示例#1
0
tree_cell * nasl_end_denial(lex_ctxt * lexic)
{
 int port = (int)arg_get_value(lexic->script_infos, "denial_port");
 int soc;
 int to = lexic->recv_timeout;
 struct arglist * script_infos = lexic->script_infos;
 tree_cell * retc = NULL;
 
 /* 
  * We must wait the time the DoS does its effect
  */
 Sleep(10);

 if(!port)
 {
  int ping = (int)arg_get_value(script_infos, "tcp_ping_result");
  
  if(ping) return nasl_tcp_ping(lexic);
  else
    {
      retc = alloc_tree_cell(0, NULL);
      retc->type = CONST_INT;
      retc->x.i_val = 1;
      return retc;
    }
 }
 else 
 {
   retc = alloc_tree_cell(0, NULL);
   retc->type = CONST_INT;

 soc = open_stream_connection(script_infos, port, NESSUS_ENCAPS_IP, to);
 if(soc > 0)
 {
  /* Send some data */
#define BOGUS "are you dead ?"
  if((nsend(soc, BOGUS, sizeof(BOGUS)-1, 0))>=0)
   {
   retc->x.i_val = 1;
   close_stream_connection(soc);
   return retc;
   }
  }
 }

   retc->x.i_val = 0;
   return retc;
 }
tree_cell* nasl_ereg_replace(lex_ctxt* lexic)
{
 char * pattern = get_str_local_var_by_name(lexic, "pattern");
 char * replace = get_str_local_var_by_name(lexic, "replace");
 char * string  = get_str_local_var_by_name(lexic, "string");
 int    icase   = get_int_local_var_by_name(lexic, "icase", 0);
 char * r; 
 tree_cell * retc;
 
 if(pattern == NULL || replace == NULL)
 {
  nasl_perror(lexic, "Usage : ereg_replace(string:<string>, pattern:<pat>, replace:<replace>, icase:<TRUE|FALSE>\n");
  return NULL;
 }
 if (string == NULL)
  {
#if NASL_DEBUG > 1
   nasl_perror(lexic, "ereg_replace: string == NULL\n");
#endif
    return NULL;
  }

 r = _regreplace(pattern, replace, string, icase, 1);
 
 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_DATA;
 retc->size = strlen(r);
 retc->x.str_val =  r;

 return retc;
}
tree_cell* nasl_hexstr(lex_ctxt * lexic)
{
 tree_cell * retc;
 char *s = get_str_var_by_num(lexic, 0);
 int len = get_var_size_by_num(lexic, 0);
 char * ret;
 int i;
 
 
 if(s == NULL)
   return NULL;
   
  ret = emalloc(len * 2 + 1);
  for(i=0;i<len;i++)
  {
   char tmp[3];
   snprintf(tmp, sizeof(tmp), "%02x", (unsigned char)s[i]);
   strcat(ret, tmp);
  }
   
  retc = alloc_tree_cell(0, NULL);
  retc->type = CONST_STR;
  retc->size = strlen(ret);
  retc->x.str_val = ret;
  
  return retc;
}
tree_cell*
nasl_strcat(lex_ctxt* lexic)
{
  tree_cell	*retc;
  char		*s;
  int		vi, vn, newlen;
  int		sz;


  retc = alloc_tree_cell(0, NULL);
  retc->type = CONST_DATA;
  retc->size = 0;
  retc->x.str_val = emalloc(0);

  vn = array_max_index(&lexic->ctx_vars);
  for (vi = 0; vi < vn; vi ++)
    {
      s = get_str_var_by_num(lexic, vi);
      if (s == NULL)
	continue;
      sz = get_var_size_by_num(lexic, vi);
      if (sz <= 0)
	sz = strlen(s);

      newlen = retc->size + sz;
      retc->x.str_val = erealloc(retc->x.str_val, newlen + 1);
      memcpy(retc->x.str_val + retc->size, s, sz);
      retc->size = newlen;
    }
  retc->x.str_val[retc->size] = '\0';
  return retc;
}
tree_cell* nasl_strstr(lex_ctxt * lexic)
{
 char * a = get_str_var_by_num(lexic, 0);
 char * b = get_str_var_by_num(lexic, 1);
 int sz_a = get_var_size_by_num(lexic, 0);
 int sz_b = get_var_size_by_num(lexic, 1);
 
 char * c;
 tree_cell * retc;
 
 
 
 if(a == NULL || b == NULL)
  return NULL;
 
 if(sz_b > sz_a)
  return NULL;
 
 c = (char*)memmem(a, sz_a, b, sz_b);
 if(c == NULL)
  return FAKE_CELL;
 
 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_DATA;
 retc->size = sz_a - (c - a);
 retc->x.str_val = strndup(c, retc->size);
 return retc;
}
示例#6
0
tree_cell *
alloc_typed_cell (int typ)
{
  tree_cell *c = alloc_tree_cell (0, NULL);
  c->type = typ;
  return c;
}
示例#7
0
tree_cell * nasl_ftp_log_in(lex_ctxt * lexic)
{
 char * u, *p;
 int soc;
 tree_cell *retc;
 int res;

 soc = get_int_local_var_by_name(lexic, "socket", 0);
 if(soc <= 0)
	 return NULL;

 u = get_str_local_var_by_name(lexic, "user");
 if( u == NULL )
	 u = "";
 
 p = get_str_local_var_by_name(lexic, "pass");
 if( p == NULL )
	 p = "";

 res = ftp_log_in(soc, u, p) == 0;
 
 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_INT;
 retc->x.i_val = res;

 return retc;
}
tree_cell*
nasl_chomp(lex_ctxt* lexic)
{
  tree_cell	*retc;
  char		*p = NULL, *str;
  int		i, len;


  str = get_str_var_by_num(lexic, 0);
  if (str == NULL)
    return NULL;
  len = get_var_size_by_num(lexic, 0);

  retc = alloc_tree_cell(0, NULL);
  retc->type = CONST_DATA;

  for (i = 0; i < len; i ++)
    if (isspace(str[i]))
      {
	if (p == NULL)
	  p = str + i;
      }
    else
      p = NULL;

  if (p != NULL)
    len = (p - str);

  retc->x.str_val = emalloc(len);
  retc->size = len;
  memcpy(retc->x.str_val, str, len);
  retc->x.str_val[len] = '\0';
  return retc;
}
示例#9
0
tree_cell *
dup_cell (const tree_cell * tc)
{
  tree_cell *r;
  int i;

  if (tc == NULL)
    return NULL;
  else if (tc == FAKE_CELL)
    return FAKE_CELL;

  r = alloc_tree_cell (tc->line_nb, NULL);
  r->type = tc->type;
  r->size = tc->size;
  switch (tc->type)
    {
    case CONST_STR:
    case CONST_DATA:
      r->x.str_val = emalloc (tc->size);
      memcpy (r->x.str_val, tc->x.str_val, tc->size);
      break;
    default:
      r->x = tc->x;
      break;
    }

  for (i = 0; i < 4; i++)
    r->link[i] = dup_cell (tc->link[i]);
  return r;
}
示例#10
0
/*-------------------[ Windows ]-------------------------------------*/
tree_cell *
nasl_get_sign (lex_ctxt * lexic)
{
  char *mac_key = (char *) get_str_var_by_name (lexic, "key");
  uint8_t *buf = (uint8_t *) get_str_var_by_name (lexic, "buf");
  int buflen = get_int_var_by_name (lexic, "buflen", -1);
  uint32 seq_num = get_int_var_by_name (lexic, "seq_number", -1);
  if (mac_key == NULL || buf == NULL || buflen == -1 || seq_num == -1)
    {
      nasl_perror (lexic,
                   "Syntax : get_sign(key:<k>, buf:<b>, buflen:<bl>, seq_number:<s>)\n");
      return NULL;
    }
  uint8_t calc_md5_mac[16];
  simple_packet_signature_ntlmssp ((uint8_t *) mac_key, buf, seq_num, calc_md5_mac);
  memcpy (buf + 18, calc_md5_mac, 8);
  char *ret = emalloc (buflen);
  bzero (ret, buflen);
  memcpy (ret, buf, buflen);
  tree_cell *retc;
  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_DATA;
  retc->size = buflen;
  retc->x.str_val = (char *) ret;
  return retc;
}
示例#11
0
tree_cell *
nasl_ntlm2_response (lex_ctxt * lexic)
{
  char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
  char *password = get_str_var_by_name (lexic, "password");
  unsigned char *nt_hash =
    (unsigned char *) get_str_var_by_name (lexic, "nt_hash");

  if (cryptkey == NULL || password == NULL)
    {
      nasl_perror (lexic,
                   "Syntax : ntlm2_response(cryptkey:<c>, password:<p>, nt_hash:<n>)\n");
      return NULL;
    }

  uint8_t lm_response[24];
  uint8_t nt_response[24];
  uint8_t session_key[16];

  tree_cell *retc;
  ntlmssp_genauth_ntlm2 (password, lm_response, nt_response, session_key,
                         cryptkey, nt_hash);
  int len = sizeof (lm_response) + sizeof (nt_response) + sizeof (session_key);
  char *ret = emalloc (len);
  memcpy (ret, lm_response, sizeof (lm_response));
  memcpy (ret + sizeof (lm_response), nt_response, sizeof (nt_response));
  memcpy (ret + sizeof (lm_response) + sizeof (nt_response), session_key,
          sizeof (session_key));
  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_DATA;
  retc->size = len;
  retc->x.str_val = ret;
  return retc;
}
/*---------------------------------------------------------------------*/
tree_cell* nasl_crap(lex_ctxt* lexic)
{
  tree_cell	*retc;
  char		*data = get_str_local_var_by_name(lexic, "data");
  int		data_len = -1;
  int		len = get_int_local_var_by_name(lexic, "length", -1);
  int		len2 = get_int_var_by_num(lexic, 0, -1);


  if(len < 0 && len2 < 0)
    {
      nasl_perror(lexic, "crap: invalid or missing 'length' argument\n");
      return NULL;
    }
  if (len >= 0 && len2 >= 0)
    {
      nasl_perror(lexic, "crap: cannot set both unnamed and named 'length'\n");
      return NULL;
    }
  if (len < 0)
    len = len2;

  if( len == 0 )
  	return FAKE_CELL;
	
  if (data != NULL)
    {
      data_len = get_var_size_by_name(lexic, "data");
      if (data_len == 0)
	{
	  nasl_perror(lexic, "crap: invalid null 'data' parameter\n");
	  return NULL;
	}
    }

  retc = alloc_tree_cell(0, NULL);
  retc->type = CONST_DATA /*CONST_STR*/;
  retc->x.str_val = emalloc(len+1);
  retc->size = len;
  if (data == NULL)
    memset(retc->x.str_val, 'X', len);
  else
    {
      int	i,r;
      for(i = 0; i < len - data_len; i += data_len)
	memcpy(retc->x.str_val + i, data, data_len);
	
      if(data_len != 1)
       {
        if((r = (len % data_len)) > 0)
 	 memcpy(retc->x.str_val + (len - r), data, r);
	else
	 memcpy(retc->x.str_val + (len - data_len), data, data_len);
       }
      else 
         retc->x.str_val[ len - 1 ] = data[0];
    }
  retc->x.str_val[len] = '\0';
  return retc;
}
示例#13
0
tree_cell *
nasl_socket_negotiate_ssl (lex_ctxt * lexic)
{
  int soc, transport, ret;
  tree_cell *retc;


  soc = get_int_local_var_by_name (lexic, "socket", -1);
  transport = get_int_local_var_by_name (lexic, "transport",
                                         OPENVAS_ENCAPS_TLScustom);
  if (soc < 0)
    {
      nasl_perror (lexic, "socket_ssl_negotiate: Erroneous socket value %d\n",
                   soc);
      return NULL;
    }
  if (transport == -1)
    transport = OPENVAS_ENCAPS_TLScustom;
  else if (!IS_ENCAPS_SSL (transport))
    {
      nasl_perror (lexic, "socket_ssl_negotiate: Erroneous transport value %d\n",
                   transport);
      return NULL;
    }
  ret = socket_negotiate_ssl (soc, transport, lexic->script_infos);
  if (ret < 0)
    return NULL;

  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_INT;
  retc->x.i_val = ret;
  return retc;
}
示例#14
0
tree_cell * script_get_preference(lex_ctxt * lexic)
{
 struct arglist *  script_infos = lexic->script_infos;
 tree_cell * retc;
 char * pref = get_str_var_by_num(lexic, 0);
 char * value;
 
 if(pref == NULL){
 	nasl_perror(lexic, "Argument error in the function script_get_preference()\n");
	nasl_perror(lexic, "Function usage is : pref = script_get_preference(<name>)\n");
 	return FAKE_CELL;
	}

 value = get_plugin_preference(script_infos, pref);
 if(value != NULL)
 {
 	 retc = alloc_tree_cell(0, NULL);
 	 if(isalldigit(value, strlen(value)))
	 {
	  retc->type = CONST_INT;
	  retc->x.i_val = atoi(value);
	 }
	 else
	 {
	  retc->type = CONST_DATA;
	  retc->size = strlen(value);
	  retc->x.str_val = estrdup(value);
	 }
	 return retc;
 } 
 else
	 return FAKE_CELL;
}
示例#15
0
tree_cell *
nasl_lm_owf_gen (lex_ctxt * lexic)
{
  char *pass = get_str_var_by_num (lexic, 0);
  int pass_len = get_var_size_by_num (lexic, 0);
  tree_cell *retc;
  uchar pwd[15];
  uchar p16[16];
  int i;

  if (pass_len < 0 || pass == NULL)
    {
      nasl_perror (lexic, "Syntax : nt_lm_gen(cryptkey:<c>, password:<p>)\n");
      return NULL;
    }

  bzero (pwd, sizeof (pwd));
  strncpy ((char *) pwd, pass, sizeof (pwd) - 1);
  for (i = 0; i < sizeof (pwd); i++)
    pwd[i] = toupper (pwd[i]);

  E_P16 (pwd, p16);

  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_DATA;
  retc->size = 16;
  retc->x.str_val = g_memdup (p16, 17);
  return retc;
}
示例#16
0
/*
 * Opening a UDP socket is a little more tricky, since
 * UDP works in a way which is different from TCP...
 * 
 * Our goal is to hide this difference for the end-user
 */
tree_cell * nasl_open_sock_udp(lex_ctxt * lexic)
{
 int soc;
 tree_cell * retc;
 int port;
 struct sockaddr_in soca;
 struct arglist *  script_infos = lexic->script_infos;
 struct in_addr * ia;

 port = get_int_var_by_num(lexic, 0, -1);
 if(port < 0)
	 return NULL;
   
 ia = plug_get_host_ip(script_infos);
 bzero(&soca, sizeof(soca));
 soca.sin_addr.s_addr = ia->s_addr;
 soca.sin_port = htons(port);
 soca.sin_family = AF_INET;

 soc = socket(AF_INET, SOCK_DGRAM, 0);
 add_socket(script_infos, soc);
 
 set_socket_source_addr(soc, 0);
 
 connect(soc, (struct sockaddr*)&soca, sizeof(soca));

 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_INT;
 retc->x.i_val = soc < 0 ? 0 : soc;
 return retc;
}
示例#17
0
tree_cell *
nasl_ntlmv1_hash (lex_ctxt * lexic)
{
  const uchar *cryptkey = (uchar *) get_str_var_by_name (lexic, "cryptkey");
  char *password = get_str_var_by_name (lexic, "passhash");
  int pass_len = get_var_size_by_name (lexic, "passhash");
  unsigned char p21[21];
  tree_cell *retc;
  uchar *ret;

  if (cryptkey == NULL || password == NULL)
    {
      nasl_perror (lexic, "Syntax : ntlmv1_hash(cryptkey:<c>, passhash:<p>)\n");
      return NULL;
    }

  bzero (p21, sizeof (p21));
  memcpy (p21, password, pass_len < 16 ? pass_len : 16);

  ret = emalloc (24);

  E_P24 (p21, cryptkey, ret);
  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_DATA;
  retc->size = 24;
  retc->x.str_val = (char *) ret;

  return retc;
}
示例#18
0
tree_cell *
nasl_keyexchg (lex_ctxt * lexic)
{
  char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
  uint8_t *session_key = (uint8_t *) get_str_var_by_name (lexic, "session_key");
  unsigned char *nt_hash =
    (unsigned char *) get_str_var_by_name (lexic, "nt_hash");

  if (cryptkey == NULL || session_key == NULL || nt_hash == NULL)
    {
      nasl_perror (lexic,
                   "Syntax : keyexchg(cryptkey:<c>, session_key:<s>, nt_hash:<n> )\n");
      return NULL;
    }
  uint8_t new_sess_key[16];
  tree_cell *retc;
  uint8_t *encrypted_session_key = NULL;
  encrypted_session_key =
    ntlmssp_genauth_keyexchg (session_key, cryptkey, nt_hash,
                              (uint8_t *) & new_sess_key);
  int len = 16 + 16;
  char *ret = emalloc (len);
  memcpy (ret, new_sess_key, 16);
  memcpy (ret + 16, encrypted_session_key, 16);
  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_DATA;
  retc->size = len;
  retc->x.str_val = ret;
  return retc;
}
示例#19
0
tree_cell*
nasl_make_list(lex_ctxt* lexic)
{
  tree_cell	*retc = NULL;
  int		i, j, vi;
  anon_nasl_var	*v;
  named_nasl_var *vn;
  nasl_array	*a, *a2;
  

  retc = alloc_tree_cell(0, NULL);
  retc->type = DYN_ARRAY;
  retc->x.ref_val = a = emalloc(sizeof(nasl_array));

  for (i = vi = 0; 
       (v = nasl_get_var_by_num(&lexic->ctx_vars, vi, 0)) != NULL;
       vi ++)
    {
      switch (v->var_type)
	{
	case VAR2_INT:
	case VAR2_STRING:
	case VAR2_DATA:
	  add_var_to_list(a, i ++, v);
	  break;

	case VAR2_ARRAY:
	  a2 = &v->v.v_arr;

	  for (j = 0; j < a2->max_idx; j ++)
	    if (add_var_to_list(a, i, a2->num_elt[j]) >= 1)
	      i ++;

	  if (a2->hash_elt != NULL)
	    {
#if NASL_DEBUG > 1
	      nasl_perror(lexic, "make_list: named arguments in array have no order\n");
#endif
	      for (j = 0; j < VAR_NAME_HASH; j++)
		for (vn = a2->hash_elt[j]; vn != NULL; vn = vn->next_var)
		  if (vn->u.var_type != VAR2_UNDEF)
		    if (add_var_to_list(a, i , &vn->u) >= 1)
		      i ++;
	    }

	  break;

	case VAR2_UNDEF:
	  nasl_perror(lexic, "nasl_make_list: undefined variable #%d skipped\n", i);
	  continue;

	default:
	  nasl_perror(lexic, "nasl_make_list: unhandled variable type 0x%x - skipped\n", v->var_type);
	  continue;
	}
    }

  return retc;
}
示例#20
0
/*---------------------------------------------------------------------*/
tree_cell * nasl_rand(lex_ctxt * lexic)
{
 tree_cell * retc;
 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_INT;
 retc->x.i_val = lrand48();
 return retc;
}
示例#21
0
tree_cell *
nasl_open_sock_tcp_bufsz (lex_ctxt * lexic, int bufsz)
{
  int soc = -1;
  struct arglist *script_infos = lexic->script_infos;
  int to, port;
  int transport = -1;
  const char *priority;
  tree_cell *retc;
  int type;

  to = get_int_local_var_by_name (lexic, "timeout", lexic->recv_timeout * 2);
  if (to < 0)
    to = 10;

  transport = get_int_local_var_by_name (lexic, "transport", -1);

  if (transport == OPENVAS_ENCAPS_TLScustom)
    {
      priority = get_str_local_var_by_name (lexic, "priority");
      if (!priority)
        priority = NULL;
      type = get_local_var_type_by_name (lexic, "priority");
      if (type != VAR2_STRING && type != VAR2_DATA)
        priority = NULL;
    }
  else
    priority = NULL;

  if (bufsz < 0)
    bufsz = get_int_local_var_by_name (lexic, "bufsz", 0);

  port = get_int_var_by_num (lexic, 0, -1);
  if (port < 0)
    return NULL;

  /* If "transport" has not been given, use auto detection if enabled
     in the KB. if "transport" has been given with a value of 0 force
     autodetection reagardless of what the KB tells.  */
  if (transport < 0)
    soc = open_stream_auto_encaps_ext (script_infos, port, to, 0);
  else if (transport == 0)
    soc = open_stream_auto_encaps_ext (script_infos, port, to, 1);
  else
    soc = open_stream_connection_ext (script_infos, port, transport, to,
                                      priority);
  if (bufsz > 0 && soc >= 0)
    {
      if (stream_set_buffer (soc, bufsz) < 0)
        nasl_perror (lexic, "stream_set_buffer: soc=%d,bufsz=%d\n", soc, bufsz);
    }

  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_INT;
  retc->x.i_val = soc < 0 ? 0 : soc;

  return retc;
}
示例#22
0
tree_cell*
var2cell(anon_nasl_var* v)
{
  tree_cell	*tc = alloc_tree_cell(0, NULL);

  tc->type = REF_VAR;
  tc->x.ref_val = v;		/* No need to free this later! */
  return tc;
}
示例#23
0
tree_cell *
alloc_expr_cell (int lnb, int t, tree_cell * l, tree_cell * r)
{
  tree_cell *c = alloc_tree_cell (lnb, NULL);
  c->type = t;
  c->link[0] = l;
  c->link[1] = r;
  return c;
}
示例#24
0
文件: nasl_host.c 项目: OPSF/uClinux
tree_cell * nasl_islocalnet(lex_ctxt * lexic)
{
    struct arglist *  script_infos = lexic->script_infos;
    struct in_addr * ip = plug_get_host_ip(script_infos);
    tree_cell * retc;

    retc = alloc_tree_cell(0, NULL);
    retc->type = CONST_INT;
    retc->x.i_val = is_local_ip(*ip);
    return retc;
}
示例#25
0
tree_cell* nasl_isnull(lex_ctxt* lexic)
{
  int		t;
  tree_cell	*retc;

  t = get_var_type_by_num(lexic, 0);
  retc = alloc_tree_cell(0, NULL);
  retc->type = CONST_INT;
  retc->x.i_val = (t == VAR2_UNDEF);
  return retc;
}
/*---------------------------------------------------------------------*/
tree_cell* nasl_int(lex_ctxt * lexic)
{
 int r = get_int_var_by_num(lexic, 0, 0);
 tree_cell * retc;
 
 retc = alloc_tree_cell(0, NULL);
 retc->type = CONST_INT;
 retc->x.i_val = r;
 
 return retc;
}
示例#27
0
tree_cell*
nasl_incr_variable(lex_ctxt* lexic, tree_cell* tc, int pre, int val)
{
  anon_nasl_var	*v;
  int		old_val = 0, new_val;
  tree_cell	*retc;

  if (tc->type != REF_VAR)
    {
      nasl_perror(lexic,
	      "nasl_incr_variable: argument (type=%d) is not REF_VAR %s\n",
	      tc->type, get_line_nb(tc));
      return NULL;
    }

  v = tc->x.ref_val;

  switch (v->var_type)
    {
    case VAR2_INT:
      old_val = v->v.v_int;
      break;
    case VAR2_STRING:
    case VAR2_DATA:
#if NASL_DEBUG > 0
      nasl_perror(lexic, "nasl_incr_variable: variable %s is a STRING %s - converting to integer\n", "", get_line_nb(tc));
#endif
      old_val = v->v.v_str.s_val == NULL ? 0 : atoi(v->v.v_str.s_val);
      break;
    case VAR2_UNDEF:
#if NASL_DEBUG > 0
      nasl_perror(lexic, "nasl_incr_variable: variable %s is undefined %s\n",
	      "", get_line_nb(tc));
#endif
      old_val = 0;
      break;

    default:
      nasl_perror(lexic, "nasl_incr_variable: variable %s has bad type %d %s\n",
	      /*get_var_name(v)*/ "", get_line_nb(tc));
      return NULL;
    }
  new_val = old_val + val;

  clear_anon_var(v);
  v->var_type = VAR2_INT;
  v->v.v_int = new_val;

  retc = alloc_tree_cell(0, NULL);
  retc->type = CONST_INT;
  retc->x.i_val = pre ? new_val : old_val;
  
