#!/bin/sh

. ../common/ajax_common

if [ "${PALANG}" = "en" ]; then
    LANG001="Error"             #ʧ
    LANG002="Success"           #ɹ
    LANG003="Set_malc_monitor"  #в鱨״̬
    LANG004="Set_malc_drop"     #в鱨ⶪ״̬
    LANG005="Set_malc_logger"   #в鱨־¼״̬
    LANG006="No modified content"   #޸
    LANG007="Edit_malc"         #༭鱨
    LANG008="Upload_malc"   	#ϴв鱨ļ
    LANG009="You are submitting too often. Please try again in two minutes" #ύ̫ƵӺٳύ
    LANG010="Edit_malc"         #в鱨Զͬ
    LANG011="Add_whitelist"     #в鱨
    LANG012="Delete_whitelist"  #ɾв鱨
    LANG013="Delete_whitelist"  #ɾ鱨
    LANG014="whitelist"         #鱨
    LANG015="Import_whitelist"  #鱨
fi

LOGFILE="${DATAPATH}/pamalc/pa_malc_sync.log"


check_jos_release()
{
    local release
    release=`${FLOWEYE} system stat | grep jflow_jos_release | cut -d"=" -f2`

    [ "${release}" != "1" -a "${release}" != "5" ] && retjson 1 "ǰ汾֧в鱨"
}


check_db_active()
{
    local active
    active=`${FLOWEYE} malc get db=${CGI_id} | grep "^active=" | cut -d"=" -f2`
    [ "${active}" = "0" ] && retjson 1 "òҪģȨ"
}


list_vendor()
{
    if [ "${OEM}" = "cmcc" -o "${OEM}" = "cact" ]; then
        hide_qianxin=1
    else
        hide_qianxin=0
    fi

	if [ "${BUILDREL%% *}" = "QAX-TINTM" ]; then
        hide_free=1
    else
        hide_free=0
    fi
    
    ${FLOWEYE} malc list | awk \
    -v hide_qianxin="${hide_qianxin}" \
    -v hide_free="${hide_free}" \
    'BEGIN{
        dot = "";
        printf "[";
    }{
        # רʿ/ 氲鱨ʾ
        if(hide_qianxin == "1" && ($2 == "qianxin" || $2 == "qianxin2"))
            next;

		# 氲 鱨ʾ
		if(hide_free == "1" && $2 == "free")
			next;

        col = 1;

        printf "%s{", dot;
        printf "\"id\":\"%s\"", $(col++);
        printf ",\"name\":\"%s\"", $(col++);
        printf ",\"active\":\"%s\"", $(col++);
        printf ",\"loaded\":\"%s\"", $(col++);
        printf ",\"version\":\"%s\"", $(col++);
        printf ",\"stop\":\"%s\"", $(col++);
        printf ",\"sync\":\"%s\"", $(col++);
        printf ",\"enable\":\"%s\"", $(col++);
        printf ",\"expire\":\"%s\"", $(col++);
        printf ",\"itemcnt\":\"%s\"", $(col++);
        printf ",\"cname\":\"%s\"", $(col++);
        printf ",\"alert\":\"%s\"", $(col++);
        printf "}";
        if(dot == "") dot = ",";
    }END{
        printf "]";
    }'
}


load_vendor_stat()
{
    printf "{"
    printf "\"vendor\":`list_vendor`"
    printf ",\"sync\":["

    if [ -f "${LOGFILE}" ]; then
        awk \
        'BEGIN{
            dot = "";
        }{
            printf "%s%s", dot, $0;
            if(dot == "") dot = ",";
        }' ${LOGFILE}
    fi

    printf "]}"
}


set_vendor_alert()
{
    errmsg=`${FLOWEYE} malc set db=${CGI_id} warn_enable=${CGI_stat}`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧ:${errmsg}"
    else
        ${WEBUICTL} start threat_alert
        WEB_LOGGER "鱨澯" "db=${CGI_id} warn_enable=${CGI_stat}"
        retjson 0 "ɹ"
    fi
}


