OpenVAS Scanner 23.40.3
attack.h File Reference

attack.c header. More...

#include "../misc/scanneraux.h"
#include <gvm/util/kb.h>
Include dependency graph for attack.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int attack_network (struct scan_globals *)
 Attack a whole network. return 0 on successes, -1 if there was a critical error.

Detailed Description

attack.c header.

Definition in file attack.h.

Function Documentation

◆ attack_network()

int attack_network ( struct scan_globals * globals)

Attack a whole network. return 0 on successes, -1 if there was a critical error.

Definition at line 1168 of file attack.c.

1169{
1170 int max_hosts = 0, max_checks;
1171 const char *hostlist;
1172 gvm_host_t *host;
1173 plugins_scheduler_t sched;
1174 int fork_retries = 0;
1175 struct timeval then, now;
1176 gvm_hosts_t *hosts;
1177 const gchar *port_range;
1178 int allow_simultaneous_ips;
1179 kb_t arg_host_kb, main_kb;
1180 GSList *unresolved;
1181 char buf[96];
1182 int error = 0;
1183
1184 check_deprecated_prefs ();
1185
1186 gboolean test_alive_hosts_only = prefs_get_bool ("test_alive_hosts_only");
1187 gvm_hosts_t *alive_hosts_list = NULL;
1188 kb_t alive_hosts_kb = NULL;
1189 if (test_alive_hosts_only)
1190 connect_main_kb (&alive_hosts_kb);
1191
1192 gettimeofday (&then, NULL);
1193
1194 if (check_kb_access ())
1195 {
1196 error = -1;
1197 return error;
1198 }
1199 /* Init and check Target List */
1200 hostlist = prefs_get ("TARGET");
1201 if (hostlist == NULL)
1202 {
1203 error = -1;
1204 return error;
1205 }
1206
1207 /* Verify the port range is a valid one */
1208 port_range = prefs_get ("port_range");
1209 if (validate_port_range (port_range))
1210 {
1211 connect_main_kb (&main_kb);
1212 message_to_client (
1213 main_kb, "Invalid port list. Ports must be in the range [1-65535]",
1214 NULL, NULL, "ERRMSG");
1215 kb_lnk_reset (main_kb);
1216 g_warning ("Invalid port list. Ports must be in the range [1-65535]. "
1217 "Scan terminated.");
1218 set_scan_status ("finished");
1219
1220 error = -1;
1221 return error;
1222 }
1223
1224 /* Initialize the attack. */
1225 int plugins_init_error = 0;
1226 sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1227 prefs_get_bool ("auto_enable_dependencies"),
1228 &plugins_init_error);
1229 if (!sched)
1230 {
1231 g_message ("Couldn't initialize the plugin scheduler");
1232
1233 error = -1;
1234 return error;
1235 }
1236
1237 if (plugins_init_error > 0)
1238 {
1239 sprintf (buf,
1240 "%d errors were found during the plugin scheduling. "
1241 "Some plugins have not been launched.",
1242 plugins_init_error);
1243
1244 connect_main_kb (&main_kb);
1245 message_to_client (main_kb, buf, NULL, NULL, "ERRMSG");
1246 kb_lnk_reset (main_kb);
1247 }
1248
1249 max_hosts = get_max_hosts_number ();
1250 max_checks = get_max_checks_number ();
1251
1252 hosts = gvm_hosts_new (hostlist);
1253 if (hosts == NULL)
1254 {
1255 char *buffer;
1256 buffer = g_strdup_printf ("Invalid target list: %s.", hostlist);
1257 connect_main_kb (&main_kb);
1258 message_to_client (main_kb, buffer, NULL, NULL, "ERRMSG");
1259 g_free (buffer);
1260 /* Send the hosts count to the client as -1,
1261 * because the invalid target list.*/
1262 message_to_client (main_kb, INVALID_TARGET_LIST, NULL, NULL,
1263 "HOSTS_COUNT");
1264 kb_lnk_reset (main_kb);
1265 g_warning ("Invalid target list. Scan terminated.");
1266
1267 error = -1;
1268 goto stop;
1269 }
1270
1271 unresolved = gvm_hosts_resolve (hosts);
1272 while (unresolved)
1273 {
1274 g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1275 unresolved = unresolved->next;
1276 }
1277 g_slist_free_full (unresolved, g_free);
1278
1279 /* Apply Hosts preferences. */
1280 apply_hosts_preferences_ordering (hosts);
1281
1282 int already_excluded = 0;
1283 already_excluded = apply_hosts_reverse_lookup_preferences (hosts);
1284
1285#ifdef FEATURE_HOSTS_ALLOWED_ONLY
1286 // Remove hosts which are denied and/or keep the ones in the allowed host
1287 // lists
1288 // for both, user and system wide settings.
1289 apply_hosts_allow_deny (hosts);
1290#endif
1291
1292 // Remove the excluded hosts
1293 int exc = apply_hosts_excluded (hosts);
1294
1295 /* Send the excluded hosts count to the client, after removing duplicated and
1296 * unresolved hosts.*/
1297 sprintf (buf, "%d", exc + already_excluded);
1298 connect_main_kb (&main_kb);
1299 message_to_client (main_kb, buf, NULL, NULL, "HOSTS_EXCLUDED");
1300 kb_lnk_reset (main_kb);
1301
1302 /* Send the hosts count to the client, after removing duplicated and
1303 * unresolved hosts.*/
1304 sprintf (buf, "%d", gvm_hosts_count (hosts));
1305 connect_main_kb (&main_kb);
1306 message_to_client (main_kb, buf, NULL, NULL, "HOSTS_COUNT");
1307 kb_lnk_reset (main_kb);
1308
1309 host = gvm_hosts_next (hosts);
1310 if (host == NULL)
1311 goto stop;
1312
1313 hosts_init (max_hosts);
1314
1315 g_message ("Vulnerability scan %s started: Target has %d hosts: "
1316 "%s, with max_hosts = %d and max_checks = %d",
1317 globals->scan_id, gvm_hosts_count (hosts), hostlist, max_hosts,
1318 max_checks);
1319
1320 if (test_alive_hosts_only)
1321 {
1322 /* Boolean signalling if alive detection finished. */
1323 gboolean ad_finished = FALSE;
1324 int err;
1325 pthread_t tid;
1326 struct in6_addr tmpaddr;
1327
1328 /* Reset the iterator. */
1329 hosts->current = 0;
1330 err = pthread_create (&tid, NULL, start_alive_detection, (void *) hosts);
1331 if (err == EAGAIN)
1332 g_warning (
1333 "%s: pthread_create() returned EAGAIN: Insufficient resources "
1334 "to create thread.",
1335 __func__);
1336 set_alive_detection_tid (tid);
1337 g_debug ("%s: started alive detection.", __func__);
1338
1339 for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1340 !host && !ad_finished && !scan_is_stopped ();
1341 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1342 {
1343 fork_sleep (1);
1344 }
1345
1346 if (gvm_host_get_addr6 (host, &tmpaddr) == 0)
1347 host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1348 if (host)
1349 {
1350 g_debug (
1351 "%s: Get first host to test from Queue. This host is used for "
1352 "initialising the alive_hosts_list.",
1353 __func__);
1354 }
1355 alive_hosts_list = gvm_hosts_new (gvm_host_value_str (host));
1356 }
1357
1358 if (prefs_get ("report_scripts"))
1359 {
1360 char *path = g_strdup_printf (
1361 "%s/%s-stats.json", prefs_get ("report_scripts"), globals->scan_id);
1362 write_script_stats ("{\"hosts\": {", path, 2);
1363 g_free (path);
1364 }
1365 /*
1366 * Start the attack !
1367 */
1368 allow_simultaneous_ips = prefs_get_bool ("allow_simultaneous_ips");
1369 openvas_signal (SIGUSR1, handle_scan_stop_signal);
1370 while (host && !scan_is_stopped ())
1371 {
1372 int pid, rc;
1373 struct attack_start_args args;
1374 char *host_str;
1375
1376 if (!test_alive_hosts_only
1377 && (!allow_simultaneous_ips && host_is_currently_scanned (host)))
1378 {
1379 sleep (1);
1380 // move the host at the end of the list and get the next host.
1381 gvm_hosts_move_current_host_to_end (hosts);
1382 host = gvm_hosts_next (hosts);
1383 continue;
1384 }
1385
1386 do
1387 {
1388 rc = kb_new (&arg_host_kb, prefs_get ("db_address"));
1389 if (rc < 0 && rc != -2)
1390 {
1391 report_kb_failure (rc);
1392 goto stop;
1393 }
1394 else if (rc == -2)
1395 {
1396 sleep (KB_RETRY_DELAY);
1397 continue;
1398 }
1399 break;
1400 }
1401 while (1);
1402
1403 host_str = gvm_host_value_str (host);
1404 connect_main_kb (&main_kb);
1405 if (hosts_new (host_str, arg_host_kb, main_kb) < 0)
1406 {
1407 kb_delete (arg_host_kb);
1408 g_free (host_str);
1409 goto stop;
1410 }
1411
1412 if (scan_is_stopped ())
1413 {
1414 kb_delete (arg_host_kb);
1415 g_free (host_str);
1416 continue;
1417 }
1418
1419 args.host = host;
1420 args.globals = globals;
1421 args.sched = sched;
1422 args.host_kb = arg_host_kb;
1423
1424 forkagain:
1425 pid = create_ipc_process ((ipc_process_func) attack_start, &args);
1426 /* Close child process' socket. */
1427 if (pid < 0)
1428 {
1429 fork_retries++;
1430 if (fork_retries > MAX_FORK_RETRIES)
1431 {
1432 /* Forking failed - we go to the wait queue. */
1433 g_warning ("fork() failed - %s. %s won't be tested",
1434 strerror (errno), host_str);
1435 g_free (host_str);
1436 goto stop;
1437 }
1438
1439 g_debug ("fork() failed - "
1440 "sleeping %d seconds and trying again...",
1441 fork_retries);
1442 fork_sleep (fork_retries);
1443 goto forkagain;
1444 }
1445 hosts_set_pid (host_str, pid);
1446
1447 if (test_alive_hosts_only)
1448 {
1449 struct in6_addr tmpaddr;
1450 gvm_host_t *alive_buf;
1451
1452 while (1)
1453 {
1454 /* Boolean signalling if alive detection finished. */
1455 gboolean ad_finished = FALSE;
1456 for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1457 !host && !ad_finished && !scan_is_stopped ();
1458 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1459 {
1460 fork_sleep (1);
1461 }
1462
1463 if (host && !allow_simultaneous_ips
1464 && host_is_currently_scanned (host))
1465 {
1466 struct in6_addr hostip;
1467 char ip_str[INET6_ADDRSTRLEN];
1468 int flag_set;
1469
1470 gvm_host_get_addr6 (host, &hostip);
1471 addr6_to_str (&hostip, ip_str);
1472
1473 // Re-add host at the end of the queue and reallocate the flag
1474 // if it was already set.
1475 flag_set = finish_signal_on_queue (alive_hosts_kb);
1476
1477 put_host_on_queue (alive_hosts_kb, ip_str);
1478 g_debug ("Reallocating the host %s at the end of the queue",
1479 ip_str);
1480
1481 gvm_host_free (host);
1482 host = NULL;
1483
1484 if (flag_set)
1485 {
1486 g_debug ("Reallocating finish signal in the host queue");
1487 realloc_finish_signal_on_queue (alive_hosts_kb);
1488 }
1489 }
1490 else
1491 break;
1492 }
1493
1494 if (host && gvm_host_get_addr6 (host, &tmpaddr) == 0)
1495 {
1496 alive_buf = host;
1497 host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1498 gvm_host_free (alive_buf);
1499 alive_buf = NULL;
1500 }
1501
1502 if (host)
1503 gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
1504 else
1505 g_debug ("%s: got NULL host, stop/finish scan", __func__);
1506 }
1507 else
1508 {
1509 host = gvm_hosts_next (hosts);
1510 }
1511 g_free (host_str);
1512 }
1513
1514 /* Every host is being tested... We have to wait for the processes
1515 * to terminate. */
1516 while (hosts_read () == 0)
1517 if (scan_is_stopped () == 1)
