diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b2f5ca6b..aad7cdc0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [#744](https://github.com/greenbone/openvas/pull/744) [#757](https://github.com/greenbone/openvas/pull/757) - Add message type validation for proto_post_wrapped. [#805](https://github.com/greenbone/openvas/pull/805) +- Add nasl function sftp_enabled_check() to check if sftp subsystem is enabled in the target [#853](https://github.com/greenbone/openvas/pull/853) ### Changed - function script_bugtraq_id getting skipped, linter warns. [#724](https://github.com/greenbone/openvas/pull/724) diff --git a/nasl/nasl_init.c b/nasl/nasl_init.c index 1997fc02f..8bfe4ca52 100644 --- a/nasl/nasl_init.c +++ b/nasl/nasl_init.c @@ -325,6 +325,7 @@ static init_func libfuncs[] = { {"ssh_get_server_banner", nasl_ssh_get_server_banner}, {"ssh_get_auth_methods", nasl_ssh_get_auth_methods}, {"ssh_get_host_key", nasl_ssh_get_host_key}, + {"sftp_enabled_check", nasl_sftp_enabled_check}, #ifdef HAVE_LIBKSBA {"cert_open", nasl_cert_open}, diff --git a/nasl/nasl_ssh.c b/nasl/nasl_ssh.c index a215421b8..9a83c031e 100644 --- a/nasl/nasl_ssh.c +++ b/nasl/nasl_ssh.c @@ -48,6 +48,7 @@ #include #include /* for prefs_get() */ #include +#include #include #include #include @@ -503,7 +504,7 @@ do_nasl_ssh_disconnect (int tbl_slot) * * @nasluparam * - * - An ssh session id. A value of 0 is allowed and acts as a NOP. + * - An SSH session id. A value of 0 is allowed and acts as a NOP. * * @naslret Nothing * @@ -611,7 +612,7 @@ nasl_ssh_session_id_from_sock (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslret An integer representing the socket or -1 on error. * @@ -714,7 +715,7 @@ get_authmethods (int tbl_slot) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslnparam * @@ -800,7 +801,7 @@ nasl_ssh_set_login (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslnparam * @@ -999,7 +1000,7 @@ nasl_ssh_userauth (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslnparam * @@ -1111,7 +1112,7 @@ nasl_ssh_login_interactive (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslnparam * @@ -1320,7 +1321,7 @@ exec_ssh_cmd (ssh_session session, char *cmd, int verbose, int compat_mode, * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslnparam * @@ -1453,7 +1454,7 @@ nasl_ssh_request_exec (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslret A data block on success or NULL on error. * @@ -1503,7 +1504,7 @@ nasl_ssh_get_issue_banner (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslret A data block on success or NULL on error. * @@ -1544,7 +1545,7 @@ nasl_ssh_get_server_banner (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslret A data block on success or NULL on error. * @@ -1588,7 +1589,7 @@ nasl_ssh_get_host_key (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslret A string on success or NULL on error. * @@ -1685,7 +1686,7 @@ request_ssh_shell (ssh_channel channel, int pty) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslnparam * @@ -1778,7 +1779,7 @@ read_ssh_nonblocking (ssh_channel channel, GString *response) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslret A string on success or NULL on error. * @@ -1814,7 +1815,7 @@ nasl_ssh_shell_read (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @naslnparam * @@ -1876,7 +1877,7 @@ nasl_ssh_shell_write (lex_ctxt *lexic) * * @nasluparam * - * - An ssh session id. + * - An SSH session id. * * @param[in] lexic Lexical context of NASL interpreter. */ @@ -1896,3 +1897,64 @@ nasl_ssh_shell_close (lex_ctxt *lexic) return NULL; } + +/* + * NASL SFTP + */ + +/** + * @brief Check if the SFTP subsystem is enabled on the remote SSH server. + * @naslfn{sftp_enabled_check} + * + * @nasluparam + * + * - An SSH session id. + * + * @naslret An integer: 0 on success, -1 (SSH_ERROR) on Channel request + * subsystem failure. Greater than 0 means an error during SFTP init. NULL + * indicates a failure during session id verification. + * + * @param[in] lexic Lexical context of NASL interpreter. + */ +tree_cell * +nasl_sftp_enabled_check (lex_ctxt *lexic) +{ + int tbl_slot, session_id; + tree_cell *retc; + sftp_session sftp; + ssh_session session; + int rc; + + session_id = get_int_var_by_num (lexic, 0, -1); + if (!verify_session_id (session_id, "sftp_enabled_check", &tbl_slot, lexic)) + return NULL; + session = session_table[tbl_slot].session; + + sftp = sftp_new (session); + if (sftp == NULL) + { + g_message ( + "Function %s (calling internal function %s) called from %s: %s", + nasl_get_function_name () ?: "script_main_function", __func__, + nasl_get_plugin_filename (), + ssh_get_error (session_table[tbl_slot].session)); + rc = SSH_ERROR; + goto write_ret; + } + + rc = sftp_init (sftp); + if (rc != SSH_OK) + g_message ( + "Function %s (calling internal function %s) called from %s: %s. Code %d", + nasl_get_function_name () ?: "script_main_function", __func__, + nasl_get_plugin_filename (), + ssh_get_error (session_table[tbl_slot].session), sftp_get_error (sftp)); + + sftp_free (sftp); + +write_ret: + + retc = alloc_typed_cell (CONST_INT); + retc->x.i_val = rc; + return retc; +} diff --git a/nasl/nasl_ssh.h b/nasl/nasl_ssh.h index 39e97c87c..3e14d9453 100644 --- a/nasl/nasl_ssh.h +++ b/nasl/nasl_ssh.h @@ -70,4 +70,11 @@ nasl_ssh_get_auth_methods (lex_ctxt *lexic); tree_cell * nasl_ssh_get_host_key (lex_ctxt *lexic); +/* + * NASL SFTP + */ + +tree_cell * +nasl_sftp_enabled_check (lex_ctxt *); + #endif /*NASL_SSH_H*/