OpenVAS Scanner  7.0.1~git
nasl_smb.c File Reference

API for NASL built-in SMB access focussing effective file rights. More...

#include "nasl_smb.h"
#include "../misc/plugutils.h"
#include "openvas_smb_interface.h"
#include <arpa/inet.h>
#include <errno.h>
#include <gvm/base/logging.h>
#include <gvm/base/networking.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
Include dependency graph for nasl_smb.c:

Go to the source code of this file.

Macros

#define IMPORT(var)   char *var = get_str_var_by_name (lexic, #var)
 
#define G_LOG_DOMAIN   "lib nasl"
 GLib logging domain. More...
 

Functions

tree_cellnasl_smb_versioninfo (lex_ctxt *lexic)
 Get a version string of the SMB implementation. More...
 
tree_cellnasl_smb_connect (lex_ctxt *lexic)
 Connect to SMB service and return a handle for it. More...
 
tree_cellnasl_smb_close (lex_ctxt *lexic)
 Close SMB service handle. More...
 
tree_cellnasl_smb_file_SDDL (lex_ctxt *lexic)
 Obtain Security Descriptor in SDDL format. More...
 
tree_cellnasl_smb_file_owner_sid (lex_ctxt *lexic)
 Obtain File Owner SID. More...
 
tree_cellnasl_smb_file_group_sid (lex_ctxt *lexic)
 Obtain File Group SID. More...
 
tree_cellnasl_smb_file_trustee_rights (lex_ctxt *lexic)
 Obtain File Trustee SID with Access Mask. More...
 
tree_cellnasl_win_cmd_exec (lex_ctxt *lexic)
 Execute the command in windows. More...
 

Detailed Description

API for NASL built-in SMB access focussing effective file rights.

Provides SMB API as built-in functions to NASL via calling corresponding functions of a appropriate library. The focus is on effective files rights which can't be retrieved via WMI.

Definition in file nasl_smb.c.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib nasl"

GLib logging domain.

Definition at line 51 of file nasl_smb.c.

◆ IMPORT

#define IMPORT (   var)    char *var = get_str_var_by_name (lexic, #var)

Definition at line 45 of file nasl_smb.c.

Referenced by nasl_win_cmd_exec().

Function Documentation

◆ nasl_smb_close()

tree_cell* nasl_smb_close ( lex_ctxt lexic)

Close SMB service handle.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of a serious problem. Else returns a treecell with integer == 1.

Retrieves local variable "smb_handle" from the lexical context and closes the respective handle.

Definition at line 145 of file nasl_smb.c.

References alloc_typed_cell(), CONST_INT, get_int_var_by_name(), TC::i_val, smb_close(), and TC::x.

146 {
147  SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
148  int ret;
149  tree_cell *retc;
150 
151  retc = alloc_typed_cell (CONST_INT);
152 
153  ret = smb_close (handle);
154  if (ret == 0)
155  {
156  retc->x.i_val = 1;
157  return retc;
158  }
159  else
160  return NULL;
161 }
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Definition: nasl_tree.h:104
union TC::@2 x
long int SMB_HANDLE
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1113
int smb_close(SMB_HANDLE)
Close the connection handle for SMB service.
long int i_val
Definition: nasl_tree.h:113
Here is the call graph for this function:

◆ nasl_smb_connect()

tree_cell* nasl_smb_connect ( lex_ctxt lexic)

Connect to SMB service and return a handle for it.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case the connection could not be established. Else a tree_cell with the handle.

Retrieves local variables "host", "username", "password" and "share" from the lexical context, performs and connects to this given SMB service returning a handle for the service as integer.

Definition at line 90 of file nasl_smb.c.

References alloc_typed_cell(), CONST_INT, get_str_var_by_name(), TC::i_val, plug_get_host_ip(), struct_lex_ctxt::script_infos, smb_connect(), and TC::x.

