OpenVAS Scanner 23.32.3
attack.h File Reference

attack.c header. More...

#include "../misc/scanneraux.h"
#include <gvm/util/kb.h>
Include dependency graph for attack.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int attack_network (struct scan_globals *)
 Attack a whole network. return 0 on successes, -1 if there was a critical error.

Detailed Description

attack.c header.

Definition in file attack.h.

Function Documentation

◆ attack_network()

int attack_network ( struct scan_globals * globals)

Attack a whole network. return 0 on successes, -1 if there was a critical error.

Definition at line 1170 of file attack.c.

1171{
1172 int max_hosts = 0, max_checks;
1173 const char *hostlist;
1174 gvm_host_t *host;
1175 plugins_scheduler_t sched;
1176 int fork_retries = 0;
1177 struct timeval then, now;
1178 gvm_hosts_t *hosts;
1179 const gchar *port_range;
1180 int allow_simultaneous_ips;
1181 kb_t arg_host_kb, main_kb;
1182 GSList *unresolved;
1183 char buf[96];
1184 int error = 0;
1185
1186 check_deprecated_prefs ();
1187
1188 gboolean test_alive_hosts_only = prefs_get_bool ("test_alive_hosts_only");
1189 gvm_hosts_t *alive_hosts_list = NULL;
1190 kb_t alive_hosts_kb = NULL;
1191 if (test_alive_hosts_only)
1192 connect_main_kb (&alive_hosts_kb);
1193
1194 gettimeofday (&then, NULL);
1195
1196 if (check_kb_access ())
1197 {
1198 error = -1;
1199 return error;
1200 }
1201 /* Init and check Target List */
1202 hostlist = prefs_get ("TARGET");
1203 if (hostlist == NULL)
1204 {
1205 error = -1;
1206 return error;
1207 }
1208
1209 /* Verify the port range is a valid one */
1210 port_range = prefs_get ("port_range");
1211 if (validate_port_range (port_range))
1212 {
1213 connect_main_kb (&main_kb);
1214 message_to_client (
1215 main_kb, "Invalid port list. Ports must be in the range [1-65535]",
1216 NULL, NULL, "ERRMSG");
1217 kb_lnk_reset (main_kb);
1218 g_warning ("Invalid port list. Ports must be in the range [1-65535]. "
1219 "Scan terminated.");
1220 set_scan_status ("finished");
1221
1222 error = -1;
1223 return error;
1224 }
1225
1226 /* Initialize the attack. */
1227 int plugins_init_error = 0;
1228 sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1229 prefs_get_bool ("auto_enable_dependencies"),
1230 &plugins_init_error);
1231 if (!sched)
1232 {
1233 g_message ("Couldn't initialize the plugin scheduler");
1234
1235 error = -1;
1236 return error;
1237 }
1238
1239 if (plugins_init_error > 0)
1240 {
1241 sprintf (buf,
1242 "%d errors were found during the plugin scheduling. "
1243 "Some plugins have not been launched.",
1244 plugins_init_error);
1245
1246 connect_main_kb (&main_kb);
1247 message_to_client (main_kb, buf, NULL, NULL, "ERRMSG");
1248 kb_lnk_reset (main_kb);
1249 }
1250
1251 max_hosts = get_max_hosts_number ();
1252 max_checks = get_max_checks_number ();
1253
1254 hosts = gvm_hosts_new (hostlist);
1255 if (hosts == NULL)
1256 {
1257 char *buffer;
1258 buffer = g_strdup_printf ("Invalid target list: %s.", hostlist);
1259 connect_main_kb (&main_kb);
1260 message_to_client (main_kb, buffer, NULL, NULL, "ERRMSG");
1261 g_free (buffer);
1262 /* Send the hosts count to the client as -1,
1263 * because the invalid target list.*/
1264 message_to_client (main_kb, INVALID_TARGET_LIST, NULL, NULL,
1265 "HOSTS_COUNT");
1266 kb_lnk_reset (main_kb);
1267 g_warning ("Invalid target list. Scan terminated.");
1268
1269 error = -1;
1270 goto stop;
1271 }
1272
