OpenVAS Scanner 22.7.9
Functions
nasl_smb.h File Reference

Protos for NASL SMB API. More...

#include "nasl_lex_ctxt.h"
#include "nasl_tree.h"
Include dependency graph for nasl_smb.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellnasl_smb_versioninfo (lex_ctxt *lexic)
 Get a version string of the SMB implementation.
 
tree_cellnasl_smb_connect (lex_ctxt *lexic)
 Connect to SMB service and return a handle for it.
 
tree_cellnasl_smb_close (lex_ctxt *lexic)
 Close SMB service handle.
 
tree_cellnasl_smb_file_SDDL (lex_ctxt *lexic)
 Obtain Security Descriptor in SDDL format.
 
tree_cellnasl_smb_file_owner_sid (lex_ctxt *lexic)
 Obtain File Owner SID.
 
tree_cellnasl_smb_file_group_sid (lex_ctxt *lexic)
 Obtain File Group SID.
 
tree_cellnasl_smb_file_trustee_rights (lex_ctxt *lexic)
 Obtain File Trustee SID with Access Mask.
 
tree_cellnasl_win_cmd_exec (lex_ctxt *lexic)
 Execute the command in windows.
 

Detailed Description

Protos for NASL SMB API.

This file contains the protos for nasl_smb.c

Definition in file nasl_smb.h.

Function Documentation

◆ nasl_smb_close()

tree_cell * nasl_smb_close ( lex_ctxt lexic)

Close SMB service handle.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of a serious problem. Else returns a treecell with integer == 1.

Retrieves local variable "smb_handle" from the lexical context and closes the respective handle.

Definition at line 131 of file nasl_smb.c.

132{
133 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
134 int ret;
135 tree_cell *retc;
136
137 retc = alloc_typed_cell (CONST_INT);
138
139 ret = smb_close (handle);
140 if (ret == 0)
141 {
142 retc->x.i_val = 1;
143 return retc;
144 }
145 else
146 return NULL;
147}
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1104
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:79
smb_close
int smb_close(SMB_HANDLE)
Close the connection handle for SMB service.
Definition: smb_interface_stub.c:67
SMB_HANDLE
long int SMB_HANDLE
Definition: openvas_smb_interface.h:17
TC
Definition: nasl_tree.h:94
TC::x
union TC::@5 x
TC::i_val
long int i_val
Definition: nasl_tree.h:104

References alloc_typed_cell(), CONST_INT, get_int_var_by_name(), TC::i_val, smb_close(), and TC::x.

Here is the call graph for this function:

◆ nasl_smb_connect()

tree_cell * nasl_smb_connect ( lex_ctxt lexic)

Connect to SMB service and return a handle for it.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case the connection could not be established. Else a tree_cell with the handle.

Retrieves local variables "host", "username", "password" and "share" from the lexical context, performs and connects to this given SMB service returning a handle for the service as integer.

Definition at line 76 of file nasl_smb.c.

77{
78 struct script_infos *script_infos = lexic->script_infos;
79 struct in6_addr *host = plug_get_host_ip (script_infos);
80 char *ip;
81 char *username = get_str_var_by_name (lexic, "username");
82 char *password = get_str_var_by_name (lexic, "password");
83 char *share = get_str_var_by_name (lexic, "share");
84
85 tree_cell *retc;
86 SMB_HANDLE handle;
87 int value;
88
89 if ((host == NULL) || (username == NULL) || (password == NULL)
90 || (share == NULL))
91 {
92 g_message ("nasl_smb_connect: Invalid input arguments");
93 return NULL;
94 }
95
96 ip = addr6_as_str (host);
97 if ((strlen (password) == 0) || (strlen (username) == 0) || (strlen (ip) == 0)
98 || (strlen (share) == 0))
99 {
100 g_message ("nasl_smb_connect: Invalid input arguments");
101 g_free (ip);
102 return NULL;
103 }
104
105 retc = alloc_typed_cell (CONST_INT);
106 value = smb_connect (ip, share, username, password, &handle);
107 g_free (ip);
108
109 if (value == -1)
110 {
111 g_message ("nasl_smb_connect: SMB Connect failed");
112 return NULL;
113 }
114
115 retc->x.i_val = handle;
116 return retc;
117}
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1118
smb_connect
int smb_connect(const char *, const char *, const char *, const char *, SMB_HANDLE *)
Establish connection to a SMB service.
Definition: smb_interface_stub.c:48
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
host
Host information, implemented as doubly linked list.
Definition: hosts.c:37
script_infos
Definition: scanneraux.h:29
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:30

References alloc_typed_cell(), CONST_INT, get_str_var_by_name(), TC::i_val, plug_get_host_ip(), struct_lex_ctxt::script_infos, smb_connect(), and TC::x.

Here is the call graph for this function:

◆ nasl_smb_file_group_sid()

tree_cell * nasl_smb_file_group_sid ( lex_ctxt lexic)

Obtain File Group SID.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with Group SID string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 247 of file nasl_smb.c.

248{
249 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
250 char *filename = get_str_var_by_name (lexic, "filename");
251
252 if (!filename)
253 {
254 g_message ("smb_file_group_sid failed: Invalid filename");
255 return NULL;
256 }
257
258 if (!handle)
259 {
260 g_message ("smb_file_group_sid failed: Invalid smb_handle");
261 return NULL;
262 }
263
264 tree_cell *retc;
265 char *buffer;
266
267 buffer = smb_file_GroupSID (handle, filename);
268
269 if (buffer == NULL)
270 return NULL;
271
272 retc = alloc_typed_cell (CONST_DATA);
273 retc->size = strlen (buffer);
274 retc->x.str_val = strdup (buffer);
275 return retc;
276}
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
smb_file_GroupSID
char * smb_file_GroupSID(SMB_HANDLE, const char *)
Obtain the SID of the Group for a given file/path.
Definition: smb_interface_stub.c:117
TC::size
int size
Definition: nasl_tree.h:99
TC::str_val
char * str_val
Definition: nasl_tree.h:103

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_GroupSID(), TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_smb_file_owner_sid()

tree_cell * nasl_smb_file_owner_sid ( lex_ctxt lexic)

Obtain File Owner SID.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with Owner SID string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 204 of file nasl_smb.c.

205{
206 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
207 char *filename = get_str_var_by_name (lexic, "filename");
208
209 if (!filename)
210 {
211 g_message ("smb_file_owner_sid failed: Invalid filename");
212 return NULL;
213 }
214
215 if (!handle)
216 {
217 g_message ("smb_file_owner_sid failed: Invalid smb_handle");
218 return NULL;
219 }
220
221 tree_cell *retc;
222 char *buffer;
223
224 buffer = smb_file_OwnerSID (handle, filename);
225
226 if (buffer == NULL)
227 return NULL;
228
229 retc = alloc_typed_cell (CONST_DATA);
230 retc->size = strlen (buffer);
231 retc->x.str_val = strdup (buffer);
232 return retc;
233}
smb_file_OwnerSID
char * smb_file_OwnerSID(SMB_HANDLE, const char *)
Obtain the SID of the Owner for a given file/path.
Definition: smb_interface_stub.c:100

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_OwnerSID(), TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_smb_file_SDDL()

tree_cell * nasl_smb_file_SDDL ( lex_ctxt lexic)

Obtain Security Descriptor in SDDL format.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with SDDL string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 161 of file nasl_smb.c.

162{
163 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
164 char *filename = get_str_var_by_name (lexic, "filename");
165
166 if (!filename)
167 {
168 g_message ("smb_file_SDDL failed: Invalid filename");
169 return NULL;
170 }
171
172 if (!handle)
173 {
174 g_message ("smb_file_SDDL failed: Invalid smb_handle");
175 return NULL;
176 }
177
178 tree_cell *retc;
179 char *buffer = NULL;
180
181 buffer = smb_file_SDDL (handle, filename);
182
183 if (buffer == NULL)
184 return NULL;
185
186 retc = alloc_typed_cell (CONST_DATA);
187 retc->size = strlen (buffer);
188 retc->x.str_val = strdup (buffer);
189 return retc;
190}
smb_file_SDDL
char * smb_file_SDDL(SMB_HANDLE, const char *)
Obtain Windows file rights in SDDL format.
Definition: smb_interface_stub.c:83

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_SDDL(), TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_smb_file_trustee_rights()

tree_cell * nasl_smb_file_trustee_rights ( lex_ctxt lexic)

Obtain File Trustee SID with Access Mask.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case of problem. Else returns a treecell with Trustee SID and Access Mask string

Retrieves local variable "smb_handle" and "filename" from the lexical context and perform file rights query.

Definition at line 290 of file nasl_smb.c.

291{
292 SMB_HANDLE handle = (SMB_HANDLE) get_int_var_by_name (lexic, "smb_handle", 0);
293 char *filename = get_str_var_by_name (lexic, "filename");
294
295 if (!filename)
296 {
297 g_message ("smb_file_trustee_rights failed: Invalid filename");
298 return NULL;
299 }
300
301 if (!handle)
302 {
303 g_message ("smb_file_trustee_rights failed: Invalid smb_handle");
304 return NULL;
305 }
306
307 tree_cell *retc;
308 char *buffer;
309
310 buffer = smb_file_TrusteeRights (handle, filename);
311
312 if (buffer == NULL)
313 return NULL;
314
315 retc = alloc_typed_cell (CONST_DATA);
316 retc->size = strlen (buffer);
317 retc->x.str_val = strdup (buffer);
318 return retc;
319}
smb_file_TrusteeRights
char * smb_file_TrusteeRights(SMB_HANDLE, const char *)
Obtain the Trustee SID and their rights for a given file/path.
Definition: smb_interface_stub.c:134

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), TC::size, smb_file_TrusteeRights(), TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_smb_versioninfo()

tree_cell * nasl_smb_versioninfo ( lex_ctxt lexic)

Get a version string of the SMB implementation.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL in case no implementation is present. Else a tree_cell with the version as string.

Definition at line 48 of file nasl_smb.c.

49{
50 char *version = smb_versioninfo ();
51 tree_cell *retc;
52 (void) lexic;
53
54 if (!version)
55 return NULL;
56
57 retc = alloc_typed_cell (CONST_DATA);
58 retc->x.str_val = strdup (version);
59 retc->size = strlen (version);
60 return retc;
61}
smb_versioninfo
char * smb_versioninfo(void)
Return version info for SMB implementation.
Definition: smb_interface_stub.c:27

References alloc_typed_cell(), CONST_DATA, TC::size, smb_versioninfo(), TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_win_cmd_exec()

tree_cell * nasl_win_cmd_exec ( lex_ctxt lexic)

Execute the command in windows.

Parameters
[in]lexicLexical context of NASL interpreter.
Returns
NULL if the query fails. Else a tree_cell with the command execution result.

Retrieves local variables "cmd" from the lexical context, performs the windows command execution operation returning the result.

Definition at line 335 of file nasl_smb.c.

336{
337 struct script_infos *script_infos = lexic->script_infos;
338 struct in6_addr *host = plug_get_host_ip (script_infos);
339 char *ip, *argv[4], *unicode, target[2048], *c;
340 tree_cell *retc;
341 GString *string = NULL;
342 int sout, ret;
343 GError *err = NULL;
344
345 IMPORT (username);
346 IMPORT (password);
347 IMPORT (cmd);
348
349 if ((host == NULL) || (username == NULL) || (password == NULL)
350 || (cmd == NULL))
351 {
352 g_message ("win_cmd_exec: Invalid input arguments");
353 return NULL;
354 }
355
356 ip = addr6_as_str (host);
357 if ((strlen (password) == 0) || (strlen (username) == 0) || strlen (ip) == 0)
358 {
359 g_message ("win_cmd_exec: Invalid input arguments");
360 g_free (ip);
361 return NULL;
362 }
363
364 /* wmiexec.py uses domain/username format. */
365 if ((c = strchr (username, '\\')))
366 *c = '/';
367 argv[0] = "impacket-wmiexec";
368 snprintf (target, sizeof (target), "%s:%s@%s", username, password, ip);
369 argv[1] = target;
370 argv[2] = cmd;
371 argv[3] = NULL;
372 ret = g_spawn_async_with_pipes (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL,
373 NULL, NULL, NULL, &sout, NULL, &err);
374 g_free (ip);
375 if (ret == FALSE)
376 {
377 g_warning ("win_cmd_exec: %s", err ? err->message : "Error");
378 if (err)
379 g_error_free (err);
380 return NULL;
381 }
382
383 string = g_string_new ("");
384 while (1)
385 {
386 char buf[4096];
387 size_t bytes;
388
389 bytes = read (sout, buf, sizeof (buf));
390 if (!bytes)
391 break;
392 else if (bytes > 0)
393 g_string_append_len (string, buf, bytes);
394 else
395 {
396 g_warning ("win_cmd_exec: %s", strerror (errno));
397 g_string_free (string, TRUE);
398 close (sout);
399 return NULL;
400 }
401 }
402 close (sout);
403
404 if (g_str_has_prefix (string->str, "[-]"))
405 {
406 g_warning ("win_cmd_exec: %s", string->str);
407 g_string_free (string, TRUE);
408 return NULL;
409 }
410 else if ((unicode = strstr (string->str, "\xff\xfe")))
411 {
412 /* UTF-16 case. */
413 size_t length, diff;
414 err = NULL;
415 char *tmp;
416
417 diff = unicode - string->str + 1;
418 tmp = g_convert (unicode + 2, string->len - diff, "UTF-8", "UTF-16", NULL,
419 &length, &err);
420 if (!tmp)
421 {
422 g_warning ("win_cmd_exec: %s", err->message);
423 g_string_free (string, TRUE);
424 g_error_free (err);
425 return NULL;
426 }
427 g_free (string->str);
428 string->len = length;
429 string->str = tmp;
430 }
431
432 retc = alloc_typed_cell (CONST_DATA);
433 retc->x.str_val = string->str;
434 retc->size = string->len;
435 return retc;
436}
length
u_short length
Definition: nasl_packet_forgery.c:4
IMPORT
#define IMPORT(var)
Definition: nasl_smb.c:31

References alloc_typed_cell(), CONST_DATA, IMPORT, length, plug_get_host_ip(), struct_lex_ctxt::script_infos, TC::size, TC::str_val, and TC::x.

Here is the call graph for this function: