Example #1
0
/* Parses and processes the configuration arguments
 * supplied in the SSH preprocessor rule.
 *
 * PARAMETERS:
 *
 * argp:        Pointer to string containing the config arguments.
 *
 * RETURNS:     Nothing.
 */
static void
ParseSSHArgs(SSHConfig *config, u_char* argp)
{
	char* cur_tokenp = NULL;
	char* argcpyp = NULL;
    int port;

    if (config == NULL)
        return;

    config->MaxEncryptedPackets = SSH_DEFAULT_MAX_ENC_PKTS;
    config->MaxClientBytes = SSH_DEFAULT_MAX_CLIENT_BYTES;
    config->MaxServerVersionLen = SSH_DEFAULT_MAX_SERVER_VERSION_LEN;

    /* Set up default port to listen on */
    config->ports[ PORT_INDEX( 22 ) ] |= CONV_PORT(22);

	/* Sanity check(s) */
	if ( !argp )
	{
        DisplaySSHConfig(config);
		return;
	}

	argcpyp = strdup( (char*) argp );

	if ( !argcpyp )
	{
		DynamicPreprocessorFatalMessage("Could not allocate memory to parse SSH options.\n");
		return;
	}

	cur_tokenp = strtok( argcpyp, " ");

	while ( cur_tokenp )
	{
		if ( !strcmp( cur_tokenp, SSH_SERVERPORTS_KEYWORD ))
		{
            /* If the user specified ports, remove '22' for now since
             * it now needs to be set explicitely. */
            config->ports[ PORT_INDEX( 22 ) ] = 0;

			/* Eat the open brace. */
			cur_tokenp = strtok( NULL, " ");
			if (( !cur_tokenp ) || ( cur_tokenp[0] != '{' ))
			{
				DynamicPreprocessorFatalMessage("Bad value specified for %s.\n",
					                            SSH_SERVERPORTS_KEYWORD);
                //free(argcpyp);
                //return;
			}

			cur_tokenp = strtok( NULL, " ");
			while (( cur_tokenp ) && ( cur_tokenp[0] != '}' ))
			{
				if ( !isdigit( (int)cur_tokenp[0] ))
				{
					DynamicPreprocessorFatalMessage("Bad port %s.\n", cur_tokenp );
                    //free(argcpyp);
                    //return;
				}
				else
				{
                    port = atoi( cur_tokenp );
                    if( port < 0 || port > MAX_PORTS )
                    {
					    DynamicPreprocessorFatalMessage("Port value illegitimate: %s\n", cur_tokenp);
                        //free(argcpyp);
                        //return;
                    }

                    config->ports[ PORT_INDEX( port ) ] |= CONV_PORT(port);
				}

				cur_tokenp = strtok( NULL, " ");
			}

		}
		else if ( !strcmp( cur_tokenp, SSH_AUTODETECT_KEYWORD ))
		{
			config->AutodetectEnabled = 1;
		}
		else if ( !strcmp( cur_tokenp, SSH_MAX_ENC_PKTS_KEYWORD ))
		{
            cur_tokenp = strtok( NULL, " ");
            config->MaxEncryptedPackets = (uint16_t)ParseNumInRange(cur_tokenp,
                                                SSH_MAX_ENC_PKTS_KEYWORD,
                                                MIN_MAX_ENC_PKTS,
                                                MAX_MAX_ENC_PKTS);
		}
		else if (!strcmp( cur_tokenp, SSH_MAX_CLIENT_BYTES_KEYWORD ))
		{
			cur_tokenp = strtok( NULL, " ");
            config->MaxClientBytes = (uint16_t)ParseNumInRange(cur_tokenp,
                                                SSH_MAX_CLIENT_BYTES_KEYWORD,
                                                MIN_MAX_CLIENT_BYTES,
                                                MAX_MAX_CLIENT_BYTES);
		}
        else if ( !strcmp( cur_tokenp, SSH_MAX_SERVER_VERSION_KEYWORD ))
        {
            cur_tokenp = strtok( NULL, " ");
            config->MaxServerVersionLen = (uint16_t)ParseNumInRange(cur_tokenp,
                                                SSH_MAX_SERVER_VERSION_KEYWORD,
                                                MIN_MAX_SERVER_VERSION_LEN,
                                                MAX_MAX_SERVER_VERSION_LEN);
        }
		else if ( !strcmp( cur_tokenp, SSH_ENABLE_RESPOVERFLOW_KEYWORD ))
		{
			config->EnabledAlerts |= SSH_ALERT_RESPOVERFLOW;
		}
		else if ( !strcmp( cur_tokenp, SSH_ENABLE_CRC32_KEYWORD ))
		{
			config->EnabledAlerts |= SSH_ALERT_CRC32;
		}
		else if (
		   !strcmp( cur_tokenp, SSH_ENABLE_SECURECRT_KEYWORD ))
		{
			config->EnabledAlerts |= SSH_ALERT_SECURECRT;
		}
		else if (
		   !strcmp( cur_tokenp, SSH_ENABLE_PROTOMISMATCH_KEYWORD ))
		{
			config->EnabledAlerts |= SSH_ALERT_PROTOMISMATCH;
		}
		else if (
		   !strcmp( cur_tokenp, SSH_ENABLE_WRONGDIR_KEYWORD ))
		{
			config->EnabledAlerts |= SSH_ALERT_WRONGDIR;
		}
#if 0
		else if ( !strcmp( cur_tokenp, SSH_DISABLE_RULES_KEYWORD ))
		{
			config->DisableRules++;
		}
#endif
        else if( !strcmp( cur_tokenp, SSH_ENABLE_PAYLOAD_SIZE ))
        {
            config->EnabledAlerts |= SSH_ALERT_PAYSIZE;
        }
        else if( !strcmp( cur_tokenp, SSH_ENABLE_UNRECOGNIZED_VER ))
        {
            config->EnabledAlerts |= SSH_ALERT_UNRECOGNIZED;
        }
        else
        {
		    DynamicPreprocessorFatalMessage("Invalid argument: %s\n", cur_tokenp);
    		return;
        }

		cur_tokenp = strtok( NULL, " " );
	}

	DisplaySSHConfig(config);
    free(argcpyp);
}
Example #2
0
/* Parses and processes the configuration arguments 
 * supplied in the SSH preprocessor rule.
 *
 * PARAMETERS: 
 *
 * argp:        Pointer to string containing the config arguments.
 * 
 * RETURNS:     Nothing.
 */
static void 
ParseSSHArgs( u_char* argp )
{
	char* cur_tokenp = NULL;
	char* argcpyp = NULL;
    int port;
    
    /* Set up default port to listen on */
    ssh_config.ports[ PORT_INDEX( 22 ) ] |= CONV_PORT(22);

	/* Sanity check(s) */
	if ( !argp )
	{
        DisplaySSHConfig();
		return;
	}

	argcpyp = strdup( (char*) argp );

	if ( !argcpyp )
	{
		_dpd.fatalMsg("Could not allocate memory to parse SSH options.\n");
		return;
	}

	cur_tokenp = strtok( argcpyp, " ");

	while ( cur_tokenp )
	{
		if ( !strcmp( cur_tokenp, SSH_SERVERPORTS_KEYWORD ))
		{
            /* If the user specified ports, remove '22' for now since 
             * it now needs to be set explicitely. */
            ssh_config.ports[ PORT_INDEX( 22 ) ] = 0;
            
			/* Eat the open brace. */
			cur_tokenp = strtok( NULL, " ");
			if (( !cur_tokenp ) || ( cur_tokenp[0] != '{' ))
			{
				_dpd.fatalMsg("Bad value specified for %s.\n",
					SSH_SERVERPORTS_KEYWORD);
                free(argcpyp);
                return;
			}

			cur_tokenp = strtok( NULL, " ");
			while (( cur_tokenp ) && ( cur_tokenp[0] != '}' ))
			{
				if ( !isdigit( cur_tokenp[0] ))
				{
					_dpd.fatalMsg("Bad port %s.\n", cur_tokenp );
                    free(argcpyp);
                    return;
				}
				else
				{
                    port = atoi( cur_tokenp );
                    if( port < 0 || port > MAX_PORTS ) 
                    {
					    _dpd.fatalMsg("Port value illegitimate: %s\n", cur_tokenp);
                        free(argcpyp);
                        return;
                    }
                    
                    ssh_config.ports[ PORT_INDEX( port ) ] |= CONV_PORT(port);
				}

				cur_tokenp = strtok( NULL, " ");
			}
				
		}
		else if ( !strcmp( cur_tokenp, SSH_AUTODETECT_KEYWORD ))
		{
			ssh_config.AutodetectEnabled++;
		}
		else if ( !strcmp( cur_tokenp, SSH_MAX_ENC_PKTS_KEYWORD ))
		{
			cur_tokenp = strtok( NULL, " ");
			if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
			{
				_dpd.logMsg("Bad value specified for %s."
					"Reverting to default value %d. ",
					SSH_MAX_ENC_PKTS_KEYWORD, 
					SSH_DEFAULT_MAX_ENC_PKTS );
			}
			else
			{
				ssh_config.MaxEncryptedPackets = (u_int16_t)
						atoi( cur_tokenp );
			}
		}
		else if (!strcmp( cur_tokenp, SSH_MAX_CLIENT_BYTES_KEYWORD ))
		{
			cur_tokenp = strtok( NULL, " ");
			if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
			{
				_dpd.logMsg("Bad value specified for %s."
					"Reverting to default value %d. ",
					SSH_MAX_CLIENT_BYTES_KEYWORD, 
					SSH_DEFAULT_MAX_CLIENT_BYTES );
			}
			else
			{
				ssh_config.MaxClientBytes = (u_int16_t)
						atoi( cur_tokenp );
			}
		}
		else if ( !strcmp( cur_tokenp, SSH_DISABLE_GOBBLES_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_GOBBLES;
		}
		else if ( !strcmp( cur_tokenp, SSH_DISABLE_CRC32_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_CRC32;
		}
		else if ( 
		   !strcmp( cur_tokenp, SSH_DISABLE_SECURECRT_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_SECURECRT;
		}
		else if ( 
		   !strcmp( cur_tokenp, SSH_DISABLE_PROTOMISMATCH_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_PROTOMISMATCH;
		}
		else if ( 
		   !strcmp( cur_tokenp, SSH_DISABLE_WRONGDIR_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_WRONGDIR;
		}
		else if ( !strcmp( cur_tokenp, SSH_DISABLE_RULES_KEYWORD ))
		{
			ssh_config.DisableRules++;	
		} 
        else if( !strcmp( cur_tokenp, SSH_DISABLE_PAYLOAD_SIZE )) 
        {
            ssh_config.EnabledAlerts &= ~SSH_ALERT_PAYSIZE;
        }
        else if( !strcmp( cur_tokenp, SSH_DISABLE_UNRECOGNIZED_VER ))
        {
            ssh_config.EnabledAlerts &= ~SSH_ALERT_UNRECOGNIZED;
        }
        else
        {
		    _dpd.fatalMsg("Invalid argument: %s\n", cur_tokenp);
    		return;
        }

		cur_tokenp = strtok( NULL, " " );
	}

	DisplaySSHConfig();
    free(argcpyp);
}