2012-04-03 18:37:24 +02:00
|
|
|
|
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
struct thread_data
|
|
|
|
rb 1024
|
|
|
|
stack rb 0
|
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
home_dir rb 1024 ; home directory in wich the user is locked, asciiz
|
|
|
|
work_dir rb 1024 ; working directory, must at all times begin and end with a '/', asciiz
|
|
|
|
fpath rb 1024*3 ; file path, combination of home_dir, work_dir and filename
|
|
|
|
; Will also be used to temporarily store username
|
2012-04-06 20:37:00 +02:00
|
|
|
|
|
|
|
type db ? ; ASCII/EBDIC/IMAGE/..
|
|
|
|
mode db ? ; active/passive
|
|
|
|
socketnum dd ? ; Commands socket
|
|
|
|
state dd ? ; disconnected/logging in/logged in/..
|
|
|
|
passivesocknum dd ? ; when in passive mode, this is the listening socket
|
|
|
|
datasocketnum dd ? ; socket used for data transfers
|
2012-04-13 17:54:21 +02:00
|
|
|
permissions dd ? ; read/write/execute/....
|
2012-04-10 21:44:51 +02:00
|
|
|
buffer_ptr dd ?
|
2012-04-17 22:00:07 +02:00
|
|
|
pid dd ? ; Process id of the current thread
|
2012-04-06 20:37:00 +02:00
|
|
|
|
|
|
|
datasock sockaddr_in
|
|
|
|
|
|
|
|
buffer rb BUFFERSIZE
|
|
|
|
ends
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; parse_cmd
|
|
|
|
;
|
|
|
|
; Internal function wich uses the 'commands'
|
|
|
|
; table to call an appropriate cmd_xx function.
|
|
|
|
;
|
|
|
|
; input: esi = ptr to ascii commands
|
|
|
|
; ecx = number of bytes input
|
2012-04-13 01:32:43 +02:00
|
|
|
; ebp = pointer to thread_data structure
|
2012-04-10 21:44:51 +02:00
|
|
|
;
|
|
|
|
; output: none
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
parse_cmd: ; esi must point to command
|
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
cmp byte [esi], 0x20 ; skip all leading characters
|
|
|
|
ja .ok
|
|
|
|
inc esi
|
|
|
|
dec ecx
|
|
|
|
cmp ecx, 3
|
2012-04-10 21:44:51 +02:00
|
|
|
jb .error
|
|
|
|
jmp parse_cmd
|
2012-04-06 20:37:00 +02:00
|
|
|
.ok:
|
2012-04-03 22:28:26 +02:00
|
|
|
cmp byte [esi+3], 0x20
|
2012-04-10 21:44:51 +02:00
|
|
|
ja @f
|
2012-04-03 22:28:26 +02:00
|
|
|
mov byte [esi+3], 0
|
|
|
|
@@:
|
|
|
|
|
2012-04-03 18:37:24 +02:00
|
|
|
mov eax, [esi]
|
|
|
|
and eax, not 0x20202020 ; convert to upper case
|
|
|
|
mov edi, commands ; list of commands to scan
|
|
|
|
.scanloop:
|
|
|
|
cmp eax, [edi]
|
2012-04-10 21:44:51 +02:00
|
|
|
je .got_it
|
2012-04-03 18:37:24 +02:00
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
add edi, 5*4
|
2012-04-03 18:37:24 +02:00
|
|
|
cmp byte [edi], 0
|
|
|
|
jne .scanloop
|
|
|
|
|
|
|
|
.error:
|
2012-04-13 01:32:43 +02:00
|
|
|
cmp [ebp + thread_data.state], STATE_ACTIVE
|
2012-04-10 21:44:51 +02:00
|
|
|
jb login_first
|
|
|
|
sendFTP "500 Unsupported command"
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
.got_it:
|
2012-04-13 01:32:43 +02:00
|
|
|
mov eax, [ebp + thread_data.state]
|
2012-04-10 21:44:51 +02:00
|
|
|
jmp dword [edi + 4 + eax]
|
|
|
|
|
2012-04-03 18:37:24 +02:00
|
|
|
|
|
|
|
align 4
|
2012-04-20 12:02:31 +02:00
|
|
|
iglobal
|
2012-04-04 15:08:07 +02:00
|
|
|
commands: ; all commands must be in uppercase
|
2012-04-03 18:37:24 +02:00
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
dd 'ABOR', login_first, login_first, login_first, cmdABOR
|
|
|
|
; dd 'ACCT', login_first, login_first, login_first, cmd_ACCT
|
|
|
|
; dd 'APPE', login_first, login_first, login_first, cmd_APPE
|
|
|
|
dd 'CDUP', login_first, login_first, login_first, cmdCDUP
|
|
|
|
dd 'CWD', login_first, login_first, login_first, cmdCWD
|
|
|
|
dd 'DELE', login_first, login_first, login_first, cmdDELE
|
|
|
|
; dd 'HELP', login_first, login_first, login_first, cmd_HELP
|
|
|
|
dd 'LIST', login_first, login_first, login_first, cmdLIST
|
|
|
|
; dd 'MDTM', login_first, login_first, login_first, cmd_MDTM
|
|
|
|
; dd 'MKD', login_first, login_first, login_first, cmd_MKD
|
|
|
|
; dd 'MODE', login_first, login_first, login_first, cmd_MODE
|
|
|
|
dd 'NLST', login_first, login_first, login_first, cmdNLST
|
|
|
|
dd 'NOOP', login_first, login_first, login_first, cmdNOOP
|
|
|
|
dd 'PASS', cmdPASS.0, cmdPASS , cmdPASS.2, cmdPASS.3
|
|
|
|
dd 'PASV', login_first, login_first, login_first, cmdPASV
|
|
|
|
dd 'PORT', login_first, login_first, login_first, cmdPORT
|
|
|
|
dd 'PWD', login_first, login_first, login_first, cmdPWD
|
|
|
|
dd 'QUIT', cmdQUIT, cmdQUIT, cmdQUIT, cmdQUIT
|
|
|
|
; dd 'REIN', login_first, login_first, login_first, cmd_REIN
|
|
|
|
; dd 'REST', login_first, login_first, login_first, cmd_REST
|
|
|
|
dd 'RETR', login_first, login_first, login_first, cmdRETR
|
|
|
|
; dd 'RMD', login_first, login_first, login_first, cmd_RMD
|
|
|
|
; dd 'RNFR', login_first, login_first, login_first, cmd_RNFR
|
|
|
|
; dd 'RNTO', login_first, login_first, login_first, cmd_RNTO
|
|
|
|
; dd 'SITE', login_first, login_first, login_first, cmd_SITE
|
|
|
|
; dd 'SIZE', login_first, login_first, login_first, cmd_SIZE
|
|
|
|
; dd 'STAT', login_first, login_first, login_first, cmd_STAT
|
|
|
|
dd 'STOR', login_first, login_first, login_first, cmdSTOR
|
|
|
|
; dd 'STOU', login_first, login_first, login_first, cmd_STOU
|
|
|
|
; dd 'STRU', login_first, login_first, login_first, cmd_STRU
|
|
|
|
dd 'SYST', login_first, login_first, login_first, cmdSYST
|
|
|
|
dd 'TYPE', login_first, login_first, login_first, cmdTYPE
|
|
|
|
dd 'USER', cmdUSER, cmdUSER, cmdUSER, cmdUSER.2
|
|
|
|
db 0 ; end marker
|
2012-04-20 12:02:31 +02:00
|
|
|
endg
|
2012-04-03 18:37:24 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
align 4
|
|
|
|
login_first:
|
|
|
|
sendFTP "530 Please login with USER and PASS"
|
|
|
|
ret
|
2012-04-03 18:37:24 +02:00
|
|
|
|
|
|
|
align 4
|
2012-04-10 21:44:51 +02:00
|
|
|
permission_denied:
|
|
|
|
sendFTP "550 Permission denied"
|
|
|
|
ret
|
2012-04-03 18:37:24 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
align 4
|
|
|
|
socketerror:
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke con_set_flags, 0x0c
|
|
|
|
invoke con_write_asciiz, str_sockerr
|
|
|
|
invoke con_set_flags, 0x07
|
2012-04-06 20:37:00 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "425 Can't open data connection"
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
align 4
|
|
|
|
abort_transfer:
|
2012-04-13 01:32:43 +02:00
|
|
|
and [ebp + thread_data.permissions], not ABORT
|
|
|
|
mov [ebp + thread_data.mode], MODE_NOTREADY
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke file.close, ebx
|
2012-04-13 01:32:43 +02:00
|
|
|
mcall close, [ebp + thread_data.datasocketnum]
|
2012-04-12 11:58:58 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "530 Transfer aborted"
|
|
|
|
ret
|
|
|
|
|
|
|
|
align 4
|
|
|
|
ip_to_dword: ; esi = ptr to str, cl = separator ('.', ',')
|
|
|
|
|
|
|
|
call ascii_to_byte
|
2012-04-12 11:58:58 +02:00
|
|
|
mov bl, al
|
2012-04-10 21:44:51 +02:00
|
|
|
cmp byte [esi], cl
|
|
|
|
jne .err
|
2012-04-12 11:58:58 +02:00
|
|
|
inc esi
|
2012-04-10 21:44:51 +02:00
|
|
|
|
|
|
|
call ascii_to_byte
|
|
|
|
mov bh, al
|
|
|
|
cmp byte [esi], cl
|
|
|
|
jne .err
|
2012-04-12 11:58:58 +02:00
|
|
|
inc esi
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
shl ebx, 16
|
|
|
|
|
|
|
|
call ascii_to_byte
|
2012-04-12 11:58:58 +02:00
|
|
|
mov bl, al
|
2012-04-10 21:44:51 +02:00
|
|
|
cmp byte [esi], cl
|
|
|
|
jne .err
|
2012-04-12 11:58:58 +02:00
|
|
|
inc esi
|
2012-04-10 21:44:51 +02:00
|
|
|
|
|
|
|
call ascii_to_byte
|
|
|
|
mov bh, al
|
|
|
|
|
|
|
|
ror ebx, 16
|
|
|
|
ret
|
|
|
|
|
|
|
|
.err:
|
|
|
|
xor ebx, ebx
|
|
|
|
ret
|
|
|
|
|
|
|
|
align 4 ; esi = ptr to str, output in eax
|
|
|
|
ascii_to_byte:
|
|
|
|
|
|
|
|
xor eax, eax
|
|
|
|
push ebx
|
|
|
|
|
|
|
|
.loop:
|
|
|
|
movzx ebx, byte[esi]
|
|
|
|
sub bl, '0'
|
|
|
|
jb .done
|
|
|
|
cmp bl, 9
|
|
|
|
ja .done
|
|
|
|
lea eax, [eax*4 + eax] ;
|
|
|
|
shl eax, 1 ; eax = eax * 10
|
|
|
|
add eax, ebx
|
|
|
|
inc esi
|
|
|
|
|
|
|
|
jmp .loop
|
|
|
|
|
|
|
|
.done:
|
|
|
|
pop ebx
|
|
|
|
ret
|
|
|
|
|
|
|
|
align 4
|
|
|
|
dword_to_ascii: ; edi = ptr where to write, eax is number
|
|
|
|
|
|
|
|
push edx ebx ecx
|
|
|
|
mov ebx, 10
|
|
|
|
xor ecx, ecx
|
|
|
|
|
|
|
|
@@:
|
|
|
|
xor edx, edx
|
|
|
|
div ebx
|
|
|
|
add edx, '0'
|
|
|
|
pushw dx
|
|
|
|
inc ecx
|
|
|
|
test eax, eax
|
|
|
|
jnz @r
|
|
|
|
|
|
|
|
@@:
|
|
|
|
popw ax
|
|
|
|
stosb
|
|
|
|
dec ecx
|
|
|
|
jnz @r
|
|
|
|
|
|
|
|
pop ecx ebx edx
|
|
|
|
ret
|
|
|
|
|
|
|
|
align 4
|
|
|
|
create_path: ; combine home_dir and work_dir strings into fpath
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edi, [ebp + thread_data.fpath]
|
|
|
|
lea esi, [ebp + thread_data.home_dir]
|
2012-04-10 21:44:51 +02:00
|
|
|
mov ecx, 1024
|
|
|
|
.loop1:
|
|
|
|
lodsb
|
2012-04-12 11:58:58 +02:00
|
|
|
cmp al, 0x20
|
|
|
|
jb .next
|
2012-04-10 21:44:51 +02:00
|
|
|
stosb
|
|
|
|
loop .loop1
|
|
|
|
.next:
|
|
|
|
|
|
|
|
cmp byte[edi-1], '/'
|
|
|
|
jne @f
|
|
|
|
dec edi
|
|
|
|
@@:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea esi, [ebp + thread_data.work_dir]
|
2012-04-10 21:44:51 +02:00
|
|
|
mov ecx, 1024
|
|
|
|
.loop2:
|
|
|
|
lodsb
|
2012-04-12 11:58:58 +02:00
|
|
|
cmp al, 0x20
|
|
|
|
jb .done
|
2012-04-10 21:44:51 +02:00
|
|
|
stosb
|
|
|
|
loop .loop2
|
|
|
|
|
|
|
|
.done:
|
2012-04-12 11:58:58 +02:00
|
|
|
xor al, al
|
2012-04-10 21:44:51 +02:00
|
|
|
stosb
|
|
|
|
ret
|
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
|
|
|
|
align 4
|
|
|
|
nextpasvport:
|
|
|
|
|
|
|
|
inc [pasv_port]
|
|
|
|
|
|
|
|
mov ax, [pasv_port]
|
|
|
|
cmp ax, [pasv_start]
|
|
|
|
jb .restart
|
|
|
|
cmp ax, [pasv_end]
|
|
|
|
ja .restart
|
|
|
|
|
|
|
|
ret
|
|
|
|
|
|
|
|
.restart:
|
|
|
|
pushw [pasv_start]
|
|
|
|
popw [pasv_port]
|
|
|
|
|
|
|
|
ret
|
|
|
|
|
|
|
|
|
2012-07-27 01:24:24 +02:00
|
|
|
align 4
|
|
|
|
open_datasock:
|
|
|
|
|
|
|
|
cmp [ebp + thread_data.mode], MODE_PASSIVE_OK
|
|
|
|
je .start
|
|
|
|
|
|
|
|
; If we are in active mode, it's time to open a data socket..
|
|
|
|
cmp [ebp + thread_data.mode], MODE_ACTIVE
|
|
|
|
jne .not_active
|
|
|
|
mov ecx, [ebp + thread_data.datasocketnum]
|
|
|
|
lea edx, [ebp + thread_data.datasock]
|
|
|
|
mov esi, sizeof.thread_data.datasock
|
|
|
|
mcall connect
|
|
|
|
cmp eax, -1
|
|
|
|
jne .start
|
|
|
|
|
|
|
|
.socketerror:
|
|
|
|
add esp, 4
|
|
|
|
jmp socketerror
|
|
|
|
|
|
|
|
; If we are still in passive_wait, it's time we accept an incomming call..
|
|
|
|
.not_active:
|
|
|
|
cmp [ebp + thread_data.mode], MODE_PASSIVE_WAIT
|
|
|
|
jne .socketerror
|
|
|
|
|
|
|
|
.try_now:
|
|
|
|
mov ecx, [ebp + thread_data.passivesocknum]
|
|
|
|
lea edx, [ebp + thread_data.datasock]
|
|
|
|
mov esi, sizeof.thread_data.datasock
|
|
|
|
mcall accept
|
|
|
|
cmp eax, -1
|
|
|
|
jne .pasv_ok
|
|
|
|
mov [ebp + thread_data.mode], MODE_PASSIVE_FAILED ; assume that we will fail
|
|
|
|
mcall 23, 200
|
|
|
|
mcall accept
|
|
|
|
cmp eax, -1
|
|
|
|
je .socketerror
|
|
|
|
.pasv_ok:
|
|
|
|
mov [ebp + thread_data.datasocketnum], eax
|
|
|
|
mov [ebp + thread_data.mode], MODE_PASSIVE_OK
|
|
|
|
mcall close ; [ebp + thread_data.passivesocknum]
|
|
|
|
mov [ebp + thread_data.passivesocknum], -1
|
|
|
|
invoke con_write_asciiz, str_datasock
|
|
|
|
|
|
|
|
.start:
|
|
|
|
ret
|
|
|
|
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "ABOR"
|
|
|
|
;
|
|
|
|
; This command aborts the current filetransfer.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
|
|
|
align 4
|
|
|
|
cmdABOR:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
or [ebp + thread_data.permissions], ABORT
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "250 Command succesul"
|
|
|
|
ret
|
|
|
|
|
|
|
|
;------------------------------------------------
|
|
|
|
; "CDUP"
|
|
|
|
;
|
|
|
|
; Change the directory to move up one level.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-05 15:00:39 +02:00
|
|
|
align 4
|
|
|
|
cmdCDUP:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], PERMISSION_CD
|
2012-04-10 21:44:51 +02:00
|
|
|
jz permission_denied
|
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
cmp byte [ebp + thread_data.work_dir+1], 0 ; are we in "/" ?
|
|
|
|
je .done ; if so, we cant go up..
|
2012-04-05 15:00:39 +02:00
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
; find the end of asciiz string work_dir
|
2012-04-05 15:00:39 +02:00
|
|
|
mov ecx, 1024
|
|
|
|
xor al, al
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edi, [ebp + thread_data.work_dir]
|
2012-04-05 15:00:39 +02:00
|
|
|
repne scasb
|
2012-04-13 17:54:21 +02:00
|
|
|
; return 2 characters (right before last /)
|
2012-04-13 01:32:43 +02:00
|
|
|
sub edi, 3
|
2012-04-13 17:54:21 +02:00
|
|
|
; and now search backwards, for a '/'
|
2012-04-05 15:00:39 +02:00
|
|
|
mov al,'/'
|
2012-04-13 01:32:43 +02:00
|
|
|
neg ecx
|
|
|
|
add ecx, 1024
|
2012-04-13 17:54:21 +02:00
|
|
|
std
|
2012-04-07 20:42:58 +02:00
|
|
|
repne scasb
|
2012-04-05 15:00:39 +02:00
|
|
|
cld
|
2012-04-13 17:54:21 +02:00
|
|
|
; terminate the string here
|
|
|
|
mov byte[edi+2], 0
|
2012-04-05 15:00:39 +02:00
|
|
|
|
|
|
|
.done:
|
2012-04-07 20:42:58 +02:00
|
|
|
; Print the new working dir on the console
|
2012-04-13 01:32:43 +02:00
|
|
|
lea eax, [ebp + thread_data.work_dir]
|
2012-04-13 17:54:21 +02:00
|
|
|
invoke con_write_asciiz, eax
|
|
|
|
invoke con_write_asciiz, str_newline
|
2012-04-07 20:42:58 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "250 Command succesul"
|
2012-04-05 15:00:39 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "CWD"
|
|
|
|
;
|
|
|
|
; Change Working Directory.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
2012-04-10 21:44:51 +02:00
|
|
|
cmdCWD:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], PERMISSION_CD
|
2012-04-10 21:44:51 +02:00
|
|
|
jz permission_denied
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
; do we have enough parameters?
|
2012-04-04 19:19:00 +02:00
|
|
|
sub ecx, 4
|
2012-04-13 17:54:21 +02:00
|
|
|
jbe .err
|
2012-04-05 15:00:39 +02:00
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
; get ready to copy the path
|
|
|
|
add esi, 4
|
2012-04-13 01:32:43 +02:00
|
|
|
mov ecx, 1024
|
|
|
|
lea edi, [ebp + thread_data.work_dir]
|
2012-04-13 17:54:21 +02:00
|
|
|
|
|
|
|
; if received dir starts with '/', we will simply copy it
|
|
|
|
; If not, we will append the current path with the received path.
|
2012-04-13 01:32:43 +02:00
|
|
|
cmp byte [esi], '/'
|
2012-04-13 17:54:21 +02:00
|
|
|
je .copyloop
|
2012-04-13 01:32:43 +02:00
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
; Find the end of work_dir string.
|
|
|
|
xor al, al
|
2012-04-06 20:37:00 +02:00
|
|
|
.find_zero:
|
2012-04-13 17:54:21 +02:00
|
|
|
repne scasb
|
|
|
|
dec edi
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
; and now append work_dir with received string
|
|
|
|
mov ecx, 1024
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
; scan for end byte, or '.'
|
|
|
|
.copyloop:
|
2012-04-04 19:19:00 +02:00
|
|
|
lodsb
|
|
|
|
cmp al, 0x20
|
|
|
|
jb .done
|
2012-04-13 17:54:21 +02:00
|
|
|
;;; cmp al, '.' ; '..' means we must go up one dir TODO
|
|
|
|
;;; je .up
|
2012-04-04 19:19:00 +02:00
|
|
|
stosb
|
2012-04-13 17:54:21 +02:00
|
|
|
loop .copyloop
|
|
|
|
|
|
|
|
; now, now make sure it ends with '/', 0
|
2012-04-04 19:19:00 +02:00
|
|
|
.done:
|
|
|
|
cmp byte [edi-1], '/'
|
|
|
|
je @f
|
|
|
|
mov byte [edi], '/'
|
|
|
|
inc edi
|
|
|
|
@@:
|
|
|
|
mov byte [edi], 0
|
|
|
|
|
2012-04-07 20:42:58 +02:00
|
|
|
; Print the new working dir on the console
|
2012-04-13 01:32:43 +02:00
|
|
|
lea eax, [ebp + thread_data.work_dir]
|
2012-04-13 17:54:21 +02:00
|
|
|
invoke con_write_asciiz, eax
|
|
|
|
invoke con_write_asciiz, str_newline
|
2012-04-07 20:42:58 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "250 Command succesful"
|
2012-04-04 19:19:00 +02:00
|
|
|
ret
|
|
|
|
|
|
|
|
.err:
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "550 Directory does not exist"
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "DELE"
|
|
|
|
;
|
|
|
|
; Delete a file from the server.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdDELE:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], PERMISSION_DELETE
|
2012-04-10 21:44:51 +02:00
|
|
|
jz permission_denied
|
2012-04-03 18:37:24 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
ret
|
2012-04-07 20:42:58 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "LIST"
|
|
|
|
;
|
|
|
|
; List the files in the current working directory.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdLIST:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], PERMISSION_EXEC
|
2012-04-10 21:44:51 +02:00
|
|
|
jz permission_denied
|
|
|
|
|
2012-07-27 01:24:24 +02:00
|
|
|
call open_datasock
|
2012-04-13 17:54:21 +02:00
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
; Create fpath from home_dir and work_dir
|
|
|
|
call create_path
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea ebx, [ebp + thread_data.fpath]
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke con_write_asciiz, ebx
|
|
|
|
invoke con_write_asciiz, str_newline
|
2012-04-05 15:00:39 +02:00
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
; Start the search
|
2012-08-28 01:29:21 +02:00
|
|
|
invoke file.find.first, ebx, str_mask, FA_READONLY+FA_FOLDER+FA_ARCHIVED;+FA_NORMAL
|
2012-04-06 20:37:00 +02:00
|
|
|
test eax, eax
|
|
|
|
jz .nosuchdir
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edi, [ebp + thread_data.buffer]
|
2012-04-10 21:44:51 +02:00
|
|
|
.parse_file:
|
2012-04-04 19:19:00 +02:00
|
|
|
test eax, eax ; did we find a file?
|
2012-04-04 15:08:07 +02:00
|
|
|
jz .done
|
2012-04-06 20:37:00 +02:00
|
|
|
mov ebx, eax ; yes, save the descripter in ebx
|
2012-04-04 15:08:07 +02:00
|
|
|
|
|
|
|
; first, convert the attributes
|
2012-04-06 20:37:00 +02:00
|
|
|
test [ebx + FileInfoA.Attributes], FA_FOLDER
|
2012-04-04 15:08:07 +02:00
|
|
|
jnz .folder
|
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
test [ebx + FileInfoA.Attributes], FA_READONLY
|
2012-04-04 15:08:07 +02:00
|
|
|
jnz .readonly
|
|
|
|
|
|
|
|
mov eax, '-rw-'
|
|
|
|
stosd
|
|
|
|
jmp .attr
|
|
|
|
|
|
|
|
.folder:
|
|
|
|
mov eax, 'drwx'
|
2012-04-04 19:19:00 +02:00
|
|
|
stosd
|
2012-04-04 15:08:07 +02:00
|
|
|
jmp .attr
|
|
|
|
|
|
|
|
.readonly:
|
|
|
|
mov eax, '-r--'
|
|
|
|
stosd
|
|
|
|
|
|
|
|
.attr:
|
|
|
|
mov eax, 'rw-r'
|
|
|
|
stosd
|
|
|
|
mov ax, 'w-'
|
|
|
|
stosw
|
|
|
|
mov al, ' '
|
|
|
|
stosb
|
|
|
|
|
|
|
|
; now..
|
|
|
|
mov ax, '1 '
|
|
|
|
stosw
|
|
|
|
|
|
|
|
; now write owner, everything is owned by FTP, woohoo!
|
|
|
|
mov eax, 'FTP '
|
|
|
|
stosd
|
|
|
|
stosd
|
|
|
|
|
|
|
|
; now the filesize in ascii
|
2012-04-06 20:37:00 +02:00
|
|
|
mov eax, [ebx + FileInfoA.FileSizeLow]
|
2012-04-04 15:08:07 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ' '
|
|
|
|
stosb
|
|
|
|
|
|
|
|
; then date (month/day/year)
|
2012-04-06 20:37:00 +02:00
|
|
|
movzx eax, [ebx + FileInfoA.DateModify + FileDateTime.month]
|
2012-04-12 11:58:58 +02:00
|
|
|
cmp eax, 12
|
|
|
|
ja @f
|
|
|
|
mov eax, [months - 4 + 4*eax]
|
2012-04-04 15:08:07 +02:00
|
|
|
stosd
|
2012-04-12 11:58:58 +02:00
|
|
|
@@:
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
movzx eax, [ebx + FileInfoA.DateModify + FileDateTime.day]
|
2012-04-04 15:08:07 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ' '
|
|
|
|
stosb
|
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
movzx eax, [ebx + FileInfoA.DateModify + FileDateTime.year]
|
2012-04-04 15:08:07 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ' '
|
|
|
|
stosb
|
|
|
|
|
|
|
|
; and last but not least, filename
|
2012-04-06 20:37:00 +02:00
|
|
|
lea esi, [ebx + FileInfoA.FileName]
|
|
|
|
mov ecx, 264
|
2012-04-04 15:08:07 +02:00
|
|
|
.nameloop:
|
|
|
|
lodsb
|
|
|
|
test al, al
|
|
|
|
jz .namedone
|
|
|
|
stosb
|
|
|
|
loop .nameloop
|
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
; insert a cr lf
|
2012-04-04 15:08:07 +02:00
|
|
|
.namedone:
|
2012-04-05 15:00:39 +02:00
|
|
|
mov ax, 0x0a0d
|
2012-04-04 15:08:07 +02:00
|
|
|
stosw
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], ABORT ; Did we receive ABOR command from client?
|
2012-08-28 01:29:21 +02:00
|
|
|
jnz abort_transfer
|
2012-04-10 21:44:51 +02:00
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
; check next file
|
2012-04-13 01:32:43 +02:00
|
|
|
invoke file.find.next, ebx
|
|
|
|
jmp .parse_file
|
2012-04-04 19:19:00 +02:00
|
|
|
|
|
|
|
; close file desc
|
2012-04-04 15:08:07 +02:00
|
|
|
.done:
|
2012-04-17 22:00:07 +02:00
|
|
|
invoke file.find.close, ebx ; ebx is descriptor of last file, eax will be -1 !!
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
; append the string with a 0
|
2012-04-04 15:08:07 +02:00
|
|
|
xor al, al
|
|
|
|
stosb
|
|
|
|
|
2012-04-05 15:00:39 +02:00
|
|
|
; Warn the client we're about to send the data
|
2012-04-10 21:44:51 +02:00
|
|
|
push edi
|
|
|
|
sendFTP "150 Here it comes.."
|
|
|
|
pop esi
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
; and send it to the client
|
2012-04-17 22:00:07 +02:00
|
|
|
mov ecx, [ebp + thread_data.datasocketnum] ; socket num
|
|
|
|
lea edx, [ebp + thread_data.buffer] ; buffer ptr
|
|
|
|
sub esi, edx ; length
|
|
|
|
xor edi, edi ; flags
|
2012-04-06 20:37:00 +02:00
|
|
|
mcall send
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
; close the data socket..
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.mode], MODE_NOTREADY
|
|
|
|
mcall close, [ebp + thread_data.datasocketnum]
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "226 Transfer OK"
|
2012-04-06 20:37:00 +02:00
|
|
|
ret
|
|
|
|
|
|
|
|
.nosuchdir:
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "550 Directory does not exist"
|
2012-04-04 15:08:07 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "NLST"
|
|
|
|
;
|
|
|
|
; List the filenames of the files in the current working directory.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdNLST:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], PERMISSION_EXEC
|
2012-04-10 21:44:51 +02:00
|
|
|
jz permission_denied
|
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; TODO: same as list but simpler output format
|
|
|
|
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "NOOP"
|
|
|
|
;
|
|
|
|
; No operation, just keep the connection alive.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdNOOP:
|
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
sendFTP "200 Command OK"
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "PASS"
|
|
|
|
;
|
|
|
|
; Second phase of login process, client provides password.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 22:28:26 +02:00
|
|
|
align 4
|
|
|
|
cmdPASS:
|
2012-04-12 11:58:58 +02:00
|
|
|
|
|
|
|
; read the password from users.ini
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edi, [ebp + thread_data.buffer + 512] ; temp pass
|
|
|
|
lea ebx, [ebp + thread_data.fpath] ; temp username
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke ini.get_str, path2, ebx, str_pass, edi, 512, str_infinity
|
2012-04-13 17:54:21 +02:00
|
|
|
test eax, eax ; unable to read password? fail!
|
2012-04-10 21:44:51 +02:00
|
|
|
jnz .incorrect
|
2012-04-13 17:54:21 +02:00
|
|
|
cmp dword [edi], -1 ; no key, section or file found.. fail!
|
2012-04-12 11:58:58 +02:00
|
|
|
je .incorrect
|
2012-08-30 09:21:52 +02:00
|
|
|
cmp byte [edi], 0 ; zero password? ok!
|
|
|
|
je .ok
|
2012-04-13 17:54:21 +02:00
|
|
|
|
|
|
|
add esi, 5
|
|
|
|
sub ecx, 5
|
|
|
|
jbe .incorrect ; no password given? but hey, we need one! fail..
|
2012-04-10 21:44:51 +02:00
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
; compare with received password
|
2012-04-10 21:44:51 +02:00
|
|
|
repe cmpsb
|
2012-04-13 17:54:21 +02:00
|
|
|
cmp byte [esi-1], 0x20 ; printeable characters left?
|
2012-04-10 21:44:51 +02:00
|
|
|
jae .incorrect
|
2012-04-13 17:54:21 +02:00
|
|
|
cmp byte [edi-1], 0
|
2012-04-10 21:44:51 +02:00
|
|
|
jne .incorrect
|
|
|
|
|
2012-04-13 17:54:21 +02:00
|
|
|
.ok:
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke ini.get_int, path2, ebx, str_mode, 0
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.permissions], eax
|
2012-04-04 11:24:08 +02:00
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke con_write_asciiz, str_pass_ok
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.state], STATE_ACTIVE
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "230 You are now logged in"
|
|
|
|
ret
|
|
|
|
|
|
|
|
.2:
|
|
|
|
.incorrect:
|
2012-04-13 17:54:21 +02:00
|
|
|
invoke con_write_asciiz, str_pass_err
|
|
|
|
mov [ebp + thread_data.state], STATE_CONNECTED ; reset state
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "530 Login incorrect"
|
|
|
|
ret
|
|
|
|
|
|
|
|
.0:
|
|
|
|
sendFTP "503 Login with USER first"
|
|
|
|
ret
|
2012-04-03 22:28:26 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
.3:
|
|
|
|
sendFTP "230 Already logged in"
|
2012-04-03 22:28:26 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "PASV"
|
|
|
|
;
|
|
|
|
; Initiate a passive dataconnection.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-04 11:24:08 +02:00
|
|
|
align 4
|
|
|
|
cmdPASV:
|
|
|
|
|
2012-07-27 01:24:24 +02:00
|
|
|
; cmp [ebp + thread_data.passivesocknum], -1
|
|
|
|
; je @f
|
|
|
|
; mcall close, [ebp + thread_data.passivesocknum] ; if there is still a socket open, close it
|
|
|
|
; @@:
|
2012-04-13 17:54:21 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; Open a new TCP socket
|
2012-04-04 15:08:07 +02:00
|
|
|
mcall socket, AF_INET4, SOCK_STREAM, 0
|
|
|
|
cmp eax, -1
|
2012-04-06 20:37:00 +02:00
|
|
|
je socketerror
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.passivesocknum], eax
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; Bind it to a known local port
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.datasock.sin_family], AF_INET4
|
|
|
|
mov [ebp + thread_data.datasock.sin_addr], 0
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
mov ecx, eax ; passivesocketnum
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edx, [ebp + thread_data.datasock]
|
2012-04-07 13:36:00 +02:00
|
|
|
mov esi, sizeof.thread_data.datasock
|
2012-04-13 17:54:21 +02:00
|
|
|
|
|
|
|
.next_port: ; TODO: break the endless loop
|
|
|
|
call nextpasvport
|
|
|
|
pushw [pasv_port]
|
|
|
|
popw [ebp + thread_data.datasock.sin_port]
|
|
|
|
|
2012-04-07 13:36:00 +02:00
|
|
|
mcall bind
|
2012-04-04 15:08:07 +02:00
|
|
|
cmp eax, -1
|
2012-04-13 17:54:21 +02:00
|
|
|
je .next_port
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; And set it to listen!
|
2012-04-10 21:44:51 +02:00
|
|
|
mcall listen, , 1
|
|
|
|
cmp eax, -1
|
2012-04-13 17:54:21 +02:00
|
|
|
je socketerror
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; Tell our thread we are ready to accept incoming calls
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.mode], MODE_PASSIVE_WAIT
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; Now tell the client where to connect to in this format:
|
|
|
|
; 227 Entering Passive Mode (a1,a2,a3,a4,p1,p2)
|
|
|
|
; where a1.a2.a3.a4 is the IP address and p1*256+p2 is the port number.
|
2012-04-10 21:44:51 +02:00
|
|
|
|
|
|
|
; '227 ('
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edi, [ebp + thread_data.buffer]
|
2012-04-13 17:54:21 +02:00
|
|
|
mov eax, '227 '
|
2012-04-04 15:08:07 +02:00
|
|
|
stosd
|
2012-04-10 21:44:51 +02:00
|
|
|
mov al, '('
|
2012-04-04 15:08:07 +02:00
|
|
|
stosb
|
2012-04-10 21:44:51 +02:00
|
|
|
; ip
|
2012-04-13 17:54:21 +02:00
|
|
|
movzx eax, byte [serverip]
|
2012-04-10 21:44:51 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ','
|
|
|
|
stosb
|
2012-04-13 17:54:21 +02:00
|
|
|
movzx eax, byte [serverip+1]
|
2012-04-10 21:44:51 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ','
|
|
|
|
stosb
|
2012-04-13 17:54:21 +02:00
|
|
|
movzx eax, byte [serverip+2]
|
2012-04-10 21:44:51 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ','
|
|
|
|
stosb
|
2012-04-13 17:54:21 +02:00
|
|
|
movzx eax, byte [serverip+3]
|
2012-04-10 21:44:51 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ','
|
2012-04-04 15:08:07 +02:00
|
|
|
stosb
|
2012-04-10 21:44:51 +02:00
|
|
|
; port
|
2012-11-01 13:33:15 +01:00
|
|
|
movzx eax, byte [ebp + thread_data.datasock.sin_port]
|
2012-04-10 21:44:51 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
mov al, ','
|
|
|
|
stosb
|
2012-11-01 13:33:15 +01:00
|
|
|
movzx eax, byte [ebp + thread_data.datasock.sin_port+1]
|
2012-04-10 21:44:51 +02:00
|
|
|
call dword_to_ascii
|
|
|
|
; ')', 13, 10, 0
|
|
|
|
mov eax, ')' + 0x000a0d00
|
|
|
|
stosd
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
lea esi, [edi - thread_data.buffer]
|
2012-04-13 01:32:43 +02:00
|
|
|
sub esi, ebp
|
|
|
|
mov ecx, [ebp + thread_data.socketnum]
|
|
|
|
lea edx, [ebp + thread_data.buffer]
|
2012-04-12 11:58:58 +02:00
|
|
|
xor edi, edi
|
2012-04-07 13:36:00 +02:00
|
|
|
mcall send
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-04 11:24:08 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "PWD"
|
|
|
|
;
|
|
|
|
; Print the current working directory.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
2012-04-10 21:44:51 +02:00
|
|
|
cmdPWD:
|
2012-04-03 18:37:24 +02:00
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
mov dword [ebp + thread_data.buffer], '257 '
|
|
|
|
mov byte [ebp + thread_data.buffer+4], '"'
|
2012-04-04 11:24:08 +02:00
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edi, [ebp + thread_data.buffer+5]
|
|
|
|
lea esi, [ebp + thread_data.work_dir]
|
2012-04-04 11:24:08 +02:00
|
|
|
mov ecx, 1024
|
|
|
|
.loop:
|
|
|
|
lodsb
|
|
|
|
or al, al
|
|
|
|
jz .ok
|
|
|
|
stosb
|
|
|
|
dec ecx
|
|
|
|
jnz .loop
|
|
|
|
|
|
|
|
.ok:
|
2012-04-06 20:37:00 +02:00
|
|
|
mov dword [edi], '"' + 0x000a0d00 ; '"',13,10,0
|
|
|
|
lea esi, [edi - thread_data.buffer + 4]
|
2012-04-13 01:32:43 +02:00
|
|
|
sub esi, ebp
|
|
|
|
mov ecx, [ebp + thread_data.socketnum]
|
|
|
|
lea edx, [ebp + thread_data.buffer]
|
2012-04-07 20:42:58 +02:00
|
|
|
xor edi, edi
|
|
|
|
mcall send
|
2012-04-04 11:24:08 +02:00
|
|
|
|
2012-04-07 20:42:58 +02:00
|
|
|
; Print the new working dir on the console
|
2012-04-13 01:32:43 +02:00
|
|
|
lea eax, [ebp + thread_data.work_dir]
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke con_write_asciiz, eax
|
|
|
|
invoke con_write_asciiz, str_newline
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "PORT"
|
|
|
|
;
|
|
|
|
; Initiate an active dataconnection.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdPORT:
|
|
|
|
|
2012-04-04 11:24:08 +02:00
|
|
|
; PORT a1,a2,a3,a4,p1,p2
|
|
|
|
; IP address a1.a2.a3.a4, port p1*256+p2
|
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; Convert the IP
|
2012-04-10 21:44:51 +02:00
|
|
|
lea esi, [esi+5]
|
|
|
|
mov cl, ','
|
|
|
|
call ip_to_dword
|
2012-04-06 20:37:00 +02:00
|
|
|
; And put it in datasock
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.datasock.sin_addr], ebx
|
2012-04-04 11:24:08 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; Now the same with portnumber
|
2012-04-12 11:58:58 +02:00
|
|
|
inc esi
|
2012-04-04 11:24:08 +02:00
|
|
|
call ascii_to_byte
|
2012-11-01 13:33:15 +01:00
|
|
|
mov byte[ebp + thread_data.datasock.sin_port], al
|
2012-04-04 11:24:08 +02:00
|
|
|
inc esi
|
|
|
|
call ascii_to_byte
|
2012-11-01 13:33:15 +01:00
|
|
|
mov byte[ebp + thread_data.datasock.sin_port+1], al
|
2012-04-04 11:24:08 +02:00
|
|
|
|
2012-04-06 20:37:00 +02:00
|
|
|
; We will open the socket, but do not connect yet!
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.datasock.sin_family], AF_INET4
|
2012-04-04 15:08:07 +02:00
|
|
|
mcall socket, AF_INET4, SOCK_STREAM, 0
|
2012-04-04 11:24:08 +02:00
|
|
|
cmp eax, -1
|
2012-04-06 20:37:00 +02:00
|
|
|
je socketerror
|
2012-04-10 21:44:51 +02:00
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.datasocketnum], eax
|
|
|
|
mov [ebp + thread_data.mode], MODE_ACTIVE
|
2012-04-04 11:24:08 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "225 Data connection open"
|
2012-04-04 11:24:08 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "QUIT"
|
|
|
|
;
|
|
|
|
; Close the connection with client.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdQUIT:
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "221 Bye!"
|
2012-04-13 01:32:43 +02:00
|
|
|
mcall close, [ebp + thread_data.datasocketnum]
|
|
|
|
mcall close, [ebp + thread_data.socketnum]
|
2012-04-03 22:28:26 +02:00
|
|
|
|
2012-04-07 13:36:00 +02:00
|
|
|
add esp, 4 ; get rid of call return address
|
|
|
|
jmp thread_exit ; now close this thread
|
2012-04-03 18:37:24 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
|
|
|
|
;------------------------------------------------
|
|
|
|
; "RETR"
|
|
|
|
;
|
|
|
|
; Retrieve a file from the ftp server.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdRETR:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], PERMISSION_READ
|
2012-04-10 21:44:51 +02:00
|
|
|
jz permission_denied
|
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
cmp ecx, 1024 + 5
|
|
|
|
jae .cannot_open
|
|
|
|
|
2012-04-05 15:00:39 +02:00
|
|
|
sub ecx, 5
|
|
|
|
jb .cannot_open
|
|
|
|
|
2012-07-27 01:24:24 +02:00
|
|
|
call open_datasock
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-04-05 15:00:39 +02:00
|
|
|
call create_path
|
|
|
|
dec edi
|
2012-07-27 01:24:24 +02:00
|
|
|
lea esi, [ebp + thread_data.buffer + 5]
|
2012-04-13 17:54:21 +02:00
|
|
|
mov ecx, 1024
|
2012-08-30 09:21:52 +02:00
|
|
|
cmp byte [esi], '/'
|
|
|
|
jne .loop
|
|
|
|
inc esi
|
2012-04-05 15:00:39 +02:00
|
|
|
.loop:
|
|
|
|
lodsb
|
|
|
|
cmp al, 0x20
|
|
|
|
jl .done
|
|
|
|
stosb
|
|
|
|
loop .loop
|
|
|
|
.done:
|
|
|
|
xor al, al
|
|
|
|
stosb
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea ebx, [ebp + thread_data.fpath]
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke con_write_asciiz, ebx
|
|
|
|
invoke con_write_asciiz, str_newline
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke file.open, ebx, O_READ
|
2012-04-05 15:00:39 +02:00
|
|
|
test eax, eax
|
|
|
|
jz .cannot_open
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-04-05 15:00:39 +02:00
|
|
|
push eax
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "150 Here it comes.."
|
2012-04-05 15:00:39 +02:00
|
|
|
pop ebx
|
2012-04-04 19:19:00 +02:00
|
|
|
|
|
|
|
.read_more:
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], ABORT
|
2012-04-10 21:44:51 +02:00
|
|
|
jnz abort_transfer
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea eax, [ebp + thread_data.buffer] ; FIXME: use another buffer!! if we receive something on control connection now, we screw up!
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke file.read, ebx, eax, BUFFERSIZE
|
2012-04-05 15:00:39 +02:00
|
|
|
cmp eax, -1
|
2012-04-12 11:58:58 +02:00
|
|
|
je .cannot_open ; FIXME: this is not the correct error
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-07-27 01:24:24 +02:00
|
|
|
invoke con_write_asciiz, str2
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
push eax ebx
|
2012-04-04 19:19:00 +02:00
|
|
|
mov esi, eax
|
2012-04-13 01:32:43 +02:00
|
|
|
mov ecx, [ebp + thread_data.datasocketnum]
|
|
|
|
lea edx, [ebp + thread_data.buffer]
|
|
|
|
xor edi, edi
|
2012-04-07 13:36:00 +02:00
|
|
|
mcall send
|
2012-04-10 21:44:51 +02:00
|
|
|
pop ebx ecx
|
2012-04-05 15:00:39 +02:00
|
|
|
cmp eax, -1
|
2012-04-13 01:32:43 +02:00
|
|
|
je socketerror ; FIXME: not the correct error
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
; cmp eax, ecx
|
|
|
|
; jne not_all_byes_sent ; TODO
|
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
cmp ecx, BUFFERSIZE
|
|
|
|
je .read_more
|
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke file.close, ebx
|
2012-04-04 19:19:00 +02:00
|
|
|
|
2012-07-27 01:24:24 +02:00
|
|
|
invoke con_write_asciiz, str2b
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.mode], MODE_NOTREADY
|
|
|
|
mcall close, [ebp + thread_data.datasocketnum]
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "226 Transfer OK, closing connection"
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-05 15:00:39 +02:00
|
|
|
.cannot_open:
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke con_set_flags, 0x0c
|
|
|
|
invoke con_write_asciiz, str_notfound
|
|
|
|
invoke con_set_flags, 0x07
|
2012-04-05 15:00:39 +02:00
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "550 No such file"
|
2012-04-05 15:00:39 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
;------------------------------------------------
|
|
|
|
; "STOR"
|
|
|
|
;
|
|
|
|
; Store a file on the server.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdSTOR:
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], PERMISSION_WRITE
|
2012-04-10 21:44:51 +02:00
|
|
|
jz permission_denied
|
|
|
|
|
|
|
|
|
|
|
|
;;;;
|
2012-04-13 01:32:43 +02:00
|
|
|
test [ebp + thread_data.permissions], ABORT
|
2012-04-10 21:44:51 +02:00
|
|
|
jnz abort_transfer
|
|
|
|
|
|
|
|
;;;;
|
2012-04-06 20:37:00 +02:00
|
|
|
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "SYST"
|
|
|
|
;
|
|
|
|
; Send information about the system.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdSYST:
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "215 UNIX type: L8"
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "TYPE"
|
|
|
|
;
|
|
|
|
; Choose the file transfer type.
|
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdTYPE:
|
|
|
|
|
2012-04-04 11:24:08 +02:00
|
|
|
cmp ecx, 6
|
|
|
|
jb parse_cmd.error
|
|
|
|
|
|
|
|
mov al, byte[esi+5]
|
|
|
|
and al, not 0x20
|
|
|
|
|
|
|
|
cmp al, 'A'
|
|
|
|
je .ascii
|
|
|
|
cmp al, 'E'
|
|
|
|
je .ebdic
|
|
|
|
cmp al, 'I'
|
|
|
|
je .image
|
|
|
|
cmp al, 'L'
|
|
|
|
je .local
|
|
|
|
|
|
|
|
jmp parse_cmd.error
|
|
|
|
|
|
|
|
.ascii:
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.type], TYPE_ASCII
|
2012-04-04 11:24:08 +02:00
|
|
|
jmp .subtype
|
|
|
|
|
|
|
|
.ebdic:
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.type], TYPE_EBDIC
|
2012-04-04 11:24:08 +02:00
|
|
|
|
|
|
|
.subtype:
|
|
|
|
cmp ecx, 8
|
|
|
|
jb .non_print
|
|
|
|
|
|
|
|
mov al, byte[esi+7]
|
|
|
|
and al, not 0x20
|
|
|
|
|
|
|
|
cmp al, 'N'
|
|
|
|
je .non_print
|
|
|
|
cmp al, 'T'
|
|
|
|
je .telnet
|
|
|
|
cmp al, 'C'
|
|
|
|
je .asacc
|
2012-07-18 00:01:08 +02:00
|
|
|
cmp al, 0x20
|
|
|
|
jb .non_print
|
2012-04-04 11:24:08 +02:00
|
|
|
|
|
|
|
jmp parse_cmd.error
|
|
|
|
|
|
|
|
.non_print:
|
2012-04-13 01:32:43 +02:00
|
|
|
or [ebp + thread_data.type], TYPE_NP
|
2012-04-04 11:24:08 +02:00
|
|
|
jmp .ok
|
|
|
|
|
|
|
|
.telnet:
|
2012-04-13 01:32:43 +02:00
|
|
|
or [ebp + thread_data.type], TYPE_TELNET
|
2012-04-04 11:24:08 +02:00
|
|
|
jmp .ok
|
|
|
|
|
|
|
|
.asacc:
|
2012-04-13 01:32:43 +02:00
|
|
|
or [ebp + thread_data.type], TYPE_ASA
|
2012-04-04 11:24:08 +02:00
|
|
|
jmp .ok
|
|
|
|
|
|
|
|
.image:
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.type], TYPE_IMAGE
|
2012-04-04 11:24:08 +02:00
|
|
|
jmp .ok
|
|
|
|
|
|
|
|
.local:
|
|
|
|
cmp ecx, 8
|
|
|
|
jb parse_cmd.error
|
|
|
|
|
|
|
|
mov al, byte[esi+7]
|
|
|
|
sub al, '0'
|
2012-04-12 11:58:58 +02:00
|
|
|
jb parse_cmd.error ; FIXME: this is not the correct errormessage
|
2012-04-04 11:24:08 +02:00
|
|
|
cmp al, 9
|
2012-04-12 11:58:58 +02:00
|
|
|
ja parse_cmd.error ; FIXME
|
2012-04-04 11:24:08 +02:00
|
|
|
or al, TYPE_LOCAL
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.type], al
|
2012-04-04 11:24:08 +02:00
|
|
|
|
|
|
|
.ok:
|
2012-04-10 21:44:51 +02:00
|
|
|
sendFTP "200 Command ok"
|
2012-04-03 18:37:24 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
;------------------------------------------------
|
|
|
|
; "USER"
|
|
|
|
;
|
2012-04-12 11:58:58 +02:00
|
|
|
; Login to the server, step one of two. ;;; TODO: prevent buffer overflow!
|
2012-04-10 21:44:51 +02:00
|
|
|
;
|
|
|
|
;------------------------------------------------
|
2012-04-03 18:37:24 +02:00
|
|
|
align 4
|
|
|
|
cmdUSER:
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
lea esi, [esi + 5]
|
2012-04-13 01:32:43 +02:00
|
|
|
lea edi, [ebp + thread_data.fpath] ; temp buffer for username
|
2012-04-12 11:58:58 +02:00
|
|
|
.loop:
|
2012-04-10 21:44:51 +02:00
|
|
|
lodsb
|
|
|
|
stosb
|
|
|
|
cmp al, 0x20
|
|
|
|
jae .loop
|
|
|
|
mov byte [edi-1], 0
|
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
lea esi, [ebp + thread_data.fpath]
|
|
|
|
lea eax, [ebp + thread_data.home_dir]
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke ini.get_str, path2, esi, str_home, eax, 1024, str_infinity
|
2012-04-10 21:44:51 +02:00
|
|
|
cmp eax, -1
|
|
|
|
je .login_fail
|
2012-04-12 11:58:58 +02:00
|
|
|
cmp dword [esi], -1
|
|
|
|
je .login_fail
|
2012-04-03 22:28:26 +02:00
|
|
|
|
2012-04-13 01:32:43 +02:00
|
|
|
mov word [ebp + thread_data.work_dir], "/" ; "/", 0
|
2012-04-04 11:24:08 +02:00
|
|
|
|
2012-04-12 11:58:58 +02:00
|
|
|
invoke con_write_asciiz, str_logged_in
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.state], STATE_LOGIN
|
2012-04-10 21:44:51 +02:00
|
|
|
.sendstr:
|
|
|
|
sendFTP "331 Please specify the password"
|
2012-04-04 11:24:08 +02:00
|
|
|
ret
|
|
|
|
|
2012-04-10 21:44:51 +02:00
|
|
|
.login_fail:
|
2012-04-13 17:54:21 +02:00
|
|
|
invoke con_write_asciiz, str_pass_err
|
2012-04-13 01:32:43 +02:00
|
|
|
mov [ebp + thread_data.state], STATE_LOGIN_FAIL
|
2012-04-10 21:44:51 +02:00
|
|
|
jmp .sendstr
|
2012-04-04 15:08:07 +02:00
|
|
|
|
2012-04-04 19:19:00 +02:00
|
|
|
align 4
|
2012-04-10 21:44:51 +02:00
|
|
|
.2:
|
|
|
|
sendFTP "530 Can't change to another user"
|
2012-04-04 19:19:00 +02:00
|
|
|
ret
|