OpenVAS Scanner
7.0.1~git
|
Protos and data structures for SSH functions used by NASL scripts. More...
Go to the source code of this file.
Functions | |
tree_cell * | nasl_ssh_connect (lex_ctxt *lexic) |
Connect to the target host via TCP and setup an ssh connection. More... | |
tree_cell * | nasl_ssh_disconnect (lex_ctxt *lexic) |
Disconnect an ssh connection. More... | |
tree_cell * | nasl_ssh_session_id_from_sock (lex_ctxt *lexic) |
Given a socket, return the corresponding session id. More... | |
tree_cell * | nasl_ssh_get_sock (lex_ctxt *lexic) |
Given a session id, return the corresponding socket. More... | |
tree_cell * | nasl_ssh_set_login (lex_ctxt *lexic) |
Set the login name for the authentication. More... | |
tree_cell * | nasl_ssh_userauth (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_request_exec (lex_ctxt *lexic) |
Run a command via ssh. More... | |
tree_cell * | nasl_ssh_shell_open (lex_ctxt *lexic) |
Request an ssh shell. More... | |
tree_cell * | nasl_ssh_shell_read (lex_ctxt *lexic) |
Read the output of an ssh shell. More... | |
tree_cell * | nasl_ssh_shell_write (lex_ctxt *lexic) |
Write string to ssh shell. More... | |
tree_cell * | nasl_ssh_shell_close (lex_ctxt *lexic) |
Close an ssh shell. More... | |
tree_cell * | nasl_ssh_login_interactive (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_login_interactive_pass (lex_ctxt *lexic) |
Authenticate a user on an ssh connection. More... | |
tree_cell * | nasl_ssh_exec (lex_ctxt *) |
tree_cell * | nasl_ssh_get_issue_banner (lex_ctxt *lexic) |
Get the issue banner. More... | |
tree_cell * | nasl_ssh_get_server_banner (lex_ctxt *lexic) |
Get the server banner. More... | |
tree_cell * | nasl_ssh_get_auth_methods (lex_ctxt *lexic) |
Get the list of authmethods. More... | |
tree_cell * | nasl_ssh_get_host_key (lex_ctxt *lexic) |
Get the host key. More... | |
Protos and data structures for SSH functions used by NASL scripts.
This file contains the protos for nasl_ssh.c
Definition in file nasl_ssh.h.
Connect to the target host via TCP and setup an ssh connection.
If the named argument "socket" is given, that socket will be used instead of a creating a new TCP connection. If socket is not given or 0, the port is looked up in the preferences and the KB unless overridden by the named parameter "port".
On success an ssh session to the host has been established; the caller may then run an authentication function. If the connection is no longer needed, ssh_disconnect may be used to disconnect and close the socket.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 235 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods_valid, CONST_INT, DIM, get_int_var_by_name(), get_ssh_port(), get_str_var_by_name(), TC::i_val, lowest_socket, nasl_get_function_name(), nasl_get_plugin_filename(), next_session_id(), openvas_get_socket_from_connection(), plug_get_host_ip(), struct_lex_ctxt::script_infos, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::sock, session_table_item_s::user_set, session_table_item_s::verbose, and TC::x.
Disconnect an ssh connection.
This function takes the ssh session id (as returned by ssh_connect) as its only unnamed argument. Passing 0 as session id is explicitly allowed and does nothing. If there are any open channels they are closed as well and their ids will be marked as invalid.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 491 of file nasl_ssh.c.
References do_nasl_ssh_disconnect(), FAKE_CELL, get_int_var_by_num(), session_table_item_s::session_id, and verify_session_id().
Get the list of authmethods.
The function returns a string with comma separated authentication methods. This is basically the same as returned by SSH_MSG_USERAUTH_FAILURE protocol element; however, it has been screened and put into a definitive order.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1572 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods, session_table_item_s::authmethods_valid, CONST_DATA, g_string_comma_str(), get_authmethods(), get_int_var_by_num(), nasl_ssh_set_login(), session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::user_set, verify_session_id(), and TC::x.
Get the host key.
The function returns a string with the MD5 host key. *
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1528 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_DATA, get_int_var_by_num(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, verify_session_id(), and TC::x.
Get the issue banner.
The function returns a string with the issue banner. This is usually displayed before authentication.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1438 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods_valid, CONST_DATA, get_authmethods(), get_int_var_by_num(), nasl_ssh_set_login(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::user_set, verify_session_id(), and TC::x.
Get the server banner.
The function returns a string with the server banner. This is usually the first data sent by the server.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1487 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_DATA, get_int_var_by_num(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, verify_session_id(), and TC::x.
Given a session id, return the corresponding socket.
The socket is either a native file descriptor or a NASL connection socket (if a open socket was passed to ssh_connect). The NASL network code handles both of them.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 599 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_INT, get_int_var_by_num(), TC::i_val, session_table_item_s::session_id, session_table, session_table_item_s::sock, verify_session_id(), and TC::x.
Authenticate a user on an ssh connection.
The function starts the authentication process and pauses it when it finds the first non-echo prompt. The function expects the session id as its first unnamed argument. The first time this function is called for a session id, the named argument "login" is also expected.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 991 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods, session_table_item_s::authmethods_valid, CONST_DATA, get_authmethods(), get_int_var_by_num(), nasl_ssh_set_login(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::user_set, session_table_item_s::verbose, verify_session_id(), and TC::x.
Authenticate a user on an ssh connection.
The function finishes the authentication process started by ssh_login_interactive. The function expects the session id as its first unnamed argument.
To finish the password, the named argument "password" must contain a password.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1103 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_INT, get_int_var_by_num(), get_str_var_by_name(), TC::i_val, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::verbose, verify_session_id(), and TC::x.
Run a command via ssh.
The function opens a channel to the remote end and ask it to execute a command. The output of the command is then returned as a data block. The first unnamed argument is the session id. The command itself is expected as string in the named argument "cmd".
Regarding the handling of the stderr and stdout stream, this function may be used in different modes.
If either the named arguments stdout or stderr are given and that one is set to 1, only the output of the specified stream is returned.
If stdout and stderr are both given and set to 1, the output of both is returned interleaved. NOTE: The following feature has not yet been implemented: The output is guaranteed not to switch between stderr and stdout within a line.
If stdout and stderr are both given but set to 0, a special backward compatibility mode is used: First all output to stderr is collected up until any output to stdout is received. Then all output to stdout is returned while ignoring all further stderr output; at EOF the initial collected data from stderr is returned.
If the named parameters stdout and stderr are not given, the function acts exactly as if only stdout has been set to 1.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1317 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_DATA, exec_ssh_cmd(), get_int_var_by_name(), get_int_var_by_num(), get_str_var_by_name(), nasl_get_function_name(), nasl_get_plugin_filename(), session_table_item_s::session, session_table_item_s::session_id, session_table, TC::size, TC::str_val, session_table_item_s::verbose, verify_session_id(), and TC::x.
Given a socket, return the corresponding session id.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 556 of file nasl_ssh.c.
References alloc_typed_cell(), CONST_INT, DIM, get_int_var_by_num(), TC::i_val, session_table_item_s::session_id, session_table, session_table_item_s::sock, and TC::x.
Set the login name for the authentication.
This is an optional function and usuallay not required. However, if you want to get the banner before starting the authentication, you need to tell libssh the user because it is often not possible to change the user after the first call to an authentication methods - getting the banner uses an authentication function.
The named argument "login" is used for the login name; it defaults the KB entry "Secret/SSH/login". It should contain the user name to login. Given that many servers don't allow changing the login for an established connection, the "login" parameter is silently ignored on all further calls.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 706 of file nasl_ssh.c.
References FAKE_CELL, get_int_var_by_num(), get_str_var_by_name(), nasl_get_function_name(), nasl_get_plugin_filename(), plug_get_kb(), struct_lex_ctxt::script_infos, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::user_set, and verify_session_id().
Referenced by nasl_ssh_get_auth_methods(), nasl_ssh_get_issue_banner(), nasl_ssh_login_interactive(), and nasl_ssh_userauth().
Close an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1833 of file nasl_ssh.c.
References session_table_item_s::channel, get_int_var_by_num(), session_table_item_s::session_id, session_table, and verify_session_id().
Request an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1661 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::channel, CONST_INT, get_int_var_by_num(), TC::i_val, nasl_get_function_name(), nasl_get_plugin_filename(), request_ssh_shell(), session_table_item_s::session, session_table_item_s::session_id, session_table, verify_session_id(), and TC::x.
Read the output of an ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1746 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::channel, CONST_DATA, get_int_var_by_num(), read_ssh_nonblocking(), session_table_item_s::session_id, session_table, TC::size, TC::str_val, verify_session_id(), and TC::x.
Write string to ssh shell.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 1783 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::channel, CONST_INT, get_int_var_by_num(), get_str_var_by_name(), TC::i_val, nasl_get_function_name(), nasl_get_plugin_filename(), session_table_item_s::session, session_table_item_s::session_id, session_table, verify_session_id(), and TC::x.
Authenticate a user on an ssh connection.
The function expects the session id as its first unnamed argument. The first time this function is called for a session id, the named argument "login" is also expected; it defaults the KB entry "Secret/SSH/login". It should contain the user name to login. Given that many servers don't allow changing the login for an established connection, the "login" parameter is silently ignored on all further calls.
To perform a password based authentication, the named argument "password" must contain a password.
To perform a public key based authentication, the named argument "privatekey" must contain a base64 encoded private key in ssh native or in PKCS#8 format.
If both, "password" and "privatekey" are given as named arguments only "password" is used. If neither are given the values are taken from the KB ("Secret/SSH/password" and "Secret/SSH/privatekey") and tried in the order {password, privatekey}. Note well, that if one of the named arguments are given, only those are used and the KB is not consulted.
If the private key is protected, its passphrase is taken from the named argument "passphrase" or, if not given, taken from the KB ("Secret/SSH/passphrase").
Note that the named argument "publickey" and the KB item ("Secret/SSH/publickey") are ignored - they are not longer required because they can be derived from the private key.
[in] | lexic | Lexical context of NASL interpreter. |
Definition at line 800 of file nasl_ssh.c.
References alloc_typed_cell(), session_table_item_s::authmethods, session_table_item_s::authmethods_valid, CONST_INT, get_authmethods(), get_int_var_by_num(), get_str_var_by_name(), TC::i_val, nasl_ssh_set_login(), plug_get_kb(), struct_lex_ctxt::script_infos, session_table_item_s::session, session_table_item_s::session_id, session_table, session_table_item_s::user_set, session_table_item_s::verbose, verify_session_id(), and TC::x.