处理地域白名单错误,添加cJSON解析,添加阿里云API解析IP地域

This commit is contained in:
aixiao 2023-01-09 17:59:23 +08:00
parent ce37ef75d6
commit 5aa7e4aa06
10 changed files with 3575 additions and 71 deletions

View File

@ -14,8 +14,11 @@ freshclam_CFLAGS += -g -O2 -Wall -DHAVE_CONFIG_H -I./clamscan -I./clamscan/share
libfreshclam_CFLAGS += -g -Os -Wall -DHAVE_CONFIG_H -I./clamscan -I./clamscan/freshclam -I./clamscan/shared -I./clamscan/libclamav -I./clamscan/libclamunrar_iface -I/usr/include/json-c -Wdate-time -D_FORTIFY_SOURCE=2
freshclam_LIB += clamscan/freshclam/freshclam.o clamscan/freshclam/notify.o clamscan/freshclam/execute.o clamscan/freshclam/libfreshclam.o clamscan/freshclam/libfreshclam_internal.o clamscan/freshclam/dns.o ./clamscan/shared/libshared.a -lssl -lcrypto -lclamav -lresolv -lcurl -lz -ljson-c -lltdl -lpthread -lm
cJSON_CFLAGS += -std=c89 -c -fPIC -pedantic -Wall -Werror -Wstrict-prototypes -Wwrite-strings -Wshadow -Winit-self -Wcast-align -Wformat=2 -Wmissing-prototypes -Wstrict-overflow=2 -Wcast-qual -Wc++-compat -Wundef -Wswitch-default -Wconversion -fstack-protector
cJSON_LIB += cJSON.o
all: conf.o rhost.o libiptc.o ccronexpr.o
$(CC) $(cJSON_CFLAGS) cJSON/cJSON.c
$(CC) $(freshclam_CFLAGS) -c clamscan/freshclam/freshclam.c -fPIC -DPIC -o clamscan/freshclam/freshclam.o
$(CC) $(freshclam_CFLAGS) -c clamscan/freshclam/notify.c -fPIC -DPIC -o clamscan/freshclam/notify.o
$(CC) $(freshclam_CFLAGS) -c clamscan/freshclam/execute.c -fPIC -DPIC -o clamscan/freshclam/execute.o
@ -41,7 +44,7 @@ all: conf.o rhost.o libiptc.o ccronexpr.o
$(CC) $(CLAMSCAN_CFLAGS) -c clamscan/clamscan.c -o clamscan/clamscan.o
$(CC) $(CLAMSCAN_CFLAGS) -c clamscan/manager.c -o clamscan/manager.o
$(CC) $(CFLAGS) $^ -o $(OBG) $(LIB) $(freshclam_LIB)
$(CC) $(CFLAGS) $^ -o $(OBG) $(cJSON_LIB) $(LIB) $(freshclam_LIB)
chmod +x $(OBG)

3110
cJSON/cJSON.c Normal file

File diff suppressed because it is too large Load Diff

293
cJSON/cJSON.h Normal file
View File

@ -0,0 +1,293 @@
/*
Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
#ifndef cJSON__h
#define cJSON__h
#ifdef __cplusplus
extern "C"
{
#endif
#if !defined(__WINDOWS__) && (defined(WIN32) || defined(WIN64) || defined(_MSC_VER) || defined(_WIN32))
#define __WINDOWS__
#endif
#ifdef __WINDOWS__
/* When compiling for windows, we specify a specific calling convention to avoid issues where we are being called from a project with a different default calling convention. For windows you have 3 define options:
CJSON_HIDE_SYMBOLS - Define this in the case where you don't want to ever dllexport symbols
CJSON_EXPORT_SYMBOLS - Define this on library build when you want to dllexport symbols (default)
CJSON_IMPORT_SYMBOLS - Define this if you want to dllimport symbol
For *nix builds that support visibility attribute, you can define similar behavior by
setting default visibility to hidden by adding
-fvisibility=hidden (for gcc)
or
-xldscope=hidden (for sun cc)
to CFLAGS
then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJSON_EXPORT_SYMBOLS does
*/
#define CJSON_CDECL __cdecl
#define CJSON_STDCALL __stdcall
/* export symbols by default, this is necessary for copy pasting the C and header file */
#if !defined(CJSON_HIDE_SYMBOLS) && !defined(CJSON_IMPORT_SYMBOLS) && !defined(CJSON_EXPORT_SYMBOLS)
#define CJSON_EXPORT_SYMBOLS
#endif
#if defined(CJSON_HIDE_SYMBOLS)
#define CJSON_PUBLIC(type) type CJSON_STDCALL
#elif defined(CJSON_EXPORT_SYMBOLS)
#define CJSON_PUBLIC(type) __declspec(dllexport) type CJSON_STDCALL
#elif defined(CJSON_IMPORT_SYMBOLS)
#define CJSON_PUBLIC(type) __declspec(dllimport) type CJSON_STDCALL
#endif
#else /* !__WINDOWS__ */
#define CJSON_CDECL
#define CJSON_STDCALL
#if (defined(__GNUC__) || defined(__SUNPRO_CC) || defined (__SUNPRO_C)) && defined(CJSON_API_VISIBILITY)
#define CJSON_PUBLIC(type) __attribute__((visibility("default"))) type
#else
#define CJSON_PUBLIC(type) type
#endif
#endif
/* project version */
#define CJSON_VERSION_MAJOR 1
#define CJSON_VERSION_MINOR 7
#define CJSON_VERSION_PATCH 15
#include <stddef.h>
/* cJSON Types: */
#define cJSON_Invalid (0)
#define cJSON_False (1 << 0)
#define cJSON_True (1 << 1)
#define cJSON_NULL (1 << 2)
#define cJSON_Number (1 << 3)
#define cJSON_String (1 << 4)
#define cJSON_Array (1 << 5)
#define cJSON_Object (1 << 6)
#define cJSON_Raw (1 << 7) /* raw json */
#define cJSON_IsReference 256
#define cJSON_StringIsConst 512
/* The cJSON structure: */
typedef struct cJSON
{
/* next/prev allow you to walk array/object chains. Alternatively, use GetArraySize/GetArrayItem/GetObjectItem */
struct cJSON *next;
struct cJSON *prev;
/* An array or object item will have a child pointer pointing to a chain of the items in the array/object. */
struct cJSON *child;
/* The type of the item, as above. */
int type;
/* The item's string, if type==cJSON_String and type == cJSON_Raw */
char *valuestring;
/* writing to valueint is DEPRECATED, use cJSON_SetNumberValue instead */
int valueint;
/* The item's number, if type==cJSON_Number */
double valuedouble;
/* The item's name string, if this item is the child of, or is in the list of subitems of an object. */
char *string;
} cJSON;
typedef struct cJSON_Hooks
{
/* malloc/free are CDECL on Windows regardless of the default calling convention of the compiler, so ensure the hooks allow passing those functions directly. */
void *(CJSON_CDECL *malloc_fn)(size_t sz);
void (CJSON_CDECL *free_fn)(void *ptr);
} cJSON_Hooks;
typedef int cJSON_bool;
/* Limits how deeply nested arrays/objects can be before cJSON rejects to parse them.
* This is to prevent stack overflows. */
#ifndef CJSON_NESTING_LIMIT
#define CJSON_NESTING_LIMIT 1000
#endif
/* returns the version of cJSON as a string */
CJSON_PUBLIC(const char*) cJSON_Version(void);
/* Supply malloc, realloc and free functions to cJSON */
CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks);
/* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */
/* Supply a block of JSON, and this returns a cJSON object you can interrogate. */
CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value);
CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length);
/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */
CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated);
/* Render a cJSON entity to text for transfer/storage. */
CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item);
/* Render a cJSON entity to text for transfer/storage without any formatting. */
CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item);
/* Render a cJSON entity to text using a buffered strategy. prebuffer is a guess at the final size. guessing well reduces reallocation. fmt=0 gives unformatted, =1 gives formatted */
CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt);
/* Render a cJSON entity to text using a buffer already allocated in memory with given length. Returns 1 on success and 0 on failure. */
/* NOTE: cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */
CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format);
/* Delete a cJSON entity and all subentities. */
CJSON_PUBLIC(void) cJSON_Delete(cJSON *item);
/* Returns the number of items in an array (or object). */
CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array);
/* Retrieve item number "index" from array "array". Returns NULL if unsuccessful. */
CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index);
/* Get item "string" from object. Case insensitive. */
CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string);
CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string);
CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string);
/* For analysing failed parses. This returns a pointer to the parse error. You'll probably need to look a few chars back to make sense of it. Defined when cJSON_Parse() returns 0. 0 when cJSON_Parse() succeeds. */
CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void);
/* Check item type and return its value */
CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item);
CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item);
/* These functions check the type of an item */
CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item);
/* These calls create a cJSON item of the appropriate type. */
CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean);
CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num);
CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string);
/* raw json */
CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw);
CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void);
/* Create a string where valuestring references a string so
* it will not be freed by cJSON_Delete */
CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string);
/* Create an object/array that only references it's elements so
* they will not be freed by cJSON_Delete */
CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child);
CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child);
/* These utilities create an Array of count items.
* The parameter count cannot be greater than the number of elements in the number array, otherwise array access will be out of bounds.*/
CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count);
/* Append item to the specified array/object. */
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item);
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item);
/* Use this when string is definitely const (i.e. a literal, or as good as), and will definitely survive the cJSON object.
* WARNING: When this function was used, make sure to always check that (item->type & cJSON_StringIsConst) is zero before
* writing to `item->string` */
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item);
/* Append reference to item to the specified array/object. Use this when you want to add an existing cJSON to a new cJSON, but don't want to corrupt your existing cJSON. */
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item);
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item);
/* Remove/Detach items from Arrays/Objects. */
CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which);
CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string);
CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string);
CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string);
/* Update array items. */
CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem); /* Shifts pre-existing items to the right. */
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement);
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem);
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object,const char *string,cJSON *newitem);
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object,const char *string,cJSON *newitem);
/* Duplicate a cJSON item */
CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse);
/* Duplicate will create a new, identical cJSON item to the one you pass, in new memory that will
* need to be released. With recurse!=0, it will duplicate any children connected to the item.
* The item->next and ->prev pointers are always zero on return from Duplicate. */
/* Recursively compare two cJSON items for equality. If either a or b is NULL or invalid, they will be considered unequal.
* case_sensitive determines if object keys are treated case sensitive (1) or case insensitive (0) */
CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive);
/* Minify a strings, remove blank characters(such as ' ', '\t', '\r', '\n') from strings.
* The input pointer json cannot point to a read-only address area, such as a string constant,
* but should point to a readable and writable address area. */
CJSON_PUBLIC(void) cJSON_Minify(char *json);
/* Helper functions for creating and adding items to an object at the same time.
* They return the added item or NULL on failure. */
CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean);
CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number);
CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string);
CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw);
CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name);
/* When assigning an integer value, it needs to be propagated to valuedouble too. */
#define cJSON_SetIntValue(object, number) ((object) ? (object)->valueint = (object)->valuedouble = (number) : (number))
/* helper for the cJSON_SetNumberValue macro */
CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number);
#define cJSON_SetNumberValue(object, number) ((object != NULL) ? cJSON_SetNumberHelper(object, (double)number) : (number))
/* Change the valuestring of a cJSON_String object, only takes effect when type of object is cJSON_String */
CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring);
/* Macro for iterating over an array or object */
#define cJSON_ArrayForEach(element, array) for(element = (array != NULL) ? (array)->child : NULL; element != NULL; element = element->next)
/* malloc/free objects using the malloc/free functions that have been set with cJSON_InitHooks */
CJSON_PUBLIC(void *) cJSON_malloc(size_t size);
CJSON_PUBLIC(void) cJSON_free(void *object);
#ifdef __cplusplus
}
#endif
#endif

