Skip to content

Commit

Permalink
Add nasl function sftp_enabled_check()
Browse files Browse the repository at this point in the history
To check if sftp subsystem is enabled in the target

Jira: SC-376
  • Loading branch information
jjnicola committed Aug 31, 2021
1 parent 868a919 commit 07bb9fa
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
[#744](https://github.com/greenbone/openvas/pull/744)
[#757](https://github.com/greenbone/openvas/pull/757)
- Add message type validation for proto_post_wrapped. [#805](https://github.com/greenbone/openvas/pull/805)
- Add nasl function sftp_enabled_check() to check if sftp subsystem is enabled in the target [#853](https://github.com/greenbone/openvas/pull/853)

### Changed
- function script_bugtraq_id getting skipped, linter warns. [#724](https://github.com/greenbone/openvas/pull/724)
Expand Down
1 change: 1 addition & 0 deletions nasl/nasl_init.c
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,7 @@ static init_func libfuncs[] = {
{"ssh_get_server_banner", nasl_ssh_get_server_banner},
{"ssh_get_auth_methods", nasl_ssh_get_auth_methods},
{"ssh_get_host_key", nasl_ssh_get_host_key},
{"sftp_enabled_check", nasl_sftp_enabled_check},

#ifdef HAVE_LIBKSBA
{"cert_open", nasl_cert_open},
Expand Down
61 changes: 61 additions & 0 deletions nasl/nasl_ssh.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h> /* for prefs_get() */
#include <gvm/util/kb.h>
#include <libssh/sftp.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
Expand Down Expand Up @@ -1896,3 +1897,63 @@ nasl_ssh_shell_close (lex_ctxt *lexic)

return NULL;
}

/*
* NASL SFTP
*/

/**
* @brief Check if SFTP is enabled.
* @naslfn{sftp_enabled_check}
*
* @nasluparam
*
* - An ssh session id.
*
* @naslret An integer: 0 on success, -1 (SSH_ERROR) on Channel request
* subsystem failure. Greather than 0 means an error during SFTP init.
*
* @param[in] lexic Lexical context of NASL interpreter.
*/
tree_cell *
nasl_sftp_enabled_check (lex_ctxt *lexic)
{
int tbl_slot, session_id;
tree_cell *retc;
sftp_session sftp;
ssh_session session;
int rc;

session_id = get_int_var_by_num (lexic, 0, -1);
if (!verify_session_id (session_id, "sftp_enabled_check", &tbl_slot, lexic))
return NULL;
session = session_table[tbl_slot].session;

sftp = sftp_new (session);
if (sftp == NULL)
{
g_message (
"Function %s (calling internal function %s) called from %s: %s",
nasl_get_function_name () ?: "script_main_function", __func__,
nasl_get_plugin_filename (),
ssh_get_error (session_table[tbl_slot].session));
rc = SSH_ERROR;
goto write_ret;
}

rc = sftp_init (sftp);
if (rc != SSH_OK)
g_message (
"Function %s (calling internal function %s) called from %s: %s. Code %d",
nasl_get_function_name () ?: "script_main_function", __func__,
nasl_get_plugin_filename (),
ssh_get_error (session_table[tbl_slot].session), sftp_get_error (sftp));

sftp_free (sftp);

write_ret:

retc = alloc_typed_cell (CONST_INT);
retc->x.i_val = rc;
return retc;
}
7 changes: 7 additions & 0 deletions nasl/nasl_ssh.h
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,11 @@ nasl_ssh_get_auth_methods (lex_ctxt *lexic);
tree_cell *
nasl_ssh_get_host_key (lex_ctxt *lexic);

/*
* NASL SFTP
*/

tree_cell *
nasl_sftp_enabled_check (lex_ctxt *);

#endif /*NASL_SSH_H*/

0 comments on commit 07bb9fa

Please sign in to comment.