george/fiche
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: george:secure
Branches Tags
george:master george:secure george:legacy
george:0.9.1 george:0.9
..
compare: george:legacy
Branches Tags
george:master george:secure george:legacy
george:0.9.1 george:0.9

16 Commits
secure ... legacy

Author SHA1 Message Date
solusipse
27639c2e6d Update README.md 2017-10-10 15:01:26 +02:00
solusipse
c054f8dc20 Fixed #50 2017-04-15 23:36:22 +02:00
solusipse
44b908ff2b Merge pull request #38 from nnnn20430/master 
added IPv6 support #2
 2016-07-09 17:04:05 +02:00
solusipse
55ef361999 Merge pull request #40 from part1zano/master 
Fixed Makefile
 2016-07-09 16:59:10 +02:00
part1zano
231954696e Fixed Makefile 
If you don't like the default PREFIX on your system, you can always change it.
 2016-04-11 21:20:41 +03:00
nnnn20430
b9ed17e937 added IPv6 support 2016-03-15 14:13:08 +01:00
solusipse
a5c137c06d enhancement #33 2016-01-23 12:36:53 +01:00
solusipse
abf8ae5117 fixing issue #31 2016-01-23 11:44:46 +01:00
solusipse
8f3e23d3de Merge pull request #25 from jungle-boogie/patch-1 
better install path
 2015-11-18 20:45:53 +01:00
jungle-boogie
21d8ac90e8 better install path 2015-11-17 20:51:14 -08:00
solusipse
f76eea8931 Merge pull request #23 from cgie/warnings 
added checks on the return values of read/write
 2015-10-31 12:47:19 +01:00
Christian Gießen
fdbfa98938 Mitigated the non-critical errors into warnings 2015-10-31 12:04:43 +01:00
Christian Gießen
5ceb31a97e added checks on the return values of read/write 2015-10-31 09:18:36 +01:00
solusipse
f6ecdab9c5 Merge pull request #22 from Hypsurus/master 
Fix segfault, and error().
 2015-10-13 19:19:07 +02:00
Hypsurus
bea2fc990d Fix segfault in fopen, no check for null 2015-10-13 19:40:23 +03:00
Hypsurus
a409d1cee6 error() - no need to use ERROR multiple times 2015-10-13 19:30:30 +03:00
8 changed files with 193 additions and 4064 deletions
Expand all files Collapse all files

2
.travis.yml
View File

@@ -1,2 +1,2 @@
language: c language: c
script: ./configure && make script: make

4
Makefile.in → Makefile
View File

@@ -5,12 +5,12 @@
# ----------------------------------- # -----------------------------------
CFLAGS+=-pthread -O2 CFLAGS+=-pthread -O2
CFLAGS+=@LIBS@ prefix=/usr/local
all: fiche all: fiche
install: fiche install: fiche
install -m 0755 fiche ${PREFIX}/bin install -m 0755 fiche $(prefix)/bin
clean: clean:
rm -f fiche rm -f fiche

4
README.md
View File

@@ -3,7 +3,3 @@
## Warning ## Warning
Do not use code from this branch. Please use code from [master](https://github.com/solusipse/fiche) instead. Do not use code from this branch. Please use code from [master](https://github.com/solusipse/fiche) instead.
## Secure branch (legacy note)
This branch is the result of merging two pull requests: [#16](https://github.com/solusipse/fiche/pull/16) by [Adam Schwalm](https://github.com/ALSchwalm) and [#17](https://github.com/solusipse/fiche/pull/17) by [Renaud Allard](https://github.com/renaudallard), which contained some security-related improvements. It is recommended for `BSD` users or for those who would like to `arc4random`.

2
config.h.in
View File

@@ -1,2 +0,0 @@
#undef HAVE_ARC4RANDOM

3987
configure vendored
View File

File diff suppressed because it is too large Load Diff

20
configure.in
View File

@@ -1,20 +0,0 @@
AC_INIT([fiche], [0.99])
AC_CONFIG_SRCDIR([fiche.c])
AC_CONFIG_HEADERS([config.h])
# Checks for programs.
AC_PROG_CC
# Function arc4random() is in BSD standard C or GNU systems -lbsd
AC_SEARCH_LIBS([arc4random], [bsd], [HAVE_ARC4RANDOM="yes"])
# Checks for library functions.
AC_CHECK_FUNCS([bzero arc4random])
AC_SUBST(HAVE_ARC4RANDOM)
AC_CONFIG_FILES([Makefile])
AC_OUTPUT

209
fiche.c
View File

@@ -29,22 +29,23 @@ $ cat fiche.c | nc localhost 9999
*/ */
#include <sys/param.h> #include <sys/param.h>
#include <stdio.h>
#include "config.h"
#include "fiche.h" #include "fiche.h"
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
time_seed = time(0);
parse_parameters(argc, argv); parse_parameters(argc, argv);
set_domain_name();
if (getuid() == 0) if (getuid() == 0)
{ {
if (UID == -1) if (UID == -1)
error("ERROR: user not set"); error("user not set");
if (setgid(GID) != 0) if (setgid(GID) != 0)
error("ERROR: Unable to drop group privileges"); error("Unable to drop group privileges");
if (setuid(UID) != 0) if (setuid(UID) != 0)
error("ERROR: Unable to drop user privileges"); error("Unable to drop user privileges");
} }
if (BASEDIR == NULL) if (BASEDIR == NULL)
@@ -58,8 +59,21 @@ int main(int argc, char **argv)
listen_socket = create_socket(); listen_socket = create_socket();
setsockopt(listen_socket, SOL_SOCKET, SO_REUSEADDR, (const void *)&optval , sizeof(int)); setsockopt(listen_socket, SOL_SOCKET, SO_REUSEADDR, (const void *)&optval , sizeof(int));
#if (HAVE_INET6)
struct sockaddr_in6 server_address6;
if (IPv6)
{
server_address6 = set_address6(server_address6);
bind_to_port6(listen_socket, server_address6);
}
else
{
#else
if (1) {
#endif
server_address = set_address(server_address); server_address = set_address(server_address);
bind_to_port(listen_socket, server_address); bind_to_port(listen_socket, server_address);
}
if (DAEMON) if (DAEMON)
{ {
@@ -67,7 +81,7 @@ int main(int argc, char **argv)
pid = fork(); pid = fork();
if (pid == -1) if (pid == -1)
error("ERROR: Failed to fork"); error("Failed to fork");
if (pid == 0) if (pid == 0)
while (1) perform_connection(listen_socket); while (1) perform_connection(listen_socket);
} }
@@ -80,19 +94,34 @@ int main(int argc, char **argv)
void *thread_connection(void *args) void *thread_connection(void *args)
{ {
int connection_socket = ((struct thread_arguments *) args ) -> connection_socket; int connection_socket = ((struct thread_arguments *) args ) -> connection_socket;
struct sockaddr_in client_address = ((struct thread_arguments *) args ) -> client_address; struct sockaddr_in client_address;
struct client_data data;
struct client_data data = get_client_address(client_address); #if (HAVE_INET6)
struct sockaddr_in6 client_address6;
if (IPv6)
{
client_address6 = ((struct thread_arguments *) args ) -> client_address6;
data = get_client_address6(client_address6);
}
else
{
#else
if (1) {
#endif
client_address = ((struct thread_arguments *) args ) -> client_address;
data = get_client_address(client_address);
}
char buffer[BUFSIZE]; char buffer[BUFSIZE];
bzero(buffer, BUFSIZE); bzero(buffer, BUFSIZE);
int status = recv(connection_socket, buffer, BUFSIZE, MSG_DONTWAIT); int status = recv(connection_socket, buffer, BUFSIZE, MSG_WAITALL);
if (WHITELIST != NULL && check_whitelist(data.ip_address) == NULL) if (WHITELIST != NULL && check_whitelist(data.ip_address) == NULL)
{ {
display_info(data, NULL, "Rejected connection from unknown user."); display_info(data, NULL, "Rejected connection from unknown user.");
save_log(NULL, data.ip_address, data.hostname); save_log(NULL, data.ip_address, data.hostname);
write(connection_socket, "You are not whitelisted!\n", 26); if (write(connection_socket, "You are not whitelisted!\n", 26) < 0)
printf("Error writing on stream socket\n");
close(connection_socket); close(connection_socket);
pthread_exit(NULL); pthread_exit(NULL);
} }
@@ -101,7 +130,8 @@ void *thread_connection(void *args)
{ {
display_info(data, NULL, "Rejected connection from banned user."); display_info(data, NULL, "Rejected connection from banned user.");
save_log(NULL, data.ip_address, data.hostname); save_log(NULL, data.ip_address, data.hostname);
write(connection_socket, "You are banned!\n", 17); if (write(connection_socket, "You are banned!\n", 17) < 0)
printf("Error writing on stream socket\n");
close(connection_socket); close(connection_socket);
pthread_exit(NULL); pthread_exit(NULL);
} }
@@ -116,13 +146,15 @@ void *thread_connection(void *args)
save_log(slug, data.ip_address, data.hostname); save_log(slug, data.ip_address, data.hostname);
char response[strlen(slug) + strlen(DOMAIN) + 2]; char response[strlen(slug) + strlen(DOMAIN) + 2];
snprintf(response, sizeof response, "%s%s\n", DOMAIN, slug); snprintf(response, sizeof response, "%s%s\n", DOMAIN, slug);
write(connection_socket, response, strlen(response)); if (write(connection_socket, response, strlen(response)) < 0)
printf("Error writing on stream socket\n");
} }
else else
{ {
display_info(data, NULL, "Invalid connection."); display_info(data, NULL, "Invalid connection.");
save_log(NULL, data.ip_address, data.hostname); save_log(NULL, data.ip_address, data.hostname);
write(connection_socket, "Use netcat.\n", 12); if (write(connection_socket, "Use netcat.\n", 12) < 0)
printf("Error writing on stream socket\n");
} }
close(connection_socket); close(connection_socket);
@@ -134,24 +166,45 @@ void perform_connection(int listen_socket)
pthread_t thread_id; pthread_t thread_id;
struct sockaddr_in client_address; struct sockaddr_in client_address;
int address_length = sizeof(client_address); int address_length;
int connection_socket = accept(listen_socket, (struct sockaddr *) &client_address, (void *) &address_length); int connection_socket;
#if (HAVE_INET6)
struct sockaddr_in6 client_address6;
if (IPv6)
{
address_length = sizeof(client_address6);
connection_socket = accept(listen_socket, (struct sockaddr *) &client_address6, (void *) &address_length);
}
else
{
#else
if (1) {
#endif
address_length = sizeof(client_address);
connection_socket = accept(listen_socket, (struct sockaddr *) &client_address, (void *) &address_length);
}
struct timeval timeout; struct timeval timeout;
timeout.tv_sec = 5; timeout.tv_sec = 5;
timeout.tv_usec = 0; timeout.tv_usec = 0;
if (setsockopt (connection_socket, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) if (setsockopt (connection_socket, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0)
error("ERROR while setting setsockopt timeout"); error("while setting setsockopt timeout");
if (setsockopt (connection_socket, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) if (setsockopt (connection_socket, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0)
error("ERROR while setting setsockopt timeout"); error("while setting setsockopt timeout");
struct thread_arguments arguments; struct thread_arguments arguments;
arguments.connection_socket = connection_socket; arguments.connection_socket = connection_socket;
#if (HAVE_INET6)
if (IPv6)
arguments.client_address6 = client_address6;
else
#endif
arguments.client_address = client_address; arguments.client_address = client_address;
if (pthread_create(&thread_id, NULL, &thread_connection, &arguments) != 0) if (pthread_create(&thread_id, NULL, &thread_connection, &arguments) != 0)
error("ERROR on thread creation"); error("on thread creation");
else else
pthread_detach(thread_id); pthread_detach(thread_id);
} }
@@ -197,6 +250,36 @@ struct client_data get_client_address(struct sockaddr_in client_address)
return data; return data;
} }
#if (HAVE_INET6)
struct client_data get_client_address6(struct sockaddr_in6 client_address6)
{
struct hostent *hostp;
struct client_data data;
static char hostaddrp[INET6_ADDRSTRLEN];
hostp = gethostbyaddr((const char *)&client_address6.sin6_addr, sizeof(client_address6.sin6_addr), AF_INET6);
if (hostp == NULL)
{
printf("WARNING: Couldn't obtain client's hostname\n");
data.hostname = "n/a";
}
else
data.hostname = hostp->h_name;
inet_ntop(AF_INET6, &(client_address6.sin6_addr), hostaddrp,
INET6_ADDRSTRLEN);
if (hostaddrp == NULL)
{
printf("WARNING: Couldn't obtain client's address\n");
data.ip_address = "n/a";
}
else
data.ip_address = hostaddrp;
return data;
}
#endif
void save_log(char *slug, char *hostaddrp, char *h_name) void save_log(char *slug, char *hostaddrp, char *h_name)
{ {
if (LOG != NULL) if (LOG != NULL)
@@ -244,13 +327,18 @@ char *check_whitelist(char *ip_address)
void load_list(char *file_path, int type) void load_list(char *file_path, int type)
{ {
FILE *fp = fopen(file_path, "r"); FILE *fp;
if (( fp = fopen(file_path, "r")) == NULL )
error("cannot load list");
fseek(fp, 0, SEEK_END); fseek(fp, 0, SEEK_END);
long fsize = ftell(fp); long fsize = ftell(fp);
fseek(fp, 0, SEEK_SET); fseek(fp, 0, SEEK_SET);
char *buffer = malloc(fsize + 1); char *buffer = malloc(fsize + 1);
fread(buffer, fsize, 1, fp); if (fread(buffer, fsize, 1, fp) != fsize)
error("reading list failed");
fclose(fp); fclose(fp);
buffer[fsize] = 0; buffer[fsize] = 0;
@@ -265,10 +353,16 @@ void load_list(char *file_path, int type)
int create_socket() int create_socket()
{ {
int lsocket = socket(AF_INET, SOCK_STREAM, 0); int lsocket;
#if (HAVE_INET6)
if (IPv6)
lsocket = socket(AF_INET6, SOCK_STREAM, 0);
else
#endif
lsocket = socket(AF_INET, SOCK_STREAM, 0);
if (lsocket < 0) if (lsocket < 0)
error("ERROR: Couldn't open socket"); error("Couldn't open socket");
return lsocket; return lsocket;
} }
@@ -282,48 +376,61 @@ struct sockaddr_in set_address(struct sockaddr_in server_address)
return server_address; return server_address;
} }
#if (HAVE_INET6)
struct sockaddr_in6 set_address6(struct sockaddr_in6 server_address6)
{
bzero((char *) &server_address6, sizeof(server_address6));
server_address6.sin6_family = AF_INET6;
server_address6.sin6_addr = in6addr_any;
server_address6.sin6_port = htons((unsigned short)PORT);
return server_address6;
}
#endif
void bind_to_port(int listen_socket, struct sockaddr_in server_address) void bind_to_port(int listen_socket, struct sockaddr_in server_address)
{ {
if (bind(listen_socket, (struct sockaddr *) &server_address, sizeof(server_address)) < 0) if (bind(listen_socket, (struct sockaddr *) &server_address, sizeof(server_address)) < 0)
error("ERROR while binding to port"); error("while binding to port");
if (listen(listen_socket, QUEUE_SIZE) < 0) if (listen(listen_socket, QUEUE_SIZE) < 0)
error("ERROR while starting listening"); error("while starting listening");
} }
#if (HAVE_INET6)
void bind_to_port6(int listen_socket, struct sockaddr_in6 server_address6)
{
if (bind(listen_socket, (struct sockaddr *) &server_address6, sizeof(server_address6)) < 0)
error("while binding to port");
if (listen(listen_socket, QUEUE_SIZE) < 0)
error("while starting listening");
}
#endif
void generate_url(char *buffer, char *slug, size_t slug_length, struct client_data data) void generate_url(char *buffer, char *slug, size_t slug_length, struct client_data data)
{ {
int i; int i;
memset(slug, '\0', slug_length); memset(slug, '\0', slug_length);
#if !defined(BSD)
FILE* frandom = fopen("/dev/urandom", "r");
#endif
int symbol_id;
for (i = 0; i <= SLUG_SIZE - 1; i++) for (i = 0; i <= SLUG_SIZE - 1; i++)
{ {
#if defined(HAVE_ARC4RANDOM) #if defined(BSD)
int symbol_id = arc4random() % strlen(symbols); int symbol_id = arc4random() % strlen(symbols);
#else #else
fread(&symbol_id, sizeof(symbol_id), 1, frandom); int symbol_id = rand_r(&time_seed) % strlen(symbols);
#endif #endif
slug[i] = symbols[symbol_id % strlen(symbols)]; slug[i] = symbols[symbol_id];
} }
while (create_directory(slug) == -1) while (create_directory(slug) == -1)
{ {
#if defined(HAVE_ARC4RANDOM) #if defined(BSD)
int symbol_id = arc4random() % strlen(symbols); int symbol_id = arc4random() % strlen(symbols);
#else #else
fread(&symbol_id, sizeof(symbol_id), 1, frandom); int symbol_id = rand_r(&time_seed) % strlen(symbols);
#endif #endif
slug[strlen(slug)] = symbols[symbol_id % strlen(symbols)]; slug[strlen(slug)] = symbols[symbol_id];
} }
save_to_file(slug, buffer, data); save_to_file(slug, buffer, data);
#if !defined(BSD)
fclose(frandom);
#endif
} }
int create_directory(char *slug) int create_directory(char *slug)
@@ -399,25 +506,41 @@ void startup_message()
void error(char *buffer) void error(char *buffer)
{ {
printf("%s\n", buffer); printf("Error: %s\n", buffer);
exit(1); exit(1);
} }
void set_domain_name() {
char b[128];
memcpy(b, DOMAIN, sizeof DOMAIN);
if (HTTPS)
snprintf(DOMAIN, sizeof DOMAIN, "%s%s", "https://", b);
else
snprintf(DOMAIN, sizeof DOMAIN, "%s%s", "http://", b);
}
void parse_parameters(int argc, char **argv) void parse_parameters(int argc, char **argv)
{ {
int c; int c;
while ((c = getopt (argc, argv, "Dep:b:s:d:o:l:B:u:w:")) != -1) while ((c = getopt (argc, argv, "D6eSp:b:s:d:o:l:B:u:w:")) != -1)
switch (c) switch (c)
{ {
case 'D': case 'D':
DAEMON = 1; DAEMON = 1;
break; break;
case '6':
IPv6 = 1;
break;
case 'e': case 'e':
snprintf(symbols, sizeof symbols, "%s", "abcdefghijklmnopqrstuvwxyz0123456789-+_=.ABCDEFGHIJKLMNOPQRSTUVWXYZ"); snprintf(symbols, sizeof symbols, "%s", "abcdefghijklmnopqrstuvwxyz0123456789-+_=.ABCDEFGHIJKLMNOPQRSTUVWXYZ");
break; break;
case 'S':
HTTPS = 1;
break;
case 'd': case 'd':
snprintf(DOMAIN, sizeof DOMAIN, "%s%s%s", "http://", optarg, "/"); snprintf(DOMAIN, sizeof DOMAIN, "%s%s", optarg, "/");
break; break;
case 'p': case 'p':
PORT = atoi(optarg); PORT = atoi(optarg);
@@ -446,7 +569,7 @@ void parse_parameters(int argc, char **argv)
load_list(WHITEFILE, 1); load_list(WHITEFILE, 1);
break; break;
default: default:
printf("usage: fiche [-pbsdolBuw].\n"); printf("usage: fiche [-D6epbsdSolBuw].\n");
printf(" [-d domain] [-p port] [-s slug_size]\n"); printf(" [-d domain] [-p port] [-s slug_size]\n");
printf(" [-o output directory] [-B buffer_size] [-u user name]\n"); printf(" [-o output directory] [-B buffer_size] [-u user name]\n");
printf(" [-l log file] [-b banlist] [-w whitelist]\n"); printf(" [-l log file] [-b banlist] [-w whitelist]\n");

21
fiche.h
View File

@@ -31,6 +31,10 @@ $ cat fiche.c | nc localhost 9999
#ifndef FICHE_H #ifndef FICHE_H
#define FICHE_H #define FICHE_H
#ifndef HAVE_INET6
#define HAVE_INET6 1
#endif
#include <pwd.h> #include <pwd.h>
#include <time.h> #include <time.h>
#include <netdb.h> #include <netdb.h>
@@ -54,11 +58,13 @@ char *BANFILE;
char *WHITEFILE; char *WHITEFILE;
char *WHITELIST; char *WHITELIST;
int DAEMON = 0; int DAEMON = 0;
int HTTPS = 0;
int PORT = 9999; int PORT = 9999;
int IPv6 = 0;
int SLUG_SIZE = 4; int SLUG_SIZE = 4;
int BUFSIZE = 32768; int BUFSIZE = 32768;
int QUEUE_SIZE = 500; int QUEUE_SIZE = 500;
char DOMAIN[128] = "http://localhost/"; char DOMAIN[128] = "localhost/";
char symbols[67] = "abcdefghijklmnopqrstuvwxyz0123456789"; char symbols[67] = "abcdefghijklmnopqrstuvwxyz0123456789";
unsigned int time_seed; unsigned int time_seed;
@@ -67,6 +73,9 @@ struct thread_arguments
{ {
int connection_socket; int connection_socket;
struct sockaddr_in client_address; struct sockaddr_in client_address;
#if (HAVE_INET6)
struct sockaddr_in6 client_address6;
#endif
}; };
struct client_data struct client_data
@@ -80,6 +89,9 @@ int create_directory(char *slug);
int check_protocol(char *buffer); int check_protocol(char *buffer);
void bind_to_port(int listen_socket, struct sockaddr_in serveraddr); void bind_to_port(int listen_socket, struct sockaddr_in serveraddr);
#if (HAVE_INET6)
void bind_to_port6(int listen_socket, struct sockaddr_in6 serveraddr6);
#endif
void error(char *buffer); void error(char *buffer);
void perform_connection(int listen_socket); void perform_connection(int listen_socket);
void generate_url(char *buffer, char *slug, size_t slug_length, struct client_data data); void generate_url(char *buffer, char *slug, size_t slug_length, struct client_data data);
@@ -87,6 +99,7 @@ void save_to_file(char *buffer, char *slug, struct client_data data);
void display_info(struct client_data data, char *slug, char *message); void display_info(struct client_data data, char *slug, char *message);
void startup_message(); void startup_message();
void set_basedir(); void set_basedir();
void set_domain_name();
void load_list(char *file_path, int type); void load_list(char *file_path, int type);
void parse_parameters(int argc, char **argv); void parse_parameters(int argc, char **argv);
void save_log(char *slug, char *hostaddrp, char *h_name); void save_log(char *slug, char *hostaddrp, char *h_name);
@@ -97,6 +110,12 @@ char *check_whitelist(char *ip_address);
char *get_date(); char *get_date();
struct sockaddr_in set_address(struct sockaddr_in serveraddr); struct sockaddr_in set_address(struct sockaddr_in serveraddr);
#if (HAVE_INET6)
struct sockaddr_in6 set_address6(struct sockaddr_in6 serveraddr6);
#endif
struct client_data get_client_address(struct sockaddr_in client_address); struct client_data get_client_address(struct sockaddr_in client_address);
#if (HAVE_INET6)
struct client_data get_client_address6(struct sockaddr_in6 client_address6);
#endif
#endif #endif