http.c

* A ncurses user interface. * Network statistics to view the amount of packets and data in many

/*

  This file is part of sniffer, a packet capture utility and
  network moniter
  The author can be contacted at <mistral@stev.org>
  the lastest version is avilable from 
  http://stev.org

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "config.h"

#ifdef HTTP /* do we want http ? */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <pthread.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <ctype.h>
#include <sys/stat.h>

#include "list.h"
#include "locks.h"
#include "tcp.h"
#include "http.h"
#include "log.h"

int	base64_pton(char const *src, unsigned char *target, int targsize);

/* 	this is only to lock the output file so we dont
	get data from 2 different http connections in the file
	at the same time */

pthread_mutex_t http_mutex = PTHREAD_MUTEX_INITIALIZER;
/* 	this is only to lock the list so we dont
	get data from 2 different http connections adding into the list
	at the same time */

pthread_mutex_t http_mutex_list = PTHREAD_MUTEX_INITIALIZER;

static const char Base64[] =
	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

static const char Pad64 = '=';

int base64_pton(char const *src, unsigned char *target, int targsize) {
	int tarindex, state, ch;
	char *pos;

	state = 0;
	tarindex = 0;

	while ((ch = *src++) != '\0') {
		if (isspace(ch))	/* Skip whitespace anywhere. */
			continue;

		if (ch == Pad64)
			break;

		pos = strchr(Base64, ch);
		if (pos == 0) 		/* A non-base64 character. */
			return (-1);

		switch (state) {
		case 0:
			if (target) {
				if (tarindex >= targsize)
					return (-1);
				target[tarindex] = (pos - Base64) << 2;
			}
			state = 1;
			break;
		case 1:
			if (target) {
				if (tarindex + 1 >= targsize)
					return (-1);
				target[tarindex]   |=  (pos - Base64) >> 4;
				target[tarindex+1]  = ((pos - Base64) & 0x0f)
							<< 4 ;
			}
			tarindex++;
			state = 2;
			break;
		case 2:
			if (target) {
				if (tarindex + 1 >= targsize)
					return (-1);
				target[tarindex]   |=  (pos - Base64) >> 2;
				target[tarindex+1]  = ((pos - Base64) & 0x03)
							<< 6;
			}
			tarindex++;
			state = 3;
			break;
		case 3:
			if (target) {
				if (tarindex >= targsize)
					return (-1);
				target[tarindex] |= (pos - Base64);
			}
			tarindex++;
			state = 0;
			break;
		}
	}

	/*
	 * We are done decoding Base-64 chars.  Let's see if we ended
	 * on a byte boundary, and/or with erroneous trailing characters.
	 */

	if (ch == Pad64) {		/* We got a pad char. */
		ch = *src++;		/* Skip it, get next. */
		switch (state) {
		case 0:		/* Invalid = in first position */
		case 1:		/* Invalid = in second position */
			return (-1);

		case 2:		/* Valid, means one byte of info */
			/* Skip any number of spaces. */
			for (; ch != '\0'; ch = *src++)
				if (!isspace(ch))
					break;
			/* Make sure there is another trailing = sign. */
			if (ch != Pad64)
				return (-1);
			ch = *src++;		/* Skip the = */
			/* Fall through to "single trailing =" case. */
			/* FALLTHROUGH */

		case 3:		/* Valid, means two bytes of info */
			/*
			 * We know this char is an =.  Is there anything but
			 * whitespace after it?
			 */
			for (; ch != '\0'; ch = *src++)
				if (!isspace(ch))
					return (-1);

			/*
			 * Now make sure for cases 2 and 3 that the "extra"
			 * bits that slopped past the last full byte were
			 * zeros.  If we don't check them, they become a
			 * subliminal channel.
			 */
			if (target && target[tarindex] != 0)
				return (-1);
		}
	} else {
		/*
		 * We ended by seeing the end of the string.  Make sure we
		 * have no partial bytes lying around.
		 */
		if (state != 0)
			return (-1);
	}

	return (tarindex);
}

void http_src(struct sniff_pkt *pkt, struct tcp_data *tcp, char *data, int length) {
	struct http_data *tmp;
	char	*tdata; /* temp data storage */
	char	*p;
	int		i;

	tmp = tcp->dat;
	if (length < 2)
		return;
#ifdef DEBUG_HTTP
	log_s("http_src: start");
	log_error("\thttp_src: %d [%s] [%s]\n", length,tcp->src.ip_str,tcp->dest.ip_str);
#endif

	/* set a null at the end of the data prevents overruns */
	/* we also strip the <CFLF> off the end */
	data[length + 1] = (char ) NULL;
	data = strtok(data, "\r\n");
	while (data && data[1]) {
#ifdef DEBUG_HTTP
		log_s(data);
#endif
		if ((!strncmp("GET ", data, 4)) || (!strncmp("POST ", data, 5)) ||
			(!strncmp("CONNECT ", data, 6)) || (!strncmp("Host: ",data,6))) {
			tdata = malloc(strlen(data) + 1);
			if (tdata) {
		      	strcpy(tdata,data);
	            SLOCK(&http_mutex_list);
	   			list_add(tmp->tags, tdata);
	            SUNLOCK(&http_mutex_list);
	         } else
				log_errno("http_src: ERROR malloc 1");
		}
		if (!strncmp("Authorization: Basic ", data, 21)){
			p = data + 21;
			i = base64_pton(p, p, strlen(p));
			p[i] = '\0';
			tdata = malloc(strlen(data));
			if (tdata) {
				strcpy(tdata,data);
				SLOCK(&http_mutex_list);
				list_add(tmp->tags, tdata);
				SUNLOCK(&http_mutex_list);
			} else
				log_errno("http_src: ERROR malloc 2");
		}
		data = strtok(NULL, "\r\n");
	}
#ifdef DEBUG_HTTP
	log_s("http_src: end");
#endif
	return;
}

void http_dst(struct sniff_pkt *pkt, struct tcp_data *tcp, char *data, int length) {
	struct http_data *tmp;
	char	*tdata; /* temp data storage */

	tmp = tcp->dat;
	if (length < 2)
		return;
#ifdef DEBUG_HTTP
	log_s("http_dst: start");
	log_error("\thttp_dst: %d [%s] [%s]\n", length,tcp->src.ip_str,tcp->dest.ip_str);
#endif
	data[length + 1] = (char ) NULL;
	data = strtok(data, "\r\n");
	if (data && data[1]) {
	if ((length > 10) && (!strncmp("HTTP/", data, 5))) {
#ifdef DEBUG_HTTP
  			log_s(data);
#endif
		tdata = malloc(strlen(data) + 1);
		if (tdata) {
			strcpy(tdata,data);
			SLOCK(&http_mutex_list);
			list_add(tmp->tags, tdata);
			SUNLOCK(&http_mutex_list);
		} else
			log_errno("http_dst: ERROR malloc");
	}
};
#ifdef DEBUG_HTTP
	log_s("http_dst: end");
#endif
	return;
}

void http_clean(struct tcp_data *tcp) {
	struct http_data *tmp;
	int i, total;
	char *data;
	FILE *http_file = NULL; /* pointer to a file */
	char *fname = NULL; /* malloc this */
	tmp = tcp->dat; /* get the tcp->dat in */

	if (!tmp)
		return;
#ifdef DEBUG_HTTP
	log_s("http_clean: start");
#endif

	i = strlen("output/http/");
	if (tcp->dest.ip_name) {
		i += strlen(tcp->dest.ip_name);
	} else {
		i += strlen(tcp->dest.ip_str);
	}
	i += 1; /* for the @ and null */

	fname = malloc(i);
	if (!fname) {
		log_errno("malloc:");
		goto free_up; /* jump on the bottom */
	}

	/* build up a file name */
	strcpy(fname, "output/http/");
	if (tcp->dest.ip_name) {
		strcat(fname, tcp->dest.ip_name);
	} else {
		strcat(fname, tcp->dest.ip_str);
	}
	SLOCK(&http_mutex);

	http_file = fopen(fname, "a");
	if (!http_file) {
		log_errno("fopen:");
		SUNLOCK(&http_mutex);
		goto free_up; /* jump out the bottom */
	}

	/* print out some info about the host */
	fprintf(http_file, "********************************************\n");

	if (tcp->dest.ip_name) {
		fprintf(http_file, "Server: %s\n", tcp->dest.ip_name);
	} else {
		fprintf(http_file, "Server: %s\n", tcp->dest.ip_str);
	}

	if (tcp->src.ip_name) {
		fprintf(http_file, "Client: %s\n", tcp->src.ip_name);
	} else {
		fprintf(http_file, "Client: %s\n", tcp->src.ip_str);
	}

	fprintf(http_file, "Tags\n");
	total = list_len(tmp->tags);
	for(i=0;i<total;i++) {
		data = list_get(tmp->tags, 0);
		list_del(tmp->tags, 0);
		fprintf(http_file, "        %s\n", data);
		free(data); /* free as we go */
	}
	list_free(tmp->tags); /* kill list pointers */

	fprintf(http_file, "End of HTTP Session\n");
	fclose(http_file);
	SUNLOCK(&http_mutex);

free_up:
	/* just free up and exit */
	if (fname)
		free(fname);
	free(tmp); /* if tmp was == NULL we would not get this far */
#ifdef DEBUG_HTTP
	log_s("http_clean: end");
#endif

	return;
}

void http_init(struct tcp_data *tcp) {
	struct http_data *tmp;

	tmp = malloc(sizeof(struct http_data));
	if (!tmp) {
		log_errno("malloc");
		goto get_out;
	}

	tmp->tags = list_init();
	if (!tmp->tags) {
		log_errno("malloc");
		return;
	}

	tcp->func_src = http_src;
	tcp->func_dst = http_dst;
	tcp->func_lookup = NULL;
	tcp->func_cleanup = http_clean;

	tcp->dat = tmp;
	return;

get_out:
	tcp->func_src = NULL;
	tcp->func_dst = NULL;
	tcp->func_cleanup = NULL;
	return;
}

void http_open() {

	SLOCK(&http_mutex);
	if (mkdir("output/http", S_IRWXU) < 0)
		if (errno != EEXIST)
			log_errno_nolock("mkdir: output/http ");

	SUNLOCK(&http_mutex);
	return;
}

#endif /* ifdef HTTP */