tree_cell* nasl_ereg_replace(lex_ctxt* lexic) { char * pattern = get_str_local_var_by_name(lexic, "pattern"); char * replace = get_str_local_var_by_name(lexic, "replace"); char * string = get_str_local_var_by_name(lexic, "string"); int icase = get_int_local_var_by_name(lexic, "icase", 0); char * r; tree_cell * retc; if(pattern == NULL || replace == NULL) { nasl_perror(lexic, "Usage : ereg_replace(string:<string>, pattern:<pat>, replace:<replace>, icase:<TRUE|FALSE>\n"); return NULL; } if (string == NULL) { #if NASL_DEBUG > 1 nasl_perror(lexic, "ereg_replace: string == NULL\n"); #endif return NULL; } r = _regreplace(pattern, replace, string, icase, 1); retc = alloc_tree_cell(0, NULL); retc->type = CONST_DATA; retc->size = strlen(r); retc->x.str_val = r; return retc; }
tree_cell* nasl_func_unnamed_args(lex_ctxt* lexic) { nasl_func *f; char *s; tree_cell *retc; s = get_str_var_by_num(lexic, 0); if (s == NULL) { nasl_perror(lexic, "func_unnamed_args: missing parameter\n"); return NULL; } f = get_func_ref_by_name(lexic, s); if (f == NULL) { nasl_perror(lexic, "func_unnamed_args: unknown function \"%s\"\n", s); return NULL; } retc = alloc_typed_cell(CONST_INT); retc->x.i_val = f->nb_unnamed_args; return retc; }
/*---------------------------------------------------------------------*/ tree_cell* nasl_crap(lex_ctxt* lexic) { tree_cell *retc; char *data = get_str_local_var_by_name(lexic, "data"); int data_len = -1; int len = get_int_local_var_by_name(lexic, "length", -1); int len2 = get_int_var_by_num(lexic, 0, -1); if(len < 0 && len2 < 0) { nasl_perror(lexic, "crap: invalid or missing 'length' argument\n"); return NULL; } if (len >= 0 && len2 >= 0) { nasl_perror(lexic, "crap: cannot set both unnamed and named 'length'\n"); return NULL; } if (len < 0) len = len2; if( len == 0 ) return FAKE_CELL; if (data != NULL) { data_len = get_var_size_by_name(lexic, "data"); if (data_len == 0) { nasl_perror(lexic, "crap: invalid null 'data' parameter\n"); return NULL; } } retc = alloc_tree_cell(0, NULL); retc->type = CONST_DATA /*CONST_STR*/; retc->x.str_val = emalloc(len+1); retc->size = len; if (data == NULL) memset(retc->x.str_val, 'X', len); else { int i,r; for(i = 0; i < len - data_len; i += data_len) memcpy(retc->x.str_val + i, data, data_len); if(data_len != 1) { if((r = (len % data_len)) > 0) memcpy(retc->x.str_val + (len - r), data, r); else memcpy(retc->x.str_val + (len - data_len), data, data_len); } else retc->x.str_val[ len - 1 ] = data[0]; } retc->x.str_val[len] = '\0'; return retc; }
tree_cell * replace_kb_item(lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; char * name = get_str_local_var_by_name(lexic, "name"); int type = get_local_var_type_by_name(lexic, "value"); if( name == NULL ) { nasl_perror(lexic, "Syntax error with replace_kb_item() [null name]\n", name); return FAKE_CELL; } if(type == VAR2_INT) { int value = get_int_local_var_by_name(lexic, "value", -1); if ( value != -1 )plug_replace_key(script_infos, name, ARG_INT,(void*)value); else nasl_perror(lexic, "Syntax error with replace_kb_item(%s) [value=-1]\n", name); } else { char * value = get_str_local_var_by_name(lexic, "value"); if( value == NULL ) { nasl_perror(lexic, "Syntax error with replace_kb_item(%s) [null value]\n", name); return FAKE_CELL; } plug_replace_key(script_infos, name, ARG_STRING, value); } return FAKE_CELL; }
tree_cell * nasl_get_preference(lex_ctxt * lexic) { tree_cell *retc; char *name, *value; struct arglist *script_infos, *prefs; script_infos = lexic->script_infos; prefs = arg_get_value(script_infos, "preferences"); if (prefs == NULL) { nasl_perror(lexic, "get_preference: not preferences\n"); return NULL; } name = get_str_var_by_num(lexic, 0); if (name == NULL) { nasl_perror(lexic, "get_preference: no name\n"); return NULL; } value = arg_get_value(prefs, name); if (value == NULL) return NULL; retc = alloc_typed_cell(CONST_DATA); retc->x.str_val = strdup(value); retc->size = strlen(value); return retc; }
/** * @brief Seek in file. */ tree_cell * nasl_file_seek (lex_ctxt * lexic) { tree_cell *retc; int fd; int foffset; foffset = get_int_local_var_by_name (lexic, "offset", 0); fd = get_int_local_var_by_name (lexic, "fp", -1); if (fd < 0) { nasl_perror (lexic, "file_seek: need one arguments 'fp'\n"); return NULL; } if (lseek (fd, foffset, SEEK_SET) < 0) { nasl_perror (lexic, "fseek: %s\n", strerror (errno)); return NULL; } retc = alloc_typed_cell (CONST_INT); retc->x.i_val = 0; return retc; }
/*---------------------------------------------------------------------*/ tree_cell * nasl_close_socket(lex_ctxt * lexic) { int soc; int type; int opt_len = sizeof(type); int e; soc = get_int_var_by_num(lexic, 0, -1); if(soc <= 4) { nasl_perror(lexic, "close(): invalid argument\n"); return NULL; } if ( fd_is_stream(soc) ) { return close_stream_connection(soc) < 0 ? NULL:FAKE_CELL; } e = getsockopt(soc, SOL_SOCKET, SO_TYPE, &type, &opt_len); if(e == 0 ) { if (type == SOCK_DGRAM) { rm_udp_data(lexic->script_infos, soc); return FAKE_CELL; } closesocket(soc); return FAKE_CELL; } else nasl_perror(lexic, "close(): invalid argument\n"); return NULL; }
tree_cell * nasl_socket_negotiate_ssl (lex_ctxt * lexic) { int soc, transport, ret; tree_cell *retc; soc = get_int_local_var_by_name (lexic, "socket", -1); transport = get_int_local_var_by_name (lexic, "transport", OPENVAS_ENCAPS_TLScustom); if (soc < 0) { nasl_perror (lexic, "socket_ssl_negotiate: Erroneous socket value %d\n", soc); return NULL; } if (transport == -1) transport = OPENVAS_ENCAPS_TLScustom; else if (!IS_ENCAPS_SSL (transport)) { nasl_perror (lexic, "socket_ssl_negotiate: Erroneous transport value %d\n", transport); return NULL; } ret = socket_negotiate_ssl (soc, transport, lexic->script_infos); if (ret < 0) return NULL; retc = alloc_tree_cell (0, NULL); retc->type = CONST_INT; retc->x.i_val = ret; return retc; }
tree_cell* nasl_leave_multicast_group(lex_ctxt *lexic) { char *a; struct in_addr ia; int i; a = get_str_var_by_num(lexic, 0); if (a == NULL) { nasl_perror(lexic, "leave_multicast_group: missing parameter\n"); return NULL; } if (! inet_aton(a, &ia)) { nasl_perror(lexic, "leave_multicast_group: invalid parameter '%s'\n", a); return NULL; } for (i = 0; i < jmg_max; i ++) if (jmg_desc[i].count > 0 && jmg_desc[i].in.s_addr == ia.s_addr) { if (-- jmg_desc[i].count <= 0) closesocket(jmg_desc[i].s); return FAKE_CELL; } nasl_perror(lexic, "leave_multicast_group: never joined group %s\n", a); return NULL; }