BIN
cJSON/cJSON.o Normal file

Binary file not shown.

4
conf.c
View File

@ -164,6 +164,7 @@ static void parse_global_module(char *content, conf * conf)
}
if (strcasecmp(var, "IPV4_WHITE_LIST") == 0) {
val_begin_len = val_end - val_begin;
conf->IPV4_WHITE_LIST_LEN = val_begin_len;
if (copy_new_mem(val_begin, val_begin_len, &conf->IPV4_WHITE_LIST) != 0)
return;
}
@ -175,11 +176,14 @@ static void parse_global_module(char *content, conf * conf)
}
if (strcasecmp(var, "REGION_URL") == 0) {
val_begin_len = val_end - val_begin;
conf->REGION_URL_LEN = val_begin_len;
if (copy_new_mem(val_begin, val_begin_len, &conf->REGION_URL) != 0)
return;
}
if (strcasecmp(var, "REGION_LIST") == 0) {
val_begin_len = val_end - val_begin;
conf->REGION_LIST_LEN = val_begin_len;
if (copy_new_mem(val_begin, val_begin_len, &conf->REGION_LIST) != 0)
return;
}

3
conf.h
View File

@ -33,11 +33,14 @@ typedef struct CONF
// 地域白名单
int REGION;
char *REGION_URL;
int REGION_URL_LEN;
char *REGION_LIST;
int REGION_LIST_LEN;
// IPV4 白名单
int IPV4_RESTRICTION;
char *IPV4_WHITE_LIST;
int IPV4_WHITE_LIST_LEN;
int IS_MAIL;

