From 3983aebdec7489ca0ce36956307a822ecdc820fd Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 14 Feb 2018 10:20:23 +0100
Subject: [PATCH] ids.cgi: Rework CGI logic to download a new ruleset

* Drop function to show a notice about snort is working.
* Introduce the log_error function which is responsible for log any
  error messages. Currently it writes it to a tempory file, which will
  be read by the WUI, the message will be displayed and the temporary file
  will be released again.
* Introduce a tiny function to easily perform a reload of the generated
  webpage.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/cfgroot/ids-functions.pl | 35 ++++++++++++++
 html/cgi-bin/ids.cgi            | 86 ++++++++++++++++++++-------------
 2 files changed, 87 insertions(+), 34 deletions(-)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 024a4f72e0..999c0ea412 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -29,6 +29,9 @@ require "${General::swroot}/lang.pl";
 # Location and name of the tarball which contains the ruleset.
 my $rulestarball = "/var/tmp/snortrules.tar.gz";
 
+# File to store any errors, which also will be read and displayed by the wui.
+my $storederrorfile = "/tmp/ids_storederror";
+
 #
 ## Function for checking if at least 300MB of free disk space are available
 ## on the "/var" partition.
@@ -155,4 +158,36 @@ sub oinkmaster () {
 	system("/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules 2>&1 |logger -t oinkmaster");
 }
 
+#
+## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
+#
+sub log_error ($) {
+	my ($error) = @_;
+
+	# Remove any newline.
+	chomp($error);
+
+	# Call private function to write/store the error message in the storederrorfile.
+	&_store_error_message($error);
+}
+
+#
+## Private function to write a given error message to the storederror file.
+#
+sub _store_error_message ($) {
+        my ($message) = @_;
+
+	# Remove any newline.
+	chomp($message);
+
+        # Open file for writing.
+        open (ERRORFILE, ">$storederrorfile") or die "Could not write to $storederrorfile. $!\n";
+
+        # Write error to file.
+        print ERRORFILE "$message\n";
+
+        # Close file.
+        close (ERRORFILE);
+}
+
 1;
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 8ae4da7749..1d61d9119e 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -72,6 +72,22 @@ if ($oinkmaster_pid) {
 	&working("$Lang::tr{'snort working'}");
 }
 
+# Check if any error has been stored.
+if (-e $IDS::storederrorfile) {
+        # Open file to read in the stored error message.
+        open(FILE, "<$IDS::storederrorfile") or die "Could not open $IDS::storederrorfile. $!\n";
+
+        # Read the stored error message.
+        $errormessage = <FILE>;
+
+        # Close file.
+        close (FILE);
+
+        # Delete the file, which is now not longer required.
+        unlink($IDS::storederrorfile);
+}
+
+
 ## Grab all available snort rules and store them in the snortrules hash.
 #
 # Open snort rules directory and do a directory listing.
@@ -251,25 +267,43 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
 		$errormessage = $Lang::tr{'could not download latest updates'};
 	}
 
-	# Check if there is enought free disk space available.
+	# Check if enought free disk space is availabe.
 	$errormessage = &IDS::checkdiskspace();
 
 	# Check if any errors happend.
 	unless ($errormessage) {
+		&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
+		&Header::openbigbox('100%', 'left', '', $errormessage);
+		&Header::openbox( 'Waiting', 1,);
+			print <<END;
+				<table>
+					<tr>
+						<td><img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' /></td>
+						<td>$Lang::tr{'snort working'}</td>
+					</tr>
+				</table>
+END
+		&Header::closebox();
+		&Header::closebigbox();
+		&Header::closepage();
+
 		# Call subfunction to download the ruleset.
 		$errormessage = &IDS::downloadruleset();
-	}
 
-	# Sleep for 1 second
-	sleep(1);
+		# Check if the downloader returned an error.
+		if ($errormessage) {
+			# Call function to store the errormessage.
+			&IDS::log_error($errormessage);
 
-	# Check if the downloader returend any error message.
-	unless ($errormessage) {
-		# Call subfunction to launch oinkmaster.
-		&oinkmaster();
+			# Preform a reload of the page.
+			&reload();
+		} else {
+			# Call subfunction to launch oinkmaster.
+			&IDS::oinkmaster();
 
-		# Sleep for 1 seconds.
-		sleep(1);
+			# Perform a reload of the page.
+			&reload();
+		}
 	}
 # Save snort settings.
 } elsif ($cgiparams{'SNORT'} eq $Lang::tr{'save'}) {
@@ -547,30 +581,14 @@ END
 &Header::closebigbox();
 &Header::closepage();
 
-sub working ($) {
-	my $message = $_[0];
-
-        &Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
-        &Header::openbigbox('100%', 'left', '', $errormessage);
-        &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1'>" );
-        print <<END;
-        <table>
-                <tr>
-                        <td><img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' /></td>
-                        <td>$message</td>
-                </tr>
-                <tr>
-                        <td colspan='2' align='center'>
-                        <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-                                <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
-                        </form>
-                </tr>
-        </table>
-END
-        &Header::closebox();
-        &Header::closebigbox();
-        &Header::closepage();
-        exit;
+#
+## A tiny function to perform a reload of the webpage after one second.
+#
+sub reload () {
+	print "<meta http-equiv='refresh' content='1'>\n";
+
+	# Stop the script.
+	exit;
 }
 
 #
-- 
2.39.2