set_vendor_sync()
{
    errmsg=`${FLOWEYE} malc set db=${CGI_id} autoupdate=${CGI_stat}`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧ:${errmsg}"
    else
        WEB_LOGGER "鱨ͬ" "db=${CGI_id} autoupdate=${CGI_stat}"
        retjson 0 "ɹ"
    fi
}


load_malc_list()
{
    [ "${CGI_id}" = "" ] && CGI_id=0

    ${FLOWEYE} malc list db=${CGI_id} | grep -i "${CGI_keyword}" | awk \
    'BEGIN{
        dot = "";
        printf "[";
    }{
        col = 1;

        printf "%s{", dot;
        printf "\"name\":\"%s\",", $(col++);
        printf "\"cname\":\"%s\",", $(col++);
        printf "\"dropable\":\"%s\",", $(col++);
        printf "\"logable\":\"%s\",", $(col++);
        printf "\"enable\":\"%s\",", $(col++);
        printf "\"item_num\":%s,", $(col++);
        printf "\"match_num\":%s", $(col++);
        printf "}";
        if(dot == "") dot = ",";
    }END{
        printf "]";  
    }'
}


set_enable()
{
    [ "${CGI_id}" = "" ] && CGI_id=0

    cmdargs="db=${CGI_id} name=${CGI_name} enable=${CGI_enable}"

    errmsg=`${FLOWEYE} malc set ${cmdargs}`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}${errmsg}"
    else
        sync_floweye "malc set ${cmdargs}"
        WEB_LOGGER "${LANG003:=в鱨״̬}" "enable=${CGI_enable} name=${CGI_name}"
        retjson 0 "${LANG002:=ɹ}"
    fi
}


set_dropable()
{
    [ "${CGI_id}" = "" ] && CGI_id=0

    cmdargs="db=${CGI_id} name=${CGI_name} drop=${CGI_enable}"
    errmsg=`${FLOWEYE} malc set ${cmdargs}`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}${errmsg}"
    else 
        sync_floweye "malc set ${cmdargs}"
        WEB_LOGGER "${LANG004:=в鱨ⶪ״̬}" "drop=${CGI_enable} name=${CGI_name}"
        retjson 0 "${LANG002:=ɹ}"
    fi
}


set_logable()
{
    [ "${CGI_id}" = "" ] && CGI_id=0

    cmdargs="db=${CGI_id} name=${CGI_name} dolog=${CGI_enable}"
    errmsg=`${FLOWEYE} malc set ${cmdargs}`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}${errmsg}"
    else 
        sync_floweye "malc set ${cmdargs}"
        WEB_LOGGER "${LANG005:=в鱨־¼״̬}" "dolog=${CGI_enable} name=${CGI_name}"
        retjson 0 "${LANG002:=ɹ}"
    fi
}


btnset_malcdb()
{
    [ "${CGI_id}" = "" ] && CGI_id=0

    cmdargs="db=${CGI_id}"
    [ "${CGI_enable}" != "" ] && cmdargs="${cmdargs} enable=${CGI_enable}"
    [ "${CGI_drop}"    != "" ] && cmdargs="${cmdargs} drop=${CGI_drop}"
    [ "${CGI_dolog}"   != "" ] && cmdargs="${cmdargs} dolog=${CGI_dolog}"

    [ "${cmdargs}" = "" ] && retjson 0 "${LANG006:=޸}"

    for item in ${CGI_items}
    do
        errmsg=`${FLOWEYE} malc set db=${CGI_id} name=${item} ${cmdargs}`
        [ $? -ne 0 ] && retjson 1 "${LANG001:=ʧ}:${errmsg}"
        sync_floweye "malc set db=${CGI_id} name=${item} ${cmdargs}"
    done

    WEB_LOGGER "${LANG007:=༭鱨}" "items=${CGI_items} ${cmdargs}"
    retjson 0 "${LANG002:=ɹ}"
}


clear_malcdb_data()
{
    [ "${CGI_id}" = "" ] && CGI_id=0
    
    cmdargs="db=${CGI_id} name=${CGI_name} clearlog=1"
    errmsg=`${FLOWEYE} malc set $cmdargs`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}:${errmsg}"
    else
        WEB_LOGGER "в鱨ͳ" "name=${CGI_cname}"
        sync_floweye "malc set ${cmdargs}"
        retjson 0 "${LANG002:=ɹ}"
    fi
}


import_malc_db()
{
    [ "${CGI_id}" = "" ] && retjson 1 "INV_ID"
    
    MALCPATH="${DATAPATH}/pamalc"
    mkdir -p ${MALCPATH}

    tag=`cat ${CGI_file} | head -1 | cut -c 1-7`

    if [ "${tag}" != "PANABIT" -a "${tag}" != "Salted_" ]; then
        rm -rf ${CGI_file}
        retjson 1 "INV_FILE"
    fi

    if [ "${tag}" = "Salted_" ]; then
        if [ "${CGI_id}" = "1" ]; then
            channel_key="nzxdichw8b7683p7"
        else
            channel_key="TGi2DkKm0whH36Gs"
        fi
        errmsg=`openssl enc -aes-256-cbc -d -salt -md sha256 -k "${channel_key}" -in "${CGI_file}" -out "${MALCPATH}/dec.tar.gz"`
        if [ $? -ne 0 ]; then
            rm -rf ${CGI_file}
            retjson 1 "ʧ:${errmsg}"
        fi
        tar -zxf "${MALCPATH}/dec.tar.gz" -C "${MALCPATH}"
        rm -r ${CGI_file}
        rm -f "${MALCPATH}/dec.tar.gz"
        CGI_file="${MALCPATH}/compromise.db"
    fi

    errmsg=`${FLOWEYE} malc load db=${CGI_id} file=${CGI_file}`

    if [ $? -ne 0 ]; then
        rm -rf ${CGI_file}
        retjson 1 "${LANG001:=ʧ}:${errmsg}"
    else
        name=`${FLOWEYE} malc get db=${CGI_id} | grep "name=" | cut -d"=" -f2`
        mv ${CGI_file} ${MALCPATH}/PanabitMALC_${name}.db
        WEB_LOGGER "${LANG008:=ϴв鱨ļ}" "id=${CGI_id}"
        retjson 0 "${LANG002:=ɹ}"
    fi
}


load_malcwhite_list()
{
    ${FLOWEYE} malc list whitelist=1 | grep -i "${CGI_keyword}" | awk \
    'BEGIN{
        dot = "";
        printf "[";
    }{
        printf "%s{", dot;
        printf "\"obj\":\"%s\"", $1;
        printf "}";
        if(dot == "") dot = ",";
    }END{
        printf "]";  
    }'
}


add_malcwhite_obj()
{
    mkdir -p ${RAMDISK}/tmp
    errmsg=`${FLOWEYE} malc add host=${CGI_obj}`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}${errmsg}"
    else
        sync_floweye "malc add host=${CGI_obj}"
        echo ${CGI_obj} >> ${RAMDISK}/tmp/threat_notice.event
        WEB_LOGGER "${LANG011:=в鱨}" "host=${CGI_obj}"
        retjson 0 "${LANG002:=ɹ}"
    fi 
}


rmv_malcwhite_obj()
{
    errmsg=`${FLOWEYE} malc remove host=${CGI_obj}`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}${errmsg}"
    else
        sync_floweye "malc remove host=${CGI_obj}"
        WEB_LOGGER "${LANG012:=ɾв鱨}" "type=${CGI_obj}"
        retjson 0 "${LANG002:=ɹ}"
    fi 
}


btnrmv_malcwhite_obj()
{
    for item in ${CGI_items}
    do
        errmsg=`${FLOWEYE} malc remove host=${item}`

        [ $? -ne 0 ] && retjson 1 "${LANG001:=ʧ}:${errmsg}"
        sync_floweye "malc remove host=${item}"
    done