tree_cell* nasl_get_source_port(lex_ctxt* lexic) { struct sockaddr_in ia; int i, s, fd, l; tree_cell *retc; s = get_int_var_by_num(lexic, 0, -1); if (s < 0) { nasl_perror(lexic, "get_source_port: missing socket parameter\n"); return NULL; } fd = nessus_get_socket_from_connection(s); if (fd < 0) { nasl_perror(lexic, "get_source_port: invalid socket parameter %d\n", s); return NULL; } l = sizeof(ia); if (getsockname(fd, (struct sockaddr*)&ia, &l) < 0) { nasl_perror(lexic, "get_source_port: getsockname(%d): %s\n", fd, strerror(errno)); return NULL; } retc = alloc_typed_cell(CONST_INT); retc->x.i_val = ntohs(ia.sin_port); return retc; }
const char* var2str(const anon_nasl_var* v) { static char s1[16]; if (v == NULL) return NULL; switch (v->var_type) { case VAR2_INT: snprintf(s1, sizeof(s1), "%d", v->v.v_int); return s1; /* buggy if called twice in a row */ case VAR2_STRING: case VAR2_DATA: return v->v.v_str.s_val == NULL ? "" : (const char*)v->v.v_str.s_val; case VAR2_UNDEF: #if NASL_DEBUG > 1 nasl_perror(NULL, "var2str: variable %s is undefined!\n", get_var_name(v)); #endif return NULL; case VAR2_ARRAY: return array2str(&v->v.v_arr); default: #if NASL_DEBUG > 0 nasl_perror(NULL, "var2str: variable %s has unhandled type %d\n", get_var_name(v), v->var_type); #endif return ""; } }
tree_cell * script_get_preference(lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; tree_cell * retc; char * pref = get_str_var_by_num(lexic, 0); char * value; if(pref == NULL){ nasl_perror(lexic, "Argument error in the function script_get_preference()\n"); nasl_perror(lexic, "Function usage is : pref = script_get_preference(<name>)\n"); return FAKE_CELL; } value = get_plugin_preference(script_infos, pref); if(value != NULL) { retc = alloc_tree_cell(0, NULL); if(isalldigit(value, strlen(value))) { retc->type = CONST_INT; retc->x.i_val = atoi(value); } else { retc->type = CONST_DATA; retc->size = strlen(value); retc->x.str_val = estrdup(value); } return retc; } else return FAKE_CELL; }
tree_cell* nasl_stridx(lex_ctxt * lexic) { char *a = get_str_var_by_num(lexic, 0); int sz_a = get_var_size_by_num(lexic, 0); char *b = get_str_var_by_num(lexic, 1); int sz_b = get_var_size_by_num(lexic, 1); char *c; int start = get_int_var_by_num(lexic, 2, 0); tree_cell *retc = alloc_typed_cell(CONST_INT); retc->x.i_val = -1; if (a == NULL || b == NULL) { nasl_perror(lexic, "stridx(string, substring [, start])\n"); return retc; } if(start < 0 || start > sz_a) { nasl_perror(lexic, "stridx(string, substring [, start])\n"); return retc; } if ((sz_a == start) || (sz_b > sz_a + start)) return retc; c = (char*)memmem(a + start, sz_a - start, b, sz_b); if(c != NULL) retc->x.i_val = c - a; return retc; }
tree_cell* nasl_make_list(lex_ctxt* lexic) { tree_cell *retc = NULL; int i, j, vi; anon_nasl_var *v; named_nasl_var *vn; nasl_array *a, *a2; retc = alloc_tree_cell(0, NULL); retc->type = DYN_ARRAY; retc->x.ref_val = a = emalloc(sizeof(nasl_array)); for (i = vi = 0; (v = nasl_get_var_by_num(&lexic->ctx_vars, vi, 0)) != NULL; vi ++) { switch (v->var_type) { case VAR2_INT: case VAR2_STRING: case VAR2_DATA: add_var_to_list(a, i ++, v); break; case VAR2_ARRAY: a2 = &v->v.v_arr; for (j = 0; j < a2->max_idx; j ++) if (add_var_to_list(a, i, a2->num_elt[j]) >= 1) i ++; if (a2->hash_elt != NULL) { #if NASL_DEBUG > 1 nasl_perror(lexic, "make_list: named arguments in array have no order\n"); #endif for (j = 0; j < VAR_NAME_HASH; j++) for (vn = a2->hash_elt[j]; vn != NULL; vn = vn->next_var) if (vn->u.var_type != VAR2_UNDEF) if (add_var_to_list(a, i , &vn->u) >= 1) i ++; } break; case VAR2_UNDEF: nasl_perror(lexic, "nasl_make_list: undefined variable #%d skipped\n", i); continue; default: nasl_perror(lexic, "nasl_make_list: unhandled variable type 0x%x - skipped\n", v->var_type); continue; } } return retc; }
/*---------------------------------------------------------------------*/ tree_cell * nasl_close_socket (lex_ctxt * lexic) { int soc; int type; unsigned int opt_len = sizeof (type); int e; soc = get_int_var_by_num (lexic, 0, -1); /* XXX: These are thoughts expressed on the openvas-devel mailing list 2008-08-06: * * nasl_close_socket seems to be the only place in nasl/nasl_socket.c where the * value of the socket filedescriptor is checked in this way. That in itself is * strange. Why only there? Also, why can't the socket fd be less than 4? I * could sort of understand 3 (0, 1, 2 are already taken by the standard * streams) but 4? Does the openvas server and/or the NASL interpreter guarantee * that at least one other file is open? * * My guess is that the check is there to prevent NASL scripts from closing file * descriptors needed by openvas/NASL which includes the ones it uses for * accessing the knowledgebase. If that's the case, then the test has too much * knowledge of the circumstances under which the NASL interpreter runs. It * should be moved to a separate function whose behavior can be influenced by * the program embedding the NASL interpreter. Other functions should probably * also check the descriptors. * * I also wonder whether the original code (disallowing any file descriptor <= 4) * actually was correct and the real defect is that open_sock_udp actually * returned 4. Under which circumstances does it actually do that? In my brief * tests with the stand-alone nasl interpreter the smallest number it returned * was 5. */ if (soc < 4) { nasl_perror (lexic, "close(): invalid argument\n"); return NULL; } if (fd_is_stream (soc)) return close_stream_connection (soc) < 0 ? NULL : FAKE_CELL; e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len); if (e == 0) { if (type == SOCK_DGRAM) { rm_udp_data (lexic->script_infos, soc); return FAKE_CELL; } close (soc); return FAKE_CELL; } else nasl_perror (lexic, "close(): invalid argument\n"); return NULL; }
tree_cell * nasl_telnet_init(lex_ctxt * lexic) { int soc = get_int_var_by_num(lexic, 0, -1); int opts; /* number of options recorded */ unsigned char buffer[1024]; #define iac buffer[0] #define code buffer[1] #define option buffer[2] tree_cell * retc; int n = 0, n2; if(soc <= 0 ) { nasl_perror(lexic, "Syntax error in the telnet_init() function\n"); nasl_perror(lexic, "Correct syntax is : output = telnet_init(<socket>)\n"); return NULL; } iac = 255; opts = 0; while(iac == 255) { n = read_stream_connection_min(soc, buffer, 3, 3); if((iac!=255)||(n<=0)||(n!=3))break; if((code == 251)||(code == 252))code = 254; /* WILL , WONT -> DON'T */ else if((code == 253)||(code == 254))code = 252; /* DO,DONT -> WONT */ write_stream_connection(soc, buffer,3); opts++; if (opts>100) break; } if (n <= 0) { if (opts == 0) return NULL; else n = 0; } if (opts>100) /* remote telnet server is crazy */ { nasl_perror(lexic, "More than 100 options received by telnet_init() function! exiting telnet_init.\n"); return NULL; } n2 = read_stream_connection(soc, buffer + n, sizeof(buffer) - n); if (n2 > 0) n += n2; retc = alloc_typed_cell(CONST_DATA); retc->size = n; retc->x.str_val = strndup(buffer, n); #undef iac #undef data #undef option return retc; }
tree_cell* nasl_incr_variable(lex_ctxt* lexic, tree_cell* tc, int pre, int val) { anon_nasl_var *v; int old_val = 0, new_val; tree_cell *retc; if (tc->type != REF_VAR) { nasl_perror(lexic, "nasl_incr_variable: argument (type=%d) is not REF_VAR %s\n", tc->type, get_line_nb(tc)); return NULL; } v = tc->x.ref_val; switch (v->var_type) { case VAR2_INT: old_val = v->v.v_int; break; case VAR2_STRING: case VAR2_DATA: #if NASL_DEBUG > 0 nasl_perror(lexic, "nasl_incr_variable: variable %s is a STRING %s - converting to integer\n", "", get_line_nb(tc)); #endif old_val = v->v.v_str.s_val == NULL ? 0 : atoi(v->v.v_str.s_val); break; case VAR2_UNDEF: #if NASL_DEBUG > 0 nasl_perror(lexic, "nasl_incr_variable: variable %s is undefined %s\n", "", get_line_nb(tc)); #endif old_val = 0; break; default: nasl_perror(lexic, "nasl_incr_variable: variable %s has bad type %d %s\n", /*get_var_name(v)*/ "", get_line_nb(tc)); return NULL; } new_val = old_val + val; clear_anon_var(v); v->var_type = VAR2_INT; v->v.v_int = new_val; retc = alloc_tree_cell(0, NULL); retc->type = CONST_INT; retc->x.i_val = pre ? new_val : old_val; return retc; }
/* * Syntax: insstr(s1, s2, i1, i2) or insstr(s1, s2, i1) * Insert string s2 into slice [i1:i2] of string s1 and returns the result * Warning: returns a CONST_DATA! */ tree_cell* nasl_insstr(lex_ctxt* lexic) { char *s1, *s2, *s3; int sz1, sz2, sz3, i1, i2; tree_cell *retc; s1 = get_str_var_by_num(lexic, 0); sz1 = get_var_size_by_num(lexic, 0); s2 = get_str_var_by_num(lexic, 1); sz2 = get_var_size_by_num(lexic, 1); i1 = get_int_var_by_num(lexic, 2, -1); i2 = get_int_var_by_num(lexic, 3, -1); if (i2 > sz1 || i2 == -1) i2 = sz1-1; if (s1 == NULL || s2 == NULL || i1 < 0 || i2 < 0) { nasl_perror(lexic, "Usage: insstr(str1, str2, idx_start [,idx_end])\n"); return NULL; } if (i1 > sz1) { nasl_perror(lexic, "insstr: cannot insert string2 after end of string1\n"); return NULL; } retc = alloc_tree_cell(0, NULL); retc->type = CONST_DATA; if (i1 > i2) { nasl_perror(lexic," insstr: warning! 1st index %d greater than 2nd index %d\n", i1, i2); sz3 = sz2; } else sz3 = sz1 + i1 - i2 - 1 + sz2; s3 = retc->x.str_val = emalloc(sz3); retc->size = sz3; if (i1 <= sz1) { memcpy(s3, s1, i1); s3 += i1; } memcpy(s3, s2, sz2); s3 += sz2; if (i2 < sz1 - 1) memcpy(s3, s1 + i2 +1, sz1 - 1 - i2); return retc; }
tree_cell* nasl_func_has_arg(lex_ctxt* lexic) { nasl_func *f; char *s; int vt, i, flag = 0; tree_cell *retc; s = get_str_var_by_num(lexic, 0); if (s == NULL) { nasl_perror(lexic, "func_has_arg: missing parameter\n"); return NULL; } f = get_func_ref_by_name(lexic, s); if (f == NULL) { nasl_perror(lexic, "func_args: unknown function \"%s\"\n", s); return NULL; } vt = get_var_type_by_num(lexic, 1); switch(vt) { case VAR2_INT: i = get_int_var_by_num(lexic, 1, -1); if (i >= 0 && i < f->nb_unnamed_args) flag = 1; break; case VAR2_STRING: case VAR2_DATA: s = get_str_var_by_num(lexic, 1); for (i = 0; i < f->nb_named_args && ! flag; i ++) if (strcmp(s, f->args_names[i]) == 0) flag = 1; break; default: nasl_perror(lexic, "func_has_arg: string or integer expected as 2nd parameter\n"); return NULL; } retc = alloc_typed_cell(CONST_INT); retc->x.i_val = flag; return retc; }
tree_cell* nasl_make_array(lex_ctxt* lexic) { tree_cell *retc = NULL; int i, vi; anon_nasl_var *v, *v2; nasl_array *a; retc = alloc_tree_cell(0, NULL); retc->type = DYN_ARRAY; retc->x.ref_val = a = emalloc(sizeof(nasl_array)); i = vi = 0; while ((v = nasl_get_var_by_num(&lexic->ctx_vars, vi ++, 0)) != NULL) { v2 = nasl_get_var_by_num(&lexic->ctx_vars, vi ++, 0); if (v2 == NULL) { nasl_perror(lexic, "make_array: odd number (%d) of argument?\n", vi); break; } switch (v2->var_type) { case VAR2_INT: case VAR2_STRING: case VAR2_DATA: switch (v->var_type) { case VAR2_INT: add_var_to_list(a, v->v.v_int, v2); break; case VAR2_STRING: case VAR2_DATA: add_var_to_array(a, (char*)var2str(v) , v2); break; } break; case VAR2_UNDEF: default: nasl_perror(lexic, "make_array: bad value type %d for arg #%d\n", v2->var_type, vi); break; } } return retc; }
tree_cell * script_category(lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; int category = get_int_var_by_num(lexic, 0, -1); if(category < 0){ nasl_perror(lexic, "Argument error in function script_category()\n"); nasl_perror(lexic, "Function usage is : script_category(<category>)\n"); return FAKE_CELL; } plug_set_category(script_infos, category); return FAKE_CELL; }
tree_cell * nasl_ntlm2_response (lex_ctxt * lexic) { char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey"); char *password = get_str_var_by_name (lexic, "password"); unsigned char *nt_hash = (unsigned char *) get_str_var_by_name (lexic, "nt_hash"); if (cryptkey == NULL || password == NULL) { nasl_perror (lexic, "Syntax : ntlm2_response(cryptkey:<c>, password:<p>, nt_hash:<n>)\n"); return NULL; } uint8_t lm_response[24]; uint8_t nt_response[24]; uint8_t session_key[16]; tree_cell *retc; ntlmssp_genauth_ntlm2 (password, lm_response, nt_response, session_key, cryptkey, nt_hash); int len = sizeof (lm_response) + sizeof (nt_response) + sizeof (session_key); char *ret = emalloc (len); memcpy (ret, lm_response, sizeof (lm_response)); memcpy (ret + sizeof (lm_response), nt_response, sizeof (nt_response)); memcpy (ret + sizeof (lm_response) + sizeof (nt_response), session_key, sizeof (session_key)); retc = alloc_tree_cell (0, NULL); retc->type = CONST_DATA; retc->size = len; retc->x.str_val = ret; return retc; }
int add_var_to_list(nasl_array* a, int i, const anon_nasl_var* v) { anon_nasl_var *v2; if (i < 0) { nasl_perror(NULL, "add_var_to_list: negative index are not (yet) supported\n"); return -1; } if (i >= a->max_idx) { a->num_elt = erealloc(a->num_elt, sizeof(anon_nasl_var*) * (i+1)); bzero(a->num_elt + a->max_idx, sizeof(anon_nasl_var*) * (i+1-a->max_idx)); a->max_idx = i +1; } free_anon_var(a->num_elt[i]); v2 = dup_anon_var(v); /* May return NULL */ a->num_elt[i] = v2; if (v2 == NULL) return 0; else return 1; }
anon_nasl_var* nasl_get_var_by_num(nasl_array* a, int num, int create) { anon_nasl_var *v = NULL; if (num < 0) { /* TBD: implement a min_index field, just like $[ in Perl */ nasl_perror(NULL, "Negative integer index are not supported yet!\n"); return NULL; } if (num < a->max_idx) v = a->num_elt[num]; if (v != NULL || ! create) return v; if (num >= a->max_idx) { a->num_elt = erealloc(a->num_elt, sizeof(anon_nasl_var*) * (num+1)); bzero(a->num_elt + a->max_idx, sizeof(anon_nasl_var*) * (num+1-a->max_idx)); a->max_idx = num +1; } v = emalloc(sizeof(anon_nasl_var)); v->var_type = VAR2_UNDEF; a->num_elt[num] = v; return v; }
anon_nasl_var* add_numbered_var_to_ctxt(lex_ctxt* lexic, int num, tree_cell* val) { anon_nasl_var *v; nasl_array *a = &lexic->ctx_vars; if (a->max_idx > num) { v = a->num_elt[num]; if (v != NULL && v->var_type != VAR2_UNDEF) { nasl_perror(lexic, "Cannot add existing variable %d\n", num); return NULL; } free_anon_var(a->num_elt[num]); } else { a->num_elt = erealloc(a->num_elt, (num+1) * sizeof(anon_nasl_var)); bzero(a->num_elt + a->max_idx, sizeof(anon_nasl_var*) * (num+1 - a->max_idx)); a->max_idx = num + 1; } a->num_elt[num] = v = create_anon_var(val); return v; }
/*-------------------[ Windows ]-------------------------------------*/ tree_cell * nasl_get_sign (lex_ctxt * lexic) { char *mac_key = (char *) get_str_var_by_name (lexic, "key"); uint8_t *buf = (uint8_t *) get_str_var_by_name (lexic, "buf"); int buflen = get_int_var_by_name (lexic, "buflen", -1); uint32 seq_num = get_int_var_by_name (lexic, "seq_number", -1); if (mac_key == NULL || buf == NULL || buflen == -1 || seq_num == -1) { nasl_perror (lexic, "Syntax : get_sign(key:<k>, buf:<b>, buflen:<bl>, seq_number:<s>)\n"); return NULL; } uint8_t calc_md5_mac[16]; simple_packet_signature_ntlmssp ((uint8_t *) mac_key, buf, seq_num, calc_md5_mac); memcpy (buf + 18, calc_md5_mac, 8); char *ret = emalloc (buflen); bzero (ret, buflen); memcpy (ret, buf, buflen); tree_cell *retc; retc = alloc_tree_cell (0, NULL); retc->type = CONST_DATA; retc->size = buflen; retc->x.str_val = (char *) ret; return retc; }
