1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 19 // ftp_module.h author Russ Combs <rucombs@cisco.com> 20 21 #ifndef FTP_MODULE_H 22 #define FTP_MODULE_H 23 24 #include "framework/module.h" 25 #include "ftpp_ui_config.h" 26 27 #define GID_FTP 125 28 29 #define FTP_TELNET_CMD 1 30 #define FTP_INVALID_CMD 2 31 #define FTP_PARAMETER_LENGTH_OVERFLOW 3 32 #define FTP_MALFORMED_PARAMETER 4 33 #define FTP_PARAMETER_STR_FORMAT 5 34 #define FTP_RESPONSE_LENGTH_OVERFLOW 6 35 #define FTP_ENCRYPTED 7 36 #define FTP_BOUNCE 8 37 #define FTP_EVASIVE_TELNET_CMD 9 38 39 namespace snort 40 { 41 struct SnortConfig; 42 } 43 44 extern THREAD_LOCAL snort::ProfileStats ftpPerfStats; 45 46 //------------------------------------------------------------------------- 47 48 struct BounceTo 49 { 50 std::string address; 51 Port low; 52 Port high; 53 54 BounceTo(const std::string& address, Port lo, Port hi); 55 }; 56 57 class FtpClientModule : public snort::Module 58 { 59 public: 60 FtpClientModule(); 61 ~FtpClientModule() override; 62 63 bool set(const char*, snort::Value&, snort::SnortConfig*) override; 64 bool begin(const char*, int, snort::SnortConfig*) override; 65 bool end(const char*, int, snort::SnortConfig*) override; 66 67 FTP_CLIENT_PROTO_CONF* get_data(); 68 const BounceTo* get_bounce(unsigned idx); 69 get_usage()70 Usage get_usage() const override 71 { return INSPECT; } 72 is_bindable()73 bool is_bindable() const override 74 { return true; } 75 76 private: 77 FTP_CLIENT_PROTO_CONF* conf; 78 std::vector<BounceTo*> bounce_to; 79 80 std::string address; 81 Port port, last_port; 82 }; 83 84 //------------------------------------------------------------------------- 85 86 #define CMD_LEN 0x0000 87 #define CMD_ALLOW 0x0001 88 #define CMD_CHECK 0x0002 89 #define CMD_DATA 0x0004 90 #define CMD_XFER 0x0008 91 #define CMD_PUT 0x0010 92 #define CMD_GET 0x0020 93 #define CMD_LOGIN 0x0040 94 #define CMD_ENCR 0x0080 95 #define CMD_DIR 0x0100 96 #define CMD_VALID 0x0200 97 #define CMD_REST 0x0400 98 #define CMD_PROT 0x0800 99 100 struct FtpCmd 101 { 102 std::string name; 103 std::string format; 104 105 uint32_t flags; 106 unsigned number; 107 108 FtpCmd(const std::string&, uint32_t, int); 109 FtpCmd(const std::string&, const std::string&, int); 110 }; 111 112 class FtpServerModule : public snort::Module 113 { 114 public: 115 FtpServerModule(); 116 ~FtpServerModule() override; 117 118 bool set(const char*, snort::Value&, snort::SnortConfig*) override; 119 bool begin(const char*, int, snort::SnortConfig*) override; 120 bool end(const char*, int, snort::SnortConfig*) override; 121 get_gid()122 unsigned get_gid() const override 123 { return GID_FTP; } 124 125 const snort::RuleMap* get_rules() const override; 126 const PegInfo* get_pegs() const override; 127 PegCount* get_counts() const override; 128 snort::ProfileStats* get_profile() const override; 129 get_usage()130 Usage get_usage() const override 131 { return INSPECT; } 132 is_bindable()133 bool is_bindable() const override 134 { return true; } 135 136 FTP_SERVER_PROTO_CONF* get_data(); 137 const FtpCmd* get_cmd(unsigned idx); 138 139 private: 140 void add_commands(snort::Value&, uint32_t flags, int num = 0); 141 142 private: 143 FTP_SERVER_PROTO_CONF* conf; 144 std::vector<FtpCmd*> cmds; 145 std::string names; 146 std::string format; 147 int number; 148 }; 149 150 #endif 151 152