OpenVAS Scanner  22.7.9
nasl_builtin_plugins.h File Reference

Header file for built-in plugins. More...

#include "nasl_lex_ctxt.h"
#include "nasl_tree.h"
Include dependency graph for nasl_builtin_plugins.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellplugin_run_find_service (lex_ctxt *)
 
tree_cellplugin_run_openvas_tcp_scanner (lex_ctxt *)
 
tree_cellplugin_run_synscan (lex_ctxt *)
 

Detailed Description

Header file for built-in plugins.

Definition in file nasl_builtin_plugins.h.

Function Documentation

◆ plugin_run_find_service()

tree_cell* plugin_run_find_service ( lex_ctxt )

Definition at line 2435 of file nasl_builtin_find_service.c.

2436 {
2437  struct script_infos *desc = lexic->script_infos;
2438 
2439  oid = lexic->oid;
2440 
2441  kb_t kb = plug_get_kb (desc);
2442  struct kb_item *kbitem, *kbitem_tmp;
2443 
2444  GSList *sons_args[MAX_SONS];
2445  int num_ports = 0;
2446  char *num_sons_s;
2447  int num_sons = 6;
2448  int port_per_son;
2449  int i;
2450  int test_ssl = 1;
2451  char *key = get_plugin_preference (oid, KEY_FILE, -1);
2452  char *cert = get_plugin_preference (oid, CERT_FILE, -1);
2453  char *pempass = get_plugin_preference (oid, PEM_PASS, -1);
2454  char *cafile = get_plugin_preference (oid, CA_FILE, -1);
2455  char *test_ssl_s = get_plugin_preference (oid, TEST_SSL_PREF, -1);
2456 
2457  if (key && key[0] != '\0')
2458  key = (char *) get_plugin_preference_fname (desc, key);
2459  else
2460  key = NULL;
2461 
2462  if (cert && cert[0] != '\0')
2463  cert = (char *) get_plugin_preference_fname (desc, cert);
2464  else
2465  cert = NULL;
2466 
2467  if (cafile && cafile[0] != '\0')
2468  cafile = (char *) get_plugin_preference_fname (desc, cafile);
2469  else
2470  cafile = NULL;
2471 
2472  if (test_ssl_s != NULL)
2473  {
2474  if (strcmp (test_ssl_s, "None") == 0)
2475  test_ssl = 0;
2476  }
2477  g_free (test_ssl_s);
2478  if (key || cert)
2479  {
2480  if (!key)
2481  key = cert;
2482  if (!cert)
2483  cert = key;
2484  plug_set_ssl_cert (desc, cert);
2485  plug_set_ssl_key (desc, key);
2486  }
2487  if (pempass != NULL)
2488  plug_set_ssl_pem_password (desc, pempass);
2489  if (cafile != NULL)
2490  plug_set_ssl_CA_file (desc, cafile);
2491 
2492  signal (SIGTERM, sigterm);
2493  signal (SIGCHLD, sigchld);
2494  num_sons_s = get_plugin_preference (oid, NUM_CHILDREN, -1);
2495  if (num_sons_s != NULL)
2496  num_sons = atoi (num_sons_s);
2497  g_free (num_sons_s);
2498 
2499  if (num_sons <= 0)
2500  num_sons = 6;
2501 
2502  if (num_sons > MAX_SONS)
2503  num_sons = MAX_SONS;
2504 
2505  for (i = 0; i < num_sons; i++)
2506  {
2507  sons[i] = 0;
2508  sons_args[i] = NULL;
2509  }
2510 
2511  if (kb == NULL)
2512  return NULL; // TODO: in old days returned "1". Still relevant?
2513 
2514  kbitem = kb_item_get_pattern (kb, "Ports/tcp/*");
2515 
2516  /* count the number of open TCP ports */
2517  kbitem_tmp = kbitem;
2518  while (kbitem_tmp != NULL)
2519  {
2520  num_ports++;
2521  kbitem_tmp = kbitem_tmp->next;
2522  }
2523 
2524  port_per_son = num_ports / num_sons;
2525 
2526  /* The next two loops distribute the ports across a number of 'sons'.
2527  */
2528 
2529  kbitem_tmp = kbitem;
2530 
2531  for (i = 0; i < num_sons; i = i + 1)
2532  {
2533  int j;
2534 
2535  if (kbitem_tmp != NULL)
2536  {
2537  for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2538  {
2539  sons_args[i] =
2540  g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2541  j++;
2542  kbitem_tmp = kbitem_tmp->next;
2543  }
2544  }
2545  else
2546  break;
2547  }
2548 
2549  for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2550  {
2551  sons_args[i] =
2552  g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2553  i++;
2554  kbitem_tmp = kbitem_tmp->next;
2555  }
2556 
2557  kb_item_free (kbitem);
2558 
2559  for (i = 0; i < num_sons; i++)
2560  if (sons_args[i] == NULL)
2561  break;
2562 
2563  num_sons = i;
2564 
2565  for (i = 0; i < num_sons; i++)
2566  {
2567  usleep (5000);
2568  if (sons_args[i] != NULL)
2569  {
2570  sons[i] = fork ();
2571  if (sons[i] == 0)
2572  {
2573  kb_lnk_reset (kb);
2574  kb_lnk_reset (get_main_kb ());
2575  mqtt_reset ();
2576  nvticache_reset ();
2577 
2578  signal (SIGTERM, _exit);
2579  plugin_do_run (desc, sons_args[i], test_ssl);
2580  _exit (0);
2581  }
2582  else
2583  {
2584  if (sons[i] < 0)
2585  sons[i] = 0; /* Fork failed */
2586  }
2587  g_slist_free_full (sons_args[i], g_free);
2588  }
2589  }
2590 
2591  for (;;)
2592  {
2593  int flag = 0;
2594 
2595  for (i = 0; i < num_sons; i++)
2596  {
2597  if (sons[i] != 0)
2598  {
2599  while (waitpid (sons[i], NULL, WNOHANG) && errno == EINTR)
2600  ;
2601 
2602  if (kill (sons[i], 0) >= 0)
2603  flag++;
2604  }
2605  }
2606 
2607  if (flag == 0)
2608  break;
2609  usleep (100000);
2610  }
2611 
2612  return NULL;
2613 }

References CA_FILE, CERT_FILE, get_main_kb(), get_plugin_preference(), get_plugin_preference_fname(), KEY_FILE, MAX_SONS, NUM_CHILDREN, oid, struct_lex_ctxt::oid, PEM_PASS, plug_get_kb(), plug_set_ssl_CA_file(), plug_set_ssl_cert(), plug_set_ssl_key(), plug_set_ssl_pem_password(), plugin_do_run(), struct_lex_ctxt::script_infos, sigchld(), sigterm(), sons, and TEST_SSL_PREF.

Here is the call graph for this function:

◆ plugin_run_openvas_tcp_scanner()

tree_cell* plugin_run_openvas_tcp_scanner ( lex_ctxt )

Definition at line 1049 of file nasl_builtin_openvas_tcp_scanner.c.

1050 {
1051  struct script_infos *desc = lexic->script_infos;
1052  const char *port_range = prefs_get ("port_range");
1053  const char *p;
1054  struct in6_addr *p_addr;
1055  unsigned int timeout = 0, max_cnx, min_cnx, x;
1056  int safe_checks = prefs_get_bool ("safe_checks");
1057 
1058  p = prefs_get ("checks_read_timeout");
1059  if (p != NULL)
1060  timeout = atoi (p);
1061  if (timeout <= 0)
1062  timeout = 5;
1063  {
1064  int max_host = 0, max_checks = 0, cur_sys_fd = 0, max_sys_fd = 0;
1065  struct rlimit rlim;
1066  FILE *fp;
1067  int i;
1068  double loadavg[3], maxloadavg = -1.0;
1069  int stderr_fd = dup (2);
1070  int devnull_fd = open ("/dev/null", O_WRONLY);
1071  /* Avoid error messages from sysctl */
1072  if (devnull_fd <= 0)
1073  {
1074  if (stderr_fd != -1)
1075  close (stderr_fd);
1076  return NULL;
1077  }
1078  dup2 (devnull_fd, 2);
1079 
1080  p = prefs_get ("max_hosts");
1081  if (p != NULL)
1082  max_host = atoi (p);
1083  if (max_host <= 0)
1084  max_host = 15;
1085 
1086  p = prefs_get ("max_checks");
1087  if (p != NULL)
1088  max_checks = atoi (p);
1089  if (max_checks <= 0 || max_checks > 5)
1090  {
1091  max_checks = 5; /* bigger values do not make sense */
1092  g_debug ("openvas_tcp_scanner: max_checks forced to %d", max_checks);
1093  }
1094 
1095  min_cnx = 8 * max_checks;
1096  if (safe_checks)
1097  max_cnx = 24 * max_checks;
1098  else
1099  max_cnx = 80 * max_checks;
1100 
1101  getloadavg (loadavg, 3);
1102  for (i = 0; i < 3; i++)
1103  if (loadavg[i] > maxloadavg)
1104  maxloadavg = loadavg[i];
1105 
1106  if (max_sys_fd <= 0)
1107  {
1108  fp = popen ("sysctl fs.file-nr", "r");
1109  if (fp != NULL)
1110  {
1111  if (fscanf (fp, "%*s = %*d %d %d", &cur_sys_fd, &max_sys_fd) == 1)
1112  max_sys_fd -= cur_sys_fd;
1113  else
1114  max_sys_fd = 0;
1115  pclose (fp);
1116  }
1117  }
1118  if (max_sys_fd <= 0)
1119  {
1120  fp = popen ("sysctl fs.file-max", "r");
1121  if (fp != NULL)
1122  {
1123  if (fscanf (fp, "%*s = %d", &max_sys_fd) < 1)
1124  max_sys_fd = 0;
1125  pclose (fp);
1126  }
1127  }
1128 
1129  if (max_sys_fd <= 0)
1130  {
1131  fp = popen ("sysctl kern.maxfiles", "r");
1132  if (fp != NULL)
1133  {
1134  if (fscanf (fp, "%*s = %d", &max_sys_fd) < 1)
1135  max_sys_fd = 0;
1136  pclose (fp);
1137  }
1138  }
1139 
1140  /* Restore stderr */
1141  close (devnull_fd);
1142  dup2 (stderr_fd, 2);
1143  close (stderr_fd);
1144 
1145  if (maxloadavg >= 0.0)
1146  max_cnx /= (1.0 + maxloadavg);
1147 
1148  if (max_sys_fd <= 0)
1149  max_sys_fd = 16384; /* reasonable default */
1150  /* Let's leave at least 1024 FD for other processes */
1151  if (max_sys_fd < 1024)
1152  x = GRAB_MIN_SOCK;
1153  else
1154  {
1155  max_sys_fd -= 1024;
1156  x = max_sys_fd / max_host;
1157  }
1158  if (max_cnx > x)
1159  max_cnx = x;
1160  if (max_cnx > GRAB_MAX_SOCK)
1161  max_cnx = GRAB_MAX_SOCK;
1162  if (max_cnx < GRAB_MIN_SOCK)
1163  max_cnx = GRAB_MIN_SOCK;
1164 
1165  if (safe_checks && max_cnx > GRAB_MAX_SOCK_SAFE)
1166  max_cnx = GRAB_MAX_SOCK_SAFE;
1167 
1168  if (getrlimit (RLIMIT_NOFILE, &rlim) < 0)
1169  perror ("getrlimit(RLIMIT_NOFILE)");
1170  else
1171  {
1172  /* value = one greater than the maximum file descriptor number */
1173  if (rlim.rlim_cur != RLIM_INFINITY && max_cnx >= rlim.rlim_cur)
1174  max_cnx = rlim.rlim_cur - 1;
1175  }
1176  x = max_cnx / 2;
1177  if (min_cnx > x)
1178  min_cnx = x > 0 ? x : 1;
1179  }
1180 
1181  p_addr = desc->ip;
1182  if (p_addr == NULL)
1183  return NULL; // TODO: before it returned "1";
1184  if (banner_grab (p_addr, port_range, timeout, min_cnx, max_cnx, desc) < 0)
1185  return NULL; // TODO: before it returned "1";
1186  plug_set_key (desc, "Host/scanned", ARG_INT, (void *) 1);
1187  plug_set_key (desc, "Host/scanners/openvas_tcp_scanner", ARG_INT, (void *) 1);
1188  return NULL;
1189 }

References ARG_INT, banner_grab(), GRAB_MAX_SOCK, GRAB_MAX_SOCK_SAFE, GRAB_MIN_SOCK, script_infos::ip, plug_set_key(), safe_checks(), and struct_lex_ctxt::script_infos.

Here is the call graph for this function:

◆ plugin_run_synscan()

tree_cell* plugin_run_synscan ( lex_ctxt )

Definition at line 778 of file nasl_builtin_synscan.c.

779 {
780  struct script_infos *env = lexic->script_infos;
781  unsigned long rtt;
782  struct in6_addr *dst6 = plug_get_host_ip (env);
783  struct in_addr *dst;
784  struct in_addr inaddr;
785 
786  inaddr.s_addr = dst6->s6_addr32[3];
787  dst = &inaddr;
788 
789  if (islocalhost (dst))
790  return NULL;
791 
792  rtt = htonl (1 << 28);
793 
794  const char *range = prefs_get ("port_range");
795  scan (env, (char *) range, dst6, rtt);
796  plug_set_key (env, "Host/scanned", ARG_INT, (void *) 1);
797  plug_set_key (env, "Host/scanners/synscan", ARG_INT, (void *) 1);
798  return NULL;
799 }

References ARG_INT, islocalhost(), plug_get_host_ip(), plug_set_key(), scan(), and struct_lex_ctxt::script_infos.

Here is the call graph for this function:
script_infos::ip
struct in6_addr * ip
Definition: scanneraux.h:37
script_infos
Definition: scanneraux.h:29
KEY_FILE
#define KEY_FILE
Definition: nasl_builtin_find_service.c:31
MAX_SONS
#define MAX_SONS
Definition: nasl_builtin_find_service.c:2404
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:1055
sons
static pid_t sons[MAX_SONS]
Definition: nasl_builtin_find_service.c:2406
GRAB_MAX_SOCK_SAFE
#define GRAB_MAX_SOCK_SAFE
Definition: nasl_builtin_openvas_tcp_scanner.c:48
plug_set_ssl_key
void plug_set_ssl_key(struct script_infos *args, char *key)
Definition: plugutils.c:1318
plugin_do_run
static int plugin_do_run(struct script_infos *desc, GSList *h, int test_ssl)
Definition: nasl_builtin_find_service.c:1542
GRAB_MAX_SOCK
#define GRAB_MAX_SOCK
Definition: nasl_builtin_openvas_tcp_scanner.c:35
plug_set_ssl_CA_file
void plug_set_ssl_CA_file(struct script_infos *args, char *key)
Definition: plugutils.c:1334
oid
const char * oid
Definition: nasl_builtin_find_service.c:51
get_plugin_preference
char * get_plugin_preference(const char *oid, const char *name, int pref_id)
Get the a plugins preference.
Definition: plugutils.c:743
islocalhost
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition: pcap.c:261
safe_checks
tree_cell * safe_checks(lex_ctxt *lexic)
Definition: nasl_scanner_glue.c:612
PEM_PASS
#define PEM_PASS
Definition: nasl_builtin_find_service.c:32
get_plugin_preference_fname
const char * get_plugin_preference_fname(struct script_infos *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
Definition: plugutils.c:831
ARG_INT
#define ARG_INT
Definition: plugutils.h:20
sigterm
static void sigterm(int s)
Definition: nasl_builtin_find_service.c:2409
CERT_FILE
#define CERT_FILE
Definition: nasl_builtin_find_service.c:30
CA_FILE
#define CA_FILE
Definition: nasl_builtin_find_service.c:33
plug_set_ssl_cert
void plug_set_ssl_cert(struct script_infos *args, char *cert)
Definition: plugutils.c:1312
plug_set_ssl_pem_password
void plug_set_ssl_pem_password(struct script_infos *args, char *key)
Definition: plugutils.c:1324
scan
static int scan(struct script_infos *env, char *portrange, struct in6_addr *dst6, unsigned long rtt)
Definition: nasl_builtin_synscan.c:676
plug_set_key
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
Definition: plugutils.c:962
banner_grab
static int banner_grab(const struct in6_addr *pia, const char *portrange, const int read_timeout, int min_cnx, int max_cnx, struct script_infos *desc)
Definition: nasl_builtin_openvas_tcp_scanner.c:144
sigchld
static void sigchld(int s)
Definition: nasl_builtin_find_service.c:2423
TEST_SSL_PREF
#define TEST_SSL_PREF
Definition: nasl_builtin_find_service.c:37
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition: kb_cache.c:41
NUM_CHILDREN
#define NUM_CHILDREN
Definition: nasl_builtin_find_service.c:39
GRAB_MIN_SOCK
#define GRAB_MIN_SOCK
Definition: nasl_builtin_openvas_tcp_scanner.c:41