STREAM *STREAMOpenFile(const char *FilePath, int Flags) { int fd, Mode=FALSE; STREAM *Stream; struct stat myStat; Mode = Flags & ~(O_LOCK|O_TRUNC); if (strcmp(FilePath,"-")==0) { Stream=STREAMFromDualFD(0,1); Stream->Path=CopyStr(Stream->Path,FilePath); return(Stream); } fd=open(FilePath, Mode, 0600); if (fd==-1) return(NULL); if (Flags & O_LOCK) { if (flock(fd,LOCK_EX | LOCK_NB)==-1) { close(fd); return(NULL); } } // check for symlink naughtyness. Basically a malicious user can // try to guess the name of the file we are going to open in order // to get us to write somewhere other than intended. if (lstat(FilePath, &myStat) !=0) { close(fd); return(NULL); } if (S_ISLNK(myStat.st_mode)) { syslog(LOG_USER | LOG_WARNING, "STREAMOpenFile Opened symlink when trying to open %s. Possible DOS attack?",FilePath); close(fd); return(NULL); } if (Flags & O_TRUNC) ftruncate(fd,0); Stream=STREAMFromFD(fd); Stream->Path=CopyStr(Stream->Path,FilePath); STREAMSetTimeout(Stream,0); STREAMSetFlushType(Stream,FLUSH_FULL,0); return(Stream); }
int OAuthListen(OAUTH *Ctx, int Port, const char *URL, int Flags) { int netfd, result; STREAM *S; char *Tempstr=NULL; fd_set fds; FD_ZERO(&fds); if (Port > 0) { netfd=IPServerInit(SOCK_STREAM, "127.0.0.1", Port); if (netfd==-1) return(FALSE); } FD_SET(netfd, &fds); if (Flags & OAUTH_STDIN) FD_SET(0, &fds); result=select(netfd+1, &fds, NULL, NULL, NULL); if (result > 0) { if (FD_ISSET(netfd, &fds)) OAuthConnectBack(Ctx, netfd); else if (FD_ISSET(0, &fds)) { S=STREAMFromFD(0); STREAMSetTimeout(S,0); Tempstr=STREAMReadLine(Tempstr, S); if ( (strncmp(Tempstr, "http:", 5)==0) || (strncmp(Tempstr, "https:", 6)==0) ) OAuthParseReply(Ctx, "application/x-www-form-urlencoded", Tempstr); else { StripTrailingWhitespace(Tempstr); Ctx->VerifyCode=HTTPQuote(Ctx->VerifyCode, Tempstr); SetVar(Ctx->Vars, "code", Ctx->VerifyCode); } STREAMDestroy(S); } OAuthFinalize(Ctx, URL); } DestroyString(Tempstr); close(netfd); return(TRUE); }
void *MatchesLoad(int Flags) { char *Line=NULL, *Tempstr=NULL, *Type=NULL, *ptr; TFingerprint *FP; STREAM *S; int count=0; S=STREAMFromFD(0); STREAMSetTimeout(S,100); Line=STREAMReadLine(Line,S); if (! StrValid(Line)) return(NULL); if (strncasecmp(Line,"<?xml ",6)==0) { //xml document. Must be an OpenIOC fileq while (Line) { StripTrailingWhitespace(Line); Tempstr=CatStr(Tempstr,Line); Line=STREAMReadLine(Line,S); } count=LoadFromIOC(Tempstr,Flags); } else { while (Line) { StripTrailingWhitespace(Line); FP=TFingerprintParse(Line); if (MatchAdd(FP, "", Flags)) count++; Line=STREAMReadLine(Line, S); } } if (Flags & FLAG_MEMCACHED) printf("Stored %d hashes in memcached server\n", count); DestroyString(Tempstr); DestroyString(Line); DestroyString(Type); return(Tree); }
int ConnectHopSSH(STREAM *S,int Type, char *Host, int Port, char *User, char *Pass, char *NextHop) { char *Tempstr=NULL, *KeyFile=NULL, *Token=NULL, *Token2=NULL; STREAM *AuthS; int result=FALSE, val; unsigned int TunnelPort=0; if (Type==CONNECT_HOP_SSHTUNNEL) { TunnelPort=(rand() % (0xFFFF - 9000)) +9000; //Host will be Token, and port Token2 ParseConnectDetails(NextHop, NULL, &Token, &Token2, NULL, NULL, NULL); Tempstr=FormatStr(Tempstr,"ssh -2 -N %s@%s -L %d:%s:%s ",User,Host,TunnelPort,Token,Token2); } else Tempstr=MCopyStr(Tempstr,"ssh -2 -T ",User,"@",Host, " ", NULL ); if (strncmp(Pass,"keyfile:",8)==0) { if (S->in_fd != -1) { Token=FormatStr(Token,".%d-%d",getpid(),time(NULL)); SendPublicKeyToRemote(S,Token,Pass+8); KeyFile=CopyStr(KeyFile,Token); } Tempstr=MCatStr(Tempstr,"-i ",KeyFile," ",NULL); } if (Port > 0) { Token=FormatStr(Token," -p %d ",Port); Tempstr=CatStr(Tempstr,Token); } if (Type==CONNECT_HOP_SSHTUNNEL) { Tempstr=CatStr(Tempstr, " 2> /dev/null"); AuthS=STREAMSpawnCommand(Tempstr,COMMS_BY_PTY); STREAMSetValue(S,"HelperPID:SSH",STREAMGetValue(AuthS,"PeerPID")); } else if (S->in_fd==-1) { Tempstr=CatStr(Tempstr, " 2> /dev/null"); PseudoTTYSpawn(&S->in_fd,Tempstr,0); S->out_fd=S->in_fd; if (S->in_fd > -1) { result=TRUE; STREAMSetFlushType(S,FLUSH_LINE,0,0); } AuthS=S; } else { if (StrLen(KeyFile)) Tempstr=MCatStr(Tempstr," ; rm -f ",KeyFile,NULL); Tempstr=CatStr(Tempstr,"; exit\n"); STREAMWriteLine(Tempstr,S); result=TRUE; AuthS=S; } if ((StrLen(KeyFile)==0) && (StrLen(Pass) > 0)) { Token=MCopyStr(Token,Pass,"\n",NULL); for (val=0; val < 3; val++) { if (STREAMExpectAndReply(AuthS,"assword:",Token)) break; } } STREAMSetTimeout(AuthS,100); //STREAMExpectSilence(AuthS); sleep(3); if (Type==CONNECT_HOP_SSHTUNNEL) { S->in_fd=ConnectToHost("127.0.0.1",TunnelPort,0); S->out_fd=S->in_fd; if (S->in_fd > -1) result=TRUE; } DestroyString(Tempstr); DestroyString(KeyFile); DestroyString(Token2); DestroyString(Token); return(result); }
int STREAMProcessConnectHop(STREAM *S, char *HopURL, int LastHop) { int val, result=FALSE; char *Token=NULL, *Token2=NULL, *ptr; char *Tempstr=NULL; char *User=NULL, *Host=NULL,*Pass=NULL, *KeyFile=NULL; int Port=0; ParseConnectDetails(HopURL, &Token, &Host, &Token2, &User, &Pass, NULL); Port=atoi(Token2); val=MatchTokenFromList(Token,HopTypes,0); switch (val) { case CONNECT_HOP_TCP: if (S->in_fd==-1) { S->in_fd=ConnectToHost(Host,Port,0); S->out_fd=S->in_fd; if (S->in_fd > -1) result=TRUE; } break; case CONNECT_HOP_HTTP_PROXY: result=DoHTTPProxyTunnel(S, Host, Port, 0); break; case CONNECT_HOP_SSH: case CONNECT_HOP_SSHTUNNEL: result=ConnectHopSSH(S, val, Host, Port, User, Pass, S->Path); break; case CONNECT_HOP_SHELL_CMD: break; case CONNECT_HOP_TELNET: if (Port > 0) { Tempstr=FormatStr(Tempstr,"telnet -8 %s %d ",Host, Port); } else Tempstr=FormatStr(Tempstr,"telnet -8 %s ",Host); if (S->in_fd==-1) { PseudoTTYSpawn(& S->in_fd,Tempstr,0); S->out_fd=S->in_fd; if (S->in_fd > -1) { result=TRUE; STREAMSetFlushType(S,FLUSH_LINE,0); } } else { Tempstr=CatStr(Tempstr,";exit\n"); STREAMWriteLine(Tempstr,S); result=TRUE; } if (StrLen(User) > 0) { Tempstr=MCopyStr(Tempstr,User,"\n",NULL); STREAMExpectAndReply(S,"ogin:",Tempstr); } if (StrLen(Pass) > 0) { Tempstr=MCopyStr(Tempstr,Pass,"\n",NULL); STREAMExpectAndReply(S,"assword:",Tempstr); } STREAMSetTimeout(S,2); STREAMExpectSilence(S); break; } DestroyString(Tempstr); DestroyString(Token); DestroyString(KeyFile); DestroyString(Host); DestroyString(User); DestroyString(Pass); STREAMSetTimeout(S,30); STREAMFlush(S); return(result); }
