📄 dce2_config.c
字号:
/**************************************************************************** * Copyright (C) 2008-2008 Sourcefire,Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License Version 2 as * published by the Free Software Foundation. You may not use, modify or * distribute this program under any other version of the GNU General * Public License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * **************************************************************************** * Parses and processes configuration set in snort.conf. * * 8/17/2008 - Initial implementation ... Todd Wease <twease@sourcefire.com> * ****************************************************************************/#ifdef HAVE_CONFIG_H#include "config.h"#endif#include "dce2_config.h"#include "dce2_utils.h"#include "dce2_list.h"#include "dce2_memory.h"#include "dce2_event.h"#include "dce2_session.h"#include "sf_dynamic_preprocessor.h"#include "sf_types.h"#include "sfrt.h"#include "sf_ip.h"#include <stdlib.h>#include <stdio.h>#include <string.h>#include <ctype.h>#ifndef WIN32#include <sys/socket.h>#include <arpa/inet.h>#endif /* WIN32 *//******************************************************************** * Global variables ********************************************************************/DCE2_GlobalConfig *dce2_gconfig = NULL; /* Global configuration */DCE2_ServerConfig *dce2_dconfig = NULL; /* Default server configuration */table_t *dce2_sconfigs = NULL; /* Routing table with server configurations *//* Default ports */static const uint16_t DCE2_PORTS_SMB__DEFAULT[] = {139, 445};static const uint16_t DCE2_PORTS_TCP__DEFAULT[] = {135};static const uint16_t DCE2_PORTS_UDP__DEFAULT[] = {135};static const uint16_t DCE2_PORTS_HTTP_PROXY__DEFAULT[] = {80};static const uint16_t DCE2_PORTS_HTTP_SERVER__DEFAULT[] = {593};/******************************************************************** * Extern variables ********************************************************************/extern DynamicPreprocessorData _dpd;/******************************************************************** * Macros ********************************************************************/#define DCE2_GOPT__MEMCAP "memcap"#define DCE2_GOPT__DISABLE_DEFRAG "disable_defrag"#define DCE2_GOPT__MAX_FRAG_LEN "max_frag_len"#define DCE2_GOPT__REASSEMBLE_THRESHOLD "reassemble_threshold"#define DCE2_GOPT__EVENTS "events"#define DCE2_GARG__EVENTS_NONE "none"#define DCE2_GARG__EVENTS_MEMCAP "memcap"#define DCE2_GARG__EVENTS_SMB "smb"#define DCE2_GARG__EVENTS_CO "co" /* Connection-oriented DCE/RPC */#define DCE2_GARG__EVENTS_CL "cl" /* Connectionless DCE/RPC */#define DCE2_GARG__EVENTS_ALL "all"#define DCE2_SOPT__DEFAULT "default"#define DCE2_SOPT__NET "net"#define DCE2_SOPT__POLICY "policy"#define DCE2_SARG__POLICY_WIN2000 "Win2000"#define DCE2_SARG__POLICY_WINXP "WinXP"#define DCE2_SARG__POLICY_WINVISTA "WinVista"#define DCE2_SARG__POLICY_WIN2003 "Win2003"#define DCE2_SARG__POLICY_SAMBA "Samba"#define DCE2_SARG__POLICY_SAMBA_3_0_22 "Samba-3.0.22" /* Samba version 3.0.22 and previous */#define DCE2_SARG__POLICY_SAMBA_3_0_20 "Samba-3.0.20" /* Samba version 3.0.20 and previous */#define DCE2_SOPT__DETECT "detect"#define DCE2_SOPT__AUTODETECT "autodetect"#define DCE2_SARG__DETECT_NONE "none"#define DCE2_SARG__DETECT_SMB "smb" #define DCE2_SARG__DETECT_TCP "tcp"#define DCE2_SARG__DETECT_UDP "udp"#define DCE2_SARG__DETECT_HTTP_PROXY "rpc-over-http-proxy"#define DCE2_SARG__DETECT_HTTP_SERVER "rpc-over-http-server"#define DCE2_SOPT__NO_AUTODETECT_HTTP_PROXY_PORTS "no_autodetect_http_proxy_ports"#define DCE2_SOPT__SMB_INVALID_SHARES "smb_invalid_shares"#define DCE2_SOPT__SMB_MAX_CHAIN "smb_max_chain"#define DCE2_SMB_MAX_CHAIN__DEFAULT 3#define DCE2_SMB_MAX_CHAIN__MAX 255 /* uint8_t is used to store value */#define DCE2_MEMCAP__DEFAULT (100 * 1024) /* 100 MB *//*** Don't increase max memcap number or it will overflow ***/#define DCE2_MEMCAP__MIN 1024 /* 1 MB min */#define DCE2_MEMCAP__MAX ((4 * 1024 * 1024) - 1) /* ~ 4 GB max */#define DCE2_MAX_FRAG__MAX 65535#define DCE2_MAX_FRAG__MIN 1514#define DCE2_AUTO_PORTS__START 1025/******************************************************************** * Enumerations ********************************************************************/typedef enum _DCE2_GcState{ DCE2_GC_STATE__OPT_START, DCE2_GC_STATE__OPT, DCE2_GC_STATE__OPT_END, DCE2_GC_STATE__END} DCE2_GcState;typedef enum _DCE2_GcOptFlag{ DCE2_GC_OPT_FLAG__NULL = 0x0000, DCE2_GC_OPT_FLAG__MEMCAP = 0x0001, DCE2_GC_OPT_FLAG__DISABLE_SMB_DESEG = 0x0002, DCE2_GC_OPT_FLAG__DISABLE_DEFRAG = 0x0004, DCE2_GC_OPT_FLAG__MAX_FRAG_LEN = 0x0008, DCE2_GC_OPT_FLAG__EVENTS = 0x0010, DCE2_GC_OPT_FLAG__REASSEMBLE_THRESHOLD = 0x0020} DCE2_GcOptFlag;typedef enum _DCE2_ScState{ DCE2_SC_STATE__ROPT_START, /* Required option */ DCE2_SC_STATE__ROPT, DCE2_SC_STATE__OPT_START, DCE2_SC_STATE__OPT, DCE2_SC_STATE__OPT_END, DCE2_SC_STATE__END} DCE2_ScState;typedef enum _DCE2_ScOptFlag{ DCE2_SC_OPT_FLAG__NULL = 0x0000, DCE2_SC_OPT_FLAG__DEFAULT = 0x0001, DCE2_SC_OPT_FLAG__NET = 0x0002, DCE2_SC_OPT_FLAG__POLICY = 0x0004, DCE2_SC_OPT_FLAG__DETECT = 0x0008, DCE2_SC_OPT_FLAG__AUTODETECT = 0x0010, DCE2_SC_OPT_FLAG__NO_AUTODETECT_HTTP_PROXY_PORTS = 0x0020, DCE2_SC_OPT_FLAG__SMB_INVALID_SHARES = 0x0040, DCE2_SC_OPT_FLAG__SMB_MAX_CHAIN = 0x0080} DCE2_ScOptFlag;typedef enum _DCE2_DetectListState{ DCE2_DETECT_LIST_STATE__START, DCE2_DETECT_LIST_STATE__TYPE_START, DCE2_DETECT_LIST_STATE__TYPE, DCE2_DETECT_LIST_STATE__TYPE_END, DCE2_DETECT_LIST_STATE__PORTS_START, DCE2_DETECT_LIST_STATE__PORTS, DCE2_DETECT_LIST_STATE__PORTS_END, DCE2_DETECT_LIST_STATE__END} DCE2_DetectListState;/******************************************************************** * Structures ********************************************************************//* Just used for printing detect and autodetect configurations */typedef struct _DCE2_PrintPortsStruct{ const uint8_t *port_array; const char *trans_str;} DCE2_PrintPortsStruct;/******************************************************************** * Private function prototypes ********************************************************************/static void DCE2_GcInitConfig(DCE2_GlobalConfig *gc);static DCE2_Ret DCE2_GcParseConfig(DCE2_GlobalConfig *, char *);static INLINE DCE2_GcOptFlag DCE2_GcParseOption(char *, char *, int *);static DCE2_Ret DCE2_GcParseMemcap(DCE2_GlobalConfig *, char **, char *);static DCE2_Ret DCE2_GcParseMaxFrag(DCE2_GlobalConfig *, char **, char *);static DCE2_Ret DCE2_GcParseEvents(DCE2_GlobalConfig *, char **, char *);static INLINE void DCE2_GcSetEvent(DCE2_GlobalConfig *, DCE2_EventFlag);static INLINE void DCE2_GcClearEvent(DCE2_GlobalConfig *, DCE2_EventFlag);static INLINE void DCE2_GcClearAllEvents(DCE2_GlobalConfig *);static INLINE DCE2_EventFlag DCE2_GcParseEvent(char *, char *, int *);static DCE2_Ret DCE2_GcParseReassembleThreshold(DCE2_GlobalConfig *, char **, char *);static void DCE2_GcPrintConfig(const DCE2_GlobalConfig *);static void DCE2_ScInitConfig(DCE2_ServerConfig *);static void DCE2_ScInitPortArray(DCE2_ServerConfig *, DCE2_DetectFlag, int);static DCE2_Ret DCE2_ScParseConfig(DCE2_ServerConfig *, char *, DCE2_Queue *);static INLINE DCE2_ScOptFlag DCE2_ScParseOption(char *, char *, int *);static DCE2_Ret DCE2_ScParsePolicy(DCE2_ServerConfig *, char **, char *);static DCE2_Ret DCE2_ScParseDetect(DCE2_ServerConfig *, char **, char *, int);static INLINE DCE2_DetectFlag DCE2_ScParseDetectType(char *, char *, int *);static INLINE void DCE2_ScResetPortsArrays(DCE2_ServerConfig *, int);static DCE2_Ret DCE2_ScParseSmbShares(DCE2_ServerConfig *, char **, char *);static DCE2_Ret DCE2_ScParseSmbMaxChain(DCE2_ServerConfig *, char **, char *);static DCE2_Ret DCE2_ScAddToRoutingTable(DCE2_ServerConfig *, DCE2_Queue *);static