OpenVAS Scanner 23.40.3
nasl_plugins.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2023 Greenbone AG
2 * SPDX-FileCopyrightText: 2006 Software in the Public Interest, Inc.
3 * SPDX-FileCopyrightText: 1998-2006 Tenable Network Security, Inc.
4 *
5 * SPDX-License-Identifier: GPL-2.0-only
6 */
7
12
13#include "../misc/kb_cache.h" /* for get_main_kb */
14#include "../misc/network.h"
15#include "../misc/plugutils.h" /* for plug_set_launch */
16#include "../nasl/nasl.h"
17#include "pluginlaunch.h"
18#include "pluginload.h"
19#include "pluginscheduler.h"
20#include "processes.h"
21
22#include <bsd/unistd.h>
23#include <errno.h> /* for errno */
24#include <glib.h>
25#include <gvm/base/drop_privileges.h> /* for drop_privileges */
26#include <gvm/base/networking.h>
27#include <gvm/base/prefs.h> /* for prefs_get_bool */
28#include <gvm/util/nvticache.h> /* for nvticache_add */
29#include <stdio.h> /* for snprintf() */
30#include <string.h> /* for strlen() */
31#include <sys/stat.h>
32#include <sys/types.h>
33#include <unistd.h> /* for close() */
34#include <utime.h>
35
36#undef G_LOG_DOMAIN
40#define G_LOG_DOMAIN "sd main"
41
50static int
51check_nvti (const char *filename, nvti_t *nvt)
52{
53 assert (filename);
54 assert (nvt);
55
56 if (!nvti_oid (nvt))
57 {
58 g_warning ("%s: Missing OID", filename);
59 return -1;
60 }
61 else if (!nvti_name (nvt))
62 {
63 g_warning ("%s: Missing name", filename);
64 return -1;
65 }
66 else if (!nvti_family (nvt))
67 {
68 g_warning ("%s: Missing family", filename);
69 return -1;
70 }
71 return 0;
72}
73
82int
83nasl_file_check (const char *folder, const char *filename)
84{
85 char fullname[PATH_MAX + 1];
86 int nasl_mode;
87 struct script_infos *args;
88
89 snprintf (fullname, sizeof (fullname), "%s/%s", folder, filename);
90 nasl_mode = NASL_EXEC_DESCR;
91 if (prefs_get_bool ("nasl_no_signature_check"))
92 nasl_mode |= NASL_ALWAYS_SIGNED;
93
94 args = g_malloc0 (sizeof (struct script_infos));
95 args->key = nvticache_get_kb ();
96 args->nvti = NULL;
97 args->name = fullname;
98 if (exec_nasl_script (args, nasl_mode) < 0)
99 {
100 g_debug ("%s: Checksum check failed", fullname);
101 g_free (args);
102 return -1;
103 }
104 g_free (args);
105
106 return 0;
107}
108
119int
120nasl_plugin_add (const char *folder, char *filename)
121{
122 char fullname[PATH_MAX + 1];
123 int nasl_mode;
124 nvti_t *new_nvti;
125 struct script_infos *args;
126 time_t now;
127 struct utimbuf updated_timestamp;
128
129 snprintf (fullname, sizeof (fullname), "%s/%s", folder, filename);
130 nasl_mode = NASL_EXEC_DESCR;
131 if (prefs_get_bool ("nasl_no_signature_check"))
132 nasl_mode |= NASL_ALWAYS_SIGNED;
133
134 args = g_malloc0 (sizeof (struct script_infos));
135 args->key = nvticache_get_kb ();
136 new_nvti = nvti_new ();
137 args->nvti = new_nvti;
138 args->name = fullname;
139 if (exec_nasl_script (args, nasl_mode) < 0)
140 {
141 g_debug ("%s: Could not be loaded", fullname);
142 g_free (args);
143 return -1;
144 }
145 g_free (args);
146
147 now = time (NULL) - 1;
148 updated_timestamp.actime = now;
149 updated_timestamp.modtime = now;
150 utime (fullname, &updated_timestamp);
151
152 if (!check_nvti (filename, new_nvti))
153 nvticache_add (new_nvti, filename);
154 nvti_free (new_nvti);
155
156 return 0;
157}
158
159static void
160nasl_thread (struct ipc_context *, struct script_infos *);
161
165int
166nasl_plugin_launch (struct scan_globals *globals, struct in6_addr *ip,
167 GSList *vhosts, kb_t kb, const char *oid)
168{
169 int module;
170 struct script_infos infos;
171
172 memset (&infos, '\0', sizeof (infos));
173 // extend here, maybe create struct to simplify calls
174 infos.ip = ip;
175 infos.vhosts = vhosts;
176 infos.globals = globals;
177 infos.key = kb;
178 infos.oid = (char *) oid;
179 infos.name = nvticache_get_src (oid);
180 infos.ipc_context = NULL;
181
182 module = create_ipc_process ((ipc_process_func) nasl_thread, &infos);
183 g_free (infos.name);
184 return module;
185}
186
187static void
188nasl_thread (struct ipc_context *ipcc, struct script_infos *args)
189{
190 char ip_str[INET6_ADDRSTRLEN];
191 int nasl_mode = 0;
192 kb_t kb;
193 GError *error = NULL;
194 args->ipc_context = ipcc;
195
196 /* Make plugin process a group leader, to make it easier to cleanup forked
197 * processes & their children. */
198 setpgid (0, 0);
199 nvticache_reset ();
200 kb = args->key;
201 kb_lnk_reset (kb);
202 kb_lnk_reset (get_main_kb ());
203 addr6_to_str (args->ip, ip_str);
204 // TODO extend sript_infos here
205
206 setproctitle ("openvas: testing %s (%s)", ip_str,
207 g_path_get_basename (args->name));
208
209 if (prefs_get_bool ("nasl_no_signature_check"))
210 nasl_mode |= NASL_ALWAYS_SIGNED;
211
212 if (prefs_get_bool ("drop_privileges"))
213 {
214 int drop_priv_res = drop_privileges (NULL, &error);
215 if (drop_priv_res != GVM_DROP_PRIVILEGES_OK)
216 {
217 if (drop_priv_res != GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT)
218 g_debug ("Failed to drop privileges for %s", args->name);
219 g_error_free (error);
220 }
221 }
222
223 if (exec_nasl_script (args, nasl_mode))
224 g_debug ("exec_nasl_script: %s error", args->name);
225}
exec_nasl_script
int exec_nasl_script(struct script_infos *script_infos, int mode)
Execute a NASL script.
Definition exec.c:1614
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition kb_cache.c:41
kb_cache.h
Header file to cache main_kb.
NASL_ALWAYS_SIGNED
#define NASL_ALWAYS_SIGNED
Definition nasl.h:47
NASL_EXEC_DESCR
#define NASL_EXEC_DESCR
Definition nasl.h:45
oid
const char * oid
Definition nasl_builtin_find_service.c:51
nasl_thread
static void nasl_thread(struct ipc_context *, struct script_infos *)
Definition nasl_plugins.c:188
nasl_file_check
int nasl_file_check(const char *folder, const char *filename)
Check a single .nasl/.inc file.
Definition nasl_plugins.c:83
nasl_plugin_add
int nasl_plugin_add(const char *folder, char *filename)
Add one .nasl plugin to the plugin list.
Definition nasl_plugins.c:120
check_nvti
static int check_nvti(const char *filename, nvti_t *nvt)
Check that the nvt's data is valid.
Definition nasl_plugins.c:51
nasl_plugin_launch
int nasl_plugin_launch(struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, kb_t kb, const char *oid)
Launch a NASL plugin.
Definition nasl_plugins.c:166
network.h
Header file for module network.
pluginlaunch.h
pluginlaunch.c header.
pluginload.h
pluginload.c header.
pluginscheduler.h
header for pluginscheduler.c
plugutils.h
Header file for module plugutils.
ipcc
static struct ipc_contexts * ipcc
Definition processes.c:39
processes.h
processes.c header.
ipc_context
Definition ipc.h:32
scan_globals
Definition scanneraux.h:19
script_infos
Definition scanneraux.h:29
script_infos::oid
char * oid
Definition scanneraux.h:34
script_infos::ipc_context
struct ipc_context * ipc_context
Definition scanneraux.h:31
script_infos::nvti
nvti_t * nvti
Definition scanneraux.h:33
script_infos::globals
struct scan_globals * globals
Definition scanneraux.h:30
script_infos::key
kb_t key
Definition scanneraux.h:32
script_infos::vhosts
GSList * vhosts
Definition scanneraux.h:38
script_infos::ip
struct in6_addr * ip
Definition scanneraux.h:37
script_infos::name
char * name
Definition scanneraux.h:35