/* Parses and processes the configuration arguments
* supplied in the SSH preprocessor rule.
*
* PARAMETERS:
*
* argp: Pointer to string containing the config arguments.
*
* RETURNS: Nothing.
*/
static void
ParseSSHArgs(SSHConfig *config, u_char* argp)
{
char* cur_tokenp = NULL;
char* argcpyp = NULL;
int port;
if (config == NULL)
return;
config->MaxEncryptedPackets = SSH_DEFAULT_MAX_ENC_PKTS;
config->MaxClientBytes = SSH_DEFAULT_MAX_CLIENT_BYTES;
config->MaxServerVersionLen = SSH_DEFAULT_MAX_SERVER_VERSION_LEN;
/* Set up default port to listen on */
config->ports[ PORT_INDEX( 22 ) ] |= CONV_PORT(22);
/* Sanity check(s) */
if ( !argp )
{
DisplaySSHConfig(config);
return;
}
argcpyp = strdup( (char*) argp );
if ( !argcpyp )
{
DynamicPreprocessorFatalMessage("Could not allocate memory to parse SSH options.\n");
return;
}
cur_tokenp = strtok( argcpyp, " ");
while ( cur_tokenp )
{
if ( !strcmp( cur_tokenp, SSH_SERVERPORTS_KEYWORD ))
{
/* If the user specified ports, remove '22' for now since
* it now needs to be set explicitely. */
config->ports[ PORT_INDEX( 22 ) ] = 0;
/* Eat the open brace. */
cur_tokenp = strtok( NULL, " ");
if (( !cur_tokenp ) || ( cur_tokenp[0] != '{' ))
{
DynamicPreprocessorFatalMessage("Bad value specified for %s.\n",
SSH_SERVERPORTS_KEYWORD);
//free(argcpyp);
//return;
}
cur_tokenp = strtok( NULL, " ");
while (( cur_tokenp ) && ( cur_tokenp[0] != '}' ))
{
if ( !isdigit( (int)cur_tokenp[0] ))
{
DynamicPreprocessorFatalMessage("Bad port %s.\n", cur_tokenp );
//free(argcpyp);
//return;
}
else
{
port = atoi( cur_tokenp );
if( port < 0 || port > MAX_PORTS )
{
DynamicPreprocessorFatalMessage("Port value illegitimate: %s\n", cur_tokenp);
//free(argcpyp);
//return;
}
config->ports[ PORT_INDEX( port ) ] |= CONV_PORT(port);
}
cur_tokenp = strtok( NULL, " ");
}
}
else if ( !strcmp( cur_tokenp, SSH_AUTODETECT_KEYWORD ))
{
config->AutodetectEnabled = 1;
}
else if ( !strcmp( cur_tokenp, SSH_MAX_ENC_PKTS_KEYWORD ))
{
cur_tokenp = strtok( NULL, " ");
config->MaxEncryptedPackets = (uint16_t)ParseNumInRange(cur_tokenp,
SSH_MAX_ENC_PKTS_KEYWORD,
MIN_MAX_ENC_PKTS,
MAX_MAX_ENC_PKTS);
}
else if (!strcmp( cur_tokenp, SSH_MAX_CLIENT_BYTES_KEYWORD ))
{
cur_tokenp = strtok( NULL, " ");
config->MaxClientBytes = (uint16_t)ParseNumInRange(cur_tokenp,
SSH_MAX_CLIENT_BYTES_KEYWORD,
MIN_MAX_CLIENT_BYTES,
MAX_MAX_CLIENT_BYTES);
}
else if ( !strcmp( cur_tokenp, SSH_MAX_SERVER_VERSION_KEYWORD ))
{
cur_tokenp = strtok( NULL, " ");
config->MaxServerVersionLen = (uint16_t)ParseNumInRange(cur_tokenp,
SSH_MAX_SERVER_VERSION_KEYWORD,
MIN_MAX_SERVER_VERSION_LEN,
MAX_MAX_SERVER_VERSION_LEN);
}
else if ( !strcmp( cur_tokenp, SSH_ENABLE_RESPOVERFLOW_KEYWORD ))
{
config->EnabledAlerts |= SSH_ALERT_RESPOVERFLOW;
}
else if ( !strcmp( cur_tokenp, SSH_ENABLE_CRC32_KEYWORD ))
{
config->EnabledAlerts |= SSH_ALERT_CRC32;
}
else if (
!strcmp( cur_tokenp, SSH_ENABLE_SECURECRT_KEYWORD ))
{
config->EnabledAlerts |= SSH_ALERT_SECURECRT;
}
else if (
!strcmp( cur_tokenp, SSH_ENABLE_PROTOMISMATCH_KEYWORD ))
{
config->EnabledAlerts |= SSH_ALERT_PROTOMISMATCH;
}
else if (
!strcmp( cur_tokenp, SSH_ENABLE_WRONGDIR_KEYWORD ))
{
config->EnabledAlerts |= SSH_ALERT_WRONGDIR;
}
#if 0
else if ( !strcmp( cur_tokenp, SSH_DISABLE_RULES_KEYWORD ))
{
config->DisableRules++;
}
#endif
else if( !strcmp( cur_tokenp, SSH_ENABLE_PAYLOAD_SIZE ))
{
config->EnabledAlerts |= SSH_ALERT_PAYSIZE;
}
else if( !strcmp( cur_tokenp, SSH_ENABLE_UNRECOGNIZED_VER ))
{
config->EnabledAlerts |= SSH_ALERT_UNRECOGNIZED;
}
else
{
DynamicPreprocessorFatalMessage("Invalid argument: %s\n", cur_tokenp);
return;
}
cur_tokenp = strtok( NULL, " " );
}
DisplaySSHConfig(config);
free(argcpyp);
}
/* Parses and processes the configuration arguments
* supplied in the SSH preprocessor rule.
*
* PARAMETERS:
*
* argp: Pointer to string containing the config arguments.
*
* RETURNS: Nothing.
*/
static void
ParseSSHArgs( u_char* argp )
{
char* cur_tokenp = NULL;
char* argcpyp = NULL;
int port;
/* Set up default port to listen on */
ssh_config.ports[ PORT_INDEX( 22 ) ] |= CONV_PORT(22);
/* Sanity check(s) */
if ( !argp )
{
DisplaySSHConfig();
return;
}
argcpyp = strdup( (char*) argp );
if ( !argcpyp )
{
_dpd.fatalMsg("Could not allocate memory to parse SSH options.\n");
return;
}
cur_tokenp = strtok( argcpyp, " ");
while ( cur_tokenp )
{
if ( !strcmp( cur_tokenp, SSH_SERVERPORTS_KEYWORD ))
{
/* If the user specified ports, remove '22' for now since
* it now needs to be set explicitely. */
ssh_config.ports[ PORT_INDEX( 22 ) ] = 0;
/* Eat the open brace. */
cur_tokenp = strtok( NULL, " ");
if (( !cur_tokenp ) || ( cur_tokenp[0] != '{' ))
{
_dpd.fatalMsg("Bad value specified for %s.\n",
SSH_SERVERPORTS_KEYWORD);
free(argcpyp);
return;
}
cur_tokenp = strtok( NULL, " ");
while (( cur_tokenp ) && ( cur_tokenp[0] != '}' ))
{
if ( !isdigit( cur_tokenp[0] ))
{
_dpd.fatalMsg("Bad port %s.\n", cur_tokenp );
free(argcpyp);
return;
}
else
{
port = atoi( cur_tokenp );
if( port < 0 || port > MAX_PORTS )
{
_dpd.fatalMsg("Port value illegitimate: %s\n", cur_tokenp);
free(argcpyp);
return;
}
ssh_config.ports[ PORT_INDEX( port ) ] |= CONV_PORT(port);
}
cur_tokenp = strtok( NULL, " ");
}
}
else if ( !strcmp( cur_tokenp, SSH_AUTODETECT_KEYWORD ))
{
ssh_config.AutodetectEnabled++;
}
else if ( !strcmp( cur_tokenp, SSH_MAX_ENC_PKTS_KEYWORD ))
{
cur_tokenp = strtok( NULL, " ");
if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
{
_dpd.logMsg("Bad value specified for %s."
"Reverting to default value %d. ",
SSH_MAX_ENC_PKTS_KEYWORD,
SSH_DEFAULT_MAX_ENC_PKTS );
}
else
{
ssh_config.MaxEncryptedPackets = (u_int16_t)
atoi( cur_tokenp );
}
}
else if (!strcmp( cur_tokenp, SSH_MAX_CLIENT_BYTES_KEYWORD ))
{
cur_tokenp = strtok( NULL, " ");
if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
{
_dpd.logMsg("Bad value specified for %s."
"Reverting to default value %d. ",
SSH_MAX_CLIENT_BYTES_KEYWORD,
SSH_DEFAULT_MAX_CLIENT_BYTES );
}
else
{
ssh_config.MaxClientBytes = (u_int16_t)
atoi( cur_tokenp );
}
}
else if ( !strcmp( cur_tokenp, SSH_DISABLE_GOBBLES_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_GOBBLES;
}
else if ( !strcmp( cur_tokenp, SSH_DISABLE_CRC32_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_CRC32;
}
else if (
!strcmp( cur_tokenp, SSH_DISABLE_SECURECRT_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_SECURECRT;
}
else if (
!strcmp( cur_tokenp, SSH_DISABLE_PROTOMISMATCH_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_PROTOMISMATCH;
}
else if (
!strcmp( cur_tokenp, SSH_DISABLE_WRONGDIR_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_WRONGDIR;
}
else if ( !strcmp( cur_tokenp, SSH_DISABLE_RULES_KEYWORD ))
{
ssh_config.DisableRules++;
}
else if( !strcmp( cur_tokenp, SSH_DISABLE_PAYLOAD_SIZE ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_PAYSIZE;
}
else if( !strcmp( cur_tokenp, SSH_DISABLE_UNRECOGNIZED_VER ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_UNRECOGNIZED;
}
else
{
_dpd.fatalMsg("Invalid argument: %s\n", cur_tokenp);
return;
}
cur_tokenp = strtok( NULL, " " );
}
DisplaySSHConfig();
free(argcpyp);
}