"Fossies" - the Fresh Open Source Software Archive 
Member "snort-2.9.17/src/dynamic-preprocessors/smtp/snort_smtp.h" (16 Oct 2020, 7455 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "snort_smtp.h" see the
Fossies "Dox" file reference documentation and the latest
Fossies "Diffs" side-by-side code changes report:
2.9.16.1_vs_2.9.17.
1 /****************************************************************************
2 *
3 * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
4 * Copyright (C) 2005-2013 Sourcefire, Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License Version 2 as
8 * published by the Free Software Foundation. You may not use, modify or
9 * distribute this program under any other version of the GNU General
10 * Public License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 *
21 * **************************************************************************/
22
23 /**************************************************************************
24 *
25 * snort_smtp.h
26 *
27 * Author: Andy Mullican
28 * Author: Todd Wease
29 *
30 * Description:
31 *
32 * This file defines everything specific to the SMTP preprocessor.
33 *
34 **************************************************************************/
35
36 #ifndef __SMTP_H__
37 #define __SMTP_H__
38
39
40 /* Includes ***************************************************************/
41
42 #include <pcre.h>
43
44 #include "sf_snort_packet.h"
45 #include "ssl.h"
46 #include "smtp_config.h"
47 #include "sfPolicy.h"
48 #include "sfPolicyUserData.h"
49 #include "mempool.h"
50 #include "sf_email_attach_decode.h"
51 #include "file_mail_common.h"
52 #include "file_api.h"
53
54 #ifdef DEBUG
55 #include "sf_types.h"
56 #endif
57
58 /**************************************************************************/
59
60
61 /* Defines ****************************************************************/
62
63 /* Direction packet is coming from, if we can figure it out */
64 #define SMTP_PKT_FROM_UNKNOWN 0
65 #define SMTP_PKT_FROM_CLIENT 1
66 #define SMTP_PKT_FROM_SERVER 2
67
68 /* Inspection type */
69 #define SMTP_STATELESS 0
70 #define SMTP_STATEFUL 1
71
72 #define SEARCH_CMD 0
73 #define SEARCH_RESP 1
74 #define SEARCH_HDR 2
75 #define SEARCH_DATA_END 3
76 #define NUM_SEARCHES 4
77
78 #define BOUNDARY 0
79
80 #define STATE_CONNECT 0
81 #define STATE_COMMAND 1 /* Command state of SMTP transaction */
82 #define STATE_DATA 2 /* Data state */
83 #define STATE_BDATA 3 /* Binary data state */
84 #define STATE_TLS_CLIENT_PEND 4 /* Got STARTTLS */
85 #define STATE_TLS_SERVER_PEND 5 /* Got STARTTLS */
86 #define STATE_TLS_DATA 6 /* Successful handshake, TLS encrypted data */
87 #define STATE_AUTH 7
88 #define STATE_XEXCH50 8
89 #define STATE_UNKNOWN 9
90
91 #define STATE_DATA_INIT 0
92 #define STATE_DATA_HEADER 1 /* Data header section of data state */
93 #define STATE_DATA_BODY 2 /* Data body section of data state */
94 #define STATE_MIME_HEADER 3 /* MIME header section within data section */
95 #define STATE_DATA_UNKNOWN 4
96
97 /* state flags */
98 #define SMTP_FLAG_GOT_MAIL_CMD 0x00000001
99 #define SMTP_FLAG_GOT_RCPT_CMD 0x00000002
100 #define SMTP_FLAG_BDAT 0x00001000
101 #define SMTP_FLAG_ABORT 0x00002000
102
103 /* session flags */
104 #define SMTP_FLAG_XLINK2STATE_GOTFIRSTCHUNK 0x00000001
105 #define SMTP_FLAG_XLINK2STATE_ALERTED 0x00000002
106 #define SMTP_FLAG_NEXT_STATE_UNKNOWN 0x00000004
107 #define SMTP_FLAG_GOT_NON_REBUILT 0x00000008
108 #define SMTP_FLAG_CHECK_SSL 0x00000010
109
110 #define SMTP_SSL_ERROR_FLAGS (SSL_BOGUS_HS_DIR_FLAG | \
111 SSL_BAD_VER_FLAG | \
112 SSL_BAD_TYPE_FLAG | \
113 SSL_UNKNOWN_FLAG)
114
115 /* Maximum length of header chars before colon, based on Exim 4.32 exploit */
116 #define MAX_HEADER_NAME_LEN 64
117
118 #define SMTP_PROTO_REF_STR "smtp"
119
120 #define MAX_AUTH_NAME_LEN 20 /* Max length of SASL mechanisms, defined in RFC 4422 */
121
122 /**************************************************************************/
123
124
125 /* Data structures ********************************************************/
126
127 typedef enum _SMTPCmdEnum
128 {
129 CMD_ATRN = 0,
130 CMD_AUTH,
131 CMD_BDAT,
132 CMD_DATA,
133 CMD_DEBUG,
134 CMD_EHLO,
135 CMD_EMAL,
136 CMD_ESAM,
137 CMD_ESND,
138 CMD_ESOM,
139 CMD_ETRN,
140 CMD_EVFY,
141 CMD_EXPN,
142 CMD_HELO,
143 CMD_HELP,
144 CMD_IDENT,
145 CMD_MAIL,
146 CMD_NOOP,
147 CMD_ONEX,
148 CMD_QUEU,
149 CMD_QUIT,
150 CMD_RCPT,
151 CMD_RSET,
152 CMD_SAML,
153 CMD_SEND,
154 CMD_SIZE,
155 CMD_STARTTLS,
156 CMD_SOML,
157 CMD_TICK,
158 CMD_TIME,
159 CMD_TURN,
160 CMD_TURNME,
161 CMD_VERB,
162 CMD_VRFY,
163 CMD_X_EXPS,
164 CMD_XADR,
165 CMD_XAUTH,
166 CMD_XCIR,
167 CMD_XEXCH50,
168 CMD_XGEN,
169 CMD_XLICENSE,
170 CMD_X_LINK2STATE,
171 CMD_XQUE,
172 CMD_XSTA,
173 CMD_XTRN,
174 CMD_XUSR,
175 CMD_ABORT,
176 CMD_LAST
177
178 } SMTPCmdEnum;
179
180 typedef enum _SMTPRespEnum
181 {
182 RESP_220 = 0,
183 RESP_221,
184 RESP_235,
185 RESP_250,
186 RESP_334,
187 RESP_354,
188 RESP_421,
189 RESP_450,
190 RESP_451,
191 RESP_452,
192 RESP_500,
193 RESP_501,
194 RESP_502,
195 RESP_503,
196 RESP_504,
197 RESP_535,
198 RESP_550,
199 RESP_551,
200 RESP_552,
201 RESP_553,
202 RESP_554,
203 RESP_LAST
204
205 } SMTPRespEnum;
206
207 typedef enum _SMTPHdrEnum
208 {
209 HDR_CONTENT_TYPE = 0,
210 HDR_CONT_TRANS_ENC,
211 HDR_CONT_DISP,
212 HDR_LAST
213
214 } SMTPHdrEnum;
215
216 typedef enum _SMTPDataEndEnum
217 {
218 DATA_END_1 = 0,
219 DATA_END_2,
220 DATA_END_3,
221 DATA_END_4,
222 DATA_END_LAST
223
224 } SMTPDataEndEnum;
225
226 typedef struct _SMTPSearchInfo
227 {
228 int id;
229 int index;
230 int length;
231
232 } SMTPSearchInfo;
233
234 typedef struct _SMTPAuthName
235 {
236 int length;
237 char name[MAX_AUTH_NAME_LEN];
238 } SMTPAuthName;
239
240 typedef struct _SMTP
241 {
242 int state;
243 int state_flags;
244 int session_flags;
245 int alert_mask;
246 int reassembling;
247 uint32_t dat_chunk;
248 #ifdef DEBUG_MSGS
249 uint64_t session_number;
250 #endif
251
252 /* may want to keep track where packet didn't end with end of line marker
253 int cur_client_line_len;
254 int cur_server_line_len;
255 */
256
257 MimeState mime_ssn;
258 SMTPAuthName *auth_name;
259 /* In future if we look at forwarded mail (message/rfc822) we may
260 * need to keep track of additional mime boundaries
261 * SMTPMimeBoundary mime_boundary[8];
262 * int current_mime_boundary;
263 */
264
265 tSfPolicyId policy_id;
266 uint32_t flow_id;
267 tSfPolicyUserContextId config;
268 } SMTP;
269
270
271 /**************************************************************************/
272
273
274 /* Function prototypes ****************************************************/
275
276 void SMTP_InitCmds(SMTPConfig *config);
277 void SMTP_SearchInit(void);
278 void SMTP_Free(void);
279 void SnortSMTP(SFSnortPacket *);
280 int SMTP_IsServer(uint16_t);
281 void SMTP_FreeConfig(SMTPConfig *);
282 void SMTP_FreeConfigs(tSfPolicyUserContextId);
283 int SMTP_GetFilename(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
284 int SMTP_GetMailFrom(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
285 int SMTP_GetRcptTo(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
286 int SMTP_GetEmailHdrs(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
287 void SMTP_MempoolInit(uint32_t, uint32_t);
288
289 /**************************************************************************/
290
291 #endif /* __SMTP_H__ */
292