OpenVAS Scanner 22.7.9
nasl_smb.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2023 Greenbone AG
2 *
3 * SPDX-License-Identifier: GPL-2.0-or-later
4 */
5
16#include "nasl_smb.h"
17
18#include "../misc/plugutils.h"
19#include "openvas_smb_interface.h"
20
21#include <arpa/inet.h>
22#include <errno.h>
23#include <gvm/base/logging.h>
24#include <gvm/base/networking.h>
25#include <netinet/in.h>
26#include <stdio.h>
27#include <string.h>
28#include <sys/socket.h>
29#include <unistd.h>
30
31#define IMPORT(var) char *var = get_str_var_by_name (lexic, #var)
32
33#undef G_LOG_DOMAIN
37#define G_LOG_DOMAIN "lib nasl"
38
47tree_cell *
48nasl_smb_versioninfo (lex_ctxt *lexic)
49{
50 char *version = smb_versioninfo ();
51 tree_cell *retc;
52 (void) lexic;
53
54 if (!version)
55 return NULL;
56
57 retc = alloc_typed_cell (CONST_DATA);
58 retc->x.str_val = strdup (version);
59 retc->size = strlen (version);
60 return retc;
61}
62
75tree_cell *
76nasl_smb_connect (lex_ctxt *lexic)
77{
78 struct script_infos *script_infos = lexic->script_infos;
79 struct in6_addr *host = plug_get_host_ip (script_infos);
80 char *ip;
81 char *username = get_str_var_by_name (lexic, "username");
82 char *password = get_str_var_by_name (lexic, "password");
83 char *share = get_str_var_by_name (lexic, "share");
84
85 tree_cell *retc;
86 SMB_HANDLE handle;
87 int value;
88
89 if ((host == NULL) || (username == NULL) || (password == NULL)
90 || (share == NULL))
91 {
92 g_message ("nasl_smb_connect: Invalid input arguments");
93 return NULL;
94 }
95
96 ip = addr6_as_str (host);
97 if ((strlen (password) == 0) || (strlen (username) == 0) || (strlen (ip) == 0)
98 || (strlen (share) == 0))
99 {
100 g_message ("nasl_smb_connect: Invalid input arguments");
101 g_free (ip);
102 return NULL;
103 }
104
105 retc = alloc_typed_cell (CONST_INT);
106 value = smb_connect (ip, share, username, password, &handle);
107 g_free (ip);
108
109 if (value == -1)
110 {
111 g_message ("nasl_smb_connect: SMB Connect failed");
112 return NULL;
113 }
114
115 retc->x.i_val = handle;
116 return retc;
117}
118
130tree_cell *
131nasl_smb_close (lex_ctxt *lexic)
132{
133 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
134 int ret;
135 tree_cell *retc;
136
137 retc = alloc_typed_cell (CONST_INT);
138
139 ret = smb_close (handle);
140 if (ret == 0)
141 {
142 retc->x.i_val = 1;
143 return retc;
144 }
145 else
146 return NULL;
147}
148
160tree_cell *
161nasl_smb_file_SDDL (lex_ctxt *lexic)
162{
163 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
164 char *filename = get_str_var_by_name (lexic, "filename");
165
166 if (!filename)
167 {
168 g_message ("smb_file_SDDL failed: Invalid filename");
169 return NULL;
170 }
171
172 if (!handle)
173 {
174 g_message ("smb_file_SDDL failed: Invalid smb_handle");
175 return NULL;
176 }
177
178 tree_cell *retc;
179 char *buffer = NULL;
180
181 buffer = smb_file_SDDL (handle, filename);
182
183 if (buffer == NULL)
184 return NULL;
185
186 retc = alloc_typed_cell (CONST_DATA);
187 retc->size = strlen (buffer);
188 retc->x.str_val = strdup (buffer);
189 return retc;
190}
191
203tree_cell *
204nasl_smb_file_owner_sid (lex_ctxt *lexic)
205{
206 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
207 char *filename = get_str_var_by_name (lexic, "filename");
208
209 if (!filename)
210 {
211 g_message ("smb_file_owner_sid failed: Invalid filename");
212 return NULL;
213 }
214
215 if (!handle)
216 {
217 g_message ("smb_file_owner_sid failed: Invalid smb_handle");
218 return NULL;
219 }
220
221 tree_cell *retc;
222 char *buffer;
223
224 buffer = smb_file_OwnerSID (handle, filename);
225
226 if (buffer == NULL)
227 return NULL;
228
229 retc = alloc_typed_cell (CONST_DATA);
230 retc->size = strlen (buffer);
231 retc->x.str_val = strdup (buffer);
232 return retc;
233}
234
246tree_cell *
247nasl_smb_file_group_sid (lex_ctxt *lexic)
248{
249 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
250 char *filename = get_str_var_by_name (lexic, "filename");
251
252 if (!filename)
253 {
254 g_message ("smb_file_group_sid failed: Invalid filename");
255 return NULL;
256 }
257
258 if (!handle)
259 {
260 g_message ("smb_file_group_sid failed: Invalid smb_handle");
261 return NULL;
262 }
263
264 tree_cell *retc;
265 char *buffer;
266
267 buffer = smb_file_GroupSID (handle, filename);
268
269 if (buffer == NULL)
270 return NULL;
271
272 retc = alloc_typed_cell (CONST_DATA);
273 retc->size = strlen (buffer);
274 retc->x.str_val = strdup (buffer);
275 return retc;
276}
277
289tree_cell *
290nasl_smb_file_trustee_rights (lex_ctxt *lexic)
291{
292 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
293 char *filename = get_str_var_by_name (lexic, "filename");
294
295 if (!filename)
296 {
297 g_message ("smb_file_trustee_rights failed: Invalid filename");
298 return NULL;
299 }
300
301 if (!handle)
302 {
303 g_message ("smb_file_trustee_rights failed: Invalid smb_handle");
304 return NULL;
305 }
306
307 tree_cell *retc;
308 char *buffer;
309
310 buffer = smb_file_TrusteeRights (handle, filename);
311
312 if (buffer == NULL)
313 return NULL;
314
315 retc = alloc_typed_cell (CONST_DATA);
316 retc->size = strlen (buffer);
317 retc->x.str_val = strdup (buffer);
318 return retc;
319}
320
334tree_cell *
335nasl_win_cmd_exec (lex_ctxt *lexic)
336{
337 struct script_infos *script_infos = lexic->script_infos;
338 struct in6_addr *host = plug_get_host_ip (script_infos);
339 char *ip, *argv[4], *unicode, target[2048], *c;
340 tree_cell *retc;
341 GString *string = NULL;
342 int sout, ret;
343 GError *err = NULL;
344
345 IMPORT (username);
346 IMPORT (password);
347 IMPORT (cmd);
348
349 if ((host == NULL) || (username == NULL) || (password == NULL)
350 || (cmd == NULL))
351 {
352 g_message ("win_cmd_exec: Invalid input arguments");
353 return NULL;
354 }
355
356 ip = addr6_as_str (host);
357 if ((strlen (password) == 0) || (strlen (username) == 0) || strlen (ip) == 0)
358 {
359 g_message ("win_cmd_exec: Invalid input arguments");
360 g_free (ip);
361 return NULL;
362 }
363
364 /* wmiexec.py uses domain/username format. */
365 if ((c = strchr (username, '\\')))
366 *c = '/';
367 argv[0] = "impacket-wmiexec";
368 snprintf (target, sizeof (target), "%s:%s@%s", username, password, ip);
369 argv[1] = target;
370 argv[2] = cmd;
371 argv[3] = NULL;
372 ret = g_spawn_async_with_pipes (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL,
373 NULL, NULL, NULL, &sout, NULL, &err);
374 g_free (ip);
375 if (ret == FALSE)
376 {
377 g_warning ("win_cmd_exec: %s", err ? err->message : "Error");
378 if (err)
379 g_error_free (err);
380 return NULL;
381 }
382
383 string = g_string_new ("");
384 while (1)
385 {
386 char buf[4096];
387 size_t bytes;
388
389 bytes = read (sout, buf, sizeof (buf));
390 if (!bytes)
391 break;
392 else if (bytes > 0)
393 g_string_append_len (string, buf, bytes);
394 else
395 {
396 g_warning ("win_cmd_exec: %s", strerror (errno));
397 g_string_free (string, TRUE);
398 close (sout);
399 return NULL;
400 }
401 }
402 close (sout);
403
404 if (g_str_has_prefix (string->str, "[-]"))
405 {
406 g_warning ("win_cmd_exec: %s", string->str);
407 g_string_free (string, TRUE);
408 return NULL;
409 }
410 else if ((unicode = strstr (string->str, "\xff\xfe")))
411 {
412 /* UTF-16 case. */
413 size_t length, diff;
414 err = NULL;
415 char *tmp;
416
417 diff = unicode - string->str + 1;
418 tmp = g_convert (unicode + 2, string->len - diff, "UTF-8", "UTF-16", NULL,
419 &length, &err);
420 if (!tmp)
421 {
422 g_warning ("win_cmd_exec: %s", err->message);
423 g_string_free (string, TRUE);
424 g_error_free (err);
425 return NULL;
426 }
427 g_free (string->str);
428 string->len = length;
429 string->str = tmp;
430 }
431
432 retc = alloc_typed_cell (CONST_DATA);
433 retc->x.str_val = string->str;
434 retc->size = string->len;
435 return retc;
436}
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1118
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1104
length
u_short length
Definition: nasl_packet_forgery.c:4
nasl_smb_file_owner_sid
tree_cell * nasl_smb_file_owner_sid(lex_ctxt *lexic)
Obtain File Owner SID.
Definition: nasl_smb.c:204
nasl_smb_file_SDDL
tree_cell * nasl_smb_file_SDDL(lex_ctxt *lexic)
Obtain Security Descriptor in SDDL format.
Definition: nasl_smb.c:161
nasl_smb_file_trustee_rights
tree_cell * nasl_smb_file_trustee_rights(lex_ctxt *lexic)
Obtain File Trustee SID with Access Mask.
Definition: nasl_smb.c:290
IMPORT
#define IMPORT(var)
Definition: nasl_smb.c:31
nasl_smb_versioninfo
tree_cell * nasl_smb_versioninfo(lex_ctxt *lexic)
Get a version string of the SMB implementation.
Definition: nasl_smb.c:48
nasl_smb_close
tree_cell * nasl_smb_close(lex_ctxt *lexic)
Close SMB service handle.
Definition: nasl_smb.c:131
nasl_smb_connect
tree_cell * nasl_smb_connect(lex_ctxt *lexic)
Connect to SMB service and return a handle for it.
Definition: nasl_smb.c:76
nasl_smb_file_group_sid
tree_cell * nasl_smb_file_group_sid(lex_ctxt *lexic)
Obtain File Group SID.
Definition: nasl_smb.c:247
nasl_win_cmd_exec
tree_cell * nasl_win_cmd_exec(lex_ctxt *lexic)
Execute the command in windows.
Definition: nasl_smb.c:335
nasl_smb.h
Protos for NASL SMB API.
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:79
openvas_smb_interface.h
API protos describing the interface of a smb interface implementation.
smb_close
int smb_close(SMB_HANDLE)
Close the connection handle for SMB service.
Definition: smb_interface_stub.c:67
smb_file_GroupSID
char * smb_file_GroupSID(SMB_HANDLE, const char *)
Obtain the SID of the Group for a given file/path.
Definition: smb_interface_stub.c:117
smb_versioninfo
char * smb_versioninfo(void)
Return version info for SMB implementation.
Definition: smb_interface_stub.c:27
smb_file_OwnerSID
char * smb_file_OwnerSID(SMB_HANDLE, const char *)
Obtain the SID of the Owner for a given file/path.
Definition: smb_interface_stub.c:100
smb_connect
int smb_connect(const char *, const char *, const char *, const char *, SMB_HANDLE *)
Establish connection to a SMB service.
Definition: smb_interface_stub.c:48
smb_file_TrusteeRights
char * smb_file_TrusteeRights(SMB_HANDLE, const char *)
Obtain the Trustee SID and their rights for a given file/path.
Definition: smb_interface_stub.c:134
SMB_HANDLE
long int SMB_HANDLE
Definition: openvas_smb_interface.h:17
smb_file_SDDL
char * smb_file_SDDL(SMB_HANDLE, const char *)
Obtain Windows file rights in SDDL format.
Definition: smb_interface_stub.c:83
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
TC
Definition: nasl_tree.h:94
TC::x
union TC::@5 x
TC::size
int size
Definition: nasl_tree.h:99
TC::i_val
long int i_val
Definition: nasl_tree.h:104
TC::str_val
char * str_val
Definition: nasl_tree.h:103
host
Host information, implemented as doubly linked list.
Definition: hosts.c:37
script_infos
Definition: scanneraux.h:29
struct_lex_ctxt
Definition: nasl_lex_ctxt.h:23
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:30