[Openvas-commits] r1226 - trunk/openvas-plugins/scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Aug 27 11:58:07 CEST 2008
Author: chandra
Date: 2008-08-27 11:58:06 +0200 (Wed, 27 Aug 2008)
New Revision: 1226
Modified:
trunk/openvas-plugins/scripts/ssh_func.inc
Log:
Bug fixes
Modified: trunk/openvas-plugins/scripts/ssh_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/ssh_func.inc 2008-08-27 09:53:45 UTC (rev 1225)
+++ trunk/openvas-plugins/scripts/ssh_func.inc 2008-08-27 09:58:06 UTC (rev 1226)
@@ -4,6 +4,8 @@
# This script is released under the version 2 to the Gnu General Public Licence
#
#
+# **** You need Nessus 2.1.0 or newer to make any use of the functions in this
+# **** file
#
#
@@ -379,7 +381,7 @@
if (!buf)
{
- set_ssh_error(msg: "OpenVAS did not receive server's version");
+ set_ssh_error(msg: "Nessus did not receive server's version");
return 0;
}
@@ -396,12 +398,12 @@
# version supported = 2 & 1.99
if ((num[0] != 2) && !((num[0] == 1) && (num[1] == 99)))
{
- set_ssh_error(msg: "OpenVAS only supports SSHv2");
+ set_ssh_error(msg: "Nessus only supports SSHv2");
return 0;
}
# We use 2.0 protocol
- prot = "SSH-2.0-OpenVAS"+raw_string(0x0a);
+ prot = "SSH-2.0-Nessus"+raw_string(0x0a);
send(socket:socket, data:prot);
if ( '\r\n' >< buf ) buf = buf - '\r\n';
@@ -661,7 +663,7 @@
}
#-----------------------------------------------------------------#
-# Get string (lenght,string) #
+# Get string (length,string) #
#-----------------------------------------------------------------#
function getstring(buffer,pos)
{
@@ -859,7 +861,7 @@
#-----------------------------------------------------------------#
-# Genereate dh public & private keys #
+# Generate dh public & private keys #
#-----------------------------------------------------------------#
function dh_gen_key(p, g)
{
@@ -929,7 +931,7 @@
cmp_alg_server_to_client = "none";
# version
- client_version = "SSH-2.0-OpenVAS";
+ client_version = "SSH-2.0-Nessus";
### Key exchange send client Init ###
@@ -1328,7 +1330,7 @@
# service accepted
# code 50 (SSH_MSG_USERAUTH_REQUEST)
- # none request: we need to know what authentification server supports
+ # none request: we need to know what authentication server supports
payload = putstring(buffer:server_user) + putstring(buffer:"ssh-connection") +
putstring(buffer:"none");
send_ssh_packet(socket:socket, payload:payload, code:raw_int8(i:50));
@@ -1369,7 +1371,7 @@
}
else
{
- set_ssh_error(msg:"OpenVAS needs public and private keys or a password!");
+ set_ssh_error(msg:"Nessus needs public and private keys or a password!");
return -1;
}
@@ -1529,7 +1531,7 @@
privkey = pem_to_rsa(priv:priv, passphrase:passphrase);
if (!privkey)
{
- set_ssh_error(msg:"OpenVAS failed to load SSH private key (RSA)");
+ set_ssh_error(msg:"Nessus failed to load SSH private key (RSA)");
return -1;
}
@@ -1538,10 +1540,7 @@
to_hash += payload;
hash = SHA1(to_hash);
- # FIXME: rsa_sign was changed to use the private key in priv
- # directly. The above code to extract the parameters n, e and
- # privkey can probably be removed.
- signature = rsa_sign(priv:priv, passphrase:passphrase, data:hash);
+ signature = rsa_sign(e:e, n:n, d:privkey, data:hash);
if (!signature)
{
set_ssh_error(msg:"Error during client's RSA signature computing");
@@ -1571,7 +1570,7 @@
privkey = pem_to_dsa(priv:priv, passphrase:passphrase);
if (!privkey)
{
- set_ssh_error(msg:"OpenVAS failed to load SSH private key (DSA)");
+ set_ssh_error(msg:"Nessus failed to load SSH private key (DSA)");
return -1;
}
@@ -1612,8 +1611,8 @@
{
payload += '
It seems you provided both public/private keys and password.
-In this case OpenVAS only use your public and private keys.
-OpenVAS did not try both. As password authentication is
+In this case Nessus only use your public and private keys.
+Nessus did not try both. As password authentication is
vulnerable to Man-In-The-Middle attack, that implies your keys
are useless (a "malicious server" will just reject your public
key authentication and accept any provided password).
@@ -1824,7 +1823,7 @@
# Maximum allocated memory is 20 MB
# A correct server will send 32768 bytes packet. So we stop before
# to get data.
- # A non standard server will just be stopped by openvasd.
+ # A non standard server will just be stopped by nessusd.
if (received_size > 19000000)
return -1;
@@ -1849,21 +1848,24 @@
#-----------------------------------------------------------------#
function ssh_cmd(socket,cmd,timeout)
{
- local_var payload, ret, tempbuf, end, cret;
+ local_var payload, ret, tempbuf, end, cret, messid_data, ret_payload;
# Flash error buffer
_ssh_cmd_error = "";
+ # Message id flag
+ messid_data = 0;
+
# Open channel
ret = ssh_open_channel(socket:socket);
- if (ret != 0)
+ if(ret != 0)
{
- _ssh_cmd_error = "OpenVAS failed to open a new SSH channel. " + get_ssh_error();
+ _ssh_cmd_error = "Nessus failed to open a new SSH channel. " + get_ssh_error();
return NULL;
}
payload = raw_int32(i:remote_channel) + putstring(buffer:"exec") + raw_int8(i:0) +
- putstring(buffer:cmd);
+ putstring(buffer:cmd);
# SSH_MSG_CHANNEL_REQUEST == 98
send_ssh_packet(socket:socket, payload:payload, code:raw_int8(i:98));
@@ -1875,38 +1877,46 @@
payload = recv_ssh_packet(socket:socket, timeout:timeout);
while((ord(payload[0]) == 93) || (ord(payload[0]) == 95) || (ord(payload[0]) == 98))
{
- if (ord(payload[0]) == 95)
+ if(ord(payload[0]) == 95)
{
payload = getstring(buffer:payload, pos:9);
_ssh_cmd_error += payload;
+ ret_payload += payload;
val = update_window_size(socket:socket,size:strlen(payload));
if (val != 0)
break;
}
payload = recv_ssh_packet(socket:socket, timeout:timeout);
+ if("exit-signal" >< payload) ret_payload += string(payload);
}
- while ((ord(payload[0]) != 97) && (ord(payload[0]) != 0))
+ while((ord(payload[0]) != 97) && (ord(payload[0]) != 0))
{
- if (ord(payload[0]) == 98)
+ if(ord(payload[0]) == 98)
{
payload = getstring(buffer:payload, pos:5);
if ("exit-status" >!< payload)
break;
}
- else if ((ord(payload[0]) == 94) || (ord(payload[0]) == 95))
+ else if((ord(payload[0]) == 94) || (ord(payload[0]) == 95))
{
tempbuf = getstring(buffer:payload, pos:5);
- if (ord(payload[0]) == 94)
+ if(ord(payload[0]) == 94)
{
ret += tempbuf;
+ messid_data = 1;
}
val = update_window_size(socket:socket,size:strlen(tempbuf));
- if (val != 0)
- {
+ if(val != 0) {
break;
}
}
+ else if(ord(payload[0]) == 96){
+ if(messid_data == 0){
+ ret += ret_payload;
+ }
+ }
+
payload = recv_ssh_packet(socket:socket, timeout:timeout);
}
@@ -1918,18 +1928,17 @@
cret = ssh_close_channel(socket:socket, end:end);
if (cret != 0)
{
- _ssh_cmd_error = "OpenVAS failed to close SSH channel. " + get_ssh_error();
+ _ssh_cmd_error = "Nessus failed to close SSH channel. " + get_ssh_error();
return NULL;
}
-
return ret;
}
#-----------------------------------------------------------------#
-# Return errors happended during ssh_cmd() #
+# Return errors happened during ssh_cmd() #
#-----------------------------------------------------------------#
function ssh_cmd_error()
{
@@ -1975,13 +1984,26 @@
if ( ! defined_func("shared_socket_acquire") )
return 0;
+#
+# First acquire the shared socket, then do reuse_connection_init()
+# This change is done in order to avoid getting same local_channel
+# when multiple processes are involved.
+#
+# if ( reuse_connection_init() < 0 )
+# {
+# _reuse_connection = 0;
+# return 0;
+# }
+#
+
+ soc = shared_socket_acquire("Secret/SSH/socket");
+
if ( reuse_connection_init() < 0 )
- {
- _reuse_connection = 0;
- return 0;
- }
+ {
+ _reuse_connection = 0;
+ return 0;
+ }
- soc = shared_socket_acquire("Secret/SSH/socket");
if ( soc == NULL )
{
_reuse_connection = 0;
More information about the Openvas-commits
mailing list