OpenVAS Scanner  22.7.9
network.c File Reference

Network Functions. More...

#include "../nasl/nasl_debug.h"
#include "kb_cache.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gvm/base/logging.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/util/kb.h>
#include <gvm/util/serverutils.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include "network.h"
#include "plugutils.h"
#include "support.h"
Include dependency graph for network.c:

Go to the source code of this file.

Data Structures

struct  openvas_connection
 
struct  csc_hook_s
 Object to store a list of hooks for close_stream_connection. More...
 

Macros

#define TIMEOUT   20
 
#define INADDR_NONE   0xffffffff
 
#define G_LOG_DOMAIN   "lib misc"
 GLib logging domain. More...
 
#define OPENVAS_FD_MAX   1024
 
#define OPENVAS_FD_OFF   1000000
 
#define OPENVAS_STREAM(x)    (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))
 
#define OVAS_CONNECTION_FROM_FD(fd)   (connections + ((fd) -OPENVAS_FD_OFF))
 
#define INCR_TIMEOUT   1
 

Functions

static int pid_perror (const char *error)
 
int stream_get_err (int fd)
 
static int get_connection_fd (void)
 Returns a free file descriptor. More...
 
static int release_connection_fd (int fd, int already_closed)
 
int openvas_register_connection (int soc, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
 
int openvas_deregister_connection (int fd)
 
static int unblock_socket (int soc)
 
static int block_socket (int soc)
 
static void tlserror (char *txt, int err)
 
static void log_message_gnutls (int level, const char *msg)
 
int openvas_SSL_init ()
 Initializes SSL support. More...
 
int openvas_get_socket_from_connection (int fd)
 
gnutls_session_t ovas_get_tlssession_from_connection (int fd)
 
static int set_gnutls_protocol (gnutls_session_t session, openvas_encaps_t encaps, const char *priority, unsigned int flags)
 
static int load_cert_and_key (gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
 Loads a certificate and the corresponding private key from PEM files. More...
 
static int is_ip_address (const char *str)
 
static int open_SSL_connection (openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
 Open an TLS/SSL connection. More...
 
int socket_ssl_safe_renegotiation_status (int fd)
 Check if Secure Renegotiation is supported in the server side. More...
 
int socket_ssl_do_handshake (int fd)
 Do a re-handshake of the TLS/SSL protocol. More...
 
int socket_negotiate_ssl (int fd, openvas_encaps_t transport, struct script_infos *args)
 Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one. More...
 
void socket_get_cert (int fd, void **cert, int *certlen)
 
int socket_get_ssl_version (int fd)
 
void socket_get_ssl_session_id (int fd, void **sid, size_t *ssize)
 
int socket_get_ssl_ciphersuite (int fd)
 
int open_stream_connection_ext (struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
 
void open_stream_tls_default_priorities (const char *p, const int pflag)
 
int open_stream_connection (struct script_infos *args, unsigned int port, int transport, int timeout)
 
int open_stream_auto_encaps_ext (struct script_infos *args, unsigned int port, int timeout, int force)
 
int stream_set_timeout (int fd, int timeout)
 
static int read_stream_connection_unbuffered (int fd, void *buf0, int min_len, int max_len)
 
int read_stream_connection_min (int fd, void *buf0, int min_len, int max_len)
 
int read_stream_connection (int fd, void *buf0, int len)
 
static int write_stream_connection4 (int fd, void *buf0, int n, int i_opt)
 
int write_stream_connection (int fd, void *buf0, int n)
 
int nsend (int fd, void *data, int length, int i_opt)
 
int nrecv (int fd, void *data, int length, int i_opt)
 
void add_close_stream_connection_hook (int(*fnc)(int fd))
 Register a hook function for close_stream_connection. More...
 
static int run_csc_hooks (int fd)
 Run the hooks for close_stream_connection. More...
 
int close_stream_connection (int fd)
 
const char * get_encaps_name (openvas_encaps_t code)
 
const char * get_encaps_through (openvas_encaps_t code)
 
static int open_socket (struct sockaddr *paddr, int type, int protocol, int timeout, int len)
 
int open_sock_opt_hn (const char *hostname, unsigned int port, int type, int protocol, int timeout)
 
int open_sock_tcp (struct script_infos *args, unsigned int port, int timeout)
 
int open_sock_option (struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
 
int recv_line (int soc, char *buf, size_t bufsiz)
 Reads a text from the socket stream into the argument buffer, always. More...
 
int socket_close (int soc)
 
int fd_is_stream (int fd)
 
int stream_get_buffer_sz (int fd)
 
int stream_set_buffer (int fd, int sz)
 
int os_send (int soc, void *buf, int len, int opt)
 
int os_recv (int soc, void *buf, int len, int opt)
 
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
 
static int qsort_compar (const void *a, const void *b)
 
unsigned short * getpts (char *origexpr, int *len)
 Converts a string like "-100,200-1024,3000-4000,60000-" into an array. More...
 

Variables

static openvas_connection connections [OPENVAS_FD_MAX]
 
static struct csc_hook_scsc_hooks
 Linked list of hooks to be run by close_stream_connection. More...
 
const char * tls_priorities = "NORMAL:+ARCFOUR-128:%COMPAT"
 
int tls_priority_flag = NO_PRIORITY_FLAGS
 
static int __port_closed
 

Detailed Description

Network Functions.

Definition in file network.c.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib misc"

GLib logging domain.

Definition at line 55 of file network.c.

◆ INADDR_NONE

#define INADDR_NONE   0xffffffff

Definition at line 48 of file network.c.

◆ INCR_TIMEOUT

#define INCR_TIMEOUT   1

◆ OPENVAS_FD_MAX

#define OPENVAS_FD_MAX   1024

The role of this offset is:

  1. To detect bugs when the program tries to write to a bad fd
  2. See if a fd is a real socket or a "openvas descriptor". This is a quick & dirty hack and should be changed!!!

Definition at line 91 of file network.c.

◆ OPENVAS_FD_OFF

#define OPENVAS_FD_OFF   1000000

Definition at line 92 of file network.c.

◆ OPENVAS_STREAM

#define OPENVAS_STREAM (   x)     (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))

OPENVAS_STREAM(x) is TRUE if <x> is a OpenVAS-ified fd

Definition at line 113 of file network.c.

◆ OVAS_CONNECTION_FROM_FD

#define OVAS_CONNECTION_FROM_FD (   fd)    (connections + ((fd) -OPENVAS_FD_OFF))

determine the openvas_connection* from the openvas fd

Definition at line 119 of file network.c.

◆ TIMEOUT

#define TIMEOUT   20

Definition at line 45 of file network.c.

Function Documentation

◆ add_close_stream_connection_hook()

void add_close_stream_connection_hook ( int(*)(int fd)  fnc)

Register a hook function for close_stream_connection.

The function adds the given hook function to the list of hooks to be run by close_stream_connection. These hooks are intended to test whether they need to close the stream them self. See argument to the hook function is the file descriptor of the stream. The hook shall return 0 if it has taken over control of that file descriptor. The same function is only aded once to the list of hooks.

Parameters
fncThe hook function. See above for details.

Definition at line 1666 of file network.c.

1667 {
1668  struct csc_hook_s *hook;
1669 
1670  for (hook = csc_hooks; hook; hook = hook->next)
1671  if (hook->fnc == fnc)
1672  return; /* Already added. */
1673 
1674  hook = g_malloc0 (sizeof *hook);
1675  hook->fnc = fnc;
1676  hook->next = csc_hooks;
1677  csc_hooks = hook;
1678 }

References csc_hooks, csc_hook_s::fnc, and csc_hook_s::next.

Referenced by next_session_id().

Here is the caller graph for this function:

◆ block_socket()

static int block_socket ( int  soc)
static

Definition at line 303 of file network.c.

304 {
305  int flags = fcntl (soc, F_GETFL, 0);
306  if (flags < 0)
307  {
308  pid_perror ("fcntl(F_GETFL)");
309  return -1;
310  }
311  if (fcntl (soc, F_SETFL, (~O_NONBLOCK) & flags) < 0)
312  {
313  pid_perror ("fcntl(F_SETFL,~O_NONBLOCK)");
314  return -1;
315  }
316  return 0;
317 }

References pid_perror().

Referenced by nrecv(), nsend(), and open_socket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ close_stream_connection()

int close_stream_connection ( int  fd)

Definition at line 1705 of file network.c.

1706 {
1707  openvas_connection *fp;
1708  if (!OPENVAS_STREAM (fd))
1709  {
1710  errno = EINVAL;
1711  return -1;
1712  }
1713  fp = OVAS_CONNECTION_FROM_FD (fd);
1714  g_debug ("close_stream_connection TCP:%d (fd=%d)", fp->port, fd);
1715 
1716  if (!OPENVAS_STREAM (fd)) /* Will never happen if debug is on! */
1717  {
1718  if (fd < 0 || fd > 1024)
1719  {
1720  errno = EINVAL;
1721  return -1;
1722  }
1723  shutdown (fd, 2);
1724  return socket_close (fd);
1725  }
1726  if (!run_csc_hooks (fd))
1727  return release_connection_fd (fd, 1);
1728  else
1729  return release_connection_fd (fd, 0);
1730 }

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::port, release_connection_fd(), run_csc_hooks(), and socket_close().

Referenced by nasl_close_socket(), nasl_end_denial(), nasl_start_denial(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ fd_is_stream()

int fd_is_stream ( int  fd)

◆ get_connection_fd()

static int get_connection_fd ( void  )
static

Returns a free file descriptor.

Definition at line 153 of file network.c.

154 {
155  int i;
156 
157  for (i = 0; i < OPENVAS_FD_MAX; i++)
158  {
159  if (connections[i].pid == 0) /* Not used */
160  {
161  bzero (&(connections[i]), sizeof (connections[i]));
162  connections[i].pid = getpid ();
163  return i + OPENVAS_FD_OFF;
164  }
165  }
166  g_message ("[%d] %s:%d : Out of OpenVAS file descriptors", getpid (),
167  __FILE__, __LINE__);
168  errno = EMFILE;
169  return -1;
170 }

References connections, OPENVAS_FD_MAX, OPENVAS_FD_OFF, openvas_connection::pid, and pid.

Referenced by open_stream_connection_ext(), and openvas_register_connection().

Here is the caller graph for this function:

◆ get_encaps_name()

const char* get_encaps_name ( openvas_encaps_t  code)

Definition at line 1733 of file network.c.

1734 {
1735  static char str[100];
1736  switch (code)
1737  {
1738  case OPENVAS_ENCAPS_AUTO:
1739  return "auto";
1740  case OPENVAS_ENCAPS_IP:
1741  return "IP";
1742  case OPENVAS_ENCAPS_SSLv2:
1743  return "SSLv2";
1744  case OPENVAS_ENCAPS_SSLv23:
1745  return "SSLv23";
1746  case OPENVAS_ENCAPS_SSLv3:
1747  return "SSLv3";
1748  case OPENVAS_ENCAPS_TLSv1:
1749  return "TLSv1";
1750  case OPENVAS_ENCAPS_TLSv11:
1751  return "TLSv11";
1752  case OPENVAS_ENCAPS_TLSv12:
1753  return "TLSv12";
1754  case OPENVAS_ENCAPS_TLSv13:
1755  return "TLSv13";
1757  return "TLScustom";
1758  default:
1759  snprintf (str, sizeof (str), "[unknown transport layer - code %d (0x%x)]",
1760  code, code);
1761  return str;
1762  }
1763 }

References code, OPENVAS_ENCAPS_AUTO, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by get_port_transport(), nasl_get_sock_info(), and plugin_do_run().

