diff --git a/src/server/AuthorizationManager.cpp b/src/server/AuthorizationManager.cpp index ae17f45..a652e58 100644 --- a/src/server/AuthorizationManager.cpp +++ b/src/server/AuthorizationManager.cpp @@ -98,7 +98,7 @@ QString AuthorizationManager::LoginUP(QHostAddress host, QString user, QString p } qDebug() << "User Login Attempt:" << user << " Success:" << ok << " IP:" << host.toString(); - LogManager::log(LogManager::HOST, QString("User Login Attempt:")+ user + " Success:" + (ok?"true":"false") + " IP:" + host.toString() ); + LogManager::log(LogManager::HOST, QString("User Login Attempt: ")+user+" Success: "+(ok?"true":"false")+" IP: "+host.toString() ); if(!ok){ //invalid login //Bump the fail count for this host @@ -114,18 +114,29 @@ QString AuthorizationManager::LoginUP(QHostAddress host, QString user, QString p QString AuthorizationManager::LoginService(QHostAddress host, QString service){ bool localhost = ( (host== QHostAddress::LocalHost) || (host== QHostAddress::LocalHostIPv6) ); + //Login a particular automated service qDebug() << "Service Login Attempt:" << service << " Success:" << localhost; if(!localhost){ return ""; } //invalid - services must be local for access //Check that the service is valid on the system bool isok = false; - if(service!="root" && service!="toor"){ + if(service!="root" && service!="toor" && localhost){ QStringList groups = getUserGroups(service); isok = (groups.contains(service) && !groups.contains("wheel") && !groups.contains("operator")); } + //Now generate a new token and send it back - if(!isok){ return ""; } - else{ return generateNewToken(false); }//services are never given operator privileges + if(!isok){ + //invalid login + if(!localhost){ + //Bump the fail count for this host + bool overlimit = BumpFailCount(host.toString()); + if(overlimit){ emit BlockHost(host); } + return (overlimit ? "REFUSED" : ""); + }else{ + return ""; + } + }else{ return generateNewToken(false); }//services are never given operator privileges } // ========================= diff --git a/src/server/Dispatcher.cpp b/src/server/Dispatcher.cpp index e4392fb..a498f7e 100644 --- a/src/server/Dispatcher.cpp +++ b/src/server/Dispatcher.cpp @@ -160,7 +160,7 @@ void Dispatcher::ProcFinished(QString ID){ obj.insert("cmd_list", QJsonArray::fromStringList( list[l]->rawcmds ) ); obj.insert("time_started", list[l]->t_started.toString(Qt::ISODate) ); obj.insert("time_finished", list[l]->t_finished.toString(Qt::ISODate) ); - emit DispatchFinished(ID, list[l]->success); + emit DispatchFinished(obj); delete list.takeAt(l); LogManager::log(LogManager::DISPATCH, obj); found = true; @@ -187,7 +187,7 @@ for(int i=0; irawcmds ) ); obj.insert("time_started", list[j]->t_started.toString(Qt::ISODate) ); obj.insert("time_finished", list[j]->t_finished.toString(Qt::ISODate) ); - emit DispatchFinished(list[j]->ID, list[j]->success); + emit DispatchFinished(obj); LogManager::log(LogManager::DISPATCH, obj); delete list.takeAt(j); j--; diff --git a/src/server/Dispatcher.h b/src/server/Dispatcher.h index c77c483..8ab12ea 100644 --- a/src/server/Dispatcher.h +++ b/src/server/Dispatcher.h @@ -83,7 +83,7 @@ private slots: signals: //Main signals - void DispatchFinished(QString ID, bool success); + void DispatchFinished(QJsonObject obj); //obj is the data associated with the process void DispatchStarting(QString ID); //Signals for private usage diff --git a/src/server/EventWatcher.cpp b/src/server/EventWatcher.cpp index 3e9ba38..dedb90e 100644 --- a/src/server/EventWatcher.cpp +++ b/src/server/EventWatcher.cpp @@ -100,11 +100,7 @@ void EventWatcher::DispatchStarting(QString ID){ emit NewEvent(DISPATCHER, obj); } -void EventWatcher::DispatchFinished(QString ID, bool success){ - QJsonObject obj; - obj.insert("process_id", ID); - obj.insert("state", "finished"); - obj.insert("result", success ? "success" : "failure"); +void EventWatcher::DispatchFinished(QJsonObject obj){ LogManager::log(LogManager::EV_DISPATCH, obj); emit