File: | extcap/sshdig.c |
Warning: | line 242, column 12 Opened stream never closed. Potential resource leak |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* sshdig.c | |||
2 | * sshdig is extcap tool used to capture events on a remote host via SSH | |||
3 | * | |||
4 | * Copied from sshdump.c, copyright 2015, Dario Lombardo | |||
5 | * | |||
6 | * Wireshark - Network traffic analyzer | |||
7 | * By Gerald Combs <gerald@wireshark.org> | |||
8 | * Copyright 1998 Gerald Combs | |||
9 | * | |||
10 | * SPDX-License-Identifier: GPL-2.0-or-later | |||
11 | */ | |||
12 | ||||
13 | #include "config.h" | |||
14 | #define WS_LOG_DOMAIN"sshdig" "sshdig" | |||
15 | ||||
16 | #include <extcap/extcap-base.h> | |||
17 | #include <extcap/ssh-base.h> | |||
18 | #include <wsutil/application_flavor.h> | |||
19 | #include <wsutil/interface.h> | |||
20 | #include <wsutil/file_util.h> | |||
21 | #include <wsutil/strtoi.h> | |||
22 | #include <wsutil/filesystem.h> | |||
23 | #include <wsutil/privileges.h> | |||
24 | #include <wsutil/please_report_bug.h> | |||
25 | #include <wsutil/wslog.h> | |||
26 | ||||
27 | #include <errno(*__errno_location ()).h> | |||
28 | #include <string.h> | |||
29 | #include <fcntl.h> | |||
30 | ||||
31 | #include <cli_main.h> | |||
32 | ||||
33 | static char* sshdig_extcap_interface; | |||
34 | #define DEFAULT_SSHDIG_EXTCAP_INTERFACE"sshdig" "sshdig" | |||
35 | ||||
36 | #define SSHDIG_VERSION_MAJOR"1" "1" | |||
37 | #define SSHDIG_VERSION_MINOR"0" "0" | |||
38 | #define SSHDIG_VERSION_RELEASE"0" "0" | |||
39 | ||||
40 | #define SSH_READ_BLOCK_SIZE256 256 | |||
41 | ||||
42 | enum { | |||
43 | EXTCAP_BASE_OPTIONS_ENUMEXTCAP_OPT_LIST_INTERFACES, EXTCAP_OPT_VERSION, EXTCAP_OPT_LIST_DLTS , EXTCAP_OPT_INTERFACE, EXTCAP_OPT_CONFIG, EXTCAP_OPT_CAPTURE , EXTCAP_OPT_CAPTURE_FILTER, EXTCAP_OPT_FIFO, EXTCAP_OPT_LOG_LEVEL , EXTCAP_OPT_LOG_FILE, | |||
44 | OPT_HELP, | |||
45 | OPT_VERSION, | |||
46 | OPT_REMOTE_HOST, | |||
47 | OPT_REMOTE_PORT, | |||
48 | OPT_REMOTE_USERNAME, | |||
49 | OPT_REMOTE_PASSWORD, | |||
50 | OPT_REMOTE_CAPTURE_COMMAND_SELECT, | |||
51 | OPT_REMOTE_CAPTURE_COMMAND, | |||
52 | OPT_SSHKEY, | |||
53 | OPT_SSHKEY_PASSPHRASE, | |||
54 | OPT_PROXYCOMMAND, | |||
55 | OPT_SSH_SHA1, | |||
56 | OPT_REMOTE_COUNT, | |||
57 | OPT_REMOTE_PRIV, | |||
58 | OPT_REMOTE_PRIV_USER, | |||
59 | OPT_REMOTE_MODERN_BPF, | |||
60 | OPT_REMOTE_IO_SNAPLEN, | |||
61 | }; | |||
62 | ||||
63 | static struct ws_option longopts[] = { | |||
64 | EXTCAP_BASE_OPTIONS{ "extcap-interfaces", 0, ((void*)0), EXTCAP_OPT_LIST_INTERFACES }, { "extcap-version", 2, ((void*)0), EXTCAP_OPT_VERSION}, { "extcap-dlts" , 0, ((void*)0), EXTCAP_OPT_LIST_DLTS}, { "extcap-interface", 1, ((void*)0), EXTCAP_OPT_INTERFACE}, { "extcap-config", 0, ( (void*)0), EXTCAP_OPT_CONFIG}, { "capture", 0, ((void*)0), EXTCAP_OPT_CAPTURE }, { "extcap-capture-filter", 1, ((void*)0), EXTCAP_OPT_CAPTURE_FILTER }, { "fifo", 1, ((void*)0), EXTCAP_OPT_FIFO}, { "log-level", 1 , ((void*)0), EXTCAP_OPT_LOG_LEVEL}, { "log-file", 1, ((void* )0), EXTCAP_OPT_LOG_FILE}, | |||
65 | {"help", ws_no_argument0, NULL((void*)0), OPT_HELP}, | |||
66 | {"version", ws_no_argument0, NULL((void*)0), OPT_VERSION}, | |||
67 | SSH_BASE_OPTIONS{ "remote-host", 1, ((void*)0), OPT_REMOTE_HOST}, { "remote-port" , 1, ((void*)0), OPT_REMOTE_PORT}, { "remote-username", 1, (( void*)0), OPT_REMOTE_USERNAME}, { "remote-password", 1, ((void *)0), OPT_REMOTE_PASSWORD}, { "remote-count", 1, ((void*)0), OPT_REMOTE_COUNT }, { "sshkey", 1, ((void*)0), OPT_SSHKEY}, { "sshkey-passphrase" , 1, ((void*)0), OPT_SSHKEY_PASSPHRASE}, { "proxycommand", 1, ((void*)0), OPT_PROXYCOMMAND}, { "ssh-sha1", 0, ((void*)0), OPT_SSH_SHA1 }, | |||
68 | {"remote-capture-command-select", ws_required_argument1, NULL((void*)0), OPT_REMOTE_CAPTURE_COMMAND_SELECT}, | |||
69 | {"remote-capture-command", ws_required_argument1, NULL((void*)0), OPT_REMOTE_CAPTURE_COMMAND}, | |||
70 | {"remote-priv", ws_required_argument1, NULL((void*)0), OPT_REMOTE_PRIV}, | |||
71 | {"remote-priv-user", ws_required_argument1, NULL((void*)0), OPT_REMOTE_PRIV_USER}, | |||
72 | {"remote-modern-bpf", ws_no_argument0, NULL((void*)0), OPT_REMOTE_MODERN_BPF}, | |||
73 | {"remote-io-snaplen", ws_required_argument1, NULL((void*)0), OPT_REMOTE_IO_SNAPLEN}, | |||
74 | {0, 0, 0, 0}}; | |||
75 | ||||
76 | static int ssh_loop_read(ssh_channel channel, FILE* fp) | |||
77 | { | |||
78 | int nbytes; | |||
79 | int ret = EXIT_SUCCESS0; | |||
80 | char buffer[SSH_READ_BLOCK_SIZE256]; | |||
81 | ||||
82 | /* read from stdin until data are available */ | |||
83 | while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) { | |||
84 | nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE256, 0); | |||
85 | if (nbytes < 0) { | |||
86 | ws_warning("Error reading from channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 86, __func__, "Error reading from channel"); } } while (0); | |||
87 | goto end; | |||
88 | } | |||
89 | if (nbytes == 0) { | |||
90 | break; | |||
91 | } | |||
92 | if (fwrite(buffer, 1, nbytes, fp) != (unsigned)nbytes) { | |||
93 | ws_warning("Error writing to fifo")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 93, __func__, "Error writing to fifo"); } } while (0); | |||
94 | ret = EXIT_FAILURE1; | |||
95 | goto end; | |||
96 | } | |||
97 | fflush(fp); | |||
98 | } | |||
99 | ||||
100 | /* read loop finished... maybe something wrong happened. Read from stderr */ | |||
101 | while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) { | |||
102 | nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE256, 1); | |||
103 | if (nbytes < 0) { | |||
104 | ws_warning("Error reading from channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 104, __func__, "Error reading from channel"); } } while (0); | |||
105 | goto end; | |||
106 | } | |||
107 | if (fwrite(buffer, 1, nbytes, stderrstderr) != (unsigned)nbytes) { | |||
108 | ws_warning("Error writing to stderr")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 108, __func__, "Error writing to stderr"); } } while (0); | |||
109 | break; | |||
110 | } | |||
111 | } | |||
112 | ||||
113 | end: | |||
114 | if (ssh_channel_send_eof(channel) != SSH_OK0) { | |||
115 | ws_warning("Error sending EOF in ssh channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 115, __func__, "Error sending EOF in ssh channel"); } } while (0); | |||
116 | ret = EXIT_FAILURE1; | |||
117 | } | |||
118 | return ret; | |||
119 | } | |||
120 | ||||
121 | static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command_select, | |||
122 | const char* capture_command, const char* privilege, | |||
123 | const char* cfilter, const uint32_t count, bool_Bool modern_bpf, const uint32_t io_snaplen) | |||
124 | { | |||
125 | char* cmdline = NULL((void*)0); | |||
126 | ssh_channel channel; | |||
127 | unsigned int remote_port = 22; | |||
128 | ||||
129 | channel = ssh_channel_new(sshs); | |||
130 | if (!channel) { | |||
131 | ws_warning("Can't create channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 131, __func__, "Can't create channel"); } } while (0); | |||
132 | return NULL((void*)0); | |||
133 | } | |||
134 | ||||
135 | if (ssh_channel_open_session(channel) != SSH_OK0) { | |||
136 | ws_warning("Can't open session")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 136, __func__, "Can't open session"); } } while (0); | |||
137 | ssh_channel_free(channel); | |||
138 | return NULL((void*)0); | |||
139 | } | |||
140 | ||||
141 | ssh_options_get_port(sshs, &remote_port); | |||
142 | ||||
143 | if (capture_command_select == NULL((void*)0) || !g_strcmp0(capture_command_select, "other")) { | |||
144 | if (capture_command && *capture_command) { | |||
