| File: | extcap/sshdig.c |
| Warning: | line 242, column 12 Opened stream never closed. Potential resource leak |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
| 1 | /* sshdig.c | |||
| 2 | * sshdig is extcap tool used to capture events on a remote host via SSH | |||
| 3 | * | |||
| 4 | * Copied from sshdump.c, copyright 2015, Dario Lombardo | |||
| 5 | * | |||
| 6 | * Wireshark - Network traffic analyzer | |||
| 7 | * By Gerald Combs <gerald@wireshark.org> | |||
| 8 | * Copyright 1998 Gerald Combs | |||
| 9 | * | |||
| 10 | * SPDX-License-Identifier: GPL-2.0-or-later | |||
| 11 | */ | |||
| 12 | ||||
| 13 | #include "config.h" | |||
| 14 | #define WS_LOG_DOMAIN"sshdig" "sshdig" | |||
| 15 | ||||
| 16 | #include <extcap/extcap-base.h> | |||
| 17 | #include <extcap/ssh-base.h> | |||
| 18 | #include <wsutil/application_flavor.h> | |||
| 19 | #include <wsutil/interface.h> | |||
| 20 | #include <wsutil/file_util.h> | |||
| 21 | #include <wsutil/strtoi.h> | |||
| 22 | #include <wsutil/filesystem.h> | |||
| 23 | #include <wsutil/privileges.h> | |||
| 24 | #include <wsutil/please_report_bug.h> | |||
| 25 | #include <wsutil/wslog.h> | |||
| 26 | ||||
| 27 | #include <errno(*__errno_location ()).h> | |||
| 28 | #include <string.h> | |||
| 29 | #include <fcntl.h> | |||
| 30 | ||||
| 31 | #include <cli_main.h> | |||
| 32 | ||||
| 33 | static char* sshdig_extcap_interface; | |||
| 34 | #define DEFAULT_SSHDIG_EXTCAP_INTERFACE"sshdig" "sshdig" | |||
| 35 | ||||
| 36 | #define SSHDIG_VERSION_MAJOR"1" "1" | |||
| 37 | #define SSHDIG_VERSION_MINOR"0" "0" | |||
| 38 | #define SSHDIG_VERSION_RELEASE"0" "0" | |||
| 39 | ||||
| 40 | #define SSH_READ_BLOCK_SIZE256 256 | |||
| 41 | ||||
| 42 | enum { | |||
| 43 | EXTCAP_BASE_OPTIONS_ENUMEXTCAP_OPT_LIST_INTERFACES, EXTCAP_OPT_VERSION, EXTCAP_OPT_LIST_DLTS , EXTCAP_OPT_INTERFACE, EXTCAP_OPT_CONFIG, EXTCAP_OPT_CAPTURE , EXTCAP_OPT_CAPTURE_FILTER, EXTCAP_OPT_FIFO, EXTCAP_OPT_LOG_LEVEL , EXTCAP_OPT_LOG_FILE, | |||
| 44 | OPT_HELP, | |||
| 45 | OPT_VERSION, | |||
| 46 | OPT_REMOTE_HOST, | |||
| 47 | OPT_REMOTE_PORT, | |||
| 48 | OPT_REMOTE_USERNAME, | |||
| 49 | OPT_REMOTE_PASSWORD, | |||
| 50 | OPT_REMOTE_CAPTURE_COMMAND_SELECT, | |||
| 51 | OPT_REMOTE_CAPTURE_COMMAND, | |||
| 52 | OPT_SSHKEY, | |||
| 53 | OPT_SSHKEY_PASSPHRASE, | |||
| 54 | OPT_PROXYCOMMAND, | |||
| 55 | OPT_SSH_SHA1, | |||
| 56 | OPT_REMOTE_COUNT, | |||
| 57 | OPT_REMOTE_PRIV, | |||
| 58 | OPT_REMOTE_PRIV_USER, | |||
| 59 | OPT_REMOTE_MODERN_BPF, | |||
| 60 | OPT_REMOTE_IO_SNAPLEN, | |||
| 61 | }; | |||
| 62 | ||||
| 63 | static struct ws_option longopts[] = { | |||
| 64 | EXTCAP_BASE_OPTIONS{ "extcap-interfaces", 0, ((void*)0), EXTCAP_OPT_LIST_INTERFACES }, { "extcap-version", 2, ((void*)0), EXTCAP_OPT_VERSION}, { "extcap-dlts" , 0, ((void*)0), EXTCAP_OPT_LIST_DLTS}, { "extcap-interface", 1, ((void*)0), EXTCAP_OPT_INTERFACE}, { "extcap-config", 0, ( (void*)0), EXTCAP_OPT_CONFIG}, { "capture", 0, ((void*)0), EXTCAP_OPT_CAPTURE }, { "extcap-capture-filter", 1, ((void*)0), EXTCAP_OPT_CAPTURE_FILTER }, { "fifo", 1, ((void*)0), EXTCAP_OPT_FIFO}, { "log-level", 1 , ((void*)0), EXTCAP_OPT_LOG_LEVEL}, { "log-file", 1, ((void* )0), EXTCAP_OPT_LOG_FILE}, | |||
| 65 | {"help", ws_no_argument0, NULL((void*)0), OPT_HELP}, | |||
| 66 | {"version", ws_no_argument0, NULL((void*)0), OPT_VERSION}, | |||
| 67 | SSH_BASE_OPTIONS{ "remote-host", 1, ((void*)0), OPT_REMOTE_HOST}, { "remote-port" , 1, ((void*)0), OPT_REMOTE_PORT}, { "remote-username", 1, (( void*)0), OPT_REMOTE_USERNAME}, { "remote-password", 1, ((void *)0), OPT_REMOTE_PASSWORD}, { "remote-count", 1, ((void*)0), OPT_REMOTE_COUNT }, { "sshkey", 1, ((void*)0), OPT_SSHKEY}, { "sshkey-passphrase" , 1, ((void*)0), OPT_SSHKEY_PASSPHRASE}, { "proxycommand", 1, ((void*)0), OPT_PROXYCOMMAND}, { "ssh-sha1", 0, ((void*)0), OPT_SSH_SHA1 }, | |||
| 68 | {"remote-capture-command-select", ws_required_argument1, NULL((void*)0), OPT_REMOTE_CAPTURE_COMMAND_SELECT}, | |||
| 69 | {"remote-capture-command", ws_required_argument1, NULL((void*)0), OPT_REMOTE_CAPTURE_COMMAND}, | |||
| 70 | {"remote-priv", ws_required_argument1, NULL((void*)0), OPT_REMOTE_PRIV}, | |||
| 71 | {"remote-priv-user", ws_required_argument1, NULL((void*)0), OPT_REMOTE_PRIV_USER}, | |||
| 72 | {"remote-modern-bpf", ws_no_argument0, NULL((void*)0), OPT_REMOTE_MODERN_BPF}, | |||
| 73 | {"remote-io-snaplen", ws_required_argument1, NULL((void*)0), OPT_REMOTE_IO_SNAPLEN}, | |||
| 74 | {0, 0, 0, 0}}; | |||
| 75 | ||||
| 76 | static int ssh_loop_read(ssh_channel channel, FILE* fp) | |||
| 77 | { | |||
| 78 | int nbytes; | |||
| 79 | int ret = EXIT_SUCCESS0; | |||
| 80 | char buffer[SSH_READ_BLOCK_SIZE256]; | |||
| 81 | ||||
| 82 | /* read from stdin until data are available */ | |||
| 83 | while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) { | |||
| 84 | nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE256, 0); | |||
| 85 | if (nbytes < 0) { | |||
| 86 | ws_warning("Error reading from channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 86, __func__, "Error reading from channel"); } } while (0); | |||
| 87 | goto end; | |||
| 88 | } | |||
| 89 | if (nbytes == 0) { | |||
| 90 | break; | |||
| 91 | } | |||
| 92 | if (fwrite(buffer, 1, nbytes, fp) != (unsigned)nbytes) { | |||
| 93 | ws_warning("Error writing to fifo")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 93, __func__, "Error writing to fifo"); } } while (0); | |||
| 94 | ret = EXIT_FAILURE1; | |||
| 95 | goto end; | |||
| 96 | } | |||
| 97 | fflush(fp); | |||
| 98 | } | |||
| 99 | ||||
| 100 | /* read loop finished... maybe something wrong happened. Read from stderr */ | |||
| 101 | while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) { | |||
| 102 | nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE256, 1); | |||
| 103 | if (nbytes < 0) { | |||
| 104 | ws_warning("Error reading from channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 104, __func__, "Error reading from channel"); } } while (0); | |||
| 105 | goto end; | |||
| 106 | } | |||
| 107 | if (fwrite(buffer, 1, nbytes, stderrstderr) != (unsigned)nbytes) { | |||
| 108 | ws_warning("Error writing to stderr")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 108, __func__, "Error writing to stderr"); } } while (0); | |||
| 109 | break; | |||
| 110 | } | |||
| 111 | } | |||
| 112 | ||||
| 113 | end: | |||
| 114 | if (ssh_channel_send_eof(channel) != SSH_OK0) { | |||
| 115 | ws_warning("Error sending EOF in ssh channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 115, __func__, "Error sending EOF in ssh channel"); } } while (0); | |||
| 116 | ret = EXIT_FAILURE1; | |||
| 117 | } | |||
| 118 | return ret; | |||
| 119 | } | |||
| 120 | ||||
| 121 | static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command_select, | |||
| 122 | const char* capture_command, const char* privilege, | |||
| 123 | const char* cfilter, const uint32_t count, bool_Bool modern_bpf, const uint32_t io_snaplen) | |||
| 124 | { | |||
| 125 | char* cmdline = NULL((void*)0); | |||
| 126 | ssh_channel channel; | |||
| 127 | unsigned int remote_port = 22; | |||
| 128 | ||||
| 129 | channel = ssh_channel_new(sshs); | |||
| 130 | if (!channel) { | |||
| 131 | ws_warning("Can't create channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 131, __func__, "Can't create channel"); } } while (0); | |||
| 132 | return NULL((void*)0); | |||
| 133 | } | |||
| 134 | ||||
| 135 | if (ssh_channel_open_session(channel) != SSH_OK0) { | |||
| 136 | ws_warning("Can't open session")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 136, __func__, "Can't open session"); } } while (0); | |||
| 137 | ssh_channel_free(channel); | |||
| 138 | return NULL((void*)0); | |||
| 139 | } | |||
| 140 | ||||
| 141 | ssh_options_get_port(sshs, &remote_port); | |||
| 142 | ||||
| 143 | if (capture_command_select == NULL((void*)0) || !g_strcmp0(capture_command_select, "other")) { | |||
| 144 | if (capture_command && *capture_command) { | |||
| 145 | cmdline = g_strdup(capture_command)g_strdup_inline (capture_command); | |||
