1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 // Copyright (C) 2004-2013 Sourcefire, Inc. 4 // 5 // This program is free software; you can redistribute it and/or modify it 6 // under the terms of the GNU General Public License Version 2 as published 7 // by the Free Software Foundation. You may not use, modify or distribute 8 // this program under any other version of the GNU General Public License. 9 // 10 // This program is distributed in the hope that it will be useful, but 11 // WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 // General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License along 16 // with this program; if not, write to the Free Software Foundation, Inc., 17 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 //-------------------------------------------------------------------------- 19 /* 20 * Description: 21 * 22 * This file contains the internal configuration structures 23 * for FTPTelnet. 24 * 25 * This file holds the configuration constructs for the FTPTelnet global 26 * configuration and the FTP client configurations. It also contains the 27 * function prototypes for accessing client configurations. 28 * 29 * NOTES: 30 * - 20.09.04: Initial Development. SAS 31 * 32 * Steven A. Sturges <ssturges@sourcefire.com> 33 * Daniel J. Roelker <droelker@sourcefire.com> 34 * Marc A. Norton <mnorton@sourcefire.com> 35 * Kevin Liu <kliu@sourcefire.com> 36 */ 37 38 #ifndef FTPP_UI_CONFIG_H 39 #define FTPP_UI_CONFIG_H 40 41 #include "sfip/sf_ip.h" 42 #include "utils/kmap.h" 43 44 /* 45 * Defines 46 */ 47 48 #define FTPP_UI_CONFIG_TELNET_DEF_AYT_THRESHOLD (-1) 49 #define FTPP_UI_CONFIG_FTP_DEF_RESP_MSG_MAX (-1) 50 #define FTPP_UI_CONFIG_FTP_DEF_CMD_PARAM_MAX 100 51 52 #define MIN_CMD 3 53 #define MAX_CMD 4 54 55 typedef KMAP BOUNCE_LOOKUP; 56 57 /* 58 * Defines a search type for the FTP commands in the client 59 * global configuration. We want this generic so we can change 60 * it easily if we change the search type. 61 */ 62 typedef KMAP CMD_LOOKUP; 63 64 typedef enum s_FTP_PARAM_TYPE 65 { 66 e_head = 0, 67 e_unrestricted, /* The default */ 68 e_strformat, 69 e_int, 70 e_number, 71 e_char, 72 e_date, 73 e_literal, 74 e_host_port, 75 e_long_host_port, 76 e_extd_host_port 77 } FTP_PARAM_TYPE; 78 79 /* 80 * Some FTP servers accept MDTM commands to set the modification time 81 * on a file. The most common are servers accept a format using 82 * YYYYMMDDHHmmss[.uuu], while others accept a format using 83 * YYYYMMDDHHmmss[+|-]TZ format. Because of this, the default syntax 84 * below is for the first case (time format as specified in 85 * http://www.ietf.org/internet-drafts/draft-ietf-ftpext-mlst-16.txt) 86 * 87 * If you need to check validity for a server that uses the TZ format, 88 * use the following: 89 * 90 * cmd_validity MDTM < [ date nnnnnnnnnnnnnn[{+|-}n[n]] ] string > 91 * 92 * Format uses the following: 93 * n = digit 94 * C = character 95 * . = period (literal) 96 * + = plus (literal) 97 * - = minus (literal) 98 * [ = optional begin 99 * ] = optional end 100 * { = OR begin 101 * } = OR end 102 * | = OR separator 103 * 104 * ie, nnnnnnnnnnnnnn[.n[n[n]]] --> 105 * force conformance to YYYYMMDDHHmmss.uuu, 106 * where 1,2, or 3 microsec digits are optional. 107 * 108 * ie, nnnnnnnnnnnnnn[{+|-}n[n]] --> 109 * force conformance to YYYYMMDDHHmmss+TZ, 110 * where optional +TZ is + or - one or two digit number 111 */ 112 typedef struct s_FTP_DATE_FMT 113 { 114 char* format_string; 115 int empty; 116 struct s_FTP_DATE_FMT* next; 117 struct s_FTP_DATE_FMT* prev; 118 struct s_FTP_DATE_FMT* optional; 119 struct s_FTP_DATE_FMT* next_a; 120 struct s_FTP_DATE_FMT* next_b; 121 } FTP_DATE_FMT; 122 123 typedef struct s_FTP_PARAM_FMT 124 { 125 FTP_PARAM_TYPE type; 126 int optional; 127 128 /* Format is only used for types listed below to specify 129 * allowable values. Other types provide no variances 130 * for the format. 131 */ 132 union u_FORMAT 133 { 134 uint32_t chars_allowed; /* For type == e_char */ 135 FTP_DATE_FMT* date_fmt; /* For type == e_date */ 136 char* literal; /* For type == e_literal */ 137 } format; 138 139 struct s_FTP_PARAM_FMT* prev_param_fmt; 140 struct s_FTP_PARAM_FMT* next_param_fmt; 141 struct s_FTP_PARAM_FMT* optional_fmt; 142 struct s_FTP_PARAM_FMT** choices; 143 int numChoices; 144 int prev_optional; /* Only set if optional is set */ 145 } FTP_PARAM_FMT; 146 147 typedef struct s_FTP_CMD_CONF 148 { 149 /* Maximum length for parameters for this cmd. 150 * Default -1 is unlimited */ 151 unsigned int max_param_len; 152 int max_param_len_overridden; 153 154 bool check_validity; 155 bool data_chan_cmd; 156 bool data_xfer_cmd; 157 bool data_rest_cmd; 158 bool file_put_cmd; 159 bool file_get_cmd; 160 bool encr_cmd; 161 bool login_cmd; 162 bool prot_cmd; 163 int dir_response; 164 165 FTP_PARAM_FMT* param_format; 166 char cmd_name[1]; // variable length array 167 } FTP_CMD_CONF; 168 169 /* 170 * This is the configuration construct that holds the specific 171 * options for a FTP server. Each unique server has it's own 172 * structure and there is a global structure for servers that 173 * don't have a unique configuration. 174 */ 175 struct FTP_SERVER_PROTO_CONF 176 { 177 unsigned int def_max_param_len = FTPP_UI_CONFIG_FTP_DEF_CMD_PARAM_MAX; 178 unsigned int max_cmd_len = MAX_CMD; 179 180 bool print_commands = false; 181 bool data_chan = false; 182 bool check_encrypted_data = false; 183 bool telnet_cmds = false; 184 bool ignore_telnet_erase_cmds = false; 185 bool detect_encrypted = false; 186 187 CMD_LOOKUP* cmd_lookup; 188 189 FTP_SERVER_PROTO_CONF(); 190 ~FTP_SERVER_PROTO_CONF(); 191 }; 192 193 typedef struct s_FTP_BOUNCE_TO 194 { 195 snort::SfIp ip; 196 int relevant_bits; 197 unsigned short portlo; 198 unsigned short porthi; 199 } FTP_BOUNCE_TO; 200 201 /* 202 * This is the configuration construct that holds the specific 203 * options for a FTP client. Each unique client has it's own 204 * structure and there is a global structure for clients that 205 * don't have a unique configuration. 206 */ 207 struct FTP_CLIENT_PROTO_CONF 208 { 209 unsigned int max_resp_len = FTPP_UI_CONFIG_FTP_DEF_RESP_MSG_MAX; 210 211 bool bounce = false; 212 bool telnet_cmds = false; 213 bool ignore_telnet_erase_cmds = false; 214 215 // allow_bounce to IP/mask port|port-range 216 // FIXIT-P change this to use a quick find of IP/mask 217 BOUNCE_LOOKUP* bounce_lookup = nullptr; 218 219 FTP_CLIENT_PROTO_CONF(); 220 ~FTP_CLIENT_PROTO_CONF(); 221 }; 222 223 /* 224 * This is the configuration construct that holds the specific 225 * options for telnet. There is a global structure for all telnet 226 * connections. 227 */ 228 struct TELNET_PROTO_CONF 229 { 230 int ayt_threshold; 231 232 bool normalize; 233 bool check_encrypted_data; 234 bool detect_encrypted; 235 236 TELNET_PROTO_CONF(); 237 }; 238 239 int ftpp_ui_config_reset_ftp_client(FTP_CLIENT_PROTO_CONF* ClientConf, 240 char first); 241 int ftpp_ui_config_reset_ftp_server(FTP_SERVER_PROTO_CONF* ServerConf, 242 char first); 243 void ftpp_ui_config_reset_ftp_cmd_format(FTP_PARAM_FMT* ThisFmt); 244 void ftpp_ui_config_reset_ftp_cmd_date_format(FTP_DATE_FMT* DateFmt); 245 int ftpp_ui_config_reset_ftp_cmd(FTP_CMD_CONF* FTPCmd); 246 int ftpp_ui_config_reset_telnet_proto(TELNET_PROTO_CONF* ClientConf); 247 248 #endif 249 250