void http_send_request(const fdns_result *res) {
http_struct *newconn;
log_event(6, "HTTP -> Sending request to %s for IP %s", res->zone->name, res->ip);
newconn = (http_struct *) calloc(1, sizeof(http_struct));
strncpy(newconn->ip, res->ip, sizeof(newconn->ip));
strncpy(newconn->nick, res->nick, sizeof(newconn->nick));
newconn->zone = res->zone;
if (res->requested)
newconn->requested = res->requested;
/* Queue connection. */
newconn->state = STATE_UNESTABLISHED;
/* Add struct to list of connections. */
http_conn_add(newconn);
/* If we have available FD's, override queue. */
if (FD_USE < CONF_FDLIMIT)
http_establish(newconn);
else
log_event(6, "HTTP -> File Descriptor limit (%d) reached, queuing request for IP %s on %s", CONF_FDLIMIT, res->ip, res->zone->name);
}
static grub_err_t
http_open (struct grub_file *file, const char *filename)
{
grub_err_t err;
struct http_data *data;
data = grub_zalloc (sizeof (*data));
if (!data)
return grub_errno;
file->size = GRUB_FILE_SIZE_UNKNOWN;
data->filename = grub_strdup (filename);
if (!data->filename)
{
grub_free (data);
return grub_errno;
}
file->not_easily_seekable = 0;
file->data = data;
err = http_establish (file, 0, 1);
if (err)
{
grub_free (data->filename);
grub_free (data);
return err;
}
return GRUB_ERR_NONE;
}
static grub_err_t
http_seek (struct grub_file *file, grub_off_t off)
{
struct http_data *old_data, *data;
grub_err_t err;
old_data = file->data;
/* FIXME: Reuse socket? */
grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT);
old_data->sock = 0;
while (file->device->net->packs.first)
{
grub_netbuff_free (file->device->net->packs.first->nb);
grub_net_remove_packet (file->device->net->packs.first);
}
file->device->net->stall = 0;
file->device->net->offset = off;
data = grub_zalloc (sizeof (*data));
if (!data)
return grub_errno;
data->size_recv = 1;
data->filename = old_data->filename;
if (!data->filename)
{
grub_free (data);
file->data = 0;
return grub_errno;
}
grub_free (old_data);
file->data = data;
err = http_establish (file, off, 0);
if (err)
{
grub_free (data->filename);
grub_free (data);
file->data = 0;
return err;
}
return GRUB_ERR_NONE;
}
void http_timer() {
http_struct *conn, *next;
time_t present;
time(&present);
for (conn = HTTPREQUESTS; conn; ) {
if (conn->state == STATE_UNESTABLISHED) {
if (FD_USE < CONF_FDLIMIT) {
http_establish(conn);
log_event(6, "HTTP -> File descriptor free, continuing queued request for IP %s", conn->ip);
}
else {
conn = conn->next;
/* Continue to avoid timeout checks on an unestablished connection. */
continue;
}
}
if ((conn->state == STATE_CLOSED) || (conn->state == STATE_POSITIVE) ||
((present - conn->create_time) >= CONF_TIMEOUT)) {
next = conn->next;
http_conn_del(conn);
conn = next;
continue;
}
conn = conn->next;
}
}
static void http_request_parse(http_struct *conn) {
char *err, *ptr;
char token[32];
long int port = 0;
int found = 0;
switch (conn->zone->idx) {
case 0:
ptr = strstr(conn->response, "<td class=\"protohead\">Protocol</td>");
if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 48)) {
log_snoop("Error parsing OPM http reply for IP %s: data not found", conn->ip);
return;
}
ptr += 48;
while (1) {
ptr = str_tokenize(ptr, token, sizeof(token), '<');
if ((ptr == NULL) || (token[0] == '\0')) {
log_snoop("Error parsing OPM http reply for IP %s: port not found", conn->ip);
return;
}
if (!strcasecmp(token, "Evidence")) {
if (found == 0) {
if (conn->requested == 1)
log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick);
else
log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip);
}
return;
}
port = strtol(token, &err, 10);
if ((port <= 0) || (port > 65535) || (*err != '\0')) {
log_snoop("Error parsing OPM http reply for IP %s: invalid port (%s)", conn->ip, token);
return;
}
if ((conn->bytes_read - (ptr - conn->response)) < 8) {
log_snoop("Error parsing OPM http reply for IP %s: invalid protocol data", conn->ip);
return;
}
ptr = str_tokenize(ptr + 8, token, sizeof(token), '<');
