Launches the plugins, and manages multithreading.
More...
#include "attack.h"
#include "../misc/ipc_openvas.h"
#include "../misc/kb_cache.h"
#include "../misc/network.h"
#include "../misc/nvt_categories.h"
#include "../misc/pcap_openvas.h"
#include "../misc/plugutils.h"
#include "../misc/table_driven_lsc.h"
#include "../misc/user_agent.h"
#include "../nasl/nasl_debug.h"
#include "hosts.h"
#include "pluginlaunch.h"
#include "pluginload.h"
#include "pluginscheduler.h"
#include "plugs_req.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
#include <arpa/inet.h>
#include <bsd/unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gvm/base/hosts.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/boreas/alivedetection.h>
#include <gvm/boreas/boreas_io.h>
#include <gvm/util/mqtt.h>
#include <gvm/util/nvticache.h>
#include <pthread.h>
#include <signal.h>
#include <string.h>
#include <sys/wait.h>
#include <unistd.h>
Go to the source code of this file.
|
| static int | connect_main_kb (kb_t *main_kb) |
| | Connect to the main kb. Must be released with kb_lnk_reset() after use. More...
|
| |
| static void | set_kb_readable (int host_kb_index) |
| | Add the Host KB index to the list of readable KBs used by ospd-openvas. More...
|
| |
| static void | set_scan_status (char *status) |
| | Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly. More...
|
| |
| static int | comm_send_status_host_dead (kb_t main_kb, char *ip_str) |
| | Send status to the client that the host is dead. More...
|
| |
| static int | comm_send_status (kb_t main_kb, char *ip_str, int curr, int max) |
| | Sends the progress status of of a host's scan. More...
|
| |
| static void | message_to_client (kb_t kb, const char *msg, const char *ip_str, const char *port, const char *type) |
| |
| static void | report_kb_failure (int errcode) |
| |
| static void | fork_sleep (int n) |
| |
| static void | scan_stop_cleanup (void) |
| |
| static int | scan_is_stopped (void) |
| |
| static int | nvti_category_is_safe (int category) |
| | Checks that an NVT category is safe. More...
|
| |
| static void | append_vhost (const char *vhost, const char *source) |
| |
| static int | run_table_driven_lsc (const char *scan_id, kb_t kb, const char *ip_str, const char *hostname) |
| | Publish the necessary data to start a Table driven LSC scan. More...
|
| |
| static void | process_ipc_data (const gchar *result) |
| |
| static void | read_ipc (struct ipc_context *ctx) |
| |
| static int | launch_plugin (struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, struct attack_start_args *args) |
| | Launches a nvt. Respects safe check preference (i.e. does not try. More...
|
| |
| static void | attack_host (struct scan_globals *globals, struct in6_addr *ip, struct attack_start_args *args) |
| | Attack one host. More...
|
| |
| static char * | vhosts_to_str (GSList *list) |
| |
| static void | check_deprecated_prefs (void) |
| | Check if any deprecated prefs are in pref table and print warning. More...
|
| |
| static int | host_authorized (const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny) |
| |
| static int | check_host_authorization (gvm_host_t *host, const struct in6_addr *addr) |
| |
| static void | attack_start (struct ipc_context *ipcc, struct attack_start_args *args) |
| | Set up some data and jump into attack_host() More...
|
| |
| static void | apply_hosts_excluded (gvm_hosts_t *hosts) |
| |
| static void | apply_hosts_preferences_ordering (gvm_hosts_t *hosts) |
| |
| static int | apply_hosts_reverse_lookup_preferences (gvm_hosts_t *hosts) |
| |
| static int | check_kb_access (void) |
| |
| static void | set_alive_detection_tid (pthread_t tid) |
| |
| static pthread_t | get_alive_detection_tid () |
| |
| static gboolean | ad_thread_joined (gboolean joined) |
| | Set and get if alive detection thread was already joined by main thread. More...
|
| |
| static void | handle_scan_stop_signal () |
| |
| void | attack_network (struct scan_globals *globals) |
| | Attack a whole network. More...
|
| |
Launches the plugins, and manages multithreading.
Definition in file attack.c.
◆ ERR_HOST_DEAD
◆ G_LOG_DOMAIN
| #define G_LOG_DOMAIN "sd main" |
GLib log domain.
Definition at line 67 of file attack.c.
◆ INVALID_TARGET_LIST
| #define INVALID_TARGET_LIST "-1" |
Define value to be sent to the client for invalid target list.
Definition at line 61 of file attack.c.
◆ KB_RETRY_DELAY
| #define KB_RETRY_DELAY 3 /*In sec*/ |
Wait KB_RETRY_DELAY seconds until trying again to get a new kb.
Definition at line 57 of file attack.c.
◆ MAX_FORK_RETRIES
| #define MAX_FORK_RETRIES 10 |
◆ ad_thread_joined()
| static gboolean ad_thread_joined |
( |
gboolean |
joined | ) |
|
|
static |
Set and get if alive detection thread was already joined by main thread.
The status can only be set to TRUE once in the lifetime of the program and retrieved as often as needed. After it is set to TRUE it can not be unset.
- Parameters
-
| joined | TRUE to set status to joined and FALSE to retrieve status of join. |
- Returns
- Returns true if thread was already joined.
Definition at line 1179 of file attack.c.
1181 static gboolean alive_detection_thread_already_joined = FALSE;
1183 alive_detection_thread_already_joined = TRUE;
1184 return alive_detection_thread_already_joined;
Referenced by attack_network(), and scan_stop_cleanup().
◆ append_vhost()
| static void append_vhost |
( |
const char * |
vhost, |
|
|
const char * |
source |
|
) |
| |
|
static |
Definition at line 293 of file attack.c.
295 GSList *vhosts = NULL;
301 gvm_vhost_t *tmp = vhosts->data;
303 if (!strcmp (tmp->value, vhost))
305 g_info (
"%s: vhost '%s' exists already", __func__, vhost);
308 vhosts = vhosts->next;
311 host_vhosts, gvm_vhost_new (g_strdup (vhost), g_strdup (source)));
312 g_info (
"%s: add vhost '%s' from '%s'", __func__, vhost, source);
References host_vhosts.
Referenced by process_ipc_data().
◆ apply_hosts_excluded()
| static void apply_hosts_excluded |
( |
gvm_hosts_t * |
hosts | ) |
|
|
static |
Definition at line 997 of file attack.c.
999 const char *exclude_hosts = prefs_get (
"exclude_hosts");
1005 int ret = gvm_hosts_exclude (
hosts, exclude_hosts);
1008 g_message (
"exclude_hosts: Skipped %d host(s).", ret);
1010 g_message (
"exclude_hosts: Error.");
References hosts.
Referenced by attack_network().
◆ apply_hosts_preferences_ordering()
| static void apply_hosts_preferences_ordering |
( |
gvm_hosts_t * |
hosts | ) |
|
|
static |
Definition at line 1064 of file attack.c.
1066 const char *ordering = prefs_get (
"hosts_ordering");
1071 if (!strcmp (ordering,
"random"))
1073 gvm_hosts_shuffle (
hosts);
1074 g_debug (
"hosts_ordering: Random.");
1076 else if (!strcmp (ordering,
"reverse"))
1078 gvm_hosts_reverse (
hosts);
1079 g_debug (
"hosts_ordering: Reverse.");
1083 g_debug (
"hosts_ordering: Sequential.");
References hosts.
Referenced by attack_network().
◆ apply_hosts_reverse_lookup_preferences()
| static int apply_hosts_reverse_lookup_preferences |
( |
gvm_hosts_t * |
hosts | ) |
|
|
static |
Definition at line 1087 of file attack.c.
1089 #ifdef FEATURE_REVERSE_LOOKUP_EXCLUDED
1090 const char *exclude_hosts = prefs_get (
"exclude_hosts");
1091 int hosts_excluded = 0;
1093 if (prefs_get_bool (
"reverse_lookup_unify"))
1095 gvm_hosts_t *excluded;
1097 excluded = gvm_hosts_reverse_lookup_unify_excluded (
hosts);
1098 g_debug (
"reverse_lookup_unify: Skipped %zu host(s).", excluded->count);
1104 hosts_excluded += gvm_hosts_exclude (excluded, exclude_hosts);
1106 gvm_hosts_free (excluded);
1109 if (prefs_get_bool (
"reverse_lookup_only"))
1111 gvm_hosts_t *excluded;
1113 excluded = gvm_hosts_reverse_lookup_only_excluded (
hosts);
1114 g_debug (
"reverse_lookup_unify: Skipped %zu host(s).", excluded->count);
1119 hosts_excluded += gvm_hosts_exclude (excluded, exclude_hosts);
1120 gvm_hosts_free (excluded);
1122 return exclude_hosts ? hosts_excluded : 0;
1125 if (prefs_get_bool (
"reverse_lookup_unify"))
1126 g_debug (
"reverse_lookup_unify: Skipped %d host(s).",
1127 gvm_hosts_reverse_lookup_unify (
hosts));
1130 if (prefs_get_bool (
"reverse_lookup_only"))
1131 g_debug (
"reverse_lookup_only: Skipped %d host(s).",
1132 gvm_hosts_reverse_lookup_only (
hosts));
References hosts.
Referenced by attack_network().
◆ attack_host()
Attack one host.
Definition at line 630 of file attack.c.
