diff options
| author | lns <matzeton@googlemail.com> | 2018-07-16 19:32:30 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2018-07-16 19:32:30 +0200 |
| commit | 486645a1b6ed3a12c938201e7729b4aeed5e1f93 (patch) | |
| tree | 254add30efceb206b88317835599f6bdc6ea62a6 /src | |
| parent | 05706e63b0a4daf83167e159402207fefd1ca65d (diff) | |
added skeleton code for a complex jail protocol (instead of a raw tcp2pty communication)
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/jail.c | 53 | ||||
| -rw-r--r-- | src/jail_protocol.c | 149 | ||||
| -rw-r--r-- | src/jail_protocol.h | 46 | ||||
| -rw-r--r-- | src/pevent.c | 9 | ||||
| -rw-r--r-- | src/pevent.h | 4 | ||||
| -rw-r--r-- | src/protocol_ssh.c | 20 | ||||
| -rw-r--r-- | src/redirector.c | 4 |
8 files changed, 265 insertions, 22 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 1ac657b..65e1a19 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ sbin_PROGRAMS = potd -potd_SOURCES = utils.c options.c log.c log_colored.c log_file.c socket.c pevent.c capabilities.c filesystem.c jail.c forward.c redirector.c protocol.c protocol_ssh.c main.c +potd_SOURCES = utils.c options.c log.c log_colored.c log_file.c socket.c pevent.c capabilities.c filesystem.c jail_protocol.c jail.c forward.c redirector.c protocol.c protocol_ssh.c main.c if HAVE_SECCOMP potd_SOURCES += pseccomp.c endif @@ -49,7 +49,9 @@ #include <assert.h> #include "jail.h" +#include "jail_protocol.h" #include "socket.h" +#include "pevent.h" #ifdef HAVE_SECCOMP #include "pseccomp.h" #endif @@ -63,6 +65,7 @@ typedef struct prisoner_process { psocket client_psock; char host_buf[NI_MAXHOST], service_buf[NI_MAXSERV]; char *newroot; + jail_data client_data; } prisoner_process; typedef struct server_event { @@ -87,7 +90,7 @@ static int jail_mainloop(event_ctx **ev_ctx, const jail_ctx *ctx[], size_t siz) static int jail_accept_client(event_ctx *ev_ctx, int fd, void *user_data); static int jail_childfn(prisoner_process *ctx) __attribute__((noreturn)); -static int jail_socket_tty(prisoner_process *ctx, int tty_fd); +static int jail_socket_tty(prisoner_process *ctx, int tty_fd, int init_fd); static int jail_socket_tty_io(event_ctx *ev_ctx, int src_fd, void *user_data); static int jail_log_input(event_ctx *ev_ctx, int src_fd, int dst_fd, char *buf, size_t siz, void *user_data); @@ -152,7 +155,7 @@ int jail_setup_event(jail_ctx *ctx[], size_t siz, event_ctx **ev_ctx) assert(siz > 0 && siz < POTD_MAXFD); event_init(ev_ctx); - if (event_setup(*ev_ctx)) + if (event_setup(*ev_ctx, POTD_WAITINF)) return 1; for (size_t i = 0; i < siz; ++i) { @@ -295,7 +298,7 @@ static int jail_childfn(prisoner_process *ctx) const char *path_devpts = "/dev/pts"; const char *path_proc = "/proc"; const char *path_shell = "/bin/sh"; - int i, s, master_fd, slave_fd; + int i, s, master_fd, slave_fd, init_pipefd[2]; int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC| CLONE_NEWNS/*|CLONE_NEWUSER*/; //unsigned int ug_map[3] = { 0, 10000, 65535 }; @@ -375,6 +378,8 @@ static int jail_childfn(prisoner_process *ctx) if (openpty(&master_fd, &slave_fd, NULL, NULL, NULL)) FATAL("%s", "openpty"); + if (pipe(init_pipefd)) + FATAL("%s", "Setup pipe for master/slave init"); child_pid = fork(); switch (child_pid) { case -1: @@ -406,7 +411,7 @@ static int jail_childfn(prisoner_process *ctx) if (login_tty(slave_fd)) exit(EXIT_FAILURE); - if (close_fds_except(0, 1, 2, -1)) + if (close_fds_except(0, 1, 2, init_pipefd[0], -1)) exit(EXIT_FAILURE); if (prctl(PR_SET_PDEATHSIG, SIGKILL) != 0) @@ -431,6 +436,14 @@ static int jail_childfn(prisoner_process *ctx) " -----------------------------------------------------\n" ); + if (read(init_pipefd[0], &ctx->client_data, sizeof ctx->client_data) == + sizeof ctx->client_data) + { + N("Got additional Jail data: [user: '%s', pass: '%s']", + ctx->client_data.user, ctx->client_data.pass); + } + close(init_pipefd[0]); + #ifdef HAVE_SECCOMP pseccomp_set_immutable(); pseccomp_init(&psc, @@ -458,7 +471,8 @@ static int jail_childfn(prisoner_process *ctx) N("Socket to tty I/O for prisoner pid %d", child_pid); - if (jail_socket_tty(ctx, master_fd)) + close(init_pipefd[0]); + if (jail_socket_tty(ctx, master_fd, init_pipefd[1])) E_STRERR("Socket to tty I/O for prisoner pid %d", child_pid); N("Killing prisoner pid %d", child_pid); @@ -476,12 +490,14 @@ static int jail_childfn(prisoner_process *ctx) finalise: close(master_fd); + close(init_pipefd[0]); + close(init_pipefd[1]); exit(EXIT_FAILURE); } -static int jail_socket_tty(prisoner_process *ctx, int tty_fd) +static int jail_socket_tty(prisoner_process *ctx, int tty_fd, int init_fd) { - static client_event ev_cli = {NULL, NULL, NULL, -1, -1, {0}, 0, 0, 0}; + client_event ev_cli = {NULL, NULL, NULL, -1, -1, {0}, 0, 0, 0}; int s, rc = 1; event_ctx *ev_ctx = NULL; sigset_t mask; @@ -490,7 +506,7 @@ static int jail_socket_tty(prisoner_process *ctx, int tty_fd) ev_cli.tty_fd = tty_fd; event_init(&ev_ctx); - if (event_setup(ev_ctx)) { + if (event_setup(ev_ctx, POTD_WAITINF)) { E_STRERR("Jail event context creation for jail tty fd %d", tty_fd); goto finish; @@ -532,6 +548,27 @@ static int jail_socket_tty(prisoner_process *ctx, int tty_fd) ev_cli.client_sock = &ctx->client_psock; ev_cli.host_buf = &ctx->host_buf[0]; ev_cli.service_buf = &ctx->service_buf[0]; + + if (!jail_protocol_handshake_read(ev_ctx, ctx->client_psock.fd, + tty_fd, &ctx->client_data)) + { + N("Using Jail protocol for fd %d", ctx->client_psock.fd); + } else { + N("Using raw Jail communication for fd %d", ctx->client_psock.fd); + snprintf(ctx->client_data.user, sizeof ctx->client_data.user, + "%s", "root"); + snprintf(ctx->client_data.pass, sizeof ctx->client_data.pass, + "%s", "pass"); + } + + if (write(init_fd, &ctx->client_data, sizeof ctx->client_data) != + sizeof ctx->client_data) + { + E_STRERR("Jail prisoner handshake for jail tty fd %d", + tty_fd); + } + close(init_fd); + rc = event_loop(ev_ctx, jail_socket_tty_io, &ev_cli); finish: close(ev_cli.signal_fd); diff --git a/src/jail_protocol.c b/src/jail_protocol.c new file mode 100644 index 0000000..4b6ebdd --- /dev/null +++ b/src/jail_protocol.c @@ -0,0 +1,149 @@ +/* + * jail_protocol.c + * potd is licensed under the BSD license: + * + * Copyright (c) 2018 Toni Uhlig <matzeton@googlemail.com> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * - Neither the name of the Yellow Lemon Software nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <string.h> +#include <arpa/inet.h> +#include <assert.h> + +#include "jail_protocol.h" +#include "utils.h" + +typedef struct jail_event { + jail_data *data; + int sock_fd; + int tty_fd; +} jail_event; + +static int +handshake_read_loop(event_ctx *ev_ctx, int src_fd, void *user_data); + + +ssize_t jail_protocol_readhdr(jail_data *dst, unsigned char *buf, + size_t bufsiz) +{ + jail_protocol_hdr *hdr; + size_t data_siz, min_siz; + + assert(dst); + + if (bufsiz < sizeof(*hdr)) + return -1; + hdr = (jail_protocol_hdr *) buf; + if (ntohl(hdr->magic) != PROTO_MAGIC) + return -1; + data_siz = bufsiz - sizeof(*hdr); + if (ntohl(hdr->size) != data_siz) + return -1; + + switch (ntohl(hdr->type)) { + case PROTO_TYPE_USER: + min_siz = MIN(data_siz, USER_LEN); + memcpy(dst->user, (char *) buf + sizeof(*hdr), min_siz); + dst->user[min_siz] = 0; + break; + case PROTO_TYPE_PASS: + min_siz = MIN(data_siz, PASS_LEN); + memcpy(dst->pass, (char *) buf + sizeof(*hdr), min_siz); + dst->pass[min_siz] = 0; + break; + case PROTO_TYPE_DATA: + break; + default: + break; + } + + return data_siz; +} + +ssize_t jail_protocol_writehdr(jail_protocol_hdr *src, int type, + unsigned char *buf, size_t bufsiz) +{ + jail_protocol_hdr *hdr; + size_t data_siz; + + assert(src && buf); + + hdr = (jail_protocol_hdr *) buf; + hdr->magic = htonl(PROTO_MAGIC); + hdr->type = htonl(type); + data_siz = bufsiz - sizeof(*hdr); + hdr->size = data_siz; + + return data_siz; +} + +static int +handshake_read_loop(event_ctx *ev_ctx, int src_fd, void *user_data) +{ + jail_event *ev_jail = (jail_event *) user_data; + int siz, rc, dst_fd; + unsigned char buf[BUFSIZ] = {0}; + + (void) ev_ctx; + + if (src_fd == ev_jail->sock_fd) + dst_fd = ev_jail->tty_fd; + else if (src_fd == ev_jail->tty_fd) + dst_fd = ev_jail->sock_fd; + else + goto error; + + siz = read(src_fd, buf, sizeof buf); + if (siz <= 0) + goto error; + rc = jail_protocol_readhdr(ev_jail->data, buf, sizeof buf); + if (rc < 0) { + rc = write(dst_fd, buf, siz); + goto error; + } + + return 1; +error: + ev_ctx->active = 0; + return 1; +} + +int jail_protocol_handshake_read(event_ctx *ev_client, int client_fd, + int tty_fd, jail_data *dst) +{ + jail_event ev_jail = {0,0,0}; + int rc; + + ev_jail.data = dst; + ev_jail.sock_fd = client_fd; + ev_jail.tty_fd = tty_fd; + rc = event_loop(ev_client, handshake_read_loop, &ev_jail); + + return rc || !ev_client->active; +} diff --git a/src/jail_protocol.h b/src/jail_protocol.h new file mode 100644 index 0000000..fee2ef8 --- /dev/null +++ b/src/jail_protocol.h @@ -0,0 +1,46 @@ +#ifndef POTD_JAIL_PROTOCOL_H +#define POTD_JAIL_PROTOCOL_H 1 + +#include <stdlib.h> +#include <stdint.h> + +#include "jail.h" +#include "pevent.h" + +#define USER_LEN 255 +#define PASS_LEN 255 + +#define PROTO_MAGIC 0xdeadc0de +#define PROTO_TYPE_EHLO 0xcafebabe +#define PROTO_TYPE_USER 0x41414141 +#define PROTO_TYPE_PASS 0x42424242 +#define PROTO_TYPE_DATA 0x43434343 + +typedef struct __attribute__((packed, aligned(4))) jail_data { + int used; + char user[USER_LEN+1]; + char pass[PASS_LEN+1]; +} jail_data; + +typedef struct jail_protocol_hdr { + uint32_t magic; + uint32_t type; + uint32_t size; +} jail_protocol_hdr; + + +ssize_t jail_protocol_readhdr(jail_data *dst, unsigned char *buf, + size_t bufsiz); + +ssize_t jail_protocol_writehdr(jail_protocol_hdr *hdr, int type, + unsigned char *buf, size_t bufsiz); + +int jail_protocol_handshake_read(event_ctx *ev_client, int client_fd, + int tty_fd, jail_data *dst); + +int jail_protocol_handshake_write(event_ctx *ev_server, int server_fd, + int proto_fd, jail_data *dst); + +int jail_protocol_loop(event_ctx *ctx, on_event_cb on_event, void *user_data); + +#endif diff --git a/src/pevent.c b/src/pevent.c index 88e22e4..c7b5d8a 100644 --- a/src/pevent.c +++ b/src/pevent.c @@ -80,13 +80,17 @@ void event_free(event_ctx **ctx) *ctx = NULL; } -int event_setup(event_ctx *ctx) +int event_setup(event_ctx *ctx, int timeout) { assert(ctx); if (ctx->epoll_fd < 0) /* flags == 0 -> obsolete size arg is dropped */ ctx->epoll_fd = epoll_create1(0); + if (timeout < 0) + ctx->timeout = POTD_WAITINF; + else + ctx->timeout = timeout; return ctx->epoll_fd < 0; } @@ -136,7 +140,8 @@ int event_loop(event_ctx *ctx, on_event_cb on_event, void *user_data) while (ctx->active && !ctx->has_error) { errno = 0; - n = epoll_pwait(ctx->epoll_fd, ctx->events, POTD_MAXEVENTS, -1, &eset); + n = epoll_pwait(ctx->epoll_fd, ctx->events, POTD_MAXEVENTS, + ctx->timeout, &eset); saved_errno = errno; if (errno == EINTR) continue; diff --git a/src/pevent.h b/src/pevent.h index 20b2d20..1215faf 100644 --- a/src/pevent.h +++ b/src/pevent.h @@ -40,6 +40,7 @@ #define POTD_MAXFD 32 #define POTD_MAXEVENTS 64 +#define POTD_WAITINF -1 typedef enum forward_state { CON_OK, CON_IN_TERMINATED, CON_OUT_TERMINATED, @@ -49,6 +50,7 @@ typedef enum forward_state { typedef struct event_ctx { int active; int has_error; + int timeout; int epoll_fd; struct epoll_event events[POTD_MAXEVENTS]; @@ -64,7 +66,7 @@ void event_init(event_ctx **ctx); void event_free(event_ctx **ctx); -int event_setup(event_ctx *ctx); +int event_setup(event_ctx *ctx, int timeout); int event_add_sock(event_ctx *ctx, psocket *sock); diff --git a/src/protocol_ssh.c b/src/protocol_ssh.c index de2b19a..98e0819 100644 --- a/src/protocol_ssh.c +++ b/src/protocol_ssh.c @@ -53,6 +53,7 @@ #include "protocol_ssh.h" #include "protocol.h" +#include "jail_protocol.h" #ifdef HAVE_SECCOMP #include "pseccomp.h" #endif @@ -64,8 +65,6 @@ LIBSSH_VERSION_MICRO < 3 #pragma message "Unsupported libssh version < 0.7.3" #endif -#define USER_LEN LOGIN_NAME_MAX -#define PASS_LEN 80 #define CACHE_MAX 32 #define CACHE_TIME (60 * 20) /* max cache time 20 minutes */ #define LOGIN_SUCCESS_PROB ((double)1/4) /* successful login probability */ @@ -85,7 +84,7 @@ typedef struct ssh_client { forward_ctx dst; } ssh_client; -struct protocol_cbs potd_ssh_callbacks = { +static const struct protocol_cbs potd_ssh_callbacks = { .on_listen = ssh_on_listen, .on_shutdown = ssh_on_shutdown }; @@ -115,7 +114,7 @@ static int copy_chan_to_fd(ssh_session session, ssh_channel channel, void *data, uint32_t len, int is_stderr, void *userdata); static void chan_close(ssh_session session, ssh_channel channel, void *userdata); -struct ssh_channel_callbacks_struct ssh_channel_cb = { +static struct ssh_channel_callbacks_struct ssh_channel_cb = { .channel_data_function = copy_chan_to_fd, .channel_eof_function = chan_close, .channel_close_function = chan_close, @@ -527,6 +526,10 @@ static void ssh_mainloop(ssh_data *arg) ssh_message_channel_request_reply_success(message); ssh_message_free(message); continue; + } else if (ssh_message_subtype(message) == SSH_CHANNEL_REQUEST_EXEC) { + ssh_message_channel_request_reply_success(message); + ssh_message_free(message); + continue; } } ssh_message_reply_default(message); @@ -701,6 +704,7 @@ static int client_mainloop(ssh_client *data) ssh_channel_close(chan); return 1; } + // JAIL PROTOCOL ssh_channel_cb.userdata = &ctx->sock.fd; ssh_callbacks_init(&ssh_channel_cb); @@ -735,21 +739,21 @@ static int client_mainloop(ssh_client *data) static int copy_fd_to_chan(socket_t fd, int revents, void *userdata) { - ssh_channel chan = (ssh_channel)userdata; + ssh_channel chan = (ssh_channel) userdata; char buf[BUFSIZ]; int sz = 0; - if(!chan) { + if (!chan) { close(fd); return -1; } - if(revents & POLLIN) { + if (revents & POLLIN) { sz = read(fd, buf, BUFSIZ); if(sz > 0) { ssh_channel_write(chan, buf, sz); } } - if(revents & POLLHUP || sz <= 0) { + if (revents & POLLHUP || sz <= 0) { ssh_channel_close(chan); sz = -1; } diff --git a/src/redirector.c b/src/redirector.c index 3fc81e7..fd9e1f9 100644 --- a/src/redirector.c +++ b/src/redirector.c @@ -172,7 +172,7 @@ int redirector_setup_event(redirector_ctx *rdr_ctx[], size_t siz, event_ctx **ev assert(siz > 0 && siz < POTD_MAXFD); event_init(ev_ctx); - if (event_setup(*ev_ctx)) + if (event_setup(*ev_ctx, POTD_WAITINF)) return 1; for (size_t i = 0; i < siz; ++i) { @@ -390,7 +390,7 @@ client_mainloop(void *arg) args = (client_thread *) arg; event_init(&ev_ctx); - if (event_setup(ev_ctx)) { + if (event_setup(ev_ctx, POTD_WAITINF)) { E_STRERR("Client event context creation for server fd %d", args->rdr_ctx->sock.fd); goto finish; |