void HandleClient() { TSession *Session; char *Tempstr=NULL; int i; Session=(TSession *) calloc(1,sizeof(TSession)); Session->Shell=CopyStr(Session->Shell,Settings.DefaultShell); Session->S=STREAMFromDualFD(0,1); STREAMSetTimeout(Session->S,0); GetSockDetails(0, &Session->ServerIP, &i, &Session->ClientIP, &i); GetClientHardwareAddress(Session); Session->ClientHost=CopyStr(Session->ClientHost,IPStrToHostName(Session->ClientIP)); openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH); if (StrLen(Session->ClientMAC)) syslog(Settings.InfoLogLevel,"connection from: %s (%s / %s)", Session->ClientHost, Session->ClientIP, Session->ClientMAC); else syslog(Settings.InfoLogLevel,"connection from: %s (%s)", Session->ClientHost, Session->ClientIP); if (! CheckClientPermissions(Session)) Session->Flags |= FLAG_DENYAUTH; chdir(Settings.ChDir); if (StrLen(Settings.ChDir)==0) chdir(Settings.ChDir); if (Settings.Flags & FLAG_CHROOT) chroot("."); TelnetSendNegotiation(Session->S, TELNET_WONT, TELNET_LINEMODE); TelnetSendNegotiation(Session->S, TELNET_WILL, TELNET_NOGOAHEAD); //TelnetSendNegotiation(Session->S, TELNET_DONT, TELNET_LINEMODE); TelnetSendNegotiation(Session->S, TELNET_WILL, TELNET_ECHO); if (StrLen(Settings.Banner)) { Tempstr=SessionSubstituteVars(Tempstr,Settings.Banner,Session); STREAMWriteLine(Tempstr,Session->S); STREAMWriteLine("\r\n",Session->S); } if (strcmp(Settings.AuthMethods,"open")==0) Session->Flags |= FLAG_AUTHENTICATED; else { for (i=0; i < Settings.AuthTries; i++) { if (Login(Session)) break; printf("\r\nLogin incorrect\r\n"); fflush(NULL); if (! (Settings.Flags & FLAG_DENYAUTH)){ openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH); syslog(Settings.ErrorLogLevel,"%s@%s login failed: tries used %d/%d",Session->User,Session->ClientIP,i,Settings.AuthTries); } sleep(Settings.AuthDelay); } } if (Session->Flags & FLAG_AUTHENTICATED) { syslog(Settings.InfoLogLevel,"%s@%s logged in after %d tries",Session->User,Session->ClientIP,i); RunTelnetSession(Session); } else syslog(Settings.ErrorLogLevel,"login from %s failed after %d tries",Session->ClientIP,i); DestroyString(Tempstr); free(Session); _exit(0); }
//This function reads the first line of an HTTP Request, including the Method, URL, and cgi arguments void HTTPServerParseCommand(HTTPSession *Session, STREAM *S, char *Command) { char *Token=NULL, *ptr, *tmp_ptr; int val; GetSockDetails(S->in_fd,&Session->ServerName,&Session->ServerPort,&Session->ClientIP,&val); GetHostARP(Session->ClientIP, &Token, &Session->ClientMAC); if ((Settings.Flags & FLAG_LOOKUP_CLIENT) && StrLen(Session->ClientIP)) Session->ClientHost=CopyStr(Session->ClientHost,IPStrToHostName(Session->ClientIP)); LogToFile(Settings.LogPath,""); //Log first line of the response Token=MCopyStr(Token, "NEW REQUEST: ",Session->ClientHost," (",Session->ClientIP,") ", Command, NULL); if (Settings.Flags & FLAG_SSL) { Session->Cipher=CopyStr(Session->Cipher,STREAMGetValue(S,"SSL-Cipher")); Token=MCatStr(Token," SSL-CIPHER=", Session->Cipher, NULL); if (! HTTPServerCheckCertificate(Session,S)) exit(1); //Set the Username to be the common name signed in the certificate. If it doesn't //authenticate against a user then we can query for a username later Session->UserName=CopyStr(Session->UserName,STREAMGetValue(Session->S,"SSL-Certificate-CommonName")); if (Settings.AuthFlags & FLAG_AUTH_CERT_SUFFICIENT) { if (StrLen(Session->UserName)) Session->AuthFlags |= FLAG_AUTH_PRESENT; } } LogToFile(Settings.LogPath, "%s", Token); //Read Method (GET, POST, etc) ptr=GetToken(Command,"\\S",&Session->Method,0); Session->MethodID=MatchTokenFromList(Session->Method,HTTPMethods,0); //Read URL ptr=GetToken(ptr,"\\S",&Token,0); //Read Protocol (HTTP1.0, HTTP1.1, etc) ptr=GetToken(ptr,"\\S",&Session->Protocol,0); if (! StrLen(Session->Protocol)) Session->Protocol=CopyStr(Session->Protocol,"HTTP/1.0"); tmp_ptr=Token; //Clip out arguments from URL tmp_ptr=strchr(Token,'?'); if (tmp_ptr) { *tmp_ptr='\0'; tmp_ptr++; // Session->Arguments=HTTPUnQuote(Session->Arguments,tmp_ptr); //Don't unquote arguments here, one of them might contain '&' Session->Arguments=CopyStr(Session->Arguments,tmp_ptr); } //URL with arguments removed is the 'true' URL Session->OriginalURL=CopyStr(Session->OriginalURL,Token); if (StrLen(Session->OriginalURL)==0) Session->OriginalURL=CopyStr(Session->OriginalURL,"/"); if ( (strncasecmp(Session->OriginalURL,"http:",5)==0) || (strncasecmp(Session->OriginalURL,"https:",6)==0) ) { if (Session->MethodID==METHOD_GET) { Session->Method=CopyStr(Session->Method,"RGET"); Session->MethodID=METHOD_RGET; } if (Session->MethodID==METHOD_POST) { Session->Method=CopyStr(Session->Method,"RPOST"); Session->MethodID=METHOD_RPOST; } } DestroyString(Token); }