From 6d84cfdc3181aae165ed0a6f25639af0b90ec01b Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Tue, 11 Aug 2020 19:45:59 -0400
Subject: [PATCH] Updated program return values for various connection error
 instances and unknown errors.

---
 ssh-audit.py | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/ssh-audit.py b/ssh-audit.py
index 6d617f6..70ed274 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -63,11 +63,13 @@ except ImportError:  # pragma: nocover
 
 
 def usage(err: Optional[str] = None) -> None:
+    retval = PROGRAM_RETVAL_GOOD
     uout = Output()
     p = os.path.basename(sys.argv[0])
     uout.head('# {} {}, https://github.com/jtesta/ssh-audit\n'.format(p, VERSION))
     if err is not None and len(err) > 0:
         uout.fail('\n' + err)
+        retval = PROGRAM_RETVAL_UNKNOWN_ERROR
     uout.info('usage: {0} [options] <host>\n'.format(p))
     uout.info('   -h,  --help             print this help')
     uout.info('   -1,  --ssh1             force ssh version 1 only')
@@ -88,7 +90,7 @@ def usage(err: Optional[str] = None) -> None:
     uout.info('   -T,  --targets=<hosts.txt>  a file containing a list of target hosts (one\n                                   per line, format HOST[:PORT])')
     uout.info('   -v,  --verbose          verbose output')
     uout.sep()
-    sys.exit(1)
+    sys.exit(retval)
 
 
 # Validates policy files and performs policy testing
@@ -631,17 +633,17 @@ class AuditConf:
                 aconf.policy = Policy(policy_file=aconf.policy_file)
             except Exception as e:
                 print("Error while loading policy file: %s: %s" % (str(e), traceback.format_exc()))
-                sys.exit(-1)
+                sys.exit(PROGRAM_RETVAL_UNKNOWN_ERROR)
 
             # If the user wants to do a client audit, but provided a server policy, terminate.
             if aconf.client_audit and aconf.policy.is_server_policy():
                 print("Error: client audit selected, but server policy provided.")
-                sys.exit(-1)
+                sys.exit(PROGRAM_RETVAL_UNKNOWN_ERROR)
 
             # If the user wants to do a server audit, but provided a client policy, terminate.
             if aconf.client_audit is False and aconf.policy.is_server_policy() is False:
                 print("Error: server audit selected, but client policy provided.")
-                sys.exit(-1)
+                sys.exit(PROGRAM_RETVAL_UNKNOWN_ERROR)
 
         return aconf
 
@@ -2386,7 +2388,7 @@ class SSH:  # pylint: disable=too-few-public-methods
                         yield af, addr
             except socket.error as e:
                 out.fail('[exception] {}'.format(e))
-                sys.exit(1)
+                sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR)
 
         # Listens on a server socket and accepts one connection (used for
         # auditing client connections).
@@ -2416,7 +2418,7 @@ class SSH:  # pylint: disable=too-few-public-methods
             # If we failed to listen on any interfaces, terminate.
             if len(self.__sock_map.keys()) == 0:
                 print("Error: failed to listen on any IPv4 and IPv6 interfaces!")
-                sys.exit(-1)
+                sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR)
 
             # Wait for an incoming connection.  If a timeout was explicitly
             # set by the user, terminate when it elapses.
@@ -2434,7 +2436,7 @@ class SSH:  # pylint: disable=too-few-public-methods
 
                 if self.__timeout_set and time_elapsed >= self.__timeout:
                     print("Timeout elapsed.  Terminating...")
-                    sys.exit(-1)
+                    sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR)
 
             # Accept the connection.
             c, addr = self.__sock_map[fds[0][0]].accept()
@@ -2462,7 +2464,7 @@ class SSH:  # pylint: disable=too-few-public-methods
                 errt = (self.__host, self.__port, err)
                 errm = 'cannot connect to {} port {}: {}'.format(*errt)
             out.fail('[exception] {}'.format(errm))
-            sys.exit(1)
+            sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR)
 
         def get_banner(self, sshv: int = 2) -> Tuple[Optional['SSH.Banner'], List[str], Optional[str]]:
             if self.__sock is None:
@@ -2553,7 +2555,7 @@ class SSH:  # pylint: disable=too-few-public-methods
                     check_size = 4 + 1 + payload_length + padding_length
                 if check_size % self.__block_size != 0:
                     out.fail('[exception] invalid ssh packet (block size)')
-                    sys.exit(1)
+                    sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR)
                 self.ensure_read(payload_length)
                 if sshv == 1:
                     payload = self.read(payload_length - 4)
@@ -2568,7 +2570,7 @@ class SSH:  # pylint: disable=too-few-public-methods
                     rcrc = SSH1.crc32(padding + payload)
                     if crc != rcrc:
                         out.fail('[exception] packet checksum CRC32 mismatch.')
-                        sys.exit(1)
+                        sys.exit(PROGRAM_RETVAL_CONNECTION_ERROR)
                 else:
                     self.ensure_read(padding_length)
                     padding = self.read(padding_length)