diff options
| author | Toni <matzeton@googlemail.com> | 2021-09-22 12:08:04 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-22 12:08:04 +0200 |
| commit | 9717afb2dafdfec24e5431c70eb506d392bf1ef2 (patch) | |
| tree | ff6f3b34143dd7031950d53734a06032b4091a04 /src | |
| parent | bb52f1362ca80f58eb2bb4a76bb4840fa30afab3 (diff) | |
| parent | 017c1a42394501914f850fd54411884545105879 (diff) | |
Merge pull request #1311 from IvanNardi/ftp-start-tls
FTP: fix support for START-TLS sessions
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/ftp_control.c | 17 |
3 files changed, 12 insertions, 10 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 2347d0429..6181c21e8 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1350,7 +1350,7 @@ struct ndpi_flow_struct { } http; struct { - u_int8_t auth_found:1, auth_failed:1, _pad:5; + u_int8_t auth_found:1, auth_failed:1, auth_tls:1, _pad:5; char username[16], password[16]; } ftp_imap_pop_smtp; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 4776095ef..cc1db9ccb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -7242,7 +7242,8 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp case NDPI_PROTOCOL_MAIL_POP: case NDPI_PROTOCOL_MAIL_IMAP: case NDPI_PROTOCOL_MAIL_SMTP: - if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0') + if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0' && + flow->protos.ftp_imap_pop_smtp.auth_tls == 0) return(1); break; diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 55ea192b0..3635d1118 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -64,6 +64,11 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n return 1; } + if(ndpi_match_strprefix(payload, payload_len, "AUTH") || + ndpi_match_strprefix(payload, payload_len, "auth")) { + flow->protos.ftp_imap_pop_smtp.auth_found = 1; + return 1; + } /* ***************************************************** */ if(ndpi_match_strprefix(payload, payload_len, "ABOR")) { @@ -86,9 +91,6 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n return 1; } - if(ndpi_match_strprefix(payload, payload_len, "AUTH")) { - return 1; - } if(ndpi_match_strprefix(payload, payload_len, "CCC")) { return 1; } @@ -321,10 +323,6 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n return 1; } - if(ndpi_match_strprefix(payload, payload_len, "auth")) { - return 1; - } - if(ndpi_match_strprefix(payload, payload_len, "ccc")) { return 1; } @@ -564,6 +562,8 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow, case '2': case '3': case '6': + if(flow->protos.ftp_imap_pop_smtp.auth_found == 1) + flow->protos.ftp_imap_pop_smtp.auth_tls = 1; return(1); break; @@ -635,7 +635,8 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str flow->protos.ftp_imap_pop_smtp.username, flow->protos.ftp_imap_pop_smtp.password); #endif - if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0') + if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0' && + flow->protos.ftp_imap_pop_smtp.auth_tls == 0) /* TODO: any values on dissecting TLS handshake? */ flow->ftp_control_stage = 0; else ndpi_int_ftp_control_add_connection(ndpi_struct, flow); |