OpenVAS Scanner  7.0.1~git
attack.c File Reference

Launches the plugins, and manages multithreading. More...

#include "attack.h"
#include "../misc/network.h"
#include "../misc/nvt_categories.h"
#include "../misc/pcap_openvas.h"
#include "../nasl/nasl_debug.h"
#include "hosts.h"
#include "pluginlaunch.h"
#include "pluginload.h"
#include "pluginscheduler.h"
#include "plugs_req.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gvm/base/hosts.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/base/proctitle.h>
#include <gvm/util/nvticache.h>
#include <stdlib.h>
#include <string.h>
#include <sys/wait.h>
#include <unistd.h>
Include dependency graph for attack.c:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  attack_start_args
 

Macros

#define ERR_HOST_DEAD   -1
 
#define ERR_CANT_FORK   -2
 
#define MAX_FORK_RETRIES   10
 
#define KB_RETRY_DELAY   3 /*In sec*/
 
#define PROGRESS_BAR_STYLE   1
 
#define G_LOG_DOMAIN   "sd main"
 GLib log domain. More...
 

Enumerations

enum  net_scan_status { NSS_NONE = 0, NSS_BUSY, NSS_DONE }
 

Functions

static int set_kb_readable (int host_kb_index)
 Add the Host KB index to the list of readable KBs used by ospd-openvas. More...
 
static void set_scan_status (char *status)
 Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly. More...
 
static int comm_send_status (kb_t kb, char *hostname, int curr, int max)
 Sends the status of a host's scan. More...
 
static void error_message_to_client2 (kb_t kb, const char *msg, const char *port)
 
static void report_kb_failure (int errcode)
 
static void fork_sleep (int n)
 
static enum net_scan_status network_scan_status (struct scan_globals *globals)
 
static int scan_is_stopped ()
 
static int nvti_category_is_safe (int category)
 Checks that an NVT category is safe. More...
 
static int get_check_new_vhosts_flag ()
 Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily. More...
 
static void set_check_new_vhosts_flag ()
 Set global check_new_vhosts_flag to indicate that new vhosts must be fetched. More...
 
static void unset_check_new_vhosts_flag ()
 Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched. More...
 
static void check_new_vhosts ()
 Check if a plugin process pushed a new vhost value. More...
 
static int launch_plugin (struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb)
 Launches a nvt. Respects safe check preference (i.e. does not try. More...
 
static int kb_duplicate (kb_t dst, kb_t src, const gchar *filter)
 
static kb_t init_host_kb (struct scan_globals *globals, char *ip_str, kb_t *network_kb)
 Inits or loads the knowledge base for a single host. More...
 
static void attack_host (struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb)
 Attack one host. More...
 
static int host_authorized (const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
 
static char * vhosts_to_str (GSList *list)
 
static int check_host_authorization (gvm_host_t *host, const struct in6_addr *addr, kb_t kb)
 
static void attack_start (struct attack_start_args *args)
 Set up some data and jump into attack_host() More...
 
static void apply_hosts_preferences (gvm_hosts_t *hosts)
 
static int str_in_comma_list (const char *str, const char *comma_list)
 
static int iface_authorized (const char *iface)
 
static int apply_source_iface_preference ()
 
static int check_kb_access ()
 
static void handle_scan_stop_signal ()
 
void attack_network (struct scan_globals *globals, kb_t *network_kb)
 Attack a whole network. More...
 

Variables

int global_scan_stop = 0
 
static kb_t host_kb = NULL
 
static GSList * host_vhosts = NULL
 
static int check_new_vhosts_flag = 0
 

Detailed Description

Launches the plugins, and manages multithreading.

Definition in file attack.c.

Macro Definition Documentation

◆ ERR_CANT_FORK

#define ERR_CANT_FORK   -2

Definition at line 56 of file attack.c.

Referenced by attack_host(), and launch_plugin().

◆ ERR_HOST_DEAD

#define ERR_HOST_DEAD   -1

Definition at line 55 of file attack.c.

Referenced by attack_host(), and launch_plugin().

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "sd main"

GLib log domain.

Definition at line 76 of file attack.c.

◆ KB_RETRY_DELAY

#define KB_RETRY_DELAY   3 /*In sec*/

Wait KB_RETRY_DELAY seconds until trying again to get a new kb.

Definition at line 62 of file attack.c.

Referenced by attack_network().

◆ MAX_FORK_RETRIES

#define MAX_FORK_RETRIES   10

Definition at line 58 of file attack.c.

Referenced by attack_host(), and attack_network().

◆ PROGRESS_BAR_STYLE

#define PROGRESS_BAR_STYLE   1

It switches progress bar styles. If set to 1, time oriented style and it take into account only alive host. If set to 0, it not reflect progress adequately in case of dead host, which will take into account with 0% processed, producing jumps in the process bar.

Definition at line 70 of file attack.c.

Enumeration Type Documentation

◆ net_scan_status

Enumerator
NSS_NONE 
NSS_BUSY 
NSS_DONE 

Definition at line 91 of file attack.c.

92 {
93  NSS_NONE = 0,
94  NSS_BUSY,
95  NSS_DONE,
96 };

Function Documentation

◆ apply_hosts_preferences()

static void apply_hosts_preferences ( gvm_hosts_t *  hosts)
static

Definition at line 800 of file attack.c.

References hosts.

Referenced by attack_network().

801 {
802  const char *ordering = prefs_get ("hosts_ordering"),
803  *exclude_hosts = prefs_get ("exclude_hosts");
804 
805  if (hosts == NULL)
806  return;
807 
808  /* Hosts ordering strategy: sequential, random, reversed... */
809  if (ordering)
810  {
811  if (!strcmp (ordering, "random"))
812  {
813  gvm_hosts_shuffle (hosts);
814  g_debug ("hosts_ordering: Random.");
815  }
816  else if (!strcmp (ordering, "reverse"))
817  {
818  gvm_hosts_reverse (hosts);
819  g_debug ("hosts_ordering: Reverse.");
820  }
821  }
822  else
823  g_debug ("hosts_ordering: Sequential.");
824 
825  /* Exclude hosts ? */
826  if (exclude_hosts)
827  {
828  /* Exclude hosts, resolving hostnames. */
829  int ret = gvm_hosts_exclude (hosts, exclude_hosts);
830 
831  if (ret > 0)
832  g_message ("exclude_hosts: Skipped %d host(s).", ret);
833  if (ret < 0)
834  g_message ("exclude_hosts: Error.");
835  }
836 
837  /* Reverse-lookup unify ? */
838  if (prefs_get_bool ("reverse_lookup_unify"))
839  g_debug ("reverse_lookup_unify: Skipped %d host(s).",
840  gvm_hosts_reverse_lookup_unify (hosts));
841 
842  /* Hosts that reverse-lookup only ? */
843  if (prefs_get_bool ("reverse_lookup_only"))
844  g_debug ("reverse_lookup_only: Skipped %d host(s).",
845  gvm_hosts_reverse_lookup_only (hosts));
846 }
static struct host * hosts
Definition: hosts.c:59
Here is the caller graph for this function:

◆ apply_source_iface_preference()

static int apply_source_iface_preference ( )
static

Definition at line 914 of file attack.c.

References iface_authorized().

Referenced by attack_network().

915 {
916  const char *source_iface = prefs_get ("source_iface");
917  int ret;
918 
919  if (source_iface == NULL)
920  return 0;
921 
922  ret = iface_authorized (source_iface);
923  if (ret == -1)
924  {
925  gchar *msg =
926  g_strdup_printf ("Unauthorized source interface: %s", source_iface);
927  g_warning ("source_iface: Unauthorized source interface %s.",
928  source_iface);
929 
930  g_free (msg);
931  return -1;
932  }
933  else if (ret == -2)
934  {
935  gchar *msg = g_strdup_printf ("Unauthorized source interface: %s"
936  " (system-wide restriction.)",
937  source_iface);
938  g_warning ("source_iface: Unauthorized source interface %s."
939  " (sys_* preference restriction.)",
940  source_iface);
941 
942  g_free (msg);
943  return -1;
944  }
945 
946  if (gvm_source_iface_init (source_iface))
947  {
948  gchar *msg =
949  g_strdup_printf ("Erroneous source interface: %s", source_iface);
950  g_debug ("source_iface: Error with %s interface.", source_iface);
951 
952  g_free (msg);
953  return -2;
954  }
955  else
956  {
957  char *ipstr, *ip6str;
958  ipstr = gvm_source_addr_str ();
959  ip6str = gvm_source_addr6_str ();
960  g_debug ("source_iface: Using %s (%s / %s).", source_iface, ipstr,
961  ip6str);
962 
963  g_free (ipstr);
964  g_free (ip6str);
965  return 0;
966  }
967 }
static int iface_authorized(const char *iface)
Definition: attack.c:882
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_host()

static void attack_host ( struct scan_globals globals,
struct in6_addr *  ip,
GSList *  vhosts,
plugins_scheduler_t  sched,
kb_t  kb,
kb_t *  net_kb 
)
static

Attack one host.

Definition at line 526 of file attack.c.

References comm_send_status(), ERR_CANT_FORK, ERR_HOST_DEAD, fork_sleep(), host_kb, host_vhosts, init_host_kb(), launch_plugin(), MAX_FORK_RETRIES, openvas_signal, PLUG_RUNNING, pluginlaunch_init(), pluginlaunch_stop(), pluginlaunch_wait(), pluginlaunch_wait_for_free_process(), plugins_scheduler_count_active(), plugins_scheduler_free(), plugins_scheduler_next(), plugins_scheduler_stop(), process_alive(), scan_is_stopped(), and set_check_new_vhosts_flag().

Referenced by attack_start().

528 {
529  /* Used for the status */
530  int num_plugs, forks_retry = 0;
531  char ip_str[INET6_ADDRSTRLEN];
532 
533  addr6_to_str (ip, ip_str);
535  host_kb = kb;
536  host_vhosts = vhosts;
537  kb_item_set_str (kb, "internal/ip", ip_str, 0);
538  kb_item_set_int (kb, "internal/hostpid", getpid ());
539  proctitle_set ("openvas: testing %s", ip_str);
540  if (net_kb && *net_kb)
541  {
542  kb_delete (kb);
543  kb = init_host_kb (globals, ip_str, net_kb);
544  if (kb == NULL)
545  return;
546  }
547  kb_lnk_reset (kb);
548 
549  /* launch the plugins */
550  pluginlaunch_init (ip_str);
551  num_plugs = plugins_scheduler_count_active (sched);
552  for (;;)
553  {
554  struct scheduler_plugin *plugin;
555  pid_t parent;
556 
557  /* Check that our father is still alive */
558  parent = getppid ();
559  if (parent <= 1 || process_alive (parent) == 0)
560  {
562  return;
563  }
564 
565  if (scan_is_stopped ())
566  plugins_scheduler_stop (sched);
567  plugin = plugins_scheduler_next (sched);
568  if (plugin != NULL && plugin != PLUG_RUNNING)
569  {
570  int e;
571  static int last_status = 0, cur_plug = 0;
572 
573  again:
574  e = launch_plugin (globals, plugin, ip, host_vhosts, kb);
575  if (e < 0)
576  {
577  /*
578  * Remote host died
579  */
580  if (e == ERR_HOST_DEAD)
581  {
582  char buffer[2048];
583  snprintf (
584  buffer, sizeof (buffer),
585  "LOG||| |||general/Host_Details||| |||<host><detail>"
586  "<name>Host dead</name><value>1</value><source>"
587  "<description/><type/><name/></source></detail></host>");
588 #if (PROGRESS_BAR_STYLE == 1)
589  /* In case of a dead host, it sends max_ports = -1 to the
590  manager. The host will not be taken into account to
591  calculate the scan progress. */
592  comm_send_status (kb, ip_str, 0, -1);
593 #endif
594  kb_item_push_str (kb, "internal/results", buffer);
595  goto host_died;
596  }
597  else if (e == ERR_CANT_FORK)
598  {
599  if (forks_retry < MAX_FORK_RETRIES)
600  {
601  forks_retry++;
602  g_debug ("fork() failed - sleeping %d seconds (%s)",
603  forks_retry, strerror (errno));
604  fork_sleep (forks_retry);
605  goto again;
606  }
607  else
608  {
609  g_debug ("fork() failed too many times - aborting");
610  goto host_died;
611  }
612  }
613  }
614 
615  if ((cur_plug * 100) / num_plugs >= last_status
616  && !scan_is_stopped ())
617  {
618  last_status = (cur_plug * 100) / num_plugs + 2;
619  if (comm_send_status (kb, ip_str, cur_plug, num_plugs) < 0)
620  {
622  goto host_died;
623  }
624  }
625  cur_plug++;
626  }
627  else if (plugin == NULL)
628  break;
630  }
631 
632  pluginlaunch_wait (kb);
633  if (!scan_is_stopped ())
634  comm_send_status (kb, ip_str, num_plugs, num_plugs);
635 
636 host_died:
638  plugins_scheduler_free (sched);
639 }
int process_alive(pid_t pid)
Definition: utils.c:204
#define ERR_HOST_DEAD
Definition: attack.c:55
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
static int scan_is_stopped()
Definition: attack.c:227
struct scheduler_plugin * plugins_scheduler_next(plugins_scheduler_t h)
#define MAX_FORK_RETRIES
Definition: attack.c:58
void plugins_scheduler_stop(plugins_scheduler_t sched)
static kb_t init_host_kb(struct scan_globals *globals, char *ip_str, kb_t *network_kb)
Inits or loads the knowledge base for a single host.
Definition: attack.c:480
void plugins_scheduler_free(plugins_scheduler_t sched)
int plugins_scheduler_count_active(plugins_scheduler_t sched)
static GSList * host_vhosts
Definition: attack.c:250
static kb_t host_kb
Definition: attack.c:249
void pluginlaunch_wait_for_free_process(kb_t kb)
Waits and &#39;pushes&#39; processes until the number of running processes has changed.
Definition: pluginlaunch.c:403
void pluginlaunch_wait(kb_t kb)
Waits and &#39;pushes&#39; processes until num_running_processes is 0.
Definition: pluginlaunch.c:370
void pluginlaunch_stop()
Definition: pluginlaunch.c:302
static void fork_sleep(int n)
Definition: attack.c:194
static void set_check_new_vhosts_flag()
Set global check_new_vhosts_flag to indicate that new vhosts must be fetched.
Definition: attack.c:269
#define PLUG_RUNNING
static int comm_send_status(kb_t kb, char *hostname, int curr, int max)
Sends the status of a host&#39;s scan.
Definition: attack.c:156
static int launch_plugin(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb)
Launches a nvt. Respects safe check preference (i.e. does not try.
Definition: attack.c:325
#define ERR_CANT_FORK
Definition: attack.c:56
void pluginlaunch_init(const char *host)
Definition: pluginlaunch.c:265
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_network()

