ponymap/plugins/ssh.c

/*
 * ssh.c: SSH service detection plugin
 *
 * Copyright (c) 2014, Přemysl Janouch <p.janouch@gmail.com>
 * All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 */

#include "config.h"
#include "../liberty/liberty.c"
#include "../plugin-api.h"

// --- Service detection -------------------------------------------------------

static struct plugin_data
{
	void *ctx;                          ///< Application context
	struct plugin_api *api;             ///< Plugin API vtable
}
g_data;

struct scan_data
{
	struct unit *u;                     ///< Scan unit
	struct str input;                   ///< Input buffer
};

static void *
scan_init (struct service *service, struct unit *u)
{
	(void) service;

	struct scan_data *scan = xcalloc (1, sizeof *scan);
	str_init (&scan->input);
	scan->u = u;
	return scan;
}

static void
scan_free (void *handle)
{
	struct scan_data *scan = handle;
	str_free (&scan->input);
	free (scan);
}

static void
on_data (void *handle, const void *data, size_t len)
{
	// See RFC 4253 -- we check for a valid SSH banner
	struct scan_data *scan = handle;
	if (scan->input.len + len > 255)
		goto end_scan;

	str_append_data (&scan->input, data, len);
	char *input = scan->input.str;
	char *nl = strstr (input, "\r\n");
	if (!nl)
		return;

	if (strncmp (input, "SSH-", 4))
		goto end_scan;

	*nl = '\0';
	g_data.api->unit_add_info (scan->u, input);
	g_data.api->unit_set_success (scan->u, true);

end_scan:
	g_data.api->unit_abort (scan->u);
}

static struct service g_ssh_service =
{
	.name        = "SSH",
	.flags       = 0,

	.scan_init   = scan_init,
	.scan_free   = scan_free,
	.on_data     = on_data,
	.on_eof      = NULL,
	.on_error    = NULL,
	.on_aborted  = NULL
};

static bool
initialize (void *ctx, struct plugin_api *api)
{
	g_data = (struct plugin_data) { .ctx = ctx, .api = api };
	api->register_service (ctx, &g_ssh_service);
	return true;
}

struct plugin_info ponymap_plugin_info =
{
	.api_version  = API_VERSION,
	.initialize   = initialize
};
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`/*`
			`* ssh.c: SSH service detection plugin`
			`*`
			`* Copyright (c) 2014, Přemysl Janouch <p.janouch@gmail.com>`
			`* All rights reserved.`
			`*`
			`* Permission to use, copy, modify, and/or distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY`
			`* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION`
			`* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN`
			`* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*`
			`*/`

Move to liberty 2015-02-28 21:57:57 +01:00			`#include "config.h"`
			`#include "../liberty/liberty.c"`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`#include "../plugin-api.h"`

			`// --- Service detection -------------------------------------------------------`

			`static struct plugin_data`
			`{`
			`void *ctx; ///< Application context`
			`struct plugin_api *api; ///< Plugin API vtable`
			`}`
			`g_data;`

First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`struct scan_data`
			`{`
Simplify the plugin API 2014-09-23 22:59:01 +02:00			`struct unit *u; ///< Scan unit`
First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`struct str input; ///< Input buffer`
			`};`

Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`static void *`
Implement a Lua 5.3 plugin loader plugin Also implemented SOCKS detection in said language. There are probably going to be some bugs. The program is no longer Valgrind-clean, as that would require plugin deinitialization, in which there is very little point. 2015-01-18 04:07:05 +01:00			`scan_init (struct service service, struct unit u)`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`{`
Implement a Lua 5.3 plugin loader plugin Also implemented SOCKS detection in said language. There are probably going to be some bugs. The program is no longer Valgrind-clean, as that would require plugin deinitialization, in which there is very little point. 2015-01-18 04:07:05 +01:00			`(void) service;`

First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`struct scan_data scan = xcalloc (1, sizeof scan);`
			`str_init (&scan->input);`
Simplify the plugin API 2014-09-23 22:59:01 +02:00			`scan->u = u;`
First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`return scan;`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`}`

			`static void`
			`scan_free (void *handle)`
			`{`
First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`struct scan_data *scan = handle;`
			`str_free (&scan->input);`
			`free (scan);`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`}`

			`static void`
Simplify the plugin API 2014-09-23 22:59:01 +02:00			`on_data (void handle, const void data, size_t len)`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`{`
Implement more of the services - SSH: ready for action - IRC: ready for action - HTTP: needs some work 2014-09-20 18:10:29 +02:00			`// See RFC 4253 -- we check for a valid SSH banner`
First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`struct scan_data *scan = handle;`
Simplify the plugin API 2014-09-23 22:59:01 +02:00			`if (scan->input.len + len > 255)`
Implement more of the services - SSH: ready for action - IRC: ready for action - HTTP: needs some work 2014-09-20 18:10:29 +02:00			`goto end_scan;`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00
Simplify the plugin API 2014-09-23 22:59:01 +02:00			`str_append_data (&scan->input, data, len);`
First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`char *input = scan->input.str;`
			`char *nl = strstr (input, "\r\n");`
			`if (!nl)`
			`return;`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00
Implement more of the services - SSH: ready for action - IRC: ready for action - HTTP: needs some work 2014-09-20 18:10:29 +02:00			`if (strncmp (input, "SSH-", 4))`
			`goto end_scan;`

First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`*nl = '\0';`
Simplify the plugin API 2014-09-23 22:59:01 +02:00			`g_data.api->unit_add_info (scan->u, input);`
			`g_data.api->unit_set_success (scan->u, true);`
Implement more of the services - SSH: ready for action - IRC: ready for action - HTTP: needs some work 2014-09-20 18:10:29 +02:00
			`end_scan:`
Simplify the plugin API 2014-09-23 22:59:01 +02:00			`g_data.api->unit_abort (scan->u);`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`}`

First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`static struct service g_ssh_service =`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`{`
			`.name = "SSH",`
			`.flags = 0,`

			`.scan_init = scan_init,`
			`.scan_free = scan_free,`
			`.on_data = on_data,`
First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`.on_eof = NULL,`
			`.on_error = NULL,`
			`.on_aborted = NULL`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`};`

			`static bool`
			`initialize (void ctx, struct plugin_api api)`
			`{`
			`g_data = (struct plugin_data) { .ctx = ctx, .api = api };`
First set of fixes There are still some problems but at least it does something now. 2014-09-18 23:41:07 +02:00			`api->register_service (ctx, &g_ssh_service);`
Even more stuff Some reorganisation has taken place. 2014-09-14 22:08:03 +02:00			`return true;`
			`}`

			`struct plugin_info ponymap_plugin_info =`
			`{`
			`.api_version = API_VERSION,`
			`.initialize = initialize`
			`};`