OpenVAS Libraries
9.0.3
|
Implementation of an API for SSH functions. More...
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/types.h>
#include <stdlib.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <glib.h>
#include <glib/gstdio.h>
#include "nasl_tree.h"
#include "nasl_global_ctxt.h"
#include "nasl_func.h"
#include "nasl_var.h"
#include "nasl_lex_ctxt.h"
#include "exec.h"
#include "../misc/plugutils.h"
#include "../base/kb.h"
#include "nasl_debug.h"
#include "../misc/network.h"
#include "../misc/openvas_logging.h"
#include "../misc/prefs.h"
#include "../misc/openvas_ssh.h"
#include "nasl_ssh.h"
Go to the source code of this file.
Data Structures | |
struct | session_table_item_s |
Macros | |
#define | DIM(v) (sizeof(v)/sizeof((v)[0])) |
#define | DIMof(type, member) DIM(((type *)0)->member) |
#define | MAX_SSH_SESSIONS 10 |
Functions | |
tree_cell * | nasl_ssh_connect (lex_ctxt *lexic) |
Connect to the target host via TCP and setup an ssh connection. More... | |
tree_cell * | nasl_ssh_disconnect (lex_ctxt *lexic) |
Disconnect an ssh connection. More... | |
tree_cell * | nasl_ssh_session_id_from_sock (lex_ctxt *lexic) |
Given a socket, return the corresponding session id. More... | |
tree_cell * | nasl_ssh_get_sock (lex_ctxt *lexic) |
Given a session id, return the corresponding socket. More... | |
tree_cell * | nasl_ssh_set_login (lex_ctxt *lexic) |
Set the login name for the authentication. More... | |
tree_cell * | nasl_ssh_userauth (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_login_interactive (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_login_interactive_pass (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_request_exec (lex_ctxt *lexic) |
Run a command via ssh. More... | |
tree_cell * | nasl_ssh_get_issue_banner (lex_ctxt *lexic) |
Get the issue banner. More... | |
tree_cell * | nasl_ssh_get_server_banner (lex_ctxt *lexic) |
Get the server banner. More... | |
tree_cell * | nasl_ssh_get_host_key (lex_ctxt *lexic) |
Get the host key. More... | |
tree_cell * | nasl_ssh_get_auth_methods (lex_ctxt *lexic) |
Get the list of authmethods. More... | |
tree_cell * | nasl_ssh_shell_open (lex_ctxt *lexic) |
Request an ssh shell. More... | |
tree_cell * | nasl_ssh_shell_read (lex_ctxt *lexic) |
Read the output of an ssh shell. More... | |
tree_cell * | nasl_ssh_shell_write (lex_ctxt *lexic) |
Write string to ssh shell. More... | |
tree_cell * | nasl_ssh_shell_close (lex_ctxt *lexic) |
Close an ssh shell. More... | |
Variables | |
int | lowest_socket |
Implementation of an API for SSH functions.
This file contains the implementaion of the Secure Shell related NASL builtin functions. They are only available if build with libssh support.
Definition in file nasl_ssh.c.
#define DIM | ( | v | ) | (sizeof(v)/sizeof((v)[0])) |
Definition at line 71 of file nasl_ssh.c.
#define DIMof | ( | type, | |
member | |||
) | DIM(((type *)0)->member) |
Definition at line 72 of file nasl_ssh.c.
#define MAX_SSH_SESSIONS 10 |
Definition at line 122 of file nasl_ssh.c.
Connect to the target host via TCP and setup an ssh connection.
If the named argument "socket" is given, that socket will be used instead of a creating a new TCP connection. If socket is not given or 0, the port is looked up in the preferences and the KB unless overriden by the named parameter "port".
On success an ssh session to the host has been established; the caller may then run an authentication function. If the connection is no longer needed, ssh_disconnect may be used to disconnect and close the socket.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 486 of file nasl_ssh.c.
References get_int_local_var_by_name().
Disconnect an ssh connection.
This function takes the ssh session id (as returned by ssh_connect) as its only unnamed argument. Passing 0 as session id is explicitly allowed and does nothing. If there are any open channels they are closed as well and their ids will be marked as invalid.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 737 of file nasl_ssh.c.
References get_int_var_by_num().
Get the list of authmethods.
The function returns a string with comma separated authentication methods. This is basically the same as returned by SSH_MSG_USERAUTH_FAILURE protocol element; however, it has been screened and put into a definitive order.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1863 of file nasl_ssh.c.
References get_int_var_by_num().
Get the host key.
The function returns a string with the MD5 host key. *
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1819 of file nasl_ssh.c.
References get_int_var_by_num().
Get the issue banner.
The function returns a string with the issue banner. This is usually displayed before authentication.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1723 of file nasl_ssh.c.
References get_int_var_by_num().
Get the server banner.
The function returns a string with the server banner. This is usually the first data sent by the server.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1774 of file nasl_ssh.c.
References get_int_var_by_num().
Given a session id, return the corresponding socket.
The socket is either a native file descriptor or a NASL connection socket (if a open socket was passed to ssh_connect). The NASL network code handles both of them.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 844 of file nasl_ssh.c.
References get_int_var_by_num().
Authenticate a user on an ssh connection.
The function starts the authentication process and pauses it when it finds the first non-echo prompt. The function expects the session id as its first unnamed argument. The first time this function is called for a session id, the named argument "login" is also expected.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1275 of file nasl_ssh.c.
References get_int_var_by_num().
Authenticate a user on an ssh connection.
The function finishes the authentication process started by ssh_login_interactive. The function expects the session id as its first unnamed argument.
To finish the password, the named argument "password" must contain a password.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1387 of file nasl_ssh.c.
References get_int_var_by_num().
Run a command via ssh.
The function opens a channel to the remote end and ask it to execute a command. The output of the command is then returned as a data block. The first unnamed argument is the session id. The command itself is expected as string in the named argument "cmd".
Regarding the handling of the stderr and stdout stream, this function may be used in different modes.
If either the named arguments stdout or stderr are given and that one is set to 1, only the output of the specified stream is returned.
If stdout and stderr are both given and set to 1, the output of both is returned interleaved. NOTE: The following feature has not yet been implemented: The output is guaranteed not to switch between stderr and stdout within a line.
If stdout and stderr are both given but set to 0, a special backward compatibility mode is used: First all output to stderr is collected up until any output to stdout is received. Then all output to stdout is returned while ignoring all further stderr output; at EOF the initial collected data from stderr is returned.
If the named parameters stdout and stderr are not given, the function acts exactly as if only stdout has been set to 1.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1603 of file nasl_ssh.c.
References get_int_var_by_num().
Given a socket, return the corresponding session id.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 802 of file nasl_ssh.c.
References DIM, and get_int_var_by_num().
Set the login name for the authentication.
This is an optional function and usuallay not required. However, if you want to get the banner before starting the authentication, you need to tell libssh the user because it is often not possible to chnage the user after the first call to an authentication methods - getting the banner usees an authntication function.
The named argument "login" is used for the login name; it defaults the KB entry "Secret/SSH/login". It should contain the user name to login. Given that many servers don't allow changing the login for an established connection, the "login" parameter is silently ignored on all further calls.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 956 of file nasl_ssh.c.
References get_int_var_by_num().
Close an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 2118 of file nasl_ssh.c.
References get_int_var_by_num().
Request an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1951 of file nasl_ssh.c.
References get_int_var_by_num().
Read the output of an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 2033 of file nasl_ssh.c.
References get_int_var_by_num().
Write string to ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 2070 of file nasl_ssh.c.
References get_int_var_by_num().
Authenticate a user on an ssh connection.
The function expects the session id as its first unnamed argument. The first time this function is called for a session id, the named argument "login" is also expected; it defaults the KB entry "Secret/SSH/login". It should contain the user name to login. Given that many servers don't allow changing the login for an established connection, the "login" parameter is silently ignored on all further calls.
To perform a password based authentication, the named argument "password" must contain a password.
To perform a public key based authentication, the named argument "privatekey" must contain a base64 encoded private key in ssh native or in PKCS#8 format.
If both, "password" and "privatekey" are given as named arguments only "password" is used. If neither are given the values are taken from the KB ("Secret/SSH/password" and "Secret/SSH/privatekey") and tried in the order {password, privatekey}. Note well, that if one of the named arguments are given, only those are used and the KB is not consulted.
If the private key is protected, its passphrase is taken from the named argument "passphrase" or, if not given, taken from the KB ("Secret/SSH/passphrase").
Note that the named argument "publickey" and the KB item ("Secret/SSH/publickey") are ignored - they are not longer required because they can be derived from the private key.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1047 of file nasl_ssh.c.
References get_int_var_by_num().
int lowest_socket |
Definition at line 223 of file nasl_socket.c.
Referenced by nasl_open_sock_udp().