145 | cmdline = g_strdup(capture_command)g_strdup_inline (capture_command); | |||
146 | ws_debug("Remote capture command has disabled other options")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c" , 146, __func__, "Remote capture command has disabled other options" ); } } while (0); | |||
147 | } else { | |||
148 | capture_command_select = "sysdig"; | |||
149 | } | |||
150 | } | |||
151 | ||||
152 | /* escape parameters to go save with the shell */ | |||
153 | if (!g_strcmp0(capture_command_select, "sysdig")) { | |||
154 | char *count_str = NULL((void*)0); | |||
155 | char *io_snaplen_str = NULL((void*)0); | |||
156 | char *quoted_filter = NULL((void*)0); | |||
157 | ||||
158 | quoted_filter = g_shell_quote(cfilter ? cfilter : ""); | |||
159 | if (count > 0) { | |||
160 | count_str = ws_strdup_printf(" --numevents=%u", count)wmem_strdup_printf(((void*)0), " --numevents=%u", count); | |||
161 | } | |||
162 | if (io_snaplen > 0) { | |||
163 | io_snaplen_str = ws_strdup_printf(" --snaplen=%u", io_snaplen)wmem_strdup_printf(((void*)0), " --snaplen=%u", io_snaplen); | |||
164 | } | |||
165 | ||||
166 | cmdline = ws_strdup_printf("%s sysdig --unbuffered %s --write=- %s %s %s",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
167 | privilege,wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
168 | modern_bpf ? " --modern-bpf" : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
169 | count_str ? count_str : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
170 | io_snaplen_str ? io_snaplen_str : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
171 | quoted_filter)wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter); | |||
172 | ||||
173 | g_free(count_str); | |||
174 | g_free(io_snaplen_str); | |||
175 | g_free(quoted_filter); | |||
176 | } | |||
177 | ||||
178 | ws_debug("Running: %s", cmdline)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c" , 178, __func__, "Running: %s", cmdline); } } while (0); | |||
179 | if (ssh_channel_request_exec(channel, cmdline) != SSH_OK0) { | |||
180 | ws_warning("Can't request exec")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 180, __func__, "Can't request exec"); } } while (0); | |||
181 | ssh_channel_close(channel); | |||
182 | ssh_channel_free(channel); | |||
183 | channel = NULL((void*)0); | |||
184 | } | |||
185 | ||||
186 | g_free(cmdline); | |||
187 | ||||
188 | return channel; | |||
189 | } | |||
190 | ||||
191 | static int ssh_open_remote_connection(const ssh_params_t* params, const char* cfilter, | |||
192 | const char* capture_command_select, const char* capture_command, const char* privilege, | |||
193 | const uint32_t count, const char* fifo, bool_Bool modern_bpf, const uint32_t io_snaplen) | |||
194 | { | |||
195 | ssh_session sshs = NULL((void*)0); | |||
196 | ssh_channel channel = NULL((void*)0); | |||
197 | FILE* fp = stdoutstdout; | |||
198 | int ret = EXIT_FAILURE1; | |||
199 | char* err_info = NULL((void*)0); | |||
200 | ||||
201 | if (g_strcmp0(fifo, "-")) { | |||
202 | /* Open or create the output file */ | |||
203 | fp = fopen(fifo, "wb"); | |||
204 | if (fp
| |||
205 | ws_warning("Error creating output file: %s (%s)", fifo, g_strerror(errno))do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 205, __func__, "Error creating output file: %s (%s)", fifo, g_strerror((*__errno_location ()))); } } while (0); | |||
206 | return EXIT_FAILURE1; | |||
207 | } | |||
208 | } | |||
209 | ||||
210 | sshs = create_ssh_connection(params, &err_info); | |||
211 | ||||
212 | if (!sshs) { | |||
213 | ws_warning("Error creating connection.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 213, __func__, "Error creating connection."); } } while (0); | |||
214 | goto cleanup; | |||
215 | } | |||
216 | ||||
217 | channel = run_ssh_command(sshs, capture_command_select, capture_command, privilege, cfilter, count, modern_bpf, io_snaplen); | |||
