suricata
util-lua-ssh.c
Go to the documentation of this file.
1 /* Copyright (C) 2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 
19 /**
20  * \file
21  *
22  * \author Mats Klepsland <mats.klepsland@gmail.com>
23  *
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "pkt-var.h"
29 #include "conf.h"
30 
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 
35 #include "util-print.h"
36 #include "util-unittest.h"
37 
38 #include "util-debug.h"
39 
40 #include "output.h"
41 #include "app-layer.h"
42 #include "app-layer-parser.h"
43 #include "app-layer-ssh.h"
44 #include "util-privs.h"
45 #include "util-buffer.h"
46 #include "util-proto-name.h"
47 #include "util-logopenfile.h"
48 #include "util-time.h"
49 #include "rust.h"
50 
51 #include "lua.h"
52 #include "lualib.h"
53 #include "lauxlib.h"
54 
55 #include "util-lua.h"
56 #include "util-lua-common.h"
57 #include "util-lua-ssh.h"
58 
59 static int GetServerProtoVersion(lua_State *luastate, const Flow *f)
60 {
61  void *state = FlowGetAppState(f);
62  if (state == NULL)
63  return LuaCallbackError(luastate, "error: no app layer state");
64  const uint8_t *protocol = NULL;
65  uint32_t b_len = 0;
66 
67  void *tx = rs_ssh_state_get_tx(state, 0);
68  if (rs_ssh_tx_get_protocol(tx, &protocol, &b_len, STREAM_TOCLIENT) != 1)
69  return LuaCallbackError(luastate, "error: no server proto version");
70  if (protocol == NULL || b_len == 0) {
71  return LuaCallbackError(luastate, "error: no server proto version");
72  }
73 
74  return LuaPushStringBuffer(luastate, protocol, b_len);
75 }
76 
77 static int SshGetServerProtoVersion(lua_State *luastate)
78 {
79  int r;
80 
81  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
82  return LuaCallbackError(luastate, "error: protocol not ssh");
83 
84  Flow *f = LuaStateGetFlow(luastate);
85  if (f == NULL)
86  return LuaCallbackError(luastate, "internal error: no flow");
87 
88  r = GetServerProtoVersion(luastate, f);
89 
90  return r;
91 }
92 
93 static int GetServerSoftwareVersion(lua_State *luastate, const Flow *f)
94 {
95  void *state = FlowGetAppState(f);
96  if (state == NULL)
97  return LuaCallbackError(luastate, "error: no app layer state");
98 
99  const uint8_t *software = NULL;
100  uint32_t b_len = 0;
101 
102  void *tx = rs_ssh_state_get_tx(state, 0);
103  if (rs_ssh_tx_get_software(tx, &software, &b_len, STREAM_TOCLIENT) != 1)
104  return LuaCallbackError(luastate, "error: no server software version");
105  if (software == NULL || b_len == 0) {
106  return LuaCallbackError(luastate, "error: no server software version");
107  }
108 
109  return LuaPushStringBuffer(luastate, software, b_len);
110 }
111 
112 static int SshGetServerSoftwareVersion(lua_State *luastate)
113 {
114  int r;
115 
116  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
117  return LuaCallbackError(luastate, "error: protocol not ssh");
118 
119  Flow *f = LuaStateGetFlow(luastate);
120  if (f == NULL)
121  return LuaCallbackError(luastate, "internal error: no flow");
122 
123  r = GetServerSoftwareVersion(luastate, f);
124 
125  return r;
126 }
127 
128 static int GetClientProtoVersion(lua_State *luastate, const Flow *f)
129 {
130  void *state = FlowGetAppState(f);
131  if (state == NULL)
132  return LuaCallbackError(luastate, "error: no app layer state");
133 
134  const uint8_t *protocol = NULL;
135  uint32_t b_len = 0;
136 
137  void *tx = rs_ssh_state_get_tx(state, 0);
138  if (rs_ssh_tx_get_protocol(tx, &protocol, &b_len, STREAM_TOSERVER) != 1)
139  return LuaCallbackError(luastate, "error: no client proto version");
140  if (protocol == NULL || b_len == 0) {
141  return LuaCallbackError(luastate, "error: no client proto version");
142  }
143 
144  return LuaPushStringBuffer(luastate, protocol, b_len);
145 }
146 
147 static int SshGetClientProtoVersion(lua_State *luastate)
148 {
149  int r;
150 
151  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
152  return LuaCallbackError(luastate, "error: protocol not ssh");
153 
154  Flow *f = LuaStateGetFlow(luastate);
155  if (f == NULL)
156  return LuaCallbackError(luastate, "internal error: no flow");
157 
158  r = GetClientProtoVersion(luastate, f);
159 
160  return r;
161 }
162 
163 static int GetClientSoftwareVersion(lua_State *luastate, const Flow *f)
164 {
165  void *state = FlowGetAppState(f);
166  if (state == NULL)
167  return LuaCallbackError(luastate, "error: no app layer state");
168 
169  const uint8_t *software = NULL;
170  uint32_t b_len = 0;
171 
172  void *tx = rs_ssh_state_get_tx(state, 0);
173  if (rs_ssh_tx_get_software(tx, &software, &b_len, STREAM_TOSERVER) != 1)
174  return LuaCallbackError(luastate, "error: no client software version");
175  if (software == NULL || b_len == 0) {
176  return LuaCallbackError(luastate, "error: no client software version");
177  }
178 
179  return LuaPushStringBuffer(luastate, software, b_len);
180 }
181 
182 static int SshGetClientSoftwareVersion(lua_State *luastate)
183 {
184  int r;
185 
186  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
187  return LuaCallbackError(luastate, "error: protocol not ssh");
188 
189  Flow *f = LuaStateGetFlow(luastate);
190  if (f == NULL)
191  return LuaCallbackError(luastate, "internal error: no flow");
192 
193  r = GetClientSoftwareVersion(luastate, f);
194 
195  return r;
196 }
197 
198 /** \brief register ssh lua extensions in a luastate */
199 int LuaRegisterSshFunctions(lua_State *luastate)
200 {
201  /* registration of the callbacks */
202  lua_pushcfunction(luastate, SshGetServerProtoVersion);
203  lua_setglobal(luastate, "SshGetServerProtoVersion");
204 
205  lua_pushcfunction(luastate, SshGetServerSoftwareVersion);
206  lua_setglobal(luastate, "SshGetServerSoftwareVersion");
207 
208  lua_pushcfunction(luastate, SshGetClientProtoVersion);
209  lua_setglobal(luastate, "SshGetClientProtoVersion");
210 
211  lua_pushcfunction(luastate, SshGetClientSoftwareVersion);
212  lua_setglobal(luastate, "SshGetClientSoftwareVersion");
213 
214  return 0;
215 }
tm-threads.h
util-lua-ssh.h
app-layer-ssh.h
util-lua-common.h
util-lua.h
LuaCallbackError
int LuaCallbackError(lua_State *luastate, const char *msg)
Definition: util-lua-common.c:59
threads.h
Flow_
Flow data structure.
Definition: flow.h:356
LuaRegisterSshFunctions
int LuaRegisterSshFunctions(lua_State *luastate)
register ssh lua extensions in a luastate
Definition: util-lua-ssh.c:199
rust.h
util-privs.h
ALPROTO_SSH
@ ALPROTO_SSH
Definition: app-layer-protos.h:34
util-unittest.h
lua_State
struct lua_State lua_State
Definition: suricata-common.h:506
protocol
uint16_t protocol
Definition: decode-ppp.h:2
util-debug.h
util-print.h
detect.h
pkt-var.h
util-time.h
app-layer-parser.h
conf.h
util-proto-name.h
suricata-common.h
threadvars.h
util-logopenfile.h
util-buffer.h
LuaStateGetFlow
Flow * LuaStateGetFlow(lua_State *luastate)
get flow pointer from lua state
Definition: util-lua.c:161
LuaStateNeedProto
int LuaStateNeedProto(lua_State *luastate, AppProto alproto)
Definition: util-lua-common.c:995
output.h
LuaPushStringBuffer
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
Definition: util-lua.c:319
app-layer.h