Skip to content

Commit

Permalink
Add: Add option to set port for SCP alert method
Browse files Browse the repository at this point in the history
The option to set the port used by the SCP alert method with the
"scp_port" method data is added.

This allows using a host with a non-default SSH port as the
destination.
  • Loading branch information
timopollmeier committed Aug 11, 2023
1 parent 9db6056 commit 8b6c73d
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 19 deletions.
15 changes: 8 additions & 7 deletions src/alert_methods/SCP/alert
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@

USERNAME=$1
HOST=$2
DEST=$3
KNOWN_HOSTS=$4
PRIVATE_KEY_FILE=$5
PASSWORD_FILE=$6
REPORT_FILE=$7
PORT=$3
DEST=$4
KNOWN_HOSTS=$5
PRIVATE_KEY_FILE=$6
PASSWORD_FILE=$7
REPORT_FILE=$8

KNOWN_HOSTS_FILE=`mktemp` || exit 1
echo $KNOWN_HOSTS > $KNOWN_HOSTS_FILE
Expand Down Expand Up @@ -55,9 +56,9 @@ DEST_ESC=`shell_esc "$DEST"`

if [ -z "$PRIVATE_KEY_FILE" ]
then
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} scp -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} scp -P "$PORT" -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
else
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -P "$PORT" -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE
fi

EXIT_CODE=$?
Expand Down
12 changes: 12 additions & 0 deletions src/gmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -19387,6 +19387,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
"Error in SCP host"));
log_event_fail ("alert", "Alert", NULL, "created");
break;
case 16:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_alert",
"Error in SCP port"));
log_event_fail ("alert", "Alert", NULL, "created");
break;
case 17:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_alert",
Expand Down Expand Up @@ -22464,6 +22470,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
"Error in SCP host"));
log_event_fail ("alert", "Alert", NULL, "modify");
break;
case 16:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_alert",
"Error in SCP port"));
log_event_fail ("alert", "Alert", NULL, "modify");
break;
case 17:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_alert",
Expand Down
55 changes: 43 additions & 12 deletions src/manage_sql.c
Original file line number Diff line number Diff line change
Expand Up @@ -6956,8 +6956,9 @@ validate_email_data (alert_method_t method, const gchar *name, gchar **data,
* @param[in] name Name of data.
* @param[in] data The data.
*
* @return 0 valid, 15 error in SCP host, 17 failed to find report format for
* SCP method, 18 error in SCP credential, 19 error in SCP path,
* @return 0 valid, 15 error in SCP host, 16 error in SCP port,
* 17 failed to find report format for SCP method,
* 18 error in SCP credential, 19 error in SCP path,
* -1 error.
*/
static int
Expand Down Expand Up @@ -7015,6 +7016,16 @@ validate_scp_data (alert_method_t method, const gchar *name, gchar **data)
return 15;
}

if (method == ALERT_METHOD_SCP
&& strcmp (name, "scp_port") == 0)
{
int port;

port = atoi (*data);
if (port <= 0 || port > 65535)
return 16;
}

if (method == ALERT_METHOD_SCP
&& strcmp (name, "scp_report_format") == 0)
{
Expand Down Expand Up @@ -7372,8 +7383,9 @@ check_alert_params (event_t event, alert_condition_t condition,
* 5 unexpected condition data name, 6 syntax error in condition data,
* 7 email subject too long, 8 email message too long, 9 failed to find
* filter for condition, 12 error in Send host, 13 error in Send port,
* 14 failed to find report format for Send method, 15 error in
* SCP host, 17 failed to find report format for SCP method, 18 error
* 14 failed to find report format for Send method,
* 15 error in SCP host, 16 error in SCP port,
* 17 failed to find report format for SCP method, 18 error
* in SCP credential, 19 error in SCP path, 20 method does not match
* event, 21 condition does not match event, 31 unexpected event data
* name, 32 syntax error in event data, 40 invalid SMB credential
Expand Down Expand Up @@ -7715,8 +7727,9 @@ copy_alert (const char* name, const char* comment, const char* alert_id,
* 7 unexpected condition data name, 8 syntax error in condition data,
* 9 email subject too long, 10 email message too long, 11 failed to
* find filter for condition, 12 error in Send host, 13 error in Send
* port, 14 failed to find report format for Send method, 15 error in
* SCP host, 17 failed to find report format for SCP method, 18 error
* port, 14 failed to find report format for Send method,
* 15 error in SCP host, 16 error in SCP port,
* 17 failed to find report format for SCP method, 18 error
* in SCP credential, 19 error in SCP path, 20 method does not match
* event, 21 condition does not match event, 31 unexpected event data
* name, 32 syntax error in event data, 40 invalid SMB credential
Expand Down Expand Up @@ -10101,6 +10114,7 @@ send_to_host (const char *host, const char *port,
* @param[in] password Password or passphrase of private key.
* @param[in] private_key Private key or NULL for password-only auth.
* @param[in] host Address of host.
* @param[in] port SSH Port of host.
* @param[in] path Destination filename with path.
* @param[in] known_hosts Content for known_hosts file.
* @param[in] report Report that should be sent.
Expand All @@ -10112,7 +10126,8 @@ send_to_host (const char *host, const char *port,
static int
scp_to_host (const char *username, const char *password,
const char *private_key,
const char *host, const char *path, const char *known_hosts,
const char *host, int port,
const char *path, const char *known_hosts,
const char *report, int report_size, gchar **script_message)
{
const char *alert_id = "2db07698-ec49-11e5-bcff-28d24461215b";
Expand All @@ -10122,9 +10137,10 @@ scp_to_host (const char *username, const char *password,
gchar *clean_known_hosts, *command_args;
int ret;

g_debug ("scp to host: %s@%s:%s", username, host, path);
g_debug ("scp to host: %s@%s:%d:%s", username, host, port, path);

if (password == NULL || username == NULL || host == NULL || path == NULL)
if (password == NULL || username == NULL || host == NULL || path == NULL
|| port <= 0 || port > 65535)
return -1;

if (known_hosts == NULL)
Expand Down Expand Up @@ -10161,9 +10177,10 @@ scp_to_host (const char *username, const char *password,
clean_path = g_shell_quote (path);
clean_known_hosts = g_shell_quote (known_hosts);
clean_private_key_path = g_shell_quote (private_key_path);
command_args = g_strdup_printf ("%s %s %s %s %s",
command_args = g_strdup_printf ("%s %s %d %s %s %s",
clean_username,
clean_host,
port,
clean_path,
clean_known_hosts,
clean_private_key_path);
Expand Down Expand Up @@ -13153,6 +13170,8 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
credential_t credential;
char *credential_id;
char *private_key, *password, *username, *host, *path, *known_hosts;
char *port_str;
int port;
gchar *report_content, *alert_path;
gsize content_length;
report_format_t report_format;
Expand Down Expand Up @@ -13194,14 +13213,19 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
"private_key");

host = alert_data (alert, "method", "scp_host");
port_str = alert_data (alert, "method", "scp_port");
if (port_str)
port = atoi (port_str);
else
port = 22;
path = alert_data (alert, "method", "scp_path");
known_hosts = alert_data (alert, "method", "scp_known_hosts");

alert_path = scp_alert_path_print (path, task);
free (path);

ret = scp_to_host (username, password, private_key,
host, alert_path, known_hosts,
host, port, alert_path, known_hosts,
message, strlen (message),
script_message);

Expand All @@ -13210,6 +13234,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
free (password);
free (username);
free (host);
free (port_str);
g_free (alert_path);
free (known_hosts);

Expand Down Expand Up @@ -13254,21 +13279,27 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,


host = alert_data (alert, "method", "scp_host");
port_str = alert_data (alert, "method", "scp_port");
if (port_str)
port = atoi (port_str);
else
port = 22;
path = alert_data (alert, "method", "scp_path");
known_hosts = alert_data (alert, "method", "scp_known_hosts");

alert_path = scp_alert_path_print (path, task);
free (path);

ret = scp_to_host (username, password, private_key,
host, alert_path, known_hosts,
host, port, alert_path, known_hosts,
report_content, content_length,
script_message);

free (private_key);
free (password);
free (username);
free (host);
free (port_str);
g_free (alert_path);
free (known_hosts);
}
Expand Down

0 comments on commit 8b6c73d

Please sign in to comment.