CANopenSocket CANopenCGI.c hacking
Posted zengjf
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CANopenSocket CANopenCGI.c hacking相关的知识,希望对你有一定的参考价值。
/**************************************************************************************** * CANopenSocket CANopenCGI.c hacking * 说明: * 分析一下CANopenSocket中的CANopenCGI部分是怎么工作的。 * * 2017-3-23 深圳 南山平山村 曾剑锋 ***************************************************************************************/ /* * Client socket command interface (Apache CGI) for CANopenSocket. * * @file CANopenCGI.c * @author Janez Paternoster * @copyright 2016 Janez Paternoster * * This file is part of CANopenNode, an opensource CANopen Stack. * Project home page is <https://github.com/CANopenNode/CANopenNode>. * For more information on CANopen see <http://www.can-cia.org/>. * * CANopenNode is free and open source software: you can redistribute * it and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation, either version 2 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <errno.h> #include <ctype.h> #include <string.h> #include <strings.h> #include <fnmatch.h> #include <sys/un.h> #include <sys/socket.h> #ifndef BUF_SIZE #define BUF_SIZE 100000 #endif /* Helper functions */ static void errExitErrno(char* msg) { printf("%s: %s\n", msg, strerror(errno)); exit(EXIT_FAILURE); } static void errExit(char* msg) { printf("%s\n", msg); exit(EXIT_FAILURE); } /** * 字符串拷贝并转换成大写 */ static void strcpyToUpper(char *dest, const char *src) { char in; do { in = *(src++); *(dest++) = toupper(in); } while(in != 0); } /** * 字符串转换成大写 */ static void strToUpper(char *str) { char c; do { c = *(str); *(str++) = toupper(c); } while(c != 0); } /** * 字符串转换成小写 */ static void strToLower(char *str) { char c; do { c = *(str); *(str++) = tolower(c); } while(c != 0); } /* Decode hex string ‘str‘ of length ‘len‘ and return numerical value. * In case of error in string, set ‘err‘ to 1. */ /** * 将十六进制的字符串转成数字 */ static unsigned int hex2dec(const char *str, int len, int *err){ unsigned int val = 0; int i; for(i=0; i<len; i++) { char c = str[i]; if(c >= ‘0‘ && c <= ‘9‘) { c = c - ‘0‘; } else if (c >= ‘A‘ && c <= ‘F‘) { c = c - (‘A‘ - 10); } else { *err = 1; return 0; } val = val << 4 | c; } return val; } static void sendCommand(int fd, int sequence, char* command); static void printUsage(void) { printf( "Usage: canopen.cgi?wnniiiissdd=xxxx[&rnniiiissdd=]\n" " - w - One digit - ‘W‘rite or ‘R‘ead.\n" " - nn - Two hex digits of node ID.\n" " - iiii - Four hex digits of Object Dictionary Index.\n" " - ss - Two hex digits of Object Dictionary Subindex.\n" " - dd - One to three digits of data type.\n" " - xxxx - Value to be written.\n" "\n" "Datatypes:\n" " - b - Boolean.\n" " - u8, u16, u32, u64 - Unsigned integers.\n" " - i8, i16, i32, i64 - Signed integers.\n" " - r32, r64 - Real numbers.\n" " - t, td - Time of day, time difference.\n" " - vs - Visible string (between double quotes).\n" " - os, us, d - Octet string, unicode string, domain." ); } /******************************************************************************/ int main (int argc, char *argv[], char *env[]) { char socketPath[260] = {0}; /* Name of the local domain socket. */ FILE *fp; int fdSocket; struct sockaddr_un addr; char *queryString; int queryStringAllocated = 0; /* whitelist and blacklist are arrays of null separated strings, which * contains patterns for comparision with commands from query string. */ char *whitelist; char *blacklist; int whitelistLen; int blacklistLen; /* Print mime */ /** * 输出http协议的头 */ printf("Content-type:text/plain\n\n"); /* Get program options from configuration file */ /** * 处理配置文件 */ fp = fopen("canopen.conf", "r"); if(fp == NULL) { errExitErrno("Can‘t open configuration file"); } else { const char spaceDelim[] = " \t\n\r\f\v"; char buf[1000]; int wlSize = 1000; /* byte length */ int blSize = 1000; int wlDataSize = 0; int blDataSize = 0; whitelist = (char *) malloc(wlSize); blacklist = (char *) malloc(blSize);; // 最开始wlDataSize长度都是0,随着allow检测到的配置越来越多,长度会越来越长 whitelistLen = 0; /* number of tokens in list */ blacklistLen = 0; if(whitelist == NULL || blacklist == NULL) { errExitErrno("Whitelist or Blacklist can‘t be allocated."); } // 每次读取一行 while(fgets(buf, sizeof(buf), fp) != NULL) { char *token; token = strtok(buf, spaceDelim); if(token == NULL) { } /** * 获取socketPath配置 */ else if(strcasecmp(token, "socketPath") == 0) { if(strlen(socketPath) != 0) { errExit("Duplicate ‘socketPath‘ in canopen.conf."); } strncpy(socketPath, strtok(NULL, spaceDelim), sizeof(socketPath)); socketPath[sizeof(socketPath)-1] = 0; } else if(strcasecmp(token, "allow") == 0) { // 保存上一次的wlDataSize长度,随着allow检测到的配置越来越多,长度会越来越长 int prevDataSize = wlDataSize; // 获取value token = strtok(NULL, spaceDelim); // 计算value长度并+1,最后一个字节用于存放字符串结束符,这个长度叠加到wlDataSize中 wlDataSize += (strlen(token) + 1); // 长度大于预设字符串长度,双倍扩容并重新分配,不过从这里开看最大也就是双倍的扩容长度 while(wlDataSize > wlSize) { wlSize *= 2; whitelist = (char *) realloc(whitelist, wlSize); if(whitelist == NULL) { errExitErrno("Whitelist can‘t be allocated."); } } // 拷贝当前的匹配数据到whitelist中 strcpyToUpper(&whitelist[prevDataSize], token); whitelistLen ++; } /** * 类是于白名单 */ else if(strcasecmp(token, "deny") == 0) { int prevDataSize = blDataSize; token = strtok(NULL, spaceDelim); blDataSize += (strlen(token) + 1); while(blDataSize > blSize) { blSize *= 2; blacklist = (char *) realloc(blacklist, blSize); if(blacklist == NULL) { errExitErrno("Blacklist can‘t be allocated."); } } strcpyToUpper(&blacklist[prevDataSize], token); blacklistLen ++; } } } fclose(fp); /* Create and connect client socket */ /** * 创建本地socket */ fdSocket = socket(AF_UNIX, SOCK_STREAM, 0); if(fdSocket == -1) { errExitErrno("Socket creation failed"); } /** * 配置本地socket */ memset(&addr, 0, sizeof(struct sockaddr_un)); addr.sun_family = AF_UNIX; strncpy(addr.sun_path, socketPath, sizeof(addr.sun_path) - 1); /** * 连接本地socket */ if(connect(fdSocket, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) == -1) { errExitErrno("Socket connection failed"); } /* get query string */ /** * 获取网络请求数据 */ queryString = getenv("QUERY_STRING"); /* HTTP GET method. */ if(queryString != NULL && strlen(queryString) == 0) { queryString = malloc(BUF_SIZE); if(queryString == NULL) { errExitErrno("queryString can‘t be allocated."); } queryStringAllocated = 1; fgets(queryString, BUF_SIZE, stdin); /* HTTP POST method. */ } if(queryString == NULL && argc >= 2) { queryString = argv[1]; /* If no query string, try first argument. */ } /* get commands from query string */ /** * 解析网络请求数据 */ if(queryString != NULL && strlen(queryString) > 0) { char *command; int sequence = 1; /* put whole query string to upper case */ /** * 将请求数据转为大写的格式 */ strToUpper(queryString); command = strtok(queryString, "&"); while(command != NULL) { int i; int offset; int passed = 0; /* Test whitelist and blacklist */ /** * 一个一个偏移着找 */ offset = 0; for(i=0; i<whitelistLen; i++) { char *patern = &whitelist[offset]; if(fnmatch(patern, command, 0) == 0) { passed = 1; break; } offset += strlen(patern) + 1; } /** * 检查黑名单 */ if(passed == 1) { offset = 0; for(i=0; i<blacklistLen; i++) { char *patern = &blacklist[offset]; if(fnmatch(patern, command, 0) == 0) { passed = -1; /* not allowed */ break; } offset += strlen(patern) + 1; } } /* Send command or error message */ if(strlen(command) < 9) { printf("? %s [%d] ERROR: 101 - Syntax error in command.\n", command, sequence); } else if(passed == 1) { sendCommand(fdSocket, sequence, command); } else { printf("%c %c%c%c%c%c%c%c%c [%d] ERROR: 100 - Access restriction, command %s.\n", command[0], command[1], command[2], command[3], command[4], command[5], command[6], command[7], command[8], sequence, (passed==0)?"not on whitelist":" on blacklist"); } command = strtok(NULL, "&"); sequence ++; } } else { printUsage(); } close(fdSocket); free(whitelist); // 释放白名单 free(blacklist); // 释放黑名单 if(queryStringAllocated == 1) { free(queryString); } exit(EXIT_SUCCESS); } static void sendCommand(int fd, int sequence, char* command) { int i, err; char comm; unsigned int nodeId, idx, sidx; char dataType[4]; char *value = ""; char buf[BUF_SIZE]; /* Parse command. It is at least 8 characters long. */ /** * 解析命令 */ err = 0; comm = command[0]; if(comm != ‘R‘ && comm != ‘W‘) { err = 1; } nodeId = hex2dec(&command[1], 2, &err); if(nodeId < 1 || nodeId > 127) { err = 1; } idx = hex2dec(&command[3], 4, &err); sidx = hex2dec(&command[7], 2, &err); for(i=0; i<sizeof(dataType); i++) { char c = command[9+i]; if(c == ‘=‘ || c == 0) { dataType[i] = 0; if(c == ‘=‘) { value = &command[10+i]; } break; } dataType[i] = c; } if(i > 3) { err = 1; dataType[0] = 0; } if(strlen(value) > (sizeof(buf) - 50)) { err = 1; } /* Write command according to CiA309-3. */ /** * 命令转换,转换成canopend能接收的命令格式 */ if(err == 0) { size_t wlen, rlen; strToLower(dataType); wlen = sprintf(buf, "[%d] 0x%02X %c 0x%04X 0x%02X %s %s\n", sequence, nodeId, tolower(comm), idx, sidx, dataType, value); if (write(fd, buf, wlen) != wlen) { errExit("Socket write failed"); } rlen = read(fd, buf, sizeof(buf)); if(rlen == -1) { errExit("Socket read failed"); } printf("%c %02X%04X%02X %s", comm, nodeId, idx, sidx, buf); } else { printf("? %s [%d] ERROR: 101 - Syntax error in command.\n", command, sequence); } }
以上是关于CANopenSocket CANopenCGI.c hacking的主要内容,如果未能解决你的问题,请参考以下文章