/*This function will be executed when a new request for search_record service arrives. This function will initialize the required structures and data to serve the request. */ void *search_record_init_request_data(ci_request_t * req) { struct SearchRecord *search_record_data; char full_url[URL_LEN]; char ip[IP_LEN]; const char* content_type=ci_http_response_get_header(req,"Content-Type"); int url_state = ci_http_request_full_url(req,full_url,URL_LEN); const char* ip_state = get_client_ip(req,ip); if((url_state == 0) || (ip_state == NULL)) { ci_debug_printf(2,"could not get full url or client ip\n"); return NULL; } if((content_type == NULL) || (strncmp(content_type,"text/html",9) == 0)) { search_record_data = malloc(sizeof(struct SearchRecord)); if (!search_record_data) { ci_debug_printf(1, "Memory allocation failed inside search_record_init_request_data!\n"); return NULL; } strcpy(search_record_data->full_url,full_url); strcpy(search_record_data->ip,ip); return search_record_data; } else return NULL; }
/* Write interesting information about a connection attempt to LOGFILE. * Returns -1 on error. */ static int log_attempt(struct connection *c) { FILE *f; int r; if ((f = fopen(LOGFILE, "a+")) == NULL) { fprintf(stderr, "Unable to open %s\n", LOGFILE); return -1; } if (get_utc(c) <= 0) { fprintf(stderr, "Error getting time\n"); return -1; } if (get_client_ip(c) < 0) { fprintf(stderr, "Error getting client ip\n"); return -1; } c->user = ssh_message_auth_user(c->message); c->pass = ssh_message_auth_password(c->message); if (DEBUG) { printf("%s %s %s %s\n", c->con_time, c->client_ip, c->user, c->pass); } r = fprintf(f, "%s\t%s\t%s\t%s\t\n", c->con_time, c->client_ip, c->user, c->pass); fclose(f); return r; }
/** * Clear the session cache, release the session pool */ void CALLBACK on_disconnect_handler( void *data, const WebSocketServer *server) { // if the threads wake up during disconnect, this tells // them to go back to sleep. trans->client_connected = 0; request_rec *r = server->request(server); osrfLogInfo(OSRF_LOG_MARK, "WS disconnect from %s", get_client_ip(r)); // Clear any lingering session data // NOTE: we could apr_pool_destroy the stateful_session_pool to truly free // the memory, but since there is a limit to the size of the pool // (max_concurrent_sessions), the memory cannot grow unbounded, // so there's no need. apr_hash_clear(trans->stateful_session_cache); apr_pool_clear(trans->stateful_session_pool); }
/** * Create the per-client translator */ void* CALLBACK on_connect_handler(const WebSocketServer *server) { request_rec *r = server->request(server); if (!trans) { // first connection // connect to opensrf if (child_init(server) != APR_SUCCESS) return NULL; // build pools, thread data, and the translator if (build_startup_data(server) != APR_SUCCESS) return NULL; } const char* client_ip = get_client_ip(r); osrfLogInfo(OSRF_LOG_MARK, "WS connect from %s", client_ip); last_activity_time = time(NULL); trans->client_connected = 1; return trans; }
/** * The main entrance of bbswebd. * @return 0 on success, 1 on initialization error. */ int main(void) { fb_signal(SIGTERM, exit_handler); fb_signal(SIGUSR1, exit_handler); if (initialize() < 0) return EXIT_FAILURE; initialize_environment(INIT_CONV | INIT_DB | INIT_MDB); while (FCGI_Accept() >= 0) { if (!web_ctx_init()) return EXIT_FAILURE; const web_handler_t *h = _get_handler(); int code = BBS_ENOURL; if (h) { get_client_ip(); session_validate(); brc_reset(); if (session_get_id()) { if (h->status != ST_IDLE) set_user_status(h->status); session_set_idle(session_get_id(), fb_time()); if (h->status != ST_READING) session_set_board(0); } code = execute(h); } if (code > 0) web_respond(code); else check_bbserr(code); web_ctx_destroy(); } return 0; }
static int socksserver_on_clientconnect (void* userdata, struct sockaddr_storage* clientaddr, int fd) { socksserver* srv = (socksserver*) userdata; char buffer[256]; (void) buffer; if(CONFIG_LOG && srv->log && clientaddr) { logstart(); printfd(fd); LOGPUT(1, VARISL(" connect from: "), VARIC(get_client_ip(clientaddr, buffer, sizeof(buffer))), NULL); } if(fd < 3 || fd >= MAX_FD) { rocksockserver_disconnect_client(&srv->serva, fd); return -2; } fdinfo* client = &srv->clients[fdindex(fd)]; // put into nonblocking mode, so that writes will not block the server int flags = fcntl(fd, F_GETFL); if(flags == -1) return -1; if(fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) return -2; client->data = find_free_buffer(srv); if (!client->data) { if(CONFIG_LOG && srv->log) { logstart(); LOGPUTS(1, SPL("warning: couldnt find free buffer\n")); } rocksockserver_disconnect_client(&srv->serva, fd); return -2; } client->state = SS_CONNECTED; client->data->state = BS_IDLE; client->data->start = 0; client->target_fd = -1; return 0; }
virtual const char * get_client_address (void) { return get_client_ip(); };
static int socksserver_connect_request(socksserver* srv, int fd) { fdinfo* client = &srv->clients[fdindex(fd)]; size_t i = 0; unsigned char dlen = 0; unsigned char* buf = client->data->buf; int flags, ret; host_info addr; struct addrinfo addrbuf; struct sockaddr sockbuf; memset(&addr, 0, sizeof(addr)); memset(&addrbuf, 0, sizeof(addrbuf)); memset(&sockbuf, 0, sizeof(sockbuf)); addrbuf.ai_addr = &sockbuf; addr.hostaddr = &addrbuf; if(!client->data->start) return -1; if(buf[i++] != 5) return EC_NOT_ALLOWED; // check first byte whenever the message length is > 0 to not waste resources on maldoers if(client->data->start < 1+1+1+1+4+2) return -1; if(buf[i++] != 1) return EC_COMMAND_NOT_SUPPORTED; // we support only the connect method. if(buf[i++] != 0) return EC_GENERAL_FAILURE; switch(buf[i++]) { case 1: //ipv4 memcpy(&((struct sockaddr_in*) addr.hostaddr->ai_addr)->sin_addr, buf + 4, 4); memcpy(&((struct sockaddr_in*) addr.hostaddr->ai_addr)->sin_port, buf + 8, 2); ((struct sockaddr_in*) addr.hostaddr->ai_addr)->sin_family = PF_INET; addr.hostaddr->ai_addr->sa_family = PF_INET; addr.hostaddr->ai_addrlen = sizeof(struct sockaddr_in); break; case 3: //dns if(CONFIG_DNS) { dlen = buf[i++]; if(client->data->start < 1U+1U+1U+1U+1U+dlen+2U) return -1; addr.port = my_ntohs(buf + i + dlen); buf[i + dlen] = 0; addr.host = (char*) (buf + i); if(CONFIG_IPV6) addr.hostaddr = NULL; if(!resolve_host(&addr)) { if(CONFIG_IPV6) { memcpy(&addrbuf, addr.hostaddr, sizeof(struct addrinfo)); freeaddrinfo(addr.hostaddr); addr.hostaddr = &addrbuf; } } else goto notsupported; break; } else goto notsupported; case 4: //ipv6 if(CONFIG_IPV6) { if(client->data->start < 1+1+1+1+16+2) return -1; memcpy(&((struct sockaddr_in6*) addr.hostaddr->ai_addr)->sin6_addr, buf + 4, 16); memcpy(&((struct sockaddr_in6*) addr.hostaddr->ai_addr)->sin6_port, buf + 20, 2); ((struct sockaddr_in6*) addr.hostaddr->ai_addr)->sin6_family = PF_INET6; addr.hostaddr->ai_addr->sa_family = PF_INET6; addr.hostaddr->ai_addrlen = sizeof(struct sockaddr_in6); break; } default: notsupported: return EC_ADDRESSTYPE_NOT_SUPPORTED; } client->target_fd = socket(addr.hostaddr->ai_addr->sa_family, SOCK_STREAM, 0); if(client->target_fd == -1) { neterror: switch(errno) { case ENETDOWN: case ENETUNREACH: case ENETRESET: return EC_NET_UNREACHABLE; case EHOSTUNREACH: case EHOSTDOWN: return EC_HOST_UNREACHABLE; case ECONNREFUSED: return EC_CONN_REFUSED; default: return EC_GENERAL_FAILURE; } } if(client->target_fd >= MAX_FD) { close(client->target_fd); return EC_GENERAL_FAILURE; } flags = fcntl(client->target_fd, F_GETFL); if(flags == -1) return EC_GENERAL_FAILURE; if(fcntl(client->target_fd, F_SETFL, flags | O_NONBLOCK) == -1) return EC_GENERAL_FAILURE; ret = connect(client->target_fd, addr.hostaddr->ai_addr, addr.hostaddr->ai_addrlen); if(ret == -1) { ret = errno; if (!(ret == EINPROGRESS || ret == EWOULDBLOCK)) goto neterror; } srv->clients[fdindex(client->target_fd)].state = SS_SOCKSTARGET; srv->clients[fdindex(client->target_fd)].data = client->data; srv->clients[fdindex(client->target_fd)].target_fd = fd; rocksockserver_watch_fd(&srv->serva, client->target_fd); if(CONFIG_LOG && srv->log) { if(get_client_ip((struct sockaddr_storage*) addr.hostaddr->ai_addr, (char*) buf, CLIENT_BUFSIZE)) { logstart(); printfd(fd); LOGPUTS(1, SPLITERAL(" -> ")); printfd(client->target_fd); LOGPUT(1, VARISL(" <"), VARIC((char*)buf), VARISL(">"), NULL); } } return EC_SUCCESS; }
// log_con_mysql int log_con1_mysql(struct connection *c){ // get the time if (get_utc(c) <= 0) { fprintf(stderr, "Error getting time\n"); return -1; } // get the client ip if (get_client_ip(c) < 0) { fprintf(stderr, "Error getting client ip\n"); return -1; } //open the mysql connection MYSQL *mysql_con; if (mysql_start(&mysql_con) != 0){ return 1; } char *con_time_escaped; escape(c->con_time, &con_time_escaped, mysql_con); char *client_ip_escaped; escape(c->client_ip, &client_ip_escaped, mysql_con); char *protocol_version_escaped; char protocol_version_string[10] = ""; sprintf(protocol_version_string, "%d", c->protocol_version); escape(protocol_version_string, &protocol_version_escaped, mysql_con); char *openssh_version_escaped; char openssh_version_string[10] =""; sprintf(openssh_version_string, "%d", c->openssh_version); escape(openssh_version_string, &openssh_version_escaped, mysql_con); // declare and reserve memory for the query string char *mysql_query_string; mysql_query_string = malloc(sizeof(char) * (400 + strlen(con_time_escaped) + strlen(client_ip_escaped) + strlen(protocol_version_escaped) + strlen(openssh_version_escaped))); // build the query string sprintf(mysql_query_string, "INSERT INTO `honeyssh`.`connection` (`session-id`, `ip`, `start-time`, `end-time`, `banner`, `cipher-in`, `cipher-out`, `protocol-version`, `openssh-version`, `action`, `potmode`, `id`, `sensor-id`) VALUES ('%llu', '%s', '%s', '1970-01-01 00:00:00', 'none', 'none', 'none', '%s', '%s', '-1', '%d', 'NULL', '%s');", c->session_id, client_ip_escaped, con_time_escaped, protocol_version_escaped, openssh_version_escaped, AUTHENTICATION, SENSOR_ID); // execute the query if (mysql_query(mysql_con, mysql_query_string)) { fprintf(stderr, "%s\n", mysql_error(mysql_con)); } free(mysql_query_string); free(con_time_escaped); free(protocol_version_escaped); free(openssh_version_escaped); free(client_ip_escaped); mysql_close(mysql_con); return 0; }
static char* extract_inbound_messages( const request_rec *r, const char* service, const char* thread, const char* recipient, const jsonObject *osrf_msg) { int i; int num_msgs = osrf_msg->size; osrfMessage* msg; osrfMessage* msg_list[num_msgs]; // here we do an extra json round-trip to get the data // in a form osrf_message_deserialize can understand // TODO: consider a version of osrf_message_init which can // accept a jsonObject* instead of a JSON string. char *osrf_msg_json = jsonObjectToJSON(osrf_msg); osrf_message_deserialize(osrf_msg_json, msg_list, num_msgs); free(osrf_msg_json); // should we require the caller to always pass the service? if (service == NULL) service = ""; for(i = 0; i < num_msgs; i++) { msg = msg_list[i]; osrfMessageSetIngress(msg, WEBSOCKET_TRANSLATOR_INGRESS); switch(msg->m_type) { case REQUEST: { const jsonObject* params = msg->_params; growing_buffer* act = buffer_init(128); char* method = msg->method_name; buffer_fadd(act, "[%s] [%s] %s %s", get_client_ip(r), "", service, method); const jsonObject* obj = NULL; int i = 0; const char* str; int redactParams = 0; while( (str = osrfStringArrayGetString(log_protect_arr, i++)) ) { if(!strncmp(method, str, strlen(str))) { redactParams = 1; break; } } if(redactParams) { OSRF_BUFFER_ADD(act, " **PARAMS REDACTED**"); } else { i = 0; while((obj = jsonObjectGetIndex(params, i++))) { char* str = jsonObjectToJSON(obj); if( i == 1 ) OSRF_BUFFER_ADD(act, " "); else OSRF_BUFFER_ADD(act, ", "); OSRF_BUFFER_ADD(act, str); free(str); } } osrfLogActivity(OSRF_LOG_MARK, "%s", act->buf); buffer_free(act); requests_in_flight++; break; } case DISCONNECT: clear_cached_recipient(thread); break; } } char* finalMsg = osrfMessageSerializeBatch(msg_list, num_msgs); // clean up our messages for(i = 0; i < num_msgs; i++) osrfMessageFree(msg_list[i]); return finalMsg; }