-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathevents.c
293 lines (249 loc) · 7.16 KB
/
events.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
/*
* Alertik: a tiny 'syslog' server & notification tool for Mikrotik routers.
* This is free and unencumbered software released into the public domain.
*/
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "events.h"
#include "notifiers.h"
#include "log.h"
#include "str.h"
/*
* Static events
*/
#define MIN(a,b) (((a)<(b))?(a):(b))
/* Misc. */
#define MAX_MATCHES 32
static regmatch_t pmatch[MAX_MATCHES];
/* Handlers. */
static void handle_wifi_login_attempts(struct log_event *, int);
struct static_event static_events[NUM_EVENTS] = {
/* Failed login attempts. */
{
.ev_match_str = "unicast key exchange timeout",
.hnd = handle_wifi_login_attempts,
.ev_match_type = EVNT_SUBSTR,
.enabled = 0,
.ev_notifier_idx = NOTIFY_IDX_TELE
},
/* Add new handlers here. */
};
/**
* @brief Retrieves the event string from the environment variables.
*
* @param ev_num Event number.
* @param str String identifier.
*
* @return Returns the event string.
*/
static char *get_event_str(long ev_num, char *str)
{
char *env;
char ev[64] = {0};
snprintf(ev, sizeof ev - 1, "STATIC_EVENT%ld_%s", ev_num, str);
if (!(env = getenv(ev)))
panic("Unable to find event for %s\n", ev);
return env;
}
/**
* @brief Retrieves the index of the event from the environment variables.
*
* @param ev_num Event number.
* @param str String identifier.
* @param str_list List of strings to match against.
* @param size Size of the string list.
*
* @return Returns the index of the matching event.
*/
static int
get_event_idx(long ev_num, char *str, const char *const *str_list, int size)
{
char *env = get_event_str(ev_num, str);
for (int i = 0; i < size; i++) {
if (!strcmp(env, str_list[i]))
return i;
}
panic("String parameter (%s) invalid for %s\n", env, str);
}
/**
* @brief Given an event, checks if it belongs to one of the
* registered events and then, handle it.
*
* @param ev Event to be processed.
*
* @return Returns the amount of matches, 0 if none (not handled).
*/
int process_static_event(struct log_event *ev)
{
int i;
int handled;
struct static_event *sta_ev;
for (i = 0, handled = 0; i < NUM_EVENTS; i++) {
/* Skip not enabled events. */
if (!static_events[i].enabled)
continue;
sta_ev = &static_events[i];
if (static_events[i].ev_match_type == EVNT_SUBSTR) {
if (strstr(ev->msg, static_events[i].ev_match_str)) {
static_events[i].hnd(ev, i);
handled += 1;
}
}
else {
if (regexec(&sta_ev->regex, ev->msg, MAX_MATCHES, pmatch, 0)) {
static_events[i].hnd(ev, i);
handled += 1;
}
}
}
return handled;
}
/**
* @brief Initialize static events.
*
* @return Returns 0 if there is no static event, and 1 if
* there is at least one _and_ is successfully configured.
*/
int init_static_events(void)
{
struct notifier *self;
char *ptr, *end;
long ev;
/* Check for: STATIC_EVENTS_ENABLED=0,3,5,2... */
ptr = getenv("STATIC_EVENTS_ENABLED");
if (!ptr || ptr[0] == '\0') {
log_msg("Static events not detected, disabling...\n");
return (0);
}
end = ptr;
errno = 0;
do
{
ev = strtol(end, &end, 10);
if (errno != 0 || ((ptr == end) && ev == 0))
panic("Unable to parse STATIC_EVENTS_ENABLED, aborting...\n");
/* Skip whitespaces. */
while (*end != '\0' && isspace(*end))
end++;
/* Check if ev number is sane. */
if (ev < 0 || ev >= NUM_EVENTS)
panic("Event (%ld) is not valid!, should be between 0-%d\n",
ev, NUM_EVENTS - 1);
/* Try to retrieve & initialize notifier for the event. */
static_events[ev].ev_notifier_idx =
get_event_idx(ev, "NOTIFIER", notifiers_str, NUM_NOTIFIERS);
static_events[ev].enabled = 1;
if (*end != ',' && *end != '\0')
panic("Wrong event number in STATIC_EVENTS_ENABLED, aborting...\n");
} while (*end++ != '\0');
log_msg("Static events summary:\n");
for (int i = 0; i < NUM_EVENTS; i++) {
if (!static_events[i].enabled)
continue;
log_msg("STATIC_EVENT%d : enabled\n", i);
log_msg("STATIC_EVENT%d_NOTIFIER: %s\n\n",
i, notifiers_str[static_events[i].ev_notifier_idx]);
/* Try to setup notifier if not yet. */
self = ¬ifiers[static_events[i].ev_notifier_idx];
self->setup(self);
/* If regex, compile it first. */
if (static_events[i].ev_match_type == EVNT_REGEX) {
if (regcomp(
&static_events[i].regex,
static_events[i].ev_match_str,
REG_EXTENDED))
{
panic("Unable to compile regex (%s) for EVENT%d!!!",
static_events[i].ev_match_str, i);
}
}
}
return 1;
}
///////////////////////////////////////////////////////////////////////////////
///////////////////////////// FAILED LOGIN ATTEMPTS ///////////////////////////
///////////////////////////////////////////////////////////////////////////////
/**
* @brief Parses the message pointed by @p msg and saves the
* read mac-address and interface in @p mac_addr and @wifi_iface.
*
* @param msg Buffer to be read and parsed.
* @param wifi_iface Output buffer that will contain the parsed
* device interface.
* @param mac_addr Output buffer that will contain the parsed
* mac address.
*
* @return Returns 0 if success, -1 otherwise.
*/
static int
parse_login_attempt_msg(const char *msg, char *wifi_iface, char *mac_addr)
{
size_t len = strlen(msg);
size_t tmp = 0;
size_t at = 0;
/* Find '@' and the last ' '. */
for (at = 0; at < len && msg[at] != '@'; at++) {
if (msg[at] == ' ')
tmp = at;
}
if (at == len || !tmp) {
log_msg("unable to parse additional data, ignoring...\n");
return -1;
}
memcpy(mac_addr, msg + tmp + 1, MIN(at - tmp - 1, 32));
/*
* Find network name.
* Assuming that the interface name does not have ':'...
*/
for (tmp = at + 1; tmp < len && msg[tmp] != ':'; tmp++);
if (tmp == len) {
log_msg("unable to find interface name!, ignoring..\n");
return -1;
}
memcpy(wifi_iface, msg + at + 1, MIN(tmp - at - 1, 32));
return (0);
}
/**
* @brief For a given log event @p ev and offset index @p idx_env,
* handle the event and send a notification message to the
* configured notifier.
*
* @param ev Log event structure.
* @param idx_env Event index.
*/
static void handle_wifi_login_attempts(struct log_event *ev, int idx_env)
{
char time_str[32] = {0};
char mac_addr[32] = {0};
char wifi_iface[32] = {0};
struct str_ab notif_message;
struct notifier *self;
int notif_idx;
int ret;
log_msg("> Login attempt detected!\n");
if (parse_login_attempt_msg(ev->msg, wifi_iface, mac_addr) < 0)
return;
ab_init(¬if_message);
/* Send our notification. */
ret = ab_append_fmt(¬if_message,
"There is someone trying to connect "
"to your WiFi: %s, with the mac-address: %s, at:%s",
wifi_iface,
mac_addr,
get_formatted_time(ev->timestamp, time_str)
);
if (ret)
return;
log_msg("> Retrieved info, MAC: (%s), Interface: (%s)\n", mac_addr, wifi_iface);
notif_idx = static_events[idx_env].ev_notifier_idx;
self = ¬ifiers[notif_idx];
if (self->send_notification(self, notif_message.buff) < 0) {
log_msg("unable to send the notification!\n");
return;
}
}
////////////////////////////// YOUR HANDLER HERE //////////////////////////////