NewEvent(DISPATCHER, obj); } diff --git a/src/server/EventWatcher.h b/src/server/EventWatcher.h index 35e6bed..7cbb80c 100644 --- a/src/server/EventWatcher.h +++ b/src/server/EventWatcher.h @@ -51,7 +51,7 @@ public slots: //Slots for the global Dispatcher to connect to void DispatchStarting(QString); - void DispatchFinished(QString, bool); + void DispatchFinished(QJsonObject); private slots: //File watcher signals diff --git a/src/server/WebBackend.cpp b/src/server/WebBackend.cpp index b45ed29..a742feb 100644 --- a/src/server/WebBackend.cpp +++ b/src/server/WebBackend.cpp @@ -166,9 +166,11 @@ RestOutputStruct::ExitCode WebSocket::EvaluateDispatcherRequest(bool allaccess, continue; } //queue up this process + DISPATCHER->queueProcess(ids[i], cmds); } //Return the PENDING result + LogManager::log(LogManager::HOST, "Client Launched Processes["+SockPeerIP+"]: "+ids.join(",") ); out->insert("started", QJsonArray::fromStringList(ids)); //}else if(act=="read"){ diff --git a/src/server/WebServer.cpp b/src/server/WebServer.cpp index 765459f..637d37a 100644 --- a/src/server/WebServer.cpp +++ b/src/server/WebServer.cpp @@ -145,7 +145,7 @@ void WebServer::NewSocketConnection(){ } } if(sock==0){ return; } //no new connection - qDebug() << "New Socket Connection"; + //qDebug() << "New Socket Connection"; connect(sock, SIGNAL(SocketClosed(QString)), this, SLOT(SocketClosed(QString)) ); connect(EVENTS, SIGNAL(NewEvent(EventWatcher::EVENT_TYPE, QJsonValue)), sock, SLOT(EventUpdate(EventWatcher::EVENT_TYPE, QJsonValue)) ); OpenSockets << sock; @@ -161,6 +161,7 @@ void WebServer::BlackListConnection(QHostAddress addr){ //Make sure this is not the localhost (never block that) if(addr!= QHostAddress(QHostAddress::LocalHost) && addr != QHostAddress(QHostAddress::LocalHostIPv6) ){ //Block this remote host + LogManager::log(LogManager::HOST,"Blacklisting IP Temporarily: "+addr.toString()); CONFIG->setValue("blacklist/"+addr.toString(), QDateTime::currentDateTime()); } } diff --git a/src/server/WebSocket.cpp b/src/server/WebSocket.cpp index 8b4a227..81e781a 100644 --- a/src/server/WebSocket.cpp +++ b/src/server/WebSocket.cpp @@ -17,6 +17,8 @@ WebSocket::WebSocket(QWebSocket *sock, QString ID, AuthorizationManager *auth){ SOCKET = sock; TSOCKET = 0; AUTHSYSTEM = auth; + SockPeerIP = SOCKET->peerAddress().toString(); + LogManager::log(LogManager::HOST,"New Connection: "+SockPeerIP); idletimer = new QTimer(this); idletimer->setInterval(IDLETIMEOUTMINS*60000); //connection timout for idle sockets idletimer->setSingleShot(true); @@ -32,6 +34,8 @@ WebSocket::WebSocket(QSslSocket *sock, QString ID, AuthorizationManager *auth){ SockAuthToken.clear(); //nothing set initially TSOCKET = sock; SOCKET = 0; + SockPeerIP = TSOCKET->peerAddress().toString(); + LogManager::log(LogManager::HOST,"New Connection: "+SockPeerIP); AUTHSYSTEM = auth; idletimer = new QTimer(this); idletimer->setInterval(IDLETIMEOUTMINS*60000); //connection timout for idle sockets @@ -42,14 +46,14 @@ WebSocket::WebSocket(QSslSocket *sock, QString ID, AuthorizationManager *auth){ connect(TSOCKET, SIGNAL(encrypted()), this, SLOT(nowEncrypted()) ); connect(TSOCKET, SIGNAL(peerVerifyError(const QSslError &)), this, SLOT(peerError(const QSslError &)) ); connect(TSOCKET, SIGNAL(sslErrors(const QList &)), this, SLOT(SslError(const QList &)) ); - qDebug() << " - Starting Server Encryption Handshake"; + //qDebug() << " - Starting Server Encryption Handshake"; TSOCKET->startServerEncryption(); //qDebug() << " - Socket Encrypted:" << TSOCKET->isEncrypted(); idletimer->start(); } WebSocket::~WebSocket(){ - qDebug() << "SOCKET Destroyed"; + //qDebug() << "SOCKET Destroyed"; if(SOCKET!=0){ SOCKET->close(); delete SOCKET; @@ -69,7 +73,7 @@ QString WebSocket::ID(){ // PRIVATE //======================= void WebSocket::sendReply(QString msg){ - qDebug() << "Sending Socket Reply:" << msg; + //qDebug() << "Sending Socket Reply:" << msg; if(SOCKET!=0 && SOCKET->isValid()){ SOCKET->sendTextMessage(msg); } //Websocket connection else if(TSOCKET!=0 && TSOCKET->isValid()){ //TCP Socket connection @@ -202,7 +206,7 @@ void WebSocket::EvaluateRequest(const RestInputStruct &REQ){ int sub = -1; //bad input if(out.in_struct.name=="subscribe"){ sub = 1; } else if(out.in_struct.name=="unsubscribe"){ sub = 0; } - qDebug() << "Got Client Event Modification:" << sub << evlist; + //qDebug() << "Got Client Event Modification:" << sub << evlist; if(sub>=0 && !evlist.isEmpty() ){ for(int i=0; iclose(); //timeout - close the connection to make way for others } if(TSOCKET !=0){ - qDebug() << " - Client Timeout: Closing connection..."; + LogManager::log(LogManager::HOST,"Connection Idle: "+SockPeerIP); TSOCKET->close(); //timeout - close the connection to make way for others } } void WebSocket::SocketClosing(){ - qDebug() << "Socket Closing..." ; + LogManager::log(LogManager::HOST,"Connection Closing: "+SockPeerIP); if(idletimer->isActive()){ //This means the client deliberately closed the connection - not the idle timer - qDebug() << " - Client Closed Connection"; + //qDebug() << " - Client Closed Connection"; idletimer->stop(); }else{ - qDebug() << "idleTimer not running"; + //qDebug() << "idleTimer not running"; } //Stop any current requests @@ -313,24 +316,24 @@ void WebSocket::SocketClosing(){ } void WebSocket::EvaluateMessage(const QByteArray &msg){ - qDebug() << "New Binary Message:"; + //qDebug() << "New Binary Message:"; if(idletimer->isActive()){ idletimer->stop(); } idletimer->start(); EvaluateREST( QString(msg) ); - qDebug() << " - Done with Binary Message"; + //qDebug() << " - Done with Binary Message"; } void WebSocket::EvaluateMessage(const QString &msg){ - qDebug() << "New Text Message:"; + //qDebug() << "New Text Message:"; if(idletimer->isActive()){ idletimer->stop(); } idletimer->start(); EvaluateREST(msg); - qDebug() << " - Done with Text Message"; + //qDebug() << " - Done with Text Message"; } void WebSocket::EvaluateTcpMessage(){ //Need to read the data from the Tcp socket and turn it into a string - qDebug() << "New TCP Message:"; + //qDebug() << "New TCP Message:"; if(idletimer->isActive()){ idletimer->stop(); } QString msg = QString(TSOCKET->readAll()); for(int i=0; i<5 && !msg.endsWith("}"); i++){ @@ -339,21 +342,21 @@ void WebSocket::EvaluateTcpMessage(){ } EvaluateREST(msg ); idletimer->start(); - qDebug() << " - Done with TCP Message"; + //qDebug() << " - Done with TCP Message"; } //SSL signal handling void WebSocket::nowEncrypted(){ //the socket/connection is now encrypted - qDebug() << " - Socket now encrypted"; + //qDebug() << " - Socket now encrypted"; } void WebSocket::peerError(const QSslError&){ //peerVerifyError() signal - qDebug() << "Socket Peer Error:"; + //qDebug() << "Socket Peer Error:"; } void WebSocket::SslError(const QList &err){ //sslErrors() signal - qDebug() << "Socket SSL Errors:" << err.length(); + LogManager::log(LogManager::HOST,"Connection SSL Errors ["+SockPeerIP+"]: "+err.length()); } // ====================== diff --git a/src/server/WebSocket.h b/src/server/WebSocket.h index ed0fcc9..6ed127e 100644 --- a/src/server/WebSocket.h +++ b/src/server/WebSocket.h @@ -24,7 +24,7 @@ private: QTimer *idletimer; QWebSocket *SOCKET; QSslSocket *TSOCKET; - QString SockID, SockAuthToken; + QString SockID, SockAuthToken, SockPeerIP; AuthorizationManager *AUTHSYSTEM; QList ForwardEvents; diff --git a/src/server/main.cpp b/src/server/main.cpp index 7fad58e..04cf3f8 100644 --- a/src/server/main.cpp +++ b/src/server/main.cpp @@ -80,7 +80,7 @@ int main( int argc, char ** argv ) qInstallMessageHandler(MessageOutput); //Connect the background classes - QObject::connect(DISPATCHER, SIGNAL(DispatchFinished(QString, bool)), EVENTS, SLOT(DispatchFinished(QString,bool)) ); + QObject::connect(DISPATCHER, SIGNAL(DispatchFinished(QJsonObject)), EVENTS, SLOT(DispatchFinished(QJsonObject)) ); QObject::connect(DISPATCHER, SIGNAL(DispatchStarting(QString)), EVENTS, SLOT(DispatchStarting(QString)) ); //Create the daemon