1 /* 2 * ftpp_ui_config.h 3 * 4 * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 5 * Copyright (C) 2004-2013 Sourcefire, Inc. 6 * Steven A. Sturges <ssturges@sourcefire.com> 7 * Daniel J. Roelker <droelker@sourcefire.com> 8 * Marc A. Norton <mnorton@sourcefire.com> 9 * Kevin Liu <kliu@sourcefire.com> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License Version 2 as 13 * published by the Free Software Foundation. You may not use, modify or 14 * distribute this program under any other version of the GNU General 15 * Public License. 16 * 17 * This program is distributed in the hope that it will be useful, 18 * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * GNU General Public License for more details. 21 * 22 * You should have received a copy of the GNU General Public License 23 * along with this program; if not, write to the Free Software 24 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 25 * 26 * Description: 27 * 28 * This file contains the internal configuration structures 29 * for FTPTelnet. 30 * 31 * This file holds the configuration constructs for the FTPTelnet global 32 * configuration and the FTP client configurations. It also contains the 33 * function prototypes for accessing client configurations. 34 * 35 * NOTES: 36 * - 20.09.04: Initial Development. SAS 37 */ 38 39 #ifndef __FTPP_UI_CONFIG_H__ 40 #define __FTPP_UI_CONFIG_H__ 41 42 //#include "decode.h" 43 44 #include "ftpp_include.h" 45 #include "hi_util_kmap.h" 46 #include "ipv6_port.h" 47 #include "sfrt.h" 48 #include "snort_bounds.h" 49 /* 50 * Defines 51 */ 52 #define FTPP_UI_CONFIG_STATELESS 0 53 #define FTPP_UI_CONFIG_STATEFUL 1 54 55 #define FTPP_UI_CONFIG_TELNET_DEF_AYT_THRESHOLD -1 56 #define FTPP_UI_CONFIG_FTP_DEF_RESP_MSG_MAX -1 57 #define FTPP_UI_CONFIG_FTP_DEF_CMD_PARAM_MAX 100 58 59 /**Maximum number of entries in server_lookup table. 60 */ 61 #define FTPP_UI_CONFIG_MAX_SERVERS 20 62 #define FTPP_UI_CONFIG_MAX_CLIENTS 20 63 64 #define MIN_CMD 3 65 #define MAX_CMD 4 66 67 /* 68 * Defines a search type for the client configurations in the 69 * global configuration. We want this generic so we can change 70 * it easily if we change the search type. 71 */ 72 typedef table_t CLIENT_LOOKUP; 73 typedef table_t SERVER_LOOKUP; 74 typedef KMAP BOUNCE_LOOKUP; 75 76 /* 77 * Defines a search type for the FTP commands in the client 78 * global configuration. We want this generic so we can change 79 * it easily if we change the search type. 80 */ 81 typedef KMAP CMD_LOOKUP; 82 83 /* 84 * This structure simply holds a value for on/off and whether 85 * alert is on/off. Should be used for many configure options. 86 */ 87 typedef struct s_FTPTELNET_CONF_OPT 88 { 89 90 int on; /*< if true, configuration option is on */ 91 int alert; /*< if true, alert if option is found */ 92 93 } FTPTELNET_CONF_OPT; 94 95 typedef enum s_FTP_PARAM_TYPE 96 { 97 e_head = 0, 98 e_unrestricted, /* The default */ 99 e_strformat, 100 e_int, 101 e_number, 102 e_char, 103 e_date, 104 e_literal, 105 e_host_port, 106 e_long_host_port, 107 e_extd_host_port 108 } FTP_PARAM_TYPE; 109 110 /* 111 * Some FTP servers accept MDTM commands to set the modification time 112 * on a file. The most common are servers accept a format using 113 * YYYYMMDDHHmmss[.uuu], while others accept a format using 114 * YYYYMMDDHHmmss[+|-]TZ format. Because of this, the default syntax 115 * below is for the first case (time format as specified in 116 * http://www.ietf.org/internet-drafts/draft-ietf-ftpext-mlst-16.txt) 117 * 118 * If you need to check validity for a server that uses the TZ format, 119 * use the following: 120 * 121 * cmd_validity MDTM < [ date nnnnnnnnnnnnnn[{+|-}n[n]] ] string > 122 * 123 * Format uses the following: 124 * n = digit 125 * C = character 126 * . = period (literal) 127 * + = plus (literal) 128 * - = minus (literal) 129 * [ = optional begin 130 * ] = optional end 131 * { = OR begin 132 * } = OR end 133 * | = OR separator 134 * 135 * ie, nnnnnnnnnnnnnn[.n[n[n]]] --> 136 * force conformance to YYYYMMDDHHmmss.uuu, 137 * where 1,2, or 3 microsec digits are optional. 138 * 139 * ie, nnnnnnnnnnnnnn[{+|-}n[n]] --> 140 * force conformance to YYYYMMDDHHmmss+TZ, 141 * where optional +TZ is + or - one or two digit number 142 */ 143 typedef struct s_FTP_DATE_FMT 144 { 145 char *format_string; 146 int empty; 147 struct s_FTP_DATE_FMT *next; 148 struct s_FTP_DATE_FMT *prev; 149 struct s_FTP_DATE_FMT *optional; 150 struct s_FTP_DATE_FMT *next_a; 151 struct s_FTP_DATE_FMT *next_b; 152 153 } FTP_DATE_FMT; 154 155 typedef struct s_FTP_PARAM_FMT 156 { 157 FTP_PARAM_TYPE type; 158 int optional; 159 160 /* Format is only used for types listed below to specify 161 * allowable values. Other types provide no variances 162 * for the format. 163 */ 164 union u_FORMAT 165 { 166 uint32_t chars_allowed; /* For type == e_char */ 167 FTP_DATE_FMT *date_fmt; /* For type == e_date */ 168 char* literal; /* For type == e_literal */ 169 } format; 170 171 struct s_FTP_PARAM_FMT *prev_param_fmt; 172 struct s_FTP_PARAM_FMT *next_param_fmt; 173 struct s_FTP_PARAM_FMT *optional_fmt; 174 struct s_FTP_PARAM_FMT **choices; 175 int numChoices; 176 int prev_optional; /* Only set if optional is set */ 177 const char *next_param; /* Pointer to buffer for the next parameter. 178 To be used to backtrack for optional 179 parameters that don't match. */ 180 181 } FTP_PARAM_FMT; 182 183 typedef struct s_FTP_CMD_CONF 184 { 185 /* Maximum length for parameters for this cmd. 186 * Default -1 is unlimited */ 187 unsigned int max_param_len; 188 int max_param_len_overridden; 189 190 int check_validity; 191 int data_chan_cmd; 192 int data_xfer_cmd; 193 int data_rest_cmd; 194 int file_put_cmd; 195 int file_get_cmd; 196 int encr_cmd; 197 int login_cmd; 198 int dir_response; 199 200 FTP_PARAM_FMT *param_format; 201 char cmd_name[1]; // variable length array 202 203 } FTP_CMD_CONF; 204 205 typedef struct s_PROTO_CONF 206 { 207 unsigned int port_count; 208 char ports[MAXPORTS]; 209 } PROTO_CONF; 210 211 /* 212 * This is the configuration construct that holds the specific 213 * options for a FTP server. Each unique server has it's own 214 * structure and there is a global structure for servers that 215 * don't have a unique configuration. 216 */ 217 typedef struct s_FTP_SERVER_PROTO_CONF 218 { 219 /* Ports must be first */ 220 PROTO_CONF proto_ports; 221 222 char *serverAddr; 223 224 unsigned int def_max_param_len; 225 unsigned int max_cmd_len; 226 227 int print_commands; 228 229 CMD_LOOKUP *cmd_lookup; 230 231 FTPTELNET_CONF_OPT telnet_cmds; 232 FTPTELNET_CONF_OPT ignore_telnet_erase_cmds; 233 int data_chan; 234 235 /**Counts references to this allocated data structure. Each additional 236 * reference should increment referenceCount. Each attempted free should 237 * decrement it. When reference count reaches 0, then this 238 * data structure should be freed. 239 */ 240 int referenceCount; 241 242 } FTP_SERVER_PROTO_CONF; 243 244 typedef struct s_FTP_BOUNCE_TO 245 { 246 sfcidr_t ip; 247 unsigned short portlo; 248 unsigned short porthi; 249 } FTP_BOUNCE_TO; 250 251 /* 252 * This is the configuration construct that holds the specific 253 * options for a FTP client. Each unique client has it's own 254 * structure and there is a global structure for clients that 255 * don't have a unique configuration. 256 */ 257 typedef struct s_FTP_CLIENT_PROTO_CONF 258 { 259 char *clientAddr; 260 unsigned int max_resp_len; 261 int data_chan; 262 263 FTPTELNET_CONF_OPT bounce; 264 FTPTELNET_CONF_OPT telnet_cmds; 265 FTPTELNET_CONF_OPT ignore_telnet_erase_cmds; 266 267 /* allow_bounce to IP/mask port|port-range */ 268 /* TODO: change this to use a quick find of IP/mask */ 269 BOUNCE_LOOKUP *bounce_lookup; 270 271 /**Counts references to this allocated data structure. Each additional 272 * reference should increment referenceCount. Each attempted free should 273 * decrement it. When reference count reaches 0, then this 274 * data structure should be freed. 275 */ 276 int referenceCount; 277 278 } FTP_CLIENT_PROTO_CONF; 279 280 /* 281 * This is the configuration construct that holds the specific 282 * options for telnet. There is a global structure for all telnet 283 * connections. 284 */ 285 typedef struct s_TELNET_PROTO_CONF 286 { 287 /* Ports must be first */ 288 PROTO_CONF proto_ports; 289 290 int normalize; 291 292 int ayt_threshold; 293 294 char detect_anomalies; 295 296 } TELNET_PROTO_CONF; 297 298 /* 299 * This is the configuration for the global FTPTelnet 300 * configuration. It contains the global aspects of the 301 * configuration, a standard global default configuration, 302 * and client configurations. 303 */ 304 typedef struct s_FTPTELNET_GLOBAL_CONF 305 { 306 int inspection_type; 307 int check_encrypted_data; 308 FTPTELNET_CONF_OPT encrypted; 309 310 FTP_CLIENT_PROTO_CONF *default_ftp_client; 311 FTP_SERVER_PROTO_CONF *default_ftp_server; 312 TELNET_PROTO_CONF *telnet_config; 313 SERVER_LOOKUP *server_lookup; 314 CLIENT_LOOKUP *client_lookup; 315 316 uint32_t ref_count; 317 318 uint32_t xtra_filename_id; 319 320 } FTPTELNET_GLOBAL_CONF; 321 322 323 /* 324 * Functions 325 */ 326 int ftpp_ui_config_init_global_conf(FTPTELNET_GLOBAL_CONF *GlobalConf); 327 int ftpp_ui_config_default(FTPTELNET_GLOBAL_CONF *GlobalConf); 328 int ftpp_ui_config_reset_global(FTPTELNET_GLOBAL_CONF *GlobalConf); 329 int ftpp_ui_config_reset_ftp_client(FTP_CLIENT_PROTO_CONF *ClientConf, 330 char first); 331 int ftpp_ui_config_reset_ftp_server(FTP_SERVER_PROTO_CONF *ServerConf, 332 char first); 333 void ftpp_ui_config_reset_ftp_cmd_format(FTP_PARAM_FMT *ThisFmt); 334 void ftpp_ui_config_reset_ftp_cmd_date_format(FTP_DATE_FMT *DateFmt); 335 int ftpp_ui_config_reset_ftp_cmd(FTP_CMD_CONF *FTPCmd); 336 int ftpp_ui_config_reset_telnet_proto(TELNET_PROTO_CONF *ClientConf); 337 338 int ftpp_ui_config_add_ftp_client(FTPTELNET_GLOBAL_CONF *GlobalConf, 339 sfcidr_t* ClientIP, FTP_CLIENT_PROTO_CONF *ClientConf); 340 int ftpp_ui_config_add_ftp_server(FTPTELNET_GLOBAL_CONF *GlobalConf, 341 sfcidr_t *ClientIP, FTP_SERVER_PROTO_CONF *ClientConf); 342 343 #endif 344