OpenVAS Scanner  7.0.1~git
network.c File Reference

Network Functions. More...

#include "../nasl/nasl_debug.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gvm/base/logging.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/util/kb.h>
#include <gvm/util/serverutils.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include "network.h"
#include "plugutils.h"
#include "support.h"
Include dependency graph for network.c:

Go to the source code of this file.

Data Structures

struct  openvas_connection
 
struct  csc_hook_s
 Object to store a list of hooks for close_stream_connection. More...
 

Macros

#define TIMEOUT   20
 
#define INADDR_NONE   0xffffffff
 
#define G_LOG_DOMAIN   "lib misc"
 GLib logging domain. More...
 
#define OPENVAS_FD_MAX   1024
 
#define OPENVAS_FD_OFF   1000000
 
#define OPENVAS_STREAM(x)   (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))
 
#define OVAS_CONNECTION_FROM_FD(fd)   (connections + ((fd) -OPENVAS_FD_OFF))
 
#define INCR_TIMEOUT   1
 

Functions

static int pid_perror (const char *error)
 
int stream_get_err (int fd)
 
static int get_connection_fd (void)
 Returns a free file descriptor. More...
 
static int release_connection_fd (int fd, int already_closed)
 
int openvas_register_connection (int soc, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
 
int openvas_deregister_connection (int fd)
 
static int unblock_socket (int soc)
 
static int block_socket (int soc)
 
void tlserror (char *txt, int err)
 
static void log_message_gnutls (int level, const char *msg)
 
int openvas_SSL_init ()
 Initializes SSL support. More...
 
int openvas_get_socket_from_connection (int fd)
 
gnutls_session_t ovas_get_tlssession_from_connection (int fd)
 
static int set_gnutls_protocol (gnutls_session_t session, openvas_encaps_t encaps, const char *priority)
 
static int load_cert_and_key (gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
 Loads a certificate and the corresponding private key from PEM files. More...
 
static int is_ip_address (const char *str)
 
static int open_SSL_connection (openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname)
 
int socket_negotiate_ssl (int fd, openvas_encaps_t transport, struct script_infos *args)
 
void socket_get_cert (int fd, void **cert, int *certlen)
 
int socket_get_ssl_version (int fd)
 
void socket_get_ssl_session_id (int fd, void **sid, size_t *ssize)
 
int socket_get_ssl_ciphersuite (int fd)
 
int open_stream_connection_ext (struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority)
 
int open_stream_connection (struct script_infos *args, unsigned int port, int transport, int timeout)
 
int open_stream_auto_encaps_ext (struct script_infos *args, unsigned int port, int timeout, int force)
 
int stream_set_timeout (int fd, int timeout)
 
static int read_stream_connection_unbuffered (int fd, void *buf0, int min_len, int max_len)
 
int read_stream_connection_min (int fd, void *buf0, int min_len, int max_len)
 
int read_stream_connection (int fd, void *buf0, int len)
 
static int write_stream_connection4 (int fd, void *buf0, int n, int i_opt)
 
int write_stream_connection (int fd, void *buf0, int n)
 
int nsend (int fd, void *data, int length, int i_opt)
 
int nrecv (int fd, void *data, int length, int i_opt)
 
void add_close_stream_connection_hook (int(*fnc)(int fd))
 Register a hook function for close_stream_connection. More...
 
static int run_csc_hooks (int fd)
 Run the hooks for close_stream_connection. More...
 
int close_stream_connection (int fd)
 
const char * get_encaps_name (openvas_encaps_t code)
 
const char * get_encaps_through (openvas_encaps_t code)
 
static int open_socket (struct sockaddr *paddr, int type, int protocol, int timeout, int len)
 
int open_sock_opt_hn (const char *hostname, unsigned int port, int type, int protocol, int timeout)
 
int open_sock_tcp (struct script_infos *args, unsigned int port, int timeout)
 
int open_sock_option (struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
 
int recv_line (int soc, char *buf, size_t bufsiz)
 Reads a text from the socket stream into the argument buffer, always. More...
 
int socket_close (int soc)
 
int fd_is_stream (int fd)
 
int stream_get_buffer_sz (int fd)
 
int stream_set_buffer (int fd, int sz)
 
int os_send (int soc, void *buf, int len, int opt)
 
int os_recv (int soc, void *buf, int len, int opt)
 
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
 
static int qsort_compar (const void *a, const void *b)
 
unsigned short * getpts (char *origexpr, int *len)
 Converts a string like "-100,200-1024,3000-4000,60000-" into an array. More...
 

Variables

static openvas_connection connections [OPENVAS_FD_MAX]
 
static struct csc_hook_scsc_hooks
 Linked list of hooks to be run by close_stream_connection. More...
 
static int __port_closed
 

Detailed Description

Network Functions.

Definition in file network.c.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib misc"

GLib logging domain.

Definition at line 68 of file network.c.

◆ INADDR_NONE

#define INADDR_NONE   0xffffffff

Definition at line 61 of file network.c.

◆ INCR_TIMEOUT

#define INCR_TIMEOUT   1

◆ OPENVAS_FD_MAX

#define OPENVAS_FD_MAX   1024

The role of this offset is:

  1. To detect bugs when the program tries to write to a bad fd
  2. See if a fd is a real socket or a "openvas descriptor". This is a quick & dirty hack and should be changed!!!

Definition at line 104 of file network.c.

Referenced by get_connection_fd().

◆ OPENVAS_FD_OFF

◆ OPENVAS_STREAM

◆ OVAS_CONNECTION_FROM_FD

◆ TIMEOUT

Function Documentation

◆ add_close_stream_connection_hook()

void add_close_stream_connection_hook ( int(*)(int fd)  fnc)

Register a hook function for close_stream_connection.

The function adds the given hook function to the list of hooks to be run by close_stream_connection. These hooks are intended to test whether they need to close the stream them self. See argument to the hook function is the file descriptor of the stream. The hook shall return 0 if it has taken over control of that file descriptor. The same function is only aded once to the list of hooks.

Parameters
fncThe hook function. See above for details.

Definition at line 1479 of file network.c.

References csc_hooks, csc_hook_s::fnc, and csc_hook_s::next.

Referenced by next_session_id().

1480 {
1481  struct csc_hook_s *hook;
1482 
1483  for (hook = csc_hooks; hook; hook = hook->next)
1484  if (hook->fnc == fnc)
1485  return; /* Already added. */
1486 
1487  hook = g_malloc0 (sizeof *hook);
1488  hook->fnc = fnc;
1489  hook->next = csc_hooks;
1490  csc_hooks = hook;
1491 }
Object to store a list of hooks for close_stream_connection.
Definition: network.c:112
int(* fnc)(int fd)
Definition: network.c:115
static struct csc_hook_s * csc_hooks
Linked list of hooks to be run by close_stream_connection.
Definition: network.c:121
struct csc_hook_s * next
Definition: network.c:114
Here is the caller graph for this function:

◆ block_socket()

static int block_socket ( int  soc)
static

Definition at line 313 of file network.c.

References pid_perror().

Referenced by nrecv(), nsend(), and open_socket().

314 {
315  int flags = fcntl (soc, F_GETFL, 0);
316  if (flags < 0)
317  {
318  pid_perror ("fcntl(F_GETFL)");
319  return -1;
320  }
321  if (fcntl (soc, F_SETFL, (~O_NONBLOCK) & flags) < 0)
322  {
323  pid_perror ("fcntl(F_SETFL,~O_NONBLOCK)");
324  return -1;
325  }
326  return 0;
327 }
static int pid_perror(const char *error)
Definition: network.c:138
Here is the call graph for this function:
Here is the caller graph for this function:

◆ close_stream_connection()

int close_stream_connection ( int  fd)

Definition at line 1518 of file network.c.

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::port, release_connection_fd(), run_csc_hooks(), and socket_close().

Referenced by nasl_close_socket(), nasl_end_denial(), nasl_start_denial(), and plugin_do_run().

1519 {
1520  openvas_connection *fp;
1521  if (!OPENVAS_STREAM (fd))
1522  {
1523  errno = EINVAL;
1524  return -1;
1525  }
1526  fp = OVAS_CONNECTION_FROM_FD (fd);
1527  g_debug ("close_stream_connection TCP:%d (fd=%d)", fp->port, fd);
1528 
1529  if (!OPENVAS_STREAM (fd)) /* Will never happen if debug is on! */
1530  {
1531  if (fd < 0 || fd > 1024)
1532  {
1533  errno = EINVAL;
1534  return -1;
1535  }
1536  shutdown (fd, 2);
1537  return socket_close (fd);
1538  }
1539  if (!run_csc_hooks (fd))
1540  return release_connection_fd (fd, 1);
1541  else
1542  return release_connection_fd (fd, 0);
1543 }
static int release_connection_fd(int fd, int already_closed)
Definition: network.c:183
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
static int run_csc_hooks(int fd)
Run the hooks for close_stream_connection.
Definition: network.c:1507
#define OPENVAS_STREAM(x)
Definition: network.c:126
int socket_close(int soc)
Definition: network.c:1949
Here is the call graph for this function:
Here is the caller graph for this function:

◆ fd_is_stream()

int fd_is_stream ( int  fd)

Definition at line 1959 of file network.c.

References OPENVAS_STREAM.

Referenced by nasl_close_socket(), nasl_get_source_port(), nasl_recv(), nasl_recv_line(), nasl_send(), nasl_socket_get_error(), socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), socket_get_ssl_version(), and socket_negotiate_ssl().

1960 {
1961  return OPENVAS_STREAM (fd); /* Should probably be smarter... */
1962 }
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ get_connection_fd()

static int get_connection_fd ( void  )
static

Returns a free file descriptor.

Definition at line 163 of file network.c.

References connections, OPENVAS_FD_MAX, OPENVAS_FD_OFF, openvas_connection::pid, and pid.

Referenced by open_stream_connection_ext(), and openvas_register_connection().

164 {
165  int i;
166 
167  for (i = 0; i < OPENVAS_FD_MAX; i++)
168  {
169  if (connections[i].pid == 0) /* Not used */
170  {
171  bzero (&(connections[i]), sizeof (connections[i]));
172  connections[i].pid = getpid ();
173  return i + OPENVAS_FD_OFF;
174  }
175  }
176  g_message ("[%d] %s:%d : Out of OpenVAS file descriptors", getpid (),
177  __FILE__, __LINE__);
178  errno = EMFILE;
179  return -1;
180 }
#define OPENVAS_FD_OFF
Definition: network.c:105
static pid_t pid
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:107
#define OPENVAS_FD_MAX
Definition: network.c:104
Here is the caller graph for this function:

◆ get_encaps_name()

const char* get_encaps_name ( openvas_encaps_t  code)

Definition at line 1546 of file network.c.

References code, OPENVAS_ENCAPS_AUTO, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, and OPENVAS_ENCAPS_TLSv12.

Referenced by get_port_transport(), nasl_get_sock_info(), and plugin_do_run().

1547 {
1548  static char str[100];
1549  switch (code)
1550  {
1551  case OPENVAS_ENCAPS_AUTO:
1552  return "auto";
1553  case OPENVAS_ENCAPS_IP:
1554  return "IP";
1555  case OPENVAS_ENCAPS_SSLv2:
1556  return "SSLv2";
1557  case OPENVAS_ENCAPS_SSLv23:
1558  return "SSLv23";
1559  case OPENVAS_ENCAPS_SSLv3:
1560  return "SSLv3";
1561  case OPENVAS_ENCAPS_TLSv1:
1562  return "TLSv1";
1563  case OPENVAS_ENCAPS_TLSv11:
1564  return "TLSv11";
1565  case OPENVAS_ENCAPS_TLSv12:
1566  return "TLSv12";
1568  return "TLScustom";
1569  default:
1570  snprintf (str, sizeof (str), "[unknown transport layer - code %d (0x%x)]",
1571  code, code);
1572  return str;
1573  }
1574 }
#define code
Here is the caller graph for this function:

◆ get_encaps_through()

const char* get_encaps_through ( openvas_encaps_t  code)

Definition at line 1577 of file network.c.

References code, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, and OPENVAS_ENCAPS_TLSv12.

Referenced by mark_acap_server(), mark_adsgone(), mark_avotus_mm_server(), mark_BitTorrent_server(), mark_citrix_server(), mark_dameware_server(), mark_dictd_server(), mark_direct_connect_hub(), mark_eggdrop_server(), mark_ens_server(), mark_exchg_routing_server(), mark_finger_server(), mark_fssniffer(), mark_ftp_server(), mark_fw1(), mark_giop_server(), mark_gnocatan_server(), mark_gnome14_server(), mark_http_proxy(), mark_http_server(), mark_imap_server(), mark_interscan_viruswall(), mark_ircxpro_admin_server(), mark_jabber_server(), mark_LISa_server(), mark_listserv_server(), mark_locked_adsubtract_server(), mark_lpd_server(), mark_lyskom_server(), mark_mon_server(), mark_nagiosd_server(), mark_nntp_server(), mark_ofa_express_server(), mark_pblocald_server(), mark_pbmaster_server(), mark_ph_server(), mark_pnsclient(), mark_pop3pw_server(), mark_ppp_daemon(), mark_psybnc(), mark_quicktime_streaming_server(), mark_remote_nc_server(), mark_rmserver(), mark_shoutcast_server(), mark_smppd_server(), mark_smtp_server(), mark_smux_server(), mark_snpp_server(), mark_spamd_server(), mark_stonegate_auth_server(), mark_sub7_server(), mark_tcpmux_server(), mark_teamspeak2_server(), mark_telnet_server(), mark_time_server(), mark_unknown_svc(), mark_upsmon_server(), mark_uucp_server(), mark_veritas_backup(), mark_vmware_auth(), mark_vtun_server(), mark_websm_server(), mark_whois_plus2_server(), and mark_zebra_server().

1578 {
1579  static char str[100];
1580  switch (code)
1581  {
1582  case OPENVAS_ENCAPS_IP:
1583  return "";
1584  case OPENVAS_ENCAPS_SSLv2:
1585  case OPENVAS_ENCAPS_SSLv23:
1586  case OPENVAS_ENCAPS_SSLv3:
1587  case OPENVAS_ENCAPS_TLSv1:
1588  case OPENVAS_ENCAPS_TLSv11:
1589  case OPENVAS_ENCAPS_TLSv12:
1591  return " through SSL";
1592  default:
1593  snprintf (str, sizeof (str),
1594  " through unknown transport layer - code %d (0x%x)", code,
1595  code);
1596  return str;
1597  }
1598 }
#define code

◆ get_sock_infos()

int get_sock_infos ( int  sock,
int *  r_transport,
void **  r_tls_session 
)

Definition at line 2063 of file network.c.

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_get_sock_info(), and nasl_socket_cert_verify().

2064 {
2065  openvas_connection *fp;
2066 
2067  if (!OPENVAS_STREAM (sock))
2068  return ENOTSOCK;
2069  fp = &(connections[sock - OPENVAS_FD_OFF]);
2070 
2071  *r_transport = fp->transport;
2072  *r_tls_session = fp->tls_session;
2073  return 0;
2074 }
#define OPENVAS_FD_OFF
Definition: network.c:105
gnutls_session_t tls_session
Definition: network.c:88
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:107
openvas_encaps_t transport
Definition: network.c:82
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ getpts()

unsigned short* getpts ( char *  origexpr,
int *  len 
)

Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

of port numbers

This function is (c) Fyodor fyodo.nosp@m.r@dh.nosp@m.p.com and was taken from his excellent and outstanding scanner Nmap See http://www.insecure.org/nmap/ for details about Nmap

Definition at line 2103 of file network.c.

References qsort_compar().

Referenced by nasl_scanner_get_port(), and scan().

2104 {
2105  int exlen;
2106  char *p, *q;
2107  unsigned short *tmp, *ports;
2108  int i = 0, j = 0, start, end;
2109  char *expr;
2110  char *mem;
2111  char *s_start, *s_end;
2112  static unsigned short *last_ret = NULL;
2113  static char *last_expr = NULL;
2114  static int last_num;
2115 
2116  expr = g_strdup (origexpr);
2117  exlen = strlen (origexpr);
2118  mem = expr;
2119 
2120  if (last_expr != NULL)
2121  {
2122  if (strcmp (last_expr, expr) == 0)
2123  {
2124  if (len != NULL)
2125  *len = last_num;
2126  g_free (mem);
2127  return last_ret;
2128  }
2129  else
2130  {
2131  g_free (last_expr);
2132  last_expr = NULL;
2133  g_free (&last_ret);
2134  last_ret = NULL;
2135  }
2136  }
2137 
2138  ports = g_malloc0 (65536 * sizeof (short));
2139  for (; j < exlen; j++)
2140  if (expr[j] != ' ')
2141  expr[i++] = expr[j];
2142  expr[i] = '\0';
2143 
2144  if ((s_start = strstr (expr, "T:")) != NULL)
2145  expr = &(s_start[2]);
2146 
2147  if ((s_end = strstr (expr, "U:")) != NULL)
2148  {
2149  if (s_end[-1] == ',')
2150  s_end--;
2151  s_end[0] = '\0';
2152  }
2153 
2154  i = 0;
2155  while ((p = strchr (expr, ',')))
2156  {
2157  *p = '\0';
2158  if (*expr == '-')
2159  {
2160  start = 1;
2161  end = atoi (expr + 1);
2162  }
2163  else
2164  {
2165  start = end = atoi (expr);
2166  if ((q = strchr (expr, '-')) && *(q + 1))
2167  end = atoi (q + 1);
2168  else if (q && !*(q + 1))
2169  end = 65535;
2170  }
2171  if (start < 1)
2172  start = 1;
2173  if (start > end)
2174  {
2175  g_free (mem);
2176  g_free (ports);
2177  return NULL;
2178  }
2179  for (j = start; j <= end; j++)
2180  ports[i++] = j;
2181  expr = p + 1;
2182  }
2183  if (*expr == '-')
2184  {
2185  start = 1;
2186  end = atoi (expr + 1);
2187  }
2188  else
2189  {
2190  start = end = atoi (expr);
2191  if ((q = strchr (expr, '-')) && *(q + 1))
2192  end = atoi (q + 1);
2193  else if (q && !*(q + 1))
2194  end = 65535;
2195  }
2196  if (start < 1)
2197  start = 1;
2198  if (start > end)
2199  {
2200  g_free (mem);
2201  g_free (ports);
2202  return NULL;
2203  }
2204  for (j = start; j <= end; j++)
2205  ports[i++] = j;
2206  ports[i++] = 0;
2207 
2208  qsort (ports, i, sizeof (u_short), qsort_compar);
2209  tmp = g_realloc (ports, i * sizeof (short));
2210  if (len != NULL)
2211  *len = i - 1;
2212  g_free (mem);
2213 
2214  last_ret = tmp;
2215  last_expr = g_strdup (origexpr);
2216  last_num = i - 1;
2217  return tmp;
2218 }
static int qsort_compar(const void *a, const void *b)
Definition: network.c:2081
Here is the call graph for this function:
Here is the caller graph for this function:

◆ is_ip_address()

static int is_ip_address ( const char *  str)
static

Definition at line 549 of file network.c.

Referenced by open_SSL_connection().

550 {
551  struct sockaddr_in sa;
552  struct sockaddr_in6 sa6;
553 
554  if (inet_pton (AF_INET, str, &(sa.sin_addr)) == 1)
555  return 1;
556 
557  return inet_pton (AF_INET6, str, &(sa6.sin6_addr)) == 1;
558 }
Here is the caller graph for this function:

◆ load_cert_and_key()

static int load_cert_and_key ( gnutls_certificate_credentials_t  xcred,
const char *  cert,
const char *  key,
const char *  passwd 
)
static

Loads a certificate and the corresponding private key from PEM files.

The private key may be encrypted, in which case the password to decrypt the key should be given as the passwd parameter.

Returns
Returns 0 on success and -1 on failure.

Definition at line 457 of file network.c.

References tlserror().

Referenced by open_SSL_connection().

459 {
460  gnutls_x509_crt_t x509_crt = NULL;
461  gnutls_x509_privkey_t x509_key = NULL;
462  gnutls_datum_t data;
463  int ret;
464  int result = 0;
465 
466  if (load_gnutls_file (cert, &data))
467  {
468  g_message ("[%d] load_cert_and_key: Error loading cert file %s",
469  getpid (), cert);
470  result = -1;
471  goto cleanup;
472  }
473  ret = gnutls_x509_crt_init (&x509_crt);
474  if (ret < 0)
475  {
476  tlserror ("gnutls_x509_crt_init", ret);
477  /* x509_crt may be != NULL even if gnutls_x509_crt_init fails */
478  x509_crt = NULL;
479  result = -1;
480  goto cleanup;
481  }
482  ret = gnutls_x509_crt_import (x509_crt, &data, GNUTLS_X509_FMT_PEM);
483  if (ret < 0)
484  {
485  tlserror ("gnutls_x509_crt_import", ret);
486  result = -1;
487  goto cleanup;
488  }
489  unload_gnutls_file (&data);
490 
491  if (load_gnutls_file (key, &data))
492  {
493  g_message ("[%d] load_cert_and_key: Error loading key file %s", getpid (),
494  key);
495  result = -1;
496  goto cleanup;
497  }
498  ret = gnutls_x509_privkey_init (&x509_key);
499  if (ret < 0)
500  {
501  tlserror ("gnutls_x509_privkey_init", ret);
502  /* x509_key may be != NULL even if gnutls_x509_privkey_init fails */
503  x509_key = NULL;
504  result = -1;
505  goto cleanup;
506  }
507  if (passwd)
508  {
509  ret = gnutls_x509_privkey_import_pkcs8 (x509_key, &data,
510  GNUTLS_X509_FMT_PEM, passwd, 0);
511  if (ret < 0)
512  {
513  tlserror ("gnutls_x509_privkey_import_pkcs8", ret);
514  result = -1;
515  goto cleanup;
516  }
517  }
518  else
519  {
520  ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
521  if (ret < 0)
522  {
523  tlserror ("gnutls_x509_privkey_import", ret);
524  result = -1;
525  goto cleanup;
526  }
527  }
528  unload_gnutls_file (&data);
529 
530  ret = gnutls_certificate_set_x509_key (xcred, &x509_crt, 1, x509_key);
531  if (ret < 0)
532  {
533  tlserror ("gnutls_certificate_set_x509_key", ret);
534  result = -1;
535  goto cleanup;
536  }
537 
538 cleanup:
539 
540  if (x509_crt)
541  gnutls_x509_crt_deinit (x509_crt);
542  if (x509_key)
543  gnutls_x509_privkey_deinit (x509_key);
544 
545  return result;
546 }
void tlserror(char *txt, int err)
Definition: network.c:336
Here is the call graph for this function:
Here is the caller graph for this function:

◆ log_message_gnutls()

static void log_message_gnutls ( int  level,
const char *  msg 
)
static

Definition at line 342 of file network.c.

Referenced by openvas_SSL_init().

343 {
344  g_debug ("LEVEL %d: %s", level, msg);
345 }
Here is the caller graph for this function:

◆ nrecv()

int nrecv ( int  fd,
void *  data,
int  length,
int  i_opt 
)

Definition at line 1441 of file network.c.

References block_socket(), connections, OPENVAS_FD_OFF, OPENVAS_STREAM, and read_stream_connection().

1442 {
1443  int e;
1444  if (OPENVAS_STREAM (fd))
1445  {
1446  if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1447  g_message ("OpenVAS file descriptor %d closed ?!", fd);
1448  else
1449  return read_stream_connection (fd, data, length);
1450  }
1451  /* Trying OS's recv()
1452  *
1453  * Do *NOT* use os_recv() here, as it will be blocking until the exact
1454  * amount of requested data arrives
1455  */
1456  block_socket (fd);
1457  do
1458  {
1459  e = recv (fd, data, length, i_opt);
1460  }
1461  while (e < 0 && errno == EINTR);
1462  return e;
1463 }
#define OPENVAS_FD_OFF
Definition: network.c:105
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:107
int read_stream_connection(int fd, void *buf0, int len)
Definition: network.c:1272
#define OPENVAS_STREAM(x)
Definition: network.c:126
static int block_socket(int soc)
Definition: network.c:313
Here is the call graph for this function:

◆ nsend()

int nsend ( int  fd,
void *  data,
int  length,
int  i_opt 
)

Definition at line 1402 of file network.c.

References block_socket(), connections, OPENVAS_FD_OFF, OPENVAS_STREAM, os_send(), timeval(), and write_stream_connection4().

Referenced by nasl_end_denial(), and nasl_send().

1403 {
1404  int n = 0;
1405 
1406  if (OPENVAS_STREAM (fd))
1407  {
1408  if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1409  g_message ("OpenVAS file descriptor %d closed ?!", fd);
1410  else
1411  return write_stream_connection4 (fd, data, length, i_opt);
1412  }
1413  /* Trying OS's send() */
1414  block_socket (fd); /* ??? */
1415  do
1416  {
1417  struct timeval tv = {0, 5};
1418  fd_set wr;
1419  int e;
1420 
1421  FD_ZERO (&wr);
1422  FD_SET (fd, &wr);
1423 
1424  errno = 0;
1425  e = select (fd + 1, NULL, &wr, NULL, &tv);
1426  if (e > 0)
1427  n = os_send (fd, data, length, i_opt);
1428  else if (e < 0 && errno == EINTR)
1429  continue;
1430  else
1431  break;
1432  }
1433  while (n <= 0 && errno == EINTR);
1434  if (n < 0)
1435  g_message ("[%d] nsend():send %s", getpid (), strerror (errno));
1436 
1437  return n;
1438 }
#define OPENVAS_FD_OFF
Definition: network.c:105
int os_send(int soc, void *buf, int len, int opt)
Definition: network.c:2023
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:107
#define OPENVAS_STREAM(x)
Definition: network.c:126
static int block_socket(int soc)
Definition: network.c:313
struct timeval timeval(unsigned long val)
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition: network.c:1278
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_opt_hn()

int open_sock_opt_hn ( const char *  hostname,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)

Definition at line 1700 of file network.c.

References hostname, and open_socket().

Referenced by nasl_open_sock_kdc().

1702 {
1703  struct sockaddr_in addr;
1704  struct sockaddr_in6 addr6;
1705  struct in6_addr in6addr;
1706 
1707  gvm_resolve_as_addr6 (hostname, &in6addr);
1708  if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1709  {
1710  bzero ((void *) &addr, sizeof (addr));
1711  addr.sin_family = AF_INET;
1712  addr.sin_port = htons ((unsigned short) port);
1713  addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1714  return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1715  sizeof (struct sockaddr_in));
1716  }
1717  else
1718  {
1719  bzero ((void *) &addr6, sizeof (addr6));
1720  addr6.sin6_family = AF_INET6;
1721  addr6.sin6_port = htons ((unsigned short) port);
1722  memcpy (&addr6.sin6_addr, &in6addr, sizeof (struct in6_addr));
1723  return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1724  sizeof (struct sockaddr_in6));
1725  }
1726 }
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition: network.c:1601
const char * hostname
Definition: pluginlaunch.c:76
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_option()

int open_sock_option ( struct script_infos args,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)

Definition at line 1802 of file network.c.

References open_socket(), and plug_get_host_ip().

Referenced by open_sock_tcp().

1804 {
1805  struct sockaddr_in addr;
1806  struct sockaddr_in6 addr6;
1807  struct in6_addr *t;
1808 
1809  t = plug_get_host_ip (args);
1810  if (!t)
1811  {
1812  g_message ("ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
1813  return -1;
1814  }
1815  if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
1816  return -1;
1817  if (IN6_IS_ADDR_V4MAPPED (t))
1818  {
1819  bzero ((void *) &addr, sizeof (addr));
1820  addr.sin_family = AF_INET;
1821  addr.sin_port = htons ((unsigned short) port);
1822  addr.sin_addr.s_addr = t->s6_addr32[3];
1823  return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1824  sizeof (struct sockaddr_in));
1825  }
1826  else
1827  {
1828  bzero ((void *) &addr6, sizeof (addr6));
1829  addr6.sin6_family = AF_INET6;
1830  addr6.sin6_port = htons ((unsigned short) port);
1831  memcpy (&addr6.sin6_addr, t, sizeof (struct in6_addr));
1832  return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1833  sizeof (struct sockaddr_in6));
1834  }
1835 }
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition: network.c:1601
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:285
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_tcp()

int open_sock_tcp ( struct script_infos args,
unsigned int  port,
int  timeout 
)

Definition at line 1729 of file network.c.

References host_get_port_state(), script_infos::ip, script_infos::key, open_sock_option(), plug_current_vhost(), plug_get_host_ip_str(), and plug_get_kb().

Referenced by open_stream_connection_ext().

1730 {
1731  int ret, retry = 0;
1732  const char *timeout_retry;
1733 
1734  timeout_retry = prefs_get ("timeout_retry");
1735  if (timeout_retry)
1736  retry = atoi (timeout_retry);
1737  if (retry < 0)
1738  retry = 0;
1739 
1740  while (retry >= 0)
1741  {
1742  errno = 0;
1743  ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
1744  if (ret >= 0 || errno != ETIMEDOUT)
1745  break;
1746  retry--;
1747  }
1748  if (ret < 0 && errno == ETIMEDOUT)
1749  {
1750  int log_count, attempts = 0;
1751  char *ip_str = plug_get_host_ip_str (args), buffer[1024];
1752  kb_t kb = plug_get_kb (args);
1753  const char *max_attempts;
1754 
1755  max_attempts = prefs_get ("open_sock_max_attempts");
1756  if (max_attempts)
1757  attempts = atoi (max_attempts);
1758  if (attempts < 0)
1759  attempts = 0;
1760 
1761  g_snprintf (buffer, sizeof (buffer), "ConnectTimeout/%s/%d", ip_str,
1762  port);
1763  log_count = kb_item_get_int (kb, buffer);
1764  if (log_count == -1)
1765  log_count = 0;
1766  if (log_count < 3)
1767  {
1768  g_message ("open_sock_tcp: %s:%d time-out.", ip_str, port);
1769  log_count++;
1770  kb_item_set_int (kb, buffer, log_count);
1771  }
1772  if ((log_count >= attempts) && (attempts != 0))
1773  {
1774  /* After some unsuccessfully attempts, the port is set to closed to
1775  * avoid new attempts from other plugins.
1776  */
1777  if (host_get_port_state (args, port) > 0)
1778  {
1779  char ip_str[INET6_ADDRSTRLEN];
1780 
1781  g_snprintf (buffer, sizeof (buffer), "Ports/tcp/%d", port);
1782  g_message ("open_sock_tcp: %s:%d too many timeouts. "
1783  "This port will be set to closed.",
1784  ip_str, port);
1785  kb_item_set_int (kb, buffer, 0);
1786 
1787  addr6_to_str (args->ip, ip_str);
1788  snprintf (buffer, sizeof (buffer),
1789  "ERRMSG|||%s|||%d/tcp||| |||Too many timeouts. The port"
1790  " was set to closed.",
1791  plug_current_vhost () ?: " ", port);
1792  kb_item_push_str (args->key, "internal/results", buffer);
1793  }
1794  }
1795  g_free (ip_str);
1796  }
1797 
1798  return ret;
1799 }
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:658
const char * plug_current_vhost(void)
Definition: plugutils.c:57
int host_get_port_state(struct script_infos *plugdata, int portnum)
Definition: plugutils.c:154
struct in6_addr * ip
Definition: scanneraux.h:51
int open_sock_option(struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
Definition: network.c:1802
char * plug_get_host_ip_str(struct script_infos *desc)
Definition: plugutils.c:291
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_socket()

static int open_socket ( struct sockaddr *  paddr,
int  type,
int  protocol,
int  timeout,
int  len 
)
static

Definition at line 1601 of file network.c.

References __port_closed, block_socket(), pid_perror(), socket_close(), TIMEOUT, timeval(), and unblock_socket().

Referenced by open_sock_opt_hn(), and open_sock_option().

1603 {
1604  fd_set fd_w;
1605  struct timeval to;
1606  int soc, x;
1607  int opt;
1608  unsigned int opt_sz;
1609  int family;
1610 
1611  __port_closed = 0;
1612 
1613  if (paddr->sa_family == AF_INET)
1614  {
1615  family = AF_INET;
1616  if ((soc = socket (AF_INET, type, protocol)) < 0)
1617  {
1618  pid_perror ("socket");
1619  return -1;
1620  }
1621  }
1622  else
1623  {
1624  family = AF_INET6;
1625  if ((soc = socket (AF_INET6, type, protocol)) < 0)
1626  {
1627  pid_perror ("socket");
1628  return -1;
1629  }
1630  }
1631 
1632  if (timeout == -2)
1633  timeout = TIMEOUT;
1634 
1635  if (timeout > 0)
1636  if (unblock_socket (soc) < 0)
1637  {
1638  close (soc);
1639  return -1;
1640  }
1641 
1642  gvm_source_set_socket (soc, 0, family);
1643 
1644  if (connect (soc, paddr, len) < 0)
1645  {
1646  pid_perror ("connect");
1647  again:
1648  switch (errno)
1649  {
1650  case EINPROGRESS:
1651  case EAGAIN:
1652  FD_ZERO (&fd_w);
1653  FD_SET (soc, &fd_w);
1654  to.tv_sec = timeout;
1655  to.tv_usec = 0;
1656  x = select (soc + 1, NULL, &fd_w, NULL, &to);
1657  if (x == 0)
1658  {
1659  pid_perror ("connect->select: timeout");
1660  socket_close (soc);
1661  errno = ETIMEDOUT;
1662  return -1;
1663  }
1664  else if (x < 0)
1665  {
1666  if (errno == EINTR)
1667  {
1668  errno = EAGAIN;
1669  goto again;
1670  }
1671  pid_perror ("select");
1672  socket_close (soc);
1673  return -1;
1674  }
1675 
1676  opt = 0;
1677  opt_sz = sizeof (opt);
1678  if (getsockopt (soc, SOL_SOCKET, SO_ERROR, &opt, &opt_sz) < 0)
1679  {
1680  pid_perror ("getsockopt");
1681  socket_close (soc);
1682  return -1;
1683  }
1684  if (opt == 0)
1685  break;
1686  errno = opt;
1687  pid_perror ("SO_ERROR");
1688  /* fallthrough */
1689  default:
1690  __port_closed = 1;
1691  socket_close (soc);
1692  return -1;
1693  }
1694  }
1695  block_socket (soc);
1696  return soc;
1697 }
static int __port_closed
Definition: network.c:293
static int unblock_socket(int soc)
Definition: network.c:296
#define TIMEOUT
Definition: network.c:58
static int block_socket(int soc)
Definition: network.c:313
struct timeval timeval(unsigned long val)
int socket_close(int soc)
Definition: network.c:1949
static int pid_perror(const char *error)
Definition: network.c:138
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_SSL_connection()

static int open_SSL_connection ( openvas_connection fp,
const char *  cert,
const char *  key,
const char *  passwd,
const char *  cafile,
const char *  hostname 
)
static

Definition at line 561 of file network.c.

References openvas_connection::fd, hostname, is_ip_address(), openvas_connection::last_err, load_cert_and_key(), pid_perror(), openvas_connection::priority, set_gnutls_protocol(), openvas_connection::timeout, timeval(), openvas_connection::tls_cred, openvas_connection::tls_session, tlserror(), openvas_connection::transport, and unblock_socket().

Referenced by open_stream_connection_ext(), and socket_negotiate_ssl().

564 {
565  int ret, err, d;
566  time_t tictac;
567  fd_set fdw, fdr;
568  struct timeval to;
569 
570  ret = gnutls_init (&(fp->tls_session), GNUTLS_CLIENT);
571  if (ret < 0)
572  {
573  tlserror ("gnutls_init", ret);
574  return -1;
575  }
576 
577  /* set_gnutls_protocol handles OPENVAS_ENCAPS_SSLv2 by falling back
578  * to OPENVAS_ENCAPS_SSLv23. However, this function
579  * (open_SSL_connection) is called only by open_stream_connection and
580  * open_stream_connection will exit with an error code if called with
581  * OPENVAS_ENCAPS_SSLv2, so it should never end up calling
582  * open_SSL_connection with OPENVAS_ENCAPS_SSLv2.
583  */
584  if (set_gnutls_protocol (fp->tls_session, fp->transport, fp->priority) < 0)
585  return -1;
586 
587  if (hostname && !is_ip_address (hostname))
588  gnutls_server_name_set (fp->tls_session, GNUTLS_NAME_DNS, hostname,
589  strlen (hostname));
590 
591  ret = gnutls_certificate_allocate_credentials (&(fp->tls_cred));
592  if (ret < 0)
593  {
594  tlserror ("gnutls_certificate_allocate_credentials", ret);
595  return -1;
596  }
597  ret = gnutls_credentials_set (fp->tls_session, GNUTLS_CRD_CERTIFICATE,
598  fp->tls_cred);
599  if (ret < 0)
600  {
601  tlserror ("gnutls_credentials_set", ret);
602  return -1;
603  }
604 
605  if (cert != NULL && key != NULL)
606  {
607  if (load_cert_and_key (fp->tls_cred, cert, key, passwd) < 0)
608  return -1;
609  }
610 
611  if (cafile != NULL)
612  {
613  ret = gnutls_certificate_set_x509_trust_file (fp->tls_cred, cafile,
614  GNUTLS_X509_FMT_PEM);
615  if (ret < 0)
616  {
617  tlserror ("gnutls_certificate_set_x509_trust_file", ret);
618  return -1;
619  }
620  }
621 
622  unblock_socket (fp->fd);
623 
624  gnutls_transport_set_ptr (fp->tls_session,
625  (gnutls_transport_ptr_t) GSIZE_TO_POINTER (fp->fd));
626 
627  tictac = time (NULL);
628 
629  for (;;)
630  {
631  err = gnutls_handshake (fp->tls_session);
632 
633  if (err == 0)
634  return 1;
635 
636  if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
637  && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
638  {
639  g_debug ("[%d] gnutls_handshake: %s", getpid (),
640  gnutls_strerror (err));
641  return -1;
642  }
643 
644  FD_ZERO (&fdr);
645  FD_SET (fp->fd, &fdr);
646  FD_ZERO (&fdw);
647  FD_SET (fp->fd, &fdw);
648 
649  do
650  {
651  d = tictac + fp->timeout - time (NULL);
652  if (d <= 0)
653  {
654  fp->last_err = ETIMEDOUT;
655  return -1;
656  }
657  to.tv_sec = d;
658  to.tv_usec = 0;
659  errno = 0;
660  if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
661  pid_perror ("select");
662  }
663  while (ret < 0 && errno == EINTR);
664 
665  if (ret <= 0)
666  {
667  fp->last_err = ETIMEDOUT;
668  return -1;
669  }
670  }
671 }
static int set_gnutls_protocol(gnutls_session_t session, openvas_encaps_t encaps, const char *priority)
Definition: network.c:404
gnutls_session_t tls_session
Definition: network.c:88
openvas_encaps_t transport
Definition: network.c:82
gnutls_certificate_credentials_t tls_cred
Definition: network.c:89
static int load_cert_and_key(gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
Loads a certificate and the corresponding private key from PEM files.
Definition: network.c:457
static int unblock_socket(int soc)
Definition: network.c:296
static int is_ip_address(const char *str)
Definition: network.c:549
struct timeval timeval(unsigned long val)
const char * hostname
Definition: pluginlaunch.c:76
char * priority
Definition: network.c:83
static int pid_perror(const char *error)
Definition: network.c:138
void tlserror(char *txt, int err)
Definition: network.c:336
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_auto_encaps_ext()

int open_stream_auto_encaps_ext ( struct script_infos args,
unsigned int  port,
int  timeout,
int  force 
)

Definition at line 1002 of file network.c.

References open_stream_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_TLScustom, plug_get_port_transport(), and plug_set_port_transport().

Referenced by nasl_open_sock_tcp_bufsz().

1004 {
1005  int fd, transport;
1006 
1007  if (force)
1008  {
1009  /* Try SSL/TLS first */
1010  transport = OPENVAS_ENCAPS_TLScustom;
1011  fd = open_stream_connection (args, port, transport, timeout);
1012  if (fd < 0)
1013  {
1014  transport = OPENVAS_ENCAPS_IP;
1015  fd = open_stream_connection (args, port, OPENVAS_ENCAPS_IP, timeout);
1016  if (fd < 0)
1017  return -1;
1018  }
1019  /* Store that encapsulation mode in the KB. */
1020  plug_set_port_transport (args, port, transport);
1021  return fd;
1022  }
1023  else
1024  {
1025  transport = plug_get_port_transport (args, port);
1026  fd = open_stream_connection (args, port, transport, timeout);
1027  return fd;
1028  }
1029  /*NOTREACHED*/
1030 }
int plug_get_port_transport(struct script_infos *args, int port)
Definition: plugutils.c:885
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition: plugutils.c:872
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition: network.c:992
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection()

int open_stream_connection ( struct script_infos args,
unsigned int  port,
int  transport,
int  timeout 
)

Definition at line 992 of file network.c.

References open_stream_connection_ext().

Referenced by nasl_end_denial(), nasl_start_denial(), open_stream_auto_encaps_ext(), and plugin_do_run().

994 {
995  return open_stream_connection_ext (args, port, transport, timeout,
996  "NORMAL:+ARCFOUR-128:%COMPAT");
997 }
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority)
Definition: network.c:886
Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection_ext()

int open_stream_connection_ext ( struct script_infos args,
unsigned int  port,
int  transport,
int  timeout,
const char *  priority 
)

Definition at line 886 of file network.c.

References openvas_connection::fd, get_connection_fd(), hostname, openvas_connection::last_err, script_infos::name, open_sock_tcp(), open_SSL_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), TIMEOUT, openvas_connection::timeout, and openvas_connection::transport.

Referenced by nasl_open_sock_tcp_bufsz(), and open_stream_connection().

888 {
889  int fd;
890  openvas_connection *fp;
891  char *cert = NULL;
892  char *key = NULL;
893  char *passwd = NULL;
894  char *cafile = NULL;
895  char *hostname = NULL;
896 
897  if (!priority)
898  priority = ""; /* To us an empty string is equivalent to NULL. */
899 
900  g_debug ("[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
901  " priority: '%s'",
902  getpid (), port, transport, timeout, priority);
903 
904  if (timeout == -2)
905  timeout = TIMEOUT;
906 
907  switch (transport)
908  {
909  case OPENVAS_ENCAPS_IP:
910 
918  break;
919 
920  default:
921  g_message ("open_stream_connection_ext(): unsupported transport"
922  " layer %d passed by %s",
923  transport, args->name);
924  errno = EINVAL;
925  return -1;
926  }
927 
928  if ((fd = get_connection_fd ()) < 0)
929  return -1;
930  fp = OVAS_CONNECTION_FROM_FD (fd);
931 
932  fp->transport = transport;
933  g_free (fp->priority);
934  if (*priority)
935  fp->priority = g_strdup (priority);
936  else
937  fp->priority = NULL;
938  fp->timeout = timeout;
939  fp->port = port;
940  fp->last_err = 0;
941 
942  fp->fd = open_sock_tcp (args, port, timeout);
943  if (fp->fd < 0)
944  goto failed;
945 
946  kb_t kb = plug_get_kb (args);
947  switch (transport)
948  {
949  int ret;
950  char buf[1024];
951 
952  case OPENVAS_ENCAPS_IP:
953  break;
960  cert = kb_item_get_str (kb, "SSL/cert");
961  key = kb_item_get_str (kb, "SSL/key");
962  passwd = kb_item_get_str (kb, "SSL/password");
963 
964  cafile = kb_item_get_str (kb, "SSL/CA");
965 
966  /* fall through */
967 
969  /* We do not need a client certificate in this case */
970  snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
971  if (kb_item_get_int (kb, buf) <= 0)
972  hostname = plug_get_host_fqdn (args);
973  ret = open_SSL_connection (fp, cert, key, passwd, cafile, hostname);
974  g_free (hostname);
975  g_free (cert);
976  g_free (key);
977  g_free (passwd);
978  g_free (cafile);
979  if (ret <= 0)
980  goto failed;
981  break;
982  }
983 
984  return fd;
985 
986 failed:
987  release_connection_fd (fd, 0);
988  return -1;
989 }
static int get_connection_fd(void)
Returns a free file descriptor.
Definition: network.c:163
char * plug_get_host_fqdn(struct script_infos *args)
Definition: plugutils.c:211
static int release_connection_fd(int fd, int already_closed)
Definition: network.c:183
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
char * name
Definition: scanneraux.h:49
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:658
openvas_encaps_t transport
Definition: network.c:82
int open_sock_tcp(struct script_infos *args, unsigned int port, int timeout)
Definition: network.c:1729
#define TIMEOUT
Definition: network.c:58
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname)
Definition: network.c:561
const char * hostname
Definition: pluginlaunch.c:76
char * priority
Definition: network.c:83
Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas_deregister_connection()

int openvas_deregister_connection ( int  fd)

Definition at line 269 of file network.c.

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::priority, and openvas_connection::transport.

270 {
272  if (!OPENVAS_STREAM (fd))
273  {
274  errno = EINVAL;
275  return -1;
276  }
277 
278  p = connections + (fd - OPENVAS_FD_OFF);
279  /* Fixme: Code duplicated from release_connection_fd. Check usage
280  of this function make sure that TLS stuff is also released in
281  case it is used here. */
282  g_free (p->priority);
283  p->priority = NULL;
284  bzero (p, sizeof (*p));
285  p->transport = -1;
286  return 0;
287 }
#define OPENVAS_FD_OFF
Definition: network.c:105
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:107
openvas_encaps_t transport
Definition: network.c:82
#define OPENVAS_STREAM(x)
Definition: network.c:126
char * priority
Definition: network.c:83

◆ openvas_get_socket_from_connection()

int openvas_get_socket_from_connection ( int  fd)

Definition at line 367 of file network.c.

References connections, openvas_connection::fd, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::transport.

Referenced by nasl_get_source_port(), nasl_ssh_connect(), and plugin_do_run().

368 {
369  openvas_connection *fp;
370 
371  if (!OPENVAS_STREAM (fd))
372  {
373  g_message ("[%d] openvas_get_socket_from_connection: bad fd <%d>",
374  getpid (), fd);
375  return fd;
376  }
377  fp = connections + (fd - OPENVAS_FD_OFF);
378  if (fp->transport <= 0)
379  {
380  g_message ("openvas_get_socket_from_connection: fd <%d> is closed", fd);
381  return -1;
382  }
383  return fp->fd;
384 }
#define OPENVAS_FD_OFF
Definition: network.c:105
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:107
openvas_encaps_t transport
Definition: network.c:82
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ openvas_register_connection()

int openvas_register_connection ( int  soc,
void *  ssl,
gnutls_certificate_credentials_t  certcred,
openvas_encaps_t  encaps 
)
Todo:
TLS FIXME: migrate this to TLS
Todo:
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.

Definition at line 244 of file network.c.

References openvas_connection::fd, get_connection_fd(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, openvas_connection::port, openvas_connection::priority, TIMEOUT, openvas_connection::timeout, openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_open_privileged_socket().

247 {
248  int fd;
250 
251  if ((fd = get_connection_fd ()) < 0)
252  return -1;
253  p = OVAS_CONNECTION_FROM_FD (fd);
254 
255  p->tls_session = ssl;
256  p->tls_cred = certcred;
257 
258  p->timeout = TIMEOUT; /* default value */
259  p->port = 0; /* just used for debug */
260  p->fd = soc;
261  p->transport = encaps;
262  p->priority = NULL;
263  p->last_err = 0;
264 
265  return fd;
266 }
static int get_connection_fd(void)
Returns a free file descriptor.
Definition: network.c:163
gnutls_session_t tls_session
Definition: network.c:88
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
openvas_encaps_t transport
Definition: network.c:82
gnutls_certificate_credentials_t tls_cred
Definition: network.c:89
#define TIMEOUT
Definition: network.c:58
char * priority
Definition: network.c:83
Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas_SSL_init()

int openvas_SSL_init ( void  )

Initializes SSL support.

Definition at line 351 of file network.c.

References log_message_gnutls(), and tlserror().

Referenced by main(), openvas(), and start_single_task_scan().

352 {
353  gnutls_global_set_log_level (2);
354  gnutls_global_set_log_function (log_message_gnutls);
355 
356  int ret = gnutls_global_init ();
357  if (ret < 0)
358  {
359  tlserror ("gnutls_global_init", ret);
360  return -1;
361  }
362 
363  return 0;
364 }
static void log_message_gnutls(int level, const char *msg)
Definition: network.c:342
void tlserror(char *txt, int err)
Definition: network.c:336
Here is the call graph for this function:
Here is the caller graph for this function:

◆ os_recv()

int os_recv ( int  soc,
void *  buf,
int  len,
int  opt 
)

Definition at line 2042 of file network.c.

2043 {
2044  char *buf0 = (char *) buf;
2045  int e, n;
2046  for (n = 0; n < len;)
2047  {
2048  errno = 0;
2049  e = recv (soc, buf0 + n, len - n, opt);
2050  if (e < 0 && errno == EINTR)
2051  continue;
2052  else if (e <= 0)
2053  return -1;
2054  else
2055  n += e;
2056  }
2057  return n;
2058 }

◆ os_send()

int os_send ( int  soc,
void *  buf,
int  len,
int  opt 
)

Definition at line 2023 of file network.c.

Referenced by nsend().

2024 {
2025  char *buf0 = (char *) buf;
2026  int e, n;
2027  for (n = 0; n < len;)
2028  {
2029  errno = 0;
2030  e = send (soc, buf0 + n, len - n, opt);
2031  if (e < 0 && errno == EINTR)
2032  continue;
2033  else if (e <= 0)
2034  return -1;
2035  else
2036  n += e;
2037  }
2038  return n;
2039 }
Here is the caller graph for this function:

◆ ovas_get_tlssession_from_connection()

gnutls_session_t ovas_get_tlssession_from_connection ( int  fd)

Definition at line 387 of file network.c.

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::tls_session.

Referenced by socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), and socket_get_ssl_version().

388 {
389  openvas_connection *fp;
390 
391  if (!OPENVAS_STREAM (fd))
392  return NULL;
393 
394  fp = connections + (fd - OPENVAS_FD_OFF);
395  return fp->tls_session;
396 }
#define OPENVAS_FD_OFF
Definition: network.c:105
gnutls_session_t tls_session
Definition: network.c:88
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:107
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ pid_perror()

static int pid_perror ( const char *  error)
static

Same as perror(), but prefixes the data by our pid.

Definition at line 138 of file network.c.

Referenced by block_socket(), open_socket(), open_SSL_connection(), read_stream_connection_unbuffered(), release_connection_fd(), unblock_socket(), and write_stream_connection4().

139 {
140  g_debug ("[%d] %s : %s", getpid (), error, strerror (errno));
141  return 0;
142 }
Here is the caller graph for this function:

◆ qsort_compar()

static int qsort_compar ( const void *  a,
const void *  b 
)
static

Definition at line 2081 of file network.c.

Referenced by getpts().

2082 {
2083  u_short *aa = (u_short *) a;
2084  u_short *bb = (u_short *) b;
2085  if (*aa == 0)
2086  return 1;
2087  else if (*bb == 0)
2088  return -1;
2089  else
2090  return *aa - *bb;
2091 }
Here is the caller graph for this function:

◆ read_stream_connection()

int read_stream_connection ( int  fd,
void *  buf0,
int  len 
)

Definition at line 1272 of file network.c.

References read_stream_connection_min().

Referenced by nasl_telnet_init(), nrecv(), and plugin_do_run().

1273 {
1274  return read_stream_connection_min (fd, buf0, -1, len);
1275 }
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1212
Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_min()

int read_stream_connection_min ( int  fd,
void *  buf0,
int  min_len,
int  max_len 
)

Definition at line 1212 of file network.c.

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and read_stream_connection_unbuffered().

Referenced by nasl_recv(), nasl_recv_line(), nasl_telnet_init(), plugin_do_run(), read_stream_connection(), and recv_line().

1213 {
1214  openvas_connection *fp;
1215 
1216  if (OPENVAS_STREAM (fd))
1217  {
1218  fp = OVAS_CONNECTION_FROM_FD (fd);
1219  if (fp->buf != NULL)
1220  {
1221  int l1, l2;
1222 
1223  if (max_len == 1)
1224  min_len = 1; /* avoid "magic read" later */
1225  l2 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1226  if (l2 > 0)
1227  {
1228  memcpy (buf0, fp->buf + fp->bufptr, l2);
1229  fp->bufcnt -= l2;
1230  if (fp->bufcnt == 0)
1231  {
1232  fp->bufptr = 0;
1233  fp->buf[0] = '\0'; /* debug */
1234  }
1235  else
1236  fp->bufptr += l2;
1237  if (l2 >= min_len || l2 >= max_len)
1238  return l2;
1239  max_len -= l2;
1240  min_len -= l2;
1241  }
1242  if (min_len > fp->bufsz)
1243  {
1244  l1 = read_stream_connection_unbuffered (fd, (char *) buf0 + l2,
1245  min_len, max_len);
1246  if (l1 > 0)
1247  return l1 + l2;
1248  else
1249  return l2;
1250  }
1251  /* Fill buffer */
1252  l1 =
1253  read_stream_connection_unbuffered (fd, fp->buf, min_len, fp->bufsz);
1254  if (l1 <= 0)
1255  return l2;
1256 
1257  fp->bufcnt = l1;
1258  l1 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1259  memcpy ((char *) buf0 + l2, fp->buf + fp->bufptr, l1);
1260  fp->bufcnt -= l1;
1261  if (fp->bufcnt == 0)
1262  fp->bufptr = 0;
1263  else
1264  fp->bufptr += l1;
1265  return l1 + l2;
1266  }
1267  }
1268  return read_stream_connection_unbuffered (fd, buf0, min_len, max_len);
1269 }
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
#define OPENVAS_STREAM(x)
Definition: network.c:126
static int read_stream_connection_unbuffered(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1049
Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_unbuffered()

static int read_stream_connection_unbuffered ( int  fd,
void *  buf0,
int  min_len,
int  max_len 
)
static

Definition at line 1049 of file network.c.

References openvas_connection::fd, INCR_TIMEOUT, openvas_connection::last_err, nasl_get_function_name(), nasl_get_plugin_filename(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::pid, pid_perror(), TIMEOUT, openvas_connection::timeout, timeval(), openvas_connection::tls_session, and openvas_connection::transport.

Referenced by read_stream_connection_min().

1050 {
1051  int ret, realfd, trp, t, select_status;
1052  int total = 0, flag = 0, timeout = TIMEOUT, waitall = 0;
1053  unsigned char *buf = (unsigned char *) buf0;
1054  openvas_connection *fp = NULL;
1055  fd_set fdr, fdw;
1056  struct timeval tv;
1057  time_t now, then;
1058 
1059  if (OPENVAS_STREAM (fd))
1060  {
1061  fp = OVAS_CONNECTION_FROM_FD (fd);
1062  trp = fp->transport;
1063  realfd = fp->fd;
1064  fp->last_err = 0;
1065  if (fp->timeout != -2)
1066  timeout = fp->timeout;
1067  }
1068  else
1069  {
1070  trp = OPENVAS_ENCAPS_IP;
1071  if (fd < 0 || fd > 1024)
1072  {
1073  errno = EBADF;
1074  return -1;
1075  }
1076  realfd = fd;
1077  }
1078 
1079 #ifndef INCR_TIMEOUT
1080 #define INCR_TIMEOUT 1
1081 #endif
1082 
1083  if (min_len == max_len || timeout <= 0)
1084  waitall = MSG_WAITALL;
1085  if (trp == OPENVAS_ENCAPS_IP)
1086  {
1087  for (t = 0; total < max_len && (timeout <= 0 || t < timeout);)
1088  {
1089  tv.tv_sec = INCR_TIMEOUT; /* Not timeout! */
1090  tv.tv_usec = 0;
1091  FD_ZERO (&fdr);
1092  FD_SET (realfd, &fdr);
1093  if (select (realfd + 1, &fdr, NULL, NULL, timeout > 0 ? &tv : NULL)
1094  <= 0)
1095  {
1096  t += INCR_TIMEOUT;
1097  /* Try to be smart */
1098  if (total > 0 && flag)
1099  return total;
1100  else if (total >= min_len)
1101  flag++;
1102  }
1103  else
1104  {
1105  errno = 0;
1106  ret = recv (realfd, buf + total, max_len - total, waitall);
1107  if (ret < 0)
1108  if (errno != EINTR)
1109  {
1110  return total;
1111  }
1112  else
1113  ret = 0;
1114  else if (ret == 0) /* EOF */
1115  {
1116  return total;
1117  }
1118  /*ret > 0 */
1119  total += ret;
1120  if (min_len > 0 && total >= min_len)
1121  return total;
1122  flag = 0;
1123  }
1124  }
1125  return total;
1126  }
1127 
1128  switch (trp)
1129  {
1130  /* OPENVAS_ENCAPS_IP was treated before with the non-OpenVAS fd */
1131  case OPENVAS_ENCAPS_SSLv2:
1132  case OPENVAS_ENCAPS_SSLv23:
1133  case OPENVAS_ENCAPS_SSLv3:
1134  case OPENVAS_ENCAPS_TLSv1:
1135  case OPENVAS_ENCAPS_TLSv11:
1136  case OPENVAS_ENCAPS_TLSv12:
1138  if (getpid () != fp->pid)
1139  {
1140  g_debug ("PID %d tries to use a SSL/TLS connection established "
1141  "by PID %d\n",
1142  getpid (), fp->pid);
1143  errno = EINVAL;
1144  return -1;
1145  }
1146 
1147  then = time (NULL);
1148  for (t = 0; timeout <= 0 || t < timeout; t = now - then)
1149  {
1150  now = time (NULL);
1151  tv.tv_sec = INCR_TIMEOUT;
1152  tv.tv_usec = 0;
1153  FD_ZERO (&fdr);
1154  FD_ZERO (&fdw);
1155  FD_SET (realfd, &fdr);
1156  FD_SET (realfd, &fdw);
1157 
1158  select_status = select (realfd + 1, &fdr, &fdw, NULL, &tv);
1159 
1160  if (select_status > 0)
1161  {
1162  /* TLS FIXME: handle rehandshake */
1163  ret = gnutls_record_recv (fp->tls_session, buf + total,
1164  max_len - total);
1165  if (ret > 0)
1166  {
1167  total += ret;
1168  if (total >= max_len)
1169  return total;
1170  }
1171  else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1172  {
1173  /* This branch also handles the case where ret == 0,
1174  * i.e. that the connection has been closed. This is
1175  * for compatibility with the old OpenSSL based openvas
1176  * code which treated SSL_ERROR_ZERO_RETURN as an
1177  * error too.
1178  */
1179  if (ret < 0)
1180  pid_perror ("gnutls_record_recv");
1181  else
1182  g_debug ("gnutls_record_recv[%d]: EOF\n", getpid ());
1183  fp->last_err = EPIPE;
1184  return total;
1185  }
1186  }
1187 
1188  if (min_len > 0 && total >= min_len)
1189  return total;
1190  }
1191  if (t >= timeout)
1192  fp->last_err = ETIMEDOUT;
1193  return total;
1194 
1195  default:
1196  if (fp->transport || fp->fd != 0)
1197  g_message ("Function %s called from %s: "
1198  "Severe bug! Unhandled transport layer %d (fd=%d).",
1200  fp->transport, fd);
1201  else
1202  g_message ("read_stream_connection_unbuffered: "
1203  "fd=%d is closed",
1204  fd);
1205  errno = EINVAL;
1206  return -1;
1207  }
1208  /*NOTREACHED*/
1209 }
gnutls_session_t tls_session
Definition: network.c:88
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
#define INCR_TIMEOUT
const char * nasl_get_function_name()
Definition: nasl_debug.c:91
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition: nasl_debug.c:52
openvas_encaps_t transport
Definition: network.c:82
#define OPENVAS_STREAM(x)
Definition: network.c:126
#define TIMEOUT
Definition: network.c:58
struct timeval timeval(unsigned long val)
static int pid_perror(const char *error)
Definition: network.c:138
Here is the call graph for this function:
Here is the caller graph for this function:

◆ recv_line()

int recv_line ( int  soc,
char *  buf,
size_t  bufsiz 
)

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.

Definition at line 1846 of file network.c.

References OPENVAS_STREAM, and read_stream_connection_min().

Referenced by ftp_get_pasv_address(), and ftp_log_in().

1847 {
1848  int n;
1849  unsigned int ret = 0;
1850 
1851  /* Dirty SSL hack */
1852  if (OPENVAS_STREAM (soc))
1853  {
1854  unsigned int ret = 0;
1855  buf[0] = '\0';
1856 
1857  do
1858  {
1859  n = read_stream_connection_min (soc, buf + ret, 1, 1);
1860  switch (n)
1861  {
1862  case -1:
1863  if (ret == 0)
1864  return -1;
1865  else
1866  return ret;
1867  break;
1868 
1869  case 0:
1870  return ret;
1871  break;
1872 
1873  default:
1874  ret++;
1875  }
1876  }
1877  while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
1878 
1879  if (ret > 0)
1880  {
1881  if (buf[ret - 1] != '\0')
1882  {
1883  if (ret < bufsiz)
1884  buf[ret] = '\0';
1885  else
1886  buf[bufsiz - 1] = '\0';
1887  }
1888  }
1889 
1890  return ret;
1891  }
1892  else
1893  {
1894  fd_set rd;
1895 
1896  do
1897  {
1898  int e;
1899  again:
1900  errno = 0;
1901  FD_ZERO (&rd);
1902  FD_SET (soc, &rd);
1903  e = select (soc + 1, &rd, NULL, NULL, NULL);
1904  if (e == 0 && !FD_ISSET (soc, &rd))
1905  return -1;
1906  if (e < 0 && errno == EINTR)
1907  goto again;
1908  if (e > 0)
1909  {
1910  n = recv (soc, buf + ret, 1, 0);
1911  switch (n)
1912  {
1913  case -1:
1914  if (errno == EINTR)
1915  continue;
1916  if (ret == 0)
1917  return -1;
1918  else
1919  return ret;
1920  break;
1921  case 0:
1922  return ret;
1923  break;
1924  default:
1925  ret++;
1926  }
1927  }
1928  else
1929  break;
1930  }
1931  while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
1932 
1933  if (ret > 0)
1934  {
1935  if (buf[ret - 1] != '\0')
1936  {
1937  if (ret < bufsiz)
1938  buf[ret] = '\0';
1939  else
1940  buf[bufsiz - 1] = '\0';
1941  }
1942  }
1943  }
1944 
1945  return ret;
1946 }
#define OPENVAS_STREAM(x)
Definition: network.c:126
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1212
Here is the call graph for this function:
Here is the caller graph for this function:

◆ release_connection_fd()

static int release_connection_fd ( int  fd,
int  already_closed 
)
static

Definition at line 183 of file network.c.

References openvas_connection::buf, openvas_connection::fd, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::pid, pid_perror(), openvas_connection::priority, socket_close(), openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by close_stream_connection(), open_stream_connection_ext(), and socket_negotiate_ssl().

184 {
186 
187  if (!OPENVAS_STREAM (fd))
188  {
189  errno = EINVAL;
190  return -1;
191  }
192  p = OVAS_CONNECTION_FROM_FD (fd);
193 
194  g_free (p->buf);
195  p->buf = 0;
196 
197  /* TLS FIXME: we should call gnutls_bye somewhere. OTOH, the OpenSSL
198  * equivalent SSL_shutdown wasn't called anywhere in the OpenVAS
199  * (libopenvas nor elsewhere) code either.
200  */
201 
202  /* So far, fd is always a socket. If this is changed in the future, this
203  * code shall be fixed. */
204  if (p->fd >= 0)
205  {
206  g_debug ("[%d] release_connection_fd: fd > 0 fd=%d", getpid (), p->fd);
207  if (shutdown (p->fd, 2) < 0)
208  {
209  /*
210  * It's not uncommon to see that one fail, since a lot of
211  * services close the connection before we ask them to
212  * (ie: http), so we don't show this error by default
213  */
214  pid_perror ("release_connection_fd: shutdown()");
215  }
216  if (!already_closed && socket_close (p->fd) < 0)
217  pid_perror ("release_connection_fd: close()");
218  }
219 
220  if (p->tls_session != NULL)
221  gnutls_deinit (p->tls_session);
222  if (p->tls_cred != NULL)
223  gnutls_certificate_free_credentials (p->tls_cred);
224 
225  g_free (p->priority);
226  p->priority = NULL;
227 
228  bzero (p, sizeof (*p));
229  p->transport = -1;
230  p->pid = 0;
231 
232  return 0;
233 }
gnutls_session_t tls_session
Definition: network.c:88
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
openvas_encaps_t transport
Definition: network.c:82
gnutls_certificate_credentials_t tls_cred
Definition: network.c:89
#define OPENVAS_STREAM(x)
Definition: network.c:126
char * priority
Definition: network.c:83
int socket_close(int soc)
Definition: network.c:1949
static int pid_perror(const char *error)
Definition: network.c:138
Here is the call graph for this function:
Here is the caller graph for this function:

◆ run_csc_hooks()

static int run_csc_hooks ( int  fd)
static

Run the hooks for close_stream_connection.

The function runs all registered hooks until the first hook returns with zero to indicate that it has taken over control of the socket. Further hooks are then not anymore run because the file descriptor is not anymore valid.

Parameters
fdThe file descriptor of the stream.
Returns
Zero if one of the hooks has closed the connection; non-zero otherwise.

Definition at line 1507 of file network.c.

References csc_hooks, csc_hook_s::fnc, and csc_hook_s::next.

Referenced by close_stream_connection().

1508 {
1509  struct csc_hook_s *hook;
1510 
1511  for (hook = csc_hooks; hook; hook = hook->next)
1512  if (hook->fnc && !hook->fnc (fd))
1513  return 0;
1514  return -1;
1515 }
Object to store a list of hooks for close_stream_connection.
Definition: network.c:112
int(* fnc)(int fd)
Definition: network.c:115
static struct csc_hook_s * csc_hooks
Linked list of hooks to be run by close_stream_connection.
Definition: network.c:121
struct csc_hook_s * next
Definition: network.c:114
Here is the caller graph for this function:

◆ set_gnutls_protocol()

static int set_gnutls_protocol ( gnutls_session_t  session,
openvas_encaps_t  encaps,
const char *  priority 
)
static

Sets the priorities for the GnuTLS session according to encaps. PRIORITY is used to convey custom priorities; it is only used if ENCAPS is set to OPENVAS_ENCAPS_TLScustom.

Definition at line 404 of file network.c.

References OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, and OPENVAS_ENCAPS_TLSv12.

Referenced by open_SSL_connection().

406 {
407  const char *priorities;
408  const char *errloc;
409  int err;
410 
411  switch (encaps)
412  {
414  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
415  break;
417  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+ARCFOUR-128:%COMPAT";
418  break;
420  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+ARCFOUR-128:%COMPAT";
421  break;
423  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ARCFOUR-128:%COMPAT";
424  break;
425  case OPENVAS_ENCAPS_SSLv23: /* Compatibility mode */
426  priorities =
427  "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
428  break;
429  default:
430  g_debug ("*Bug* at %s:%d. Unknown transport %d", __FILE__, __LINE__,
431  encaps);
432  /* fallthrough */
434  priorities = priority;
435  break;
436  }
437 
438  if ((err = gnutls_priority_set_direct (session, priorities, &errloc)))
439  {
440  g_message ("[%d] setting session priorities '%.20s': %s", getpid (),
441  errloc, gnutls_strerror (err));
442  return -1;
443  }
444 
445  return 0;
446 }
Here is the caller graph for this function:

◆ socket_close()

int socket_close ( int  soc)

Definition at line 1949 of file network.c.

Referenced by close_stream_connection(), open_socket(), and release_connection_fd().

1950 {
1951  return close (soc);
1952 }
Here is the caller graph for this function:

◆ socket_get_cert()

void socket_get_cert ( int  fd,
void **  cert,
int *  certlen 
)

Definition at line 730 of file network.c.

References fd_is_stream(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_cert().

731 {
732  gnutls_session_t session;
733  const gnutls_datum_t *cert_list;
734  unsigned int cert_list_len = 0;
735 
736  if (!cert || !certlen)
737  return;
738  if (!fd_is_stream (fd))
739  {
740  g_message ("Socket %d is not stream", fd);
741  return;
742  }
744  if (!session)
745  {
746  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
747  return;
748  }
749  if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
750  return;
751  cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
752  if (cert_list_len == 0)
753  return;
754  *certlen = cert_list[0].size;
755  *cert = g_memdup (cert_list[0].data, *certlen);
756 }
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition: network.c:387
int fd_is_stream(int fd)
Definition: network.c:1959
Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_ciphersuite()

int socket_get_ssl_ciphersuite ( int  fd)

Definition at line 847 of file network.c.

References fd_is_stream(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_ciphersuite().

848 {
849  gnutls_session_t session;
850  gnutls_kx_algorithm_t kx, kx2;
851  gnutls_cipher_algorithm_t cipher, cipher2;
852  gnutls_mac_algorithm_t mac, mac2;
853  size_t idx = 0;
854  unsigned char cs_id[2];
855 
856  if (!fd_is_stream (fd))
857  {
858  g_message ("Socket %d is not stream", fd);
859  return -1;
860  }
862  if (!session)
863  {
864  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
865  return -1;
866  }
867 
868  kx = gnutls_kx_get (session);
869  cipher = gnutls_cipher_get (session);
870  mac = gnutls_mac_get (session);
871  while (
872  gnutls_cipher_suite_info (idx, (void *) cs_id, &kx2, &cipher2, &mac2, NULL))
873  {
874  if (kx == kx2 && cipher == cipher2 && mac == mac2)
875  return cs_id[0] + cs_id[1];
876  idx++;
877  }
878  return -1;
879 }
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition: network.c:387
int fd_is_stream(int fd)
Definition: network.c:1959
Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_session_id()

void socket_get_ssl_session_id ( int  fd,
void **  sid,
size_t *  ssize 
)

Definition at line 807 of file network.c.

References fd_is_stream(), ovas_get_tlssession_from_connection(), and tlserror().

Referenced by nasl_socket_get_ssl_session_id().

808 {
809  gnutls_session_t session;
810  void *tmp;
811  *ssize = GNUTLS_MAX_SESSION_ID;
812  int ret;
813 
814  if (!sid)
815  return;
816  if (!fd_is_stream (fd))
817  {
818  g_message ("Socket %d is not stream", fd);
819  return;
820  }
822  if (!session)
823  {
824  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
825  return;
826  }
827  tmp = g_malloc0 (*ssize);
828  ret = gnutls_session_get_id (session, tmp, ssize);
829  if (ret == GNUTLS_E_SUCCESS)
830  *sid = tmp;
831  else
832  {
833  g_free (tmp);
834  *ssize = 0;
835  tlserror ("gnutls_session_id", ret);
836  }
837 }
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition: network.c:387
int fd_is_stream(int fd)
Definition: network.c:1959
void tlserror(char *txt, int err)
Definition: network.c:336
Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_version()

int socket_get_ssl_version ( int  fd)

Definition at line 766 of file network.c.

References fd_is_stream(), OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_version().

767 {
768  gnutls_session_t session;
769  gnutls_protocol_t version;
770 
771  if (!fd_is_stream (fd))
772  {
773  g_message ("Socket %d is not stream", fd);
774  return -1;
775  }
777  if (!session)
778  {
779  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
780  return -1;
781  }
782 
783  version = gnutls_protocol_get_version (session);
784  switch (version)
785  {
786  case GNUTLS_SSL3:
787  return OPENVAS_ENCAPS_SSLv3;
788  case GNUTLS_TLS1:
789  return OPENVAS_ENCAPS_TLSv1;
790  case GNUTLS_TLS1_1:
791  return OPENVAS_ENCAPS_TLSv11;
792  case GNUTLS_TLS1_2:
793  return OPENVAS_ENCAPS_TLSv12;
794  default:
795  return -1;
796  }
797 }
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition: network.c:387
int fd_is_stream(int fd)
Definition: network.c:1959
Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_negotiate_ssl()

int socket_negotiate_ssl ( int  fd,
openvas_encaps_t  transport,
struct script_infos args 
)

Definition at line 683 of file network.c.

References fd_is_stream(), hostname, nasl_get_plugin_filename(), open_SSL_connection(), OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), and openvas_connection::transport.

Referenced by nasl_socket_negotiate_ssl().

685 {
686  char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
687  char *hostname = NULL;
688  openvas_connection *fp;
689  kb_t kb;
690  char buf[1024];
691 
692  if (!fd_is_stream (fd))
693  {
694  g_message ("Socket %d is not stream", fd);
695  return -1;
696  }
697  fp = OVAS_CONNECTION_FROM_FD (fd);
698  kb = plug_get_kb (args);
699  cert = kb_item_get_str (kb, "SSL/cert");
700  key = kb_item_get_str (kb, "SSL/key");
701  passwd = kb_item_get_str (kb, "SSL/password");
702  cafile = kb_item_get_str (kb, "SSL/CA");
703  snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
704  if (kb_item_get_int (kb, buf) <= 0)
705  hostname = plug_get_host_fqdn (args);
706 
707  fp->transport = transport;
708  fp->priority = NULL;
709  if (open_SSL_connection (fp, cert, key, passwd, cafile, hostname) <= 0)
710  {
711  g_free (hostname);
712  g_message ("Function socket_negotiate_ssl called from %s: "
713  "SSL/TLS connection failed.",
715  release_connection_fd (fd, 0);
716  return -1;
717  }
718  g_free (hostname);
719  return fd;
720 }
char * plug_get_host_fqdn(struct script_infos *args)
Definition: plugutils.c:211
static int release_connection_fd(int fd, int already_closed)
Definition: network.c:183
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:658
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition: nasl_debug.c:52
int fd_is_stream(int fd)
Definition: network.c:1959
openvas_encaps_t transport
Definition: network.c:82
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname)
Definition: network.c:561
const char * hostname
Definition: pluginlaunch.c:76
char * priority
Definition: network.c:83
Here is the call graph for this function:
Here is the caller graph for this function:

◆ stream_get_buffer_sz()

int stream_get_buffer_sz ( int  fd)

Definition at line 1965 of file network.c.

References openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_recv_line().

1966 {
1967  openvas_connection *p;
1968  if (!OPENVAS_STREAM (fd))
1969  return -1;
1970  p = OVAS_CONNECTION_FROM_FD (fd);
1971  return p->bufsz;
1972 }
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ stream_get_err()

int stream_get_err ( int  fd)

Definition at line 145 of file network.c.

References openvas_connection::last_err, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_socket_get_error().

146 {
148 
149  if (!OPENVAS_STREAM (fd))
150  {
151  errno = EINVAL;
152  return -1;
153  }
154 
155  p = OVAS_CONNECTION_FROM_FD (fd);
156  return p->last_err;
157 }
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ stream_set_buffer()

int stream_set_buffer ( int  fd,
int  sz 
)

Definition at line 1975 of file network.c.

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_open_sock_tcp_bufsz(), and nasl_recv_line().

1976 {
1977  openvas_connection *p;
1978  char *b;
1979 
1980  if (!OPENVAS_STREAM (fd))
1981  return -1;
1982 
1983  p = OVAS_CONNECTION_FROM_FD (fd);
1984  if (sz < p->bufcnt)
1985  return -1; /* Do not want to lose data */
1986 
1987  if (sz == 0)
1988  {
1989  g_free (p->buf);
1990  p->buf = NULL;
1991  p->bufsz = 0;
1992  return 0;
1993  }
1994  else if (p->buf == 0)
1995  {
1996  p->buf = g_malloc0 (sz);
1997  if (p->buf == NULL)
1998  return -1;
1999  p->bufsz = sz;
2000  p->bufptr = 0;
2001  p->bufcnt = 0;
2002  return 0;
2003  }
2004  else
2005  {
2006  if (p->bufcnt > 0)
2007  {
2008  memmove (p->buf, p->buf + p->bufptr, p->bufcnt);
2009  p->bufptr = 0;
2010  }
2011  b = g_realloc (p->buf, sz);
2012  if (b == NULL)
2013  return -1;
2014  p->buf = b;
2015  p->bufsz = sz;
2016  return 0;
2017  }
2018 }
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ stream_set_timeout()

int stream_set_timeout ( int  fd,
int  timeout 
)

Definition at line 1033 of file network.c.

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and openvas_connection::timeout.

Referenced by nasl_recv(), and plugin_do_run().

1034 {
1035  int old;
1036  openvas_connection *fp;
1037  if (!OPENVAS_STREAM (fd))
1038  {
1039  errno = EINVAL;
1040  return 0;
1041  }
1042  fp = OVAS_CONNECTION_FROM_FD (fd);
1043  old = fp->timeout;
1044  fp->timeout = timeout;
1045  return old;
1046 }
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
#define OPENVAS_STREAM(x)
Definition: network.c:126
Here is the caller graph for this function:

◆ tlserror()

void tlserror ( char *  txt,
int  err 
)

Definition at line 336 of file network.c.

Referenced by load_cert_and_key(), open_SSL_connection(), openvas_SSL_init(), and socket_get_ssl_session_id().

337 {
338  g_message ("[%d] %s: %s", getpid (), txt, gnutls_strerror (err));
339 }
Here is the caller graph for this function:

◆ unblock_socket()

static int unblock_socket ( int  soc)
static

Definition at line 296 of file network.c.

References pid_perror().

Referenced by open_socket(), and open_SSL_connection().

297 {
298  int flags = fcntl (soc, F_GETFL, 0);
299  if (flags < 0)
300  {
301  pid_perror ("fcntl(F_GETFL)");
302  return -1;
303  }
304  if (fcntl (soc, F_SETFL, O_NONBLOCK | flags) < 0)
305  {
306  pid_perror ("fcntl(F_SETFL,O_NONBLOCK)");
307  return -1;
308  }
309  return 0;
310 }
static int pid_perror(const char *error)
Definition: network.c:138
Here is the call graph for this function:
Here is the caller graph for this function:

◆ write_stream_connection()

int write_stream_connection ( int  fd,
void *  buf0,
int  n 
)

Definition at line 1396 of file network.c.

References write_stream_connection4().

Referenced by ftp_get_pasv_address(), ftp_log_in(), nasl_telnet_init(), and plugin_do_run().

1397 {
1398  return write_stream_connection4 (fd, buf0, n, 0);
1399 }
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition: network.c:1278
Here is the call graph for this function:
Here is the caller graph for this function:

◆ write_stream_connection4()

static int write_stream_connection4 ( int  fd,
void *  buf0,
int  n,
int  i_opt 
)
static

Definition at line 1278 of file network.c.

References openvas_connection::fd, openvas_connection::last_err, nasl_get_function_name(), nasl_get_plugin_filename(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, pid_perror(), TIMEOUT, openvas_connection::timeout, timeval(), openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nsend(), and write_stream_connection().

1279 {
1280  int ret, count;
1281  unsigned char *buf = (unsigned char *) buf0;
1282  openvas_connection *fp;
1283  fd_set fdr, fdw;
1284  struct timeval tv;
1285  int e;
1286 
1287  if (!OPENVAS_STREAM (fd))
1288  {
1289  g_debug ("write_stream_connection: fd <%d> invalid\n", fd);
1290  errno = EINVAL;
1291  return -1;
1292  }
1293 
1294  fp = OVAS_CONNECTION_FROM_FD (fd);
1295  fp->last_err = 0;
1296 
1297  switch (fp->transport)
1298  {
1299  case OPENVAS_ENCAPS_IP:
1300  for (count = 0; count < n;)
1301  {
1302  ret = send (fp->fd, buf + count, n - count, i_opt);
1303 
1304  if (ret <= 0)
1305  {
1306  if (ret < 0)
1307  fp->last_err = errno;
1308  else
1309  fp->last_err = EPIPE;
1310  break;
1311  }
1312 
1313  count += ret;
1314  }
1315  break;
1316 
1317  case OPENVAS_ENCAPS_SSLv2:
1318  case OPENVAS_ENCAPS_SSLv23:
1319  case OPENVAS_ENCAPS_SSLv3:
1320  case OPENVAS_ENCAPS_TLSv1:
1321  case OPENVAS_ENCAPS_TLSv11:
1322  case OPENVAS_ENCAPS_TLSv12:
1324 
1325  /* i_opt ignored for SSL */
1326  for (count = 0; count < n;)
1327  {
1328  ret = gnutls_record_send (fp->tls_session, buf + count, n - count);
1329 
1330  if (ret > 0)
1331  {
1332  count += ret;
1333  }
1334  else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1335  {
1336  /* This branch also handles the case where ret == 0,
1337  * i.e. that the connection has been closed. This is
1338  * for compatibility with the old openvas code which
1339  * treated SSL_ERROR_ZERO_RETURN as an error too.
1340  */
1341  if (ret < 0)
1342  pid_perror ("gnutls_record_send");
1343  else
1344  g_debug ("gnutls_record_send[%d]: EOF\n", getpid ());
1345  fp->last_err = EPIPE;
1346  break;
1347  }
1348 
1349  if (fp->timeout >= 0)
1350  tv.tv_sec = fp->timeout;
1351  else
1352  tv.tv_sec = TIMEOUT;
1353  tv.tv_usec = 0;
1354 
1355  do
1356  {
1357  errno = 0;
1358  FD_ZERO (&fdr);
1359  FD_ZERO (&fdw);
1360  FD_SET (fp->fd, &fdr);
1361  FD_SET (fp->fd, &fdw);
1362  e = select (fp->fd + 1, &fdr, &fdw, NULL, &tv);
1363  }
1364  while (e < 0 && errno == EINTR);
1365 
1366  if (e <= 0)
1367  {
1368  pid_perror ("select");
1369  fp->last_err = ETIMEDOUT;
1370  break;
1371  }
1372  }
1373  break;
1374 
1375  default:
1376  if (fp->transport || fp->fd != 0)
1377  g_message ("Function %s called from %s: "
1378  "Severe bug! Unhandled transport layer %d (fd=%d).",
1380  fp->transport, fd);
1381  else
1382  g_message ("read_stream_connection_unbuffered: fd=%d is "
1383  "closed",
1384  fd);
1385  errno = EINVAL;
1386  return -1;
1387  }
1388 
1389  if (count == 0 && n > 0)
1390  return -1;
1391  else
1392  return count;
1393 }
gnutls_session_t tls_session
Definition: network.c:88
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:132
const char * nasl_get_function_name()
Definition: nasl_debug.c:91
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition: nasl_debug.c:52
openvas_encaps_t transport
Definition: network.c:82
#define OPENVAS_STREAM(x)
Definition: network.c:126
#define TIMEOUT
Definition: network.c:58
struct timeval timeval(unsigned long val)
static int pid_perror(const char *error)
Definition: network.c:138
Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ __port_closed

int __port_closed
static

Definition at line 293 of file network.c.

Referenced by open_socket().

◆ connections

◆ csc_hooks

struct csc_hook_s* csc_hooks
static

Linked list of hooks to be run by close_stream_connection.

Definition at line 121 of file network.c.

Referenced by add_close_stream_connection_hook(), and run_csc_hooks().