int RequestedListingType(HTTPSession *Session, int *Flags)
{
char *Name=NULL, *Value=NULL, *ptr;
int Action=ACTION_HTML;
if (! (Settings.DirListFlags & DIR_SHOWFILES)) return(DIR_REJECT);
ptr=GetNameValuePair(Session->Arguments,"&","=",&Name,&Value);
while (ptr)
{
if ( StrLen(Name) && StrLen(Value))
{
if (strcmp(Name,"format")==0) Action=MatchTokenFromList(Value,DirActionTypes,0);
else if (strcmp(Name,"sort")==0)
{
if (strcmp(Value,"size")==0) *Flags=SORT_SIZE;
else if (strcmp(Value,"rsize")==0) *Flags=SORT_RSIZE;
else if (strcmp(Value,"time")==0) *Flags=SORT_TIME;
else if (strcmp(Value,"rtime")==0) *Flags=SORT_RTIME;
else if (strcmp(Value,"name")==0) *Flags=SORT_NAME;
else if (strcmp(Value,"rname")==0) *Flags=SORT_RNAME;
//if (strcmp(Value,"rss")==0) *SortFlags=DIR_RSS;
}
else if (strcmp(Name,"all-selected")==0) *Flags|=SELECT_ALL;
}
ptr=GetNameValuePair(ptr,"&","=",&Name,&Value);
}
DestroyString(Name);
DestroyString(Value);
return(Action);
}
void HTTPHandleWWWAuthenticate(HTTPInfoStruct *Info, char *Line)
{
char *ptr, *ptr2, *Token=NULL, *Name=NULL, *Value=NULL;
char *AuthTypeStrings[]={"Basic","Digest",NULL};
typedef enum {AUTH_BASIC, AUTH_DIGEST} TAuthTypes;
int result;
if (! Info->Authorization) Info->Authorization=(HTTPAuthStruct *) calloc(1,sizeof(HTTPAuthStruct));
ptr=Line;
while (isspace(*ptr)) ptr++;
ptr=GetToken(ptr," ",&Token,0);
result=MatchTokenFromList(Token,AuthTypeStrings,0);
if (result==AUTH_BASIC) Info->Authorization->Flags |=HTTP_AUTH_BASIC;
if (result==AUTH_DIGEST) Info->Authorization->Flags |=HTTP_AUTH_DIGEST;
while (ptr)
{
ptr=GetToken(ptr,",",&Token,GETTOKEN_QUOTES);
StripLeadingWhitespace(Token);
StripTrailingWhitespace(Token);
ptr2=GetToken(Token,"=",&Name,GETTOKEN_QUOTES);
ptr2=GetToken(ptr2,"=",&Value,GETTOKEN_QUOTES);
if (strcasecmp(Name,"realm")==0) Info->Authorization->AuthRealm=CopyStr(Info->Authorization->AuthRealm,Value);
if (strcasecmp(Name,"qop")==0) Info->Authorization->AuthQOP=CopyStr(Info->Authorization->AuthQOP,Value);
if (strcasecmp(Name,"nonce")==0) Info->Authorization->AuthNonce=CopyStr(Info->Authorization->AuthNonce,Value);
if (strcasecmp(Name,"opaque")==0) Info->Authorization->AuthOpaque=CopyStr(Info->Authorization->AuthOpaque,Value);
}
DestroyString(Token);
DestroyString(Name);
DestroyString(Value);
}
ListNode *ParserParseDocument(const char *TypeStr, const char *Doc)
{
ListNode *Node, *Items;
const char *Types[]= {"json","rss","yaml","config","ini","url",NULL};
const char *ptr;
char *Token=NULL;
int Type;
if (! StrValid(TypeStr)) return(NULL);
if (! StrValid(Doc)) return(NULL);
GetToken(TypeStr,";",&Token,0);
StripTrailingWhitespace(Token);
StripLeadingWhitespace(Token);
ptr=Token;
if (strncmp(ptr,"application/",12)==0) ptr+=12;
if (strncmp(ptr,"x-www-form-urlencoded",21)==0) ptr="url";
Type=MatchTokenFromList(ptr,Types,0);
Items=ListCreate();
ptr=Doc;
while (isspace(*ptr)) ptr++;
if (*ptr=='{') ptr++;
if (*ptr=='[') ptr++;
ParserParseItems(Type, ptr, Items, 0);
fflush(NULL);
return(ParserOpenItem(Items,"/"));
}
int ANSIParseColor(const char *Str)
{
int val;
val=MatchTokenFromList(Str, ANSIColorStrings, 0);
if (val==-1) val=ANSI_NONE;
return(val);
}
static int CrayonType(const char *String)
{
int val;
if (! StrValid(String)) return(-1);
if (*String=='#') return(-1);
val=MatchTokenFromList(String, CrayonTypes, 0);
if (val==-1) val=0;
return(val);
}
int OSSAlterVolume(char *device, char *type_str, int delta)
{
int type;
type=MatchTokenFromList(type_str,VolTypeStrings,0);
if ((type==VOL_ALL) || (type==-1))
{
OSSAlterVolumeType(device, VOL_MASTER, delta);
OSSAlterVolumeType(device, VOL_PCM, delta);
}
else OSSAlterVolumeType(device, type, delta);
}
static int IsFlag(const char *String)
{
const char *AttribStrings[]={"top","bottom","persist","transient","refresh",NULL};
int AttribFlags[]={FLAG_TOP, FLAG_BOTTOM, FLAG_PERSIST, FLAG_TRANSIENT, FLAG_REFRESH};
int val;
val=MatchTokenFromList(String,AttribStrings,0);
if (val > -1) return(AttribFlags[val]);
return(0);
}
static int IsAttrib(const char *String)
{
const char *AttribStrings[]={"caps","bold","hide","blink","uppercase","underline","lowercase","inverse",NULL};
int AttribFlags[]={FLAG_CAPS, FLAG_BOLD, FLAG_HIDE, FLAG_BLINK, FLAG_CAPS, FLAG_UNDER, FLAG_LOWERCASE, FLAG_INVERSE};
int val;
val=MatchTokenFromList(String,AttribStrings,0);
if (val > -1) return(AttribFlags[val]);
return(ParseColor(String));
}
//colors can be either a color name or a forecolor/backcolor pair
static int ParseColor(const char *ColorString)
{
const char *ptr;
int val=0, Attrib=0;
char *Token=NULL;
ptr=strchr(ColorString,'/');
if (ptr)
{
Token=CopyStrLen(Token,ColorString,ptr-ColorString);
val=MatchTokenFromList(ptr+1,Colors,0);
if (val > 0) Attrib=val << 8;
}
else Token=CopyStr(Token, ColorString);
val=MatchTokenFromList(Token,Colors,0);
if (val > -1) Attrib |= val;
Destroy(Token);
return(Attrib);
}
int ParseQueryType(char *String)
{
switch (MatchTokenFromList(String,QueryTypeStr,0))
{
case QT_ADDR: return(DNSREC_ADDRESS); break;
case QT_CNAME: return(CNAME); break;
case QT_HINFO: return(DNSREC_HOSTINFO); break;
case QT_SOA: return(SOA); break;
case QT_WKS: return(DNSREC_KNOWNSERVICE); break;
case QT_NS: return(DNSREC_NAMESERVER); break;
case QT_MX: return(DNSREC_MAILEXCHANGE); break;
case QT_TXT: return(DNSREC_TEXT); break;
}
return(0);
}
void ParseEventConfig(char *ConfigLine)
{
const char *EventTypeStrings[]={"Method","Path","User","ClientIP","BadURL","Header","ResponseCode",NULL};
char *Token=NULL, *ptr;
ListNode *Node;
int Type;
if (! Settings.Events) Settings.Events=ListCreate();
ptr=GetToken(ConfigLine,":",&Token,0);
Type=MatchTokenFromList(Token,EventTypeStrings,0);
ptr=GetToken(ptr,":",&Token,0);
Node=ListAddNamedItem(Settings.Events,Token,CopyStr(NULL,ptr));
Node->ItemType=Type;
DestroyString(Token);
}
int GetContainerFileType(char *URL)
{
char *Tempstr=NULL, *ptr;
int val;
Tempstr=CopyStr(Tempstr,URL);
//strip off any 'http GET' style arguments
ptr=strrchr(Tempstr,'?');
if (ptr) *ptr='\0';
//get path file extension
ptr=strrchr(Tempstr,'.');
val=MatchTokenFromList(ptr,ContainerTypes,0);
DestroyString(Tempstr);
return(val);
}
int SetGlobalConnectionChain(const char *Chain)
{
char *Token=NULL, *Type=NULL;
const char *ptr;
int result=TRUE, count=0;
ptr=GetToken(Chain, "|", &Token, 0);
while (ptr)
{
GetToken(Token,":",&Type,0);
if (MatchTokenFromList(Type, HopTypes, 0)==-1) result=FALSE;
count++;
ptr=GetToken(ptr, "|", &Token, 0);
}
GlobalConnectionChain=CopyStr(GlobalConnectionChain, Chain);
DestroyString(Token);
DestroyString(Type);
return(result);
}
char *FormatFancyDirComment(char *RetStr, ListNode *Vars)
{
ListNode *Curr;
const char *NonDisplayingValues[]={"executable","FileSize","CTime-Secs","MTime-Secs","IsExecutable","getcontentlength","getcontenttype","getlastmodified","creationdate",NULL};
const char *ptr;
RetStr=CopyStr(RetStr, "");
Curr=ListGetNext(Vars);
while (Curr)
{
if (MatchTokenFromList(Curr->Tag, NonDisplayingValues,0)==-1)
{
ptr=Curr->Tag;
if (strncmp(ptr,"Media-",6)==0) ptr+=6;
RetStr=MCatStr(RetStr,ptr, ":", Curr->Item, " ", NULL);
}
Curr=ListGetNext(Curr);
}
return(RetStr);
}
int GetContainerFileType(const char *URL)
{
char *Tempstr=NULL, *ptr;
int val;
Tempstr=CopyStr(Tempstr,URL);
//strip off any 'http GET' style arguments
ptr=strrchr(Tempstr,'?');
if (ptr) *ptr='\0';
//get path file extension
ptr=strrchr(Tempstr,'.');
val=MatchTokenFromList(ptr,ContainerTypes,0);
DestroyString(Tempstr);
if (val==-1) return(TYPE_NONE);
if (Flags & FLAG_DEBUG2) fprintf(stderr,"CONTAINERTYPE: %s\n",ContainerTypes[val]);
return(ContainerIDs[val]);
}
int HTTPServerReadHeaders(HTTPSession *Session)
{
char *Tempstr=NULL, *Token=NULL, *ptr;
ListNode *Curr;
int val;
HTTPSessionClear(Session);
Tempstr=STREAMReadLine(Tempstr,Session->S);
if (! Tempstr) return(FALSE);
StripTrailingWhitespace(Tempstr);
//First line of the HTTP request is the 'Command' in the form "<method> <url>?<arguments> <HTTP version>"
HTTPServerParseCommand(Session, Session->S, Tempstr);
Tempstr=STREAMReadLine(Tempstr,Session->S);
if (Tempstr)
{
StripTrailingWhitespace(Tempstr);
StripLeadingWhitespace(Tempstr);
}
while (StrLen(Tempstr) )
{
if (Settings.Flags & FLAG_LOG_VERBOSE) LogToFile(Settings.LogPath,"<< %s",Tempstr);
ptr=GetToken(Tempstr,":",&Token,0);
while (isspace(*ptr)) ptr++;
val=MatchTokenFromList(Token,HeaderStrings,0);
ListAddNamedItem(Session->Headers,Token,CopyStr(NULL,ptr));
switch (val)
{
case HEAD_PROXYAUTH:
if (IsProxyMethod(Session->MethodID))
{
ptr=GetToken(ptr,"\\S",&Token,0);
HTTPServerHandleAuthHeader(Session,val,Token,ptr);
Session->AuthFlags |= FLAG_AUTH_PRESENT;
}
break;
case HEAD_AUTH:
if (IsProxyMethod(Session->MethodID))
{
Session->RemoteAuthenticate=CopyStr(Session->RemoteAuthenticate,ptr);
}
if (StrLen(Session->UserName)==0)
{
ptr=GetToken(ptr,"\\S",&Token,0);
HTTPServerHandleAuthHeader(Session,val,Token,ptr);
Session->AuthFlags |= FLAG_AUTH_PRESENT;
}
break;
case HEAD_HOST:
Session->Host=CopyStr(Session->Host,ptr);
ptr=strchr(Session->Host,':');
if (! ptr)
{
Token=FormatStr(Token,":%d",Settings.Port);
Session->Host=CatStr(Session->Host,Token);
}
break;
case HEAD_DEST:
Session->Destination=HTTPUnQuote(Session->Destination,ptr);
break;
case HEAD_CONTENT_TYPE:
HTTPServerParsePostContentType(Session, ptr);
break;
case HEAD_CONTENT_LENGTH:
Session->ContentSize=atoi(ptr);
break;
case HEAD_DEPTH:
if (strcasecmp(ptr,"infinity")==0) Session->Depth=INT_MAX;
else Session->Depth=atoi(ptr);
break;
case HEAD_OVERWRITE:
if (*ptr=='T') Session->Flags |= SESSION_OVERWRITE;
break;
case HEAD_CONNECTION:
if ((Settings.Flags & FLAG_KEEPALIVES) && (strcasecmp(ptr,"Keep-Alive")==0)) Session->Flags |= SESSION_KEEPALIVE;
break;
case HEAD_AGENT:
Session->UserAgent=CopyStr(Session->UserAgent,ptr);
Curr=ListGetNext(Settings.UserAgents);
while (Curr)
{
if (fnmatch(Curr->Tag,Session->UserAgent,0)==0)
{
if (Settings.Flags & FLAG_LOG_VERBOSE) LogToFile(Settings.LogPath,"Applying User Agent Settings: %s",Curr->Item);
ParseConfigItemList((char *) Curr->Item);
}
Curr=ListGetNext(Curr);
}
break;
case HEAD_COOKIE:
if (StrLen(Session->Cookies)) Session->Cookies=MCopyStr(Session->Cookies,"; ",ptr,NULL);
else Session->Cookies=CopyStr(Session->Cookies,ptr);
Session->AuthFlags |= FLAG_AUTH_PRESENT;
break;
case HEAD_REFERER:
Session->ClientReferrer=CopyStr(Session->ClientReferrer,ptr);
break;
case HEAD_ACCEPT_ENCODING:
ptr=GetToken(ptr,",",&Token,0);
while (ptr)
{
if (strcmp(Token,"gzip")==0) Session->Flags|=SESSION_ENCODE_GZIP;
if (strcmp(Token,"x-gzip")==0) Session->Flags|=SESSION_ENCODE_GZIP | SESSION_ENCODE_XGZIP;
ptr=GetToken(ptr,",",&Token,0);
}
break;
case HEAD_ICECAST:
if (atoi(ptr)) Session->Flags |= SESSION_ICECAST;
break;
case HEAD_IFMOD_SINCE:
Session->IfModifiedSince=DateStrToSecs("%a, %d %b %Y %H:%M:%S %Z",ptr,NULL);
break;
case HEAD_UPGRADE:
if ((strcasecmp(ptr,"Upgrade")==0) && SSLAvailable())
{
if (! HTTPServerActivateSSL(Session,Settings.SSLKeys)) return;
}
else if (strcasecmp(ptr,"websocket")==0) Session->MethodID = METHOD_WEBSOCKET;
break;
case HEAD_WEBSOCK_KEY:
Session->ContentBoundary=CopyStr(Session->ContentBoundary, ptr);
break;
case HEAD_WEBSOCK_KEY1:
Session->ContentBoundary=CopyStr(Session->ContentBoundary, ptr);
if (Session->MethodID==METHOD_WEBSOCKET) Session->MethodID = METHOD_WEBSOCKET75;
break;
case HEAD_WEBSOCK_KEY2:
Session->ContentType=CopyStr(Session->ContentType, ptr);
if (Session->MethodID==METHOD_WEBSOCKET) Session->MethodID = METHOD_WEBSOCKET75;
break;
case HEAD_WEBSOCK_PROTOCOL:
Session->ContentType=CopyStr(Session->ContentType, ptr);
break;
case HEAD_WEBSOCK_VERSION:
break;
case HEAD_ORIGIN:
break;
}
Tempstr=STREAMReadLine(Tempstr,Session->S);
StripTrailingWhitespace(Tempstr);
StripLeadingWhitespace(Tempstr);
}
if (strstr(Session->Arguments,"AccessToken")) Session->AuthFlags |= FLAG_AUTH_PRESENT | FLAG_AUTH_ACCESS_TOKEN;
Session->URL=HTTPUnQuote(Session->URL,Session->OriginalURL);
if (*Session->URL=='/') Session->Path=CopyStr(Session->Path,Session->URL);
else Session->Path=MCopyStr(Session->Path,"/",Session->URL,NULL);
DestroyString(Tempstr);
DestroyString(Token);
return(TRUE);
}
static int MatchActionType(const char *Str)
{
const char *ActStrings[]={"", "args", "echo", "replace","setstr","setenv","send","bell","playsound","exec","passto","passinput","basename","setxtitle","restorextitle","setxlabel","xselection","setxiconname","raise","lower","iconify","deiconify","maximize","demaximize","wide","high","font","fontup","fontdown","cls","clearscreen","cleartoeol","altscreen","normscreen","xtermbgcolor","xtermfgcolor","rxvtbgcolor","rxvtfgcolor","bgcolor","fgcolor","dontcrayon","allowchildcrayon","redraw","infobar","querybar","selectbar","historybar","call",NULL};
return(MatchTokenFromList(Str, ActStrings, 0));
}
void ParseConfigItem(char *ConfigLine)
{
char *Token=NULL, *ptr;
int result;
const char *ConfTokens[]={"Chroot","Chshare","Chhome","AllowUsers","DenyUsers","Port","Banner","BannerFile","DataConnectionLowPort","DataConnectionHighPort","DataConnectionPortRange","ServLogFile","LogFile","Idle","MaxIdle","Locks","AuthFile","BindAddress","LogPasswords","AuthMethods","UserPrompt","PermittedCommands","DefaultGroup","MaxFileSize","UploadHook", "DownloadHook","RenameHook","DeleteHook","LoginHook","LogoutHook","ConnectUpHook","ConnectDownHook","ConfirmTransfer",NULL};
typedef enum {CT_CHROOT, CT_CHSHARE, CT_CHHOME, CT_ALLOWUSERS,CT_DENYUSERS,CT_PORT,CT_BANNER,CT_BANNERFILE,CT_DC_LOW_PORT, CT_DC_HIGH_PORT, CT_DC_RANGE,CT_SERVLOGFILE,CT_LOGFILE,CT_IDLE,CT_MAXIDLE,CT_LOCKS,CT_AUTHFILE,CT_BINDADDRESS,CT_LOGPASSWORDS,CT_AUTHMETHODS,CT_USERPROMPT,CT_PERMITTEDCOMMANDS,CT_DEFAULTGROUP, CT_MAXFILESIZE, CT_UPLOADHOOK, CT_DOWNLOADHOOK, CT_RENAMEHOOK, CT_DELETEHOOK, CT_LOGINHOOK, CT_LOGOUTHOOK, CT_CONNECTUPHOOK, CT_CONNECTDOWNHOOK, CT_CONFIRM_TRANSFER} EConfigStrings;
struct group *grent;
ptr=GetToken(ConfigLine,"=",&Token,0);
StripLeadingWhitespace(Token);
StripTrailingWhitespace(Token);
result=MatchTokenFromList(Token,ConfTokens,0);
if (ptr)
{
StripLeadingWhitespace(ptr);
StripTrailingWhitespace(ptr);
}
switch(result)
{
case CT_PORT:
Settings.Port=atoi(ptr);
break;
case CT_CHROOT:
Settings.Flags|=FLAG_CHROOT;
Settings.Chroot=CopyStr(Settings.Chroot,ptr);
break;
case CT_CHSHARE:
Settings.Flags|=FLAG_CHSHARE;
Settings.Chroot=CopyStr(Settings.Chroot,ptr);
break;
case CT_CHHOME:
Settings.Flags|=FLAG_CHHOME;
break;
case CT_ALLOWUSERS:
Settings.AllowUsers=CopyStr(Settings.AllowUsers,ptr);
break;
case CT_DENYUSERS:
Settings.DenyUsers=CopyStr(Settings.DenyUsers,ptr);
break;
case CT_DC_LOW_PORT:
Settings.DataConnectionLowPort=atoi(ptr);
break;
case CT_DC_HIGH_PORT:
Settings.DataConnectionHighPort=atoi(ptr);
break;
case CT_DC_RANGE:
ptr=GetToken(ptr,"-",&Token,0);
Settings.DataConnectionLowPort=atoi(Token);
Settings.DataConnectionHighPort=atoi(ptr);
break;
case CT_IDLE:
Settings.DefaultIdle=atoi(ptr);
break;
case CT_MAXIDLE:
Settings.MaxIdle=atoi(ptr);
break;
case CT_BANNER:
Settings.ConnectBanner=CopyStr(Settings.ConnectBanner,ptr);
break;
case CT_BANNERFILE:
Settings.ConnectBanner=ReadBannerFile(Settings.ConnectBanner,ptr);
break;
case CT_AUTHFILE:
Settings.AuthFile=CopyStr(Settings.AuthFile,ptr);
break;
case CT_SERVLOGFILE:
Settings.ServerLogPath=CopyStr(Settings.ServerLogPath,ptr);
break;
case CT_LOGFILE:
Settings.LogPath=CopyStr(Settings.LogPath,ptr);
break;
case CT_LOCKS:
if (strcmp(ptr,"Advisory")==0) Settings.Flags |= FLAG_ALOCK;
else if (strcmp(ptr,"Mandatory")==0) Settings.Flags |= FLAG_MLOCK;
else if (strcmp(ptr,"MandatoryWrite")==0) Settings.Flags |= FLAG_MLOCK | FLAG_ALOCK;
break;
case CT_BINDADDRESS:
Settings.BindAddress=CopyStr(Settings.BindAddress,ptr);
break;
case CT_LOGPASSWORDS:
Settings.Flags |= FLAG_LOGPASSWORDS;
break;
case CT_AUTHMETHODS:
Settings.AuthMethods=CopyStr(Settings.AuthMethods,ptr);
break;
case CT_USERPROMPT:
Settings.UserPrompt=CopyStr(Settings.UserPrompt,ptr);
break;
case CT_PERMITTEDCOMMANDS:
ParsePermittedCommands(&Settings,ptr);
break;
case CT_DEFAULTGROUP:
grent=getgrnam(ptr);
Settings.DefaultGroupID=grent->gr_gid;
break;
case CT_MAXFILESIZE:
Settings.MaxFileSize=strtod(ptr,NULL);
break;
case CT_UPLOADHOOK:
Settings.UploadHook=CopyStr(Settings.UploadHook,ptr);
break;
case CT_DOWNLOADHOOK:
Settings.DownloadHook=CopyStr(Settings.DownloadHook,ptr);
break;
case CT_RENAMEHOOK:
Settings.RenameHook=CopyStr(Settings.RenameHook,ptr);
break;
case CT_DELETEHOOK:
Settings.DeleteHook=CopyStr(Settings.DeleteHook,ptr);
break;
case CT_LOGINHOOK:
Settings.LoginHook=CopyStr(Settings.LoginHook,ptr);
break;
case CT_LOGOUTHOOK:
Settings.LogoutHook=CopyStr(Settings.LogoutHook,ptr);
break;
case CT_CONNECTUPHOOK:
Settings.ConnectUpHook=CopyStr(Settings.ConnectUpHook,ptr);
break;
case CT_CONNECTDOWNHOOK:
Settings.ConnectDownHook=CopyStr(Settings.ConnectDownHook,ptr);
break;
case CT_CONFIRM_TRANSFER:
Settings.ConfirmTransfer=MatchTokenFromList(ptr,HashNames,0);
break;
}
DestroyString(Token);
}
void ParseCommandLine(int argc, char *argv[])
{
int count, val;
if (argc < 2) return;
if (strcmp(argv[1],"-user")==0)
{
ParseCommandLineUpdateUser(argc,argv);
exit(0);
}
for (count=1; count < argc; count++)
{
val=MatchTokenFromList(argv[count],ArgStrings,MATCH_TOKEN_CASE);
switch (val)
{
case ARG_PROXY:
Settings.Flags |= MODE_FTP_PROXY;
break;
case ARG_CHHOME:
Settings.Flags |= FLAG_CHHOME;
break;
case ARG_SYSLOG:
Settings.Flags |= FLAG_SYSLOG;
break;
case ARG_INETD:
case ARG_INETD2:
Settings.Flags |= MODE_INETD;
break;
case ARG_CHROOT:
Settings.Flags|=FLAG_CHROOT;
Settings.Chroot=CopyStr(Settings.Chroot,argv[++count]);
break;
case ARG_CHSHARE:
Settings.Flags|=FLAG_CHSHARE;
Settings.Chroot=CopyStr(Settings.Chroot,argv[++count]);
break;
case ARG_PORT:
case ARG_PORT2:
Settings.Port=atoi(argv[++count]);
break;
case ARG_NODEMON:
Settings.Flags &= ~FLAG_DEMON;
break;
case ARG_CONFIG_FILE:
Settings.ConfigFile=CopyStr(Settings.ConfigFile,argv[++count]);
break;
case ARG_AUTH_METHODS:
Settings.AuthMethods=CopyStr(Settings.AuthMethods,argv[++count]);
break;
case ARG_AUTH_FILE:
Settings.AuthFile=CopyStr(Settings.AuthFile,argv[++count]);
break;
case ARG_LOGFILE:
case ARG_LOGFILE2:
Settings.LogPath=CopyStr(Settings.LogPath,argv[++count]);
break;
case ARG_ALLOWUSERS:
Settings.AllowUsers=CopyStr(Settings.AllowUsers,argv[++count]);
break;
case ARG_DENYUSERS:
Settings.DenyUsers=CopyStr(Settings.DenyUsers,argv[++count]);
break;
case ARG_NOPASV:
Settings.Flags |= FLAG_NOPASV;
break;
case ARG_DCLOW:
Settings.DataConnectionLowPort=atoi(argv[++count]);
break;
case ARG_DCHIGH:
Settings.DataConnectionHighPort=atoi(argv[++count]);
break;
case ARG_IDLE:
Settings.DefaultIdle=atoi(argv[++count]);
break;
case ARG_MAXIDLE:
Settings.MaxIdle=atoi(argv[++count]);
break;
case ARG_MLOCKS:
Settings.Flags |= FLAG_MLOCK;
break;
case ARG_ALOCKS:
Settings.Flags |= FLAG_ALOCK;
break;
case ARG_MALOCKS:
Settings.Flags |= FLAG_MLOCK | FLAG_ALOCK;
break;
case ARG_BINDADDRESS:
case ARG_INTERFACE:
Settings.BindAddress=CopyStr(Settings.BindAddress,argv[++count]);
break;
case ARG_IPV4:
Settings.BindAddress=CopyStr(Settings.BindAddress,"0.0.0.0");
break;
case ARG_UPDATE_PASSWORD:
Settings.UpdatePasswordType=CopyStr(Settings.UpdatePasswordType, argv[++count]);
break;
case ARG_CONFIRM_TRANSFER:
Settings.ConfirmTransfer=MatchTokenFromList(argv[++count],HashNames,0);
break;
/*
case ARG_PERMITTEDCOMMANDS:
Settings.PermittedCommands=CopyStr(Settings.PermittedCommands,argv[++count]);
break;
*/
case ARG_HELP1:
case ARG_HELP2:
case ARG_HELP3:
PrintUsage();
break;
case ARG_VERSION:
case ARG_VERSION2:
printf("metaftpd %s\n",Version);
exit(0);
break;
}
}
if (
(! (Settings.Flags & MODE_FTP_SERVER)) &&
(! (Settings.Flags & MODE_FTP_PROXY))
)
{
Settings.Flags |= MODE_FTP_SERVER;
}
}
void ParseConfigItem(char *ConfigLine)
{
const char *ConfTokens[]={"Chroot","Chhome","AllowUsers","DenyUsers","Port","LogFile","AuthPath","BindAddress","LogPasswords","HttpMethods","AuthMethods","DefaultUser","DefaultGroup","Path","FileType","LogVerbose","AuthRealm","Compression","DirListType","DisplayNameLen","MaxLogSize","ScriptHandler","ScriptHashFile","WebsocketHandler","LookupClientName","SanitizeAllowTags","CustomHeader","UserAgentSettings",
"SSLKey","SSLCert","SSLCiphers","SSLDHParams","SSLClientCertificate","SSLVerifyPath", "SSLVersion",
"Event","FileCacheTime","HttpKeepAlive","AccessTokenKey","Timezone","MaxMemory","MaxStack","ActivityTimeout","PackFormats",NULL};
typedef enum {CT_CHROOT, CT_CHHOME, CT_ALLOWUSERS,CT_DENYUSERS,CT_PORT, CT_LOGFILE,CT_AUTHFILE,CT_BINDADDRESS,CT_LOGPASSWORDS,CT_HTTPMETHODS, CT_AUTHMETHODS,CT_DEFAULTUSER, CT_DEFAULTGROUP, CT_PATH, CT_FILETYPE, CT_LOG_VERBOSE, CT_AUTH_REALM, CT_COMPRESSION, CT_DIRTYPE, CT_DISPLAYNAMELEN, CT_MAXLOGSIZE, CT_SCRIPTHANDLER, CT_SCRIPTHASHFILE, CT_WEBSOCKETHANDLER, CT_LOOKUPCLIENT, CT_SANITIZEALLOW, CT_CUSTOMHEADER, CT_USERAGENTSETTINGS,
CT_SSLKEY, CT_SSLCERT, CT_SSLCIPHERS, CT_SSLDHPARAMS, CT_CLIENT_CERTIFICATION, CT_SSLVERIFY_PATH, CT_SSL_VERSION,
CT_EVENT, CT_FILE_CACHE_TIME, CT_SESSION_KEEPALIVE, CT_ACCESS_TOKEN_KEY, CT_TIMEZONE, CT_MAX_MEM, CT_MAX_STACK, CT_ACTIVITY_TIMEOUT, CT_ARCHIVE_FORMATS} TConfigTokens;
char *Token=NULL, *ptr;
struct group *grent;
struct stat Stat;
TConfigTokens TokType;
ptr=GetToken(ConfigLine,"=|:",&Token,GETTOKEN_MULTI_SEPARATORS);
StripLeadingWhitespace(Token);
StripTrailingWhitespace(Token);
TokType=MatchTokenFromList(Token,ConfTokens,0);
switch(TokType)
{
case CT_PORT:
Settings.Port=atoi(ptr);
break;
case CT_CHROOT:
Settings.Flags &= ~FLAG_CHHOME;
Settings.Flags |= FLAG_CHROOT;
Settings.DefaultDir=CopyStr(Settings.DefaultDir,ptr);
break;
case CT_CHHOME:
Settings.Flags &= ~FLAG_CHROOT;
Settings.Flags|=FLAG_CHHOME;
break;
case CT_ALLOWUSERS:
Settings.AllowUsers=CopyStr(Settings.AllowUsers,ptr);
break;
case CT_DENYUSERS:
Settings.DenyUsers=CopyStr(Settings.DenyUsers,ptr);
break;
case CT_AUTHFILE:
Settings.AuthPath=CopyStr(Settings.AuthPath,ptr);
break;
case CT_BINDADDRESS:
Settings.BindAddress=CopyStr(Settings.BindAddress,ptr);
break;
case CT_LOGPASSWORDS:
// Settings.Flags |= FLAG_LOGPASSWORDS;
break;
case CT_DISPLAYNAMELEN:
Settings.DisplayNameLen=atoi(ptr);
break;
case CT_AUTHMETHODS:
Settings.AuthMethods=CopyStr(Settings.AuthMethods,ptr);
break;
case CT_HTTPMETHODS:
Settings.HttpMethods=CopyStr(Settings.HttpMethods,ptr);
break;
case CT_DEFAULTUSER:
Settings.DefaultUser=CopyStr(Settings.DefaultUser,ptr);
break;
case CT_DEFAULTGROUP:
Settings.DefaultGroup=CopyStr(Settings.DefaultGroup,ptr);
grent=getgrnam(ptr);
if (grent) Settings.DefaultGroupID=grent->gr_gid;
break;
case CT_SSLKEY:
if (! Settings.SSLKeys) Settings.SSLKeys=ListCreate();
Token=FormatStr(Token,"SSL_KEY_FILE:%d",ListSize(Settings.SSLKeys));
ListAddNamedItem(Settings.SSLKeys,Token,CopyStr(NULL,ptr));
Settings.Flags |=FLAG_SSL;
break;
case CT_SSLCERT:
if (! Settings.SSLKeys) Settings.SSLKeys=ListCreate();
Token=FormatStr(Token,"SSL_CERT_FILE:%d",ListSize(Settings.SSLKeys));
ListAddNamedItem(Settings.SSLKeys,Token,CopyStr(NULL,ptr));
Settings.Flags |=FLAG_SSL;
break;
case CT_SSLCIPHERS:
LibUsefulSetValue("SSL-Permitted-Ciphers",ptr);
break;
case CT_SSLDHPARAMS:
LibUsefulSetValue("SSL-DHParams-File",ptr);
break;
case CT_SSL_VERSION:
LibUsefulSetValue("SSL-Level",ptr);
break;
case CT_AUTH_REALM:
Settings.AuthRealm=CopyStr(Settings.AuthRealm,ptr);
break;
case CT_COMPRESSION:
if (strcasecmp(ptr,"partial")==0)
{
Settings.Flags &= ~FLAG_COMPRESS;
Settings.Flags |= FLAG_PARTIAL_COMPRESS;
}
else if (! YesNoTrueFalse(ptr)) Settings.Flags &= ~(FLAG_COMPRESS | FLAG_PARTIAL_COMPRESS);
else
{
Settings.Flags &= ~FLAG_PARTIAL_COMPRESS;
Settings.Flags |= FLAG_COMPRESS;
}
break;
case CT_PATH:
ptr=GetToken(ptr,",",&Token,0);
VPathParse(Settings.VPaths, Token, ptr);
break;
case CT_FILETYPE:
VPathParse(Settings.VPaths, Token, ptr);
break;
case CT_DIRTYPE:
ParseDirListType(ptr);
break;
case CT_LOGFILE:
Settings.LogPath=CopyStr(Settings.LogPath,ptr);
break;
case CT_LOG_VERBOSE:
if (YesNoTrueFalse(ptr)) Settings.Flags |= FLAG_LOG_VERBOSE;
else Settings.Flags &= ~FLAG_LOG_VERBOSE;
break;
case CT_MAXLOGSIZE:
Settings.MaxLogSize = (int) ParseHumanReadableDataQty(ptr, 0);
break;
case CT_SCRIPTHANDLER:
ptr=GetToken(ptr,"=",&Token,0);
if (! Settings.ScriptHandlers) Settings.ScriptHandlers=ListCreate();
SetTypedVar(Settings.ScriptHandlers,Token,ptr,PATHTYPE_CGI);
break;
case CT_SCRIPTHASHFILE:
Settings.ScriptHashFile=CopyStr(Settings.ScriptHashFile,ptr);
Settings.Flags |= FLAG_CHECK_SCRIPTS;
break;
case CT_WEBSOCKETHANDLER:
if (! Settings.ScriptHandlers) Settings.ScriptHandlers=ListCreate();
ptr=GetToken(ptr,"=",&Token,0);
SetTypedVar(Settings.ScriptHandlers,Token,ptr,PATHTYPE_WEBSOCKET);
break;
case CT_SANITIZEALLOW:
if (! Settings.SanitizeArgumentsAllowedTags) Settings.SanitizeArgumentsAllowedTags=ListCreate();
ptr=GetToken(ptr,",",&Token,0);
while (ptr)
{
SetVar(Settings.SanitizeArgumentsAllowedTags,Token,"Y");
ptr=GetToken(ptr,",",&Token,0);
}
break;
case CT_CUSTOMHEADER:
if (! Settings.CustomHeaders) Settings.CustomHeaders=ListCreate();
ptr=GetToken(ptr,":",&Token,0);
ListAddNamedItem(Settings.CustomHeaders,Token,CopyStr(NULL,ptr));
break;
case CT_LOOKUPCLIENT:
if (YesNoTrueFalse(ptr)) Settings.Flags |= FLAG_LOOKUP_CLIENT;
else Settings.Flags &= ~FLAG_LOOKUP_CLIENT;
break;
case CT_USERAGENTSETTINGS:
if (! Settings.UserAgents) Settings.UserAgents=ListCreate();
ptr=GetToken(ptr,",",&Token,0);
ListAddNamedItem(Settings.UserAgents,Token,CopyStr(NULL,ptr));
break;
case CT_SSLVERIFY_PATH:
if (stat(ptr,&Stat)==0)
{
if (S_ISDIR(Stat.st_mode)) LibUsefulSetValue("SSL_VERIFY_CERTDIR",ptr);
else if (S_ISREG(Stat.st_mode)) LibUsefulSetValue("SSL_VERIFY_CERTFILE",ptr);
}
else HandleError(ERR_PRINT|ERR_LOG|ERR_EXIT, "ERROR: Can't access SSL certificate verify data at '%s'",ptr);
break;
case CT_CLIENT_CERTIFICATION:
if (strcasecmp(ptr,"ask")==0) Settings.AuthFlags |= FLAG_AUTH_CERT_ASK;
if (strcasecmp(ptr,"required")==0) Settings.AuthFlags |= FLAG_AUTH_CERT_REQUIRED;
if (strcasecmp(ptr,"sufficient")==0) Settings.AuthFlags |= FLAG_AUTH_CERT_SUFFICIENT;
if (strcasecmp(ptr,"optional")==0) Settings.AuthFlags |= FLAG_AUTH_CERT_SUFFICIENT;
if (strcasecmp(ptr,"required+sufficient")==0) Settings.AuthFlags |= FLAG_AUTH_CERT_REQUIRED | FLAG_AUTH_CERT_SUFFICIENT;
break;
case CT_EVENT:
ParseEventConfig(ptr);
break;
case CT_FILE_CACHE_TIME:
Settings.DocumentCacheTime=strtol(ptr,NULL,10);
break;
case CT_SESSION_KEEPALIVE:
if (YesNoTrueFalse(ptr)) Settings.Flags |= FLAG_KEEPALIVES;
else Settings.Flags &= ~FLAG_KEEPALIVES;
break;
case CT_ACCESS_TOKEN_KEY:
Settings.AccessTokenKey=CopyStr(Settings.AccessTokenKey,ptr);
break;
case CT_TIMEZONE:
Settings.Timezone=CopyStr(Settings.Timezone,ptr);
break;
case CT_MAX_MEM:
Settings.AddressSpace=CopyStr(Settings.AddressSpace,ptr);
break;
case CT_MAX_STACK:
Settings.StackSize=CopyStr(Settings.StackSize,ptr);
break;
case CT_ACTIVITY_TIMEOUT:
Settings.ActivityTimeout=atoi(ptr);
break;
case CT_ARCHIVE_FORMATS:
Settings.PackFormats=ParsePackFormats(Settings.PackFormats, ptr);
break;
}
DestroyString(Token);
}
void VPathParse(ListNode *List, const char *PathType, const char *Data)
{
const char *PathTypes[]={"Files","Cgi","Websocket","Stream","Logout","Proxy","MimeIcons","FileType",NULL};
char *URL=NULL, *Path=NULL, *Tempstr=NULL;
char *User=NULL, *Group=NULL, *Password=NULL;
const char *ptr;
TPathItem *PI=NULL;
int Type, Flags=0;
unsigned int CacheTime=0;
Type=MatchTokenFromList(PathType,PathTypes,0);
if (Type > -1)
{
ptr=GetToken(Data,",",&Tempstr,0);
StripLeadingWhitespace(Tempstr);
if (*Tempstr !='/') URL=MCopyStr(URL,"/",Tempstr,NULL);
else URL=CopyStr(URL,Tempstr);
ptr=GetToken(ptr,",",&Tempstr,0);
while (ptr)
{
StripLeadingWhitespace(Tempstr);
if (strncasecmp(Tempstr,"cache=",6)==0) CacheTime=atoi(Tempstr+6);
else if (strncasecmp(Tempstr,"user="******"pass="******"passwd=",7)==0) Password=CopyStr(Password, Tempstr+7);
else if (strncasecmp(Tempstr,"password="******"group=",6)==0) Group=CopyStr(Group, Tempstr+6);
else if ( (strncasecmp(Tempstr,"exec=",5)==0) && YesNoTrueFalse(Tempstr+5)) Flags |= PATHITEM_EXEC;
else if ( (strncasecmp(Tempstr,"upload=",7)==0) && YesNoTrueFalse(Tempstr+7)) Flags |= PATHITEM_UPLOAD;
else if ( (strncasecmp(Tempstr,"uploads=",8)==0) && YesNoTrueFalse(Tempstr+8)) Flags |= PATHITEM_UPLOAD;
else if (strncasecmp(Tempstr,"compress=",9)==0)
{
if (YesNoTrueFalse(Tempstr+9)) Flags |= PATHITEM_COMPRESS;
else Flags |= PATHITEM_NO_COMPRESS;
}
else
{
if (StrLen(Path)) Path=MCatStr(Path, ":", Tempstr,NULL);
else Path=CopyStr(Path, Tempstr);
}
ptr=GetToken(ptr,",",&Tempstr,0);
}
PI=PathItemCreate(Type, URL, Path);
PI->Flags=Flags;
PI->CacheTime=CacheTime;
PI->User=CopyStr(PI->User, User);
PI->Password=CopyStr(PI->Password, Password);
PI->Group=CopyStr(PI->Group, Group);
switch (PI->Type)
{
case PATHTYPE_LOGOUT: Settings.Flags |= FLAG_LOGOUT_AVAILABLE; break;
case PATHTYPE_FILETYPE:
ptr=PI->URL;
if (*ptr=='/') ptr++;
PI->Path=CopyStr(PI->Path, ptr);
break;
}
ListAddNamedItem(List,PI->URL,PI);
}
else LogToFile(Settings.LogPath,"ERROR: Unknown Path type '%s' in Config File",Tempstr);
DestroyString(Tempstr);
DestroyString(Password);
DestroyString(Group);
DestroyString(User);
DestroyString(Path);
DestroyString(URL);
}
void CGIDisplayPage()
{
char *HashType=NULL, *Encoding=NULL, *LineEnding=NULL, *SegmentChar=NULL, *Text=NULL, *Hash=NULL, *Token=NULL, *OptionsFile=NULL;
const char *ptr;
HashratCtx *Ctx;
ListNode *Items;
int Flags, i, OutputLength=0, SegmentLength=0;
SegmentChar=CopyStr(SegmentChar, " ");
Items=ListCreate();
//We don't need to read anything from disk, so in case we're running
//as root, or something like that, let's try to chroot, so no weird attacks are possible
//shouldn't work, because we shouldn't be running as root
chdir("/var/empty");
chroot(".");
//Send HTTP Headers
printf("Content-type: text/html\r\n");
printf("Connection: close\r\n");
printf("Cache-control: private, max-age=0, no-cache\r\n");
printf("\r\n");
Flags=CGIParseArgs(getenv("QUERY_STRING"),"&","=",&HashType, &Encoding, &LineEnding, &Text, &OutputLength, &SegmentLength, &SegmentChar, &OptionsFile);
printf("<body><html><form>\r\n");
printf("<h2 align=center>Hashrat: Online hash calculator</h2>\r\n");
printf("<div align=center>Version: %s, Licence: GPLv3, Author: Colum Paget, BugReports: colums projects at gmail dot com</div><p/>\r\n",VERSION);
if (Flags & CGI_DOHASH)
{
Ctx=(HashratCtx *) calloc(1,sizeof(HashratCtx));
Ctx->HashType=CopyStr(Ctx->HashType,HashType);
Ctx->Encoding |=ENCODE_HEX;
i=MatchTokenFromList(Encoding, EncodingNames, 0);
if (i > -1) Ctx->Encoding=Encodings[i];
if (StrLen(LineEnding))
{
if (strcmp(LineEnding, "crlf")==0) Text=CatStr(Text,"\r\n");
if (strcmp(LineEnding, "lf")==0) Text=CatStr(Text,"\n");
if (strcmp(LineEnding, "cr")==0) Text=CatStr(Text,"\r");
}
ProcessData(&Hash, Ctx, Text, StrLen(Text));
Token=ReformatHash(Token, Hash, OutputLength, SegmentLength, SegmentChar[0]);
CGIDrawHashResult(Token);
}
printf("<table align=center bgcolor=#BBBBBB>\r\n");
printf("<tr>\r\n");
printf("<th colspan=2 bgcolor=blue><font color=white>New Hash</font></th>\r\n");
if (Flags & CGI_NOOPTIONS)
{
printf("<input type=hidden name=\"HashType\" value=\"%s\">\n",HashType);
printf("<input type=hidden name=\"Encoding\" value=\"%s\">\n",Encoding);
printf("<input type=hidden name=\"LineEnding\" value=\"%s\">\n",LineEnding);
printf("<input type=hidden name=\"OutputLength\" value=\"%d\">\n",OutputLength);
printf("<input type=hidden name=\"SegmentLength\" value=\"%d\">\n",SegmentLength);
if (StrLen(SegmentChar)) printf("<input type=hidden name=\"SegmentChar\" value=\"%s\">\n",SegmentChar);
printf("<input type=hidden name=\"NoOptions\" value=\"Y\">\n");
//if (StrLen(OptionsFile)) printf("<input type=hidden name=\"OptionsFile\" value=\"%d\">\n",OptionsFile);
}
else CGIDisplayOptions(HashType, Encoding, LineEnding, OutputLength);
printf("<tr>\r\n");
CGIDrawTextInput(Flags);
printf("</tr>\r\n");
printf("<tr><td colspan=4><input type=submit value=\"Hash it!\"></td></tr>\r\n");
printf("</table>\r\n");
printf("</form></html></body>\r\n");
fflush(NULL);
ListDestroy(Items, Destroy);
Destroy(LineEnding);
Destroy(OptionsFile);
Destroy(SegmentChar);
Destroy(Encoding);
Destroy(HashType);
Destroy(Token);
Destroy(Hash);
Destroy(Text);
}
//This function reads the first line of an HTTP Request, including the Method, URL, and cgi arguments
void HTTPServerParseCommand(HTTPSession *Session, STREAM *S, char *Command)
{
char *Token=NULL, *ptr, *tmp_ptr;
int val;
GetSockDetails(S->in_fd,&Session->ServerName,&Session->ServerPort,&Session->ClientIP,&val);
GetHostARP(Session->ClientIP, &Token, &Session->ClientMAC);
if ((Settings.Flags & FLAG_LOOKUP_CLIENT) && StrLen(Session->ClientIP)) Session->ClientHost=CopyStr(Session->ClientHost,IPStrToHostName(Session->ClientIP));
LogToFile(Settings.LogPath,"");
//Log first line of the response
Token=MCopyStr(Token, "NEW REQUEST: ",Session->ClientHost," (",Session->ClientIP,") ", Command, NULL);
if (Settings.Flags & FLAG_SSL)
{
Session->Cipher=CopyStr(Session->Cipher,STREAMGetValue(S,"SSL-Cipher"));
Token=MCatStr(Token," SSL-CIPHER=", Session->Cipher, NULL);
if (! HTTPServerCheckCertificate(Session,S)) exit(1);
//Set the Username to be the common name signed in the certificate. If it doesn't
//authenticate against a user then we can query for a username later
Session->UserName=CopyStr(Session->UserName,STREAMGetValue(Session->S,"SSL-Certificate-CommonName"));
if (Settings.AuthFlags & FLAG_AUTH_CERT_SUFFICIENT)
{
if (StrLen(Session->UserName)) Session->AuthFlags |= FLAG_AUTH_PRESENT;
}
}
LogToFile(Settings.LogPath, "%s", Token);
//Read Method (GET, POST, etc)
ptr=GetToken(Command,"\\S",&Session->Method,0);
Session->MethodID=MatchTokenFromList(Session->Method,HTTPMethods,0);
//Read URL
ptr=GetToken(ptr,"\\S",&Token,0);
//Read Protocol (HTTP1.0, HTTP1.1, etc)
ptr=GetToken(ptr,"\\S",&Session->Protocol,0);
if (! StrLen(Session->Protocol)) Session->Protocol=CopyStr(Session->Protocol,"HTTP/1.0");
tmp_ptr=Token;
//Clip out arguments from URL
tmp_ptr=strchr(Token,'?');
if (tmp_ptr)
{
*tmp_ptr='\0';
tmp_ptr++;
// Session->Arguments=HTTPUnQuote(Session->Arguments,tmp_ptr);
//Don't unquote arguments here, one of them might contain '&'
Session->Arguments=CopyStr(Session->Arguments,tmp_ptr);
}
//URL with arguments removed is the 'true' URL
Session->OriginalURL=CopyStr(Session->OriginalURL,Token);
if (StrLen(Session->OriginalURL)==0) Session->OriginalURL=CopyStr(Session->OriginalURL,"/");
if
(
(strncasecmp(Session->OriginalURL,"http:",5)==0) ||
(strncasecmp(Session->OriginalURL,"https:",6)==0)
)
{
if (Session->MethodID==METHOD_GET)
{
Session->Method=CopyStr(Session->Method,"RGET");
Session->MethodID=METHOD_RGET;
}
if (Session->MethodID==METHOD_POST)
{
Session->Method=CopyStr(Session->Method,"RPOST");
Session->MethodID=METHOD_RPOST;
}
}
DestroyString(Token);
}
int STREAMProcessConnectHops(STREAM *S, const char *HopList)
{
int val, result=FALSE;
char *Dest=NULL, *HopURL=NULL, *NextHop=NULL, *Token=NULL;
const char *ptr;
int count=0;
ptr=GetToken(HopList, "|", &HopURL,0);
//Note we check 'StrValid' not just whether ptr is null. This is because ptr will be an empty string
//for the last token, and we don't want to process th last token, which will be the 'actual' connection
while (StrValid(ptr))
{
ptr=GetToken(ptr, "|", &NextHop,0);
ParseConnectDetails(NextHop, NULL, &Dest, &Token, NULL, NULL, NULL);
Dest=MCatStr(Dest,":",Token,NULL);
GetToken(HopURL,":",&Token,0);
val=MatchTokenFromList(Token,HopTypes,0);
switch (val)
{
case CONNECT_HOP_TCP:
//this type assumes that connecting to a host and port instantly puts us through to the Destination.
//thus we do nothing with the Destination value, except maybe log it if connection fails
//It's a no-op unless it's the first item in the connection chain, as otherwise previous connections
//will have effectively processed this already
if (count > 0) result=TRUE;
else
{
if (STREAMDirectConnect(S, HopURL, 0)) result=TRUE;
else RaiseError(0, "ConnectHopTCP", "failed to connect to %s for destination %s", HopURL, Dest);
}
break;
case CONNECT_HOP_HTTPTUNNEL:
result=ConnectHopHTTPSProxy(S, HopURL, Dest);
break;
case CONNECT_HOP_SSH:
case CONNECT_HOP_SSHTUNNEL:
if (count==0) result=ConnectHopSSH(S, val, HopURL, Dest);
else
{
result=FALSE;
RaiseError(0, "ConnectHopSSH", "SSH connect hops must be first in hop chain. Connection failed to %s for destination %s", HopURL, Dest);
}
break;
case CONNECT_HOP_SOCKS4:
case CONNECT_HOP_SOCKS5:
result=ConnectHopSocks(S, val, HopURL, Dest);
break;
default:
RaiseError(0, "ConnectHop", "unknown connection proxy type %s", HopURL);
break;
}
S->State=SS_INITIAL_CONNECT_DONE;
count++;
HopURL=CopyStr(HopURL, NextHop);
}
if (StrValid(HopURL))
{
if (! StrLen(S->Path)) S->Path=CopyStr(S->Path,HopURL);
if (strncmp(HopURL,"ssl:",4)==0) DoSSLClientNegotiation(S,0);
}
DestroyString(HopURL);
DestroyString(NextHop);
DestroyString(Token);
DestroyString(Dest);
STREAMFlush(S);
return(result);
}
int libCryptoProcessorInit(TProcessingModule *ProcMod, const char *Args)
{
int result=FALSE;
#ifdef HAVE_LIBSSL
libCryptoProcessorData *Data;
EVP_CIPHER_CTX *ctx;
char *CipherList[]={"blowfish","rc2","rc4","rc5","des","desx","cast","idea","aes","aes-256",NULL};
int val;
char *Tempstr=NULL;
val=MatchTokenFromList(ProcMod->Name,CipherList,0);
if (val==-1) return(FALSE);
if (! libCryptoCipherAvailable(val)) return(FALSE);
Data=(libCryptoProcessorData *) calloc(1,sizeof(libCryptoProcessorData));
//Tempstr here holds the cipher name
InitialiseEncryptionComponents(Args, &Tempstr, &Data->InputVector, &Data->InputVectorLen, & Data->Key, &Data->KeyLen,&ProcMod->Flags);
if (StrLen(ProcMod->Name)==0) ProcMod->Name=CopyStr(ProcMod->Name,Tempstr);
switch(val)
{
/*