int DCE2_ScSmbShareCompare(const void *, const void *);static void DCE2_ScSmbShareFree(void *);static void DCE2_ScPrintConfig(const DCE2_ServerConfig *, DCE2_Queue *);static void DCE2_ScPrintPorts(const DCE2_ServerConfig *, int);static void DCE2_ScIpListDataFree(void *);static void DCE2_ScCheckPortOverlap(const DCE2_ServerConfig *);/******************************************************************** * Function: DCE2_GlobalConfigure() * * Parses the DCE/RPC global configuration and stores values in a * global configuration structure. * * Arguments: * char * * snort.conf argument line for the dcerpc2 preprocessor. * * Returns: None * ********************************************************************/void DCE2_GlobalConfigure(char *args){ /* Can only do one global configuration */ if (dce2_gconfig != NULL) { DCE2_Die("%s(%d) => %s: Only one global configuration can be specified.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } /* Allocate memory for global config structure */ dce2_gconfig = (DCE2_GlobalConfig *)DCE2_Alloc(sizeof(DCE2_GlobalConfig), DCE2_MEM_TYPE__CONFIG); if (dce2_gconfig == NULL) { DCE2_Die("%s(%d) => %s: Failed to allocate memory for global configuration.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } /* Initialize the global config structure */ DCE2_GcInitConfig(dce2_gconfig); /* If no arguments, just use default configuration */ if (DCE2_IsEmptyStr(args)) { DCE2_GcPrintConfig(dce2_gconfig); return; } if (DCE2_GcParseConfig(dce2_gconfig, args) != DCE2_RET__SUCCESS) { DCE2_Die("%s(%d) => %s: Error parsing global configuration.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } DCE2_GcPrintConfig(dce2_gconfig);}/******************************************************************** * Function: DCE2_GcInitConfig * * Initializes global configuration to defaults. * * Arguments: * DCE2_GlobalConfig * * Pointer to global config structure. * * Returns: None * ********************************************************************/static void DCE2_GcInitConfig(DCE2_GlobalConfig *gc){ if (gc == NULL) return; /* Convert default memcap to 100MB */ gc->memcap = DCE2_MEMCAP__DEFAULT * 1024; /* Set to alert on all types ... */ DCE2_GcSetEvent(gc, DCE2_EVENT_FLAG__ALL); /* ... except reaching memcap event */ DCE2_GcClearEvent(gc, DCE2_EVENT_FLAG__MEMCAP); /* Enable fragmentation reassembly */ gc->dce_defrag = DCE2_CS__ENABLED; /* Set default max fragment size */ gc->max_frag_len = DCE2_SENTINEL;}/******************************************************************** * Function: DCE2_GcParseConfig() * * Main parsing of global configuration. Parses options and * passes off to individual option handling. * * Arguments: * DCE2_GlobalConfig * * Pointer to the global configuration structure. * char * * Pointer to the configuration line. * * Returns: * DCE2_Ret * DCE2_RET__SUCCESS if parsing completed without error. * DCE2_RET__ERROR if an error occurred during parsing. * ********************************************************************/static DCE2_Ret DCE2_GcParseConfig(DCE2_GlobalConfig *gc, char *args){ DCE2_GcState state = DCE2_GC_STATE__OPT_START; char *ptr, *end; char *opt_start = args; char last_char = 0; int option_mask = 0; ptr = args; end = ptr + strlen(args) + 1; /* Include NULL byte for state */ while (ptr < end) { char c = *ptr; switch (state) { case DCE2_GC_STATE__OPT_START: if (DCE2_IsWordChar(c, DCE2_WORD_CHAR_POSITION__START)) { opt_start = ptr; /* Save pointer to first char of option */ state = DCE2_GC_STATE__OPT; } else if (!DCE2_IsSpaceChar(c)) { _dpd.logMsg("%s(%d) => %s: Invalid option.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); return DCE2_RET__ERROR; } break; case DCE2_GC_STATE__OPT: if (!DCE2_IsWordChar(c, DCE2_WORD_CHAR_POSITION__MIDDLE)) { DCE2_GcOptFlag opt_flag; if (!DCE2_IsWordChar(last_char, DCE2_WORD_CHAR_POSITION__END)) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -