void http_send_request(const fdns_result *res) { http_struct *newconn; log_event(6, "HTTP -> Sending request to %s for IP %s", res->zone->name, res->ip); newconn = (http_struct *) calloc(1, sizeof(http_struct)); strncpy(newconn->ip, res->ip, sizeof(newconn->ip)); strncpy(newconn->nick, res->nick, sizeof(newconn->nick)); newconn->zone = res->zone; if (res->requested) newconn->requested = res->requested; /* Queue connection. */ newconn->state = STATE_UNESTABLISHED; /* Add struct to list of connections. */ http_conn_add(newconn); /* If we have available FD's, override queue. */ if (FD_USE < CONF_FDLIMIT) http_establish(newconn); else log_event(6, "HTTP -> File Descriptor limit (%d) reached, queuing request for IP %s on %s", CONF_FDLIMIT, res->ip, res->zone->name); }
static grub_err_t http_open (struct grub_file *file, const char *filename) { grub_err_t err; struct http_data *data; data = grub_zalloc (sizeof (*data)); if (!data) return grub_errno; file->size = GRUB_FILE_SIZE_UNKNOWN; data->filename = grub_strdup (filename); if (!data->filename) { grub_free (data); return grub_errno; } file->not_easily_seekable = 0; file->data = data; err = http_establish (file, 0, 1); if (err) { grub_free (data->filename); grub_free (data); return err; } return GRUB_ERR_NONE; }
static grub_err_t http_seek (struct grub_file *file, grub_off_t off) { struct http_data *old_data, *data; grub_err_t err; old_data = file->data; /* FIXME: Reuse socket? */ grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT); old_data->sock = 0; while (file->device->net->packs.first) { grub_netbuff_free (file->device->net->packs.first->nb); grub_net_remove_packet (file->device->net->packs.first); } file->device->net->stall = 0; file->device->net->offset = off; data = grub_zalloc (sizeof (*data)); if (!data) return grub_errno; data->size_recv = 1; data->filename = old_data->filename; if (!data->filename) { grub_free (data); file->data = 0; return grub_errno; } grub_free (old_data); file->data = data; err = http_establish (file, off, 0); if (err) { grub_free (data->filename); grub_free (data); file->data = 0; return err; } return GRUB_ERR_NONE; }
void http_timer() { http_struct *conn, *next; time_t present; time(&present); for (conn = HTTPREQUESTS; conn; ) { if (conn->state == STATE_UNESTABLISHED) { if (FD_USE < CONF_FDLIMIT) { http_establish(conn); log_event(6, "HTTP -> File descriptor free, continuing queued request for IP %s", conn->ip); } else { conn = conn->next; /* Continue to avoid timeout checks on an unestablished connection. */ continue; } } if ((conn->state == STATE_CLOSED) || (conn->state == STATE_POSITIVE) || ((present - conn->create_time) >= CONF_TIMEOUT)) { next = conn->next; http_conn_del(conn); conn = next; continue; } conn = conn->next; } }
static void http_request_parse(http_struct *conn) { char *err, *ptr; char token[32]; long int port = 0; int found = 0; switch (conn->zone->idx) { case 0: ptr = strstr(conn->response, "<td class=\"protohead\">Protocol</td>"); if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 48)) { log_snoop("Error parsing OPM http reply for IP %s: data not found", conn->ip); return; } ptr += 48; while (1) { ptr = str_tokenize(ptr, token, sizeof(token), '<'); if ((ptr == NULL) || (token[0] == '\0')) { log_snoop("Error parsing OPM http reply for IP %s: port not found", conn->ip); return; } if (!strcasecmp(token, "Evidence")) { if (found == 0) { if (conn->requested == 1) log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick); else log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip); } return; } port = strtol(token, &err, 10); if ((port <= 0) || (port > 65535) || (*err != '\0')) { log_snoop("Error parsing OPM http reply for IP %s: invalid port (%s)", conn->ip, token); return; } if ((conn->bytes_read - (ptr - conn->response)) < 8) { log_snoop("Error parsing OPM http reply for IP %s: invalid protocol data", conn->ip); return; } ptr = str_tokenize(ptr + 8, token, sizeof(token), '<'); if ((ptr == NULL) || (token[0] == '\0')) { log_snoop("Error parsing OPM http reply for IP %s: protocol not found", conn->ip); return; } if ((conn->bytes_read - (ptr - conn->response)) < 17) { log_snoop("Error parsing OPM http reply for IP %s: invalid end data", conn->ip); return; } ptr += 17; found += scan_http_result(conn, port, token); } break; case 1: { /* DSBL */ http_struct *newconn; size_t len; ptr = strstr(conn->response, "<h1>DSBL: Message Detail</h1>"); if (IS_NOT_NULL(ptr)) { char protocol[32]; memset(protocol, 0, sizeof(protocol)); ptr = strstr(conn->response, "<b>Transport:</b>"); if (IS_NOT_NULL(ptr)) { ptr = str_tokenize(ptr + 18, protocol, sizeof(protocol), '\n'); if ((ptr == NULL) || (protocol[0] == '\0')) { log_snoop("Error parsing DSBL http reply for IP %s: invalid transport (%s)", conn->ip, protocol); return; } } ptr = strstr(conn->response, "<b>Input Port:</b>"); if (IS_NOT_NULL(ptr)) { ptr = str_tokenize(ptr + 19, token, sizeof(token), '\n'); if ((ptr == NULL) || (token[0] == '\0')) { log_snoop("Error parsing DSBL http reply for IP %s: invalid port (%s)", conn->ip, token); return; } port = strtol(token, &err, 10); if ((port < 0) || (port > 65535) || (*err != '\0')) { log_snoop("Error parsing DSBL http reply for IP %s: invalid port (%s)", conn->ip, token); return; } } if ((port == 0) || (protocol[0] == '\0')) { ptr = strstr(conn->response, "Port "); if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 30)) { log_snoop("Error parsing DSBL http reply for IP %s: invalid data", conn->ip); return; } ptr = str_tokenize(ptr + 5, token, sizeof(token), ','); if ((ptr == NULL) || (token[0] == '\0')) { log_snoop("Error parsing DSBL http reply for IP %s: port not found", conn->ip); return; } port = strtol(token, &err, 10); if ((port < 0) || (port > 65535) || (*err != '\0')) { log_snoop("Error parsing DSBL http reply for IP %s: invalid port (%s)", conn->ip, token); return; } ptr = str_tokenize(ptr + 1, protocol, sizeof(protocol), ','); if ((ptr == NULL) || (protocol[0] == '\0')) { log_snoop("Error parsing DSBL http reply for IP %s: protocol not found", conn->ip); return; } } log_snoop("Discovered Port: \2%i\2",port); if (port == 21) { log_snoop("Found anonymous FTP server, skip check"); return; } log_snoop("I'm checking for open proxies"); if ((!scan_http_result(conn, port, protocol)) && (!scan_http_result(conn, port, "SOCKS")) && (!scan_http_result( conn, port, "HTTPPOST")) && (!scan_http_result( conn, port, "HTTP"))) { if (conn->requested == 1) log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick); else log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip); } return; } ptr = strstr(conn->response, "<h2>Messages from this host</h2>"); if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 10)) { log_snoop("Error parsing DSBL http reply for IP %s: data not found", conn->ip); return; } ptr += 32; while (1) { ptr = strstr(ptr, "UTC"); if (IS_NULL(ptr)) break; if ((conn->bytes_read - (ptr - conn->response)) < 50) { log_snoop("Error parsing DSBL http reply for IP %s: invalid message", conn->ip); return; } ptr = str_tokenize(ptr + 13, token, sizeof(token), '"'); if ((ptr == NULL) || (token[0] == '\0')) { log_snoop("Error parsing DSBL http reply for IP %s: message url not found", conn->ip); return; } /* Message parsed and written into 'token'. Continue, as we want the last one. */ } log_event(6, "HTTP -> Sending request to %s for IP %s", conn->zone->name, conn->ip); newconn = (http_struct *) calloc(1, sizeof(http_struct)); strncpy(newconn->ip, conn->ip, sizeof(newconn->ip)); len = strlen(token); newconn->url = malloc(len + 2); newconn->url[0] = '/'; memcpy(newconn->url + 1, token, len); newconn->url[len + 1] = '\0'; strncpy(newconn->nick, conn->nick, sizeof(newconn->nick)); newconn->zone = conn->zone; if (conn->requested) newconn->requested = conn->requested; /* Queue connection. */ newconn->state = STATE_UNESTABLISHED; /* Add struct to list of connections. */ http_conn_add(newconn); /* If we have available FD's, override queue. */ if (FD_USE < CONF_FDLIMIT) http_establish(newconn); else log_event(6, "HTTP -> File Descriptor limit (%d) reached, queuing request for IP %s on %s", CONF_FDLIMIT, conn->ip, conn->zone->name); break; } case 2: { /* SORBS */ char *endtag, *protocol; int skip; ptr = conn->response; while (1) { ptr = strstr(ptr, "Address and Port:"); if (IS_NULL(ptr)) { if (found == 0) { if (conn->requested == 1) log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick); else log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip); } return; } if ((conn->bytes_read - (ptr - conn->response)) < 46) { log_snoop("Error parsing SORBS http reply for IP %s: invalid data", conn->ip); return; } ptr = str_tokenize(ptr + 30 + strlen(conn->ip), token, sizeof(token), '<'); if (IS_NULL(ptr) || (token[0] == '\0')) { log_snoop("Error parsing SORBS http reply for IP %s: port not found", conn->ip); return; } port = strtol(token, &err, 10); if ((port < 0) || (port > 65535) || (*err != '\0')) { log_snoop("Error parsing SORBS http reply for IP %s: invalid port (%s)", conn->ip, token); return; } endtag = strstr(ptr, "<!--/#result-->"); protocol = strstr(ptr, "Confirmed open "); skip = 15; if (IS_NULL(protocol) || (protocol > endtag)) { protocol = strstr(ptr, "Unconfirmed misc "); skip = 17; } if (IS_NULL(protocol) || (protocol > endtag)) { protocol = strstr(ptr, "[Dynablock]"); if (IS_NOT_NULL(protocol) && (protocol < endtag)) { ptr = endtag; continue; } } if (IS_NULL(protocol) || (protocol > endtag)) { log_snoop("Error parsing SORBS http reply for IP %s: protocol not found", conn->ip); return; } protocol += skip; if (str_equals_partial(protocol, "SOCKS v4", 8) || str_equals_partial(protocol, "socks4", 6)) found += scan_http_result(conn, port, "SOCKS4"); else if (str_equals_partial(protocol, "SOCKS v5", 8) || str_equals_partial(protocol, "socks5", 6)) found += scan_http_result(conn, port, "SOCKS5"); else if (str_equals_partial(protocol, "HTTP CONNECT", 12) || str_equals_partial(protocol, "http-connect", 12) || str_equals_partial(protocol, "wingate proxy", 13) || str_equals_partial(protocol, "open proxy", 10)) found += scan_http_result(conn, port, "HTTP"); else log_snoop("Error parsing SORBS http reply for IP %s: unknown protocol", conn->ip); ptr = endtag; } } case 3: { /* NJABL */ char *protocol; size_t ipLen; ptr = strstr(conn->response, "<pre>"); if ((ptr == NULL) || ((conn->bytes_read - (ptr - conn->response)) < 17)) { log_snoop("Error parsing NJABL http reply for IP %s: data not found", conn->ip); return; } ptr += 17; ipLen = strlen(conn->ip); while (1) { if (str_not_equals_partial(ptr + 3, conn->ip, ipLen)) { log_snoop("Error parsing NJABL http reply for IP %s: IP mismatch", conn->ip); return; } ptr += (3 + ipLen + 5); protocol = NULL; switch (ptr[0]) { case 'h': switch (ptr[1]) { case 'c': protocol = "HTTP"; break; case 'u': protocol = "HTTP PUT"; break; case 'o': protocol = "HTTPPOST"; break; } break; case 's': switch (ptr[1]) { case '4': protocol = "SOCKS4"; break; case '5': protocol = "SOCKS5"; break; } break; case 'w': if (ptr[1] == 'g') protocol = "WINGATE"; break; } if (IS_NOT_NULL(protocol)) { ptr = str_tokenize(ptr + 3, token, sizeof(token), ':'); if ((ptr == NULL) || (token[0] == '\0')) { log_snoop("Error parsing NJABL http reply for IP %s: port not found", conn->ip); return; } port = strtol(token, &err, 10); if ((port <= 0) || (port > 65535) || (*err != '\0')) { log_snoop("Error parsing NJABL http reply for IP %s: invalid port (%s)", conn->ip, token); return; } found += scan_http_result(conn, port, protocol); } ptr = strstr(ptr, " open"); if (IS_NULL(ptr)) { log_snoop("Error parsing NJABL http reply for IP %s: EOF not found", conn->ip); return; } if (str_equals_partial(ptr + 6, "<BR>", 4)) { if (found == 0) { if (conn->requested == 1) log_snoop("[%s] IP \2%s\2 is positive on known ports only [Details: http://%s%s%s ] [Requested by %s]", conn->zone->name, conn->ip, conn->zone->host, conn->zone->url, conn->ip, conn->nick); else log_snoop("[%s] IP \2%s\2 used by \2%s\2 is positive on known ports only [Details: http://%s%s%s ]", conn->zone->name, conn->ip, conn->nick, conn->zone->host, conn->zone->url, conn->ip); } return; } ptr += 6; } break; } } }