OpenVAS Scanner 22.7.9
Macros | Typedefs | Enumerations | Functions
network.h File Reference

Header file for module network. More...

#include "scanneraux.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <netinet/in.h>
#include <sys/select.h>
Include dependency graph for network.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define IS_ENCAPS_SSL(x)    ((x) >= OPENVAS_ENCAPS_SSLv23 && (x) <= OPENVAS_ENCAPS_TLScustom)
 
#define NO_PRIORITY_FLAGS   0
 
#define INSECURE_DH_PRIME_BITS   (1 << 0)
 

Typedefs

typedef enum openvas_encaps openvas_encaps_t
 

Enumerations

enum  openvas_encaps {
  OPENVAS_ENCAPS_AUTO = 0 , OPENVAS_ENCAPS_IP , OPENVAS_ENCAPS_SSLv23 , OPENVAS_ENCAPS_SSLv2 ,
  OPENVAS_ENCAPS_SSLv3 , OPENVAS_ENCAPS_TLSv1 , OPENVAS_ENCAPS_TLSv11 , OPENVAS_ENCAPS_TLSv12 ,
  OPENVAS_ENCAPS_TLSv13 , OPENVAS_ENCAPS_TLScustom , OPENVAS_ENCAPS_MAX
}
 

Functions

int open_sock_tcp (struct script_infos *, unsigned int, int)
 
int open_sock_option (struct script_infos *, unsigned int, int, int, int)
 
int recv_line (int, char *, size_t)
 Reads a text from the socket stream into the argument buffer, always.
 
int nrecv (int, void *, int, int)
 
int socket_close (int)
 
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
 
unsigned short * getpts (char *, int *)
 Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
 
void open_stream_tls_default_priorities (const char *p, const int pflag)
 
int open_stream_connection (struct script_infos *, unsigned int, int, int)
 
int open_stream_connection_ext (struct script_infos *, unsigned int, int, int, const char *, int)
 
int open_stream_auto_encaps_ext (struct script_infos *, unsigned int port, int timeout, int force)
 
int write_stream_connection (int, void *buf, int n)
 
int read_stream_connection (int, void *, int)
 
int read_stream_connection_min (int, void *, int, int)
 
int nsend (int, void *, int, int)
 
void add_close_stream_connection_hook (int(*)(int))
 
int close_stream_connection (int)
 
const char * get_encaps_name (openvas_encaps_t)
 
const char * get_encaps_through (openvas_encaps_t)
 
int open_sock_opt_hn (const char *, unsigned int, int, int, int)
 
int openvas_SSL_init (void)
 Initializes SSL support.
 
int stream_set_buffer (int, int)
 
int stream_get_buffer_sz (int)
 
int stream_get_err (int)
 
int openvas_register_connection (int s, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
 
int openvas_deregister_connection (int)
 
int openvas_get_socket_from_connection (int)
 
gnutls_session_t ovas_get_tlssession_from_connection (int)
 
int stream_zero (fd_set *)
 
int stream_set (int, fd_set *)
 
int os_send (int, void *, int, int)
 
int os_recv (int, void *, int, int)
 
int fd_is_stream (int)
 
int stream_set_timeout (int, int)
 
int socket_ssl_safe_renegotiation_status (int)
 Check if Secure Renegotiation is supported in the server side.
 
int socket_ssl_do_handshake (int)
 Do a re-handshake of the TLS/SSL protocol.
 
int socket_negotiate_ssl (int, openvas_encaps_t, struct script_infos *)
 Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.
 
void socket_get_cert (int, void **, int *)
 
int socket_get_ssl_version (int)
 
void socket_get_ssl_session_id (int, void **, size_t *)
 
int socket_get_ssl_compression (int)
 
int socket_get_ssl_ciphersuite (int)
 

Detailed Description

Header file for module network.

Definition in file network.h.

Macro Definition Documentation

◆ INSECURE_DH_PRIME_BITS

#define INSECURE_DH_PRIME_BITS   (1 << 0)

Definition at line 49 of file network.h.

◆ IS_ENCAPS_SSL

#define IS_ENCAPS_SSL (   x)     ((x) >= OPENVAS_ENCAPS_SSLv23 && (x) <= OPENVAS_ENCAPS_TLScustom)

Definition at line 43 of file network.h.

◆ NO_PRIORITY_FLAGS

#define NO_PRIORITY_FLAGS   0

Definition at line 48 of file network.h.

Typedef Documentation

◆ openvas_encaps_t

typedef enum openvas_encaps openvas_encaps_t

Enumeration Type Documentation

◆ openvas_encaps

enum openvas_encaps
Enumerator
OPENVAS_ENCAPS_AUTO 
OPENVAS_ENCAPS_IP 
OPENVAS_ENCAPS_SSLv23 
OPENVAS_ENCAPS_SSLv2 
OPENVAS_ENCAPS_SSLv3 
OPENVAS_ENCAPS_TLSv1 
OPENVAS_ENCAPS_TLSv11 
OPENVAS_ENCAPS_TLSv12 
OPENVAS_ENCAPS_TLSv13 
OPENVAS_ENCAPS_TLScustom 
OPENVAS_ENCAPS_MAX 

Definition at line 28 of file network.h.

29{
30 OPENVAS_ENCAPS_AUTO = 0, /* Request auto detection. */
31 OPENVAS_ENCAPS_IP,
32 OPENVAS_ENCAPS_SSLv23, /* Ask for compatibility options */
33 OPENVAS_ENCAPS_SSLv2,
34 OPENVAS_ENCAPS_SSLv3,
35 OPENVAS_ENCAPS_TLSv1,
36 OPENVAS_ENCAPS_TLSv11,
37 OPENVAS_ENCAPS_TLSv12,
38 OPENVAS_ENCAPS_TLSv13,
39 OPENVAS_ENCAPS_TLScustom, /* SSL/TLS using custom priorities. */
40 OPENVAS_ENCAPS_MAX,
41} openvas_encaps_t;
OPENVAS_ENCAPS_SSLv3
@ OPENVAS_ENCAPS_SSLv3
Definition: network.h:34
OPENVAS_ENCAPS_TLScustom
@ OPENVAS_ENCAPS_TLScustom
Definition: network.h:39
OPENVAS_ENCAPS_TLSv12
@ OPENVAS_ENCAPS_TLSv12
Definition: network.h:37
OPENVAS_ENCAPS_TLSv1
@ OPENVAS_ENCAPS_TLSv1
Definition: network.h:35
OPENVAS_ENCAPS_MAX
@ OPENVAS_ENCAPS_MAX
Definition: network.h:40
OPENVAS_ENCAPS_IP
@ OPENVAS_ENCAPS_IP
Definition: network.h:31
OPENVAS_ENCAPS_TLSv13
@ OPENVAS_ENCAPS_TLSv13
Definition: network.h:38
OPENVAS_ENCAPS_SSLv2
@ OPENVAS_ENCAPS_SSLv2
Definition: network.h:33
OPENVAS_ENCAPS_SSLv23
@ OPENVAS_ENCAPS_SSLv23
Definition: network.h:32
OPENVAS_ENCAPS_TLSv11
@ OPENVAS_ENCAPS_TLSv11
Definition: network.h:36
OPENVAS_ENCAPS_AUTO
@ OPENVAS_ENCAPS_AUTO
Definition: network.h:30
openvas_encaps_t
enum openvas_encaps openvas_encaps_t

Function Documentation

◆ add_close_stream_connection_hook()

void add_close_stream_connection_hook ( int(*)(int)  )

◆ close_stream_connection()

int close_stream_connection ( int  fd)

Definition at line 1705 of file network.c.

1706{
1707 openvas_connection *fp;
1708 if (!OPENVAS_STREAM (fd))
1709 {
1710 errno = EINVAL;
1711 return -1;
1712 }
1713 fp = OVAS_CONNECTION_FROM_FD (fd);
1714 g_debug ("close_stream_connection TCP:%d (fd=%d)", fp->port, fd);
1715
1716 if (!OPENVAS_STREAM (fd)) /* Will never happen if debug is on! */
1717 {
1718 if (fd < 0 || fd > 1024)
1719 {
1720 errno = EINVAL;
1721 return -1;
1722 }
1723 shutdown (fd, 2);
1724 return socket_close (fd);
1725 }
1726 if (!run_csc_hooks (fd))
1727 return release_connection_fd (fd, 1);
1728 else
1729 return release_connection_fd (fd, 0);
1730}
OPENVAS_STREAM
#define OPENVAS_STREAM(x)
Definition: network.c:113
socket_close
int socket_close(int soc)
Definition: network.c:2142
run_csc_hooks
static int run_csc_hooks(int fd)
Run the hooks for close_stream_connection.
Definition: network.c:1694
release_connection_fd
static int release_connection_fd(int fd, int already_closed)
Definition: network.c:173
OVAS_CONNECTION_FROM_FD
#define OVAS_CONNECTION_FROM_FD(fd)
Definition: network.c:119
openvas_connection
Definition: network.c:63
openvas_connection::port
int port
Definition: network.c:73

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::port, release_connection_fd(), run_csc_hooks(), and socket_close().

Referenced by nasl_close_socket(), nasl_end_denial(), nasl_start_denial(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ fd_is_stream()

int fd_is_stream ( int  fd)

Definition at line 2152 of file network.c.

2153{
2154 return OPENVAS_STREAM (fd); /* Should probably be smarter... */
2155}

References OPENVAS_STREAM.

Referenced by nasl_close_socket(), nasl_get_source_port(), nasl_recv(), nasl_recv_line(), nasl_send(), nasl_socket_get_error(), socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), socket_get_ssl_version(), socket_negotiate_ssl(), socket_ssl_do_handshake(), and socket_ssl_safe_renegotiation_status().

Here is the caller graph for this function:

◆ get_encaps_name()

const char * get_encaps_name ( openvas_encaps_t  code)

Definition at line 1733 of file network.c.

1734{
1735 static char str[100];
1736 switch (code)
1737 {
1738 case OPENVAS_ENCAPS_AUTO:
1739 return "auto";
1740 case OPENVAS_ENCAPS_IP:
1741 return "IP";
1742 case OPENVAS_ENCAPS_SSLv2:
1743 return "SSLv2";
1744 case OPENVAS_ENCAPS_SSLv23:
1745 return "SSLv23";
1746 case OPENVAS_ENCAPS_SSLv3:
1747 return "SSLv3";
1748 case OPENVAS_ENCAPS_TLSv1:
1749 return "TLSv1";
1750 case OPENVAS_ENCAPS_TLSv11:
1751 return "TLSv11";
1752 case OPENVAS_ENCAPS_TLSv12:
1753 return "TLSv12";
1754 case OPENVAS_ENCAPS_TLSv13:
1755 return "TLSv13";
1756 case OPENVAS_ENCAPS_TLScustom:
1757 return "TLScustom";
1758 default:
1759 snprintf (str, sizeof (str), "[unknown transport layer - code %d (0x%x)]",
1760 code, code);
1761 return str;
1762 }
1763}
code
#define code

References code, OPENVAS_ENCAPS_AUTO, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by get_port_transport(), nasl_get_sock_info(), and plugin_do_run().

Here is the caller graph for this function:

◆ get_encaps_through()

const char * get_encaps_through ( openvas_encaps_t  code)

Definition at line 1766 of file network.c.

1767{
1768 static char str[100];
1769 switch (code)
1770 {
1771 case OPENVAS_ENCAPS_IP:
1772 return "";
1773 case OPENVAS_ENCAPS_SSLv2:
1774 case OPENVAS_ENCAPS_SSLv23:
1775 case OPENVAS_ENCAPS_SSLv3:
1776 case OPENVAS_ENCAPS_TLSv1:
1777 case OPENVAS_ENCAPS_TLSv11:
1778 case OPENVAS_ENCAPS_TLSv12:
1779 case OPENVAS_ENCAPS_TLSv13:
1780 case OPENVAS_ENCAPS_TLScustom:
1781 return " through SSL";
1782 default:
1783 snprintf (str, sizeof (str),
1784 " through unknown transport layer - code %d (0x%x)", code,
1785 code);
1786 return str;
1787 }
1788}

References code, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by mark_acap_server(), mark_adsgone(), mark_avotus_mm_server(), mark_BitTorrent_server(), mark_citrix_server(), mark_dameware_server(), mark_dictd_server(), mark_direct_connect_hub(), mark_eggdrop_server(), mark_ens_server(), mark_exchg_routing_server(), mark_finger_server(), mark_fssniffer(), mark_ftp_server(), mark_fw1(), mark_giop_server(), mark_gnocatan_server(), mark_gnome14_server(), mark_http_proxy(), mark_http_server(), mark_imap_server(), mark_interscan_viruswall(), mark_ircxpro_admin_server(), mark_jabber_server(), mark_LISa_server(), mark_listserv_server(), mark_locked_adsubtract_server(), mark_lpd_server(), mark_lyskom_server(), mark_mon_server(), mark_nagiosd_server(), mark_nntp_server(), mark_ofa_express_server(), mark_pblocald_server(), mark_pbmaster_server(), mark_ph_server(), mark_pnsclient(), mark_pop3pw_server(), mark_ppp_daemon(), mark_psybnc(), mark_quicktime_streaming_server(), mark_remote_nc_server(), mark_rmserver(), mark_shoutcast_server(), mark_smppd_server(), mark_smtp_server(), mark_smux_server(), mark_snpp_server(), mark_spamd_server(), mark_stonegate_auth_server(), mark_sub7_server(), mark_tcpmux_server(), mark_teamspeak2_server(), mark_telnet_server(), mark_time_server(), mark_unknown_svc(), mark_upsmon_server(), mark_uucp_server(), mark_veritas_backup(), mark_vmware_auth(), mark_vtun_server(), mark_websm_server(), mark_whois_plus2_server(), and mark_zebra_server().

◆ get_sock_infos()

int get_sock_infos ( int  sock,
int *  r_transport,
void **  r_tls_session 
)

Definition at line 2256 of file network.c.

2257{
2258 openvas_connection *fp;
2259
2260 if (!OPENVAS_STREAM (sock))
2261 return ENOTSOCK;
2262 fp = &(connections[sock - OPENVAS_FD_OFF]);
2263
2264 *r_transport = fp->transport;
2265 *r_tls_session = fp->tls_session;
2266 return 0;
2267}
OPENVAS_FD_OFF
#define OPENVAS_FD_OFF
Definition: network.c:92
connections
static openvas_connection connections[OPENVAS_FD_MAX]
Definition: network.c:94
openvas_connection::tls_session
gnutls_session_t tls_session
Definition: network.c:75
openvas_connection::transport
openvas_encaps_t transport
Definition: network.c:69

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_get_sock_info(), and nasl_socket_cert_verify().

Here is the caller graph for this function:

◆ getpts()

unsigned short * getpts ( char *  origexpr,
int *  len 
)

Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

of port numbers

This function is (c) Fyodor fyodo.nosp@m.r@dh.nosp@m.p.com and was taken from his excellent and outstanding scanner Nmap See http://www.insecure.org/nmap/ for details about Nmap

Definition at line 2296 of file network.c.

2297{
2298 int exlen;
2299 char *p, *q;
2300 unsigned short *tmp, *ports;
2301 int i = 0, j = 0, start, end;
2302 char *expr;
2303 char *mem;
2304 char *s_start, *s_end;
2305 static unsigned short *last_ret = NULL;
2306 static char *last_expr = NULL;
2307 static int last_num;
2308
2309 expr = g_strdup (origexpr);
2310 exlen = strlen (origexpr);
2311 mem = expr;
2312
2313 if (last_expr != NULL)
2314 {
2315 if (strcmp (last_expr, expr) == 0)
2316 {
2317 if (len != NULL)
2318 *len = last_num;
2319 g_free (mem);
2320 return last_ret;
2321 }
2322 else
2323 {
2324 g_free (last_expr);
2325 last_expr = NULL;
2326 g_free (&last_ret);
2327 last_ret = NULL;
2328 }
2329 }
2330
2331 ports = g_malloc0 (65536 * sizeof (short));
2332 for (; j < exlen; j++)
2333 if (expr[j] != ' ')
2334 expr[i++] = expr[j];
2335 expr[i] = '\0';
2336
2337 if ((s_start = strstr (expr, "T:")) != NULL)
2338 expr = &(s_start[2]);
2339
2340 if ((s_end = strstr (expr, "U:")) != NULL)
2341 {
2342 if (s_end[-1] == ',')
2343 s_end--;
2344 s_end[0] = '\0';
2345 }
2346
2347 i = 0;
2348 while ((p = strchr (expr, ',')))
2349 {
2350 *p = '\0';
2351 if (*expr == '-')
2352 {
2353 start = 1;
2354 end = atoi (expr + 1);
2355 }
2356 else
2357 {
2358 start = end = atoi (expr);
2359 if ((q = strchr (expr, '-')) && *(q + 1))
2360 end = atoi (q + 1);
2361 else if (q && !*(q + 1))
2362 end = 65535;
2363 }
2364 if (start < 1)
2365 start = 1;
2366 if (start > end)
2367 {
2368 g_free (mem);
2369 g_free (ports);
2370 return NULL;
2371 }
2372 for (j = start; j <= end; j++)
2373 ports[i++] = j;
2374 expr = p + 1;
2375 }
2376 if (*expr == '-')
2377 {
2378 start = 1;
2379 end = atoi (expr + 1);
2380 }
2381 else
2382 {
2383 start = end = atoi (expr);
2384 if ((q = strchr (expr, '-')) && *(q + 1))
2385 end = atoi (q + 1);
2386 else if (q && !*(q + 1))
2387 end = 65535;
2388 }
2389 if (start < 1)
2390 start = 1;
2391 if (start > end)
2392 {
2393 g_free (mem);
2394 g_free (ports);
2395 return NULL;
2396 }
2397 for (j = start; j <= end; j++)
2398 ports[i++] = j;
2399 ports[i++] = 0;
2400
2401 qsort (ports, i, sizeof (u_short), qsort_compar);
2402 tmp = g_realloc (ports, i * sizeof (short));
2403 if (len != NULL)
2404 *len = i - 1;
2405 g_free (mem);
2406
2407 last_ret = tmp;
2408 last_expr = g_strdup (origexpr);
2409 last_num = i - 1;
2410 return tmp;
2411}
len
uint8_t len
Definition: nasl_packet_forgery.c:1
qsort_compar
static int qsort_compar(const void *a, const void *b)
Definition: network.c:2274

References len, and qsort_compar().

Referenced by nasl_scanner_get_port(), and scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nrecv()

int nrecv ( int  fd,
void *  data,
int  length,
int  i_opt 
)

Definition at line 1628 of file network.c.

1629{
1630 int e;
1631 if (OPENVAS_STREAM (fd))
1632 {
1633 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1634 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1635 else
1636 return read_stream_connection (fd, data, length);
1637 }
1638 /* Trying OS's recv()
1639 *
1640 * Do *NOT* use os_recv() here, as it will be blocking until the exact
1641 * amount of requested data arrives
1642 */
1643 block_socket (fd);
1644 do
1645 {
1646 e = recv (fd, data, length, i_opt);
1647 }
1648 while (e < 0 && errno == EINTR);
1649 return e;
1650}
length
u_short length
Definition: nasl_packet_forgery.c:4
read_stream_connection
int read_stream_connection(int fd, void *buf0, int len)
Definition: network.c:1457
block_socket
static int block_socket(int soc)
Definition: network.c:303

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, and read_stream_connection().

Here is the call graph for this function:

◆ nsend()

int nsend ( int  fd,
void *  data,
int  length,
int  i_opt 
)

Definition at line 1589 of file network.c.

1590{
1591 int n = 0;
1592
1593 if (OPENVAS_STREAM (fd))
1594 {
1595 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1596 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1597 else
1598 return write_stream_connection4 (fd, data, length, i_opt);
1599 }
1600 /* Trying OS's send() */
1601 block_socket (fd); /* ??? */
1602 do
1603 {
1604 struct timeval tv = {0, 5};
1605 fd_set wr;
1606 int e;
1607
1608 FD_ZERO (&wr);
1609 FD_SET (fd, &wr);
1610
1611 errno = 0;
1612 e = select (fd + 1, NULL, &wr, NULL, &tv);
1613 if (e > 0)
1614 n = os_send (fd, data, length, i_opt);
1615 else if (e < 0 && errno == EINTR)
1616 continue;
1617 else
1618 break;
1619 }
1620 while (n <= 0 && errno == EINTR);
1621 if (n < 0)
1622 g_message ("[%d] nsend():send %s", getpid (), strerror (errno));
1623
1624 return n;
1625}
timeval
static struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:94
write_stream_connection4
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition: network.c:1463
os_send
int os_send(int soc, void *buf, int len, int opt)
Definition: network.c:2216

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, os_send(), timeval(), and write_stream_connection4().

Referenced by nasl_end_denial(), and nasl_send().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_opt_hn()

int open_sock_opt_hn ( const char *  hostname,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)

Definition at line 1890 of file network.c.

1892{
1893 struct sockaddr_in addr;
1894 struct sockaddr_in6 addr6;
1895 struct in6_addr in6addr;
1896
1897 gvm_resolve_as_addr6 (hostname, &in6addr);
1898 if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1899 {
1900 bzero ((void *) &addr, sizeof (addr));
1901 addr.sin_family = AF_INET;
1902 addr.sin_port = htons ((unsigned short) port);
1903 addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1904 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1905 sizeof (struct sockaddr_in));
1906 }
1907 else
1908 {
1909 bzero ((void *) &addr6, sizeof (addr6));
1910 addr6.sin6_family = AF_INET6;
1911 addr6.sin6_port = htons ((unsigned short) port);
1912 memcpy (&addr6.sin6_addr, &in6addr, sizeof (struct in6_addr));
1913 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1914 sizeof (struct sockaddr_in6));
1915 }
1916}
protocol
u_char protocol
Definition: nasl_packet_forgery.c:3
open_socket
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition: network.c:1791
hostname
const char * hostname
Definition: pluginlaunch.c:68

References hostname, open_socket(), and protocol.

Referenced by nasl_open_sock_kdc().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_option()

int open_sock_option ( struct script_infos args,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)

Definition at line 1996 of file network.c.

1998{
1999 struct sockaddr_in addr;
2000 struct sockaddr_in6 addr6;
2001 struct in6_addr *t;
2002
2003 t = plug_get_host_ip (args);
2004 if (!t)
2005 {
2006 g_message ("ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
2007 return (-1);
2008 }
2009 if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
2010 return (-1);
2011 if (IN6_IS_ADDR_V4MAPPED (t))
2012 {
2013 bzero ((void *) &addr, sizeof (addr));
2014 addr.sin_family = AF_INET;
2015 addr.sin_port = htons ((unsigned short) port);
2016 addr.sin_addr.s_addr = t->s6_addr32[3];
2017 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
2018 sizeof (struct sockaddr_in));
2019 }
2020 else
2021 {
2022 bzero ((void *) &addr6, sizeof (addr6));
2023 addr6.sin6_family = AF_INET6;
2024 addr6.sin6_port = htons ((unsigned short) port);
2025 memcpy (&addr6.sin6_addr, t, sizeof (struct in6_addr));
2026 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
2027 sizeof (struct sockaddr_in6));
2028 }
2029}
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316

References open_socket(), plug_get_host_ip(), and protocol.

Referenced by open_sock_tcp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_tcp()

int open_sock_tcp ( struct script_infos args,
unsigned int  port,
int  timeout 
)

Definition at line 1919 of file network.c.

1920{
1921 int ret, retry = 0;
1922 const char *timeout_retry;
1923
1924 timeout_retry = prefs_get ("timeout_retry");
1925 if (timeout_retry)
1926 retry = atoi (timeout_retry);
1927 if (retry < 0)
1928 retry = 0;
1929
1930 while (retry >= 0)
1931 {
1932 errno = 0;
1933 ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
1934 if (ret >= 0 || errno != ETIMEDOUT)
1935 break;
1936 retry--;
1937 }
1938 if (ret < 0 && errno == ETIMEDOUT)
1939 {
1940 int log_count, attempts = 0;
1941 char *ip_str = plug_get_host_ip_str (args), buffer[1024];
1942 kb_t kb = plug_get_kb (args);
1943 const char *max_attempts;
1944
1945 max_attempts = prefs_get ("open_sock_max_attempts");
1946 if (max_attempts)
1947 attempts = atoi (max_attempts);
1948 if (attempts < 0)
1949 attempts = 0;
1950
1951 g_snprintf (buffer, sizeof (buffer), "ConnectTimeout/%s/%d", ip_str,
1952 port);
1953 log_count = kb_item_get_int (kb, buffer);
1954 if (log_count == -1)
1955 log_count = 0;
1956 if (log_count < 3)
1957 {
1958 g_message ("open_sock_tcp: %s:%d time-out.", ip_str, port);
1959 log_count++;
1960 kb_item_set_int_with_main_kb_check (kb, buffer, log_count);
1961 }
1962 if ((log_count >= attempts) && (attempts != 0))
1963 {
1964 /* After some unsuccessfully attempts, the port is set to closed to
1965 * avoid new attempts from other plugins.
1966 */
1967 if (host_get_port_state (args, port) > 0)
1968 {
1969 char host_port_ip_str[INET6_ADDRSTRLEN];
1970
1971 g_snprintf (buffer, sizeof (buffer), "Ports/tcp/%d", port);
1972 g_message ("open_sock_tcp: %s:%d too many timeouts. "
1973 "This port will be set to closed.",
1974 host_port_ip_str, port);
1975 kb_item_set_int_with_main_kb_check (kb, buffer, 0);
1976
1977 addr6_to_str (args->ip, host_port_ip_str);
1978 snprintf (
1979 buffer, sizeof (buffer),
1980 "ERRMSG|||%s|||%s|||%d/tcp||| |||Too many timeouts. The port"
1981 " was set to closed.",
1982 host_port_ip_str,
1983 plug_current_vhost () ? plug_current_vhost () : " ", port);
1984
1985 kb_item_push_str_with_main_kb_check (get_main_kb (),
1986 "internal/results", buffer);
1987 }
1988 }
1989 g_free (ip_str);
1990 }
1991
1992 return ret;
1993}
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition: kb_cache.c:41
open_sock_option
int open_sock_option(struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
Definition: network.c:1996
host_get_port_state
int host_get_port_state(struct script_infos *plugdata, int portnum)
Definition: plugutils.c:144
plug_current_vhost
const char * plug_current_vhost(void)
Definition: plugutils.c:47
kb_item_push_str_with_main_kb_check
int kb_item_push_str_with_main_kb_check(kb_t kb, const char *name, const char *value)
Check if the current kb corresponds to the original scanid, if it matches it kb_item_push_str....
Definition: plugutils.c:478
plug_get_host_ip_str
char * plug_get_host_ip_str(struct script_infos *desc)
Definition: plugutils.c:322
kb_item_set_int_with_main_kb_check
int kb_item_set_int_with_main_kb_check(kb_t kb, const char *name, int value)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_set_int....
Definition: plugutils.c:554
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:1055
script_infos::ip
struct in6_addr * ip
Definition: scanneraux.h:37

References get_main_kb(), host_get_port_state(), script_infos::ip, kb_item_push_str_with_main_kb_check(), kb_item_set_int_with_main_kb_check(), open_sock_option(), plug_current_vhost(), plug_get_host_ip_str(), and plug_get_kb().

Referenced by open_stream_connection_ext().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_auto_encaps_ext()

int open_stream_auto_encaps_ext ( struct script_infos args,
unsigned int  port,
int  timeout,
int  force 
)

Definition at line 1185 of file network.c.

1187{
1188 int fd, transport;
1189
1190 if (force)
1191 {
1192 /* Try SSL/TLS first */
1193 transport = OPENVAS_ENCAPS_TLScustom;
1194 fd = open_stream_connection (args, port, transport, timeout);
1195 if (fd < 0)
1196 {
1197 transport = OPENVAS_ENCAPS_IP;
1198 fd = open_stream_connection (args, port, OPENVAS_ENCAPS_IP, timeout);
1199 if (fd < 0)
1200 return -1;
1201 }
1202 /* Store that encapsulation mode in the KB. */
1203 plug_set_port_transport (args, port, transport);
1204 return fd;
1205 }
1206 else
1207 {
1208 transport = plug_get_port_transport (args, port);
1209 fd = open_stream_connection (args, port, transport, timeout);
1210 return fd;
1211 }
1212 /*NOTREACHED*/
1213}
open_stream_connection
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition: network.c:1175
plug_get_port_transport
int plug_get_port_transport(struct script_infos *args, int port)
Definition: plugutils.c:1288
plug_set_port_transport
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition: plugutils.c:1275

References open_stream_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_TLScustom, plug_get_port_transport(), and plug_set_port_transport().

Referenced by nasl_open_sock_tcp_bufsz().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection()

int open_stream_connection ( struct script_infos args,
unsigned int  port,
int  transport,
int  timeout 
)

Definition at line 1175 of file network.c.

1177{
1178 return open_stream_connection_ext (args, port, transport, timeout,
1179 tls_priorities, tls_priority_flag);
1180}
open_stream_connection_ext
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
Definition: network.c:1046
tls_priorities
const char * tls_priorities
Definition: network.c:146
tls_priority_flag
int tls_priority_flag
Definition: network.c:147

References open_stream_connection_ext(), tls_priorities, and tls_priority_flag.

Referenced by nasl_end_denial(), nasl_start_denial(), open_stream_auto_encaps_ext(), plugin_do_run(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection_ext()

int open_stream_connection_ext ( struct script_infos args,
unsigned int  port,
int  transport,
int  timeout,
const char *  priority,
int  flags 
)

Definition at line 1046 of file network.c.

1049{
1050 int fd, ret;
1051 openvas_connection *fp;
1052 char *cert = NULL;
1053 char *key = NULL;
1054 char *passwd = NULL;
1055 char *cafile = NULL;
1056 char *hostname = NULL;
1057 char *hostname_aux = NULL;
1058
1059 /* Because plug_get_host_fqdn() forks for each vhost, we fork() before
1060 creating the socket */
1061 hostname_aux = plug_get_host_fqdn (args);
1062
1063 if (!priority)
1064 priority = ""; /* To us an empty string is equivalent to NULL. */
1065
1066 g_debug ("[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
1067 " priority: '%s'",
1068 getpid (), port, transport, timeout, priority);
1069
1070 if (timeout == -2)
1071 timeout = TIMEOUT;
1072
1073 ret = -1;
1074 switch (transport)
1075 {
1076 case OPENVAS_ENCAPS_IP:
1077
1078 case OPENVAS_ENCAPS_SSLv23:
1079 case OPENVAS_ENCAPS_SSLv3:
1080 case OPENVAS_ENCAPS_TLSv1:
1081 case OPENVAS_ENCAPS_TLSv11:
1082 case OPENVAS_ENCAPS_TLSv12:
1083 case OPENVAS_ENCAPS_TLSv13:
1084 case OPENVAS_ENCAPS_TLScustom:
1085 case OPENVAS_ENCAPS_SSLv2:
1086 break;
1087
1088 default:
1089 g_message ("open_stream_connection_ext(): unsupported transport"
1090 " layer %d passed by %s",
1091 transport, args->name);
1092 errno = EINVAL;
1093
1094 g_free (hostname_aux);
1095 return ret;
1096 }
1097
1098 if ((fd = get_connection_fd ()) < 0)
1099 {
1100 g_free (hostname_aux);
1101 return ret;
1102 }
1103 fp = OVAS_CONNECTION_FROM_FD (fd);
1104
1105 fp->transport = transport;
1106 g_free (fp->priority);
1107 if (*priority)
1108 fp->priority = g_strdup (priority);
1109 else
1110 fp->priority = NULL;
1111 fp->timeout = timeout;
1112 fp->port = port;
1113 fp->last_err = 0;
1114
1115 fp->fd = open_sock_tcp (args, port, timeout);
1116 if (fp->fd < 0)
1117 goto failed;
1118
1119 kb_t kb = plug_get_kb (args);
1120 switch (transport)
1121 {
1122 char buf[1024];
1123
1124 case OPENVAS_ENCAPS_IP:
1125 break;
1126 case OPENVAS_ENCAPS_SSLv23:
1127 case OPENVAS_ENCAPS_SSLv3:
1128 case OPENVAS_ENCAPS_TLSv1:
1129 case OPENVAS_ENCAPS_TLSv11:
1130 case OPENVAS_ENCAPS_TLSv12:
1131 case OPENVAS_ENCAPS_TLSv13:
1132 case OPENVAS_ENCAPS_TLScustom:
1133 cert = kb_item_get_str (kb, "SSL/cert");
1134 key = kb_item_get_str (kb, "SSL/key");
1135 passwd = kb_item_get_str (kb, "SSL/password");
1136
1137 cafile = kb_item_get_str (kb, "SSL/CA");
1138
1139 /* fall through */
1140
1141 case OPENVAS_ENCAPS_SSLv2:
1142 /* We do not need a client certificate in this case */
1143 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
1144 if (kb_item_get_int (kb, buf) <= 0)
1145 hostname = hostname_aux;
1146
1147 ret =
1148 open_SSL_connection (fp, cert, key, passwd, cafile, hostname, flags);
1149 g_free (cert);
1150 g_free (key);
1151 g_free (passwd);
1152 g_free (cafile);
1153 if (ret <= 0)
1154 goto failed;
1155 break;
1156 }
1157
1158 g_free (hostname_aux);
1159
1160 return fd;
1161
1162failed:
1163 release_connection_fd (fd, 0);
1164 return ret;
1165}
TIMEOUT
#define TIMEOUT
Definition: network.c:45
get_connection_fd
static int get_connection_fd(void)
Returns a free file descriptor.
Definition: network.c:153
open_sock_tcp
int open_sock_tcp(struct script_infos *args, unsigned int port, int timeout)
Definition: network.c:1919
open_SSL_connection
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
Open an TLS/SSL connection.
Definition: network.c:580
plug_get_host_fqdn
char * plug_get_host_fqdn(struct script_infos *args)
Definition: plugutils.c:242
openvas_connection::fd
int fd
Definition: network.c:64
openvas_connection::timeout
int timeout
Definition: network.c:71
openvas_connection::priority
char * priority
Definition: network.c:70
openvas_connection::last_err
int last_err
Definition: network.c:82
script_infos::name
char * name
Definition: scanneraux.h:35

References openvas_connection::fd, get_connection_fd(), hostname, openvas_connection::last_err, script_infos::name, open_sock_tcp(), open_SSL_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), TIMEOUT, openvas_connection::timeout, and openvas_connection::transport.

Referenced by nasl_open_sock_tcp_bufsz(), open_stream_connection(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_tls_default_priorities()

void open_stream_tls_default_priorities ( const char *  p,
const int  pflag 
)

Definition at line 1168 of file network.c.

1169{
1170 tls_priorities = p;
1171 tls_priority_flag = pflag;
1172}

References tls_priorities, and tls_priority_flag.

Referenced by retry_stream_connection().

Here is the caller graph for this function:

◆ openvas_deregister_connection()

int openvas_deregister_connection ( int  fd)

Definition at line 259 of file network.c.

260{
261 openvas_connection *p;
262 if (!OPENVAS_STREAM (fd))
263 {
264 errno = EINVAL;
265 return -1;
266 }
267
268 p = connections + (fd - OPENVAS_FD_OFF);
269 /* Fixme: Code duplicated from release_connection_fd. Check usage
270 of this function make sure that TLS stuff is also released in
271 case it is used here. */
272 g_free (p->priority);
273 p->priority = NULL;
274 bzero (p, sizeof (*p));
275 p->transport = -1;
276 return 0;
277}

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::priority, and openvas_connection::transport.

◆ openvas_get_socket_from_connection()

int openvas_get_socket_from_connection ( int  fd)

Definition at line 357 of file network.c.

358{
359 openvas_connection *fp;
360
361 if (!OPENVAS_STREAM (fd))
362 {
363 g_message ("[%d] openvas_get_socket_from_connection: bad fd <%d>",
364 getpid (), fd);
365 return fd;
366 }
367 fp = connections + (fd - OPENVAS_FD_OFF);
368 if (fp->transport <= 0)
369 {
370 g_message ("openvas_get_socket_from_connection: fd <%d> is closed", fd);
371 return -1;
372 }
373 return fp->fd;
374}

References connections, openvas_connection::fd, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::transport.

Referenced by nasl_get_source_port(), nasl_ssh_connect(), and plugin_do_run().

Here is the caller graph for this function:

◆ openvas_register_connection()

int openvas_register_connection ( int  soc,
void *  ssl,
gnutls_certificate_credentials_t  certcred,
openvas_encaps_t  encaps 
)
Todo:
TLS FIXME: migrate this to TLS
Todo:
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.

Definition at line 234 of file network.c.

237{
238 int fd;
239 openvas_connection *p;
240
241 if ((fd = get_connection_fd ()) < 0)
242 return -1;
243 p = OVAS_CONNECTION_FROM_FD (fd);
244
245 p->tls_session = ssl;
246 p->tls_cred = certcred;
247
248 p->timeout = TIMEOUT; /* default value */
249 p->port = 0; /* just used for debug */
250 p->fd = soc;
251 p->transport = encaps;
252 p->priority = NULL;
253 p->last_err = 0;
254
255 return fd;
256}
openvas_connection::tls_cred
gnutls_certificate_credentials_t tls_cred
Definition: network.c:76

References openvas_connection::fd, get_connection_fd(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, openvas_connection::port, openvas_connection::priority, TIMEOUT, openvas_connection::timeout, openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_open_privileged_socket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas_SSL_init()

int openvas_SSL_init ( void  )

Initializes SSL support.

Definition at line 341 of file network.c.

342{
343 gnutls_global_set_log_level (2);
344 gnutls_global_set_log_function (log_message_gnutls);
345
346 int ret = gnutls_global_init ();
347 if (ret < 0)
348 {
349 tlserror ("gnutls_global_init", ret);
350 return -1;
351 }
352
353 return 0;
354}
tlserror
static void tlserror(char *txt, int err)
Definition: network.c:326
log_message_gnutls
static void log_message_gnutls(int level, const char *msg)
Definition: network.c:332

References log_message_gnutls(), and tlserror().

Referenced by check_tls(), and main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ os_recv()

int os_recv ( int  soc,
void *  buf,
int  len,
int  opt 
)

Definition at line 2235 of file network.c.

2236{
2237 char *buf0 = (char *) buf;
2238 int e, n;
2239 for (n = 0; n < len;)
2240 {
2241 errno = 0;
2242 e = recv (soc, buf0 + n, len - n, opt);
2243 if (e < 0 && errno == EINTR)
2244 continue;
2245 else if (e <= 0)
2246 return -1;
2247 else
2248 n += e;
2249 }
2250 return n;
2251}

References len.

◆ os_send()

int os_send ( int  soc,
void *  buf,
int  len,
int  opt 
)

Definition at line 2216 of file network.c.

2217{
2218 char *buf0 = (char *) buf;
2219 int e, n;
2220 for (n = 0; n < len;)
2221 {
2222 errno = 0;
2223 e = send (soc, buf0 + n, len - n, opt);
2224 if (e < 0 && errno == EINTR)
2225 continue;
2226 else if (e <= 0)
2227 return -1;
2228 else
2229 n += e;
2230 }
2231 return n;
2232}

References len.

Referenced by nsend().

Here is the caller graph for this function:

◆ ovas_get_tlssession_from_connection()

gnutls_session_t ovas_get_tlssession_from_connection ( int  fd)

Definition at line 377 of file network.c.

378{
379 openvas_connection *fp;
380
381 if (!OPENVAS_STREAM (fd))
382 return NULL;
383
384 fp = connections + (fd - OPENVAS_FD_OFF);
385 return fp->tls_session;
386}

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::tls_session.

Referenced by socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), and socket_get_ssl_version().

Here is the caller graph for this function:

◆ read_stream_connection()

int read_stream_connection ( int  fd,
void *  buf0,
int  len 
)

Definition at line 1457 of file network.c.

1458{
1459 return read_stream_connection_min (fd, buf0, -1, len);
1460}
read_stream_connection_min
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1397

References len, and read_stream_connection_min().

Referenced by nasl_telnet_init(), nrecv(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_min()

int read_stream_connection_min ( int  fd,
void *  buf0,
int  min_len,
int  max_len 
)

Definition at line 1397 of file network.c.

1398{
1399 openvas_connection *fp;
1400
1401 if (OPENVAS_STREAM (fd))
1402 {
1403 fp = OVAS_CONNECTION_FROM_FD (fd);
1404 if (fp->buf != NULL)
1405 {
1406 int l1, l2;
1407
1408 if (max_len == 1)
1409 min_len = 1; /* avoid "magic read" later */
1410 l2 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1411 if (l2 > 0)
1412 {
1413 memcpy (buf0, fp->buf + fp->bufptr, l2);
1414 fp->bufcnt -= l2;
1415 if (fp->bufcnt == 0)
1416 {
1417 fp->bufptr = 0;
1418 fp->buf[0] = '\0'; /* debug */
1419 }
1420 else
1421 fp->bufptr += l2;
1422 if (l2 >= min_len || l2 >= max_len)
1423 return l2;
1424 max_len -= l2;
1425 min_len -= l2;
1426 }
1427 if (min_len > fp->bufsz)
1428 {
1429 l1 = read_stream_connection_unbuffered (fd, (char *) buf0 + l2,
1430 min_len, max_len);
1431 if (l1 > 0)
1432 return l1 + l2;
1433 else
1434 return l2;
1435 }
1436 /* Fill buffer */
1437 l1 =
1438 read_stream_connection_unbuffered (fd, fp->buf, min_len, fp->bufsz);
1439 if (l1 <= 0)
1440 return l2;
1441
1442 fp->bufcnt = l1;
1443 l1 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1444 memcpy ((char *) buf0 + l2, fp->buf + fp->bufptr, l1);
1445 fp->bufcnt -= l1;
1446 if (fp->bufcnt == 0)
1447 fp->bufptr = 0;
1448 else
1449 fp->bufptr += l1;
1450 return l1 + l2;
1451 }
1452 }
1453 return read_stream_connection_unbuffered (fd, buf0, min_len, max_len);
1454}
read_stream_connection_unbuffered
static int read_stream_connection_unbuffered(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1232
openvas_connection::bufcnt
int bufcnt
Definition: network.c:81
openvas_connection::bufptr
int bufptr
Definition: network.c:81
openvas_connection::bufsz
int bufsz
Definition: network.c:81
openvas_connection::buf
char * buf
Definition: network.c:80

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and read_stream_connection_unbuffered().

Referenced by nasl_recv(), nasl_recv_line(), nasl_telnet_init(), plugin_do_run(), read_stream_connection(), and recv_line().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ recv_line()

int recv_line ( int  soc,
char *  buf,
size_t  bufsiz 
)

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.

Definition at line 2040 of file network.c.

2041{
2042 int n;
2043 unsigned int ret = 0;
2044
2045 /* Dirty SSL hack */
2046 if (OPENVAS_STREAM (soc))
2047 {
2048 buf[0] = '\0';
2049
2050 do
2051 {
2052 n = read_stream_connection_min (soc, buf + ret, 1, 1);
2053 switch (n)
2054 {
2055 case -1:
2056 if (ret == 0)
2057 return -1;
2058 else
2059 return ret;
2060 break;
2061
2062 case 0:
2063 return ret;
2064 break;
2065
2066 default:
2067 ret++;
2068 }
2069 }
2070 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2071
2072 if (ret > 0)
2073 {
2074 if (buf[ret - 1] != '\0')
2075 {
2076 if (ret < bufsiz)
2077 buf[ret] = '\0';
2078 else
2079 buf[bufsiz - 1] = '\0';
2080 }
2081 }
2082
2083 return ret;
2084 }
2085 else
2086 {
2087 fd_set rd;
2088
2089 do
2090 {
2091 int e;
2092 again:
2093 errno = 0;
2094 FD_ZERO (&rd);
2095 FD_SET (soc, &rd);
2096 e = select (soc + 1, &rd, NULL, NULL, NULL);
2097 if (e == 0 && !FD_ISSET (soc, &rd))
2098 return -1;
2099 if (e < 0 && errno == EINTR)
2100 goto again;
2101 if (e > 0)
2102 {
2103 n = recv (soc, buf + ret, 1, 0);
2104 switch (n)
2105 {
2106 case -1:
2107 if (errno == EINTR)
2108 continue;
2109 if (ret == 0)
2110 return -1;
2111 else
2112 return ret;
2113 break;
2114 case 0:
2115 return ret;
2116 break;
2117 default:
2118 ret++;
2119 }
2120 }
2121 else
2122 break;
2123 }
2124 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2125
2126 if (ret > 0)
2127 {
2128 if (buf[ret - 1] != '\0')
2129 {
2130 if (ret < bufsiz)
2131 buf[ret] = '\0';
2132 else
2133 buf[bufsiz - 1] = '\0';
2134 }
2135 }
2136 }
2137
2138 return ret;
2139}

References OPENVAS_STREAM, and read_stream_connection_min().

Referenced by ftp_get_pasv_address(), and ftp_log_in().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_close()

int socket_close ( int  soc)

Definition at line 2142 of file network.c.

2143{
2144 return close (soc);
2145}

Referenced by close_stream_connection(), open_socket(), and release_connection_fd().

Here is the caller graph for this function:

◆ socket_get_cert()

void socket_get_cert ( int  fd,
void **  cert,
int *  certlen 
)

Definition at line 887 of file network.c.

888{
889 gnutls_session_t session;
890 const gnutls_datum_t *cert_list;
891 unsigned int cert_list_len = 0;
892
893 if (!cert || !certlen)
894 return;
895 if (!fd_is_stream (fd))
896 {
897 g_message ("Socket %d is not stream", fd);
898 return;
899 }
900 session = ovas_get_tlssession_from_connection (fd);
901 if (!session)
902 {
903 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
904 return;
905 }
906 if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
907 return;
908 cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
909 if (cert_list_len == 0)
910 return;
911 *certlen = cert_list[0].size;
912 *cert = g_memdup2 (cert_list[0].data, *certlen);
913}
fd_is_stream
int fd_is_stream(int fd)
Definition: network.c:2152
ovas_get_tlssession_from_connection
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition: network.c:377

References fd_is_stream(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_cert().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_ciphersuite()

int socket_get_ssl_ciphersuite ( int  fd)

Definition at line 1006 of file network.c.

1007{
1008 gnutls_session_t session;
1009 gnutls_kx_algorithm_t kx, kx2;
1010 gnutls_cipher_algorithm_t cipher, cipher2;
1011 gnutls_mac_algorithm_t mac, mac2;
1012 size_t idx = 0;
1013 unsigned char cs_id[2];
1014
1015 if (!fd_is_stream (fd))
1016 {
1017 g_message ("Socket %d is not stream", fd);
1018 return -1;
1019 }
1020 session = ovas_get_tlssession_from_connection (fd);
1021 if (!session)
1022 {
1023 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
1024 return -1;
1025 }
1026
1027 kx = gnutls_kx_get (session);
1028 cipher = gnutls_cipher_get (session);
1029 mac = gnutls_mac_get (session);
1030 while (
1031 gnutls_cipher_suite_info (idx, (void *) cs_id, &kx2, &cipher2, &mac2, NULL))
1032 {
1033 if (kx == kx2 && cipher == cipher2 && mac == mac2)
1034 return cs_id[0] + cs_id[1];
1035 idx++;
1036 }
1037 return -1;
1038}
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition: nasl_crypt_helper.c:97

References fd_is_stream(), mac(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_ciphersuite().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_compression()

int socket_get_ssl_compression ( int  )

◆ socket_get_ssl_session_id()

void socket_get_ssl_session_id ( int  fd,
void **  sid,
size_t *  ssize 
)

Definition at line 966 of file network.c.

967{
968 gnutls_session_t session;
969 void *tmp;
970 *ssize = GNUTLS_MAX_SESSION_ID;
971 int ret;
972
973 if (!sid)
974 return;
975 if (!fd_is_stream (fd))
976 {
977 g_message ("Socket %d is not stream", fd);
978 return;
979 }
980 session = ovas_get_tlssession_from_connection (fd);
981 if (!session)
982 {
983 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
984 return;
985 }
986 tmp = g_malloc0 (*ssize);
987 ret = gnutls_session_get_id (session, tmp, ssize);
988 if (ret == GNUTLS_E_SUCCESS)
989 *sid = tmp;
990 else
991 {
992 g_free (tmp);
993 *ssize = 0;
994 tlserror ("gnutls_session_id", ret);
995 }
996}

References fd_is_stream(), ovas_get_tlssession_from_connection(), and tlserror().

Referenced by nasl_socket_get_ssl_session_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_version()

int socket_get_ssl_version ( int  fd)

Definition at line 923 of file network.c.

924{
925 gnutls_session_t session;
926 gnutls_protocol_t version;
927
928 if (!fd_is_stream (fd))
929 {
930 g_message ("Socket %d is not stream", fd);
931 return -1;
932 }
933 session = ovas_get_tlssession_from_connection (fd);
934 if (!session)
935 {
936 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
937 return -1;
938 }
939
940 version = gnutls_protocol_get_version (session);
941 switch (version)
942 {
943 case GNUTLS_SSL3:
944 return OPENVAS_ENCAPS_SSLv3;
945 case GNUTLS_TLS1:
946 return OPENVAS_ENCAPS_TLSv1;
947 case GNUTLS_TLS1_1:
948 return OPENVAS_ENCAPS_TLSv11;
949 case GNUTLS_TLS1_2:
950 return OPENVAS_ENCAPS_TLSv12;
951 case GNUTLS_TLS1_3:
952 return OPENVAS_ENCAPS_TLSv13;
953 default:
954 return -1;
955 }
956}

References fd_is_stream(), OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_version().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_negotiate_ssl()

int socket_negotiate_ssl ( int  fd,
openvas_encaps_t  transport,
struct script_infos args 
)

Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.

Parameters
[in]fdSocket file descriptor.
[in]transportEncapsulation type.
[in]argScript args.
Returns
-1 if error, socket file descriptor value otherwise.

Definition at line 820 of file network.c.

822{
823 char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
824 char *hostname = NULL;
825 openvas_connection *fp;
826 kb_t kb;
827 char buf[1024];
828 static gboolean connection_failed_msg_sent = FALSE; // send msg only once
829
830 if (!fd_is_stream (fd))
831 {
832 g_message ("Socket %d is not stream", fd);
833 return -1;
834 }
835 fp = OVAS_CONNECTION_FROM_FD (fd);
836 kb = plug_get_kb (args);
837 cert = kb_item_get_str (kb, "SSL/cert");
838 key = kb_item_get_str (kb, "SSL/key");
839 passwd = kb_item_get_str (kb, "SSL/password");
840 cafile = kb_item_get_str (kb, "SSL/CA");
841 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
842 if (kb_item_get_int (kb, buf) <= 0)
843 hostname = plug_get_host_fqdn (args);
844
845 fp->transport = transport;
846 fp->priority = NULL;
847 if (open_SSL_connection (fp, cert, key, passwd, cafile, hostname,
848 NO_PRIORITY_FLAGS)
849 <= 0)
850 {
851 g_free (cert);
852 g_free (key);
853 g_free (passwd);
854 g_free (cafile);
855 if (!connection_failed_msg_sent)
856 {
857 g_message ("Function socket_negotiate_ssl called from %s: "
858 "SSL/TLS connection (host: %s, ip: %s) failed.",
859 nasl_get_plugin_filename (),
860 plug_get_host_fqdn (args) ? plug_get_host_fqdn (args)
861 : "unknown",
862 plug_get_host_ip_str (args) ? plug_get_host_ip_str (args)
863 : "unknown");
864 connection_failed_msg_sent = TRUE;
865 }
866 g_free (hostname);
867 release_connection_fd (fd, 0);
868 return -1;
869 }
870 g_free (hostname);
871 g_free (cert);
872 g_free (key);
873 g_free (passwd);
874 g_free (cafile);
875 return fd;
876}
nasl_get_plugin_filename
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition: nasl_debug.c:42
NO_PRIORITY_FLAGS
#define NO_PRIORITY_FLAGS
Definition: network.h:48

References fd_is_stream(), hostname, nasl_get_plugin_filename(), NO_PRIORITY_FLAGS, open_SSL_connection(), OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_host_ip_str(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), and openvas_connection::transport.

Referenced by nasl_socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_do_handshake()

int socket_ssl_do_handshake ( int  fd)

Do a re-handshake of the TLS/SSL protocol.

Parameters
[in]fdSocket file descriptor.
Returns
1 on success, less than 0 on failure or error.

Definition at line 737 of file network.c.

738{
739 int err, d, ret;
740 openvas_connection *fp;
741 time_t tictac;
742 fd_set fdw, fdr;
743 struct timeval to;
744
745 if (!fd_is_stream (fd))
746 {
747 g_message ("%s: Socket %d is not stream", __func__, fd);
748 return -1;
749 }
750 fp = OVAS_CONNECTION_FROM_FD (fd);
751
752 tictac = time (NULL);
753
754 for (;;)
755 {
756 err = gnutls_handshake (fp->tls_session);
757
758 if (err == 0)
759 {
760 g_debug ("no error during handshake");
761 return 1;
762 }
763 if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
764 && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
765 {
766 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
767 return -1;
768 }
769 else if (err == GNUTLS_E_WARNING_ALERT_RECEIVED)
770 {
771 int last_alert;
772
773 last_alert = gnutls_alert_get (fp->tls_session);
774 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
775
776 g_debug ("* Received alert '%d': %s.\n", last_alert,
777 gnutls_alert_get_name (last_alert));
778 return err;
779 }
780 FD_ZERO (&fdr);
781 FD_SET (fp->fd, &fdr);
782 FD_ZERO (&fdw);
783 FD_SET (fp->fd, &fdw);
784
785 do
786 {
787 d = tictac + fp->timeout - time (NULL);
788 if (d <= 0)
789 {
790 fp->last_err = ETIMEDOUT;
791 g_debug ("%s: time out", __func__);
792 return -1;
793 }
794 to.tv_sec = d;
795 to.tv_usec = 0;
796 errno = 0;
797 if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
798 pid_perror ("select");
799 }
800 while (ret < 0 && errno == EINTR);
801
802 if (ret <= 0)
803 {
804 fp->last_err = ETIMEDOUT;
805 g_debug ("%s: time out", __func__);
806 return -1;
807 }
808 }
809}
pid_perror
static int pid_perror(const char *error)
Definition: network.c:125

References openvas_connection::fd, fd_is_stream(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, pid_perror(), openvas_connection::timeout, timeval(), and openvas_connection::tls_session.

Referenced by nasl_socket_ssl_do_handshake().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_safe_renegotiation_status()

int socket_ssl_safe_renegotiation_status ( int  fd)

Check if Secure Renegotiation is supported in the server side.

Parameters
[in]fdSocket file descriptor.
Returns
1 if supported, 0 if not supported and less than 0 on error.

Definition at line 716 of file network.c.

717{
718 openvas_connection *fp;
719
720 if (!fd_is_stream (fd))
721 {
722 g_message ("%s: Socket %d is not stream", __func__, fd);
723 return -1;
724 }
725 fp = OVAS_CONNECTION_FROM_FD (fd);
726
727 return gnutls_safe_renegotiation_status (fp->tls_session);
728}

References fd_is_stream(), OVAS_CONNECTION_FROM_FD, and openvas_connection::tls_session.

Referenced by nasl_socket_check_ssl_safe_renegotiation().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stream_get_buffer_sz()

int stream_get_buffer_sz ( int  fd)

Definition at line 2158 of file network.c.

2159{
2160 openvas_connection *p;
2161 if (!OPENVAS_STREAM (fd))
2162 return -1;
2163 p = OVAS_CONNECTION_FROM_FD (fd);
2164 return p->bufsz;
2165}

References openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_recv_line().

Here is the caller graph for this function:

◆ stream_get_err()

int stream_get_err ( int  fd)

Definition at line 132 of file network.c.

133{
134 openvas_connection *p;
135
136 if (!OPENVAS_STREAM (fd))
137 {
138 errno = EINVAL;
139 return -1;
140 }
141
142 p = OVAS_CONNECTION_FROM_FD (fd);
143 return p->last_err;
144}

References openvas_connection::last_err, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_socket_get_error().

Here is the caller graph for this function:

◆ stream_set()

int stream_set ( int  ,
fd_set *   
)

◆ stream_set_buffer()

int stream_set_buffer ( int  fd,
int  sz 
)

Definition at line 2168 of file network.c.

2169{
2170 openvas_connection *p;
2171 char *b;
2172
2173 if (!OPENVAS_STREAM (fd))
2174 return -1;
2175
2176 p = OVAS_CONNECTION_FROM_FD (fd);
2177 if (sz < p->bufcnt)
2178 return -1; /* Do not want to lose data */
2179
2180 if (sz == 0)
2181 {
2182 g_free (p->buf);
2183 p->buf = NULL;
2184 p->bufsz = 0;
2185 return 0;
2186 }
2187 else if (p->buf == 0)
2188 {
2189 p->buf = g_malloc0 (sz);
2190 if (p->buf == NULL)
2191 return -1;
2192 p->bufsz = sz;
2193 p->bufptr = 0;
2194 p->bufcnt = 0;
2195 return 0;
2196 }
2197 else
2198 {
2199 if (p->bufcnt > 0)
2200 {
2201 memmove (p->buf, p->buf + p->bufptr, p->bufcnt);
2202 p->bufptr = 0;
2203 }
2204 b = g_realloc (p->buf, sz);
2205 if (b == NULL)
2206 return -1;
2207 p->buf = b;
2208 p->bufsz = sz;
2209 return 0;
2210 }
2211}

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_open_sock_tcp_bufsz(), and nasl_recv_line().

Here is the caller graph for this function:

◆ stream_set_timeout()

int stream_set_timeout ( int  fd,
int  timeout 
)

Definition at line 1216 of file network.c.

1217{
1218 int old;
1219 openvas_connection *fp;
1220 if (!OPENVAS_STREAM (fd))
1221 {
1222 errno = EINVAL;
1223 return 0;
1224 }
1225 fp = OVAS_CONNECTION_FROM_FD (fd);
1226 old = fp->timeout;
1227 fp->timeout = timeout;
1228 return old;
1229}

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and openvas_connection::timeout.

Referenced by nasl_recv(), and plugin_do_run().

Here is the caller graph for this function:

◆ stream_zero()

int stream_zero ( fd_set *  )

◆ write_stream_connection()

int write_stream_connection ( int  fd,
void *  buf,
int  n 
)

Definition at line 1583 of file network.c.

1584{
1585 return write_stream_connection4 (fd, buf0, n, 0);
1586}

References write_stream_connection4().

Referenced by ftp_get_pasv_address(), ftp_log_in(), nasl_telnet_init(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function: