"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/dynamic-preprocessors/imap/snort_imap.h" (16 Oct 2020, 6290 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "snort_imap.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /****************************************************************************
    2  *
    3  * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    4  * Copyright (C) 2011-2013 Sourcefire, Inc.
    5  *
    6  * This program is free software; you can redistribute it and/or modify
    7  * it under the terms of the GNU General Public License Version 2 as
    8  * published by the Free Software Foundation.  You may not use, modify or
    9  * distribute this program under any other version of the GNU General
   10  * Public License.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   20  *
   21  * **************************************************************************/
   22 
   23 /**************************************************************************
   24  *
   25  * snort_imap.h
   26  *
   27  * Author: Bhagyashree Bantwal <bbantwal@cisco.com>
   28  *
   29  * Description:
   30  *
   31  * This file defines everything specific to the IMAP preprocessor.
   32  *
   33  **************************************************************************/
   34 
   35 #ifndef __IMAP_H__
   36 #define __IMAP_H__
   37 
   38 
   39 /* Includes ***************************************************************/
   40 
   41 #include <pcre.h>
   42 
   43 #include "sf_snort_packet.h"
   44 #include "imap_config.h"
   45 #include "sfPolicy.h"
   46 #include "sfPolicyUserData.h"
   47 #include "mempool.h"
   48 #include "sf_email_attach_decode.h"
   49 #include "file_mail_common.h"
   50 #include "file_api.h"
   51 
   52 #ifdef DEBUG
   53 #include "sf_types.h"
   54 #endif
   55 
   56 /**************************************************************************/
   57 
   58 
   59 /* Defines ****************************************************************/
   60 
   61 /* Direction packet is coming from, if we can figure it out */
   62 #define IMAP_PKT_FROM_UNKNOWN  0
   63 #define IMAP_PKT_FROM_CLIENT   1
   64 #define IMAP_PKT_FROM_SERVER   2
   65 
   66 #define SEARCH_CMD       0
   67 #define SEARCH_RESP      1
   68 #define SEARCH_HDR       2
   69 #define SEARCH_DATA_END  3
   70 #define NUM_SEARCHES  4
   71 
   72 #define BOUNDARY     0
   73 
   74 #define STATE_DATA             0    /* Data state */
   75 #define STATE_TLS_CLIENT_PEND  1    /* Got STARTTLS */
   76 #define STATE_TLS_SERVER_PEND  2    /* Got STARTTLS */
   77 #define STATE_TLS_DATA         3    /* Successful handshake, TLS encrypted data */
   78 #define STATE_COMMAND          4
   79 #define STATE_UNKNOWN          5
   80 
   81 #define STATE_DATA_INIT    0
   82 #define STATE_DATA_HEADER  1    /* Data header section of data state */
   83 #define STATE_DATA_BODY    2    /* Data body section of data state */
   84 #define STATE_MIME_HEADER  3    /* MIME header section within data section */
   85 #define STATE_DATA_UNKNOWN 4
   86 
   87 /* session flags */
   88 #define IMAP_FLAG_NEXT_STATE_UNKNOWN         0x00000004
   89 #define IMAP_FLAG_GOT_NON_REBUILT            0x00000008
   90 #define IMAP_FLAG_CHECK_SSL                  0x00000010
   91 
   92 #define IMAP_SSL_ERROR_FLAGS  (SSL_BOGUS_HS_DIR_FLAG | \
   93                                SSL_BAD_VER_FLAG | \
   94                                SSL_BAD_TYPE_FLAG | \
   95                                SSL_UNKNOWN_FLAG)
   96 
   97 /* Maximum length of header chars before colon, based on Exim 4.32 exploit */
   98 #define MAX_HEADER_NAME_LEN 64
   99 
  100 #define IMAP_PROTO_REF_STR  "imap"
  101 
  102 /**************************************************************************/
  103 
  104 
  105 /* Data structures ********************************************************/
  106 
  107 typedef enum _IMAPCmdEnum
  108 {
  109     CMD_APPEND = 0,
  110     CMD_AUTHENTICATE,
  111     CMD_CAPABILITY,
  112     CMD_CHECK,
  113     CMD_CLOSE,
  114     CMD_COMPARATOR,
  115     CMD_COMPRESS,
  116     CMD_CONVERSIONS,
  117     CMD_COPY,
  118     CMD_CREATE,
  119     CMD_DELETE,
  120     CMD_DELETEACL,
  121     CMD_DONE,
  122     CMD_EXAMINE,
  123     CMD_EXPUNGE,
  124     CMD_FETCH,
  125     CMD_GETACL,
  126     CMD_GETMETADATA,
  127     CMD_GETQUOTA,
  128     CMD_GETQUOTAROOT,
  129     CMD_IDLE,
  130     CMD_LIST,
  131     CMD_LISTRIGHTS,
  132     CMD_LOGIN,
  133     CMD_LOGOUT,
  134     CMD_LSUB,
  135     CMD_MYRIGHTS,
  136     CMD_NOOP,
  137     CMD_NOTIFY,
  138     CMD_RENAME,
  139     CMD_SEARCH,
  140     CMD_SELECT,
  141     CMD_SETACL,
  142     CMD_SETMETADATA,
  143     CMD_SETQUOTA,
  144     CMD_SORT,
  145     CMD_STARTTLS,
  146     CMD_STATUS,
  147     CMD_STORE,
  148     CMD_SUBSCRIBE,
  149     CMD_THREAD,
  150     CMD_UID,
  151     CMD_UNSELECT,
  152     CMD_UNSUBSCRIBE,
  153     CMD_X,
  154     CMD_LAST
  155 
  156 } IMAPCmdEnum;
  157 
  158 typedef enum _IMAPRespEnum
  159 {
  160     RESP_CAPABILITY = 0,
  161     RESP_LIST,
  162     RESP_LSUB,
  163     RESP_STATUS,
  164     RESP_SEARCH,
  165     RESP_FLAGS,
  166     RESP_EXISTS,
  167     RESP_RECENT,
  168     RESP_EXPUNGE,
  169     RESP_FETCH,
  170     RESP_BAD,
  171     RESP_BYE,
  172     RESP_NO,
  173     RESP_OK,
  174     RESP_PREAUTH,
  175     RESP_ENVELOPE,
  176     RESP_UID,
  177     RESP_LAST
  178 
  179 } IMAPRespEnum;
  180 
  181 typedef enum _IMAPHdrEnum
  182 {
  183     HDR_CONTENT_TYPE = 0,
  184     HDR_CONT_TRANS_ENC,
  185     HDR_CONT_DISP,
  186     HDR_LAST
  187 
  188 } IMAPHdrEnum;
  189 
  190 typedef enum _IMAPDataEndEnum
  191 {
  192     DATA_END_1 = 0,
  193     DATA_END_2,
  194     DATA_END_3,
  195     DATA_END_4,
  196     DATA_END_LAST
  197 
  198 } IMAPDataEndEnum;
  199 
  200 typedef struct _IMAPSearchInfo
  201 {
  202     int id;
  203     int index;
  204     int length;
  205 
  206 } IMAPSearchInfo;
  207 
  208 typedef struct _IMAPMimeBoundary
  209 {
  210     int    state;
  211     char   boundary[2 + MAX_BOUNDARY_LEN + 1];  /* '--' + MIME boundary string + '\0' */
  212     int    boundary_len;
  213     void  *boundary_search;
  214 
  215 } IMAPMimeBoundary;
  216 
  217 typedef struct _IMAPPcre
  218 {
  219     pcre       *re;
  220     pcre_extra *pe;
  221 
  222 } IMAPPcre;
  223 
  224 typedef struct _IMAP
  225 {
  226     int state;
  227     int state_flags;
  228     int session_flags;
  229     int alert_mask;
  230     int reassembling;
  231     uint32_t body_len;
  232     uint32_t body_read;
  233 #ifdef DEBUG_MSGS
  234     uint64_t session_number;
  235 #endif
  236 
  237     tSfPolicyId policy_id;
  238     MimeState mime_ssn;
  239 
  240     tSfPolicyUserContextId config;
  241     uint32_t flow_id;
  242 
  243 } IMAP;
  244 
  245 
  246 /**************************************************************************/
  247 
  248 
  249 /* Function prototypes ****************************************************/
  250 
  251 void IMAP_InitCmds(IMAPConfig *config);
  252 void IMAP_SearchInit(void);
  253 void IMAP_Free(void);
  254 void SnortIMAP(SFSnortPacket *);
  255 int  IMAP_IsServer(uint16_t);
  256 void IMAP_FreeConfig(IMAPConfig *);
  257 void IMAP_FreeConfigs(tSfPolicyUserContextId);
  258 int  IMAP_GetFilename(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
  259 /**************************************************************************/
  260 
  261 #endif  /* __IMAP_H__ */
  262