|
|
Packit Service |
384592 |
const char *response_tfn;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Other */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_table_t *trailer_headers;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
unsigned int was_intercepted;
|
|
Packit Service |
384592 |
unsigned int intercept_phase; /* -1 if interception did not happen */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
const char *producer;
|
|
Packit Service |
384592 |
const char *server;
|
|
Packit Service |
384592 |
const char *handler;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
const char *application_id;
|
|
Packit Service |
384592 |
const char *session_id;
|
|
Packit Service |
384592 |
const char *user_id;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_array_header_t *messages;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
alp2_pp_entry_t *pp_entry;
|
|
Packit Service |
384592 |
};
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
typedef struct alp2_t alp2_t;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
struct alp2_t {
|
|
Packit Service |
384592 |
apr_pool_t *mp;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void *user_data;
|
|
Packit Service |
384592 |
int (*user_callback)(alp2_t *alp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
alp2_pp_t *pp;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
unsigned int previous_part_id;
|
|
Packit Service |
384592 |
unsigned int part_line_counter;
|
|
Packit Service |
384592 |
unsigned int part_data_done;
|
|
Packit Service |
384592 |
unsigned int seen_part_h;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
unsigned int done;
|
|
Packit Service |
384592 |
unsigned int parse_error;
|
|
Packit Service |
384592 |
apr_array_header_t *errors;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Regular expression patterns. */
|
|
Packit Service |
384592 |
// TODO All these need reviewing
|
|
Packit Service |
384592 |
pcre *part_a_pattern;
|
|
Packit Service |
384592 |
pcre *request_line_pattern;
|
|
Packit Service |
384592 |
pcre *header_pattern;
|
|
Packit Service |
384592 |
pcre *response_line_pattern;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
pcre *trailer_action_pattern;
|
|
Packit Service |
384592 |
pcre *trailer_stopwatch_pattern;
|
|
Packit Service |
384592 |
pcre *trailer_webappinfo_pattern;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
auditlog2_t *auditlog;
|
|
Packit Service |
384592 |
};
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Higher-level (user) parser. */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* NOTE Parser will create a subpool for its own use, but each
|
|
Packit Service |
384592 |
* entry will be created in a separate subpool directly
|
|
Packit Service |
384592 |
* under the main pool. This allows the created audit log
|
|
Packit Service |
384592 |
* entries to survive the death of the parser.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* -- Functions -- */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int alp2_create(alp2_t **_alp, apr_pool_t *mp,
|
|
Packit Service |
384592 |
void *user_data, int (*user_callback)(alp2_t *alp));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int alp2_process(alp2_t *alp, const char *data, size_t len);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void alp2_destroy(alp2_t *alp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
auditlog2_t *alp2_auditlog_create(apr_pool_t *mp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void alp2_auditlog_destroy(auditlog2_t *al);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#endif
|