main(int argc, char *argv[]) { ListNode *Curr, *Next; int OverrideType=TYPE_NONE; char *Tempstr=NULL; int result; //HTTPSetFlags(HTTP_NOCOMPRESS); StdIn=STREAMFromFD(0); STREAMSetTimeout(StdIn,0); ParseEnvironmentVariables(); DownloadQueue=ListCreate(); Tempstr=MCopyStr(Tempstr,"Movgrab ",Version,NULL); HTTPSetUserAgent(Tempstr); FormatPreference=CopyStr(FormatPreference,"mp4,flv,webm,m4v,mov,mpg,mpeg,wmv,avi,3gp,reference,mp3,m4a,wma,m3u8,m3u8-stream"); AddOutputFile("", TRUE); ParseCommandLine(argc, argv, DownloadQueue, &OverrideType); CheckSettings(); if (StrLen(Proxy)) { if (! SetGlobalConnectionChain(Proxy)) { printf("ERROR: Failed to set proxy settings to '%s'\n",Proxy); exit(1); } } if (Flags & FLAG_PRINT_USAGE) PrintUsage(); else if (Flags & FLAG_PRINT_VERSION) PrintVersion(); else if (! (Flags & FLAG_STDIN)) { if (ListSize(DownloadQueue)==0) PrintUsage(); } while (1) { if ((Flags & FLAG_STDIN) && (ListSize(DownloadQueue)==0) ) { Tempstr=STREAMReadLine(Tempstr,StdIn); StripTrailingWhitespace(Tempstr); ListAddItem(DownloadQueue,CopyStr(NULL,Tempstr)); } Curr=ListGetNext(DownloadQueue); while (Curr) { if (Flags & FLAG_TEST_SITES) { fprintf(stderr,"Checking %-20s ",Curr->Tag); fflush(NULL); } result=GrabMovie((char *) Curr->Item,OverrideType); Next=ListGetNext(Curr); //must do this after grab movie //incase more items added while grabbing if (Flags & FLAG_TEST_SITES) { if (result) fprintf(stderr," okay\n"); else fprintf(stderr," BROKEN\n"); } ListDeleteNode(Curr); Curr=Next; } if (Flags & FLAG_TEST_SITES) break; if (! (Flags & FLAG_STDIN)) break; } }
int Login(TSession *Session) { char *Tempstr=NULL; int result, RetVal=FALSE; time_t Duration, Start, Now, LastActivity; Session->User=CopyStr(Session->User,NULL); Session->Password=CopyStr(Session->Password,NULL); alarm(60); //Clear out any crap Tempstr=SetStrLen(Tempstr,4096); result=TelnetReadBytes(Session->S, Tempstr, 4096, TNRB_ECHO | TNRB_NOPTY | TNRB_NONBLOCK); while (StrLen(Session->User)==0) { time(&LastActivity); if (Settings.IdleTimeout > 0) STREAMSetTimeout(Session->S, Settings.IdleTimeout); if (Settings.Flags & FLAG_CHALLENGE) { Session->Challenge=GenerateSalt(Session->Challenge, 24); Tempstr=MCopyStr(Tempstr, "Challenge/Response String: ", Session->Challenge, "\r\n", NULL); STREAMWriteLine(Tempstr, Session->S); } STREAMWriteLine("login: "******"Password: "******"\r\n",Session->S); if ((Settings.Flags & FLAG_LOCALONLY) && (! StrLen(Session->ClientMAC))) { syslog(Settings.ErrorLogLevel,"%s@%s NOT LOCAL. Denying Login.",Session->User,Session->ClientIP); } else if (Settings.Flags & FLAG_HONEYPOT){ //Original syslog(Settings.ErrorLogLevel,"%s@%s login denied (honeypot mode): user=%s pass=%s",Session->User,Session->ClientIP,Session->User,Session->Password); //Eric Wedaa added the following line to log to the LongTail honeypot consolidation server openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH); syslog(Settings.ErrorLogLevel,"IP: %s TelnetLog: Username: %s Password: %s",Session->ClientIP,Session->User,Session->Password); alarm(60); } else if ( (! (Session->Flags & FLAG_DENYAUTH)) && (Authenticate(Session)) ) RetVal=TRUE; //Now that we've used the password, blank it from memory! result=StrLen(Session->Password); if (result > 0) memset(Session->Password,0,result); DestroyString(Tempstr); //STREAMDisassociateFromFD(S); return(RetVal); }
void HandleClient() { TSession *Session; char *Tempstr=NULL; int i; Session=(TSession *) calloc(1,sizeof(TSession)); Session->Shell=CopyStr(Session->Shell,Settings.DefaultShell); Session->S=STREAMFromDualFD(0,1); STREAMSetTimeout(Session->S,0); GetSockDetails(0, &Session->ServerIP, &i, &Session->ClientIP, &i); GetClientHardwareAddress(Session); Session->ClientHost=CopyStr(Session->ClientHost,IPStrToHostName(Session->ClientIP)); openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH); if (StrLen(Session->ClientMAC)) syslog(Settings.InfoLogLevel,"connection from: %s (%s / %s)", Session->ClientHost, Session->ClientIP, Session->ClientMAC); else syslog(Settings.InfoLogLevel,"connection from: %s (%s)", Session->ClientHost, Session->ClientIP); if (! CheckClientPermissions(Session)) Session->Flags |= FLAG_DENYAUTH; chdir(Settings.ChDir); if (StrLen(Settings.ChDir)==0) chdir(Settings.ChDir); if (Settings.Flags & FLAG_CHROOT) chroot("."); TelnetSendNegotiation(Session->S, TELNET_WONT, TELNET_LINEMODE); TelnetSendNegotiation(Session->S, TELNET_WILL, TELNET_NOGOAHEAD); //TelnetSendNegotiation(Session->S, TELNET_DONT, TELNET_LINEMODE); TelnetSendNegotiation(Session->S, TELNET_WILL, TELNET_ECHO); if (StrLen(Settings.Banner)) { Tempstr=SessionSubstituteVars(Tempstr,Settings.Banner,Session); STREAMWriteLine(Tempstr,Session->S); STREAMWriteLine("\r\n",Session->S); } if (strcmp(Settings.AuthMethods,"open")==0) Session->Flags |= FLAG_AUTHENTICATED; else { for (i=0; i < Settings.AuthTries; i++) { if (Login(Session)) break; printf("\r\nLogin incorrect\r\n"); fflush(NULL); if (! (Settings.Flags & FLAG_DENYAUTH)){ openlog("ptelnetd",LOG_PID|LOG_NDELAY,LOG_AUTH); syslog(Settings.ErrorLogLevel,"%s@%s login failed: tries used %d/%d",Session->User,Session->ClientIP,i,Settings.AuthTries); } sleep(Settings.AuthDelay); } } if (Session->Flags & FLAG_AUTHENTICATED) { syslog(Settings.InfoLogLevel,"%s@%s logged in after %d tries",Session->User,Session->ClientIP,i); RunTelnetSession(Session); } else syslog(Settings.ErrorLogLevel,"login from %s failed after %d tries",Session->ClientIP,i); DestroyString(Tempstr); free(Session); _exit(0); }
void RunTelnetSession(TSession *Session) { STREAM *Local, *S; char *Tempstr=NULL; int result, fd; ListNode *Streams; struct passwd *pwent; struct group *grent; struct timeval tv; time_t Duration, Start, Now, LastActivity; time(&Start); LastActivity=Start; Streams=ListCreate(); ListAddItem(Streams,Session->S); //if '-real-user' was specified on the command-line, then this overrides //anything read from password files if (Settings.Flags & FLAG_FORCE_REALUSER) { Session->RealUser=CopyStr(Session->RealUser,Settings.RealUser); } //Get User Details before we chroot! if (StrLen(Session->RealUser)) { pwent=getpwnam(Session->RealUser); if (! pwent) { syslog(Settings.InfoLogLevel,"Failed to lookup RealUser '%s' for user '%s'",Session->RealUser,Session->User); exit(1); } Session->RealUserUID=pwent->pw_uid; Session->GroupID=pwent->pw_gid; } //if '-shell' was specified on the command-line, then this overrides //anything read from password files if (Settings.Flags & FLAG_FORCE_SHELL) { Session->Shell=CopyStr(Session->Shell,Settings.RealUser); } if (Settings.Flags & FLAG_DYNHOME) { Session->HomeDir=SessionSubstituteVars(Session->HomeDir,Settings.DynamicHomeDir,Session); Session->HomeDir=SlashTerminateDirectoryPath(Session->HomeDir); MakeDirPath(Session->HomeDir,0777); } //CD to the user's home directory if (StrLen(Session->HomeDir)) { chdir(Session->HomeDir); } DoBindMounts(Settings.BindMounts,0); //This login script allows setting up any aspects of the environment before we launch the shell. For instance it //might be used to copy files into the chroot environment before chrooting if (StrLen(Settings.LoginScript)) system(Settings.LoginScript); //LAUNCH THE SHELL FUNCTION!!! This launches the program that the telnet user is 'speaking' to. //If chhome is active, then it will be chrooted into the user's home directory PseudoTTYSpawnFunction(&fd, LaunchPtyFunc, Session, TTYFLAG_CANON | TTYFLAG_ECHO | TTYFLAG_CRLF | TTYFLAG_LFCR | TTYFLAG_IGNSIG); Local=STREAMFromFD(fd); STREAMSetTimeout(Local,0); //Might as well chroot on this side of the pipe too, unless we have a 'LogoutScript' //Logout scripts exist to allow copying stuff back out of the chroot when the session is //finished. We can't do this if we chroot this side as well as the 'shell' side if ( (! StrLen(Settings.LogoutScript)) && (Settings.Flags & FLAG_CHHOME) ) chroot("."); //DON'T SWITCH USER. NEED root TO UNBIND MOUNTS //if (setreuid(Session->RealUserUID,Session->RealUserUID) !=0) exit(1); ListAddItem(Streams,Local); Tempstr=SetStrLen(Tempstr,4096); while (1) { if (Settings.IdleTimeout) tv.tv_sec=Settings.IdleTimeout; else tv.tv_sec=3600 * 24; S=STREAMSelect(Streams,&tv); time(&Now); if (S) { if (S==Session->S) { result=TelnetReadBytes(Session->S, Tempstr, 4096, TNRB_NONBLOCK); if (result ==-1) break; STREAMWriteBytes(Local,Tempstr,result); } else { result=STREAMReadBytes(Local,Tempstr,4096); if (result < 0) break; STREAMWriteBytes(Session->S,Tempstr,result); if (result < 0) break; } if (Settings.Flags & FLAG_WINSIZE) SetWindowSize(Session->S->out_fd); LastActivity=Now; } if ((Settings.IdleTimeout > 0) && ((Now - LastActivity) > Settings.IdleTimeout)) break; } if (StrLen(Settings.LogoutScript)) system(Settings.LogoutScript); if (Settings.Flags & FLAG_UNMOUNT) UndoBindMounts(Settings.BindMounts, 0); if (Settings.Flags & FLAG_DYNHOME) rmdir(Session->HomeDir); Duration=time(NULL) - Start; syslog(Settings.InfoLogLevel,"%s@%s logged out after %d secs",Session->User,Session->ClientIP, Duration); STREAMClose(Session->S); STREAMClose(Local); DestroyString(Tempstr); }