]>
Commit | Line | Data |
---|---|---|
c86edd1d Q |
1 | |
2 | #include "proxyscan.h" | |
3 | ||
4 | #include <sys/poll.h> | |
5 | #include <sys/types.h> | |
6 | #include <sys/socket.h> | |
7 | #include <netdb.h> | |
8 | #include "../core/error.h" | |
9 | #include "../core/events.h" | |
10 | #include <stdlib.h> | |
11 | #include <stdio.h> | |
12 | #include <errno.h> | |
13 | #include "../nick/nick.h" | |
14 | #include "../core/hooks.h" | |
15 | #include "../lib/sstring.h" | |
16 | #include "../irc/irc_config.h" | |
17 | #include "../localuser/localuser.h" | |
18 | #include "../core/config.h" | |
19 | #include <unistd.h> | |
20 | #include "../core/schedule.h" | |
21 | #include <string.h> | |
22 | #include "../irc/irc.h" | |
23 | #include "../lib/irc_string.h" | |
24 | ||
25 | #define SCANTIMEOUT 60 | |
26 | ||
27 | #define SCANHOSTHASHSIZE 1000 | |
28 | #define SCANHASHSIZE 400 | |
29 | ||
30 | /* It's unlikely you'll get 100k of preamble before a connect... */ | |
31 | #define READ_SANITY_LIMIT 102400 | |
32 | ||
33 | scan *scantable[SCANHASHSIZE]; | |
34 | ||
35 | int listenfd; | |
36 | int activescans; | |
37 | int maxscans; | |
38 | int queuedhosts; | |
39 | int scansdone; | |
40 | int rescaninterval; | |
41 | int warningsent; | |
42 | int glinedhosts; | |
43 | time_t starttime; | |
44 | ||
45 | int numscans; /* number of scan types currently valid */ | |
46 | scantype thescans[PSCAN_MAXSCANS]; | |
47 | ||
48 | unsigned int hitsbyclass[10]; | |
49 | unsigned int scansbyclass[10]; | |
50 | ||
51 | unsigned int myip; | |
52 | sstring *myipstr; | |
53 | unsigned short listenport; | |
54 | int brokendb; | |
55 | ||
56 | unsigned int ps_mailip; | |
57 | unsigned int ps_mailport; | |
58 | sstring *ps_mailname; | |
59 | ||
92f1d9e3 D |
60 | unsigned long scanspermin; |
61 | unsigned long tempscanspermin=0; | |
62 | unsigned long lastscants=0; | |
63 | ||
c86edd1d Q |
64 | nick *proxyscannick; |
65 | ||
66 | FILE *ps_logfile; | |
67 | ||
68 | /* Local functions */ | |
69 | void handlescansock(int fd, short events); | |
70 | void timeoutscansock(void *arg); | |
71 | void proxyscan_newnick(int hooknum, void *arg); | |
72 | void proxyscan_lostnick(int hooknum, void *arg); | |
73 | void proxyscanuserhandler(nick *target, int message, void **params); | |
74 | void registerproxyscannick(); | |
75 | void killsock(scan *sp, int outcome); | |
76 | void killallscans(); | |
77 | void proxyscanstats(int hooknum, void *arg); | |
78 | void sendlagwarning(); | |
79 | void proxyscandostatus(nick *np); | |
80 | void proxyscandebug(nick *np); | |
81 | void proxyscan_newip(nick *np, unsigned long ip); | |
82 | int proxyscan_addscantype(int type, int port); | |
83 | int proxyscan_delscantype(int type, int port); | |
84 | ||
85 | int proxyscan_addscantype(int type, int port) { | |
86 | /* Check we have a spare scan slot */ | |
87 | ||
88 | if (numscans>=PSCAN_MAXSCANS) | |
89 | return 1; | |
90 | ||
91 | thescans[numscans].type=type; | |
92 | thescans[numscans].port=port; | |
93 | thescans[numscans].hits=0; | |
94 | ||
95 | numscans++; | |
96 | ||
97 | return 0; | |
98 | } | |
99 | ||
100 | int proxyscan_delscantype(int type, int port) { | |
101 | int i; | |
102 | ||
103 | for (i=0;i<numscans;i++) | |
104 | if (thescans[i].type==type && thescans[i].port==port) | |
105 | break; | |
106 | ||
107 | if (i>=numscans) | |
108 | return 1; | |
109 | ||
110 | memmove(thescans+i, thescans+(i+1), (PSCAN_MAXSCANS-(i+1)) * sizeof(scantype)); | |
111 | numscans--; | |
112 | ||
113 | return 0; | |
114 | } | |
115 | ||
116 | void _init(void) { | |
117 | sstring *cfgstr; | |
118 | int ipbits[4]; | |
119 | ||
120 | memset(scantable,0,sizeof(scantable)); | |
121 | maxscans=200; | |
122 | activescans=0; | |
123 | queuedhosts=0; | |
124 | scansdone=0; | |
125 | warningsent=0; | |
126 | starttime=time(NULL); | |
127 | glinedhosts=0; | |
128 | ||
92f1d9e3 D |
129 | scanspermin=0; |
130 | lastscants=time(NULL); | |
131 | ||
c86edd1d Q |
132 | /* Listen port */ |
133 | cfgstr=getcopyconfigitem("proxyscan","port","9999",6); | |
134 | listenport=strtol(cfgstr->content,NULL,10); | |
135 | freesstring(cfgstr); | |
136 | ||
137 | /* Max concurrent scans */ | |
138 | cfgstr=getcopyconfigitem("proxyscan","maxscans","200",5); | |
139 | maxscans=strtol(cfgstr->content,NULL,10); | |
140 | freesstring(cfgstr); | |
141 | ||
142 | /* Clean host timeout */ | |
143 | cfgstr=getcopyconfigitem("proxyscan","rescaninterval","3600",7); | |
144 | rescaninterval=strtol(cfgstr->content,NULL,10); | |
145 | cachehostinit(rescaninterval); | |
146 | freesstring(cfgstr); | |
147 | ||
148 | /* this default will NOT work well */ | |
149 | myipstr=getcopyconfigitem("proxyscan","ip","127.0.0.1",16); | |
150 | ||
151 | sscanf(myipstr->content,"%d.%d.%d.%d",&ipbits[0],&ipbits[1],&ipbits[2],&ipbits[3]); | |
152 | ||
153 | myip=((ipbits[0]&0xFF)<<24)+((ipbits[1]&0xFF)<<16)+ | |
154 | ((ipbits[2]&0xFF)<<8)+(ipbits[3]&0xFF); | |
155 | ||
156 | /* Mailer host */ | |
157 | cfgstr=getcopyconfigitem("proxyscan","mailerip","",16); | |
158 | ||
159 | #if defined(PROXYSCAN_MAIL) | |
160 | psm_mailerfd=-1; | |
161 | if (cfgstr) { | |
162 | sscanf(cfgstr->content,"%d.%d.%d.%d",&ipbits[0],&ipbits[1],&ipbits[2],&ipbits[3]); | |
163 | ps_mailip = ((ipbits[0]&0xFF)<<24)+((ipbits[1]&0xFF)<<16)+ | |
164 | ((ipbits[2]&0xFF)<<8)+(ipbits[3]&0xFF); | |
165 | ps_mailport=25; | |
166 | freesstring(cfgstr); | |
167 | ||
168 | ps_mailname=getcopyconfigitem("proxyscan","mailname","some.mail.server",HOSTLEN); | |
169 | Error("proxyscan",ERR_INFO,"Proxyscan mailer enabled; mailing to %s as %s.",IPtostr(ps_mailip),ps_mailname->content); | |
170 | } else { | |
171 | ps_mailport=0; | |
172 | ps_mailname=NULL; | |
173 | } | |
174 | #endif | |
175 | ||
176 | proxyscannick=NULL; | |
177 | /* Set up our nick on the network */ | |
178 | scheduleoneshot(time(NULL),®isterproxyscannick,NULL); | |
179 | ||
180 | registerhook(HOOK_NICK_NEWNICK,&proxyscan_newnick); | |
181 | ||
182 | registerhook(HOOK_CORE_STATSREQUEST,&proxyscanstats); | |
183 | ||
184 | /* Read in the clean hosts */ | |
185 | loadcachehosts(); | |
186 | ||
187 | /* Set up the database */ | |
188 | if ((proxyscandbinit())!=0) { | |
189 | brokendb=1; | |
190 | } else { | |
191 | brokendb=0; | |
192 | } | |
193 | ||
194 | /* Default scan types */ | |
195 | proxyscan_addscantype(STYPE_HTTP, 8080); | |
196 | proxyscan_addscantype(STYPE_HTTP, 80); | |
197 | proxyscan_addscantype(STYPE_HTTP, 6588); | |
198 | proxyscan_addscantype(STYPE_HTTP, 8000); | |
199 | proxyscan_addscantype(STYPE_HTTP, 3128); | |
200 | proxyscan_addscantype(STYPE_HTTP, 3802); | |
201 | proxyscan_addscantype(STYPE_HTTP, 5490); | |
202 | proxyscan_addscantype(STYPE_HTTP, 7441); | |
203 | proxyscan_addscantype(STYPE_HTTP, 808); | |
204 | proxyscan_addscantype(STYPE_HTTP, 3332); | |
205 | proxyscan_addscantype(STYPE_HTTP, 2282); | |
206 | proxyscan_addscantype(STYPE_SOCKS4, 1080); | |
207 | proxyscan_addscantype(STYPE_SOCKS5, 1080); | |
208 | proxyscan_addscantype(STYPE_SOCKS4, 1075); | |
209 | proxyscan_addscantype(STYPE_SOCKS5, 1075); | |
210 | proxyscan_addscantype(STYPE_SOCKS4, 2280); | |
211 | proxyscan_addscantype(STYPE_SOCKS5, 2280); | |
212 | proxyscan_addscantype(STYPE_SOCKS4, 1180); | |
213 | proxyscan_addscantype(STYPE_SOCKS5, 1180); | |
214 | proxyscan_addscantype(STYPE_WINGATE, 23); | |
215 | proxyscan_addscantype(STYPE_CISCO, 23); | |
216 | proxyscan_addscantype(STYPE_WINGATE, 1181); | |
217 | proxyscan_addscantype(STYPE_SOCKS5, 1978); | |
218 | proxyscan_addscantype(STYPE_SOCKS5, 1029); | |
219 | proxyscan_addscantype(STYPE_SOCKS5, 3801); | |
220 | proxyscan_addscantype(STYPE_SOCKS5, 3331); | |
221 | proxyscan_addscantype(STYPE_HTTP, 65506); | |
222 | proxyscan_addscantype(STYPE_HTTP, 63809); | |
905c2ba2 | 223 | proxyscan_addscantype(STYPE_HTTP, 63000); |
224 | proxyscan_addscantype(STYPE_SOCKS4, 559); | |
92f1d9e3 | 225 | proxyscan_addscantype(STYPE_SOCKS4, 29992); |
905c2ba2 | 226 | |
c86edd1d Q |
227 | /* Schedule saves */ |
228 | schedulerecurring(time(NULL)+3600,0,3600,&dumpcachehosts,NULL); | |
229 | ||
230 | ps_logfile=fopen("proxyscan.log","a"); | |
231 | } | |
232 | ||
233 | void registerproxyscannick(void *arg) { | |
234 | sstring *psnick,*psuser,*pshost,*psrealname; | |
235 | /* Set up our nick on the network */ | |
236 | ||
237 | psnick=getcopyconfigitem("proxyscan","nick","P",NICKLEN); | |
238 | psuser=getcopyconfigitem("proxyscan","user","proxyscan",USERLEN); | |
239 | pshost=getcopyconfigitem("proxyscan","host","some.host",HOSTLEN); | |
240 | psrealname=getcopyconfigitem("proxyscan","realname","Proxyscan",REALLEN); | |
241 | ||
242 | proxyscannick=registerlocaluser(psnick->content,psuser->content,pshost->content, | |
243 | psrealname->content, | |
244 | NULL,UMODE_OPER|UMODE_SERVICE|UMODE_DEAF, | |
245 | &proxyscanuserhandler); | |
246 | ||
247 | freesstring(psnick); | |
248 | freesstring(psuser); | |
249 | freesstring(pshost); | |
250 | freesstring(psrealname); | |
251 | } | |
252 | ||
253 | void _fini(void) { | |
254 | ||
255 | deregisterlocaluser(proxyscannick,NULL); | |
256 | ||
257 | deregisterhook(HOOK_NICK_NEWNICK,&proxyscan_newnick); | |
258 | ||
259 | deregisterhook(HOOK_CORE_STATSREQUEST,&proxyscanstats); | |
260 | ||
261 | deleteschedule(NULL,&dumpcachehosts,NULL); | |
262 | ||
263 | /* Kill any scans in progress */ | |
264 | killallscans(); | |
265 | ||
266 | /* Dump the database - AFTER killallscans() which prunes it */ | |
267 | dumpcachehosts(NULL); | |
268 | ||
269 | /* free() all our structures */ | |
270 | sfreeall(); | |
271 | ||
272 | freesstring(ps_mailname); | |
273 | #if defined(PROXYSCAN_MAIL) | |
274 | if (psm_mailerfd!=-1) | |
275 | deregisterhandler(psm_mailerfd,1); | |
276 | #endif | |
277 | ||
278 | if (ps_logfile) | |
279 | fclose(ps_logfile); | |
280 | } | |
281 | ||
282 | void proxyscanuserhandler(nick *target, int message, void **params) { | |
283 | nick *sender; | |
284 | char *msg; | |
285 | int i; | |
286 | ||
287 | switch(message) { | |
288 | case LU_KILLED: | |
289 | scheduleoneshot(time(NULL)+1,®isterproxyscannick,NULL); | |
290 | proxyscannick=NULL; | |
291 | break; | |
292 | ||
293 | case LU_PRIVMSG: | |
294 | case LU_SECUREMSG: | |
295 | sender=(nick *)params[0]; | |
296 | msg=(char *)params[1]; | |
297 | ||
298 | if (IsOper(sender)) { | |
299 | if (!ircd_strncmp(msg,"listopen",8)) { | |
300 | proxyscandolistopen(proxyscannick,sender,time(NULL)-rescaninterval); | |
301 | } | |
302 | ||
303 | if (!ircd_strncmp(msg,"status",6)) { | |
304 | proxyscandostatus(sender); | |
305 | } | |
306 | ||
307 | if (!ircd_strncmp(msg,"save",4)) { | |
308 | dumpcachehosts(NULL); | |
309 | sendnoticetouser(proxyscannick,sender,"Done."); | |
310 | } | |
311 | ||
312 | if (!ircd_strncmp(msg,"debug",5)) { | |
313 | proxyscandebug(sender); | |
314 | } | |
7d228b1d D |
315 | |
316 | if (!ircd_strncmp(msg,"spew ",5)) { | |
317 | /* check our database for the ip supplied */ | |
318 | unsigned long a,b,c,d; | |
319 | if (4 != sscanf(&msg[5],"%lu.%lu.%lu.%lu",&a,&b,&c,&d)) { | |
320 | sendnoticetouser(proxyscannick,sender,"Usage: spew x.x.x.x"); | |
321 | } else { | |
322 | /* check db */ | |
323 | proxyscanspewip(proxyscannick,sender,a,b,c,d); | |
324 | } | |
325 | } | |
326 | ||
327 | if (!ircd_strncmp(msg,"showkill ",9)) { | |
328 | /* check our database for the id supplied */ | |
329 | unsigned long a; | |
330 | if (1 != sscanf(&msg[9],"%lu",&a)) { | |
331 | sendnoticetouser(proxyscannick,sender,"Usage: showkill <id>"); | |
332 | } else { | |
333 | /* check db */ | |
334 | proxyscanshowkill(proxyscannick,sender,a); | |
335 | } | |
336 | } | |
337 | ||
c86edd1d Q |
338 | if (!ircd_strncmp(msg,"scan ",5)) { |
339 | unsigned long a,b,c,d; | |
340 | if (4 != sscanf(&msg[5],"%lu.%lu.%lu.%lu",&a,&b,&c,&d)) { | |
341 | sendnoticetouser(proxyscannick,sender,"Usage: scan a.b.c.d"); | |
342 | } else { | |
343 | sendnoticetouser(proxyscannick,sender,"Forcing scan of %lu.%lu.%lu.%lu",a,b,c,d); | |
344 | /* Just queue the scans directly here.. plonk them on the priority queue */ | |
345 | for(i=0;i<numscans;i++) { | |
346 | queuescan((a<<24)+(b<<16)+(c<<8)+d,thescans[i].type,thescans[i].port,SCLASS_NORMAL,time(NULL)); | |
347 | } | |
348 | } | |
349 | } | |
350 | ||
351 | if (!ircd_strncmp(msg,"addscan ",8)) { | |
352 | unsigned int a,b; | |
353 | if (sscanf(msg+8,"%u %u",&a,&b) != 2) { | |
354 | sendnoticetouser(proxyscannick,sender,"Usage: addscan <type> <port>"); | |
355 | } else { | |
356 | sendnoticetouser(proxyscannick,sender,"Added scan type %u port %u",a,b); | |
357 | proxyscan_addscantype(a,b); | |
358 | scanall(a,b); | |
359 | } | |
360 | } | |
361 | ||
362 | if (!ircd_strncmp(msg,"delscan ",8)) { | |
363 | unsigned int a,b; | |
364 | if (sscanf(msg+8,"%u %u",&a,&b) != 2) { | |
365 | sendnoticetouser(proxyscannick,sender,"Usage: delscan <type> <port>"); | |
366 | } else { | |
367 | sendnoticetouser(proxyscannick,sender,"Delete scan type %u port %u",a,b); | |
368 | proxyscan_delscantype(a,b); | |
369 | } | |
370 | } | |
371 | ||
7d228b1d | 372 | if ((!ircd_strncmp(msg,"help",4)) || (!ircd_strncmp(msg,"showcommands",12))) { |
c86edd1d | 373 | sendnoticetouser(proxyscannick,sender,"Proxyscan commands:"); |
7d228b1d D |
374 | sendnoticetouser(proxyscannick,sender,"----------------------------------------------------------------------"); |
375 | sendnoticetouser(proxyscannick,sender,"help Shows this help"); | |
376 | sendnoticetouser(proxyscannick,sender,"status Prints status information"); | |
377 | sendnoticetouser(proxyscannick,sender,"listopen Shows open proxies found recently"); | |
378 | sendnoticetouser(proxyscannick,sender,"save Saves the clean host database"); | |
379 | sendnoticetouser(proxyscannick,sender,"scan <ip> Force scan of the supplied IP"); | |
380 | sendnoticetouser(proxyscannick,sender,"spew <ip> Find <ip> in our list of open proxies"); | |
381 | sendnoticetouser(proxyscannick,sender,"showkill <id> Shows details of a kill or gline made by the service"); | |
c86edd1d Q |
382 | } |
383 | } | |
384 | ||
385 | default: | |
386 | break; | |
387 | } | |
388 | } | |
389 | ||
390 | void addscantohash(scan *sp) { | |
391 | int hash; | |
392 | hash=(sp->fd)%SCANHASHSIZE; | |
393 | ||
394 | sp->next=scantable[hash]; | |
395 | scantable[hash]=sp; | |
396 | ||
397 | activescans++; | |
398 | } | |
399 | ||
400 | void delscanfromhash(scan *sp) { | |
401 | int hash; | |
402 | scan **sh; | |
403 | ||
404 | hash=(sp->fd)%SCANHASHSIZE; | |
405 | ||
406 | for (sh=&(scantable[hash]);*sh;sh=&((*sh)->next)) { | |
407 | if (*sh==sp) { | |
408 | (*sh)=sp->next; | |
409 | break; | |
410 | } | |
411 | } | |
412 | ||
413 | activescans--; | |
414 | } | |
415 | ||
416 | scan *findscan(int fd) { | |
417 | int hash; | |
418 | scan *sp; | |
419 | ||
420 | hash=fd%SCANHASHSIZE; | |
421 | ||
422 | for (sp=scantable[hash];sp;sp=sp->next) | |
423 | if (sp->fd==fd) | |
424 | return sp; | |
425 | ||
426 | return NULL; | |
427 | } | |
428 | ||
429 | void startscan(unsigned int IP, int type, int port, int class) { | |
430 | scan *sp; | |
92f1d9e3 D |
431 | |
432 | float scantmp; | |
433 | ||
434 | if (scansdone>maxscans) | |
435 | { | |
436 | /* ignore the first maxscans as this will skew our scans per second! */ | |
437 | tempscanspermin++; | |
438 | if ((lastscants+60) <= time(NULL)) | |
439 | { | |
440 | /* ok, at least 60 seconds has passed, calculate the scans per minute figure */ | |
441 | scantmp = time(NULL) - lastscants; | |
442 | scantmp = tempscanspermin / scantmp; | |
443 | scantmp = (scantmp * 60); | |
444 | scanspermin = scantmp; | |
445 | lastscants = time(NULL); | |
446 | tempscanspermin = 0; | |
447 | } | |
448 | } | |
c86edd1d Q |
449 | |
450 | sp=getscan(); | |
451 | ||
452 | sp->outcome=SOUTCOME_INPROGRESS; | |
453 | sp->port=port; | |
454 | sp->IP=IP; | |
455 | sp->type=type; | |
456 | sp->class=class; | |
457 | sp->bytesread=0; | |
458 | sp->totalbytesread=0; | |
459 | memset(sp->readbuf, '\0', PSCAN_READBUFSIZE); | |
460 | ||
461 | sp->fd=createconnectsocket(sp->IP,sp->port); | |
462 | sp->state=SSTATE_CONNECTING; | |
463 | if (sp->fd<0) { | |
464 | /* Couldn't set up the socket? */ | |
465 | freescan(sp); | |
466 | return; | |
467 | } | |
468 | /* Wait until it is writeable */ | |
469 | registerhandler(sp->fd,POLLERR|POLLHUP|POLLOUT,&handlescansock); | |
470 | /* And set a timeout */ | |
471 | sp->sch=scheduleoneshot(time(NULL)+SCANTIMEOUT,&timeoutscansock,(void *)sp); | |
472 | addscantohash(sp); | |
473 | } | |
474 | ||
475 | void timeoutscansock(void *arg) { | |
476 | scan *sp=(scan *)arg; | |
477 | ||
478 | killsock(sp, SOUTCOME_CLOSED); | |
479 | } | |
480 | ||
481 | void killsock(scan *sp, int outcome) { | |
482 | int i; | |
483 | cachehost *chp; | |
484 | foundproxy *fpp; | |
485 | ||
486 | scansdone++; | |
487 | scansbyclass[sp->class]++; | |
488 | ||
489 | /* Remove the socket from the schedule/event lists */ | |
490 | deregisterhandler(sp->fd,1); /* this will close the fd for us */ | |
491 | deleteschedule(sp->sch,&timeoutscansock,(void *)sp); | |
492 | ||
493 | sp->outcome=outcome; | |
494 | delscanfromhash(sp); | |
495 | ||
496 | /* See if we need to queue another scan.. */ | |
497 | if (sp->outcome==SOUTCOME_CLOSED && | |
498 | ((sp->class==SCLASS_CHECK) || | |
499 | (sp->class==SCLASS_NORMAL && (sp->state==SSTATE_SENTREQUEST || sp->state==SSTATE_GOTRESPONSE)))) | |
500 | queuescan(sp->IP, sp->type, sp->port, SCLASS_PASS2, time(NULL)+300); | |
501 | ||
502 | if (sp->outcome==SOUTCOME_CLOSED && sp->class==SCLASS_PASS2) | |
503 | queuescan(sp->IP, sp->type, sp->port, SCLASS_PASS3, time(NULL)+300); | |
504 | ||
505 | if (sp->outcome==SOUTCOME_CLOSED && sp->class==SCLASS_PASS3) | |
506 | queuescan(sp->IP, sp->type, sp->port, SCLASS_PASS4, time(NULL)+300); | |
507 | ||
508 | if (sp->outcome==SOUTCOME_OPEN) { | |
509 | hitsbyclass[sp->class]++; | |
510 | ||
511 | /* Lets try and get the cache record. If there isn't one, make a new one. */ | |
512 | if (!(chp=findcachehost(sp->IP))) | |
513 | chp=addcleanhost(sp->IP, time(NULL)); | |
514 | ||
515 | /* Stick it on the cache's list of proxies, if necessary */ | |
516 | for (fpp=chp->proxies;fpp;fpp=fpp->next) | |
517 | if (fpp->type==sp->type && fpp->port==sp->port) | |
518 | break; | |
519 | ||
520 | if (!fpp) { | |
521 | fpp=getfoundproxy(); | |
522 | fpp->type=sp->type; | |
523 | fpp->port=sp->port; | |
524 | fpp->next=chp->proxies; | |
525 | chp->proxies=fpp; | |
526 | } | |
527 | ||
528 | if (!chp->glineid) { | |
529 | glinedhosts++; | |
530 | loggline(chp); | |
531 | irc_send("%s GL * +*@%s 1800 :Open Proxy, see http://www.quakenet.org/openproxies.html - ID: %d", | |
532 | mynumeric->content,IPtostr(sp->IP),chp->glineid); | |
533 | Error("proxyscan",ERR_DEBUG,"Found open proxy on host %s",IPtostr(sp->IP)); | |
534 | } else { | |
535 | loggline(chp); /* Update log only */ | |
536 | } | |
537 | ||
538 | /* Update counter */ | |
539 | for(i=0;i<numscans;i++) { | |
540 | if (thescans[i].type==sp->type && thescans[i].port==sp->port) { | |
541 | thescans[i].hits++; | |
542 | break; | |
543 | } | |
544 | } | |
545 | } | |
546 | ||
547 | freescan(sp); | |
548 | ||
549 | /* kick the queue.. */ | |
550 | startqueuedscans(); | |
551 | } | |
552 | ||
553 | void handlescansock(int fd, short events) { | |
554 | scan *sp; | |
555 | char buf[512]; | |
556 | int res; | |
557 | int i; | |
558 | unsigned long netip; | |
559 | unsigned short netport; | |
560 | ||
561 | if ((sp=findscan(fd))==NULL) { | |
562 | /* Not found; return and hope it goes away */ | |
563 | Error("proxyscan",ERR_ERROR,"Unexpected message from fd %d",fd); | |
564 | return; | |
565 | } | |
566 | ||
567 | /* It woke up, delete the alarm call.. */ | |
568 | deleteschedule(sp->sch,&timeoutscansock,(void *)sp); | |
569 | ||
570 | if (events & (POLLERR|POLLHUP)) { | |
571 | /* Some kind of error; give up on this socket */ | |
572 | if (sp->state==SSTATE_GOTRESPONSE) { | |
573 | /* If the error occured while we were waiting for a response, we might have | |
574 | * received the "OPEN PROXY!" message and the EOF at the same time, so continue | |
575 | * processing */ | |
576 | /* Error("proxyscan",ERR_DEBUG,"Got error in GOTRESPONSE state for %s, continuing.",IPtostr(sp->host->IP)); */ | |
577 | } else { | |
578 | killsock(sp, SOUTCOME_CLOSED); | |
579 | return; | |
580 | } | |
581 | } | |
582 | ||
583 | /* Otherwise, we got what we wanted.. */ | |
584 | ||
585 | switch(sp->state) { | |
586 | case SSTATE_CONNECTING: | |
587 | /* OK, we got activity while connecting, so we're going to send some | |
588 | * request depending on scan type. However, we can reregister everything | |
589 | * here to save duplicate code: This code is common for all handlers */ | |
590 | ||
591 | /* Delete the old handler */ | |
592 | deregisterhandler(fd,0); | |
593 | /* Set the new one */ | |
594 | registerhandler(fd,POLLERR|POLLHUP|POLLIN,&handlescansock); | |
595 | sp->sch=scheduleoneshot(time(NULL)+SCANTIMEOUT,&timeoutscansock,(void *)sp); | |
596 | /* Update state */ | |
597 | sp->state=SSTATE_SENTREQUEST; | |
598 | ||
599 | switch(sp->type) { | |
600 | case STYPE_HTTP: | |
601 | sprintf(buf,"CONNECT %s:%d HTTP/1.0\r\n\r\n",myipstr->content,listenport); | |
602 | if ((write(fd,buf,strlen(buf)))<strlen(buf)) { | |
603 | /* We didn't write the full amount, DIE */ | |
604 | killsock(sp,SOUTCOME_CLOSED); | |
605 | return; | |
606 | } | |
607 | break; | |
608 | ||
609 | case STYPE_SOCKS4: | |
610 | /* set up the buffer */ | |
611 | netip=htonl(myip); | |
612 | netport=htons(listenport); | |
613 | memcpy(&buf[4],&netip,4); | |
614 | memcpy(&buf[2],&netport,2); | |
615 | buf[0]=4; | |
616 | buf[1]=1; | |
617 | buf[8]=0; | |
618 | if ((write(fd,buf,9))<9) { | |
619 | /* Didn't write enough, give up */ | |
620 | killsock(sp,SOUTCOME_CLOSED); | |
621 | return; | |
622 | } | |
623 | break; | |
624 | ||
625 | case STYPE_SOCKS5: | |
626 | /* Set up initial request buffer */ | |
627 | buf[0]=5; | |
628 | buf[1]=1; | |
629 | buf[2]=0; | |
630 | if ((write(fd,buf,3))>3) { | |
631 | /* Didn't write enough, give up */ | |
632 | killsock(sp,SOUTCOME_CLOSED); | |
633 | return; | |
634 | } | |
635 | ||
636 | /* Now the actual connect request */ | |
637 | buf[0]=5; | |
638 | buf[1]=1; | |
639 | buf[2]=0; | |
640 | buf[3]=1; | |
641 | netip=htonl(myip); | |
642 | netport=htons(listenport); | |
643 | memcpy(&buf[4],&netip,4); | |
644 | memcpy(&buf[8],&netport,2); | |
645 | res=write(fd,buf,10); | |
646 | if (res<10) { | |
647 | killsock(sp,SOUTCOME_CLOSED); | |
648 | return; | |
649 | } | |
650 | break; | |
651 | ||
652 | case STYPE_WINGATE: | |
653 | /* Send wingate request */ | |
654 | sprintf(buf,"%s:%d\r\n",myipstr->content,listenport); | |
655 | if((write(fd,buf,strlen(buf)))<strlen(buf)) { | |
656 | killsock(sp,SOUTCOME_CLOSED); | |
657 | return; | |
658 | } | |
659 | break; | |
660 | ||
661 | case STYPE_CISCO: | |
662 | /* Send cisco request */ | |
663 | sprintf(buf,"cisco\r\n"); | |
664 | if ((write(fd,buf,strlen(buf)))<strlen(buf)) { | |
665 | killsock(sp, SOUTCOME_CLOSED); | |
666 | return; | |
667 | } | |
668 | ||
669 | sprintf(buf,"telnet %s %d\r\n",myipstr->content,listenport); | |
670 | if ((write(fd,buf,strlen(buf)))<strlen(buf)) { | |
671 | killsock(sp, SOUTCOME_CLOSED); | |
672 | return; | |
673 | } | |
674 | ||
905c2ba2 | 675 | break; |
676 | ||
677 | case STYPE_DIRECT: | |
678 | /* Do nothing */ | |
c86edd1d Q |
679 | break; |
680 | } | |
681 | break; | |
682 | ||
683 | case SSTATE_SENTREQUEST: | |
684 | res=read(fd, sp->readbuf+sp->bytesread, PSCAN_READBUFSIZE-sp->bytesread); | |
685 | ||
686 | if (res<=0) { | |
687 | if ((errno!=EINTR && errno!=EWOULDBLOCK) || res==0) { | |
688 | /* EOF, forget it */ | |
689 | killsock(sp, SOUTCOME_CLOSED); | |
690 | return; | |
691 | } | |
692 | } | |
693 | ||
694 | sp->bytesread+=res; | |
695 | sp->totalbytesread+=res; | |
696 | for (i=0;i<sp->bytesread - MAGICSTRINGLENGTH;i++) { | |
697 | if (!strncmp(sp->readbuf+i, MAGICSTRING, MAGICSTRINGLENGTH)) { | |
698 | /* Found the magic string */ | |
699 | /* If the offset is 0, this means it was the first thing we got from the socket, | |
700 | * so it's an actual IRCD (sheesh). Note that when the buffer is full and moved, | |
701 | * the thing moved to offset 0 would previously have been tested as offset | |
905c2ba2 | 702 | * PSCAN_READBUFSIZE/2. |
703 | * | |
704 | * Skip this checking for STYPE_DIRECT scans, which are used to detect trojans setting | |
705 | * up portforwards (which will therefore show up as ircds, we rely on the port being | |
706 | * strange enough to avoid false positives */ | |
707 | if (i==0 && (sp->type != STYPE_DIRECT)) { | |
c86edd1d Q |
708 | killsock(sp, SOUTCOME_CLOSED); |
709 | return; | |
710 | } | |
711 | ||
712 | killsock(sp, SOUTCOME_OPEN); | |
713 | return; | |
714 | } | |
715 | } | |
716 | ||
717 | /* If the buffer is full, move half of it along to make room */ | |
718 | if (sp->bytesread == PSCAN_READBUFSIZE) { | |
719 | memcpy(sp->readbuf, sp->readbuf + (PSCAN_READBUFSIZE)/2, PSCAN_READBUFSIZE/2); | |
720 | sp->bytesread = PSCAN_READBUFSIZE/2; | |
721 | } | |
722 | ||
723 | /* Don't read data forever.. */ | |
724 | if (sp->totalbytesread > READ_SANITY_LIMIT) { | |
725 | killsock(sp, SOUTCOME_CLOSED); | |
726 | return; | |
727 | } | |
728 | ||
729 | /* No magic string yet, we schedule another timeout in case it comes later. */ | |
730 | sp->sch=scheduleoneshot(time(NULL)+SCANTIMEOUT,&timeoutscansock,(void *)sp); | |
731 | return; | |
732 | } | |
733 | } | |
734 | ||
735 | void killallscans() { | |
736 | int i; | |
737 | scan *sp; | |
738 | cachehost *chp; | |
739 | ||
740 | for(i=0;i<SCANHASHSIZE;i++) { | |
741 | for(sp=scantable[i];sp;sp=sp->next) { | |
742 | /* If there is a pending scan, delete it's clean host record.. */ | |
743 | if ((chp=findcachehost(sp->IP)) && !chp->proxies) | |
744 | delcachehost(chp); | |
745 | ||
746 | if (sp->fd!=-1) { | |
747 | deregisterhandler(sp->fd,1); | |
748 | deleteschedule(sp->sch,&timeoutscansock,(void *)(sp)); | |
749 | } | |
750 | } | |
751 | } | |
752 | } | |
753 | ||
754 | void proxyscanstats(int hooknum, void *arg) { | |
755 | char buf[512]; | |
756 | ||
757 | sprintf(buf, "Proxyscn: %6d/%4d scans complete/in progress. %d hosts queued.", | |
758 | scansdone,activescans,queuedhosts); | |
759 | triggerhook(HOOK_CORE_STATSREPLY,buf); | |
760 | sprintf(buf, "Proxyscn: %6u known clean hosts",cleancount()); | |
761 | triggerhook(HOOK_CORE_STATSREPLY,buf); | |
762 | } | |
763 | ||
764 | void sendlagwarning() { | |
765 | int i,j; | |
766 | nick *np; | |
767 | ||
768 | for (i=0;i<MAXSERVERS;i++) { | |
769 | if (serverlist[i].maxusernum>0) { | |
770 | for(j=0;j<serverlist[i].maxusernum;j++) { | |
771 | np=servernicks[i][j]; | |
772 | if (np!=NULL && IsOper(np)) { | |
773 | sendnoticetouser(proxyscannick,np,"Warning: More than 20,000 hosts to scan - I'm lagging behind badly!"); | |
774 | } | |
775 | } | |
776 | } | |
777 | } | |
778 | } | |
779 | ||
905c2ba2 | 780 | int pscansort(const void *a, const void *b) { |
781 | int ra = *((const int *)a); | |
782 | int rb = *((const int *)b); | |
783 | ||
784 | return thescans[ra].hits - thescans[rb].hits; | |
785 | } | |
786 | ||
c86edd1d Q |
787 | void proxyscandostatus(nick *np) { |
788 | int i; | |
789 | int totaldetects=0; | |
905c2ba2 | 790 | int ord[PSCAN_MAXSCANS]; |
c86edd1d Q |
791 | |
792 | sendnoticetouser(proxyscannick,np,"Service uptime: %s",longtoduration(time(NULL)-starttime, 1)); | |
793 | sendnoticetouser(proxyscannick,np,"Total scans completed: %d",scansdone); | |
794 | sendnoticetouser(proxyscannick,np,"Total hosts glined: %d",glinedhosts); | |
795 | ||
92f1d9e3 D |
796 | sendnoticetouser(proxyscannick,np,"pendingscan structures: %lu x %lu bytes = %lu bytes total",countpendingscan, |
797 | sizeof(pendingscan), (countpendingscan * sizeof(pendingscan))); | |
798 | ||
c86edd1d | 799 | sendnoticetouser(proxyscannick,np,"Currently active scans: %d/%d",activescans,maxscans); |
92f1d9e3 | 800 | sendnoticetouser(proxyscannick,np,"Processing speed: %lu scans per minute",scanspermin); |
c86edd1d Q |
801 | sendnoticetouser(proxyscannick,np,"Normal queued scans: %d",normalqueuedscans); |
802 | sendnoticetouser(proxyscannick,np,"Timed queued scans: %d",prioqueuedscans); | |
803 | sendnoticetouser(proxyscannick,np,"'Clean' cached hosts: %d",cleancount()); | |
804 | sendnoticetouser(proxyscannick,np,"'Dirty' cached hosts: %d",dirtycount()); | |
805 | ||
806 | for (i=0;i<5;i++) | |
807 | sendnoticetouser(proxyscannick,np,"Open proxies, class %1d: %d/%d (%.2f%%)",i,hitsbyclass[i],scansbyclass[i],((float)hitsbyclass[i]*100)/scansbyclass[i]); | |
808 | ||
809 | for (i=0;i<numscans;i++) | |
810 | totaldetects+=thescans[i].hits; | |
811 | ||
905c2ba2 | 812 | for (i=0;i<numscans;i++) |
813 | ord[i]=i; | |
814 | ||
815 | qsort(ord,numscans,sizeof(int),pscansort); | |
816 | ||
c86edd1d Q |
817 | sendnoticetouser(proxyscannick,np,"Scan type Port Detections"); |
818 | for (i=0;i<numscans;i++) | |
819 | sendnoticetouser(proxyscannick,np,"%-9s %-5d %d (%.2f%%)", | |
905c2ba2 | 820 | scantostr(thescans[ord[i]].type), thescans[ord[i]].port, thescans[ord[i]].hits, ((float)thescans[ord[i]].hits*100)/totaldetects); |
c86edd1d Q |
821 | |
822 | sendnoticetouser(proxyscannick,np,"End of list."); | |
823 | } | |
824 | ||
825 | void proxyscandebug(nick *np) { | |
826 | /* Dump all scans.. */ | |
827 | int i; | |
828 | int activescansfound=0; | |
829 | int totalscansfound=0; | |
830 | scan *sp; | |
831 | ||
832 | sendnoticetouser(proxyscannick,np,"Active scans : %d",activescans); | |
833 | ||
834 | for (i=0;i<SCANHASHSIZE;i++) { | |
835 | for (sp=scantable[i];sp;sp=sp->next) { | |
836 | if (sp->outcome==SOUTCOME_INPROGRESS) { | |
837 | activescansfound++; | |
838 | } | |
839 | totalscansfound++; | |
840 | sendnoticetouser(proxyscannick,np,"fd: %d type: %d port: %d state: %d outcome: %d IP: %s", | |
841 | sp->fd,sp->type,sp->port,sp->state,sp->outcome,IPtostr(sp->IP)); | |
842 | } | |
843 | } | |
844 | ||
845 | sendnoticetouser(proxyscannick,np,"Total %d scans actually found (%d active)",totalscansfound,activescansfound); | |
846 | } |