STREAM *STREAMOpenFile(const char *FilePath, int Flags)
{
int fd, Mode=FALSE;
STREAM *Stream;
struct stat myStat;
Mode = Flags & ~(O_LOCK|O_TRUNC);
if (strcmp(FilePath,"-")==0)
{
Stream=STREAMFromDualFD(0,1);
Stream->Path=CopyStr(Stream->Path,FilePath);
return(Stream);
}
fd=open(FilePath, Mode, 0600);
if (fd==-1) return(NULL);
if (Flags & O_LOCK)
{
if (flock(fd,LOCK_EX | LOCK_NB)==-1)
{
close(fd);
return(NULL);
}
}
// check for symlink naughtyness. Basically a malicious user can
// try to guess the name of the file we are going to open in order
// to get us to write somewhere other than intended.
if (lstat(FilePath, &myStat) !=0)
{
close(fd);
return(NULL);
}
if (S_ISLNK(myStat.st_mode))
{
syslog(LOG_USER | LOG_WARNING, "STREAMOpenFile Opened symlink when trying to open %s. Possible DOS attack?",FilePath);
close(fd);
return(NULL);
}
if (Flags & O_TRUNC) ftruncate(fd,0);
Stream=STREAMFromFD(fd);
Stream->Path=CopyStr(Stream->Path,FilePath);
STREAMSetTimeout(Stream,0);
STREAMSetFlushType(Stream,FLUSH_FULL,0);
return(Stream);
}
int OAuthListen(OAUTH *Ctx, int Port, const char *URL, int Flags)
{
int netfd, result;
STREAM *S;
char *Tempstr=NULL;
fd_set fds;
FD_ZERO(&fds);
if (Port > 0)
{
netfd=IPServerInit(SOCK_STREAM, "127.0.0.1", Port);
if (netfd==-1) return(FALSE);
}
FD_SET(netfd, &fds);
if (Flags & OAUTH_STDIN) FD_SET(0, &fds);
result=select(netfd+1, &fds, NULL, NULL, NULL);
if (result > 0)
{
if (FD_ISSET(netfd, &fds)) OAuthConnectBack(Ctx, netfd);
else if (FD_ISSET(0, &fds))
{
S=STREAMFromFD(0);
STREAMSetTimeout(S,0);
Tempstr=STREAMReadLine(Tempstr, S);
if ( (strncmp(Tempstr, "http:", 5)==0) || (strncmp(Tempstr, "https:", 6)==0) ) OAuthParseReply(Ctx, "application/x-www-form-urlencoded", Tempstr);
else
{
StripTrailingWhitespace(Tempstr);
Ctx->VerifyCode=HTTPQuote(Ctx->VerifyCode, Tempstr);
SetVar(Ctx->Vars, "code", Ctx->VerifyCode);
}
STREAMDestroy(S);
}
OAuthFinalize(Ctx, URL);
}
DestroyString(Tempstr);
close(netfd);
return(TRUE);
}
void *MatchesLoad(int Flags)
{
char *Line=NULL, *Tempstr=NULL, *Type=NULL, *ptr;
TFingerprint *FP;
STREAM *S;
int count=0;
S=STREAMFromFD(0);
STREAMSetTimeout(S,100);
Line=STREAMReadLine(Line,S);
if (! StrValid(Line)) return(NULL);
if (strncasecmp(Line,"<?xml ",6)==0)
{
//xml document. Must be an OpenIOC fileq
while (Line)
{
StripTrailingWhitespace(Line);
Tempstr=CatStr(Tempstr,Line);
Line=STREAMReadLine(Line,S);
}
count=LoadFromIOC(Tempstr,Flags);
}
else
{
while (Line)
{
StripTrailingWhitespace(Line);
FP=TFingerprintParse(Line);
if (MatchAdd(FP, "", Flags)) count++;
Line=STREAMReadLine(Line, S);
}
}
if (Flags & FLAG_MEMCACHED) printf("Stored %d hashes in memcached server\n", count);
DestroyString(Tempstr);
DestroyString(Line);
DestroyString(Type);
return(Tree);
}
int ConnectHopSSH(STREAM *S,int Type, char *Host, int Port, char *User, char *Pass, char *NextHop)
{
char *Tempstr=NULL, *KeyFile=NULL, *Token=NULL, *Token2=NULL;
STREAM *AuthS;
int result=FALSE, val;
unsigned int TunnelPort=0;
if (Type==CONNECT_HOP_SSHTUNNEL)
{
TunnelPort=(rand() % (0xFFFF - 9000)) +9000;
//Host will be Token, and port Token2
ParseConnectDetails(NextHop, NULL, &Token, &Token2, NULL, NULL, NULL);
Tempstr=FormatStr(Tempstr,"ssh -2 -N %s@%s -L %d:%s:%s ",User,Host,TunnelPort,Token,Token2);
}
else Tempstr=MCopyStr(Tempstr,"ssh -2 -T ",User,"@",Host, " ", NULL );
if (strncmp(Pass,"keyfile:",8)==0)
{
if (S->in_fd != -1)
{
Token=FormatStr(Token,".%d-%d",getpid(),time(NULL));
SendPublicKeyToRemote(S,Token,Pass+8);
KeyFile=CopyStr(KeyFile,Token);
}
Tempstr=MCatStr(Tempstr,"-i ",KeyFile," ",NULL);
}
if (Port > 0)
{
Token=FormatStr(Token," -p %d ",Port);
Tempstr=CatStr(Tempstr,Token);
}
if (Type==CONNECT_HOP_SSHTUNNEL)
{
Tempstr=CatStr(Tempstr, " 2> /dev/null");
AuthS=STREAMSpawnCommand(Tempstr,COMMS_BY_PTY);
STREAMSetValue(S,"HelperPID:SSH",STREAMGetValue(AuthS,"PeerPID"));
}
else if (S->in_fd==-1)
{
Tempstr=CatStr(Tempstr, " 2> /dev/null");
PseudoTTYSpawn(&S->in_fd,Tempstr,0);
S->out_fd=S->in_fd;
if (S->in_fd > -1)
{
result=TRUE;
STREAMSetFlushType(S,FLUSH_LINE,0,0);
}
AuthS=S;
}
else
{
if (StrLen(KeyFile)) Tempstr=MCatStr(Tempstr," ; rm -f ",KeyFile,NULL);
Tempstr=CatStr(Tempstr,"; exit\n");
STREAMWriteLine(Tempstr,S);
result=TRUE;
AuthS=S;
}
if ((StrLen(KeyFile)==0) && (StrLen(Pass) > 0))
{
Token=MCopyStr(Token,Pass,"\n",NULL);
for (val=0; val < 3; val++)
{
if (STREAMExpectAndReply(AuthS,"assword:",Token)) break;
}
}
STREAMSetTimeout(AuthS,100);
//STREAMExpectSilence(AuthS);
sleep(3);
if (Type==CONNECT_HOP_SSHTUNNEL)
{
S->in_fd=ConnectToHost("127.0.0.1",TunnelPort,0);
S->out_fd=S->in_fd;
if (S->in_fd > -1) result=TRUE;
}
DestroyString(Tempstr);
DestroyString(KeyFile);
DestroyString(Token2);
DestroyString(Token);
return(result);
}
int STREAMProcessConnectHop(STREAM *S, char *HopURL, int LastHop)
{
int val, result=FALSE;
char *Token=NULL, *Token2=NULL, *ptr;
char *Tempstr=NULL;
char *User=NULL, *Host=NULL,*Pass=NULL, *KeyFile=NULL;
int Port=0;
ParseConnectDetails(HopURL, &Token, &Host, &Token2, &User, &Pass, NULL);
Port=atoi(Token2);
val=MatchTokenFromList(Token,HopTypes,0);
switch (val)
{
case CONNECT_HOP_TCP:
if (S->in_fd==-1)
{
S->in_fd=ConnectToHost(Host,Port,0);
S->out_fd=S->in_fd;
if (S->in_fd > -1) result=TRUE;
}
break;
case CONNECT_HOP_HTTP_PROXY:
result=DoHTTPProxyTunnel(S, Host, Port, 0);
break;
case CONNECT_HOP_SSH:
case CONNECT_HOP_SSHTUNNEL:
result=ConnectHopSSH(S, val, Host, Port, User, Pass, S->Path);
break;
case CONNECT_HOP_SHELL_CMD:
break;
case CONNECT_HOP_TELNET:
if (Port > 0)
{
Tempstr=FormatStr(Tempstr,"telnet -8 %s %d ",Host, Port);
}
else Tempstr=FormatStr(Tempstr,"telnet -8 %s ",Host);
if (S->in_fd==-1)
{
PseudoTTYSpawn(& S->in_fd,Tempstr,0);
S->out_fd=S->in_fd;
if (S->in_fd > -1)
{
result=TRUE;
STREAMSetFlushType(S,FLUSH_LINE,0);
}
}
else
{
Tempstr=CatStr(Tempstr,";exit\n");
STREAMWriteLine(Tempstr,S);
result=TRUE;
}
if (StrLen(User) > 0)
{
Tempstr=MCopyStr(Tempstr,User,"\n",NULL);
STREAMExpectAndReply(S,"ogin:",Tempstr);
}
if (StrLen(Pass) > 0)
{
Tempstr=MCopyStr(Tempstr,Pass,"\n",NULL);
STREAMExpectAndReply(S,"assword:",Tempstr);
}
STREAMSetTimeout(S,2);
STREAMExpectSilence(S);
break;
}
DestroyString(Tempstr);
DestroyString(Token);
DestroyString(KeyFile);
DestroyString(Host);
DestroyString(User);
DestroyString(Pass);
STREAMSetTimeout(S,30);
STREAMFlush(S);
return(result);
}
main(int argc, char *argv[])
{
ListNode *Curr, *Next;
int OverrideType=TYPE_NONE;
char *Tempstr=NULL;
int result;
//HTTPSetFlags(HTTP_NOCOMPRESS);
StdIn=STREAMFromFD(0);
STREAMSetTimeout(StdIn,0);
ParseEnvironmentVariables();
DownloadQueue=ListCreate();
Tempstr=MCopyStr(Tempstr,"Movgrab ",Version,NULL);
HTTPSetUserAgent(Tempstr);
FormatPreference=CopyStr(FormatPreference,"mp4,flv,webm,m4v,mov,mpg,mpeg,wmv,avi,3gp,reference,mp3,m4a,wma,m3u8,m3u8-stream");
AddOutputFile("", TRUE);
ParseCommandLine(argc, argv, DownloadQueue, &OverrideType);
CheckSettings();
if (StrLen(Proxy))
{
if (! SetGlobalConnectionChain(Proxy))
{
printf("ERROR: Failed to set proxy settings to '%s'\n",Proxy);
exit(1);
}
}
if (Flags & FLAG_PRINT_USAGE) PrintUsage();
else if (Flags & FLAG_PRINT_VERSION) PrintVersion();
else if (! (Flags & FLAG_STDIN))
{
if (ListSize(DownloadQueue)==0) PrintUsage();
}
while (1)
{
if ((Flags & FLAG_STDIN) && (ListSize(DownloadQueue)==0) )
{
Tempstr=STREAMReadLine(Tempstr,StdIn);
StripTrailingWhitespace(Tempstr);
ListAddItem(DownloadQueue,CopyStr(NULL,Tempstr));
}
Curr=ListGetNext(DownloadQueue);
while (Curr)
{
if (Flags & FLAG_TEST_SITES)
{
fprintf(stderr,"Checking %-20s ",Curr->Tag);
fflush(NULL);
}
result=GrabMovie((char *) Curr->Item,OverrideType);
Next=ListGetNext(Curr); //must do this after grab movie
//incase more items added while grabbing
if (Flags & FLAG_TEST_SITES)
{
if (result) fprintf(stderr," okay\n");
else fprintf(stderr," BROKEN\n");
}
ListDeleteNode(Curr);
Curr=Next;
}
if (Flags & FLAG_TEST_SITES) break;
if (! (Flags & FLAG_STDIN)) break;
}
}
int Login(TSession *Session)
{
char *Tempstr=NULL;
int result, RetVal=FALSE;
time_t Duration, Start, Now, LastActivity;
Session->User=CopyStr(Session->User,NULL);
Session->Password=CopyStr(Session->Password,NULL);
alarm(60);
//Clear out any crap
Tempstr=SetStrLen(Tempstr,4096);
result=TelnetReadBytes(Session->S, Tempstr, 4096, TNRB_ECHO | TNRB_NOPTY | TNRB_NONBLOCK);
while (StrLen(Session->User)==0)
{
time(&LastActivity);
if (Settings.IdleTimeout > 0) STREAMSetTimeout(Session->S, Settings.IdleTimeout);
if (Settings.Flags & FLAG_CHALLENGE)
{
Session->Challenge=GenerateSalt(Session->Challenge, 24);
Tempstr=MCopyStr(Tempstr, "Challenge/Response String: ", Session->Challenge, "\r\n", NULL);
STREAMWriteLine(Tempstr, Session->S);
}
STREAMWriteLine("login: "******"Password: "******"\r\n",Session->S);
if ((Settings.Flags & FLAG_LOCALONLY) && (! StrLen(Session->ClientMAC)))
{
syslog(Settings.ErrorLogLevel,"%s@%s NOT LOCAL. Denying Login.",Session->User,Session->ClientIP);
}
else if (Settings.Flags & FLAG_HONEYPOT){
//Original syslog(Settings.ErrorLogLevel,"%s@%s login denied (honeypot mode): user=%s pass=%s",Session->User,Session->ClientIP,Session->User,Session->Password);
//Eric Wedaa added the following line to log to the LongTail honeypot consolidation server
openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH);
syslog(Settings.ErrorLogLevel,"IP: %s TelnetLog: Username: %s Password: %s",Session->ClientIP,Session->User,Session->Password);
alarm(60);
}
else if (
(! (Session->Flags & FLAG_DENYAUTH)) &&
(Authenticate(Session))
) RetVal=TRUE;
//Now that we've used the password, blank it from memory!
result=StrLen(Session->Password);
if (result > 0) memset(Session->Password,0,result);
DestroyString(Tempstr);
//STREAMDisassociateFromFD(S);
return(RetVal);
}
void HandleClient()
{
TSession *Session;
char *Tempstr=NULL;
int i;
Session=(TSession *) calloc(1,sizeof(TSession));
Session->Shell=CopyStr(Session->Shell,Settings.DefaultShell);
Session->S=STREAMFromDualFD(0,1);
STREAMSetTimeout(Session->S,0);
GetSockDetails(0, &Session->ServerIP, &i, &Session->ClientIP, &i);
GetClientHardwareAddress(Session);
Session->ClientHost=CopyStr(Session->ClientHost,IPStrToHostName(Session->ClientIP));
openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH);
if (StrLen(Session->ClientMAC)) syslog(Settings.InfoLogLevel,"connection from: %s (%s / %s)", Session->ClientHost, Session->ClientIP, Session->ClientMAC);
else syslog(Settings.InfoLogLevel,"connection from: %s (%s)", Session->ClientHost, Session->ClientIP);
if (! CheckClientPermissions(Session)) Session->Flags |= FLAG_DENYAUTH;
chdir(Settings.ChDir);
if (StrLen(Settings.ChDir)==0) chdir(Settings.ChDir);
if (Settings.Flags & FLAG_CHROOT) chroot(".");
TelnetSendNegotiation(Session->S, TELNET_WONT, TELNET_LINEMODE);
TelnetSendNegotiation(Session->S, TELNET_WILL, TELNET_NOGOAHEAD);
//TelnetSendNegotiation(Session->S, TELNET_DONT, TELNET_LINEMODE);
TelnetSendNegotiation(Session->S, TELNET_WILL, TELNET_ECHO);
if (StrLen(Settings.Banner))
{
Tempstr=SessionSubstituteVars(Tempstr,Settings.Banner,Session);
STREAMWriteLine(Tempstr,Session->S);
STREAMWriteLine("\r\n",Session->S);
}
if (strcmp(Settings.AuthMethods,"open")==0) Session->Flags |= FLAG_AUTHENTICATED;
else
{
for (i=0; i < Settings.AuthTries; i++)
{
if (Login(Session)) break;
printf("\r\nLogin incorrect\r\n"); fflush(NULL);
if (! (Settings.Flags & FLAG_DENYAUTH)){
openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH);
syslog(Settings.ErrorLogLevel,"%s@%s login failed: tries used %d/%d",Session->User,Session->ClientIP,i,Settings.AuthTries);
}
sleep(Settings.AuthDelay);
}
}
if (Session->Flags & FLAG_AUTHENTICATED)
{
syslog(Settings.InfoLogLevel,"%s@%s logged in after %d tries",Session->User,Session->ClientIP,i);
RunTelnetSession(Session);
}
else syslog(Settings.ErrorLogLevel,"login from %s failed after %d tries",Session->ClientIP,i);
DestroyString(Tempstr);
free(Session);
_exit(0);
}
void RunTelnetSession(TSession *Session)
{
STREAM *Local, *S;
char *Tempstr=NULL;
int result, fd;
ListNode *Streams;
struct passwd *pwent;
struct group *grent;
struct timeval tv;
time_t Duration, Start, Now, LastActivity;
time(&Start);
LastActivity=Start;
Streams=ListCreate();
ListAddItem(Streams,Session->S);
//if '-real-user' was specified on the command-line, then this overrides
//anything read from password files
if (Settings.Flags & FLAG_FORCE_REALUSER)
{
Session->RealUser=CopyStr(Session->RealUser,Settings.RealUser);
}
//Get User Details before we chroot!
if (StrLen(Session->RealUser))
{
pwent=getpwnam(Session->RealUser);
if (! pwent)
{
syslog(Settings.InfoLogLevel,"Failed to lookup RealUser '%s' for user '%s'",Session->RealUser,Session->User);
exit(1);
}
Session->RealUserUID=pwent->pw_uid;
Session->GroupID=pwent->pw_gid;
}
//if '-shell' was specified on the command-line, then this overrides
//anything read from password files
if (Settings.Flags & FLAG_FORCE_SHELL)
{
Session->Shell=CopyStr(Session->Shell,Settings.RealUser);
}
if (Settings.Flags & FLAG_DYNHOME)
{
Session->HomeDir=SessionSubstituteVars(Session->HomeDir,Settings.DynamicHomeDir,Session);
Session->HomeDir=SlashTerminateDirectoryPath(Session->HomeDir);
MakeDirPath(Session->HomeDir,0777);
}
//CD to the user's home directory
if (StrLen(Session->HomeDir))
{
chdir(Session->HomeDir);
}
DoBindMounts(Settings.BindMounts,0);
//This login script allows setting up any aspects of the environment before we launch the shell. For instance it
//might be used to copy files into the chroot environment before chrooting
if (StrLen(Settings.LoginScript)) system(Settings.LoginScript);
//LAUNCH THE SHELL FUNCTION!!! This launches the program that the telnet user is 'speaking' to.
//If chhome is active, then it will be chrooted into the user's home directory
PseudoTTYSpawnFunction(&fd, LaunchPtyFunc, Session, TTYFLAG_CANON | TTYFLAG_ECHO | TTYFLAG_CRLF | TTYFLAG_LFCR | TTYFLAG_IGNSIG);
Local=STREAMFromFD(fd);
STREAMSetTimeout(Local,0);
//Might as well chroot on this side of the pipe too, unless we have a 'LogoutScript'
//Logout scripts exist to allow copying stuff back out of the chroot when the session is
//finished. We can't do this if we chroot this side as well as the 'shell' side
if (
(! StrLen(Settings.LogoutScript)) &&
(Settings.Flags & FLAG_CHHOME)
) chroot(".");
//DON'T SWITCH USER. NEED root TO UNBIND MOUNTS
//if (setreuid(Session->RealUserUID,Session->RealUserUID) !=0) exit(1);
ListAddItem(Streams,Local);
Tempstr=SetStrLen(Tempstr,4096);
while (1)
{
if (Settings.IdleTimeout) tv.tv_sec=Settings.IdleTimeout;
else tv.tv_sec=3600 * 24;
S=STREAMSelect(Streams,&tv);
time(&Now);
if (S)
{
if (S==Session->S)
{
result=TelnetReadBytes(Session->S, Tempstr, 4096, TNRB_NONBLOCK);
if (result ==-1) break;
STREAMWriteBytes(Local,Tempstr,result);
}
else
{
result=STREAMReadBytes(Local,Tempstr,4096);
if (result < 0) break;
STREAMWriteBytes(Session->S,Tempstr,result);
if (result < 0) break;
}
if (Settings.Flags & FLAG_WINSIZE) SetWindowSize(Session->S->out_fd);
LastActivity=Now;
}
if ((Settings.IdleTimeout > 0) && ((Now - LastActivity) > Settings.IdleTimeout)) break;
}
if (StrLen(Settings.LogoutScript)) system(Settings.LogoutScript);
if (Settings.Flags & FLAG_UNMOUNT) UndoBindMounts(Settings.BindMounts, 0);
if (Settings.Flags & FLAG_DYNHOME) rmdir(Session->HomeDir);
Duration=time(NULL) - Start;
syslog(Settings.InfoLogLevel,"%s@%s logged out after %d secs",Session->User,Session->ClientIP, Duration);
STREAMClose(Session->S);
STREAMClose(Local);
DestroyString(Tempstr);
}