void attack_network ( struct scan_globals globals,
kb_t *  network_kb 
)

Attack a whole network.

Definition at line 1008 of file attack.c.

References apply_hosts_preferences(), apply_source_iface_preference(), attack_network(), attack_start(), check_kb_access(), create_process(), error_message_to_client2(), scan_globals::files_translation, fork_sleep(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, attack_start_args::host_kb, host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), KB_RETRY_DELAY, MAX_FORK_RETRIES, attack_start_args::net_kb, scan_globals::network_scan_status, network_scan_status(), scan_globals::network_targets, network_targets(), NSS_BUSY, NSS_DONE, openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_is_stopped(), attack_start_args::sched, set_scan_status(), and timeval().

Referenced by attack_network(), and handle_client().

1009 {
1010  int max_hosts = 0, max_checks;
1011  const char *hostlist;
1012  gvm_host_t *host;
1013  plugins_scheduler_t sched;
1014  int fork_retries = 0;
1015  GHashTable *files;
1016  struct timeval then, now;
1017  gvm_hosts_t *hosts;
1018  const gchar *network_targets, *port_range;
1019  gboolean network_phase = FALSE;
1020  gboolean do_network_scan = FALSE;
1021  kb_t host_kb;
1022  GSList *unresolved;
1023 
1024  gettimeofday (&then, NULL);
1025 
1026  if (prefs_get_bool ("network_scan"))
1027  do_network_scan = TRUE;
1028  else
1029  do_network_scan = FALSE;
1030 
1031  network_targets = prefs_get ("network_targets");
1032  if (network_targets != NULL)
1033  globals->network_targets = g_strdup (network_targets);
1034 
1035  if (do_network_scan)
1036  {
1037  enum net_scan_status nss;
1038 
1039  nss = network_scan_status (globals);
1040  switch (nss)
1041  {
1042  case NSS_DONE:
1043  network_phase = FALSE;
1044  break;
1045 
1046  case NSS_BUSY:
1047  network_phase = TRUE;
1048  break;
1049 
1050  default:
1051  globals->network_scan_status = g_strdup ("busy");
1052  network_phase = TRUE;
1053  break;
1054  }
1055  }
1056  else
1057  network_kb = NULL;
1058 
1059  if (check_kb_access ())
1060  return;
1061 
1062  /* Init and check Target List */
1063  hostlist = prefs_get ("TARGET");
1064  if (hostlist == NULL)
1065  {
1066  return;
1067  }
1068 
1069  /* Verify the port range is a valid one */
1070  port_range = prefs_get ("port_range");
1071  if (validate_port_range (port_range))
1072  {
1073  return;
1074  }
1075 
1076  /* Initialize the attack. */
1077  int plugins_init_error = 0;
1078  sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1079  prefs_get_bool ("auto_enable_dependencies"),
1080  network_phase, &plugins_init_error);
1081  if (!sched)
1082  {
1083  g_message ("Couldn't initialize the plugin scheduler");
1084  return;
1085  }
1086 
1087  if (plugins_init_error > 0)
1088  {
1089  char buf[96];
1090  int i = atoi (prefs_get ("ov_maindbid"));
1091  kb_t main_kb = NULL;
1092 
1093  sprintf (buf,
1094  "%d errors were found during the plugin scheduling. "
1095  "Some plugins have not been launched.",
1096  plugins_init_error);
1097 
1098  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
1099  error_message_to_client2 (main_kb, buf, NULL);
1100  kb_lnk_reset (main_kb);
1101  }
1102 
1103  max_hosts = get_max_hosts_number ();
1104  max_checks = get_max_checks_number ();
1105 
1106  if (network_phase)
1107  {
1108  if (network_targets == NULL)
1109  {
1110  g_warning (
1111  "WARNING: In network phase, but without targets! Stopping.");
1112  host = NULL;
1113  }
1114  else
1115  {
1116  int rc;
1117 
1118  g_message ("Start a new scan. Target(s) : %s, "
1119  "in network phase with target %s",
1120  hostlist, network_targets);
1121 
1122  rc = kb_new (network_kb, prefs_get ("db_address"));
1123  if (rc)
1124  {
1125  report_kb_failure (rc);
1126  host = NULL;
1127  }
1128  else
1129  kb_lnk_reset (*network_kb);
1130  }
1131  }
1132  else
1133  g_message ("Starts a new scan. Target(s) : %s, with max_hosts = %d and "
1134  "max_checks = %d",
1135  hostlist, max_hosts, max_checks);
1136 
1137  hosts = gvm_hosts_new (hostlist);
1138  unresolved = gvm_hosts_resolve (hosts);
1139  while (unresolved)
1140  {
1141  g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1142  unresolved = unresolved->next;
1143  }
1144  g_slist_free_full (unresolved, g_free);
1145  /* Apply Hosts preferences. */
1147 
1148  /* Don't start if the provided interface is unauthorized. */
1149  if (apply_source_iface_preference () != 0)
1150  {
1151  gvm_hosts_free (hosts);
1152  return;
1153  }
1154  host = gvm_hosts_next (hosts);
1155  if (host == NULL)
1156  goto stop;
1157  hosts_init (max_hosts);
1158  /*
1159  * Start the attack !
1160  */
1162  while (host && !scan_is_stopped ())
1163  {
1164  int pid, rc;
1165  struct attack_start_args args;
1166  char *host_str;
1167 
1168  do
1169  {
1170  rc = kb_new (&host_kb, prefs_get ("db_address"));
1171  if (rc < 0 && rc != -2)
1172  {
1173  report_kb_failure (rc);
1174  goto scan_stop;
1175  }
1176  else if (rc == -2)
1177  {
1178  sleep (KB_RETRY_DELAY);
1179  continue;
1180  }
1181  break;
1182  }
1183  while (1);
1184 
1185  host_str = gvm_host_value_str (host);
1186  if (hosts_new (host_str, host_kb) < 0)
1187  {
1188  g_free (host_str);
1189  goto scan_stop;
1190  }
1191 
1192  if (scan_is_stopped ())
1193  {
1194  g_free (host_str);
1195  continue;
1196  }
1197  args.host = host;
1198  args.globals = globals;
1199  args.sched = sched;
1200  args.net_kb = network_kb;
1201  args.host_kb = host_kb;
1202 
1203  forkagain:
1205  /* Close child process' socket. */
1206  if (pid < 0)
1207  {
1208  fork_retries++;
1209  if (fork_retries > MAX_FORK_RETRIES)
1210  {
1211  /* Forking failed - we go to the wait queue. */
1212  g_debug ("fork() failed - %s. %s won't be tested",
1213  strerror (errno), host_str);
1214  g_free (host_str);
1215  goto stop;
1216  }
1217 
1218  g_debug ("fork() failed - "
1219  "sleeping %d seconds and trying again...",
1220  fork_retries);
1221  fork_sleep (fork_retries);
1222  goto forkagain;
1223  }
1224  hosts_set_pid (host_str, pid);
1225  if (network_phase)
1226  g_message ("Testing %s (network level) [%d]", network_targets, pid);
1227 
1228  if (network_phase)
1229  {
1230  host = NULL;
1231  globals->network_scan_status = g_strdup ("done");
1232  }
1233  else
1234  host = gvm_hosts_next (hosts);
1235  g_free (host_str);
1236  }
1237 
1238  /* Every host is being tested... We have to wait for the processes
1239  * to terminate. */
1240  while (hosts_read () == 0)
1241  ;
1242  g_message ("Test complete");
1243 
1244 scan_stop:
1245  /* Free the memory used by the files uploaded by the user, if any. */
1246  files = globals->files_translation;
1247  if (files)
1248  g_hash_table_destroy (files);
1249 
1250 stop:
1251 
1252  gvm_hosts_free (hosts);
1253  g_free (globals->network_scan_status);
1254  g_free (globals->network_targets);
1255 
1257 
1258  gettimeofday (&now, NULL);
1259  g_message ("Total time to scan all hosts : %ld seconds",
1260  now.tv_sec - then.tv_sec);
1261 
1262  if (do_network_scan && network_phase && !scan_is_stopped ())
1263  attack_network (globals, network_kb);
1264  else
1265  set_scan_status ("finished");
1266 }
static void apply_hosts_preferences(gvm_hosts_t *hosts)
Definition: attack.c:800
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
static void attack_start(struct attack_start_args *args)
Set up some data and jump into attack_host()
Definition: attack.c:740
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int only_network, int *error)
static int scan_is_stopped()
Definition: attack.c:227
int hosts_new(char *name, kb_t kb)
Definition: hosts.c:160
static enum net_scan_status network_scan_status(struct scan_globals *globals)
Definition: attack.c:208
GHashTable * files_translation
Definition: scanneraux.h:36
#define KB_RETRY_DELAY
Definition: attack.c:62
#define MAX_FORK_RETRIES
Definition: attack.c:58
static void handle_scan_stop_signal()
Definition: attack.c:985
gvm_host_t * host
Definition: attack.c:88
static struct host * hosts
Definition: hosts.c:59
char * network_scan_status
Definition: scanneraux.h:35
static int check_kb_access()
Definition: attack.c:970
void plugins_scheduler_free(plugins_scheduler_t sched)
static pid_t pid
static void error_message_to_client2(kb_t kb, const char *msg, const char *port)
Definition: attack.c:173
static int apply_source_iface_preference()
Definition: attack.c:914
static kb_t host_kb
Definition: attack.c:249
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition: hosts.c:271
Host information, implemented as doubly linked list.
Definition: hosts.c:47
struct scan_globals * globals
Definition: attack.c:84
plugins_scheduler_t sched
Definition: attack.c:85
int get_max_hosts_number(void)
Definition: utils.c:143
char * network_targets
Definition: scanneraux.h:34
void(* process_func_t)(void *)
Definition: processes.h:31
struct timeval timeval(unsigned long val)
static void fork_sleep(int n)
Definition: attack.c:194
int hosts_init(int max_hosts)
Definition: hosts.c:153
int hosts_set_pid(char *name, pid_t pid)
Definition: hosts.c:185
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:1008
static void report_kb_failure(int errcode)
Definition: attack.c:182
tree_cell * network_targets(lex_ctxt *lexic)
pid_t create_process(process_func_t function, void *argument)
Create a new process (fork).
Definition: processes.c:97
int get_max_checks_number(void)
Definition: utils.c:174
net_scan_status
Definition: attack.c:91
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly...
Definition: attack.c:133
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_start()

static void attack_start ( struct attack_start_args args)
static

Set up some data and jump into attack_host()

Definition at line 740 of file attack.c.

References attack_host(), check_host_authorization(), attack_start_args::globals, attack_start_args::host, attack_start_args::host_kb, attack_start_args::net_kb, scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_kb_readable(), timeval(), and vhosts_to_str().

Referenced by attack_network().

741 {
742  struct scan_globals *globals = args->globals;
743  char ip_str[INET6_ADDRSTRLEN], *hostnames;
744  struct in6_addr hostip;
745  struct timeval then;
746  kb_t *net_kb = args->net_kb, kb = args->host_kb;
747  int ret;
748 
749  nvticache_reset ();
750  kb_lnk_reset (kb);
751  gettimeofday (&then, NULL);
752 
753  kb_item_set_str (kb, "internal/scan_id", globals->scan_id, 0);
754  set_kb_readable (kb_get_kb_index (kb));
755 
756  /* The reverse lookup is delayed to this step in order to not slow down the
757  * main scan process eg. case of target with big range of IP addresses. */
758  if (prefs_get_bool ("expand_vhosts"))
759  gvm_host_add_reverse_lookup (args->host);
760  if ((ret = gvm_vhosts_exclude (args->host, prefs_get ("exclude_hosts"))) > 0)
761  g_message ("exclude_hosts: Skipped %d vhost(s).", ret);
762  gvm_host_get_addr6 (args->host, &hostip);
763  addr6_to_str (&hostip, ip_str);
764  if (check_host_authorization (args->host, &hostip, kb))
765  {
766  g_warning ("Host %s access denied.", ip_str);
767  return;
768  }
769  if (prefs_get_bool ("test_empty_vhost"))
770  {
771  gvm_vhost_t *vhost =
772  gvm_vhost_new (g_strdup (ip_str), g_strdup ("IP-address"));
773  args->host->vhosts = g_slist_prepend (args->host->vhosts, vhost);
774  }
775  hostnames = vhosts_to_str (args->host->vhosts);
776  if (hostnames)
777  g_message ("Testing %s (Vhosts: %s) [%d]", ip_str, hostnames, getpid ());
778  else
779  g_message ("Testing %s [%d]", ip_str, getpid ());
780  g_free (hostnames);
781  attack_host (globals, &hostip, args->host->vhosts, args->sched, kb, net_kb);
782 
783  if (!scan_is_stopped ())
784  {
785  struct timeval now;
786 
787  gettimeofday (&now, NULL);
788  if (now.tv_usec < then.tv_usec)
789  {
790  then.tv_sec++;
791  now.tv_usec += 1000000;
792  }
793  g_message ("Finished testing %s. Time : %ld.%.2ld secs", ip_str,
794  (long) (now.tv_sec - then.tv_sec),
795  (long) ((now.tv_usec - then.tv_usec) / 10000));
796  }
797 }
static int scan_is_stopped()
Definition: attack.c:227
static int check_host_authorization(gvm_host_t *host, const struct in6_addr *addr, kb_t kb)
Definition: attack.c:706
gvm_host_t * host
Definition: attack.c:88
static int set_kb_readable(int host_kb_index)
Add the Host KB index to the list of readable KBs used by ospd-openvas.
Definition: attack.c:109
char * scan_id
Definition: scanneraux.h:38
struct scan_globals * globals
Definition: attack.c:84
plugins_scheduler_t sched
Definition: attack.c:85
struct timeval timeval(unsigned long val)
static void attack_host(struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb)
Attack one host.
Definition: attack.c:526
kb_t * net_kb
Definition: attack.c:86
static char * vhosts_to_str(GSList *list)
Definition: attack.c:676
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_host_authorization()

static int check_host_authorization ( gvm_host_t *  host,
const struct in6_addr *  addr,
kb_t  kb 
)
static

Definition at line 706 of file attack.c.

References error_message_to_client2(), and host_authorized().

Referenced by attack_start().

708 {
709  gvm_hosts_t *hosts_allow, *hosts_deny;
710  gvm_hosts_t *sys_hosts_allow, *sys_hosts_deny;
711 
712  /* Do we have the right to test this host ? */
713  hosts_allow = gvm_hosts_new (prefs_get ("hosts_allow"));
714  hosts_deny = gvm_hosts_new (prefs_get ("hosts_deny"));
715  if (!host_authorized (host, addr, hosts_allow, hosts_deny))
716  {
717  error_message_to_client2 (kb, "Host access denied.", NULL);
718  return -1;
719  }
720  sys_hosts_allow = gvm_hosts_new (prefs_get ("sys_hosts_allow"));
721  sys_hosts_deny = gvm_hosts_new (prefs_get ("sys_hosts_deny"));
722  if (!host_authorized (host, addr, sys_hosts_allow, sys_hosts_deny))
723  {
725  kb, "Host access denied (system-wide restriction.)", NULL);
726  return -1;
727  }
728 
729  gvm_hosts_free (hosts_allow);
730  gvm_hosts_free (hosts_deny);
731  gvm_hosts_free (sys_hosts_allow);
732  gvm_hosts_free (sys_hosts_deny);
733  return 0;
734 }
static int host_authorized(const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
Definition: attack.c:653
static void error_message_to_client2(kb_t kb, const char *msg, const char *port)
Definition: attack.c:173
Host information, implemented as doubly linked list.
Definition: hosts.c:47
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_kb_access()

static int check_kb_access ( )
static

Definition at line 970 of file attack.c.

References report_kb_failure().

Referenced by attack_network().

971 {
972  int rc;
973  kb_t kb;
974 
975  rc = kb_new (&kb, prefs_get ("db_address"));
976  if (rc)
977  report_kb_failure (rc);
978  else
979  kb_delete (kb);
980 
981  return rc;
982 }
static void report_kb_failure(int errcode)
Definition: attack.c:182
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_new_vhosts()

static void check_new_vhosts ( )
static

Check if a plugin process pushed a new vhost value.

Parameters
kbHost scan KB.
vhostsList of vhosts to add new vhosts to.
Returns
New vhosts list.

Definition at line 293 of file attack.c.

References get_check_new_vhosts_flag(), host_kb, host_vhosts, and unset_check_new_vhosts_flag().

Referenced by launch_plugin().

294 {
295  char *value;
296 
297  if (get_check_new_vhosts_flag () == 0)
298  return;
299 
300  while ((value = kb_item_pop_str (host_kb, "internal/vhosts")))
301  {
302  /* Get the source. */
303  char buffer[4096], *source;
304  gvm_vhost_t *vhost;
305 
306  g_snprintf (buffer, sizeof (buffer), "internal/source/%s", value);
307  source = kb_item_pop_str (host_kb, buffer);
308  assert (source);
309  vhost = gvm_vhost_new (value, source);
310  host_vhosts = g_slist_append (host_vhosts, vhost);
311  }
313 }
static GSList * host_vhosts
Definition: attack.c:250
static int get_check_new_vhosts_flag()
Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily.
Definition: attack.c:259
static kb_t host_kb
Definition: attack.c:249
static void unset_check_new_vhosts_flag()
Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched.
Definition: attack.c:279
Here is the call graph for this function:
Here is the caller graph for this function:

◆ comm_send_status()

static int comm_send_status ( kb_t  kb,
char *  hostname,
int  curr,
int  max 
)
static

Sends the status of a host's scan.

Definition at line 156 of file attack.c.

References hostname, and max.

Referenced by attack_host(), and Ensure().

157 {
158  char buffer[2048];
159 
160  if (!hostname || !kb)
161  return -1;
162 
163  if (strlen (hostname) > (sizeof (buffer) - 50))
164  return -1;
165 
166  snprintf (buffer, sizeof (buffer), "%d/%d", curr, max);
167  kb_item_push_str (kb, "internal/status", buffer);
168 
169  return 0;
170 }
#define max
Definition: nasl_wmi.c:48
const char * hostname
Definition: pluginlaunch.c:76
Here is the caller graph for this function:

◆ error_message_to_client2()

static void error_message_to_client2 ( kb_t  kb,
const char *  msg,
const char *  port 
)
static

Definition at line 173 of file attack.c.

Referenced by attack_network(), and check_host_authorization().

174 {
175  char buf[2048];
176 
177  sprintf (buf, "ERRMSG||| |||%s||| |||%s", port ?: " ", msg ?: "No error.");
178  kb_item_push_str (kb, "internal/results", buf);
179 }
Here is the caller graph for this function:

◆ fork_sleep()

static void fork_sleep ( int  n)
static

Definition at line 194 of file attack.c.

Referenced by attack_host(), and attack_network().

195 {
196  time_t then, now;
197 
198  now = then = time (NULL);
199  while (now - then < n)
200  {
201  waitpid (-1, NULL, WNOHANG);
202  usleep (10000);
203  now = time (NULL);
204  }
205 }
Here is the caller graph for this function:

◆ get_check_new_vhosts_flag()

static int get_check_new_vhosts_flag ( )
static

Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily.

Returns
1 means new vhosts must be fetched. 0 nothing to do.

Definition at line 259 of file attack.c.

References check_new_vhosts_flag.

Referenced by check_new_vhosts().

260 {
261  return check_new_vhosts_flag;
262 }
static int check_new_vhosts_flag
Definition: attack.c:251
Here is the caller graph for this function:

◆ handle_scan_stop_signal()

static void handle_scan_stop_signal ( )
static

Definition at line 985 of file attack.c.

References global_scan_stop, hosts_stop_all(), pid, and pluginlaunch_stop().

Referenced by attack_network().

986 {
987  int i = atoi (prefs_get ("ov_maindbid"));
988  kb_t main_kb = NULL;
989  char *pid;
990 
991  global_scan_stop = 1;
992  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
993  pid = kb_item_get_str (main_kb, ("internal/ovas_pid"));
994  kb_lnk_reset (main_kb);
995 
996  if (atoi (pid) == getpid ())
997  hosts_stop_all ();
998  else
1000 
1001  g_free (pid);
1002 }
void hosts_stop_all(void)
Definition: hosts.c:211
static pid_t pid
int global_scan_stop
Definition: attack.c:224
void pluginlaunch_stop()
Definition: pluginlaunch.c:302
Here is the call graph for this function:
Here is the caller graph for this function:

◆ host_authorized()

static int host_authorized ( const gvm_host_t *  host,
const struct in6_addr *  addr,
const gvm_hosts_t *  hosts_allow,
const gvm_hosts_t *  hosts_deny 
)
static

Definition at line 653 of file attack.c.

Referenced by check_host_authorization().

655 {
656  /* Check Hosts Access. */
657  if (host == NULL)
658  return 0;
659 
660  if (hosts_deny && gvm_host_in_hosts (host, addr, hosts_deny))
661  return 0;
662  if (hosts_allow && !gvm_host_in_hosts (host, addr, hosts_allow))
663  return 0;
664 
665  return 1;
666 }
Host information, implemented as doubly linked list.
Definition: hosts.c:47
Here is the caller graph for this function:

◆ iface_authorized()

static int iface_authorized ( const char *  iface)
static

Definition at line 882 of file attack.c.

References str_in_comma_list().

Referenced by apply_source_iface_preference().

883 {
884  const char *ifaces_list;
885 
886  if (iface == NULL)
887  return 0;
888 
889  ifaces_list = prefs_get ("ifaces_deny");
890  if (ifaces_list && str_in_comma_list (iface, ifaces_list))
891  return -1;
892  ifaces_list = prefs_get ("ifaces_allow");
893  if (ifaces_list && !str_in_comma_list (iface, ifaces_list))
894  return -1;
895  /* sys_* preferences are similar, but can't be overridden by the client. */
896  ifaces_list = prefs_get ("sys_ifaces_deny");
897  if (ifaces_list && str_in_comma_list (iface, ifaces_list))
898  return -2;
899  ifaces_list = prefs_get ("sys_ifaces_allow");
900  if (ifaces_list && !str_in_comma_list (iface, ifaces_list))
901  return -2;
902 
903  return 1;
904 }
static int str_in_comma_list(const char *str, const char *comma_list)
Definition: attack.c:849
Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_host_kb()

static kb_t init_host_kb ( struct scan_globals globals,
char *  ip_str,
kb_t *  network_kb 
)
static

Inits or loads the knowledge base for a single host.

Fills the knowledge base with host-specific login information for local checks if defined.

Parameters
globalsGlobal preference struct.
ip_strIP string of target host.
Returns
A knowledge base.

Definition at line 480 of file attack.c.

References kb_duplicate(), network_scan_status(), NSS_BUSY, NSS_DONE, and report_kb_failure().

Referenced by attack_host().

481 {
482  kb_t kb;
483  gchar *hostname_pattern;
484  enum net_scan_status nss;
485  const gchar *kb_path = prefs_get ("db_address");
486  int rc;
487 
488  nss = network_scan_status (globals);
489  switch (nss)
490  {
491  case NSS_DONE:
492  rc = kb_new (&kb, kb_path);
493  if (rc)
494  {
495  report_kb_failure (rc);
496  return NULL;
497  }
498 
499  hostname_pattern = g_strdup_printf ("%s/*", ip_str);
500  kb_duplicate (kb, *network_kb, hostname_pattern);
501  g_free (hostname_pattern);
502  break;
503 
504  case NSS_BUSY:
505  assert (network_kb != NULL);
506  assert (*network_kb != NULL);
507  kb = *network_kb;
508  break;
509 
510  default:
511  rc = kb_new (&kb, kb_path);
512  if (rc)
513  {
514  report_kb_failure (rc);
515  return NULL;
516  }
517  }
518 
519  return kb;
520 }
static enum net_scan_status network_scan_status(struct scan_globals *globals)
Definition: attack.c:208
static int kb_duplicate(kb_t dst, kb_t src, const gchar *filter)
Definition: attack.c:448
static void report_kb_failure(int errcode)
Definition: attack.c:182
net_scan_status
Definition: attack.c:91
Here is the call graph for this function:
Here is the caller graph for this function:

◆ kb_duplicate()

static int kb_duplicate ( kb_t  dst,
kb_t  src,
const gchar *  filter 
)
static

Definition at line 448 of file attack.c.

Referenced by init_host_kb().

449 {
450  struct kb_item *items, *p_itm;
451 
452  items = kb_item_get_pattern (src, filter ? filter : "*");
453  for (p_itm = items; p_itm != NULL; p_itm = p_itm->next)
454  {
455  gchar *newname;
456 
457  newname = strstr (p_itm->name, "/");
458  if (newname == NULL)
459  newname = p_itm->name;
460  else
461  newname += 1; /* Skip the '/' */
462 
463  kb_item_add_str (dst, newname, p_itm->v_str, 0);
464  }
465  return 0;
466 }
Here is the caller graph for this function:

◆ launch_plugin()

static int launch_plugin ( struct scan_globals globals,
struct scheduler_plugin plugin,
struct in6_addr *  ip,
GSList *  vhosts,
kb_t  kb 
)
static

Launches a nvt. Respects safe check preference (i.e. does not try.

destructive nvt if save_checks is yes).

Does not launch a plugin twice if !save_kb_replay.

Returns
ERR_HOST_DEAD if host died, ERR_CANT_FORK if forking failed, 0 otherwise.

Definition at line 325 of file attack.c.

References ACT_END, check_new_vhosts(), ERR_CANT_FORK, ERR_HOST_DEAD, mandatory_requirements_met(), name, network_scan_status(), NSS_BUSY, nvti_category_is_safe(), scheduler_plugin::oid, oid, pid, plugin_launch(), PLUGIN_STATUS_DONE, PLUGIN_STATUS_UNRUN, pluginlaunch_stop(), requirements_plugin(), scheduler_plugin::running_state, and scan_is_stopped().

Referenced by attack_host().

327 {
328  int optimize = prefs_get_bool ("optimize_test"), pid, ret = 0;
329  char *oid, *name, *error = NULL, ip_str[INET6_ADDRSTRLEN];
330  gboolean network_scan = FALSE;
331  nvti_t *nvti;
332 
333  addr6_to_str (ip, ip_str);
334  oid = plugin->oid;
335  nvti = nvticache_get_nvt (oid);
336 
337  /* eg. When NVT was moved/removed by a feed update during the scan. */
338  if (!nvti)
339  {
340  g_message ("Plugin '%s' missing from nvticache.", oid);
342  goto finish_launch_plugin;
343  }
344  if (scan_is_stopped ())
345  {
346  if (nvti_category (nvti) != ACT_END)
347  {
349  goto finish_launch_plugin;
350  }
351  else
352  {
353  name = nvticache_get_filename (oid);
354  g_message ("Stopped scan wrap-up: Launching %s (%s)", name, oid);
355  g_free (name);
356  }
357  }
358 
359  if (network_scan_status (globals) == NSS_BUSY)
360  network_scan = TRUE;
361 
362  if (prefs_get_bool ("safe_checks")
363  && !nvti_category_is_safe (nvti_category (nvti)))
364  {
365  if (prefs_get_bool ("log_whole_attack"))
366  {
367  name = nvticache_get_filename (oid);
368  g_message ("Not launching %s (%s) against %s because safe checks are"
369  " enabled (this is not an error)",
370  name, oid, ip_str);
371  g_free (name);
372  }
374  goto finish_launch_plugin;
375  }
376 
377  if (network_scan)
378  {
379  char asc_id[100];
380 
381  assert (oid);
382  snprintf (asc_id, sizeof (asc_id), "Launched/%s", oid);
383 
384  if (kb_item_get_int (kb, asc_id) > 0)
385  {
386  if (prefs_get_bool ("log_whole_attack"))
387  g_message ("Not launching %s against %s because it has already "
388  "been lanched in the past (this is not an error)",
389  oid, ip_str);
391  goto finish_launch_plugin;
392  }
393  else
394  kb_item_set_int (kb, asc_id, 1);
395  }
396 
397  /* Do not launch NVT if mandatory key is missing (e.g. an important tool
398  * was not found). This is ignored during network wide scanning phases. */
399  if (!network_scan && !mandatory_requirements_met (kb, nvti))
400  error = "because a mandatory key is missing";
401  if (error || (optimize && (error = requirements_plugin (kb, nvti))))
402  {
404  if (prefs_get_bool ("log_whole_attack"))
405  {
406  name = nvticache_get_filename (oid);
407  g_message (
408  "Not launching %s (%s) against %s %s (this is not an error)", name,
409  oid, ip_str, error);
410  g_free (name);
411  }
412  goto finish_launch_plugin;
413  }
414 
415  /* Stop the test if the host is 'dead' */
416  if (kb_item_get_int (kb, "Host/dead") > 0)
417  {
418  g_message ("The remote host %s is dead", ip_str);
421  ret = ERR_HOST_DEAD;
422  goto finish_launch_plugin;
423  }
424 
425  /* Update vhosts list and start the plugin */
426  check_new_vhosts ();
427  pid = plugin_launch (globals, plugin, ip, vhosts, kb, nvti);
428  if (pid < 0)
429  {
431  ret = ERR_CANT_FORK;
432  goto finish_launch_plugin;
433  }
434 
435  if (prefs_get_bool ("log_whole_attack"))
436  {
437  name = nvticache_get_filename (oid);
438  g_message ("Launching %s (%s) against %s [%d]", name, oid, ip_str, pid);
439  g_free (name);
440  }
441 
442 finish_launch_plugin:
443  nvti_free (nvti);
444  return ret;
445 }
#define ERR_HOST_DEAD
Definition: attack.c:55
static int scan_is_stopped()
Definition: attack.c:227
static void check_new_vhosts()
Check if a plugin process pushed a new vhost value.
Definition: attack.c:293
static enum net_scan_status network_scan_status(struct scan_globals *globals)
Definition: attack.c:208
int mandatory_requirements_met(kb_t kb, nvti_t *nvti)
Check whether mandatory requirements for plugin are met.
Definition: plugs_req.c:247
const char * oid
static pid_t pid
void pluginlaunch_stop()
Definition: pluginlaunch.c:302
const char * name
Definition: nasl_init.c:377
static int nvti_category_is_safe(int category)
Checks that an NVT category is safe.
Definition: attack.c:240
enum plugin_status running_state
char * requirements_plugin(kb_t kb, nvti_t *nvti)
Determine if the plugin requirements are met.
Definition: plugs_req.c:264
#define ERR_CANT_FORK
Definition: attack.c:56
int plugin_launch(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb, nvti_t *nvti)
Definition: pluginlaunch.c:343
Here is the call graph for this function:
Here is the caller graph for this function:

◆ network_scan_status()

static enum net_scan_status network_scan_status ( struct scan_globals globals)
static

Definition at line 208 of file attack.c.

