📄 daemon.c
字号:
if (fp)
{
if (threaddata)
{
pthread_cancel(threaddata);
threaddata= 0;
}
if (fp->rmt_sockdata)
{
sock_close(fp->rmt_sockdata, NULL, 0);
fp->rmt_sockdata= 0;
}
pcap_close(fp);
fp= NULL;
}
// Print message and exit
SOCK_ASSERT("I'm exiting from the child loop", 1);
SOCK_ASSERT(errbuf, 1);
if (!pars->isactive)
{
if (pars->sockctrl)
sock_close(pars->sockctrl, NULL, 0);
free(pars);
#ifdef WIN32
pthread_exit(0);
#endif
}
}
/*!
\brief It checks if the authentication credentials supplied by the user are valid.
This function is called each time the rpcap daemon starts a new serving thread.
It reads the authentication message from the network and it checks that the
user information are valid.
\param sockctrl: the socket if of the control connection.
\param nullAuthAllowed: '1' if the NULL authentication is allowed.
\param errbuf: a user-allocated buffer in which the error message (if one) has to be written.
\return '0' if everything is fine, '-1' if an unrecoverable error occurred.
The error message is returned in the 'errbuf' variable.
'-2' is returned in case the authentication failed or in case of a recoverable error (like
wrong version). In that case, 'errbuf' keeps the reason of the failure. This provides
a way to know that the connection does not have to be closed.
In case the message is a 'CLOSE' or an 'ERROR', it returns -3. The error can be due to a
connection refusal in active mode, since this host cannot be allowed to connect to the remote
peer.
*/
int daemon_checkauth(SOCKET sockctrl, int nullAuthAllowed, char *errbuf)
{
struct rpcap_header header; // RPCAP message general header
int retval; // generic return value
unsigned int nread; // number of bytes of the payload read from the socket
struct rpcap_auth auth; // RPCAP authentication header
char *string1, *string2; // two strings exchanged by the authentication message
unsigned int plen; // length of the payload
int retcode; // the value we have to return to the caller
if (sock_recv(sockctrl, (char *) &header, sizeof(struct rpcap_header), SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
plen= ntohl(header.plen);
retval= rpcap_checkmsg(errbuf, sockctrl, &header,
RPCAP_MSG_AUTH_REQ,
RPCAP_MSG_CLOSE,
0);
if (retval != RPCAP_MSG_AUTH_REQ)
{
switch (retval)
{
case -3: // Unrecoverable network error
return -1; // Do nothing; just exit; the error code is already into the errbuf
case -2: // The other endpoint send a message that is not allowed here
case -1: // The other endpoint has a version number that is not compatible with our
return -2;
case RPCAP_MSG_CLOSE:
{
// Check if all the data has been read; if not, discard the data in excess
if (ntohl(header.plen) )
{
if (sock_discard(sockctrl, ntohl(header.plen), NULL, 0) )
{
retcode= -1;
goto error;
}
}
return -3;
};
case RPCAP_MSG_ERROR:
return -3;
default:
{
SOCK_ASSERT("Internal error.", 1);
retcode= -2;
goto error;
};
}
}
// If it comes here, it means that we have an authentication request message
if ( (nread= sock_recv(sockctrl, (char *) &auth, sizeof(struct rpcap_auth), SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE)) == -1)
{
retcode= -1;
goto error;
}
switch (ntohs(auth.type) )
{
case RPCAP_RMTAUTH_NULL:
{
if (!nullAuthAllowed)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed; NULL autentication not permitted.");
retcode= -2;
goto error;
}
break;
}
case RPCAP_RMTAUTH_PWD:
{
int len1, len2;
len1= ntohs(auth.slen1);
len2= ntohs(auth.slen2);
string1= (char *) malloc (len1 + 1);
string2= (char *) malloc (len2 + 1);
if ( (string1 == NULL) || (string2 == NULL) )
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
retcode= -1;
goto error;
}
if ( (nread+= sock_recv(sockctrl, string1, len1, SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE)) == -1)
{
retcode= -1;
goto error;
}
if ( (nread+= sock_recv(sockctrl, string2, len2, SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE)) == -1)
{
retcode= -1;
goto error;
}
string1[len1]= 0;
string2[len2]= 0;
if (daemon_AuthUserPwd(string1, string2, errbuf) )
{
retcode= -2;
goto error;
}
break;
}
default:
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
retcode= -2;
goto error;
}
// Check if all the data has been read; if not, discard the data in excess
if (nread != plen)
{
if (sock_discard(sockctrl, plen - nread, NULL, 0) )
{
retcode= -1;
goto error;
}
}
rpcap_createhdr(&header, RPCAP_MSG_AUTH_REPLY, 0, 0);
// Send the ok message back
if ( sock_send(sockctrl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
{
retcode= -1;
goto error;
}
return 0;
error:
// Check if all the data has been read; if not, discard the data in excess
if (nread != plen)
sock_discard(sockctrl, plen - nread, NULL, 0);
return retcode;
}
int daemon_AuthUserPwd(char *username, char *password, char *errbuf)
{
#ifdef WIN32
/*
Warning: the user which launches the process must have the SE_TCB_NAME right.
This corresponds to have the "Act as part of the Operating System" turined on
(administrative tools, local security settings, local policies, user right assignment)
However, it seems to me that if you run it as a service, this right should be
provided by default.
*/
HANDLE Token;
if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
{
int error;
error = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
PCAP_ERRBUF_SIZE, NULL);
return -1;
}
// This call should change the current thread to the selected user.
// I didn't test it.
if (ImpersonateLoggedOnUser(Token) == 0)
{
int error;
error = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
PCAP_ERRBUF_SIZE, NULL);
CloseHandle(Token);
return -1;
}
CloseHandle(Token);
return 0;
#else
/* Standard user authentication:
http://www.unixpapa.com/incnote/passwd.html
Problem: it is not able to merge the standard pwd file with the shadow one
Shadow user authentication:
http://www.tldp.org/HOWTO/Shadow-Password-HOWTO-8.html
Problem: the program must either (1) run as root, or (2) run as user, but it
must be owned by root and must be SUID root (chmod u+s rpcapd)
*/
struct passwd *user;
#ifdef linux
struct spwd *usersp;
#endif
// This call is needed to get the uid
if ((user= getpwnam(username)) == NULL)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
return -1;
}
#ifdef linux
// This call is needed to get the password; otherwise 'x' is returned
if ((usersp= getspnam(username)) == NULL)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
return -1;
}
if (strcmp(usersp->sp_pwdp, (char *) crypt(password, usersp->sp_pwdp) ) != 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: password incorrect");
return -1;
}
#endif
#ifdef bsd
if (strcmp(user->pw_passwd, (char *) crypt(password, user->pw_passwd) ) != 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: password incorrect");
return -1;
}
#endif
if (setuid(user->pw_uid) )
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s", pcap_strerror(errno) );
return -1;
}
/* if (setgid(user->pw_gid) )
{
SOCK_ASSERT("setgid failed", 1);
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s", pcap_strerror(errno) );
return -1;
}
*/
return 0;
#endif
}
// PORTING WARNING We assume u_int is a 32bit value
int daemon_findalldevs(SOCKET sockctrl, char *errbuf)
{
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx= 0; // index which keeps the number of bytes currently buffered
pcap_if_t *alldevs; // pointer to the heade of the interface chain
pcap_if_t *d; // temp pointer neede to scan the interface chain
uint16 plen= 0; // length of the payload of this message
struct pcap_addr *address; // pcap structure that keeps a network address of an interface
struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together
uint16 nif= 0; // counts the number of interface listed
// Retrieve the device list
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_FINDALLIF, NULL);
return -1;
}
if (alldevs == NULL)
{
rpcap_senderror(sockctrl,
"No interfaces found! Make sure libpcap/WinPcap is properly installed"
" and you have the right to access to the remote device.",
PCAP_ERR_NOREMOTEIF,
errbuf);
return -1;
}
// checks the number of interfaces and it computes the total length of the payload
for (d= alldevs; d != NULL; d= d->next)
{
nif++;
if (d->description)
plen+= strlen(d->description);
if (d->name)
plen+= strlen(d->name);
plen+= sizeof(struct rpcap_findalldevs_if);
for (address= d->addresses; address != NULL; address= address->next)
plen+= ( sizeof(struct sockaddr_storage) * 4);
}
// RPCAP findalldevs command
if ( sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
rpcap_createhdr( (struct rpcap_header *) sendbuf, RPCAP_MSG_FINDALLIF_REPLY, nif, plen);
// send the interface list
for (d= alldevs; d != NULL; d= d->next)
{
uint16 lname, ldescr;
findalldevs_if= (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx];
if ( sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if) );
if (d->description) ldescr= (short) strlen(d->description);
else ldescr= 0;
if (d->name) lname= (short) strlen(d->name);
else lname= 0;
findalldevs_if->desclen= htons(ldescr);
findalldevs_if->namelen= htons(lname);
findalldevs_if->flags= htonl(d->flags);
for (address= d->addresses; address != NULL; address= address->next)
findalldevs_if->naddr++;
findalldevs_if->naddr= htons(findalldevs_if->naddr);
if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE) == -1)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -