"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/dynamic-preprocessors/smtp/snort_smtp.h" (16 Oct 2020, 7455 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "snort_smtp.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /****************************************************************************
    2  *
    3  * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    4  * Copyright (C) 2005-2013 Sourcefire, Inc.
    5  *
    6  * This program is free software; you can redistribute it and/or modify
    7  * it under the terms of the GNU General Public License Version 2 as
    8  * published by the Free Software Foundation.  You may not use, modify or
    9  * distribute this program under any other version of the GNU General
   10  * Public License.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   20  *
   21  * **************************************************************************/
   22 
   23 /**************************************************************************
   24  *
   25  * snort_smtp.h
   26  *
   27  * Author: Andy Mullican
   28  * Author: Todd Wease
   29  *
   30  * Description:
   31  *
   32  * This file defines everything specific to the SMTP preprocessor.
   33  *
   34  **************************************************************************/
   35 
   36 #ifndef __SMTP_H__
   37 #define __SMTP_H__
   38 
   39 
   40 /* Includes ***************************************************************/
   41 
   42 #include <pcre.h>
   43 
   44 #include "sf_snort_packet.h"
   45 #include "ssl.h"
   46 #include "smtp_config.h"
   47 #include "sfPolicy.h"
   48 #include "sfPolicyUserData.h"
   49 #include "mempool.h"
   50 #include "sf_email_attach_decode.h"
   51 #include "file_mail_common.h"
   52 #include "file_api.h"
   53 
   54 #ifdef DEBUG
   55 #include "sf_types.h"
   56 #endif
   57 
   58 /**************************************************************************/
   59 
   60 
   61 /* Defines ****************************************************************/
   62 
   63 /* Direction packet is coming from, if we can figure it out */
   64 #define SMTP_PKT_FROM_UNKNOWN  0
   65 #define SMTP_PKT_FROM_CLIENT   1
   66 #define SMTP_PKT_FROM_SERVER   2
   67 
   68 /* Inspection type */
   69 #define SMTP_STATELESS  0
   70 #define SMTP_STATEFUL   1
   71 
   72 #define SEARCH_CMD       0
   73 #define SEARCH_RESP      1
   74 #define SEARCH_HDR       2
   75 #define SEARCH_DATA_END  3
   76 #define NUM_SEARCHES  4
   77 
   78 #define BOUNDARY     0
   79 
   80 #define STATE_CONNECT          0
   81 #define STATE_COMMAND          1    /* Command state of SMTP transaction */
   82 #define STATE_DATA             2    /* Data state */
   83 #define STATE_BDATA            3    /* Binary data state */
   84 #define STATE_TLS_CLIENT_PEND  4    /* Got STARTTLS */
   85 #define STATE_TLS_SERVER_PEND  5    /* Got STARTTLS */
   86 #define STATE_TLS_DATA         6    /* Successful handshake, TLS encrypted data */
   87 #define STATE_AUTH             7
   88 #define STATE_XEXCH50          8
   89 #define STATE_UNKNOWN          9
   90 
   91 #define STATE_DATA_INIT    0
   92 #define STATE_DATA_HEADER  1    /* Data header section of data state */
   93 #define STATE_DATA_BODY    2    /* Data body section of data state */
   94 #define STATE_MIME_HEADER  3    /* MIME header section within data section */
   95 #define STATE_DATA_UNKNOWN 4
   96 
   97 /* state flags */
   98 #define SMTP_FLAG_GOT_MAIL_CMD               0x00000001
   99 #define SMTP_FLAG_GOT_RCPT_CMD               0x00000002
  100 #define SMTP_FLAG_BDAT                       0x00001000
  101 #define SMTP_FLAG_ABORT                      0x00002000
  102 
  103 /* session flags */
  104 #define SMTP_FLAG_XLINK2STATE_GOTFIRSTCHUNK  0x00000001
  105 #define SMTP_FLAG_XLINK2STATE_ALERTED        0x00000002
  106 #define SMTP_FLAG_NEXT_STATE_UNKNOWN         0x00000004
  107 #define SMTP_FLAG_GOT_NON_REBUILT            0x00000008
  108 #define SMTP_FLAG_CHECK_SSL                  0x00000010
  109 
  110 #define SMTP_SSL_ERROR_FLAGS  (SSL_BOGUS_HS_DIR_FLAG | \
  111                                SSL_BAD_VER_FLAG | \
  112                                SSL_BAD_TYPE_FLAG | \
  113                                SSL_UNKNOWN_FLAG)
  114 
  115 /* Maximum length of header chars before colon, based on Exim 4.32 exploit */
  116 #define MAX_HEADER_NAME_LEN 64
  117 
  118 #define SMTP_PROTO_REF_STR  "smtp"
  119 
  120 #define MAX_AUTH_NAME_LEN  20  /* Max length of SASL mechanisms, defined in RFC 4422 */
  121 
  122 /**************************************************************************/
  123 
  124 
  125 /* Data structures ********************************************************/
  126 
  127 typedef enum _SMTPCmdEnum
  128 {
  129     CMD_ATRN = 0,
  130     CMD_AUTH,
  131     CMD_BDAT,
  132     CMD_DATA,
  133     CMD_DEBUG,
  134     CMD_EHLO,
  135     CMD_EMAL,
  136     CMD_ESAM,
  137     CMD_ESND,
  138     CMD_ESOM,
  139     CMD_ETRN,
  140     CMD_EVFY,
  141     CMD_EXPN,
  142     CMD_HELO,
  143     CMD_HELP,
  144     CMD_IDENT,
  145     CMD_MAIL,
  146     CMD_NOOP,
  147     CMD_ONEX,
  148     CMD_QUEU,
  149     CMD_QUIT,
  150     CMD_RCPT,
  151     CMD_RSET,
  152     CMD_SAML,
  153     CMD_SEND,
  154     CMD_SIZE,
  155     CMD_STARTTLS,
  156     CMD_SOML,
  157     CMD_TICK,
  158     CMD_TIME,
  159     CMD_TURN,
  160     CMD_TURNME,
  161     CMD_VERB,
  162     CMD_VRFY,
  163     CMD_X_EXPS,
  164     CMD_XADR,
  165     CMD_XAUTH,
  166     CMD_XCIR,
  167     CMD_XEXCH50,
  168     CMD_XGEN,
  169     CMD_XLICENSE,
  170     CMD_X_LINK2STATE,
  171     CMD_XQUE,
  172     CMD_XSTA,
  173     CMD_XTRN,
  174     CMD_XUSR,
  175     CMD_ABORT,
  176     CMD_LAST
  177 
  178 } SMTPCmdEnum;
  179 
  180 typedef enum _SMTPRespEnum
  181 {
  182     RESP_220 = 0,
  183     RESP_221,
  184     RESP_235,
  185     RESP_250,
  186     RESP_334,
  187     RESP_354,
  188     RESP_421,
  189     RESP_450,
  190     RESP_451,
  191     RESP_452,
  192     RESP_500,
  193     RESP_501,
  194     RESP_502,
  195     RESP_503,
  196     RESP_504,
  197     RESP_535,
  198     RESP_550,
  199     RESP_551,
  200     RESP_552,
  201     RESP_553,
  202     RESP_554,
  203     RESP_LAST
  204 
  205 } SMTPRespEnum;
  206 
  207 typedef enum _SMTPHdrEnum
  208 {
  209     HDR_CONTENT_TYPE = 0,
  210     HDR_CONT_TRANS_ENC,
  211     HDR_CONT_DISP,
  212     HDR_LAST
  213 
  214 } SMTPHdrEnum;
  215 
  216 typedef enum _SMTPDataEndEnum
  217 {
  218     DATA_END_1 = 0,
  219     DATA_END_2,
  220     DATA_END_3,
  221     DATA_END_4,
  222     DATA_END_LAST
  223 
  224 } SMTPDataEndEnum;
  225 
  226 typedef struct _SMTPSearchInfo
  227 {
  228     int id;
  229     int index;
  230     int length;
  231 
  232 } SMTPSearchInfo;
  233 
  234 typedef struct _SMTPAuthName
  235 {
  236     int length;
  237     char name[MAX_AUTH_NAME_LEN];
  238 } SMTPAuthName;
  239 
  240 typedef struct _SMTP
  241 {
  242     int state;
  243     int state_flags;
  244     int session_flags;
  245     int alert_mask;
  246     int reassembling;
  247     uint32_t dat_chunk;
  248 #ifdef DEBUG_MSGS
  249     uint64_t session_number;
  250 #endif
  251 
  252     /* may want to keep track where packet didn't end with end of line marker
  253     int               cur_client_line_len;
  254     int               cur_server_line_len;
  255     */
  256 
  257     MimeState mime_ssn;
  258     SMTPAuthName *auth_name;
  259     /* In future if we look at forwarded mail (message/rfc822) we may
  260      * need to keep track of additional mime boundaries
  261      * SMTPMimeBoundary  mime_boundary[8];
  262      * int               current_mime_boundary;
  263      */
  264 
  265     tSfPolicyId policy_id;
  266     uint32_t flow_id;
  267     tSfPolicyUserContextId config;
  268 } SMTP;
  269 
  270 
  271 /**************************************************************************/
  272 
  273 
  274 /* Function prototypes ****************************************************/
  275 
  276 void SMTP_InitCmds(SMTPConfig *config);
  277 void SMTP_SearchInit(void);
  278 void SMTP_Free(void);
  279 void SnortSMTP(SFSnortPacket *);
  280 int  SMTP_IsServer(uint16_t);
  281 void SMTP_FreeConfig(SMTPConfig *);
  282 void SMTP_FreeConfigs(tSfPolicyUserContextId);
  283 int SMTP_GetFilename(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
  284 int SMTP_GetMailFrom(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
  285 int SMTP_GetRcptTo(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
  286 int SMTP_GetEmailHdrs(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
  287 void SMTP_MempoolInit(uint32_t, uint32_t);
  288 
  289 /**************************************************************************/
  290 
  291 #endif  /* __SMTP_H__ */
  292