shell.cc 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999
  1. /*
  2. * Copyright (C) 1997 Robey Pointer
  3. * Copyright (C) 1999 - 2002 Eggheads Development Team
  4. * Copyright (C) 2002 - 2014 Bryan Drewery
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version 2
  9. * of the License, or (at your option) any later version.
  10. *
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with this program; if not, write to the Free Software
  18. * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  19. */
  20. /*
  21. * shell.c -- handles:
  22. *
  23. * All shell related functions
  24. * -shell_exec()
  25. * -botconfig parsing
  26. * -check_*()
  27. * -crontab functions
  28. *
  29. */
  30. #include "common.h"
  31. #include "shell.h"
  32. #include "chanprog.h"
  33. #include "set.h"
  34. #include "settings.h"
  35. #include "userrec.h"
  36. #include "net.h"
  37. #include "flags.h"
  38. #include "tandem.h"
  39. #include "main.h"
  40. #include "dccutil.h"
  41. #include "misc.h"
  42. #include "misc_file.h"
  43. #include "bg.h"
  44. #include "stat.h"
  45. #include "users.h"
  46. #include "botnet.h"
  47. #include "src/mod/server.mod/server.h"
  48. #include <bdlib/src/String.h>
  49. #include <bdlib/src/Stream.h>
  50. #include <sys/types.h>
  51. #include <pwd.h>
  52. #include <signal.h>
  53. #ifdef HAVE_SYS_PRCTL_H
  54. #include <sys/prctl.h>
  55. #ifndef PR_SET_PTRACER
  56. #define PR_SET_PTRACER 0x59616d61
  57. #endif
  58. #endif
  59. #ifdef HAVE_SYS_PROCCTL_H
  60. #include <sys/procctl.h>
  61. #ifndef PROC_TRACE_CTL
  62. #define PROC_TRACE_CTL 7
  63. #endif
  64. #ifndef PROC_TRACE_STATUS
  65. #define PROC_TRACE_STATUS 8
  66. #endif
  67. #ifndef PROC_TRACE_CTL_DISABLE
  68. #define PROC_TRACE_CTL_DISABLE 2
  69. #endif
  70. #endif /* HAVE_SYS_PROCCTL_H */
  71. #ifdef HAVE_SYS_PTRACE_H
  72. # include <sys/ptrace.h>
  73. #endif /* HAVE_SYS_PTRACE_H */
  74. #include <sys/wait.h>
  75. #include <sys/utsname.h>
  76. #include <pwd.h>
  77. #include <errno.h>
  78. #include <net/if.h>
  79. #include <sys/ioctl.h>
  80. #include <sys/socket.h>
  81. #include <ctype.h>
  82. #include <fcntl.h>
  83. #include <sys/stat.h>
  84. #include <unistd.h>
  85. #include <dirent.h>
  86. #include "botmsg.h"
  87. bool clear_tmpdir = 0;
  88. void clear_tmp()
  89. {
  90. if (!clear_tmpdir)
  91. return;
  92. DIR *tmp = NULL;
  93. if (!(tmp = opendir(tempdir)))
  94. return;
  95. struct dirent *dir_ent = NULL;
  96. char *file = NULL;
  97. size_t flen = 0;
  98. while ((dir_ent = readdir(tmp))) {
  99. if (strncmp(dir_ent->d_name, ".pid.", 4) &&
  100. strncmp(dir_ent->d_name, ".u", 2) &&
  101. strcmp(dir_ent->d_name, ".bin.old") &&
  102. strncmp(dir_ent->d_name, STR(".socks-"), 7) &&
  103. strcmp(dir_ent->d_name, ".") &&
  104. strcmp(dir_ent->d_name, "..")) {
  105. flen = strlen(dir_ent->d_name) + strlen(tempdir) + 1;
  106. file = (char *) calloc(1, flen);
  107. strlcat(file, tempdir, flen);
  108. strlcat(file, dir_ent->d_name, flen);
  109. file[strlen(file)] = 0;
  110. sdprintf("clear_tmp: %s", file);
  111. unlink(file);
  112. free(file);
  113. }
  114. }
  115. closedir(tmp);
  116. return;
  117. }
  118. void check_maxfiles()
  119. {
  120. int sock = -1, sock1 = -1 , bogus = 0, failed_close = 0;
  121. #ifdef USE_IPV6
  122. sock1 = getsock(0, AF_INET); /* fill up any lower avail */
  123. sock = getsock(0, AF_INET);
  124. #else
  125. sock1 = getsock(0);
  126. sock = getsock(0);
  127. #endif
  128. if (sock1 != -1)
  129. killsock(sock1);
  130. if (sock == -1) {
  131. return;
  132. } else
  133. killsock(sock);
  134. bogus = sock - socks_total - 4; //4 for stdin/stdout/stderr/dns
  135. if (unlikely(bogus >= 50)) { /* Attempt to close them */
  136. sdprintf("SOCK: %d BOGUS: %d SOCKS_TOTAL: %d", sock, bogus, socks_total);
  137. for (int i = 10; i < sock; i++) /* dont close lower sockets, they're probably legit */
  138. if (!findanysnum(i)) {
  139. if ((close(i)) == -1) /* try to close the BOGUS fd (likely a KQUEUE) */
  140. failed_close++;
  141. else
  142. bogus--;
  143. }
  144. if (bogus >= 150 || failed_close >= 50) {
  145. if (tands > 0) {
  146. botnet_send_chat(-1, conf.bot->nick, "Max FD reached, restarting...");
  147. botnet_send_bye("Max FD reached, restarting...");
  148. }
  149. nuke_server("brb");
  150. cycle_time = 0;
  151. restart(-1);
  152. } else if (bogus >= 100 && (bogus % 10) == 0) {
  153. putlog(LOG_WARN, "*", "* WARNING: $b%d$b bogus file descriptors detected, auto restart at 150", bogus);
  154. }
  155. }
  156. }
  157. void check_mypid()
  158. {
  159. pid_t pid = 0;
  160. if (can_stat(conf.bot->pid_file))
  161. pid = checkpid(conf.bot->nick, NULL);
  162. if (pid && (pid != getpid()))
  163. fatal(STR("getpid() does not match pid in file. Possible cloned process, exiting.."), 0);
  164. }
  165. char last_buf[128] = "";
  166. void check_last() {
  167. if (login == DET_IGNORE)
  168. return;
  169. if (conf.username) {
  170. char *out = NULL, buf[50] = "";
  171. simple_snprintf(buf, sizeof(buf), STR("last -10 %s"), conf.username);
  172. if (shell_exec(buf, NULL, &out, NULL, 1)) {
  173. if (out) {
  174. char *p = NULL;
  175. p = strchr(out, '\n');
  176. if (p)
  177. *p = 0;
  178. if (strlen(out) > 10) {
  179. if (last_buf[0]) {
  180. if (strncmp(last_buf, out, sizeof(last_buf))) {
  181. char *work = NULL;
  182. size_t siz = strlen(out) + 7 + 2 + 1;
  183. work = (char *) calloc(1, siz);
  184. simple_snprintf(work, siz, STR("Login: %s"), out);
  185. detected(DETECT_LOGIN, work);
  186. free(work);
  187. }
  188. }
  189. strlcpy(last_buf, out, sizeof(last_buf));
  190. }
  191. free(out);
  192. }
  193. }
  194. }
  195. }
  196. void check_promisc()
  197. {
  198. #ifdef SIOCGIFCONF
  199. if (promisc == DET_IGNORE)
  200. return;
  201. int sock = socket(AF_INET, SOCK_DGRAM, 0);
  202. if (sock < 0)
  203. return;
  204. struct ifconf ifcnf;
  205. char buf[1024] = "";
  206. ifcnf.ifc_len = sizeof(buf);
  207. ifcnf.ifc_buf = buf;
  208. if (ioctl(sock, SIOCGIFCONF, &ifcnf) < 0) {
  209. close(sock);
  210. return;
  211. }
  212. char *reqp = NULL, *end_req = NULL;
  213. reqp = buf; /* pointer to start of array */
  214. end_req = buf + ifcnf.ifc_len; /* pointer to end of array */
  215. while (reqp < end_req) {
  216. struct ifreq ifreq, *ifr = NULL;
  217. ifr = reinterpret_cast<struct ifreq *>(reqp); /* start examining interface */
  218. ifreq = *ifr;
  219. if (!ioctl(sock, SIOCGIFFLAGS, &ifreq)) { /* we can read this interface! */
  220. /* sdprintf("Examing interface: %s", ifr->ifr_name); */
  221. if (unlikely(ifreq.ifr_flags & IFF_PROMISC) && strncmp(ifr->ifr_name, "pflog", 5) && strncmp(ifr->ifr_name, "ipfw", 4)) {
  222. char which[101] = "";
  223. simple_snprintf(which, sizeof(which), STR("Detected promiscuous mode on interface: %s"), ifr->ifr_name);
  224. ioctl(sock, SIOCSIFFLAGS, &ifreq); /* set flags */
  225. detected(DETECT_PROMISC, which);
  226. break;
  227. }
  228. }
  229. /* move pointer to next array element (next interface) */
  230. reqp += sizeof(ifr->ifr_name) + sizeof(ifr->ifr_addr);
  231. }
  232. close(sock);
  233. #endif /* SIOCGIFCONF */
  234. }
  235. #ifndef DEBUG
  236. bool traced = 0;
  237. static void got_sigtrap(int z)
  238. {
  239. traced = 0;
  240. }
  241. #endif
  242. void check_trace(int start)
  243. {
  244. #ifdef DEBUG
  245. #ifdef PR_SET_PTRACER_ANY
  246. if (start == 1)
  247. prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0);
  248. #endif
  249. return;
  250. #else
  251. #if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
  252. int status = 0;
  253. #endif
  254. if (start == 0 && trace == DET_IGNORE)
  255. return;
  256. pid_t parent = getpid();
  257. #if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
  258. /* FreeBSD let's us know if we're being traced already. */
  259. if (procctl(P_PID, parent, PROC_TRACE_STATUS, &status) == 0 &&
  260. status > 0) {
  261. /* status contains the pid of the tracer. Be mean. */
  262. kill(status, SIGSEGV);
  263. traced = 1;
  264. }
  265. #endif
  266. if (!traced) {
  267. /* we send ourselves a SIGTRAP, if we recieve, we're not being traced,
  268. * otherwise we might be. The debugger may smartly just forward the
  269. * signal if it knows it didn't request it, such as FreeBSD truss
  270. * after r288903. */
  271. signal(SIGTRAP, got_sigtrap);
  272. traced = 1;
  273. raise(SIGTRAP);
  274. signal(SIGTRAP, SIG_DFL);
  275. }
  276. if (!traced) {
  277. signal(SIGINT, got_sigtrap);
  278. traced = 1;
  279. raise(SIGINT);
  280. signal(SIGINT, got_int);
  281. }
  282. if (traced) {
  283. if (start) {
  284. kill(parent, SIGKILL);
  285. exit(1);
  286. } else
  287. detected(DETECT_TRACE, STR("I'm being traced!"));
  288. } else {
  289. if (!start)
  290. return;
  291. int tracing_safe = 0;
  292. #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) && defined(PR_GET_DUMPABLE)
  293. /* Try to disable ptrace and core dumping entirely. */
  294. if (prctl(PR_GET_DUMPABLE) == 0 ||
  295. (prctl(PR_SET_DUMPABLE, 0) == 0 && prctl(PR_GET_DUMPABLE) == 0)) {
  296. tracing_safe = 1;
  297. }
  298. #elif defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
  299. if ((procctl(P_PID, parent, PROC_TRACE_STATUS, &status) == 0 &&
  300. status == -1) ||
  301. (status = PROC_TRACE_CTL_DISABLE,
  302. procctl(P_PID, parent, PROC_TRACE_CTL, &status) == 0)) {
  303. tracing_safe = 1;
  304. }
  305. #endif
  306. if (tracing_safe) {
  307. /* We're safe! Don't bother with further checks. */
  308. putlog(LOG_DEBUG, "*", "Ptrace disabled, no longer checking.");
  309. trace = DET_IGNORE;
  310. return;
  311. }
  312. #ifndef __sun__
  313. int x, i, filedes[2];
  314. if (pipe(filedes) != 0) {
  315. /* Could be a temporary failure, don't be harsh. */
  316. return;
  317. }
  318. /* now, let's attempt to ptrace ourself */
  319. switch ((x = fork())) {
  320. case -1:
  321. return;
  322. case 0: //child
  323. char buf[1];
  324. while (read(filedes[0], buf, sizeof(buf)) != 1)
  325. ;
  326. i = ptrace(PT_ATTACH, parent, 0, 0);
  327. if (i == -1 &&
  328. /* Linux compat or otherwise removed syscall. Just ignore. */
  329. errno != ENOSYS &&
  330. /* EPERM is given on fbsd when security.bsd.unprivileged_proc_debug=0 */
  331. #ifdef __FreeBSD__
  332. errno != EPERM &&
  333. #endif
  334. errno != EINVAL) {
  335. if (start) {
  336. kill(parent, SIGKILL);
  337. exit(1);
  338. } else
  339. detected(DETECT_TRACE, STR("I'm being traced!"));
  340. } else if (i == 0) {
  341. waitpid(parent, NULL, 0);
  342. ptrace(PT_DETACH, parent, (char *) 1, 0);
  343. }
  344. exit(0);
  345. default: //parent
  346. #ifdef PR_SET_PTRACER
  347. // Allow the child to debug the parent on Linux 3.4+
  348. // https://github.com/torvalds/linux/commit/2d514487faf188938a4ee4fb3464eeecfbdcf8eb
  349. prctl(PR_SET_PTRACER, x, 0, 0, 0);
  350. #endif
  351. /* Not likely to happen, but make debian FORTIFY_SOURCE happy. */
  352. if (write(filedes[1], "+", 1) != 1) {
  353. kill(x, SIGKILL);
  354. }
  355. waitpid(x, NULL, 0);
  356. close(filedes[0]);
  357. close(filedes[1]);
  358. }
  359. #endif
  360. }
  361. #endif /* !DEBUG */
  362. }
  363. int shell_exec(char *cmdline, char *input, char **output, char **erroutput, bool simple)
  364. {
  365. if (!cmdline)
  366. return 0;
  367. Tempfile *in = NULL, *out = NULL, *err = NULL;
  368. int x;
  369. /* Set up temp files */
  370. in = new Tempfile("in");
  371. if (!in || in->error) {
  372. // putlog(LOG_ERRORS, "*" , "exec: Couldn't open '%s': %s", in->file, strerror(errno));
  373. delete in;
  374. return 0;
  375. }
  376. if (input) {
  377. if (fwrite(input, strlen(input), 1, in->f) != 1) {
  378. // putlog(LOG_ERRORS, "*", "exec: Couldn't write to '%s': %s", in->file, strerror(errno));
  379. delete in;
  380. return 0;
  381. }
  382. fseek(in->f, 0, SEEK_SET);
  383. }
  384. err = new Tempfile("err");
  385. if (!err || err->error) {
  386. // putlog(LOG_ERRORS, "*", "exec: Couldn't open '%s': %s", err->file, strerror(errno));
  387. delete in;
  388. delete err;
  389. return 0;
  390. }
  391. out = new Tempfile("out");
  392. if (!out || out->error) {
  393. // putlog(LOG_ERRORS, "*", "exec: Couldn't open '%s': %s", out->file, strerror(errno));
  394. delete in;
  395. delete err;
  396. delete out;
  397. return 0;
  398. }
  399. x = fork();
  400. if (x == -1) {
  401. putlog(LOG_ERRORS, "*", "exec: fork() failed: %s", strerror(errno));
  402. delete in;
  403. delete err;
  404. delete out;
  405. return 0;
  406. }
  407. if (x) { /* Parent: wait for the child to complete */
  408. int st = 0;
  409. size_t fs = 0;
  410. #ifdef PR_SET_PTRACER
  411. // Allow the child to debug the parent on Linux 3.4+
  412. // https://github.com/torvalds/linux/commit/2d514487faf188938a4ee4fb3464eeecfbdcf8eb
  413. prctl(PR_SET_PTRACER, x, 0, 0, 0);
  414. #endif
  415. waitpid(x, &st, 0);
  416. /* child is now complete, read the files into buffers */
  417. delete in;
  418. fflush(out->f);
  419. fflush(err->f);
  420. if (erroutput) {
  421. char *buf = NULL;
  422. fseek(err->f, 0, SEEK_END);
  423. fs = ftell(err->f);
  424. if (fs == 0) {
  425. (*erroutput) = NULL;
  426. } else {
  427. buf = (char *) calloc(1, fs + 1);
  428. fseek(err->f, 0, SEEK_SET);
  429. if (!fread(buf, 1, fs, err->f))
  430. fs = 0;
  431. buf[fs] = 0;
  432. (*erroutput) = buf;
  433. }
  434. }
  435. delete err;
  436. if (output) {
  437. char *buf = NULL;
  438. fseek(out->f, 0, SEEK_END);
  439. fs = ftell(out->f);
  440. if (fs == 0) {
  441. (*output) = NULL;
  442. } else {
  443. buf = (char *) calloc(1, fs + 1);
  444. fseek(out->f, 0, SEEK_SET);
  445. if (!fread(buf, 1, fs, out->f))
  446. fs = 0;
  447. buf[fs] = 0;
  448. (*output) = buf;
  449. }
  450. }
  451. delete out;
  452. return 1;
  453. } else {
  454. /* Child: make fd's and set them up as std* */
  455. // int ind, outd, errd;
  456. // ind = fileno(inpFile);
  457. // outd = fileno(outFile);
  458. // errd = fileno(errFile);
  459. if (dup2(in->fd, STDIN_FILENO) == (-1)) {
  460. exit(1);
  461. }
  462. if (dup2(out->fd, STDOUT_FILENO) == (-1)) {
  463. exit(1);
  464. }
  465. if (dup2(err->fd, STDERR_FILENO) == (-1)) {
  466. exit(1);
  467. }
  468. // Close all sockets
  469. #ifdef HAVE_CLOSEFROM
  470. closefrom(3);
  471. #else
  472. for (int fd = 3; fd < MAX_SOCKETS; ++fd)
  473. close(fd);
  474. #endif
  475. char *argv[15];
  476. if (simple) {
  477. char *p = NULL;
  478. int n = 0;
  479. char *mycmdline = strdup(cmdline);
  480. while (mycmdline[0] && (p = newsplit(&mycmdline)))
  481. argv[n++] = p;
  482. argv[n] = NULL;
  483. } else {
  484. argv[0] = "/bin/sh";
  485. argv[1] = "-c";
  486. argv[2] = cmdline;
  487. argv[3] = NULL;
  488. }
  489. execvp(argv[0], &argv[0]);
  490. exit(1);
  491. }
  492. }
  493. int simple_exec(const char* argv[]) {
  494. pid_t pid, savedpid;
  495. int status;
  496. switch ((pid = vfork())) {
  497. case -1:
  498. return -1;
  499. case 0: //child
  500. // Close all sockets
  501. #ifdef HAVE_CLOSEFROM
  502. closefrom(3);
  503. #else
  504. for (int fd = 3; fd < MAX_SOCKETS; ++fd)
  505. close(fd);
  506. #endif
  507. execvp(argv[0], (char* const*) &argv[0]);
  508. _exit(127);
  509. default: //parent
  510. savedpid = pid;
  511. do {
  512. pid = wait4(savedpid, &status, 0, (struct rusage *)0);
  513. } while (pid == -1 && errno == EINTR);
  514. return (pid == -1 ? -1 : status);
  515. }
  516. }
  517. void suicide(const char *msg)
  518. {
  519. char tmp[512] = "";
  520. if (!conf.bot->localhub) {
  521. //im not a localhub, ask the localhub to suicide
  522. simple_snprintf(tmp, sizeof(tmp), STR("suicide %s"), msg);
  523. putbot(conf.localhub, tmp);
  524. return;
  525. } else {
  526. //im the localhub, loop thru bots and kill 'em
  527. putlog(LOG_WARN, "*", STR("Comitting suicide: %s"), msg);
  528. crontab_del();
  529. conf_bot *bot = NULL;
  530. for (bot = conf.bots; bot && bot->nick; bot = bot->next) {
  531. if (!strcmp(conf.bot->nick, bot->nick))
  532. continue; //skip myself or i wont be able to remove the rest
  533. bot->pid = checkpid(bot->nick, bot);
  534. conf_killbot(conf.bots, NULL, bot, SIGKILL);
  535. unlink(bot->pid_file);
  536. deluser(bot->nick);
  537. }
  538. }
  539. if (!conf.bot->hub) {
  540. nuke_server(STR("kill the infidels!"));
  541. sleep(1);
  542. } else {
  543. unlink(userfile);
  544. simple_snprintf(tmp, sizeof(tmp), STR("%s~new"), userfile);
  545. unlink(tmp);
  546. simple_snprintf(tmp, sizeof(tmp), STR("%s~"), userfile);
  547. unlink(tmp);
  548. simple_snprintf(tmp, sizeof(tmp), STR("%s/%s~"), conf.datadir, userfile);
  549. unlink(tmp);
  550. simple_snprintf(tmp, sizeof(tmp), STR("%s/.u.0"), conf.datadir);
  551. unlink(tmp);
  552. simple_snprintf(tmp, sizeof(tmp), STR("%s/.u.1"), conf.datadir);
  553. unlink(tmp);
  554. }
  555. unlink(binname);
  556. //Not recursively clearing these dirs as they may be ~USER/ ..
  557. unlink(conf.datadir); //Probably will fail, shrug
  558. unlink(tempdir); //Probably will fail too, oh well
  559. //now deal with myself after the rest of the conf.bots are gone
  560. deluser(conf.bot->nick);
  561. unlink(conf.bot->pid_file);
  562. //and die in agony!
  563. fatal(msg, 0);
  564. }
  565. void detected(int code, const char *msg)
  566. {
  567. char tmp[512] = "";
  568. struct flag_record fr = { FR_GLOBAL, 0, 0, 0 };
  569. int act = DET_WARN, do_fatal = 0, killbots = 0;
  570. if (code == DETECT_LOGIN)
  571. act = login;
  572. if (code == DETECT_TRACE)
  573. act = trace;
  574. if (code == DETECT_PROMISC)
  575. act = promisc;
  576. if (code == DETECT_HIJACK)
  577. act = hijack;
  578. switch (act) {
  579. case DET_IGNORE:
  580. break;
  581. case DET_WARN:
  582. putlog(LOG_WARN, "*", "%s", msg);
  583. break;
  584. case DET_REJECT:
  585. do_fork();
  586. putlog(LOG_WARN, "*", STR("Setting myself +d: %s"), msg);
  587. simple_snprintf(tmp, sizeof(tmp), "+d: %s", msg);
  588. set_user(&USERENTRY_COMMENT, conf.bot->u, tmp);
  589. fr.global = USER_DEOP;
  590. fr.bot = 1;
  591. set_user_flagrec(conf.bot->u, &fr, 0);
  592. sleep(1);
  593. break;
  594. case DET_DIE:
  595. putlog(LOG_WARN, "*", STR("Dying: %s"), msg);
  596. simple_snprintf(tmp, sizeof(tmp), STR("Dying: %s"), msg);
  597. set_user(&USERENTRY_COMMENT, conf.bot->u, tmp);
  598. if (!conf.bot->hub)
  599. nuke_server(STR("BBL"));
  600. sleep(1);
  601. killbots++;
  602. do_fatal++;
  603. break;
  604. case DET_SUICIDE:
  605. suicide(msg);
  606. break;
  607. }
  608. if (killbots && conf.bot->localhub) {
  609. conf_checkpids(conf.bots);
  610. conf_killbot(conf.bots, NULL, NULL, SIGKILL);
  611. }
  612. if (do_fatal)
  613. fatal(msg, 0);
  614. }
  615. const char *werr_tostr(int errnum)
  616. {
  617. switch (errnum) {
  618. case ERR_BINSTAT:
  619. return STR("Cannot access binary");
  620. case ERR_BADPASS:
  621. return STR("Incorrect password");
  622. case ERR_PASSWD:
  623. return STR("Cannot access the global passwd file");
  624. case ERR_WRONGBINDIR:
  625. return STR("Wrong directory/binary name");
  626. case ERR_DATADIR:
  627. return STR("Cannot access datadir.");
  628. case ERR_TMPSTAT:
  629. return STR("Cannot access tmp directory.");
  630. case ERR_TMPMOD:
  631. return STR("Cannot chmod() tmp directory.");
  632. case ERR_WRONGUID:
  633. return STR("UID in binary does not match geteuid()");
  634. case ERR_WRONGUNAME:
  635. return STR("Uname in binary does not match uname()");
  636. case ERR_BADCONF:
  637. return STR("Config file is incomplete");
  638. case ERR_BADBOT:
  639. return STR("No such botnick");
  640. case ERR_BOTDISABLED:
  641. return STR("Bot is disabled, remove '/' in config");
  642. case ERR_NOBOTS:
  643. return STR("There are no bots in the binary! Please use ./binary -C to edit");
  644. case ERR_NOHOMEDIR:
  645. return STR("There is no homedir set. Please set one in the binary config with ./binary -C");
  646. case ERR_NOUSERNAME:
  647. return STR("There is no username set. Please set one in the binary config with ./binary -C");
  648. case ERR_NOBOT:
  649. return STR("I have no bot record but received -B???");
  650. case ERR_NOTINIT:
  651. return STR("Binary data is not initialized; try ./binary -C");
  652. case ERR_TOOMANYBOTS:
  653. return STR("Too many bots defined. 5 max. Too many will lead to klines.\nSpread out into multiple accounts/shells/ip ranges.");
  654. case ERR_LIBS:
  655. return STR("Failed to load required libraries.\nEnsure that 32bit glibc, OpenSSL and libgcc are installed.\nhttps://github.com/wraith/wraith/wiki/Binary-Compatibiliy");
  656. default:
  657. return STR("Unforseen error");
  658. }
  659. }
  660. void werr(int errnum)
  661. {
  662. /* [1]+ Done ls --color=auto -A -CF
  663. [1]+ Killed bash
  664. */
  665. /*
  666. int x = 0;
  667. unsigned long job = randint(2) + 1; */
  668. /* printf("[%lu] %lu%lu%lu%lu%lu\n", job, randint(2) + 1, randint(8) + 1, randint(8) + 1, errnum); */
  669. /* printf("\n[%lu]+ Killed rm -rf /\r\n", job); */
  670. /*
  671. if (checkedpass) {
  672. printf("[%lu] %d\n", job, getpid());
  673. }
  674. */
  675. /* printf("\n[%lu]+ Stopped %s\r\n", job, basename(binname)); */
  676. #ifdef OBSCURE_ERRORS
  677. sdprintf(STR("Error %d: %s"), errnum, werr_tostr(errnum));
  678. printf(STR("*** Error code %d\n\n"), errnum);
  679. printf(STR("Segmentation fault\n"));
  680. #else
  681. fprintf(stderr, STR("Error %d: %s\n"), errnum, werr_tostr(errnum));
  682. #endif
  683. fatal("", 0);
  684. exit(1); // This is never reached, done for gcc() warnings
  685. }
  686. char *homedir(bool useconf)
  687. {
  688. static char homedir_buf[PATH_MAX] = "";
  689. if (!homedir_buf[0]) {
  690. if (conf.homedir && useconf)
  691. simple_snprintf(homedir_buf, sizeof homedir_buf, "%s", conf.homedir);
  692. else {
  693. char *home = getenv("HOME");
  694. if (home && strlen(home))
  695. strlcpy(homedir_buf, home, sizeof(homedir_buf));
  696. }
  697. }
  698. return homedir_buf[0] ? homedir_buf : NULL;
  699. }
  700. char *my_username()
  701. {
  702. static char username[DIRMAX] = "";
  703. if (!username[0]) {
  704. char *user = getenv("USER");
  705. if (user && strlen(user))
  706. strlcpy(username, user, sizeof(username));
  707. }
  708. return username[0] ? username : NULL;
  709. }
  710. int mkdir_p(const char *dir) {
  711. char *p = NULL, *path = NULL;
  712. path = p = strdup(dir);
  713. do {
  714. p = strchr(p + 1, '/');
  715. if (p)
  716. *p = '\0';
  717. if (can_stat(path) && !is_dir(path))
  718. unlink(path);
  719. if (!can_stat(path)) {
  720. if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR)) {
  721. unlink(path);
  722. mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR);
  723. }
  724. }
  725. if (p)
  726. *p = '/';
  727. } while(p);
  728. int couldStat = can_stat(path);
  729. free(path);
  730. return couldStat;
  731. }
  732. void expand_tilde(char **ptr)
  733. {
  734. if (!conf.homedir || !conf.homedir[0])
  735. return;
  736. char *str = ptr ? *ptr : NULL;
  737. if (str && strchr(str, '~')) {
  738. char *p = NULL;
  739. size_t siz = strlen(str);
  740. if (str[siz - 1] == '/')
  741. str[siz - 1] = 0;
  742. if ((p = replace(str, "~", conf.homedir)))
  743. str_redup(ptr, p);
  744. else
  745. fatal("Unforseen error expanding '~'", 0);
  746. }
  747. }
  748. void check_crontab()
  749. {
  750. int i = 0;
  751. if (!conf.bot->hub && !conf.bot->localhub)
  752. fatal(STR("something is wrong."), 0);
  753. if (!(i = crontab_exists())) {
  754. crontab_create(5);
  755. if (!(i = crontab_exists()))
  756. printf(STR("* Error writing crontab entry.\n"));
  757. }
  758. }
  759. static void crontab_install(bd::Stream& crontab) {
  760. // Write out the new crontab
  761. Tempfile new_crontab = Tempfile("crontab");
  762. crontab.writeFile(new_crontab.fd);
  763. // Install new crontab
  764. const char* argv[] = {"crontab", new_crontab.file, 0};
  765. simple_exec(argv);
  766. }
  767. void crontab_del() {
  768. bd::Stream crontab;
  769. if (crontab_exists(&crontab, 1) == 1)
  770. crontab_install(crontab);
  771. }
  772. int crontab_exists(bd::Stream* crontab, bool excludeSelf) {
  773. char *out = NULL;
  774. int ret = -1;
  775. if (shell_exec("crontab -l", NULL, &out, NULL, 1)) {
  776. if (out) {
  777. bd::Stream stream(out);
  778. bd::String line;
  779. ret = 0;
  780. while (stream.tell() < stream.length()) {
  781. line = stream.getline();
  782. if (line[0] != '#' && line.find(binname) != bd::String::npos) {
  783. ret = 1;
  784. // Need to continue if the existing crontab is requested
  785. if (crontab && !excludeSelf)
  786. (*crontab) << line;
  787. else if (!crontab)
  788. break;
  789. } else if (crontab)
  790. (*crontab) << line;
  791. }
  792. free(out);
  793. } else
  794. ret = 0;
  795. }
  796. return ret;
  797. }
  798. char s1_2[3] = "",s1_8[3] = "",s2_5[3] = "";
  799. void crontab_create(int interval) {
  800. bd::Stream crontab;
  801. if (crontab_exists(&crontab) == 1)
  802. return;
  803. char buf[1024] = "";
  804. if (interval == 1)
  805. strlcpy(buf, "*", 2);
  806. else {
  807. int i = 1;
  808. int si = randint(interval);
  809. while (i < 60) {
  810. if (buf[0])
  811. strlcat(buf, ",", sizeof(buf));
  812. simple_snprintf(&buf[strlen(buf)], sizeof(buf) - strlen(buf), "%i", (i + si) % 60);
  813. i += interval;
  814. }
  815. }
  816. simple_snprintf(buf + strlen(buf), sizeof buf, STR(" * * * * %s > /dev/null 2>&1\n"), shell_escape(binname));
  817. crontab << buf;
  818. crontab_install(crontab);
  819. }
  820. int det_translate(const char *word)
  821. {
  822. if (word && word[0]) {
  823. if (!strcasecmp(word, STR("ignore")))
  824. return DET_IGNORE;
  825. else if (!strcasecmp(word, STR("warn")))
  826. return DET_WARN;
  827. else if (!strcasecmp(word, STR("reject")))
  828. return DET_REJECT;
  829. else if (!strcasecmp(word, STR("die")))
  830. return DET_DIE;
  831. else if (!strcasecmp(word, STR("suicide")))
  832. return DET_SUICIDE;
  833. }
  834. return DET_IGNORE;
  835. }
  836. const char *det_translate_num(int num)
  837. {
  838. switch (num) {
  839. case DET_IGNORE: return STR("ignore");
  840. case DET_WARN: return STR("warn");
  841. case DET_REJECT: return STR("reject");
  842. case DET_DIE: return STR("die");
  843. case DET_SUICIDE:return STR("suicide");
  844. default: return STR("ignore");
  845. }
  846. return STR("ignore");
  847. }
  848. char *shell_escape(const char *path)
  849. {
  850. static char ret1[DIRMAX] = "", ret2[DIRMAX] = "", *ret = NULL;
  851. static bool alt = 0;
  852. char *c = NULL;
  853. if (alt) {
  854. alt = 0;
  855. ret = ret1;
  856. } else {
  857. alt = 1;
  858. ret = ret2;
  859. }
  860. ret[0] = 0;
  861. for (c = (char *) path; c && *c; ++c) {
  862. if (strchr(ESCAPESHELL, *c))
  863. simple_snprintf(&ret[strlen(ret)], sizeof(ret1) - strlen(ret), "\\%c", *c);
  864. else
  865. simple_snprintf(&ret[strlen(ret)], sizeof(ret1) - strlen(ret), "%c", *c);
  866. }
  867. return ret;
  868. }
  869. /* vim: set sts=2 sw=2 ts=8 et: */