tree_cell * nasl_ntlmv1_hash (lex_ctxt * lexic) { const uchar *cryptkey = (uchar *) get_str_var_by_name (lexic, "cryptkey"); char *password = get_str_var_by_name (lexic, "passhash"); int pass_len = get_var_size_by_name (lexic, "passhash"); unsigned char p21[21]; tree_cell *retc; uchar *ret; if (cryptkey == NULL || password == NULL) { nasl_perror (lexic, "Syntax : ntlmv1_hash(cryptkey:<c>, passhash:<p>)\n"); return NULL; } bzero (p21, sizeof (p21)); memcpy (p21, password, pass_len < 16 ? pass_len : 16); ret = emalloc (24); E_P24 (p21, cryptkey, ret); retc = alloc_tree_cell (0, NULL); retc->type = CONST_DATA; retc->size = 24; retc->x.str_val = (char *) ret; return retc; }
tree_cell * nasl_lm_owf_gen (lex_ctxt * lexic) { char *pass = get_str_var_by_num (lexic, 0); int pass_len = get_var_size_by_num (lexic, 0); tree_cell *retc; uchar pwd[15]; uchar p16[16]; int i; if (pass_len < 0 || pass == NULL) { nasl_perror (lexic, "Syntax : nt_lm_gen(cryptkey:<c>, password:<p>)\n"); return NULL; } bzero (pwd, sizeof (pwd)); strncpy ((char *) pwd, pass, sizeof (pwd) - 1); for (i = 0; i < sizeof (pwd); i++) pwd[i] = toupper (pwd[i]); E_P16 (pwd, p16); retc = alloc_tree_cell (0, NULL); retc->type = CONST_DATA; retc->size = 16; retc->x.str_val = g_memdup (p16, 17); return retc; }
tree_cell* nasl_mktime(lex_ctxt* lexic) { struct tm tm; tree_cell *retc; time_t tictac; tm.tm_sec = get_int_local_var_by_name(lexic, "sec", 0); /* seconds */ tm.tm_min = get_int_local_var_by_name(lexic, "min", 0); /* minutes */ tm.tm_hour = get_int_local_var_by_name(lexic, "hour", 0); /* hours */ tm.tm_mday = get_int_local_var_by_name(lexic, "mday", 0); /* day of the month */ tm.tm_mon = get_int_local_var_by_name(lexic, "mon", 1); /* month */ tm.tm_mon -= 1; tm.tm_year = get_int_local_var_by_name(lexic, "year", 0); /* year */ if (tm.tm_year >= 1900) tm.tm_year -= 1900; tm.tm_isdst = get_int_local_var_by_name(lexic, "isdst", -1); /* daylight saving time */ errno = 0; tictac = mktime(&tm); if (tictac == (time_t)(-1)) { nasl_perror(lexic, "mktime(sec=%02d min=%02d hour=%02d mday=%02d mon=%02d year=%04d isdst=%d): %s\n", tm.tm_sec, tm.tm_min, tm.tm_hour, tm.tm_mday, tm.tm_mon+1, tm.tm_year+1900, tm.tm_isdst, errno ? strerror(errno): "invalid value?"); return NULL; } retc = alloc_typed_cell(CONST_INT); retc->x.i_val = tictac; return retc; }
tree_cell * nasl_keyexchg (lex_ctxt * lexic) { char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey"); uint8_t *session_key = (uint8_t *) get_str_var_by_name (lexic, "session_key"); unsigned char *nt_hash = (unsigned char *) get_str_var_by_name (lexic, "nt_hash"); if (cryptkey == NULL || session_key == NULL || nt_hash == NULL) { nasl_perror (lexic, "Syntax : keyexchg(cryptkey:<c>, session_key:<s>, nt_hash:<n> )\n"); return NULL; } uint8_t new_sess_key[16]; tree_cell *retc; uint8_t *encrypted_session_key = NULL; encrypted_session_key = ntlmssp_genauth_keyexchg (session_key, cryptkey, nt_hash, (uint8_t *) & new_sess_key); int len = 16 + 16; char *ret = emalloc (len); memcpy (ret, new_sess_key, 16); memcpy (ret + 16, encrypted_session_key, 16); retc = alloc_tree_cell (0, NULL); retc->type = CONST_DATA; retc->size = len; retc->x.str_val = ret; return retc; }