case CI_NONE:
Data->Cipher=EVP_enc_null();
break;
*/
case CI_BLOWFISH:
#ifdef HAVE_EVP_BF_CBC
Data->Cipher=EVP_bf_cbc();
#endif
break;
case CI_RC2:
#ifdef HAVE_EVP_RC2_CBC
Data->Cipher=EVP_rc2_cbc();
#endif
break;
case CI_RC4:
#ifdef HAVE_EVP_RC4_CBC
Data->Cipher=EVP_rc4();
#endif
break;
case CI_RC5:
#ifdef HAVE_EVP_RC5_32_12_16_CBC
//Data->Cipher=EVP_rc5_32_12_16_cbc();
#endif
break;
case CI_DES:
#ifdef HAVE_EVP_DES_CBC
Data->Cipher=EVP_des_cbc();
#endif
break;
case CI_DESX:
#ifdef HAVE_EVP_DESX_CBC
Data->Cipher=EVP_desx_cbc();
#endif
break;
case CI_CAST:
#ifdef HAVE_EVP_CAST5_CBC
Data->Cipher=EVP_cast5_cbc();
#endif
break;
case CI_IDEA:
#ifdef HAVE_EVP_IDEA_CBC
Data->Cipher=EVP_idea_cbc();
#endif
break;
case CI_AES:
#ifdef HAVE_EVP_AES_128_CBC
Data->Cipher=EVP_aes_128_cbc();
#endif
break;
case CI_AES_256:
#ifdef HAVE_EVP_AES_256_CBC
Data->Cipher=EVP_aes_256_cbc();
#endif
break;
}
if (Data->Cipher)
{
Data->enc_ctx=(EVP_CIPHER_CTX *) calloc(1,sizeof(EVP_CIPHER_CTX));
Data->dec_ctx=(EVP_CIPHER_CTX *) calloc(1,sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(Data->enc_ctx);
EVP_CIPHER_CTX_init(Data->dec_ctx);
Data->BlockSize=EVP_CIPHER_block_size(Data->Cipher);
EVP_EncryptInit_ex(Data->enc_ctx,Data->Cipher,NULL,Data->Key,Data->InputVector);
EVP_DecryptInit_ex(Data->dec_ctx,Data->Cipher,NULL,Data->Key,Data->InputVector);
if (ProcMod->Flags & DPM_NOPAD_DATA) EVP_CIPHER_CTX_set_padding(Data->enc_ctx,FALSE);
ProcMod->Data=Data;
result=TRUE;
DataProcessorSetValue(ProcMod,"Cipher",Tempstr);
Tempstr=FormatStr(Tempstr,"%d",Data->BlockSize);
DataProcessorSetValue(ProcMod,"BlockSize",Tempstr);
}
DestroyString(Tempstr);
#endif
return(result);
}
int STREAMProcessConnectHop(STREAM *S, char *HopURL, int LastHop)
{
int val, result=FALSE;
char *Token=NULL, *Token2=NULL;
char *Tempstr=NULL;
char *User=NULL, *Host=NULL,*Pass=NULL, *KeyFile=NULL;
int Port=0;
ParseConnectDetails(HopURL, &Token, &Host, &Token2, &User, &Pass, NULL);
Port=atoi(Token2);
val=MatchTokenFromList(Token,HopTypes,0);
switch (val)
{
case CONNECT_HOP_TCP:
if (S->in_fd==-1)
{
S->in_fd=ConnectToHost(Host,Port,0);
S->out_fd=S->in_fd;
if (S->in_fd > -1) result=TRUE;
}
break;
case CONNECT_HOP_HTTPTUNNEL:
result=DoHTTPProxyTunnel(S, Host, Port, S->Path, 0);
break;
case CONNECT_HOP_SSH:
case CONNECT_HOP_SSHTUNNEL:
result=ConnectHopSSH(S, val, Host, Port, User, Pass, S->Path);
break;
case CONNECT_HOP_SOCKS4:
result=ConnectHopSocks(S, val, Host, Port, User, Pass, S->Path);
break;
case CONNECT_HOP_SHELL_CMD:
break;
case CONNECT_HOP_TELNET:
if (Port > 0)
{
Tempstr=FormatStr(Tempstr,"telnet -8 %s %d ",Host, Port);
}
else Tempstr=FormatStr(Tempstr,"telnet -8 %s ",Host);
if (S->in_fd==-1)
{
PseudoTTYSpawn(& S->in_fd,Tempstr,0);
S->out_fd=S->in_fd;
if (S->in_fd > -1)
{
result=TRUE;
STREAMSetFlushType(S,FLUSH_LINE,0,0);
}
}
else
{
Tempstr=CatStr(Tempstr,";exit\n");
STREAMWriteLine(Tempstr,S);
result=TRUE;
}
if (StrLen(User) > 0)
{
Tempstr=MCopyStr(Tempstr,User,"\n",NULL);
STREAMExpectAndReply(S,"ogin:",Tempstr);
}
if (StrLen(Pass) > 0)
{
Tempstr=MCopyStr(Tempstr,Pass,"\n",NULL);
STREAMExpectAndReply(S,"assword:",Tempstr);
}
STREAMExpectSilence(S,2);
break;
}
DestroyString(Tempstr);
DestroyString(Token);
DestroyString(KeyFile);
DestroyString(Host);
DestroyString(User);
DestroyString(Pass);
STREAMFlush(S);
return(result);
}
int AuthenticateExamineMethods(char *Methods, int LogErrors)
{
char *ptr, *Token=NULL;
int MethodsFound=0, val;
LogToFile(Settings.LogPath,"CONSIDER AUTH METHODS: %s",Methods);
ptr=GetToken(Methods,",",&Token,0);
while (ptr)
{
StripTrailingWhitespace(Token);
StripLeadingWhitespace(Token);
val=MatchTokenFromList(Token,AuthMethods,0);
switch (val)
{
case -1:
if (LogErrors) LogToFile(Settings.LogPath,"WARNING: unknown authentication method '%s'",Token);
break;
case AUTHTOK_NONE:
case AUTHTOK_OPEN:
MethodsFound |= AUTH_OPEN;
break;
case AUTHTOK_DENY:
MethodsFound |= AUTH_DENY;
break;
case AUTHTOK_NATIVE:
MethodsFound |= AUTH_NATIVE;
break;
case AUTHTOK_PAM:
MethodsFound |= AUTH_PAM;
break;
case AUTHTOK_PASSWD:
MethodsFound |= AUTH_PASSWD;
break;
case AUTHTOK_SHADOW:
MethodsFound |= AUTH_SHADOW;
break;
case AUTHTOK_DIGEST:
MethodsFound |= AUTH_DIGEST;
break;
case AUTHTOK_ACCESSTOKEN:
MethodsFound |= AUTH_ACCESSTOKEN;
break;
case AUTHTOK_ACCESSTOKEN_HTTP:
break;
}
ptr=GetToken(ptr,",",&Token,0);
}
if (LogErrors)
{
if ((Settings.AuthFlags & FLAG_AUTH_REQUIRED) && (MethodsFound == 0))
{
LogToFile(Settings.LogPath,"WARNING: NO AUTHENTICATION SYSTEM CONFIGURED, but not set to run as an 'open' system");
}
else if ((MethodsFound & AUTH_OPEN) && (MethodsFound != AUTH_OPEN))
{
LogToFile(Settings.LogPath,"WARNING: 'open' authentication is enabled along with other authentication types. 'open' authentication means no authentication, so other auth types will be disabled.");
}
else if ( (MethodsFound & AUTH_DIGEST) && (((MethodsFound & ~(AUTH_DIGEST | AUTH_ACCESSTOKEN)) !=0) ) )
{
LogToFile(Settings.LogPath,"WARNING: 'digest' authentication is enabled along with other authentication types. Digest authentication requires plain-text passwords in the *native* alaya authentication file, and cannot authenticate against /etc/passwd, /etc/shadow or PAM. Most clients will use digest in preference to 'basic' authentication. Thus including 'digest' will thus disable other authentication types.");
}
}
DestroyString(Token);
return(MethodsFound);
}
