📄 snort_ftptelnet.c
字号:
} FTPCmd->check_validity = 1; if (FTPCmd->param_format) { ftpp_ui_config_reset_ftp_cmd_format(FTPCmd->param_format); FTPCmd->param_format = NULL; } FTPCmd->param_format = HeadFmt; return FTPP_SUCCESS;}/* * Function: PrintFormatDate(FTP_DATE_FMT *DateFmt) * * Purpose: Recursively prints the FTP date validation tree * * Arguments: DateFmt => pointer to the date format node * * Returns: None * */static void PrintFormatDate(char *buf, FTP_DATE_FMT *DateFmt){ FTP_DATE_FMT *OptChild; if (!DateFmt->empty) _dpd.printfappend(buf, BUF_SIZE, "%s", DateFmt->format_string); if (DateFmt->optional) { OptChild = DateFmt->optional; _dpd.printfappend(buf, BUF_SIZE, "["); PrintFormatDate(buf, OptChild); _dpd.printfappend(buf, BUF_SIZE, "]"); } if (DateFmt->next_a) { if (DateFmt->next_b) _dpd.printfappend(buf, BUF_SIZE, "{"); OptChild = DateFmt->next_a; PrintFormatDate(buf, OptChild); if (DateFmt->next_b) { _dpd.printfappend(buf, BUF_SIZE, "|"); OptChild = DateFmt->next_b; PrintFormatDate(buf, OptChild); _dpd.printfappend(buf, BUF_SIZE, "}"); } } if (DateFmt->next) PrintFormatDate(buf, DateFmt->next);}/* * Function: PrintCmdFmt(FTP_PARAM_FMT *CmdFmt) * * Purpose: Recursively prints the FTP command parameter validation tree * * Arguments: CmdFmt => pointer to the parameter validation node * * Returns: None * */static void PrintCmdFmt(char *buf, FTP_PARAM_FMT *CmdFmt){ FTP_PARAM_FMT *OptChild; switch(CmdFmt->type) { case e_int: _dpd.printfappend(buf, BUF_SIZE, " %s", F_INT); break; case e_number: _dpd.printfappend(buf, BUF_SIZE, " %s", F_NUMBER); break; case e_char: _dpd.printfappend(buf, BUF_SIZE, " %s 0x%x", F_CHAR, CmdFmt->format.chars_allowed); break; case e_date: _dpd.printfappend(buf, BUF_SIZE, " %s", F_DATE); PrintFormatDate(buf, CmdFmt->format.date_fmt); break; case e_unrestricted: _dpd.printfappend(buf, BUF_SIZE, " %s", F_STRING); break; case e_strformat: _dpd.printfappend(buf, BUF_SIZE, " %s", F_STRING_FMT); break; case e_host_port: _dpd.printfappend(buf, BUF_SIZE, " %s", F_HOST_PORT); break; case e_head: break; } if (CmdFmt->optional_fmt) { OptChild = CmdFmt->optional_fmt; _dpd.printfappend(buf, BUF_SIZE, "["); PrintCmdFmt(buf, OptChild); _dpd.printfappend(buf, BUF_SIZE, "]"); } if (CmdFmt->numChoices) { int i; _dpd.printfappend(buf, BUF_SIZE, "{"); for (i=0;i<CmdFmt->numChoices;i++) { if (i) _dpd.printfappend(buf, BUF_SIZE, "|"); OptChild = CmdFmt->choices[i]; PrintCmdFmt(buf, OptChild); } _dpd.printfappend(buf, BUF_SIZE, "}"); } if (CmdFmt->next_param_fmt && CmdFmt->next_param_fmt->prev_optional) PrintCmdFmt(buf, CmdFmt->next_param_fmt);}/* * Function: ProcessFTPMaxRespLen(FTP_CLIENT_PROTO_CONF *ClientConf, * char *ErrorString, int ErrStrLen) * * Purpose: Process the max response length configuration * This sets the max length of an FTP response that we * will tolerate, before alerting. * * Arguments: ClientConf => pointer to the FTP client configuration * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessFTPMaxRespLen(FTP_CLIENT_PROTO_CONF *ClientConf, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd = NULL; pcToken = NextToken( CONF_SEPARATORS); if(pcToken == NULL) { snprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", MAX_RESP_LEN); return FTPP_FATAL_ERR; } ClientConf->max_resp_len = strtol(pcToken, &pcEnd, 10); /* * Let's check to see if the entire string was valid. * If there is an address here, then there was an * invalid character in the string. */ if ((*pcEnd) || (ClientConf->max_resp_len < 0)) { snprintf(ErrorString, ErrStrLen, "Invalid argument to token '%s'. Must be a positive " "number.", MAX_RESP_LEN); return FTPP_FATAL_ERR; } return FTPP_SUCCESS;}/* * Function: parseIP(char *token, * u_int32_t* ipaddr, int *bits, * u_int16_t *portlo, u_int16_t *porthi) * * Purpose: Extract the IP address, masking bits (CIDR format), and * port information from an FTP Bounce To configuration. * * Arguments: token => string pointer to the FTP bounce configuration * ipaddr => pointer to returned ip address * bits => pointer to returned bit mask * portlo => pointer to port (or beginning of port range) * porthi => pointer to end of the port range if it exists * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */int parseIP(char *token, u_int32_t* ipaddr, int *bits, u_int16_t *portlo, u_int16_t *porthi){ char *ptr = token; int octet = 0; int bitsseen = 0; int port = 0; int val = 0; if ((!token) || (!ipaddr) || (!bits) || (!portlo) || (!porthi)) return FTPP_INVALID_ARG; *porthi = 0; *portlo = 0; *ipaddr = 0; *bits = 32; do { if (isdigit(*ptr)) { val = val * 10 + (*ptr - '0'); } else if (*ptr == '.') { /* End of octet */ *ipaddr = *ipaddr + (val << (octet * 8)); val = 0; octet++; } else if (*ptr == '/') { bitsseen = 1; /* End last of octet */ *ipaddr = *ipaddr + (val << (octet * 8)); octet++; val = 0; } else if (*ptr == ',') { if (!port) { if (bitsseen) { *bits = val; } else { /* End last of octet */ *ipaddr = *ipaddr + (val << (octet * 8)); octet++; } } else { *portlo = val; } port++; val = 0; } ptr++; } while ((ptr != NULL) && (*ptr != '\0')); if (port==2) { *porthi = val; } else { *portlo = val; } if ((octet != 4) || ((port != 1) && (port != 2))) return FTPP_INVALID_ARG; return FTPP_SUCCESS;}/* * Function: ProcessFTPAlowBounce(FTP_CLIENT_PROTO_CONF *ClientConf, * char *ErrorString, int ErrStrLen) * * Purpose: Process the FTP allow bounce configuration. * This creates an allow bounce node and adds it to the list for the * client configuration. * * Arguments: ClientConf => pointer to the FTP client configuration * ErrorString => error string buffer * ErrStrLen => the length of the error string buffer * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int ProcessFTPAllowBounce(FTP_CLIENT_PROTO_CONF *ClientConf, char *ErrorString, int ErrStrLen){ char *pcToken; int iOneAddr = 0; int iEndList = 0; int iRet; pcToken = NextToken( CONF_SEPARATORS); if(pcToken == NULL) { snprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", ALLOW_BOUNCE); return FTPP_FATAL_ERR; } if(strcmp(START_PORT_LIST, pcToken)) { snprintf(ErrorString, ErrStrLen, "Must start a %s list with the '%s' token.", ALLOW_BOUNCE, START_PORT_LIST); return FTPP_FATAL_ERR; } while((pcToken = NextToken( CONF_SEPARATORS))) { FTP_BOUNCE_TO *newBounce; u_int32_t ipaddr; int bits; u_int16_t portlow; u_int16_t porthigh; char *ipPtr; if(!strcmp(END_PORT_LIST, pcToken)) { iEndList = 1; break; } /* TODO: Maybe want to redo this with high-speed searcher for ip/port. * Would be great if we could handle both full addresses and * subnets quickly -- using CIDR format. Need something that would * return most specific match -- ie a specific host is more specific * than subnet. */ if ((iRet = parseIP(pcToken, &ipaddr, &bits, &portlow, &porthigh))) { snprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", ALLOW_BOUNCE); return FTPP_FATAL_ERR; } /* load this into the ClientConf structure */ ipaddr = ntohl(ipaddr); newBounce = malloc(sizeof(FTP_BOUNCE_TO)); memset(newBounce, 0, sizeof(FTP_BOUNCE_TO)); newBounce->ip = ipaddr; newBounce->relevant_bits = bits; newBounce->portlo = portlow; newBounce->porthi = porthigh; ipPtr = (char *)&ipaddr; if ((iRet = ftp_bounce_lookup_add(ClientConf->bounce_lookup, ipPtr, 4, newBounce))) { free(newBounce); } iOneAddr = 1; } if(!iEndList) { snprintf(ErrorString, ErrStrLen, "Must end '%s' configuration with '%s'.", ALLOW_BOUNCE, END_PORT_LIST); return FTPP_FATAL_ERR; } if(!iOneAddr) { snprintf(ErrorString, ErrStrLen, "Must include at least one address in '%s' configuration.", ALLOW_BOUNCE); return FTPP_FATAL_ERR; } return FTPP_SUCCESS;}/* * Function: PrintFTPClientConf(char * client, * FTP_CLIENT_PROTO_CONF *ClientConf) * * Purpose: Prints the FTP client configuration * * Arguments: client => string pointer to the client IP * ClientConf => pointer to the client configuration * * Returns: int => an error code integer (0 = success, * >0 = non-fatal error, <0 = fatal error) * */static int PrintFTPClientConf(char * client, FTP_CLIENT_PROTO_CONF *ClientConf){ FTP_BOUNCE_TO *FTPBounce; int iErr; if(!ClientConf) { return FTPP_INVALID_ARG; } if (!printedFTPHeader) { _dpd.logMsg(" FTP CONFIG:\n"); printedFTPHeader = 1; } _dpd.logMsg(" FTP Client: %s\n", client); PrintConfOpt(&ClientConf->bounce, " Check for Bounce Attacks"); PrintConfOpt(&ClientConf->telnet_cmds, " Check for Telnet Cmds"); _dpd.logMsg(" Max Response Length: %d\n", ClientConf->max_resp_len); FTPBounce = ftp_bounce_lookup_first(ClientConf->bounce_lookup, &iErr); if (FTPBounce) { _dpd.logMsg(" Allow FTP bounces to:\n"); } while (FTPBounce) { struct in_addr addr; addr.s_addr = FTPBounce->ip; if (FTPBounce->porthi) { _dpd.logMsg(" Address: %s, Ports %d-%d\n", inet_ntoa(addr), FTPBounce->portlo, FTPBounce->porthi); } else { _dpd.logMsg(" Address: %s, Port %d\n", inet_ntoa(addr), FTPBounce->portlo); } FTPBounce = ftp_bounce_lookup_next(ClientConf->bounce_lookup, &iErr); } return FTPP_SUCCESS;}/* * Function: ProcessFTPClientOptions(FTP_CLIENT_PROTO_CONF *ClientConf, * char *ErrorString, int ErrStrLen) * * Purpose: This is where we process the specific ftp client configuration * for FTPTelnet. ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -