Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add: Add option to set port for SCP alert method #2057

Merged
merged 1 commit into from
Aug 11, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions src/alert_methods/SCP/alert
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@

USERNAME=$1
HOST=$2
DEST=$3
KNOWN_HOSTS=$4
PRIVATE_KEY_FILE=$5
PASSWORD_FILE=$6
REPORT_FILE=$7
PORT=$3
DEST=$4
KNOWN_HOSTS=$5
PRIVATE_KEY_FILE=$6
PASSWORD_FILE=$7
REPORT_FILE=$8

KNOWN_HOSTS_FILE=`mktemp` || exit 1
echo $KNOWN_HOSTS > $KNOWN_HOSTS_FILE
Expand Down Expand Up @@ -55,9 +56,9 @@ DEST_ESC=`shell_esc "$DEST"`

if [ -z "$PRIVATE_KEY_FILE" ]
then
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} scp -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} scp -P "$PORT" -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
else
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -P "$PORT" -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
fi

EXIT_CODE=$?
Expand Down
12 changes: 12 additions & 0 deletions src/gmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -19387,6 +19387,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
"Error in SCP host"));
log_event_fail ("alert", "Alert", NULL, "created");
break;
case 16:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_alert",
"Error in SCP port"));
log_event_fail ("alert", "Alert", NULL, "created");
break;
case 17:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_alert",
Expand Down Expand Up @@ -22464,6 +22470,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
"Error in SCP host"));
log_event_fail ("alert", "Alert", NULL, "modify");
break;
case 16:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_alert",
"Error in SCP port"));
log_event_fail ("alert", "Alert", NULL, "modify");
break;
case 17:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_alert",
Expand Down
55 changes: 43 additions & 12 deletions src/manage_sql.c
Original file line number Diff line number Diff line change
Expand Up @@ -6956,8 +6956,9 @@ validate_email_data (alert_method_t method, const gchar *name, gchar **data,
* @param[in] name Name of data.
* @param[in] data The data.
*
* @return 0 valid, 15 error in SCP host, 17 failed to find report format for
* SCP method, 18 error in SCP credential, 19 error in SCP path,
* @return 0 valid, 15 error in SCP host, 16 error in SCP port,
* 17 failed to find report format for SCP method,
* 18 error in SCP credential, 19 error in SCP path,
* -1 error.
*/
static int
Expand Down Expand Up @@ -7015,6 +7016,16 @@ validate_scp_data (alert_method_t method, const gchar *name, gchar **data)
return 15;
}

if (method == ALERT_METHOD_SCP
&& strcmp (name, "scp_port") == 0)
{
int port;

port = atoi (*data);
if (port <= 0 || port > 65535)
return 16;
}

if (method == ALERT_METHOD_SCP
&& strcmp (name, "scp_report_format") == 0)
{
Expand Down Expand Up @@ -7372,8 +7383,9 @@ check_alert_params (event_t event, alert_condition_t condition,
* 5 unexpected condition data name, 6 syntax error in condition data,
* 7 email subject too long, 8 email message too long, 9 failed to find
* filter for condition, 12 error in Send host, 13 error in Send port,
* 14 failed to find report format for Send method, 15 error in
* SCP host, 17 failed to find report format for SCP method, 18 error
* 14 failed to find report format for Send method,
* 15 error in SCP host, 16 error in SCP port,
* 17 failed to find report format for SCP method, 18 error
* in SCP credential, 19 error in SCP path, 20 method does not match
* event, 21 condition does not match event, 31 unexpected event data
* name, 32 syntax error in event data, 40 invalid SMB credential
Expand Down Expand Up @@ -7715,8 +7727,9 @@ copy_alert (const char* name, const char* comment, const char* alert_id,
* 7 unexpected condition data name, 8 syntax error in condition data,
* 9 email subject too long, 10 email message too long, 11 failed to
* find filter for condition, 12 error in Send host, 13 error in Send
* port, 14 failed to find report format for Send method, 15 error in
* SCP host, 17 failed to find report format for SCP method, 18 error
* port, 14 failed to find report format for Send method,
* 15 error in SCP host, 16 error in SCP port,
* 17 failed to find report format for SCP method, 18 error
* in SCP credential, 19 error in SCP path, 20 method does not match
* event, 21 condition does not match event, 31 unexpected event data
* name, 32 syntax error in event data, 40 invalid SMB credential
Expand Down Expand Up @@ -10101,6 +10114,7 @@ send_to_host (const char *host, const char *port,
* @param[in] password Password or passphrase of private key.
* @param[in] private_key Private key or NULL for password-only auth.
* @param[in] host Address of host.
* @param[in] port SSH Port of host.
* @param[in] path Destination filename with path.
* @param[in] known_hosts Content for known_hosts file.
* @param[in] report Report that should be sent.
Expand All @@ -10112,7 +10126,8 @@ send_to_host (const char *host, const char *port,
static int
scp_to_host (const char *username, const char *password,
const char *private_key,
const char *host, const char *path, const char *known_hosts,
const char *host, int port,
const char *path, const char *known_hosts,
const char *report, int report_size, gchar **script_message)
{
const char *alert_id = "2db07698-ec49-11e5-bcff-28d24461215b";
Expand All @@ -10122,9 +10137,10 @@ scp_to_host (const char *username, const char *password,
gchar *clean_known_hosts, *command_args;
int ret;

g_debug ("scp to host: %s@%s:%s", username, host, path);
g_debug ("scp to host: %s@%s:%d:%s", username, host, port, path);

if (password == NULL || username == NULL || host == NULL || path == NULL)
if (password == NULL || username == NULL || host == NULL || path == NULL
|| port <= 0 || port > 65535)
return -1;

if (known_hosts == NULL)
Expand Down Expand Up @@ -10161,9 +10177,10 @@ scp_to_host (const char *username, const char *password,
clean_path = g_shell_quote (path);
clean_known_hosts = g_shell_quote (known_hosts);
clean_private_key_path = g_shell_quote (private_key_path);
command_args = g_strdup_printf ("%s %s %s %s %s",
command_args = g_strdup_printf ("%s %s %d %s %s %s",
clean_username,
clean_host,
port,
clean_path,
clean_known_hosts,
clean_private_key_path);
Expand Down Expand Up @@ -13153,6 +13170,8 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
credential_t credential;
char *credential_id;
char *private_key, *password, *username, *host, *path, *known_hosts;
char *port_str;
int port;
gchar *report_content, *alert_path;
gsize content_length;
report_format_t report_format;
Expand Down Expand Up @@ -13194,14 +13213,19 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
"private_key");

host = alert_data (alert, "method", "scp_host");
port_str = alert_data (alert, "method", "scp_port");
if (port_str)
port = atoi (port_str);
else
port = 22;
path = alert_data (alert, "method", "scp_path");
known_hosts = alert_data (alert, "method", "scp_known_hosts");

alert_path = scp_alert_path_print (path, task);
free (path);

ret = scp_to_host (username, password, private_key,
host, alert_path, known_hosts,
host, port, alert_path, known_hosts,
message, strlen (message),
script_message);

Expand All @@ -13210,6 +13234,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
free (password);
free (username);
free (host);
free (port_str);
g_free (alert_path);
free (known_hosts);

Expand Down Expand Up @@ -13254,21 +13279,27 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,


host = alert_data (alert, "method", "scp_host");
port_str = alert_data (alert, "method", "scp_port");
if (port_str)
port = atoi (port_str);
else
port = 22;
path = alert_data (alert, "method", "scp_path");
known_hosts = alert_data (alert, "method", "scp_known_hosts");

alert_path = scp_alert_path_print (path, task);
free (path);

ret = scp_to_host (username, password, private_key,
host, alert_path, known_hosts,
host, port, alert_path, known_hosts,
report_content, content_length,
script_message);

free (private_key);
free (password);
free (username);
free (host);
free (port_str);
g_free (alert_path);
free (known_hosts);
}
Expand Down