28 #include "../misc/network.h" 29 #include "../misc/nvt_categories.h" 30 #include "../misc/pcap_openvas.h" 31 #include "../nasl/nasl_debug.h" 41 #include <arpa/inet.h> 45 #include <gvm/base/hosts.h> 46 #include <gvm/base/networking.h> 47 #include <gvm/base/prefs.h> 48 #include <gvm/base/proctitle.h> 49 #include <gvm/util/nvticache.h> 55 #define ERR_HOST_DEAD -1 56 #define ERR_CANT_FORK -2 58 #define MAX_FORK_RETRIES 10 62 #define KB_RETRY_DELAY 3 70 #define PROGRESS_BAR_STYLE 1 76 #define G_LOG_DOMAIN "sd main" 111 int i = atoi (prefs_get (
"ov_maindbid"));
114 main_kb = kb_direct_conn (prefs_get (
"db_address"), i);
117 kb_item_add_int_unique (main_kb,
"internal/dbindex", host_kb_index);
120 g_warning (
"Not possible to add the kb index %d to the list of " 135 int i = atoi (prefs_get (
"ov_maindbid"));
138 main_kb = kb_direct_conn (prefs_get (
"db_address"), i);
142 char *
scan_id = kb_item_get_str (main_kb, (
"internal/scanid"));
144 snprintf (buffer,
sizeof (buffer),
"internal/%s",
scan_id);
145 kb_item_set_str (main_kb, buffer, status, 0);
149 g_warning (
"Not possible to set the scan as finished");
163 if (strlen (
hostname) > (
sizeof (buffer) - 50))
166 snprintf (buffer,
sizeof (buffer),
"%d/%d", curr,
max);
167 kb_item_push_str (kb,
"internal/status", buffer);
177 sprintf (buf,
"ERRMSG||| |||%s||| |||%s", port ?:
" ", msg ?:
"No error.");
178 kb_item_push_str (kb,
"internal/results", buf);
186 errcode = abs (errcode);
187 msg = g_strdup_printf (
"WARNING: Cannot connect to KB at '%s': %s'",
188 prefs_get (
"db_address"), strerror (errcode));
189 g_warning (
"%s", msg);
198 now = then = time (NULL);
199 while (now - then < n)
201 waitpid (-1, NULL, WNOHANG);
216 if (g_ascii_strcasecmp (nss,
"busy") == 0)
218 else if (g_ascii_strcasecmp (nss,
"done") == 0)
300 while ((value = kb_item_pop_str (
host_kb,
"internal/vhosts")))
303 char buffer[4096], *source;
306 g_snprintf (buffer,
sizeof (buffer),
"internal/source/%s", value);
307 source = kb_item_pop_str (
host_kb, buffer);
309 vhost = gvm_vhost_new (value, source);
326 struct in6_addr *ip, GSList *vhosts, kb_t kb)
328 int optimize = prefs_get_bool (
"optimize_test"),
pid, ret = 0;
329 char *
oid, *
name, *error = NULL, ip_str[INET6_ADDRSTRLEN];
330 gboolean network_scan = FALSE;
333 addr6_to_str (ip, ip_str);
335 nvti = nvticache_get_nvt (
oid);
340 g_message (
"Plugin '%s' missing from nvticache.",
oid);
342 goto finish_launch_plugin;
346 if (nvti_category (nvti) !=
ACT_END)
349 goto finish_launch_plugin;
353 name = nvticache_get_filename (
oid);
354 g_message (
"Stopped scan wrap-up: Launching %s (%s)",
name,
oid);
362 if (prefs_get_bool (
"safe_checks")
365 if (prefs_get_bool (
"log_whole_attack"))
367 name = nvticache_get_filename (
oid);
368 g_message (
"Not launching %s (%s) against %s because safe checks are" 369 " enabled (this is not an error)",
374 goto finish_launch_plugin;
382 snprintf (asc_id,
sizeof (asc_id),
"Launched/%s",
oid);
384 if (kb_item_get_int (kb, asc_id) > 0)
386 if (prefs_get_bool (
"log_whole_attack"))
387 g_message (
"Not launching %s against %s because it has already " 388 "been lanched in the past (this is not an error)",
391 goto finish_launch_plugin;
394 kb_item_set_int (kb, asc_id, 1);
400 error =
"because a mandatory key is missing";
404 if (prefs_get_bool (
"log_whole_attack"))
406 name = nvticache_get_filename (
oid);
408 "Not launching %s (%s) against %s %s (this is not an error)",
name,
412 goto finish_launch_plugin;
416 if (kb_item_get_int (kb,
"Host/dead") > 0)
418 g_message (
"The remote host %s is dead", ip_str);
422 goto finish_launch_plugin;
432 goto finish_launch_plugin;
435 if (prefs_get_bool (
"log_whole_attack"))
437 name = nvticache_get_filename (
oid);
438 g_message (
"Launching %s (%s) against %s [%d]",
name,
oid, ip_str,
pid);
442 finish_launch_plugin:
450 struct kb_item *items, *p_itm;
452 items = kb_item_get_pattern (src, filter ? filter :
"*");
453 for (p_itm = items; p_itm != NULL; p_itm = p_itm->next)
457 newname = strstr (p_itm->name,
"/");
459 newname = p_itm->name;
463 kb_item_add_str (dst, newname, p_itm->v_str, 0);
483 gchar *hostname_pattern;
485 const gchar *kb_path = prefs_get (
"db_address");
492 rc = kb_new (&kb, kb_path);
499 hostname_pattern = g_strdup_printf (
"%s/*", ip_str);
501 g_free (hostname_pattern);
505 assert (network_kb != NULL);
506 assert (*network_kb != NULL);
511 rc = kb_new (&kb, kb_path);
530 int num_plugs, forks_retry = 0;
531 char ip_str[INET6_ADDRSTRLEN];
533 addr6_to_str (ip, ip_str);
537 kb_item_set_str (kb,
"internal/ip", ip_str, 0);
538 kb_item_set_int (kb,
"internal/hostpid", getpid ());
539 proctitle_set (
"openvas: testing %s", ip_str);
540 if (net_kb && *net_kb)
571 static int last_status = 0, cur_plug = 0;
584 buffer,
sizeof (buffer),
585 "LOG||| |||general/Host_Details||| |||<host><detail>" 586 "<name>Host dead</name><value>1</value><source>" 587 "<description/><type/><name/></source></detail></host>");
588 #if (PROGRESS_BAR_STYLE == 1) 594 kb_item_push_str (kb,
"internal/results", buffer);
602 g_debug (
"fork() failed - sleeping %d seconds (%s)",
603 forks_retry, strerror (errno));
609 g_debug (
"fork() failed too many times - aborting");
615 if ((cur_plug * 100) / num_plugs >= last_status
618 last_status = (cur_plug * 100) / num_plugs + 2;
627 else if (plugin == NULL)
654 const gvm_hosts_t *hosts_allow,
const gvm_hosts_t *hosts_deny)
660 if (hosts_deny && gvm_host_in_hosts (
host, addr, hosts_deny))
662 if (hosts_allow && !gvm_host_in_hosts (
host, addr, hosts_allow))
682 string = g_string_new (((gvm_vhost_t *)
list->data)->value);
683 if (g_slist_length (
list) == 1)
684 return g_string_free (
string, FALSE);
688 g_string_append (
string,
", ");
689 g_string_append (
string, ((gvm_vhost_t *)
list->data)->value);
692 return g_string_free (
string, FALSE);
709 gvm_hosts_t *hosts_allow, *hosts_deny;