Here is the caller graph for this function:

◆ get_encaps_through()

const char* get_encaps_through ( openvas_encaps_t  code)

Definition at line 1766 of file network.c.

1767 {
1768  static char str[100];
1769  switch (code)
1770  {
1771  case OPENVAS_ENCAPS_IP:
1772  return "";
1773  case OPENVAS_ENCAPS_SSLv2:
1774  case OPENVAS_ENCAPS_SSLv23:
1775  case OPENVAS_ENCAPS_SSLv3:
1776  case OPENVAS_ENCAPS_TLSv1:
1777  case OPENVAS_ENCAPS_TLSv11:
1778  case OPENVAS_ENCAPS_TLSv12:
1779  case OPENVAS_ENCAPS_TLSv13:
1781  return " through SSL";
1782  default:
1783  snprintf (str, sizeof (str),
1784  " through unknown transport layer - code %d (0x%x)", code,
1785  code);
1786  return str;
1787  }
1788 }

References code, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by mark_acap_server(), mark_adsgone(), mark_avotus_mm_server(), mark_BitTorrent_server(), mark_citrix_server(), mark_dameware_server(), mark_dictd_server(), mark_direct_connect_hub(), mark_eggdrop_server(), mark_ens_server(), mark_exchg_routing_server(), mark_finger_server(), mark_fssniffer(), mark_ftp_server(), mark_fw1(), mark_giop_server(), mark_gnocatan_server(), mark_gnome14_server(), mark_http_proxy(), mark_http_server(), mark_imap_server(), mark_interscan_viruswall(), mark_ircxpro_admin_server(), mark_jabber_server(), mark_LISa_server(), mark_listserv_server(), mark_locked_adsubtract_server(), mark_lpd_server(), mark_lyskom_server(), mark_mon_server(), mark_nagiosd_server(), mark_nntp_server(), mark_ofa_express_server(), mark_pblocald_server(), mark_pbmaster_server(), mark_ph_server(), mark_pnsclient(), mark_pop3pw_server(), mark_ppp_daemon(), mark_psybnc(), mark_quicktime_streaming_server(), mark_remote_nc_server(), mark_rmserver(), mark_shoutcast_server(), mark_smppd_server(), mark_smtp_server(), mark_smux_server(), mark_snpp_server(), mark_spamd_server(), mark_stonegate_auth_server(), mark_sub7_server(), mark_tcpmux_server(), mark_teamspeak2_server(), mark_telnet_server(), mark_time_server(), mark_unknown_svc(), mark_upsmon_server(), mark_uucp_server(), mark_veritas_backup(), mark_vmware_auth(), mark_vtun_server(), mark_websm_server(), mark_whois_plus2_server(), and mark_zebra_server().

◆ get_sock_infos()

int get_sock_infos ( int  sock,
int *  r_transport,
void **  r_tls_session 
)

Definition at line 2256 of file network.c.

2257 {
2258  openvas_connection *fp;
2259 
2260  if (!OPENVAS_STREAM (sock))
2261  return ENOTSOCK;
2262  fp = &(connections[sock - OPENVAS_FD_OFF]);
2263 
2264  *r_transport = fp->transport;
2265  *r_tls_session = fp->tls_session;
2266  return 0;
2267 }

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_get_sock_info(), and nasl_socket_cert_verify().

Here is the caller graph for this function:

◆ getpts()

unsigned short* getpts ( char *  origexpr,
int *  len 
)

Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

of port numbers

This function is (c) Fyodor fyodo.nosp@m.r@dh.nosp@m.p.com and was taken from his excellent and outstanding scanner Nmap See http://www.insecure.org/nmap/ for details about Nmap

Definition at line 2296 of file network.c.

2297 {
2298  int exlen;
2299  char *p, *q;
2300  unsigned short *tmp, *ports;
2301  int i = 0, j = 0, start, end;
2302  char *expr;
2303  char *mem;
2304  char *s_start, *s_end;
2305  static unsigned short *last_ret = NULL;
2306  static char *last_expr = NULL;
2307  static int last_num;
2308 
2309  expr = g_strdup (origexpr);
2310  exlen = strlen (origexpr);
2311  mem = expr;
2312 
2313  if (last_expr != NULL)
2314  {
2315  if (strcmp (last_expr, expr) == 0)
2316  {
2317  if (len != NULL)
2318  *len = last_num;
2319  g_free (mem);
2320  return last_ret;
2321  }
2322  else
2323  {
2324  g_free (last_expr);
2325  last_expr = NULL;
2326  g_free (&last_ret);
2327  last_ret = NULL;
2328  }
2329  }
2330 
2331  ports = g_malloc0 (65536 * sizeof (short));
2332  for (; j < exlen; j++)
2333  if (expr[j] != ' ')
2334  expr[i++] = expr[j];
2335  expr[i] = '\0';
2336 
2337  if ((s_start = strstr (expr, "T:")) != NULL)
2338  expr = &(s_start[2]);
2339 
2340  if ((s_end = strstr (expr, "U:")) != NULL)
2341  {
2342  if (s_end[-1] == ',')
2343  s_end--;
2344  s_end[0] = '\0';
2345  }
2346 
2347  i = 0;
2348  while ((p = strchr (expr, ',')))
2349  {
2350  *p = '\0';
2351  if (*expr == '-')
2352  {
2353  start = 1;
2354  end = atoi (expr + 1);
2355  }
2356  else
2357  {
2358  start = end = atoi (expr);
2359  if ((q = strchr (expr, '-')) && *(q + 1))
2360  end = atoi (q + 1);
2361  else if (q && !*(q + 1))
2362  end = 65535;
2363  }
2364  if (start < 1)
2365  start = 1;
2366  if (start > end)
2367  {
2368  g_free (mem);
2369  g_free (ports);
2370  return NULL;
2371  }
2372  for (j = start; j <= end; j++)
2373  ports[i++] = j;
2374  expr = p + 1;
2375  }
2376  if (*expr == '-')
2377  {
2378  start = 1;
2379  end = atoi (expr + 1);
2380  }
2381  else
2382  {
2383  start = end = atoi (expr);
2384  if ((q = strchr (expr, '-')) && *(q + 1))
2385  end = atoi (q + 1);
2386  else if (q && !*(q + 1))
2387  end = 65535;
2388  }
2389  if (start < 1)
2390  start = 1;
2391  if (start > end)
2392  {
2393  g_free (mem);
2394  g_free (ports);
2395  return NULL;
2396  }
2397  for (j = start; j <= end; j++)
2398  ports[i++] = j;
2399  ports[i++] = 0;
2400 
2401  qsort (ports, i, sizeof (u_short), qsort_compar);
2402  tmp = g_realloc (ports, i * sizeof (short));
2403  if (len != NULL)
2404  *len = i - 1;
2405  g_free (mem);
2406 
2407  last_ret = tmp;
2408  last_expr = g_strdup (origexpr);
2409  last_num = i - 1;
2410  return tmp;
2411 }

References len, and qsort_compar().

Referenced by nasl_scanner_get_port(), and scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ is_ip_address()

static int is_ip_address ( const char *  str)
static

Definition at line 549 of file network.c.

550 {
551  struct sockaddr_in sa;
552  struct sockaddr_in6 sa6;
553 
554  if (inet_pton (AF_INET, str, &(sa.sin_addr)) == 1)
555  return 1;
556 
557  return inet_pton (AF_INET6, str, &(sa6.sin6_addr)) == 1;
558 }

Referenced by open_SSL_connection().

Here is the caller graph for this function:

◆ load_cert_and_key()

static int load_cert_and_key ( gnutls_certificate_credentials_t  xcred,
const char *  cert,
const char *  key,
const char *  passwd 
)
static

Loads a certificate and the corresponding private key from PEM files.

The private key may be encrypted, in which case the password to decrypt the key should be given as the passwd parameter.

Returns
Returns 0 on success and -1 on failure.

Definition at line 457 of file network.c.

459 {
460  gnutls_x509_crt_t x509_crt = NULL;
461  gnutls_x509_privkey_t x509_key = NULL;
462  gnutls_datum_t data;
463  int ret;
464  int result = 0;
465 
466  if (load_gnutls_file (cert, &data))
467  {
468  g_message ("[%d] load_cert_and_key: Error loading cert file %s",
469  getpid (), cert);
470  result = -1;
471  goto cleanup;
472  }
473  ret = gnutls_x509_crt_init (&x509_crt);
474  if (ret < 0)
475  {
476  tlserror ("gnutls_x509_crt_init", ret);
477  /* x509_crt may be != NULL even if gnutls_x509_crt_init fails */
478  x509_crt = NULL;
479  result = -1;
480  goto cleanup;
481  }
482  ret = gnutls_x509_crt_import (x509_crt, &data, GNUTLS_X509_FMT_PEM);
483  if (ret < 0)
484  {
485  tlserror ("gnutls_x509_crt_import", ret);
486  result = -1;
487  goto cleanup;
488  }
489  unload_gnutls_file (&data);
490 
491  if (load_gnutls_file (key, &data))
492  {
493  g_message ("[%d] load_cert_and_key: Error loading key file %s", getpid (),
494  key);
495  result = -1;
496  goto cleanup;
497  }
498  ret = gnutls_x509_privkey_init (&x509_key);
499  if (ret < 0)
500  {
501  tlserror ("gnutls_x509_privkey_init", ret);
502  /* x509_key may be != NULL even if gnutls_x509_privkey_init fails */
503  x509_key = NULL;
504  result = -1;
505  goto cleanup;
506  }
507  if (passwd)
508  {
509  ret = gnutls_x509_privkey_import_pkcs8 (x509_key, &data,
510  GNUTLS_X509_FMT_PEM, passwd, 0);
511  if (ret < 0)
512  {
513  tlserror ("gnutls_x509_privkey_import_pkcs8", ret);
514  result = -1;
515  goto cleanup;
516  }
517  }
518  else
519  {
520  ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
521  if (ret < 0)
522  {
523  tlserror ("gnutls_x509_privkey_import", ret);
524  result = -1;
525  goto cleanup;
526  }
527  }
528  unload_gnutls_file (&data);
529 
530  ret = gnutls_certificate_set_x509_key (xcred, &x509_crt, 1, x509_key);
531  if (ret < 0)
532  {
533  tlserror ("gnutls_certificate_set_x509_key", ret);
534  result = -1;
535  goto cleanup;
536  }
537 
538 cleanup:
539 
540  if (x509_crt)
541  gnutls_x509_crt_deinit (x509_crt);
542  if (x509_key)
543  gnutls_x509_privkey_deinit (x509_key);
544 
545  return result;
546 }

References tlserror().

Referenced by open_SSL_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ log_message_gnutls()

static void log_message_gnutls ( int  level,
const char *  msg 
)
static

Definition at line 332 of file network.c.

333 {
334  g_debug ("LEVEL %d: %s", level, msg);
335 }

Referenced by openvas_SSL_init().

Here is the caller graph for this function:

◆ nrecv()

int nrecv ( int  fd,
void *  data,
int  length,
int  i_opt 
)

Definition at line 1628 of file network.c.

1629 {
1630  int e;
1631  if (OPENVAS_STREAM (fd))
1632  {
1633  if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1634  g_message ("OpenVAS file descriptor %d closed ?!", fd);
1635  else
1636  return read_stream_connection (fd, data, length);
1637  }
1638  /* Trying OS's recv()
1639  *
1640  * Do *NOT* use os_recv() here, as it will be blocking until the exact
1641  * amount of requested data arrives
1642  */
1643  block_socket (fd);
1644  do
1645  {
1646  e = recv (fd, data, length, i_opt);
1647  }
1648  while (e < 0 && errno == EINTR);
1649  return e;
1650 }

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, and read_stream_connection().

Here is the call graph for this function:

◆ nsend()

int nsend ( int  fd,
void *  data,
int  length,
int  i_opt 
)

Definition at line 1589 of file network.c.

1590 {
1591  int n = 0;
1592 
1593  if (OPENVAS_STREAM (fd))
1594  {
1595  if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1596  g_message ("OpenVAS file descriptor %d closed ?!", fd);
1597  else
1598  return write_stream_connection4 (fd, data, length, i_opt);
1599  }
1600  /* Trying OS's send() */
1601  block_socket (fd); /* ??? */
1602  do
1603  {
1604  struct timeval tv = {0, 5};
1605  fd_set wr;
1606  int e;
1607 
1608  FD_ZERO (&wr);
1609  FD_SET (fd, &wr);
1610 
1611  errno = 0;
1612  e = select (fd + 1, NULL, &wr, NULL, &tv);
1613  if (e > 0)
1614  n = os_send (fd, data, length, i_opt);
1615  else if (e < 0 && errno == EINTR)
1616  continue;
1617  else
1618  break;
1619  }
1620  while (n <= 0 && errno == EINTR);
1621  if (n < 0)
1622  g_message ("[%d] nsend():send %s", getpid (), strerror (errno));
1623 
1624  return n;
1625 }

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, os_send(), timeval(), and write_stream_connection4().

Referenced by nasl_end_denial(), and nasl_send().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_opt_hn()

int open_sock_opt_hn ( const char *  hostname,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)

Definition at line 1890 of file network.c.

1892 {
1893  struct sockaddr_in addr;
1894  struct sockaddr_in6 addr6;
1895  struct in6_addr in6addr;
1896 
1897  gvm_resolve_as_addr6 (hostname, &in6addr);
1898  if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1899  {
1900  bzero ((void *) &addr, sizeof (addr));
1901  addr.sin_family = AF_INET;
1902  addr.sin_port = htons ((unsigned short) port);
1903  addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1904  return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1905  sizeof (struct sockaddr_in));
1906  }
1907  else
1908  {
1909  bzero ((void *) &addr6, sizeof (addr6));
1910  addr6.sin6_family = AF_INET6;
1911  addr6.sin6_port = htons ((unsigned short) port);
1912  memcpy (&addr6.sin6_addr, &in6addr, sizeof (struct in6_addr));
1913  return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1914  sizeof (struct sockaddr_in6));
1915  }
1916 }

References hostname, open_socket(), and protocol.

Referenced by nasl_open_sock_kdc().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_option()

int open_sock_option ( struct script_infos args,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)

Definition at line 1996 of file network.c.

1998 {
1999  struct sockaddr_in addr;
2000  struct sockaddr_in6 addr6;
2001  struct in6_addr *t;
2002 
2003  t = plug_get_host_ip (args);
2004  if (!t)
2005  {
2006  g_message ("ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
2007  return (-1);
2008  }
2009  if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
2010  return (-1);
2011  if (IN6_IS_ADDR_V4MAPPED (t))
2012  {
2013  bzero ((void *) &addr, sizeof (addr));
2014  addr.sin_family = AF_INET;
2015  addr.sin_port = htons ((unsigned short) port);
2016  addr.sin_addr.s_addr = t->s6_addr32[3];
2017  return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
2018  sizeof (struct sockaddr_in));
2019  }
2020  else
2021  {
2022  bzero ((void *) &addr6, sizeof (addr6));
2023  addr6.sin6_family = AF_INET6;
2024  addr6.sin6_port = htons ((unsigned short) port);
2025  memcpy (&addr6.sin6_addr, t, sizeof (struct in6_addr));
2026  return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
2027  sizeof (struct sockaddr_in6));
2028  }
2029 }

References open_socket(), plug_get_host_ip(), and protocol.

Referenced by open_sock_tcp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_tcp()

int open_sock_tcp ( struct script_infos args,
unsigned int  port,
int  timeout 
)

Definition at line 1919 of file network.c.

1920 {
1921  int ret, retry = 0;
1922  const char *timeout_retry;
1923 
1924  timeout_retry = prefs_get ("timeout_retry");
1925  if (timeout_retry)
1926  retry = atoi (timeout_retry);
1927  if (retry < 0)
1928  retry = 0;
1929 
1930  while (retry >= 0)
1931  {
1932  errno = 0;
1933  ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
1934  if (ret >= 0 || errno != ETIMEDOUT)
1935  break;
1936  retry--;
1937  }
1938  if (ret < 0 && errno == ETIMEDOUT)
1939  {
1940  int log_count, attempts = 0;
1941  char *ip_str = plug_get_host_ip_str (args), buffer[1024];
1942  kb_t kb = plug_get_kb (args);
1943  const char *max_attempts;
1944 
1945  max_attempts = prefs_get ("open_sock_max_attempts");
1946  if (max_attempts)
1947  attempts = atoi (max_attempts);
1948  if (attempts < 0)
1949  attempts = 0;
1950 
1951  g_snprintf (buffer, sizeof (buffer), "ConnectTimeout/%s/%d", ip_str,
1952  port);
1953  log_count = kb_item_get_int (kb, buffer);
1954  if (log_count == -1)
1955  log_count = 0;
1956  if (log_count < 3)
1957  {
1958  g_message ("open_sock_tcp: %s:%d time-out.", ip_str, port);
1959  log_count++;
1960  kb_item_set_int_with_main_kb_check (kb, buffer, log_count);
1961  }
1962  if ((log_count >= attempts) && (attempts != 0))
1963  {
1964  /* After some unsuccessfully attempts, the port is set to closed to
1965  * avoid new attempts from other plugins.
1966  */
1967  if (host_get_port_state (args, port) > 0)
1968  {
1969  char host_port_ip_str[INET6_ADDRSTRLEN];
1970 
1971  g_snprintf (buffer, sizeof (buffer), "Ports/tcp/%d", port);
1972  g_message ("open_sock_tcp: %s:%d too many timeouts. "
1973  "This port will be set to closed.",
1974  host_port_ip_str, port);
1975  kb_item_set_int_with_main_kb_check (kb, buffer, 0);
1976 
1977  addr6_to_str (args->ip, host_port_ip_str);
1978  snprintf (
1979  buffer, sizeof (buffer),
1980  "ERRMSG|||%s|||%s|||%d/tcp||| |||Too many timeouts. The port"
1981  " was set to closed.",
1982  host_port_ip_str,
1983  plug_current_vhost () ? plug_current_vhost () : " ", port);
1984 
1986  "internal/results", buffer);
1987  }
1988  }
1989  g_free (ip_str);
1990  }
1991 
1992  return ret;
1993 }

References get_main_kb(), host_get_port_state(), script_infos::ip, kb_item_push_str_with_main_kb_check(), kb_item_set_int_with_main_kb_check(), open_sock_option(), plug_current_vhost(), plug_get_host_ip_str(), and plug_get_kb().

Referenced by open_stream_connection_ext().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_socket()

static int open_socket ( struct sockaddr *  paddr,
int  type,
int  protocol,
int  timeout,
int  len 
)
static

Definition at line 1791 of file network.c.

1793 {
1794  fd_set fd_w;
1795  struct timeval to;
1796  int soc, x;
1797  int opt;
1798  unsigned int opt_sz;
1799  int family;
1800 
1801  __port_closed = 0;
1802 
1803  if (paddr->sa_family == AF_INET)
1804  {
1805  family = AF_INET;
1806  if ((soc = socket (AF_INET, type, protocol)) < 0)
1807  {
1808  pid_perror ("socket");
1809  return -1;
1810  }
1811  }
1812  else
1813  {
1814  family = AF_INET6;
1815  if ((soc = socket (AF_INET6, type, protocol)) < 0)
1816  {
1817  pid_perror ("socket");
1818  return -1;
1819  }
1820  }
1821 
1822  if (timeout == -2)
1823  timeout = TIMEOUT;
1824 
1825  if (timeout > 0)
1826  if (unblock_socket (soc) < 0)
1827  {
1828  close (soc);
1829  return -1;
1830  }
1831 
1832  gvm_source_set_socket (soc, 0, family);
1833 
1834  if (connect (soc, paddr, len) < 0)
1835  {
1836  pid_perror ("connect");
1837  again:
1838  switch (errno)
1839  {
1840  case EINPROGRESS:
1841  case EAGAIN:
1842  FD_ZERO (&fd_w);
1843  FD_SET (soc, &fd_w);
1844  to.tv_sec = timeout;
1845  to.tv_usec = 0;
1846  x = select (soc + 1, NULL, &fd_w, NULL, &to);
1847  if (x == 0)
1848  {
1849  pid_perror ("connect->select: timeout");
1850  socket_close (soc);
1851  errno = ETIMEDOUT;
1852  return -1;
1853  }
1854  else if (x < 0)
1855  {
1856  if (errno == EINTR)
1857  {
1858  errno = EAGAIN;
1859  goto again;
1860  }
1861  pid_perror ("select");
1862  socket_close (soc);
1863  return -1;
1864  }
1865 
1866  opt = 0;
1867  opt_sz = sizeof (opt);
1868  if (getsockopt (soc, SOL_SOCKET, SO_ERROR, &opt, &opt_sz) < 0)
1869  {
1870  pid_perror ("getsockopt");
1871  socket_close (soc);
1872  return -1;
1873  }
1874  if (opt == 0)
1875  break;
1876  errno = opt;
1877  pid_perror ("SO_ERROR");
1878  /* fallthrough */
1879  default:
1880  __port_closed = 1;
1881  socket_close (soc);
1882  return -1;
1883  }
1884  }
1885  block_socket (soc);
1886  return soc;
1887 }

References __port_closed, block_socket(), len, pid_perror(), protocol, socket_close(), TIMEOUT, timeval(), and unblock_socket().

Referenced by open_sock_opt_hn(), and open_sock_option().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_SSL_connection()

static int open_SSL_connection ( openvas_connection fp,
const char *  cert,
const char *  key,
const char *  passwd,
const char *  cafile,
const char *  hostname,
unsigned int  flags 
)
static

Open an TLS/SSL connection.

Parameters
fpFile structure for a the openvas connection
certThe certificate.
keyThe key
passwdThe password
cafileThe CA file
hostnameTargets hostname
flagsExtra options which can not be set via the priority string Supported flags are:
  • NO_PRIORITY_FLAGS
  • INSECURE_DH_PRIME_BITS
Returns
1 on success. -1 on general error or timeout. -2 if DH prime bits on server side are lower than minimum allowed. -3 on Fatal alert received from server

Definition at line 580 of file network.c.

583 {
584  int ret, err, d;
585  time_t tictac;
586  fd_set fdw, fdr;
587  struct timeval to;
588 
589  ret = gnutls_init (&(fp->tls_session), GNUTLS_CLIENT);
590  if (ret < 0)
591  {
592  tlserror ("gnutls_init", ret);
593  return -1;
594  }
595 
596  /* set_gnutls_protocol handles OPENVAS_ENCAPS_SSLv2 by falling back
597  * to OPENVAS_ENCAPS_SSLv23. However, this function
598  * (open_SSL_connection) is called only by open_stream_connection and
599  * open_stream_connection will exit with an error code if called with
600  * OPENVAS_ENCAPS_SSLv2, so it should never end up calling
601  * open_SSL_connection with OPENVAS_ENCAPS_SSLv2.
602  */
603  if (set_gnutls_protocol (fp->tls_session, fp->transport, fp->priority, flags)
604  < 0)
605  return -1;
606 
607  if (hostname && !is_ip_address (hostname))
608  gnutls_server_name_set (fp->tls_session, GNUTLS_NAME_DNS, hostname,
609  strlen (hostname));
610 
611  ret = gnutls_certificate_allocate_credentials (&(fp->tls_cred));
612  if (ret < 0)
613  {
614  tlserror ("gnutls_certificate_allocate_credentials", ret);
615  return -1;
616  }
617  ret = gnutls_credentials_set (fp->tls_session, GNUTLS_CRD_CERTIFICATE,
618  fp->tls_cred);
619  if (ret < 0)
620  {
621  tlserror ("gnutls_credentials_set", ret);
622  return -1;
623  }
624 
625  if (cert != NULL && key != NULL)
626  {
627  if (load_cert_and_key (fp->tls_cred, cert, key, passwd) < 0)
628  return -1;
629  }
630 
631  if (cafile != NULL)
632  {
633  ret = gnutls_certificate_set_x509_trust_file (fp->tls_cred, cafile,
634  GNUTLS_X509_FMT_PEM);
635  if (ret < 0)
636  {
637  tlserror ("gnutls_certificate_set_x509_trust_file", ret);
638  return -1;
639  }
640  }
641 
642  unblock_socket (fp->fd);
643 
644  gnutls_transport_set_ptr (fp->tls_session,
645  (gnutls_transport_ptr_t) GSIZE_TO_POINTER (fp->fd));
646 
647  tictac = time (NULL);
648 
649  for (;;)
650  {
651  err = gnutls_handshake (fp->tls_session);
652 
653  if (err == 0)
654  return 1;
655 
656  /* Set min number of bits for Deffie-Hellman prime
657  to force a connection to a legacy server. */
658  if (err == GNUTLS_E_DH_PRIME_UNACCEPTABLE
660  {
661  g_message ("[%d] gnutls_handshake: %s", getpid (),
662  gnutls_strerror (err));
663  return -2;
664  }
665  else if (err == GNUTLS_E_FATAL_ALERT_RECEIVED)
666  {
667  g_debug ("[%d] gnutls_handshake: %s", getpid (),
668  gnutls_strerror (err));
669  return -3;
670  }
671  else if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
672  && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
673  {
674  g_debug ("[%d] gnutls_handshake: %s, %d", getpid (),
675  gnutls_strerror (err), err);
676  return -1;
677  }
678 
679  FD_ZERO (&fdr);
680  FD_SET (fp->fd, &fdr);
681  FD_ZERO (&fdw);
682  FD_SET (fp->fd, &fdw);
683 
684  do
685  {
686  d = tictac + fp->timeout - time (NULL);
687  if (d <= 0)
688  {
689  fp->last_err = ETIMEDOUT;
690  return -1;
691  }
692  to.tv_sec = d;
693  to.tv_usec = 0;
694  errno = 0;
695  if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
696  pid_perror ("select");
697  }
698  while (ret < 0 && errno == EINTR);
699 
700  if (ret <= 0)
701  {
702  fp->last_err = ETIMEDOUT;
703  return -1;
704  }
705  }
706 }

References openvas_connection::fd, hostname, is_ip_address(), openvas_connection::last_err, load_cert_and_key(), OPENVAS_ENCAPS_TLScustom, pid_perror(), openvas_connection::priority, set_gnutls_protocol(), openvas_connection::timeout, timeval(), openvas_connection::tls_cred, openvas_connection::tls_session, tlserror(), openvas_connection::transport, and unblock_socket().

Referenced by open_stream_connection_ext(), and socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_auto_encaps_ext()

int open_stream_auto_encaps_ext ( struct script_infos args,
unsigned int  port,
int  timeout,
int  force 
)

Definition at line 1185 of file network.c.

1187 {
1188  int fd, transport;
1189 
1190  if (force)
1191  {
1192  /* Try SSL/TLS first */
1193  transport = OPENVAS_ENCAPS_TLScustom;
1194  fd = open_stream_connection (args, port, transport, timeout);
1195  if (fd < 0)
1196  {
1197  transport = OPENVAS_ENCAPS_IP;
1198  fd = open_stream_connection (args, port, OPENVAS_ENCAPS_IP, timeout);
1199  if (fd < 0)
1200  return -1;
1201  }
1202  /* Store that encapsulation mode in the KB. */
1203  plug_set_port_transport (args, port, transport);
1204  return fd;
1205  }
1206  else
1207  {
1208  transport = plug_get_port_transport (args, port);
1209  fd = open_stream_connection (args, port, transport, timeout);
1210  return fd;
1211  }
1212  /*NOTREACHED*/
1213 }

References open_stream_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_TLScustom, plug_get_port_transport(), and plug_set_port_transport().

Referenced by nasl_open_sock_tcp_bufsz().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection()

int open_stream_connection ( struct script_infos args,
unsigned int  port,
int  transport,
int  timeout 
)

Definition at line 1175 of file network.c.

1177 {
1178  return open_stream_connection_ext (args, port, transport, timeout,
1180 }

References open_stream_connection_ext(), tls_priorities, and tls_priority_flag.

Referenced by nasl_end_denial(), nasl_start_denial(), open_stream_auto_encaps_ext(), plugin_do_run(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection_ext()

int open_stream_connection_ext ( struct script_infos args,
unsigned int  port,
int  transport,
int  timeout,
const char *  priority,
int  flags 
)

Definition at line 1046 of file network.c.

1049 {
1050  int fd, ret;
1051  openvas_connection *fp;
1052  char *cert = NULL;
1053  char *key = NULL;
1054  char *passwd = NULL;
1055  char *cafile = NULL;
1056  char *hostname = NULL;
1057  char *hostname_aux = NULL;
1058 
1059  /* Because plug_get_host_fqdn() forks for each vhost, we fork() before
1060  creating the socket */
1061  hostname_aux = plug_get_host_fqdn (args);
1062 
1063  if (!priority)
1064  priority = ""; /* To us an empty string is equivalent to NULL. */
1065 
1066  g_debug ("[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
1067  " priority: '%s'",
1068  getpid (), port, transport, timeout, priority);
1069 
1070  if (timeout == -2)
1071  timeout = TIMEOUT;
1072 
1073  ret = -1;
1074  switch (transport)
1075  {
1076  case OPENVAS_ENCAPS_IP:
1077 
1078  case OPENVAS_ENCAPS_SSLv23:
1079  case OPENVAS_ENCAPS_SSLv3:
1080  case OPENVAS_ENCAPS_TLSv1:
1081  case OPENVAS_ENCAPS_TLSv11:
1082  case OPENVAS_ENCAPS_TLSv12:
1083  case OPENVAS_ENCAPS_TLSv13:
1085  case OPENVAS_ENCAPS_SSLv2:
1086  break;
1087 
1088  default:
1089  g_message ("open_stream_connection_ext(): unsupported transport"
1090  " layer %d passed by %s",
1091  transport, args->name);
1092  errno = EINVAL;
1093 
1094  g_free (hostname_aux);
1095  return ret;
1096  }
1097 
1098  if ((fd = get_connection_fd ()) < 0)
1099  {
1100  g_free (hostname_aux);
1101  return ret;
1102  }
1103  fp = OVAS_CONNECTION_FROM_FD (fd);
1104 
1105  fp->transport = transport;
1106  g_free (fp->priority);
1107  if (*priority)
1108  fp->priority = g_strdup (priority);
1109  else
1110  fp->priority = NULL;
1111  fp->timeout = timeout;
1112  fp->port = port;
1113  fp->last_err = 0;
1114 
1115  fp->fd = open_sock_tcp (args, port, timeout);
1116  if (fp->fd < 0)
1117  goto failed;
1118 
1119  kb_t kb = plug_get_kb (args);
1120  switch (transport)
1121  {
1122  char buf[1024];
1123 
1124  case OPENVAS_ENCAPS_IP:
1125  break;
1126  case OPENVAS_ENCAPS_SSLv23:
1127  case OPENVAS_ENCAPS_SSLv3:
1128  case OPENVAS_ENCAPS_TLSv1:
1129  case OPENVAS_ENCAPS_TLSv11:
1130  case OPENVAS_ENCAPS_TLSv12:
1131  case OPENVAS_ENCAPS_TLSv13:
1133  cert = kb_item_get_str (kb, "SSL/cert");
1134  key = kb_item_get_str (kb, "SSL/key");
1135  passwd = kb_item_get_str (kb, "SSL/password");
1136 
1137  cafile = kb_item_get_str (kb, "SSL/CA");
1138 
1139  /* fall through */
1140 
1141  case OPENVAS_ENCAPS_SSLv2:
1142  /* We do not need a client certificate in this case */
1143  snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
1144  if (kb_item_get_int (kb, buf) <= 0)
1145  hostname = hostname_aux;
1146 
1147  ret =
1148  open_SSL_connection (fp, cert, key, passwd, cafile, hostname, flags);
1149  g_free (cert);
1150  g_free (key);
1151  g_free (passwd);
1152  g_free (cafile);
1153  if (ret <= 0)
1154  goto failed;
1155  break;
1156  }
1157 
1158  g_free (hostname_aux);
1159 
1160  return fd;
1161 
1162 failed:
1163  release_connection_fd (fd, 0);
1164  return ret;
1165 }

References openvas_connection::fd, get_connection_fd(), hostname, openvas_connection::last_err, script_infos::name, open_sock_tcp(), open_SSL_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), TIMEOUT, openvas_connection::timeout, and openvas_connection::transport.

Referenced by nasl_open_sock_tcp_bufsz(), open_stream_connection(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_tls_default_priorities()

void open_stream_tls_default_priorities ( const char *  p,
const int  pflag 
)

Definition at line 1168 of file network.c.

1169 {
1170  tls_priorities = p;
1171  tls_priority_flag = pflag;
1172 }

References tls_priorities, and tls_priority_flag.

Referenced by retry_stream_connection().

Here is the caller graph for this function:

◆ openvas_deregister_connection()

int openvas_deregister_connection ( int  fd)

Definition at line 259 of file network.c.

260 {
262  if (!OPENVAS_STREAM (fd))
263  {
264  errno = EINVAL;
265  return -1;
266  }
267 
268  p = connections + (fd - OPENVAS_FD_OFF);
269  /* Fixme: Code duplicated from release_connection_fd. Check usage
270  of this function make sure that TLS stuff is also released in
271  case it is used here. */
272  g_free (p->priority);
273  p->priority = NULL;
274  bzero (p, sizeof (*p));
275  p->transport = -1;
276  return 0;
277 }

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::priority, and openvas_connection::transport.

◆ openvas_get_socket_from_connection()

int openvas_get_socket_from_connection ( int  fd)

Definition at line 357 of file network.c.

358 {
359  openvas_connection *fp;
360 
361  if (!OPENVAS_STREAM (fd))
362  {
363  g_message ("[%d] openvas_get_socket_from_connection: bad fd <%d>",
364  getpid (), fd);
365  return fd;
366  }
367  fp = connections + (fd - OPENVAS_FD_OFF);
368  if (fp->transport <= 0)
369  {
370  g_message ("openvas_get_socket_from_connection: fd <%d> is closed", fd);
371  return -1;
372  }
373  return fp->fd;
374 }

References connections, openvas_connection::fd, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::transport.

Referenced by nasl_get_source_port(), nasl_ssh_connect(), and plugin_do_run().

Here is the caller graph for this function:

◆ openvas_register_connection()

int openvas_register_connection ( int  soc,
void *  ssl,
gnutls_certificate_credentials_t  certcred,
openvas_encaps_t  encaps 
)
Todo:
TLS FIXME: migrate this to TLS
Todo:
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.

Definition at line 234 of file network.c.

237 {
238  int fd;
240 
241  if ((fd = get_connection_fd ()) < 0)
242  return -1;
243  p = OVAS_CONNECTION_FROM_FD (fd);
244 
245  p->tls_session = ssl;
246  p->tls_cred = certcred;
247 
248  p->timeout = TIMEOUT; /* default value */
249  p->port = 0; /* just used for debug */
250  p->fd = soc;
251  p->transport = encaps;
252  p->priority = NULL;
253  p->last_err = 0;
254 
255  return fd;
256 }

References openvas_connection::fd, get_connection_fd(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, openvas_connection::port, openvas_connection::priority, TIMEOUT, openvas_connection::timeout, openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_open_privileged_socket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas_SSL_init()

int openvas_SSL_init ( void  )

Initializes SSL support.

Definition at line 341 of file network.c.

342 {
343  gnutls_global_set_log_level (2);
344  gnutls_global_set_log_function (log_message_gnutls);
345 
346  int ret = gnutls_global_init ();
347  if (ret < 0)
348  {
349  tlserror ("gnutls_global_init", ret);
350  return -1;
351  }
352 
353  return 0;
354 }

References log_message_gnutls(), and tlserror().

Referenced by check_tls(), and main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ os_recv()

int os_recv ( int  soc,
void *  buf,
int  len,
int  opt 
)

Definition at line 2235 of file network.c.

2236 {
2237  char *buf0 = (char *) buf;
2238  int e, n;
2239  for (n = 0; n < len;)
2240  {
2241  errno = 0;
2242  e = recv (soc, buf0 + n, len - n, opt);
2243  if (e < 0 && errno == EINTR)
2244  continue;
2245  else if (e <= 0)
2246  return -1;
2247  else
2248  n += e;
2249  }
2250  return n;
2251 }

References len.

◆ os_send()

int os_send ( int  soc,
void *  buf,
int  len,
int  opt 
)

Definition at line 2216 of file network.c.

2217 {
2218  char *buf0 = (char *) buf;
2219  int e, n;
2220  for (n = 0; n < len;)
2221  {
2222  errno = 0;
2223  e = send (soc, buf0 + n, len - n, opt);
2224  if (e < 0 && errno == EINTR)
2225  continue;
2226  else if (e <= 0)
2227  return -1;
2228  else
2229  n += e;
2230  }
2231  return n;
2232 }

References len.

Referenced by nsend().

Here is the caller graph for this function:

◆ ovas_get_tlssession_from_connection()

gnutls_session_t ovas_get_tlssession_from_connection ( int  fd)

Definition at line 377 of file network.c.

378 {
379  openvas_connection *fp;
380 
381  if (!OPENVAS_STREAM (fd))
382  return NULL;
383 
384  fp = connections + (fd - OPENVAS_FD_OFF);
385  return fp->tls_session;
386 }

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::tls_session.

Referenced by socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), and socket_get_ssl_version().

Here is the caller graph for this function:

◆ pid_perror()

static int pid_perror ( const char *  error)
static

Same as perror(), but prefixes the data by our pid.

Definition at line 125 of file network.c.

126 {
127  g_debug ("[%d] %s : %s", getpid (), error, strerror (errno));
128  return 0;
129 }

Referenced by block_socket(), open_socket(), open_SSL_connection(), read_stream_connection_unbuffered(), release_connection_fd(), socket_ssl_do_handshake(), unblock_socket(), and write_stream_connection4().

Here is the caller graph for this function:

◆ qsort_compar()

static int qsort_compar ( const void *  a,
const void *  b 
)
static

Definition at line 2274 of file network.c.

2275 {
2276  u_short *aa = (u_short *) a;
2277  u_short *bb = (u_short *) b;
2278  if (*aa == 0)
2279  return (1);
2280  else if (*bb == 0)
2281  return (-1);
2282  else
2283  return (*aa - *bb);
2284 }

Referenced by getpts().

Here is the caller graph for this function:

◆ read_stream_connection()

int read_stream_connection ( int  fd,
void *  buf0,
int  len 
)

Definition at line 1457 of file network.c.

1458 {
1459  return read_stream_connection_min (fd, buf0, -1, len);
1460 }

References len, and read_stream_connection_min().

Referenced by nasl_telnet_init(), nrecv(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_min()

int read_stream_connection_min ( int  fd,
void *  buf0,
int  min_len,
int  max_len 
)

Definition at line 1397 of file network.c.

1398 {
1399  openvas_connection *fp;
1400 
1401  if (OPENVAS_STREAM (fd))
1402  {
1403  fp = OVAS_CONNECTION_FROM_FD (fd);
1404  if (fp->buf != NULL)
1405  {
1406  int l1, l2;
1407 
1408  if (max_len == 1)
1409  min_len = 1; /* avoid "magic read" later */
1410  l2 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1411  if (l2 > 0)
1412  {
1413  memcpy (buf0, fp->buf + fp->bufptr, l2);
1414  fp->bufcnt -= l2;
1415  if (fp->bufcnt == 0)
1416  {
1417  fp->bufptr = 0;
1418  fp->buf[0] = '\0'; /* debug */
1419  }
1420  else
1421  fp->bufptr += l2;
1422  if (l2 >= min_len || l2 >= max_len)
1423  return l2;
1424  max_len -= l2;
1425  min_len -= l2;
1426  }
1427  if (min_len > fp->bufsz)
1428  {
1429  l1 = read_stream_connection_unbuffered (fd, (char *) buf0 + l2,
1430  min_len, max_len);
1431  if (l1 > 0)
1432  return l1 + l2;
1433  else
1434  return l2;
1435  }
1436  /* Fill buffer */
1437  l1 =
1438  read_stream_connection_unbuffered (fd, fp->buf, min_len, fp->bufsz);
1439  if (l1 <= 0)
1440  return l2;
1441 
1442  fp->bufcnt = l1;
1443  l1 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1444  memcpy ((char *) buf0 + l2, fp->buf + fp->bufptr, l1);
1445  fp->bufcnt -= l1;
1446  if (fp->bufcnt == 0)
1447  fp->bufptr = 0;
1448  else
1449  fp->bufptr += l1;
1450  return l1 + l2;
1451  }
1452  }
1453  return read_stream_connection_unbuffered (fd, buf0, min_len, max_len);
1454 }

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and read_stream_connection_unbuffered().

Referenced by nasl_recv(), nasl_recv_line(), nasl_telnet_init(), plugin_do_run(), read_stream_connection(), and recv_line().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_unbuffered()

static int read_stream_connection_unbuffered ( int  fd,
void *  buf0,
int  min_len,
int  max_len 
)
static

Definition at line 1232 of file network.c.

1233 {
1234  int ret, realfd, trp, t, select_status;
1235  int total = 0, flag = 0, timeout = TIMEOUT, waitall = 0;
1236  unsigned char *buf = (unsigned char *) buf0;
1237  openvas_connection *fp = NULL;
1238  fd_set fdr, fdw;
1239  struct timeval tv;
1240  time_t now, then;
1241 
1242  if (OPENVAS_STREAM (fd))
1243  {
1244  fp = OVAS_CONNECTION_FROM_FD (fd);
1245  trp = fp->transport;
1246  realfd = fp->fd;
1247  fp->last_err = 0;
1248  if (fp->timeout != -2)
1249  timeout = fp->timeout;
1250  }
1251  else
1252  {
1253  trp = OPENVAS_ENCAPS_IP;
1254  if (fd < 0 || fd > 1024)
1255  {
1256  errno = EBADF;
1257  return -1;
1258  }
1259  realfd = fd;
1260  }
1261 
1262 #ifndef INCR_TIMEOUT
1263 #define INCR_TIMEOUT 1
1264 #endif
1265 
1266  if (min_len == max_len || timeout <= 0)
1267  waitall = MSG_WAITALL;
1268  if (trp == OPENVAS_ENCAPS_IP)
1269  {
1270  for (t = 0; total < max_len && (timeout <= 0 || t < timeout);)
1271  {
1272  tv.tv_sec = INCR_TIMEOUT; /* Not timeout! */
1273  tv.tv_usec = 0;
1274  FD_ZERO (&fdr);
1275  FD_SET (realfd, &fdr);
1276  if (select (realfd + 1, &fdr, NULL, NULL, timeout > 0 ? &tv : NULL)
1277  <= 0)
1278  {
1279  t += INCR_TIMEOUT;
1280  /* Try to be smart */
1281  if (total > 0 && flag)
1282  return total;
1283  else if (total >= min_len)
1284  flag++;
1285  }
1286  else
1287  {
1288  errno = 0;
1289  ret = recv (realfd, buf + total, max_len - total, waitall);
1290  if (ret < 0)
1291  if (errno != EINTR)
1292  {
1293  return total;
1294  }
1295  else
1296  ret = 0;
1297  else if (ret == 0) /* EOF */
1298  {
1299  return total;
1300  }
1301  /*ret > 0 */
1302  total += ret;
1303  if (min_len > 0 && total >= min_len)
1304  return total;
1305  flag = 0;
1306  }
1307  }
1308  return total;
1309  }
1310 
1311  switch (trp)
1312  {
1313  /* OPENVAS_ENCAPS_IP was treated before with the non-OpenVAS fd */
1314  case OPENVAS_ENCAPS_SSLv2:
1315  case OPENVAS_ENCAPS_SSLv23:
1316  case OPENVAS_ENCAPS_SSLv3:
1317  case OPENVAS_ENCAPS_TLSv1:
1318  case OPENVAS_ENCAPS_TLSv11:
1319  case OPENVAS_ENCAPS_TLSv12:
1320  case OPENVAS_ENCAPS_TLSv13:
1322  if (getpid () != fp->pid)
1323  {
1324  g_debug ("PID %d tries to use a SSL/TLS connection established "
1325  "by PID %d\n",
1326  getpid (), fp->pid);
1327  errno = EINVAL;
1328  return -1;
1329  }
1330 
1331  then = time (NULL);
1332  for (t = 0; timeout <= 0 || t < timeout; t = now - then)
1333  {
1334  now = time (NULL);
1335  tv.tv_sec = INCR_TIMEOUT;
1336  tv.tv_usec = 0;
1337  FD_ZERO (&fdr);
1338  FD_ZERO (&fdw);
1339  FD_SET (realfd, &fdr);
1340  FD_SET (realfd, &fdw);
1341 
1342  select_status = select (realfd + 1, &fdr, &fdw, NULL, &tv);
1343 
1344  if (select_status > 0)
1345  {
1346  /* TLS FIXME: handle rehandshake */
1347  ret = gnutls_record_recv (fp->tls_session, buf + total,
1348  max_len - total);
1349  if (ret > 0)
1350  {
1351  total += ret;
1352  if (total >= max_len)
1353  return total;
1354  }
1355  else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1356  {
1357  /* This branch also handles the case where ret == 0,
1358  * i.e. that the connection has been closed. This is
1359  * for compatibility with the old OpenSSL based openvas
1360  * code which treated SSL_ERROR_ZERO_RETURN as an
1361  * error too.
1362  */
1363  if (ret < 0)
1364  pid_perror ("gnutls_record_recv");
1365  else
1366  g_debug ("gnutls_record_recv[%d]: EOF\n", getpid ());
1367  fp->last_err = EPIPE;
1368  return total;
1369  }
1370  }
1371 
1372  if (min_len > 0 && total >= min_len)
1373  return total;
1374  }
1375  if (t >= timeout)
1376  fp->last_err = ETIMEDOUT;
1377  return total;
1378 
1379  default:
1380  if (fp->transport || fp->fd != 0)
1381  g_message ("Function %s (calling internal function %s) called from %s: "
1382  "Severe bug! Unhandled transport layer %d (fd=%d).",
1384  : "script_main_function",
1385  __func__, nasl_get_plugin_filename (), fp->transport, fd);
1386  else
1387  g_message ("read_stream_connection_unbuffered: "
1388  "fd=%d is closed",
1389  fd);
1390  errno = EINVAL;
1391  return -1;
1392  }
1393  /*NOTREACHED*/
1394 }

References openvas_connection::fd, INCR_TIMEOUT, openvas_connection::last_err, nasl_get_function_name(), nasl_get_plugin_filename(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::pid, pid_perror(), TIMEOUT, openvas_connection::timeout, timeval(), openvas_connection::tls_session, and openvas_connection::transport.

Referenced by read_stream_connection_min().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ recv_line()

int recv_line ( int  soc,
char *  buf,
size_t  bufsiz 
)

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.

Definition at line 2040 of file network.c.

2041 {
2042  int n;
2043  unsigned int ret = 0;
2044 
2045  /* Dirty SSL hack */
2046  if (OPENVAS_STREAM (soc))
2047  {
2048  buf[0] = '\0';
2049 
2050  do
2051  {
2052  n = read_stream_connection_min (soc, buf + ret, 1, 1);
2053  switch (n)
2054  {
2055  case -1:
2056  if (ret == 0)
2057  return -1;
2058  else
2059  return ret;
2060  break;
2061 
2062  case 0:
2063  return ret;
2064  break;
2065 
2066  default:
2067  ret++;
2068  }
2069  }
2070  while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2071 
2072  if (ret > 0)
2073  {
2074  if (buf[ret - 1] != '\0')
2075  {
2076  if (ret < bufsiz)
2077  buf[ret] = '\0';
2078  else
2079  buf[bufsiz - 1] = '\0';
2080  }
2081  }
2082 
2083  return ret;
2084  }
2085  else
2086  {
2087  fd_set rd;
2088 
2089  do
2090  {
2091  int e;
2092  again:
2093  errno = 0;
2094  FD_ZERO (&rd);
2095  FD_SET (soc, &rd);
2096  e = select (soc + 1, &rd, NULL, NULL, NULL);
2097  if (e == 0 && !FD_ISSET (soc, &rd))
2098  return -1;
2099  if (e < 0 && errno == EINTR)
2100  goto again;
2101  if (e > 0)
2102  {
2103  n = recv (soc, buf + ret, 1, 0);
2104  switch (n)
2105  {
2106  case -1:
2107  if (errno == EINTR)
2108  continue;
2109  if (ret == 0)
2110  return -1;
2111  else
2112  return ret;
2113  break;
2114  case 0:
2115  return ret;
2116  break;
2117  default:
2118  ret++;
2119  }
2120  }
2121  else
2122  break;
2123  }
2124  while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2125 
2126  if (ret > 0)
2127  {
2128  if (buf[ret - 1] != '\0')
2129  {
2130  if (ret < bufsiz)
2131  buf[ret] = '\0';
2132  else
2133  buf[bufsiz - 1] = '\0';
2134  }
2135  }
2136  }
2137 
2138  return ret;
2139 }

References OPENVAS_STREAM, and read_stream_connection_min().

Referenced by ftp_get_pasv_address(), and ftp_log_in().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ release_connection_fd()

static int release_connection_fd ( int  fd,
int  already_closed 
)
static

Definition at line 173 of file network.c.

174 {
176 
177  if (!OPENVAS_STREAM (fd))
178  {
179  errno = EINVAL;
180  return -1;
181  }
182  p = OVAS_CONNECTION_FROM_FD (fd);
183 
184  g_free (p->buf);
185  p->buf = 0;
186 
187  /* TLS FIXME: we should call gnutls_bye somewhere. OTOH, the OpenSSL
188  * equivalent SSL_shutdown wasn't called anywhere in the OpenVAS
189  * (libopenvas nor elsewhere) code either.
190  */
191 
192  /* So far, fd is always a socket. If this is changed in the future, this
193  * code shall be fixed. */
194  if (p->fd >= 0)
195  {
196  g_debug ("[%d] release_connection_fd: fd > 0 fd=%d", getpid (), p->fd);
197  if (shutdown (p->fd, 2) < 0)
198  {
199  /*
200  * It's not uncommon to see that one fail, since a lot of
201  * services close the connection before we ask them to
202  * (ie: http), so we don't show this error by default
203  */
204  pid_perror ("release_connection_fd: shutdown()");
205  }
206  if (!already_closed && socket_close (p->fd) < 0)
207  pid_perror ("release_connection_fd: close()");
208  }
209 
210  if (p->tls_session != NULL)
211  gnutls_deinit (p->tls_session);
212  if (p->tls_cred != NULL)
213  gnutls_certificate_free_credentials (p->tls_cred);
214 
215  g_free (p->priority);
216  p->priority = NULL;
217 
218  bzero (p, sizeof (*p));
219  p->transport = -1;
220  p->pid = 0;
221 
222  return 0;
223 }

References openvas_connection::buf, openvas_connection::fd, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::pid, pid_perror(), openvas_connection::priority, socket_close(), openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by close_stream_connection(), open_stream_connection_ext(), and socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run_csc_hooks()

static int run_csc_hooks ( int  fd)
static

Run the hooks for close_stream_connection.

The function runs all registered hooks until the first hook returns with zero to indicate that it has taken over control of the socket. Further hooks are then not anymore run because the file descriptor is not anymore valid.

Parameters
fdThe file descriptor of the stream.
Returns
Zero if one of the hooks has closed the connection; non-zero otherwise.

Definition at line 1694 of file network.c.

1695 {
1696  struct csc_hook_s *hook;
1697 
1698  for (hook = csc_hooks; hook; hook = hook->next)
1699  if (hook->fnc && !hook->fnc (fd))
1700  return 0;
1701  return -1;
1702 }

References csc_hooks, csc_hook_s::fnc, and csc_hook_s::next.

Referenced by close_stream_connection().

Here is the caller graph for this function:

◆ set_gnutls_protocol()

static int set_gnutls_protocol ( gnutls_session_t  session,
openvas_encaps_t  encaps,
const char *  priority,
unsigned int  flags 
)
static

Sets the priorities for the GnuTLS session according to encaps. PRIORITY is used to convey custom priorities; it is only used if ENCAPS is set to OPENVAS_ENCAPS_TLScustom.

Definition at line 394 of file network.c.

396 {
397  const char *priorities;
398  const char *errloc;
399  int err;
400 
401  switch (encaps)
402  {
404  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
405  break;
407  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+ARCFOUR-128:%COMPAT";
408  break;
410  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+ARCFOUR-128:%COMPAT";
411  break;
413  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ARCFOUR-128:%COMPAT";
414  break;
416  priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:%COMPAT";
417  break;
418  case OPENVAS_ENCAPS_SSLv23: /* Compatibility mode */
419  priorities =
420  "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
421  break;
422  default:
423  g_debug ("*Bug* at %s:%d. Unknown transport %d", __FILE__, __LINE__,
424  encaps);
425  /* fallthrough */
427  priorities = priority;
428  break;
429  }
430 
431  g_debug ("%s: setting %s as priority_string based on %d", __func__,
432  priorities, encaps);
433  if ((err = gnutls_priority_set_direct (session, priorities, &errloc)))
434  {
435  g_message ("[%d] setting session priorities '%.20s': %s", getpid (),
436  errloc, gnutls_strerror (err));
437  return -1;
438  }
439 
440  /* Set extra priorities from flags.
441  Only for encaps == OPENVAS_ENCAPS_TLScustom. */
442  if (encaps == OPENVAS_ENCAPS_TLScustom && flags & INSECURE_DH_PRIME_BITS)
443  gnutls_dh_set_prime_bits (session, 128);
444 
445  return 0;
446 }

References INSECURE_DH_PRIME_BITS, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by open_SSL_connection().

Here is the caller graph for this function:

◆ socket_close()

int socket_close ( int  soc)

Definition at line 2142 of file network.c.

2143 {
2144  return close (soc);
2145 }

Referenced by close_stream_connection(), open_socket(), and release_connection_fd().

Here is the caller graph for this function:

◆ socket_get_cert()

void socket_get_cert ( int  fd,
void **  cert,
int *  certlen 
)

Definition at line 887 of file network.c.

888 {
889  gnutls_session_t session;
890  const gnutls_datum_t *cert_list;
891  unsigned int cert_list_len = 0;
892 
893  if (!cert || !certlen)
894  return;
895  if (!fd_is_stream (fd))
896  {
897  g_message ("Socket %d is not stream", fd);
898  return;
899  }
901  if (!session)
902  {
903  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
904  return;
905  }
906  if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
907  return;
908  cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
909  if (cert_list_len == 0)
910  return;
911  *certlen = cert_list[0].size;
912  *cert = g_memdup2 (cert_list[0].data, *certlen);
913 }

References fd_is_stream(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_cert().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_ciphersuite()

int socket_get_ssl_ciphersuite ( int  fd)

Definition at line 1006 of file network.c.

1007 {
1008  gnutls_session_t session;
1009  gnutls_kx_algorithm_t kx, kx2;
1010  gnutls_cipher_algorithm_t cipher, cipher2;
1011  gnutls_mac_algorithm_t mac, mac2;
1012  size_t idx = 0;
1013  unsigned char cs_id[2];
1014 
1015  if (!fd_is_stream (fd))
1016  {
1017  g_message ("Socket %d is not stream", fd);
1018  return -1;
1019  }
1020  session = ovas_get_tlssession_from_connection (fd);
1021  if (!session)
1022  {
1023  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
1024  return -1;
1025  }
1026 
1027  kx = gnutls_kx_get (session);
1028  cipher = gnutls_cipher_get (session);
1029  mac = gnutls_mac_get (session);
1030  while (
1031  gnutls_cipher_suite_info (idx, (void *) cs_id, &kx2, &cipher2, &mac2, NULL))
1032  {
1033  if (kx == kx2 && cipher == cipher2 && mac == mac2)
1034  return cs_id[0] + cs_id[1];
1035  idx++;
1036  }
1037  return -1;
1038 }

References fd_is_stream(), mac(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_ciphersuite().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_session_id()

void socket_get_ssl_session_id ( int  fd,
void **  sid,
size_t *  ssize 
)

Definition at line 966 of file network.c.

967 {
968  gnutls_session_t session;
969  void *tmp;
970  *ssize = GNUTLS_MAX_SESSION_ID;
971  int ret;
972 
973  if (!sid)
974  return;
975  if (!fd_is_stream (fd))
976  {
977  g_message ("Socket %d is not stream", fd);
978  return;
979  }
981  if (!session)
982  {
983  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
984  return;
985  }
986  tmp = g_malloc0 (*ssize);
987  ret = gnutls_session_get_id (session, tmp, ssize);
988  if (ret == GNUTLS_E_SUCCESS)
989  *sid = tmp;
990  else
991  {
992  g_free (tmp);
993  *ssize = 0;
994  tlserror ("gnutls_session_id", ret);
995  }
996 }

References fd_is_stream(), ovas_get_tlssession_from_connection(), and tlserror().

Referenced by nasl_socket_get_ssl_session_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_version()

int socket_get_ssl_version ( int  fd)

Definition at line 923 of file network.c.

924 {
925  gnutls_session_t session;
926  gnutls_protocol_t version;
927 
928  if (!fd_is_stream (fd))
929  {
930  g_message ("Socket %d is not stream", fd);
931  return -1;
932  }
934  if (!session)
935  {
936  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
937  return -1;
938  }
939 
940  version = gnutls_protocol_get_version (session);
941  switch (version)
942  {
943  case GNUTLS_SSL3:
944  return OPENVAS_ENCAPS_SSLv3;
945  case GNUTLS_TLS1:
946  return OPENVAS_ENCAPS_TLSv1;
947  case GNUTLS_TLS1_1:
948  return OPENVAS_ENCAPS_TLSv11;
949  case GNUTLS_TLS1_2:
950  return OPENVAS_ENCAPS_TLSv12;
951  case GNUTLS_TLS1_3:
952  return OPENVAS_ENCAPS_TLSv13;
953  default:
954  return -1;
955  }
956 }

References fd_is_stream(), OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_version().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_negotiate_ssl()

int socket_negotiate_ssl ( int  fd,
openvas_encaps_t  transport,
struct script_infos args 
)

Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.

Parameters
[in]fdSocket file descriptor.
[in]transportEncapsulation type.
[in]argScript args.
Returns
-1 if error, socket file descriptor value otherwise.

Definition at line 820 of file network.c.

822 {
823  char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
824  char *hostname = NULL;
825  openvas_connection *fp;
826  kb_t kb;
827  char buf[1024];
828  static gboolean connection_failed_msg_sent = FALSE; // send msg only once
829 
830  if (!fd_is_stream (fd))
831  {
832  g_message ("Socket %d is not stream", fd);
833  return -1;
834  }
835  fp = OVAS_CONNECTION_FROM_FD (fd);
836  kb = plug_get_kb (args);
837  cert = kb_item_get_str (kb, "SSL/cert");
838  key = kb_item_get_str (kb, "SSL/key");
839  passwd = kb_item_get_str (kb, "SSL/password");
840  cafile = kb_item_get_str (kb, "SSL/CA");
841  snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
842  if (kb_item_get_int (kb, buf) <= 0)
843  hostname = plug_get_host_fqdn (args);
844 
845  fp->transport = transport;
846  fp->priority = NULL;
847  if (open_SSL_connection (fp, cert, key, passwd, cafile, hostname,
849  <= 0)
850  {
851  g_free (cert);
852  g_free (key);
853  g_free (passwd);
854  g_free (cafile);
855  if (!connection_failed_msg_sent)
856  {
857  g_message ("Function socket_negotiate_ssl called from %s: "
858  "SSL/TLS connection (host: %s, ip: %s) failed.",
860  plug_get_host_fqdn (args) ? plug_get_host_fqdn (args)
861  : "unknown",
863  : "unknown");
864  connection_failed_msg_sent = TRUE;
865  }
866  g_free (hostname);
867  release_connection_fd (fd, 0);
868  return -1;
869  }
870  g_free (hostname);
871  g_free (cert);
872  g_free (key);
873  g_free (passwd);
874  g_free (cafile);
875  return fd;
876 }

References fd_is_stream(), hostname, nasl_get_plugin_filename(), NO_PRIORITY_FLAGS, open_SSL_connection(), OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_host_ip_str(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), and openvas_connection::transport.

Referenced by nasl_socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_do_handshake()

int socket_ssl_do_handshake ( int  fd)

Do a re-handshake of the TLS/SSL protocol.

Parameters
[in]fdSocket file descriptor.
Returns
1 on success, less than 0 on failure or error.

Definition at line 737 of file network.c.

738 {
739  int err, d, ret;
740  openvas_connection *fp;
741  time_t tictac;
742  fd_set fdw, fdr;
743  struct timeval to;
744 
745  if (!fd_is_stream (fd))
746  {
747  g_message ("%s: Socket %d is not stream", __func__, fd);
748  return -1;
749  }
750  fp = OVAS_CONNECTION_FROM_FD (fd);
751 
752  tictac = time (NULL);
753 
754  for (;;)
755  {
756  err = gnutls_handshake (fp->tls_session);
757 
758  if (err == 0)
759  {
760  g_debug ("no error during handshake");
761  return 1;
762  }
763  if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
764  && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
765  {
766  g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
767  return -1;
768  }
769  else if (err == GNUTLS_E_WARNING_ALERT_RECEIVED)
770  {
771  int last_alert;
772 
773  last_alert = gnutls_alert_get (fp->tls_session);
774  g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
775 
776  g_debug ("* Received alert '%d': %s.\n", last_alert,
777  gnutls_alert_get_name (last_alert));
778  return err;
779  }
780  FD_ZERO (&fdr);
781  FD_SET (fp->fd, &fdr);
782  FD_ZERO (&fdw);
783  FD_SET (fp->fd, &fdw);
784 
785  do
786  {
787  d = tictac + fp->timeout - time (NULL);
788  if (d <= 0)
789  {
790  fp->last_err = ETIMEDOUT;
791  g_debug ("%s: time out", __func__);
792  return -1;
793  }
794  to.tv_sec = d;
795  to.tv_usec = 0;
796  errno = 0;
797  if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
798  pid_perror ("select");
799  }
800  while (ret < 0 && errno == EINTR);
801 
802  if (ret <= 0)
803  {
804  fp->last_err = ETIMEDOUT;
805  g_debug ("%s: time out", __func__);
806  return -1;
807  }
808  }
809 }

References openvas_connection::fd, fd_is_stream(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, pid_perror(), openvas_connection::timeout, timeval(), and openvas_connection::tls_session.

Referenced by nasl_socket_ssl_do_handshake().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_safe_renegotiation_status()

int socket_ssl_safe_renegotiation_status ( int  fd)

Check if Secure Renegotiation is supported in the server side.

Parameters
[in]fdSocket file descriptor.
Returns
1 if supported, 0 if not supported and less than 0 on error.

Definition at line 716 of file network.c.

717 {
718  openvas_connection *fp;
719 
720  if (!fd_is_stream (fd))
721  {
722  g_message ("%s: Socket %d is not stream", __func__, fd);
723  return -1;
724  }
725  fp = OVAS_CONNECTION_FROM_FD (fd);
726 
727  return gnutls_safe_renegotiation_status (fp->tls_session);
728 }

References fd_is_stream(), OVAS_CONNECTION_FROM_FD, and openvas_connection::tls_session.

Referenced by nasl_socket_check_ssl_safe_renegotiation().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stream_get_buffer_sz()

int stream_get_buffer_sz ( int  fd)

Definition at line 2158 of file network.c.

2159 {
2160  openvas_connection *p;
2161  if (!OPENVAS_STREAM (fd))
2162  return -1;
2163  p = OVAS_CONNECTION_FROM_FD (fd);
2164  return p->bufsz;
2165 }

References openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_recv_line().

Here is the caller graph for this function:

◆ stream_get_err()

int stream_get_err ( int  fd)

Definition at line 132 of file network.c.

133 {
135 
136  if (!OPENVAS_STREAM (fd))
137  {
138  errno = EINVAL;
139  return -1;
140  }
141 
142  p = OVAS_CONNECTION_FROM_FD (fd);
143  return p->last_err;
144 }

References openvas_connection::last_err, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_socket_get_error().

Here is the caller graph for this function:

◆ stream_set_buffer()

int stream_set_buffer ( int  fd,
int  sz 
)

Definition at line 2168 of file network.c.

2169 {
2170  openvas_connection *p;
2171  char *b;
2172 
2173  if (!OPENVAS_STREAM (fd))
2174  return -1;
2175 
2176  p = OVAS_CONNECTION_FROM_FD (fd);
2177  if (sz < p->bufcnt)
2178  return -1; /* Do not want to lose data */
2179 
2180  if (sz == 0)
2181  {
2182  g_free (p->buf);
2183  p->buf = NULL;
2184  p->bufsz = 0;
2185  return 0;
2186  }
2187  else if (p->buf == 0)
2188  {
2189  p->buf = g_malloc0 (sz);
2190  if (p->buf == NULL)
2191  return -1;
2192  p->bufsz = sz;
2193  p->bufptr = 0;
2194  p->bufcnt = 0;
2195  return 0;
2196  }
2197  else
2198  {
2199  if (p->bufcnt > 0)
2200  {
2201  memmove (p->buf, p->buf + p->bufptr, p->bufcnt);
2202  p->bufptr = 0;
2203  }
2204  b = g_realloc (p->buf, sz);
2205  if (b == NULL)
2206  return -1;
2207  p->buf = b;
2208  p->bufsz = sz;
2209  return 0;
2210  }
2211 }

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_open_sock_tcp_bufsz(), and nasl_recv_line().

Here is the caller graph for this function:

◆ stream_set_timeout()

int stream_set_timeout ( int  fd,
int  timeout 
)

Definition at line 1216 of file network.c.

1217 {
1218  int old;
1219  openvas_connection *fp;
1220  if (!OPENVAS_STREAM (fd))
1221  {
1222  errno = EINVAL;
1223  return 0;
1224  }
1225  fp = OVAS_CONNECTION_FROM_FD (fd);
1226  old = fp->timeout;
1227  fp->timeout = timeout;
1228  return old;
1229 }

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and openvas_connection::timeout.

Referenced by nasl_recv(), and plugin_do_run().

Here is the caller graph for this function:

◆ tlserror()

static void tlserror ( char *  txt,
int  err 
)
static

Definition at line 326 of file network.c.

327 {
328  g_message ("[%d] %s: %s", getpid (), txt, gnutls_strerror (err));
329 }

Referenced by load_cert_and_key(), open_SSL_connection(), openvas_SSL_init(), and socket_get_ssl_session_id().

Here is the caller graph for this function:

◆ unblock_socket()

static int unblock_socket ( int  soc)
static

Definition at line 286 of file network.c.

287 {
288  int flags = fcntl (soc, F_GETFL, 0);
289  if (flags < 0)
290  {
291  pid_perror ("fcntl(F_GETFL)");
292  return -1;
293  }
294  if (fcntl (soc, F_SETFL, O_NONBLOCK | flags) < 0)
295  {
296  pid_perror ("fcntl(F_SETFL,O_NONBLOCK)");
297  return -1;
298  }
299  return 0;
300 }

References pid_perror().

Referenced by open_socket(), and open_SSL_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ write_stream_connection()

int write_stream_connection ( int  fd,
void *  buf0,
int  n 
)

Definition at line 1583 of file network.c.

1584 {
1585  return write_stream_connection4 (fd, buf0, n, 0);
1586 }

References write_stream_connection4().

Referenced by ftp_get_pasv_address(), ftp_log_in(), nasl_telnet_init(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ write_stream_connection4()

static int write_stream_connection4 ( int  fd,
void *  buf0,
int  n,
int  i_opt 
)
static

Definition at line 1463 of file network.c.

1464 {
1465  int ret, count;
1466  unsigned char *buf = (unsigned char *) buf0;
1467  openvas_connection *fp;
1468  fd_set fdr, fdw;
1469  struct timeval tv;
1470  int e;
1471 
1472  if (!OPENVAS_STREAM (fd))
1473  {
1474  g_debug ("write_stream_connection: fd <%d> invalid\n", fd);
1475  errno = EINVAL;
1476  return -1;
1477  }
1478 
1479  fp = OVAS_CONNECTION_FROM_FD (fd);
1480  fp->last_err = 0;
1481 
1482  switch (fp->transport)
1483  {
1484  case OPENVAS_ENCAPS_IP:
1485  for (count = 0; count < n;)
1486  {
1487  ret = send (fp->fd, buf + count, n - count, i_opt);
1488 
1489  if (ret <= 0)
1490  {
1491  if (ret < 0)
1492  fp->last_err = errno;
1493  else
1494  fp->last_err = EPIPE;
1495  break;
1496  }
1497 
1498  count += ret;
1499  }
1500  break;
1501 
1502  case OPENVAS_ENCAPS_SSLv2:
1503  case OPENVAS_ENCAPS_SSLv23:
1504  case OPENVAS_ENCAPS_SSLv3:
1505  case OPENVAS_ENCAPS_TLSv1:
1506  case OPENVAS_ENCAPS_TLSv11:
1507  case OPENVAS_ENCAPS_TLSv12:
1508  case OPENVAS_ENCAPS_TLSv13:
1510 
1511  /* i_opt ignored for SSL */
1512  for (count = 0; count < n;)
1513  {
1514  ret = gnutls_record_send (fp->tls_session, buf + count, n - count);
1515 
1516  if (ret > 0)
1517  {
1518  count += ret;
1519  }
1520  else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1521  {
1522  /* This branch also handles the case where ret == 0,
1523  * i.e. that the connection has been closed. This is
1524  * for compatibility with the old openvas code which
1525  * treated SSL_ERROR_ZERO_RETURN as an error too.
1526  */
1527  if (ret < 0)
1528  pid_perror ("gnutls_record_send");
1529  else
1530  g_debug ("gnutls_record_send[%d]: EOF\n", getpid ());
1531  fp->last_err = EPIPE;
1532  break;
1533  }
1534 
1535  if (fp->timeout >= 0)
1536  tv.tv_sec = fp->timeout;
1537  else
1538  tv.tv_sec = TIMEOUT;
1539  tv.tv_usec = 0;
1540 
1541  do
1542  {
1543  errno = 0;
1544  FD_ZERO (&fdr);
1545  FD_ZERO (&fdw);
1546  FD_SET (fp->fd, &fdr);
1547  FD_SET (fp->fd, &fdw);
1548  e = select (fp->fd + 1, &fdr, &fdw, NULL, &tv);
1549  }
1550  while (e < 0 && errno == EINTR);
1551 
1552  if (e <= 0)
1553  {
1554  pid_perror ("select");
1555  fp->last_err = ETIMEDOUT;
1556  break;
1557  }
1558  }
1559  break;
1560 
1561  default:
1562  if (fp->transport || fp->fd != 0)
1563  g_message ("Function %s (calling internal function %s) called from %s: "
1564  "Severe bug! Unhandled transport layer %d (fd=%d).",
1566  : "script_main_function",
1567  __func__, nasl_get_plugin_filename (), fp->transport, fd);
1568  else
1569  g_message ("read_stream_connection_unbuffered: fd=%d is "
1570  "closed",
1571  fd);
1572  errno = EINVAL;
1573  return -1;
1574  }
1575 
1576  if (count == 0 && n > 0)
1577  return -1;
1578  else
1579  return count;
1580 }

References openvas_connection::fd, openvas_connection::last_err, nasl_get_function_name(), nasl_get_plugin_filename(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, pid_perror(), TIMEOUT, openvas_connection::timeout, timeval(), openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nsend(), and write_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ __port_closed

int __port_closed
static

Definition at line 283 of file network.c.

Referenced by open_socket().

◆ connections

◆ csc_hooks

struct csc_hook_s* csc_hooks
static

Linked list of hooks to be run by close_stream_connection.

Definition at line 108 of file network.c.

Referenced by add_close_stream_connection_hook(), and run_csc_hooks().

◆ tls_priorities

const char* tls_priorities = "NORMAL:+ARCFOUR-128:%COMPAT"

Definition at line 146 of file network.c.

Referenced by open_stream_connection(), and open_stream_tls_default_priorities().

◆ tls_priority_flag

int tls_priority_flag = NO_PRIORITY_FLAGS

Definition at line 147 of file network.c.

Referenced by open_stream_connection(), and open_stream_tls_default_priorities().

openvas_connection::tls_cred
gnutls_certificate_credentials_t tls_cred
Definition: network.c:76
script_infos::ip
struct in6_addr * ip
Definition: scanneraux.h:37
openvas_connection::buf
char * buf
Definition: network.c:80
OVAS_CONNECTION_FROM_FD
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:119
pid_perror
static int pid_perror(const char *error)
Definition: network.c:125
host_get_port_state
int host_get_port_state(struct script_infos *plugdata, int portnum)
Definition: plugutils.c:144
plug_get_port_transport
int plug_get_port_transport(struct script_infos *args, int port)
Definition: plugutils.c:1288
get_connection_fd
static int get_connection_fd(void)
Returns a free file descriptor.
Definition: network.c:153
openvas_connection::port
int port
Definition: network.c:73
OPENVAS_ENCAPS_IP
@ OPENVAS_ENCAPS_IP
Definition: network.h:31
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:1055
openvas_connection::bufcnt
int bufcnt
Definition: network.c:81
__port_closed
static int __port_closed
Definition: network.c:283
INCR_TIMEOUT
#define INCR_TIMEOUT
tls_priority_flag
int tls_priority_flag
Definition: network.c:147
nasl_get_function_name
const char * nasl_get_function_name()
Definition: nasl_debug.c:82
open_stream_connection
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition: network.c:1175
plug_get_host_fqdn
char * plug_get_host_fqdn(struct script_infos *args)
Definition: plugutils.c:242
NO_PRIORITY_FLAGS
#define NO_PRIORITY_FLAGS
Definition: network.h:48
openvas_connection::pid
pid_t pid
Definition: network.c:78
script_infos::name
char * name
Definition: scanneraux.h:35
csc_hooks
static struct csc_hook_s * csc_hooks
Linked list of hooks to be run by close_stream_connection.
Definition: network.c:108
os_send
int os_send(int soc, void *buf, int len, int opt)
Definition: network.c:2216
release_connection_fd
static int release_connection_fd(int fd, int already_closed)
Definition: network.c:173
openvas_connection::transport
openvas_encaps_t transport
Definition: network.c:69
openvas_connection::tls_session
gnutls_session_t tls_session
Definition: network.c:75
tls_priorities
const char * tls_priorities
Definition: network.c:146
OPENVAS_FD_OFF
#define OPENVAS_FD_OFF
Definition: network.c:92
OPENVAS_ENCAPS_TLSv13
@ OPENVAS_ENCAPS_TLSv13
Definition: network.h:38
protocol
u_char protocol
Definition: nasl_packet_forgery.c:3
open_stream_connection_ext
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
Definition: network.c:1046
open_sock_tcp
int open_sock_tcp(struct script_infos *args, unsigned int port, int timeout)
Definition: network.c:1919
csc_hook_s::next
struct csc_hook_s * next
Definition: network.c:101
connections
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:94
log_message_gnutls
static void log_message_gnutls(int level, const char *msg)
Definition: network.c:332
unblock_socket
static int unblock_socket(int soc)
Definition: network.c:286
openvas_connection
Definition: network.c:63
openvas_connection::bufptr
int bufptr
Definition: network.c:81
OPENVAS_ENCAPS_TLScustom
@ OPENVAS_ENCAPS_TLScustom
Definition: network.h:39
set_gnutls_protocol
static int set_gnutls_protocol(gnutls_session_t session, openvas_encaps_t encaps, const char *priority, unsigned int flags)
Definition: network.c:394
plug_current_vhost
const char * plug_current_vhost(void)
Definition: plugutils.c:47
load_cert_and_key
static int load_cert_and_key(gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
Loads a certificate and the corresponding private key from PEM files.
Definition: network.c:457
OPENVAS_STREAM
#define OPENVAS_STREAM(x)
Definition: network.c:113
plug_set_port_transport
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition: plugutils.c:1275
run_csc_hooks
static int run_csc_hooks(int fd)
Run the hooks for close_stream_connection.
Definition: network.c:1694
pid
static pid_t pid
Definition: nasl_cmd_exec.c:39
read_stream_connection
int read_stream_connection(int fd, void *buf0, int len)
Definition: network.c:1457
open_socket
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition: network.c:1791
OPENVAS_ENCAPS_SSLv2
@ OPENVAS_ENCAPS_SSLv2
Definition: network.h:33
kb_item_set_int_with_main_kb_check
int kb_item_set_int_with_main_kb_check(kb_t kb, const char *name, int value)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_set_int....
Definition: plugutils.c:554
open_SSL_connection
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
Open an TLS/SSL connection.
Definition: network.c:580
len
uint8_t len
Definition: nasl_packet_forgery.c:1
tlserror
static void tlserror(char *txt, int err)
Definition: network.c:326
INSECURE_DH_PRIME_BITS
#define INSECURE_DH_PRIME_BITS
Definition: network.h:49
ovas_get_tlssession_from_connection
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition: network.c:377
read_stream_connection_min
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1397
fd_is_stream
int fd_is_stream(int fd)
Definition: network.c:2152
OPENVAS_ENCAPS_TLSv1
@ OPENVAS_ENCAPS_TLSv1
Definition: network.h:35
is_ip_address
static int is_ip_address(const char *str)
Definition: network.c:549
timeval
static struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:94
openvas_connection::timeout
int timeout
Definition: network.c:71
nasl_get_plugin_filename
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition: nasl_debug.c:42
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition: nasl_crypt_helper.c:97
openvas_connection::fd
int fd
Definition: network.c:64
open_sock_option
int open_sock_option(struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
Definition: network.c:1996
TIMEOUT
#define TIMEOUT
Definition: network.c:45
OPENVAS_ENCAPS_SSLv3
@ OPENVAS_ENCAPS_SSLv3
Definition: network.h:34
block_socket
static int block_socket(int soc)
Definition: network.c:303
socket_close
int socket_close(int soc)
Definition: network.c:2142
hostname
const char * hostname
Definition: pluginlaunch.c:68
read_stream_connection_unbuffered
static int read_stream_connection_unbuffered(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1232
openvas_connection::bufsz
int bufsz
Definition: network.c:81
csc_hook_s::fnc
int(* fnc)(int fd)
Definition: network.c:102
OPENVAS_ENCAPS_TLSv11
@ OPENVAS_ENCAPS_TLSv11
Definition: network.h:36
OPENVAS_ENCAPS_TLSv12
@ OPENVAS_ENCAPS_TLSv12
Definition: network.h:37
csc_hook_s
Object to store a list of hooks for close_stream_connection.
Definition: network.c:100
openvas_connection::priority
char * priority
Definition: network.c:70
write_stream_connection4
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition: network.c:1463
openvas_connection::last_err
int last_err
Definition: network.c:82
qsort_compar
static int qsort_compar(const void *a, const void *b)
Definition: network.c:2274
kb_item_push_str_with_main_kb_check
int kb_item_push_str_with_main_kb_check(kb_t kb, const char *name, const char *value)
Check if the current kb corresponds to the original scanid, if it matches it kb_item_push_str....
Definition: plugutils.c:478
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition: kb_cache.c:41
code
#define code
OPENVAS_FD_MAX
#define OPENVAS_FD_MAX
Definition: network.c:91
plug_get_host_ip_str
char * plug_get_host_ip_str(struct script_infos *desc)
Definition: plugutils.c:322
OPENVAS_ENCAPS_AUTO
@ OPENVAS_ENCAPS_AUTO
Definition: network.h:30
length
u_short length
Definition: nasl_packet_forgery.c:4
OPENVAS_ENCAPS_SSLv23
@ OPENVAS_ENCAPS_SSLv23
Definition: network.h:32