1273 unresolved = gvm_hosts_resolve (hosts);
1274 while (unresolved)
1275 {
1276 g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1277 unresolved = unresolved->next;
1278 }
1279 g_slist_free_full (unresolved, g_free);
1280
1281 /* Apply Hosts preferences. */
1282 apply_hosts_preferences_ordering (hosts);
1283
1284 int already_excluded = 0;
1285 already_excluded = apply_hosts_reverse_lookup_preferences (hosts);
1286
1287#ifdef FEATURE_HOSTS_ALLOWED_ONLY
1288 // Remove hosts which are denied and/or keep the ones in the allowed host
1289 // lists
1290 // for both, user and system wide settings.
1291 apply_hosts_allow_deny (hosts);
1292#endif
1293
1294 // Remove the excluded hosts
1295 int exc = apply_hosts_excluded (hosts);
1296
1297 /* Send the excluded hosts count to the client, after removing duplicated and
1298 * unresolved hosts.*/
1299 sprintf (buf, "%d", exc + already_excluded);
1300 connect_main_kb (&main_kb);
1301 message_to_client (main_kb, buf, NULL, NULL, "HOSTS_EXCLUDED");
1302 kb_lnk_reset (main_kb);
1303
1304 /* Send the hosts count to the client, after removing duplicated and
1305 * unresolved hosts.*/
1306 sprintf (buf, "%d", gvm_hosts_count (hosts));
1307 connect_main_kb (&main_kb);
1308 message_to_client (main_kb, buf, NULL, NULL, "HOSTS_COUNT");
1309 kb_lnk_reset (main_kb);
1310
1311 host = gvm_hosts_next (hosts);
1312 if (host == NULL)
1313 goto stop;
1314
1315 hosts_init (max_hosts);
1316
1317 g_message ("Vulnerability scan %s started: Target has %d hosts: "
1318 "%s, with max_hosts = %d and max_checks = %d",
1319 globals->scan_id, gvm_hosts_count (hosts), hostlist, max_hosts,
1320 max_checks);
1321
1322 if (test_alive_hosts_only)
1323 {
1324 /* Boolean signalling if alive detection finished. */
1325 gboolean ad_finished = FALSE;
1326 int err;
1327 pthread_t tid;
1328 struct in6_addr tmpaddr;
1329
1330 /* Reset the iterator. */
1331 hosts->current = 0;
1332 err = pthread_create (&tid, NULL, start_alive_detection, (void *) hosts);
1333 if (err == EAGAIN)
1334 g_warning (
1335 "%s: pthread_create() returned EAGAIN: Insufficient resources "
1336 "to create thread.",
1337 __func__);
1338 set_alive_detection_tid (tid);
1339 g_debug ("%s: started alive detection.", __func__);
1340
1341 for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1342 !host && !ad_finished && !scan_is_stopped ();
1343 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1344 {
1345 fork_sleep (1);
1346 }
1347
1348 if (gvm_host_get_addr6 (host, &tmpaddr) == 0)
1349 host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1350 if (host)
1351 {
1352 g_debug (
1353 "%s: Get first host to test from Queue. This host is used for "
1354 "initialising the alive_hosts_list.",
1355 __func__);
1356 }
1357 alive_hosts_list = gvm_hosts_new (gvm_host_value_str (host));
1358 }
1359
1360 if (prefs_get ("report_scripts"))
1361 {
1362 char *path = g_strdup_printf (
1363 "%s/%s-stats.json", prefs_get ("report_scripts"), globals->scan_id);
1364 write_script_stats ("{\"hosts\": {", path, 2);
1365 g_free (path);
1366 }
1367 /*
1368 * Start the attack !
1369 */
1370 allow_simultaneous_ips = prefs_get_bool ("allow_simultaneous_ips");
1371 openvas_signal (SIGUSR1, handle_scan_stop_signal);
1372 while (host && !scan_is_stopped ())
1373 {
1374 int pid, rc;
1375 struct attack_start_args args;
1376 char *host_str;
1377
1378 if (!test_alive_hosts_only
1379 && (!allow_simultaneous_ips && host_is_currently_scanned (host)))
