OpenVAS Scanner 23.40.3
network.c File Reference

Network Functions. More...

#include "../nasl/nasl_debug.h"
#include "kb_cache.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gvm/base/logging.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/util/kb.h>
#include <gvm/util/serverutils.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include "network.h"
#include "plugutils.h"
#include "support.h"
Include dependency graph for network.c:

Go to the source code of this file.

Data Structures

struct  openvas_connection
struct  csc_hook_s
 Object to store a list of hooks for close_stream_connection. More...

Macros

#define TIMEOUT   20
#define INADDR_NONE   0xffffffff
#define G_LOG_DOMAIN   "lib misc"
 GLib logging domain.
#define OPENVAS_FD_MAX   1024
#define OPENVAS_FD_OFF   1000000
#define OPENVAS_STREAM(x)
#define OVAS_CONNECTION_FROM_FD(fd)
#define INCR_TIMEOUT   1

Functions

static int pid_perror (const char *error)
int stream_get_err (int fd)
static int get_connection_fd (void)
 Returns a free file descriptor.
static int release_connection_fd (int fd, int already_closed)
int openvas_register_connection (int soc, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
int openvas_deregister_connection (int fd)
static int unblock_socket (int soc)
static int block_socket (int soc)
static void tlserror (char *txt, int err)
static void log_message_gnutls (int level, const char *msg)
int openvas_SSL_init ()
 Initializes SSL support.
int openvas_get_socket_from_connection (int fd)
gnutls_session_t ovas_get_tlssession_from_connection (int fd)
static int set_gnutls_protocol (gnutls_session_t session, openvas_encaps_t encaps, const char *priority, unsigned int flags)
static int load_cert_and_key (gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
 Loads a certificate and the corresponding private key from PEM files.
static int is_ip_address (const char *str)
static int open_SSL_connection (openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
 Open an TLS/SSL connection.
int socket_ssl_safe_renegotiation_status (int fd)
 Check if Secure Renegotiation is supported in the server side.
int socket_ssl_do_handshake (int fd)
 Do a re-handshake of the TLS/SSL protocol.
int socket_negotiate_ssl (int fd, openvas_encaps_t transport, struct script_infos *args)
 Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.
void socket_get_cert (int fd, void **cert, int *certlen)
int socket_get_ssl_version (int fd)
void socket_get_ssl_session_id (int fd, void **sid, size_t *ssize)
int socket_get_ssl_ciphersuite (int fd)
int open_stream_connection_ext (struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
void open_stream_tls_default_priorities (const char *p, const int pflag)
int open_stream_connection (struct script_infos *args, unsigned int port, int transport, int timeout)
int open_stream_auto_encaps_ext (struct script_infos *args, unsigned int port, int timeout, int force)
int stream_set_timeout (int fd, int timeout)
static int read_stream_connection_unbuffered (int fd, void *buf0, int min_len, int max_len)
int read_stream_connection_min (int fd, void *buf0, int min_len, int max_len)
int read_stream_connection (int fd, void *buf0, int len)
static int write_stream_connection4 (int fd, void *buf0, int n, int i_opt)
int write_stream_connection (int fd, void *buf0, int n)
int nsend (int fd, void *data, int length, int i_opt)
int nrecv (int fd, void *data, int length, int i_opt)
void add_close_stream_connection_hook (int(*fnc)(int fd))
 Register a hook function for close_stream_connection.
static int run_csc_hooks (int fd)
 Run the hooks for close_stream_connection.
int close_stream_connection (int fd)
const char * get_encaps_name (openvas_encaps_t code)
const char * get_encaps_through (openvas_encaps_t code)
static int open_socket (struct sockaddr *paddr, int type, int protocol, int timeout, int len)
int open_sock_opt_hn (const char *hostname, unsigned int port, int type, int protocol, int timeout)
int open_sock_tcp (struct script_infos *args, unsigned int port, int timeout)
int open_sock_option (struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
int recv_line (int soc, char *buf, size_t bufsiz)
 Reads a text from the socket stream into the argument buffer, always.
int socket_close (int soc)
int fd_is_stream (int fd)
int stream_get_buffer_sz (int fd)
int stream_set_buffer (int fd, int sz)
int os_send (int soc, void *buf, int len, int opt)
int os_recv (int soc, void *buf, int len, int opt)
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
static int qsort_compar (const void *a, const void *b)
unsigned short * getpts (char *origexpr, int *len)
 Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

Variables

static openvas_connection connections [OPENVAS_FD_MAX]
static struct csc_hook_scsc_hooks
 Linked list of hooks to be run by close_stream_connection.
const char * tls_priorities = "NORMAL:+ARCFOUR-128:%COMPAT"
int tls_priority_flag = NO_PRIORITY_FLAGS
static int __port_closed

Detailed Description

Network Functions.

Definition in file network.c.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib misc"

GLib logging domain.

Definition at line 55 of file network.c.

◆ INADDR_NONE

#define INADDR_NONE   0xffffffff

Definition at line 48 of file network.c.

◆ INCR_TIMEOUT

#define INCR_TIMEOUT   1

Referenced by read_stream_connection_unbuffered().

◆ OPENVAS_FD_MAX

#define OPENVAS_FD_MAX   1024

The role of this offset is:

  1. To detect bugs when the program tries to write to a bad fd
  2. See if a fd is a real socket or a "openvas descriptor". This is a quick & dirty hack and should be changed!!!

Definition at line 91 of file network.c.

Referenced by get_connection_fd().

◆ OPENVAS_FD_OFF

#define OPENVAS_FD_OFF   1000000

Definition at line 92 of file network.c.

Referenced by get_connection_fd(), get_sock_infos(), nrecv(), nsend(), openvas_deregister_connection(), openvas_get_socket_from_connection(), and ovas_get_tlssession_from_connection().

◆ OPENVAS_STREAM

#define OPENVAS_STREAM ( x)
Value:
(((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))
OPENVAS_FD_OFF
#define OPENVAS_FD_OFF
Definition network.c:92
OPENVAS_FD_MAX
#define OPENVAS_FD_MAX
Definition network.c:91

OPENVAS_STREAM(x) is TRUE if <x> is a OpenVAS-ified fd

Definition at line 113 of file network.c.

113#define OPENVAS_STREAM(x) \
114 (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))

Referenced by close_stream_connection(), fd_is_stream(), get_sock_infos(), nrecv(), nsend(), openvas_deregister_connection(), openvas_get_socket_from_connection(), ovas_get_tlssession_from_connection(), read_stream_connection_min(), read_stream_connection_unbuffered(), recv_line(), release_connection_fd(), stream_get_buffer_sz(), stream_get_err(), stream_set_buffer(), stream_set_timeout(), and write_stream_connection4().

◆ OVAS_CONNECTION_FROM_FD

#define OVAS_CONNECTION_FROM_FD ( fd)
Value:
(connections + ((fd) - OPENVAS_FD_OFF))
connections
static openvas_connection connections[OPENVAS_FD_MAX]
Definition network.c:94

determine the openvas_connection* from the openvas fd

Definition at line 119 of file network.c.

Referenced by close_stream_connection(), open_stream_connection_ext(), openvas_register_connection(), read_stream_connection_min(), read_stream_connection_unbuffered(), release_connection_fd(), socket_negotiate_ssl(), socket_ssl_do_handshake(), socket_ssl_safe_renegotiation_status(), stream_get_buffer_sz(), stream_get_err(), stream_set_buffer(), stream_set_timeout(), and write_stream_connection4().

◆ TIMEOUT

#define TIMEOUT   20

Definition at line 45 of file network.c.

Referenced by open_socket(), open_stream_connection_ext(), openvas_register_connection(), read_stream_connection_unbuffered(), and write_stream_connection4().

Function Documentation

◆ add_close_stream_connection_hook()

void add_close_stream_connection_hook ( int(* fnc )(int fd))

Register a hook function for close_stream_connection.

The function adds the given hook function to the list of hooks to be run by close_stream_connection. These hooks are intended to test whether they need to close the stream them self. See argument to the hook function is the file descriptor of the stream. The hook shall return 0 if it has taken over control of that file descriptor. The same function is only aded once to the list of hooks.

Parameters
fncThe hook function. See above for details.

Definition at line 1666 of file network.c.

1667{
1668 struct csc_hook_s *hook;
1669
1670 for (hook = csc_hooks; hook; hook = hook->next)
1671 if (hook->fnc == fnc)
1672 return; /* Already added. */
1673
1674 hook = g_malloc0 (sizeof *hook);
1675 hook->fnc = fnc;
1676 hook->next = csc_hooks;
1677 csc_hooks = hook;
1678}
csc_hooks
static struct csc_hook_s * csc_hooks
Linked list of hooks to be run by close_stream_connection.
Definition network.c:108
csc_hook_s
Object to store a list of hooks for close_stream_connection.
Definition network.c:100
csc_hook_s::next
struct csc_hook_s * next
Definition network.c:101
csc_hook_s::fnc
int(* fnc)(int fd)
Definition network.c:102

References csc_hooks, csc_hook_s::fnc, and csc_hook_s::next.

Referenced by next_session_id().

Here is the caller graph for this function:

◆ block_socket()

int block_socket ( int soc)
static

Definition at line 303 of file network.c.

304{
305 int flags = fcntl (soc, F_GETFL, 0);
306 if (flags < 0)
307 {
308 pid_perror ("fcntl(F_GETFL)");
309 return -1;
310 }
311 if (fcntl (soc, F_SETFL, (~O_NONBLOCK) & flags) < 0)
312 {
313 pid_perror ("fcntl(F_SETFL,~O_NONBLOCK)");
314 return -1;
315 }
316 return 0;
317}
pid_perror
static int pid_perror(const char *error)
Definition network.c:125

References pid_perror().

Referenced by nrecv(), nsend(), and open_socket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ close_stream_connection()

int close_stream_connection ( int fd)

Definition at line 1705 of file network.c.

1706{
1707 openvas_connection *fp;
1708 if (!OPENVAS_STREAM (fd))
1709 {
1710 errno = EINVAL;
1711 return -1;
1712 }
1713 fp = OVAS_CONNECTION_FROM_FD (fd);
1714 g_debug ("close_stream_connection TCP:%d (fd=%d)", fp->port, fd);
1715
1716 if (!OPENVAS_STREAM (fd)) /* Will never happen if debug is on! */
1717 {
1718 if (fd < 0 || fd > 1024)
1719 {
1720 errno = EINVAL;
1721 return -1;
1722 }
1723 shutdown (fd, 2);
1724 return socket_close (fd);
1725 }
1726 if (!run_csc_hooks (fd))
1727 return release_connection_fd (fd, 1);
1728 else
1729 return release_connection_fd (fd, 0);
1730}
OPENVAS_STREAM
#define OPENVAS_STREAM(x)
Definition network.c:113
socket_close
int socket_close(int soc)
Definition network.c:2142
run_csc_hooks
static int run_csc_hooks(int fd)
Run the hooks for close_stream_connection.
Definition network.c:1694
release_connection_fd
static int release_connection_fd(int fd, int already_closed)
Definition network.c:173
OVAS_CONNECTION_FROM_FD
#define OVAS_CONNECTION_FROM_FD(fd)
Definition network.c:119
openvas_connection
Definition network.c:63
openvas_connection::port
int port
Definition network.c:73

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::port, release_connection_fd(), run_csc_hooks(), and socket_close().

Referenced by nasl_close_socket(), nasl_end_denial(), nasl_start_denial(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ fd_is_stream()

int fd_is_stream ( int fd)

Definition at line 2152 of file network.c.

2153{
2154 return OPENVAS_STREAM (fd); /* Should probably be smarter... */
2155}

References OPENVAS_STREAM.

Referenced by nasl_close_socket(), nasl_get_source_port(), nasl_recv(), nasl_recv_line(), nasl_send(), nasl_socket_get_error(), socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), socket_get_ssl_version(), socket_negotiate_ssl(), socket_ssl_do_handshake(), and socket_ssl_safe_renegotiation_status().

Here is the caller graph for this function:

◆ get_connection_fd()

int get_connection_fd ( void )
static

Returns a free file descriptor.

Definition at line 153 of file network.c.

154{
155 int i;
156
157 for (i = 0; i < OPENVAS_FD_MAX; i++)
158 {
159 if (connections[i].pid == 0) /* Not used */
160 {
161 bzero (&(connections[i]), sizeof (connections[i]));
162 connections[i].pid = getpid ();
163 return i + OPENVAS_FD_OFF;
164 }
165 }
166 g_message ("[%d] %s:%d : Out of OpenVAS file descriptors", getpid (),
167 __FILE__, __LINE__);
168 errno = EMFILE;
169 return -1;
170}
pid
static pid_t pid
Definition nasl_cmd_exec.c:39

References connections, OPENVAS_FD_MAX, OPENVAS_FD_OFF, and pid.

Referenced by open_stream_connection_ext(), and openvas_register_connection().

Here is the caller graph for this function:

◆ get_encaps_name()

const char * get_encaps_name ( openvas_encaps_t code)

Definition at line 1733 of file network.c.

1734{
1735 static char str[100];
1736 switch (code)
1737 {
1738 case OPENVAS_ENCAPS_AUTO:
1739 return "auto";
1740 case OPENVAS_ENCAPS_IP:
1741 return "IP";
1742 case OPENVAS_ENCAPS_SSLv2:
1743 return "SSLv2";
1744 case OPENVAS_ENCAPS_SSLv23:
1745 return "SSLv23";
1746 case OPENVAS_ENCAPS_SSLv3:
1747 return "SSLv3";
1748 case OPENVAS_ENCAPS_TLSv1:
1749 return "TLSv1";
1750 case OPENVAS_ENCAPS_TLSv11:
1751 return "TLSv11";
1752 case OPENVAS_ENCAPS_TLSv12:
1753 return "TLSv12";
1754 case OPENVAS_ENCAPS_TLSv13:
1755 return "TLSv13";
1756 case OPENVAS_ENCAPS_TLScustom:
1757 return "TLScustom";
1758 default:
1759 snprintf (str, sizeof (str), "[unknown transport layer - code %d (0x%x)]",
1760 code, code);
1761 return str;
1762 }
1763}
code
#define code
OPENVAS_ENCAPS_SSLv3
@ OPENVAS_ENCAPS_SSLv3
Definition network.h:34
OPENVAS_ENCAPS_TLScustom
@ OPENVAS_ENCAPS_TLScustom
Definition network.h:39
OPENVAS_ENCAPS_TLSv12
@ OPENVAS_ENCAPS_TLSv12
Definition network.h:37
OPENVAS_ENCAPS_TLSv1
@ OPENVAS_ENCAPS_TLSv1
Definition network.h:35
OPENVAS_ENCAPS_IP
@ OPENVAS_ENCAPS_IP
Definition network.h:31
OPENVAS_ENCAPS_TLSv13
@ OPENVAS_ENCAPS_TLSv13
Definition network.h:38
OPENVAS_ENCAPS_SSLv2
@ OPENVAS_ENCAPS_SSLv2
Definition network.h:33
OPENVAS_ENCAPS_SSLv23
@ OPENVAS_ENCAPS_SSLv23
Definition network.h:32
OPENVAS_ENCAPS_TLSv11
@ OPENVAS_ENCAPS_TLSv11
Definition network.h:36
OPENVAS_ENCAPS_AUTO
@ OPENVAS_ENCAPS_AUTO
Definition network.h:30

References code, OPENVAS_ENCAPS_AUTO, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by get_port_transport(), nasl_get_sock_info(), and plugin_do_run().

Here is the caller graph for this function:

◆ get_encaps_through()

const char * get_encaps_through ( openvas_encaps_t code)

Definition at line 1766 of file network.c.

1767{
1768 static char str[100];
1769 switch (code)
1770 {
1771 case OPENVAS_ENCAPS_IP:
1772 return "";
1773 case OPENVAS_ENCAPS_SSLv2:
1774 case OPENVAS_ENCAPS_SSLv23:
1775 case OPENVAS_ENCAPS_SSLv3:
1776 case OPENVAS_ENCAPS_TLSv1:
1777 case OPENVAS_ENCAPS_TLSv11:
1778 case OPENVAS_ENCAPS_TLSv12:
1779 case OPENVAS_ENCAPS_TLSv13:
1780 case OPENVAS_ENCAPS_TLScustom:
1781 return " through SSL/TLS";
1782 default:
1783 snprintf (str, sizeof (str),
1784 " through unknown transport layer - code %d (0x%x)", code,
1785 code);
1786 return str;
1787 }
1788}

References code, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by mark_acap_server(), mark_adsgone(), mark_avotus_mm_server(), mark_BitTorrent_server(), mark_citrix_server(), mark_dameware_server(), mark_dictd_server(), mark_direct_connect_hub(), mark_eggdrop_server(), mark_ens_server(), mark_exchg_routing_server(), mark_finger_server(), mark_fssniffer(), mark_ftp_server(), mark_fw1(), mark_giop_server(), mark_gnocatan_server(), mark_gnome14_server(), mark_http_proxy(), mark_http_server(), mark_imap_server(), mark_interscan_viruswall(), mark_ircxpro_admin_server(), mark_jabber_server(), mark_LISa_server(), mark_listserv_server(), mark_locked_adsubtract_server(), mark_lpd_server(), mark_lyskom_server(), mark_mon_server(), mark_nagiosd_server(), mark_nntp_server(), mark_ofa_express_server(), mark_pblocald_server(), mark_pbmaster_server(), mark_ph_server(), mark_pnsclient(), mark_pop3pw_server(), mark_ppp_daemon(), mark_psybnc(), mark_quicktime_streaming_server(), mark_remote_nc_server(), mark_rmserver(), mark_shoutcast_server(), mark_smppd_server(), mark_smtp_server(), mark_smux_server(), mark_snpp_server(), mark_spamd_server(), mark_stonegate_auth_server(), mark_sub7_server(), mark_tcpmux_server(), mark_teamspeak2_server(), mark_telnet_server(), mark_time_server(), mark_unknown_svc(), mark_upsmon_server(), mark_uucp_server(), mark_veritas_backup(), mark_vmware_auth(), mark_vtun_server(), mark_websm_server(), mark_whois_plus2_server(), and mark_zebra_server().

◆ get_sock_infos()

int get_sock_infos ( int sock,
int * r_transport,
void ** r_tls_session )

Definition at line 2256 of file network.c.

2257{
2258 openvas_connection *fp;
2259
2260 if (!OPENVAS_STREAM (sock))
2261 return ENOTSOCK;
2262 fp = &(connections[sock - OPENVAS_FD_OFF]);
2263
2264 *r_transport = fp->transport;
2265 *r_tls_session = fp->tls_session;
2266 return 0;
2267}
openvas_connection::tls_session
gnutls_session_t tls_session
Definition network.c:75
openvas_connection::transport
openvas_encaps_t transport
Definition network.c:69

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_get_sock_info(), and nasl_socket_cert_verify().

Here is the caller graph for this function:

◆ getpts()

unsigned short * getpts ( char * origexpr,
int * len )

Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

of port numbers

This function is (c) Fyodor fyodo.nosp@m.r@dh.nosp@m.p.com and was taken from his excellent and outstanding scanner Nmap See http://www.insecure.org/nmap/ for details about Nmap

Definition at line 2296 of file network.c.

2297{
2298 int exlen;
2299 char *p, *q;
2300 unsigned short *tmp, *ports;
2301 int i = 0, j = 0, start, end;
2302 char *expr;
2303 char *mem;
2304 char *s_start, *s_end;
2305 static unsigned short *last_ret = NULL;
2306 static char *last_expr = NULL;
2307 static int last_num;
2308
2309 expr = g_strdup (origexpr);
2310 exlen = strlen (origexpr);
2311 mem = expr;
2312
2313 if (last_expr != NULL)
2314 {
2315 if (strcmp (last_expr, expr) == 0)
2316 {
2317 if (len != NULL)
2318 *len = last_num;
2319 g_free (mem);
2320 return last_ret;
2321 }
2322 else
2323 {
2324 g_free (last_expr);
2325 last_expr = NULL;
2326 g_free (&last_ret);
2327 last_ret = NULL;
2328 }
2329 }
2330
2331 ports = g_malloc0 (65536 * sizeof (short));
2332 for (; j < exlen; j++)
2333 if (expr[j] != ' ')
2334 expr[i++] = expr[j];
2335 expr[i] = '\0';
2336
2337 if ((s_start = strstr (expr, "T:")) != NULL)
2338 expr = &(s_start[2]);
2339
2340 if ((s_end = strstr (expr, "U:")) != NULL)
2341 {
2342 if (s_end[-1] == ',')
2343 s_end--;
2344 s_end[0] = '\0';
2345 }
2346
2347 i = 0;
2348 while ((p = strchr (expr, ',')))
2349 {
2350 *p = '\0';
2351 if (*expr == '-')
2352 {
2353 start = 1;
2354 end = atoi (expr + 1);
2355 }
2356 else
2357 {
2358 start = end = atoi (expr);
2359 if ((q = strchr (expr, '-')) && *(q + 1))
2360 end = atoi (q + 1);
2361 else if (q && !*(q + 1))
2362 end = 65535;
2363 }
2364 if (start < 1)
2365 start = 1;
2366 if (start > end)
2367 {
2368 g_free (mem);
2369 g_free (ports);
2370 return NULL;
2371 }
2372 for (j = start; j <= end; j++)
2373 ports[i++] = j;
2374 expr = p + 1;
2375 }
2376 if (*expr == '-')
2377 {
2378 start = 1;
2379 end = atoi (expr + 1);
2380 }
2381 else
2382 {
2383 start = end = atoi (expr);
2384 if ((q = strchr (expr, '-')) && *(q + 1))
2385 end = atoi (q + 1);
2386 else if (q && !*(q + 1))
2387 end = 65535;
2388 }
2389 if (start < 1)
2390 start = 1;
2391 if (start > end)
2392 {
2393 g_free (mem);
2394 g_free (ports);
2395 return NULL;
2396 }
2397 for (j = start; j <= end; j++)
2398 ports[i++] = j;
2399 ports[i++] = 0;
2400
2401 qsort (ports, i, sizeof (u_short), qsort_compar);
2402 tmp = g_realloc (ports, i * sizeof (short));
2403 if (len != NULL)
2404 *len = i - 1;
2405 g_free (mem);
2406
2407 last_ret = tmp;
2408 last_expr = g_strdup (origexpr);
2409 last_num = i - 1;
2410 return tmp;
2411}
len
uint8_t len
Definition nasl_packet_forgery.c:1
qsort_compar
static int qsort_compar(const void *a, const void *b)
Definition network.c:2274

References len, and qsort_compar().

Referenced by nasl_scanner_get_port(), and scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ is_ip_address()

int is_ip_address ( const char * str)
static

Definition at line 549 of file network.c.

550{
551 struct sockaddr_in sa;
552 struct sockaddr_in6 sa6;
553
554 if (inet_pton (AF_INET, str, &(sa.sin_addr)) == 1)
555 return 1;
556
557 return inet_pton (AF_INET6, str, &(sa6.sin6_addr)) == 1;
558}

Referenced by open_SSL_connection().

Here is the caller graph for this function:

◆ load_cert_and_key()

int load_cert_and_key ( gnutls_certificate_credentials_t xcred,
const char * cert,
const char * key,
const char * passwd )
static

Loads a certificate and the corresponding private key from PEM files.

The private key may be encrypted, in which case the password to decrypt the key should be given as the passwd parameter.