634 int num_plugs, forks_retry = 0, all_plugs_launched = 0;
635 char ip_str[INET6_ADDRSTRLEN];
639 addr6_to_str (ip, ip_str);
645 setproctitle (
"openvas: testing %s", ip_str);
668 killpg (parent, SIGUSR1);
678 static int last_status = 0, cur_plug = 0;
692 buffer,
sizeof (buffer),
693 "LOG|||%s||| |||general/Host_Details||| |||<host><detail>"
694 "<name>Host dead</name><value>1</value><source>"
695 "<description/><type/><name/></source></detail></host>",
708 g_warning (
"Launch failed for %s. No free slot available "
709 "in the internal process table for starting a "
722 "fork() failed for %s - sleeping %d seconds (%s)",
723 plugin->
oid, forks_retry, strerror (errno));
729 g_warning (
"fork() failed too many times - aborting");
735 if ((cur_plug * 100) / num_plugs >= last_status
738 last_status = (cur_plug * 100) / num_plugs + 2;
745 else if (plugin == NULL)
754 && prefs_get_bool (
"mqtt_enabled"))
760 buffer,
sizeof (buffer),
761 "ERRMSG|||%s||| ||| ||| ||| Unable to launch table driven lsc",
764 "internal/results", buffer);
765 g_warning (
"%s: Unable to launch table driven LSC", __func__);
775 all_plugs_launched = 1;
780 g_message (
"Vulnerability scan %s for host %s: not all plugins "
References check_kb_inconsistency(), comm_send_status(), comm_send_status_host_dead(), ERR_CANT_FORK, ERR_HOST_DEAD, ERR_NO_FREE_SLOT, fork_sleep(), get_main_kb(), attack_start_args::host, attack_start_args::host_kb, host_kb, scan_globals::host_pid, host_set_time(), host_vhosts, kb_item_push_str_with_main_kb_check(), launch_plugin(), MAX_FORK_RETRIES, scheduler_plugin::oid, PLUG_RUNNING, pluginlaunch_init(), pluginlaunch_stop(), pluginlaunch_wait(), pluginlaunch_wait_for_free_process(), plugins_scheduler_count_active(), plugins_scheduler_free(), plugins_scheduler_next(), plugins_scheduler_stop(), process_alive(), run_table_driven_lsc(), scan_globals::scan_id, scan_is_stopped(), and attack_start_args::sched.
Referenced by attack_start().
◆ attack_network()
Attack a whole network.
Definition at line 1247 of file attack.c.
1249 int max_hosts = 0, max_checks;
1250 const char *hostlist;
1253 int fork_retries = 0;
1257 const gchar *port_range;
1258 int allow_simultaneous_ips;
1265 gboolean test_alive_hosts_only = prefs_get_bool (
"test_alive_hosts_only");
1266 gvm_hosts_t *alive_hosts_list = NULL;
1267 kb_t alive_hosts_kb = NULL;
1268 if (test_alive_hosts_only)
1271 gettimeofday (&then, NULL);
1277 hostlist = prefs_get (
"TARGET");
1278 if (hostlist == NULL)
1284 port_range = prefs_get (
"port_range");
1285 if (validate_port_range (port_range))
1289 main_kb,
"Invalid port list. Ports must be in the range [1-65535]",
1290 NULL, NULL,
"ERRMSG");
1292 g_warning (
"Invalid port list. Ports must be in the range [1-65535]. "
1293 "Scan terminated.");
1300 int plugins_init_error = 0;
1302 prefs_get_bool (
"auto_enable_dependencies"),
1303 &plugins_init_error);
1306 g_message (
"Couldn't initialize the plugin scheduler");
1310 if (plugins_init_error > 0)
1313 "%d errors were found during the plugin scheduling. "
1314 "Some plugins have not been launched.",
1315 plugins_init_error);
1325 hosts = gvm_hosts_new (hostlist);
1329 buffer = g_strdup_printf (
"Invalid target list: %s.", hostlist);
1338 g_warning (
"Invalid target list. Scan terminated.");
1342 unresolved = gvm_hosts_resolve (
hosts);
1345 g_warning (
"Couldn't resolve hostname '%s'", (
char *) unresolved->data);
1346 unresolved = unresolved->next;
1348 g_slist_free_full (unresolved, g_free);
1353 int already_excluded = 0;
1356 #ifdef FEATURE_HOSTS_ALLOWED_ONLY
1360 apply_hosts_allow_deny (
hosts);
1365 sprintf (buf,
"%d", gvm_hosts_count (
hosts) + already_excluded);
1378 g_message (
"Vulnerability scan %s started: Target has %d hosts: "
1379 "%s, with max_hosts = %d and max_checks = %d",
1380 globals->
scan_id, gvm_hosts_count (
hosts), hostlist, max_hosts,
1383 if (test_alive_hosts_only)
1386 gboolean ad_finished = FALSE;
1389 struct in6_addr tmpaddr;
1393 err = pthread_create (&tid, NULL, start_alive_detection, (
void *)
hosts);
1396 "%s: pthread_create() returned EAGAIN: Insufficient resources "
1397 "to create thread.",
1400 g_debug (
"%s: started alive detection.", __func__);
1402 for (
host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1404 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1409 if (gvm_host_get_addr6 (
host, &tmpaddr) == 0)
1414 "%s: Get first host to test from Queue. This host is used for "
1415 "initialising the alive_hosts_list.",
1418 alive_hosts_list = gvm_hosts_new (gvm_host_value_str (
host));
1424 allow_simultaneous_ips = prefs_get_bool (
"allow_simultaneous_ips");
1432 if (!test_alive_hosts_only
1437 gvm_hosts_move_current_host_to_end (
hosts);
1444 rc = kb_new (&arg_host_kb, prefs_get (
"db_address"));
1445 if (rc < 0 && rc != -2)
1459 host_str = gvm_host_value_str (
host);
1463 kb_delete (arg_host_kb);
1470 kb_delete (arg_host_kb);
1478 args.host_kb = arg_host_kb;
1489 g_warning (
"fork() failed - %s. %s won't be tested",
1490 strerror (errno), host_str);
1495 g_debug (
"fork() failed - "
1496 "sleeping %d seconds and trying again...",
1503 if (test_alive_hosts_only)
1505 struct in6_addr tmpaddr;
1506 gvm_host_t *alive_buf;
1511 gboolean ad_finished = FALSE;
1512 for (
host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1514 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1519 if (
host && !allow_simultaneous_ips
1522 struct in6_addr hostip;
1523 char ip_str[INET6_ADDRSTRLEN];
1526 gvm_host_get_addr6 (
host, &hostip);
1527 addr6_to_str (&hostip, ip_str);
1531 flag_set = finish_signal_on_queue (alive_hosts_kb);
1533 put_host_on_queue (alive_hosts_kb, ip_str);
1534 g_debug (
"Reallocating the host %s at the end of the queue",
1537 gvm_host_free (
host);
1542 g_debug (
"Reallocating finish signal in the host queue");
1543 realloc_finish_signal_on_queue (alive_hosts_kb);
1550 if (
host && gvm_host_get_addr6 (
host, &tmpaddr) == 0)
1554 gvm_host_free (alive_buf);
1559 gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (
host));
1561 g_debug (
"%s: got NULL host, stop/finish scan", __func__);
1574 killpg (getpid (), SIGUSR1);
1576 g_debug (
"Test complete");
1582 g_hash_table_destroy (files);
1586 if (test_alive_hosts_only)
1591 kb_lnk_reset (alive_hosts_kb);
1592 g_debug (
"%s: free alive detection data ", __func__);
1595 g_debug (
"%s: waiting for alive detection thread to be finished...",
1600 g_debug (
"%s: pthread_join() returned EDEADLK.", __func__);
1602 g_debug (
"%s: pthread_join() returned EINVAL.", __func__);
1604 g_debug (
"%s: pthread_join() returned ESRCH.", __func__);
1605 if (retval == PTHREAD_CANCELED)
1606 g_debug (
"%s: pthread_join() returned PTHREAD_CANCELED.", __func__);
1610 g_debug (
"%s: Finished waiting for alive detection thread.", __func__);
1615 gettimeofday (&now, NULL);
1616 if (test_alive_hosts_only)
1617 g_message (
"Vulnerability scan %s finished in %ld seconds: "
1618 "%d alive hosts of %d",
1619 globals->
scan_id, now.tv_sec - then.tv_sec,
1620 gvm_hosts_count (alive_hosts_list), gvm_hosts_count (
hosts));
1622 g_message (
"Vulnerability scan %s finished in %ld seconds: %d hosts",
1623 globals->
scan_id, now.tv_sec - then.tv_sec,
1624 gvm_hosts_count (
hosts));
1626 gvm_hosts_free (
hosts);
1627 if (alive_hosts_list)
1628 gvm_hosts_free (alive_hosts_list);
References ad_thread_joined(), apply_hosts_excluded(), apply_hosts_preferences_ordering(), apply_hosts_reverse_lookup_preferences(), attack_start(), check_deprecated_prefs(), check_kb_access(), connect_main_kb(), create_ipc_process(), scan_globals::files_translation, fork_sleep(), get_alive_detection_tid(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, host_is_currently_scanned(), attack_start_args::host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), INVALID_TARGET_LIST, KB_RETRY_DELAY, main_kb, MAX_FORK_RETRIES, message_to_client(), openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_alive_detection_tid(), set_scan_status(), and timeval().
Referenced by openvas().
◆ attack_start()
Set up some data and jump into attack_host()
Definition at line 917 of file attack.c.
920 char ip_str[INET6_ADDRSTRLEN], *hostnames;
921 struct in6_addr hostip;
931 gettimeofday (&then, NULL);
939 if (prefs_get_bool (
"expand_vhosts"))
940 gvm_host_add_reverse_lookup (args->
host);
941 if ((ret = gvm_vhosts_exclude (args->
host, prefs_get (
"exclude_hosts"))) > 0)
942 g_message (
"exclude_hosts: Skipped %d vhost(s).", ret);
943 gvm_host_get_addr6 (args->
host, &hostip);
944 addr6_to_str (&hostip, ip_str);
946 #ifndef FEATURE_HOSTS_ALLOWED_ONLY
948 if (ret_host_auth < 0)
950 if (ret_host_auth == -1)
954 ip_str, NULL,
"ERRMSG");
957 g_warning (
"Host %s access denied.", ip_str);
962 if (prefs_get_bool (
"test_empty_vhost"))
965 gvm_vhost_new (g_strdup (ip_str), g_strdup (
"IP-address"));
966 args->
host->vhosts = g_slist_prepend (args->
host->vhosts, vhost);
970 g_message (
"Vulnerability scan %s started for host: %s (Vhosts: %s)",
971 globals->
scan_id, ip_str, hostnames);
973 g_message (
"Vulnerability scan %s started for host: %s", globals->
scan_id,
983 gettimeofday (&now, NULL);
984 if (now.tv_usec < then.tv_usec)
987 now.tv_usec += 1000000;
990 "Vulnerability scan %s finished for host %s in %ld.%.2ld seconds",
991 globals->
scan_id, ip_str, (
long) (now.tv_sec - then.tv_sec),
992 (
long) ((now.tv_usec - then.tv_usec) / 10000));
References attack_host(), check_host_authorization(), get_main_kb(), attack_start_args::globals, attack_start_args::host, attack_start_args::host_kb, attack_start_args::ipc_context, ipcc, kb_item_set_str_with_main_kb_check(), main_kb, message_to_client(), scan_globals::scan_id, scan_is_stopped(), set_kb_readable(), timeval(), and vhosts_to_str().
