OpenVAS Scanner
7.0.1~git
|
Implementation of an API for SSH functions. More...
#include "nasl_ssh.h"
#include "../misc/network.h"
#include "../misc/plugutils.h"
#include "exec.h"
#include "nasl_debug.h"
#include "nasl_func.h"
#include "nasl_global_ctxt.h"
#include "nasl_lex_ctxt.h"
#include "nasl_tree.h"
#include "nasl_var.h"
#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <glib/gstdio.h>
#include <gvm/base/logging.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/util/kb.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
Go to the source code of this file.
Data Structures | |
struct | session_table_item_s |
Macros | |
#define | DIM(v) (sizeof (v) / sizeof ((v)[0])) |
#define | DIMof(type, member) DIM (((type *) 0)->member) |
#define | G_LOG_DOMAIN "lib nasl" |
GLib logging domain. More... | |
#define | MAX_SSH_SESSIONS 10 |
Functions | |
static int | nasl_ssh_close_hook (int sock) |
Hook to close a socket associated with an ssh connection. More... | |
static void | g_string_comma_str (GString *gstr, const char *str) |
static int | next_session_id (void) |
static unsigned short | get_ssh_port (lex_ctxt *lexic) |
tree_cell * | nasl_ssh_connect (lex_ctxt *lexic) |
Connect to the target host via TCP and setup an ssh connection. More... | |
static int | verify_session_id (int session_id, const char *funcname, int *r_slot, lex_ctxt *lexic) |
static void | do_nasl_ssh_disconnect (int tbl_slot) |
tree_cell * | nasl_ssh_disconnect (lex_ctxt *lexic) |
Disconnect an ssh connection. More... | |
tree_cell * | nasl_ssh_session_id_from_sock (lex_ctxt *lexic) |
Given a socket, return the corresponding session id. More... | |
tree_cell * | nasl_ssh_get_sock (lex_ctxt *lexic) |
Given a session id, return the corresponding socket. More... | |
static int | get_authmethods (int tbl_slot) |
tree_cell * | nasl_ssh_set_login (lex_ctxt *lexic) |
Set the login name for the authentication. More... | |
tree_cell * | nasl_ssh_userauth (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_login_interactive (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_login_interactive_pass (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
static void | exec_ssh_cmd_alarm (int signal) |
static int | exec_ssh_cmd (ssh_session session, char *cmd, int verbose, int compat_mode, int to_stdout, int to_stderr, GString *response, GString *compat_buf) |
Execute an ssh command. More... | |
tree_cell * | nasl_ssh_request_exec (lex_ctxt *lexic) |
Run a command via ssh. More... | |
tree_cell * | nasl_ssh_get_issue_banner (lex_ctxt *lexic) |
Get the issue banner. More... | |
tree_cell * | nasl_ssh_get_server_banner (lex_ctxt *lexic) |
Get the server banner. More... | |
tree_cell * | nasl_ssh_get_host_key (lex_ctxt *lexic) |
Get the host key. More... | |
tree_cell * | nasl_ssh_get_auth_methods (lex_ctxt *lexic) |
Get the list of authmethods. More... | |
static void | request_ssh_shell_alarm (int signal) |
static int | request_ssh_shell (ssh_channel channel) |
Open a shell on an ssh channel. More... | |
tree_cell * | nasl_ssh_shell_open (lex_ctxt *lexic) |
Request an ssh shell. More... | |
static int | read_ssh_nonblocking (ssh_channel channel, GString *response) |
read from an ssh channel without blocking. More... | |
tree_cell * | nasl_ssh_shell_read (lex_ctxt *lexic) |
Read the output of an ssh shell. More... | |
tree_cell * | nasl_ssh_shell_write (lex_ctxt *lexic) |
Write string to ssh shell. More... | |
tree_cell * | nasl_ssh_shell_close (lex_ctxt *lexic) |
Close an ssh shell. More... | |
Variables | |
static struct session_table_item_s | session_table [MAX_SSH_SESSIONS] |
int | lowest_socket |
Implementation of an API for SSH functions.
This file contains the implementation of the Secure Shell related NASL builtin functions. They are only available if build with libssh support.
Definition in file nasl_ssh.c.
#define DIM | ( | v | ) | (sizeof (v) / sizeof ((v)[0])) |
Definition at line 62 of file nasl_ssh.c.
#define DIMof | ( | type, | |
member | |||
) | DIM (((type *) 0)->member) |
Definition at line 63 of file nasl_ssh.c.
#define G_LOG_DOMAIN "lib nasl" |
GLib logging domain.
Definition at line 74 of file nasl_ssh.c.
#define MAX_SSH_SESSIONS 10 |
Definition at line 116 of file nasl_ssh.c.
|
static |
Definition at line 458 of file nasl_ssh.c.
References session_table_item_s::channel, session_table_item_s::session, session_table_item_s::session_id, session_table, and session_table_item_s::sock.
Referenced by nasl_ssh_close_hook(), and nasl_ssh_disconnect().
|
static |
Execute an ssh command.
[in] | session | SSH session. |
[in] | cmd | Command to execute. |
[in] | verbose | 1 for verbose mode, 0 otherwise. |
[in] | compat_mode | 1 for compatibility mode, 0 otherwise. |
[in] | to_stdout | 1 to return command output to stdout. |
[in] | to_stderr | 1 to return command output to stderr. |
[out] | response | Response buffer. |
[out] | compat_buf | Compatibility buffer. |
Definition at line 1188 of file nasl_ssh.c.
References session_table_item_s::channel, exec_ssh_cmd_alarm(), nasl_get_function_name(), nasl_get_plugin_filename(), session_table_item_s::session, and session_table_item_s::verbose.
Referenced by nasl_ssh_request_exec().
|
static |
Definition at line 1166 of file nasl_ssh.c.
Referenced by exec_ssh_cmd().
|
static |
Definition at line 124 of file nasl_ssh.c.
Referenced by nasl_ssh_get_auth_methods().
|
static |
Definition at line 618 of file nasl_ssh.c.
References session_table_item_s::authmethods, session_table_item_s::authmethods_valid, session_table_item_s::session, session_table, and session_table_item_s::verbose.
Referenced by nasl_ssh_get_auth_methods(), nasl_ssh_get_issue_banner(), nasl_ssh_login_interactive(), and nasl_ssh_userauth().
|
static |
Definition at line 169 of file nasl_ssh.c.
References plug_get_key(), and struct_lex_ctxt::script_infos.
Referenced by nasl_ssh_connect().
|
static |
Hook to close a socket associated with an ssh connection.
NASL code may be using "ssh_connect" passing an open socket and later closing this socket using "close" instead of calling "ssh_disconnect". Thus the close code needs to check whether the socket refers to an ssh connection and call ssh_disconnect then (libssh takes ownership of the socket if set via SSH_OPTIONS_FD). This function implements the hook for checking and closing.
[in] | sock | A socket |
Definition at line 518 of file nasl_ssh.c.
References DIM, do_nasl_ssh_disconnect(), session_table_item_s::session_id, session_table, and session_table_item_s::sock.
Referenced by next_session_id().
Connect to the target host via TCP and setup an ssh connection.
If the named argument "socket" is given, that socket will be used instead of a creating a new TCP connection. If socket is not given or 0, the port is looked up in the preferences and the KB unless overridden by the named parameter "port".
On success an ssh session to the host has been established; the caller may then run an authentication function. If the connection is no longer needed, ssh_disconnect may be used to disconnect and close the socket.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 235 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods_valid, CONST_INT, DIM, get_int_var_by_name(), get_ssh_port(), get_str_var_by_name(), TC::i_val, lowest_socket, nasl_get_function_name(), nasl_get_plugin_filename(), next_session_id(), openvas_get_socket_from_connection(), plug_get_host_ip(), struct_lex_ctxt::script_infos, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::sock, session_table_item_s::user_set, session_table_item_s::verbose, and TC::x.
Disconnect an ssh connection.
This function takes the ssh session id (as returned by ssh_connect) as its only unnamed argument. Passing 0 as session id is explicitly allowed and does nothing. If there are any open channels they are closed as well and their ids will be marked as invalid.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 491 of file nasl_ssh.c.
References do_nasl_ssh_disconnect(), FAKE_CELL, get_int_var_by_num(), session_table_item_s::session_id, and verify_session_id().
Get the list of authmethods.
The function returns a string with comma separated authentication methods. This is basically the same as returned by SSH_MSG_USERAUTH_FAILURE protocol element; however, it has been screened and put into a definitive order.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1572 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods, session_table_item_s::authmethods_valid, CONST_DATA, g_string_comma_str(), get_authmethods(), get_int_var_by_num(), nasl_ssh_set_login(), session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::user_set, verify_session_id(), and TC::x.
Get the host key.
The function returns a string with the MD5 host key. *
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1528 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_DATA, get_int_var_by_num(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, verify_session_id(), and TC::x.
Get the issue banner.
The function returns a string with the issue banner. This is usually displayed before authentication.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1438 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods_valid, CONST_DATA, get_authmethods(), get_int_var_by_num(), nasl_ssh_set_login(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::user_set, verify_session_id(), and TC::x.
Get the server banner.
The function returns a string with the server banner. This is usually the first data sent by the server.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1487 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_DATA, get_int_var_by_num(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, verify_session_id(), and TC::x.
Given a session id, return the corresponding socket.
The socket is either a native file descriptor or a NASL connection socket (if a open socket was passed to ssh_connect). The NASL network code handles both of them.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 599 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_INT, get_int_var_by_num(), TC::i_val, session_table_item_s::session_id, session_table, session_table_item_s::sock, verify_session_id(), and TC::x.
Authenticate a user on an ssh connection.
The function starts the authentication process and pauses it when it finds the first non-echo prompt. The function expects the session id as its first unnamed argument. The first time this function is called for a session id, the named argument "login" is also expected.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 991 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods, session_table_item_s::authmethods_valid, CONST_DATA, get_authmethods(), get_int_var_by_num(), nasl_ssh_set_login(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::user_set, session_table_item_s::verbose, verify_session_id(), and TC::x.
Authenticate a user on an ssh connection.
The function finishes the authentication process started by ssh_login_interactive. The function expects the session id as its first unnamed argument.
To finish the password, the named argument "password" must contain a password.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1103 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_INT, get_int_var_by_num(), get_str_var_by_name(), TC::i_val, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::verbose, verify_session_id(), and TC::x.
Run a command via ssh.
The function opens a channel to the remote end and ask it to execute a command. The output of the command is then returned as a data block. The first unnamed argument is the session id. The command itself is expected as string in the named argument "cmd".
Regarding the handling of the stderr and stdout stream, this function may be used in different modes.
If either the named arguments stdout or stderr are given and that one is set to 1, only the output of the specified stream is returned.
If stdout and stderr are both given and set to 1, the output of both is returned interleaved. NOTE: The following feature has not yet been implemented: The output is guaranteed not to switch between stderr and stdout within a line.
If stdout and stderr are both given but set to 0, a special backward compatibility mode is used: First all output to stderr is collected up until any output to stdout is received. Then all output to stdout is returned while ignoring all further stderr output; at EOF the initial collected data from stderr is returned.
If the named parameters stdout and stderr are not given, the function acts exactly as if only stdout has been set to 1.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1317 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_DATA, exec_ssh_cmd(), get_int_var_by_name(), get_int_var_by_num(), get_str_var_by_name(), nasl_get_function_name(), nasl_get_plugin_filename(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::verbose, verify_session_id(), and TC::x.
Given a socket, return the corresponding session id.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 556 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_INT, DIM, get_int_var_by_num(), TC::i_val, session_table_item_s::session_id, session_table, session_table_item_s::sock, and TC::x.
Set the login name for the authentication.
This is an optional function and usuallay not required. However, if you want to get the banner before starting the authentication, you need to tell libssh the user because it is often not possible to change the user after the first call to an authentication methods - getting the banner uses an authentication function.
The named argument "login" is used for the login name; it defaults the KB entry "Secret/SSH/login". It should contain the user name to login. Given that many servers don't allow changing the login for an established connection, the "login" parameter is silently ignored on all further calls.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 706 of file nasl_ssh.c.
References FAKE_CELL, get_int_var_by_num(), get_str_var_by_name(), nasl_get_function_name(), nasl_get_plugin_filename(), plug_get_kb(), struct_lex_ctxt::script_infos, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::user_set, and verify_session_id().
Referenced by nasl_ssh_get_auth_methods(), nasl_ssh_get_issue_banner(), nasl_ssh_login_interactive(), and nasl_ssh_userauth().
Close an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1833 of file nasl_ssh.c.
References session_table_item_s::channel, get_int_var_by_num(), session_table_item_s::session_id, session_table, and verify_session_id().
Request an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1661 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::channel, CONST_INT, get_int_var_by_num(), TC::i_val, nasl_get_function_name(), nasl_get_plugin_filename(), request_ssh_shell(), session_table_item_s::session, session_table_item_s::session_id, session_table, verify_session_id(), and TC::x.