| 146 | ws_debug("Remote capture command has disabled other options")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c" , 146, __func__, "Remote capture command has disabled other options" ); } } while (0); | |||
| 147 | } else { | |||
| 148 | capture_command_select = "sysdig"; | |||
| 149 | } | |||
| 150 | } | |||
| 151 | ||||
| 152 | /* escape parameters to go save with the shell */ | |||
| 153 | if (!g_strcmp0(capture_command_select, "sysdig")) { | |||
| 154 | char *count_str = NULL((void*)0); | |||
| 155 | char *io_snaplen_str = NULL((void*)0); | |||
| 156 | char *quoted_filter = NULL((void*)0); | |||
| 157 | ||||
| 158 | quoted_filter = g_shell_quote(cfilter ? cfilter : ""); | |||
| 159 | if (count > 0) { | |||
| 160 | count_str = ws_strdup_printf(" --numevents=%u", count)wmem_strdup_printf(((void*)0), " --numevents=%u", count); | |||
| 161 | } | |||
| 162 | if (io_snaplen > 0) { | |||
| 163 | io_snaplen_str = ws_strdup_printf(" --snaplen=%u", io_snaplen)wmem_strdup_printf(((void*)0), " --snaplen=%u", io_snaplen); | |||
| 164 | } | |||
| 165 | ||||
| 166 | cmdline = ws_strdup_printf("%s sysdig --unbuffered %s --write=- %s %s %s",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
| 167 | privilege,wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
| 168 | modern_bpf ? " --modern-bpf" : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
| 169 | count_str ? count_str : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
| 170 | io_snaplen_str ? io_snaplen_str : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter) | |||
| 171 | quoted_filter)wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s" , privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str : "", io_snaplen_str ? io_snaplen_str : "", quoted_filter); | |||
| 172 | ||||
| 173 | g_free(count_str); | |||
| 174 | g_free(io_snaplen_str); | |||
| 175 | g_free(quoted_filter); | |||
| 176 | } | |||
| 177 | ||||
| 178 | ws_debug("Running: %s", cmdline)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c" , 178, __func__, "Running: %s", cmdline); } } while (0); | |||
| 179 | if (ssh_channel_request_exec(channel, cmdline) != SSH_OK0) { | |||
| 180 | ws_warning("Can't request exec")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 180, __func__, "Can't request exec"); } } while (0); | |||
| 181 | ssh_channel_close(channel); | |||
| 182 | ssh_channel_free(channel); | |||
| 183 | channel = NULL((void*)0); | |||
| 184 | } | |||
| 185 | ||||
| 186 | g_free(cmdline); | |||
| 187 | ||||
| 188 | return channel; | |||
| 189 | } | |||
| 190 | ||||
| 191 | static int ssh_open_remote_connection(const ssh_params_t* params, const char* cfilter, | |||
| 192 | const char* capture_command_select, const char* capture_command, const char* privilege, | |||
| 193 | const uint32_t count, const char* fifo, bool_Bool modern_bpf, const uint32_t io_snaplen) | |||
| 194 | { | |||
| 195 | ssh_session sshs = NULL((void*)0); | |||
| 196 | ssh_channel channel = NULL((void*)0); | |||
| 197 | FILE* fp = stdoutstdout; | |||
| 198 | int ret = EXIT_FAILURE1; | |||
| 199 | char* err_info = NULL((void*)0); | |||
| 200 | ||||
| 201 | if (g_strcmp0(fifo, "-")) { | |||
| 202 | /* Open or create the output file */ | |||
| 203 | fp = fopen(fifo, "wb"); | |||
| 204 | if (fp
| |||
| 205 | ws_warning("Error creating output file: %s (%s)", fifo, g_strerror(errno))do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 205, __func__, "Error creating output file: %s (%s)", fifo, g_strerror((*__errno_location ()))); } } while (0); | |||
| 206 | return EXIT_FAILURE1; | |||
| 207 | } | |||
| 208 | } | |||
| 209 | ||||
| 210 | sshs = create_ssh_connection(params, &err_info); | |||
| 211 | ||||
| 212 | if (!sshs) { | |||
| 213 | ws_warning("Error creating connection.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 213, __func__, "Error creating connection."); } } while (0); | |||
| 214 | goto cleanup; | |||
| 215 | } | |||
| 216 | ||||
| 217 | channel = run_ssh_command(sshs, capture_command_select, capture_command, privilege, cfilter, count, modern_bpf, io_snaplen); | |||
| 218 | ||||
| 219 | if (!channel) { | |||
| 220 | ws_warning("Can't run ssh command.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 220, __func__, "Can't run ssh command."); } } while (0); | |||
| 221 | goto cleanup; | |||
| 222 | } | |||
| 223 | ||||
| 224 | /* read from channel and write into fp */ | |||
| 225 | if (ssh_loop_read(channel, fp) != EXIT_SUCCESS0) { | |||
| 226 | ws_warning("Error in read loop.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 226, __func__, "Error in read loop."); } } while (0); | |||
| 227 | ret = EXIT_FAILURE1; | |||
| 228 | goto cleanup; | |||
| 229 | } | |||
| 230 | ||||
| 231 | ret = EXIT_SUCCESS0; | |||
| 232 | cleanup: | |||
| 233 | if (err_info) | |||
| 234 | ws_warning("%s", err_info)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 234, __func__, "%s", err_info); } } while (0); | |||
| 235 | g_free(err_info); | |||
| 236 | ||||
| 237 | /* clean up and exit */ | |||
| 238 | ssh_cleanup(&sshs, &channel); | |||
| 239 | ||||
| 240 | if (g_strcmp0(fifo, "-")) | |||
| 241 | fclose(fp); | |||
| 242 | return ret; | |||
| ||||
| 243 | } | |||
| 244 | ||||
| 245 | static int list_config(char *interface) | |||
| 246 | { | |||
| 247 | unsigned inc = 0; | |||
| 248 | ||||
| 249 | if (!interface) { | |||
| 250 | ws_warning("ERROR: No interface specified.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 250, __func__, "ERROR: No interface specified."); } } while (0); | |||
| 251 | return EXIT_FAILURE1; | |||
| 252 | } | |||
| 253 | ||||
| 254 | if (g_strcmp0(interface, sshdig_extcap_interface)) { | |||
| 255 | ws_warning("ERROR: interface must be %s", sshdig_extcap_interface)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 255, __func__, "ERROR: interface must be %s", sshdig_extcap_interface ); } } while (0); | |||
| 256 | return EXIT_FAILURE1; | |||
| 257 | } | |||
| 258 | ||||
| 259 | printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}" | |||
| 260 | "{type=string}{tooltip=The remote SSH host. It can be both " | |||
| 261 | "an IP address or a hostname}{required=true}{group=Server}\n", inc++); | |||
| 262 | printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}" | |||
| 263 | "{type=unsigned}{default=22}{tooltip=The remote SSH host port (1-65535)}" | |||
| 264 | "{range=1,65535}{group=Server}\n", inc++); | |||
| 265 | printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}" | |||
| 266 | "{type=string}{tooltip=The remote SSH username. If not provided, " | |||
| 267 | "the current user will be used}{group=Authentication}\n", inc++); | |||
| 268 | printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}" | |||
| 269 | "{type=password}{tooltip=The SSH password, used when other methods (SSH agent " | |||
| 270 | "or key files) are unavailable.}{group=Authentication}\n", inc++); | |||
| 271 | printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}" | |||
| 272 | "{type=fileselect}{tooltip=The path on the local filesystem of the private SSH key (OpenSSH format)}" | |||
| 273 | "{mustexist=true}{group=Authentication}\n", inc++); | |||
| 274 | printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}" | |||
| 275 | "{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n", | |||
| 276 | inc++); | |||
| 277 | printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}" | |||
| 278 | "{type=string}{tooltip=The command to use as proxy for the SSH connection}" | |||
| 279 | "{group=Authentication}\n", inc++); | |||
| 280 | printf("arg {number=%u}{call=--ssh-sha1}{display=Support SHA-1 keys (deprecated)}" | |||
| 281 | "{type=boolflag}{tooltip=Support keys and key exchange algorithms using SHA-1 (deprecated)}{group=Authentication}" | |||
| 282 | "\n", inc++); | |||
| 283 | printf("arg {number=%u}{call=--remote-capture-command-select}{display=Remote capture command selection}" | |||
| 284 | "{type=radio}{tooltip=The remote capture command to build a command line for}{group=Capture}\n", inc); | |||
| 285 | printf("value {arg=%u}{value=sysdig}{display=sysdig}\n", inc); | |||
| 286 | // XXX Add falcodump? | |||
| 287 | printf("value {arg=%u}{value=other}{display=Other:}\n", inc++); | |||
| 288 | printf("arg {number=%u}{call=--remote-capture-command}{display=Remote capture command}" | |||
| 289 | "{type=string}{tooltip=The remote command used to capture}{group=Capture}\n", inc++); | |||
| 290 | printf("arg {number=%u}{call=--remote-priv}{display=Gain capture privilege on the remote machine}" | |||
| 291 | "{type=radio}{tooltip=Optionally prepend the capture command with sudo or doas on the remote machine}" | |||
| 292 | "{group=Capture}\n", inc); | |||
| 293 | printf("value {arg=%u}{value=none}{display=none}{default=true}\n", inc); | |||
| 294 | printf("value {arg=%u}{value=sudo}{display=sudo}\n", inc); | |||
| 295 | printf("value {arg=%u}{value=doas -n}{display=doas}\n", inc++); | |||
| 296 | printf("arg {number=%u}{call=--remote-priv-user}{display=Privileged user name for sudo or doas}" | |||
| 297 | "{type=string}{tooltip=User name of privileged user to execute the capture command on the remote machine}" | |||
| 298 | "{group=Capture}\n", inc++); | |||
| 299 | printf("{group=Capture}\n"); | |||
| 300 | printf("arg {number=%u}{call=--remote-count}{display=Events to capture}" | |||
| 301 | "{type=unsigned}{default=0}{tooltip=The number of remote events to capture. (Default: inf)}" | |||
| 302 | "{group=Capture}\n", inc++); | |||
| 303 | printf("arg {number=%u}{call=--remote-io-snaplen}{display=I/O snapshot length}" | |||
| 304 | "{type=unsigned}{default=80}{tooltip=The number of bytes to capture in each I/O event. (Default: 80)}" | |||
| 305 | "{group=Capture}\n", inc++); | |||
| 306 | printf("arg {number=%u}{call=--remote-modern-bpf}{display=Use eBPF}{type=boolflag}{default=true}" | |||
| 307 | "{tooltip=Use eBPF for capture. With this no kernel module is required}{group=Capture}\n", inc++); | |||
| 308 | ||||
| 309 | extcap_config_debug(&inc); | |||
| 310 | ||||
| 311 | return EXIT_SUCCESS0; | |||
| 312 | } | |||
| 313 | ||||
| 314 | int main(int argc, char *argv[]) | |||
| 315 | { | |||
| 316 | char* err_msg; | |||
| 317 | int result; | |||
| 318 | int option_idx = 0; | |||
| 319 | ssh_params_t* ssh_params = ssh_params_new(); | |||
| 320 | char* remote_capture_command_select = NULL((void*)0); | |||
| 321 | char* remote_capture_command = NULL((void*)0); | |||
| 322 | uint32_t count = 0; | |||
| 323 | uint32_t io_snaplen = 0; | |||
| 324 | int ret = EXIT_FAILURE1; | |||
| 325 | extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1)((extcap_parameters *) g_malloc0_n ((1), sizeof (extcap_parameters ))); | |||
| 326 | char* help_url; | |||
| 327 | char* help_header = NULL((void*)0); | |||
| 328 | char* priv = NULL((void*)0); | |||
| 329 | char* priv_user = NULL((void*)0); | |||
| 330 | char* interface_description = g_strdup("SSH remote syscall capture")g_strdup_inline ("SSH remote syscall capture"); | |||
| 331 | bool_Bool modern_bpf = 0; | |||
| 332 | ||||
| 333 | /* Set the program name. */ | |||
| 334 | g_set_prgname("sshdig"); | |||
| 335 | ||||
| 336 | /* Initialize log handler early so we can have proper logging during startup. */ | |||
| 337 | extcap_log_init(); | |||
| 338 | ||||
| 339 | sshdig_extcap_interface = g_path_get_basename(argv[0]); | |||
| 340 | if (g_str_has_suffix(sshdig_extcap_interface, ".exe")(__builtin_constant_p (".exe")? __extension__ ({ const char * const __str = (sshdig_extcap_interface); const char * const __suffix = (".exe"); gboolean __result = (0); if (__str == ((void*)0) || __suffix == ((void*)0)) __result = (g_str_has_suffix) (__str , __suffix); else { const size_t __str_len = strlen (((__str) + !(__str))); const size_t __suffix_len = strlen (((__suffix ) + !(__suffix))); if (__str_len >= __suffix_len) __result = memcmp (__str + __str_len - __suffix_len, ((__suffix) + !( __suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix ) (sshdig_extcap_interface, ".exe") )) { | |||
| ||||
| 341 | sshdig_extcap_interface[strlen(sshdig_extcap_interface) - 4] = '\0'; | |||
| 342 | } | |||
| 343 | ||||
| 344 | /* | |||
| 345 | * Get credential information for later use. | |||
| 346 | */ | |||
| 347 | init_process_policies(); | |||
| 348 | ||||
| 349 | /* | |||
| 350 | * Attempt to get the pathname of the directory containing the | |||
| 351 | * executable file. | |||
| 352 | */ | |||
| 353 | err_msg = configuration_init(argv[0]); | |||
| 354 | set_application_flavor(APPLICATION_FLAVOR_STRATOSHARK); | |||
| 355 | if (err_msg != NULL((void*)0)) { | |||
| 356 | ws_warning("Can't get pathname of directory containing the extcap program: %s.",do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 357, __func__, "Can't get pathname of directory containing the extcap program: %s." , err_msg); } } while (0) | |||
| 357 | err_msg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 357, __func__, "Can't get pathname of directory containing the extcap program: %s." , err_msg); } } while (0); | |||
| 358 | g_free(err_msg); | |||
| 359 | } | |||
| 360 | ||||
| 361 | help_url = data_file_url("sshdig.html"); | |||
| 362 | extcap_base_set_util_info(extcap_conf, argv[0], SSHDIG_VERSION_MAJOR"1", SSHDIG_VERSION_MINOR"0", | |||
| 363 | SSHDIG_VERSION_RELEASE"0", help_url); | |||
| 364 | g_free(help_url); | |||
| 365 | add_libssh_info(extcap_conf); | |||
| 366 | if (g_strcmp0(sshdig_extcap_interface, DEFAULT_SSHDIG_EXTCAP_INTERFACE"sshdig")) { | |||
| 367 | char* temp = interface_description; | |||
| 368 | interface_description = ws_strdup_printf("%s, custom version", interface_description)wmem_strdup_printf(((void*)0), "%s, custom version", interface_description ); | |||
| 369 | g_free(temp); | |||
| 370 | } | |||
| 371 | extcap_base_register_interface(extcap_conf, sshdig_extcap_interface, interface_description, 147, "Remote capture dependent DLT"); | |||
| 372 | g_free(interface_description); | |||
| 373 | ||||
| 374 | help_header = ws_strdup_printf(wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
| 375 | " %s --extcap-interfaces\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
| 376 | " %s --extcap-interface=%s --extcap-dlts\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
| 377 | " %s --extcap-interface=%s --extcap-config\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
| 378 | " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
| 379 | "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface, argv[0],wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ) | |||
| 380 | sshdig_extcap_interface, argv[0], sshdig_extcap_interface)wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n" " %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface , argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface ); | |||
| 381 | extcap_help_add_header(extcap_conf, help_header); | |||
| 382 | g_free(help_header); | |||
| 383 | extcap_help_add_option(extcap_conf, "--help", "print this help"); | |||
| 384 | extcap_help_add_option(extcap_conf, "--version", "print the version"); | |||
| 385 | extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host"); | |||
| 386 | extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port"); | |||
| 387 | extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username"); | |||
| 388 | extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. If not specified, ssh-agent and ssh-key are used"); | |||
| 389 | extcap_help_add_option(extcap_conf, "--sshkey <private key path>", "the path of the SSH key (OpenSSH format)"); | |||
| 390 | extcap_help_add_option(extcap_conf, "--sshkey-passphrase <private key passphrase>", "the passphrase to unlock private SSH key"); | |||
| 391 | extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy for the SSH connection"); | |||
| 392 | extcap_help_add_option(extcap_conf, "--ssh-sha1", "support keys and key exchange using SHA-1 (deprecated)"); | |||
| 393 | extcap_help_add_option(extcap_conf, "--remote-capture-command-select <selection>", "sysdig or other remote capture command"); | |||
| 394 | extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command"); | |||
| 395 | extcap_help_add_option(extcap_conf, "--remote-priv <selection>", "none, sudo or doas"); | |||
| 396 | extcap_help_add_option(extcap_conf, "--remote-priv-user <username>", "privileged user name"); | |||
| 397 | extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of events to capture"); | |||
| 398 | extcap_help_add_option(extcap_conf, "--remote-modern-bpf", "use eBPF"); | |||
| 399 | extcap_help_add_option(extcap_conf, "--remote-io-snaplen <snaplen>", "the number of bytes to capture in each I/O event"); | |||
| 400 | ||||
| 401 | ws_opterr = 0; | |||
| 402 | ws_optind = 0; | |||
| 403 | ||||
| 404 | if (argc == 1) { | |||
| 405 | extcap_help_print(extcap_conf); | |||
| 406 | goto end; | |||
| 407 | } | |||
| 408 | ||||
| 409 | while ((result = ws_getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) { | |||
| 410 | ||||
| 411 | switch (result) { | |||
| 412 | ||||
| 413 | case OPT_HELP: | |||
| 414 | extcap_help_print(extcap_conf); | |||
| 415 | ret = EXIT_SUCCESS0; | |||
| 416 | goto end; | |||
| 417 | ||||
| 418 | case OPT_VERSION: | |||
| 419 | extcap_version_print(extcap_conf); | |||
| 420 | ret = EXIT_SUCCESS0; | |||
| 421 | goto end; | |||
| 422 | ||||
| 423 | case OPT_REMOTE_HOST: | |||
| 424 | g_free(ssh_params->host); | |||
| 425 | ssh_params->host = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 426 | break; | |||
| 427 | ||||
| 428 | case OPT_REMOTE_PORT: | |||
| 429 | if (!ws_strtou16(ws_optarg, NULL((void*)0), &ssh_params->port) || ssh_params->port == 0) { | |||
| 430 | ws_warning("Invalid port: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 430, __func__, "Invalid port: %s", ws_optarg); } } while (0 ); | |||
| 431 | goto end; | |||
| 432 | } | |||
| 433 | break; | |||
| 434 | ||||
| 435 | case OPT_REMOTE_USERNAME: | |||
| 436 | g_free(ssh_params->username); | |||
| 437 | ssh_params->username = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 438 | break; | |||
| 439 | ||||
| 440 | case OPT_REMOTE_PASSWORD: | |||
| 441 | g_free(ssh_params->password); | |||
| 442 | ssh_params->password = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 443 | memset(ws_optarg, 'X', strlen(ws_optarg)); | |||
| 444 | break; | |||
| 445 | ||||
| 446 | case OPT_SSHKEY: | |||
| 447 | g_free(ssh_params->sshkey_path); | |||
| 448 | ssh_params->sshkey_path = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 449 | break; | |||
| 450 | ||||
| 451 | case OPT_SSHKEY_PASSPHRASE: | |||
| 452 | g_free(ssh_params->sshkey_passphrase); | |||
| 453 | ssh_params->sshkey_passphrase = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 454 | memset(ws_optarg, 'X', strlen(ws_optarg)); | |||
| 455 | break; | |||
| 456 | ||||
| 457 | case OPT_PROXYCOMMAND: | |||
| 458 | g_free(ssh_params->proxycommand); | |||
| 459 | ssh_params->proxycommand = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 460 | break; | |||
| 461 | ||||
| 462 | case OPT_SSH_SHA1: | |||
| 463 | ssh_params->ssh_sha1 = true1; | |||
| 464 | break; | |||
| 465 | ||||
| 466 | case OPT_REMOTE_CAPTURE_COMMAND_SELECT: | |||
| 467 | g_free(remote_capture_command_select); | |||
| 468 | remote_capture_command_select = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 469 | break; | |||
| 470 | ||||
| 471 | case OPT_REMOTE_CAPTURE_COMMAND: | |||
| 472 | g_free(remote_capture_command); | |||
| 473 | remote_capture_command = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 474 | break; | |||
| 475 | ||||
| 476 | case OPT_REMOTE_PRIV: | |||
| 477 | g_free(priv); | |||
| 478 | priv = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 479 | break; | |||
| 480 | ||||
| 481 | case OPT_REMOTE_PRIV_USER: | |||
| 482 | g_free(priv_user); | |||
| 483 | priv_user = g_strdup(ws_optarg)g_strdup_inline (ws_optarg); | |||
| 484 | break; | |||
| 485 | ||||
| 486 | case OPT_REMOTE_COUNT: | |||
| 487 | if (!ws_strtou32(ws_optarg, NULL((void*)0), &count)) { | |||
| 488 | ws_warning("Invalid value for count: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 488, __func__, "Invalid value for count: %s", ws_optarg); } } while (0); | |||
