OpenVAS Scanner  22.7.9
attack.h File Reference

attack.c header. More...

#include "../misc/scanneraux.h"
#include <gvm/util/kb.h>
Include dependency graph for attack.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void attack_network (struct scan_globals *)
 Attack a whole network. More...
 

Detailed Description

attack.c header.

Definition in file attack.h.

Function Documentation

◆ attack_network()

void attack_network ( struct scan_globals )

Attack a whole network.

Definition at line 1247 of file attack.c.

1248 {
1249  int max_hosts = 0, max_checks;
1250  const char *hostlist;
1251  gvm_host_t *host;
1252  plugins_scheduler_t sched;
1253  int fork_retries = 0;
1254  GHashTable *files;
1255  struct timeval then, now;
1256  gvm_hosts_t *hosts;
1257  const gchar *port_range;
1258  int allow_simultaneous_ips;
1259  kb_t arg_host_kb, main_kb;
1260  GSList *unresolved;
1261  char buf[96];
1262 
1264 
1265  gboolean test_alive_hosts_only = prefs_get_bool ("test_alive_hosts_only");
1266  gvm_hosts_t *alive_hosts_list = NULL;
1267  kb_t alive_hosts_kb = NULL;
1268  if (test_alive_hosts_only)
1269  connect_main_kb (&alive_hosts_kb);
1270 
1271  gettimeofday (&then, NULL);
1272 
1273  if (check_kb_access ())
1274  return;
1275 
1276  /* Init and check Target List */
1277  hostlist = prefs_get ("TARGET");
1278  if (hostlist == NULL)
1279  {
1280  return;
1281  }
1282 
1283  /* Verify the port range is a valid one */
1284  port_range = prefs_get ("port_range");
1285  if (validate_port_range (port_range))
1286  {
1289  main_kb, "Invalid port list. Ports must be in the range [1-65535]",
1290  NULL, NULL, "ERRMSG");
1291  kb_lnk_reset (main_kb);
1292  g_warning ("Invalid port list. Ports must be in the range [1-65535]. "
1293  "Scan terminated.");
1294  set_scan_status ("finished");
1295 
1296  return;
1297  }
1298 
1299  /* Initialize the attack. */
1300  int plugins_init_error = 0;
1301  sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1302  prefs_get_bool ("auto_enable_dependencies"),
1303  &plugins_init_error);
1304  if (!sched)
1305  {
1306  g_message ("Couldn't initialize the plugin scheduler");
1307  return;
1308  }
1309 
1310  if (plugins_init_error > 0)
1311  {
1312  sprintf (buf,
1313  "%d errors were found during the plugin scheduling. "
1314  "Some plugins have not been launched.",
1315  plugins_init_error);
1316 
1318  message_to_client (main_kb, buf, NULL, NULL, "ERRMSG");
1319  kb_lnk_reset (main_kb);
1320  }
1321 
1322  max_hosts = get_max_hosts_number ();
1323  max_checks = get_max_checks_number ();
1324 
1325  hosts = gvm_hosts_new (hostlist);
1326  if (hosts == NULL)
1327  {
1328  char *buffer;
1329  buffer = g_strdup_printf ("Invalid target list: %s.", hostlist);
1331  message_to_client (main_kb, buffer, NULL, NULL, "ERRMSG");
1332  g_free (buffer);
1333  /* Send the hosts count to the client as -1,
1334  * because the invalid target list.*/
1336  "HOSTS_COUNT");
1337  kb_lnk_reset (main_kb);
1338  g_warning ("Invalid target list. Scan terminated.");
1339  goto stop;
1340  }
1341 
1342  unresolved = gvm_hosts_resolve (hosts);
1343  while (unresolved)
1344  {
1345  g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1346  unresolved = unresolved->next;
1347  }
1348  g_slist_free_full (unresolved, g_free);
1349 
1350  /* Apply Hosts preferences. */
1352 
1353  int already_excluded = 0;
1354  already_excluded = apply_hosts_reverse_lookup_preferences (hosts);
1355 
1356 #ifdef FEATURE_HOSTS_ALLOWED_ONLY
1357  // Remove hosts which are denied and/or keep the ones in the allowed host
1358  // lists
1359  // for both, user and system wide settings.
1360  apply_hosts_allow_deny (hosts);
1361 #endif
1362 
1363  /* Send the hosts count to the client, after removing duplicated and
1364  * unresolved hosts.*/
1365  sprintf (buf, "%d", gvm_hosts_count (hosts) + already_excluded);
1367  message_to_client (main_kb, buf, NULL, NULL, "HOSTS_COUNT");
1368  kb_lnk_reset (main_kb);
1369 
1370  // Remove the excluded hosts
1372 
1373  host = gvm_hosts_next (hosts);
1374  if (host == NULL)
1375  goto stop;
1376  hosts_init (max_hosts);
1377 
1378  g_message ("Vulnerability scan %s started: Target has %d hosts: "
1379  "%s, with max_hosts = %d and max_checks = %d",
1380  globals->scan_id, gvm_hosts_count (hosts), hostlist, max_hosts,
1381  max_checks);
1382 
1383  if (test_alive_hosts_only)
1384  {
1385  /* Boolean signalling if alive detection finished. */
1386  gboolean ad_finished = FALSE;
1387  int err;
1388  pthread_t tid;
1389  struct in6_addr tmpaddr;
1390 
1391  /* Reset the iterator. */
1392  hosts->current = 0;
1393  err = pthread_create (&tid, NULL, start_alive_detection, (void *) hosts);
1394  if (err == EAGAIN)
1395  g_warning (
1396  "%s: pthread_create() returned EAGAIN: Insufficient resources "
1397  "to create thread.",
1398  __func__);
1400  g_debug ("%s: started alive detection.", __func__);
1401 
1402  for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1403  !host && !ad_finished && !scan_is_stopped ();
1404  host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1405  {
1406  fork_sleep (1);
1407  }
1408 
1409  if (gvm_host_get_addr6 (host, &tmpaddr) == 0)
1410  host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1411  if (host)
1412  {
1413  g_debug (
1414  "%s: Get first host to test from Queue. This host is used for "
1415  "initialising the alive_hosts_list.",
1416  __func__);
1417  }
1418  alive_hosts_list = gvm_hosts_new (gvm_host_value_str (host));
1419  }
1420 
1421  /*
1422  * Start the attack !
1423  */
1424  allow_simultaneous_ips = prefs_get_bool ("allow_simultaneous_ips");
1426  while (host && !scan_is_stopped ())
1427  {
1428  int pid, rc;
1429  struct attack_start_args args;
1430  char *host_str;
1431 
1432  if (!test_alive_hosts_only
1433  && (!allow_simultaneous_ips && host_is_currently_scanned (host)))
1434  {
1435  sleep (1);
1436  // move the host at the end of the list and get the next host.
1437  gvm_hosts_move_current_host_to_end (hosts);
1438  host = gvm_hosts_next (hosts);
1439  continue;
1440  }
1441 
1442  do
1443  {
1444  rc = kb_new (&arg_host_kb, prefs_get ("db_address"));
1445  if (rc < 0 && rc != -2)
1446  {
1447  report_kb_failure (rc);
1448  goto scan_stop;
1449  }
1450  else if (rc == -2)
1451  {
1452  sleep (KB_RETRY_DELAY);
1453  continue;
1454  }
1455  break;
1456  }
1457  while (1);
1458 
1459  host_str = gvm_host_value_str (host);
1461  if (hosts_new (host_str, arg_host_kb, main_kb) < 0)
1462  {
1463  kb_delete (arg_host_kb);
1464  g_free (host_str);
1465  goto scan_stop;
1466  }
1467 
1468  if (scan_is_stopped ())
1469  {
1470  kb_delete (arg_host_kb);
1471  g_free (host_str);
1472  continue;
1473  }
1474 
1475  args.host = host;
1476  args.globals = globals;
1477  args.sched = sched;
1478  args.host_kb = arg_host_kb;
1479 
1480  forkagain:
1482  /* Close child process' socket. */
1483  if (pid < 0)
1484  {
1485  fork_retries++;
1486  if (fork_retries > MAX_FORK_RETRIES)
1487  {
1488  /* Forking failed - we go to the wait queue. */
1489  g_warning ("fork() failed - %s. %s won't be tested",
1490  strerror (errno), host_str);
1491  g_free (host_str);
1492  goto stop;
1493  }
1494 
1495  g_debug ("fork() failed - "
1496  "sleeping %d seconds and trying again...",
1497  fork_retries);
1498  fork_sleep (fork_retries);
1499  goto forkagain;
1500  }
1501  hosts_set_pid (host_str, pid);
1502 
1503  if (test_alive_hosts_only)
1504  {
1505  struct in6_addr tmpaddr;
1506  gvm_host_t *alive_buf;
1507 
1508  while (1)
1509  {
1510  /* Boolean signalling if alive detection finished. */
1511  gboolean ad_finished = FALSE;
1512  for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1513  !host && !ad_finished && !scan_is_stopped ();
1514  host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1515  {
1516  fork_sleep (1);
1517  }
1518 
1519  if (host && !allow_simultaneous_ips
1521  {
1522  struct in6_addr hostip;
1523  char ip_str[INET6_ADDRSTRLEN];
1524  int flag_set;
1525 
1526  gvm_host_get_addr6 (host, &hostip);
1527  addr6_to_str (&hostip, ip_str);
1528 
1529  // Re-add host at the end of the queue and reallocate the flag
1530  // if it was already set.
1531  flag_set = finish_signal_on_queue (alive_hosts_kb);
1532 
1533  put_host_on_queue (alive_hosts_kb, ip_str);
1534  g_debug ("Reallocating the host %s at the end of the queue",
1535  ip_str);
1536 
1537  gvm_host_free (host);
1538  host = NULL;
1539 
1540  if (flag_set)
1541  {
1542  g_debug ("Reallocating finish signal in the host queue");
1543  realloc_finish_signal_on_queue (alive_hosts_kb);
1544  }
1545  }
1546  else
1547  break;
1548  }
1549 
1550  if (host && gvm_host_get_addr6 (host, &tmpaddr) == 0)
1551  {
1552  alive_buf = host;
1553  host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1554  gvm_host_free (alive_buf);
1555  alive_buf = NULL;
1556  }
1557 
1558  if (host)
1559  gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
1560  else
1561  g_debug ("%s: got NULL host, stop/finish scan", __func__);
1562  }
1563  else
1564  {
1565  host = gvm_hosts_next (hosts);
1566  }
1567  g_free (host_str);
1568  }
1569 
1570  /* Every host is being tested... We have to wait for the processes
1571  * to terminate. */
1572  while (hosts_read () == 0)
1573  if (scan_is_stopped () == 1)
1574  killpg (getpid (), SIGUSR1);
1575 
1576  g_debug ("Test complete");
1577 
1578 scan_stop:
1579  /* Free the memory used by the files uploaded by the user, if any. */
1580  files = globals->files_translation;
1581  if (files)
1582  g_hash_table_destroy (files);
1583 
1584 stop:
1585 
1586  if (test_alive_hosts_only)
1587  {
1588  int err;
1589  void *retval;
1590 
1591  kb_lnk_reset (alive_hosts_kb);
1592  g_debug ("%s: free alive detection data ", __func__);
1593 
1594  /* need to wait for alive detection to finish */
1595  g_debug ("%s: waiting for alive detection thread to be finished...",
1596  __func__);
1597  /* Join alive detection thread. */
1598  err = pthread_join (get_alive_detection_tid (), &retval);
1599  if (err == EDEADLK)
1600  g_debug ("%s: pthread_join() returned EDEADLK.", __func__);
1601  if (err == EINVAL)
1602  g_debug ("%s: pthread_join() returned EINVAL.", __func__);
1603  if (err == ESRCH)
1604  g_debug ("%s: pthread_join() returned ESRCH.", __func__);
1605  if (retval == PTHREAD_CANCELED)
1606  g_debug ("%s: pthread_join() returned PTHREAD_CANCELED.", __func__);
1607  /* Set flag signaling that alive deteciton thread was joined. */
1608  if (err == 0)
1609  ad_thread_joined (TRUE);
1610  g_debug ("%s: Finished waiting for alive detection thread.", __func__);
1611  }
1612 
1613  plugins_scheduler_free (sched);
1614 
1615  gettimeofday (&now, NULL);
1616  if (test_alive_hosts_only)
1617  g_message ("Vulnerability scan %s finished in %ld seconds: "
1618  "%d alive hosts of %d",
1619  globals->scan_id, now.tv_sec - then.tv_sec,
1620  gvm_hosts_count (alive_hosts_list), gvm_hosts_count (hosts));
1621  else
1622  g_message ("Vulnerability scan %s finished in %ld seconds: %d hosts",
1623  globals->scan_id, now.tv_sec - then.tv_sec,
1624  gvm_hosts_count (hosts));
1625 
1626  gvm_hosts_free (hosts);
1627  if (alive_hosts_list)
1628  gvm_hosts_free (alive_hosts_list);
1629 
1630  set_scan_status ("finished");
1631 }

References ad_thread_joined(), apply_hosts_excluded(), apply_hosts_preferences_ordering(), apply_hosts_reverse_lookup_preferences(), attack_start(), check_deprecated_prefs(), check_kb_access(), connect_main_kb(), create_ipc_process(), scan_globals::files_translation, fork_sleep(), get_alive_detection_tid(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, host_is_currently_scanned(), attack_start_args::host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), INVALID_TARGET_LIST, KB_RETRY_DELAY, main_kb, MAX_FORK_RETRIES, message_to_client(), openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_alive_detection_tid(), set_scan_status(), and timeval().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function:
hosts_read
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition: hosts.c:253
plugins_scheduler
Definition: pluginscheduler.c:37
attack_start_args::host
gvm_host_t * host
Definition: attack.c:79
set_alive_detection_tid
static void set_alive_detection_tid(pthread_t tid)
Definition: attack.c:1157
attack_start_args
Definition: attack.c:74
main_kb
kb_t main_kb
Definition: kb_cache.c:15
report_kb_failure
static void report_kb_failure(int errcode)
Definition: attack.c:235
apply_hosts_preferences_ordering
static void apply_hosts_preferences_ordering(gvm_hosts_t *hosts)
Definition: attack.c:1064
INVALID_TARGET_LIST
#define INVALID_TARGET_LIST
Definition: attack.c:61
fork_sleep
static void fork_sleep(int n)
Definition: attack.c:247
plugins_scheduler_free
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition: pluginscheduler.c:518
check_deprecated_prefs
static void check_deprecated_prefs(void)
Check if any deprecated prefs are in pref table and print warning.
Definition: attack.c:819
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:79
attack_start_args::globals
struct scan_globals * globals
Definition: attack.c:75
hosts_new
int hosts_new(char *name, kb_t kb, kb_t main_kb)
Definition: hosts.c:151
hosts_init
int hosts_init(int max_hosts)
Definition: hosts.c:144
ad_thread_joined
static gboolean ad_thread_joined(gboolean joined)
Set and get if alive detection thread was already joined by main thread.
Definition: attack.c:1179
create_ipc_process
pid_t create_ipc_process(ipc_process_func func, void *args)
initializes a communication channels and calls a function with a new process
Definition: processes.c:195
KB_RETRY_DELAY
#define KB_RETRY_DELAY
Definition: attack.c:57
pid
static pid_t pid
Definition: nasl_cmd_exec.c:39
set_scan_status
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition: attack.c:134
plugins_scheduler_init
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int *error)
Definition: pluginscheduler.c:302
message_to_client
static void message_to_client(kb_t kb, const char *msg, const char *ip_str, const char *port, const char *type)
Definition: attack.c:222
attack_start
static void attack_start(struct ipc_context *ipcc, struct attack_start_args *args)
Set up some data and jump into attack_host()
Definition: attack.c:917
ipc_process_func
void(* ipc_process_func)(struct ipc_context *, void *)
Definition: ipc.h:47
timeval
static struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:94
scan_is_stopped
static int scan_is_stopped(void)
Definition: attack.c:265
attack_start_args::sched
plugins_scheduler_t sched
Definition: attack.c:78
host
Host information, implemented as doubly linked list.
Definition: hosts.c:37
get_max_checks_number
int get_max_checks_number(void)
Definition: utils.c:165
apply_hosts_reverse_lookup_preferences
static int apply_hosts_reverse_lookup_preferences(gvm_hosts_t *hosts)
Definition: attack.c:1087
handle_scan_stop_signal
static void handle_scan_stop_signal()
Definition: attack.c:1188
MAX_FORK_RETRIES
#define MAX_FORK_RETRIES
Definition: attack.c:53
apply_hosts_excluded
static void apply_hosts_excluded(gvm_hosts_t *hosts)
Definition: attack.c:997
get_max_hosts_number
int get_max_hosts_number(void)
Definition: utils.c:134
get_alive_detection_tid
static pthread_t get_alive_detection_tid()
Definition: attack.c:1162
hosts_set_pid
int hosts_set_pid(char *name, pid_t pid)
Definition: hosts.c:177
hosts
static struct host * hosts
Definition: hosts.c:49
connect_main_kb
static int connect_main_kb(kb_t *main_kb)
Connect to the main kb. Must be released with kb_lnk_reset() after use.
Definition: attack.c:95
host_is_currently_scanned
int host_is_currently_scanned(gvm_host_t *host_to_check)
Returns 1 if the host is being scanned. 0 otherwise.
Definition: hosts.c:271
check_kb_access
static int check_kb_access(void)
Definition: attack.c:1139