Read the output of an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1746 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::channel, CONST_DATA, get_int_var_by_num(), read_ssh_nonblocking(), session_table_item_s::session_id, session_table, TC::size, TC::str_val, verify_session_id(), and TC::x.
Write string to ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1783 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::channel, CONST_INT, get_int_var_by_num(), get_str_var_by_name(), TC::i_val, nasl_get_function_name(), nasl_get_plugin_filename(), session_table_item_s::session, session_table_item_s::session_id, session_table, verify_session_id(), and TC::x.
Authenticate a user on an ssh connection.
The function expects the session id as its first unnamed argument. The first time this function is called for a session id, the named argument "login" is also expected; it defaults the KB entry "Secret/SSH/login". It should contain the user name to login. Given that many servers don't allow changing the login for an established connection, the "login" parameter is silently ignored on all further calls.
To perform a password based authentication, the named argument "password" must contain a password.
To perform a public key based authentication, the named argument "privatekey" must contain a base64 encoded private key in ssh native or in PKCS#8 format.
If both, "password" and "privatekey" are given as named arguments only "password" is used. If neither are given the values are taken from the KB ("Secret/SSH/password" and "Secret/SSH/privatekey") and tried in the order {password, privatekey}. Note well, that if one of the named arguments are given, only those are used and the KB is not consulted.
If the private key is protected, its passphrase is taken from the named argument "passphrase" or, if not given, taken from the KB ("Secret/SSH/passphrase").
Note that the named argument "publickey" and the KB item ("Secret/SSH/publickey") are ignored - they are not longer required because they can be derived from the private key.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 800 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods, session_table_item_s::authmethods_valid, CONST_INT, get_authmethods(), get_int_var_by_num(), get_str_var_by_name(), TC::i_val, nasl_ssh_set_login(), plug_get_kb(), struct_lex_ctxt::script_infos, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::user_set, session_table_item_s::verbose, verify_session_id(), and TC::x.
|
static |
Definition at line 136 of file nasl_ssh.c.
References add_close_stream_connection_hook(), DIM, nasl_ssh_close_hook(), session_table_item_s::session_id, and session_table.
Referenced by nasl_ssh_connect().
|
static |
read from an ssh channel without blocking.
[in] | channel | SSH Channel. |
[out] | response | Buffer to store response in. |
Definition at line 1710 of file nasl_ssh.c.
References session_table_item_s::channel.
Referenced by nasl_ssh_shell_read().
|
static |
Open a shell on an ssh channel.
[in] | channel | SSH Channel. |
Definition at line 1627 of file nasl_ssh.c.
References session_table_item_s::channel, and request_ssh_shell_alarm().
Referenced by nasl_ssh_shell_open().
|
static |
Definition at line 1613 of file nasl_ssh.c.
Referenced by request_ssh_shell().
|
static |
Definition at line 430 of file nasl_ssh.c.
References DIM, nasl_perror(), session_table_item_s::session_id, and session_table.
Referenced by nasl_ssh_disconnect(), nasl_ssh_get_auth_methods(), nasl_ssh_get_host_key(), nasl_ssh_get_issue_banner(), nasl_ssh_get_server_banner(), nasl_ssh_get_sock(), nasl_ssh_login_interactive(), nasl_ssh_login_interactive_pass(), nasl_ssh_request_exec(), nasl_ssh_set_login(), nasl_ssh_shell_close(), nasl_ssh_shell_open(), nasl_ssh_shell_read(), nasl_ssh_shell_write(), and nasl_ssh_userauth().
int lowest_socket |
Definition at line 220 of file nasl_socket.c.
Referenced by nasl_close_socket(), nasl_open_privileged_socket(), nasl_open_sock_udp(), and nasl_ssh_connect().
|
static |
Definition at line 117 of file nasl_ssh.c.
Referenced by do_nasl_ssh_disconnect(), get_authmethods(), nasl_ssh_close_hook(), nasl_ssh_connect(), nasl_ssh_get_auth_methods(), nasl_ssh_get_host_key(), nasl_ssh_get_issue_banner(), nasl_ssh_get_server_banner(), nasl_ssh_get_sock(), nasl_ssh_login_interactive(), nasl_ssh_login_interactive_pass(), nasl_ssh_request_exec(), nasl_ssh_session_id_from_sock(), nasl_ssh_set_login(), nasl_ssh_shell_close(), nasl_ssh_shell_open(), nasl_ssh_shell_read(), nasl_ssh_shell_write(), nasl_ssh_userauth(), next_session_id(), and verify_session_id().