tree_cell * nasl_end_denial(lex_ctxt * lexic)
{
int port = (int)arg_get_value(lexic->script_infos, "denial_port");
int soc;
int to = lexic->recv_timeout;
struct arglist * script_infos = lexic->script_infos;
tree_cell * retc = NULL;
/*
* We must wait the time the DoS does its effect
*/
Sleep(10);
if(!port)
{
int ping = (int)arg_get_value(script_infos, "tcp_ping_result");
if(ping) return nasl_tcp_ping(lexic);
else
{
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = 1;
return retc;
}
}
else
{
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
soc = open_stream_connection(script_infos, port, NESSUS_ENCAPS_IP, to);
if(soc > 0)
{
/* Send some data */
#define BOGUS "are you dead ?"
if((nsend(soc, BOGUS, sizeof(BOGUS)-1, 0))>=0)
{
retc->x.i_val = 1;
close_stream_connection(soc);
return retc;
}
}
}
retc->x.i_val = 0;
return retc;
}
tree_cell* nasl_ereg_replace(lex_ctxt* lexic)
{
char * pattern = get_str_local_var_by_name(lexic, "pattern");
char * replace = get_str_local_var_by_name(lexic, "replace");
char * string = get_str_local_var_by_name(lexic, "string");
int icase = get_int_local_var_by_name(lexic, "icase", 0);
char * r;
tree_cell * retc;
if(pattern == NULL || replace == NULL)
{
nasl_perror(lexic, "Usage : ereg_replace(string:<string>, pattern:<pat>, replace:<replace>, icase:<TRUE|FALSE>\n");
return NULL;
}
if (string == NULL)
{
#if NASL_DEBUG > 1
nasl_perror(lexic, "ereg_replace: string == NULL\n");
#endif
return NULL;
}
r = _regreplace(pattern, replace, string, icase, 1);
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
retc->size = strlen(r);
retc->x.str_val = r;
return retc;
}
tree_cell* nasl_hexstr(lex_ctxt * lexic)
{
tree_cell * retc;
char *s = get_str_var_by_num(lexic, 0);
int len = get_var_size_by_num(lexic, 0);
char * ret;
int i;
if(s == NULL)
return NULL;
ret = emalloc(len * 2 + 1);
for(i=0;i<len;i++)
{
char tmp[3];
snprintf(tmp, sizeof(tmp), "%02x", (unsigned char)s[i]);
strcat(ret, tmp);
}
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_STR;
retc->size = strlen(ret);
retc->x.str_val = ret;
return retc;
}
tree_cell*
nasl_strcat(lex_ctxt* lexic)
{
tree_cell *retc;
char *s;
int vi, vn, newlen;
int sz;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
retc->size = 0;
retc->x.str_val = emalloc(0);
vn = array_max_index(&lexic->ctx_vars);
for (vi = 0; vi < vn; vi ++)
{
s = get_str_var_by_num(lexic, vi);
if (s == NULL)
continue;
sz = get_var_size_by_num(lexic, vi);
if (sz <= 0)
sz = strlen(s);
newlen = retc->size + sz;
retc->x.str_val = erealloc(retc->x.str_val, newlen + 1);
memcpy(retc->x.str_val + retc->size, s, sz);
retc->size = newlen;
}
retc->x.str_val[retc->size] = '\0';
return retc;
}
tree_cell* nasl_strstr(lex_ctxt * lexic)
{
char * a = get_str_var_by_num(lexic, 0);
char * b = get_str_var_by_num(lexic, 1);
int sz_a = get_var_size_by_num(lexic, 0);
int sz_b = get_var_size_by_num(lexic, 1);
char * c;
tree_cell * retc;
if(a == NULL || b == NULL)
return NULL;
if(sz_b > sz_a)
return NULL;
c = (char*)memmem(a, sz_a, b, sz_b);
if(c == NULL)
return FAKE_CELL;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
retc->size = sz_a - (c - a);
retc->x.str_val = strndup(c, retc->size);
return retc;
}
tree_cell *
alloc_typed_cell (int typ)
{
tree_cell *c = alloc_tree_cell (0, NULL);
c->type = typ;
return c;
}
tree_cell * nasl_ftp_log_in(lex_ctxt * lexic)
{
char * u, *p;
int soc;
tree_cell *retc;
int res;
soc = get_int_local_var_by_name(lexic, "socket", 0);
if(soc <= 0)
return NULL;
u = get_str_local_var_by_name(lexic, "user");
if( u == NULL )
u = "";
p = get_str_local_var_by_name(lexic, "pass");
if( p == NULL )
p = "";
res = ftp_log_in(soc, u, p) == 0;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = res;
return retc;
}
tree_cell*
nasl_chomp(lex_ctxt* lexic)
{
tree_cell *retc;
char *p = NULL, *str;
int i, len;
str = get_str_var_by_num(lexic, 0);
if (str == NULL)
return NULL;
len = get_var_size_by_num(lexic, 0);
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
for (i = 0; i < len; i ++)
if (isspace(str[i]))
{
if (p == NULL)
p = str + i;
}
else
p = NULL;
if (p != NULL)
len = (p - str);
retc->x.str_val = emalloc(len);
retc->size = len;
memcpy(retc->x.str_val, str, len);
retc->x.str_val[len] = '\0';
return retc;
}
tree_cell *
dup_cell (const tree_cell * tc)
{
tree_cell *r;
int i;
if (tc == NULL)
return NULL;
else if (tc == FAKE_CELL)
return FAKE_CELL;
r = alloc_tree_cell (tc->line_nb, NULL);
r->type = tc->type;
r->size = tc->size;
switch (tc->type)
{
case CONST_STR:
case CONST_DATA:
r->x.str_val = emalloc (tc->size);
memcpy (r->x.str_val, tc->x.str_val, tc->size);
break;
default:
r->x = tc->x;
break;
}
for (i = 0; i < 4; i++)
r->link[i] = dup_cell (tc->link[i]);
return r;
}
/*-------------------[ Windows ]-------------------------------------*/
tree_cell *
nasl_get_sign (lex_ctxt * lexic)
{
char *mac_key = (char *) get_str_var_by_name (lexic, "key");
uint8_t *buf = (uint8_t *) get_str_var_by_name (lexic, "buf");
int buflen = get_int_var_by_name (lexic, "buflen", -1);
uint32 seq_num = get_int_var_by_name (lexic, "seq_number", -1);
if (mac_key == NULL || buf == NULL || buflen == -1 || seq_num == -1)
{
nasl_perror (lexic,
"Syntax : get_sign(key:<k>, buf:<b>, buflen:<bl>, seq_number:<s>)\n");
return NULL;
}
uint8_t calc_md5_mac[16];
simple_packet_signature_ntlmssp ((uint8_t *) mac_key, buf, seq_num, calc_md5_mac);
memcpy (buf + 18, calc_md5_mac, 8);
char *ret = emalloc (buflen);
bzero (ret, buflen);
memcpy (ret, buf, buflen);
tree_cell *retc;
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = buflen;
retc->x.str_val = (char *) ret;
return retc;
}
tree_cell *
nasl_ntlm2_response (lex_ctxt * lexic)
{
char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
char *password = get_str_var_by_name (lexic, "password");
unsigned char *nt_hash =
(unsigned char *) get_str_var_by_name (lexic, "nt_hash");
if (cryptkey == NULL || password == NULL)
{
nasl_perror (lexic,
"Syntax : ntlm2_response(cryptkey:<c>, password:<p>, nt_hash:<n>)\n");
return NULL;
}
uint8_t lm_response[24];
uint8_t nt_response[24];
uint8_t session_key[16];
tree_cell *retc;
ntlmssp_genauth_ntlm2 (password, lm_response, nt_response, session_key,
cryptkey, nt_hash);
int len = sizeof (lm_response) + sizeof (nt_response) + sizeof (session_key);
char *ret = emalloc (len);
memcpy (ret, lm_response, sizeof (lm_response));
memcpy (ret + sizeof (lm_response), nt_response, sizeof (nt_response));
memcpy (ret + sizeof (lm_response) + sizeof (nt_response), session_key,
sizeof (session_key));
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = len;
retc->x.str_val = ret;
return retc;
}
/*---------------------------------------------------------------------*/
tree_cell* nasl_crap(lex_ctxt* lexic)
{
tree_cell *retc;
char *data = get_str_local_var_by_name(lexic, "data");
int data_len = -1;
int len = get_int_local_var_by_name(lexic, "length", -1);
int len2 = get_int_var_by_num(lexic, 0, -1);
if(len < 0 && len2 < 0)
{
nasl_perror(lexic, "crap: invalid or missing 'length' argument\n");
return NULL;
}
if (len >= 0 && len2 >= 0)
{
nasl_perror(lexic, "crap: cannot set both unnamed and named 'length'\n");
return NULL;
}
if (len < 0)
len = len2;
if( len == 0 )
return FAKE_CELL;
if (data != NULL)
{
data_len = get_var_size_by_name(lexic, "data");
if (data_len == 0)
{
nasl_perror(lexic, "crap: invalid null 'data' parameter\n");
return NULL;
}
}
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA /*CONST_STR*/;
retc->x.str_val = emalloc(len+1);
retc->size = len;
if (data == NULL)
memset(retc->x.str_val, 'X', len);
else
{
int i,r;
for(i = 0; i < len - data_len; i += data_len)
memcpy(retc->x.str_val + i, data, data_len);
if(data_len != 1)
{
if((r = (len % data_len)) > 0)
memcpy(retc->x.str_val + (len - r), data, r);
else
memcpy(retc->x.str_val + (len - data_len), data, data_len);
}
else
retc->x.str_val[ len - 1 ] = data[0];
}
retc->x.str_val[len] = '\0';
return retc;
}
tree_cell *
nasl_socket_negotiate_ssl (lex_ctxt * lexic)
{
int soc, transport, ret;
tree_cell *retc;
soc = get_int_local_var_by_name (lexic, "socket", -1);
transport = get_int_local_var_by_name (lexic, "transport",
OPENVAS_ENCAPS_TLScustom);
if (soc < 0)
{
nasl_perror (lexic, "socket_ssl_negotiate: Erroneous socket value %d\n",
soc);
return NULL;
}
if (transport == -1)
transport = OPENVAS_ENCAPS_TLScustom;
else if (!IS_ENCAPS_SSL (transport))
{
nasl_perror (lexic, "socket_ssl_negotiate: Erroneous transport value %d\n",
transport);
return NULL;
}
ret = socket_negotiate_ssl (soc, transport, lexic->script_infos);
if (ret < 0)
return NULL;
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_INT;
retc->x.i_val = ret;
return retc;
}
tree_cell * script_get_preference(lex_ctxt * lexic)
{
struct arglist * script_infos = lexic->script_infos;
tree_cell * retc;
char * pref = get_str_var_by_num(lexic, 0);
char * value;
if(pref == NULL){
nasl_perror(lexic, "Argument error in the function script_get_preference()\n");
nasl_perror(lexic, "Function usage is : pref = script_get_preference(<name>)\n");
return FAKE_CELL;
}
value = get_plugin_preference(script_infos, pref);
if(value != NULL)
{
retc = alloc_tree_cell(0, NULL);
if(isalldigit(value, strlen(value)))
{
retc->type = CONST_INT;
retc->x.i_val = atoi(value);
}
else
{
retc->type = CONST_DATA;
retc->size = strlen(value);
retc->x.str_val = estrdup(value);
}
return retc;
}
else
return FAKE_CELL;
}
tree_cell *
nasl_lm_owf_gen (lex_ctxt * lexic)
{
char *pass = get_str_var_by_num (lexic, 0);
int pass_len = get_var_size_by_num (lexic, 0);
tree_cell *retc;
uchar pwd[15];
uchar p16[16];
int i;
if (pass_len < 0 || pass == NULL)
{
nasl_perror (lexic, "Syntax : nt_lm_gen(cryptkey:<c>, password:<p>)\n");
return NULL;
}
bzero (pwd, sizeof (pwd));
strncpy ((char *) pwd, pass, sizeof (pwd) - 1);
for (i = 0; i < sizeof (pwd); i++)
pwd[i] = toupper (pwd[i]);
E_P16 (pwd, p16);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = 16;
retc->x.str_val = g_memdup (p16, 17);
return retc;
}
/*
* Opening a UDP socket is a little more tricky, since
* UDP works in a way which is different from TCP...
*
* Our goal is to hide this difference for the end-user
*/
tree_cell * nasl_open_sock_udp(lex_ctxt * lexic)
{
int soc;
tree_cell * retc;
int port;
struct sockaddr_in soca;
struct arglist * script_infos = lexic->script_infos;
struct in_addr * ia;
port = get_int_var_by_num(lexic, 0, -1);
if(port < 0)
return NULL;
ia = plug_get_host_ip(script_infos);
bzero(&soca, sizeof(soca));
soca.sin_addr.s_addr = ia->s_addr;
soca.sin_port = htons(port);
soca.sin_family = AF_INET;
soc = socket(AF_INET, SOCK_DGRAM, 0);
add_socket(script_infos, soc);
set_socket_source_addr(soc, 0);
connect(soc, (struct sockaddr*)&soca, sizeof(soca));
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = soc < 0 ? 0 : soc;
return retc;
}
tree_cell *
nasl_ntlmv1_hash (lex_ctxt * lexic)
{
const uchar *cryptkey = (uchar *) get_str_var_by_name (lexic, "cryptkey");
char *password = get_str_var_by_name (lexic, "passhash");
int pass_len = get_var_size_by_name (lexic, "passhash");
unsigned char p21[21];
tree_cell *retc;
uchar *ret;
if (cryptkey == NULL || password == NULL)
{
nasl_perror (lexic, "Syntax : ntlmv1_hash(cryptkey:<c>, passhash:<p>)\n");
return NULL;
}
bzero (p21, sizeof (p21));
memcpy (p21, password, pass_len < 16 ? pass_len : 16);
ret = emalloc (24);
E_P24 (p21, cryptkey, ret);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = 24;
retc->x.str_val = (char *) ret;
return retc;
}
tree_cell *
nasl_keyexchg (lex_ctxt * lexic)
{
char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
uint8_t *session_key = (uint8_t *) get_str_var_by_name (lexic, "session_key");
unsigned char *nt_hash =
(unsigned char *) get_str_var_by_name (lexic, "nt_hash");
if (cryptkey == NULL || session_key == NULL || nt_hash == NULL)
{
nasl_perror (lexic,
"Syntax : keyexchg(cryptkey:<c>, session_key:<s>, nt_hash:<n> )\n");
return NULL;
}
uint8_t new_sess_key[16];
tree_cell *retc;
uint8_t *encrypted_session_key = NULL;
encrypted_session_key =
ntlmssp_genauth_keyexchg (session_key, cryptkey, nt_hash,
(uint8_t *) & new_sess_key);
int len = 16 + 16;
char *ret = emalloc (len);
memcpy (ret, new_sess_key, 16);
memcpy (ret + 16, encrypted_session_key, 16);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = len;
retc->x.str_val = ret;
return retc;
}
tree_cell*
nasl_make_list(lex_ctxt* lexic)
{
tree_cell *retc = NULL;
int i, j, vi;
anon_nasl_var *v;
named_nasl_var *vn;
nasl_array *a, *a2;
retc = alloc_tree_cell(0, NULL);
retc->type = DYN_ARRAY;
retc->x.ref_val = a = emalloc(sizeof(nasl_array));
for (i = vi = 0;
(v = nasl_get_var_by_num(&lexic->ctx_vars, vi, 0)) != NULL;
vi ++)
{
switch (v->var_type)
{
case VAR2_INT:
case VAR2_STRING:
case VAR2_DATA:
add_var_to_list(a, i ++, v);
break;
case VAR2_ARRAY:
a2 = &v->v.v_arr;
for (j = 0; j < a2->max_idx; j ++)
if (add_var_to_list(a, i, a2->num_elt[j]) >= 1)
i ++;
if (a2->hash_elt != NULL)
{
#if NASL_DEBUG > 1
nasl_perror(lexic, "make_list: named arguments in array have no order\n");
#endif
for (j = 0; j < VAR_NAME_HASH; j++)
for (vn = a2->hash_elt[j]; vn != NULL; vn = vn->next_var)
if (vn->u.var_type != VAR2_UNDEF)
if (add_var_to_list(a, i , &vn->u) >= 1)
i ++;
}
break;
case VAR2_UNDEF:
nasl_perror(lexic, "nasl_make_list: undefined variable #%d skipped\n", i);
continue;
default:
nasl_perror(lexic, "nasl_make_list: unhandled variable type 0x%x - skipped\n", v->var_type);
continue;
}
}
return retc;
}
/*---------------------------------------------------------------------*/
tree_cell * nasl_rand(lex_ctxt * lexic)
{
tree_cell * retc;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = lrand48();
return retc;
}
tree_cell *
nasl_open_sock_tcp_bufsz (lex_ctxt * lexic, int bufsz)
{
int soc = -1;
struct arglist *script_infos = lexic->script_infos;
int to, port;
int transport = -1;
const char *priority;
tree_cell *retc;
int type;
to = get_int_local_var_by_name (lexic, "timeout", lexic->recv_timeout * 2);
if (to < 0)
to = 10;
transport = get_int_local_var_by_name (lexic, "transport", -1);
if (transport == OPENVAS_ENCAPS_TLScustom)
{
priority = get_str_local_var_by_name (lexic, "priority");
if (!priority)
priority = NULL;
type = get_local_var_type_by_name (lexic, "priority");
if (type != VAR2_STRING && type != VAR2_DATA)
priority = NULL;
}
else
priority = NULL;
if (bufsz < 0)
bufsz = get_int_local_var_by_name (lexic, "bufsz", 0);
port = get_int_var_by_num (lexic, 0, -1);
if (port < 0)
return NULL;
/* If "transport" has not been given, use auto detection if enabled
in the KB. if "transport" has been given with a value of 0 force
autodetection reagardless of what the KB tells. */
if (transport < 0)
soc = open_stream_auto_encaps_ext (script_infos, port, to, 0);
else if (transport == 0)
soc = open_stream_auto_encaps_ext (script_infos, port, to, 1);
else
soc = open_stream_connection_ext (script_infos, port, transport, to,
priority);
if (bufsz > 0 && soc >= 0)
{
if (stream_set_buffer (soc, bufsz) < 0)
nasl_perror (lexic, "stream_set_buffer: soc=%d,bufsz=%d\n", soc, bufsz);
}
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_INT;
retc->x.i_val = soc < 0 ? 0 : soc;
return retc;
}
tree_cell*
var2cell(anon_nasl_var* v)
{
tree_cell *tc = alloc_tree_cell(0, NULL);
tc->type = REF_VAR;
tc->x.ref_val = v; /* No need to free this later! */
return tc;
}
tree_cell *
alloc_expr_cell (int lnb, int t, tree_cell * l, tree_cell * r)
{
tree_cell *c = alloc_tree_cell (lnb, NULL);
c->type = t;
c->link[0] = l;
c->link[1] = r;
return c;
}
tree_cell * nasl_islocalnet(lex_ctxt * lexic)
{
struct arglist * script_infos = lexic->script_infos;
struct in_addr * ip = plug_get_host_ip(script_infos);
tree_cell * retc;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = is_local_ip(*ip);
return retc;
}
tree_cell* nasl_isnull(lex_ctxt* lexic)
{
int t;
tree_cell *retc;
t = get_var_type_by_num(lexic, 0);
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = (t == VAR2_UNDEF);
return retc;
}
/*---------------------------------------------------------------------*/
tree_cell* nasl_int(lex_ctxt * lexic)
{
int r = get_int_var_by_num(lexic, 0, 0);
tree_cell * retc;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = r;
return retc;
}
tree_cell*
nasl_incr_variable(lex_ctxt* lexic, tree_cell* tc, int pre, int val)
{
anon_nasl_var *v;
int old_val = 0, new_val;
tree_cell *retc;
if (tc->type != REF_VAR)
{
nasl_perror(lexic,
"nasl_incr_variable: argument (type=%d) is not REF_VAR %s\n",
tc->type, get_line_nb(tc));
return NULL;
}
v = tc->x.ref_val;
switch (v->var_type)
{
case VAR2_INT:
old_val = v->v.v_int;
break;
case VAR2_STRING:
case VAR2_DATA:
#if NASL_DEBUG > 0
nasl_perror(lexic, "nasl_incr_variable: variable %s is a STRING %s - converting to integer\n", "", get_line_nb(tc));
#endif
old_val = v->v.v_str.s_val == NULL ? 0 : atoi(v->v.v_str.s_val);
break;
case VAR2_UNDEF:
#if NASL_DEBUG > 0
nasl_perror(lexic, "nasl_incr_variable: variable %s is undefined %s\n",
"", get_line_nb(tc));
#endif
old_val = 0;
break;
default:
nasl_perror(lexic, "nasl_incr_variable: variable %s has bad type %d %s\n",
/*get_var_name(v)*/ "", get_line_nb(tc));
return NULL;
}
new_val = old_val + val;
clear_anon_var(v);
v->var_type = VAR2_INT;
v->v.v_int = new_val;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = pre ? new_val : old_val;
return retc;
}
tree_cell * nasl_this_host(lex_ctxt * lexic)
{
struct arglist * script_infos = lexic->script_infos;
tree_cell * retc;
struct in_addr addr;
char hostname[255];
char * ret;
struct in_addr * ia = plug_get_host_ip(script_infos);
struct in_addr src;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
addr = socket_get_next_source_addr(arg_get_value(script_infos, "globals"));
if ( addr.s_addr != INADDR_ANY )
{
retc->x.str_val = estrdup(inet_ntoa(addr));
retc->size = strlen(retc->x.str_val);
return retc;
}
src.s_addr = 0;
if(ia)
{
if(islocalhost(ia))
src.s_addr = ia->s_addr;
else
(void)routethrough(ia, &src);
if(src.s_addr) {
char * ret;
ret = estrdup(inet_ntoa(src));
retc->x.str_val = ret;
retc->size = strlen(ret);
return retc;
}
hostname[sizeof(hostname) - 1] = '\0';
gethostname(hostname, sizeof(hostname) - 1);
addr = nn_resolve(hostname);
ret = estrdup(inet_ntoa(addr));
retc->x.str_val = ret;
retc->size = strlen(ret);
}
return retc;
}
tree_cell * get_host_open_port(lex_ctxt * lexic)
{
struct arglist * script_infos = lexic->script_infos;
unsigned int port = plug_get_host_open_port(script_infos);
tree_cell * retc;
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_INT;
retc->x.i_val = port;
return retc;
}
tree_cell *
nasl_ntlmv2_hash (lex_ctxt * lexic)
{
const uchar *server_chal = (uchar *) get_str_var_by_name (lexic, "cryptkey");
int sc_len = get_var_size_by_name (lexic, "cryptkey");
const uchar *ntlm_v2_hash = (uchar *) get_str_var_by_name (lexic, "passhash");
int hash_len = get_var_size_by_name (lexic, "passhash");
int client_chal_length = get_int_var_by_name (lexic, "length", -1);
tree_cell *retc;
unsigned char ntlmv2_response[16];
unsigned char *ntlmv2_client_data = NULL;
unsigned char *final_response;
int i;
if (sc_len < 0 || server_chal == NULL || hash_len < 0 || ntlm_v2_hash == NULL
|| client_chal_length < 0)
{
nasl_perror (lexic,
"Syntax : ntlmv2_hash(cryptkey:<c>, passhash:<p>, length:<l>)\n");
return NULL;
}
/* NTLMv2 */
/* We also get to specify some random data */
ntlmv2_client_data = emalloc (client_chal_length);
for (i = 0; i < client_chal_length; i++)
ntlmv2_client_data[i] = rand () % 256;
assert (hash_len == 16);
/* Given that data, and the challenge from the server, generate a response */
SMBOWFencrypt_ntv2_ntlmssp(ntlm_v2_hash, server_chal, 8, ntlmv2_client_data,
client_chal_length, ntlmv2_response);
/* put it into nt_response, for the code below to put into the packet */
final_response = emalloc (client_chal_length + sizeof (ntlmv2_response));
memcpy (final_response, ntlmv2_response, sizeof (ntlmv2_response));
/* after the first 16 bytes is the random data we generated above, so the server can verify us with it */
memcpy (final_response + sizeof (ntlmv2_response), ntlmv2_client_data,
client_chal_length);
efree (&ntlmv2_client_data);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = client_chal_length + sizeof (ntlmv2_response);
retc->x.str_val = (char *) final_response;
return retc;
}