    WEB_LOGGER "${LANG013:=ɾ鱨}" "${CGI_items}"
    retjson 0 "${LANG002:=ɹ}"
}


export_malcwhite_obj()
{
    file_name="${LANG014:=鱨}.log"
    file_path="${WEB_DOWNLOAD}/${file_name}"

    mkdir -p ${WEB_DOWNLOAD}

    ${FLOWEYE} malc list whitelist=1 | cut -d" " -f2 > ${file_path}

    retjson 0 "OK" "\"${file_name}\""
}


import_malcwhite_obj()
{
    while read line
    do
        errmsg=`${FLOWEYE} malc add host=${line}`

        if [ $? -ne 0 ]; then
            rm -rf ${CGI_file}
            retjson 1 "${LANG001:=ʧ}:${errmsg}"
        fi
    done <<EOF
`cat ${CGI_file}`
EOF

    rm -rf ${CGI_file}
    WEB_LOGGER "${LANG015:=鱨}"
    retjson 0 "${LANG002:=ɹ}"
}


load_loglist_env()
{
    printf "{"
    printf "\"vendor\":`list_vendor`"
    printf ",\"malctype\":`load_malc_list`"
    printf "}"
}


load_malclog_list()
{
    [ "${CGI_id}" = "" ] && CGI_id=0
    [ "${CGI_type}" != "" ] && cmdargs="type=${CGI_type}"

    ${FLOWEYE} malclog list db=${CGI_id} ${cmdargs} | grep "${CGI_ip}" | grep -i "${CGI_keyword}" | awk \
    -v risk=${CGI_risk} \
    'BEGIN{
        dot = "";
        printf "[";
    }{
        if(risk != "" && $7 != risk)
            next;

        col = 1;

        family = "";
        for(i = 16; i <= NF; i++)
            family = family " " $i;

        printf "%s{", dot;
        printf "\"time\":\"%s\"", $(col++);
        printf ",\"proto\":\"%s\"", $(col++);
        printf ",\"srcip\":\"%s\"", $(col++);
        printf ",\"srcport\":\"%s\"", $(col++);
        printf ",\"dstip\":\"%s\"", $(col++);
        printf ",\"dstport\":\"%s\"", $(col++);
        printf ",\"risk\":\"%s\"", $(col++);
        printf ",\"ioc\":\"%s\"", $(col++);
        printf ",\"user\":\"%s\"", $(col++);
        printf ",\"drop\":\"%s\"", $(col++);
        printf ",\"is_malicious\":\"%s\"", $(col++);
        printf ",\"is_apt\":\"%s\"", $(col++);
        printf ",\"local\":\"%s\"", $(col++);
        printf ",\"acct\":\"%s\"", $(col++);
        printf ",\"type\":\"%s\"", $(col++);
        printf ",\"family\":\"%s\"", family;
        printf "}";
        if(dot == "") dot = ",";
    }END{
        printf "]";  
    }'
}


export_malclog()
{    
    file_name="malc_`date +"%Y%m%d%H%M%S"`.log"
    file_path="${WEB_DOWNLOAD}/${file_name}"

    mkdir -p ${WEB_DOWNLOAD}

    [ "${CGI_id}" = "" ] && CGI_id=0
    [ "${CGI_type}" != "" ] && cmdargs="type=${CGI_type}"

    ${FLOWEYE} malclog list db=${CGI_id} ${cmdargs} | grep "${CGI_ip}" | grep -i "${CGI_keyword}" | awk \
    -v risk=${CGI_risk} \
    '{
        if(risk != "" && $7 != risk)
            next;
        print $0;
    }' > ${file_path}

    retjson 0 "OK" "\"${file_name}\""
}


load_malcip_list()
{
    ${FLOWEYE} ipobj list onlymalc=1 | grep -i "${CGI_keyword}" | awk \
    'BEGIN{
        dot = "";
        printf "[";
    }{
        col = 1;

        printf "%s{", dot;
        printf "\"ip\":\"%s\",", $(col++);
        printf "\"mac\":\"%s\",", $(col++);
        printf "\"match\":\"%s\",", $(col++);
        printf "\"acct\":\"%s\"", $(col++);
        printf "}";
        if(dot == "") dot = ",";
    }END{
        printf "]";  
    }'
}


get_malc_name()
{
    ${FLOWEYE} malc list db=${CGI_id} | awk \
    'BEGIN{
        dot = "";
        printf "[";
    }{
        printf "%s", dot;
        printf "{";
        printf "\"name\":\"%s\",", $1;
        printf "\"cname\":\"%s\"", $2;
        printf "}";
        if(dot == "") dot = ",";
    }END{
        printf "]";  
    }'
}


