OpenVAS Scanner
7.0.1~git
|
Launches the plugins, and manages multithreading. More...
#include "attack.h"
#include "../misc/network.h"
#include "../misc/nvt_categories.h"
#include "../misc/pcap_openvas.h"
#include "../nasl/nasl_debug.h"
#include "hosts.h"
#include "pluginlaunch.h"
#include "pluginload.h"
#include "pluginscheduler.h"
#include "plugs_req.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gvm/base/hosts.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/base/proctitle.h>
#include <gvm/util/nvticache.h>
#include <stdlib.h>
#include <string.h>
#include <sys/wait.h>
#include <unistd.h>
Go to the source code of this file.
Data Structures | |
struct | attack_start_args |
Macros | |
#define | ERR_HOST_DEAD -1 |
#define | ERR_CANT_FORK -2 |
#define | MAX_FORK_RETRIES 10 |
#define | KB_RETRY_DELAY 3 /*In sec*/ |
#define | PROGRESS_BAR_STYLE 1 |
#define | G_LOG_DOMAIN "sd main" |
GLib log domain. More... | |
Enumerations | |
enum | net_scan_status { NSS_NONE = 0, NSS_BUSY, NSS_DONE } |
Functions | |
static int | set_kb_readable (int host_kb_index) |
Add the Host KB index to the list of readable KBs used by ospd-openvas. More... | |
static void | set_scan_status (char *status) |
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly. More... | |
static int | comm_send_status (kb_t kb, char *hostname, int curr, int max) |
Sends the status of a host's scan. More... | |
static void | error_message_to_client2 (kb_t kb, const char *msg, const char *port) |
static void | report_kb_failure (int errcode) |
static void | fork_sleep (int n) |
static enum net_scan_status | network_scan_status (struct scan_globals *globals) |
static int | scan_is_stopped () |
static int | nvti_category_is_safe (int category) |
Checks that an NVT category is safe. More... | |
static int | get_check_new_vhosts_flag () |
Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily. More... | |
static void | set_check_new_vhosts_flag () |
Set global check_new_vhosts_flag to indicate that new vhosts must be fetched. More... | |
static void | unset_check_new_vhosts_flag () |
Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched. More... | |
static void | check_new_vhosts () |
Check if a plugin process pushed a new vhost value. More... | |
static int | launch_plugin (struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb) |
Launches a nvt. Respects safe check preference (i.e. does not try. More... | |
static int | kb_duplicate (kb_t dst, kb_t src, const gchar *filter) |
static kb_t | init_host_kb (struct scan_globals *globals, char *ip_str, kb_t *network_kb) |
Inits or loads the knowledge base for a single host. More... | |
static void | attack_host (struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb) |
Attack one host. More... | |
static int | host_authorized (const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny) |
static char * | vhosts_to_str (GSList *list) |
static int | check_host_authorization (gvm_host_t *host, const struct in6_addr *addr, kb_t kb) |
static void | attack_start (struct attack_start_args *args) |
Set up some data and jump into attack_host() More... | |
static void | apply_hosts_preferences (gvm_hosts_t *hosts) |
static int | str_in_comma_list (const char *str, const char *comma_list) |
static int | iface_authorized (const char *iface) |
static int | apply_source_iface_preference () |
static int | check_kb_access () |
static void | handle_scan_stop_signal () |
void | attack_network (struct scan_globals *globals, kb_t *network_kb) |
Attack a whole network. More... | |
Variables | |
int | global_scan_stop = 0 |
static kb_t | host_kb = NULL |
static GSList * | host_vhosts = NULL |
static int | check_new_vhosts_flag = 0 |
Launches the plugins, and manages multithreading.
Definition in file attack.c.
#define ERR_CANT_FORK -2 |
Definition at line 56 of file attack.c.
Referenced by attack_host(), and launch_plugin().
#define ERR_HOST_DEAD -1 |
Definition at line 55 of file attack.c.
Referenced by attack_host(), and launch_plugin().
#define KB_RETRY_DELAY 3 /*In sec*/ |
Wait KB_RETRY_DELAY seconds until trying again to get a new kb.
Definition at line 62 of file attack.c.
Referenced by attack_network().
#define MAX_FORK_RETRIES 10 |
Definition at line 58 of file attack.c.
Referenced by attack_host(), and attack_network().
#define PROGRESS_BAR_STYLE 1 |
It switches progress bar styles. If set to 1, time oriented style and it take into account only alive host. If set to 0, it not reflect progress adequately in case of dead host, which will take into account with 0% processed, producing jumps in the process bar.
enum net_scan_status |
Enumerator | |
---|---|
NSS_NONE | |
NSS_BUSY | |
NSS_DONE |
|
static |
Definition at line 800 of file attack.c.
References hosts.
Referenced by attack_network().
|
static |
Definition at line 914 of file attack.c.
References iface_authorized().
Referenced by attack_network().
|
static |
Attack one host.
Definition at line 526 of file attack.c.
References comm_send_status(), ERR_CANT_FORK, ERR_HOST_DEAD, fork_sleep(), host_kb, host_vhosts, init_host_kb(), launch_plugin(), MAX_FORK_RETRIES, openvas_signal, PLUG_RUNNING, pluginlaunch_init(), pluginlaunch_stop(), pluginlaunch_wait(), pluginlaunch_wait_for_free_process(), plugins_scheduler_count_active(), plugins_scheduler_free(), plugins_scheduler_next(), plugins_scheduler_stop(), process_alive(), scan_is_stopped(), and set_check_new_vhosts_flag().
Referenced by attack_start().
void attack_network | ( | struct scan_globals * | globals, |
kb_t * | network_kb | ||
) |
Attack a whole network.
Definition at line 1008 of file attack.c.
References apply_hosts_preferences(), apply_source_iface_preference(), attack_network(), attack_start(), check_kb_access(), create_process(), error_message_to_client2(), scan_globals::files_translation, fork_sleep(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, attack_start_args::host_kb, host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), KB_RETRY_DELAY, MAX_FORK_RETRIES, attack_start_args::net_kb, scan_globals::network_scan_status, network_scan_status(), scan_globals::network_targets, network_targets(), NSS_BUSY, NSS_DONE, openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_is_stopped(), attack_start_args::sched, set_scan_status(), and timeval().
Referenced by attack_network(), and handle_client().
|
static |
Set up some data and jump into attack_host()
Definition at line 740 of file attack.c.
References attack_host(), check_host_authorization(), attack_start_args::globals, attack_start_args::host, attack_start_args::host_kb, attack_start_args::net_kb, scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_kb_readable(), timeval(), and vhosts_to_str().
Referenced by attack_network().
|
static |
Definition at line 706 of file attack.c.
References error_message_to_client2(), and host_authorized().
Referenced by attack_start().
|
static |
Definition at line 970 of file attack.c.
References report_kb_failure().
Referenced by attack_network().
|
static |
Check if a plugin process pushed a new vhost value.
kb | Host scan KB. |
vhosts | List of vhosts to add new vhosts to. |
Definition at line 293 of file attack.c.
References get_check_new_vhosts_flag(), host_kb, host_vhosts, and unset_check_new_vhosts_flag().
Referenced by launch_plugin().
|
static |
Sends the status of a host's scan.
Definition at line 156 of file attack.c.
Referenced by attack_host(), and Ensure().
|
static |
Definition at line 173 of file attack.c.
Referenced by attack_network(), and check_host_authorization().
|
static |
Definition at line 194 of file attack.c.
Referenced by attack_host(), and attack_network().
|
static |
Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily.
Definition at line 259 of file attack.c.
References check_new_vhosts_flag.
Referenced by check_new_vhosts().
|
static |
Definition at line 985 of file attack.c.
References global_scan_stop, hosts_stop_all(), pid, and pluginlaunch_stop().
Referenced by attack_network().
|
static |
Definition at line 653 of file attack.c.
Referenced by check_host_authorization().
|
static |
Definition at line 882 of file attack.c.
References str_in_comma_list().
Referenced by apply_source_iface_preference().
|
static |
Inits or loads the knowledge base for a single host.
Fills the knowledge base with host-specific login information for local checks if defined.
globals | Global preference struct. |
ip_str | IP string of target host. |
Definition at line 480 of file attack.c.
References kb_duplicate(), network_scan_status(), NSS_BUSY, NSS_DONE, and report_kb_failure().
Referenced by attack_host().
|
static |
Definition at line 448 of file attack.c.
Referenced by init_host_kb().
|
static |
Launches a nvt. Respects safe check preference (i.e. does not try.
destructive nvt if save_checks is yes).
Does not launch a plugin twice if !save_kb_replay.
Definition at line 325 of file attack.c.
References ACT_END, check_new_vhosts(), ERR_CANT_FORK, ERR_HOST_DEAD, mandatory_requirements_met(), name, network_scan_status(), NSS_BUSY, nvti_category_is_safe(), scheduler_plugin::oid, oid, pid, plugin_launch(), PLUGIN_STATUS_DONE, PLUGIN_STATUS_UNRUN, pluginlaunch_stop(), requirements_plugin(), scheduler_plugin::running_state, and scan_is_stopped().
Referenced by attack_host().
|
static |
Definition at line 208 of file attack.c.
References scan_globals::network_scan_status, NSS_BUSY, NSS_DONE, and NSS_NONE.
Referenced by attack_network(), init_host_kb(), and launch_plugin().
|
static |
Checks that an NVT category is safe.
category | Category to check. |
Definition at line 240 of file attack.c.
References ACT_DENIAL, ACT_DESTRUCTIVE_ATTACK, ACT_FLOOD, and ACT_KILL_HOST.
Referenced by launch_plugin().
|
static |
Definition at line 182 of file attack.c.
Referenced by attack_network(), check_kb_access(), and init_host_kb().
|
static |
Definition at line 227 of file attack.c.
References global_scan_stop.
Referenced by attack_host(), attack_network(), attack_start(), and launch_plugin().
|
static |
Set global check_new_vhosts_flag to indicate that new vhosts must be fetched.
Definition at line 269 of file attack.c.
References check_new_vhosts_flag.
Referenced by attack_host().
|
static |
Add the Host KB index to the list of readable KBs used by ospd-openvas.
Definition at line 109 of file attack.c.
Referenced by attack_start().
|
static |
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
[in] | status | Status to set. |
Definition at line 133 of file attack.c.
References scan_globals::scan_id.
Referenced by attack_network().
|
static |
Definition at line 849 of file attack.c.
Referenced by iface_authorized().
|
static |
Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched.
Definition at line 279 of file attack.c.
References check_new_vhosts_flag.
Referenced by check_new_vhosts().
|
static |
Definition at line 676 of file attack.c.
References list::next.
Referenced by attack_start().
|
static |
Definition at line 251 of file attack.c.
Referenced by get_check_new_vhosts_flag(), set_check_new_vhosts_flag(), and unset_check_new_vhosts_flag().
int global_scan_stop = 0 |
Definition at line 224 of file attack.c.
Referenced by handle_scan_stop_signal(), host_rm(), hosts_new(), hosts_stop_all(), and scan_is_stopped().
|
static |
Definition at line 249 of file attack.c.
Referenced by attack_host(), attack_network(), and check_new_vhosts().
|
static |
Definition at line 250 of file attack.c.
Referenced by attack_host(), and check_new_vhosts().