  return retc;  
}
示例#28
0
文件: nasl_host.c 项目: OPSF/uClinux
tree_cell * nasl_this_host(lex_ctxt * lexic)
{
    struct arglist * script_infos = lexic->script_infos;
    tree_cell * retc;
    struct in_addr addr;
    char hostname[255];
    char * ret;
    struct in_addr *  ia = plug_get_host_ip(script_infos);
    struct in_addr src;


    retc = alloc_tree_cell(0, NULL);
    retc->type = CONST_DATA;

    addr = socket_get_next_source_addr(arg_get_value(script_infos, "globals"));
    if ( addr.s_addr != INADDR_ANY )
    {
        retc->x.str_val = estrdup(inet_ntoa(addr));
        retc->size = strlen(retc->x.str_val);
        return retc;
    }




    src.s_addr = 0;
    if(ia)
    {
        if(islocalhost(ia))
            src.s_addr = ia->s_addr;
        else
            (void)routethrough(ia, &src);

        if(src.s_addr) {
            char * ret;

            ret = estrdup(inet_ntoa(src));
            retc->x.str_val = ret;
            retc->size = strlen(ret);

            return retc;
        }

        hostname[sizeof(hostname) - 1] = '\0';
        gethostname(hostname, sizeof(hostname) - 1);
        addr = nn_resolve(hostname);

        ret = estrdup(inet_ntoa(addr));
        retc->x.str_val = ret;
        retc->size = strlen(ret);
    }
    return retc;
}
示例#29
0
文件: nasl_host.c 项目: OPSF/uClinux
tree_cell * get_host_open_port(lex_ctxt * lexic)
{
    struct arglist *  script_infos = lexic->script_infos;
    unsigned int port = plug_get_host_open_port(script_infos);
    tree_cell * retc;

    retc = alloc_tree_cell(0, NULL);
    retc->type = CONST_INT;
    retc->x.i_val = port;

    return retc;
}
示例#30
0
tree_cell *
nasl_ntlmv2_hash (lex_ctxt * lexic)
{
  const uchar *server_chal = (uchar *) get_str_var_by_name (lexic, "cryptkey");
  int sc_len = get_var_size_by_name (lexic, "cryptkey");
  const uchar *ntlm_v2_hash = (uchar *) get_str_var_by_name (lexic, "passhash");
  int hash_len = get_var_size_by_name (lexic, "passhash");
  int client_chal_length = get_int_var_by_name (lexic, "length", -1);
  tree_cell *retc;
  unsigned char ntlmv2_response[16];
  unsigned char *ntlmv2_client_data = NULL;
  unsigned char *final_response;
  int i;

  if (sc_len < 0 || server_chal == NULL || hash_len < 0 || ntlm_v2_hash == NULL
      || client_chal_length < 0)
    {
      nasl_perror (lexic,
                   "Syntax : ntlmv2_hash(cryptkey:<c>, passhash:<p>, length:<l>)\n");
      return NULL;
    }

  /* NTLMv2 */

  /* We also get to specify some random data */
  ntlmv2_client_data = emalloc (client_chal_length);
  for (i = 0; i < client_chal_length; i++)
    ntlmv2_client_data[i] = rand () % 256;



  assert (hash_len == 16);
  /* Given that data, and the challenge from the server, generate a response */
  SMBOWFencrypt_ntv2_ntlmssp(ntlm_v2_hash, server_chal, 8, ntlmv2_client_data,
                      client_chal_length, ntlmv2_response);

  /* put it into nt_response, for the code below to put into the packet */
  final_response = emalloc (client_chal_length + sizeof (ntlmv2_response));
  memcpy (final_response, ntlmv2_response, sizeof (ntlmv2_response));
  /* after the first 16 bytes is the random data we generated above, so the server can verify us with it */
  memcpy (final_response + sizeof (ntlmv2_response), ntlmv2_client_data,
          client_chal_length);

  efree (&ntlmv2_client_data);

  retc = alloc_tree_cell (0, NULL);
  retc->type = CONST_DATA;
  retc->size = client_chal_length + sizeof (ntlmv2_response);
  retc->x.str_val = (char *) final_response;

  return retc;
}