Changeset 5523

Timestamp:

02/11/10 20:26:01 (6 months ago)

Author:

nopper

Message:

Cleanup and refactoring in session manager.
Fixing ftp dissector accordingly.

Location:

pm/trunk

Files:

• audits/passive/ftp/sources/main.py (modified) (3 diffs)
• umit/pm/manager/sessionmanager.py (modified) (7 diffs)

pm/trunk/audits/passive/ftp/sources/main.py

@@ -41 +41 @@
 
     def ftp(mpkt):
-        sess = sessions.create_session(mpkt, FTP_PORTS, FTP_NAME)
+        if sessions.create_session_on_sack(mpkt, FTP_PORTS, FTP_NAME):
+            return
 
-        # This is a SYN/ACK packet.
-        if sess:
-            return None
+        sess = sessions.is_first_pkt_from_server(mpkt, FTP_PORTS, FTP_NAME)
 
-        sess = sessions.is_first_mpkt_from_server(mpkt, FTP_PORTS, FTP_NAME)
+        if sess and not sess.data:
+            payload = mpkt.data
 
-        if sess:
-            if not sess.data:
-                payload = mpkt.get_field('raw.load')
+            # Ok we have an FTP banner over here
+            if payload and payload.startswith('220'):
+                banner = payload[4:].strip()
+                mpkt.set_cfield('banner', banner)
 
-                # Ok we have an FTP banner over here
-                if payload and payload.startswith('220'):
-                    banner = payload[4:].strip()
-                    mpkt.set_cfield('banner', banner)
+                manager.user_msg('FTP : %s:%d banner: %s' % \
+                                 (mpkt.l3_src, mpkt.l4_src, banner),
+                                 6, FTP_NAME)
 
-                    manager.user_msg('FTP : %s:%d banner: %s' % \
-                                     (mpkt.get_field('ip.src'),
-                                      mpkt.get_field('tcp.sport'),
-                                      banner),
-                                      6, 'dissector.ftp')
+            sessions.delete_session(sess)
+            return
 
-            if not sess.data:
-                sessions.delete_session(sess)
-                return None
+        # Skip empty and server packets
+        if mpkt.l4_dst not in FTP_PORTS or not mpkt.data:
+            return
 
-        if mpkt.get_field('tcp.dport') not in FTP_PORTS:
-            return None
-
-        payload = mpkt.get_field('raw.load')
-
-        if not payload:
-            return None
-
-        payload = payload.strip()
+        payload = mpkt.data.strip()
 
         if payload[:5].upper() == 'USER ':
@@ -94 +83 @@
 
             manager.user_msg('FTP : %s:%d -> USER: %s PASS: %s' % \
-                             (mpkt.get_field('ip.dst'),
-                              mpkt.get_field('tcp.dport'),
+                             (mpkt.l3_dst, mpkt.l4_dst,
                               sess.data[0] or '',
                               sess.data[1] or ''),
-                              6, 'dissector.ftp')
+                              6, FTP_NAME)
 
             mpkt.set_cfield('username', sess.data[0])
@@ -118 +106 @@
 
 __plugins__ = [FTPDissector]
-__plugins_deps__ = [('FTPDissector', ['TCPDecoder'], ['FTPDecoder-1.0'], []),]
+__plugins_deps__ = [('FTPDissector', ['TCPDecoder'], ['FTPDissector-1.0'], []),]
 
 __audit_type__ = 0
 __protocols__ = (('tcp', 21), ('ftp', None))
-__vulnerabilities__ = (('HTTP dissector', {
+__vulnerabilities__ = (('FTP dissector', {
     'description' : 'File Transfer Protocol (FTP) is a standard network '
                     'protocol used to exchange and manipulate files over an '

pm/trunk/umit/pm/manager/sessionmanager.py

@@ -24 +24 @@
 
 import time
-from socket import inet_aton
 
 from umit.pm.core.logger import log
@@ -32 +31 @@
 class DissectIdent(object):
     magic = None
-
-    def __init__(self, l3src, l3dst, l4src, l4dst, proto):
-        self.l3_src = l3src
-        self.l3_dst = l3dst
-        self.l4_src = l4src
-        self.l4_dst = l4dst
-        self.proto = proto
-
-    def __eq__(self, other):
-        if self.magic != other.magic or self.proto != other.proto:
-            return False
-
-        if self.l3_src == other.l3_src and \
-           self.l3_dst == other.l3_dst and \
-           self.l4_src == other.l4_src and \
-           self.l4_dst == other.l4_dst:
-            return True
-
-        if self.l3_src == other.l3_dst and \
-           self.l3_dst == other.l3_src and \
-           self.l4_src == other.l4_dst and \
-           self.l4_dst == other.l4_src:
-            return True
-
-        return False
-
-    @classmethod
-    def mkhash(self, ident):
-        return hash(ident.l3_src) ^ hash(ident.l3_dst) ^ \
-               ident.l4_src ^ ident.l4_dst ^ hash(ident.proto)
-
-class TCPIdent(object):
-    magic = NL_TYPE_TCP
 
     def __init__(self, l3src, l3dst, l4src, l4dst):
@@ -91 +57 @@
 
     @classmethod
+    def mkhash(self, ident):
+        return hash(ident.l3_src) ^ hash(ident.l3_dst) ^ \
+               ident.l4_src ^ ident.l4_dst
+
+    @classmethod
     def create(self, mpkt):
         return TCPIdent(mpkt.l3_src, mpkt.l3_dst,
                         mpkt.l4_src, mpkt.l4_dst)
 
-    @classmethod
-    def mkhash(self, ident):
-        return hash(ident.l3_src) ^ hash(ident.l3_dst) ^ \
-               ident.l4_src ^ ident.l4_dst
+class TCPIdent(DissectIdent):
+    magic = NL_TYPE_TCP
 
 INJ_FIN = 1
@@ -154 +123 @@
     # Dissectors methods
 
-    def create_session(self, mpkt, ports, dissector):
+    def create_session_on_sack(self, mpkt, ports, dissector):
         """
         Check for SYN/ACK on mpkt and create a session
@@ -164 +133 @@
         tcpflags = mpkt.l4_flags
 
-        if tcpflags & TH_SYN != 0 and tcpflags & TH_ACK != 0:
-            if mpkt.l4_src in ports:
-                log.debug('Creating sessions for dissector %s' % dissector)
-                ident = self.create_ident_from_mpkt(mpkt, dissector)
-
-                sess = Session(ident)
-                self.put_session(sess)
-
-                return sess
+        if tcpflags & TH_SYN != 0 and tcpflags & TH_ACK != 0 and \
+           mpkt.l4_src in ports:
+
+            log.debug('Creating sessions for dissector %s' % dissector)
+            ident = self.create_dissect_ident(mpkt, dissector)
+
+            sess = Session(ident)
+            self.put_session(sess)
+
+            return sess
 
         return None
 
-    def create_ident_from_mpkt(self, mpkt, magic):
+    def create_dissect_ident(self, mpkt, magic):
         """
         Create a session object starting from a mpkt instance
         """
-        ident = DissectIdent(inet_aton(mpkt.l3_src), inet_aton(mpkt.l3_dst),
-                             mpkt.l4_src, mpkt.l4_dst, mpkt.l4_proto)
+        ident = DissectIdent.create(mpkt)
         ident.magic = magic
 
@@ -187 +156 @@
 
     def lookup_session(self, mpkt, ports, decoder, create_on_fail=False):
-        ident = self.create_ident_from_mpkt(mpkt, decoder)
+        ident = self.create_dissect_ident(mpkt, decoder)
         sess = self.get_session(ident)
 
@@ -196 +165 @@
         return sess
 
-    def is_first_mpkt_from_server(self, mpkt, ports, decoder):
+    def is_first_pkt_from_server(self, mpkt, ports, decoder):
         if mpkt.l4_src in ports and \
            mpkt.l4_flags & TH_PSH != 0:
 
-            ident = self.create_ident_from_mpkt(mpkt, decoder)
-            return self.get_session(ident)
+            return self.get_session(self.create_dissect_ident(mpkt, decoder))
 
     # Standard methods