Referenced by attack_network().
◆ check_deprecated_prefs()
| static void check_deprecated_prefs |
( |
void |
| ) |
|
|
static |
Check if any deprecated prefs are in pref table and print warning.
Definition at line 819 of file attack.c.
821 const gchar *source_iface = prefs_get (
"source_iface");
822 const gchar *ifaces_allow = prefs_get (
"ifaces_allow");
823 const gchar *ifaces_deny = prefs_get (
"ifaces_deny");
824 const gchar *sys_ifaces_allow = prefs_get (
"sys_ifaces_allow");
825 const gchar *sys_ifaces_deny = prefs_get (
"sys_ifaces_deny");
827 if (source_iface || ifaces_allow || ifaces_deny || sys_ifaces_allow
833 msg = g_strdup_printf (
834 "The following provided settings are deprecated since the 22.4 "
835 "release and will be ignored: %s%s%s%s%s",
836 source_iface ?
"source_iface (task setting) " :
"",
837 ifaces_allow ?
"ifaces_allow (user setting) " :
"",
838 ifaces_deny ?
"ifaces_deny (user setting) " :
"",
839 sys_ifaces_allow ?
"sys_ifaces_allow (scanner only setting) " :
"",
840 sys_ifaces_deny ?
"sys_ifaces_deny (scanner only setting)" :
"");
841 g_warning (
"%s: %s", __func__, msg);
References connect_main_kb(), main_kb, and message_to_client().
Referenced by attack_network().
◆ check_host_authorization()
| static int check_host_authorization |
( |
gvm_host_t * |
host, |
|
|
const struct in6_addr * |
addr |
|
) |
| |
|
static |
Definition at line 888 of file attack.c.
890 gvm_hosts_t *hosts_allow, *hosts_deny;
891 gvm_hosts_t *sys_hosts_allow, *sys_hosts_deny;
894 hosts_allow = gvm_hosts_new (prefs_get (
"hosts_allow"));
895 hosts_deny = gvm_hosts_new (prefs_get (
"hosts_deny"));
899 sys_hosts_allow = gvm_hosts_new (prefs_get (
"sys_hosts_allow"));
900 sys_hosts_deny = gvm_hosts_new (prefs_get (
"sys_hosts_deny"));
904 gvm_hosts_free (hosts_allow);
905 gvm_hosts_free (hosts_deny);
906 gvm_hosts_free (sys_hosts_allow);
907 gvm_hosts_free (sys_hosts_deny);
References host_authorized().
Referenced by attack_start().
◆ check_kb_access()
| static int check_kb_access |
( |
void |
| ) |
|
|
static |
◆ comm_send_status()
| static int comm_send_status |
( |
kb_t |
main_kb, |
|
|
char * |
ip_str, |
|
|
int |
curr, |
|
|
int |
max |
|
) |
| |
|
static |
Sends the progress status of of a host's scan.
Status format "current_host/launched/total". Current host is the ip_str of the current host which is vulnerability tested. Launched is the number of plguins(VTs) which got already started. Total is the total number of plugins which will be started for the current host.
- Parameters
-
| main_kb | Kb to use. |
| ip_str | str representation of host ip |
| curr | Currently launched plugins (VTs) for the host |
| max | Maximum number of plugins which will be launched for the host |
- Returns
- 0 on success, -1 on error.
Definition at line 204 of file attack.c.
206 char status_buf[2048];
211 if (strlen (ip_str) > (
sizeof (status_buf) - 50))
214 snprintf (status_buf,
sizeof (status_buf),
"%s/%d/%d", ip_str, curr,
max);
References kb_item_push_str_with_main_kb_check(), main_kb, and max.
Referenced by attack_host(), and Ensure().
◆ comm_send_status_host_dead()
| static int comm_send_status_host_dead |
( |
kb_t |
main_kb, |
|
|
char * |
ip_str |
|
) |
| |
|
static |
Send status to the client that the host is dead.
Originally the progress status is of the format "current_host/launched/total". Current host is the ip_str of the current host which is vulnerability tested. Launched is the number of plguins(VTs) which got already started. Total is the total number of plugins which will be started for the current host. But here we use the format "current_host/0/-1" for implicit singalling that the host is dead.
- Parameters
-
| main_kb | Kb to use |
| ip_str | str representation of host ip |
- Returns
- 0 on success, -1 on failure.
Definition at line 170 of file attack.c.
173 const gchar *host_dead_status_code =
"0/-1";
174 const gchar *topic =
"internal/status";
178 if (strlen (ip_str) > 1998)
180 status = g_strjoin (
"/", ip_str, host_dead_status_code, NULL);
References kb_item_push_str_with_main_kb_check(), and main_kb.
Referenced by attack_host().
◆ connect_main_kb()
| static int connect_main_kb |
( |
kb_t * |
main_kb | ) |
|
|
static |
◆ fork_sleep()
| static void fork_sleep |
( |
int |
n | ) |
|
|
static |
◆ get_alive_detection_tid()
| static pthread_t get_alive_detection_tid |
( |
| ) |
|
|
static |
◆ handle_scan_stop_signal()
| static void handle_scan_stop_signal |
( |
| ) |
|
|
static |
◆ host_authorized()
| static int host_authorized |
( |
const gvm_host_t * |
host, |
|
|
const struct in6_addr * |
addr, |
|
|
const gvm_hosts_t * |
hosts_allow, |
|
|
const gvm_hosts_t * |
hosts_deny |
|
) |
| |
|
static |
◆ launch_plugin()
Launches a nvt. Respects safe check preference (i.e. does not try.
destructive nvt if save_checks is yes).
Does not launch a plugin twice if !save_kb_replay.
- Returns
- ERR_HOST_DEAD if host died, ERR_CANT_FORK if forking failed, ERR_NO_FREE_SLOT if the process table is full, 0 otherwise.
Definition at line 525 of file attack.c.
529 int optimize = prefs_get_bool (
"optimize_test");
530 int launch_error,
pid, ret = 0;
531 char *
oid, *
name, *error = NULL, ip_str[INET6_ADDRSTRLEN];
535 addr6_to_str (ip, ip_str);
537 nvti = nvticache_get_nvt (
oid);
542 g_message (
"Plugin '%s' missing from nvticache.",
oid);
544 goto finish_launch_plugin;
549 goto finish_launch_plugin;
552 if (prefs_get_bool (
"safe_checks")
555 if (prefs_get_bool (
"log_whole_attack"))
557 name = nvticache_get_filename (
oid);
558 g_message (
"Not launching %s (%s) against %s because safe checks are"
559 " enabled (this is not an error)",
564 goto finish_launch_plugin;
570 error =
"because a mandatory key is missing";
575 if (prefs_get_bool (
"log_whole_attack"))
577 name = nvticache_get_filename (
oid);
579 "Not launching %s (%s) against %s %s (this is not an error)",
name,
583 goto finish_launch_plugin;
587 if (kb_item_get_int (args->
host_kb,
"Host/dead") > 0)
589 g_message (
"The remote host %s is dead", ip_str);
593 goto finish_launch_plugin;
611 goto finish_launch_plugin;
614 if (prefs_get_bool (
"log_whole_attack"))
616 name = nvticache_get_filename (
oid);
617 g_message (
"Launching %s (%s) against %s [%d]",
name,
oid, ip_str,
pid);
621 finish_launch_plugin:
References ERR_CANT_FORK, ERR_HOST_DEAD, ERR_NO_FREE_SLOT, get_main_kb(), attack_start_args::host_kb, ipc_contexts::len, mandatory_requirements_met(), name, nvti_category_is_safe(), oid, scheduler_plugin::oid, pid, plugin_launch(), PLUGIN_STATUS_DONE, PLUGIN_STATUS_UNRUN, pluginlaunch_stop(), procs_get_ipc_contexts(), read_ipc(), requirements_plugin(), scheduler_plugin::running_state, and scan_is_stopped().
Referenced by attack_host().
◆ message_to_client()
| static void message_to_client |
( |
kb_t |
kb, |
|
|
const char * |
msg, |
|
|
const char * |
ip_str, |
|
|
const char * |
port, |
|
|
const char * |
type |
|
) |
| |
|
static |
◆ nvti_category_is_safe()
| static int nvti_category_is_safe |
( |
int |
category | ) |
|
|
static |
◆ process_ipc_data()
| static void process_ipc_data |
( |
const gchar * |
result | ) |
|
|
static |
Definition at line 454 of file attack.c.
463 g_warning (
"%s: Unknown data type.", __func__);
467 g_warning (
"%s: ihost data is NULL ignoring new vhost", __func__);
474 g_warning (
"%s: iuser_agent data is NULL, ignoring new user agent",
478 gchar *old_ua = NULL;
480 g_debug (
"%s: The User-Agent %s has been overwritten with %s",
References append_vhost(), ipc_data_destroy(), ipc_data_from_json(), IPC_DT_ERROR, IPC_DT_HOSTNAME, IPC_DT_USER_AGENT, ipc_get_data_type_from_data(), ipc_get_hostname_from_data(), ipc_get_hostname_source_from_data(), ipc_get_user_agent_from_data(), and user_agent_set().
Referenced by read_ipc().
◆ read_ipc()
◆ report_kb_failure()
| static void report_kb_failure |
( |
int |
errcode | ) |
|
|
static |
Definition at line 235 of file attack.c.
239 errcode = abs (errcode);
240 msg = g_strdup_printf (
"WARNING: Cannot connect to KB at '%s': %s'",
241 prefs_get (
"db_address"), strerror (errcode));
242 g_warning (
"%s", msg);
Referenced by attack_network(), and check_kb_access().
