1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation.  You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 //--------------------------------------------------------------------------
18 
19 // ftp_module.h author Russ Combs <rucombs@cisco.com>
20 
21 #ifndef FTP_MODULE_H
22 #define FTP_MODULE_H
23 
24 #include "framework/module.h"
25 #include "ftpp_ui_config.h"
26 
27 #define GID_FTP 125
28 
29 #define FTP_TELNET_CMD                   1
30 #define FTP_INVALID_CMD                  2
31 #define FTP_PARAMETER_LENGTH_OVERFLOW    3
32 #define FTP_MALFORMED_PARAMETER          4
33 #define FTP_PARAMETER_STR_FORMAT         5
34 #define FTP_RESPONSE_LENGTH_OVERFLOW     6
35 #define FTP_ENCRYPTED                    7
36 #define FTP_BOUNCE                       8
37 #define FTP_EVASIVE_TELNET_CMD           9
38 
39 namespace snort
40 {
41 struct SnortConfig;
42 }
43 
44 extern THREAD_LOCAL snort::ProfileStats ftpPerfStats;
45 
46 //-------------------------------------------------------------------------
47 
48 struct BounceTo
49 {
50     std::string address;
51     Port low;
52     Port high;
53 
54     BounceTo(const std::string& address, Port lo, Port hi);
55 };
56 
57 class FtpClientModule : public snort::Module
58 {
59 public:
60     FtpClientModule();
61     ~FtpClientModule() override;
62 
63     bool set(const char*, snort::Value&, snort::SnortConfig*) override;
64     bool begin(const char*, int, snort::SnortConfig*) override;
65     bool end(const char*, int, snort::SnortConfig*) override;
66 
67     FTP_CLIENT_PROTO_CONF* get_data();
68     const BounceTo* get_bounce(unsigned idx);
69 
get_usage()70     Usage get_usage() const override
71     { return INSPECT; }
72 
is_bindable()73     bool is_bindable() const override
74     { return true; }
75 
76 private:
77     FTP_CLIENT_PROTO_CONF* conf;
78     std::vector<BounceTo*> bounce_to;
79 
80     std::string address;
81     Port port, last_port;
82 };
83 
84 //-------------------------------------------------------------------------
85 
86 #define CMD_LEN    0x0000
87 #define CMD_ALLOW  0x0001
88 #define CMD_CHECK  0x0002
89 #define CMD_DATA   0x0004
90 #define CMD_XFER   0x0008
91 #define CMD_PUT    0x0010
92 #define CMD_GET    0x0020
93 #define CMD_LOGIN  0x0040
94 #define CMD_ENCR   0x0080
95 #define CMD_DIR    0x0100
96 #define CMD_VALID  0x0200
97 #define CMD_REST   0x0400
98 #define CMD_PROT   0x0800
99 
100 struct FtpCmd
101 {
102     std::string name;
103     std::string format;
104 
105     uint32_t flags;
106     unsigned number;
107 
108     FtpCmd(const std::string&, uint32_t, int);
109     FtpCmd(const std::string&, const std::string&, int);
110 };
111 
112 class FtpServerModule : public snort::Module
113 {
114 public:
115     FtpServerModule();
116     ~FtpServerModule() override;
117 
118     bool set(const char*, snort::Value&, snort::SnortConfig*) override;
119     bool begin(const char*, int, snort::SnortConfig*) override;
120     bool end(const char*, int, snort::SnortConfig*) override;
121 
get_gid()122     unsigned get_gid() const override
123     { return GID_FTP; }
124 
125     const snort::RuleMap* get_rules() const override;
126     const PegInfo* get_pegs() const override;
127     PegCount* get_counts() const override;
128     snort::ProfileStats* get_profile() const override;
129 
get_usage()130     Usage get_usage() const override
131     { return INSPECT; }
132 
is_bindable()133     bool is_bindable() const override
134     { return true; }
135 
136     FTP_SERVER_PROTO_CONF* get_data();
137     const FtpCmd* get_cmd(unsigned idx);
138 
139 private:
140     void add_commands(snort::Value&, uint32_t flags, int num = 0);
141 
142 private:
143     FTP_SERVER_PROTO_CONF* conf;
144     std::vector<FtpCmd*> cmds;
145     std::string names;
146     std::string format;
147     int number;
148 };
149 
150 #endif
151 
152