710 gvm_hosts_t *sys_hosts_allow, *sys_hosts_deny;
713 hosts_allow = gvm_hosts_new (prefs_get (
"hosts_allow"));
714 hosts_deny = gvm_hosts_new (prefs_get (
"hosts_deny"));
720 sys_hosts_allow = gvm_hosts_new (prefs_get (
"sys_hosts_allow"));
721 sys_hosts_deny = gvm_hosts_new (prefs_get (
"sys_hosts_deny"));
725 kb,
"Host access denied (system-wide restriction.)", NULL);
729 gvm_hosts_free (hosts_allow);
730 gvm_hosts_free (hosts_deny);
731 gvm_hosts_free (sys_hosts_allow);
732 gvm_hosts_free (sys_hosts_deny);
743 char ip_str[INET6_ADDRSTRLEN], *hostnames;
744 struct in6_addr hostip;
751 gettimeofday (&then, NULL);
753 kb_item_set_str (kb,
"internal/scan_id", globals->
scan_id, 0);
758 if (prefs_get_bool (
"expand_vhosts"))
759 gvm_host_add_reverse_lookup (args->
host);
760 if ((ret = gvm_vhosts_exclude (args->
host, prefs_get (
"exclude_hosts"))) > 0)
761 g_message (
"exclude_hosts: Skipped %d vhost(s).", ret);
762 gvm_host_get_addr6 (args->
host, &hostip);
763 addr6_to_str (&hostip, ip_str);
766 g_warning (
"Host %s access denied.", ip_str);
769 if (prefs_get_bool (
"test_empty_vhost"))
772 gvm_vhost_new (g_strdup (ip_str), g_strdup (
"IP-address"));
773 args->
host->vhosts = g_slist_prepend (args->
host->vhosts, vhost);
777 g_message (
"Testing %s (Vhosts: %s) [%d]", ip_str, hostnames, getpid ());
779 g_message (
"Testing %s [%d]", ip_str, getpid ());
787 gettimeofday (&now, NULL);
788 if (now.tv_usec < then.tv_usec)
791 now.tv_usec += 1000000;
793 g_message (
"Finished testing %s. Time : %ld.%.2ld secs", ip_str,
794 (
long) (now.tv_sec - then.tv_sec),
795 (
long) ((now.tv_usec - then.tv_usec) / 10000));
802 const char *ordering = prefs_get (
"hosts_ordering"),
803 *exclude_hosts = prefs_get (
"exclude_hosts");
811 if (!strcmp (ordering,
"random"))
813 gvm_hosts_shuffle (
hosts);
814 g_debug (
"hosts_ordering: Random.");
816 else if (!strcmp (ordering,
"reverse"))
818 gvm_hosts_reverse (
hosts);
819 g_debug (
"hosts_ordering: Reverse.");
823 g_debug (
"hosts_ordering: Sequential.");
829 int ret = gvm_hosts_exclude (
hosts, exclude_hosts);
832 g_message (
"exclude_hosts: Skipped %d host(s).", ret);
834 g_message (
"exclude_hosts: Error.");
838 if (prefs_get_bool (
"reverse_lookup_unify"))
839 g_debug (
"reverse_lookup_unify: Skipped %d host(s).",
840 gvm_hosts_reverse_lookup_unify (
hosts));
843 if (prefs_get_bool (
"reverse_lookup_only"))
844 g_debug (
"reverse_lookup_only: Skipped %d host(s).",
845 gvm_hosts_reverse_lookup_only (
hosts));
851 gchar **element, **split;
853 if (str == NULL || comma_list == NULL)
856 split = g_strsplit (comma_list,
",", 0);
860 gchar *stripped = g_strstrip (*element);
862 if (stripped && strcmp (stripped, str) == 0)
884 const char *ifaces_list;
889 ifaces_list = prefs_get (
"ifaces_deny");
892 ifaces_list = prefs_get (
"ifaces_allow");
896 ifaces_list = prefs_get (
"sys_ifaces_deny");
899 ifaces_list = prefs_get (
"sys_ifaces_allow");
916 const char *source_iface = prefs_get (
"source_iface");
919 if (source_iface == NULL)
926 g_strdup_printf (
"Unauthorized source interface: %s", source_iface);
927 g_warning (
"source_iface: Unauthorized source interface %s.",
935 gchar *msg = g_strdup_printf (
"Unauthorized source interface: %s" 936 " (system-wide restriction.)",
938 g_warning (
"source_iface: Unauthorized source interface %s." 939 " (sys_* preference restriction.)",
946 if (gvm_source_iface_init (source_iface))
949 g_strdup_printf (
"Erroneous source interface: %s", source_iface);
950 g_debug (
"source_iface: Error with %s interface.", source_iface);
957 char *ipstr, *ip6str;
958 ipstr = gvm_source_addr_str ();
959 ip6str = gvm_source_addr6_str ();
960 g_debug (
"source_iface: Using %s (%s / %s).", source_iface, ipstr,
975 rc = kb_new (&kb, prefs_get (
"db_address"));
987 int i = atoi (prefs_get (
"ov_maindbid"));
992 main_kb = kb_direct_conn (prefs_get (
"db_address"), i);
993 pid = kb_item_get_str (main_kb, (
"internal/ovas_pid"));
994 kb_lnk_reset (main_kb);
996 if (atoi (
pid) == getpid ())
1010 int max_hosts = 0, max_checks;
1011 const char *hostlist;
1014 int fork_retries = 0;
1019 gboolean network_phase = FALSE;
1020 gboolean do_network_scan = FALSE;
1024 gettimeofday (&then, NULL);
1026 if (prefs_get_bool (
"network_scan"))
1027 do_network_scan = TRUE;
1029 do_network_scan = FALSE;
1035 if (do_network_scan)
1043 network_phase = FALSE;
1047 network_phase = TRUE;
1052 network_phase = TRUE;
1063 hostlist = prefs_get (
"TARGET");
1064 if (hostlist == NULL)
1070 port_range = prefs_get (
"port_range");
1071 if (validate_port_range (port_range))
1077 int plugins_init_error = 0;
1079 prefs_get_bool (
"auto_enable_dependencies"),
1080 network_phase, &plugins_init_error);
1083 g_message (
"Couldn't initialize the plugin scheduler");
1087 if (plugins_init_error > 0)
1090 int i = atoi (prefs_get (
"ov_maindbid"));
1091 kb_t main_kb = NULL;
1094 "%d errors were found during the plugin scheduling. " 1095 "Some plugins have not been launched.",
1096 plugins_init_error);
1098 main_kb = kb_direct_conn (prefs_get (
"db_address"), i);
1100 kb_lnk_reset (main_kb);
1111 "WARNING: In network phase, but without targets! Stopping.");
1118 g_message (
"Start a new scan. Target(s) : %s, " 1119 "in network phase with target %s",
1122 rc = kb_new (network_kb, prefs_get (
"db_address"));
1129 kb_lnk_reset (*network_kb);
1133 g_message (
"Starts a new scan. Target(s) : %s, with max_hosts = %d and " 1135 hostlist, max_hosts, max_checks);
1137 hosts = gvm_hosts_new (hostlist);
1138 unresolved = gvm_hosts_resolve (
hosts);
1141 g_warning (
"Couldn't resolve hostname '%s'", (
char *) unresolved->data);
1142 unresolved = unresolved->next;
1144 g_slist_free_full (unresolved, g_free);
1151 gvm_hosts_free (
hosts);
1170 rc = kb_new (&
host_kb, prefs_get (
"db_address"));
1171 if (rc < 0 && rc != -2)
1185 host_str = gvm_host_value_str (
host);
1200 args.
net_kb = network_kb;
1212 g_debug (
"fork() failed - %s. %s won't be tested",
1213 strerror (errno), host_str);
1218 g_debug (
"fork() failed - " 1219 "sleeping %d seconds and trying again...",
1242 g_message (
"Test complete");
1248 g_hash_table_destroy (files);
1252 gvm_hosts_free (
hosts);
1258 gettimeofday (&now, NULL);
1259 g_message (
"Total time to scan all hosts : %ld seconds",
1260 now.tv_sec - then.tv_sec);
int process_alive(pid_t pid)
static int host_authorized(const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
static void apply_hosts_preferences(gvm_hosts_t *hosts)
void(*)(int) openvas_signal(int signum, void(*handler)(int))
void hosts_stop_all(void)
static void attack_start(struct attack_start_args *args)
Set up some data and jump into attack_host()
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int only_network, int *error)
static int scan_is_stopped()
struct scheduler_plugin * plugins_scheduler_next(plugins_scheduler_t h)
int hosts_new(char *name, kb_t kb)
static void check_new_vhosts()
Check if a plugin process pushed a new vhost value.
static enum net_scan_status network_scan_status(struct scan_globals *globals)
GHashTable * files_translation
static int check_host_authorization(gvm_host_t *host, const struct in6_addr *addr, kb_t kb)
headerfile for sighand.c.
static void handle_scan_stop_signal()
int mandatory_requirements_met(kb_t kb, nvti_t *nvti)
Check whether mandatory requirements for plugin are met.
static struct host * hosts
char * network_scan_status
static int check_new_vhosts_flag
void plugins_scheduler_stop(plugins_scheduler_t sched)
static int check_kb_access()
static kb_t init_host_kb(struct scan_globals *globals, char *ip_str, kb_t *network_kb)
Inits or loads the knowledge base for a single host.
void plugins_scheduler_free(plugins_scheduler_t sched)
static void error_message_to_client2(kb_t kb, const char *msg, const char *port)
static int apply_source_iface_preference()
static int iface_authorized(const char *iface)
int plugins_scheduler_count_active(plugins_scheduler_t sched)
static GSList * host_vhosts
static int set_kb_readable(int host_kb_index)
Add the Host KB index to the list of readable KBs used by ospd-openvas.
static int get_check_new_vhosts_flag()
Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily.
void pluginlaunch_wait_for_free_process(kb_t kb)
Waits and 'pushes' processes until the number of running processes has changed.
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Host information, implemented as doubly linked list.
struct scan_globals * globals
void pluginlaunch_wait(kb_t kb)
Waits and 'pushes' processes until num_running_processes is 0.
plugins_scheduler_t sched
int get_max_hosts_number(void)
static int nvti_category_is_safe(int category)
Checks that an NVT category is safe.
static int str_in_comma_list(const char *str, const char *comma_list)
void(* process_func_t)(void *)
struct timeval timeval(unsigned long val)
static void fork_sleep(int n)
int hosts_init(int max_hosts)
enum plugin_status running_state
static void attack_host(struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb)
Attack one host.
int hosts_set_pid(char *name, pid_t pid)
static void set_check_new_vhosts_flag()
Set global check_new_vhosts_flag to indicate that new vhosts must be fetched.
static int kb_duplicate(kb_t dst, kb_t src, const gchar *filter)
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
static int comm_send_status(kb_t kb, char *hostname, int curr, int max)
Sends the status of a host's scan.
static void report_kb_failure(int errcode)
char * requirements_plugin(kb_t kb, nvti_t *nvti)
Determine if the plugin requirements are met.
tree_cell * network_targets(lex_ctxt *lexic)
header for pluginscheduler.c
static void unset_check_new_vhosts_flag()
Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched.
pid_t create_process(process_func_t function, void *argument)
Create a new process (fork).
static char * vhosts_to_str(GSList *list)
static int launch_plugin(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb)
Launches a nvt. Respects safe check preference (i.e. does not try.
int get_max_checks_number(void)
void pluginlaunch_init(const char *host)
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly...
int plugin_launch(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb, nvti_t *nvti)