📄 snort_ftptelnet.c
字号:
* We set the values of the global configuraiton here. Any errors * that are encountered are specified in the error string and the * type of error is returned through the return code, i.e. fatal, * non-fatal. * * The configuration options that are dealt with here are: * - inspection_type * Indicate whether to operate in stateful stateless mode * - encrypted_traffic * Detect and alert on encrypted sessions * - check_after_encrypted * Instructs the preprocessor to continue checking a data stream * after it is encrypted, looking for an eventual * non-ecrypted data. * * Arguments: GlobalConf => pointer to the global configuration * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessGlobalConf(FTPTELNET_GLOBAL_CONF *GlobalConf, char *ErrorString, int ErrStrLen){ FTPTELNET_CONF_OPT *ConfOpt; int iRet = 0; char *pcToken; int iTokens = 0; while((pcToken = NextToken( CONF_SEPARATORS))) { /* * Show that we at least got one token */ iTokens = 1; /* * Search for configuration keywords */ if (!strcmp(pcToken, CHECK_ENCRYPTED)) { GlobalConf->check_encrypted_data = 1; } else if (!strcmp(pcToken, ENCRYPTED_TRAFFIC)) { ConfOpt = &GlobalConf->encrypted; if((iRet = ProcessConfOpt(ConfOpt, ENCRYPTED_TRAFFIC, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(INSPECT_TYPE, pcToken)) { if((iRet = ProcessInspectType(GlobalConf, ErrorString, ErrStrLen))) { return iRet; } } else { snprintf(ErrorString, ErrStrLen, "Invalid keyword '%s' for '%s' configuration.", pcToken, GLOBAL); return FTPP_FATAL_ERR; } } /* * If there are not any tokens to the configuration, then * we let the user know and log the error. return non-fatal * error. */ if(!iTokens) { snprintf(ErrorString, ErrStrLen, "No tokens to '%s' configuration.", GLOBAL); return FTPP_NONFATAL_ERR; } return FTPP_SUCCESS;}/* * Function: ProcessPorts(PROTO_CONF *protocol, * char *ErrorString, int ErrStrLen) * * Purpose: Process the port list for the server configuration. * This configuration is a list of valid ports and is ended * by a delimiter. * * Arguments: protocol => pointer to the ports configuration * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessPorts(PROTO_CONF *protocol, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd; int iPort; int iEndPorts = 0; pcToken = NextToken( CONF_SEPARATORS); if(!pcToken) { snprintf(ErrorString, ErrStrLen, "Invalid port list format."); return FTPP_FATAL_ERR; } if(strcmp(START_PORT_LIST, pcToken)) { snprintf(ErrorString, ErrStrLen, "Must start a port list with the '%s' token.", START_PORT_LIST); return FTPP_FATAL_ERR; } /* Unset the defaults */ for (iPort = 0;iPort<65536;iPort++) protocol->ports[iPort] = 0; while((pcToken = NextToken( CONF_SEPARATORS))) { if(!strcmp(END_PORT_LIST, pcToken)) { iEndPorts = 1; break; } iPort = strtol(pcToken, &pcEnd, 10); /* * Validity check for port */ if(*pcEnd) { snprintf(ErrorString, ErrStrLen, "Invalid port number."); return FTPP_FATAL_ERR; } if(iPort < 0 || iPort > 65535) { snprintf(ErrorString, ErrStrLen, "Invalid port number. Must be between 0 and " "65535."); return FTPP_FATAL_ERR; } protocol->ports[iPort] = 1; if(protocol->port_count < 65536) protocol->port_count++; } if(!iEndPorts) { snprintf(ErrorString, ErrStrLen, "Must end '%s' configuration with '%s'.", PORTS, END_PORT_LIST); return FTPP_FATAL_ERR; } return FTPP_SUCCESS;}/* * Function: ProcessTelnetAYTThreshold(TELNET_PROTO_CONF *TelnetConf, * char *ErrorString, int ErrStrLen) * * Purpose: Process the 'are you there' threshold configuration * This sets the maximum number of telnet ayt commands that * we will tolerate, before alerting. * * Arguments: TelnetConf => pointer to the telnet configuration * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessTelnetAYTThreshold(TELNET_PROTO_CONF *TelnetConf, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd = NULL; pcToken = NextToken( CONF_SEPARATORS); if(pcToken == NULL) { snprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", AYT_THRESHOLD); return FTPP_FATAL_ERR; } TelnetConf->ayt_threshold = strtol(pcToken, &pcEnd, 10); /* * Let's check to see if the entire string was valid. * If there is an address here, then there was an * invalid character in the string. */ if(*pcEnd) { snprintf(ErrorString, ErrStrLen, "Invalid argument to token '%s'. Must be a positive " "number.", AYT_THRESHOLD); return FTPP_FATAL_ERR; } return FTPP_SUCCESS;}/* * Function: PrintTelnetConf(TELNET_PROTO_CONF *TelnetConf, * char *Option) * * Purpose: Prints the telnet configuration * * Arguments: TelnetConf => pointer to the telnet configuration * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int PrintTelnetConf(TELNET_PROTO_CONF *TelnetConf){ char buf[BUF_SIZE+1]; int iCtr; if(!TelnetConf) { return FTPP_INVALID_ARG; } _dpd.logMsg(" TELNET CONFIG:\n"); memset(buf, 0, BUF_SIZE+1); snprintf(buf, BUF_SIZE, " Ports: "); /* * Print out all the applicable ports. */ for(iCtr = 0; iCtr < 65536; iCtr++) { if(TelnetConf->proto_ports.ports[iCtr]) { _dpd.printfappend(buf, BUF_SIZE, "%d ", iCtr); } } _dpd.logMsg("%s\n", buf); _dpd.logMsg(" Are You There Threshold: %d\n", TelnetConf->ayt_threshold); _dpd.logMsg(" Normalize: %s\n", TelnetConf->normalize ? "YES" : "NO"); _dpd.logMsg(" Detect Anomalies: %s\n", TelnetConf->detect_anomalies ? "YES" : "NO"); return FTPP_SUCCESS;}/* * Function: ProcessTelnetConf(FTPTELNET_GLOBAL_CONF *GlobalConf, * char *ErrorString, int ErrStrLen) * * Purpose: This is where we process the telnet configuration for FTPTelnet. * * We set the values of the telnet configuraiton here. Any errors * that are encountered are specified in the error string and the * type of error is returned through the return code, i.e. fatal, * non-fatal. * * The configuration options that are dealt with here are: * - ports { x } Ports on which to do telnet checks * - normalize Turns on normalization * - ayt_attack_thresh x Detect consecutive are you there commands * * Arguments: GlobalConf => pointer to the global configuration * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessTelnetConf(FTPTELNET_GLOBAL_CONF *GlobalConf, char *ErrorString, int ErrStrLen){ int iRet; char *pcToken; int iTokens = 0; while((pcToken = NextToken( CONF_SEPARATORS))) { /* * Show that we at least got one token */ iTokens = 1; /* * Search for configuration keywords */ if(!strcmp(PORTS, pcToken)) { PROTO_CONF *ports = (PROTO_CONF*)&GlobalConf->global_telnet; if((iRet = ProcessPorts(ports, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(AYT_THRESHOLD, pcToken)) { if((iRet = ProcessTelnetAYTThreshold(&GlobalConf->global_telnet, ErrorString, ErrStrLen))) { return iRet; } } else if(!strcmp(NORMALIZE, pcToken)) { GlobalConf->global_telnet.normalize = 1; } else if(!strcmp(DETECT_ANOMALIES, pcToken)) { GlobalConf->global_telnet.detect_anomalies = 1; } /* * Start the CONF_OPT configurations. */ else { snprintf(ErrorString, ErrStrLen, "Invalid keyword '%s' for '%s' configuration.", pcToken, GLOBAL); return FTPP_FATAL_ERR; } } /* * Let's print out the telnet config */ PrintTelnetConf(&GlobalConf->global_telnet); /* * If there are not any tokens to the configuration, then * we let the user know and log the error. return non-fatal * error. */ if(!iTokens) { snprintf(ErrorString, ErrStrLen, "No tokens to '%s' configuration.", TELNET); return FTPP_NONFATAL_ERR; } return FTPP_SUCCESS;}/* * Function: GetIPAddr(char *addrString, unsigned u_int32_t *ipAddr, * char *ErrorString, int ErrStrLen) * * Purpose: This is where we convert an IP address to a numeric * * Any errors that are encountered are specified in the error * string and the type of error is returned through the return * code, i.e. fatal, non-fatal. * * Arguments: addrString => pointer to the address string * ipAddr => pointer to converted address * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */#ifndef INADDR_NONE#define INADDR_NONE -1#endifint GetIPAddr(char *addrString, u_int32_t *ipAddr, char *ErrorString, int ErrStrLen){ *ipAddr = inet_addr(addrString); if (*ipAddr == INADDR_NONE) { snprintf(ErrorString, ErrStrLen, "Invalid FTP client IP address '%s'.", addrString); return FTPP_FATAL_ERR; } return FTPP_SUCCESS;}/* * Function: ProcessFTPCmdList(FTP_SERVER_PROTO_CONF *ServerConf, * char *confOption, * char *ErrorString, int ErrStrLen, * int require_cmds, int require_length) * * Purpose: Process the FTP cmd lists for the client configuration. * This configuration is a parameter length for the list of * FTP commands and is ended by a delimiter. * * Arguments: ServerConf => pointer to the FTP server configuration * confOption => pointer to the name of the option * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * require_cmds => flag to require a command list * require_length => flag to require a length specifier * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessFTPCmdList(FTP_SERVER_PROTO_CONF *ServerConf, char *confOption, char *ErrorString, int ErrStrLen, int require_cmds, int require_length){ FTP_CMD_CONF *FTPCmd = NULL; char *pcToken; char *pcEnd = NULL; char *cmd; int iLength = 0; int iEndCmds = 0; int iRet; if (require_length) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -