/*
Active Alert IP Monitor.
"Because there just weren't enough already out there"
*/

#include <stdio.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/param.h>
#include <syslog.h>
#include <varargs.h>
#include <signal.h>
#include <sys/wait.h> 

extern int errno;

int main(int argc, char **argv)
{

struct sockaddr_in      local;
struct sockaddr_in      remote;
struct 			tm tim;
struct 			hostent *hp;
int local_port		= 12345;
int high_port		= 65535;
int                     srvsock;
int			srvs_dos;
int                     childpid;
int			rem_id;
int			loclen;
int			sinweight;
int 			fpoint;
int			remote_port;
char			idata[128];
char			username[16];
char			error[16];
char			*ndata[8];
char			atk_info[200];
char			tiempo[50];
char			myname[MAXHOSTNAMELEN];
char			yeep[30];

size_t i;
time_t now;
now = time(NULL);
tim = *(localtime(&now));
i = strftime(tiempo,50,"[%D %I:%M:%S %p]",&tim);

	openlog("aaipm", LOG_PID, LOG_DAEMON);

if (argc > 1) {
local_port = atoi(argv[1]);
 if (local_port > high_port) { 
  printf("Highest port is 65535 , what are you doing?\n");
  syslog(LOG_NOTICE, "Cannot bind to %d , too high of a port\n", local_port);
  exit(1); }
}
	
printf("                  +-------------------------+\n");      
printf("                 / Active Alert IP Monitor   \\\n");
printf("                 \\ by decker@n3t.net        /\n");
printf("                  +-------------------------+\n");
syslog(LOG_NOTICE, "Starting AAIPM Daemon v1.0\n");

  if ((srvsock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
  perror("Socket Error");
  syslog(LOG_ERR, "Error creating socket: %s\n", strerror(errno));
  return -1;
  }
  
	gethostname(myname, MAXHOSTNAMELEN);
	hp = gethostbyname("localhost"); 
	local.sin_family= AF_INET;
	local.sin_addr.s_addr = INADDR_ANY;
/*	memcpy((char *)&local.sin_addr,hp->h_addr,hp->h_length); */
	local.sin_port = htons(local_port);	
	
	sprintf(yeep, "%s",inet_ntoa(*((struct in_addr *)hp->h_addr)));

	
	if (bind(srvsock, (struct sockaddr *)&local, sizeof(struct sockaddr)) < 0) {
		perror("Error binding to socket");
		syslog(LOG_ERR, "Error binding socket: %s\n", strerror(errno));
		return -1;
	}
	if (listen(srvsock, 4) < 0) {
		perror("Error listening to socket");
		syslog(LOG_ERR, "Error listening socket: %s\n", strerror(errno));
		return -1;
	}
	
 	printf("Listening on port %d\n", local_port);
                                                                                             	
	if ((childpid = fork()) < 0) {
		perror("Error forking");
		syslog(LOG_ERR, "Error forking: %s\n", strerror(errno));
		return -1;
	}
	else if (childpid == 0) {
		loclen = sizeof(local);
	
        while(1) {  
		if ((sinweight = accept(srvsock, (struct sockaddr *)&remote, &loclen)) < 0) {
		syslog(LOG_ERR, "Error accepting connection: %s\n", strerror(errno));
		kill(childpid, SIGKILL);
		return -1;
		}
		
		if ((childpid = fork()) == 0) {
				remote_port = ntohs(remote.sin_port);
				syslog(LOG_NOTICE, "Probe from %s:%d\n", inet_ntoa(remote.sin_addr), remote_port);

			if ((rem_id = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
					syslog(LOG_ERR, "Error creating socket: %s\n", strerror(errno));
					return -1;
				}

				remote.sin_port = htons(113);
	
			if (connect(rem_id, (struct sockaddr *)&remote, sizeof(remote)) < 0) {
					syslog(LOG_ERR, "Error connecting to remote identd: %s\n", strerror(errno));
					break;
				}

				sprintf(idata, "%d , %d\n", local_port, remote_port);
			if (write(rem_id, idata, strlen(idata)) < strlen(idata)) {
					syslog(LOG_ERR, "Error sending to remote identd: %s\n", strerror(errno));
					return -1;
				}

				bzero(idata, sizeof(idata));
			
			if (read(rem_id, idata, sizeof(idata)) < 0) {
					syslog(LOG_ERR, "Error receiving from remote identd: %s\n", strerror(errno));
					return -1;
				}

				ndata[0] = strtok(idata, " : ");
				ndata[1] = strtok(NULL, " : ");
				ndata[2] = strtok(NULL, " : ");
				ndata[3] = strtok(NULL, " : ");
				ndata[4] = strtok(NULL, " : ");
				ndata[5] = strtok(NULL, " : ");

			if (strcmp(ndata[3], "ERROR") == 0) {
				if (strcmp(ndata[4], "NO-USER") == 0) {
						syslog(LOG_NOTICE, "No such user at remote end\n");
					} else {
						strncpy(error, ndata[4], (strlen(ndata[4]) - 1));
						syslog(LOG_NOTICE, "Unknown error: %s\n", error);
						return -1;
					}
				}

			if (strcmp(ndata[3], "USERID") == 0) {
					strncpy(username, ndata[5], (strlen(ndata[5]) - 2));
					syslog(LOG_NOTICE, "Remote user is %s\n", username);
				}

	    {
	    
		
                FILE *fpoint;

		fpoint = fopen ("log.txt", "a"); 
                
		 { 

sprintf(atk_info, "%s %s -> %s - connect by user:%s",tiempo,(inet_ntoa(remote.sin_addr)),yeep,username);
		 fputs (("%s",atk_info),fpoint);
		 fputs ("\n",fpoint); 
                 }
                fclose (fpoint);
            }


				close(rem_id);
				close(sinweight);
				return 0;
			} else {
				while(wait((int *) 0) != childpid) {
					/* do nothing */
				}
				close(sinweight);
				if ((childpid = fork()) == 0) {
					return 0;
				}
			}
		}
	} else {
		syslog(LOG_NOTICE, "Backgrounded under pid %d\n", childpid);
		printf("Backgrounded under pid %d\n", childpid);
	}

	close(srvsock);
	closelog();

	return 0;
}