list_malc_chart()
{
    [ "${CGI_hours}" = "" ] && CGI_hours=24
    [ "${CGI_id}" = "" ] && CGI_id=0

    tmend=`date +%s`
    tag="`${FLOWEYE} malc list db=${CGI_id} | awk -v id=${CGI_id} \
    '{
        if(id == 0)
            printf " tag=malc_%s.deta", $1;
        else if(id == 3)
            printf " tag=malc_%d_%d.deta", id, (NR-1);
        else
            printf " tag=malc_%d_%s.deta", id, $1;
    }'`"

    printf "{";
    printf "\"name\":`get_malc_name`"
    printf ",\"data\":`${FLOWEYE} chart dump json=1 hours=${CGI_hours} tmend=${tmend} ${tag} showmax=1`"
    printf "}"
}


load_sync_conf()
{
    if [ -f ${PGETC}/web/pamalc_sync_time.conf ]; then
        time=`cat ${PGETC}/web/pamalc_sync_time.conf`
    else
        time=`${RAMDISK}/bin/random_time`
    fi

    # Ƶ鱨ͬ
    if [ "${CTEL}" = "1" ]; then
        url="https://suep.ctsgw.damddos.com:50443"
        if [ -f ${PGETC}/web/pamalc_sync_url.conf ]; then
            url=`cat ${PGETC}/web/pamalc_sync_url.conf`
        fi

        printf "{\"time\":\"${time}\",\"url\":\"${url}\"}"
        return
    fi

    printf "{\"time\":\"${time}\"}"
}


set_sync_conf()
{
    if [ -f ${RAMDISK}/tmp/pamalc_today_sync_done ]; then
        rm -rf ${RAMDISK}/tmp/pamalc_today_sync_done
    fi

    mkdir -p ${PGETC}/web
    echo "${CGI_time}" > ${PGETC}/web/pamalc_sync_time.conf

    if [ "${CTEL}" = "1" ]; then
        echo "${CGI_url}" > ${PGETC}/web/pamalc_sync_url.conf
    fi
    
    ${WEBUICTL} start pamalc_monitor >/dev/null 2>&1 &
    retjson 0 "ɹ"
}


sync_threat_now()
{
    SLEEP_TIME=300
    SYNC_TIME="${RAMDISK}/tmp/web_sync_threat_time.tag"

    open_sync=`${FLOWEYE} malc list | cut -d" " -f7 | grep 1`
    if [ "${open_sync}" = "" ]; then
        retjson 0 "δͬ"
    fi

    cur_time=`date +%s`

    if [ -f ${SYNC_TIME} ]; then
        sync_time=`cat ${SYNC_TIME}`
        left_time=$((${cur_time} - ${sync_time}))
        if [ ${left_time} -le ${SLEEP_TIME} ]; then
            retjson 1 "̫Ƶ$((${SLEEP_TIME} - ${left_time}))"
        fi
    fi

    ${RAMDISK}/bin/download >/dev/null 2>&1 &
    
    mkdir -p ${RAMDISK}/tmp/
    echo "${cur_time}" > ${SYNC_TIME}

    WEB_LOGGER "ֶͬв鱨"
    retjson 0 "ɹȴһ"
}


load_custom_malc()
{
    . ../common/ajax_object_lib

    printf "{"
    
    printf "\"urlgrp\":`lib_dnsgrp_list`"
    printf ",\"table\":`lib_iptable_list`"

    ${FLOWEYE} malc stat | awk -F"=" \
    'BEGIN{
        dot = "";
        printf ",\"conf\":{";
    }{
        printf "%s\"%s\":\"%s\"", dot, $1, $2;
        if(dot == "") dot = ",";
    }END{
        printf "}";
    }'

    printf "}"
}


set_custom_malc()
{
    errmsg=`${FLOWEYE} malc config customip=${CGI_customip} customdns=${CGI_customdns}`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧܣ${errmsg}"
    else
        sync_floweye "malc config customip=${CGI_customip} customdns=${CGI_customdns}"
        WEB_LOGGER "Զ鱨" "customip=${CGI_customip} customdns=${CGI_customdns}"
        retjson 0 "ɹ"
    fi
}


malc_query()
{
    printf "["

