"Fossies" - the Fresh Open Source Software Archive 
Member "snort-2.9.17/src/dynamic-preprocessors/imap/snort_imap.h" (16 Oct 2020, 6290 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "snort_imap.h" see the
Fossies "Dox" file reference documentation and the latest
Fossies "Diffs" side-by-side code changes report:
2.9.16.1_vs_2.9.17.
1 /****************************************************************************
2 *
3 * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
4 * Copyright (C) 2011-2013 Sourcefire, Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License Version 2 as
8 * published by the Free Software Foundation. You may not use, modify or
9 * distribute this program under any other version of the GNU General
10 * Public License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 *
21 * **************************************************************************/
22
23 /**************************************************************************
24 *
25 * snort_imap.h
26 *
27 * Author: Bhagyashree Bantwal <bbantwal@cisco.com>
28 *
29 * Description:
30 *
31 * This file defines everything specific to the IMAP preprocessor.
32 *
33 **************************************************************************/
34
35 #ifndef __IMAP_H__
36 #define __IMAP_H__
37
38
39 /* Includes ***************************************************************/
40
41 #include <pcre.h>
42
43 #include "sf_snort_packet.h"
44 #include "imap_config.h"
45 #include "sfPolicy.h"
46 #include "sfPolicyUserData.h"
47 #include "mempool.h"
48 #include "sf_email_attach_decode.h"
49 #include "file_mail_common.h"
50 #include "file_api.h"
51
52 #ifdef DEBUG
53 #include "sf_types.h"
54 #endif
55
56 /**************************************************************************/
57
58
59 /* Defines ****************************************************************/
60
61 /* Direction packet is coming from, if we can figure it out */
62 #define IMAP_PKT_FROM_UNKNOWN 0
63 #define IMAP_PKT_FROM_CLIENT 1
64 #define IMAP_PKT_FROM_SERVER 2
65
66 #define SEARCH_CMD 0
67 #define SEARCH_RESP 1
68 #define SEARCH_HDR 2
69 #define SEARCH_DATA_END 3
70 #define NUM_SEARCHES 4
71
72 #define BOUNDARY 0
73
74 #define STATE_DATA 0 /* Data state */
75 #define STATE_TLS_CLIENT_PEND 1 /* Got STARTTLS */
76 #define STATE_TLS_SERVER_PEND 2 /* Got STARTTLS */
77 #define STATE_TLS_DATA 3 /* Successful handshake, TLS encrypted data */
78 #define STATE_COMMAND 4
79 #define STATE_UNKNOWN 5
80
81 #define STATE_DATA_INIT 0
82 #define STATE_DATA_HEADER 1 /* Data header section of data state */
83 #define STATE_DATA_BODY 2 /* Data body section of data state */
84 #define STATE_MIME_HEADER 3 /* MIME header section within data section */
85 #define STATE_DATA_UNKNOWN 4
86
87 /* session flags */
88 #define IMAP_FLAG_NEXT_STATE_UNKNOWN 0x00000004
89 #define IMAP_FLAG_GOT_NON_REBUILT 0x00000008
90 #define IMAP_FLAG_CHECK_SSL 0x00000010
91
92 #define IMAP_SSL_ERROR_FLAGS (SSL_BOGUS_HS_DIR_FLAG | \
93 SSL_BAD_VER_FLAG | \
94 SSL_BAD_TYPE_FLAG | \
95 SSL_UNKNOWN_FLAG)
96
97 /* Maximum length of header chars before colon, based on Exim 4.32 exploit */
98 #define MAX_HEADER_NAME_LEN 64
99
100 #define IMAP_PROTO_REF_STR "imap"
101
102 /**************************************************************************/
103
104
105 /* Data structures ********************************************************/
106
107 typedef enum _IMAPCmdEnum
108 {
109 CMD_APPEND = 0,
110 CMD_AUTHENTICATE,
111 CMD_CAPABILITY,
112 CMD_CHECK,
113 CMD_CLOSE,
114 CMD_COMPARATOR,
115 CMD_COMPRESS,
116 CMD_CONVERSIONS,
117 CMD_COPY,
118 CMD_CREATE,
119 CMD_DELETE,
120 CMD_DELETEACL,
121 CMD_DONE,
122 CMD_EXAMINE,
123 CMD_EXPUNGE,
124 CMD_FETCH,
125 CMD_GETACL,
126 CMD_GETMETADATA,
127 CMD_GETQUOTA,
128 CMD_GETQUOTAROOT,
129 CMD_IDLE,
130 CMD_LIST,
131 CMD_LISTRIGHTS,
132 CMD_LOGIN,
133 CMD_LOGOUT,
134 CMD_LSUB,
135 CMD_MYRIGHTS,
136 CMD_NOOP,
137 CMD_NOTIFY,
138 CMD_RENAME,
139 CMD_SEARCH,
140 CMD_SELECT,
141 CMD_SETACL,
142 CMD_SETMETADATA,
143 CMD_SETQUOTA,
144 CMD_SORT,
145 CMD_STARTTLS,
146 CMD_STATUS,
147 CMD_STORE,
148 CMD_SUBSCRIBE,
149 CMD_THREAD,
150 CMD_UID,
151 CMD_UNSELECT,
152 CMD_UNSUBSCRIBE,
153 CMD_X,
154 CMD_LAST
155
156 } IMAPCmdEnum;
157
158 typedef enum _IMAPRespEnum
159 {
160 RESP_CAPABILITY = 0,
161 RESP_LIST,
162 RESP_LSUB,
163 RESP_STATUS,
164 RESP_SEARCH,
165 RESP_FLAGS,
166 RESP_EXISTS,
167 RESP_RECENT,
168 RESP_EXPUNGE,
169 RESP_FETCH,
170 RESP_BAD,
171 RESP_BYE,
172 RESP_NO,
173 RESP_OK,
174 RESP_PREAUTH,
175 RESP_ENVELOPE,
176 RESP_UID,
177 RESP_LAST
178
179 } IMAPRespEnum;
180
181 typedef enum _IMAPHdrEnum
182 {
183 HDR_CONTENT_TYPE = 0,
184 HDR_CONT_TRANS_ENC,
185 HDR_CONT_DISP,
186 HDR_LAST
187
188 } IMAPHdrEnum;
189
190 typedef enum _IMAPDataEndEnum
191 {
192 DATA_END_1 = 0,
193 DATA_END_2,
194 DATA_END_3,
195 DATA_END_4,
196 DATA_END_LAST
197
198 } IMAPDataEndEnum;
199
200 typedef struct _IMAPSearchInfo
201 {
202 int id;
203 int index;
204 int length;
205
206 } IMAPSearchInfo;
207
208 typedef struct _IMAPMimeBoundary
209 {
210 int state;
211 char boundary[2 + MAX_BOUNDARY_LEN + 1]; /* '--' + MIME boundary string + '\0' */
212 int boundary_len;
213 void *boundary_search;
214
215 } IMAPMimeBoundary;
216
217 typedef struct _IMAPPcre
218 {
219 pcre *re;
220 pcre_extra *pe;
221
222 } IMAPPcre;
223
224 typedef struct _IMAP
225 {
226 int state;
227 int state_flags;
228 int session_flags;
229 int alert_mask;
230 int reassembling;
231 uint32_t body_len;
232 uint32_t body_read;
233 #ifdef DEBUG_MSGS
234 uint64_t session_number;
235 #endif
236
237 tSfPolicyId policy_id;
238 MimeState mime_ssn;
239
240 tSfPolicyUserContextId config;
241 uint32_t flow_id;
242
243 } IMAP;
244
245
246 /**************************************************************************/
247
248
249 /* Function prototypes ****************************************************/
250
251 void IMAP_InitCmds(IMAPConfig *config);
252 void IMAP_SearchInit(void);
253 void IMAP_Free(void);
254 void SnortIMAP(SFSnortPacket *);
255 int IMAP_IsServer(uint16_t);
256 void IMAP_FreeConfig(IMAPConfig *);
257 void IMAP_FreeConfigs(tSfPolicyUserContextId);
258 int IMAP_GetFilename(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
259 /**************************************************************************/
260
261 #endif /* __IMAP_H__ */
262