/*
 * telnet.c
 *
 * Copyright (C) 2011-22 - ntop.org
 * Copyright (C) 2009-11 - ipoque GmbH
 *
 * This file is part of nDPI, an open source deep packet inspection
 * library based on the OpenDPI and PACE technology by ipoque GmbH
 *
 * nDPI is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * nDPI is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
 *
 */


#include "ndpi_protocol_ids.h"

#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELNET

#include "ndpi_api.h"
#include "ndpi_private.h"

/* #define TELNET_DEBUG 1 */

/* ************************************************************************ */

static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct,
			       struct ndpi_flow_struct *flow) {
  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
  int i;

#ifdef TELNET_DEBUG
  printf("==> %s() [%.*s][direction: %u]\n", __FUNCTION__, packet->payload_packet_len,
	 packet->payload, packet->packet_direction);
#endif
  
  if((packet->payload == NULL)
     || (packet->payload_packet_len == 0)
     || (packet->payload[0] == 0xFF))
    return(1);

  if(flow->protos.telnet.username_detected) {
    if((!flow->protos.telnet.password_found)
	&& (packet->payload_packet_len > 9)) {
	
      if(strncasecmp((char*)packet->payload, "password:", 9) == 0) {
	flow->protos.telnet.password_found = 1;
      }

      return(1);
    }
      
    if(packet->payload[0] == '\r') {
      if(!flow->protos.telnet.password_found)
	return(1);
	
      flow->protos.telnet.password_detected = 1;
      ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, "Found password");
      flow->protos.telnet.password[flow->protos.telnet.character_id] = '\0';
      return(0);
    }

    if(packet->packet_direction == 0) /* client -> server */ {
      for(i=0; i<packet->payload_packet_len; i++) {
	if(flow->protos.telnet.character_id < (sizeof(flow->protos.telnet.password)-1))
	  flow->protos.telnet.password[flow->protos.telnet.character_id++] = packet->payload[i];
      }
    }

    return(1);
  }

  if((!flow->protos.telnet.username_found)
     && (packet->payload_packet_len > 6)) {

    if(strncasecmp((char*)packet->payload, "login:", 6) == 0) {
      flow->protos.telnet.username_found = 1;
    }

    return(1);
  }

  if(packet->payload[0] == '\r') {
    char buf[64];
    
    flow->protos.telnet.username_detected = 1;
    flow->protos.telnet.username[flow->protos.telnet.character_id] = '\0';
    flow->protos.telnet.character_id = 0;

    snprintf(buf, sizeof(buf), "Found Telnet username (%s)",
	     flow->protos.telnet.username);
    ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, buf);

    return(1);
  }

  for(i=0; i<packet->payload_packet_len; i++) {
    if(packet->packet_direction == 0) /* client -> server */ {
      if(flow->protos.telnet.character_id < (sizeof(flow->protos.telnet.username)-1))
      {
        if (i>=packet->payload_packet_len-2 &&
            (packet->payload[i] == '\r' || packet->payload[i] == '\n'))
        {
          continue;
        }
        else if (ndpi_isprint(packet->payload[i]) == 0)
        {
          flow->protos.telnet.username[flow->protos.telnet.character_id++] = '?';
        } else {
          flow->protos.telnet.username[flow->protos.telnet.character_id++] = packet->payload[i];
        }
      }
    }
  }

  /* Possibly more processing */
  return(1);
}

/* ************************************************************************ */

static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct
					   *ndpi_struct, struct ndpi_flow_struct *flow) {
  flow->max_extra_packets_to_check = 64;
  flow->extra_packets_func = search_telnet_again;

  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TELNET, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
}

/* ************************************************************************ */

#if !defined(WIN32)
static inline
#elif defined(MINGW_GCC)
__mingw_forceinline static
#else
__forceinline static
#endif
u_int8_t search_iac(struct ndpi_detection_module_struct *ndpi_struct) {
  struct ndpi_packet_struct *packet = &ndpi_struct->packet;

  u_int16_t a;

#ifdef TELNET_DEBUG
  printf("==> %s()\n", __FUNCTION__);
#endif

  if(packet->payload_packet_len < 3)
    return(0);

  if(!((packet->payload[0] == 0xff)
       && (packet->payload[1] > 0xf9)
       && (packet->payload[1] != 0xff)
       && (packet->payload[2] < 0x28)))
    return(0);

  a = 3;

  while (a < packet->payload_packet_len - 2) {
    // commands start with a 0xff byte followed by a command byte >= 0xf0 and < 0xff
    // command bytes 0xfb to 0xfe are followed by an option byte <= 0x28
    if(!(packet->payload[a] != 0xff ||
	  (packet->payload[a] == 0xff && (packet->payload[a + 1] >= 0xf0) && (packet->payload[a + 1] <= 0xfa)) ||
	  (packet->payload[a] == 0xff && (packet->payload[a + 1] >= 0xfb) && (packet->payload[a + 1] != 0xff)
	   && (packet->payload[a + 2] <= 0x28))))
      return(0);

    a++;
  }

  return 1;
}

/* ************************************************************************ */

/* this detection also works asymmetrically */
static void ndpi_search_telnet_tcp(struct ndpi_detection_module_struct *ndpi_struct,
				   struct ndpi_flow_struct *flow) {
  NDPI_LOG_DBG(ndpi_struct, "search telnet\n");

  if(search_iac(ndpi_struct) == 1) {
    if(flow->l4.tcp.telnet_stage == 2) {
      NDPI_LOG_INFO(ndpi_struct, "found telnet\n");
      ndpi_int_telnet_add_connection(ndpi_struct, flow);
      return;
    }

    flow->l4.tcp.telnet_stage++;
    NDPI_LOG_DBG2(ndpi_struct, "telnet stage %u\n", flow->l4.tcp.telnet_stage);
    return;
  }

  if(((flow->packet_counter < 12) && (flow->l4.tcp.telnet_stage > 0)) || (flow->packet_counter < 6)) {
#ifdef TELNET_DEBUG
    printf("==> [%s:%d] %s()\n", __FILE__, __LINE__, __FUNCTION__);
#endif
    return;
  } else {
#ifdef TELNET_DEBUG
    printf("==> [%s:%d] %s()\n", __FILE__, __LINE__, __FUNCTION__);
#endif
    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
  }
  
  return;
}


void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
{
  ndpi_set_bitmask_protocol_detection("Telnet", ndpi_struct, *id,
				      NDPI_PROTOCOL_TELNET,
				      ndpi_search_telnet_tcp,
				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
				      ADD_TO_DETECTION_BITMASK);
  *id += 1;
}