222
rhost.c
View File

@ -43,6 +43,7 @@ static char *GET_PUBLIC_IP(char *URL)
CURL *curl_handle;
CURLcode res;
struct curl_slist *headers = NULL;
struct MemoryStruct chunk;
chunk.memory = malloc(1); /* 将根据上述再分配的需要增长 */
@ -53,26 +54,47 @@ static char *GET_PUBLIC_IP(char *URL)
/* 初始化curl会话 */
curl_handle = curl_easy_init();
/* 指定要获取的URL */
curl_easy_setopt(curl_handle, CURLOPT_URL, URL);
char *p = NULL;
char *buff;
p = strstr(URL, "-H");
if (p) {
buff = (char *)alloca(p - URL + 1);
if (buff == NULL)
perror("out of memory.");
memset(buff, 0, p - URL + 1);
memcpy(buff, URL, (int)(p - URL - 1));
// 赋值header值
headers = curl_slist_append(headers, p + 3);
// 设置header
curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl_handle, CURLOPT_URL, buff);
} else {
/* 指定要获取的URL */
curl_easy_setopt(curl_handle, CURLOPT_URL, URL);
}
/* 将所有数据发送到此函数 */
//对于同一次阻塞的curl_easy_perform而言在写完获取的数据之前会多次调用 WriteMemoryCallback
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
/* 将"chunk"结构传递给回调函数 */
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
curl_easy_setopt(curl_handle, CURLOPT_USERAGENT, "libcurl-agent/1.0");
//对于同一次阻塞的curl_easy_perform而言在写完获取的数据之前会多次调用 WriteMemoryCallback
res = curl_easy_perform(curl_handle);
if (res != CURLE_OK)
{
if (res != CURLE_OK) {
fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
}
else
{
} else {
//printf("%lu bytes retrieved\n", (unsigned long)chunk.size);
//printf("%s", chunk.memory);
;
@ -84,6 +106,80 @@ static char *GET_PUBLIC_IP(char *URL)
return chunk.memory;
}
// 解析Json
char *process_json(char *buff, char *api)
{
char *area = NULL;
int area_len = 0;
char *p;
cJSON *cjson_init = cJSON_Parse(buff);
if (cjson_init == NULL) {
perror("cJSON_Parse");
return NULL;
}
p = strstr(api, "aliyun"); // aliyun Api
if (p) {
cJSON *data = cJSON_GetObjectItem(cjson_init, "data");
if (data != NULL) {
cJSON *region = cJSON_GetObjectItem(data, "region");
if (region) {
cJSON *isp = cJSON_GetObjectItem(data, "isp");
cJSON *city = cJSON_GetObjectItem(data, "city");
cJSON *country = cJSON_GetObjectItem(data, "country");
cJSON *district = cJSON_GetObjectItem(data, "district");
area_len = strlen(country->valuestring) + strlen(city->valuestring) + strlen(region->valuestring) + strlen(district->valuestring) + strlen(isp->valuestring);
area = (char *)alloca(area_len + 1);
if (buff == NULL)
perror("out of memory.");
memset(area, 0, area_len + 1);
sprintf(area, "%s%s%s%s%s", isp->valuestring, country->valuestring, city->valuestring, region->valuestring, district->valuestring);
} else {
cJSON *msg = cJSON_GetObjectItem(cjson_init, "msg");
area_len = strlen(msg->valuestring);
area = (char *)alloca(area_len + 1);
if (buff == NULL)
perror("out of memory.");
memset(area, 0, area_len + 1);
sprintf(area, "%s", msg->valuestring);
}
}
} else if ((p = strstr(api, "baidu")) != NULL) { // baidu Api
int i;
cJSON *data = cJSON_GetObjectItem(cjson_init, "data");
if (data != NULL) {
for (i = 0; i < cJSON_GetArraySize(data); i++) {
cJSON *svalue = cJSON_GetArrayItem(data, i);
cJSON *location = cJSON_GetObjectItem(svalue, "location");
area_len = strlen(location->valuestring);
area = (char *)alloca(area_len + 1);
if (buff == NULL)
perror("out of memory.");
memset(area, 0, area_len + 1);
sprintf(area, "%s", location->valuestring);
}
} else {
area = (char *)alloca(270 + 1);
if (buff == NULL)
perror("out of memory.");