1380 {
1381 sleep (1);
1382 // move the host at the end of the list and get the next host.
1383 gvm_hosts_move_current_host_to_end (hosts);
1384 host = gvm_hosts_next (hosts);
1385 continue;
1386 }
1387
1388 do
1389 {
1390 rc = kb_new (&arg_host_kb, prefs_get ("db_address"));
1391 if (rc < 0 && rc != -2)
1392 {
1393 report_kb_failure (rc);
1394 goto stop;
1395 }
1396 else if (rc == -2)
1397 {
1398 sleep (KB_RETRY_DELAY);
1399 continue;
1400 }
1401 break;
1402 }
1403 while (1);
1404
1405 host_str = gvm_host_value_str (host);
1406 connect_main_kb (&main_kb);
1407 if (hosts_new (host_str, arg_host_kb, main_kb) < 0)
1408 {
1409 kb_delete (arg_host_kb);
1410 g_free (host_str);
1411 goto stop;
1412 }
1413
1414 if (scan_is_stopped ())
1415 {
1416 kb_delete (arg_host_kb);
1417 g_free (host_str);
1418 continue;
1419 }
1420
1421 args.host = host;
1422 args.globals = globals;
1423 args.sched = sched;
1424 args.host_kb = arg_host_kb;
1425
1426 forkagain:
1427 pid = create_ipc_process ((ipc_process_func) attack_start, &args);
1428 /* Close child process' socket. */
1429 if (pid < 0)
1430 {
1431 fork_retries++;
1432 if (fork_retries > MAX_FORK_RETRIES)
1433 {
1434 /* Forking failed - we go to the wait queue. */
1435 g_warning ("fork() failed - %s. %s won't be tested",
1436 strerror (errno), host_str);
1437 g_free (host_str);
1438 goto stop;
1439 }
1440
1441 g_debug ("fork() failed - "
1442 "sleeping %d seconds and trying again...",
1443 fork_retries);
1444 fork_sleep (fork_retries);
1445 goto forkagain;
1446 }
1447 hosts_set_pid (host_str, pid);
1448
1449 if (test_alive_hosts_only)
1450 {
1451 struct in6_addr tmpaddr;
1452 gvm_host_t *alive_buf;
1453
1454 while (1)
1455 {
1456 /* Boolean signalling if alive detection finished. */
1457 gboolean ad_finished = FALSE;
1458 for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1459 !host && !ad_finished && !scan_is_stopped ();
1460 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1461 {
1462 fork_sleep (1);
1463 }
1464
1465 if (host && !allow_simultaneous_ips
1466 && host_is_currently_scanned (host))
1467 {
1468 struct in6_addr hostip;
1469 char ip_str[INET6_ADDRSTRLEN];
1470 int flag_set;
1471
1472 gvm_host_get_addr6 (host, &hostip);
1473 addr6_to_str (&hostip, ip_str);
1474
1475 // Re-add host at the end of the queue and reallocate the flag
1476 // if it was already set.
1477 flag_set = finish_signal_on_queue (alive_hosts_kb);
1478
1479 put_host_on_queue (alive_hosts_kb, ip_str);
1480 g_debug ("Reallocating the host %s at the end of the queue",
1481 ip_str);
1482
1483 gvm_host_free (host);
1484 host = NULL;
1485
1486 if (flag_set)
1487 {
1488 g_debug ("Reallocating finish signal in the host queue");
1489 realloc_finish_signal_on_queue (alive_hosts_kb);
1490 }
1491 }
1492 else
1493 break;
1494 }
1495
1496 if (host && gvm_host_get_addr6 (host, &tmpaddr) == 0)
1497 {
1498 alive_buf = host;
1499 host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1500 gvm_host_free (alive_buf);
1501 alive_buf = NULL;
1502 }
1503
1504 if (host)
1505 gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
1506 else
1507 g_debug ("%s: got NULL host, stop/finish scan", __func__);
1508 }
1509 else
1510 {
1511 host = gvm_hosts_next (hosts);
1512 }
1513 g_free (host_str);
1514 }
1515
1516 /* Every host is being tested... We have to wait for the processes
1517 * to terminate. */
1518 while (hosts_read () == 0)
1519 if (scan_is_stopped () == 1)
1520 killpg (getpid (), SIGUSR1);
1521
1522 g_debug ("Test complete");
1523
1524stop:
1525
1526 if (test_alive_hosts_only)
1527 {
1528 int err;
1529 void *retval;
1530
1531 kb_lnk_reset (alive_hosts_kb);
1532 g_debug ("%s: free alive detection data ", __func__);
1533
1534 /* need to wait for alive detection to finish */
1535 g_debug ("%s: waiting for alive detection thread to be finished...",
1536 __func__);
1537 /* Join alive detection thread. */
1538 err = pthread_join (get_alive_detection_tid (), &retval);
1539 if (err == EDEADLK)
1540 g_debug ("%s: pthread_join() returned EDEADLK.", __func__);
1541 if (err == EINVAL)
1542 g_debug ("%s: pthread_join() returned EINVAL.", __func__);
1543 if (err == ESRCH)
1544 g_debug ("%s: pthread_join() returned ESRCH.", __func__);
1545 if (retval == PTHREAD_CANCELED)
1546 g_debug ("%s: pthread_join() returned PTHREAD_CANCELED.", __func__);
1547 /* Set flag signaling that alive deteciton thread was joined. */
1548 if (err == 0)
1549 ad_thread_joined (TRUE);
1550 g_debug ("%s: Finished waiting for alive detection thread.", __func__);
1551 }
1552
1553 plugins_scheduler_free (sched);
1554
1555 gettimeofday (&now, NULL);
1556 if (test_alive_hosts_only)
1557 {
1558 g_message ("Vulnerability scan %s finished in %ld seconds: "
1559 "%d alive hosts of %d",
1560 globals->scan_id, now.tv_sec - then.tv_sec,
1561 gvm_hosts_count (alive_hosts_list), gvm_hosts_count (hosts));
1562 }
1563 else
1564 g_message ("Vulnerability scan %s finished in %ld seconds: %d hosts",
1565 globals->scan_id, now.tv_sec - then.tv_sec,
1566 gvm_hosts_count (hosts));
1567
1568 if (prefs_get ("report_scripts"))
1569 {
1570 char *buff =
1571 g_strdup_printf ("},\"scan_time\": {\"start\": %ld, \"stop\": %ld}}",
1572 then.tv_sec, now.tv_sec);
1573 char *path = g_strdup_printf (
1574 "%s/%s-stats.json", prefs_get ("report_scripts"), globals->scan_id);
1575
1576 write_script_stats (buff, path, 1);
1577
1578 g_free (buff);
1579 g_free (path);
1580 }
1581
1582 gvm_hosts_free (hosts);
1583 if (alive_hosts_list)
1584 gvm_hosts_free (alive_hosts_list);
1585
1586 set_scan_status ("finished");
1587
1588 return error;
1589}
scan_is_stopped
static int scan_is_stopped(void)
Definition attack.c:266
attack_start
static void attack_start(struct ipc_context *ipcc, struct attack_start_args *args)
Set up some data and jump into attack_host().
Definition attack.c:838
apply_hosts_reverse_lookup_preferences
static int apply_hosts_reverse_lookup_preferences(gvm_hosts_t *hosts)
Definition attack.c:1009
apply_hosts_excluded
static int apply_hosts_excluded(gvm_hosts_t *hosts)
Definition attack.c:918
handle_scan_stop_signal
static void handle_scan_stop_signal()
Definition attack.c:1110
set_alive_detection_tid
static void set_alive_detection_tid(pthread_t tid)
Definition attack.c:1079
fork_sleep
static void fork_sleep(int n)
Definition attack.c:248
check_deprecated_prefs
static void check_deprecated_prefs(void)
Check if any deprecated prefs are in pref table and print warning.
Definition attack.c:740
connect_main_kb
static int connect_main_kb(kb_t *main_kb)
Connect to the main kb. Must be released with kb_lnk_reset() after use.
Definition attack.c:96
report_kb_failure
static void report_kb_failure(int errcode)
Definition attack.c:236
check_kb_access
static int check_kb_access(void)
Definition attack.c:1061
apply_hosts_preferences_ordering
static void apply_hosts_preferences_ordering(gvm_hosts_t *hosts)
Definition attack.c:986
INVALID_TARGET_LIST
#define INVALID_TARGET_LIST
Definition attack.c:62
message_to_client
static void message_to_client(kb_t kb, const char *msg, const char *ip_str, const char *port, const char *type)
Definition attack.c:223
KB_RETRY_DELAY
#define KB_RETRY_DELAY
Definition attack.c:58
MAX_FORK_RETRIES
#define MAX_FORK_RETRIES
Definition attack.c:54
ad_thread_joined
static gboolean ad_thread_joined(gboolean joined)
Set and get if alive detection thread was already joined by main thread.
Definition attack.c:1101
get_alive_detection_tid
static pthread_t get_alive_detection_tid()
Definition attack.c:1084
set_scan_status
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition attack.c:135
hosts
static struct host * hosts
Definition hosts.c:49
host_is_currently_scanned
int host_is_currently_scanned(gvm_host_t *host_to_check)
Returns 1 if the host is being scanned. 0 otherwise.
Definition hosts.c:271
hosts_set_pid
int hosts_set_pid(char *name, pid_t pid)
Definition hosts.c:177
hosts_read
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition hosts.c:253
hosts_init
int hosts_init(int max_hosts)
Definition hosts.c:144
hosts_new
int hosts_new(char *name, kb_t kb, kb_t main_kb)
Definition hosts.c:151
ipc_process_func
void(* ipc_process_func)(struct ipc_context *, void *)
Definition ipc.h:47
main_kb
kb_t main_kb
Definition kb_cache.c:15
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
pid
static pid_t pid
Definition nasl_cmd_exec.c:39
plugins_scheduler_free
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition pluginscheduler.c:518
plugins_scheduler_init
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int *error)
Definition pluginscheduler.c:302
plugins_scheduler_t
struct plugins_scheduler * plugins_scheduler_t
Definition pluginscheduler.h:34
create_ipc_process
pid_t create_ipc_process(ipc_process_func func, void *args)
initializes a communication channels and calls a function with a new process
Definition processes.c:195
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition sighand.c:79
attack_start_args
Definition attack.c:75
attack_start_args::globals
struct scan_globals * globals
Definition attack.c:76
attack_start_args::sched
plugins_scheduler_t sched
Definition attack.c:79
host
Host information, implemented as doubly linked list.
Definition hosts.c:37
scan_globals::scan_id
char * scan_id
Definition scanneraux.h:22
write_script_stats
void write_script_stats(const char *buf, const char *path, int mode)
Writes scripts stats into a file.
Definition utils.c:271
get_max_hosts_number
int get_max_hosts_number(void)
Definition utils.c:137
get_max_checks_number
int get_max_checks_number(void)
Definition utils.c:168

References ad_thread_joined(), apply_hosts_excluded(), apply_hosts_preferences_ordering(), apply_hosts_reverse_lookup_preferences(), attack_start(), check_deprecated_prefs(), check_kb_access(), connect_main_kb(), create_ipc_process(), fork_sleep(), get_alive_detection_tid(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, host_is_currently_scanned(), attack_start_args::host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), INVALID_TARGET_LIST, KB_RETRY_DELAY, main_kb, MAX_FORK_RETRIES, message_to_client(), openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_alive_detection_tid(), set_scan_status(), timeval(), and write_script_stats().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function: