PageRenderTime 45ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/nselib/xmpp.lua

https://github.com/prakashgamit/nmap
Lua | 423 lines | 328 code | 33 blank | 62 comment | 35 complexity | 523994f9f56649d4716526514f3794dc MD5 | raw file
Possible License(s): BSD-3-Clause, GPL-2.0, LGPL-2.0, LGPL-2.1 
    

  1. --- A XMPP (Jabber) library, implementing a minimal subset of the protocol
    2. 

  2. -- enough to do authentication brute-force.
    3. 

  3. --
    4. 

  4. -- The XML parsing of tags isn't optimal but there's no other easy way
    5. 

  5. -- (nulls or line-feeds) to match the end of a message. The parse_tag
    6. 

  6. -- method in the XML class was borrowed from the initial xmpp.nse
    7. 

  7. -- script written by Vasiliy Kulikov.
    8. 

  8. --
    9. 

  9. -- The library consist of the following classes:
    10. 

  10. -- * <code>XML<code>			- containing a minimal XML parser written by
    11. 

  11. -- 						  		  Vasiliy Kulikov.
    12. 

  12. -- * <code>TagProcessor</code> 	- Contains processing code for common tags
    13. 

  13. -- * <code>XMPP</code>			- containing the low-level functions used to
    14. 

  14. --								  communicate with the Jabber server.
    15. 

  15. -- * <code>Helper</code>		- containing the main interface for script
    16. 

  16. --								  writers
    17. 

  17. --
    18. 

  18. -- The following sample illustrates how to use the library to authenticate
    19. 

  19. -- to a XMPP sever:
    20. 

  20. -- <code>
    21. 

  21. --	local helper = xmpp.Helper:new(host, port, options)
    22. 

  22. --	local status, err = helper:connect()
    23. 

  23. --  status, err = helper:login(user, pass, "DIGEST-MD5")
    24. 

  24. -- </code>
    25. 

  25. --
    26. 

  26. -- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html
    27. 

  27. -- @author Patrik Karlsson <patrik@cqure.net>
    28. 

  28. --
    29. 

  29. -- Version 0.2
    30. 

  30. -- Created 07/19/2011 - v0.1 - Created by Patrik Karlsson
    31. 

  31. -- Revised 07/22/2011 - v0.2 - Added TagProcessors and two new auth mechs:
    32. 

  32. --								CRAM-MD5 and LOGIN <patrik@cqure.net>
    33. 

  33. 

  34. local base64 = require "base64"
    35. 

  35. local nmap = require "nmap"
    36. 

  36. local sasl = require "sasl"
    37. 

  37. local stdnse = require "stdnse"
    38. 

  38. local string = require "string"
    39. 

  39. local table = require "table"
    40. 

  40. _ENV = stdnse.module("xmpp", stdnse.seeall)
    41. 

  41. 

  42. 

  43. XML = {
    44. 

  44. 	
    45. 

  45. 	-- This is a trivial XML processor written by Vasiliy Kulikov.  It doesn't
    46. 

  46. 	-- fully support XML, but it should be sufficient for the basic XMPP
    47. 

  47. 	-- stream handshake.  If you see stanzas with uncommon symbols, feel
    48. 

  48. 	-- free to enhance these regexps.
    49. 

  49. 	parse_tag = function(s)
    50. 

  50. 	    local _, _, contents, empty, name = string.find(s, "([^<]*)<(/?)([?:%w-]+)")
    51. 

  51. 	    local attrs = {}
    52. 

  52. 	    if not name then
    53. 

  53. 	        return
    54. 

  54. 	    end
    55. 

  55. 	    for k, v in string.gmatch(s, "%s([%w:]+)='([^']+)'") do
    56. 

  56. 	        attrs[k] = v
    57. 

  57. 	    end
    58. 

  58. 	    for k, v in string.gmatch(s, "%s([%w:]+)=\"([^\"]+)\"") do
    59. 

  59. 	        attrs[k] = v
    60. 

  60. 	    end
    61. 

  61. 

  62. 	    local finish = (empty ~= "") or (s:sub(#s-1) == '/>')
    63. 

  63. 

  64. 	    return { name = name,
    65. 

  65. 	             attrs = attrs,
    66. 

  66. 	             start = (empty == ""),
    67. 

  67. 	             contents = contents,
    68. 

  68. 	             finish = finish }
    69. 

  69. 	end,
    70. 

  70. 	
    71. 

  71. }
    72. 

  72. 

  73. TagProcessor = {
    74. 

  74. 	
    75. 

  75. 	["failure"] = function(socket, tag)
    76. 

  76. 		return TagProcessor["success"](socket,tag)
    77. 

  77. 	end,
    78. 

  78. 	
    79. 

  79. 	["success"] = function(socket, tag)
    80. 

  80. 		if ( tag.finish ) then return true end
    81. 

  81. 		local newtag
    82. 

  82. 		repeat
    83. 

  83. 			local status, data = socket:receive_buf(">", true)
    84. 

  84. 			if ( not(status) ) then
    85. 

  85. 				return false, ("ERROR: Failed to process %s tag"):format(tag.name)
    86. 

  86. 			end
    87. 

  87. 			newtag = XML.parse_tag(data)
    88. 

  88. 		until( newtag.finish and newtag.name == tag.name )
    89. 

  89. 		if ( newtag.name == tag.name ) then return true, tag end
    90. 

  90. 		return false, ("ERROR: Failed to process %s tag"):format(tag.name)
    91. 

  91. 	end,
    92. 

  92. 	
    93. 

  93. 	["challenge"] = function(socket, tag)
    94. 

  94. 		local status, data = socket:receive_buf(">", true)
    95. 

  95. 		if ( not(status) ) then return false, "ERROR: Failed to read challenge tag" end
    96. 

  96. 		local tag = XML.parse_tag(data)
    97. 

  97. 		
    98. 

  98. 		if ( not(status) or tag.name ~= "challenge" ) then
    99. 

  99. 			return false, "ERROR: Failed to process challenge" 
    100. 

  100. 		end
    101. 

  101. 		return status, (tag.contents and base64.dec(tag.contents))
    102. 

  102. 	end,
    103. 

  103. 	
    104. 

  104. 	
    105. 

  105. }
    106. 

  106. 

  107. XMPP = {
    108. 

  108. 	
    109. 

  109. 	--- Creates a new instance of the XMPP class
    110. 

  110. 	--
    111. 

  111. 	-- @param host table as receieved by the action function
    112. 

  112. 	-- @param port table as receieved by the action function
    113. 

  113. 	-- @param options table containing options, currently supported
    114. 

  114. 	-- 			<code>timeout</code> - sets the socket timeout
    115. 

  115. 	--			<code>servername</code> - sets the server name to use in
    116. 

  116. 	--										communication with the server.
    117. 

  117. 	--			<code>starttls</code> - start TLS handshake even if it is optional.
    118. 

  118. 	new = function(self, host, port, options)
    119. 

  119. 		local o = { host = host,
    120. 

  120. 					port = port,
    121. 

  121. 					options = options or {},
    122. 

  122. 					auth = { mechs = {} } }
    123. 

  123. 		o.options.timeout = o.options.timeout and o.options.timeout or 10
    124. 

  124. 		o.servername = stdnse.get_hostname(host) or o.options.servername
    125. 

  125. 		setmetatable(o, self)
    126. 

  126.         self.__index = self
    127. 

  127. 		return o
    128. 

  128. 	end,
    129. 

  129. 	
    130. 

  130. 	--- Sends data to XMPP server
    131. 

  131. 	-- @param data string containing data to send to server
    132. 

  132. 	-- @return status true on success false on failure
    133. 

  133. 	-- @return err string containing error message
    134. 

  134. 	send = function(self, data)
    135. 

  135. 	
    136. 

  136. 		-- this ain't pretty, but we try to "flush" what's left of the receive
    137. 

  137. 		-- buffer, prior to send. This way we account for not reading to the
    138. 

  138. 		-- end of one message resulting in the next read reading from our
    139. 

  139. 		-- previous message.
    140. 

  140. 		self.socket:set_timeout(1)
    141. 

  141. 		repeat
    142. 

  142. 			local status = self.socket:receive_buf("\0", false)
    143. 

  143. 		until(not(status))
    144. 

  144. 		self.socket:set_timeout(self.options.timeout * 1000)
    145. 

  145. 	
    146. 

  146. 		return self.socket:send(data) 
    147. 

  147. 	end,
    148. 

  148. 	
    149. 

  149. 	--- Receives a XML tag from the server
    150. 

  150. 	--
    151. 

  151. 	-- @param tag [optional] if unset, receives the next available tag
    152. 

  152. 	--						 if set, reads until the given tag has been found
    153. 

  153. 	-- @param close [optional] if set, matches a closing tag
    154. 

  154. 	receive_tag = function(self, tag, close)
    155. 

  155. 		local result
    156. 

  156. 	    repeat
    157. 

  157. 			local status, data = self.socket:receive_buf(">", true)
    158. 

  158. 			if ( not(status) ) then return false, data end
    159. 

  159. 	    	result = XML.parse_tag(data)
    160. 

  160. 		until( ( not(tag) and (close == nil or result.finish == close ) ) or 
    161. 

  161. 				( tag == result.name and ( close == nil or result.finish == close ) ) )
    162. 

  162. 		return true, result
    163. 

  163. 	end,
    164. 

  164. 		
    165. 

  165. 	--- Connects to the XMPP server
    166. 

  166. 	-- @return status true on success, false on failure
    167. 

  167. 	-- @return err string containing an error message if status is false
    168. 

  168. 	connect = function(self)
    169. 

  169. 		assert(self.servername, 
    170. 

  170. 				"Cannot connect to XMPP server without valid server name")
    171. 

  171. 		
    172. 

  172. 		-- we may be reconnecting using SSL		
    173. 

  173. 		if ( not(self.socket) ) then
    174. 

  174. 			self.socket = nmap.new_socket()
    175. 

  175. 			self.socket:set_timeout(self.options.timeout * 1000)
    176. 

  176. 			local status, err = self.socket:connect(self.host, self.port)
    177. 

  177. 			if ( not(status) ) then
    178. 

  178. 				return false, err
    179. 

  179. 			end
    180. 

  180. 		end
    181. 

  181. 		local data = ("<?xml version='1.0' ?><stream:stream to='%s' xmlns='jabber:client'" ..
    182. 

  182. 						" xmlns:stream='http://etherx.jabber.org/streams'" ..
    183. 

  183. 						" version='1.0'>"):format(self.servername)
    184. 

  184. 						
    185. 

  185. 		local status, err = self:send(data)
    186. 

  186. 		if ( not(status) ) then return false, "ERROR: Failed to connect to server" end
    187. 

  187. 

  188. 		local version, start_tls
    189. 

  189. 		repeat
    190. 

  190. 			local status, tag = self:receive_tag()
    191. 

  191. 			if ( not(status) ) then return false, "ERROR: Failed to connect to server" end
    192. 

  192. 

  193. 			if ( tag.name == "stream:stream" ) then
    194. 

  194. 				version = tag.attrs and tag.attrs.version
    195. 

  195. 			elseif ( tag.name == "starttls" and tag.start ) then
    196. 

  196. 				status, tag = self:receive_tag()
    197. 

  197. 				if ( not(status) ) then 
    198. 

  198. 					return false, "ERROR: Failed to connect to server"
    199. 

  199. 				end
    200. 

  200. 				if ( tag.name ~= "starttls" ) then
    201. 

  201. 					start_tls = tag.name
    202. 

  202. 				else
    203. 

  203. 					start_tls = "optional"
    204. 

  204. 				end
    205. 

  205. 			elseif ( tag.name == "mechanism" and tag.finish ) then
    206. 

  206. 				self.auth.mechs[tag.contents] = true
    207. 

  207. 			end
    208. 

  208. 		until(tag.name == "stream:features" and tag.finish)
    209. 

  209. 		
    210. 

  210. 		if ( version ~= "1.0" ) then
    211. 

  211. 			return false, "ERROR: Only version 1.0 is supported"
    212. 

  212. 		end
    213. 

  213. 		
    214. 

  214. 		if ( start_tls == "required" or self.options.starttls) then
    215. 

  215. 			status, err = self:send("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>")
    216. 

  216. 			if ( not(status) ) then return false, "ERROR: Failed to initiate STARTTLS" end
    217. 

  217. 			local status, tag = self:receive_tag()
    218. 

  218. 			if ( not(status) ) then return false, "ERROR: Failed to recevice from server" end
    219. 

  219. 			if ( tag.name == "proceed" ) then
    220. 

  220. 				status, err = self.socket:reconnect_ssl()
    221. 

  221. 				self.options.starttls = false
    222. 

  222. 				return self:connect()
    223. 

  223. 			end
    224. 

  224. 		end
    225. 

  225. 		
    226. 

  226. 		return true
    227. 

  227. 	end,
    228. 

  228. 	
    229. 

  229. 	--- Logs in to the XMPP server
    230. 

  230. 	--
    231. 

  231. 	-- @param username string
    232. 

  232. 	-- @param password string
    233. 

  233. 	-- @param mech string containing a supported authentication mechanism
    234. 

  234. 	-- @return status true on success, false on failure
    235. 

  235. 	-- @return err string containing error message if status is false
    236. 

  236. 	login = function(self, username, password, mech)
    237. 

  237. 		assert(mech == "PLAIN" or
    238. 

  238. 		 		mech == "DIGEST-MD5" or
    239. 

  239. 				mech == "CRAM-MD5" or
    240. 

  240. 				mech == "LOGIN", 
    241. 

  241. 				"Unsupported authentication mechanism")
    242. 

  242. 		
    243. 

  243. 		local auth = ("<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' " ..
    244. 

  244. 						"mechanism='%s'/>"):format(mech)
    245. 

  245. 		
    246. 

  246. 		-- we currently don't do anything with the realm
    247. 

  247. 		local realm
    248. 

  248. 

  249. 		-- we need to cut the @domain.tld from the username
    250. 

  250. 		if ( username:match("@") ) then
    251. 

  251. 			username, realm = username:match("^(.*)@(.*)$")
    252. 

  252. 		end
    253. 

  253. 		
    254. 

  254. 		local status, result			
    255. 

  255. 		
    256. 

  256. 		if ( mech == "PLAIN" ) then
    257. 

  257. 			local mech_params = { username, password }
    258. 

  258. 			local auth_data = sasl.Helper:new(mech):encode(table.unpack(mech_params))
    259. 

  259. 			auth = ("<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' " ..
    260. 

  260. 							"mechanism='%s'>%s</auth>"):format(mech, base64.enc(auth_data))
    261. 

  261. 

  262. 			status, result = self.socket:send(auth)
    263. 

  263. 			if ( not(status) ) then return false, "ERROR: Failed to send SASL PLAIN authentication" end
    264. 

  264. 

  265. 			status, result = self:receive_tag()
    266. 

  266. 			if ( not(status) ) then return false, "ERROR: Failed to receive login response" end
    267. 

  267. 			
    268. 

  268. 			if ( result.name == "failure" ) then
    269. 

  269. 				status = TagProcessor[result.name](self.socket, result)
    270. 

  270. 			end
    271. 

  271. 		else
    272. 

  272. 			local status, err = self.socket:send(auth)
    273. 

  273. 			if(not(status)) then return false, "ERROR: Failed to initiate SASL login" end
    274. 

  274. 

  275. 			local chall
    276. 

  276. 			status, result = self:receive_tag()
    277. 

  277. 			if ( not(status) ) then return false, "ERROR: Failed to retrieve challenge" end
    278. 

  278. 			status, chall = TagProcessor[result.name](self.socket, result)
    279. 

  279. 						
    280. 

  280. 			if ( mech == "LOGIN" ) then
    281. 

  281. 				if ( chall ~= "User Name" ) then
    282. 

  282. 					return false, ("ERROR: Login expected 'User Name' received: %s"):format(chall)
    283. 

  283. 				end
    284. 

  284. 				self.socket:send("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" ..
    285. 

  285. 									base64.enc(username) ..
    286. 

  286. 									"</response>")
    287. 

  287. 								
    288. 

  288. 				status, result = self:receive_tag()
    289. 

  289. 				if ( not(status) or result.name ~= "challenge") then
    290. 

  290. 					return false, "ERROR: Receiving tag from server"
    291. 

  291. 				end
    292. 

  292. 				status, chall = TagProcessor[result.name](self.socket, result)
    293. 

  293. 				
    294. 

  294. 				if ( chall ~= "Password" ) then
    295. 

  295. 					return false, ("ERROR: Login expected 'Password' received: %s"):format(chall)
    296. 

  296. 				end	
    297. 

  297. 				
    298. 

  298. 				self.socket:send("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" ..
    299. 

  299. 									base64.enc(password) ..
    300. 

  300. 									"</response>")
    301. 

  301. 				
    302. 

  302. 				status, result = self:receive_tag()
    303. 

  303. 				if ( not(status) ) then return false, "ERROR: Failed to receive login challenge" end
    304. 

  304. 				if ( result.name == "failure" ) then
    305. 

  305. 					status = TagProcessor[result.name](self.socket, result)
    306. 

  306. 					return false, "Login failed"
    307. 

  307. 				end
    308. 

  308. 			else
    309. 

  309. 				local mech_params = { username, password, chall, "xmpp", "xmpp/" .. self.servername  }
    310. 

  310. 				local auth_data = sasl.Helper:new(mech):encode(table.unpack(mech_params))
    311. 

  311. 				auth_data = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" ..
    312. 

  312. 				base64.enc(auth_data) .. "</response>"
    313. 

  313. 

  314. 				status, err = self.socket:send(auth_data)
    315. 

  315. 

  316. 				-- read to the end tag regardless of what it is
    317. 

  317. 				-- it should be one of either: success, challenge or error
    318. 

  318. 				repeat
    319. 

  319. 					status, result = self:receive_tag()
    320. 

  320. 					if ( not(status) ) then return false, "ERROR: Failed to receive login challenge" end
    321. 

  321. 				
    322. 

  322. 					if ( result.name == "failure" ) then
    323. 

  323. 						status = TagProcessor[result.name](self.socket, result)
    324. 

  324. 						return false, "Login failed"
    325. 

  325. 					elseif ( result.name == "success" ) then
    326. 

  326. 						status = TagProcessor[result.name](self.socket, result)
    327. 

  327. 						if ( not(status) ) then return false, "Failed to process success message" end
    328. 

  328. 						return true, "Login success"
    329. 

  329. 					elseif ( result.name ~= "challenge" ) then
    330. 

  330. 						return false, "ERROR: Failed to receive login challenge" 
    331. 

  331. 					end
    332. 

  332. 				until( result.name == "challenge" and result.finish )
    333. 

  333. 

  334. 				if ( result.name == "challenge" and mech == "DIGEST-MD5" ) then
    335. 

  335. 					status, result = self.socket:send("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>")
    336. 

  336. 					if ( not(status) ) then return false, "ERROR: Failed to send DIGEST-MD5 request" end
    337. 

  337. 					status, result = self:receive_tag()
    338. 

  338. 					if ( not(status) ) then return false, "ERROR: Failed to receive DIGEST-MD5 response" end
    339. 

  339. 				end				
    340. 

  340. 			end
    341. 

  341. 		end
    342. 

  342. 		if ( result.name == "success" ) then
    343. 

  343. 			return true, "Login success"
    344. 

  344. 		end
    345. 

  345. 		
    346. 

  346. 		return false, "Login failed"
    347. 

  347. 	end,
    348. 

  348. 	
    349. 

  349. 	--- Retrieves the available authentication mechanisms
    350. 

  350. 	-- @return table containing all available authentication mechanisms
    351. 

  351. 	getAuthMechs = function(self) return self.auth.mechs end,
    352. 

  352. 	
    353. 

  353. 	--- Disconnects the socket from the server
    354. 

  354. 	-- @return status true on success, false on failure
    355. 

  355. 	disconnect = function(self) 
    356. 

  356. 		local status, err = self.socket:close() 
    357. 

  357. 		self.socket = nil
    358. 

  358. 		return status, err
    359. 

  359. 	end,
    360. 

  360. 		
    361. 

  361. }
    362. 

  362. 

  363. 

  364. Helper = {
    365. 

  365. 	
    366. 

  366. 	--- Creates a new Helper instance
    367. 

  367. 	-- @param host table as receieved by the action function
    368. 

  368. 	-- @param port table as receieved by the action function
    369. 

  369. 	-- @param options table containing options, currently supported
    370. 

  370. 	-- 			<code>timeout</code> - sets the socket timeout
    371. 

  371. 	--			<code>servername</code> - sets the server name to use in
    372. 

  372. 	--										communication with the server.
    373. 

  373. 	new = function(self, host, port, options)
    374. 

  374. 		local o = { host = host,
    375. 

  375. 					port = port,
    376. 

  376. 					options = options or {},
    377. 

  377. 					xmpp = XMPP:new(host, port, options),
    378. 

  378. 					state = "" }
    379. 

  379. 		setmetatable(o, self)
    380. 

  380. 		self.__index = self
    381. 

  381. 		return o
    382. 

  382. 	end,
    383. 

  383. 	
    384. 

  384. 	--- Connects to the XMPP server and starts the initial communication
    385. 

  385. 	-- @return status true on success, false on failure
    386. 

  386. 	-- @return err string containing an error message is status is false
    387. 

  387. 	connect = function(self)
    388. 

  388. 		if ( not(self.host.targetname) and
    389. 

  389. 			 not(self.options.servername) ) then
    390. 

  390. 			return false, "ERROR: Cannot connect to XMPP server without valid server name"
    391. 

  391. 		end
    392. 

  392. 		self.state = "CONNECTED"
    393. 

  393. 		return self.xmpp:connect()
    394. 

  394. 	end,
    395. 

  395. 	
    396. 

  396. 	--- Login to the XMPP server
    397. 

  397. 	--
    398. 

  398. 	-- @param username string
    399. 

  399. 	-- @param password string
    400. 

  400. 	-- @param mech string containing a supported authentication mechanism
    401. 

  401. 	-- 			(@see <code>getAuthMechs</code>)
    402. 

  402. 	login = function(self, username, password, mech)
    403. 

  403. 		return self.xmpp:login(username, password, mech)
    404. 

  404. 	end,
    405. 

  405. 	
    406. 

  406. 	--- Retrieves the available authentication mechanisms
    407. 

  407. 	-- @return table containing all available authentication mechanisms
    408. 

  408. 	getAuthMechs = function(self)
    409. 

  409. 		if ( self.state == "CONNECTED" ) then
    410. 

  410. 			return self.xmpp:getAuthMechs()
    411. 

  411. 		end
    412. 

  412. 		return
    413. 

  413. 	end,
    414. 

  414. 

  415. 	--- Closes the connection to the server
    416. 

  416. 	close = function(self)
    417. 

  417. 		self.xmpp:disconnect()
    418. 

  418. 		self.state = "DISCONNECTED"
    419. 

  419. 	end,
    420. 

  420. 	
    421. 

  421. }
    422. 

  422. 

  423. return _ENV;
    424. 

  424.