/*This function will be executed when a new request for search_record service arrives. This function will
initialize the required structures and data to serve the request.
*/
void *search_record_init_request_data(ci_request_t * req)
{
struct SearchRecord *search_record_data;
char full_url[URL_LEN];
char ip[IP_LEN];
const char* content_type=ci_http_response_get_header(req,"Content-Type");
int url_state = ci_http_request_full_url(req,full_url,URL_LEN);
const char* ip_state = get_client_ip(req,ip);
if((url_state == 0) || (ip_state == NULL))
{
ci_debug_printf(2,"could not get full url or client ip\n");
return NULL;
}
if((content_type == NULL) || (strncmp(content_type,"text/html",9) == 0))
{
search_record_data = malloc(sizeof(struct SearchRecord));
if (!search_record_data)
{
ci_debug_printf(1, "Memory allocation failed inside search_record_init_request_data!\n");
return NULL;
}
strcpy(search_record_data->full_url,full_url);
strcpy(search_record_data->ip,ip);
return search_record_data;
}
else
return NULL;
}
/* Write interesting information about a connection attempt to LOGFILE.
* Returns -1 on error. */
static int log_attempt(struct connection *c) {
FILE *f;
int r;
if ((f = fopen(LOGFILE, "a+")) == NULL) {
fprintf(stderr, "Unable to open %s\n", LOGFILE);
return -1;
}
if (get_utc(c) <= 0) {
fprintf(stderr, "Error getting time\n");
return -1;
}
if (get_client_ip(c) < 0) {
fprintf(stderr, "Error getting client ip\n");
return -1;
}
c->user = ssh_message_auth_user(c->message);
c->pass = ssh_message_auth_password(c->message);
if (DEBUG) { printf("%s %s %s %s\n", c->con_time, c->client_ip, c->user, c->pass); }
r = fprintf(f, "%s\t%s\t%s\t%s\t\n", c->con_time, c->client_ip, c->user, c->pass);
fclose(f);
return r;
}
/**
* Clear the session cache, release the session pool
*/
void CALLBACK on_disconnect_handler(
void *data, const WebSocketServer *server) {
// if the threads wake up during disconnect, this tells
// them to go back to sleep.
trans->client_connected = 0;
request_rec *r = server->request(server);
osrfLogInfo(OSRF_LOG_MARK, "WS disconnect from %s", get_client_ip(r));
// Clear any lingering session data
// NOTE: we could apr_pool_destroy the stateful_session_pool to truly free
// the memory, but since there is a limit to the size of the pool
// (max_concurrent_sessions), the memory cannot grow unbounded,
// so there's no need.
apr_hash_clear(trans->stateful_session_cache);
apr_pool_clear(trans->stateful_session_pool);
}
/**
* Create the per-client translator
*/
void* CALLBACK on_connect_handler(const WebSocketServer *server) {
request_rec *r = server->request(server);
if (!trans) { // first connection
// connect to opensrf
if (child_init(server) != APR_SUCCESS)
return NULL;
// build pools, thread data, and the translator
if (build_startup_data(server) != APR_SUCCESS)
return NULL;
}
const char* client_ip = get_client_ip(r);
osrfLogInfo(OSRF_LOG_MARK, "WS connect from %s", client_ip);
last_activity_time = time(NULL);
trans->client_connected = 1;
return trans;
}
/**
* The main entrance of bbswebd.
* @return 0 on success, 1 on initialization error.
*/
int main(void)
{
fb_signal(SIGTERM, exit_handler);
fb_signal(SIGUSR1, exit_handler);
if (initialize() < 0)
return EXIT_FAILURE;
initialize_environment(INIT_CONV | INIT_DB | INIT_MDB);
while (FCGI_Accept() >= 0) {
if (!web_ctx_init())
return EXIT_FAILURE;
const web_handler_t *h = _get_handler();
int code = BBS_ENOURL;
if (h) {
get_client_ip();
session_validate();
brc_reset();
if (session_get_id()) {
if (h->status != ST_IDLE)
set_user_status(h->status);
session_set_idle(session_get_id(), fb_time());
if (h->status != ST_READING)
session_set_board(0);
}
code = execute(h);
}
if (code > 0)
web_respond(code);
else
check_bbserr(code);
web_ctx_destroy();
}
return 0;
}
static int socksserver_on_clientconnect (void* userdata, struct sockaddr_storage* clientaddr, int fd) {
socksserver* srv = (socksserver*) userdata;
char buffer[256];
(void) buffer;
if(CONFIG_LOG && srv->log && clientaddr) {
logstart();
printfd(fd);
LOGPUT(1, VARISL(" connect from: "), VARIC(get_client_ip(clientaddr, buffer, sizeof(buffer))), NULL);
}
if(fd < 3 || fd >= MAX_FD) {
rocksockserver_disconnect_client(&srv->serva, fd);
return -2;
}
fdinfo* client = &srv->clients[fdindex(fd)];
// put into nonblocking mode, so that writes will not block the server
int flags = fcntl(fd, F_GETFL);
if(flags == -1) return -1;
if(fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) return -2;
client->data = find_free_buffer(srv);
if (!client->data) {
if(CONFIG_LOG && srv->log) {
logstart();
LOGPUTS(1, SPL("warning: couldnt find free buffer\n"));
}
rocksockserver_disconnect_client(&srv->serva, fd);
return -2;
}
client->state = SS_CONNECTED;
client->data->state = BS_IDLE;
client->data->start = 0;
client->target_fd = -1;
return 0;
}
virtual const char * get_client_address (void)
{
return get_client_ip();
};
static int socksserver_connect_request(socksserver* srv, int fd) {
fdinfo* client = &srv->clients[fdindex(fd)];
size_t i = 0;
unsigned char dlen = 0;
unsigned char* buf = client->data->buf;
int flags, ret;
host_info addr;
struct addrinfo addrbuf;
struct sockaddr sockbuf;
memset(&addr, 0, sizeof(addr));
memset(&addrbuf, 0, sizeof(addrbuf));
memset(&sockbuf, 0, sizeof(sockbuf));
addrbuf.ai_addr = &sockbuf;
addr.hostaddr = &addrbuf;
if(!client->data->start) return -1;
if(buf[i++] != 5) return EC_NOT_ALLOWED; // check first byte whenever the message length is > 0 to not waste resources on maldoers
if(client->data->start < 1+1+1+1+4+2) return -1;
if(buf[i++] != 1) return EC_COMMAND_NOT_SUPPORTED; // we support only the connect method.
if(buf[i++] != 0) return EC_GENERAL_FAILURE;
switch(buf[i++]) {
case 1:
//ipv4
memcpy(&((struct sockaddr_in*) addr.hostaddr->ai_addr)->sin_addr, buf + 4, 4);
memcpy(&((struct sockaddr_in*) addr.hostaddr->ai_addr)->sin_port, buf + 8, 2);
((struct sockaddr_in*) addr.hostaddr->ai_addr)->sin_family = PF_INET;
addr.hostaddr->ai_addr->sa_family = PF_INET;
addr.hostaddr->ai_addrlen = sizeof(struct sockaddr_in);
break;
case 3:
//dns
if(CONFIG_DNS) {
dlen = buf[i++];
if(client->data->start < 1U+1U+1U+1U+1U+dlen+2U) return -1;
addr.port = my_ntohs(buf + i + dlen);
buf[i + dlen] = 0;
addr.host = (char*) (buf + i);
if(CONFIG_IPV6) addr.hostaddr = NULL;
if(!resolve_host(&addr)) {
if(CONFIG_IPV6) {
memcpy(&addrbuf, addr.hostaddr, sizeof(struct addrinfo));
freeaddrinfo(addr.hostaddr);
addr.hostaddr = &addrbuf;
}
} else goto notsupported;
break;
} else goto notsupported;
case 4: //ipv6
if(CONFIG_IPV6) {
if(client->data->start < 1+1+1+1+16+2) return -1;
memcpy(&((struct sockaddr_in6*) addr.hostaddr->ai_addr)->sin6_addr, buf + 4, 16);
memcpy(&((struct sockaddr_in6*) addr.hostaddr->ai_addr)->sin6_port, buf + 20, 2);
((struct sockaddr_in6*) addr.hostaddr->ai_addr)->sin6_family = PF_INET6;
addr.hostaddr->ai_addr->sa_family = PF_INET6;
addr.hostaddr->ai_addrlen = sizeof(struct sockaddr_in6);
break;
}
default:
notsupported:
return EC_ADDRESSTYPE_NOT_SUPPORTED;
}
client->target_fd = socket(addr.hostaddr->ai_addr->sa_family, SOCK_STREAM, 0);
if(client->target_fd == -1) {
neterror:
switch(errno) {
case ENETDOWN:
case ENETUNREACH:
case ENETRESET:
return EC_NET_UNREACHABLE;
case EHOSTUNREACH:
case EHOSTDOWN:
return EC_HOST_UNREACHABLE;
case ECONNREFUSED:
return EC_CONN_REFUSED;
default:
return EC_GENERAL_FAILURE;
}
}
if(client->target_fd >= MAX_FD) {
close(client->target_fd);
return EC_GENERAL_FAILURE;
}
flags = fcntl(client->target_fd, F_GETFL);
if(flags == -1) return EC_GENERAL_FAILURE;
if(fcntl(client->target_fd, F_SETFL, flags | O_NONBLOCK) == -1) return EC_GENERAL_FAILURE;
ret = connect(client->target_fd, addr.hostaddr->ai_addr, addr.hostaddr->ai_addrlen);
if(ret == -1) {
ret = errno;
if (!(ret == EINPROGRESS || ret == EWOULDBLOCK))
goto neterror;
}
srv->clients[fdindex(client->target_fd)].state = SS_SOCKSTARGET;
srv->clients[fdindex(client->target_fd)].data = client->data;
srv->clients[fdindex(client->target_fd)].target_fd = fd;
rocksockserver_watch_fd(&srv->serva, client->target_fd);
if(CONFIG_LOG && srv->log) {
if(get_client_ip((struct sockaddr_storage*) addr.hostaddr->ai_addr, (char*) buf, CLIENT_BUFSIZE)) {
logstart();
printfd(fd);
LOGPUTS(1, SPLITERAL(" -> "));
printfd(client->target_fd);
LOGPUT(1, VARISL(" <"), VARIC((char*)buf), VARISL(">"), NULL);
}
}
return EC_SUCCESS;
}
// log_con_mysql
int log_con1_mysql(struct connection *c){
// get the time
if (get_utc(c) <= 0) {
fprintf(stderr, "Error getting time\n");
return -1;
}
// get the client ip
if (get_client_ip(c) < 0) {
fprintf(stderr, "Error getting client ip\n");
return -1;
}
//open the mysql connection
MYSQL *mysql_con;
if (mysql_start(&mysql_con) != 0){
return 1;
}
char *con_time_escaped;
escape(c->con_time, &con_time_escaped, mysql_con);
char *client_ip_escaped;
escape(c->client_ip, &client_ip_escaped, mysql_con);
char *protocol_version_escaped;
char protocol_version_string[10] = "";
sprintf(protocol_version_string, "%d", c->protocol_version);
escape(protocol_version_string, &protocol_version_escaped, mysql_con);
char *openssh_version_escaped;
char openssh_version_string[10] ="";
sprintf(openssh_version_string, "%d", c->openssh_version);
escape(openssh_version_string, &openssh_version_escaped, mysql_con);
// declare and reserve memory for the query string
char *mysql_query_string;
mysql_query_string = malloc(sizeof(char) * (400 + strlen(con_time_escaped) + strlen(client_ip_escaped) + strlen(protocol_version_escaped) + strlen(openssh_version_escaped)));
// build the query string
sprintf(mysql_query_string, "INSERT INTO `honeyssh`.`connection` (`session-id`, `ip`, `start-time`, `end-time`, `banner`, `cipher-in`, `cipher-out`, `protocol-version`, `openssh-version`, `action`, `potmode`, `id`, `sensor-id`) VALUES ('%llu', '%s', '%s', '1970-01-01 00:00:00', 'none', 'none', 'none', '%s', '%s', '-1', '%d', 'NULL', '%s');",
c->session_id,
client_ip_escaped,
con_time_escaped,
protocol_version_escaped,
openssh_version_escaped,
AUTHENTICATION,
SENSOR_ID);
// execute the query
if (mysql_query(mysql_con, mysql_query_string)) {
fprintf(stderr, "%s\n", mysql_error(mysql_con));
}
free(mysql_query_string);
free(con_time_escaped);
free(protocol_version_escaped);
free(openssh_version_escaped);
free(client_ip_escaped);
mysql_close(mysql_con);
return 0;
}
static char* extract_inbound_messages(
const request_rec *r,
const char* service,
const char* thread,
const char* recipient,
const jsonObject *osrf_msg) {
int i;
int num_msgs = osrf_msg->size;
osrfMessage* msg;
osrfMessage* msg_list[num_msgs];
// here we do an extra json round-trip to get the data
// in a form osrf_message_deserialize can understand
// TODO: consider a version of osrf_message_init which can
// accept a jsonObject* instead of a JSON string.
char *osrf_msg_json = jsonObjectToJSON(osrf_msg);
osrf_message_deserialize(osrf_msg_json, msg_list, num_msgs);
free(osrf_msg_json);
// should we require the caller to always pass the service?
if (service == NULL) service = "";
for(i = 0; i < num_msgs; i++) {
msg = msg_list[i];
osrfMessageSetIngress(msg, WEBSOCKET_TRANSLATOR_INGRESS);
switch(msg->m_type) {
case REQUEST: {
const jsonObject* params = msg->_params;
growing_buffer* act = buffer_init(128);
char* method = msg->method_name;
buffer_fadd(act, "[%s] [%s] %s %s",
get_client_ip(r), "", service, method);
const jsonObject* obj = NULL;
int i = 0;
const char* str;
int redactParams = 0;
while( (str = osrfStringArrayGetString(log_protect_arr, i++)) ) {
if(!strncmp(method, str, strlen(str))) {
redactParams = 1;
break;
}
}
if(redactParams) {
OSRF_BUFFER_ADD(act, " **PARAMS REDACTED**");
} else {
i = 0;
while((obj = jsonObjectGetIndex(params, i++))) {
char* str = jsonObjectToJSON(obj);
if( i == 1 )
OSRF_BUFFER_ADD(act, " ");
else
OSRF_BUFFER_ADD(act, ", ");
OSRF_BUFFER_ADD(act, str);
free(str);
}
}
osrfLogActivity(OSRF_LOG_MARK, "%s", act->buf);
buffer_free(act);
requests_in_flight++;
break;
}
case DISCONNECT:
clear_cached_recipient(thread);
break;
}
}
char* finalMsg = osrfMessageSerializeBatch(msg_list, num_msgs);
// clean up our messages
for(i = 0; i < num_msgs; i++)
osrfMessageFree(msg_list[i]);
return finalMsg;
}