◆ run_table_driven_lsc()
| static int run_table_driven_lsc |
( |
const char * |
scan_id, |
|
|
kb_t |
kb, |
|
|
const char * |
ip_str, |
|
|
const char * |
hostname |
|
) |
| |
|
static |
Publish the necessary data to start a Table driven LSC scan.
If the gather-package-list.nasl plugin was launched, and it generated a valid package list for a supported OS, the table driven LSC scan which is subscribed to the topic will perform a scan an publish the the results to be handle by the sensor/client.
- Parameters
-
| scan_id | Scan Id. |
| kb | |
| ip_str | IP string of host. |
| hostname | Name of host. |
- Returns
- 0 on success, less than 0 on error.
Definition at line 331 of file attack.c.
339 gchar *status = NULL;
345 err = mqtt_subscribe (
"scanner/status");
348 g_warning (
"%s: Error starting lsc. Unable to subscribe", __func__);
353 os_release = kb_item_get_str (kb,
"ssh/login/release_notus");
355 package_list = kb_item_get_str (kb,
"ssh/login/package_list_notus");
356 if (!os_release || !package_list)
360 os_release, package_list);
361 g_free (package_list);
365 if (json_str == NULL)
368 g_message (
"Running Notus for %s", ip_str);
369 err = mqtt_publish (
"scanner/package/cmd/notus", json_str);
372 g_warning (
"%s: Error publishing message for Notus.", __func__);
382 err = mqtt_retrieve_message (&topic, &topic_len, &
payload, &payload_len,
384 if (err == -1 || err == 1)
386 g_warning (
"%s: Unable to retrieve status message from notus. %s",
387 __func__, err == 1 ?
"Timeout after 60 s." :
"");
400 if (!g_strcmp0 (status,
"running"))
402 g_debug (
"%s: table driven LSC with scan id %s successfully started "
409 err = mqtt_retrieve_message (&topic, &topic_len, &
payload,
410 &payload_len, 60000);
413 g_warning (
"%s: Unable to retrieve status message from notus.",
419 g_warning (
"%s: Unablet to retrieve message. Timeout after 60s.",
432 g_warning (
"%s: Unable to start lsc. Got status: %s", __func__, status);
437 if (g_strcmp0 (status,
"finished"))
440 "%s: table driven lsc with scan id %s did not finish successfully "
441 "for host %s. Last status was %s",
442 __func__,
scan_id, ip_str, status);
446 g_debug (
"%s: table driven lsc with scan id %s successfully finished "
References get_status_of_table_driven_lsc_from_json(), hostname, make_table_driven_lsc_info_json_str(), payload, and scan_id.
Referenced by attack_host().
◆ scan_is_stopped()
| static int scan_is_stopped |
( |
void |
| ) |
|
|
static |
◆ scan_stop_cleanup()
| static void scan_stop_cleanup |
( |
void |
| ) |
|
|
static |
◆ set_alive_detection_tid()
| static void set_alive_detection_tid |
( |
pthread_t |
tid | ) |
|
|
static |
◆ set_kb_readable()
| static void set_kb_readable |
( |
int |
host_kb_index | ) |
|
|
static |
◆ set_scan_status()
| static void set_scan_status |
( |
char * |
status | ) |
|
|
static |
◆ vhosts_to_str()
| static char* vhosts_to_str |
( |
GSList * |
list | ) |
|
|
static |
Definition at line 796 of file attack.c.
802 string = g_string_new (((gvm_vhost_t *)
list->data)->value);
803 if (g_slist_length (
list) == 1)
804 return g_string_free (
string, FALSE);
808 g_string_append (
string,
", ");
809 g_string_append (
string, ((gvm_vhost_t *)
list->data)->value);
812 return g_string_free (
string, FALSE);
References list::next.
Referenced by attack_start().
◆ alive_detection_tid
| pthread_t alive_detection_tid |
|
static |
◆ global_scan_stop
◆ host_kb
◆ host_vhosts
| GSList* host_vhosts = NULL |
|
static |
static int comm_send_status(kb_t main_kb, char *ip_str, int curr, int max)
Sends the progress status of of a host's scan.
static int host_authorized(const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
int check_kb_inconsistency(kb_t main_kb)
Check if the current main kb corresponds to the original scan main kb. @description Compares the scan...
void plugins_scheduler_stop(plugins_scheduler_t sched)
static pthread_t alive_detection_tid
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
static void set_alive_detection_tid(pthread_t tid)
void pluginlaunch_stop(void)
static void report_kb_failure(int errcode)
static void attack_host(struct scan_globals *globals, struct in6_addr *ip, struct attack_start_args *args)
Attack one host.
static void apply_hosts_preferences_ordering(gvm_hosts_t *hosts)
#define INVALID_TARGET_LIST
void ipc_data_destroy(ipc_data_t **data)
destroys ipc_data.
static void fork_sleep(int n)
static struct ipc_contexts * ipcc
static void read_ipc(struct ipc_context *ctx)
char * ipc_retrieve(struct ipc_context *context, enum ipc_relation from)
retrieves data for the relation based on the context
static int run_table_driven_lsc(const char *scan_id, kb_t kb, const char *ip_str, const char *hostname)
Publish the necessary data to start a Table driven LSC scan.
static void scan_stop_cleanup(void)
struct ipc_context * ipc_context
static void process_ipc_data(const gchar *result)
int plugin_launch(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb, kb_t main_kb, nvti_t *nvti, int *error)
Start a plugin.
void plugins_scheduler_free(plugins_scheduler_t sched)
enum ipc_data_type ipc_get_data_type_from_data(ipc_data_t *data)
Get the data type in data.
void pluginlaunch_wait(kb_t main_kb, kb_t kb)
Waits and 'pushes' processes until num_running_processes is 0.
gchar * user_agent_set(const gchar *ua)
Set user-agent.
static void check_deprecated_prefs(void)
Check if any deprecated prefs are in pref table and print warning.
static void append_vhost(const char *vhost, const char *source)
int plugins_scheduler_count_active(plugins_scheduler_t sched)
void(*)(int) openvas_signal(int signum, void(*handler)(int))
char * requirements_plugin(kb_t kb, nvti_t *nvti)
Determine if the plugin requirements are met.
static GSList * host_vhosts
struct scan_globals * globals
int hosts_new(char *name, kb_t kb, kb_t main_kb)
GHashTable * files_translation
int hosts_init(int max_hosts)
static gboolean ad_thread_joined(gboolean joined)
Set and get if alive detection thread was already joined by main thread.
enum plugin_status running_state
gchar * ipc_get_hostname_from_data(ipc_data_t *data)
Get the hostname from IPC data.
pid_t create_ipc_process(ipc_process_func func, void *args)
initializes a communication channels and calls a function with a new process
int kb_item_set_str_with_main_kb_check(kb_t kb, const char *name, const char *value, size_t len)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_set_str....
void pluginlaunch_init(const char *host)
#define ERR_CANT_FORK
Error for when it is not possible to fork a new plugin process.
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
static char * vhosts_to_str(GSList *list)
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int *error)
#define ERR_NO_FREE_SLOT
Error for when the process table is full.
gchar * make_table_driven_lsc_info_json_str(const char *scan_id, const char *ip_str, const char *hostname, const char *os_release, const char *package_list)
Build a json object with data necessary to start a table drive LSC.
static void message_to_client(kb_t kb, const char *msg, const char *ip_str, const char *port, const char *type)
static int comm_send_status_host_dead(kb_t main_kb, char *ip_str)
Send status to the client that the host is dead.
static void set_kb_readable(int host_kb_index)
Add the Host KB index to the list of readable KBs used by ospd-openvas.
int process_alive(pid_t pid)
static void attack_start(struct ipc_context *ipcc, struct attack_start_args *args)
Set up some data and jump into attack_host()
void pluginlaunch_wait_for_free_process(kb_t main_kb, kb_t kb)
Waits and 'pushes' processes until the number of running processes has changed.
void(* ipc_process_func)(struct ipc_context *, void *)
gchar * get_status_of_table_driven_lsc_from_json(const char *scan_id, const char *host_ip, const char *json, int len)
Get the status of table driven lsc from json object.
static struct timeval timeval(unsigned long val)
static int scan_is_stopped(void)
gchar * ipc_get_hostname_source_from_data(ipc_data_t *data)
Get the vhost hostname source from IPC data.
plugins_scheduler_t sched
gchar * ipc_get_user_agent_from_data(ipc_data_t *data)
Get the User-Agent from IPC data.
Host information, implemented as doubly linked list.
int get_max_checks_number(void)
void hosts_stop_all(void)
static int apply_hosts_reverse_lookup_preferences(gvm_hosts_t *hosts)
static void handle_scan_stop_signal()
int mandatory_requirements_met(kb_t kb, nvti_t *nvti)
Check whether mandatory requirements for plugin are met.
static int check_host_authorization(gvm_host_t *host, const struct in6_addr *addr)
void host_set_time(kb_t kb, char *ip, char *type)
Add star_scan and end_scan results to the main kb.
static int launch_plugin(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, struct attack_start_args *args)
Launches a nvt. Respects safe check preference (i.e. does not try.
static void apply_hosts_excluded(gvm_hosts_t *hosts)
int get_max_hosts_number(void)
struct ipc_data * ipc_data_from_json(const char *json, size_t len)
transforms json string to a ipc_data struct
static int nvti_category_is_safe(int category)
Checks that an NVT category is safe.
static pthread_t get_alive_detection_tid()
int hosts_set_pid(char *name, pid_t pid)
static struct host * hosts
static int connect_main_kb(kb_t *main_kb)
Connect to the main kb. Must be released with kb_lnk_reset() after use.
int kb_item_push_str_with_main_kb_check(kb_t kb, const char *name, const char *value)
Check if the current kb corresponds to the original scanid, if it matches it kb_item_push_str....
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
struct scheduler_plugin * plugins_scheduler_next(plugins_scheduler_t h)
int host_is_currently_scanned(gvm_host_t *host_to_check)
Returns 1 if the host is being scanned. 0 otherwise.
static int check_kb_access(void)
int kb_item_add_int_unique_with_main_kb_check(kb_t kb, const char *name, int value)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_add_int_uni...
const struct ipc_contexts * procs_get_ipc_contexts(void)
returns ipc_contexts.