suricata
util-lua-ssh.c
Go to the documentation of this file.
1 /* Copyright (C) 2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 
19 /**
20  * \file
21  *
22  * \author Mats Klepsland <mats.klepsland@gmail.com>
23  *
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "pkt-var.h"
29 #include "conf.h"
30 
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 
35 #include "util-print.h"
36 #include "util-unittest.h"
37 
38 #include "util-debug.h"
39 
40 #include "output.h"
41 #include "app-layer.h"
42 #include "app-layer-parser.h"
43 #include "app-layer-ssh.h"
44 #include "util-privs.h"
45 #include "util-buffer.h"
46 #include "util-proto-name.h"
47 #include "util-logopenfile.h"
48 #include "util-time.h"
49 #include "rust.h"
50 
51 #ifdef HAVE_LUA
52 
53 #include <lua.h>
54 #include <lualib.h>
55 #include <lauxlib.h>
56 
57 #include "util-lua.h"
58 #include "util-lua-common.h"
59 #include "util-lua-ssh.h"
60 
61 static int GetServerProtoVersion(lua_State *luastate, const Flow *f)
62 {
63  void *state = FlowGetAppState(f);
64  if (state == NULL)
65  return LuaCallbackError(luastate, "error: no app layer state");
66  const uint8_t *protocol = NULL;
67  uint32_t b_len = 0;
68 
69  void *tx = rs_ssh_state_get_tx(state, 0);
70  if (rs_ssh_tx_get_protocol(tx, &protocol, &b_len, STREAM_TOCLIENT) != 1)
71  return LuaCallbackError(luastate, "error: no server proto version");
72  if (protocol == NULL || b_len == 0) {
73  return LuaCallbackError(luastate, "error: no server proto version");
74  }
75 
76  return LuaPushStringBuffer(luastate, protocol, b_len);
77 }
78 
79 static int SshGetServerProtoVersion(lua_State *luastate)
80 {
81  int r;
82 
83  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
84  return LuaCallbackError(luastate, "error: protocol not ssh");
85 
86  Flow *f = LuaStateGetFlow(luastate);
87  if (f == NULL)
88  return LuaCallbackError(luastate, "internal error: no flow");
89 
90  r = GetServerProtoVersion(luastate, f);
91 
92  return r;
93 }
94 
95 static int GetServerSoftwareVersion(lua_State *luastate, const Flow *f)
96 {
97  void *state = FlowGetAppState(f);
98  if (state == NULL)
99  return LuaCallbackError(luastate, "error: no app layer state");
100 
101  const uint8_t *software = NULL;
102  uint32_t b_len = 0;
103 
104  void *tx = rs_ssh_state_get_tx(state, 0);
105  if (rs_ssh_tx_get_software(tx, &software, &b_len, STREAM_TOCLIENT) != 1)
106  return LuaCallbackError(luastate, "error: no server software version");
107  if (software == NULL || b_len == 0) {
108  return LuaCallbackError(luastate, "error: no server software version");
109  }
110 
111  return LuaPushStringBuffer(luastate, software, b_len);
112 }
113 
114 static int SshGetServerSoftwareVersion(lua_State *luastate)
115 {
116  int r;
117 
118  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
119  return LuaCallbackError(luastate, "error: protocol not ssh");
120 
121  Flow *f = LuaStateGetFlow(luastate);
122  if (f == NULL)
123  return LuaCallbackError(luastate, "internal error: no flow");
124 
125  r = GetServerSoftwareVersion(luastate, f);
126 
127  return r;
128 }
129 
130 static int GetClientProtoVersion(lua_State *luastate, const Flow *f)
131 {
132  void *state = FlowGetAppState(f);
133  if (state == NULL)
134  return LuaCallbackError(luastate, "error: no app layer state");
135 
136  const uint8_t *protocol = NULL;
137  uint32_t b_len = 0;
138 
139  void *tx = rs_ssh_state_get_tx(state, 0);
140  if (rs_ssh_tx_get_protocol(tx, &protocol, &b_len, STREAM_TOSERVER) != 1)
141  return LuaCallbackError(luastate, "error: no client proto version");
142  if (protocol == NULL || b_len == 0) {
143  return LuaCallbackError(luastate, "error: no client proto version");
144  }
145 
146  return LuaPushStringBuffer(luastate, protocol, b_len);
147 }
148 
149 static int SshGetClientProtoVersion(lua_State *luastate)
150 {
151  int r;
152 
153  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
154  return LuaCallbackError(luastate, "error: protocol not ssh");
155 
156  Flow *f = LuaStateGetFlow(luastate);
157  if (f == NULL)
158  return LuaCallbackError(luastate, "internal error: no flow");
159 
160  r = GetClientProtoVersion(luastate, f);
161 
162  return r;
163 }
164 
165 static int GetClientSoftwareVersion(lua_State *luastate, const Flow *f)
166 {
167  void *state = FlowGetAppState(f);
168  if (state == NULL)
169  return LuaCallbackError(luastate, "error: no app layer state");
170 
171  const uint8_t *software = NULL;
172  uint32_t b_len = 0;
173 
174  void *tx = rs_ssh_state_get_tx(state, 0);
175  if (rs_ssh_tx_get_software(tx, &software, &b_len, STREAM_TOSERVER) != 1)
176  return LuaCallbackError(luastate, "error: no client software version");
177  if (software == NULL || b_len == 0) {
178  return LuaCallbackError(luastate, "error: no client software version");
179  }
180 
181  return LuaPushStringBuffer(luastate, software, b_len);
182 }
183 
184 static int SshGetClientSoftwareVersion(lua_State *luastate)
185 {
186  int r;
187 
188  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
189  return LuaCallbackError(luastate, "error: protocol not ssh");
190 
191  Flow *f = LuaStateGetFlow(luastate);
192  if (f == NULL)
193  return LuaCallbackError(luastate, "internal error: no flow");
194 
195  r = GetClientSoftwareVersion(luastate, f);
196 
197  return r;
198 }
199 
200 /** \brief register ssh lua extensions in a luastate */
201 int LuaRegisterSshFunctions(lua_State *luastate)
202 {
203  /* registration of the callbacks */
204  lua_pushcfunction(luastate, SshGetServerProtoVersion);
205  lua_setglobal(luastate, "SshGetServerProtoVersion");
206 
207  lua_pushcfunction(luastate, SshGetServerSoftwareVersion);
208  lua_setglobal(luastate, "SshGetServerSoftwareVersion");
209 
210  lua_pushcfunction(luastate, SshGetClientProtoVersion);
211  lua_setglobal(luastate, "SshGetClientProtoVersion");
212 
213  lua_pushcfunction(luastate, SshGetClientSoftwareVersion);
214  lua_setglobal(luastate, "SshGetClientSoftwareVersion");
215 
216  return 0;
217 }
218 
219 #endif /* HAVE_LUA */
tm-threads.h
util-lua-ssh.h
app-layer-ssh.h
util-lua-common.h
util-lua.h
threads.h
Flow_
Flow data structure.
Definition: flow.h:347
rust.h
util-privs.h
ALPROTO_SSH
@ ALPROTO_SSH
Definition: app-layer-protos.h:34
util-unittest.h
protocol
uint16_t protocol
Definition: decode-ppp.h:2
util-debug.h
util-print.h
detect.h
pkt-var.h
util-time.h
app-layer-parser.h
conf.h
util-proto-name.h
suricata-common.h
lua_State
void lua_State
Definition: suricata-common.h:495
threadvars.h
util-logopenfile.h
util-buffer.h
output.h
app-layer.h