1518 killpg (getpid (), SIGUSR1);
1519
1520 g_debug ("Test complete");
1521
1522stop:
1523
1524 if (test_alive_hosts_only)
1525 {
1526 int err;
1527 void *retval;
1528
1529 kb_lnk_reset (alive_hosts_kb);
1530 g_debug ("%s: free alive detection data ", __func__);
1531
1532 /* need to wait for alive detection to finish */
1533 g_debug ("%s: waiting for alive detection thread to be finished...",
1534 __func__);
1535 /* Join alive detection thread. */
1536 err = pthread_join (get_alive_detection_tid (), &retval);
1537 if (err == EDEADLK)
1538 g_debug ("%s: pthread_join() returned EDEADLK.", __func__);
1539 if (err == EINVAL)
1540 g_debug ("%s: pthread_join() returned EINVAL.", __func__);
1541 if (err == ESRCH)
1542 g_debug ("%s: pthread_join() returned ESRCH.", __func__);
1543 if (retval == PTHREAD_CANCELED)
1544 g_debug ("%s: pthread_join() returned PTHREAD_CANCELED.", __func__);
1545 /* Set flag signaling that alive deteciton thread was joined. */
1546 if (err == 0)
1547 ad_thread_joined (TRUE);
1548 g_debug ("%s: Finished waiting for alive detection thread.", __func__);
1549 }
1550
1551 plugins_scheduler_free (sched);
1552
1553 gettimeofday (&now, NULL);
1554 if (test_alive_hosts_only)
1555 {
1556 g_message ("Vulnerability scan %s finished in %ld seconds: "
1557 "%d alive hosts of %d",
1558 globals->scan_id, now.tv_sec - then.tv_sec,
1559 gvm_hosts_count (alive_hosts_list), gvm_hosts_count (hosts));
1560 }
1561 else
1562 g_message ("Vulnerability scan %s finished in %ld seconds: %d hosts",
1563 globals->scan_id, now.tv_sec - then.tv_sec,
1564 gvm_hosts_count (hosts));
1565
1566 if (prefs_get ("report_scripts"))
1567 {
1568 char *buff =
1569 g_strdup_printf ("},\"scan_time\": {\"start\": %ld, \"stop\": %ld}}",
1570 then.tv_sec, now.tv_sec);
1571 char *path = g_strdup_printf (
1572 "%s/%s-stats.json", prefs_get ("report_scripts"), globals->scan_id);
1573
1574 write_script_stats (buff, path, 1);
1575
1576 g_free (buff);
1577 g_free (path);
1578 }
1579
1580 gvm_hosts_free (hosts);
1581 if (alive_hosts_list)
1582 gvm_hosts_free (alive_hosts_list);
1583
1584 set_scan_status ("finished");
1585
1586 return error;
1587}
scan_is_stopped
static int scan_is_stopped(void)
Definition attack.c:266
attack_start
static void attack_start(struct ipc_context *ipcc, struct attack_start_args *args)
Set up some data and jump into attack_host().
Definition attack.c:836
apply_hosts_reverse_lookup_preferences
static int apply_hosts_reverse_lookup_preferences(gvm_hosts_t *hosts)
Definition attack.c:1007
apply_hosts_excluded
static int apply_hosts_excluded(gvm_hosts_t *hosts)
Definition attack.c:916
handle_scan_stop_signal
static void handle_scan_stop_signal()
Definition attack.c:1108
set_alive_detection_tid
static void set_alive_detection_tid(pthread_t tid)
Definition attack.c:1077
fork_sleep
static void fork_sleep(int n)
Definition attack.c:248
check_deprecated_prefs
static void check_deprecated_prefs(void)
Check if any deprecated prefs are in pref table and print warning.
Definition attack.c:738
connect_main_kb
static int connect_main_kb(kb_t *main_kb)
Connect to the main kb. Must be released with kb_lnk_reset() after use.
Definition attack.c:96
report_kb_failure
static void report_kb_failure(int errcode)
Definition attack.c:236
check_kb_access
static int check_kb_access(void)
Definition attack.c:1059
apply_hosts_preferences_ordering
static void apply_hosts_preferences_ordering(gvm_hosts_t *hosts)
Definition attack.c:984
INVALID_TARGET_LIST
#define INVALID_TARGET_LIST
Definition attack.c:62
message_to_client
static void message_to_client(kb_t kb, const char *msg, const char *ip_str, const char *port, const char *type)
Definition attack.c:223
KB_RETRY_DELAY
#define KB_RETRY_DELAY
Definition attack.c:58
MAX_FORK_RETRIES
#define MAX_FORK_RETRIES
Definition attack.c:54
ad_thread_joined
static gboolean ad_thread_joined(gboolean joined)
Set and get if alive detection thread was already joined by main thread.
Definition attack.c:1099
get_alive_detection_tid
static pthread_t get_alive_detection_tid()
Definition attack.c:1082
set_scan_status
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition attack.c:135
hosts
static struct host * hosts
Definition hosts.c:49
host_is_currently_scanned
int host_is_currently_scanned(gvm_host_t *host_to_check)
Returns 1 if the host is being scanned. 0 otherwise.
Definition hosts.c:271
hosts_set_pid
int hosts_set_pid(char *name, pid_t pid)
Definition hosts.c:177
hosts_read
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition hosts.c:253
hosts_init
int hosts_init(int max_hosts)
Definition hosts.c:144
hosts_new
int hosts_new(char *name, kb_t kb, kb_t main_kb)
Definition hosts.c:151
ipc_process_func
void(* ipc_process_func)(struct ipc_context *, void *)
Definition ipc.h:47
main_kb
kb_t main_kb
Definition kb_cache.c:15
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
pid
static pid_t pid
Definition nasl_cmd_exec.c:39
plugins_scheduler_free
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition pluginscheduler.c:518
plugins_scheduler_init
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int *error)
Definition pluginscheduler.c:302
plugins_scheduler_t
struct plugins_scheduler * plugins_scheduler_t
Definition pluginscheduler.h:34
create_ipc_process
pid_t create_ipc_process(ipc_process_func func, void *args)
initializes a communication channels and calls a function with a new process
Definition processes.c:195
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition sighand.c:79
attack_start_args
Definition attack.c:75
attack_start_args::globals
struct scan_globals * globals
Definition attack.c:76
attack_start_args::sched
plugins_scheduler_t sched
Definition attack.c:79
host
Host information, implemented as doubly linked list.
Definition hosts.c:37
scan_globals::scan_id
char * scan_id
Definition scanneraux.h:22
write_script_stats
void write_script_stats(const char *buf, const char *path, int mode)
Writes scripts stats into a file.
Definition utils.c:271
get_max_hosts_number
int get_max_hosts_number(void)
Definition utils.c:137
get_max_checks_number
int get_max_checks_number(void)
Definition utils.c:168

References ad_thread_joined(), apply_hosts_excluded(), apply_hosts_preferences_ordering(), apply_hosts_reverse_lookup_preferences(), attack_start(), check_deprecated_prefs(), check_kb_access(), connect_main_kb(), create_ipc_process(), fork_sleep(), get_alive_detection_tid(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, host_is_currently_scanned(), attack_start_args::host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), INVALID_TARGET_LIST, KB_RETRY_DELAY, main_kb, MAX_FORK_RETRIES, message_to_client(), openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_alive_detection_tid(), set_scan_status(), timeval(), and write_script_stats().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function: