static const char* process_cmd_line(void *mconfig,ngx_pool_t *p,ngx_pool_t *temp_pool,const char *l,cmd_parms *parms){
const char *args;
char *cmd_name;
const command_rec *cmd;
if (*l == '#' || *l == '\0')
return NULL;
args = ngx_resolve_env(temp_pool,l);
cmd_name = ngx_getword_conf(p,&args);
if(*cmd_name == '\0'){
return NULL;
}
cmd = modsec_find_command(cmd_name);
if(cmd) {
return invoke_cmd(cmd,parms,mconfig,args);
}
return (const char*)ngx_pstrcat(p,"Invalid cmd:",cmd_name,NULL);
}
void exec_cmd
(
string const * cmd_orig,
ExecCmdCallback func,
void * closure,
LIST * shell
)
{
int const slot = get_free_cmdtab_slot();
int const is_raw_cmd = is_raw_command_request( shell );
string cmd_local[ 1 ];
/* Initialize default shell - anything more than /Q/C is non-portable. */
static LIST * default_shell;
if ( !default_shell )
default_shell = list_new( object_new( "cmd.exe /Q/C" ) );
/* Specifying no shell means requesting the default shell. */
if ( list_empty( shell ) )
shell = default_shell;
if ( DEBUG_EXECCMD )
if ( is_raw_cmd )
out_printf( "Executing raw command directly\n" );
else
{
out_printf( "Executing using a command file and the shell: " );
list_print( shell );
out_printf( "\n" );
}
/* If we are running a raw command directly - trim its leading whitespaces
* as well as any trailing all-whitespace lines but keep any trailing
* whitespace in the final/only line containing something other than
* whitespace).
*/
if ( is_raw_cmd )
{
char const * start = cmd_orig->value;
char const * p = cmd_orig->value + cmd_orig->size;
char const * end = p;
while ( isspace( *start ) ) ++start;
while ( p > start && isspace( p[ -1 ] ) )
if ( *--p == '\n' )
end = p;
string_new( cmd_local );
string_append_range( cmd_local, start, end );
assert( cmd_local->size == raw_command_length( cmd_orig->value ) );
}
/* If we are not running a raw command directly, prepare a command file to
* be executed using an external shell and the actual command string using
* that command file.
*/
else
{
char const * const cmd_file = prepare_command_file( cmd_orig, slot );
char const * argv[ MAXARGC + 1 ]; /* +1 for NULL */
argv_from_shell( argv, shell, cmd_file, slot );
string_new_from_argv( cmd_local, argv );
}
/* Catch interrupts whenever commands are running. */
if ( !intr_installed )
{
intr_installed = 1;
signal( SIGINT, onintr );
}
/* Save input data into the selected running commands table slot. */
cmdtab[ slot ].func = func;
cmdtab[ slot ].closure = closure;
/* Invoke the actual external process using the constructed command line. */
invoke_cmd( cmd_local->value, slot );
/* Free our local command string copy. */
string_free( cmd_local );
}
void server_mainloop( SOCKET server_socket )
{
SOCKET sClientSocket;
int iResult, // system information with error message
iSendResult, // system information with error message after send function
command_code;
MBA_AGENT_RETURN command_result;
CHAR sLogMessage[SZ_MAX_LOG];
CHAR sRecvbuf[SZ_MAX_CMD << 1]; // receive buffer from client
CHAR sCommand_line[SZ_MAX_CMD << 1]; // fully command line
// we allocate two times more space for the string manipulation
// Accept connections
while( true ) {
g_sClientSocket = server_socket;
sprintf_s(sLogMessage, SZ_MAX_LOG, "[SYSTEM] Start to get commands...\r\n\r\n");
write_agent_log(sLogMessage, FALSE);
slen = sizeof(clientaddr);
// Receive until the peer shuts down the connection
do {
ZeroMemory(sRecvbuf, sizeof(sRecvbuf));
iResult = ac_read( sRecvbuf, SZ_MAX_CMD );
if (iResult > 0) {
sprintf_s(sLogMessage, SZ_MAX_LOG, "Bytes received: 0x%08x, Received message: %s\r\n", iResult, sRecvbuf);
write_agent_log(sLogMessage, FALSE);
command_code = identify_command(sRecvbuf);
if (command_code > 0) {
ZeroMemory(sCommand_line, sizeof(sCommand_line));
memcpy(sCommand_line, &sRecvbuf[5], SZ_MAX_CMD - 5);
}
switch (command_code) {
case MBA_CMD_EXEC :
command_result = execute_cmd(sCommand_line);
break;
case MBA_CMD_INVO :
command_result = invoke_cmd(sCommand_line);
break;
case MBA_CMD_EXPO :
command_result = export_cmd(sCommand_line);
break;
case MBA_CMD_IMPO :
command_result = import_cmd(sCommand_line);
break;
case MBA_CMD_LOGF :
command_result = expolog_cmd();
break;
case MBA_CMD_SYNC :
command_result = sync_cmd();
break;
case MBA_CMD_UNKNOWN :
default:
write_agent_log("main - [COMMAND ERROR] Unknown command", TRUE);
command_result = AGENT_RET_SUCCESS;
break;
}
if ( command_result == AGENT_RET_SUCCESS ) {
// Echo the buffer back to the sender
iSendResult = ac_write( MSG_ACK_PREFIX, sizeof(MSG_ACK_PREFIX) );
if (iSendResult == SOCKET_ERROR) {
write_agent_log("main - Send to server_socket", TRUE);
break;
}
iSendResult = ac_write( sRecvbuf, SZ_MAX_CMD );
if (iSendResult == SOCKET_ERROR) {
write_agent_log("main - Send to server_socket", TRUE);
break;
}
}
else
iResult = 1;
sprintf_s(sLogMessage, SZ_MAX_LOG, "Bytes sent: %d\r\n\r\n", iSendResult);
write_agent_log(sLogMessage, FALSE);
}
else if (GetLastError() == 0) {
write_agent_log("Receive nothing from server_socket", FALSE);
break;
}
else {
write_agent_log("Receive from server_socket", TRUE);
break;
}
} while (iResult > 0);
// shutdown the connection since we're done
iResult = shutdown(server_socket, SD_SEND);
if (iResult != -1 && iResult == SOCKET_ERROR) {
closesocket(server_socket);
write_agent_log("Main - shutdown server_socket", TRUE);
}
closesocket(server_socket);
sprintf_s(sLogMessage, SZ_MAX_LOG, "[SYSTEM] Connection closing...\r\n");
write_agent_log(sLogMessage, FALSE);
}
}
void server_mainloop( SOCKET sListenSocket )
{
SOCKET sClientSocket;
int iResult, // system information with error message
iSendResult, // system information with error message after send function
command_code;
MBA_AGENT_RETURN command_result;
char sRecvbuf[SZ_MAX_CMD << 1]; // receive buffer from client
char sCommand_line[SZ_MAX_CMD << 1]; // fully command line
// we allocate two times more space for the string manipulation
// Accept connections
while( true ) {
// Accept a client socket
sClientSocket = accept(sListenSocket, NULL, NULL);
if (sClientSocket == INVALID_SOCKET) {
display_error("main - accept", FALSE);
break;
}
sprintf_s(g_sLogMessage, SZ_MAX_LOG, "[SYSTEM] Connection starting...\r\n");
write_log();
g_sClientSocket = sClientSocket;
// Receive until the peer shuts down the connection
do {
ZeroMemory(sRecvbuf, sizeof(sRecvbuf));
iResult = recv(sClientSocket, sRecvbuf, SZ_MAX_CMD, MSG_WAITALL);
if (iResult > 0) {
sprintf_s(g_sLogMessage, SZ_MAX_LOG, "Bytes received: 0x%08x, Received message: %s\r\n", iResult, sRecvbuf);
write_log();
command_code = identify_command(sRecvbuf);
if (command_code > 0) {
ZeroMemory(sCommand_line, sizeof(sCommand_line));
memcpy(sCommand_line, &sRecvbuf[5], SZ_MAX_CMD - 5);
}
switch (command_code) {
case MBA_CMD_EXEC :
command_result = execute_cmd(sCommand_line);
break;
case MBA_CMD_INVO :
command_result = invoke_cmd(sCommand_line);
break;
case MBA_CMD_EXPO :
command_result = export_cmd(sCommand_line, sClientSocket);
break;
case MBA_CMD_IMPO :
command_result = import_cmd(sCommand_line, sClientSocket);
break;
case MBA_CMD_LOGF :
command_result = export_log( sClientSocket );
break;
case MBA_CMD_UNKNOWN :
default:
display_error("main - [COMMAND ERROR] Unknown command", TRUE);
command_result = AGENT_RET_SUCCESS;
break;
}
if ( command_result == AGENT_RET_SUCCESS ) {
// Echo the buffer back to the sender
iSendResult = send(sClientSocket, MSG_ACK_PREFIX, sizeof(MSG_ACK_PREFIX), 0);
if (iSendResult == SOCKET_ERROR) {
display_error("main - Send to sClientSocket", FALSE);
break;
}
iSendResult = send(sClientSocket, sRecvbuf, SZ_MAX_CMD, 0);
if (iSendResult == SOCKET_ERROR) {
display_error("main - Send to sClientSocket", FALSE);
break;
}
}
else
iResult = 1;
sprintf_s(g_sLogMessage, SZ_MAX_LOG, "Bytes sent: %d\r\n", iSendResult);
write_log();
}
else if (GetLastError() == 0)
break;
else {
display_error("Receive from sClientSocket", FALSE);
break;
}
} while (iResult > 0);
// shutdown the connection since we're done
iResult = shutdown(sClientSocket, SD_SEND);
if (iResult != -1 && iResult == SOCKET_ERROR) {
closesocket(sClientSocket);
display_error("Main - shutdown sClientSocket", FALSE);
}
closesocket(sClientSocket);
sprintf_s(g_sLogMessage, SZ_MAX_LOG, "[SYSTEM] Connection closing...\r\n");
write_log();
}
}
