diff options
| author | Luca Deri <deri@ntop.org> | 2022-07-04 22:52:54 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-07-04 22:52:54 +0200 |
| commit | 7fa8d882d83577334c7c91843eb40c2ebae8bf74 (patch) | |
| tree | bb599e4828303ea4c531dec6e224f90247ca8427 /src/lib/protocols | |
| parent | 461589517e50c201bf063c7d4dbb3639e43f4268 (diff) | |
Exported username in flow information
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/ftp_control.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/mail_imap.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/mail_pop.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 13 | ||||
| -rw-r--r-- | src/lib/protocols/rsh.c | 9 | ||||
| -rw-r--r-- | src/lib/protocols/telnet.c | 8 |
6 files changed, 37 insertions, 13 deletions
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index ff624c419..a0bec3864 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -50,10 +50,15 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n #endif if(ndpi_match_strprefix(payload, payload_len, "USER")) { + char buf[64]; + ndpi_user_pwd_payload_copy((u_int8_t*)flow->l4.tcp.ftp_imap_pop_smtp.username, sizeof(flow->l4.tcp.ftp_imap_pop_smtp.username), 5, payload, payload_len); - ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, "Found FTP username"); + + snprintf(buf, sizeof(buf), "Found FTP username (%s)", + flow->l4.tcp.ftp_imap_pop_smtp.username); + ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, buf); return 1; } diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 2195e9f6e..a6809b454 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -176,13 +176,15 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, user = strtok_r(str, " \"\r\n", &saveptr); if(user) { - char *pwd; + char *pwd, buf[64]; ndpi_snprintf(flow->l4.tcp.ftp_imap_pop_smtp.username, sizeof(flow->l4.tcp.ftp_imap_pop_smtp.username), "%s", user); - ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, "Found IMAP Username"); + snprintf(buf, sizeof(buf), "Found IMAP username (%s)", + flow->l4.tcp.ftp_imap_pop_smtp.username); + ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, buf); pwd = strtok_r(NULL, " \"\r\n", &saveptr); if(pwd) { diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 7d6a03284..ad5b30a1c 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -77,11 +77,16 @@ static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_mod && (packet->payload[1] == 'S' || packet->payload[1] == 's') && (packet->payload[2] == 'E' || packet->payload[2] == 'e') && (packet->payload[3] == 'R' || packet->payload[3] == 'r')) { + char buf[64]; + ndpi_user_pwd_payload_copy((u_int8_t*)flow->l4.tcp.ftp_imap_pop_smtp.username, sizeof(flow->l4.tcp.ftp_imap_pop_smtp.username), 5, packet->payload, packet->payload_packet_len); - ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, "Found username"); + snprintf(buf, sizeof(buf), "Found username (%s)", + flow->l4.tcp.ftp_imap_pop_smtp.username); + ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, buf); + flow->l4.tcp.pop_command_bitmask |= POP_BIT_USER; return 1; } else if((packet->payload[0] == 'P' || packet->payload[0] == 'p') diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index e3e5cecc9..ee2e489df 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -93,12 +93,16 @@ static void get_credentials_auth_plain(struct ndpi_detection_module_struct *ndpi user_len = i - 1; } if(user_len > 0) { + char buf[64]; + user_len = ndpi_min(user_len, sizeof(flow->l4.tcp.ftp_imap_pop_smtp.username) - 1); memcpy(flow->l4.tcp.ftp_imap_pop_smtp.username, out + 1, user_len); flow->l4.tcp.ftp_imap_pop_smtp.username[user_len] = '\0'; - ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, "Found username"); + snprintf(buf, sizeof(buf), "Found username (%s)", + flow->l4.tcp.ftp_imap_pop_smtp.username); + ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, buf); if(1 + user_len + 1 < out_len) { unsigned int pwd_len; @@ -235,7 +239,8 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t buf[48]; u_char *out; size_t out_len; - + char msg[64]; + ndpi_user_pwd_payload_copy(buf, sizeof(buf), 0, packet->line[a].ptr, packet->line[a].len); @@ -254,7 +259,9 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, ndpi_free(out); } - ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, "Found username"); + snprintf(msg, sizeof(msg), "Found SMTP username (%s)", + flow->l4.tcp.ftp_imap_pop_smtp.username); + ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, msg); } else if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0') { /* Password */ u_int8_t buf[48]; diff --git a/src/lib/protocols/rsh.c b/src/lib/protocols/rsh.c index 3344c8660..a3414562c 100644 --- a/src/lib/protocols/rsh.c +++ b/src/lib/protocols/rsh.c @@ -88,12 +88,12 @@ void ndpi_search_rsh(struct ndpi_detection_module_struct * ndpi_struct, } { + char str[64]; char const * dissected_info[] = { (char const *)packet->payload, NULL, NULL }; size_t i; - for (i = 1; i < NDPI_ARRAY_LENGTH(dissected_info); ++i) - { + for (i = 1; i < NDPI_ARRAY_LENGTH(dissected_info); ++i) { dissected_info[i] = memchr(dissected_info[i - 1], '\0', packet->payload_packet_len - (dissected_info[i - 1] - dissected_info[0])); @@ -132,13 +132,12 @@ void ndpi_search_rsh(struct ndpi_detection_module_struct * ndpi_struct, (unsigned long)packet->payload_packet_len - (unsigned long)(dissected_info[2] - dissected_info[0]))); - char str[64]; + if (snprintf(str, NDPI_ARRAY_LENGTH(str), "User '%s' executing '%s'", flow->protos.rsh.server_username, flow->protos.rsh.command) < 0) - { str[0] = '\0'; - } + ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, str); } return; diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 43badd08c..d3ec02958 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -90,10 +90,16 @@ static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct, } if(packet->payload[0] == '\r') { + char buf[64]; + flow->protos.telnet.username_detected = 1; - ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, "Found username"); flow->protos.telnet.username[flow->protos.telnet.character_id] = '\0'; flow->protos.telnet.character_id = 0; + + snprintf(buf, sizeof(buf), "Found Telnet username (%s)", + flow->protos.telnet.username); + ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, buf); + return(1); } |