31 #include "../misc/network.h" 32 #include "../misc/plugutils.h" 43 #include <arpa/inet.h> 46 #include <gnutls/gnutls.h> 47 #include <gvm/base/logging.h> 48 #include <gvm/base/networking.h> 49 #include <gvm/base/prefs.h> 50 #include <netinet/in.h> 57 #define EADDRNOTAVAIL EADDRINUSE 64 #define G_LOG_DOMAIN "lib nasl" 71 int flags = fcntl (soc, F_GETFL, 0);
74 perror (
"fcntl(F_GETFL)");
77 if (fcntl (soc, F_SETFL, O_NONBLOCK | flags) < 0)
79 perror (
"fcntl(F_SETFL,O_NONBLOCK)");
88 int flags = fcntl (soc, F_GETFL, 0);
91 perror (
"fcntl(F_GETFL)");
94 if (fcntl (soc, F_SETFL, (~O_NONBLOCK) & flags) < 0)
96 perror (
"fcntl(F_SETFL,~O_NONBLOCK)");
105 const char *time_between_request;
108 time_between_request = prefs_get (
"time_between_request");
109 if (time_between_request)
110 minwaittime = atoi (time_between_request);
114 static double lastprobesec = 0;
115 static double lastprobeusec = 0;
120 gettimeofday (&tvnow, NULL);
121 if (lastprobesec <= 0)
123 lastprobesec = tvnow.tv_sec - 10;
124 lastprobeusec = tvnow.tv_usec;
127 tvdiff.tv_sec = tvnow.tv_sec - lastprobesec;
128 tvdiff.tv_usec = tvnow.tv_usec - lastprobeusec;
129 if (tvdiff.tv_usec <= 0)
132 tvdiff.tv_usec *= -1;
135 diff_msec = tvdiff.tv_sec * 1000 + tvdiff.tv_usec / 1000;
136 time2wait = (minwaittime - diff_msec) * 1000;
140 gettimeofday (&tvnow, NULL);
141 lastprobesec = tvnow.tv_sec;
142 lastprobeusec = tvnow.tv_usec;
168 int *key = g_memdup (&soc,
sizeof (
int));
171 data_record->
data = g_memdup ((gconstpointer)
data, (guint)
len);
173 if (udp_data == NULL)
176 g_hash_table_new_full (g_int_hash, g_int_equal, g_free, g_free);
180 g_hash_table_replace (udp_data, (gpointer) key, (gpointer) data_record);
189 GHashTable *udp_data;
195 g_hash_table_new_full (g_int_hash, g_int_equal, g_free, g_free);
199 data_record = g_hash_table_lookup (udp_data, (gconstpointer) &soc);
205 return data_record->
data;
215 g_hash_table_remove (udp_data, (gconstpointer) &soc);
226 int sport, current_sport = -1;
230 struct sockaddr_in addr, daddr;
231 struct sockaddr_in6 addr6, daddr6;
246 lexic,
"open_private_socket: missing or undefined parameter dport!\n");
251 current_sport = 1023;
254 if (proto == IPPROTO_TCP)
257 if (IN6_IS_ADDR_V4MAPPED (p))
260 bzero (&addr,
sizeof (addr));
261 if (proto == IPPROTO_TCP)
262 sock = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
264 sock = socket (AF_INET, SOCK_DGRAM, IPPROTO_UDP);
269 bzero (&addr6,
sizeof (addr6));
270 if (proto == IPPROTO_TCP)
271 sock = socket (AF_INET6, SOCK_STREAM, IPPROTO_TCP);
273 sock = socket (AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
285 if (current_sport < 128 && sport < 0)
290 e = gvm_source_set_socket (sock, sport > 0 ? sport : current_sport--, family);
311 if (IN6_IS_ADDR_V4MAPPED (p))
313 bzero (&daddr,
sizeof (daddr));
314 daddr.sin_addr.s_addr = p->s6_addr32[3];
315 daddr.sin_family = AF_INET;
316 daddr.sin_port = htons (dport);
318 e = connect (sock, (
struct sockaddr *) &daddr,
sizeof (daddr));
322 bzero (&daddr6,
sizeof (daddr6));
323 memcpy (&daddr6.sin6_addr, p, sizeof (
struct in6_addr));
324 daddr6.sin6_family = AF_INET6;
325 daddr6.sin6_port = htons (dport);
327 e = connect (sock, (
struct sockaddr *) &daddr6,
sizeof (daddr6));
340 else if (errno != EINPROGRESS)
353 e = select (sock + 1, NULL, &rd, NULL, to > 0 ? &tv : NULL);
355 while (e < 0 && errno == EINTR);
364 opt_sz =
sizeof (opt);
366 if (getsockopt (sock, SOL_SOCKET, SO_ERROR, &opt, &opt_sz) < 0)
368 g_message (
"[%d] open_priv_sock()->getsockopt() failed : %s", getpid (),
394 if (proto == IPPROTO_TCP)
398 retc->
x.
i_val = sock < 0 ? 0 : sock;
423 const char *priority;
459 else if (transport == 0)
464 if (bufsz > 0 && soc >= 0)
467 nasl_perror (lexic,
"stream_set_buffer: soc=%d,bufsz=%d\n", soc, bufsz);
471 retc->
x.
i_val = soc < 0 ? 0 : soc;
534 struct sockaddr_in soca;
535 struct sockaddr_in6 soca6;
546 if (IN6_IS_ADDR_V4MAPPED (ia))
548 bzero (&soca,
sizeof (soca));
549 soca.sin_addr.s_addr = ia->s6_addr32[3];
550 soca.sin_port = htons (port);
551 soca.sin_family = AF_INET;
553 soc = socket (AF_INET, SOCK_DGRAM, 0);
556 gvm_source_set_socket (soc, 0, AF_INET);
557 if (connect (soc, (
struct sockaddr *) &soca,
sizeof (soca)) < 0)
565 bzero (&soca6,
sizeof (soca6));
566 memcpy (&soca6.sin6_addr, ia, sizeof (
struct in6_addr));
567 soca6.sin6_port = htons (port);
568 soca6.sin6_family = AF_INET6;
570 soc = socket (AF_INET6, SOCK_DGRAM, 0);
573 gvm_source_set_socket (soc, 0, AF_INET6);
574 if (connect (soc, (
struct sockaddr *) &soca6,
sizeof (soca6)) < 0)
592 int soc, transport, ret;
600 nasl_perror (lexic,
"socket_ssl_negotiate: Erroneous socket value %d\n",
609 "socket_ssl_negotiate: Erroneous transport value %d\n",
625 int soc, cert_len = 0;
632 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
640 retc->
size = cert_len;
655 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
659 if (sid == NULL || sid_len == 0)
663 retc->
size = sid_len;
712 unsigned int opt_len =
sizeof (type);
715 if (len <= 0 || soc <= 0)
721 data = g_malloc0 (len);
723 e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
727 if (e == 0 && type == SOCK_DGRAM)
733 tv.tv_sec = to / retries;
734 tv.tv_usec = (to % retries) * 100000;
736 for (i = 0; i < retries; i++)
741 if (select (soc + 1, &rd, NULL, NULL, &tv) > 0)
744 e = recv (soc, data + new_len, len - new_len, 0);
767 send (soc, data, len, 0);
768 tv.tv_sec = to / retries;
769 tv.tv_usec = (to % retries) * 100000;
782 retc->
x.
str_val = g_memdup (data, new_len);
783 retc->
size = new_len;
806 if (len == -1 || soc <= 0)
808 nasl_perror (lexic,
"recv_line: missing or undefined parameter" 809 " length or socket\n");
823 data = g_malloc0 (len + 1);
831 if (timeout >= 0 && time (NULL) - t1 < timeout)
837 if ((data[n - 1] ==
'\n') || (n >= len))
850 retc->
size = new_len;
851 retc->
x.
str_val = g_memdup (data, new_len + 1);
871 unsigned int type_len =
sizeof (type);
873 if (soc <= 0 || data == NULL)
875 nasl_perror (lexic,
"Syntax error with the send() function\n");
877 "Correct syntax is : send(socket:<soc>, data:<data>\n");
881 if (length <= 0 || length > data_length)
882 length = data_length;
885 && getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &type_len) == 0
886 && type == SOCK_DGRAM)
888 n = send (soc, data, length,
option);
909 unsigned int opt_len =
sizeof (type);
920 nasl_perror (lexic,
"close(%d): Invalid socket value\n", soc);
924 e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
927 if (type == SOCK_DGRAM)
936 nasl_perror (lexic,
"close(%d): %s\n", soc, strerror (errno));
960 nasl_perror (lexic,
"join_multicast_group: missing parameter\n");
963 if (!inet_aton (a, &m.imr_multiaddr))
965 nasl_perror (lexic,
"join_multicast_group: invalid parameter '%s'\n", a);
968 m.imr_interface.s_addr = INADDR_ANY;
972 if (
jmg_desc[i].in.s_addr == m.imr_multiaddr.s_addr
983 int s = socket (AF_INET, SOCK_DGRAM, 0);
986 nasl_perror (lexic,
"join_multicast_group: socket: %s\n",
991 if (setsockopt (s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &m,
sizeof (m)) < 0)
994 lexic,
"join_multicast_group: setsockopt(IP_ADD_MEMBERSHIP): %s\n",
1025 nasl_perror (lexic,
"leave_multicast_group: missing parameter\n");
1028 if (!inet_aton (a, &ia))
1030 nasl_perror (lexic,
"leave_multicast_group: invalid parameter '%s'\n", a);
1042 nasl_perror (lexic,
"leave_multicast_group: never joined group %s\n", a);
1050 struct sockaddr_in ia;
1055 unsigned int type_len =
sizeof (type);
1060 nasl_perror (lexic,
"get_source_port: missing socket parameter\n");
1064 && getsockopt (s, SOL_SOCKET, SO_TYPE, &type, &type_len) == 0
1065 && type == SOCK_DGRAM)
1072 nasl_perror (lexic,
"get_source_port: invalid socket parameter %d\n", s);
1076 if (getsockname (fd, (
struct sockaddr *) &ia, &l) < 0)
1078 nasl_perror (lexic,
"get_source_port: getsockname(%d): %s\n", fd,
1083 retc->
x.
i_val = ntohs (ia.sin_port);
1120 g_message (
"socket_get_error: Erroneous socket value %d", soc);
1124 g_message (
"Unknown error %d %s", err, strerror (err));
1195 const char *keyword, *s;
1199 gnutls_session_t tls_session;
1206 nasl_perror (lexic,
"error: socket %d is not valid\n");
1215 nasl_perror (lexic,
"error: second argument is not of type string\n");
1233 nasl_perror (lexic,
"error retrieving infos for socket %d: %s\n", sock,
1237 else if (!strcmp (keyword,
"encaps"))
1244 else if (!strcmp (keyword,
"tls-proto"))
1250 gnutls_protocol_get_name (gnutls_protocol_get_version (tls_session));
1251 strval = g_strdup (s ? s :
"[?]");
1253 else if (!strcmp (keyword,
"tls-kx"))
1258 s = gnutls_kx_get_name (gnutls_kx_get (tls_session));
1259 strval = g_strdup (s ? s :
"");
1261 else if (!strcmp (keyword,
"tls-certtype"))
1266 s = gnutls_certificate_type_get_name (
1267 gnutls_certificate_type_get (tls_session));
1268 strval = g_strdup (s ? s :
"");
1270 else if (!strcmp (keyword,
"tls-cipher"))
1275 s = gnutls_cipher_get_name (gnutls_cipher_get (tls_session));
1276 strval = g_strdup (s ? s :
"");
1278 else if (!strcmp (keyword,
"tls-mac"))
1283 s = gnutls_mac_get_name (gnutls_mac_get (tls_session));
1284 strval = g_strdup (s ? s :
"");
1286 else if (!strcmp (keyword,
"tls-auth"))
1292 switch (gnutls_auth_get_type (tls_session))
1294 case GNUTLS_CRD_ANON:
1297 case GNUTLS_CRD_CERTIFICATE:
1300 case GNUTLS_CRD_PSK:
1303 case GNUTLS_CRD_SRP:
1311 strval = g_strdup (s);
1313 else if (!strcmp (keyword,
"tls-cert"))
1318 && gnutls_certificate_type_get (tls_session) == GNUTLS_CRT_X509)
1320 const gnutls_datum_t *
list;
1321 unsigned int nlist = 0;
1325 list = gnutls_certificate_get_peers (tls_session, &nlist);
1332 retc->
x.
ref_val = a = g_malloc0 (
sizeof *a);
1334 for (i = 0; i < nlist; i++)
1336 memset (&v, 0,
sizeof v);
1347 nasl_perror (lexic,
"unknown keyword '%s'\n", keyword);
1359 retc->
size = strlen (strval);
1394 gnutls_x509_crt_t *cert = NULL;
1395 gnutls_x509_trust_list_t ca_list;
1396 unsigned int ca_list_size = 0;
1397 unsigned int i, cert_n = 0;
1398 unsigned int voutput;
1399 const gnutls_datum_t *certs;
1402 gnutls_session_t tls_session;
1407 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
1418 nasl_perror (lexic,
"error retrieving tls_session for socket %d: %s\n",
1419 soc, strerror (err));
1426 && gnutls_certificate_type_get (tls_session) == GNUTLS_CRT_X509)
1428 certs = gnutls_certificate_get_peers (tls_session, &cert_n);
1435 cert = g_malloc0 (
sizeof (*cert) * cert_n);
1436 for (i = 0; i < cert_n; i++)
1438 if (gnutls_x509_crt_init (&cert[i]) != GNUTLS_E_SUCCESS)
1440 if (gnutls_x509_crt_import (cert[i], &certs[i], GNUTLS_X509_FMT_DER)
1441 != GNUTLS_E_SUCCESS)
1446 if ((ret = gnutls_x509_trust_list_init (&ca_list, ca_list_size)) < 0)
1448 ret = gnutls_x509_trust_list_add_system_trust (ca_list, 0, 0);
1453 if (gnutls_x509_trust_list_verify_crt (ca_list, cert, cert_n, 0, &voutput,
1455 != GNUTLS_E_SUCCESS)
int get_var_type_by_name(lex_ctxt *, const char *)
static int block_socket(int soc)
static int add_udp_data(struct script_infos *script_infos, int soc, char *data, int len)
tree_cell * nasl_open_sock_tcp_bufsz(lex_ctxt *lexic, int bufsz)
tree_cell * nasl_socket_get_ssl_version(lex_ctxt *lexic)
tree_cell * nasl_leave_multicast_group(lex_ctxt *lexic)
#define NASL_ERR_ETIMEDOUT
tree_cell * nasl_socket_get_ssl_session_id(lex_ctxt *lexic)
const char * get_encaps_name(openvas_encaps_t code)
tree_cell * nasl_socket_cert_verify(lex_ctxt *lexic)
Verify a certificate.
#define NASL_ERR_ECONNRESET
tree_cell * nasl_socket_get_error(lex_ctxt *lexic)
#define NASL_ERR_EUNREACH
int openvas_get_socket_from_connection(int fd)
tree_cell * nasl_send(lex_ctxt *lexic)
static void wait_before_next_probe()
static tree_cell * nasl_open_privileged_socket(lex_ctxt *lexic, int proto)
int openvas_register_connection(int soc, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
static int unblock_socket(int soc)
static struct jmg * jmg_desc
int stream_set_buffer(int fd, int sz)
int open_stream_auto_encaps_ext(struct script_infos *args, unsigned int port, int timeout, int force)
struct script_infos * script_infos
tree_cell * nasl_open_priv_sock_tcp(lex_ctxt *lexic)
char * get_str_var_by_name(lex_ctxt *, const char *)
int nsend(int fd, void *data, int length, int i_opt)
int add_var_to_list(nasl_array *a, int i, const anon_nasl_var *v)
tree_cell * nasl_socket_get_ssl_ciphersuite(lex_ctxt *lexic)
tree_cell * alloc_typed_cell(int typ)
tree_cell * nasl_open_priv_sock_udp(lex_ctxt *lexic)
int socket_get_ssl_version(int fd)
void socket_get_cert(int fd, void **cert, int *certlen)
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
static char * get_udp_data(struct script_infos *script_infos, int soc, int *len)
struct in6_addr * plug_get_host_ip(struct script_infos *args)
int stream_get_buffer_sz(int fd)
tree_cell * nasl_recv(lex_ctxt *lexic)
tree_cell * nasl_close_socket(lex_ctxt *lexic)
int socket_negotiate_ssl(int fd, openvas_encaps_t transport, struct script_infos *args)
tree_cell * nasl_join_multicast_group(lex_ctxt *lexic)
int socket_get_ssl_ciphersuite(int fd)
int stream_get_err(int fd)
tree_cell * nasl_socket_get_cert(lex_ctxt *lexic)
long int get_int_var_by_num(lex_ctxt *, int, int)
void nasl_perror(lex_ctxt *lexic, char *msg,...)
tree_cell * nasl_socket_negotiate_ssl(lex_ctxt *lexic)
char * get_str_var_by_num(lex_ctxt *, int)
struct timeval timeval(unsigned long val)
long int get_int_var_by_name(lex_ctxt *, const char *, int)
tree_cell * nasl_get_sock_info(lex_ctxt *lexic)
Get info pertaining to a socket.
union st_a_nasl_var::@4 v
void socket_get_ssl_session_id(int fd, void **sid, size_t *ssize)
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority)
int get_sock_infos(int sock, int *r_transport, void **r_tls_session)
tree_cell * nasl_open_sock_udp(lex_ctxt *lexic)
tree_cell * nasl_open_sock_tcp(lex_ctxt *lexic)
Open a TCP socket to the target host.
tree_cell * nasl_get_source_port(lex_ctxt *lexic)
int stream_set_timeout(int fd, int timeout)
int get_var_size_by_name(lex_ctxt *, const char *)
tree_cell * nasl_recv_line(lex_ctxt *lexic)
int get_var_type_by_num(lex_ctxt *, int)
Returns NASL variable/cell type, VAR2_UNDEF if value is NULL.
int close_stream_connection(int fd)
static void rm_udp_data(struct script_infos *script_infos, int soc)