| 489 | goto end; | |||
| 490 | } | |||
| 491 | break; | |||
| 492 | ||||
| 493 | case OPT_REMOTE_MODERN_BPF: | |||
| 494 | modern_bpf = true1; | |||
| 495 | break; | |||
| 496 | ||||
| 497 | case OPT_REMOTE_IO_SNAPLEN: | |||
| 498 | if (!ws_strtou32(ws_optarg, NULL((void*)0), &io_snaplen)) { | |||
| 499 | ws_warning("Invalid value for I/O snapshot length: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 499, __func__, "Invalid value for I/O snapshot length: %s", ws_optarg); } } while (0); | |||
| 500 | goto end; | |||
| 501 | } | |||
| 502 | break; | |||
| 503 | ||||
| 504 | case ':': | |||
| 505 | /* missing option argument */ | |||
| 506 | ws_warning("Option '%s' requires an argument", argv[ws_optind - 1])do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 506, __func__, "Option '%s' requires an argument", argv[ws_optind - 1]); } } while (0); | |||
| 507 | break; | |||
| 508 | ||||
| 509 | default: | |||
| 510 | if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, ws_optarg)) { | |||
| 511 | ws_warning("Invalid option: %s", argv[ws_optind - 1])do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 511, __func__, "Invalid option: %s", argv[ws_optind - 1]); } } while (0); | |||
| 512 | goto end; | |||
| 513 | } | |||
| 514 | } | |||
| 515 | } | |||
| 516 | ||||
| 517 | extcap_cmdline_debug(argv, argc); | |||
| 518 | ||||
| 519 | if (extcap_base_handle_interface(extcap_conf)) { | |||
| 520 | ret = EXIT_SUCCESS0; | |||
| 521 | goto end; | |||
| 522 | } | |||
| 523 | ||||
| 524 | if (extcap_conf->show_config) { | |||
| 525 | ret = list_config(extcap_conf->interface); | |||
| 526 | goto end; | |||
| 527 | } | |||
| 528 | ||||
| 529 | err_msg = ws_init_sockets(); | |||
| 530 | if (err_msg != NULL((void*)0)) { | |||
| 531 | ws_warning("ERROR: %s", err_msg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 531, __func__, "ERROR: %s", err_msg); } } while (0); | |||
| 532 | g_free(err_msg); | |||
| 533 | ws_warning("%s", please_report_bug())do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 533, __func__, "%s", please_report_bug()); } } while (0); | |||
| 534 | goto end; | |||
| 535 | } | |||
| 536 | ||||
| 537 | if (extcap_conf->capture) { | |||
| 538 | char* privilege; | |||
| 539 | ||||
| 540 | if (!ssh_params->host) { | |||
| 541 | ws_warning("Missing parameter: --remote-host")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c" , 541, __func__, "Missing parameter: --remote-host"); } } while (0); | |||
| 542 | goto end; | |||
| 543 | } | |||
| 544 | ||||
| 545 | if ((priv
| |||
| 546 | if ((priv_user) && strlen(g_strstrip(priv_user)g_strchomp (g_strchug (priv_user)))) | |||
| 547 | /* Both sudo and doas use the same command line option */ | |||
| 548 | privilege = g_strconcat(priv, " -u ", priv_user, NULL((void*)0)); | |||
| 549 | else | |||
| 550 | privilege = g_strdup(priv)g_strdup_inline (priv); | |||
| 551 | } else { | |||
| 552 | privilege = g_strdup("")g_strdup_inline (""); | |||
| 553 | } | |||
| 554 | ||||
| 555 | ssh_params_set_log_level(ssh_params, extcap_conf->debug); | |||
| 556 | ret = ssh_open_remote_connection(ssh_params, extcap_conf->capture_filter, | |||
| 557 | remote_capture_command_select, remote_capture_command, | |||
| 558 | privilege, count, extcap_conf->fifo, modern_bpf, io_snaplen); | |||
| 559 | g_free(privilege); | |||
| 560 | } else { | |||
| 561 | ws_debug("You should not come here... maybe some parameter missing?")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c" , 561, __func__, "You should not come here... maybe some parameter missing?" ); } } while (0); | |||
| 562 | ret = EXIT_FAILURE1; | |||
| 563 | } | |||
| 564 | ||||
| 565 | end: | |||
| 566 | /* clean up stuff */ | |||
| 567 | ssh_params_free(ssh_params); | |||
| 568 | g_free(remote_capture_command_select); | |||
| 569 | g_free(remote_capture_command); | |||
| 570 | g_free(priv); | |||
| 571 | g_free(priv_user); | |||
| 572 | extcap_base_cleanup(&extcap_conf); | |||
| 573 | return ret; | |||
| 574 | } |