91 {
92  struct script_infos *script_infos = lexic->script_infos;
93  struct in6_addr *host = plug_get_host_ip (script_infos);
94  char *ip;
95  char *username = get_str_var_by_name (lexic, "username");
96  char *password = get_str_var_by_name (lexic, "password");
97  char *share = get_str_var_by_name (lexic, "share");
98 
99  tree_cell *retc;
100  SMB_HANDLE handle;
101  int value;
102 
103  if ((host == NULL) || (username == NULL) || (password == NULL)
104  || (share == NULL))
105  {
106  g_message ("nasl_smb_connect: Invalid input arguments");
107  return NULL;
108  }
109 
110  ip = addr6_as_str (host);
111  if ((strlen (password) == 0) || (strlen (username) == 0) || (strlen (ip) == 0)
112  || (strlen (share) == 0))
113  {
114  g_message ("nasl_smb_connect: Invalid input arguments");
115  g_free (ip);
116  return NULL;
117  }
118 
119  retc = alloc_typed_cell (CONST_INT);
120  value = smb_connect (ip, share, username, password, &handle);
121  g_free (ip);
122 
123  if (value == -1)
124  {
125  g_message ("nasl_smb_connect: SMB Connect failed");
126  return NULL;
127  }
128 
129  retc->x.i_val = handle;
130  return retc;
131 }
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:41
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1127
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Host information, implemented as doubly linked list.
Definition: hosts.c:47
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:285
Definition: nasl_tree.h:104
union TC::@2 x
long int SMB_HANDLE
long int i_val
Definition: nasl_tree.h:113
int smb_connect(const char *, const char *, const char *, const char *, SMB_HANDLE *)
Establish connection to a SMB service.
Here is the call graph for this function:

◆ nasl_smb_file_group_sid()

tree_cell* nasl_smb_file_group_sid ( lex_ctxt lexic)

Obtain File Group SID.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with Group SID string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 261 of file nasl_smb.c.

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_GroupSID(), TC::str_val, and TC::x.

262 {
263  SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
264  char *filename = get_str_var_by_name (lexic, "filename");
265 
266  if (!filename)
267  {
268  g_message ("smb_file_group_sid failed: Invalid filename");
269  return NULL;
270  }
271 
272  if (!handle)
273  {
274  g_message ("smb_file_group_sid failed: Invalid smb_handle");
275  return NULL;
276  }
277 
278  tree_cell *retc;
279  char *buffer;
280 
281  buffer = smb_file_GroupSID (handle, filename);
282 
283  if (buffer == NULL)
284  return NULL;
285 
286  retc = alloc_typed_cell (CONST_DATA);
287  retc->size = strlen (buffer);
288  retc->x.str_val = strdup (buffer);
289  return retc;
290 }
char * str_val
Definition: nasl_tree.h:112
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1127
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Definition: nasl_tree.h:104
union TC::@2 x
long int SMB_HANDLE
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1113
char * smb_file_GroupSID(SMB_HANDLE, const char *)
Obtain the SID of the Group for a given file/path.
int size
Definition: nasl_tree.h:109
Here is the call graph for this function:

◆ nasl_smb_file_owner_sid()

tree_cell* nasl_smb_file_owner_sid ( lex_ctxt lexic)

Obtain File Owner SID.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with Owner SID string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 218 of file nasl_smb.c.

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_OwnerSID(), TC::str_val, and TC::x.

219 {
220  SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
221  char *filename = get_str_var_by_name (lexic, "filename");
222 
223  if (!filename)
224  {
225  g_message ("smb_file_owner_sid failed: Invalid filename");
226  return NULL;
227  }
228 
229  if (!handle)
230  {
231  g_message ("smb_file_owner_sid failed: Invalid smb_handle");
232  return NULL;
233  }
234 
235  tree_cell *retc;
236  char *buffer;
237 
238  buffer = smb_file_OwnerSID (handle, filename);
239 
240  if (buffer == NULL)
241  return NULL;
242 
243  retc = alloc_typed_cell (CONST_DATA);
244  retc->size = strlen (buffer);
245  retc->x.str_val = strdup (buffer);
246  return retc;
247 }
char * str_val
Definition: nasl_tree.h:112
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1127
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Definition: nasl_tree.h:104
union TC::@2 x
long int SMB_HANDLE
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1113
char * smb_file_OwnerSID(SMB_HANDLE, const char *)
Obtain the SID of the Owner for a given file/path.
int size
Definition: nasl_tree.h:109
Here is the call graph for this function:

◆ nasl_smb_file_SDDL()

tree_cell* nasl_smb_file_SDDL ( lex_ctxt lexic)

Obtain Security Descriptor in SDDL format.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with SDDL string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 175 of file nasl_smb.c.

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_SDDL(), TC::str_val, and TC::x.

176 {
177  SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
178  char *filename = get_str_var_by_name (lexic, "filename");
179 
180  if (!filename)
181  {
182  g_message ("smb_file_SDDL failed: Invalid filename");
183  return NULL;
184  }
185 
186  if (!handle)
187  {
188  g_message ("smb_file_SDDL failed: Invalid smb_handle");
189  return NULL;
190  }
191 
192  tree_cell *retc;
193  char *buffer = NULL;
194 
195  buffer = smb_file_SDDL (handle, filename);
196 
197  if (buffer == NULL)
198  return NULL;
199 
200  retc = alloc_typed_cell (CONST_DATA);
201  retc->size = strlen (buffer);
202  retc->x.str_val = strdup (buffer);
203  return retc;
204 }
char * str_val
Definition: nasl_tree.h:112
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1127
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Definition: nasl_tree.h:104
union TC::@2 x
long int SMB_HANDLE
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1113
char * smb_file_SDDL(SMB_HANDLE, const char *)
Obtain Windows file rights in SDDL format.
int size
Definition: nasl_tree.h:109
Here is the call graph for this function:

◆ nasl_smb_file_trustee_rights()

tree_cell* nasl_smb_file_trustee_rights ( lex_ctxt lexic)

Obtain File Trustee SID with Access Mask.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with Trustee SID and Access Mask string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 304 of file nasl_smb.c.

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_TrusteeRights(), TC::str_val, and TC::x.

305 {
306  SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
307  char *filename = get_str_var_by_name (lexic, "filename");
308 
309  if (!filename)
310  {
311  g_message ("smb_file_trustee_rights failed: Invalid filename");
312  return NULL;
313  }
314 
315  if (!handle)
316  {
317  g_message ("smb_file_trustee_rights failed: Invalid smb_handle");
318  return NULL;
319  }
320 
321  tree_cell *retc;
322  char *buffer;
323 
324  buffer = smb_file_TrusteeRights (handle, filename);
325 
326  if (buffer == NULL)
327  return NULL;
328 
329  retc = alloc_typed_cell (CONST_DATA);
330  retc->size = strlen (buffer);
331  retc->x.str_val = strdup (buffer);
332  return retc;
333 }
char * str_val
Definition: nasl_tree.h:112
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1127
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Definition: nasl_tree.h:104
union TC::@2 x
long int SMB_HANDLE
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1113
char * smb_file_TrusteeRights(SMB_HANDLE, const char *)
Obtain the Trustee SID and their rights for a given file/path.
int size
Definition: nasl_tree.h:109
Here is the call graph for this function:

◆ nasl_smb_versioninfo()

tree_cell* nasl_smb_versioninfo ( lex_ctxt lexic)

Get a version string of the SMB implementation.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case no implementation is present. Else a tree_cell with the version as string.

Definition at line 62 of file nasl_smb.c.

References alloc_typed_cell(), CONST_DATA, TC::size, smb_versioninfo(), TC::str_val, and TC::x.

63 {
64  char *version = smb_versioninfo ();
65  tree_cell *retc;
66  (void) lexic;
67 
68  if (!version)
69  return NULL;
70 
72  retc->x.str_val = strdup (version);
73  retc->size = strlen (version);
74  return retc;
75 }
char * smb_versioninfo(void)
Return version info for SMB implementation.
char * str_val
Definition: nasl_tree.h:112
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Definition: nasl_tree.h:104
union TC::@2 x
int size
Definition: nasl_tree.h:109
Here is the call graph for this function:

◆ nasl_win_cmd_exec()

tree_cell* nasl_win_cmd_exec ( lex_ctxt lexic)

Execute the command in windows.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL if the query fails. Else a tree_cell with the command execution result.

Retrieves local variables "cmd" from the lexical context, performs the windows command execution operation returning the result.

Definition at line 349 of file nasl_smb.c.

References alloc_typed_cell(), CONST_DATA, IMPORT, plug_get_host_ip(), struct_lex_ctxt::script_infos, TC::size, TC::str_val, and TC::x.

350 {
351  struct script_infos *script_infos = lexic->script_infos;
352  struct in6_addr *host = plug_get_host_ip (script_infos);
353  char *ip, *argv[4], *unicode, target[2048], *c;
354  tree_cell *retc;
355  GString *string = NULL;
356  int sout, ret;
357  GError *err = NULL;
358 
359  IMPORT (username);
360  IMPORT (password);
361  IMPORT (cmd);
362 
363  if ((host == NULL) || (username == NULL) || (password == NULL)
364  || (cmd == NULL))
365  {
366  g_message ("win_cmd_exec: Invalid input arguments");
367  return NULL;
368  }
369 
370  ip = addr6_as_str (host);
371  if ((strlen (password) == 0) || (strlen (username) == 0) || strlen (ip) == 0)
372  {
373  g_message ("win_cmd_exec: Invalid input arguments");
374  g_free (ip);
375  return NULL;
376  }
377 
378  /* wmiexec.py uses domain/username format. */
379  if ((c = strchr (username, '\\')))
380  *c = '/';
381  argv[0] = "impacket-wmiexec";
382  snprintf (target, sizeof (target), "%s:%s@%s", username, password, ip);
383  argv[1] = target;
384  argv[2] = cmd;
385  argv[3] = NULL;
386  ret = g_spawn_async_with_pipes (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL,
387  NULL, NULL, NULL, &sout, NULL, &err);
388  g_free (ip);
389  if (ret == FALSE)
390  {
391  g_warning ("win_cmd_exec: %s", err ? err->message : "Error");
392  if (err)
393  g_error_free (err);
394  return NULL;
395  }
396 
397  string = g_string_new ("");
398  while (1)
399  {
400  char buf[4096];
401  size_t bytes;
402 
403  bytes = read (sout, buf, sizeof (buf));
404  if (!bytes)
405  break;
406  else if (bytes > 0)
407  g_string_append_len (string, buf, bytes);
408  else
409  {
410  g_warning ("win_cmd_exec: %s", strerror (errno));
411  g_string_free (string, TRUE);
412  close (sout);
413  return NULL;
414  }
415  }
416  close (sout);
417 
418  if (g_str_has_prefix (string->str, "[-]"))
419  {
420  g_warning ("win_cmd_exec: %s", string->str);
421  g_string_free (string, TRUE);
422  return NULL;
423  }
424  else if ((unicode = strstr (string->str, "\xff\xfe")))
425  {
426  /* UTF-16 case. */
427  size_t length, diff;
428  GError *err = NULL;
429  char *tmp;
430 
431  diff = unicode - string->str + 1;
432  tmp = g_convert (unicode + 2, string->len - diff, "UTF-8", "UTF-16", NULL,
433  &length, &err);
434  if (!tmp)
435  {
436  g_warning ("win_cmd_exec: %s", err->message);
437  g_string_free (string, TRUE);
438  g_error_free (err);
439  return NULL;
440  }
441  g_free (string->str);
442  string->len = length;
443  string->str = tmp;
444  }
445 
446  retc = alloc_typed_cell (CONST_DATA);
447  retc->x.str_val = string->str;
448  retc->size = string->len;
449  return retc;
450 }
char * str_val
Definition: nasl_tree.h:112
#define IMPORT(var)
Definition: nasl_smb.c:45
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:41
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
Host information, implemented as doubly linked list.
Definition: hosts.c:47
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:285
Definition: nasl_tree.h:104
union TC::@2 x
int size
Definition: nasl_tree.h:109
Here is the call graph for this function: