Merge branch 'master' into y0urself/fix-issues-from-code-ql

CHANGELOG.md

@@ -15,6 +15,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   [#744](https://github.com/greenbone/openvas/pull/744)
   [#757](https://github.com/greenbone/openvas/pull/757)
 - Add message type validation for proto_post_wrapped. [#805](https://github.com/greenbone/openvas/pull/805)
+- Add nasl function sftp_enabled_check() to check if sftp subsystem is enabled in the target [#853](https://github.com/greenbone/openvas/pull/853)
 
 ### Changed
 - function script_bugtraq_id getting skipped, linter warns. [#724](https://github.com/greenbone/openvas/pull/724)

nasl/nasl_init.c

@@ -325,6 +325,7 @@ static init_func libfuncs[] = {
   {"ssh_get_server_banner", nasl_ssh_get_server_banner},
   {"ssh_get_auth_methods", nasl_ssh_get_auth_methods},
   {"ssh_get_host_key", nasl_ssh_get_host_key},
+  {"sftp_enabled_check", nasl_sftp_enabled_check},
 
 #ifdef HAVE_LIBKSBA
   {"cert_open", nasl_cert_open},

nasl/nasl_ssh.c

@@ -48,6 +48,7 @@
 #include <gvm/base/networking.h>
 #include <gvm/base/prefs.h> /* for prefs_get() */
 #include <gvm/util/kb.h>
+#include <libssh/sftp.h>
 #include <netinet/in.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -503,7 +504,7 @@ do_nasl_ssh_disconnect (int tbl_slot)
  *
  * @nasluparam
  *
- * - An ssh session id.  A value of 0 is allowed and acts as a NOP.
+ * - An SSH session id.  A value of 0 is allowed and acts as a NOP.
  *
  * @naslret Nothing
  *
@@ -611,7 +612,7 @@ nasl_ssh_session_id_from_sock (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslret An integer representing the socket or -1 on error.
  *
@@ -714,7 +715,7 @@ get_authmethods (int tbl_slot)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslnparam
  *
@@ -800,7 +801,7 @@ nasl_ssh_set_login (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslnparam
  *
@@ -999,7 +1000,7 @@ nasl_ssh_userauth (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslnparam
  *
@@ -1111,7 +1112,7 @@ nasl_ssh_login_interactive (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslnparam
  *
@@ -1320,7 +1321,7 @@ exec_ssh_cmd (ssh_session session, char *cmd, int verbose, int compat_mode,
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslnparam
  *
@@ -1453,7 +1454,7 @@ nasl_ssh_request_exec (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslret A data block on success or NULL on error.
  *
@@ -1503,7 +1504,7 @@ nasl_ssh_get_issue_banner (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslret A data block on success or NULL on error.
  *
@@ -1544,7 +1545,7 @@ nasl_ssh_get_server_banner (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslret A data block on success or NULL on error.
  *
@@ -1588,7 +1589,7 @@ nasl_ssh_get_host_key (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslret A string on success or NULL on error.
  *
@@ -1685,7 +1686,7 @@ request_ssh_shell (ssh_channel channel, int pty)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslnparam
  *
@@ -1778,7 +1779,7 @@ read_ssh_nonblocking (ssh_channel channel, GString *response)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslret A string on success or NULL on error.
  *
@@ -1814,7 +1815,7 @@ nasl_ssh_shell_read (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @naslnparam
  *
@@ -1876,7 +1877,7 @@ nasl_ssh_shell_write (lex_ctxt *lexic)
  *
  * @nasluparam
  *
- * - An ssh session id.
+ * - An SSH session id.
  *
  * @param[in] lexic Lexical context of NASL interpreter.
  */
@@ -1896,3 +1897,64 @@ nasl_ssh_shell_close (lex_ctxt *lexic)
 
   return NULL;
 }
+
+/*
+ * NASL SFTP
+ */
+
+/**
+ * @brief Check if the SFTP subsystem is enabled on the remote SSH server.
+ * @naslfn{sftp_enabled_check}
+ *
+ * @nasluparam
+ *
+ * - An SSH session id.
+ *
+ * @naslret An integer: 0 on success, -1 (SSH_ERROR) on Channel request
+ * subsystem failure. Greater than 0 means an error during SFTP init. NULL
+ * indicates a failure during session id verification.
+ *
+ * @param[in] lexic Lexical context of NASL interpreter.
+ */
+tree_cell *
+nasl_sftp_enabled_check (lex_ctxt *lexic)
+{
+  int tbl_slot, session_id;
+  tree_cell *retc;
+  sftp_session sftp;
+  ssh_session session;
+  int rc;
+
+  session_id = get_int_var_by_num (lexic, 0, -1);
+  if (!verify_session_id (session_id, "sftp_enabled_check", &tbl_slot, lexic))
+    return NULL;
+  session = session_table[tbl_slot].session;
+
+  sftp = sftp_new (session);
+  if (sftp == NULL)
+    {
+      g_message (
+        "Function %s (calling internal function %s) called from %s: %s",
+        nasl_get_function_name () ?: "script_main_function", __func__,
+        nasl_get_plugin_filename (),
+        ssh_get_error (session_table[tbl_slot].session));
+      rc = SSH_ERROR;
+      goto write_ret;
+    }
+
+  rc = sftp_init (sftp);
+  if (rc != SSH_OK)
+    g_message (
+      "Function %s (calling internal function %s) called from %s: %s. Code %d",
+      nasl_get_function_name () ?: "script_main_function", __func__,
+      nasl_get_plugin_filename (),
+      ssh_get_error (session_table[tbl_slot].session), sftp_get_error (sftp));
+
+  sftp_free (sftp);
+
+write_ret:
+
+  retc = alloc_typed_cell (CONST_INT);
+  retc->x.i_val = rc;
+  return retc;
+}

nasl/nasl_ssh.h

@@ -70,4 +70,11 @@ nasl_ssh_get_auth_methods (lex_ctxt *lexic);
 tree_cell *
 nasl_ssh_get_host_key (lex_ctxt *lexic);
 
+/*
+ * NASL SFTP
+ */
+
+tree_cell *
+nasl_sftp_enabled_check (lex_ctxt *);
+
 #endif /*NASL_SSH_H*/