OpenVAS Scanner  22.7.9
network.h File Reference

Header file for module network. More...

#include "scanneraux.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <netinet/in.h>
#include <sys/select.h>
Include dependency graph for network.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define IS_ENCAPS_SSL(x)    ((x) >= OPENVAS_ENCAPS_SSLv23 && (x) <= OPENVAS_ENCAPS_TLScustom)
 
#define NO_PRIORITY_FLAGS   0
 
#define INSECURE_DH_PRIME_BITS   (1 << 0)
 

Typedefs

typedef enum openvas_encaps openvas_encaps_t
 

Enumerations

enum  openvas_encaps {
  OPENVAS_ENCAPS_AUTO = 0, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv2,
  OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12,
  OPENVAS_ENCAPS_TLSv13, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_MAX
}
 

Functions

int open_sock_tcp (struct script_infos *, unsigned int, int)
 
int open_sock_option (struct script_infos *, unsigned int, int, int, int)
 
int recv_line (int, char *, size_t)
 Reads a text from the socket stream into the argument buffer, always. More...
 
int nrecv (int, void *, int, int)
 
int socket_close (int)
 
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
 
unsigned short * getpts (char *, int *)
 Converts a string like "-100,200-1024,3000-4000,60000-" into an array. More...
 
void open_stream_tls_default_priorities (const char *p, const int pflag)
 
int open_stream_connection (struct script_infos *, unsigned int, int, int)
 
int open_stream_connection_ext (struct script_infos *, unsigned int, int, int, const char *, int)
 
int open_stream_auto_encaps_ext (struct script_infos *, unsigned int port, int timeout, int force)
 
int write_stream_connection (int, void *buf, int n)
 
int read_stream_connection (int, void *, int)
 
int read_stream_connection_min (int, void *, int, int)
 
int nsend (int, void *, int, int)
 
void add_close_stream_connection_hook (int(*)(int))
 
int close_stream_connection (int)
 
const char * get_encaps_name (openvas_encaps_t)
 
const char * get_encaps_through (openvas_encaps_t)
 
int open_sock_opt_hn (const char *, unsigned int, int, int, int)
 
int openvas_SSL_init (void)
 Initializes SSL support. More...
 
int stream_set_buffer (int, int)
 
int stream_get_buffer_sz (int)
 
int stream_get_err (int)
 
int openvas_register_connection (int s, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
 
int openvas_deregister_connection (int)
 
int openvas_get_socket_from_connection (int)
 
gnutls_session_t ovas_get_tlssession_from_connection (int)
 
int stream_zero (fd_set *)
 
int stream_set (int, fd_set *)
 
int os_send (int, void *, int, int)
 
int os_recv (int, void *, int, int)
 
int fd_is_stream (int)
 
int stream_set_timeout (int, int)
 
int socket_ssl_safe_renegotiation_status (int)
 Check if Secure Renegotiation is supported in the server side. More...
 
int socket_ssl_do_handshake (int)
 Do a re-handshake of the TLS/SSL protocol. More...
 
int socket_negotiate_ssl (int, openvas_encaps_t, struct script_infos *)
 Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one. More...
 
void socket_get_cert (int, void **, int *)
 
int socket_get_ssl_version (int)
 
void socket_get_ssl_session_id (int, void **, size_t *)
 
int socket_get_ssl_compression (int)
 
int socket_get_ssl_ciphersuite (int)
 

Detailed Description

Header file for module network.

Definition in file network.h.

Macro Definition Documentation

◆ INSECURE_DH_PRIME_BITS

#define INSECURE_DH_PRIME_BITS   (1 << 0)

Definition at line 49 of file network.h.

◆ IS_ENCAPS_SSL

#define IS_ENCAPS_SSL (   x)     ((x) >= OPENVAS_ENCAPS_SSLv23 && (x) <= OPENVAS_ENCAPS_TLScustom)

Definition at line 43 of file network.h.

◆ NO_PRIORITY_FLAGS

#define NO_PRIORITY_FLAGS   0

Definition at line 48 of file network.h.

Typedef Documentation

◆ openvas_encaps_t

Enumeration Type Documentation

◆ openvas_encaps

Enumerator
OPENVAS_ENCAPS_AUTO 
OPENVAS_ENCAPS_IP 
OPENVAS_ENCAPS_SSLv23 
OPENVAS_ENCAPS_SSLv2 
OPENVAS_ENCAPS_SSLv3 
OPENVAS_ENCAPS_TLSv1 
OPENVAS_ENCAPS_TLSv11 
OPENVAS_ENCAPS_TLSv12 
OPENVAS_ENCAPS_TLSv13 
OPENVAS_ENCAPS_TLScustom 
OPENVAS_ENCAPS_MAX 

Definition at line 28 of file network.h.

29 {
30  OPENVAS_ENCAPS_AUTO = 0, /* Request auto detection. */
32  OPENVAS_ENCAPS_SSLv23, /* Ask for compatibility options */
39  OPENVAS_ENCAPS_TLScustom, /* SSL/TLS using custom priorities. */

Function Documentation

◆ add_close_stream_connection_hook()

void add_close_stream_connection_hook ( int(*)(int)  )

◆ close_stream_connection()

int close_stream_connection ( int  )

Definition at line 1705 of file network.c.

1706 {
1707  openvas_connection *fp;
1708  if (!OPENVAS_STREAM (fd))
1709  {
1710  errno = EINVAL;
1711  return -1;
1712  }
1713  fp = OVAS_CONNECTION_FROM_FD (fd);
1714  g_debug ("close_stream_connection TCP:%d (fd=%d)", fp->port, fd);
1715 
1716  if (!OPENVAS_STREAM (fd)) /* Will never happen if debug is on! */
1717  {
1718  if (fd < 0 || fd > 1024)
1719  {
1720  errno = EINVAL;
1721  return -1;
1722  }
1723  shutdown (fd, 2);
1724  return socket_close (fd);
1725  }
1726  if (!run_csc_hooks (fd))
1727  return release_connection_fd (fd, 1);
1728  else
1729  return release_connection_fd (fd, 0);
1730 }

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::port, release_connection_fd(), run_csc_hooks(), and socket_close().

Referenced by nasl_close_socket(), nasl_end_denial(), nasl_start_denial(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ fd_is_stream()

int fd_is_stream ( int  )

◆ get_encaps_name()

const char* get_encaps_name ( openvas_encaps_t  )

Definition at line 1733 of file network.c.

1734 {
1735  static char str[100];
1736  switch (code)
1737  {
1738  case OPENVAS_ENCAPS_AUTO:
1739  return "auto";
1740  case OPENVAS_ENCAPS_IP:
1741  return "IP";
1742  case OPENVAS_ENCAPS_SSLv2:
1743  return "SSLv2";
1744  case OPENVAS_ENCAPS_SSLv23:
1745  return "SSLv23";
1746  case OPENVAS_ENCAPS_SSLv3:
1747  return "SSLv3";
1748  case OPENVAS_ENCAPS_TLSv1:
1749  return "TLSv1";
1750  case OPENVAS_ENCAPS_TLSv11:
1751  return "TLSv11";
1752  case OPENVAS_ENCAPS_TLSv12:
1753  return "TLSv12";
1754  case OPENVAS_ENCAPS_TLSv13:
1755  return "TLSv13";
1757  return "TLScustom";
1758  default:
1759  snprintf (str, sizeof (str), "[unknown transport layer - code %d (0x%x)]",
1760  code, code);
1761  return str;
1762  }
1763 }

References code, OPENVAS_ENCAPS_AUTO, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by get_port_transport(), nasl_get_sock_info(), and plugin_do_run().

Here is the caller graph for this function:

◆ get_encaps_through()

const char* get_encaps_through ( openvas_encaps_t  )

Definition at line 1766 of file network.c.

1767 {
1768  static char str[100];
1769  switch (code)
1770  {
1771  case OPENVAS_ENCAPS_IP:
1772  return "";
1773  case OPENVAS_ENCAPS_SSLv2:
1774  case OPENVAS_ENCAPS_SSLv23:
1775  case OPENVAS_ENCAPS_SSLv3:
1776  case OPENVAS_ENCAPS_TLSv1:
1777  case OPENVAS_ENCAPS_TLSv11:
1778  case OPENVAS_ENCAPS_TLSv12:
1779  case OPENVAS_ENCAPS_TLSv13:
1781  return " through SSL";
1782  default:
1783  snprintf (str, sizeof (str),
1784  " through unknown transport layer - code %d (0x%x)", code,
1785  code);
1786  return str;
1787  }
1788 }

References code, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by mark_acap_server(), mark_adsgone(), mark_avotus_mm_server(), mark_BitTorrent_server(), mark_citrix_server(), mark_dameware_server(), mark_dictd_server(), mark_direct_connect_hub(), mark_eggdrop_server(), mark_ens_server(), mark_exchg_routing_server(), mark_finger_server(), mark_fssniffer(), mark_ftp_server(), mark_fw1(), mark_giop_server(), mark_gnocatan_server(), mark_gnome14_server(), mark_http_proxy(), mark_http_server(), mark_imap_server(), mark_interscan_viruswall(), mark_ircxpro_admin_server(), mark_jabber_server(), mark_LISa_server(), mark_listserv_server(), mark_locked_adsubtract_server(), mark_lpd_server(), mark_lyskom_server(), mark_mon_server(), mark_nagiosd_server(), mark_nntp_server(), mark_ofa_express_server(), mark_pblocald_server(), mark_pbmaster_server(), mark_ph_server(), mark_pnsclient(), mark_pop3pw_server(), mark_ppp_daemon(), mark_psybnc(), mark_quicktime_streaming_server(), mark_remote_nc_server(), mark_rmserver(), mark_shoutcast_server(), mark_smppd_server(), mark_smtp_server(), mark_smux_server(), mark_snpp_server(), mark_spamd_server(), mark_stonegate_auth_server(), mark_sub7_server(), mark_tcpmux_server(), mark_teamspeak2_server(), mark_telnet_server(), mark_time_server(), mark_unknown_svc(), mark_upsmon_server(), mark_uucp_server(), mark_veritas_backup(), mark_vmware_auth(), mark_vtun_server(), mark_websm_server(), mark_whois_plus2_server(), and mark_zebra_server().

◆ get_sock_infos()

int get_sock_infos ( int  sock,
int *  r_transport,
void **  r_tls_session 
)

Definition at line 2256 of file network.c.

2257 {
2258  openvas_connection *fp;
2259 
2260  if (!OPENVAS_STREAM (sock))
2261  return ENOTSOCK;
2262  fp = &(connections[sock - OPENVAS_FD_OFF]);
2263 
2264  *r_transport = fp->transport;
2265  *r_tls_session = fp->tls_session;
2266  return 0;
2267 }

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_get_sock_info(), and nasl_socket_cert_verify().

Here is the caller graph for this function:

◆ getpts()

unsigned short* getpts ( char *  origexpr,
int *  len 
)

Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

of port numbers

This function is (c) Fyodor fyodo.nosp@m.r@dh.nosp@m.p.com and was taken from his excellent and outstanding scanner Nmap See http://www.insecure.org/nmap/ for details about Nmap

Definition at line 2296 of file network.c.

2297 {
2298  int exlen;
2299  char *p, *q;
2300  unsigned short *tmp, *ports;
2301  int i = 0, j = 0, start, end;
2302  char *expr;
2303  char *mem;
2304  char *s_start, *s_end;
2305  static unsigned short *last_ret = NULL;
2306  static char *last_expr = NULL;
2307  static int last_num;
2308 
2309  expr = g_strdup (origexpr);
2310  exlen = strlen (origexpr);
2311  mem = expr;
2312 
2313  if (last_expr != NULL)
2314  {
2315  if (strcmp (last_expr, expr) == 0)
2316  {
2317  if (len != NULL)
2318  *len = last_num;
2319  g_free (mem);
2320  return last_ret;
2321  }
2322  else
2323  {
2324  g_free (last_expr);
2325  last_expr = NULL;
2326  g_free (&last_ret);
2327  last_ret = NULL;
2328  }
2329  }
2330 
2331  ports = g_malloc0 (65536 * sizeof (short));
2332  for (; j < exlen; j++)
2333  if (expr[j] != ' ')
2334  expr[i++] = expr[j];
2335  expr[i] = '\0';
2336 
2337  if ((s_start = strstr (expr, "T:")) != NULL)
2338  expr = &(s_start[2]);
2339 
2340  if ((s_end = strstr (expr, "U:")) != NULL)
2341  {
2342  if (s_end[-1] == ',')
2343  s_end--;
2344  s_end[0] = '\0';
2345  }
2346 
2347  i = 0;
2348  while ((p = strchr (expr, ',')))
2349  {
2350  *p = '\0';
2351  if (*expr == '-')
2352  {
2353  start = 1;
2354  end = atoi (expr + 1);
2355  }
2356  else
2357  {
2358  start = end = atoi (expr);
2359  if ((q = strchr (expr, '-')) && *(q + 1))
2360  end = atoi (q + 1);
2361  else if (q && !*(q + 1))
2362  end = 65535;
2363  }
2364  if (start < 1)
2365  start = 1;
2366  if (start > end)
2367  {
2368  g_free (mem);
2369  g_free (ports);
2370  return NULL;
2371  }
2372  for (j = start; j <= end; j++)
2373  ports[i++] = j;
2374  expr = p + 1;
2375  }
2376  if (*expr == '-')
2377  {
2378  start = 1;
2379  end = atoi (expr + 1);
2380  }
2381  else
2382  {
2383  start = end = atoi (expr);
2384  if ((q = strchr (expr, '-')) && *(q + 1))
2385  end = atoi (q + 1);
2386  else if (q && !*(q + 1))
2387  end = 65535;
2388  }
2389  if (start < 1)
2390  start = 1;
2391  if (start > end)
2392  {
2393  g_free (mem);
2394  g_free (ports);
2395  return NULL;
2396  }
2397  for (j = start; j <= end; j++)
2398  ports[i++] = j;
2399  ports[i++] = 0;
2400 
2401  qsort (ports, i, sizeof (u_short), qsort_compar);
2402  tmp = g_realloc (ports, i * sizeof (short));
2403  if (len != NULL)
2404  *len = i - 1;
2405  g_free (mem);
2406 
2407  last_ret = tmp;
2408  last_expr = g_strdup (origexpr);
2409  last_num = i - 1;
2410  return tmp;
2411 }

References len, and qsort_compar().

Referenced by nasl_scanner_get_port(), and scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nrecv()

int nrecv ( int  ,
void *  ,
int  ,
int   
)

Definition at line 1628 of file network.c.

1629 {
1630  int e;
1631  if (OPENVAS_STREAM (fd))
1632  {
1633  if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1634  g_message ("OpenVAS file descriptor %d closed ?!", fd);
1635  else
1636  return read_stream_connection (fd, data, length);
1637  }
1638  /* Trying OS's recv()
1639  *
1640  * Do *NOT* use os_recv() here, as it will be blocking until the exact
1641  * amount of requested data arrives
1642  */
1643  block_socket (fd);
1644  do
1645  {
1646  e = recv (fd, data, length, i_opt);
1647  }
1648  while (e < 0 && errno == EINTR);
1649  return e;
1650 }

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, and read_stream_connection().

Here is the call graph for this function:

◆ nsend()

int nsend ( int  ,
void *  ,
int  ,
int   
)

Definition at line 1589 of file network.c.

1590 {
1591  int n = 0;
1592 
1593  if (OPENVAS_STREAM (fd))
1594  {
1595  if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1596  g_message ("OpenVAS file descriptor %d closed ?!", fd);
1597  else
1598  return write_stream_connection4 (fd, data, length, i_opt);
1599  }
1600  /* Trying OS's send() */
1601  block_socket (fd); /* ??? */
1602  do
1603  {
1604  struct timeval tv = {0, 5};
1605  fd_set wr;
1606  int e;
1607 
1608  FD_ZERO (&wr);
1609  FD_SET (fd, &wr);
1610 
1611  errno = 0;
1612  e = select (fd + 1, NULL, &wr, NULL, &tv);
1613  if (e > 0)
1614  n = os_send (fd, data, length, i_opt);
1615  else if (e < 0 && errno == EINTR)
1616  continue;
1617  else
1618  break;
1619  }
1620  while (n <= 0 && errno == EINTR);
1621  if (n < 0)
1622  g_message ("[%d] nsend():send %s", getpid (), strerror (errno));
1623 
1624  return n;
1625 }

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, os_send(), timeval(), and write_stream_connection4().

Referenced by nasl_end_denial(), and nasl_send().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_opt_hn()

int open_sock_opt_hn ( const char *  ,
unsigned int  ,
int  ,
int  ,
int   
)

Definition at line 1890 of file network.c.

1892 {
1893  struct sockaddr_in addr;
1894  struct sockaddr_in6 addr6;
1895  struct in6_addr in6addr;
1896 
1897  gvm_resolve_as_addr6 (hostname, &in6addr);
1898  if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1899  {
1900  bzero ((void *) &addr, sizeof (addr));
1901  addr.sin_family = AF_INET;
1902  addr.sin_port = htons ((unsigned short) port);
1903  addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1904  return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1905  sizeof (struct sockaddr_in));
1906  }
1907  else
1908  {
1909  bzero ((void *) &addr6, sizeof (addr6));
1910  addr6.sin6_family = AF_INET6;
1911  addr6.sin6_port = htons ((unsigned short) port);
1912  memcpy (&addr6.sin6_addr, &in6addr, sizeof (struct in6_addr));
1913  return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1914  sizeof (struct sockaddr_in6));
1915  }
1916 }

References hostname, open_socket(), and protocol.

Referenced by nasl_open_sock_kdc().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_option()

int open_sock_option ( struct script_infos ,
unsigned int  ,
int  ,
int  ,
int   
)

Definition at line 1996 of file network.c.

1998 {
1999  struct sockaddr_in addr;
2000  struct sockaddr_in6 addr6;
2001  struct in6_addr *t;
2002 
2003  t = plug_get_host_ip (args);
2004  if (!t)
2005  {
2006  g_message ("ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
2007  return (-1);
2008  }
2009  if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
2010  return (-1);
2011  if (IN6_IS_ADDR_V4MAPPED (t))
2012  {
2013  bzero ((void *) &addr, sizeof (addr));
2014  addr.sin_family = AF_INET;
2015  addr.sin_port = htons ((unsigned short) port);
2016  addr.sin_addr.s_addr = t->s6_addr32[3];
2017  return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
2018  sizeof (struct sockaddr_in));
2019  }
2020  else
2021  {
2022  bzero ((void *) &addr6, sizeof (addr6));
2023  addr6.sin6_family = AF_INET6;
2024  addr6.sin6_port = htons ((unsigned short) port);
2025  memcpy (&addr6.sin6_addr, t, sizeof (struct in6_addr));
2026  return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
2027  sizeof (struct sockaddr_in6));
2028  }
2029 }

References open_socket(), plug_get_host_ip(), and protocol.

Referenced by open_sock_tcp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_tcp()

int open_sock_tcp ( struct script_infos ,
unsigned int  ,
int   
)

Definition at line 1919 of file network.c.

1920 {
1921  int ret, retry = 0;
1922  const char *timeout_retry;
1923 
1924  timeout_retry = prefs_get ("timeout_retry");
1925  if (timeout_retry)
1926  retry = atoi (timeout_retry);
1927  if (retry < 0)
1928  retry = 0;
1929 
1930  while (retry >= 0)
1931  {
1932  errno = 0;
1933  ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
1934  if (ret >= 0 || errno != ETIMEDOUT)
1935  break;
1936  retry--;
1937  }
1938  if (ret < 0 && errno == ETIMEDOUT)
1939  {
1940  int log_count, attempts = 0;
1941  char *ip_str = plug_get_host_ip_str (args), buffer[1024];
1942  kb_t kb = plug_get_kb (args);
1943  const char *max_attempts;
1944 
1945  max_attempts = prefs_get ("open_sock_max_attempts");
1946  if (max_attempts)
1947  attempts = atoi (max_attempts);
1948  if (attempts < 0)
1949  attempts = 0;
1950 
1951  g_snprintf (buffer, sizeof (buffer), "ConnectTimeout/%s/%d", ip_str,
1952  port);
1953  log_count = kb_item_get_int (kb, buffer);
1954  if (log_count == -1)
1955  log_count = 0;
1956  if (log_count < 3)
1957  {
1958  g_message ("open_sock_tcp: %s:%d time-out.", ip_str, port);
1959  log_count++;
1960  kb_item_set_int_with_main_kb_check (kb, buffer, log_count);
1961  }
1962  if ((log_count >= attempts) && (attempts != 0))
1963  {
1964  /* After some unsuccessfully attempts, the port is set to closed to
1965  * avoid new attempts from other plugins.
1966  */
1967  if (host_get_port_state (args, port) > 0)
1968  {
1969  char host_port_ip_str[INET6_ADDRSTRLEN];
1970 
1971  g_snprintf (buffer, sizeof (buffer), "Ports/tcp/%d", port);
1972  g_message ("open_sock_tcp: %s:%d too many timeouts. "
1973  "This port will be set to closed.",
1974  host_port_ip_str, port);
1975  kb_item_set_int_with_main_kb_check (kb, buffer, 0);
1976 
1977  addr6_to_str (args->ip, host_port_ip_str);
1978  snprintf (
1979  buffer, sizeof (buffer),
1980  "ERRMSG|||%s|||%s|||%d/tcp||| |||Too many timeouts. The port"
1981  " was set to closed.",
1982  host_port_ip_str,
1983  plug_current_vhost () ? plug_current_vhost () : " ", port);
1984 
1986  "internal/results", buffer);
1987  }
1988  }
1989  g_free (ip_str);
1990  }
1991 
1992  return ret;
1993 }

References get_main_kb(), host_get_port_state(), script_infos::ip, kb_item_push_str_with_main_kb_check(), kb_item_set_int_with_main_kb_check(), open_sock_option(), plug_current_vhost(), plug_get_host_ip_str(), and plug_get_kb().

Referenced by open_stream_connection_ext().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_auto_encaps_ext()

int open_stream_auto_encaps_ext ( struct script_infos ,
unsigned int  port,
int  timeout,
int  force 
)

Definition at line 1185 of file network.c.

1187 {
1188  int fd, transport;
1189 
1190  if (force)
1191  {
1192  /* Try SSL/TLS first */
1193  transport = OPENVAS_ENCAPS_TLScustom;
1194  fd = open_stream_connection (args, port, transport, timeout);
1195  if (fd < 0)
1196  {
1197  transport = OPENVAS_ENCAPS_IP;
1198  fd = open_stream_connection (args, port, OPENVAS_ENCAPS_IP, timeout);
1199  if (fd < 0)
1200  return -1;
1201  }
1202  /* Store that encapsulation mode in the KB. */
1203  plug_set_port_transport (args, port, transport);
1204  return fd;
1205  }
1206  else
1207  {
1208  transport = plug_get_port_transport (args, port);
1209  fd = open_stream_connection (args, port, transport, timeout);
1210  return fd;
1211  }
1212  /*NOTREACHED*/
1213 }

References open_stream_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_TLScustom, plug_get_port_transport(), and plug_set_port_transport().

Referenced by nasl_open_sock_tcp_bufsz().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection()

int open_stream_connection ( struct script_infos ,
unsigned int  ,
int  ,
int   
)

Definition at line 1175 of file network.c.

1177 {
1178  return open_stream_connection_ext (args, port, transport, timeout,
1180 }

References open_stream_connection_ext(), tls_priorities, and tls_priority_flag.

Referenced by nasl_end_denial(), nasl_start_denial(), open_stream_auto_encaps_ext(), plugin_do_run(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection_ext()

int open_stream_connection_ext ( struct script_infos ,
unsigned int  ,
int  ,
int  ,
const char *  ,
int   
)

Definition at line 1046 of file network.c.

1049 {
1050  int fd, ret;
1051  openvas_connection *fp;
1052  char *cert = NULL;
1053  char *key = NULL;
1054  char *passwd = NULL;
1055  char *cafile = NULL;
1056  char *hostname = NULL;
1057  char *hostname_aux = NULL;
1058 
1059  /* Because plug_get_host_fqdn() forks for each vhost, we fork() before
1060  creating the socket */
1061  hostname_aux = plug_get_host_fqdn (args);
1062 
1063  if (!priority)
1064  priority = ""; /* To us an empty string is equivalent to NULL. */
1065 
1066  g_debug ("[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
1067  " priority: '%s'",
1068  getpid (), port, transport, timeout, priority);
1069 
1070  if (timeout == -2)
1071  timeout = TIMEOUT;
1072 
1073  ret = -1;
1074  switch (transport)
1075  {
1076  case OPENVAS_ENCAPS_IP:
1077 
1078  case OPENVAS_ENCAPS_SSLv23:
1079  case OPENVAS_ENCAPS_SSLv3:
1080  case OPENVAS_ENCAPS_TLSv1:
1081  case OPENVAS_ENCAPS_TLSv11:
1082  case OPENVAS_ENCAPS_TLSv12:
1083  case OPENVAS_ENCAPS_TLSv13:
1085  case OPENVAS_ENCAPS_SSLv2:
1086  break;
1087 
1088  default:
1089  g_message ("open_stream_connection_ext(): unsupported transport"
1090  " layer %d passed by %s",
1091  transport, args->name);
1092  errno = EINVAL;
1093 
1094  g_free (hostname_aux);
1095  return ret;
1096  }
1097 
1098  if ((fd = get_connection_fd ()) < 0)
1099  {
1100  g_free (hostname_aux);
1101  return ret;
1102  }
1103  fp = OVAS_CONNECTION_FROM_FD (fd);
1104 
1105  fp->transport = transport;
1106  g_free (fp->priority);
1107  if (*priority)
1108  fp->priority = g_strdup (priority);
1109  else
1110  fp->priority = NULL;
1111  fp->timeout = timeout;
1112  fp->port = port;
1113  fp->last_err = 0;
1114 
1115  fp->fd = open_sock_tcp (args, port, timeout);
1116  if (fp->fd < 0)
1117  goto failed;
1118 
1119  kb_t kb = plug_get_kb (args);
1120  switch (transport)
1121  {
1122  char buf[1024];
1123 
1124  case OPENVAS_ENCAPS_IP:
1125  break;
1126  case OPENVAS_ENCAPS_SSLv23:
1127  case OPENVAS_ENCAPS_SSLv3:
1128  case OPENVAS_ENCAPS_TLSv1:
1129  case OPENVAS_ENCAPS_TLSv11:
1130  case OPENVAS_ENCAPS_TLSv12:
1131  case OPENVAS_ENCAPS_TLSv13:
1133  cert = kb_item_get_str (kb, "SSL/cert");
1134  key = kb_item_get_str (kb, "SSL/key");
1135  passwd = kb_item_get_str (kb, "SSL/password");
1136 
1137  cafile = kb_item_get_str (kb, "SSL/CA");
1138 
1139  /* fall through */
1140 
1141  case OPENVAS_ENCAPS_SSLv2:
1142  /* We do not need a client certificate in this case */
1143  snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
1144  if (kb_item_get_int (kb, buf) <= 0)
1145  hostname = hostname_aux;
1146 
1147  ret =
1148  open_SSL_connection (fp, cert, key, passwd, cafile, hostname, flags);
1149  g_free (cert);
1150  g_free (key);
1151  g_free (passwd);
1152  g_free (cafile);
1153  if (ret <= 0)
1154  goto failed;
1155  break;
1156  }
1157 
1158  g_free (hostname_aux);
1159 
1160  return fd;
1161 
1162 failed:
1163  release_connection_fd (fd, 0);
1164  return ret;
1165 }

References openvas_connection::fd, get_connection_fd(), hostname, openvas_connection::last_err, script_infos::name, open_sock_tcp(), open_SSL_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), TIMEOUT, openvas_connection::timeout, and openvas_connection::transport.

Referenced by nasl_open_sock_tcp_bufsz(), open_stream_connection(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_tls_default_priorities()

void open_stream_tls_default_priorities ( const char *  p,
const int  pflag 
)

Definition at line 1168 of file network.c.

1169 {
1170  tls_priorities = p;
1171  tls_priority_flag = pflag;
1172 }

References tls_priorities, and tls_priority_flag.

Referenced by retry_stream_connection().

Here is the caller graph for this function:

◆ openvas_deregister_connection()

int openvas_deregister_connection ( int  )

Definition at line 259 of file network.c.

260 {
262  if (!OPENVAS_STREAM (fd))
263  {
264  errno = EINVAL;
265  return -1;
266  }
267 
268  p = connections + (fd - OPENVAS_FD_OFF);
269  /* Fixme: Code duplicated from release_connection_fd. Check usage
270  of this function make sure that TLS stuff is also released in
271  case it is used here. */
272  g_free (p->priority);
273  p->priority = NULL;
274  bzero (p, sizeof (*p));
275  p->transport = -1;
276  return 0;
277 }

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::priority, and openvas_connection::transport.

◆ openvas_get_socket_from_connection()

int openvas_get_socket_from_connection ( int  )

Definition at line 357 of file network.c.

358 {
359  openvas_connection *fp;
360 
361  if (!OPENVAS_STREAM (fd))
362  {
363  g_message ("[%d] openvas_get_socket_from_connection: bad fd <%d>",
364  getpid (), fd);
365  return fd;
366  }
367  fp = connections + (fd - OPENVAS_FD_OFF);
368  if (fp->transport <= 0)
369  {
370  g_message ("openvas_get_socket_from_connection: fd <%d> is closed", fd);
371  return -1;
372  }
373  return fp->fd;
374 }

References connections, openvas_connection::fd, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::transport.

Referenced by nasl_get_source_port(), nasl_ssh_connect(), and plugin_do_run().

Here is the caller graph for this function:

◆ openvas_register_connection()

int openvas_register_connection ( int  soc,
void *  ssl,
gnutls_certificate_credentials_t  certcred,
openvas_encaps_t  encaps 
)
Todo:
TLS FIXME: migrate this to TLS
Todo:
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.

Definition at line 234 of file network.c.

237 {
238  int fd;
240 
241  if ((fd = get_connection_fd ()) < 0)
242  return -1;
243  p = OVAS_CONNECTION_FROM_FD (fd);
244 
245  p->tls_session = ssl;
246  p->tls_cred = certcred;
247 
248  p->timeout = TIMEOUT; /* default value */
249  p->port = 0; /* just used for debug */
250  p->fd = soc;
251  p->transport = encaps;
252  p->priority = NULL;
253  p->last_err = 0;
254 
255  return fd;
256 }

References openvas_connection::fd, get_connection_fd(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, openvas_connection::port, openvas_connection::priority, TIMEOUT, openvas_connection::timeout, openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_open_privileged_socket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas_SSL_init()

int openvas_SSL_init ( void  )

Initializes SSL support.

Definition at line 341 of file network.c.

342 {
343  gnutls_global_set_log_level (2);
344  gnutls_global_set_log_function (log_message_gnutls);
345 
346  int ret = gnutls_global_init ();
347  if (ret < 0)
348  {
349  tlserror ("gnutls_global_init", ret);
350  return -1;
351  }
352 
353  return 0;
354 }

References log_message_gnutls(), and tlserror().

Referenced by check_tls(), and main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ os_recv()

int os_recv ( int  ,
void *  ,
int  ,
int   
)

Definition at line 2235 of file network.c.

2236 {
2237  char *buf0 = (char *) buf;
2238  int e, n;
2239  for (n = 0; n < len;)
2240  {
2241  errno = 0;
2242  e = recv (soc, buf0 + n, len - n, opt);
2243  if (e < 0 && errno == EINTR)
2244  continue;
2245  else if (e <= 0)
2246  return -1;
2247  else
2248  n += e;
2249  }
2250  return n;
2251 }

References len.

◆ os_send()

int os_send ( int  ,
void *  ,
int  ,
int   
)

Definition at line 2216 of file network.c.

2217 {
2218  char *buf0 = (char *) buf;
2219  int e, n;
2220  for (n = 0; n < len;)
2221  {
2222  errno = 0;
2223  e = send (soc, buf0 + n, len - n, opt);
2224  if (e < 0 && errno == EINTR)
2225  continue;
2226  else if (e <= 0)
2227  return -1;
2228  else
2229  n += e;
2230  }
2231  return n;
2232 }

References len.

Referenced by nsend().

Here is the caller graph for this function:

◆ ovas_get_tlssession_from_connection()

gnutls_session_t ovas_get_tlssession_from_connection ( int  )

Definition at line 377 of file network.c.

378 {
379  openvas_connection *fp;
380 
381  if (!OPENVAS_STREAM (fd))
382  return NULL;
383 
384  fp = connections + (fd - OPENVAS_FD_OFF);
385  return fp->tls_session;
386 }

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::tls_session.

Referenced by socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), and socket_get_ssl_version().

Here is the caller graph for this function:

◆ read_stream_connection()

int read_stream_connection ( int  ,
void *  ,
int   
)

Definition at line 1457 of file network.c.

1458 {
1459  return read_stream_connection_min (fd, buf0, -1, len);
1460 }

References len, and read_stream_connection_min().

Referenced by nasl_telnet_init(), nrecv(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_min()

int read_stream_connection_min ( int  ,
void *  ,
int  ,
int   
)

Definition at line 1397 of file network.c.

1398 {
1399  openvas_connection *fp;
1400 
1401  if (OPENVAS_STREAM (fd))
1402  {
1403  fp = OVAS_CONNECTION_FROM_FD (fd);
1404  if (fp->buf != NULL)
1405  {
1406  int l1, l2;
1407 
1408  if (max_len == 1)
1409  min_len = 1; /* avoid "magic read" later */
1410  l2 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1411  if (l2 > 0)
1412  {
1413  memcpy (buf0, fp->buf + fp->bufptr, l2);
1414  fp->bufcnt -= l2;
1415  if (fp->bufcnt == 0)
1416  {
1417  fp->bufptr = 0;
1418  fp->buf[0] = '\0'; /* debug */
1419  }
1420  else
1421  fp->bufptr += l2;
1422  if (l2 >= min_len || l2 >= max_len)
1423  return l2;
1424  max_len -= l2;
1425  min_len -= l2;
1426  }
1427  if (min_len > fp->bufsz)
1428  {
1429  l1 = read_stream_connection_unbuffered (fd, (char *) buf0 + l2,
1430  min_len, max_len);
1431  if (l1 > 0)
1432  return l1 + l2;
1433  else
1434  return l2;
1435  }
1436  /* Fill buffer */
1437  l1 =
1438  read_stream_connection_unbuffered (fd, fp->buf, min_len, fp->bufsz);
1439  if (l1 <= 0)
1440  return l2;
1441 
1442  fp->bufcnt = l1;
1443  l1 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1444  memcpy ((char *) buf0 + l2, fp->buf + fp->bufptr, l1);
1445  fp->bufcnt -= l1;
1446  if (fp->bufcnt == 0)
1447  fp->bufptr = 0;
1448  else
1449  fp->bufptr += l1;
1450  return l1 + l2;
1451  }
1452  }
1453  return read_stream_connection_unbuffered (fd, buf0, min_len, max_len);
1454 }

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and read_stream_connection_unbuffered().

Referenced by nasl_recv(), nasl_recv_line(), nasl_telnet_init(), plugin_do_run(), read_stream_connection(), and recv_line().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ recv_line()

int recv_line ( int  soc,
char *  buf,
size_t  bufsiz 
)

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.

Definition at line 2040 of file network.c.

2041 {
2042  int n;
2043  unsigned int ret = 0;
2044 
2045  /* Dirty SSL hack */
2046  if (OPENVAS_STREAM (soc))
2047  {
2048  buf[0] = '\0';
2049 
2050  do
2051  {
2052  n = read_stream_connection_min (soc, buf + ret, 1, 1);
2053  switch (n)
2054  {
2055  case -1:
2056  if (ret == 0)
2057  return -1;
2058  else
2059  return ret;
2060  break;
2061 
2062  case 0:
2063  return ret;
2064  break;
2065 
2066  default:
2067  ret++;
2068  }
2069  }
2070  while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2071 
2072  if (ret > 0)
2073  {
2074  if (buf[ret - 1] != '\0')
2075  {
2076  if (ret < bufsiz)
2077  buf[ret] = '\0';
2078  else
2079  buf[bufsiz - 1] = '\0';
2080  }
2081  }
2082 
2083  return ret;
2084  }
2085  else
2086  {
2087  fd_set rd;
2088 
2089  do
2090  {
2091  int e;
2092  again:
2093  errno = 0;
2094  FD_ZERO (&rd);
2095  FD_SET (soc, &rd);
2096  e = select (soc + 1, &rd, NULL, NULL, NULL);
2097  if (e == 0 && !FD_ISSET (soc, &rd))
2098  return -1;
2099  if (e < 0 && errno == EINTR)
2100  goto again;
2101  if (e > 0)
2102  {
2103  n = recv (soc, buf + ret, 1, 0);
2104  switch (n)
2105  {
2106  case -1:
2107  if (errno == EINTR)
2108  continue;
2109  if (ret == 0)
2110  return -1;
2111  else
2112  return ret;
2113  break;
2114  case 0:
2115  return ret;
2116  break;
2117  default:
2118  ret++;
2119  }
2120  }
2121  else
2122  break;
2123  }
2124  while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2125 
2126  if (ret > 0)
2127  {
2128  if (buf[ret - 1] != '\0')
2129  {
2130  if (ret < bufsiz)
2131  buf[ret] = '\0';
2132  else
2133  buf[bufsiz - 1] = '\0';
2134  }
2135  }
2136  }
2137 
2138  return ret;
2139 }

References OPENVAS_STREAM, and read_stream_connection_min().

Referenced by ftp_get_pasv_address(), and ftp_log_in().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_close()

int socket_close ( int  )

Definition at line 2142 of file network.c.

2143 {
2144  return close (soc);
2145 }

Referenced by close_stream_connection(), open_socket(), and release_connection_fd().

Here is the caller graph for this function:

◆ socket_get_cert()

void socket_get_cert ( int  ,
void **  ,
int *   
)

Definition at line 887 of file network.c.

888 {
889  gnutls_session_t session;
890  const gnutls_datum_t *cert_list;
891  unsigned int cert_list_len = 0;
892 
893  if (!cert || !certlen)
894  return;
895  if (!fd_is_stream (fd))
896  {
897  g_message ("Socket %d is not stream", fd);
898  return;
899  }
901  if (!session)
902  {
903  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
904  return;
905  }
906  if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
907  return;
908  cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
909  if (cert_list_len == 0)
910  return;
911  *certlen = cert_list[0].size;
912  *cert = g_memdup2 (cert_list[0].data, *certlen);
913 }

References fd_is_stream(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_cert().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_ciphersuite()

int socket_get_ssl_ciphersuite ( int  )

Definition at line 1006 of file network.c.

1007 {
1008  gnutls_session_t session;
1009  gnutls_kx_algorithm_t kx, kx2;
1010  gnutls_cipher_algorithm_t cipher, cipher2;
1011  gnutls_mac_algorithm_t mac, mac2;
1012  size_t idx = 0;
1013  unsigned char cs_id[2];
1014 
1015  if (!fd_is_stream (fd))
1016  {
1017  g_message ("Socket %d is not stream", fd);
1018  return -1;
1019  }
1020  session = ovas_get_tlssession_from_connection (fd);
1021  if (!session)
1022  {
1023  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
1024  return -1;
1025  }
1026 
1027  kx = gnutls_kx_get (session);
1028  cipher = gnutls_cipher_get (session);
1029  mac = gnutls_mac_get (session);
1030  while (
1031  gnutls_cipher_suite_info (idx, (void *) cs_id, &kx2, &cipher2, &mac2, NULL))
1032  {
1033  if (kx == kx2 && cipher == cipher2 && mac == mac2)
1034  return cs_id[0] + cs_id[1];
1035  idx++;
1036  }
1037  return -1;
1038 }

References fd_is_stream(), mac(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_ciphersuite().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_compression()

int socket_get_ssl_compression ( int  )

◆ socket_get_ssl_session_id()

void socket_get_ssl_session_id ( int  ,
void **  ,
size_t *   
)

Definition at line 966 of file network.c.

967 {
968  gnutls_session_t session;
969  void *tmp;
970  *ssize = GNUTLS_MAX_SESSION_ID;
971  int ret;
972 
973  if (!sid)
974  return;
975  if (!fd_is_stream (fd))
976  {
977  g_message ("Socket %d is not stream", fd);
978  return;
979  }
981  if (!session)
982  {
983  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
984  return;
985  }
986  tmp = g_malloc0 (*ssize);
987  ret = gnutls_session_get_id (session, tmp, ssize);
988  if (ret == GNUTLS_E_SUCCESS)
989  *sid = tmp;
990  else
991  {
992  g_free (tmp);
993  *ssize = 0;
994  tlserror ("gnutls_session_id", ret);
995  }
996 }

References fd_is_stream(), ovas_get_tlssession_from_connection(), and tlserror().

Referenced by nasl_socket_get_ssl_session_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_version()

int socket_get_ssl_version ( int  )

Definition at line 923 of file network.c.

924 {
925  gnutls_session_t session;
926  gnutls_protocol_t version;
927 
928  if (!fd_is_stream (fd))
929  {
930  g_message ("Socket %d is not stream", fd);
931  return -1;
932  }
934  if (!session)
935  {
936  g_message ("Socket %d is not SSL/TLS encapsulated", fd);
937  return -1;
938  }
939 
940  version = gnutls_protocol_get_version (session);
941  switch (version)
942  {
943  case GNUTLS_SSL3:
944  return OPENVAS_ENCAPS_SSLv3;
945  case GNUTLS_TLS1:
946  return OPENVAS_ENCAPS_TLSv1;
947  case GNUTLS_TLS1_1:
948  return OPENVAS_ENCAPS_TLSv11;
949  case GNUTLS_TLS1_2:
950  return OPENVAS_ENCAPS_TLSv12;
951  case GNUTLS_TLS1_3:
952  return OPENVAS_ENCAPS_TLSv13;
953  default:
954  return -1;
955  }
956 }

References fd_is_stream(), OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_version().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_negotiate_ssl()

int socket_negotiate_ssl ( int  fd,
openvas_encaps_t  transport,
struct script_infos args 
)

Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.

Parameters
[in]fdSocket file descriptor.
[in]transportEncapsulation type.
[in]argScript args.
Returns
-1 if error, socket file descriptor value otherwise.

Definition at line 820 of file network.c.

822 {
823  char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
824  char *hostname = NULL;
825  openvas_connection *fp;
826  kb_t kb;
827  char buf[1024];
828  static gboolean connection_failed_msg_sent = FALSE; // send msg only once
829 
830  if (!fd_is_stream (fd))
831  {
832  g_message ("Socket %d is not stream", fd);
833  return -1;
834  }
835  fp = OVAS_CONNECTION_FROM_FD (fd);
836  kb = plug_get_kb (args);
837  cert = kb_item_get_str (kb, "SSL/cert");
838  key = kb_item_get_str (kb, "SSL/key");
839  passwd = kb_item_get_str (kb, "SSL/password");
840  cafile = kb_item_get_str (kb, "SSL/CA");
841  snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
842  if (kb_item_get_int (kb, buf) <= 0)
843  hostname = plug_get_host_fqdn (args);
844 
845  fp->transport = transport;
846  fp->priority = NULL;
847  if (open_SSL_connection (fp, cert, key, passwd, cafile, hostname,
849  <= 0)
850  {
851  g_free (cert);
852  g_free (key);
853  g_free (passwd);
854  g_free (cafile);
855  if (!connection_failed_msg_sent)
856  {
857  g_message ("Function socket_negotiate_ssl called from %s: "
858  "SSL/TLS connection (host: %s, ip: %s) failed.",
860  plug_get_host_fqdn (args) ? plug_get_host_fqdn (args)
861  : "unknown",
863  : "unknown");
864  connection_failed_msg_sent = TRUE;
865  }
866  g_free (hostname);
867  release_connection_fd (fd, 0);
868  return -1;
869  }
870  g_free (hostname);
871  g_free (cert);
872  g_free (key);
873  g_free (passwd);
874  g_free (cafile);
875  return fd;
876 }

References fd_is_stream(), hostname, nasl_get_plugin_filename(), NO_PRIORITY_FLAGS, open_SSL_connection(), OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_host_ip_str(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), and openvas_connection::transport.

Referenced by nasl_socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_do_handshake()

int socket_ssl_do_handshake ( int  fd)

Do a re-handshake of the TLS/SSL protocol.

Parameters
[in]fdSocket file descriptor.
Returns
1 on success, less than 0 on failure or error.

Definition at line 737 of file network.c.

738 {
739  int err, d, ret;
740  openvas_connection *fp;
741  time_t tictac;
742  fd_set fdw, fdr;
743  struct timeval to;
744 
745  if (!fd_is_stream (fd))
746  {
747  g_message ("%s: Socket %d is not stream", __func__, fd);
748  return -1;
749  }
750  fp = OVAS_CONNECTION_FROM_FD (fd);
751 
752  tictac = time (NULL);
753 
754  for (;;)
755  {
756  err = gnutls_handshake (fp->tls_session);
757 
758  if (err == 0)
759  {
760  g_debug ("no error during handshake");
761  return 1;
762  }
763  if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
764  && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
765  {
766  g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
767  return -1;
768  }
769  else if (err == GNUTLS_E_WARNING_ALERT_RECEIVED)
770  {
771  int last_alert;
772 
773  last_alert = gnutls_alert_get (fp->tls_session);
774  g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
775 
776  g_debug ("* Received alert '%d': %s.\n", last_alert,
777  gnutls_alert_get_name (last_alert));
778  return err;
779  }
780  FD_ZERO (&fdr);
781  FD_SET (fp->fd, &fdr);
782  FD_ZERO (&fdw);
783  FD_SET (fp->fd, &fdw);
784 
785  do
786  {
787  d = tictac + fp->timeout - time (NULL);
788  if (d <= 0)
789  {
790  fp->last_err = ETIMEDOUT;
791  g_debug ("%s: time out", __func__);
792  return -1;
793  }
794  to.tv_sec = d;
795  to.tv_usec = 0;
796  errno = 0;
797  if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
798  pid_perror ("select");
799  }
800  while (ret < 0 && errno == EINTR);
801 
802  if (ret <= 0)
803  {
804  fp->last_err = ETIMEDOUT;
805  g_debug ("%s: time out", __func__);
806  return -1;
807  }
808  }
809 }

References openvas_connection::fd, fd_is_stream(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, pid_perror(), openvas_connection::timeout, timeval(), and openvas_connection::tls_session.

Referenced by nasl_socket_ssl_do_handshake().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_safe_renegotiation_status()

int socket_ssl_safe_renegotiation_status ( int  fd)

Check if Secure Renegotiation is supported in the server side.

Parameters
[in]fdSocket file descriptor.
Returns
1 if supported, 0 if not supported and less than 0 on error.

Definition at line 716 of file network.c.

717 {
718  openvas_connection *fp;
719 
720  if (!fd_is_stream (fd))
721  {
722  g_message ("%s: Socket %d is not stream", __func__, fd);
723  return -1;
724  }
725  fp = OVAS_CONNECTION_FROM_FD (fd);
726 
727  return gnutls_safe_renegotiation_status (fp->tls_session);
728 }

References fd_is_stream(), OVAS_CONNECTION_FROM_FD, and openvas_connection::tls_session.

Referenced by nasl_socket_check_ssl_safe_renegotiation().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stream_get_buffer_sz()

int stream_get_buffer_sz ( int  )

Definition at line 2158 of file network.c.

2159 {
2160  openvas_connection *p;
2161  if (!OPENVAS_STREAM (fd))
2162  return -1;
2163  p = OVAS_CONNECTION_FROM_FD (fd);
2164  return p->bufsz;
2165 }

References openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_recv_line().

Here is the caller graph for this function:

◆ stream_get_err()

int stream_get_err ( int  )

Definition at line 132 of file network.c.

133 {
135 
136  if (!OPENVAS_STREAM (fd))
137  {
138  errno = EINVAL;
139  return -1;
140  }
141 
142  p = OVAS_CONNECTION_FROM_FD (fd);
143  return p->last_err;
144 }

References openvas_connection::last_err, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_socket_get_error().

Here is the caller graph for this function:

◆ stream_set()

int stream_set ( int  ,
fd_set *   
)

◆ stream_set_buffer()

int stream_set_buffer ( int  ,
int   
)

Definition at line 2168 of file network.c.

2169 {
2170  openvas_connection *p;
2171  char *b;
2172 
2173  if (!OPENVAS_STREAM (fd))
2174  return -1;
2175 
2176  p = OVAS_CONNECTION_FROM_FD (fd);
2177  if (sz < p->bufcnt)
2178  return -1; /* Do not want to lose data */
2179 
2180  if (sz == 0)
2181  {
2182  g_free (p->buf);
2183  p->buf = NULL;
2184  p->bufsz = 0;
2185  return 0;
2186  }
2187  else if (p->buf == 0)
2188  {
2189  p->buf = g_malloc0 (sz);
2190  if (p->buf == NULL)
2191  return -1;
2192  p->bufsz = sz;
2193  p->bufptr = 0;
2194  p->bufcnt = 0;
2195  return 0;
2196  }
2197  else
2198  {
2199  if (p->bufcnt > 0)
2200  {
2201  memmove (p->buf, p->buf + p->bufptr, p->bufcnt);
2202  p->bufptr = 0;
2203  }
2204  b = g_realloc (p->buf, sz);
2205  if (b == NULL)
2206  return -1;
2207  p->buf = b;
2208  p->bufsz = sz;
2209  return 0;
2210  }
2211 }

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_open_sock_tcp_bufsz(), and nasl_recv_line().

Here is the caller graph for this function:

◆ stream_set_timeout()

int stream_set_timeout ( int  ,
int   
)

Definition at line 1216 of file network.c.

1217 {
1218  int old;
1219  openvas_connection *fp;
1220  if (!OPENVAS_STREAM (fd))
1221  {
1222  errno = EINVAL;
1223  return 0;
1224  }
1225  fp = OVAS_CONNECTION_FROM_FD (fd);
1226  old = fp->timeout;
1227  fp->timeout = timeout;
1228  return old;
1229 }

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and openvas_connection::timeout.

Referenced by nasl_recv(), and plugin_do_run().

Here is the caller graph for this function:

◆ stream_zero()

int stream_zero ( fd_set *  )

◆ write_stream_connection()

int write_stream_connection ( int  ,
void *  buf,
int  n 
)

Definition at line 1583 of file network.c.

1584 {
1585  return write_stream_connection4 (fd, buf0, n, 0);
1586 }

References write_stream_connection4().

Referenced by ftp_get_pasv_address(), ftp_log_in(), nasl_telnet_init(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:
openvas_connection::tls_cred
gnutls_certificate_credentials_t tls_cred
Definition: network.c:76
openvas_connection::buf
char * buf
Definition: network.c:80
OVAS_CONNECTION_FROM_FD
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:119
pid_perror
static int pid_perror(const char *error)
Definition: network.c:125
host_get_port_state
int host_get_port_state(struct script_infos *plugdata, int portnum)
Definition: plugutils.c:144
plug_get_port_transport
int plug_get_port_transport(struct script_infos *args, int port)
Definition: plugutils.c:1288
get_connection_fd
static int get_connection_fd(void)
Returns a free file descriptor.
Definition: network.c:153
openvas_connection::port
int port
Definition: network.c:73
OPENVAS_ENCAPS_IP
@ OPENVAS_ENCAPS_IP
Definition: network.h:31
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:1055
openvas_connection::bufcnt
int bufcnt
Definition: network.c:81
tls_priority_flag
int tls_priority_flag
Definition: network.c:147
open_stream_connection
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition: network.c:1175
plug_get_host_fqdn
char * plug_get_host_fqdn(struct script_infos *args)
Definition: plugutils.c:242
NO_PRIORITY_FLAGS
#define NO_PRIORITY_FLAGS
Definition: network.h:48
os_send
int os_send(int soc, void *buf, int len, int opt)
Definition: network.c:2216
release_connection_fd
static int release_connection_fd(int fd, int already_closed)
Definition: network.c:173
openvas_connection::transport
openvas_encaps_t transport
Definition: network.c:69
openvas_connection::tls_session
gnutls_session_t tls_session
Definition: network.c:75
tls_priorities
const char * tls_priorities
Definition: network.c:146
OPENVAS_FD_OFF
#define OPENVAS_FD_OFF
Definition: network.c:92
OPENVAS_ENCAPS_TLSv13
@ OPENVAS_ENCAPS_TLSv13
Definition: network.h:38
protocol
u_char protocol
Definition: nasl_packet_forgery.c:3
open_stream_connection_ext
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
Definition: network.c:1046
open_sock_tcp
int open_sock_tcp(struct script_infos *args, unsigned int port, int timeout)
Definition: network.c:1919
connections
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:94
log_message_gnutls
static void log_message_gnutls(int level, const char *msg)
Definition: network.c:332
openvas_connection
Definition: network.c:63
OPENVAS_ENCAPS_MAX
@ OPENVAS_ENCAPS_MAX
Definition: network.h:40
openvas_connection::bufptr
int bufptr
Definition: network.c:81
OPENVAS_ENCAPS_TLScustom
@ OPENVAS_ENCAPS_TLScustom
Definition: network.h:39
plug_current_vhost
const char * plug_current_vhost(void)
Definition: plugutils.c:47
OPENVAS_STREAM
#define OPENVAS_STREAM(x)
Definition: network.c:113
plug_set_port_transport
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition: plugutils.c:1275
run_csc_hooks
static int run_csc_hooks(int fd)
Run the hooks for close_stream_connection.
Definition: network.c:1694
read_stream_connection
int read_stream_connection(int fd, void *buf0, int len)
Definition: network.c:1457
open_socket
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition: network.c:1791
OPENVAS_ENCAPS_SSLv2
@ OPENVAS_ENCAPS_SSLv2
Definition: network.h:33
openvas_encaps_t
enum openvas_encaps openvas_encaps_t
kb_item_set_int_with_main_kb_check
int kb_item_set_int_with_main_kb_check(kb_t kb, const char *name, int value)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_set_int....
Definition: plugutils.c:554
open_SSL_connection
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
Open an TLS/SSL connection.
Definition: network.c:580
len
uint8_t len
Definition: nasl_packet_forgery.c:1
tlserror
static void tlserror(char *txt, int err)
Definition: network.c:326
ovas_get_tlssession_from_connection
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition: network.c:377
read_stream_connection_min
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1397
fd_is_stream
int fd_is_stream(int fd)
Definition: network.c:2152
OPENVAS_ENCAPS_TLSv1
@ OPENVAS_ENCAPS_TLSv1
Definition: network.h:35
timeval
static struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:94
openvas_connection::timeout
int timeout
Definition: network.c:71
nasl_get_plugin_filename
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition: nasl_debug.c:42
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition: nasl_crypt_helper.c:97
openvas_connection::fd
int fd
Definition: network.c:64
open_sock_option
int open_sock_option(struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
Definition: network.c:1996
TIMEOUT
#define TIMEOUT
Definition: network.c:45
OPENVAS_ENCAPS_SSLv3
@ OPENVAS_ENCAPS_SSLv3
Definition: network.h:34
block_socket
static int block_socket(int soc)
Definition: network.c:303
socket_close
int socket_close(int soc)
Definition: network.c:2142
hostname
const char * hostname
Definition: pluginlaunch.c:68
read_stream_connection_unbuffered
static int read_stream_connection_unbuffered(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1232
openvas_connection::bufsz
int bufsz
Definition: network.c:81
OPENVAS_ENCAPS_TLSv11
@ OPENVAS_ENCAPS_TLSv11
Definition: network.h:36
OPENVAS_ENCAPS_TLSv12
@ OPENVAS_ENCAPS_TLSv12
Definition: network.h:37
openvas_connection::priority
char * priority
Definition: network.c:70
write_stream_connection4
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition: network.c:1463
openvas_connection::last_err
int last_err
Definition: network.c:82
qsort_compar
static int qsort_compar(const void *a, const void *b)
Definition: network.c:2274
kb_item_push_str_with_main_kb_check
int kb_item_push_str_with_main_kb_check(kb_t kb, const char *name, const char *value)
Check if the current kb corresponds to the original scanid, if it matches it kb_item_push_str....
Definition: plugutils.c:478
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition: kb_cache.c:41
code
#define code
plug_get_host_ip_str
char * plug_get_host_ip_str(struct script_infos *desc)
Definition: plugutils.c:322
OPENVAS_ENCAPS_AUTO
@ OPENVAS_ENCAPS_AUTO
Definition: network.h:30
length
u_short length
Definition: nasl_packet_forgery.c:4
OPENVAS_ENCAPS_SSLv23
@ OPENVAS_ENCAPS_SSLv23
Definition: network.h:32