Some styling tweaks

- used transient declarations where appropriate - fixed brackets - cleaned up some comments
2025-10-02 14:48:21 +00:00 · 2016-04-11 11:35:36 +02:00 · 2016-04-11 11:35:36 +02:00 · 034f725f3f
commit 034f725f3f
parent 04dd65cbaf
9 changed files with 109 additions and 113 deletions
--- a/scripts/base/protocols/rfb/main.bro
+++ b/scripts/base/protocols/rfb/main.bro
@ -1,4 +1,4 @@
-module Rfb;
+module RFB;
 export {
 	redef enum Log::ID += { LOG };
@ -11,17 +11,27 @@ export {
 		## The connection's 4-tuple of endpoint addresses/ports.
 		id:     conn_id &log;
 		## Major version of the client.
 		client_major_version: string &log &optional;
 		## Minor version of the client.
 		client_minor_version: string &log &optional;
 		## Major version of the server.
 		server_major_version: string &log &optional;
 		## Major version of the client.
 		server_minor_version: string &log &optional;
 		## Identifier of authentication method used.
 		authentication_method: string &log &optional;
 		## Whether or not authentication was succesful.
 		auth: bool &log &optional;
 		## Whether the client has an exclusive or a shared session.
 		share_flag: bool &log &optional;
 		## Name of the screen that is being shared.
 		desktop_name: string &log &optional;
 		## Width of the screen that is being shared.
 		width: count &log &optional;
 		## Height of the screen that is being shared.
 		height: count &log &optional;
 		done: bool  &default=F;
@ -30,7 +40,8 @@ export {
 	global log_rfb: event(rec: Info);
 }
-function friendly_auth_name(auth: count): string {
+function friendly_auth_name(auth: count): string
 	{
 	switch (auth) {
 		case 0:
 			return "Invalid";
@ -56,37 +67,40 @@ function friendly_auth_name(auth: count): string {
 			return "Apple Remote Desktop";
 	}
 	return "RealVNC";
 }
 redef record connection += {
 	rfb_state: Info &optional;
 };
 event bro_init() &priority=5
 	{
-	Log::create_stream(Rfb::LOG, [$columns=Info, $ev=log_rfb, $path="rfb"]);
+	Log::create_stream(RFB::LOG, [$columns=Info, $ev=log_rfb, $path="rfb"]);
 	}
-function write_log(c:connection) {
+function write_log(c:connection)
 	{
 	local state = c$rfb_state;
-	if ( state?$done && state$done == T) {
+	if ( state?$done && state$done == T )
 		{
 		return;
-	}
+		}
 	Log::write(Rfb::LOG, c$rfb_state);
 	c$rfb_state$done = T;
 }
-function set_session(c: connection) {
+	Log::write(RFB::LOG, c$rfb_state);
-	if ( ! c?$rfb_state ) {
+	c$rfb_state$done = T;
 	}
 function set_session(c: connection)
 	{
 	if ( ! c?$rfb_state )
 		{
 		local info: Info;
 		info$ts  = network_time();
 		info$uid = c$uid;
 		info$id  = c$id;
 		c$rfb_state = info;
-	}
+		}
 	}
 event rfb_event(c: connection)
@ -121,13 +135,9 @@ event rfb_server_parameters(c: connection, name: string, width: count, height: c
 	write_log(c);
 	}
-event rfb_auth_result(c: connection, result: count)
+event rfb_auth_result(c: connection, result: bool)
 	{
-	if ( result ==0 ) {
+	c$rfb_state$auth = !result;
 		c$rfb_state$auth = T;
 	} else {
 		c$rfb_state$auth = F;
 	}
 	}
 event rfb_share_flag(c: connection, flag: bool)
@ -135,8 +145,10 @@ event rfb_share_flag(c: connection, flag: bool)
 	c$rfb_state$share_flag = flag;
 	}
-event connection_state_remove(c: connection) {
+event connection_state_remove(c: connection)
-	if ( c?$rfb_state ) {
+	{
-	write_log(c);
+	if ( c?$rfb_state )
 		{
 		write_log(c);
 		}
 	}
 }
--- a/src/analyzer/protocol/rfb/CMakeLists.txt
+++ b/src/analyzer/protocol/rfb/CMakeLists.txt
@ -1,5 +1,3 @@
 # Generated by binpac_quickstart
 include(BroPlugin)
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
--- a/src/analyzer/protocol/rfb/Plugin.cc
+++ b/src/analyzer/protocol/rfb/Plugin.cc
@ -1,5 +1,3 @@
 // Generated by binpac_quickstart
 #include "plugin/Plugin.h"
 #include "RFB.h"
--- a/src/analyzer/protocol/rfb/RFB.cc
+++ b/src/analyzer/protocol/rfb/RFB.cc
@ -1,5 +1,3 @@
 // Generated by binpac_quickstart
 #include "RFB.h"
 #include "analyzer/protocol/tcp/TCP_Reassembler.h"
--- a/src/analyzer/protocol/rfb/RFB.h
+++ b/src/analyzer/protocol/rfb/RFB.h
@ -1,5 +1,3 @@
 // Generated by binpac_quickstart
 #ifndef ANALYZER_PROTOCOL_RFB_RFB_H
 #define ANALYZER_PROTOCOL_RFB_RFB_H
--- a/src/analyzer/protocol/rfb/events.bif
+++ b/src/analyzer/protocol/rfb/events.bif
@ -15,7 +15,7 @@ event rfb_authentication_type%(c: connection, authtype: count%);
 ## c: The connection record for the underlying transport-layer session/flow.
 ##
 ## result: whether or not authentication was succesful
-event rfb_auth_result%(c: connection, result: count%);
+event rfb_auth_result%(c: connection, result: bool%);
 ## Generated for RFB event share flag messages
 ##
--- a/src/analyzer/protocol/rfb/rfb-analyzer.pac
+++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac
@ -7,14 +7,16 @@ refine flow RFB_Flow += {
 	function proc_rfb_version(client: bool, major: bytestring, minor: bytestring) : bool
 		%{
-		if (client) {
+		if (client)
 			{
 			BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
 			connection()->bro_analyzer()->ProtocolConfirmation();
-
+			}
-		} else {
+			else
 			{
 			BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
-		}
+			}
 		return true;
 		%}
@ -25,28 +27,28 @@ refine flow RFB_Flow += {
 		%}
 	function proc_security_types(msg: RFBSecurityTypes) : bool
-	%{
+		%{
 		BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype});
 		return true;
-	%}
+		%}
 	function proc_security_types37(msg: RFBAuthTypeSelected) : bool
-	%{
+		%{
 		BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type});
 		return true;
-	%}
+		%}
 	function proc_handle_server_params(msg:RFBServerInit) : bool
-	%{
+		%{
 		BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height});
 		return true;
-	%}
+		%}
 	function proc_handle_security_result(result : uint32) : bool
-	%{
+		%{
 		BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result);
 		return true;
-	%}
+		%}
 };
 refine connection RFB_Conn += {
@ -70,113 +72,115 @@ refine connection RFB_Conn += {
 	%}
 	function get_state(client: bool) : int
-	%{
+		%{
 		return state;
-	%}
+		%}
 	function handle_banners(client: bool, msg: RFBProtocolVersion) : bool
-	%{
+		%{
-		if ( client ) {
+		if ( client )
 			{
 			// Set protocol version on client's version
 			int minor_version = bytestring_to_int(${msg.minor},10);
 			// Apple specifies minor version "889" but talks v37
-			if ( minor_version >= 7 ) {
+			if ( minor_version >= 7 )
 				state = AWAITING_SERVER_AUTH_TYPES37;
-			} else {
+			else
 				state = AWAITING_SERVER_AUTH_TYPES;
 			}
-		} else {
+			else
 			if ( !client ) {
 				state = AWAITING_CLIENT_BANNER;
-			}
+
 		}
 		return true;
-	%}
+		%}
 	function handle_ard_challenge() : bool
-	%{
+		%{
 		state = AWAITING_CLIENT_ARD_RESPONSE;
 		return true;
-	%}
+		%}
 	function handle_ard_response() : bool
-	%{
+		%{
 		state = AWAITING_SERVER_AUTH_RESULT;
 		return true;
-	%}
+		%}
 	function handle_auth_request() : bool
-	%{
+		%{
 		state = AWAITING_CLIENT_RESPONSE;
 		return true;
-	%}
+		%}
 	function handle_auth_response() : bool
-	%{
+		%{
 		state = AWAITING_SERVER_AUTH_RESULT;
 		return true;
-	%}
+		%}
 	function handle_security_result(msg: RFBSecurityResult) : bool
-	%{
+		%{
-		if ( ${msg.result} == 0 ) //FIXME
+		if ( ${msg.result} == 0 )
-		{
+			{
 			state = AWAITING_CLIENT_SHARE_FLAG;
-		}
+			}
 		return true;
-	%}
+		%}
 	function handle_client_init(msg: RFBClientInit) : bool
-	%{
+		%{
 		state = AWAITING_SERVER_PARAMS;
 		return true;
-	%}
+		%}
 	function handle_server_init(msg: RFBServerInit) : bool
-	%{
+		%{
 		state = RFB_MESSAGE;
 		return true;
-	%}
+		%}
 	function handle_security_types(msg: RFBSecurityTypes): bool
-	%{
+		%{
-		if ( msg->sectype() == 0 ) { // No auth
+		if ( msg->sectype() == 0 )
 			{ // No auth
 			state = AWAITING_CLIENT_SHARE_FLAG;
 			return true;
-		}
+			}
-		if ( msg->sectype() == 2 ) { //VNC
+
 		if ( msg->sectype() == 2 )
 			{ //VNC
 			state = AWAITING_SERVER_CHALLENGE;
-		}
+			}
-		return false;
+		return true;
-	%}
+		%}
 	function handle_security_types37(msg: RFBSecurityTypes37): bool
-	%{
+		%{
-		if ( ${msg.count} == 0 ) { // No auth
+		if ( ${msg.count} == 0 )
 			{ // No auth
 			state = AWAITING_CLIENT_SHARE_FLAG;
 			return true;
-		}
+			}
 		state = AWAITING_CLIENT_AUTH_TYPE_SELECTED37;
 		return true;
-	%}
+		%}
 	function handle_auth_type_selected(msg: RFBAuthTypeSelected): bool
-	%{
+		%{
-		if ( ${msg.type} == 30 ) { // Apple Remote Desktop
+		if ( ${msg.type} == 30 )
-			state = AWAITING_SERVER_ARD_CHALLENGE;
+			{ // Apple Remote Desktop
-			return true;
+				state = AWAITING_SERVER_ARD_CHALLENGE;
-		}
+				return true;
 			}
-		if ( ${msg.type} == 1 ) { // No Auth
+		if ( ${msg.type} == 1 )
 			state = AWAITING_SERVER_AUTH_RESULT;
-		} else {
+		else
 			// Assume VNC
 			state = AWAITING_SERVER_CHALLENGE;
-		}
+
 		return true;
-	%}
+		%}
 	%member{
 		uint8 state = AWAITING_SERVER_BANNER;
--- a/src/analyzer/protocol/rfb/rfb-protocol.pac
+++ b/src/analyzer/protocol/rfb/rfb-protocol.pac
@ -16,8 +16,8 @@ enum states {
 		};
 type RFBProtocolVersion (client: bool) = record {
-	header : "RFB ";
+	header: "RFB ";
-	major :bytestring &length=3;
+	major: bytestring &length=3;
 	dot: ".";
 	minor: bytestring &length=3;
 	pad: uint8;
@ -108,8 +108,8 @@ type RFB_PDU_request = record {
 		AWAITING_CLIENT_SHARE_FLAG -> shareflag: RFBClientInit;
 		AWAITING_CLIENT_AUTH_TYPE_SELECTED37 -> authtype: RFBAuthTypeSelected;
 		AWAITING_CLIENT_ARD_RESPONSE -> ard_response: RFBSecurityARDResponse;
-		RFB_MESSAGE -> ignore: bytestring &restofdata;
+		RFB_MESSAGE -> ignore: bytestring &restofdata &transient;
-		default -> data: bytestring &restofdata;
+		default -> data: bytestring &restofdata &transient;
 	} &requires(state);
 	} &let {
 		state: uint8 = $context.connection.get_state(true);
@ -124,8 +124,8 @@ type RFB_PDU_response = record {
 		AWAITING_SERVER_AUTH_RESULT -> authresult : RFBSecurityResult;
 		AWAITING_SERVER_ARD_CHALLENGE -> ard_challenge: RFBSecurityARDChallenge;
 		AWAITING_SERVER_PARAMS -> serverinit: RFBServerInit;
-		RFB_MESSAGE -> ignore: bytestring &restofdata;
+		RFB_MESSAGE -> ignore: bytestring &restofdata &transient;
-		default -> data: bytestring &restofdata;
+		default -> data: bytestring &restofdata &transient;
 	} &requires(rstate);
 	} &let {
 		rstate: uint8 = $context.connection.get_state(false);
--- a/src/analyzer/protocol/rfb/rfb.pac
+++ b/src/analyzer/protocol/rfb/rfb.pac
@ -1,5 +1,3 @@
 # Generated by binpac_quickstart
 # Analyzer for Parser for rfb (VNC)
 #  - rfb-protocol.pac: describes the rfb protocol messages
 #  - rfb-analyzer.pac: describes the rfb analyzer code
@ -26,17 +24,7 @@ connection RFB_Conn(bro_analyzer: BroAnalyzer) {
 # Now we define the flow:
 flow RFB_Flow(is_orig: bool) {
 	# ## TODO: Determine if you want flowunit or datagram parsing:
 	# Using flowunit will cause the anlayzer to buffer incremental input.
 	# This is needed for &oneline and &length. If you don't need this, you'll
 	# get better performance with datagram.
 	# flowunit = RFB_PDU(is_orig) withcontext(connection, this);
 	datagram = RFB_PDU(is_orig) withcontext(connection, this);
 };
 %include rfb-analyzer.pac