    ${FLOWEYE} malc list | awk '{print $1, $(NF-1)}' | while read id name more
    do
        errmsg=`${FLOWEYE} malc debug id=${id} host=${CGI_obj}`
        [ "${errmsg}" = "NO_MATCH" -o "${errmsg}" = "NOT_LOADED" ] && continue

        printf "${dot}{"
        printf "\"name\":\"${name}\""
        printf ",\"type\":\"${errmsg}\""
        printf "}"

        [ "${dot}" = "" ] && dot=","
    done

    printf "]"
}


clear_ipmalc_match()
{
    errmsg=`${FLOWEYE} ipobj config clearmalc=${CGI_ip}`

    if [ $? --ne 0 ]; then
        retjson 1 "ʧ"
    else
        retjson 0 "ɹ"
    fi
}


clear_ipmalc_all()
{
    errmsg=`${FLOWEYE} ipobj config clearallmalc=1`

    if [ $? --ne 0 ]; then
        retjson 1 "ʧ"
    else
        retjson 0 "ɹ"
    fi
}


case "${CGI_action}" in

    "list_vendor")
        retjson 0 "OK" "`list_vendor`"
        ;;

    "load_vendor_stat")
        retjson 0 "OK" "`load_vendor_stat`"
        ;;

    "set_vendor_alert")
        action_check
        set_vendor_alert
        ;;

    "set_vendor_sync")
        action_check
        check_db_active
        set_vendor_sync
        ;;
        
    "import_malc_db")
        action_check
        check_db_active
        import_malc_db
        ;;
        
    "load_malc_list")
        retjson 0 "OK" "`load_malc_list`"
        ;;

    "set_enable")
        check_jos_release
        action_check
        set_enable
        ;;

    "set_dropable")
        check_jos_release
        action_check
        set_dropable
        ;;

    "set_logable")
        check_jos_release
        action_check
        set_logable
        ;;

    "btnset_malcdb")
        check_jos_release
        action_check
        btnset_malcdb
        ;;

    "clear_malcdb_data")
        check_jos_release
        action_check
        clear_malcdb_data
        ;;

    "load_malcwhite_list")
        retjson 0 "OK" "`load_malcwhite_list`"
        ;;

    "add_malcwhite_obj")
        check_jos_release
        action_check
        add_malcwhite_obj
        ;;

    "rmv_malcwhite_obj")
        action_check
        rmv_malcwhite_obj
        ;;

    "btnrmv_malcwhite_obj")
        check_jos_release
        action_check
        btnrmv_malcwhite_obj
        ;;

    "export_malcwhite_obj")
        check_jos_release
        action_check
        export_malcwhite_obj
        ;;

    "import_malcwhite_obj")
        check_jos_release
        action_check
        import_malcwhite_obj
        ;;

    "load_loglist_env")
        retjson 0 "OK" "`load_loglist_env`"
        ;;

    "load_malclog_list")
        retjson 0 "OK" "`load_malclog_list`"
        ;;

    "export_malclog")
        action_check
        export_malclog
        ;;
    
    "load_malcip_list")
        retjson 0 "OK" "`load_malcip_list`"
        ;;

    "list_malc_chart")
        retjson 0 "OK" "`list_malc_chart`"
        ;;

    "load_sync_conf")
        retjson 0 "OK" "`load_sync_conf`"
        ;;

    "set_sync_conf")
        action_check
        set_sync_conf
        ;;

    "sync_threat_now")
        action_check
        sync_threat_now
        ;;

    "load_custom_malc")
        retjson 0 "OK" "`load_custom_malc`"
        ;;

    "set_custom_malc")
        action_check
        set_custom_malc
        ;;

    "malc_query")
        retjson 0 "OK" "`malc_query`"
        ;;

    "clear_ipmalc_match")
        action_check
        clear_ipmalc_match
        ;;

    "clear_ipmalc_all")
        action_check
        clear_ipmalc_all
        ;;

    *)
        retjson 1 "UNKNOW_ACTION"
        ;;
esac