218 | ||||
219 | if (!channel) { | |||
220 | ws_warning("Can't run ssh command.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 220, __func__, "Can't run ssh command."); } } while (0); | |||
221 | goto cleanup; | |||
222 | } | |||
223 | ||||
224 | /* read from channel and write into fp */ | |||
225 | if (ssh_loop_read(channel, fp) != EXIT_SUCCESS0) { | |||
226 | ws_warning("Error in read loop.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 226, __func__, "Error in read loop."); } } while (0); | |||
227 | ret = EXIT_FAILURE1; | |||
228 | goto cleanup; | |||
229 | } | |||
230 | ||||
231 | ret = EXIT_SUCCESS0; | |||
232 | cleanup: | |||
233 | if (err_info) | |||
234 | ws_warning("%s", err_info)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 234, __func__, "%s", err_info); } } while (0); | |||
235 | g_free(err_info); | |||
236 | ||||
237 | /* clean up and exit */ | |||
238 | ssh_cleanup(&sshs, &channel); | |||
239 | ||||
240 | if (g_strcmp0(fifo, "-")) | |||
241 | fclose(fp); | |||
242 | return ret; | |||
| ||||
243 | } | |||
244 | ||||
245 | static int list_config(char *interface) | |||
246 | { | |||
247 | unsigned inc = 0; | |||
248 | ||||
249 | if (!interface) { | |||
250 | ws_warning("ERROR: No interface specified.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 250, __func__, "ERROR: No interface specified."); } } while (0); | |||
251 | return EXIT_FAILURE1; | |||
252 | } | |||
253 | ||||
254 | if (g_strcmp0(interface, sshdig_extcap_interface)) { | |||
255 | ws_warning("ERROR: interface must be %s", sshdig_extcap_interface)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 255, __func__, "ERROR: interface must be %s", sshdig_extcap_interface ); } } while (0); | |||
256 | return EXIT_FAILURE1; | |||
257 | } | |||
258 | ||||
259 | printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}" | |||
260 | "{type=string}{tooltip=The remote SSH host. It can be both " | |||
261 | "an IP address or a hostname}{required=true}{group=Server}\n", inc++); | |||
262 | printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}" | |||
263 | "{type=unsigned}{default=22}{tooltip=The remote SSH host port (1-65535)}" | |||
264 | "{range=1,65535}{group=Server}\n", inc++); | |||
265 | printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}" | |||
266 | "{type=string}{tooltip=The remote SSH username. If not provided, " | |||
267 | "the current user will be used}{group=Authentication}\n", inc++); | |||
268 | printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}" | |||
269 | "{type=password}{tooltip=The SSH password, used when other methods (SSH agent " | |||
270 | "or key files) are unavailable.}{group=Authentication}\n", inc++); | |||
271 | printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}" | |||
272 | "{type=fileselect}{tooltip=The path on the local filesystem of the private SSH key (OpenSSH format)}" | |||
273 | "{mustexist=true}{group=Authentication}\n", inc++); | |||
274 | printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}" | |||
275 | "{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n", | |||
276 | inc++); | |||
277 | printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}" | |||
278 | "{type=string}{tooltip=The command to use as proxy for the SSH connection}" | |||
279 | "{group=Authentication}\n", inc++); | |||
280 | printf("arg {number=%u}{call=--ssh-sha1}{display=Support SHA-1 keys (deprecated)}" | |||
281 | "{type=boolflag}{tooltip=Support keys and key exchange algorithms using SHA-1 (deprecated)}{group=Authentication}" | |||
282 | "\n", inc++); | |||
283 | printf("arg {number=%u}{call=--remote-capture-command-select}{display=Remote capture command selection}" | |||
284 | "{type=radio}{tooltip=The remote capture command to build a command line for}{group=Capture}\n", inc); | |||
285 | printf("value {arg=%u}{value=sysdig}{display=sysdig}\n", inc); | |||
286 | // XXX Add falcodump? | |||
287 | printf("value {arg=%u}{value=other}{display=Other:}\n", inc++); | |||
288 | printf("arg {number=%u}{call=--remote-capture-command}{display=Remote capture command}" | |||
289 | "{type=string}{tooltip=The remote command used to capture}{group=Capture}\n", inc++); | |||
290 | printf("arg {number=%u}{call=--remote-priv}{display=Gain capture privilege on the remote machine}" | |||
291 | "{type=radio}{tooltip=Optionally prepend the capture command with sudo or doas on the remote machine}" | |||
292 | "{group=Capture}\n", inc); | |||
293 | printf("value {arg=%u}{value=none}{display=none}{default=true}\n", inc); | |||
294 | printf("value {arg=%u}{value=sudo}{display=sudo}\n", inc); | |||
295 | printf("value {arg=%u}{value=doas -n}{display=doas}\n", inc++); | |||
296 | printf("arg {number=%u}{call=--remote-priv-user}{display=Privileged user name for sudo or doas}" | |||
297 | "{type=string}{tooltip=User name of privileged user to execute the capture command on the remote machine}" | |||
298 | "{group=Capture}\n", inc++); | |||
299 | printf("{group=Capture}\n"); | |||
300 | printf("arg {number=%u}{call=--remote-count}{display=Events to capture}" | |||
301 | "{type=unsigned}{default=0}{tooltip=The number of remote events to capture. (Default: inf)}" | |||
302 | "{group=Capture}\n", inc++); | |||
303 | printf("arg {number=%u}{call=--remote-io-snaplen}{display=I/O snapshot length}" | |||
304 | "{type=unsigned}{default=80}{tooltip=The number of bytes to capture in each I/O event. (Default: 80)}" | |||
305 | "{group=Capture}\n", inc++); | |||
306 | printf("arg {number=%u}{call=--remote-modern-bpf}{display=Use eBPF}{type=boolflag}{default=true}" | |||
307 | "{tooltip=Use eBPF for capture. With this no kernel module is required}{group=Capture}\n", inc++); | |||
308 | ||||
309 | extcap_config_debug(&inc); | |||
310 | ||||
311 | return EXIT_SUCCESS0; | |||
312 | } | |||
313 | ||||
314 | int main(int argc, char *argv[]) | |||
315 | { | |||
316 | char* err_msg; | |||
317 | int result; | |||
318 | int option_idx = 0; | |||
319 | ssh_params_t* ssh_params = ssh_params_new(); | |||
320 | char* remote_capture_command_select = NULL((void*)0); | |||
321 | char* remote_capture_command = NULL((void*)0); | |||
322 | uint32_t count = 0; | |||
323 | uint32_t io_snaplen = 0; | |||
324 | int ret = EXIT_FAILURE1; | |||
325 | extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1)((extcap_parameters *) g_malloc0_n ((1), sizeof (extcap_parameters ))); | |||
326 | char* help_url; | |||
327 | char* help_header = NULL((void*)0); | |||
328 | char* priv = NULL((void*)0); | |||
329 | char* priv_user = NULL((void*)0); | |||
330 | char* interface_description = g_strdup("SSH remote syscall capture")g_strdup_inline ("SSH remote syscall capture"); | |||
331 | bool_Bool modern_bpf = 0; | |||
332 | ||||
333 | /* Set the program name. */ | |||
334 | g_set_prgname("sshdig"); | |||
335 | ||||
336 | /* Initialize log handler early so we can have proper logging during startup. */ | |||
337 | extcap_log_init(); | |||
338 | ||||
339 | sshdig_extcap_interface = g_path_get_basename(argv[0]); | |||
340 | if (g_str_has_suffix(sshdig_extcap_interface, ".exe")(__builtin_constant_p (".exe")? __extension__ ({ const char * const __str = (sshdig_extcap_interface); const char * const __suffix = (".exe"); gboolean __result = (0); if (__str == ((void*)0) || __suffix == ((void*)0)) __result = (g_str_has_suffix) (__str , __suffix); else { const size_t __str_len = strlen (((__str) + !(__str))); const size_t __suffix_len = strlen (((__suffix ) + !(__suffix))); if (__str_len >= __suffix_len) __result = memcmp (__str + __str_len - __suffix_len, ((__suffix) + !( __suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix ) (sshdig_extcap_interface, ".exe") )) { | |||
| ||||
341 | sshdig_extcap_interface[strlen(sshdig_extcap_interface) - 4] = '\0'; | |||
342 | } | |||
343 | ||||
344 | /* | |||
345 | * Get credential information for later use. | |||
346 | */ | |||
347 | init_process_policies(); | |||
348 | ||||
349 | /* | |||
350 | * Attempt to get the pathname of the directory containing the | |||
351 | * executable file. | |||
352 | */ | |||
353 | err_msg = configuration_init(argv[0]); | |||
354 | set_application_flavor(APPLICATION_FLAVOR_STRATOSHARK); | |||
355 | if (err_msg != NULL((void*)0)) { | |||
356 | ws_warning("Can't get pathname of directory containing the extcap program: %s.",do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 357, __func__, "Can't get pathname of directory containing the extcap program: %s." , err_msg); } } while (0) | |||
357 | err_msg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 357, __func__, "Can't get pathname of directory containing the extcap program: %s." , err_msg); } } while (0); | |||
358 | g_free(err_msg); | |||
359 | } | |||
360 | ||||
361 | help_url = data_file_url("sshdig.html"); | |||
362 | extcap_base_set_util_info(extcap_conf, argv[0], SSHDIG_VERSION_MAJOR"1", SSHDIG_VERSION_MINOR"0", | |||
363 | SSHDIG_VERSION_RELEASE"0", help_url); | |||
364 | g_free(help_url); | |||
365 | add_libssh_info(extcap_conf); | |||
366 | if (g_strcmp0(sshdig_extcap_interface, DEFAULT_SSHDIG_EXTCAP_INTERFACE"sshdig")) { | |||
367 | char* temp = interface_description; | |||
368 | interface_description = ws_strdup_printf("%s, custom version", interface_description)wmem_strdup_printf(((void*)0), "%s, custom version", interface_description ); | |||
369 | g_free(temp); | |||
370 | } | |||
371 | extcap_base_register_interface(extcap_conf, sshdig_extcap_interface, interface_description, 147, "Remote capture dependent DLT"); | |||
372 | g_free(interface_description); | |||
373 | ||||
374 | help_header = ws_strdup_printf(wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
375 | " %s --extcap-interfaces\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
376 | " %s --extcap-interface=%s --extcap-dlts\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
377 | " %s --extcap-interface=%s --extcap-config\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
378 | " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
379 | "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface, argv[0],wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
380 | sshdig_extcap_interface, argv[0], sshdig_extcap_interface)wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ); | |||
381 | extcap_help_add_header(extcap_conf, help_header); | |||
382 | g_free(help_header); | |||
383 | extcap_help_add_option(extcap_conf, "--help", "print this help"); | |||
384 | extcap_help_add_option(extcap_conf, "--version", "print the version"); | |||
385 | extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host"); | |||
386 | extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port"); | |||
387 | extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username"); | |||
388 | extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. If not specified, ssh-agent and ssh-key are used"); | |||
389 | extcap_help_add_option(extcap_conf, "--sshkey <private key path>", "the path of the SSH key (OpenSSH format)"); | |||
390 | extcap_help_add_option(extcap_conf, "--sshkey-passphrase <private key passphrase>", "the passphrase to unlock private SSH key"); | |||
391 | extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy for the SSH connection"); | |||
392 | extcap_help_add_option(extcap_conf, "--ssh-sha1", "support keys and key exchange using SHA-1 (deprecated)"); | |||
393 | extcap_help_add_option(extcap_conf, "--remote-capture-command-select <selection>", "sysdig or other remote capture command"); | |||
394 | extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command"); | |||
395 | extcap_help_add_option(extcap_conf, "--remote-priv <selection>", "none, sudo or doas"); | |||
396 | extcap_help_add_option(extcap_conf, "--remote-priv-user <username>", "privileged user name"); | |||
397 | extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of events to capture"); | |||
398 | extcap_help_add_option(extcap_conf, "--remote-modern-bpf", "use eBPF"); | |||
399 | extcap_help_add_option(extcap_conf, "--remote-io-snaplen <snaplen>", "the number of bytes to capture in each I/O event"); | |||
400 | ||||
401 | ws_opterr = 0; | |||
402 | ws_optind = 0; | |||
403 | ||||
404 | if (argc == 1) { | |||
405 | extcap_help_print(extcap_conf); | |||
406 | goto end; | |||
407 | } | |||
408 | ||||
409 | while ((result = ws_getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) { | |||
410 | ||||
411 | switch (result) { | |||
412 | ||||
413 | case OPT_HELP: | |||
414 | extcap_help_print(extcap_conf); | |||
415 | ret = EXIT_SUCCESS0; | |||
416 | goto end; | |||
417 | ||||
418 | case OPT_VERSION: | |||
419 | extcap_version_print(extcap_conf); | |||
420 | ret = EXIT_SUCCESS0; | |||
421 | goto end; | |||
422 | ||||
423 | case OPT_REMOTE_HOST: | |||
424 | g_free(ssh_params->host); | |||
425 | ssh_params->host = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
426 | break; | |||
427 | ||||
428 | case OPT_REMOTE_PORT: | |||
429 | if (!ws_strtou16(ws_optarg, NULL((void*)0), &ssh_params->port) || ssh_params->port == 0) { | |||
430 | ws_warning("Invalid port: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 430, __func__, "Invalid port: %s", ws_optarg); } } while (0 ); | |||
431 | goto end; | |||
432 | } | |||
433 | break; | |||
434 | ||||
435 | case OPT_REMOTE_USERNAME: | |||
436 | g_free(ssh_params->username); | |||
437 | ssh_params->username = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
438 | break; | |||
439 | ||||
440 | case OPT_REMOTE_PASSWORD: | |||
441 | g_free(ssh_params->password); | |||
442 | ssh_params->password = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
443 | memset(ws_optarg, 'X', strlen(ws_optarg)); | |||
444 | break; | |||
445 | ||||
446 | case OPT_SSHKEY: | |||
447 | g_free(ssh_params->sshkey_path); | |||
448 | ssh_params->sshkey_path = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
449 | break; | |||
450 | ||||
451 | case OPT_SSHKEY_PASSPHRASE: | |||
452 | g_free(ssh_params->sshkey_passphrase); | |||
453 | ssh_params->sshkey_passphrase = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
454 | memset(ws_optarg, 'X', strlen(ws_optarg)); | |||
455 | break; | |||
456 | ||||
457 | case OPT_PROXYCOMMAND: | |||
458 | g_free(ssh_params->proxycommand); | |||
459 | ssh_params->proxycommand = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
460 | break; | |||
461 | ||||
462 | case OPT_SSH_SHA1: | |||
463 | ssh_params->ssh_sha1 = true1; | |||
464 | break; | |||
465 | ||||
466 | case OPT_REMOTE_CAPTURE_COMMAND_SELECT: | |||
467 | g_free(remote_capture_command_select); | |||
468 | remote_capture_command_select = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
469 | break; | |||
470 | ||||
471 | case OPT_REMOTE_CAPTURE_COMMAND: | |||
472 | g_free(remote_capture_command); | |||
473 | remote_capture_command = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
474 | break; | |||
475 | ||||
476 | case OPT_REMOTE_PRIV: | |||
477 | g_free(priv); | |||
478 | priv = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
479 | break; | |||
480 | ||||
481 | case OPT_REMOTE_PRIV_USER: | |||
482 | g_free(priv_user); | |||
483 | priv_user = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
484 | break; | |||
485 | ||||
486 | case OPT_REMOTE_COUNT: | |||
487 | if (!ws_strtou32(ws_optarg, NULL((void*)0), &count)) { | |||
488 | ws_warning("Invalid value for count: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 488, __func__, "Invalid value for count: %s", ws_optarg); } } while (0); | |||
489 | goto end; | |||
490 | } | |||
491 | break; | |||
492 | ||||
493 | case OPT_REMOTE_MODERN_BPF: | |||
494 | modern_bpf = true1; | |||
495 | break; | |||
496 | ||||
497 | case OPT_REMOTE_IO_SNAPLEN: | |||
498 | if (!ws_strtou32(ws_optarg, NULL((void*)0), &io_snaplen)) { | |||
499 | ws_warning("Invalid value for I/O snapshot length: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 499, __func__, "Invalid value for I/O snapshot length: %s", ws_optarg); } } while (0); | |||
500 | goto end; | |||
501 | } | |||
502 | break; | |||
503 | ||||
504 | case ':': | |||
505 | /* missing option argument */ | |||
506 | ws_warning("Option '%s' requires an argument", argv[ws_optind - 1])do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 506, __func__, "Option '%s' requires an argument", argv[ws_optind - 1]); } } while (0); | |||
507 | break; | |||
508 | ||||
509 | default: | |||
510 | if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, ws_optarg)) { | |||
511 | ws_warning("Invalid option: %s", argv[ws_optind - 1])do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 511, __func__, "Invalid option: %s", argv[ws_optind - 1]); } } while (0); | |||
512 | goto end; | |||
513 | } | |||
514 | } | |||
515 | } | |||
516 | ||||
517 | extcap_cmdline_debug(argv, argc); | |||
518 | ||||
519 | if (extcap_base_handle_interface(extcap_conf)) { | |||
520 | ret = EXIT_SUCCESS0; | |||
521 | goto end; | |||
522 | } | |||
523 | ||||
524 | if (extcap_conf->show_config) { | |||
525 | ret = list_config(extcap_conf->interface); | |||
526 | goto end; | |||
527 | } | |||
528 | ||||
529 | err_msg = ws_init_sockets(); | |||
530 | if (err_msg != NULL((void*)0)) { | |||
531 | ws_warning("ERROR: %s", err_msg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 531, __func__, "ERROR: %s", err_msg); } } while (0); | |||
532 | g_free(err_msg); | |||
533 | ws_warning("%s", please_report_bug())do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 533, __func__, "%s", please_report_bug()); } } while (0); | |||
534 | goto end; | |||
535 | } | |||
536 | ||||
537 | if (extcap_conf->capture) { | |||
538 | char* privilege; | |||
539 | ||||
540 | if (!ssh_params->host) { | |||
541 | ws_warning("Missing parameter: --remote-host")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 541, __func__, "Missing parameter: --remote-host"); } } while (0); | |||
542 | goto end; | |||
543 | } | |||
544 | ||||
545 | if ((priv
| |||
546 | if ((priv_user) && strlen(g_strstrip(priv_user)g_strchomp (g_strchug (priv_user)))) | |||
547 | /* Both sudo and doas use the same command line option */ | |||
548 | privilege = g_strconcat(priv, " -u ", priv_user, NULL((void*)0)); | |||
549 | else | |||
550 | privilege = g_strdup(priv)g_strdup_inline (priv); | |||
551 | } else { | |||
552 | privilege = g_strdup("")g_strdup_inline (""); | |||
553 | } | |||
554 | ||||
555 | ssh_params_set_log_level(ssh_params, extcap_conf->debug); | |||
556 | ret = ssh_open_remote_connection(ssh_params, extcap_conf->capture_filter, | |||
557 | remote_capture_command_select, remote_capture_command, | |||
558 | privilege, count, extcap_conf->fifo, modern_bpf, io_snaplen); | |||
559 | g_free(privilege); | |||
560 | } else { | |||
561 | ws_debug("You should not come here... maybe some parameter missing?")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c" , 561, __func__, "You should not come here... maybe some parameter missing?" ); } } while (0); | |||
562 | ret = EXIT_FAILURE1; | |||
563 | } | |||
564 | ||||
565 | end: | |||
566 | /* clean up stuff */ | |||
567 | ssh_params_free(ssh_params); | |||
568 | g_free(remote_capture_command_select); | |||
569 | g_free(remote_capture_command); | |||
570 | g_free(priv); | |||
571 | g_free(priv_user); | |||
572 | extcap_base_cleanup(&extcap_conf); | |||
573 | return ret; | |||
574 | } |