if ((ptr == NULL) || (token[0] == '\0')) {
log_snoop("Error parsing OPM http reply for IP %s: protocol not found", conn->ip);
return;
}
if ((conn->bytes_read - (ptr - conn->response)) < 17) {
log_snoop("Error parsing OPM http reply for IP %s: invalid end data", conn->ip);
return;
}
ptr += 17;
found += scan_http_result(conn, port, token);
}
break;
case 1: { /* DSBL */
http_struct *newconn;
size_t len;
ptr = strstr(conn->response, "<h1>DSBL: Message Detail</h1>");
if (IS_NOT_NULL(ptr)) {
char protocol[32];
memset(protocol, 0, sizeof(protocol));
ptr = strstr(conn->response, "<b>Transport:</b>");
if (IS_NOT_NULL(ptr)) {
ptr = str_tokenize(ptr + 18, protocol, sizeof(protocol), '\n');
if ((ptr == NULL) || (protocol[0] == '\0')) {
log_snoop("Error parsing DSBL http reply for IP %s: invalid transport (%s)", conn->ip, protocol);
return;
}
}
ptr = strstr(conn->response, "<b>Input Port:</b>");
if (IS_NOT_NULL(ptr)) {
ptr = str_tokenize(ptr + 19, token, sizeof(token), '\n');
if ((ptr == NULL) || (token[0] == '\0')) {
log_snoop("Error parsing DSBL http reply for IP %s: invalid port (%s)", conn->ip, token);
return;
}
port = strtol(token, &err, 10);
if ((port < 0) || (port > 65535) || (*err != '\0')) {
log_snoop("Error parsing DSBL http reply for IP %s: invalid port (%s)", conn->ip, token);
return;
}
}
if ((port == 0) || (protocol[0] == '\0')) {
ptr = strstr(conn->response, "Port ");
if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 30)) {
log_snoop("Error parsing DSBL http reply for IP %s: invalid data", conn->ip);
return;
}
ptr = str_tokenize(ptr + 5, token, sizeof(token), ',');
if ((ptr == NULL) || (token[0] == '\0')) {
log_snoop("Error parsing DSBL http reply for IP %s: port not found", conn->ip);
return;
}
port = strtol(token, &err, 10);
if ((port < 0) || (port > 65535) || (*err != '\0')) {
log_snoop("Error parsing DSBL http reply for IP %s: invalid port (%s)", conn->ip, token);
return;
}
ptr = str_tokenize(ptr + 1, protocol, sizeof(protocol), ',');
if ((ptr == NULL) || (protocol[0] == '\0')) {
log_snoop("Error parsing DSBL http reply for IP %s: protocol not found", conn->ip);
return;
}
}
log_snoop("Discovered Port: \2%i\2",port);
if (port == 21)
{
log_snoop("Found anonymous FTP server, skip check");
return;
}
log_snoop("I'm checking for open proxies");
if ((!scan_http_result(conn, port, protocol)) && (!scan_http_result(conn, port, "SOCKS")) && (!scan_http_result( conn, port, "HTTPPOST")) && (!scan_http_result( conn, port, "HTTP"))) {
if (conn->requested == 1)
log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick);
else
log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip);
}
return;
}
ptr = strstr(conn->response, "<h2>Messages from this host</h2>");
if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 10)) {
log_snoop("Error parsing DSBL http reply for IP %s: data not found", conn->ip);
return;
}
ptr += 32;
while (1) {
ptr = strstr(ptr, "UTC");
if (IS_NULL(ptr))
break;
if ((conn->bytes_read - (ptr - conn->response)) < 50) {
log_snoop("Error parsing DSBL http reply for IP %s: invalid message", conn->ip);
return;
}
ptr = str_tokenize(ptr + 13, token, sizeof(token), '"');
if ((ptr == NULL) || (token[0] == '\0')) {
log_snoop("Error parsing DSBL http reply for IP %s: message url not found", conn->ip);
return;
}
/* Message parsed and written into 'token'. Continue, as we want the last one. */
}
log_event(6, "HTTP -> Sending request to %s for IP %s", conn->zone->name, conn->ip);
newconn = (http_struct *) calloc(1, sizeof(http_struct));
strncpy(newconn->ip, conn->ip, sizeof(newconn->ip));
len = strlen(token);
newconn->url = malloc(len + 2);
newconn->url[0] = '/';
memcpy(newconn->url + 1, token, len);
newconn->url[len + 1] = '\0';
strncpy(newconn->nick, conn->nick, sizeof(newconn->nick));
newconn->zone = conn->zone;
if (conn->requested)
newconn->requested = conn->requested;
/* Queue connection. */
newconn->state = STATE_UNESTABLISHED;
/* Add struct to list of connections. */
http_conn_add(newconn);
/* If we have available FD's, override queue. */
if (FD_USE < CONF_FDLIMIT)
http_establish(newconn);
else
log_event(6, "HTTP -> File Descriptor limit (%d) reached, queuing request for IP %s on %s", CONF_FDLIMIT, conn->ip, conn->zone->name);
break;
}
case 2: { /* SORBS */
char *endtag, *protocol;
int skip;
ptr = conn->response;
while (1) {
ptr = strstr(ptr, "Address and Port:");
if (IS_NULL(ptr)) {
if (found == 0) {
if (conn->requested == 1)
log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick);
else
log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip);
}
return;
}
if ((conn->bytes_read - (ptr - conn->response)) < 46) {
log_snoop("Error parsing SORBS http reply for IP %s: invalid data", conn->ip);
return;
}
ptr = str_tokenize(ptr + 30 + strlen(conn->ip), token, sizeof(token), '<');
if (IS_NULL(ptr) || (token[0] == '\0')) {
log_snoop("Error parsing SORBS http reply for IP %s: port not found", conn->ip);
return;
}
port = strtol(token, &err, 10);
if ((port < 0) || (port > 65535) || (*err != '\0')) {
log_snoop("Error parsing SORBS http reply for IP %s: invalid port (%s)", conn->ip, token);
return;
}
endtag = strstr(ptr, "<!--/#result-->");
protocol = strstr(ptr, "Confirmed open ");
skip = 15;
if (IS_NULL(protocol) || (protocol > endtag)) {
protocol = strstr(ptr, "Unconfirmed misc ");
skip = 17;
}
if (IS_NULL(protocol) || (protocol > endtag)) {
protocol = strstr(ptr, "[Dynablock]");
if (IS_NOT_NULL(protocol) && (protocol < endtag)) {
ptr = endtag;
continue;
}
}
if (IS_NULL(protocol) || (protocol > endtag)) {
log_snoop("Error parsing SORBS http reply for IP %s: protocol not found", conn->ip);
return;
}
protocol += skip;
if (str_equals_partial(protocol, "SOCKS v4", 8) ||
str_equals_partial(protocol, "socks4", 6))
found += scan_http_result(conn, port, "SOCKS4");
else if (str_equals_partial(protocol, "SOCKS v5", 8) ||
str_equals_partial(protocol, "socks5", 6))
found += scan_http_result(conn, port, "SOCKS5");
else if (str_equals_partial(protocol, "HTTP CONNECT", 12) ||
str_equals_partial(protocol, "http-connect", 12) ||
str_equals_partial(protocol, "wingate proxy", 13) ||
str_equals_partial(protocol, "open proxy", 10))
found += scan_http_result(conn, port, "HTTP");
else
log_snoop("Error parsing SORBS http reply for IP %s: unknown protocol", conn->ip);
ptr = endtag;
}
}
case 3: { /* NJABL */
char *protocol;
size_t ipLen;
ptr = strstr(conn->response, "<pre>");
if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 17)) {
log_snoop("Error parsing NJABL http reply for IP %s: data not found", conn->ip);
return;
}
ptr += 17;
ipLen = strlen(conn->ip);
while (1) {
if (str_not_equals_partial(ptr + 3, conn->ip, ipLen)) {
log_snoop("Error parsing NJABL http reply for IP %s: IP mismatch", conn->ip);
return;
}
ptr += (3 + ipLen + 5);
protocol = NULL;
switch (ptr[0]) {
case 'h':
switch (ptr[1]) {
case 'c': protocol = "HTTP"; break;
case 'u': protocol = "HTTP PUT"; break;
case 'o': protocol = "HTTPPOST"; break;
}
break;
case 's':
switch (ptr[1]) {
case '4': protocol = "SOCKS4"; break;
case '5': protocol = "SOCKS5"; break;
}
break;
case 'w':
if (ptr[1] == 'g')
protocol = "WINGATE";
break;
}
if (IS_NOT_NULL(protocol)) {
ptr = str_tokenize(ptr + 3, token, sizeof(token), ':');
if ((ptr == NULL) || (token[0] == '\0')) {
log_snoop("Error parsing NJABL http reply for IP %s: port not found", conn->ip);
return;
}
port = strtol(token, &err, 10);
if ((port <= 0) || (port > 65535) || (*err != '\0')) {
log_snoop("Error parsing NJABL http reply for IP %s: invalid port (%s)", conn->ip, token);
return;
}
found += scan_http_result(conn, port, protocol);
}
ptr = strstr(ptr, " open");
if (IS_NULL(ptr)) {
log_snoop("Error parsing NJABL http reply for IP %s: EOF not found", conn->ip);
return;
}
if (str_equals_partial(ptr + 6, "<BR>", 4)) {
if (found == 0) {
if (conn->requested == 1)
log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick);
else
log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip);
}
return;
}
ptr += 6;
}
break;
}
}
}