Returns
Returns 0 on success and -1 on failure.

Definition at line 457 of file network.c.

459{
460 gnutls_x509_crt_t x509_crt = NULL;
461 gnutls_x509_privkey_t x509_key = NULL;
462 gnutls_datum_t data;
463 int ret;
464 int result = 0;
465
466 if (load_gnutls_file (cert, &data))
467 {
468 g_message ("[%d] load_cert_and_key: Error loading cert file %s",
469 getpid (), cert);
470 result = -1;
471 goto cleanup;
472 }
473 ret = gnutls_x509_crt_init (&x509_crt);
474 if (ret < 0)
475 {
476 tlserror ("gnutls_x509_crt_init", ret);
477 /* x509_crt may be != NULL even if gnutls_x509_crt_init fails */
478 x509_crt = NULL;
479 result = -1;
480 goto cleanup;
481 }
482 ret = gnutls_x509_crt_import (x509_crt, &data, GNUTLS_X509_FMT_PEM);
483 if (ret < 0)
484 {
485 tlserror ("gnutls_x509_crt_import", ret);
486 result = -1;
487 goto cleanup;
488 }
489 unload_gnutls_file (&data);
490
491 if (load_gnutls_file (key, &data))
492 {
493 g_message ("[%d] load_cert_and_key: Error loading key file %s", getpid (),
494 key);
495 result = -1;
496 goto cleanup;
497 }
498 ret = gnutls_x509_privkey_init (&x509_key);
499 if (ret < 0)
500 {
501 tlserror ("gnutls_x509_privkey_init", ret);
502 /* x509_key may be != NULL even if gnutls_x509_privkey_init fails */
503 x509_key = NULL;
504 result = -1;
505 goto cleanup;
506 }
507 if (passwd)
508 {
509 ret = gnutls_x509_privkey_import_pkcs8 (x509_key, &data,
510 GNUTLS_X509_FMT_PEM, passwd, 0);
511 if (ret < 0)
512 {
513 tlserror ("gnutls_x509_privkey_import_pkcs8", ret);
514 result = -1;
515 goto cleanup;
516 }
517 }
518 else
519 {
520 ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
521 if (ret < 0)
522 {
523 tlserror ("gnutls_x509_privkey_import", ret);
524 result = -1;
525 goto cleanup;
526 }
527 }
528 unload_gnutls_file (&data);
529
530 ret = gnutls_certificate_set_x509_key (xcred, &x509_crt, 1, x509_key);
531 if (ret < 0)
532 {
533 tlserror ("gnutls_certificate_set_x509_key", ret);
534 result = -1;
535 goto cleanup;
536 }
537
538cleanup:
539
540 if (x509_crt)
541 gnutls_x509_crt_deinit (x509_crt);
542 if (x509_key)
543 gnutls_x509_privkey_deinit (x509_key);
544
545 return result;
546}
tlserror
static void tlserror(char *txt, int err)
Definition network.c:326

References tlserror().

Referenced by open_SSL_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ log_message_gnutls()

void log_message_gnutls ( int level,
const char * msg )
static

Definition at line 332 of file network.c.

333{
334 g_debug ("LEVEL %d: %s", level, msg);
335}

Referenced by openvas_SSL_init().

Here is the caller graph for this function:

◆ nrecv()

int nrecv ( int fd,
void * data,
int length,
int i_opt )

Definition at line 1628 of file network.c.

1629{
1630 int e;
1631 if (OPENVAS_STREAM (fd))
1632 {
1633 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1634 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1635 else
1636 return read_stream_connection (fd, data, length);
1637 }
1638 /* Trying OS's recv()
1639 *
1640 * Do *NOT* use os_recv() here, as it will be blocking until the exact
1641 * amount of requested data arrives
1642 */
1643 block_socket (fd);
1644 do
1645 {
1646 e = recv (fd, data, length, i_opt);
1647 }
1648 while (e < 0 && errno == EINTR);
1649 return e;
1650}
length
u_short length
Definition nasl_packet_forgery.c:4
read_stream_connection
int read_stream_connection(int fd, void *buf0, int len)
Definition network.c:1457
block_socket
static int block_socket(int soc)
Definition network.c:303

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, and read_stream_connection().

Here is the call graph for this function:

◆ nsend()

int nsend ( int fd,
void * data,
int length,
int i_opt )

Definition at line 1589 of file network.c.

1590{
1591 int n = 0;
1592
1593 if (OPENVAS_STREAM (fd))
1594 {
1595 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1596 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1597 else
1598 return write_stream_connection4 (fd, data, length, i_opt);
1599 }
1600 /* Trying OS's send() */
1601 block_socket (fd); /* ??? */
1602 do
1603 {
1604 struct timeval tv = {0, 5};
1605 fd_set wr;
1606 int e;
1607
1608 FD_ZERO (&wr);
1609 FD_SET (fd, &wr);
1610
1611 errno = 0;
1612 e = select (fd + 1, NULL, &wr, NULL, &tv);
1613 if (e > 0)
1614 n = os_send (fd, data, length, i_opt);
1615 else if (e < 0 && errno == EINTR)
1616 continue;
1617 else
1618 break;
1619 }
1620 while (n <= 0 && errno == EINTR);
1621 if (n < 0)
1622 g_message ("[%d] nsend():send %s", getpid (), strerror (errno));
1623
1624 return n;
1625}
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
write_stream_connection4
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition network.c:1463
os_send
int os_send(int soc, void *buf, int len, int opt)
Definition network.c:2216

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, os_send(), timeval(), and write_stream_connection4().

Referenced by nasl_end_denial(), and nasl_send().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_opt_hn()

int open_sock_opt_hn ( const char * hostname,
unsigned int port,
int type,
int protocol,
int timeout )

Definition at line 1890 of file network.c.

1892{
1893 struct sockaddr_in addr;
1894 struct sockaddr_in6 addr6;
1895 struct in6_addr in6addr;
1896
1897 gvm_resolve_as_addr6 (hostname, &in6addr);
1898 if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1899 {
1900 bzero ((void *) &addr, sizeof (addr));
1901 addr.sin_family = AF_INET;
1902 addr.sin_port = htons ((unsigned short) port);
1903 addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1904 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1905 sizeof (struct sockaddr_in));
1906 }
1907 else
1908 {
1909 bzero ((void *) &addr6, sizeof (addr6));
1910 addr6.sin6_family = AF_INET6;
1911 addr6.sin6_port = htons ((unsigned short) port);
1912 memcpy (&addr6.sin6_addr, &in6addr, sizeof (struct in6_addr));
1913 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1914 sizeof (struct sockaddr_in6));
1915 }
1916}
protocol
u_char protocol
Definition nasl_packet_forgery.c:3
open_socket
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition network.c:1791
hostname
const char * hostname
Definition pluginlaunch.c:68

References hostname, open_socket(), and protocol.

Referenced by nasl_open_sock_kdc().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_option()

int open_sock_option ( struct script_infos * args,
unsigned int port,
int type,
int protocol,
int timeout )

Definition at line 1996 of file network.c.

1998{
1999 struct sockaddr_in addr;
2000 struct sockaddr_in6 addr6;
2001 struct in6_addr *t;
2002
2003 t = plug_get_host_ip (args);
2004 if (!t)
2005 {
2006 g_message ("ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
2007 return (-1);
2008 }
2009 if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
2010 return (-1);
2011 if (IN6_IS_ADDR_V4MAPPED (t))
2012 {
2013 bzero ((void *) &addr, sizeof (addr));
2014 addr.sin_family = AF_INET;
2015 addr.sin_port = htons ((unsigned short) port);
2016 addr.sin_addr.s_addr = t->s6_addr32[3];
2017 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
2018 sizeof (struct sockaddr_in));
2019 }
2020 else
2021 {
2022 bzero ((void *) &addr6, sizeof (addr6));
2023 addr6.sin6_family = AF_INET6;
2024 addr6.sin6_port = htons ((unsigned short) port);
2025 memcpy (&addr6.sin6_addr, t, sizeof (struct in6_addr));
2026 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
2027 sizeof (struct sockaddr_in6));
2028 }
2029}
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition plugutils.c:371

References open_socket(), plug_get_host_ip(), and protocol.

Referenced by open_sock_tcp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_tcp()

int open_sock_tcp ( struct script_infos * args,
unsigned int port,
int timeout )

Definition at line 1919 of file network.c.

1920{
1921 int ret, retry = 0;
1922 const char *timeout_retry;
1923
1924 timeout_retry = prefs_get ("timeout_retry");
1925 if (timeout_retry)
1926 retry = atoi (timeout_retry);
1927 if (retry < 0)
1928 retry = 0;
1929
1930 while (retry >= 0)
1931 {
1932 errno = 0;
1933 ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
1934 if (ret >= 0 || errno != ETIMEDOUT)
1935 break;
1936 retry--;
1937 }
1938 if (ret < 0 && errno == ETIMEDOUT)
1939 {
1940 int log_count, attempts = 0;
1941 char *ip_str = plug_get_host_ip_str (args), buffer[1024];
1942 kb_t kb = plug_get_kb (args);
1943 const char *max_attempts;
1944
1945 max_attempts = prefs_get ("open_sock_max_attempts");
1946 if (max_attempts)
1947 attempts = atoi (max_attempts);
1948 if (attempts < 0)
1949 attempts = 0;
1950
1951 g_snprintf (buffer, sizeof (buffer), "ConnectTimeout/%s/%d", ip_str,
1952 port);
1953 log_count = kb_item_get_int (kb, buffer);
1954 if (log_count == -1)
1955 log_count = 0;
1956 if (log_count < 3)
1957 {
1958 g_message ("open_sock_tcp: %s:%d time-out.", ip_str, port);
1959 }
1960 log_count++;
1961 kb_item_set_int_with_main_kb_check (kb, buffer, log_count);
1962 if ((log_count >= attempts) && (attempts != 0))
1963 {
1964 /* After some unsuccessfully attempts, the port is set to closed to
1965 * avoid new attempts from other plugins.
1966 */
1967 if (host_get_port_state (args, port) > 0)
1968 {
1969 char host_port_ip_str[INET6_ADDRSTRLEN];
1970
1971 addr6_to_str (args->ip, host_port_ip_str);
1972 g_snprintf (buffer, sizeof (buffer), "Ports/tcp/%d", port);
1973 g_message ("open_sock_tcp: %s:%d too many timeouts. "
1974 "This port will be set to closed.",
1975 host_port_ip_str, port);
1976 kb_item_set_int_with_main_kb_check (kb, buffer, 0);
1977
1978 snprintf (
1979 buffer, sizeof (buffer),
1980 "ERRMSG|||%s|||%s|||%d/tcp||| |||Too many timeouts. The port"
1981 " was set to closed.",
1982 host_port_ip_str,
1983 plug_current_vhost () ? plug_current_vhost () : " ", port);
1984
1985 kb_item_push_str_with_main_kb_check (get_main_kb (),
1986 "internal/results", buffer);
1987 }
1988 }
1989 g_free (ip_str);
1990 }
1991
1992 return ret;
1993}
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition kb_cache.c:41
open_sock_option
int open_sock_option(struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
Definition network.c:1996
host_get_port_state
int host_get_port_state(struct script_infos *plugdata, int portnum)
Definition plugutils.c:193
plug_current_vhost
const char * plug_current_vhost(void)
Definition plugutils.c:93
kb_item_push_str_with_main_kb_check
int kb_item_push_str_with_main_kb_check(kb_t kb, const char *name, const char *value)
Check if the current kb corresponds to the original scanid, if it matches it kb_item_push_str....
Definition plugutils.c:533
plug_get_host_ip_str
char * plug_get_host_ip_str(struct script_infos *desc)
Definition plugutils.c:377
kb_item_set_int_with_main_kb_check
int kb_item_set_int_with_main_kb_check(kb_t kb, const char *name, int value)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_set_int....
Definition plugutils.c:609
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition plugutils.c:1157
script_infos::ip
struct in6_addr * ip
Definition scanneraux.h:37

References get_main_kb(), host_get_port_state(), script_infos::ip, kb_item_push_str_with_main_kb_check(), kb_item_set_int_with_main_kb_check(), open_sock_option(), plug_current_vhost(), plug_get_host_ip_str(), and plug_get_kb().

Referenced by open_stream_connection_ext().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_socket()

int open_socket ( struct sockaddr * paddr,
int type,
int protocol,
int timeout,
int len )
static

Definition at line 1791 of file network.c.

1793{
1794 fd_set fd_w;
1795 struct timeval to;
1796 int soc, x;
1797 int opt;
1798 unsigned int opt_sz;
1799 int family;
1800
1801 __port_closed = 0;
1802
1803 if (paddr->sa_family == AF_INET)
1804 {
1805 family = AF_INET;
1806 if ((soc = socket (AF_INET, type, protocol)) < 0)
1807 {
1808 pid_perror ("socket");
1809 return -1;
1810 }
1811 }
1812 else
1813 {
1814 family = AF_INET6;
1815 if ((soc = socket (AF_INET6, type, protocol)) < 0)
1816 {
1817 pid_perror ("socket");
1818 return -1;
1819 }
1820 }
1821
1822 if (timeout == -2)
1823 timeout = TIMEOUT;
1824
1825 if (timeout > 0)
1826 if (unblock_socket (soc) < 0)
1827 {
1828 close (soc);
1829 return -1;
1830 }
1831
1832 gvm_source_set_socket (soc, 0, family);
1833
1834 if (connect (soc, paddr, len) < 0)
1835 {
1836 pid_perror ("connect");
1837 again:
1838 switch (errno)
1839 {
1840 case EINPROGRESS:
1841 case EAGAIN:
1842 FD_ZERO (&fd_w);
1843 FD_SET (soc, &fd_w);
1844 to.tv_sec = timeout;
1845 to.tv_usec = 0;
1846 x = select (soc + 1, NULL, &fd_w, NULL, &to);
1847 if (x == 0)
1848 {
1849 pid_perror ("connect->select: timeout");
1850 socket_close (soc);
1851 errno = ETIMEDOUT;
1852 return -1;
1853 }
1854 else if (x < 0)
1855 {
1856 if (errno == EINTR)
1857 {
1858 errno = EAGAIN;
1859 goto again;
1860 }
1861 pid_perror ("select");
1862 socket_close (soc);
1863 return -1;
1864 }
1865
1866 opt = 0;
1867 opt_sz = sizeof (opt);
1868 if (getsockopt (soc, SOL_SOCKET, SO_ERROR, &opt, &opt_sz) < 0)
1869 {
1870 pid_perror ("getsockopt");
1871 socket_close (soc);
1872 return -1;
1873 }
1874 if (opt == 0)
1875 break;
1876 errno = opt;
1877 pid_perror ("SO_ERROR");
1878 /* fallthrough */
1879 default:
1880 __port_closed = 1;
1881 socket_close (soc);
1882 return -1;
1883 }
1884 }
1885 block_socket (soc);
1886 return soc;
1887}
TIMEOUT
#define TIMEOUT
Definition network.c:45
unblock_socket
static int unblock_socket(int soc)
Definition network.c:286
__port_closed
static int __port_closed
Definition network.c:283

References __port_closed, block_socket(), len, pid_perror(), protocol, socket_close(), TIMEOUT, timeval(), and unblock_socket().

Referenced by open_sock_opt_hn(), and open_sock_option().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_SSL_connection()

int open_SSL_connection ( openvas_connection * fp,
const char * cert,
const char * key,
const char * passwd,
const char * cafile,
const char * hostname,
unsigned int flags )
static

Open an TLS/SSL connection.

Parameters
fpFile structure for a the openvas connection
certThe certificate.
keyThe key
passwdThe password
cafileThe CA file
hostnameTargets hostname
flagsExtra options which can not be set via the priority string Supported flags are:
  • NO_PRIORITY_FLAGS
  • INSECURE_DH_PRIME_BITS
Returns
1 on success. -1 on general error or timeout. -2 if DH prime bits on server side are lower than minimum allowed. -3 on Fatal alert received from server

Definition at line 580 of file network.c.

583{
584 int ret, err, d;
585 time_t tictac;
586 fd_set fdw, fdr;
587 struct timeval to;
588
589 ret = gnutls_init (&(fp->tls_session), GNUTLS_CLIENT);
590 if (ret < 0)
591 {
592 tlserror ("gnutls_init", ret);
593 return -1;
594 }
595
596 /* set_gnutls_protocol handles OPENVAS_ENCAPS_SSLv2 by falling back
597 * to OPENVAS_ENCAPS_SSLv23. However, this function
598 * (open_SSL_connection) is called only by open_stream_connection and
599 * open_stream_connection will exit with an error code if called with
600 * OPENVAS_ENCAPS_SSLv2, so it should never end up calling
601 * open_SSL_connection with OPENVAS_ENCAPS_SSLv2.
602 */
603 if (set_gnutls_protocol (fp->tls_session, fp->transport, fp->priority, flags)
604 < 0)
605 return -1;
606
607 if (hostname && !is_ip_address (hostname))
608 gnutls_server_name_set (fp->tls_session, GNUTLS_NAME_DNS, hostname,
609 strlen (hostname));
610
611 ret = gnutls_certificate_allocate_credentials (&(fp->tls_cred));
612 if (ret < 0)
613 {
614 tlserror ("gnutls_certificate_allocate_credentials", ret);
615 return -1;
616 }
617 ret = gnutls_credentials_set (fp->tls_session, GNUTLS_CRD_CERTIFICATE,
618 fp->tls_cred);
619 if (ret < 0)
620 {
621 tlserror ("gnutls_credentials_set", ret);
622 return -1;
623 }
624
625 if (cert != NULL && key != NULL)
626 {
627 if (load_cert_and_key (fp->tls_cred, cert, key, passwd) < 0)
628 return -1;
629 }
630
631 if (cafile != NULL)
632 {
633 ret = gnutls_certificate_set_x509_trust_file (fp->tls_cred, cafile,
634 GNUTLS_X509_FMT_PEM);
635 if (ret < 0)
636 {
637 tlserror ("gnutls_certificate_set_x509_trust_file", ret);
638 return -1;
639 }
640 }
641
642 unblock_socket (fp->fd);
643
644 gnutls_transport_set_ptr (fp->tls_session,
645 (gnutls_transport_ptr_t) GSIZE_TO_POINTER (fp->fd));
646
647 tictac = time (NULL);
648
649 for (;;)
650 {
651 err = gnutls_handshake (fp->tls_session);
652
653 if (err == 0)
654 return 1;
655
656 /* Set min number of bits for Deffie-Hellman prime
657 to force a connection to a legacy server. */
658 if (err == GNUTLS_E_DH_PRIME_UNACCEPTABLE
659 && fp->transport == OPENVAS_ENCAPS_TLScustom)
660 {
661 g_message ("[%d] gnutls_handshake: %s", getpid (),
662 gnutls_strerror (err));
663 return -2;
664 }
665 else if (err == GNUTLS_E_FATAL_ALERT_RECEIVED)
666 {
667 g_debug ("[%d] gnutls_handshake: %s", getpid (),
668 gnutls_strerror (err));
669 return -3;
670 }
671 else if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
672 && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
673 {
674 g_debug ("[%d] gnutls_handshake: %s, %d", getpid (),
675 gnutls_strerror (err), err);
676 return -1;
677 }
678
679 FD_ZERO (&fdr);
680 FD_SET (fp->fd, &fdr);
681 FD_ZERO (&fdw);
682 FD_SET (fp->fd, &fdw);
683
684 do
685 {
686 d = tictac + fp->timeout - time (NULL);
687 if (d <= 0)
688 {
689 fp->last_err = ETIMEDOUT;
690 return -1;
691 }
692 to.tv_sec = d;
693 to.tv_usec = 0;
694 errno = 0;
695 if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
696 pid_perror ("select");
697 }
698 while (ret < 0 && errno == EINTR);
699
700 if (ret <= 0)
701 {
702 fp->last_err = ETIMEDOUT;
703 return -1;
704 }
705 }
706}
is_ip_address
static int is_ip_address(const char *str)
Definition network.c:549
load_cert_and_key
static int load_cert_and_key(gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
Loads a certificate and the corresponding private key from PEM files.
Definition network.c:457
set_gnutls_protocol
static int set_gnutls_protocol(gnutls_session_t session, openvas_encaps_t encaps, const char *priority, unsigned int flags)
Definition network.c:394
openvas_connection::fd
int fd
Definition network.c:64
openvas_connection::timeout
int timeout
Definition network.c:71
openvas_connection::priority
char * priority
Definition network.c:70
openvas_connection::last_err
int last_err
Definition network.c:82
openvas_connection::tls_cred
gnutls_certificate_credentials_t tls_cred
Definition network.c:76

References openvas_connection::fd, hostname, is_ip_address(), openvas_connection::last_err, load_cert_and_key(), OPENVAS_ENCAPS_TLScustom, pid_perror(), openvas_connection::priority, set_gnutls_protocol(), openvas_connection::timeout, timeval(), openvas_connection::tls_cred, openvas_connection::tls_session, tlserror(), openvas_connection::transport, and unblock_socket().

Referenced by open_stream_connection_ext(), and socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_auto_encaps_ext()

int open_stream_auto_encaps_ext ( struct script_infos * args,
unsigned int port,
int timeout,
int force )

Definition at line 1185 of file network.c.

1187{
1188 int fd, transport;
1189
1190 if (force)
1191 {
1192 /* Try SSL/TLS first */
1193 transport = OPENVAS_ENCAPS_TLScustom;
1194 fd = open_stream_connection (args, port, transport, timeout);
1195 if (fd < 0)
1196 {
1197 transport = OPENVAS_ENCAPS_IP;
1198 fd = open_stream_connection (args, port, OPENVAS_ENCAPS_IP, timeout);
1199 if (fd < 0)
1200 return -1;
1201 }
1202 /* Store that encapsulation mode in the KB. */
1203 plug_set_port_transport (args, port, transport);
1204 return fd;
1205 }
1206 else
1207 {
1208 transport = plug_get_port_transport (args, port);
1209 fd = open_stream_connection (args, port, transport, timeout);
1210 return fd;
1211 }
1212 /*NOTREACHED*/
1213}
open_stream_connection
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition network.c:1175
plug_get_port_transport
int plug_get_port_transport(struct script_infos *args, int port)
Definition plugutils.c:1396
plug_set_port_transport
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition plugutils.c:1383

References open_stream_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_TLScustom, plug_get_port_transport(), and plug_set_port_transport().

Referenced by nasl_open_sock_tcp_bufsz().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection()

int open_stream_connection ( struct script_infos * args,
unsigned int port,
int transport,
int timeout )

Definition at line 1175 of file network.c.

1177{
1178 return open_stream_connection_ext (args, port, transport, timeout,
1179 tls_priorities, tls_priority_flag);
1180}
open_stream_connection_ext
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
Definition network.c:1046
tls_priorities
const char * tls_priorities
Definition network.c:146
tls_priority_flag
int tls_priority_flag
Definition network.c:147

References open_stream_connection_ext(), tls_priorities, and tls_priority_flag.

Referenced by nasl_end_denial(), nasl_start_denial(), open_stream_auto_encaps_ext(), plugin_do_run(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection_ext()

int open_stream_connection_ext ( struct script_infos * args,
unsigned int port,
int transport,
int timeout,
const char * priority,
int flags )

Definition at line 1046 of file network.c.

1049{
1050 int fd, ret;
1051 openvas_connection *fp;
1052 char *cert = NULL;
1053 char *key = NULL;
1054 char *passwd = NULL;
1055 char *cafile = NULL;
1056 char *hostname = NULL;
1057 char *hostname_aux = NULL;
1058
1059 /* Because plug_get_host_fqdn() forks for each vhost, we fork() before
1060 creating the socket */
1061 hostname_aux = plug_get_host_fqdn (args);
1062
1063 if (!priority)
1064 priority = ""; /* To us an empty string is equivalent to NULL. */
1065
1066 g_debug ("[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
1067 " priority: '%s'",
1068 getpid (), port, transport, timeout, priority);
1069
1070 if (timeout == -2)
1071 timeout = TIMEOUT;
1072
1073 ret = -1;
1074 switch (transport)
1075 {
1076 case OPENVAS_ENCAPS_IP:
1077
1078 case OPENVAS_ENCAPS_SSLv23:
1079 case OPENVAS_ENCAPS_SSLv3:
1080 case OPENVAS_ENCAPS_TLSv1:
1081 case OPENVAS_ENCAPS_TLSv11:
1082 case OPENVAS_ENCAPS_TLSv12:
1083 case OPENVAS_ENCAPS_TLSv13:
1084 case OPENVAS_ENCAPS_TLScustom:
1085 case OPENVAS_ENCAPS_SSLv2:
1086 break;
1087
1088 default:
1089 g_message ("open_stream_connection_ext(): unsupported transport"
1090 " layer %d passed by %s",
1091 transport, args->name);
1092 errno = EINVAL;
1093
1094 g_free (hostname_aux);
1095 return ret;
1096 }
1097
1098 if ((fd = get_connection_fd ()) < 0)
1099 {
1100 g_free (hostname_aux);
1101 return ret;
1102 }
1103 fp = OVAS_CONNECTION_FROM_FD (fd);
1104
1105 fp->transport = transport;
1106 g_free (fp->priority);
1107 if (*priority)
1108 fp->priority = g_strdup (priority);
1109 else
1110 fp->priority = NULL;
1111 fp->timeout = timeout;
1112 fp->port = port;
1113 fp->last_err = 0;
1114
1115 fp->fd = open_sock_tcp (args, port, timeout);
1116 if (fp->fd < 0)
1117 goto failed;
1118
1119 kb_t kb = plug_get_kb (args);
1120 switch (transport)
1121 {
1122 char buf[1024];
1123
1124 case OPENVAS_ENCAPS_IP:
1125 break;
1126 case OPENVAS_ENCAPS_SSLv23:
1127 case OPENVAS_ENCAPS_SSLv3:
1128 case OPENVAS_ENCAPS_TLSv1:
1129 case OPENVAS_ENCAPS_TLSv11:
1130 case OPENVAS_ENCAPS_TLSv12:
1131 case OPENVAS_ENCAPS_TLSv13:
1132 case OPENVAS_ENCAPS_TLScustom:
1133 cert = kb_item_get_str (kb, "SSL/cert");
1134 key = kb_item_get_str (kb, "SSL/key");
1135 passwd = kb_item_get_str (kb, "SSL/password");
1136
1137 cafile = kb_item_get_str (kb, "SSL/CA");
1138
1139 /* fall through */
1140
1141 case OPENVAS_ENCAPS_SSLv2:
1142 /* We do not need a client certificate in this case */
1143 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
1144 if (kb_item_get_int (kb, buf) <= 0)
1145 hostname = hostname_aux;
1146
1147 ret =
1148 open_SSL_connection (fp, cert, key, passwd, cafile, hostname, flags);
1149 g_free (cert);
1150 g_free (key);
1151 g_free (passwd);
1152 g_free (cafile);
1153 if (ret <= 0)
1154 goto failed;
1155 break;
1156 }
1157
1158 g_free (hostname_aux);
1159
1160 return fd;
1161
1162failed:
1163 release_connection_fd (fd, 0);
1164 return ret;
1165}
get_connection_fd
static int get_connection_fd(void)
Returns a free file descriptor.
Definition network.c:153
open_sock_tcp
int open_sock_tcp(struct script_infos *args, unsigned int port, int timeout)
Definition network.c:1919
open_SSL_connection
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
Open an TLS/SSL connection.
Definition network.c:580
plug_get_host_fqdn
char * plug_get_host_fqdn(struct script_infos *args)
Definition plugutils.c:291
script_infos::name
char * name
Definition scanneraux.h:35

References openvas_connection::fd, get_connection_fd(), hostname, openvas_connection::last_err, script_infos::name, open_sock_tcp(), open_SSL_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), TIMEOUT, openvas_connection::timeout, and openvas_connection::transport.

Referenced by nasl_open_sock_tcp_bufsz(), open_stream_connection(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_tls_default_priorities()

void open_stream_tls_default_priorities ( const char * p,
const int pflag )

Definition at line 1168 of file network.c.

1169{
1170 tls_priorities = p;
1171 tls_priority_flag = pflag;
1172}

References tls_priorities, and tls_priority_flag.

Referenced by retry_stream_connection().

Here is the caller graph for this function:

◆ openvas_deregister_connection()

int openvas_deregister_connection ( int fd)

Definition at line 259 of file network.c.

260{
261 openvas_connection *p;
262 if (!OPENVAS_STREAM (fd))
263 {
264 errno = EINVAL;
265 return -1;
266 }
267
268 p = connections + (fd - OPENVAS_FD_OFF);
269 /* Fixme: Code duplicated from release_connection_fd. Check usage
270 of this function make sure that TLS stuff is also released in
271 case it is used here. */
272 g_free (p->priority);
273 p->priority = NULL;
274 bzero (p, sizeof (*p));
275 p->transport = -1;
276 return 0;
277}

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::priority, and openvas_connection::transport.

◆ openvas_get_socket_from_connection()

int openvas_get_socket_from_connection ( int fd)

Definition at line 357 of file network.c.

358{
359 openvas_connection *fp;
360
361 if (!OPENVAS_STREAM (fd))
362 {
363 g_message ("[%d] openvas_get_socket_from_connection: bad fd <%d>",
364 getpid (), fd);
365 return fd;
366 }
367 fp = connections + (fd - OPENVAS_FD_OFF);
368 if (fp->transport <= 0)
369 {
370 g_message ("openvas_get_socket_from_connection: fd <%d> is closed", fd);
371 return -1;
372 }
373 return fp->fd;
374}

References connections, openvas_connection::fd, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::transport.

Referenced by nasl_get_source_port(), nasl_ssh_connect(), and plugin_do_run().

Here is the caller graph for this function:

◆ openvas_register_connection()

int openvas_register_connection ( int soc,
void * ssl,
gnutls_certificate_credentials_t certcred,
openvas_encaps_t encaps )
Todo
TLS FIXME: migrate this to TLS
Todo
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.

Definition at line 234 of file network.c.

237{
238 int fd;
239 openvas_connection *p;
240
241 if ((fd = get_connection_fd ()) < 0)
242 return -1;
243 p = OVAS_CONNECTION_FROM_FD (fd);
244
245 p->tls_session = ssl;
246 p->tls_cred = certcred;
247
248 p->timeout = TIMEOUT; /* default value */
249 p->port = 0; /* just used for debug */
250 p->fd = soc;
251 p->transport = encaps;
252 p->priority = NULL;
253 p->last_err = 0;
254
255 return fd;
256}

References openvas_connection::fd, get_connection_fd(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, openvas_connection::port, openvas_connection::priority, TIMEOUT, openvas_connection::timeout, openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_open_privileged_socket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas_SSL_init()

int openvas_SSL_init ( void )

Initializes SSL support.

Definition at line 341 of file network.c.

342{
343 gnutls_global_set_log_level (2);
344 gnutls_global_set_log_function (log_message_gnutls);
345
346 int ret = gnutls_global_init ();
347 if (ret < 0)
348 {
349 tlserror ("gnutls_global_init", ret);
350 return -1;
351 }
352
353 return 0;
354}
log_message_gnutls
static void log_message_gnutls(int level, const char *msg)
Definition network.c:332

References log_message_gnutls(), and tlserror().

Referenced by check_tls(), and main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ os_recv()

int os_recv ( int soc,
void * buf,
int len,
int opt )

Definition at line 2235 of file network.c.

2236{
2237 char *buf0 = (char *) buf;
2238 int e, n;
2239 for (n = 0; n < len;)
2240 {
2241 errno = 0;
2242 e = recv (soc, buf0 + n, len - n, opt);
2243 if (e < 0 && errno == EINTR)
2244 continue;
2245 else if (e <= 0)
2246 return -1;
2247 else
2248 n += e;
2249 }
2250 return n;
2251}

References len.

◆ os_send()

int os_send ( int soc,
void * buf,
int len,
int opt )

Definition at line 2216 of file network.c.

2217{
2218 char *buf0 = (char *) buf;
2219 int e, n;
2220 for (n = 0; n < len;)
2221 {
2222 errno = 0;
2223 e = send (soc, buf0 + n, len - n, opt);
2224 if (e < 0 && errno == EINTR)
2225 continue;
2226 else if (e <= 0)
2227 return -1;
2228 else
2229 n += e;
2230 }
2231 return n;
2232}

References len.

Referenced by nsend().

Here is the caller graph for this function:

◆ ovas_get_tlssession_from_connection()

gnutls_session_t ovas_get_tlssession_from_connection ( int fd)

Definition at line 377 of file network.c.

378{
379 openvas_connection *fp;
380
381 if (!OPENVAS_STREAM (fd))
382 return NULL;
383
384 fp = connections + (fd - OPENVAS_FD_OFF);
385 return fp->tls_session;
386}

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::tls_session.

Referenced by socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), and socket_get_ssl_version().

Here is the caller graph for this function:

◆ pid_perror()

int pid_perror ( const char * error)
static

Same as perror(), but prefixes the data by our pid.

Definition at line 125 of file network.c.

126{
127 g_debug ("[%d] %s : %s", getpid (), error, strerror (errno));
128 return 0;
129}

Referenced by block_socket(), open_socket(), open_SSL_connection(), read_stream_connection_unbuffered(), release_connection_fd(), socket_ssl_do_handshake(), unblock_socket(), and write_stream_connection4().

Here is the caller graph for this function:

◆ qsort_compar()

int qsort_compar ( const void * a,
const void * b )
static

Definition at line 2274 of file network.c.

2275{
2276 u_short *aa = (u_short *) a;
2277 u_short *bb = (u_short *) b;
2278 if (*aa == 0)
2279 return (1);
2280 else if (*bb == 0)
2281 return (-1);
2282 else
2283 return (*aa - *bb);
2284}

Referenced by getpts().

Here is the caller graph for this function:

◆ read_stream_connection()

int read_stream_connection ( int fd,
void * buf0,
int len )

Definition at line 1457 of file network.c.

1458{
1459 return read_stream_connection_min (fd, buf0, -1, len);
1460}
read_stream_connection_min
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition network.c:1397

References len, and read_stream_connection_min().

Referenced by nasl_telnet_init(), nrecv(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_min()

int read_stream_connection_min ( int fd,
void * buf0,
int min_len,
int max_len )

Definition at line 1397 of file network.c.

1398{
1399 openvas_connection *fp;
1400
1401 if (OPENVAS_STREAM (fd))
1402 {
1403 fp = OVAS_CONNECTION_FROM_FD (fd);
1404 if (fp->buf != NULL)
1405 {
1406 int l1, l2;
1407
1408 if (max_len == 1)
1409 min_len = 1; /* avoid "magic read" later */
1410 l2 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1411 if (l2 > 0)
1412 {
1413 memcpy (buf0, fp->buf + fp->bufptr, l2);
1414 fp->bufcnt -= l2;
1415 if (fp->bufcnt == 0)
1416 {
1417 fp->bufptr = 0;
1418 fp->buf[0] = '\0'; /* debug */
1419 }
1420 else
1421 fp->bufptr += l2;
1422 if (l2 >= min_len || l2 >= max_len)
1423 return l2;
1424 max_len -= l2;
1425 min_len -= l2;
1426 }
1427 if (min_len > fp->bufsz)
1428 {
1429 l1 = read_stream_connection_unbuffered (fd, (char *) buf0 + l2,
1430 min_len, max_len);
1431 if (l1 > 0)
1432 return l1 + l2;
1433 else
1434 return l2;
1435 }
1436 /* Fill buffer */
1437 l1 =
1438 read_stream_connection_unbuffered (fd, fp->buf, min_len, fp->bufsz);
1439 if (l1 <= 0)
1440 return l2;
1441
1442 fp->bufcnt = l1;
1443 l1 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1444 memcpy ((char *) buf0 + l2, fp->buf + fp->bufptr, l1);
1445 fp->bufcnt -= l1;
1446 if (fp->bufcnt == 0)
1447 fp->bufptr = 0;
1448 else
1449 fp->bufptr += l1;
1450 return l1 + l2;
1451 }
1452 }
1453 return read_stream_connection_unbuffered (fd, buf0, min_len, max_len);
1454}
read_stream_connection_unbuffered
static int read_stream_connection_unbuffered(int fd, void *buf0, int min_len, int max_len)
Definition network.c:1232
openvas_connection::bufcnt
int bufcnt
Definition network.c:81
openvas_connection::bufptr
int bufptr
Definition network.c:81
openvas_connection::bufsz
int bufsz
Definition network.c:81
openvas_connection::buf
char * buf
Definition network.c:80

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and read_stream_connection_unbuffered().

Referenced by nasl_recv(), nasl_recv_line(), nasl_telnet_init(), plugin_do_run(), read_stream_connection(), and recv_line().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_unbuffered()

int read_stream_connection_unbuffered ( int fd,
void * buf0,
int min_len,
int max_len )
static

Definition at line 1232 of file network.c.

1233{
1234 int ret, realfd, trp, t, select_status;
1235 int total = 0, flag = 0, timeout = TIMEOUT, waitall = 0;
1236 unsigned char *buf = (unsigned char *) buf0;
1237 openvas_connection *fp = NULL;
1238 fd_set fdr, fdw;
1239 struct timeval tv;
1240 time_t now, then;
1241
1242 if (OPENVAS_STREAM (fd))
1243 {
1244 fp = OVAS_CONNECTION_FROM_FD (fd);
1245 trp = fp->transport;
1246 realfd = fp->fd;
1247 fp->last_err = 0;
1248 if (fp->timeout != -2)
1249 timeout = fp->timeout;
1250 }
1251 else
1252 {
1253 trp = OPENVAS_ENCAPS_IP;
1254 if (fd < 0 || fd > 1024)
1255 {
1256 errno = EBADF;
1257 return -1;
1258 }
1259 realfd = fd;
1260 }
1261
1262#ifndef INCR_TIMEOUT
1263#define INCR_TIMEOUT 1
1264#endif
1265
1266 if (min_len == max_len || timeout <= 0)
1267 waitall = MSG_WAITALL;
1268 if (trp == OPENVAS_ENCAPS_IP)
1269 {
1270 for (t = 0; total < max_len && (timeout <= 0 || t < timeout);)
1271 {
1272 tv.tv_sec = INCR_TIMEOUT; /* Not timeout! */
1273 tv.tv_usec = 0;
1274 FD_ZERO (&fdr);
1275 FD_SET (realfd, &fdr);
1276 if (select (realfd + 1, &fdr, NULL, NULL, timeout > 0 ? &tv : NULL)
1277 <= 0)
1278 {
1279 t += INCR_TIMEOUT;
1280 /* Try to be smart */
1281 if (total > 0 && flag)
1282 return total;
1283 else if (total >= min_len)
1284 flag++;
1285 }
1286 else
1287 {
1288 errno = 0;
1289 ret = recv (realfd, buf + total, max_len - total, waitall);
1290 if (ret < 0)
1291 if (errno != EINTR)
1292 {
1293 return total;
1294 }
1295 else
1296 ret = 0;
1297 else if (ret == 0) /* EOF */
1298 {
1299 return total;
1300 }
1301 /*ret > 0 */
1302 total += ret;
1303 if (min_len > 0 && total >= min_len)
1304 return total;
1305 flag = 0;
1306 }
1307 }
1308 return total;
1309 }
1310
1311 switch (trp)
1312 {
1313 /* OPENVAS_ENCAPS_IP was treated before with the non-OpenVAS fd */
1314 case OPENVAS_ENCAPS_SSLv2:
1315 case OPENVAS_ENCAPS_SSLv23:
1316 case OPENVAS_ENCAPS_SSLv3:
1317 case OPENVAS_ENCAPS_TLSv1:
1318 case OPENVAS_ENCAPS_TLSv11:
1319 case OPENVAS_ENCAPS_TLSv12:
1320 case OPENVAS_ENCAPS_TLSv13:
1321 case OPENVAS_ENCAPS_TLScustom:
1322 if (getpid () != fp->pid)
1323 {
1324 g_debug ("PID %d tries to use a SSL/TLS connection established "
1325 "by PID %d\n",
1326 getpid (), fp->pid);
1327 errno = EINVAL;
1328 return -1;
1329 }
1330
1331 then = time (NULL);
1332 for (t = 0; timeout <= 0 || t < timeout; t = now - then)
1333 {
1334 now = time (NULL);
1335 tv.tv_sec = INCR_TIMEOUT;
1336 tv.tv_usec = 0;
1337 FD_ZERO (&fdr);
1338 FD_ZERO (&fdw);
1339 FD_SET (realfd, &fdr);
1340 FD_SET (realfd, &fdw);
1341
1342 select_status = select (realfd + 1, &fdr, &fdw, NULL, &tv);
1343
1344 if (select_status > 0)
1345 {
1346 /* TLS FIXME: handle rehandshake */
1347 ret = gnutls_record_recv (fp->tls_session, buf + total,
1348 max_len - total);
1349 if (ret > 0)
1350 {
1351 total += ret;
1352 if (total >= max_len)
1353 return total;
1354 }
1355 else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1356 {
1357 /* This branch also handles the case where ret == 0,
1358 * i.e. that the connection has been closed. This is
1359 * for compatibility with the old OpenSSL based openvas
1360 * code which treated SSL_ERROR_ZERO_RETURN as an
1361 * error too.
1362 */
1363 if (ret < 0)
1364 pid_perror ("gnutls_record_recv");
1365 else
1366 g_debug ("gnutls_record_recv[%d]: EOF\n", getpid ());
1367 fp->last_err = EPIPE;
1368 return total;
1369 }
1370 }
1371
1372 if (min_len > 0 && total >= min_len)
1373 return total;
1374 }
1375 if (t >= timeout)
1376 fp->last_err = ETIMEDOUT;
1377 return total;
1378
1379 default:
1380 if (fp->transport || fp->fd != 0)
1381 g_message ("Function %s (calling internal function %s) called from %s: "
1382 "Severe bug! Unhandled transport layer %d (fd=%d).",
1383 nasl_get_function_name () ? nasl_get_function_name ()
1384 : "script_main_function",
1385 __func__, nasl_get_plugin_filename (), fp->transport, fd);
1386 else
1387 g_message ("read_stream_connection_unbuffered: "
1388 "fd=%d is closed",
1389 fd);
1390 errno = EINVAL;
1391 return -1;
1392 }
1393 /*NOTREACHED*/
1394}
nasl_get_plugin_filename
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition nasl_debug.c:36
nasl_get_function_name
const char * nasl_get_function_name()
Definition nasl_debug.c:76
INCR_TIMEOUT
#define INCR_TIMEOUT
openvas_connection::pid
pid_t pid
Definition network.c:78

References openvas_connection::fd, INCR_TIMEOUT, openvas_connection::last_err, nasl_get_function_name(), nasl_get_plugin_filename(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::pid, pid_perror(), TIMEOUT, openvas_connection::timeout, timeval(), openvas_connection::tls_session, and openvas_connection::transport.

Referenced by read_stream_connection_min().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ recv_line()

int recv_line ( int soc,
char * buf,
size_t bufsiz )

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.

Definition at line 2040 of file network.c.

2041{
2042 int n;
2043 unsigned int ret = 0;
2044
2045 /* Dirty SSL hack */
2046 if (OPENVAS_STREAM (soc))
2047 {
2048 buf[0] = '\0';
2049
2050 do
2051 {
2052 n = read_stream_connection_min (soc, buf + ret, 1, 1);
2053 switch (n)
2054 {
2055 case -1:
2056 if (ret == 0)
2057 return -1;
2058 else
2059 return ret;
2060 break;
2061
2062 case 0:
2063 return ret;
2064 break;
2065
2066 default:
2067 ret++;
2068 }
2069 }
2070 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2071
2072 if (ret > 0)
2073 {
2074 if (buf[ret - 1] != '\0')
2075 {
2076 if (ret < bufsiz)
2077 buf[ret] = '\0';
2078 else
2079 buf[bufsiz - 1] = '\0';
2080 }
2081 }
2082
2083 return ret;
2084 }
2085 else
2086 {
2087 fd_set rd;
2088
2089 do
2090 {
2091 int e;
2092 again:
2093 errno = 0;
2094 FD_ZERO (&rd);
2095 FD_SET (soc, &rd);
2096 e = select (soc + 1, &rd, NULL, NULL, NULL);
2097 if (e == 0 && !FD_ISSET (soc, &rd))
2098 return -1;
2099 if (e < 0 && errno == EINTR)
2100 goto again;
2101 if (e > 0)
2102 {
2103 n = recv (soc, buf + ret, 1, 0);
2104 switch (n)
2105 {
2106 case -1:
2107 if (errno == EINTR)
2108 continue;
2109 if (ret == 0)
2110 return -1;
2111 else
2112 return ret;
2113 break;
2114 case 0:
2115 return ret;
2116 break;
2117 default:
2118 ret++;
2119 }
2120 }
2121 else
2122 break;
2123 }
2124 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2125
2126 if (ret > 0)
2127 {
2128 if (buf[ret - 1] != '\0')
2129 {
2130 if (ret < bufsiz)
2131 buf[ret] = '\0';
2132 else
2133 buf[bufsiz - 1] = '\0';
2134 }
2135 }
2136 }
2137
2138 return ret;
2139}

References OPENVAS_STREAM, and read_stream_connection_min().

Referenced by ftp_get_pasv_address(), and ftp_log_in().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ release_connection_fd()

int release_connection_fd ( int fd,
int already_closed )
static

Definition at line 173 of file network.c.

174{
175 openvas_connection *p;
176
177 if (!OPENVAS_STREAM (fd))
178 {
179 errno = EINVAL;
180 return -1;
181 }
182 p = OVAS_CONNECTION_FROM_FD (fd);
183
184 g_free (p->buf);
185 p->buf = 0;
186
187 /* TLS FIXME: we should call gnutls_bye somewhere. OTOH, the OpenSSL
188 * equivalent SSL_shutdown wasn't called anywhere in the OpenVAS
189 * (libopenvas nor elsewhere) code either.
190 */
191
192 /* So far, fd is always a socket. If this is changed in the future, this
193 * code shall be fixed. */
194 if (p->fd >= 0)
195 {
196 g_debug ("[%d] release_connection_fd: fd > 0 fd=%d", getpid (), p->fd);
197 if (shutdown (p->fd, 2) < 0)
198 {
199 /*
200 * It's not uncommon to see that one fail, since a lot of
201 * services close the connection before we ask them to
202 * (ie: http), so we don't show this error by default
203 */
204 pid_perror ("release_connection_fd: shutdown()");
205 }
206 if (!already_closed && socket_close (p->fd) < 0)
207 pid_perror ("release_connection_fd: close()");
208 }
209
210 if (p->tls_session != NULL)
211 gnutls_deinit (p->tls_session);
212 if (p->tls_cred != NULL)
213 gnutls_certificate_free_credentials (p->tls_cred);
214
215 g_free (p->priority);
216 p->priority = NULL;
217
218 bzero (p, sizeof (*p));
219 p->transport = -1;
220 p->pid = 0;
221
222 return 0;
223}

References openvas_connection::buf, openvas_connection::fd, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::pid, pid_perror(), openvas_connection::priority, socket_close(), openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by close_stream_connection(), open_stream_connection_ext(), and socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run_csc_hooks()

int run_csc_hooks ( int fd)
static

Run the hooks for close_stream_connection.

The function runs all registered hooks until the first hook returns with zero to indicate that it has taken over control of the socket. Further hooks are then not anymore run because the file descriptor is not anymore valid.

Parameters
fdThe file descriptor of the stream.
Returns
Zero if one of the hooks has closed the connection; non-zero otherwise.

Definition at line 1694 of file network.c.

1695{
1696 struct csc_hook_s *hook;
1697
1698 for (hook = csc_hooks; hook; hook = hook->next)
1699 if (hook->fnc && !hook->fnc (fd))
1700 return 0;
1701 return -1;
1702}

References csc_hooks, csc_hook_s::fnc, and csc_hook_s::next.

Referenced by close_stream_connection().

Here is the caller graph for this function:

◆ set_gnutls_protocol()

int set_gnutls_protocol ( gnutls_session_t session,
openvas_encaps_t encaps,
const char * priority,
unsigned int flags )
static

Sets the priorities for the GnuTLS session according to encaps. PRIORITY is used to convey custom priorities; it is only used if ENCAPS is set to OPENVAS_ENCAPS_TLScustom.

Definition at line 394 of file network.c.

396{
397 const char *priorities;
398 const char *errloc;
399 int err;
400
401 switch (encaps)
402 {
403 case OPENVAS_ENCAPS_SSLv3:
404 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
405 break;
406 case OPENVAS_ENCAPS_TLSv1:
407 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+ARCFOUR-128:%COMPAT";
408 break;
409 case OPENVAS_ENCAPS_TLSv11:
410 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+ARCFOUR-128:%COMPAT";
411 break;
412 case OPENVAS_ENCAPS_TLSv12:
413 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ARCFOUR-128:%COMPAT";
414 break;
415 case OPENVAS_ENCAPS_TLSv13:
416 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:%COMPAT";
417 break;
418 case OPENVAS_ENCAPS_SSLv23: /* Compatibility mode */
419 priorities =
420 "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
421 break;
422 default:
423 g_debug ("*Bug* at %s:%d. Unknown transport %d", __FILE__, __LINE__,
424 encaps);
425 /* fallthrough */
426 case OPENVAS_ENCAPS_TLScustom:
427 priorities = priority;
428 break;
429 }
430
431 g_debug ("%s: setting %s as priority_string based on %d", __func__,
432 priorities, encaps);
433 if ((err = gnutls_priority_set_direct (session, priorities, &errloc)))
434 {
435 g_message ("[%d] setting session priorities '%.20s': %s", getpid (),
436 errloc, gnutls_strerror (err));
437 return -1;
438 }
439
440 /* Set extra priorities from flags.
441 Only for encaps == OPENVAS_ENCAPS_TLScustom. */
442 if (encaps == OPENVAS_ENCAPS_TLScustom && flags & INSECURE_DH_PRIME_BITS)
443 gnutls_dh_set_prime_bits (session, 128);
444
445 return 0;
446}
INSECURE_DH_PRIME_BITS
#define INSECURE_DH_PRIME_BITS
Definition network.h:49

References INSECURE_DH_PRIME_BITS, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by open_SSL_connection().

Here is the caller graph for this function:

◆ socket_close()

int socket_close ( int soc)

Definition at line 2142 of file network.c.

2143{
2144 return close (soc);
2145}

Referenced by close_stream_connection(), open_socket(), and release_connection_fd().

Here is the caller graph for this function:

◆ socket_get_cert()

void socket_get_cert ( int fd,
void ** cert,
int * certlen )

Definition at line 887 of file network.c.

888{
889 gnutls_session_t session;
890 const gnutls_datum_t *cert_list;
891 unsigned int cert_list_len = 0;
892
893 if (!cert || !certlen)
894 return;
895 if (!fd_is_stream (fd))
896 {
897 g_message ("Socket %d is not stream", fd);
898 return;
899 }
900 session = ovas_get_tlssession_from_connection (fd);
901 if (!session)
902 {
903 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
904 return;
905 }
906 if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
907 return;
908 cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
909 if (cert_list_len == 0)
910 return;
911 *certlen = cert_list[0].size;
912 *cert = g_memdup2 (cert_list[0].data, *certlen);
913}
fd_is_stream
int fd_is_stream(int fd)
Definition network.c:2152
ovas_get_tlssession_from_connection
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition network.c:377

References fd_is_stream(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_cert().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_ciphersuite()

int socket_get_ssl_ciphersuite ( int fd)

Definition at line 1006 of file network.c.

1007{
1008 gnutls_session_t session;
1009 gnutls_kx_algorithm_t kx, kx2;
1010 gnutls_cipher_algorithm_t cipher, cipher2;
1011 gnutls_mac_algorithm_t mac, mac2;
1012 size_t idx = 0;
1013 unsigned char cs_id[2];
1014
1015 if (!fd_is_stream (fd))
1016 {
1017 g_message ("Socket %d is not stream", fd);
1018 return -1;
1019 }
1020 session = ovas_get_tlssession_from_connection (fd);
1021 if (!session)
1022 {
1023 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
1024 return -1;
1025 }
1026
1027 kx = gnutls_kx_get (session);
1028 cipher = gnutls_cipher_get (session);
1029 mac = gnutls_mac_get (session);
1030 while (
1031 gnutls_cipher_suite_info (idx, (void *) cs_id, &kx2, &cipher2, &mac2, NULL))
1032 {
1033 if (kx == kx2 && cipher == cipher2 && mac == mac2)
1034 return cs_id[0] + cs_id[1];
1035 idx++;
1036 }
1037 return -1;
1038}
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition nasl_crypt_helper.c:97

References fd_is_stream(), mac(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_ciphersuite().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_session_id()

void socket_get_ssl_session_id ( int fd,
void ** sid,
size_t * ssize )

Definition at line 966 of file network.c.

967{
968 gnutls_session_t session;
969 void *tmp;
970 *ssize = GNUTLS_MAX_SESSION_ID;
971 int ret;
972
973 if (!sid)
974 return;
975 if (!fd_is_stream (fd))
976 {
977 g_message ("Socket %d is not stream", fd);
978 return;
979 }
980 session = ovas_get_tlssession_from_connection (fd);
981 if (!session)
982 {
983 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
984 return;
985 }
986 tmp = g_malloc0 (*ssize);
987 ret = gnutls_session_get_id (session, tmp, ssize);
988 if (ret == GNUTLS_E_SUCCESS)
989 *sid = tmp;
990 else
991 {
992 g_free (tmp);
993 *ssize = 0;
994 tlserror ("gnutls_session_id", ret);
995 }
996}

References fd_is_stream(), ovas_get_tlssession_from_connection(), and tlserror().

Referenced by nasl_socket_get_ssl_session_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_version()

int socket_get_ssl_version ( int fd)

Definition at line 923 of file network.c.

924{
925 gnutls_session_t session;
926 gnutls_protocol_t version;
927
928 if (!fd_is_stream (fd))
929 {
930 g_message ("Socket %d is not stream", fd);
931 return -1;
932 }
933 session = ovas_get_tlssession_from_connection (fd);
934 if (!session)
935 {
936 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
937 return -1;
938 }
939
940 version = gnutls_protocol_get_version (session);
941 switch (version)
942 {
943 case GNUTLS_SSL3:
944 return OPENVAS_ENCAPS_SSLv3;
945 case GNUTLS_TLS1:
946 return OPENVAS_ENCAPS_TLSv1;
947 case GNUTLS_TLS1_1:
948 return OPENVAS_ENCAPS_TLSv11;
949 case GNUTLS_TLS1_2:
950 return OPENVAS_ENCAPS_TLSv12;
951 case GNUTLS_TLS1_3:
952 return OPENVAS_ENCAPS_TLSv13;
953 default:
954 return -1;
955 }
956}

References fd_is_stream(), OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_version().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_negotiate_ssl()

int socket_negotiate_ssl ( int fd,
openvas_encaps_t transport,
struct script_infos * args )

Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.

Parameters
[in]fdSocket file descriptor.
[in]transportEncapsulation type.
[in]argScript args.
Returns
-1 if error, socket file descriptor value otherwise.

Definition at line 820 of file network.c.

822{
823 char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
824 char *hostname = NULL;
825 openvas_connection *fp;
826 kb_t kb;
827 char buf[1024];
828 static gboolean connection_failed_msg_sent = FALSE; // send msg only once
829
830 if (!fd_is_stream (fd))
831 {
832 g_message ("Socket %d is not stream", fd);
833 return -1;
834 }
835 fp = OVAS_CONNECTION_FROM_FD (fd);
836 kb = plug_get_kb (args);
837 cert = kb_item_get_str (kb, "SSL/cert");
838 key = kb_item_get_str (kb, "SSL/key");
839 passwd = kb_item_get_str (kb, "SSL/password");
840 cafile = kb_item_get_str (kb, "SSL/CA");
841 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
842 if (kb_item_get_int (kb, buf) <= 0)
843 hostname = plug_get_host_fqdn (args);
844
845 fp->transport = transport;
846 fp->priority = NULL;
847 if (open_SSL_connection (fp, cert, key, passwd, cafile, hostname,
848 NO_PRIORITY_FLAGS)
849 <= 0)
850 {
851 g_free (cert);
852 g_free (key);
853 g_free (passwd);
854 g_free (cafile);
855 if (!connection_failed_msg_sent)
856 {
857 g_message ("Function socket_negotiate_ssl called from %s: "
858 "SSL/TLS connection (host: %s, ip: %s) failed.",
859 nasl_get_plugin_filename (),
860 plug_get_host_fqdn (args) ? plug_get_host_fqdn (args)
861 : "unknown",
862 plug_get_host_ip_str (args) ? plug_get_host_ip_str (args)
863 : "unknown");
864 connection_failed_msg_sent = TRUE;
865 }
866 g_free (hostname);
867 release_connection_fd (fd, 0);
868 return -1;
869 }
870 g_free (hostname);
871 g_free (cert);
872 g_free (key);
873 g_free (passwd);
874 g_free (cafile);
875 return fd;
876}
NO_PRIORITY_FLAGS
#define NO_PRIORITY_FLAGS
Definition network.h:48

References fd_is_stream(), hostname, nasl_get_plugin_filename(), NO_PRIORITY_FLAGS, open_SSL_connection(), OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_host_ip_str(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), and openvas_connection::transport.

Referenced by nasl_socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_do_handshake()

int socket_ssl_do_handshake ( int fd)

Do a re-handshake of the TLS/SSL protocol.

Parameters
[in]fdSocket file descriptor.
Returns
1 on success, less than 0 on failure or error.

Definition at line 737 of file network.c.

738{
739 int err, d, ret;
740 openvas_connection *fp;
741 time_t tictac;
742 fd_set fdw, fdr;
743 struct timeval to;
744
745 if (!fd_is_stream (fd))
746 {
747 g_message ("%s: Socket %d is not stream", __func__, fd);
748 return -1;
749 }
750 fp = OVAS_CONNECTION_FROM_FD (fd);
751
752 tictac = time (NULL);
753
754 for (;;)
755 {
756 err = gnutls_handshake (fp->tls_session);
757
758 if (err == 0)
759 {
760 g_debug ("no error during handshake");
761 return 1;
762 }
763 if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
764 && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
765 {
766 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
767 return -1;
768 }
769 else if (err == GNUTLS_E_WARNING_ALERT_RECEIVED)
770 {
771 int last_alert;
772
773 last_alert = gnutls_alert_get (fp->tls_session);
774 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
775
776 g_debug ("* Received alert '%d': %s.\n", last_alert,
777 gnutls_alert_get_name (last_alert));
778 return err;
779 }
780 FD_ZERO (&fdr);
781 FD_SET (fp->fd, &fdr);
782 FD_ZERO (&fdw);
783 FD_SET (fp->fd, &fdw);
784
785 do
786 {
787 d = tictac + fp->timeout - time (NULL);
788 if (d <= 0)
789 {
790 fp->last_err = ETIMEDOUT;
791 g_debug ("%s: time out", __func__);
792 return -1;
793 }
794 to.tv_sec = d;
795 to.tv_usec = 0;
796 errno = 0;
797 if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
798 pid_perror ("select");
799 }
800 while (ret < 0 && errno == EINTR);
801
802 if (ret <= 0)
803 {
804 fp->last_err = ETIMEDOUT;
805 g_debug ("%s: time out", __func__);
806 return -1;
807 }
808 }
809}

References openvas_connection::fd, fd_is_stream(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, pid_perror(), openvas_connection::timeout, timeval(), and openvas_connection::tls_session.

Referenced by nasl_socket_ssl_do_handshake().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_safe_renegotiation_status()

int socket_ssl_safe_renegotiation_status ( int fd)

Check if Secure Renegotiation is supported in the server side.

Parameters
[in]fdSocket file descriptor.
Returns
1 if supported, 0 if not supported and less than 0 on error.

Definition at line 716 of file network.c.

717{
718 openvas_connection *fp;
719
720 if (!fd_is_stream (fd))
721 {
722 g_message ("%s: Socket %d is not stream", __func__, fd);
723 return -1;
724 }
725 fp = OVAS_CONNECTION_FROM_FD (fd);
726
727 return gnutls_safe_renegotiation_status (fp->tls_session);
728}

References fd_is_stream(), OVAS_CONNECTION_FROM_FD, and openvas_connection::tls_session.

Referenced by nasl_socket_check_ssl_safe_renegotiation().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stream_get_buffer_sz()

int stream_get_buffer_sz ( int fd)

Definition at line 2158 of file network.c.

2159{
2160 openvas_connection *p;
2161 if (!OPENVAS_STREAM (fd))
2162 return -1;
2163 p = OVAS_CONNECTION_FROM_FD (fd);
2164 return p->bufsz;
2165}

References openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_recv_line().

Here is the caller graph for this function:

◆ stream_get_err()

int stream_get_err ( int fd)

Definition at line 132 of file network.c.

133{
134 openvas_connection *p;
135
136 if (!OPENVAS_STREAM (fd))
137 {
138 errno = EINVAL;
139 return -1;
140 }
141
142 p = OVAS_CONNECTION_FROM_FD (fd);
143 return p->last_err;
144}

References openvas_connection::last_err, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_socket_get_error().

Here is the caller graph for this function:

◆ stream_set_buffer()

int stream_set_buffer ( int fd,
int sz )

Definition at line 2168 of file network.c.

2169{
2170 openvas_connection *p;
2171 char *b;
2172
2173 if (!OPENVAS_STREAM (fd))
2174 return -1;
2175
2176 p = OVAS_CONNECTION_FROM_FD (fd);
2177 if (sz < p->bufcnt)
2178 return -1; /* Do not want to lose data */
2179
2180 if (sz == 0)
2181 {
2182 g_free (p->buf);
2183 p->buf = NULL;
2184 p->bufsz = 0;
2185 return 0;
2186 }
2187 else if (p->buf == 0)
2188 {
2189 p->buf = g_malloc0 (sz);
2190 if (p->buf == NULL)
2191 return -1;
2192 p->bufsz = sz;
2193 p->bufptr = 0;
2194 p->bufcnt = 0;
2195 return 0;
2196 }
2197 else
2198 {
2199 if (p->bufcnt > 0)
2200 {
2201 memmove (p->buf, p->buf + p->bufptr, p->bufcnt);
2202 p->bufptr = 0;
2203 }
2204 b = g_realloc (p->buf, sz);
2205 if (b == NULL)
2206 return -1;
2207 p->buf = b;
2208 p->bufsz = sz;
2209 return 0;
2210 }
2211}

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_open_sock_tcp_bufsz(), and nasl_recv_line().

Here is the caller graph for this function:

◆ stream_set_timeout()

int stream_set_timeout ( int fd,
int timeout )

Definition at line 1216 of file network.c.

1217{
1218 int old;
1219 openvas_connection *fp;
1220 if (!OPENVAS_STREAM (fd))
1221 {
1222 errno = EINVAL;
1223 return 0;
1224 }
1225 fp = OVAS_CONNECTION_FROM_FD (fd);
1226 old = fp->timeout;
1227 fp->timeout = timeout;
1228 return old;
1229}

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and openvas_connection::timeout.

Referenced by nasl_recv(), and plugin_do_run().

Here is the caller graph for this function:

◆ tlserror()

void tlserror ( char * txt,
int err )
static

Definition at line 326 of file network.c.

327{
328 g_message ("[%d] %s: %s", getpid (), txt, gnutls_strerror (err));
329}

Referenced by load_cert_and_key(), open_SSL_connection(), openvas_SSL_init(), and socket_get_ssl_session_id().

Here is the caller graph for this function:

◆ unblock_socket()

int unblock_socket ( int soc)
static

Definition at line 286 of file network.c.

287{
288 int flags = fcntl (soc, F_GETFL, 0);
289 if (flags < 0)
290 {
291 pid_perror ("fcntl(F_GETFL)");
292 return -1;
293 }
294 if (fcntl (soc, F_SETFL, O_NONBLOCK | flags) < 0)
295 {
296 pid_perror ("fcntl(F_SETFL,O_NONBLOCK)");
297 return -1;
298 }
299 return 0;
300}

References pid_perror().

Referenced by open_socket(), and open_SSL_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ write_stream_connection()

int write_stream_connection ( int fd,
void * buf0,
int n )

Definition at line 1583 of file network.c.

1584{
1585 return write_stream_connection4 (fd, buf0, n, 0);
1586}

References write_stream_connection4().

Referenced by ftp_get_pasv_address(), ftp_log_in(), nasl_telnet_init(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ write_stream_connection4()

int write_stream_connection4 ( int fd,
void * buf0,
int n,
int i_opt )
static

Definition at line 1463 of file network.c.

1464{
1465 int ret, count;
1466 unsigned char *buf = (unsigned char *) buf0;
1467 openvas_connection *fp;
1468 fd_set fdr, fdw;
1469 struct timeval tv;
1470 int e;
1471
1472 if (!OPENVAS_STREAM (fd))
1473 {
1474 g_debug ("write_stream_connection: fd <%d> invalid\n", fd);
1475 errno = EINVAL;
1476 return -1;
1477 }
1478
1479 fp = OVAS_CONNECTION_FROM_FD (fd);
1480 fp->last_err = 0;
1481
1482 switch (fp->transport)
1483 {
1484 case OPENVAS_ENCAPS_IP:
1485 for (count = 0; count < n;)
1486 {
1487 ret = send (fp->fd, buf + count, n - count, i_opt);
1488
1489 if (ret <= 0)
1490 {
1491 if (ret < 0)
1492 fp->last_err = errno;
1493 else
1494 fp->last_err = EPIPE;
1495 break;
1496 }
1497
1498 count += ret;
1499 }
1500 break;
1501
1502 case OPENVAS_ENCAPS_SSLv2:
1503 case OPENVAS_ENCAPS_SSLv23:
1504 case OPENVAS_ENCAPS_SSLv3:
1505 case OPENVAS_ENCAPS_TLSv1:
1506 case OPENVAS_ENCAPS_TLSv11:
1507 case OPENVAS_ENCAPS_TLSv12:
1508 case OPENVAS_ENCAPS_TLSv13:
1509 case OPENVAS_ENCAPS_TLScustom:
1510
1511 /* i_opt ignored for SSL */
1512 for (count = 0; count < n;)
1513 {
1514 ret = gnutls_record_send (fp->tls_session, buf + count, n - count);
1515
1516 if (ret > 0)
1517 {
1518 count += ret;
1519 }
1520 else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1521 {
1522 /* This branch also handles the case where ret == 0,
1523 * i.e. that the connection has been closed. This is
1524 * for compatibility with the old openvas code which
1525 * treated SSL_ERROR_ZERO_RETURN as an error too.
1526 */
1527 if (ret < 0)
1528 pid_perror ("gnutls_record_send");
1529 else
1530 g_debug ("gnutls_record_send[%d]: EOF\n", getpid ());
1531 fp->last_err = EPIPE;
1532 break;
1533 }
1534
1535 if (fp->timeout >= 0)
1536 tv.tv_sec = fp->timeout;
1537 else
1538 tv.tv_sec = TIMEOUT;
1539 tv.tv_usec = 0;
1540
1541 do
1542 {
1543 errno = 0;
1544 FD_ZERO (&fdr);
1545 FD_ZERO (&fdw);
1546 FD_SET (fp->fd, &fdr);
1547 FD_SET (fp->fd, &fdw);
1548 e = select (fp->fd + 1, &fdr, &fdw, NULL, &tv);
1549 }
1550 while (e < 0 && errno == EINTR);
1551
1552 if (e <= 0)
1553 {
1554 pid_perror ("select");
1555 fp->last_err = ETIMEDOUT;
1556 break;
1557 }
1558 }
1559 break;
1560
1561 default:
1562 if (fp->transport || fp->fd != 0)
1563 g_message ("Function %s (calling internal function %s) called from %s: "
1564 "Severe bug! Unhandled transport layer %d (fd=%d).",
1565 nasl_get_function_name () ? nasl_get_function_name ()
1566 : "script_main_function",
1567 __func__, nasl_get_plugin_filename (), fp->transport, fd);
1568 else
1569 g_message ("read_stream_connection_unbuffered: fd=%d is "
1570 "closed",
1571 fd);
1572 errno = EINVAL;
1573 return -1;
1574 }
1575
1576 if (count == 0 && n > 0)
1577 return -1;
1578 else
1579 return count;
1580}

References openvas_connection::fd, openvas_connection::last_err, nasl_get_function_name(), nasl_get_plugin_filename(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, pid_perror(), TIMEOUT, openvas_connection::timeout, timeval(), openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nsend(), and write_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ __port_closed

int __port_closed
static

Definition at line 283 of file network.c.

Referenced by open_socket().

◆ connections

openvas_connection connections[OPENVAS_FD_MAX]
static

Definition at line 94 of file network.c.

Referenced by get_connection_fd(), get_sock_infos(), nrecv(), nsend(), openvas_deregister_connection(), openvas_get_socket_from_connection(), and ovas_get_tlssession_from_connection().

◆ csc_hooks

struct csc_hook_s* csc_hooks
static

Linked list of hooks to be run by close_stream_connection.

Definition at line 108 of file network.c.

Referenced by add_close_stream_connection_hook(), and run_csc_hooks().

◆ tls_priorities

const char* tls_priorities = "NORMAL:+ARCFOUR-128:%COMPAT"

Definition at line 146 of file network.c.

Referenced by open_stream_connection(), and open_stream_tls_default_priorities().

◆ tls_priority_flag

int tls_priority_flag = NO_PRIORITY_FLAGS

Definition at line 147 of file network.c.

Referenced by open_stream_connection(), and open_stream_tls_default_priorities().