public int EnableFSScan(Client client, int enable)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.SetFSScanStatus);
soc.SendDWORD(client.Socket, enable);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to set FSScan Status on " + enable + " for client " + client.Name);
}
return(1);
}
public int DeleteAppCtrlRule(Client client, int id)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.DeleteAppCtrlRule);
soc.SendDWORD(client.Socket, id);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to Delete AppCtrl Rule " + id + " for client " + client.Name);
}
return(1);
}
public int SendSetOption(Client client, int option, int value)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.SetOption);
soc.SendDWORD(client.Socket, option);
soc.SendDWORD(client.Socket, value);
int errorCode = soc.RecvDWORD(client.Socket);;
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception(
string.Format("Failed to Send Set Option {0} {1} client {2} (Error: {3})", option, value, client.Name, errorCode));
}
return(1);
}
public int GetFSScanStatus(Client client)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.GetFSScanStatus);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to get FSScan Status for client " + client.Name);
}
int fsScanStatus = soc.RecvDWORD(client.Socket);
client.IsFSScanEnabled = (fsScanStatus == 1);
return(fsScanStatus);
}
public int UpdateFSScanRule(Client client, FSRule rule)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.UpdateFSScanRule);
soc.SendDWORD(client.Socket, rule.RuleID);
soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher);
soc.SendString(client.Socket, rule.ProcessPath);
soc.SendDWORD(client.Socket, rule.PID);
soc.SendDWORD(client.Socket, (int)rule.FilePathMatcher);
soc.SendString(client.Socket, rule.FilePath);
soc.SendDWORD(client.Socket, rule.DeniedOperations);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to Update FSScan Rule " + rule.RuleID + " for client " + client.Name);
}
return(1);
}
public int UpdateAppCtrlRule(Client client, AppCtrlRule rule)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.UpdateAppCtrlRule);
soc.SendDWORD(client.Socket, rule.RuleID);
soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher);
soc.SendString(client.Socket, rule.ProcessPath);
soc.SendDWORD(client.Socket, rule.PID);
soc.SendDWORD(client.Socket, (int)rule.ParentPathMatcher);
soc.SendString(client.Socket, rule.ParentPath);
soc.SendDWORD(client.Socket, rule.ParentPID);
soc.SendDWORD(client.Socket, (int)rule.Verdict);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to Update AppCtrl Rule " + rule.RuleID + " for client " + client.Name);
}
return(1);
}
public FSEvent[] GetFSEvents(Client client, int lastID)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.GetFSScanEvents);
soc.SendDWORD(client.Socket, lastID);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to get FSScan Events for client " + client.Name);
}
int len = soc.RecvDWORD(client.Socket);
if (len == 0)
{
return(new FSEvent[0]);
}
FSEvent[] fsEvents = new FSEvent[len];
for (int i = 0; i < len; i++)
{
fsEvents[i] = new FSEvent();
fsEvents[i].EventID = soc.RecvDWORD(client.Socket);
fsEvents[i].ProcessPath = soc.RecvString(client.Socket);
fsEvents[i].PID = soc.RecvDWORD(client.Socket);
fsEvents[i].FilePath = soc.RecvString(client.Socket);
fsEvents[i].RequiredOperations = soc.RecvDWORD(client.Socket);
fsEvents[i].DeniedOperations = soc.RecvDWORD(client.Socket);
fsEvents[i].RemainingOperations = soc.RecvDWORD(client.Socket);
fsEvents[i].MatchedRuleID = soc.RecvDWORD(client.Socket);
fsEvents[i].EventTime = soc.RecvDWORD(client.Socket);
}
return(fsEvents);
}
/****************************************************************/
/* Public function */
/****************************************************************/
public AppCtrlRule[] GetAppCtrlRules(Client client)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.GetAppCtrlRules);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to get AppCtrl Rules for client " + client.Name);
}
int len = soc.RecvDWORD(client.Socket);
if (len == 0)
{
return(new AppCtrlRule[0]);
}
AppCtrlRule[] appRules = new AppCtrlRule[len];
for (int i = 0; i < len; i++)
{
appRules[i] = new AppCtrlRule();
appRules[i].RuleID = soc.RecvDWORD(client.Socket);
appRules[i].ProcessPathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket);
appRules[i].ProcessPath = soc.RecvString(client.Socket);
appRules[i].PID = soc.RecvDWORD(client.Socket);
appRules[i].ParentPathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket);
appRules[i].ParentPath = soc.RecvString(client.Socket);
appRules[i].ParentPID = soc.RecvDWORD(client.Socket);
appRules[i].Verdict = (IceScanVerdict)soc.RecvDWORD(client.Socket);
appRules[i].AddTime = soc.RecvDWORD(client.Socket);
}
client.AppCtrlRules = appRules;
return(appRules);
}
public int AddFSScanRule(Client client, FSRule rule)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.AddFSScanRule);
soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher);
soc.SendString(client.Socket, rule.ProcessPath);
soc.SendDWORD(client.Socket, rule.PID);
soc.SendDWORD(client.Socket, (int)rule.FilePathMatcher);
soc.SendString(client.Socket, rule.FilePath);
soc.SendDWORD(client.Socket, rule.DeniedOperations);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to Add FSScan Rule for client " + client.Name);
}
int ruleId = soc.RecvDWORD(client.Socket);
log.Info("FSScan rule was added: " + ruleId);
return(ruleId);
}
public AppCtrlEvent[] GetAppCtrlEvents(Client client, int lastID)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.GetAppCtrlEvents);
soc.SendDWORD(client.Socket, lastID);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to get AppCtrl Events for client " + client.Name);
}
int len = soc.RecvDWORD(client.Socket);
if (len == 0)
{
return(new AppCtrlEvent[0]);
}
AppCtrlEvent[] appEvents = new AppCtrlEvent[len];
for (int i = 0; i < len; i++)
{
appEvents[i] = new AppCtrlEvent();
appEvents[i].EventID = soc.RecvDWORD(client.Socket);
appEvents[i].ProcessPath = soc.RecvString(client.Socket);
appEvents[i].PID = soc.RecvDWORD(client.Socket);
appEvents[i].ParentPath = soc.RecvString(client.Socket);
appEvents[i].ParentPID = soc.RecvDWORD(client.Socket);
appEvents[i].Verdict = (IceScanVerdict)soc.RecvDWORD(client.Socket);
appEvents[i].MatchedRuleID = soc.RecvDWORD(client.Socket);
appEvents[i].EventTime = soc.RecvDWORD(client.Socket);
}
return(appEvents);
}
public FSRule[] GetFSRules(Client client)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.GetFSScanRules);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to get FSScan Rules for client " + client.Name);
}
int len = soc.RecvDWORD(client.Socket);
if (len == 0)
{
return(new FSRule[0]);
}
FSRule[] fsRules = new FSRule[len];
for (int i = 0; i < len; i++)
{
fsRules[i] = new FSRule();
fsRules[i].RuleID = soc.RecvDWORD(client.Socket);
fsRules[i].ProcessPathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket);
fsRules[i].ProcessPath = soc.RecvString(client.Socket);
fsRules[i].PID = soc.RecvDWORD(client.Socket);
fsRules[i].FilePathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket);
fsRules[i].FilePath = soc.RecvString(client.Socket);
fsRules[i].DeniedOperations = soc.RecvDWORD(client.Socket);
fsRules[i].AddTime = soc.RecvDWORD(client.Socket);
}
client.FSRules = fsRules;
return(fsRules);
}
public int AddAppCtrlRule(Client client, AppCtrlRule rule)
{
soc.SendDWORD(client.Socket, (int)IceServerCommand.AddAppCtrlRule);
soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher);
soc.SendString(client.Socket, rule.ProcessPath);
soc.SendDWORD(client.Socket, rule.PID);
soc.SendDWORD(client.Socket, (int)rule.ParentPathMatcher);
soc.SendString(client.Socket, rule.ParentPath);
soc.SendDWORD(client.Socket, rule.ParentPID);
soc.SendDWORD(client.Socket, (int)rule.Verdict);
IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket);
if (cmdResult != IceServerCommandResult.Success)
{
throw new Exception("Failed to Add AppCtrl Rule for client " + client.Name);
}
int ruleId = soc.RecvDWORD(client.Socket);
log.Info("AppCtrl rule was added: " + ruleId);
return(ruleId);
}
