tree_cell* nasl_ereg_replace(lex_ctxt* lexic)
{
char * pattern = get_str_local_var_by_name(lexic, "pattern");
char * replace = get_str_local_var_by_name(lexic, "replace");
char * string = get_str_local_var_by_name(lexic, "string");
int icase = get_int_local_var_by_name(lexic, "icase", 0);
char * r;
tree_cell * retc;
if(pattern == NULL || replace == NULL)
{
nasl_perror(lexic, "Usage : ereg_replace(string:<string>, pattern:<pat>, replace:<replace>, icase:<TRUE|FALSE>\n");
return NULL;
}
if (string == NULL)
{
#if NASL_DEBUG > 1
nasl_perror(lexic, "ereg_replace: string == NULL\n");
#endif
return NULL;
}
r = _regreplace(pattern, replace, string, icase, 1);
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
retc->size = strlen(r);
retc->x.str_val = r;
return retc;
}
tree_cell*
nasl_func_unnamed_args(lex_ctxt* lexic)
{
nasl_func *f;
char *s;
tree_cell *retc;
s = get_str_var_by_num(lexic, 0);
if (s == NULL)
{
nasl_perror(lexic, "func_unnamed_args: missing parameter\n");
return NULL;
}
f = get_func_ref_by_name(lexic, s);
if (f == NULL)
{
nasl_perror(lexic, "func_unnamed_args: unknown function \"%s\"\n", s);
return NULL;
}
retc = alloc_typed_cell(CONST_INT);
retc->x.i_val = f->nb_unnamed_args;
return retc;
}
/*---------------------------------------------------------------------*/
tree_cell* nasl_crap(lex_ctxt* lexic)
{
tree_cell *retc;
char *data = get_str_local_var_by_name(lexic, "data");
int data_len = -1;
int len = get_int_local_var_by_name(lexic, "length", -1);
int len2 = get_int_var_by_num(lexic, 0, -1);
if(len < 0 && len2 < 0)
{
nasl_perror(lexic, "crap: invalid or missing 'length' argument\n");
return NULL;
}
if (len >= 0 && len2 >= 0)
{
nasl_perror(lexic, "crap: cannot set both unnamed and named 'length'\n");
return NULL;
}
if (len < 0)
len = len2;
if( len == 0 )
return FAKE_CELL;
if (data != NULL)
{
data_len = get_var_size_by_name(lexic, "data");
if (data_len == 0)
{
nasl_perror(lexic, "crap: invalid null 'data' parameter\n");
return NULL;
}
}
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA /*CONST_STR*/;
retc->x.str_val = emalloc(len+1);
retc->size = len;
if (data == NULL)
memset(retc->x.str_val, 'X', len);
else
{
int i,r;
for(i = 0; i < len - data_len; i += data_len)
memcpy(retc->x.str_val + i, data, data_len);
if(data_len != 1)
{
if((r = (len % data_len)) > 0)
memcpy(retc->x.str_val + (len - r), data, r);
else
memcpy(retc->x.str_val + (len - data_len), data, data_len);
}
else
retc->x.str_val[ len - 1 ] = data[0];
}
retc->x.str_val[len] = '\0';
return retc;
}
tree_cell * replace_kb_item(lex_ctxt * lexic)
{
struct arglist * script_infos = lexic->script_infos;
char * name = get_str_local_var_by_name(lexic, "name");
int type = get_local_var_type_by_name(lexic, "value");
if( name == NULL )
{
nasl_perror(lexic, "Syntax error with replace_kb_item() [null name]\n", name);
return FAKE_CELL;
}
if(type == VAR2_INT)
{
int value = get_int_local_var_by_name(lexic, "value", -1);
if ( value != -1 )plug_replace_key(script_infos, name, ARG_INT,(void*)value);
else nasl_perror(lexic, "Syntax error with replace_kb_item(%s) [value=-1]\n", name); }
else
{
char * value = get_str_local_var_by_name(lexic, "value");
if( value == NULL )
{
nasl_perror(lexic, "Syntax error with replace_kb_item(%s) [null value]\n", name);
return FAKE_CELL;
}
plug_replace_key(script_infos, name, ARG_STRING, value);
}
return FAKE_CELL;
}
tree_cell * nasl_get_preference(lex_ctxt * lexic)
{
tree_cell *retc;
char *name, *value;
struct arglist *script_infos, *prefs;
script_infos = lexic->script_infos;
prefs = arg_get_value(script_infos, "preferences");
if (prefs == NULL)
{
nasl_perror(lexic, "get_preference: not preferences\n");
return NULL;
}
name = get_str_var_by_num(lexic, 0);
if (name == NULL)
{
nasl_perror(lexic, "get_preference: no name\n");
return NULL;
}
value = arg_get_value(prefs, name);
if (value == NULL)
return NULL;
retc = alloc_typed_cell(CONST_DATA);
retc->x.str_val = strdup(value);
retc->size = strlen(value);
return retc;
}
/**
* @brief Seek in file.
*/
tree_cell *
nasl_file_seek (lex_ctxt * lexic)
{
tree_cell *retc;
int fd;
int foffset;
foffset = get_int_local_var_by_name (lexic, "offset", 0);
fd = get_int_local_var_by_name (lexic, "fp", -1);
if (fd < 0)
{
nasl_perror (lexic, "file_seek: need one arguments 'fp'\n");
return NULL;
}
if (lseek (fd, foffset, SEEK_SET) < 0)
{
nasl_perror (lexic, "fseek: %s\n", strerror (errno));
return NULL;
}
retc = alloc_typed_cell (CONST_INT);
retc->x.i_val = 0;
return retc;
}
/*---------------------------------------------------------------------*/
tree_cell * nasl_close_socket(lex_ctxt * lexic)
{
int soc;
int type;
int opt_len = sizeof(type);
int e;
soc = get_int_var_by_num(lexic, 0, -1);
if(soc <= 4)
{
nasl_perror(lexic, "close(): invalid argument\n");
return NULL;
}
if ( fd_is_stream(soc) ) {
return close_stream_connection(soc) < 0 ? NULL:FAKE_CELL;
}
e = getsockopt(soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
if(e == 0 )
{
if (type == SOCK_DGRAM)
{
rm_udp_data(lexic->script_infos, soc);
return FAKE_CELL;
}
closesocket(soc);
return FAKE_CELL;
}
else nasl_perror(lexic, "close(): invalid argument\n");
return NULL;
}
tree_cell *
nasl_socket_negotiate_ssl (lex_ctxt * lexic)
{
int soc, transport, ret;
tree_cell *retc;
soc = get_int_local_var_by_name (lexic, "socket", -1);
transport = get_int_local_var_by_name (lexic, "transport",
OPENVAS_ENCAPS_TLScustom);
if (soc < 0)
{
nasl_perror (lexic, "socket_ssl_negotiate: Erroneous socket value %d\n",
soc);
return NULL;
}
if (transport == -1)
transport = OPENVAS_ENCAPS_TLScustom;
else if (!IS_ENCAPS_SSL (transport))
{
nasl_perror (lexic, "socket_ssl_negotiate: Erroneous transport value %d\n",
transport);
return NULL;
}
ret = socket_negotiate_ssl (soc, transport, lexic->script_infos);
if (ret < 0)
return NULL;
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_INT;
retc->x.i_val = ret;
return retc;
}
tree_cell*
nasl_leave_multicast_group(lex_ctxt *lexic)
{
char *a;
struct in_addr ia;
int i;
a = get_str_var_by_num(lexic, 0);
if (a == NULL)
{
nasl_perror(lexic, "leave_multicast_group: missing parameter\n");
return NULL;
}
if (! inet_aton(a, &ia))
{
nasl_perror(lexic, "leave_multicast_group: invalid parameter '%s'\n", a);
return NULL;
}
for (i = 0; i < jmg_max; i ++)
if (jmg_desc[i].count > 0 && jmg_desc[i].in.s_addr == ia.s_addr)
{
if (-- jmg_desc[i].count <= 0)
closesocket(jmg_desc[i].s);
return FAKE_CELL;
}
nasl_perror(lexic, "leave_multicast_group: never joined group %s\n", a);
return NULL;
}
tree_cell*
nasl_get_source_port(lex_ctxt* lexic)
{
struct sockaddr_in ia;
int i, s, fd, l;
tree_cell *retc;
s = get_int_var_by_num(lexic, 0, -1);
if (s < 0)
{
nasl_perror(lexic, "get_source_port: missing socket parameter\n");
return NULL;
}
fd = nessus_get_socket_from_connection(s);
if (fd < 0)
{
nasl_perror(lexic, "get_source_port: invalid socket parameter %d\n", s);
return NULL;
}
l = sizeof(ia);
if (getsockname(fd, (struct sockaddr*)&ia, &l) < 0)
{
nasl_perror(lexic, "get_source_port: getsockname(%d): %s\n", fd, strerror(errno));
return NULL;
}
retc = alloc_typed_cell(CONST_INT);
retc->x.i_val = ntohs(ia.sin_port);
return retc;
}
const char* var2str(const anon_nasl_var* v)
{
static char s1[16];
if (v == NULL)
return NULL;
switch (v->var_type)
{
case VAR2_INT:
snprintf(s1, sizeof(s1), "%d", v->v.v_int);
return s1; /* buggy if called twice in a row */
case VAR2_STRING:
case VAR2_DATA:
return v->v.v_str.s_val == NULL ? "" : (const char*)v->v.v_str.s_val;
case VAR2_UNDEF:
#if NASL_DEBUG > 1
nasl_perror(NULL, "var2str: variable %s is undefined!\n", get_var_name(v));
#endif
return NULL;
case VAR2_ARRAY:
return array2str(&v->v.v_arr);
default:
#if NASL_DEBUG > 0
nasl_perror(NULL, "var2str: variable %s has unhandled type %d\n",
get_var_name(v), v->var_type);
#endif
return "";
}
}
tree_cell * script_get_preference(lex_ctxt * lexic)
{
struct arglist * script_infos = lexic->script_infos;
tree_cell * retc;
char * pref = get_str_var_by_num(lexic, 0);
char * value;
if(pref == NULL){
nasl_perror(lexic, "Argument error in the function script_get_preference()\n");
nasl_perror(lexic, "Function usage is : pref = script_get_preference(<name>)\n");
return FAKE_CELL;
}
value = get_plugin_preference(script_infos, pref);
if(value != NULL)
{
retc = alloc_tree_cell(0, NULL);
if(isalldigit(value, strlen(value)))
{
retc->type = CONST_INT;
retc->x.i_val = atoi(value);
}
else
{
retc->type = CONST_DATA;
retc->size = strlen(value);
retc->x.str_val = estrdup(value);
}
return retc;
}
else
return FAKE_CELL;
}
tree_cell*
nasl_stridx(lex_ctxt * lexic)
{
char *a = get_str_var_by_num(lexic, 0);
int sz_a = get_var_size_by_num(lexic, 0);
char *b = get_str_var_by_num(lexic, 1);
int sz_b = get_var_size_by_num(lexic, 1);
char *c;
int start = get_int_var_by_num(lexic, 2, 0);
tree_cell *retc = alloc_typed_cell(CONST_INT);
retc->x.i_val = -1;
if (a == NULL || b == NULL)
{
nasl_perror(lexic, "stridx(string, substring [, start])\n");
return retc;
}
if(start < 0 || start > sz_a)
{
nasl_perror(lexic, "stridx(string, substring [, start])\n");
return retc;
}
if ((sz_a == start) || (sz_b > sz_a + start))
return retc;
c = (char*)memmem(a + start, sz_a - start, b, sz_b);
if(c != NULL)
retc->x.i_val = c - a;
return retc;
}
tree_cell*
nasl_make_list(lex_ctxt* lexic)
{
tree_cell *retc = NULL;
int i, j, vi;
anon_nasl_var *v;
named_nasl_var *vn;
nasl_array *a, *a2;
retc = alloc_tree_cell(0, NULL);
retc->type = DYN_ARRAY;
retc->x.ref_val = a = emalloc(sizeof(nasl_array));
for (i = vi = 0;
(v = nasl_get_var_by_num(&lexic->ctx_vars, vi, 0)) != NULL;
vi ++)
{
switch (v->var_type)
{
case VAR2_INT:
case VAR2_STRING:
case VAR2_DATA:
add_var_to_list(a, i ++, v);
break;
case VAR2_ARRAY:
a2 = &v->v.v_arr;
for (j = 0; j < a2->max_idx; j ++)
if (add_var_to_list(a, i, a2->num_elt[j]) >= 1)
i ++;
if (a2->hash_elt != NULL)
{
#if NASL_DEBUG > 1
nasl_perror(lexic, "make_list: named arguments in array have no order\n");
#endif
for (j = 0; j < VAR_NAME_HASH; j++)
for (vn = a2->hash_elt[j]; vn != NULL; vn = vn->next_var)
if (vn->u.var_type != VAR2_UNDEF)
if (add_var_to_list(a, i , &vn->u) >= 1)
i ++;
}
break;
case VAR2_UNDEF:
nasl_perror(lexic, "nasl_make_list: undefined variable #%d skipped\n", i);
continue;
default:
nasl_perror(lexic, "nasl_make_list: unhandled variable type 0x%x - skipped\n", v->var_type);
continue;
}
}
return retc;
}
/*---------------------------------------------------------------------*/
tree_cell *
nasl_close_socket (lex_ctxt * lexic)
{
int soc;
int type;
unsigned int opt_len = sizeof (type);
int e;
soc = get_int_var_by_num (lexic, 0, -1);
/* XXX: These are thoughts expressed on the openvas-devel mailing list 2008-08-06:
*
* nasl_close_socket seems to be the only place in nasl/nasl_socket.c where the
* value of the socket filedescriptor is checked in this way. That in itself is
* strange. Why only there? Also, why can't the socket fd be less than 4? I
* could sort of understand 3 (0, 1, 2 are already taken by the standard
* streams) but 4? Does the openvas server and/or the NASL interpreter guarantee
* that at least one other file is open?
*
* My guess is that the check is there to prevent NASL scripts from closing file
* descriptors needed by openvas/NASL which includes the ones it uses for
* accessing the knowledgebase. If that's the case, then the test has too much
* knowledge of the circumstances under which the NASL interpreter runs. It
* should be moved to a separate function whose behavior can be influenced by
* the program embedding the NASL interpreter. Other functions should probably
* also check the descriptors.
*
* I also wonder whether the original code (disallowing any file descriptor <= 4)
* actually was correct and the real defect is that open_sock_udp actually
* returned 4. Under which circumstances does it actually do that? In my brief
* tests with the stand-alone nasl interpreter the smallest number it returned
* was 5.
*/
if (soc < 4)
{
nasl_perror (lexic, "close(): invalid argument\n");
return NULL;
}
if (fd_is_stream (soc))
return close_stream_connection (soc) < 0 ? NULL : FAKE_CELL;
e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
if (e == 0)
{
if (type == SOCK_DGRAM)
{
rm_udp_data (lexic->script_infos, soc);
return FAKE_CELL;
}
close (soc);
return FAKE_CELL;
}
else
nasl_perror (lexic, "close(): invalid argument\n");
return NULL;
}
tree_cell * nasl_telnet_init(lex_ctxt * lexic)
{
int soc = get_int_var_by_num(lexic, 0, -1);
int opts; /* number of options recorded */
unsigned char buffer[1024];
#define iac buffer[0]
#define code buffer[1]
#define option buffer[2]
tree_cell * retc;
int n = 0, n2;
if(soc <= 0 )
{
nasl_perror(lexic, "Syntax error in the telnet_init() function\n");
nasl_perror(lexic, "Correct syntax is : output = telnet_init(<socket>)\n");
return NULL;
}
iac = 255;
opts = 0;
while(iac == 255)
{
n = read_stream_connection_min(soc, buffer, 3, 3);
if((iac!=255)||(n<=0)||(n!=3))break;
if((code == 251)||(code == 252))code = 254; /* WILL , WONT -> DON'T */
else if((code == 253)||(code == 254))code = 252; /* DO,DONT -> WONT */
write_stream_connection(soc, buffer,3);
opts++;
if (opts>100) break;
}
if (n <= 0)
{
if (opts == 0)
return NULL;
else
n = 0;
}
if (opts>100) /* remote telnet server is crazy */
{
nasl_perror(lexic, "More than 100 options received by telnet_init() function! exiting telnet_init.\n");
return NULL;
}
n2 = read_stream_connection(soc, buffer + n, sizeof(buffer) - n);
if (n2 > 0)
n += n2;
retc = alloc_typed_cell(CONST_DATA);
retc->size = n;
retc->x.str_val = strndup(buffer, n);
#undef iac
#undef data
#undef option
return retc;
}
tree_cell*
nasl_incr_variable(lex_ctxt* lexic, tree_cell* tc, int pre, int val)
{
anon_nasl_var *v;
int old_val = 0, new_val;
tree_cell *retc;
if (tc->type != REF_VAR)
{
nasl_perror(lexic,
"nasl_incr_variable: argument (type=%d) is not REF_VAR %s\n",
tc->type, get_line_nb(tc));
return NULL;
}
v = tc->x.ref_val;
switch (v->var_type)
{
case VAR2_INT:
old_val = v->v.v_int;
break;
case VAR2_STRING:
case VAR2_DATA:
#if NASL_DEBUG > 0
nasl_perror(lexic, "nasl_incr_variable: variable %s is a STRING %s - converting to integer\n", "", get_line_nb(tc));
#endif
old_val = v->v.v_str.s_val == NULL ? 0 : atoi(v->v.v_str.s_val);
break;
case VAR2_UNDEF:
#if NASL_DEBUG > 0
nasl_perror(lexic, "nasl_incr_variable: variable %s is undefined %s\n",
"", get_line_nb(tc));
#endif
old_val = 0;
break;
default:
nasl_perror(lexic, "nasl_incr_variable: variable %s has bad type %d %s\n",
/*get_var_name(v)*/ "", get_line_nb(tc));
return NULL;
}
new_val = old_val + val;
clear_anon_var(v);
v->var_type = VAR2_INT;
v->v.v_int = new_val;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = pre ? new_val : old_val;
return retc;
}
/*
* Syntax: insstr(s1, s2, i1, i2) or insstr(s1, s2, i1)
* Insert string s2 into slice [i1:i2] of string s1 and returns the result
* Warning: returns a CONST_DATA!
*/
tree_cell* nasl_insstr(lex_ctxt* lexic)
{
char *s1, *s2, *s3;
int sz1, sz2, sz3, i1, i2;
tree_cell *retc;
s1 = get_str_var_by_num(lexic, 0);
sz1 = get_var_size_by_num(lexic, 0);
s2 = get_str_var_by_num(lexic, 1);
sz2 = get_var_size_by_num(lexic, 1);
i1 = get_int_var_by_num(lexic, 2, -1);
i2 = get_int_var_by_num(lexic, 3, -1);
if (i2 > sz1 || i2 == -1) i2 = sz1-1;
if (s1 == NULL || s2 == NULL || i1 < 0 || i2 < 0)
{
nasl_perror(lexic, "Usage: insstr(str1, str2, idx_start [,idx_end])\n");
return NULL;
}
if (i1 > sz1)
{
nasl_perror(lexic, "insstr: cannot insert string2 after end of string1\n");
return NULL;
}
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
if (i1 > i2)
{
nasl_perror(lexic," insstr: warning! 1st index %d greater than 2nd index %d\n", i1, i2);
sz3 = sz2;
}
else
sz3 = sz1 + i1 - i2 - 1 + sz2;
s3 = retc->x.str_val = emalloc(sz3);
retc->size = sz3;
if (i1 <= sz1)
{
memcpy(s3, s1, i1);
s3 += i1;
}
memcpy(s3, s2, sz2); s3 += sz2;
if (i2 < sz1 - 1)
memcpy(s3, s1 + i2 +1, sz1 - 1 - i2);
return retc;
}
tree_cell*
nasl_func_has_arg(lex_ctxt* lexic)
{
nasl_func *f;
char *s;
int vt, i, flag = 0;
tree_cell *retc;
s = get_str_var_by_num(lexic, 0);
if (s == NULL)
{
nasl_perror(lexic, "func_has_arg: missing parameter\n");
return NULL;
}
f = get_func_ref_by_name(lexic, s);
if (f == NULL)
{
nasl_perror(lexic, "func_args: unknown function \"%s\"\n", s);
return NULL;
}
vt = get_var_type_by_num(lexic, 1);
switch(vt)
{
case VAR2_INT:
i = get_int_var_by_num(lexic, 1, -1);
if (i >= 0 && i < f->nb_unnamed_args)
flag = 1;
break;
case VAR2_STRING:
case VAR2_DATA:
s = get_str_var_by_num(lexic, 1);
for (i = 0; i < f->nb_named_args && ! flag; i ++)
if (strcmp(s, f->args_names[i]) == 0)
flag = 1;
break;
default:
nasl_perror(lexic, "func_has_arg: string or integer expected as 2nd parameter\n");
return NULL;
}
retc = alloc_typed_cell(CONST_INT);
retc->x.i_val = flag;
return retc;
}
tree_cell*
nasl_make_array(lex_ctxt* lexic)
{
tree_cell *retc = NULL;
int i, vi;
anon_nasl_var *v, *v2;
nasl_array *a;
retc = alloc_tree_cell(0, NULL);
retc->type = DYN_ARRAY;
retc->x.ref_val = a = emalloc(sizeof(nasl_array));
i = vi = 0;
while ((v = nasl_get_var_by_num(&lexic->ctx_vars, vi ++, 0)) != NULL)
{
v2 = nasl_get_var_by_num(&lexic->ctx_vars, vi ++, 0);
if (v2 == NULL)
{
nasl_perror(lexic, "make_array: odd number (%d) of argument?\n", vi);
break;
}
switch (v2->var_type)
{
case VAR2_INT:
case VAR2_STRING:
case VAR2_DATA:
switch (v->var_type)
{
case VAR2_INT:
add_var_to_list(a, v->v.v_int, v2);
break;
case VAR2_STRING:
case VAR2_DATA:
add_var_to_array(a, (char*)var2str(v) , v2);
break;
}
break;
case VAR2_UNDEF:
default:
nasl_perror(lexic, "make_array: bad value type %d for arg #%d\n",
v2->var_type, vi);
break;
}
}
return retc;
}
tree_cell * script_category(lex_ctxt * lexic)
{
struct arglist * script_infos = lexic->script_infos;
int category = get_int_var_by_num(lexic, 0, -1);
if(category < 0){
nasl_perror(lexic, "Argument error in function script_category()\n");
nasl_perror(lexic, "Function usage is : script_category(<category>)\n");
return FAKE_CELL;
}
plug_set_category(script_infos, category);
return FAKE_CELL;
}
tree_cell *
nasl_ntlm2_response (lex_ctxt * lexic)
{
char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
char *password = get_str_var_by_name (lexic, "password");
unsigned char *nt_hash =
(unsigned char *) get_str_var_by_name (lexic, "nt_hash");
if (cryptkey == NULL || password == NULL)
{
nasl_perror (lexic,
"Syntax : ntlm2_response(cryptkey:<c>, password:<p>, nt_hash:<n>)\n");
return NULL;
}
uint8_t lm_response[24];
uint8_t nt_response[24];
uint8_t session_key[16];
tree_cell *retc;
ntlmssp_genauth_ntlm2 (password, lm_response, nt_response, session_key,
cryptkey, nt_hash);
int len = sizeof (lm_response) + sizeof (nt_response) + sizeof (session_key);
char *ret = emalloc (len);
memcpy (ret, lm_response, sizeof (lm_response));
memcpy (ret + sizeof (lm_response), nt_response, sizeof (nt_response));
memcpy (ret + sizeof (lm_response) + sizeof (nt_response), session_key,
sizeof (session_key));
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = len;
retc->x.str_val = ret;
return retc;
}
int
add_var_to_list(nasl_array* a, int i, const anon_nasl_var* v)
{
anon_nasl_var *v2;
if (i < 0)
{
nasl_perror(NULL, "add_var_to_list: negative index are not (yet) supported\n");
return -1;
}
if (i >= a->max_idx)
{
a->num_elt = erealloc(a->num_elt, sizeof(anon_nasl_var*) * (i+1));
bzero(a->num_elt + a->max_idx, sizeof(anon_nasl_var*) * (i+1-a->max_idx));
a->max_idx = i +1;
}
free_anon_var(a->num_elt[i]);
v2 = dup_anon_var(v); /* May return NULL */
a->num_elt[i] = v2;
if (v2 == NULL)
return 0;
else
return 1;
}
anon_nasl_var*
nasl_get_var_by_num(nasl_array* a, int num, int create)
{
anon_nasl_var *v = NULL;
if (num < 0)
{
/* TBD: implement a min_index field, just like $[ in Perl */
nasl_perror(NULL, "Negative integer index are not supported yet!\n");
return NULL;
}
if (num < a->max_idx)
v = a->num_elt[num];
if (v != NULL || ! create)
return v;
if (num >= a->max_idx)
{
a->num_elt = erealloc(a->num_elt, sizeof(anon_nasl_var*) * (num+1));
bzero(a->num_elt + a->max_idx,
sizeof(anon_nasl_var*) * (num+1-a->max_idx));
a->max_idx = num +1;
}
v = emalloc(sizeof(anon_nasl_var));
v->var_type = VAR2_UNDEF;
a->num_elt[num] = v;
return v;
}
anon_nasl_var*
add_numbered_var_to_ctxt(lex_ctxt* lexic, int num, tree_cell* val)
{
anon_nasl_var *v;
nasl_array *a = &lexic->ctx_vars;
if (a->max_idx > num)
{
v = a->num_elt[num];
if (v != NULL && v->var_type != VAR2_UNDEF)
{
nasl_perror(lexic, "Cannot add existing variable %d\n", num);
return NULL;
}
free_anon_var(a->num_elt[num]);
}
else
{
a->num_elt = erealloc(a->num_elt, (num+1) * sizeof(anon_nasl_var));
bzero(a->num_elt + a->max_idx, sizeof(anon_nasl_var*) * (num+1 - a->max_idx));
a->max_idx = num + 1;
}
a->num_elt[num] = v = create_anon_var(val);
return v;
}
/*-------------------[ Windows ]-------------------------------------*/
tree_cell *
nasl_get_sign (lex_ctxt * lexic)
{
char *mac_key = (char *) get_str_var_by_name (lexic, "key");
uint8_t *buf = (uint8_t *) get_str_var_by_name (lexic, "buf");
int buflen = get_int_var_by_name (lexic, "buflen", -1);
uint32 seq_num = get_int_var_by_name (lexic, "seq_number", -1);
if (mac_key == NULL || buf == NULL || buflen == -1 || seq_num == -1)
{
nasl_perror (lexic,
"Syntax : get_sign(key:<k>, buf:<b>, buflen:<bl>, seq_number:<s>)\n");
return NULL;
}
uint8_t calc_md5_mac[16];
simple_packet_signature_ntlmssp ((uint8_t *) mac_key, buf, seq_num, calc_md5_mac);
memcpy (buf + 18, calc_md5_mac, 8);
char *ret = emalloc (buflen);
bzero (ret, buflen);
memcpy (ret, buf, buflen);
tree_cell *retc;
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = buflen;
retc->x.str_val = (char *) ret;
return retc;
}
tree_cell *
nasl_ntlmv1_hash (lex_ctxt * lexic)
{
const uchar *cryptkey = (uchar *) get_str_var_by_name (lexic, "cryptkey");
char *password = get_str_var_by_name (lexic, "passhash");
int pass_len = get_var_size_by_name (lexic, "passhash");
unsigned char p21[21];
tree_cell *retc;
uchar *ret;
if (cryptkey == NULL || password == NULL)
{
nasl_perror (lexic, "Syntax : ntlmv1_hash(cryptkey:<c>, passhash:<p>)\n");
return NULL;
}
bzero (p21, sizeof (p21));
memcpy (p21, password, pass_len < 16 ? pass_len : 16);
ret = emalloc (24);
E_P24 (p21, cryptkey, ret);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = 24;
retc->x.str_val = (char *) ret;
return retc;
}
tree_cell *
nasl_lm_owf_gen (lex_ctxt * lexic)
{
char *pass = get_str_var_by_num (lexic, 0);
int pass_len = get_var_size_by_num (lexic, 0);
tree_cell *retc;
uchar pwd[15];
uchar p16[16];
int i;
if (pass_len < 0 || pass == NULL)
{
nasl_perror (lexic, "Syntax : nt_lm_gen(cryptkey:<c>, password:<p>)\n");
return NULL;
}
bzero (pwd, sizeof (pwd));
strncpy ((char *) pwd, pass, sizeof (pwd) - 1);
for (i = 0; i < sizeof (pwd); i++)
pwd[i] = toupper (pwd[i]);
E_P16 (pwd, p16);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = 16;
retc->x.str_val = g_memdup (p16, 17);
return retc;
}
tree_cell*
nasl_mktime(lex_ctxt* lexic)
{
struct tm tm;
tree_cell *retc;
time_t tictac;
tm.tm_sec = get_int_local_var_by_name(lexic, "sec", 0); /* seconds */
tm.tm_min = get_int_local_var_by_name(lexic, "min", 0); /* minutes */
tm.tm_hour = get_int_local_var_by_name(lexic, "hour", 0); /* hours */
tm.tm_mday = get_int_local_var_by_name(lexic, "mday", 0); /* day of the month */
tm.tm_mon = get_int_local_var_by_name(lexic, "mon", 1); /* month */
tm.tm_mon -= 1;
tm.tm_year = get_int_local_var_by_name(lexic, "year", 0); /* year */
if (tm.tm_year >= 1900) tm.tm_year -= 1900;
tm.tm_isdst = get_int_local_var_by_name(lexic, "isdst", -1); /* daylight saving time */
errno = 0;
tictac = mktime(&tm);
if (tictac == (time_t)(-1))
{
nasl_perror(lexic, "mktime(sec=%02d min=%02d hour=%02d mday=%02d mon=%02d year=%04d isdst=%d): %s\n",
tm.tm_sec, tm.tm_min, tm.tm_hour, tm.tm_mday,
tm.tm_mon+1, tm.tm_year+1900, tm.tm_isdst,
errno ? strerror(errno): "invalid value?");
return NULL;
}
retc = alloc_typed_cell(CONST_INT);
retc->x.i_val = tictac;
return retc;
}
tree_cell *
nasl_keyexchg (lex_ctxt * lexic)
{
char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
uint8_t *session_key = (uint8_t *) get_str_var_by_name (lexic, "session_key");
unsigned char *nt_hash =
(unsigned char *) get_str_var_by_name (lexic, "nt_hash");
if (cryptkey == NULL || session_key == NULL || nt_hash == NULL)
{
nasl_perror (lexic,
"Syntax : keyexchg(cryptkey:<c>, session_key:<s>, nt_hash:<n> )\n");
return NULL;
}
uint8_t new_sess_key[16];
tree_cell *retc;
uint8_t *encrypted_session_key = NULL;
encrypted_session_key =
ntlmssp_genauth_keyexchg (session_key, cryptkey, nt_hash,
(uint8_t *) & new_sess_key);
int len = 16 + 16;
char *ret = emalloc (len);
memcpy (ret, new_sess_key, 16);
memcpy (ret + 16, encrypted_session_key, 16);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = len;
retc->x.str_val = ret;
return retc;
}
