tree_cell * nasl_telnet_init(lex_ctxt * lexic) { int soc = get_int_var_by_num(lexic, 0, -1); int opts; /* number of options recorded */ unsigned char buffer[1024]; #define iac buffer[0] #define code buffer[1] #define option buffer[2] tree_cell * retc; int n = 0, n2; if(soc <= 0 ) { nasl_perror(lexic, "Syntax error in the telnet_init() function\n"); nasl_perror(lexic, "Correct syntax is : output = telnet_init(<socket>)\n"); return NULL; } iac = 255; opts = 0; while(iac == 255) { n = read_stream_connection_min(soc, buffer, 3, 3); if((iac!=255)||(n<=0)||(n!=3))break; if((code == 251)||(code == 252))code = 254; /* WILL , WONT -> DON'T */ else if((code == 253)||(code == 254))code = 252; /* DO,DONT -> WONT */ write_stream_connection(soc, buffer,3); opts++; if (opts>100) break; } if (n <= 0) { if (opts == 0) return NULL; else n = 0; } if (opts>100) /* remote telnet server is crazy */ { nasl_perror(lexic, "More than 100 options received by telnet_init() function! exiting telnet_init.\n"); return NULL; } n2 = read_stream_connection(soc, buffer + n, sizeof(buffer) - n); if (n2 > 0) n += n2; retc = alloc_typed_cell(CONST_DATA); retc->size = n; retc->x.str_val = strndup(buffer, n); #undef iac #undef data #undef option return retc; }
int ftp_log_in (int soc, char *username, char *passwd) { char buf[1024]; int n; int counter; buf[sizeof (buf) - 1] = '\0'; n = recv_line (soc, buf, sizeof (buf) - 1); if (n <= 0) return (1); if (strncmp (buf, "220", 3) != 0) { return 1; } counter = 0; while (buf[3] == '-' && n > 0 && counter < 1024) { n = recv_line (soc, buf, sizeof (buf) - 1); counter++; } if (counter >= 1024) return 1; /* Rogue FTP server */ if (n <= 0) return 1; snprintf (buf, sizeof (buf), "USER %s\r\n", username); /* RATS: ignore */ write_stream_connection (soc, buf, strlen (buf)); n = recv_line (soc, buf, sizeof (buf) - 1); if (n <= 0) return 1; if (strncmp (buf, "230", 3) == 0) { counter = 0; while (buf[3] == '-' && n > 0 && counter < 1024) { n = recv_line (soc, buf, sizeof (buf) - 1); counter++; } return 0; } if (strncmp (buf, "331", 3) != 0) { return 1; } counter = 0; n = 1; while (buf[3] == '-' && n > 0 && counter < 1024) { n = recv_line (soc, buf, sizeof (buf) - 1); counter++; } if (counter >= 1024) return 1; snprintf (buf, sizeof (buf), "PASS %s\r\n", passwd); /* RATS: ignore */ write_stream_connection (soc, buf, strlen (buf)); n = recv_line (soc, buf, sizeof (buf) - 1); if (n <= 0) return 1; if (strncmp (buf, "230", 3) != 0) { return 1; } counter = 0; n = 1; while (buf[3] == '-' && n > 0 && counter < 1024) { n = recv_line (soc, buf, sizeof (buf) - 1); counter++; } return 0; }
int ftp_get_pasv_address (int soc, struct sockaddr_in *addr) { char buf[512]; char *t, *s; unsigned char l[6]; unsigned long *a; unsigned short *p; snprintf (buf, 7, "PASV\r\n"); /* RATS: ignore */ write_stream_connection (soc, buf, strlen (buf)); bzero (buf, sizeof (buf)); bzero (addr, sizeof (struct sockaddr_in)); recv_line (soc, buf, sizeof (buf) - 1); if (strncmp (buf, "227", 3) != 0) return 1; t = strchr (buf, '('); if (t == NULL) return 1; t++; s = strchr (t, ','); if (s == NULL) return 1; s[0] = '\0'; l[0] = (unsigned char) atoi (t); s++; t = strchr (s, ','); if (t == NULL) return 1; t[0] = 0; l[1] = (unsigned char) atoi (s); t++; s = strchr (t, ','); if (s == NULL) return 1; s[0] = 0; l[2] = (unsigned char) atoi (t); s++; t = strchr (s, ','); if (t == NULL) return 1; t[0] = 0; l[3] = (unsigned char) atoi (s); t++; s = strchr (t, ','); if (s == NULL) return 1; s[0] = 0; l[4] = (unsigned char) atoi (t); s++; t = strchr (s, ')'); if (t == NULL) return 1; t[0] = 0; l[5] = (unsigned char) atoi (s); a = (unsigned long *) l; p = (unsigned short *) (l + 4); addr->sin_addr.s_addr = *a; addr->sin_port = *p; addr->sin_family = AF_INET; return 0; }