References scan_globals::network_scan_status, NSS_BUSY, NSS_DONE, and NSS_NONE.

Referenced by attack_network(), init_host_kb(), and launch_plugin().

209 {
210  gchar *nss;
211 
212  nss = globals->network_scan_status;
213  if (nss == NULL)
214  return NSS_NONE;
215 
216  if (g_ascii_strcasecmp (nss, "busy") == 0)
217  return NSS_BUSY;
218  else if (g_ascii_strcasecmp (nss, "done") == 0)
219  return NSS_DONE;
220  else
221  return NSS_NONE;
222 }
char * network_scan_status
Definition: scanneraux.h:35
Here is the caller graph for this function:

◆ nvti_category_is_safe()

static int nvti_category_is_safe ( int  category)
static

Checks that an NVT category is safe.

Parameters
categoryCategory to check.
Returns
0 if category is unsafe, 1 otherwise.

Definition at line 240 of file attack.c.

References ACT_DENIAL, ACT_DESTRUCTIVE_ATTACK, ACT_FLOOD, and ACT_KILL_HOST.

Referenced by launch_plugin().

241 {
242  /* XXX: Duplicated from openvas/nasl. */
243  if (category == ACT_DESTRUCTIVE_ATTACK || category == ACT_KILL_HOST
244  || category == ACT_FLOOD || category == ACT_DENIAL)
245  return 0;
246  return 1;
247 }
Here is the caller graph for this function:

◆ report_kb_failure()

static void report_kb_failure ( int  errcode)
static

Definition at line 182 of file attack.c.

Referenced by attack_network(), check_kb_access(), and init_host_kb().

183 {
184  gchar *msg;
185 
186  errcode = abs (errcode);
187  msg = g_strdup_printf ("WARNING: Cannot connect to KB at '%s': %s'",
188  prefs_get ("db_address"), strerror (errcode));
189  g_warning ("%s", msg);
190  g_free (msg);
191 }
Here is the caller graph for this function:

◆ scan_is_stopped()

static int scan_is_stopped ( )
static

Definition at line 227 of file attack.c.

References global_scan_stop.

Referenced by attack_host(), attack_network(), attack_start(), and launch_plugin().

228 {
229  return global_scan_stop;
230 }
int global_scan_stop
Definition: attack.c:224
Here is the caller graph for this function:

◆ set_check_new_vhosts_flag()

static void set_check_new_vhosts_flag ( )
static

Set global check_new_vhosts_flag to indicate that new vhosts must be fetched.

Definition at line 269 of file attack.c.

References check_new_vhosts_flag.

Referenced by attack_host().

270 {
272 }
static int check_new_vhosts_flag
Definition: attack.c:251
Here is the caller graph for this function:

◆ set_kb_readable()

static int set_kb_readable ( int  host_kb_index)
static

Add the Host KB index to the list of readable KBs used by ospd-openvas.

Definition at line 109 of file attack.c.

Referenced by attack_start().

110 {
111  int i = atoi (prefs_get ("ov_maindbid"));
112  kb_t main_kb = NULL;
113 
114  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
115  if (main_kb)
116  {
117  kb_item_add_int_unique (main_kb, "internal/dbindex", host_kb_index);
118  return 0;
119  }
120  g_warning ("Not possible to add the kb index %d to the list of "
121  "ready to read kb",
122  host_kb_index);
123  return -1;
124 }
Here is the caller graph for this function:

◆ set_scan_status()

static void set_scan_status ( char *  status)
static

Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.

Parameters
[in]statusStatus to set.

Definition at line 133 of file attack.c.

References scan_globals::scan_id.

Referenced by attack_network().

134 {
135  int i = atoi (prefs_get ("ov_maindbid"));
136  kb_t main_kb = NULL;
137 
138  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
139  if (main_kb)
140  {
141  char buffer[96];
142  char *scan_id = kb_item_get_str (main_kb, ("internal/scanid"));
143 
144  snprintf (buffer, sizeof (buffer), "internal/%s", scan_id);
145  kb_item_set_str (main_kb, buffer, status, 0);
146 
147  return;
148  }
149  g_warning ("Not possible to set the scan as finished");
150 }
Here is the caller graph for this function:

◆ str_in_comma_list()

static int str_in_comma_list ( const char *  str,
const char *  comma_list 
)
static

Definition at line 849 of file attack.c.

Referenced by iface_authorized().

850 {
851  gchar **element, **split;
852 
853  if (str == NULL || comma_list == NULL)
854  return 0;
855 
856  split = g_strsplit (comma_list, ",", 0);
857  element = split;
858  while (*element)
859  {
860  gchar *stripped = g_strstrip (*element);
861 
862  if (stripped && strcmp (stripped, str) == 0)
863  {
864  g_strfreev (split);
865  return 1;
866  }
867 
868  element++;
869  }
870 
871  g_strfreev (split);
872  return 0;
873 }
Here is the caller graph for this function:

◆ unset_check_new_vhosts_flag()

static void unset_check_new_vhosts_flag ( )
static

Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched.

Definition at line 279 of file attack.c.

References check_new_vhosts_flag.

Referenced by check_new_vhosts().

280 {
282 }
static int check_new_vhosts_flag
Definition: attack.c:251
Here is the caller graph for this function:

◆ vhosts_to_str()

static char* vhosts_to_str ( GSList *  list)
static

Definition at line 676 of file attack.c.

References list::next.

Referenced by attack_start().

677 {
678  GString *string;
679 
680  if (!list)
681  return NULL;
682  string = g_string_new (((gvm_vhost_t *) list->data)->value);
683  if (g_slist_length (list) == 1)
684  return g_string_free (string, FALSE);
685  list = list->next;
686  while (list)
687  {
688  g_string_append (string, ", ");
689  g_string_append (string, ((gvm_vhost_t *) list->data)->value);
690  list = list->next;
691  }
692  return g_string_free (string, FALSE);
693 }
struct list * next
Here is the caller graph for this function:

Variable Documentation

◆ check_new_vhosts_flag

int check_new_vhosts_flag = 0
static

◆ global_scan_stop

int global_scan_stop = 0

◆ host_kb

kb_t host_kb = NULL
static

Definition at line 249 of file attack.c.

Referenced by attack_host(), attack_network(), and check_new_vhosts().

◆ host_vhosts

GSList* host_vhosts = NULL
static

Definition at line 250 of file attack.c.

Referenced by attack_host(), and check_new_vhosts().