Skip to content
This repository
Browse code

fixed: merge issue for db optimised pull request.

  • Loading branch information...
commit 2ecfbb15439227ce03e823ea8d3f94529f8c652b 2 parents 840528b + 0974b1d
Ian Firns authored January 31, 2012
11  src/barnyard2.c
@@ -993,12 +993,17 @@ static void SigExitHandler(int signal)
993 993
     if (exit_signal != 0)
994 994
         return;
995 995
 
  996
+    
  997
+
996 998
     /* Don't want to have to wait to start processing packets before
997 999
      * getting out of dodge */
998 1000
     if (barnyard2_initializing)
999 1001
         _exit(0);
1000 1002
 
1001 1003
     exit_signal = signal;
  1004
+
  1005
+    Barnyard2Cleanup(signal);
  1006
+
1002 1007
 }
1003 1008
 
1004 1009
 static void SigUsrHandler(int signal)
@@ -1007,11 +1012,17 @@ static void SigUsrHandler(int signal)
1007 1012
         return;
1008 1013
 
1009 1014
     usr_signal = signal;
  1015
+
  1016
+    Barnyard2Cleanup(signal);
  1017
+
  1018
+
1010 1019
 }
1011 1020
 
1012 1021
 static void SigHupHandler(int signal)
1013 1022
 {
1014 1023
     hup_signal = 1;
  1024
+    Barnyard2Cleanup(signal);
  1025
+
1015 1026
 }
1016 1027
 
1017 1028
 /****************************************************************************
86  src/map.c
@@ -31,7 +31,11 @@
31 31
 **   Ideas stolen liberally from:
32 32
 **     1. the orginal barnyard (A. Baker, M. Roesch)
33 33
 **
  34
+** 
  35
+**
  36
+**  
34 37
 ** TODO:
  38
+**   -ERROR CHECKING..........!@#$%@
35 39
 **   1. Convert existing linked lists to adaptive splayed trees.
36 40
 */
37 41
 
@@ -272,7 +276,7 @@ int ReadReferenceFile(Barnyard2Config *bc, const char *file)
272 276
             if(num_toks > 1)
273 277
             {
274 278
                 ParseReferenceSystemConfig(bc, toks[1]);
275  
-        count++;
  279
+		count++;
276 280
             }
277 281
 
278 282
             mSplitFree(&toks, num_toks);
@@ -291,6 +295,7 @@ int ReadReferenceFile(Barnyard2Config *bc, const char *file)
291 295
 /************************ Class/Priority Implementation ***********************/
292 296
 
293 297
 /* NOTE:  This lookup can only be done during parse time */
  298
+/* Wut ...*/
294 299
 ClassType * ClassTypeLookupByType(Barnyard2Config *bc, char *type)
295 300
 {
296 301
     ClassType *node;
@@ -315,6 +320,7 @@ ClassType * ClassTypeLookupByType(Barnyard2Config *bc, char *type)
315 320
 }
316 321
 
317 322
 /* NOTE:  This lookup can only be done during parse time */
  323
+/* Wut ...*/
318 324
 ClassType * ClassTypeLookupById(Barnyard2Config *bc, int id)
319 325
 {
320 326
     ClassType *node;
@@ -440,12 +446,12 @@ int ReadClassificationFile(Barnyard2Config *bc, const char *file)
440 446
     char        *index;
441 447
     char        **toks;
442 448
     int         num_toks;
443  
-  int         count = 0;
444  
-
445  
-
  449
+    int         count = 0;
  450
+    
  451
+    
446 452
     DEBUG_WRAP(DebugMessage(DEBUG_MAPS, "map: opening file %s\n", file););
447 453
     
448  
-  if((fd = fopen(file, "r")) == NULL)
  454
+    if((fd = fopen(file, "r")) == NULL)
449 455
     {
450 456
         LogMessage("ERROR: Unable to open Classification file '%s' (%s)\n", 
451 457
                 file, strerror(errno));
@@ -471,7 +477,7 @@ int ReadClassificationFile(Barnyard2Config *bc, const char *file)
471 477
             if(num_toks > 1)
472 478
             {
473 479
                 ParseClassificationConfig(bc, toks[1]);
474  
-        count++;
  480
+		count++;
475 481
             }
476 482
 
477 483
             mSplitFree(&toks, num_toks);
@@ -524,7 +530,9 @@ int ReadSidFile(Barnyard2Config *bc, const char *file)
524 530
             count++;
525 531
         }
526 532
     }
527  
-
  533
+    
  534
+    //LogMessage("Read [%u] signature \n",count);
  535
+    
528 536
   if(fd != NULL)
529 537
     fclose(fd);
530 538
 
@@ -620,6 +628,8 @@ void ParseSidMapLine(Barnyard2Config *bc, char *data)
620 628
     }
621 629
 
622 630
     mSplitFree(&toks, num_toks);
  631
+
  632
+    return;
623 633
 }
624 634
 
625 635
 SigNode *GetSigByGidSid(u_int32_t gid, u_int32_t sid)
@@ -644,13 +654,13 @@ SigNode *GetSigByGidSid(u_int32_t gid, u_int32_t sid)
644 654
     }
645 655
 
646 656
   /* create a default message since we didn't find any match */
647  
-  sn = CreateSigNode(&sigTypes);
  657
+    sn = CreateSigNode(&sigTypes);
648 658
     sn->generator = gid;
649 659
     sn->id = sid;
650 660
     sn->rev = 0;
651 661
     sn->msg = (char *)SnortAlloc(42);
652 662
     snprintf(sn->msg, 42, "Snort Alert [%u:%u:%u]", gid, sid, 0);
653  
-    
  663
+ 
654 664
     return sn;
655 665
 }
656 666
 
@@ -668,12 +678,15 @@ SigNode *CreateSigNode(SigNode **head)
668 678
         sn = *head;
669 679
 
670 680
         while (sn->next != NULL) 
671  
-      sn = sn->next;
672  
-
  681
+	    sn = sn->next;
  682
+	
673 683
         sn->next = (SigNode *) SnortAlloc(sizeof(SigNode));
674  
-
  684
+	
675 685
         return sn->next;
676 686
     }
  687
+    
  688
+    /* XXX */
  689
+    return NULL;
677 690
 }
678 691
 
679 692
 int ReadGenFile(Barnyard2Config *bc, const char *file)
@@ -706,16 +719,19 @@ int ReadGenFile(Barnyard2Config *bc, const char *file)
706 719
         if( (*index != '#') && (*index != 0x0a) && (index != NULL) )
707 720
         {
708 721
             ParseGenMapLine(index);
709  
-      count++;
  722
+	    count++;
710 723
         }
711 724
     }
712 725
 
  726
+    //LogMessage("Read [%u] gen \n",count);
  727
+
713 728
   if(fd != NULL)
714 729
     fclose(fd);
715 730
 
716 731
   return 0;
717 732
 }
718 733
 
  734
+
719 735
 void ParseGenMapLine(char *data)
720 736
 {
721 737
     char **toks;
@@ -723,16 +739,16 @@ void ParseGenMapLine(char *data)
723 739
     int i;
724 740
     char *idx;
725 741
     SigNode       *sn; 
726  
-
  742
+    
727 743
     toks = mSplitSpecial(data, "||", 32, &num_toks, '\0');
728  
-
  744
+    
729 745
     if(num_toks < 2)
730 746
     {
731 747
         LogMessage("WARNING: Ignoring bad line in SID file: \"%s\"\n", data);
732  
-    return;
  748
+	return;
733 749
     }
734  
-
735  
-  sn = CreateSigNode(&sigTypes);
  750
+    
  751
+    sn = CreateSigNode(&sigTypes);
736 752
     
737 753
     for(i=0; i<num_toks; i++)
738 754
     {
@@ -742,24 +758,24 @@ void ParseGenMapLine(char *data)
742 758
             
743 759
         switch(i)
744 760
         {
745  
-            case 0: /* gen */
746  
-        //TODO: error checking on conversion
747  
-                sn->generator = strtoul(idx, NULL, 10);
748  
-                break;
749  
-
750  
-            case 1: /* sid */
751  
-        //TODO: error checking on conversion
752  
-                sn->id = strtoul(idx, NULL, 10);
753  
-                break;
754  
-
755  
-            case 2: /* msg */
756  
-                sn->msg = SnortStrdup(idx);
757  
-                break;
758  
-
759  
-            default: 
760  
-                break;
  761
+	case 0: /* gen */
  762
+		//TODO: error checking on conversion
  763
+	    sn->generator = strtoul(idx, NULL, 10);
  764
+	    break;
  765
+	    
  766
+	case 1: /* sid */
  767
+		//TODO: error checking on conversion
  768
+	    sn->id = strtoul(idx, NULL, 10);
  769
+	    break;
  770
+	    
  771
+	case 2: /* msg */
  772
+	    sn->msg = SnortStrdup(idx);
  773
+	    break;
  774
+	    
  775
+	default: 
  776
+	    break;
761 777
         }
762 778
     }
763  
-
  779
+    
764 780
     mSplitFree(&toks, num_toks);
765 781
 }
45  src/map.h
@@ -64,6 +64,7 @@ typedef struct _ReferenceSystemNode
64 64
     char *name;
65 65
     char *url;
66 66
     struct _ReferenceSystemNode *next;
  67
+
67 68
 } ReferenceSystemNode;
68 69
 
69 70
 ReferenceSystemNode * ReferenceSystemAdd(ReferenceSystemNode **, char *, char *);
@@ -77,9 +78,9 @@ void DeleteReferenceSystems(struct _Barnyard2Config *);
77 78
 
78 79
 typedef struct _ReferenceNode
79 80
 {
80  
-	char *id;
81  
-    ReferenceSystemNode		*system;
82  
-	struct _ReferenceNode	*next;
  81
+    char *id;
  82
+    ReferenceSystemNode *system;
  83
+    struct _ReferenceNode *next;
83 84
 } ReferenceNode;
84 85
 
85 86
 ReferenceNode * AddReference(struct _Barnyard2Config *, ReferenceNode **, char *, char *);
@@ -88,20 +89,14 @@ void DeleteReferences(struct _Barnyard2Config *);
88 89
 
89 90
 typedef struct _ClassType
90 91
 {
91  
-	char				*type;		
92  
-	uint32_t			id;			
93  
-	char				*name;		/* "pretty" name */
94  
-	uint32_t			priority;	
95  
-	struct _ClassType	*next;
96  
-} ClassType;
  92
+    char *type;		
  93
+    char *name;		/* "pretty" name */
  94
+    uint32_t id;			
  95
+    uint32_t priority;	
  96
+    struct _ClassType	*next;
97 97
 
98  
-ClassType * ClassTypeLookupByType(struct _Barnyard2Config *, char *);
99  
-ClassType * ClassTypeLookupById(struct _Barnyard2Config *, int);
100 98
 
101  
-int ReadClassificationFile(struct _Barnyard2Config *, const char *);
102  
-void ParseClassificationConfig(struct _Barnyard2Config *, char *args);
103  
-
104  
-void DeleteClassTypes();
  99
+} ClassType;
105 100
 
106 101
 
107 102
 typedef struct _SigNode
@@ -109,15 +104,25 @@ typedef struct _SigNode
109 104
     uint32_t			generator;	/* generator ID */
110 105
     uint32_t			id;			/* Snort ID */
111 106
     uint32_t			rev;		/* revision (for future expansion) */
112  
-	uint32_t			class_id;
113  
-	ClassType			*classType;
114  
-	uint32_t			priority;			
115  
-    char				*msg;		/* messages */
  107
+    uint32_t			class_id;
  108
+    uint32_t			priority;			
  109
+    char			*msg;		/* messages */
  110
+    ClassType			*classType;
116 111
     ReferenceNode		*refs;		/* references (eg bugtraq) */
117  
-
118 112
     struct _SigNode		*next;
  113
+
119 114
 } SigNode;
120 115
 
  116
+
  117
+
  118
+ClassType * ClassTypeLookupByType(struct _Barnyard2Config *, char *);
  119
+ClassType * ClassTypeLookupById(struct _Barnyard2Config *, int);
  120
+
  121
+int ReadClassificationFile(struct _Barnyard2Config *, const char *);
  122
+void ParseClassificationConfig(struct _Barnyard2Config *, char *args);
  123
+
  124
+void DeleteClassTypes();
  125
+
121 126
 SigNode *GetSigByGidSid(uint32_t, uint32_t);
122 127
 
123 128
 int ReadSidFile(struct _Barnyard2Config *, const char *);
3  src/output-plugins/Makefile.am
@@ -21,7 +21,8 @@ spo_log_null.c spo_log_null.h \
21 21
 spo_log_tcpdump.c spo_log_tcpdump.h \
22 22
 spo_platypus.c spo_platypus.h \
23 23
 spo_sguil.c spo_sguil.h \
24  
-spo_database.c spo_database.h \
25 24
 spo_syslog_full.c spo_syslog.full.h
  25
+spo_database.c spo_database.h \ 
  26
+spo_database_cache.c spo_database_cache.h
26 27
 
27 28
 INCLUDES = -I.. -I ../sfutil
5,567  src/output-plugins/spo_database.c
3296 additions, 2271 deletions not shown
645  src/output-plugins/spo_database.h
@@ -20,11 +20,656 @@
20 20
 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 21
 */
22 22
 
  23
+/* NOTE: -elz this file is a mess and need some cleanup */
23 24
 /* $Id$ */
24 25
 
25 26
 #ifndef __SPO_DATABASE_H__
26 27
 #define __SPO_DATABASE_H__
27 28
 
  29
+#ifdef HAVE_CONFIG_H
  30
+#include "config.h"
  31
+#endif
  32
+
  33
+#include <sys/types.h>
  34
+#include <stdlib.h>
  35
+#include <string.h>
  36
+#include <time.h>
  37
+#include <unistd.h>
  38
+
  39
+#include "barnyard2.h"
  40
+#include "debug.h"
  41
+#include "decode.h"
  42
+#include "map.h"
  43
+#include "plugbase.h"
  44
+#include "parser.h"
  45
+#include "rules.h"
  46
+#include "unified2.h"
  47
+#include "util.h"
  48
+
  49
+#include "output-plugins/spo_database_cache.h"
  50
+
  51
+
  52
+/*
  53
+ * If you want extra debugging information for solving database
  54
+ * configuration problems, uncomment the following line.
  55
+ */
  56
+/* #define DEBUG */
  57
+
  58
+
  59
+#ifdef ENABLE_POSTGRESQL
  60
+# include <libpq-fe.h>
  61
+#endif
  62
+
  63
+#ifdef ENABLE_MYSQL
  64
+# if defined(_WIN32) || defined(_WIN64)
  65
+#  include <windows.h>
  66
+# endif
  67
+# include <mysql.h>
  68
+# include <errmsg.h>
  69
+#endif
  70
+
  71
+#ifdef ENABLE_ODBC
  72
+# include <sql.h>
  73
+# include <sqlext.h>
  74
+# include <sqltypes.h>
  75
+  /* The SQL Server libraries, for some reason I can't
  76
+   * understand, define their own constants for SQLRETURN
  77
+   * and SQLCHAR.  But, in SQL Server, these are numeric
  78
+   * values, not datatypes.  So we define datatypes here
  79
+   * with a non-conflicting name.
  80
+   */
  81
+typedef SQLRETURN ODBC_SQLRETURN;
  82
+typedef SQLCHAR   ODBC_SQLCHAR;
  83
+#endif
  84
+
  85
+#ifdef ENABLE_ORACLE
  86
+# include <oci.h>
  87
+#endif
  88
+
  89
+#ifdef ENABLE_MSSQL
  90
+# define DBNTWIN32
  91
+# include <windows.h>
  92
+# include <sqlfront.h>
  93
+# include <sqldb.h>
  94
+#endif
  95
+
  96
+#include "map.h"
  97
+#include "plugbase.h"
  98
+
  99
+#ifndef DATABASE_MAX_ESCAPE_STATIC_BUFFER_LEN
  100
+#define DATABASE_MAX_ESCAPE_STATIC_BUFFER_LEN 32768 /* Should theorically be enough to escape ....alot of queries */
  101
+#endif /* DATABASE_MAX_ESCAPE_STATIC_BUFFER_LEN */
  102
+
  103
+#ifndef MAX_QUERY_LENGTH 
  104
+//#define MAX_QUERY_LENGTH 8192
  105
+#define MAX_QUERY_LENGTH (65536 * 2) /* Lets add some space for payload decoding and query esaping..*/
  106
+#endif  /* MAX_QUERY_LENGTH */
  107
+
  108
+#ifndef MAX_SQL_QUERY_OPS
  109
+#define MAX_SQL_QUERY_OPS 20
  110
+#endif  /* MAX_SQL_QUERY_OPS */
  111
+
  112
+
  113
+/******** Data Types  **************************************************/
  114
+/* enumerate the supported databases */
  115
+enum db_types_en
  116
+{
  117
+    DB_ENUM_MIN_VAL = 0,
  118
+    DB_UNDEFINED  = 0,
  119
+    DB_MYSQL      = 1,
  120
+    DB_POSTGRESQL = 2,
  121
+    DB_MSSQL      = 3,
  122
+    DB_ORACLE     = 4,
  123
+    DB_ODBC       = 5,
  124
+    DB_ENUM_MAX_VAL = DB_ODBC /* This value has to be updated if a new dbms is inserted in the enum 
  125
+			         This is used for different function pointers used by the module depending on operation mode
  126
+			      */
  127
+};
  128
+typedef enum db_types_en dbtype_t;
  129
+
  130
+/* ------------------------------------------ 
  131
+   DATABASE CACHE Structure and objects
  132
+   ------------------------------------------ */
  133
+
  134
+/* 
  135
+   All those object could be referenced by one prototype and all
  136
+   call to allocation and list manipulation could be generalized, but
  137
+   for clarity and the purpose of this code (existance timeline), this was not done.
  138
+   
  139
+   Here is a breif cache layout.
  140
+   dbSystemObj
  141
+   						\
  142
+    dbReferenceObj <------------------ \
  143
+    \				       |
  144
+      dbSignatureCacheObj              /
  145
+       \---[dbReferenceObj * array] __/
  146
+       
  147
+    dbSignatureReferenceObj
  148
+									
  149
+*/
  150
+
  151
+#ifndef MAX_SIGLOOKUP
  152
+#define MAX_SIGLOOKUP 255
  153
+#endif /* MAX_SIGLOOKUP */
  154
+
  155
+/* ------------------------------------------
  156
+ * REFERENCE OBJ 
  157
+ ------------------------------------------ */
  158
+typedef struct _dbReferenceObj
  159
+{
  160
+    u_int32_t ref_id;
  161
+    u_int32_t system_id; /* used by fetch for match else refer to parent.*/
  162
+    char ref_tag[REF_TAG_LEN]; 
  163
+    struct _cacheSystemObj *parent;
  164
+    
  165
+} dbReferenceObj;
  166
+
  167
+typedef struct _cacheReferenceObj
  168
+{
  169
+    dbReferenceObj obj;
  170
+    u_int32_t flag; /* Where its at */
  171
+    struct _cacheReferenceObj *next;
  172
+    
  173
+} cacheReferenceObj;
  174
+/* ------------------------------------------
  175
+ * REFERENCE OBJ 
  176
+ ------------------------------------------ */
  177
+
  178
+/* ------------------------------------------
  179
+ * SYSTEM OBJ 
  180
+ ------------------------------------------ */
  181
+typedef struct _dbSystemObj
  182
+{
  183
+    u_int32_t ref_system_id;
  184
+    u_int32_t db_ref_system_id;
  185
+    char ref_system_name[SYSTEM_NAME_LEN];
  186
+    char ref_system_url[SYSTEM_URL_LEN];
  187
+    cacheReferenceObj *refList;
  188
+
  189
+} dbSystemObj;
  190
+
  191
+typedef struct _cacheSystemObj
  192
+{
  193
+    dbSystemObj obj;
  194
+    u_int32_t flag; /* Where its at */
  195
+    struct _cacheSystemObj *next;
  196
+    
  197
+} cacheSystemObj;
  198
+/* ------------------------------------------
  199
+ * SYSTEM OBJ 
  200
+ ------------------------------------------ */
  201
+
  202
+/* ------------------------------------------
  203
+ * SIGNATUREREFERENCE OBJ
  204
+ ------------------------------------------ */
  205
+typedef struct _dbSignatureReferenceObj
  206
+{
  207
+    u_int32_t db_ref_id;
  208
+    u_int32_t db_sig_id;
  209
+    u_int32_t ref_seq;
  210
+    
  211
+} dbSignatureReferenceObj;
  212
+
  213
+
  214
+typedef struct _cacheSignatureReferenceObj
  215
+{
  216
+    dbSignatureReferenceObj obj;
  217
+    u_int32_t flag; /* Where its at */
  218
+    struct _cacheSignatureReferenceObj *next;
  219
+    
  220
+} cacheSignatureReferenceObj;
  221
+/* ------------------------------------------
  222
+ * SIGNATUREREFERENCE OBJ
  223
+ ------------------------------------------ */
  224
+
  225
+/* -----------------------------------------
  226
+ * CLASSIFICATION OBJ
  227
+ ------------------------------------------ */
  228
+typedef struct _dbClassificationObj
  229
+{
  230
+    u_int32_t sig_class_id;
  231
+    u_int32_t db_sig_class_id;
  232
+    char sig_class_name[CLASS_NAME_LEN];
  233
+    
  234
+} dbClassificationObj;
  235
+
  236
+typedef struct _cacheClassificationObj
  237
+{
  238
+    dbClassificationObj obj;
  239
+    u_int32_t flag; /* Where its at */
  240
+
  241
+    struct _cacheClassificationObj *next;
  242
+    
  243
+} cacheClassificationObj;
  244
+/* ------------------------------------------
  245
+ * CLASSIFICATION OBJ
  246
+ ------------------------------------------ */
  247
+
  248
+/* ------------------------------------------
  249
+ * SIGNATURE OBJ
  250
+ ------------------------------------------ */
  251
+typedef struct _dbSignatureObj
  252
+{
  253
+    u_int32_t db_id;
  254
+    u_int32_t sid;
  255
+    u_int32_t gid;
  256
+    u_int32_t rev;
  257
+    u_int32_t class_id;
  258
+    u_int32_t priority_id;
  259
+    char message[SIG_MSG_LEN];
  260
+    
  261
+    /* Eliminate alot of useless lookup */
  262
+    cacheReferenceObj *ref[MAX_REF_OBJ]; /* Used for backward lookup */
  263
+    u_int32_t ref_count;                 /* Used for count on ref's  */
  264
+    /* Eliminate alot of useless lookup */    
  265
+
  266
+} dbSignatureObj;
  267
+
  268
+
  269
+typedef struct _cacheSignatureObj
  270
+{
  271
+    dbSignatureObj obj;
  272
+    u_int32_t flag; /* Where its at */
  273
+    struct _cacheSignatureObj *next;
  274
+    
  275
+} cacheSignatureObj;
  276
+/* ------------------------------------------
  277
+ * SIGNATURE OBJ
  278
+ ------------------------------------------ */
  279
+
  280
+
  281
+/* ------------------------------------------
  282
+ * Used for lookup in case multiple signature 
  283
+ * with same sid:gid couple exist but have different
  284
+ * rev,class and priority 
  285
+ ------------------------------------------ */
  286
+typedef struct _PluginSignatureObj
  287
+{
  288
+    cacheSignatureObj *cacheSigObj;
  289
+
  290
+} plgSignatureObj;
  291
+/* ------------------------------------------
  292
+ * Used for lookup in case multiple signature 
  293
+ * with same sid:gid couple exist but have different
  294
+ * rev,class and priority 
  295
+ ------------------------------------------ */
  296
+
  297
+/* ------------------------------------------
  298
+   Main cache entry point (used by DatabaseData->mc)
  299
+ ------------------------------------------ */
  300
+typedef struct _masterCache
  301
+{
  302
+    cacheClassificationObj *cacheClassificationHead;
  303
+    cacheSignatureObj *cacheSignatureHead;
  304
+    cacheSystemObj *cacheSystemHead;
  305
+    cacheSignatureReferenceObj *cacheSigReferenceHead;
  306
+    plgSignatureObj plgSigCompare[MAX_SIGLOOKUP]; /* Used by spo_database when querying the cache for signature match */
  307
+    
  308
+} MasterCache;
  309
+/* ------------------------------------------
  310
+   Main cache entry point (used by DatabaseData->mc)
  311
+ ------------------------------------------ */
  312
+
  313
+/* ------------------------------------------ 
  314
+   DATABASE CACHE Structure and objects
  315
+   ------------------------------------------ */
  316
+
  317
+/* Replace dynamic query node */
  318
+typedef struct _SQLQueryList
  319
+{
  320
+    u_int32_t query_total;
  321
+    u_int32_t query_count;
  322
+    char **query_array;
  323
+    
  324
+} SQLQueryList;
  325
+/* Replace dynamic query node */
  326
+
  327
+
  328
+/*  Databse Reliability  */ 
  329
+typedef struct _dbReliabilityHandle
  330
+{
  331
+
  332
+    u_int32_t dbConnectionCount;    /* Count of effective reconnection */
  333
+    u_int32_t dbConnectionLimit;    /* Limit or reconnection try */
  334
+    u_int32_t dbLimitReachFailsafe; /* Limit of time we wrap the reconnection try */
  335
+    u_int32_t dbConnectionStat;   /* Database Connection status (barnyard2) */
  336
+    u_int32_t dbReconnectedInTransaction;
  337
+    
  338
+    struct timespec dbReconnectSleepTime;    /* Sleep time (milisec) before attempting a reconnect */
  339
+    
  340
+    u_int8_t checkTransaction; /* If set , we are in transaction */
  341
+    u_int8_t transactionCallFail; /* if(checkTransaction) && error set ! */
  342
+    u_int8_t transactionErrorCount; /* Number of transaction fail for a single transaction (Reset by sucessfull commit)*/
  343
+    u_int8_t transactionErrorThreshold; /* Consider the transaction threshold to be the same as reconnection maxiumum */
  344
+        
  345
+    
  346
+    struct _DatabaseData *dbdata; /* Pointer to parent structure used for call clarity */
  347
+    
  348
+#ifdef ENABLE_MYSQL
  349
+    /* Herited from shared data globals */
  350
+    char     *ssl_key;
  351
+    char     *ssl_cert;
  352
+    char     *ssl_ca;
  353
+    char     *ssl_ca_path;
  354
+    char     *ssl_cipher;
  355
+    /* Herited from shared data globals */
  356
+
  357
+    unsigned long pThreadID; /* Used to store thread information and know if we "reconnected automaticaly" */
  358
+    my_bool mysql_reconnect; /* We will handle it via the api. */
  359
+#endif /* ENABLE_MYSQL */
  360
+
  361
+#ifdef ENABLE_POSTGRESQL
  362
+    /* Herited from shared data globals */
  363
+    char     *ssl_mode;
  364
+    /* Herited from shared data globals */
  365
+#endif
  366
+
  367
+#ifdef ENABLE_ODBC
  368
+#endif
  369
+
  370
+#ifdef ENABLE_ORACLE
  371
+#endif
  372
+    
  373
+#ifdef ENABLE_MSSQL
  374
+#endif
  375
+    
  376
+    /* Set by dbms specific setup function */
  377
+    u_int32_t (*dbConnectionStatus)(struct _dbReliabilityHandle *);
  378
+} dbReliabilityHandle;
  379
+/*  Databse Reliability  */
  380
+
  381
+typedef struct _DatabaseData
  382
+{
  383
+    u_short  dbtype_id;
  384
+    char  *facility;
  385
+    char  *password;
  386
+    char  *user;
  387
+    char  *port;
  388
+    char  *sensor_name;
  389
+    int    encoding;
  390
+    int    detail;
  391
+    int    ignore_bpf;
  392
+    int    tz;
  393
+    int    DBschema_version;
  394
+
  395
+    char     *dbname;
  396
+    char     *host;
  397
+    int       sid;
  398
+    int       cid;
  399
+    int       reference;
  400
+    int       use_ssl;
  401
+    
  402
+    /* Some static allocated buffers, they might need some cleanup before release */
  403
+    char timestampHolder[SMALLBUFFER]; /* For timestamp conversion .... */
  404
+    char PacketDataNotEscaped[MAX_QUERY_LENGTH];
  405
+    char PacketData[MAX_QUERY_LENGTH];
  406
+    char sanitize_buffer[DATABASE_MAX_ESCAPE_STATIC_BUFFER_LEN];
  407
+    /* Some static allocated buffers, they might need some cleanup before release */
  408
+    
  409
+    /* Used for generic queries if you need consequtives queries uses SQLQueryList*/
  410
+    char *SQL_SELECT; 
  411
+    char *SQL_INSERT; 
  412
+    
  413
+    u_int32_t SQL_SELECT_SIZE;
  414
+    u_int32_t SQL_INSERT_SIZE;
  415
+    /* Used for generic queries if you need consequtives queries uses SQLQueryList*/
  416
+
  417
+    SQLQueryList SQL; 
  418
+    MasterCache mc;
  419
+    
  420
+#ifdef ENABLE_POSTGRESQL
  421
+    PGconn * p_connection;
  422
+    PGresult * p_result;
  423
+#endif
  424
+#ifdef ENABLE_MYSQL
  425
+    MYSQL * m_sock;
  426
+    MYSQL_RES * m_result;
  427
+    MYSQL_ROW m_row;
  428
+#endif
  429
+#ifdef ENABLE_ODBC
  430
+    SQLHENV u_handle;
  431
+    SQLHDBC u_connection;
  432
+    SQLHSTMT u_statement;
  433
+    SQLINTEGER  u_col;
  434
+    SQLINTEGER  u_rows;
  435
+    dbtype_t    u_underlying_dbtype_id;
  436
+#endif
  437
+#ifdef ENABLE_ORACLE
  438
+    OCIEnv *o_environment;
  439
+    OCISvcCtx *o_servicecontext;
  440
+    OCIBind *o_bind;
  441
+    OCIError *o_error;
  442
+    OCIStmt *o_statement;
  443
+    OCIDefine *o_define;
  444
+    text o_errormsg[512];
  445
+    sb4 o_errorcode;
  446
+#endif
  447
+#ifdef ENABLE_MSSQL
  448
+    PDBPROCESS  ms_dbproc;
  449
+    PLOGINREC   ms_login;
  450
+    DBINT       ms_col;
  451
+#endif
  452
+    char *args;
  453
+    
  454
+/*  Databse Reliability  */ 
  455
+/*
  456
+  Defining an array of dbReliabilityHandle will enlarge the structure memory footprint 
  457
+  but it will enable support for compilation with multiple dbms. Be sure to update DB_ENUM_MAX_VAL
  458
+  if you add a specific database support like some NoSQL *winks*.
  459
+*/
  460
+    struct _dbReliabilityHandle dbRH[DB_ENUM_MAX_VAL]; 
  461
+/*  Databse Reliability  */     
  462
+    
  463
+} DatabaseData;
  464
+
  465
+
  466
+/******** Constants  ***************************************************/
  467
+#define KEYWORD_POSTGRESQL   "postgresql"
  468
+#define KEYWORD_MYSQL        "mysql"
  469
+#define KEYWORD_ODBC         "odbc"
  470
+#define KEYWORD_ORACLE       "oracle"
  471
+#define KEYWORD_MSSQL        "mssql"
  472
+
  473
+#define KEYWORD_HOST         "host"
  474
+#define KEYWORD_PORT         "port"
  475
+#define KEYWORD_USER         "user"
  476
+#define KEYWORD_PASSWORD     "password"
  477
+#define KEYWORD_DBNAME       "dbname"
  478
+#define KEYWORD_SENSORNAME   "sensor_name"
  479
+#define KEYWORD_ENCODING     "encoding"
  480
+    #define KEYWORD_ENCODING_HEX      "hex"
  481
+    #define KEYWORD_ENCODING_BASE64   "base64"
  482
+    #define KEYWORD_ENCODING_ASCII    "ascii"
  483
+#define KEYWORD_DETAIL       "detail"
  484
+    #define KEYWORD_DETAIL_FULL  "full"
  485
+    #define KEYWORD_DETAIL_FAST  "fast"
  486
+#define KEYWORD_IGNOREBPF    "ignore_bpf"
  487
+#define KEYWORD_IGNOREBPF_NO   "no"
  488
+#define KEYWORD_IGNOREBPF_ZERO "0"
  489
+#define KEYWORD_IGNOREBPF_YES  "yes"
  490
+#define KEYWORD_IGNOREBPF_ONE  "1"
  491
+
  492
+
  493
+#define KEYWORD_CONNECTION_LIMIT "connection_limit"
  494
+#define KEYWORD_RECONNECT_SLEEP_TIME "reconnect_sleep_time"
  495
+
  496
+#define KEYWORD_MYSQL_RECONNECT "mysql_reconnect"
  497
+
  498
+#ifdef ENABLE_MYSQL
  499
+#   define KEYWORD_SSL_KEY     "ssl_key"
  500
+#   define KEYWORD_SSL_CERT    "ssl_cert"
  501
+#   define KEYWORD_SSL_CA      "ssl_ca"
  502
+#   define KEYWORD_SSL_CA_PATH "ssl_ca_path"
  503
+#   define KEYWORD_SSL_CIPHER  "ssl_cipher"
  504
+#endif
  505
+
  506
+#ifdef ENABLE_POSTGRESQL
  507
+#   define KEYWORD_SSL_MODE  "ssl_mode"
  508
+#   define KEYWORD_SSL_MODE_DISABLE "disable"
  509
+#   define KEYWORD_SSL_MODE_ALLOW   "allow"
  510
+#   define KEYWORD_SSL_MODE_PREFER  "prefer"
  511
+#   define KEYWORD_SSL_MODE_REQUIRE "require"
  512
+#endif
  513
+
  514
+#define LATEST_DB_SCHEMA_VERSION 107
  515
+
  516
+
  517
+/******** fatals *******************************************************/
  518
+/*
  519
+  NOTE: -elz 
  520
+  Some of those messages have been removed but they will be added and cleaned before release 
  521
+*/
  522
+
  523
+/* these strings deliberately break fatal error messages into
  524
+   chunks with lengths < 509 to keep ISO C89 compilers happy
  525
+ */
  526
+
  527
+static const char* FATAL_NO_SENSOR_1 =
  528
+    " When this plugin starts, a SELECT query is run to find the sensor id for the\n"
  529
+    " currently running sensor. If the sensor id is not found, the plugin will run\n"
  530
+    " an INSERT query to insert the proper data and generate a new sensor id. Then a\n"
  531
+    " SELECT query is run to get the newly allocated sensor id. If that fails then\n"
  532
+    " this error message is generated.\n";
  533
+
  534
+static const char* FATAL_NO_SENSOR_2 =
  535
+    " Some possible causes for this error are:\n"
  536
+    "  * the user does not have proper INSERT or SELECT privileges\n"
  537
+    "  * the sensor table does not exist\n"
  538
+    "\n"
  539
+    " If you are _absolutely_ certain that you have the proper privileges set and\n"
  540
+    " that your database structure is built properly please let me know if you\n"
  541
+    " continue to get this error. You can contact me at (roman@danyliw.com).\n";
  542
+
  543
+static const char* FATAL_BAD_SCHEMA_1 =
  544
+    "database: The underlying database has not been initialized correctly.  This\n"
  545
+    "          version of Snort requires version %d of the DB schema.  Your DB\n"
  546
+    "          doesn't appear to have any records in the 'schema' table.\n%s";
  547
+
  548
+static const char* FATAL_BAD_SCHEMA_2 =
  549
+    "          Please re-run the appropriate DB creation script (e.g. create_mysql,\n"
  550
+    "          create_postgresql, create_oracle, create_mssql) located in the\n"
  551
+    "          contrib\\ directory.\n\n"
  552
+    "          See the database documentation for cursory details (doc/README.database).\n"
  553
+    "          and the URL to the most recent database plugin documentation.\n";
  554
+
  555
+static const char* FATAL_OLD_SCHEMA_1 =
  556
+    "database: The underlying database seems to be running an older version of\n"
  557
+    "          the DB schema (current version=%d, required minimum version= %d).\n\n"
  558
+    "          If you have an existing database with events logged by a previous\n"
  559
+    "          version of snort, this database must first be upgraded to the latest\n"
  560
+    "          schema (see the snort-users mailing list archive or DB plugin\n"
  561
+    "          documention for details).\n%s\n";
  562
+
  563
+static const char* FATAL_OLD_SCHEMA_2 =
  564
+    "          If migrating old data is not desired, merely create a new instance\n"
  565
+    "          of the snort database using the appropriate DB creation script\n"
  566
+    "          (e.g. create_mysql, create_postgresql, create_oracle, create_mssql)\n"
  567
+    "          located in the contrib\\ directory.\n\n"
  568
+    "          See the database documentation for cursory details (doc/README.database).\n"
  569
+    "          and the URL to the most recent database plugin documentation.\n";
  570
+
  571
+static const char* FATAL_NO_SUPPORT_1 =
  572
+    "If this build of snort was obtained as a binary distribution (e.g., rpm,\n"
  573
+    "or Windows), then check for alternate builds that contains the necessary\n"
  574
+    "'%s' support.\n\n"
  575
+    "If this build of snort was compiled by you, then re-run the\n"
  576
+    "the ./configure script using the '--with-%s' switch.\n"
  577
+    "For non-standard installations of a database, the '--with-%s=DIR'\n%s";
  578
+
  579
+static const char* FATAL_NO_SUPPORT_2 =
  580
+    "syntax may need to be used to specify the base directory of the DB install.\n\n"
  581
+    "See the database documentation for cursory details (doc/README.database).\n"
  582
+    "and the URL to the most recent database plugin documentation.\n";
  583
+
28 584
 void DatabaseSetup(void);
29 585
 
  586
+
  587
+
  588
+
  589
+/* The following is for supporting Microsoft SQL Server */
  590
+#ifdef ENABLE_MSSQL
  591
+
  592
+/* If you want extra debugging information (specific to
  593
+   Microsoft SQL Server), uncomment the following line. */
  594
+#define ENABLE_MSSQL_DEBUG
  595
+
  596
+#if defined(DEBUG) || defined(ENABLE_MSSQL_DEBUG)
  597
+    /* this is for debugging purposes only */
  598
+    static char g_CurrentStatement[2048];
  599
+    #define SAVESTATEMENT(str)   strncpy(g_CurrentStatement, str, sizeof(g_CurrentStatement) - 1);
  600
+    #define CLEARSTATEMENT()     bzero((char *) g_CurrentStatement, sizeof(g_CurrentStatement));
  601
+#else
  602
+    #define SAVESTATEMENT(str)   NULL;
  603
+    #define CLEARSTATEMENT()     NULL;
  604
+#endif /* DEBUG || ENABLE_MSSQL_DEBUG*/
  605
+
  606
+    /* Prototype of SQL Server callback functions.
  607
+     * See actual declaration elsewhere for details.
  608
+     */
  609
+    static int mssql_err_handler(PDBPROCESS dbproc, int severity, int dberr,
  610
+                                 int oserr, LPCSTR dberrstr, LPCSTR oserrstr);
  611
+    static int mssql_msg_handler(PDBPROCESS dbproc, DBINT msgno, int msgstate,
  612
+                                 int severity, LPCSTR msgtext, LPCSTR srvname, LPCSTR procname,
  613
+                                 DBUSMALLINT line);
  614
+#endif /* ENABLE_MSSQL */
  615
+
  616
+
  617
+/******** Prototypes  **************************************************/
  618
+/* NOTE: -elz prototypes will need some cleanup before release */
  619
+DatabaseData *InitDatabaseData(char *args);
  620
+char *snort_escape_string(char *, DatabaseData *);
  621
+u_int32_t snort_escape_string_STATIC(char *from, u_int32_t buffer_max_len ,DatabaseData *data);
  622
+
  623
+void DatabaseInit(char *);
  624
+void DatabaseInitFinalize(int unused, void *arg);
  625
+void ParseDatabaseArgs(DatabaseData *data);
  626
+void Database(Packet *, void *, uint32_t, void *);
  627
+void SpoDatabaseCleanExitFunction(int, void *);
  628
+void SpoDatabaseRestartFunction(int, void *);
  629
+void InitDatabase();
  630
+void Connect(DatabaseData *);
  631
+void DatabasePrintUsage();
  632
+
  633
+int Insert(char *, DatabaseData *);
  634
+int Select(char *, DatabaseData *,u_int32_t *);
  635
+int UpdateLastCid(DatabaseData *, int, int);
  636
+int GetLastCid(DatabaseData *, int,u_int32_t *);
  637
+int CheckDBVersion(DatabaseData *);
  638
+
  639
+u_int32_t BeginTransaction(DatabaseData * data);
  640
+u_int32_t CommitTransaction(DatabaseData * data);
  641
+u_int32_t RollbackTransaction(DatabaseData * data);
  642
+
  643
+
  644
+u_int32_t checkDatabaseType(DatabaseData *data);
  645
+u_int32_t checkTransactionState(dbReliabilityHandle *pdbRH);
  646
+u_int32_t checkTransactionCall(dbReliabilityHandle *pdbRH);
  647
+u_int32_t  dbReconnectSetCounters(dbReliabilityHandle *pdbRH);
  648
+u_int32_t MYSQL_ManualConnect(DatabaseData *dbdata);
  649
+u_int32_t dbConnectionStatusMYSQL(dbReliabilityHandle *pdbRH);
  650
+
  651
+void resetTransactionState(dbReliabilityHandle *pdbRH);
  652
+void setTransactionState(dbReliabilityHandle *pdbRH);
  653
+void setTransactionCallFail(dbReliabilityHandle *pdbRH);
  654
+
  655
+u_int32_t getReconnectState(dbReliabilityHandle *pdbRH);
  656
+void setReconnectState(dbReliabilityHandle *pdbRH,u_int32_t reconnection_state);
  657
+
  658
+void DatabaseCleanSelect(DatabaseData *data);
  659
+void DatabaseCleanInsert(DatabaseData *data);
  660
+
  661
+u_int32_t ConvertDefaultCache(Barnyard2Config *bc,DatabaseData *data);
  662
+u_int32_t CacheSynchronize(DatabaseData *data);
  663
+u_int32_t cacheEventClassificationLookup(cacheClassificationObj *iHead,u_int32_t iClass_id);
  664
+u_int32_t cacheEventSignatureLookup(cacheSignatureObj *iHead,
  665
+                                    plgSignatureObj *sigContainer,
  666
+                                    u_int32_t gid,
  667
+                                    u_int32_t sid);
  668
+u_int32_t SignatureCacheInsertObj(dbSignatureObj *iSigObj,MasterCache *iMasterCache);
  669
+u_int32_t SignaturePopulateDatabase(DatabaseData  *data,cacheSignatureObj *cacheHead);
  670
+void MasterCacheFlush(DatabaseData *data);
  671
+
  672
+u_int32_t dbConnectionStatusPOSTGRESQL(dbReliabilityHandle *pdbRH);
  673
+
  674
+
30 675
 #endif  /* __SPO_DATABASE_H__ */
4,506  src/output-plugins/spo_database_cache.c
4506 additions, 0 deletions not shown
155  src/output-plugins/spo_database_cache.h
... ...
@@ -0,0 +1,155 @@
  1
+/*
  2
+
  3
+** This program is free software; you can redistribute it and/or modify
  4
+** it under the terms of the GNU General Public License Version 2 as
  5
+** published by the Free Software Foundation.  You may not use, modify or
  6
+** distribute this program under any other version of the GNU General
  7
+** Public License.
  8
+**
  9
+** This program is distributed in the hope that it will be useful,
  10
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
  11
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12
+** GNU General Public License for more details.
  13
+**
  14
+** You should have received a copy of the GNU General Public License
  15
+** along with this program; if not, write to the Free Software
  16
+** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  17
+*/
  18
+
  19
+/*
  20
+ *  Maintainers : The Barnyard2 Team <firnsy@gmail.com> <beenph@gmail.com> 2011-20xx
  21
+ *
  22
+ *
  23
+ *
  24
+ */
  25
+
  26
+
  27
+
  28
+#ifndef __SPO_DATABASE_CACHE_H__
  29
+#define __SPO_DATABASE_CACHE_H__
  30
+
  31
+#ifdef HAVE_CONFIG_H
  32
+#include "config.h"
  33
+#endif
  34
+
  35
+
  36
+#include <stdio.h>
  37
+#include <stdlib.h>
  38
+#include <string.h>
  39
+#include <sys/types.h>
  40
+#include <unistd.h>
  41
+
  42
+#include "barnyard2.h"
  43
+#include "debug.h"
  44
+#include "map.h"
  45
+#include "unified2.h"
  46
+
  47
+
  48
+#ifndef CLASS_NAME_LEN
  49
+#define CLASS_NAME_LEN 60
  50
+#endif  /* CLASS_NAME_LEN */
  51
+
  52
+#ifndef SYSTEM_NAME_LEN 
  53
+#define SYSTEM_NAME_LEN 20
  54
+#endif /* SYSTEM_NAME_LEN */
  55
+
  56
+#ifndef SYSTEM_URL_LEN 
  57
+#define SYSTEM_URL_LEN 255 /* Use a shortener if your not happy ;) */
  58
+#endif /* SYSTEM_URL_LEN */
  59
+
  60
+#ifndef REF_TAG_LEN 
  61
+#define REF_TAG_LEN 100 /* 100 is a limit that use to be in the classic original output plugin */
  62
+#endif /* REF_TAG_LEN */
  63
+
  64
+#ifndef SIG_NAME_LEN
  65
+#define SIG_NAME_LEN 42
  66
+#endif /* SIG_NAME_LEN */
  67
+
  68
+#ifndef SIG_MSG_LEN
  69
+#define SIG_MSG_LEN 255
  70
+#endif /* SIG_MSG_LEN */
  71
+
  72
+#ifndef MAX_REF_OBJ
  73
+#define MAX_REF_OBJ 255
  74
+#endif /* MAX_REF_OBJ */
  75
+
  76
+#ifndef CACHE_SQL_QUERY
  77
+#define CACHE_SQL_QUERY 
  78
+
  79
+#define NUM_ROW_SIGREF 3
  80
+#define NUM_ROW_REFERENCE_SYSTEM 2
  81
+#define NUM_ROW_REF 3
  82
+#define NUM_ROW_CLASSIFICATION 2
  83
+#define NUM_ROW_SIGNATURE 7
  84
+
  85
+
  86
+#if defined(ENABLE_MYSQL) || defined (ENABLE_ODBC) || defined (ENABLE_ORACLE) || defined (ENABLE_MSSQL)
  87
+
  88
+#define SQL_INSERT_SPECIFIC_REFERENCE_SYSTEM "INSERT INTO reference_system (ref_system_name) VALUES ('%s');"
  89
+#define SQL_SELECT_SPECIFIC_REFERENCE_SYSTEM "SELECT ref_system_id FROM reference_system WHERE ref_system_name = '%s';"
  90
+#define SQL_INSERT_SPECIFIC_REF  "INSERT INTO reference (ref_system_id,ref_tag) VALUES ('%u','%s');"
  91
+#define SQL_SELECT_SPECIFIC_REF  "SELECT ref_id FROM reference WHERE ref_system_id = '%u' AND ref_tag = '%s';"
  92
+#define SQL_INSERT_CLASSIFICATION "INSERT INTO sig_class (sig_class_name) VALUES ('%s');"
  93
+#define SQL_SELECT_SPECIFIC_CLASSIFICATION "SELECT sig_class_id FROM sig_class WHERE sig_class_name = '%s';"
  94
+#define SQL_INSERT_SIGNATURE "INSERT INTO signature (sig_sid, sig_gid, sig_rev, sig_class_id, sig_priority, sig_name) VALUES ('%u','%u','%u','%u','%u','%s');"
  95
+#define SQL_SELECT_SPECIFIC_SIGNATURE "SELECT sig_id FROM signature WHERE " \
  96
+    "(sig_sid  = '%u') AND "						\
  97
+    "(sig_gid  = '%u') AND "						\
  98
+    "(sig_rev  = '%u') AND "						\
  99
+    "(sig_class_id = '%u') AND "					\
  100
+    "(sig_priority = '%u') AND "					\
  101
+    "(sig_name = '%s'); "						\
  102
+    
  103
+#elif defined(ENABLE_POSTGRESQL)
  104
+
  105
+#define SQL_INSERT_SPECIFIC_REFERENCE_SYSTEM "INSERT INTO reference_system (ref_system_name) VALUES (E'%s');"
  106
+#define SQL_SELECT_SPECIFIC_REFERENCE_SYSTEM "SELECT ref_system_id FROM reference_system WHERE ref_system_name = E'%s';"
  107
+#define SQL_INSERT_SPECIFIC_REF  "INSERT INTO reference (ref_system_id,ref_tag) VALUES ('%u',E'%s');"
  108
+#define SQL_SELECT_SPECIFIC_REF  "SELECT ref_id FROM reference WHERE ref_system_id = '%u' AND ref_tag = E'%s';"
  109
+#define SQL_INSERT_CLASSIFICATION "INSERT INTO sig_class (sig_class_name) VALUES (E'%s');"
  110
+#define SQL_SELECT_SPECIFIC_CLASSIFICATION "SELECT sig_class_id FROM sig_class WHERE sig_class_name = E'%s';"
  111
+#define SQL_INSERT_SIGNATURE "INSERT INTO signature (sig_sid, sig_gid, sig_rev, sig_class_id, sig_priority, sig_name) VALUES ('%u','%u','%u','%u','%u',E'%s');"
  112
+#define SQL_SELECT_SPECIFIC_SIGNATURE "SELECT sig_id FROM signature WHERE " \
  113
+    "(sig_sid  = '%u') AND "						\
  114
+    "(sig_gid  = '%u') AND "						\
  115
+    "(sig_rev  = '%u') AND "						\
  116
+    "(sig_class_id = '%u') AND "					\
  117
+    "(sig_priority = '%u') AND "					\
  118
+    "(sig_name = E'%s'); "						\
  119
+
  120
+#endif
  121
+
  122
+
  123
+
  124
+#define SQL_SELECT_ALL_SIGREF "SELECT ref_id, sig_id, ref_seq FROM sig_reference ORDER BY sig_id,ref_seq;"
  125
+#define SQL_INSERT_SIGREF "INSERT INTO sig_reference (ref_id,sig_id,ref_seq) VALUES ('%u','%u','%u');"
  126
+#define SQL_SELECT_SPECIFIC_SIGREF "SELECT ref_id FROM sig_reference WHERE (ref_id = '%u') AND (sig_id = '%u') AND (ref_seq='%u');"
  127
+#define SQL_SELECT_ALL_REFERENCE_SYSTEM  "SELECT ref_system_id, ref_system_name FROM reference_system;"
  128
+#define SQL_SELECT_ALL_REF "SELECT ref_id, ref_system_id, ref_tag FROM reference; "
  129
+#define SQL_SELECT_ALL_CLASSIFICATION "SELECT sig_class_id, sig_class_name FROM sig_class; "
  130
+#define SQL_SELECT_ALL_SIGNATURE "SELECT sig_id, sig_sid, sig_gid, sig_rev, sig_class_id, sig_priority, sig_name FROM signature;"
  131
+#define SQL_UPDATE_SPECIFIC_SIGNATURE "UPDATE signature SET "		\
  132
+    "sig_class_id = '%u',"						\
  133
+    "sig_priority = '%u',"						\
  134
+    "sig_rev = '%u' "						\
  135
+    "WHERE sig_id = '%u'; "
  136
+
  137
+#endif /* CACHE_SQL_QUERY */
  138
+
  139
+
  140
+#ifndef CACHE_FLAGS
  141
+#define CACHE_FLAGS 
  142
+#define CACHE_INTERNAL_ONLY 0x00000001
  143
+#define CACHE_DATABASE_ONLY 0x00000010
  144
+#define CACHE_BOTH          0x00000100 /* Digging a grave */
  145
+
  146
+
  147
+#endif /* CACHE_FLAGS */
  148
+
  149
+
  150
+
  151
+
  152
+
  153
+
  154
+#endif /*__SPO_DATABASE_CACHE_H__ */
  155
+
23  src/spooler.c
@@ -603,7 +603,8 @@ int ProcessContinuous(const char *dirpath, const char *filebase,
603 603
     }
604 604