From: Robert K. <rk...@us...> - 2005-06-29 19:29:31
|
Update of /cvsroot/ipcop/ipcop/html/cgi-bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4889/html/cgi-bin Modified Files: Tag: IPCOP_v1_4_0 ids.cgi updates.cgi Log Message: Use libwww-perl for HTTP downloads from CGIs, this should resolve the issues some users are having with IDS rule updates. Also should fix the inability to download update lists when an upstream proxy requires user/pass (bug 1205470) Index: updates.cgi =================================================================== RCS file: /cvsroot/ipcop/ipcop/html/cgi-bin/updates.cgi,v retrieving revision 1.9.2.11 retrieving revision 1.9.2.12 diff -C2 -d -r1.9.2.11 -r1.9.2.12 *** updates.cgi 22 Feb 2005 22:21:57 -0000 1.9.2.11 --- updates.cgi 29 Jun 2005 19:28:43 -0000 1.9.2.12 *************** *** 10,14 **** # ! use IO::Socket; use File::Copy; use strict; --- 10,14 ---- # ! use LWP::UserAgent; use File::Copy; use strict; *************** *** 41,50 **** { my $return = &downloadlist(); ! if ($return =~ m/^HTTP\/\d+\.\d+ 200/) { if (open(LIST, ">${General::swroot}/patches/available")) { flock LIST, 2; ! my @this = split(/----START LIST----\n/,$return); print LIST $this[1]; close(LIST); --- 41,50 ---- { my $return = &downloadlist(); ! if ($return && $return->is_success) { if (open(LIST, ">${General::swroot}/patches/available")) { flock LIST, 2; ! my @this = split(/----START LIST----\n/,$return->content); print LIST $this[1]; close(LIST); *************** *** 61,71 **** my @list = <LIST>; close(LIST); - $warnmessage = $Lang::tr{'could not download the available updates list'}; - } - else - { - $errormessage = $Lang::tr{'could not open available updates file'}; - goto ERROR; } } --- 61,66 ---- my @list = <LIST>; close(LIST); } + $warnmessage = $Lang::tr{'could not download the available updates list'}; } *************** *** 98,107 **** { my $return = &downloadlist(); ! if ($return =~ m/^HTTP\/\d+\.\d+ 200/) { if (open(LIST, ">${General::swroot}/patches/available")) { flock LIST, 2; ! my @this = split(/----START LIST----\n/,$return); print LIST $this[1]; close(LIST); --- 93,102 ---- { my $return = &downloadlist(); ! if ($return && $return->is_success) { if (open(LIST, ">${General::swroot}/patches/available")) { flock LIST, 2; ! my @this = split(/----START LIST----\n/,$return->content); print LIST $this[1]; close(LIST); *************** *** 221,253 **** sub downloadlist { unless (-e "${General::swroot}/red/active") { ! $errormessage = $Lang::tr{'could not download latest patch list'}; } my %proxysettings=(); &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); - my $peer = 'www.ipcop.org'; - my $peerport = 80; - if ($_=$proxysettings{'UPSTREAM_PROXY'}) { ! ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); } ! my $sock=''; ! unless($sock = new IO::Socket::INET (PeerAddr => $peer, PeerPort => $peerport, Proto => 'tcp', Timeout => 5)) ! { ! $errormessage = $Lang::tr{'could not connect to www ipcop org'}; ! return 0; ! } ! my $GET_CMD=''; ! $GET_CMD = "GET http://www.ipcop.org/patches/${General::version} HTTP/1.1\r\n"; ! $GET_CMD .= "Host: www.ipcop.org\r\n"; ! $GET_CMD .= "Cache-Control: no-cache\r\n"; ! $GET_CMD .= "Connection: close\r\n\r\n"; ! print $sock "$GET_CMD"; - my $ret = ''; - while (<$sock>) { - $ret .= $_; } - close($sock); - return $ret; } --- 216,238 ---- sub downloadlist { unless (-e "${General::swroot}/red/active") { ! return 0; ! } ! ! my $downloader = LWP::UserAgent->new; ! $downloader->timeout(5); my %proxysettings=(); &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); if ($_=$proxysettings{'UPSTREAM_PROXY'}) { ! my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); ! if ($proxysettings{'UPSTREAM_USER'}) { ! $downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/"); ! } else { ! $downloader->proxy("http","http://$peer:$peerport/"); ! } } ! return $downloader->get("http://www.ipcop.org/patches/${General::version}", 'Cache-Control', 'no-cache'); } Index: ids.cgi =================================================================== RCS file: /cvsroot/ipcop/ipcop/html/cgi-bin/ids.cgi,v retrieving revision 1.8.2.16 retrieving revision 1.8.2.17 diff -C2 -d -r1.8.2.16 -r1.8.2.17 *** ids.cgi 29 Apr 2005 08:14:16 -0000 1.8.2.16 --- ids.cgi 29 Jun 2005 19:28:43 -0000 1.8.2.17 *************** *** 10,14 **** # ! use IO::Socket; use File::Copy; use File::Temp qw/ tempfile tempdir /; --- 10,14 ---- # ! use LWP::UserAgent; use File::Copy; use File::Temp qw/ tempfile tempdir /; *************** *** 93,96 **** --- 93,97 ---- $md5 = &getmd5; if (($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) { + chomp($md5); my $filename = &downloadrulesfile(); if (defined $filename) { *************** *** 239,249 **** my $md5buf = &geturl("$url.md5"); return undef unless $md5buf; ! $md5buf =~ /(.?\r\n\w{1,}\r\n)(\w+)(\W.)/; # zap headers ! if ( !$2 ) { ! $errormessage = $Lang::tr{'invalid loaded file'}; ! return undef; ! } else { ! $md5buf =$2; ! } if (0) { # 1 to debug my $filename=''; --- 240,244 ---- my $md5buf = &geturl("$url.md5"); return undef unless $md5buf; ! if (0) { # 1 to debug my $filename=''; *************** *** 251,285 **** ($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' ); binmode ($fh); ! syswrite ($fh, $md5buf); close($fh); } ! return $md5buf; } sub downloadrulesfile { ! my $buf = &geturl($url); ! return undef unless $buf; ! ! my $x = index($buf, "\r\n\037\213"); # \037\213 is .gz beginning ! my $split_length = 2; ! if ($x == -1) { ! $errormessage = "$Lang::tr{'invalid loaded file'} 1"; ! return undef; ! } else { ! $buf = substr($buf,$x + $split_length); ! } ! $x = index($buf, "\000\r\n"); # end ! if ($x == -1) { ! $errormessage = "$Lang::tr{'invalid loaded file'} 2"; return undef; - } else { - $split_length = 1; - $buf = substr($buf,0,$x + $split_length); } ! $buf =~ s/\r\n\w{1,}\r\n//g; # zap chunk lenght my $filename=''; my $fh=''; ($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension binmode ($fh); ! syswrite ($fh, $buf); close($fh); return $filename; --- 246,268 ---- ($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' ); binmode ($fh); ! syswrite ($fh, $md5buf->content); close($fh); } ! return $md5buf->content; } sub downloadrulesfile { ! my $return = &geturl($url); ! return undef unless $return; ! ! if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning ! $errormessage = $Lang::tr{'invalid loaded file'}; return undef; } ! my $filename=''; my $fh=''; ($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension binmode ($fh); ! syswrite ($fh, $return->content); close($fh); return $filename; *************** *** 294,335 **** } my %proxysettings=(); &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); - my $peer = 'www.snort.org'; - my $peerport = 80; - if ($_=$proxysettings{'UPSTREAM_PROXY'}) { ! ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); } ! my $sock=''; ! unless($sock = new IO::Socket::INET (PeerAddr => $peer, PeerPort => $peerport, Proto => 'tcp', Timeout => 5)) { ! $errormessage = "$Lang::tr{'could not connect to'}: $peer"; return undef; } - $sock->autoflush(1); - my $GET_CMD=''; - $GET_CMD = "GET $url HTTP/1.1\r\n"; - $GET_CMD .= "Host: www.snort.org\r\n"; - $GET_CMD .= "Cache-Control: no-cache\r\n"; - $GET_CMD .= "Connection: close\r\n\r\n"; - print $sock "$GET_CMD"; ! my $buf=''; ! while(sysread($sock, my $temp, 8192)) { ! $buf .= $temp; ! } ! close($sock); - if ($buf !~ m/^HTTP\/\d+\.\d+ 200/) { - if ($buf =~ m/^HTTP\/\d+\.\d+ 403/) { - $errormessage = $Lang::tr{'access refused with this oinkcode'}; - return undef; - } else { - $errormessage = "$Lang::tr{'could not download latest updates'} 2"; - return undef; - } - } - return $buf; } --- 277,306 ---- } + my $downloader = LWP::UserAgent->new; + $downloader->timeout(5); + my %proxysettings=(); &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); if ($_=$proxysettings{'UPSTREAM_PROXY'}) { ! my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); ! if ($proxysettings{'UPSTREAM_USER'}) { ! $downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/"); ! } else { ! $downloader->proxy("http","http://$peer:$peerport/"); ! } } ! my $return = $downloader->get($url,'Cache-Control','no-cache'); ! ! if ($return->code == 403) { ! $errormessage = $Lang::tr{'access refused with this oinkcode'}; ! return undef; ! } elsif (!$return->is_success()) { ! $errormessage = $Lang::tr{'could not download latest updates'}; return undef; } ! return $return; } |