memset(area, 0, 270);
strcpy(area, "获取位置错误!");
}
}
cJSON_Delete(cjson_init);
return strdup(area);
}
// 检测系统
int check_system()
{
@ -100,7 +196,7 @@ int check_system()
}
// 钉钉告警
int dingding_warning(char *illegal_ip, char *public_ip, conf * conf)
int dingding_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
{
FILE *fp;
char temp[64];
@ -128,7 +224,7 @@ int dingding_warning(char *illegal_ip, char *public_ip, conf * conf)
#define JSIN "{ \
\"msgtype\": \"text\", \
\"text\": { \
\"content\": \"Alert @%s 服务器地址:%s封禁非法入侵主机:%s\" \
\"content\": \"Alert @%s 服务器地址:%s封禁非法入侵主机:(%s%s)\" \
}, \
\"at\": { \
\"atMobiles\": [\"%s\"], \
@ -136,7 +232,7 @@ int dingding_warning(char *illegal_ip, char *public_ip, conf * conf)
} \
}"
sprintf(jsonObj, JSIN, conf->PHONE, temp, illegal_ip, conf->PHONE);
sprintf(jsonObj, JSIN, conf->PHONE, temp, ip, illegal_ip, conf->PHONE);
printf("%s\n", jsonObj);
struct curl_slist *headers = NULL;
@ -163,7 +259,7 @@ int dingding_warning(char *illegal_ip, char *public_ip, conf * conf)
}
// 邮件告警
int mail_warning(char *illegal_ip, char *public_ip, conf * conf)
int mail_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
{
FILE *fp = NULL;
char buff[BUFFER];
@ -176,7 +272,7 @@ int mail_warning(char *illegal_ip, char *public_ip, conf * conf)
strcpy(temp, public_ip);
temp[strlen(public_ip) - 1] = '\0';
sprintf(text, "echo \"主机:%s, 禁止%s访问\" | mail -s \"System ban IP\" %s", temp, illegal_ip, conf->RECV_MAIL);
sprintf(text, "echo \"主机:%s, 禁止(%s%s)访问\" | mail -s \"System ban IP\" %s", temp, ip, illegal_ip, conf->RECV_MAIL);
if (NULL == (fp = popen(text, "r")))
{
@ -195,7 +291,7 @@ int mail_warning(char *illegal_ip, char *public_ip, conf * conf)
}
// 第三方邮箱告警
int QQ_mail_warning(char *illegal_ip, char *public_ip, conf * conf)
int QQ_mail_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
{
char string[BUFFER + (sizeof(QQMAIL)) + 1];
char text[BUFFER];
@ -208,7 +304,7 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf * conf)
strcpy(temp, public_ip);
temp[strlen(public_ip) - 1] = '\0';
sprintf(text, "主机:%s, 禁止%s访问", temp, illegal_ip);
sprintf(text, "主机:%s, 禁止(%s%s)访问!", temp, ip, illegal_ip);
sprintf(string, QQMAIL, conf->RECV_MAIL, text);
return system(string);
@ -294,6 +390,8 @@ int isregion(char *str, char (*region_list)[WHITELIST_IP_NUM])
{
break;
}
//printf("%s %s\n", str, region_list[i]);
// 在str中查找region_list[i]
p = strstr(str, region_list[i]);
if (p != NULL)
@ -365,6 +463,9 @@ int rule(conf * conf)
{
char whitelist_ip[WHITELIST_IP_NUM][WHITELIST_IP_NUM] = { { 0 }, { 0 } };
char region_list[WHITELIST_IP_NUM][WHITELIST_IP_NUM] = { { 0 }, { 0 } };
char REGION_LIST_COPY[conf->REGION_LIST_LEN+1];
char IPV4_WHITE_LIST_COPY[conf->IPV4_WHITE_LIST_LEN+1];
char p_two[2], *command, *splice_command, *temp, buffer[BUFFER], awk[BUFFER];
FILE *fp, *fc;
@ -494,9 +595,20 @@ int rule(conf * conf)
while (fgets(buffer, BUFFER, fc) != NULL) // 执行命令后, 为空时就不会
{
buffer[strlen(buffer) - 1] = '\0'; // 去除回车
memset(REGION_LIST_COPY, 0, conf->REGION_LIST_LEN+1);
memset(IPV4_WHITE_LIST_COPY, 0, conf->IPV4_WHITE_LIST_LEN+1);
memcpy(REGION_LIST_COPY, conf->REGION_LIST, conf->REGION_LIST_LEN); // 复制配置字符串split_string()会改变原数据
memcpy(IPV4_WHITE_LIST_COPY, conf->IPV4_WHITE_LIST, conf->IPV4_WHITE_LIST_LEN); //
split_string(conf->IPV4_WHITE_LIST, " ", whitelist_ip);
split_string(conf->REGION_LIST, " ", region_list);
split_string(IPV4_WHITE_LIST_COPY, " ", whitelist_ip);
split_string(REGION_LIST_COPY, " ", region_list);
//printf("conf->REGION_LIST %s\n", conf->REGION_LIST);
//printf("conf->IPV4_WHITE_LIST %s\n", conf->IPV4_WHITE_LIST);
if (conf->IPV4_RESTRICTION == 1) // 是否启用白名单
@ -510,79 +622,53 @@ int rule(conf * conf)
if (0 != show_all_rule(buffer)) // libiptc库判断否存在规则
{
char *location = NULL;
char *location_json = NULL;
char iplocation[BUFFER];
char URL[BUFFER + 70];
char temp[BUFFER];
char *p;
char *p1;
char *area = NULL;
char URL[conf->REGION_URL_LEN + 32];
memset(URL, 0, BUFFER + 70);
//sprintf(URL, "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8", buffer);
memset(URL, 0, conf->REGION_URL_LEN + 32);
sprintf(URL, conf->REGION_URL, buffer);
//printf("%s\n", URL);
location_json = GET_PUBLIC_IP(URL);
if (NULL == location_json)
{
printf("获取IP位置错误!\n");
if (location_json == NULL) {
printf("获取地域错误\n");
goto BLOCKED;
}
else
{
p = strstr(location_json, "\"location\"");
if (p == NULL) {
printf("解析IP位置错误!\n");
goto BLOCKED;
}
p1 = strstr(p, "\",");
if (p1 == NULL) {
printf("解析IP位置错误!\n");
goto BLOCKED;
}
memset(temp, 0, BUFFER);
memcpy(temp, p + 12, p1 - p - 12);
location = remove_space(temp);
}
memset(iplocation, 0, BUFFER);
strcpy(iplocation, buffer);
strcat(iplocation, "(");
strcat(iplocation, location);
strcat(iplocation, ")");
printf("%s\n", iplocation );
area = process_json(location_json, conf->REGION_URL);
if (area == NULL) {
printf("解析地域错误\n");
goto BLOCKED;
}
// 地域白名单
if (conf->REGION == 1)
{
if (isregion(iplocation, region_list) == 1)
if (isregion(area, region_list) == 1)
{
printf("地域白名单: %s\n", iplocation);
printf("地域白名单: %s\n", area);
continue;
}
}
if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警
{
dingding_warning(iplocation, public_ip, conf);
dingding_warning(area, public_ip, buffer, conf);
sleep(3);
}
if (conf->IS_MAIL == 1) // 邮件告警
{
mail_warning(iplocation, public_ip, conf);
mail_warning(area, public_ip, buffer, conf);
sleep(3);
}
if (conf->IS_QQMAIL == 1) // 邮件告警
{
QQ_mail_warning(iplocation, public_ip, conf);
QQ_mail_warning(area, public_ip, buffer, conf);
sleep(3);
}
@ -598,10 +684,12 @@ BLOCKED:
}
if (location != NULL)
free(location);
//if (location != NULL)
// free(location);
if (location_json != NULL)
free(location_json);
if (area != NULL)
free(area);
}
}
@ -948,14 +1036,14 @@ int main(int argc, char *argv[], char **env)
if (argv[1] != NULL && 0 == strcmp(argv[1], "-d"))
{
goto_daemon:
/*
if (daemon(1, 1)) // 守护进程
{
perror("daemon");
return -1;
}
*/
/*
// 守护进程
if ((pid = fork()) < 0) {
return 0;
@ -991,7 +1079,7 @@ goto_daemon:
free(public_ip);
exit(0);
}
*/
if (-1 == (nice(-20))) // 进程优先级
perror("nice");

View File

@ -18,12 +18,13 @@ global {
IPV4_RESTRICTION = 1; // 是否启用IP白名单(1开启,非1关闭)
IPV4_WHITE_LIST = "1.1.1.1 "; // IP白名单(空格隔开)
IPV4_WHITE_LIST = "1.1.1.1 2.2.2.2"; // IP白名单(空格隔开)
REGION = 1; // 是否启用地域白名单(1开启,非1关闭)
REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域
REGION_LIST = "河南 郑州"; // 地域列表(空格隔开)
//REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域
REGION_URL = "https://api01.aliyun.venuscn.com/ip?ip=%s -H Authorization:APPCODE a1d842b8afda418c8ea24271a4e16b1f";
REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开)
IS_MAIL = 0; // 开启邮件告警(1开启,非1关闭)

View File

@ -17,6 +17,8 @@
#include <sys/wait.h>
#include <assert.h>
#include "./cJSON/cJSON.h"
typedef struct now_next_time
{