nasl_nessusd_glue.c

大国补丁后的nessus2.2.8的源代码

 else
	 retc->x.i_val = 0;

 return retc;
}  

/*--------------------[ KB ]---------------------------------------*/

#define SECRET_KB_PREFIX	"Secret/"

tree_cell * get_kb_list(lex_ctxt * lexic)
{
 struct arglist * script_infos = lexic->script_infos;
 struct kb_item ** kb = plug_get_kb(script_infos);
 char * kb_mask = get_str_var_by_num(lexic, 0);
 tree_cell * retc;
 int num_elems = 0;
 nasl_array * a;
 struct kb_item * res, * top;
 
 
 if(kb_mask == NULL)
 {
  nasl_perror(lexic, "get_kb_list() usage : get_kb_list(<NameOfItem>)\n");
  return NULL;
 }
 
 if(kb == NULL)
 {
   return NULL;
 }
 
 retc = alloc_tree_cell(0,NULL);
 retc->type = DYN_ARRAY;
 retc->x.ref_val = a = emalloc(sizeof(nasl_array));
 
 top = res = kb_item_get_pattern(kb, kb_mask);
 
 while(res != NULL)
 {
  anon_nasl_var v;
  bzero(&v, sizeof(v));
  
  if (lexic->authenticated || 
      strncmp(res->name, SECRET_KB_PREFIX, sizeof(SECRET_KB_PREFIX) - 1) != 0)
    {
  if(res->type == KB_TYPE_INT)
  {
  v.var_type = VAR2_INT;
  v.v.v_int = res->v.v_int;
  add_var_to_array(a, res->name, &v);
  num_elems ++;
  }
  else if(res->type == KB_TYPE_STR)
  {
   v.var_type = VAR2_DATA;
   v.v.v_str.s_val = (unsigned char*)res->v.v_str;
   v.v.v_str.s_siz = strlen(res->v.v_str);
   add_var_to_array(a, res->name, &v);
   num_elems ++;
  }
    }
#if NASL_DEBUG > 0
  else
    nasl_perror(lexic, "get_kb_list: skipping protected KN entry %s\n", res->name);
#endif
  res = res->next;
 }
 
 kb_item_get_all_free(top);
 
 if(num_elems == 0)
 {
  deref_cell(retc);
  return FAKE_CELL;
 }
 return retc;
}

tree_cell * get_kb_item(lex_ctxt * lexic)
{
 struct arglist * script_infos = lexic->script_infos;

 char * kb_entry = get_str_var_by_num(lexic, 0);
 char * val;
 tree_cell * retc;
 int type;

 if(kb_entry == NULL)
	 return NULL;

 if (! lexic->authenticated && 
     strncmp(kb_entry, SECRET_KB_PREFIX, sizeof(SECRET_KB_PREFIX) - 1) == 0)
   {
     nasl_perror(lexic, "Untrusted script cannot read protected KB entry %s\n",
		 kb_entry);
     return NULL;
   }
   
 val = plug_get_key(script_infos,kb_entry, &type);


 if ( val == NULL && type == -1 )
  return NULL;
 

 retc = alloc_tree_cell(0, NULL);
 if( type == KB_TYPE_INT )
 {
  retc->type = CONST_INT;
  retc->x.i_val = (int)val;
  return retc;
 }
 else
 {
 retc->type = CONST_DATA;
 if ( val != NULL )
  {
   retc->size = strlen(val);
   retc->x.str_val = estrdup(val);
  }
 else {
    retc->size = 0;
    retc->x.str_val = NULL;
   }
 }

 return retc;
}

/* 
 * Instead of reading the local copy of the KB, we ask the upstream
 * father the "newest" value of a given KB item. This is especially useful
 * when dealing with shared sockets and SSH
 */
tree_cell * get_kb_fresh_item(lex_ctxt * lexic)
{
 struct arglist * script_infos = lexic->script_infos;

 char * kb_entry = get_str_var_by_num(lexic, 0);
 char * val;
 tree_cell * retc;
 int type;

 if(kb_entry == NULL)
	 return NULL;

 if (! lexic->authenticated && 
     strncmp(kb_entry, SECRET_KB_PREFIX, sizeof(SECRET_KB_PREFIX) - 1) == 0)
   {
     nasl_perror(lexic, "Untrusted script cannot read protected KB entry %s\n",
		 kb_entry);
     return NULL;
   }
   
 val = plug_get_fresh_key(script_infos,kb_entry, &type);


 if ( val == NULL && type == -1 )
  return NULL;
 

 retc = alloc_tree_cell(0, NULL);
 if( type == KB_TYPE_INT )
 {
  retc->type = CONST_INT;
  retc->x.i_val = (int)val;
  return retc;
 }
 else
 {
 retc->type = CONST_DATA;
 if ( val != NULL )
  {
   retc->size = strlen(val);
   retc->x.str_val = val; /* Do NOT estrdup() the value, since plug_get_fresh_key() allocated the memory already */
  }
 else {
    retc->size = 0;
    retc->x.str_val = NULL;
   }
 }

 return retc;
}

tree_cell * replace_kb_item(lex_ctxt * lexic)
{
 struct arglist * script_infos = lexic->script_infos;
 char * name  = get_str_local_var_by_name(lexic, "name");
 int type = get_local_var_type_by_name(lexic, "value");
 
 if( name == NULL )
 {
  nasl_perror(lexic, "Syntax error with replace_kb_item() [null name]\n", name);
  return FAKE_CELL;
 }

 if (! lexic->authenticated && 
     strncmp(name, SECRET_KB_PREFIX, sizeof(SECRET_KB_PREFIX) - 1) == 0)
 {
  nasl_perror(lexic, "Only signed scripts can set a Secret/ KB entry\n");
  return FAKE_CELL;
 }
 
 if(type == VAR2_INT)
 {
  int value = get_int_local_var_by_name(lexic, "value", -1);
  if ( value != -1 )plug_replace_key(script_infos, name, ARG_INT,(void*)value);
  else nasl_perror(lexic, "Syntax error with replace_kb_item(%s) [value=-1]\n", name); }
 else
 {
  char * value = get_str_local_var_by_name(lexic, "value");
  if( value == NULL )
  {
    nasl_perror(lexic, "Syntax error with replace_kb_item(%s) [null value]\n", name);
    return FAKE_CELL;
  }
  plug_replace_key(script_infos, name, ARG_STRING, value);
 }

 return FAKE_CELL;
}

tree_cell * set_kb_item(lex_ctxt * lexic)
{
 struct arglist * script_infos = lexic->script_infos;
 char * name  = get_str_local_var_by_name(lexic, "name");
 int type = get_local_var_type_by_name(lexic, "value");
 
 if( name == NULL )
 {
  nasl_perror(lexic, "Syntax error with set_kb_item() [null name]\n", name);
  return FAKE_CELL;
 }
 
 if (! lexic->authenticated && 
     strncmp(name, SECRET_KB_PREFIX, sizeof(SECRET_KB_PREFIX) - 1) == 0)
 {
  nasl_perror(lexic, "Only signed scripts can set a Secret/ KB entry\n");
  return FAKE_CELL;
 }


 if(type == VAR2_INT)
 {
  int value = get_int_local_var_by_name(lexic, "value", -1);
  if ( value != -1 )plug_set_key(script_infos, name, ARG_INT,(void*)value);
  else nasl_perror(lexic, "Syntax error with set_kb_item() [value=-1]\n", name); }
 else
 {
  char * value = get_str_local_var_by_name(lexic, "value");
  if( value == NULL )
  {
    nasl_perror(lexic, "Syntax error with set_kb_item() [null value]\n", name);
    return FAKE_CELL;
  }
  plug_set_key(script_infos, name, ARG_STRING, value);
 }

 return FAKE_CELL;
}

/*------------------------[ Reporting a problem ]---------------------------*/


/*
 * These functions are used when the script wants to report a problem
 * back to nessusd
 */
typedef void(*proto_post_something_t)(struct arglist*, int, const char*, const char *);
typedef void(*post_something_t)(struct arglist*, int, const char*);


static tree_cell * security_something(lex_ctxt * lexic, proto_post_something_t proto_post_func, post_something_t post_func)
{
 struct arglist * script_infos = lexic->script_infos;

 char* proto = get_str_local_var_by_name(lexic, "protocol");
 char* data = get_str_local_var_by_name(lexic, "data");
 int port = get_int_local_var_by_name(lexic, "port", -1); 
 char * dup = NULL;
 
 if(data != NULL)
 {
  int len = get_local_var_size_by_name(lexic, "data");
  int i;
  
  dup = nasl_strndup(data, len);
  for(i=0;i<len;i++)
   if(dup[i] == 0)dup[i]=' ';
 }
 
 if((arg_get_value(script_infos, "standalone")) != NULL)
 {
  if( data != NULL )
   fprintf(stdout, "%s\n", dup);
  else
   fprintf(stdout, "Success\n");
 }
   
 if(proto == NULL)
	 proto = get_str_local_var_by_name(lexic, "proto");

 if(port < 0)
	 port = get_int_var_by_num(lexic, 0, -1);

 
 if(dup != NULL)
 {
  if(proto == NULL)
   post_func(script_infos, port, dup);
  else
   proto_post_func(script_infos, port, proto, dup);

  efree(&dup);
  return FAKE_CELL;
 }
 
 if(proto == NULL)
  post_func(script_infos, port, NULL);
 else
  proto_post_func(script_infos, port, proto, NULL);
  

 return FAKE_CELL;
}
 
tree_cell * security_hole(lex_ctxt * lexic)
{
 return security_something(lexic, proto_post_hole, post_hole);
}

tree_cell * security_warning(lex_ctxt * lexic)
{
 return security_something(lexic, proto_post_info, post_info);
}

tree_cell * security_note(lex_ctxt * lexic)
{
 return security_something(lexic, proto_post_note, post_note);
}

tree_cell * nasl_get_preference(lex_ctxt * lexic)
{
  tree_cell	*retc;
  char		*name, *value;
  struct arglist *script_infos, *prefs;


  script_infos = lexic->script_infos;
  prefs = arg_get_value(script_infos, "preferences");
  if (prefs == NULL)
    {
      nasl_perror(lexic, "get_preference: not preferences\n");
      return NULL;
    }
  name =  get_str_var_by_num(lexic, 0);
  if (name == NULL)
    {
      nasl_perror(lexic, "get_preference: no name\n");
      return NULL;
    }
  value = arg_get_value(prefs, name);
  if (value == NULL)
    return NULL;

  retc = alloc_typed_cell(CONST_DATA);
  retc->x.str_val = strdup(value);
  retc->size = strlen(value);
  return retc;
}

/*-------------------------[ Reporting an open port ]---------------------*/

/*
 * If the plugin is a port scanner, it needs to report the list of open
 * ports back to nessusd, and it also needs to know which ports are
 * to scan
 */
 
 
tree_cell * nasl_scanner_get_port(lex_ctxt * lexic)
{
 tree_cell * retc;
 int idx = get_int_var_by_num(lexic, 0, -1);
 struct arglist * script_infos = lexic->script_infos;
 struct arglist * prefs = arg_get_value(script_infos, "preferences");
 char  *prange = arg_get_value(prefs, "port_range");
 static int num = 0;
 static u_short * ports = NULL;

 if (prange == NULL)
   return NULL; 

 if(idx < 0)
 {
 	nasl_perror(lexic, "Argument error in scanner_get_port()\n");
	nasl_perror(lexic, "Correct usage is : num = scanner_get_port(<num>)\n");
	nasl_perror(lexic, "Where <num> should be 0 the first time you call it\n");
	return NULL;
 }

 if (ports == NULL)
   {
     ports = (u_short*)getpts(prange, &num);
     if (ports == NULL)
       {
	 return NULL;
       }
   }
  
 if(idx >= num)
   {
    return NULL;
   }
 
 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_INT;
 retc->x.i_val = ports[idx];
 return retc;
}

 
tree_cell * nasl_scanner_add_port(lex_ctxt * lexic)
{ 
 struct arglist * script_infos = lexic->script_infos;

 int port = get_int_local_var_by_name(lexic, "port", -1);
 char* proto = get_str_local_var_by_name(lexic, "proto");

 if(port >= 0)
 {
  scanner_add_port(script_infos, port, proto?proto:"tcp");
 }

 return FAKE_CELL;
}
 
tree_cell * nasl_scanner_status(lex_ctxt * lexic)
{
  int current = get_int_local_var_by_name(lexic, "current", -1);
  int total   = get_int_local_var_by_name(lexic, "total", -1); 
  struct arglist * script_infos = lexic->script_infos;
  struct arglist * hostdata = arg_get_value(script_infos, "HOSTNAME");

  if(current != -1 && total != -1)
    {
      struct arglist * globs = arg_get_value(script_infos, "globals");
      if (globs == NULL) return NULL;
      comm_send_status(globs, arg_get_value(hostdata, "NAME"), "portscan", current, total);
    }
  return FAKE_CELL;
} 



/*--------------------[ SHARED SOCKETS ]---------------------------------------*/

#define SECRET_SOCKET_PREFIX "Secret/"

tree_cell * nasl_shared_socket_register( lex_ctxt * lexic )
{
  char * name = get_str_local_var_by_name(lexic, "name");
  int    soc  = get_int_local_var_by_name(lexic, "socket", -1);
  struct arglist * script_infos = lexic->script_infos;
  int type, opt_len = sizeof(type);

 if ( name == NULL || soc < 0 )
 { 
  fprintf(stderr, "Usage: shared_socket_register(name:<name>, socket:<soc>)\n");
  return NULL;
 }

 if ( strncmp(name, SECRET_SOCKET_PREFIX, strlen(SECRET_SOCKET_PREFIX)) == 0 &&
      check_authenticated(lexic) < 0 ) return NULL;


 shared_socket_register(script_infos, soc, name);
 return FAKE_CELL;
}

tree_cell * nasl_shared_socket_acquire( lex_ctxt * lexic )
{
  char * name = get_str_var_by_num(lexic, 0);
  int fd;
  tree_cell * retc;
  struct arglist * script_infos = lexic->script_infos;

 if ( name == NULL )
 { 
 fprintf(stderr, "Usage: shared_socket_acquire(<name>)\n");
 return NULL;
 }

 if ( strncmp(name, SECRET_SOCKET_PREFIX, strlen(SECRET_SOCKET_PREFIX)) == 0 &&
      check_authenticated(lexic) < 0 ) return NULL;

 fd = shared_socket_acquire(script_infos, name);
 if ( fd < 0 ) return NULL;
 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_INT;
 retc->x.i_val = fd;
 return retc;
}

tree_cell * nasl_shared_socket_release( lex_ctxt * lexic )
{
  char * name = get_str_var_by_num(lexic, 0);
  int fd;
  struct arglist * script_infos = lexic->script_infos;

 if ( name == NULL )
 { 
 fprintf(stderr, "Usage: shared_socket_release(<name>)\n");
 return NULL;
 }

 if ( strncmp(name, SECRET_SOCKET_PREFIX, strlen(SECRET_SOCKET_PREFIX)) == 0 &&
      check_authenticated(lexic) < 0 ) return NULL;

 shared_socket_release(script_infos, name);
 return NULL;
}

tree_cell * nasl_shared_socket_destroy( lex_ctxt * lexic )
{
  char * name = get_str_var_by_num(lexic, 0);
  int fd;
  struct arglist * script_infos = lexic->script_infos;

 if ( name == NULL )
 { 
 fprintf(stderr, "Usage: shared_socket_release(<name>)\n");
 return NULL;
 }

 if ( strncmp(name, SECRET_SOCKET_PREFIX, strlen(SECRET_SOCKET_PREFIX)) == 0 &&
      check_authenticated(lexic) < 0 ) return NULL;


 shared_socket_destroy(script_infos, name);
 return NULL;
}