json_t* OBSAPIMessageHandler::HandleGetAuthRequired(OBSAPIMessageHandler* handler, json_t* message)
{
json_t* ret = GetOkResponse();
json_object_set_new(ret, "authRequired", json_boolean(getRemoteConfig()->useAuth));
if(getRemoteConfig()->useAuth)
{
json_object_set_new(ret, "challenge", json_string(handler->challenge.c_str()));
json_object_set_new(ret, "salt", json_string(getRemoteConfig()->authSalt.c_str()));
}
return ret;
}
OBSAPIMessageHandler::OBSAPIMessageHandler(struct libwebsocket *ws):wsi(ws), mapInitialized(FALSE)
{
if(!mapInitialized)
{
initializeMessageMap();
}
authenticated = false;
challenge = getRemoteConfig()->getChallenge();
}
json_t* OBSAPIMessageHandler::HandleAuthenticate(OBSAPIMessageHandler* handler, json_t* message)
{
json_t* auth = json_object_get(message, "auth");
if(auth == NULL || !json_is_string(auth))
{
return GetErrorResponse("auth not specified!");
}
bool authCheck = getRemoteConfig()->checkChallengeAuth(json_string_value(auth), handler->challenge.c_str());
if(authCheck && failedAuthAttempts < OBS_REMOTE_MAX_FAILED_AUTH_ATTEMPTS)
{
json_t* ret = GetOkResponse();
handler->authenticated = true;
failedAuthAttempts = 0;
return ret;
}
else
{
failedAuthAttempts++;
json_t* ret = NULL;
if(failedAuthAttempts >= OBS_REMOTE_MAX_FAILED_AUTH_ATTEMPTS)
{
ret = GetErrorResponse("OBS Remote Locked: Maximum failed authentication attempts reached. Please Restart OBS to Unlock.");
}
else
{
char buf[64];
_snprintf(buf, 64, "Authentication Failed. Attempts Remaining: %d", OBS_REMOTE_MAX_FAILED_AUTH_ATTEMPTS - failedAuthAttempts);
ret = GetErrorResponse(buf);
}
return ret;
}
}
INT_PTR CALLBACK ConfigDialogProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
static bool edited = false;
switch(message)
{
case WM_INITDIALOG:
{
Config* _config = getRemoteConfig();
HWND checkBox = GetDlgItem(hwnd, ID_USEPASSWORDAUTH);
SendMessage(checkBox, BM_SETCHECK,
(_config->useAuth)?BST_CHECKED:BST_UNCHECKED, 0);
HWND editBox = GetDlgItem(hwnd, IDC_AUTH_EDIT);
EnableWindow(editBox, _config->useAuth);
SetWindowText(editBox, DEFAULT_PASS_TEXT);
HWND okButton = GetDlgItem(hwnd, IDOK);
EnableWindow(okButton, false);
edited = false;
}
case WM_COMMAND:
switch(LOWORD(wParam))
{
case IDOK:
{
TCHAR buff[1024];
HWND editBox = GetDlgItem(hwnd, IDC_AUTH_EDIT);
GetWindowText(editBox, buff, 1024);
HWND checkBox = GetDlgItem(hwnd, ID_USEPASSWORDAUTH);
bool useAuth = SendMessage(checkBox, BM_GETCHECK, 0, 0) == BST_CHECKED;
Config* _config = getRemoteConfig();
if(!useAuth || edited)
{
size_t wcharLen = slen(buff);
size_t curLength = (UINT)wchar_to_utf8_len(buff, wcharLen, 0);
char *utf8Pass = (char *) malloc((curLength+1));
wchar_to_utf8(buff,wcharLen, utf8Pass, curLength + 1, 0);
utf8Pass[curLength] = 0;
Config* _config = getRemoteConfig();
_config->setAuth(useAuth, utf8Pass);
_config->save(getPluginConfigPath());
free(utf8Pass);
}
edited = false;
EndDialog(hwnd, LOWORD(wParam));
}
break;
case IDCANCEL:
EndDialog(hwnd, LOWORD(wParam));
break;
case ID_USEPASSWORDAUTH:
{
if(HIWORD(wParam) == BN_CLICKED)
{
bool useAuth = SendMessage((HWND)lParam, BM_GETCHECK, 0, 0) == BST_CHECKED;
HWND editBox = GetDlgItem(hwnd, IDC_AUTH_EDIT);
EnableWindow(editBox, useAuth);
HWND okButton = GetDlgItem(hwnd, IDOK);
EnableWindow(okButton, (edited && useAuth) || (!useAuth && useAuth != getRemoteConfig()->useAuth));
}
}
break;
case IDC_AUTH_EDIT:
{
if(HIWORD(wParam) == EN_CHANGE)
{
if(!edited)
{
edited = true;
HWND okButton = GetDlgItem(hwnd, IDOK);
EnableWindow(okButton, true);
}
}
break;
}
}
break;
case WM_CLOSE:
EndDialog(hwnd, IDCANCEL);
break;
}
return 0;
};
int
callback_obsapi(struct libwebsocket_context *context,
struct libwebsocket *wsi,
enum libwebsocket_callback_reasons reason,
void *user, void *in, size_t len)
{
int n;
OBSAPIMessageHandler **userp = (OBSAPIMessageHandler**)user;
OBSAPIMessageHandler *messageHandler = *(userp);
switch (reason) {
case LWS_CALLBACK_ESTABLISHED:
fprintf(stderr, "callback_obsapi: "
"LWS_CALLBACK_ESTABLISHED\n");
/* initiate handler */
*userp = new OBSAPIMessageHandler(wsi);
break;
case LWS_CALLBACK_SERVER_WRITEABLE:
if(!messageHandler->messagesToSend.empty())
{
json_t *message = messageHandler->messagesToSend.front();
messageHandler->messagesToSend.pop_front();
char *messageText = json_dumps(message, 0);
if(messageText != NULL)
{
int sendLength = strlen(messageText);
/* copy json text into memory buffer properly framed for libwebsockets */
char* messageBuf = (char*) malloc(LWS_SEND_BUFFER_PRE_PADDING + sendLength + LWS_SEND_BUFFER_POST_PADDING);
memcpy(messageBuf + LWS_SEND_BUFFER_PRE_PADDING, messageText, sendLength);
n = libwebsocket_write(wsi, (unsigned char *)
messageBuf + LWS_SEND_BUFFER_PRE_PADDING,
sendLength, LWS_WRITE_TEXT);
if (n < 0) {
fprintf(stderr, "ERROR writing to socket");
}
free(messageBuf);
}
free((void *)messageText);
json_decref(message);
libwebsocket_callback_on_writable(context, wsi);
}
break;
case LWS_CALLBACK_BROADCAST:
/* should get called with update messages */
if(!getRemoteConfig()->useAuth || messageHandler->authenticated)
{
n = libwebsocket_write(wsi,(unsigned char *) in, len, LWS_WRITE_TEXT);
if (n < 0)
fprintf(stderr, "update write failed\n");
}
break;
case LWS_CALLBACK_RECEIVE:
if(messageHandler->HandleReceivedMessage(in, len))
{
libwebsocket_callback_on_writable(context, wsi);
}
break;
case LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION:
/* you could return non-zero here and kill the connection */
break;
case LWS_CALLBACK_CLOSED:
/* free user data */
delete(*userp);
break;
default:
break;
}
return 0;
}
bool OBSAPIMessageHandler::HandleReceivedMessage(void *in, size_t len)
{
json_error_t err;
json_t* message = json_loads((char *) in, JSON_DISABLE_EOF_CHECK, &err);
if(message == NULL)
{
/* failed to parse the message */
return false;
}
json_t* type = json_object_get(message, "request-type");
json_t* id = json_object_get(message, "message-id");
if(!json_is_string(type))
{
this->messagesToSend.push_back(GetErrorResponse("message type not specified", id));
json_decref(message);
return true;
}
const char* requestType = json_string_value(type);
MessageFunction messageFunc = messageMap[requestType];
json_t* ret = NULL;
if(messageFunc != NULL)
{
if(!getRemoteConfig()->useAuth ||
this->authenticated ||
messagesNotRequiringAuth.find(requestType) != messagesNotRequiringAuth.end())
{
ret = messageFunc(this, message);
}
else
{
ret = GetErrorResponse("Not Authenticated", id);
}
}
else
{
this->messagesToSend.push_back(GetErrorResponse("message type not recognized", id));
json_decref(message);
return true;
}
if(ret != NULL)
{
if(json_is_string(id))
{
json_object_set(ret, "message-id", id);
}
json_decref(message);
this->messagesToSend.push_back(ret);
return true;
}
else
{
this->messagesToSend.push_back(GetErrorResponse("no response given", id));
json_decref(message);
return true;
}
return false;
}
int main(int argc, char *argv[])
{
// Program variables...
int tempInt = 0;
char buffer[LINE_SIZE];
int sizeRead = 0;
char temporaryFileName[64] = "";
FILE *tempFileHandle = 0;
FILE *inputFileHandle = 0;
struct debugAbbrev *debugAbPointer = 0;
struct johnPassword *johnPointer = 0;
// Nipper Configuration...
struct nipperConfig *nipper = createNipperConfig();
// Get the command-line options...
getCommandOptions(argc, argv, nipper);
// Show on-line help?
if (nipper->nipperMode == mode_help)
showHelp(argc, argv, nipper);
// Show version?
else if (nipper->nipperMode == mode_version)
printf("%s\n\n", program_version_banner);
// ----------------------------------------------------
// PART 2: Process Configuration File
else if (nipper->nipperMode == mode_process)
{
// Get SNMP if it has been specified...
#if !defined(__WIN32__)
if ((nipper->remoteIP[0] != 0) && (nipper->localIP[0] != 0) && (nipper->inputName == 0))
getRemoteConfig(nipper, temporaryFileName, sizeof(temporaryFileName), argv[nipper->localSave]+13);
// Get stdin if input has not been specified...
else if (nipper->inputName == 0)
#else
if (nipper->inputName == 0)
#endif
{
// Init...
signal(14, stdinTimeout);
inputFileHandle = stdin;
// Read stdin...
while (feof(inputFileHandle) == 0)
{
// Read...
memset(buffer, 0, LINE_SIZE);
#if !defined(__WIN32__)
alarm(2);
#endif
sizeRead = fread(buffer, 1, LINE_SIZE, inputFileHandle);
#if !defined(__WIN32__)
alarm(0);
#endif
// Write to file...
if (tempFileHandle == 0)
{
sprintf(temporaryFileName, "%sdelete-me-%d", tmpDir, rand());
tempFileHandle = fopen(temporaryFileName, "w");
fwrite(buffer, 1, sizeRead, tempFileHandle);
}
else
fwrite(buffer, 1, sizeRead, tempFileHandle);
}
fclose(tempFileHandle);
nipper->inputName = temporaryFileName;
}
// Debug Output?
if ((nipper->debugMode == true) && (nipper->nipperMode == mode_process))
{
printf("%s\n", program_banner);
printf("\n%sCommand Line Options\n====================%s\nCommand:", COL_BLUE, RESET);
for (tempInt = 0; tempInt < argc; tempInt++)
{
printf(" %s", argv[tempInt]);
}
printf("\n\n");
}
// Process input file(s)/stdin/snmp...
if (nipper->nipperMode == mode_process)
{
if (processInput(nipper) == true)
{
// Check that version has been identified for relevent configs...
nipper->nipperMode = mode_process;
if (nipper->force == false)
{
switch (nipper->deviceType)
{
case type_ios_switch:
case type_ios_router:
case type_ios_catalyst:
if (nipper->versionMajor == 0)
{
nipper->nipperMode = mode_help;
nipper->helpMode = help_error_wrong_type;
}
break;
case type_nmp_catalyst:
case type_cos_catalyst:
if (nipper->versionMajor == 0)
{
nipper->nipperMode = mode_help;
nipper->helpMode = help_error_wrong_type;
}
break;
case type_pix_firewall:
case type_asa_firewall:
case type_fwsm_firewall:
if (nipper->versionMajor == 0)
{
nipper->nipperMode = mode_help;
nipper->helpMode = help_error_wrong_type;
}
break;
case type_css_filter:
if (nipper->versionMajor == 0)
{
nipper->nipperMode = mode_help;
nipper->helpMode = help_error_wrong_type;
}
break;
case type_sos_firewall:
case type_sonicwall:
if (nipper->hostname[0] == 0)
{
nipper->nipperMode = mode_help;
nipper->helpMode = help_error_wrong_type;
}
break;
case type_passport:
case type_bayaccelar:
if (nipper->pas->boxType[0] == 0)
{
nipper->nipperMode = mode_help;
nipper->helpMode = help_error_wrong_type;
}
break;
}
}
}
}
if (nipper->nipperMode == mode_help)
{
showHelp(argc, argv, nipper);
cleanup(nipper);
return 1;
}
// ----------------------------------------------------
// PART 3: Report Pre-parsing
// Default Settings...
processDefaults(nipper);
// Convert Names to IP Addresses...
if (nipper->names == true)
processNameMappings(nipper);
// ----------------------------------------------------
// PART 4: Reporting
// Output debug information?
if (nipper->debugMode == true)
{
switch (nipper->deviceType)
{
case type_ios_router:
case type_ios_switch:
case type_ios_catalyst:
reportIOSDebug(nipper);
break;
case type_pix_firewall:
case type_asa_firewall:
case type_fwsm_firewall:
reportPIXDebug(nipper);
break;
case type_nmp_catalyst:
case type_cos_catalyst:
reportNMPDebug(nipper);
break;
case type_css_filter:
reportCSSDebug(nipper);
break;
case type_sos_firewall:
reportSOSDebug(nipper);
break;
case type_passport:
case type_bayaccelar:
reportPASDebug(nipper);
break;
case type_fw1_firewall:
case type_nokiaip:
reportFW1Debug(nipper);
break;
case type_sonicwall:
reportSonicOSDebug(nipper);
break;
}
}
// Output report & john (if specified)
else
{
// Output john?
if ((nipper->johnFile != 0) && (nipper->john != 0))
{
// Variables
FILE *johnFile;
// Create file
johnFile = fopen(nipper->johnFile, "w");
if (johnFile == NULL)
{
nipper->nipperMode = mode_help;
nipper->helpMode = help_error_john_file;
}
else
{
// Write file contents
johnPointer = nipper->john;
while (johnPointer != 0)
{
fprintf(johnFile, "%s:%s\n", johnPointer->username, johnPointer->password);
johnPointer = johnPointer->next;
}
// Close file
fclose(johnFile);
}
}
if (nipper->nipperMode == mode_help)
{
showHelp(argc, argv, nipper);
cleanup(nipper);
return 1;
}
// Generate the report
switch (nipper->deviceType)
{
case type_ios_router:
case type_ios_switch:
case type_ios_catalyst:
generateIOSReport(nipper);
break;
case type_pix_firewall:
case type_asa_firewall:
case type_fwsm_firewall:
generatePIXReport(nipper);
break;
case type_cos_catalyst:
case type_nmp_catalyst:
generateNMPReport(nipper);
break;
case type_css_filter:
generateCSSReport(nipper);
break;
case type_sos_firewall:
generateSOSReport(nipper);
break;
case type_passport:
case type_bayaccelar:
generatePASReport(nipper);
break;
case type_fw1_firewall:
case type_nokiaip:
generateFW1Report(nipper);
break;
case type_sonicwall:
generateSonicOSReport(nipper);
break;
}
if (nipper->nipperMode == mode_help)
{
showHelp(argc, argv, nipper);
cleanup(nipper);
return 1;
}
// Output Debug Abbreviations
if (nipper->debugAbbrev == true)
{
printf("\n%sUnknown Abbreviations\n=====================%s\n", COL_BLUE, RESET);
debugAbPointer = debugAb;
while (debugAbPointer != 0)
{
printf(" %s (%d)\n", debugAbPointer->ab, debugAbPointer->count);
debugAbPointer = debugAbPointer->next;
}
}
}
// ----------------------------------------------------
// PART 5: Cleanup
// Stdin temporary file...
if (temporaryFileName[0] != 0)
{
unlink(temporaryFileName);
}
}
cleanup(nipper);
return 0;
}
