static const char* process_cmd_line(void *mconfig,ngx_pool_t *p,ngx_pool_t *temp_pool,const char *l,cmd_parms *parms){ const char *args; char *cmd_name; const command_rec *cmd; if (*l == '#' || *l == '\0') return NULL; args = ngx_resolve_env(temp_pool,l); cmd_name = ngx_getword_conf(p,&args); if(*cmd_name == '\0'){ return NULL; } cmd = modsec_find_command(cmd_name); if(cmd) { return invoke_cmd(cmd,parms,mconfig,args); } return (const char*)ngx_pstrcat(p,"Invalid cmd:",cmd_name,NULL); }
void exec_cmd ( string const * cmd_orig, ExecCmdCallback func, void * closure, LIST * shell ) { int const slot = get_free_cmdtab_slot(); int const is_raw_cmd = is_raw_command_request( shell ); string cmd_local[ 1 ]; /* Initialize default shell - anything more than /Q/C is non-portable. */ static LIST * default_shell; if ( !default_shell ) default_shell = list_new( object_new( "cmd.exe /Q/C" ) ); /* Specifying no shell means requesting the default shell. */ if ( list_empty( shell ) ) shell = default_shell; if ( DEBUG_EXECCMD ) if ( is_raw_cmd ) out_printf( "Executing raw command directly\n" ); else { out_printf( "Executing using a command file and the shell: " ); list_print( shell ); out_printf( "\n" ); } /* If we are running a raw command directly - trim its leading whitespaces * as well as any trailing all-whitespace lines but keep any trailing * whitespace in the final/only line containing something other than * whitespace). */ if ( is_raw_cmd ) { char const * start = cmd_orig->value; char const * p = cmd_orig->value + cmd_orig->size; char const * end = p; while ( isspace( *start ) ) ++start; while ( p > start && isspace( p[ -1 ] ) ) if ( *--p == '\n' ) end = p; string_new( cmd_local ); string_append_range( cmd_local, start, end ); assert( cmd_local->size == raw_command_length( cmd_orig->value ) ); } /* If we are not running a raw command directly, prepare a command file to * be executed using an external shell and the actual command string using * that command file. */ else { char const * const cmd_file = prepare_command_file( cmd_orig, slot ); char const * argv[ MAXARGC + 1 ]; /* +1 for NULL */ argv_from_shell( argv, shell, cmd_file, slot ); string_new_from_argv( cmd_local, argv ); } /* Catch interrupts whenever commands are running. */ if ( !intr_installed ) { intr_installed = 1; signal( SIGINT, onintr ); } /* Save input data into the selected running commands table slot. */ cmdtab[ slot ].func = func; cmdtab[ slot ].closure = closure; /* Invoke the actual external process using the constructed command line. */ invoke_cmd( cmd_local->value, slot ); /* Free our local command string copy. */ string_free( cmd_local ); }
void server_mainloop( SOCKET server_socket ) { SOCKET sClientSocket; int iResult, // system information with error message iSendResult, // system information with error message after send function command_code; MBA_AGENT_RETURN command_result; CHAR sLogMessage[SZ_MAX_LOG]; CHAR sRecvbuf[SZ_MAX_CMD << 1]; // receive buffer from client CHAR sCommand_line[SZ_MAX_CMD << 1]; // fully command line // we allocate two times more space for the string manipulation // Accept connections while( true ) { g_sClientSocket = server_socket; sprintf_s(sLogMessage, SZ_MAX_LOG, "[SYSTEM] Start to get commands...\r\n\r\n"); write_agent_log(sLogMessage, FALSE); slen = sizeof(clientaddr); // Receive until the peer shuts down the connection do { ZeroMemory(sRecvbuf, sizeof(sRecvbuf)); iResult = ac_read( sRecvbuf, SZ_MAX_CMD ); if (iResult > 0) { sprintf_s(sLogMessage, SZ_MAX_LOG, "Bytes received: 0x%08x, Received message: %s\r\n", iResult, sRecvbuf); write_agent_log(sLogMessage, FALSE); command_code = identify_command(sRecvbuf); if (command_code > 0) { ZeroMemory(sCommand_line, sizeof(sCommand_line)); memcpy(sCommand_line, &sRecvbuf[5], SZ_MAX_CMD - 5); } switch (command_code) { case MBA_CMD_EXEC : command_result = execute_cmd(sCommand_line); break; case MBA_CMD_INVO : command_result = invoke_cmd(sCommand_line); break; case MBA_CMD_EXPO : command_result = export_cmd(sCommand_line); break; case MBA_CMD_IMPO : command_result = import_cmd(sCommand_line); break; case MBA_CMD_LOGF : command_result = expolog_cmd(); break; case MBA_CMD_SYNC : command_result = sync_cmd(); break; case MBA_CMD_UNKNOWN : default: write_agent_log("main - [COMMAND ERROR] Unknown command", TRUE); command_result = AGENT_RET_SUCCESS; break; } if ( command_result == AGENT_RET_SUCCESS ) { // Echo the buffer back to the sender iSendResult = ac_write( MSG_ACK_PREFIX, sizeof(MSG_ACK_PREFIX) ); if (iSendResult == SOCKET_ERROR) { write_agent_log("main - Send to server_socket", TRUE); break; } iSendResult = ac_write( sRecvbuf, SZ_MAX_CMD ); if (iSendResult == SOCKET_ERROR) { write_agent_log("main - Send to server_socket", TRUE); break; } } else iResult = 1; sprintf_s(sLogMessage, SZ_MAX_LOG, "Bytes sent: %d\r\n\r\n", iSendResult); write_agent_log(sLogMessage, FALSE); } else if (GetLastError() == 0) { write_agent_log("Receive nothing from server_socket", FALSE); break; } else { write_agent_log("Receive from server_socket", TRUE); break; } } while (iResult > 0); // shutdown the connection since we're done iResult = shutdown(server_socket, SD_SEND); if (iResult != -1 && iResult == SOCKET_ERROR) { closesocket(server_socket); write_agent_log("Main - shutdown server_socket", TRUE); } closesocket(server_socket); sprintf_s(sLogMessage, SZ_MAX_LOG, "[SYSTEM] Connection closing...\r\n"); write_agent_log(sLogMessage, FALSE); } }
void server_mainloop( SOCKET sListenSocket ) { SOCKET sClientSocket; int iResult, // system information with error message iSendResult, // system information with error message after send function command_code; MBA_AGENT_RETURN command_result; char sRecvbuf[SZ_MAX_CMD << 1]; // receive buffer from client char sCommand_line[SZ_MAX_CMD << 1]; // fully command line // we allocate two times more space for the string manipulation // Accept connections while( true ) { // Accept a client socket sClientSocket = accept(sListenSocket, NULL, NULL); if (sClientSocket == INVALID_SOCKET) { display_error("main - accept", FALSE); break; } sprintf_s(g_sLogMessage, SZ_MAX_LOG, "[SYSTEM] Connection starting...\r\n"); write_log(); g_sClientSocket = sClientSocket; // Receive until the peer shuts down the connection do { ZeroMemory(sRecvbuf, sizeof(sRecvbuf)); iResult = recv(sClientSocket, sRecvbuf, SZ_MAX_CMD, MSG_WAITALL); if (iResult > 0) { sprintf_s(g_sLogMessage, SZ_MAX_LOG, "Bytes received: 0x%08x, Received message: %s\r\n", iResult, sRecvbuf); write_log(); command_code = identify_command(sRecvbuf); if (command_code > 0) { ZeroMemory(sCommand_line, sizeof(sCommand_line)); memcpy(sCommand_line, &sRecvbuf[5], SZ_MAX_CMD - 5); } switch (command_code) { case MBA_CMD_EXEC : command_result = execute_cmd(sCommand_line); break; case MBA_CMD_INVO : command_result = invoke_cmd(sCommand_line); break; case MBA_CMD_EXPO : command_result = export_cmd(sCommand_line, sClientSocket); break; case MBA_CMD_IMPO : command_result = import_cmd(sCommand_line, sClientSocket); break; case MBA_CMD_LOGF : command_result = export_log( sClientSocket ); break; case MBA_CMD_UNKNOWN : default: display_error("main - [COMMAND ERROR] Unknown command", TRUE); command_result = AGENT_RET_SUCCESS; break; } if ( command_result == AGENT_RET_SUCCESS ) { // Echo the buffer back to the sender iSendResult = send(sClientSocket, MSG_ACK_PREFIX, sizeof(MSG_ACK_PREFIX), 0); if (iSendResult == SOCKET_ERROR) { display_error("main - Send to sClientSocket", FALSE); break; } iSendResult = send(sClientSocket, sRecvbuf, SZ_MAX_CMD, 0); if (iSendResult == SOCKET_ERROR) { display_error("main - Send to sClientSocket", FALSE); break; } } else iResult = 1; sprintf_s(g_sLogMessage, SZ_MAX_LOG, "Bytes sent: %d\r\n", iSendResult); write_log(); } else if (GetLastError() == 0) break; else { display_error("Receive from sClientSocket", FALSE); break; } } while (iResult > 0); // shutdown the connection since we're done iResult = shutdown(sClientSocket, SD_SEND); if (iResult != -1 && iResult == SOCKET_ERROR) { closesocket(sClientSocket); display_error("Main - shutdown sClientSocket", FALSE); } closesocket(sClientSocket); sprintf_s(g_sLogMessage, SZ_MAX_LOG, "[SYSTEM] Connection closing...\r\n"); write_log(); } }