mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 13:08:20 +00:00
123 lines
2.2 KiB
C++
123 lines
2.2 KiB
C++
// This code contributed to Zeek/Bro by Florian Schimandl and Hugh Dollman.
|
|
//
|
|
// An analyser for the POP3 protocol.
|
|
|
|
#pragma once
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "zeek/analyzer/protocol/mime/MIME.h"
|
|
#include "zeek/analyzer/protocol/tcp/ContentLine.h"
|
|
#include "zeek/analyzer/protocol/tcp/TCP.h"
|
|
|
|
#undef POP3_CMD_DEF
|
|
#define POP3_CMD_DEF(cmd) POP3_CMD_##cmd,
|
|
|
|
namespace zeek::analyzer::pop3
|
|
{
|
|
namespace detail
|
|
{
|
|
|
|
enum POP3_Cmd
|
|
{
|
|
#include "POP3_cmd.def"
|
|
};
|
|
|
|
enum POP3_MasterState
|
|
{
|
|
POP3_START,
|
|
POP3_AUTHORIZATION,
|
|
POP3_TRANSACTION,
|
|
POP3_UPDATE,
|
|
POP3_FINISHED,
|
|
};
|
|
|
|
enum POP3_State
|
|
{
|
|
START,
|
|
USER,
|
|
PASS,
|
|
APOP,
|
|
AUTH,
|
|
AUTH_PLAIN,
|
|
AUTH_LOGIN,
|
|
AUTH_CRAM_MD5,
|
|
NOOP,
|
|
LAST,
|
|
STAT,
|
|
LIST,
|
|
RETR,
|
|
DELE,
|
|
UIDL,
|
|
TOP,
|
|
QUIT,
|
|
RSET,
|
|
CAPA,
|
|
STLS,
|
|
XSENDER,
|
|
MISC,
|
|
END,
|
|
};
|
|
|
|
enum POP3_SubState
|
|
{
|
|
POP3_OK,
|
|
POP3_WOK,
|
|
};
|
|
|
|
} // namespace detail
|
|
|
|
class POP3_Analyzer final : public analyzer::tcp::TCP_ApplicationAnalyzer
|
|
{
|
|
public:
|
|
explicit POP3_Analyzer(Connection* conn);
|
|
~POP3_Analyzer() override;
|
|
|
|
void Done() override;
|
|
void DeliverStream(int len, const u_char* data, bool orig) override;
|
|
|
|
static analyzer::Analyzer* Instantiate(Connection* conn) { return new POP3_Analyzer(conn); }
|
|
|
|
protected:
|
|
int masterState;
|
|
int subState;
|
|
int state;
|
|
int lastState;
|
|
bool multiLine;
|
|
bool guessing;
|
|
bool requestForMultiLine;
|
|
bool waitingForAuthentication;
|
|
int lastRequiredCommand;
|
|
int authLines;
|
|
|
|
std::string user;
|
|
std::string password;
|
|
|
|
void ProcessRequest(int length, const char* line);
|
|
void ProcessReply(int length, const char* line);
|
|
void NotAllowed(const char* cmd, const char* state);
|
|
void ProcessClientCmd();
|
|
void FinishClientCmd();
|
|
void BeginData(bool orig);
|
|
void ProcessData(int length, const char* line);
|
|
void EndData();
|
|
void StartTLS();
|
|
|
|
std::vector<std::string> TokenizeLine(const std::string& input, char split);
|
|
int ParseCmd(std::string cmd);
|
|
void AuthSuccessful();
|
|
void POP3Event(EventHandlerPtr event, bool is_orig, const char* arg1 = nullptr,
|
|
const char* arg2 = nullptr);
|
|
|
|
analyzer::mime::MIME_Mail* mail;
|
|
std::list<std::string> cmds;
|
|
zeek_uint_t unknown_client_cmds;
|
|
|
|
private:
|
|
bool tls;
|
|
analyzer::tcp::ContentLine_Analyzer* cl_orig;
|
|
analyzer::tcp::ContentLine_Analyzer* cl_resp;
|
|
};
|
|
|
|
} // namespace zeek::analyzer::pop3
|