OpenVAS Scanner 23.40.3
network.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2023 Greenbone AG
2 * SPDX-FileCopyrightText: 1998-2002 Renaud Deraison
3 * SPDX-FileCopyrightText: 2001 Michel Arboi
4 *
5 * SPDX-License-Identifier: GPL-2.0-or-later
6 */
7
12
13#include "../nasl/nasl_debug.h" /* for nasl_*_filename */
14#include "kb_cache.h"
15
16#include <arpa/inet.h> /* for inet_pton */
17#include <errno.h>
18#include <fcntl.h>
19#include <glib.h>
20#include <gnutls/gnutls.h>
21#include <gnutls/x509.h>
22#include <gvm/base/logging.h>
23#include <gvm/base/networking.h>
24#include <gvm/base/prefs.h>
25#include <gvm/util/kb.h> /* for kb_item_get_str() */
26#include <gvm/util/serverutils.h> /* for load_gnutls_file */
27#include <signal.h>
28#include <stdarg.h>
29#include <stdio.h> /* for FILE */
30#include <stdlib.h>
31#include <string.h>
32#include <sys/time.h> /* for gettimeofday */
33#include <sys/types.h>
34#include <unistd.h>
35
36#ifdef __FreeBSD__
37#include <netinet/in.h>
38#define s6_addr32 __u6_addr.__u6_addr32
39#endif
40
41#include "network.h" /* for socket_close() */
42#include "plugutils.h"
43#include "support.h"
44
45#define TIMEOUT 20
46
47#ifndef INADDR_NONE
48#define INADDR_NONE 0xffffffff
49#endif
50
51#undef G_LOG_DOMAIN
55#define G_LOG_DOMAIN "lib misc"
56
57/*----------------------------------------------------------------*
58 * Low-level connection management *
59 *----------------------------------------------------------------*/
60
62typedef struct
63{
64 int fd;
65 /*
66 * "transport" layer code when stream is encapsultated. Negative transport
67 * signals a free descriptor.
68 */
69 openvas_encaps_t transport;
70 char *priority;
71 int timeout;
72
73 int port;
74
75 gnutls_session_t tls_session;
76 gnutls_certificate_credentials_t tls_cred;
77
78 pid_t pid;
79
80 char *buf;
81 int bufsz, bufcnt, bufptr;
82 int last_err;
83} openvas_connection;
84
91#define OPENVAS_FD_MAX 1024
92#define OPENVAS_FD_OFF 1000000
93
94static openvas_connection connections[OPENVAS_FD_MAX];
95
99struct csc_hook_s
100{
101 struct csc_hook_s *next;
102 int (*fnc) (int fd);
103};
104
108static struct csc_hook_s *csc_hooks;
109
113#define OPENVAS_STREAM(x) \
114 (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))
115
119#define OVAS_CONNECTION_FROM_FD(fd) (connections + ((fd) - OPENVAS_FD_OFF))
120
124static int
125pid_perror (const char *error)
126{
127 g_debug ("[%d] %s : %s", getpid (), error, strerror (errno));
128 return 0;
129}
130
131int
132stream_get_err (int fd)
133{
134 openvas_connection *p;
135
136 if (!OPENVAS_STREAM (fd))
137 {
138 errno = EINVAL;
139 return -1;
140 }
141
142 p = OVAS_CONNECTION_FROM_FD (fd);
143 return p->last_err;
144}
145
146const char *tls_priorities = "NORMAL:+ARCFOUR-128:%COMPAT";
147int tls_priority_flag = NO_PRIORITY_FLAGS;
148
152static int
153get_connection_fd (void)
154{
155 int i;
156
157 for (i = 0; i < OPENVAS_FD_MAX; i++)
158 {
159 if (connections[i].pid == 0) /* Not used */
160 {
161 bzero (&(connections[i]), sizeof (connections[i]));
162 connections[i].pid = getpid ();
163 return i + OPENVAS_FD_OFF;
164 }
165 }
166 g_message ("[%d] %s:%d : Out of OpenVAS file descriptors", getpid (),
167 __FILE__, __LINE__);
168 errno = EMFILE;
169 return -1;
170}
171
172static int
173release_connection_fd (int fd, int already_closed)
174{
175 openvas_connection *p;
176
177 if (!OPENVAS_STREAM (fd))
178 {
179 errno = EINVAL;
180 return -1;
181 }
182 p = OVAS_CONNECTION_FROM_FD (fd);
183
184 g_free (p->buf);
185 p->buf = 0;
186
187 /* TLS FIXME: we should call gnutls_bye somewhere. OTOH, the OpenSSL
188 * equivalent SSL_shutdown wasn't called anywhere in the OpenVAS
189 * (libopenvas nor elsewhere) code either.
190 */
191
192 /* So far, fd is always a socket. If this is changed in the future, this
193 * code shall be fixed. */
194 if (p->fd >= 0)
195 {
196 g_debug ("[%d] release_connection_fd: fd > 0 fd=%d", getpid (), p->fd);
197 if (shutdown (p->fd, 2) < 0)
198 {
199 /*
200 * It's not uncommon to see that one fail, since a lot of
201 * services close the connection before we ask them to
202 * (ie: http), so we don't show this error by default
203 */
204 pid_perror ("release_connection_fd: shutdown()");
205 }
206 if (!already_closed && socket_close (p->fd) < 0)
207 pid_perror ("release_connection_fd: close()");
208 }
209
210 if (p->tls_session != NULL)
211 gnutls_deinit (p->tls_session);
212 if (p->tls_cred != NULL)
213 gnutls_certificate_free_credentials (p->tls_cred);
214
215 g_free (p->priority);
216 p->priority = NULL;
217
218 bzero (p, sizeof (*p));
219 p->transport = -1;
220 p->pid = 0;
221
222 return 0;
223}
224
225/* ******** Compatibility function ******** */
226
233int
234openvas_register_connection (int soc, void *ssl,
235 gnutls_certificate_credentials_t certcred,
236 openvas_encaps_t encaps)
237{
238 int fd;
239 openvas_connection *p;
240
241 if ((fd = get_connection_fd ()) < 0)
242 return -1;
243 p = OVAS_CONNECTION_FROM_FD (fd);
244
245 p->tls_session = ssl;
246 p->tls_cred = certcred;
247
248 p->timeout = TIMEOUT; /* default value */
249 p->port = 0; /* just used for debug */
250 p->fd = soc;
251 p->transport = encaps;
252 p->priority = NULL;
253 p->last_err = 0;
254
255 return fd;
256}
257
258int
259openvas_deregister_connection (int fd)
260{
261 openvas_connection *p;
262 if (!OPENVAS_STREAM (fd))
263 {
264 errno = EINVAL;
265 return -1;
266 }
267
268 p = connections + (fd - OPENVAS_FD_OFF);
269 /* Fixme: Code duplicated from release_connection_fd. Check usage
270 of this function make sure that TLS stuff is also released in
271 case it is used here. */
272 g_free (p->priority);
273 p->priority = NULL;
274 bzero (p, sizeof (*p));
275 p->transport = -1;
276 return 0;
277}
278
279/*----------------------------------------------------------------*
280 * High-level connection management *
281 *----------------------------------------------------------------*/
282
283static int __port_closed;
284
285static int
286unblock_socket (int soc)
287{
288 int flags = fcntl (soc, F_GETFL, 0);
289 if (flags < 0)
290 {
291 pid_perror ("fcntl(F_GETFL)");
292 return -1;
293 }
294 if (fcntl (soc, F_SETFL, O_NONBLOCK | flags) < 0)
295 {
296 pid_perror ("fcntl(F_SETFL,O_NONBLOCK)");
297 return -1;
298 }
299 return 0;
300}
301
302static int
303block_socket (int soc)
304{
305 int flags = fcntl (soc, F_GETFL, 0);
306 if (flags < 0)
307 {
308 pid_perror ("fcntl(F_GETFL)");
309 return -1;
310 }
311 if (fcntl (soc, F_SETFL, (~O_NONBLOCK) & flags) < 0)
312 {
313 pid_perror ("fcntl(F_SETFL,~O_NONBLOCK)");
314 return -1;
315 }
316 return 0;
317}
318
319/*
320 * Initialize the SSL library (error strings and algorithms) and try
321 * to set the pseudo random generator to something less silly than the
322 * default value: 1 according to SVID 3, BSD 4.3, ISO 9899 :-(
323 */
324
325static void
326tlserror (char *txt, int err)
327{
328 g_message ("[%d] %s: %s", getpid (), txt, gnutls_strerror (err));
329}
330
331static void
332log_message_gnutls (int level, const char *msg)
333{
334 g_debug ("LEVEL %d: %s", level, msg);
335}
336
340int
341openvas_SSL_init ()
342{
343 gnutls_global_set_log_level (2);
344 gnutls_global_set_log_function (log_message_gnutls);
345
346 int ret = gnutls_global_init ();
347 if (ret < 0)
348 {
349 tlserror ("gnutls_global_init", ret);
350 return -1;
351 }
352
353 return 0;
354}
355
356int
357openvas_get_socket_from_connection (int fd)
358{
359 openvas_connection *fp;
360
361 if (!OPENVAS_STREAM (fd))
362 {
363 g_message ("[%d] openvas_get_socket_from_connection: bad fd <%d>",
364 getpid (), fd);
365 return fd;
366 }
367 fp = connections + (fd - OPENVAS_FD_OFF);
368 if (fp->transport <= 0)
369 {
370 g_message ("openvas_get_socket_from_connection: fd <%d> is closed", fd);
371 return -1;
372 }
373 return fp->fd;
374}
375
376gnutls_session_t
377ovas_get_tlssession_from_connection (int fd)
378{
379 openvas_connection *fp;
380
381 if (!OPENVAS_STREAM (fd))
382 return NULL;
383
384 fp = connections + (fd - OPENVAS_FD_OFF);
385 return fp->tls_session;
386}
387
393static int
394set_gnutls_protocol (gnutls_session_t session, openvas_encaps_t encaps,
395 const char *priority, unsigned int flags)
396{
397 const char *priorities;
398 const char *errloc;
399 int err;
400
401 switch (encaps)
402 {
403 case OPENVAS_ENCAPS_SSLv3:
404 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
405 break;
406 case OPENVAS_ENCAPS_TLSv1:
407 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+ARCFOUR-128:%COMPAT";
408 break;
409 case OPENVAS_ENCAPS_TLSv11:
410 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+ARCFOUR-128:%COMPAT";
411 break;
412 case OPENVAS_ENCAPS_TLSv12:
413 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ARCFOUR-128:%COMPAT";
414 break;
415 case OPENVAS_ENCAPS_TLSv13:
416 priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:%COMPAT";
417 break;
418 case OPENVAS_ENCAPS_SSLv23: /* Compatibility mode */
419 priorities =
420 "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
421 break;
422 default:
423 g_debug ("*Bug* at %s:%d. Unknown transport %d", __FILE__, __LINE__,
424 encaps);
425 /* fallthrough */
426 case OPENVAS_ENCAPS_TLScustom:
427 priorities = priority;
428 break;
429 }
430
431 g_debug ("%s: setting %s as priority_string based on %d", __func__,
432 priorities, encaps);
433 if ((err = gnutls_priority_set_direct (session, priorities, &errloc)))
434 {
435 g_message ("[%d] setting session priorities '%.20s': %s", getpid (),
436 errloc, gnutls_strerror (err));
437 return -1;
438 }
439
440 /* Set extra priorities from flags.
441 Only for encaps == OPENVAS_ENCAPS_TLScustom. */
442 if (encaps == OPENVAS_ENCAPS_TLScustom && flags & INSECURE_DH_PRIME_BITS)
443 gnutls_dh_set_prime_bits (session, 128);
444
445 return 0;
446}
447
456static int
457load_cert_and_key (gnutls_certificate_credentials_t xcred, const char *cert,
458 const char *key, const char *passwd)
459{
460 gnutls_x509_crt_t x509_crt = NULL;
461 gnutls_x509_privkey_t x509_key = NULL;
462 gnutls_datum_t data;
463 int ret;
464 int result = 0;
465
466 if (load_gnutls_file (cert, &data))
467 {
468 g_message ("[%d] load_cert_and_key: Error loading cert file %s",
469 getpid (), cert);
470 result = -1;
471 goto cleanup;
472 }
473 ret = gnutls_x509_crt_init (&x509_crt);
474 if (ret < 0)
475 {
476 tlserror ("gnutls_x509_crt_init", ret);
477 /* x509_crt may be != NULL even if gnutls_x509_crt_init fails */
478 x509_crt = NULL;
479 result = -1;
480 goto cleanup;
481 }
482 ret = gnutls_x509_crt_import (x509_crt, &data, GNUTLS_X509_FMT_PEM);
483 if (ret < 0)
484 {
485 tlserror ("gnutls_x509_crt_import", ret);
486 result = -1;
487 goto cleanup;
488 }
489 unload_gnutls_file (&data);
490
491 if (load_gnutls_file (key, &data))
492 {
493 g_message ("[%d] load_cert_and_key: Error loading key file %s", getpid (),
494 key);
495 result = -1;
496 goto cleanup;
497 }
498 ret = gnutls_x509_privkey_init (&x509_key);
499 if (ret < 0)
500 {
501 tlserror ("gnutls_x509_privkey_init", ret);
502 /* x509_key may be != NULL even if gnutls_x509_privkey_init fails */
503 x509_key = NULL;
504 result = -1;
505 goto cleanup;
506 }
507 if (passwd)
508 {
509 ret = gnutls_x509_privkey_import_pkcs8 (x509_key, &data,
510 GNUTLS_X509_FMT_PEM, passwd, 0);
511 if (ret < 0)
512 {
513 tlserror ("gnutls_x509_privkey_import_pkcs8", ret);
514 result = -1;
515 goto cleanup;
516 }
517 }
518 else
519 {
520 ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
521 if (ret < 0)
522 {
523 tlserror ("gnutls_x509_privkey_import", ret);
524 result = -1;
525 goto cleanup;
526 }
527 }
528 unload_gnutls_file (&data);
529
530 ret = gnutls_certificate_set_x509_key (xcred, &x509_crt, 1, x509_key);
531 if (ret < 0)
532 {
533 tlserror ("gnutls_certificate_set_x509_key", ret);
534 result = -1;
535 goto cleanup;
536 }
537
538cleanup:
539
540 if (x509_crt)
541 gnutls_x509_crt_deinit (x509_crt);
542 if (x509_key)
543 gnutls_x509_privkey_deinit (x509_key);
544
545 return result;
546}
547
548static int
549is_ip_address (const char *str)
550{
551 struct sockaddr_in sa;
552 struct sockaddr_in6 sa6;
553
554 if (inet_pton (AF_INET, str, &(sa.sin_addr)) == 1)
555 return 1;
556
557 return inet_pton (AF_INET6, str, &(sa6.sin6_addr)) == 1;
558}
559
579static int
580open_SSL_connection (openvas_connection *fp, const char *cert, const char *key,
581 const char *passwd, const char *cafile,
582 const char *hostname, unsigned int flags)
583{
584 int ret, err, d;
585 time_t tictac;
586 fd_set fdw, fdr;
587 struct timeval to;
588
589 ret = gnutls_init (&(fp->tls_session), GNUTLS_CLIENT);
590 if (ret < 0)
591 {
592 tlserror ("gnutls_init", ret);
593 return -1;
594 }
595
596 /* set_gnutls_protocol handles OPENVAS_ENCAPS_SSLv2 by falling back
597 * to OPENVAS_ENCAPS_SSLv23. However, this function
598 * (open_SSL_connection) is called only by open_stream_connection and
599 * open_stream_connection will exit with an error code if called with
600 * OPENVAS_ENCAPS_SSLv2, so it should never end up calling
601 * open_SSL_connection with OPENVAS_ENCAPS_SSLv2.
602 */
603 if (set_gnutls_protocol (fp->tls_session, fp->transport, fp->priority, flags)
604 < 0)
605 return -1;
606
607 if (hostname && !is_ip_address (hostname))
608 gnutls_server_name_set (fp->tls_session, GNUTLS_NAME_DNS, hostname,
609 strlen (hostname));
610
611 ret = gnutls_certificate_allocate_credentials (&(fp->tls_cred));
612 if (ret < 0)
613 {
614 tlserror ("gnutls_certificate_allocate_credentials", ret);
615 return -1;
616 }
617 ret = gnutls_credentials_set (fp->tls_session, GNUTLS_CRD_CERTIFICATE,
618 fp->tls_cred);
619 if (ret < 0)
620 {
621 tlserror ("gnutls_credentials_set", ret);
622 return -1;
623 }
624
625 if (cert != NULL && key != NULL)
626 {
627 if (load_cert_and_key (fp->tls_cred, cert, key, passwd) < 0)
628 return -1;
629 }
630
631 if (cafile != NULL)
632 {
633 ret = gnutls_certificate_set_x509_trust_file (fp->tls_cred, cafile,
634 GNUTLS_X509_FMT_PEM);
635 if (ret < 0)
636 {
637 tlserror ("gnutls_certificate_set_x509_trust_file", ret);
638 return -1;
639 }
640 }
641
642 unblock_socket (fp->fd);
643
644 gnutls_transport_set_ptr (fp->tls_session,
645 (gnutls_transport_ptr_t) GSIZE_TO_POINTER (fp->fd));
646
647 tictac = time (NULL);
648
649 for (;;)
650 {
651 err = gnutls_handshake (fp->tls_session);
652
653 if (err == 0)
654 return 1;
655
656 /* Set min number of bits for Deffie-Hellman prime
657 to force a connection to a legacy server. */
658 if (err == GNUTLS_E_DH_PRIME_UNACCEPTABLE
659 && fp->transport == OPENVAS_ENCAPS_TLScustom)
660 {
661 g_message ("[%d] gnutls_handshake: %s", getpid (),
662 gnutls_strerror (err));
663 return -2;
664 }
665 else if (err == GNUTLS_E_FATAL_ALERT_RECEIVED)
666 {
667 g_debug ("[%d] gnutls_handshake: %s", getpid (),
668 gnutls_strerror (err));
669 return -3;
670 }
671 else if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
672 && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
673 {
674 g_debug ("[%d] gnutls_handshake: %s, %d", getpid (),
675 gnutls_strerror (err), err);
676 return -1;
677 }
678
679 FD_ZERO (&fdr);
680 FD_SET (fp->fd, &fdr);
681 FD_ZERO (&fdw);
682 FD_SET (fp->fd, &fdw);
683
684 do
685 {
686 d = tictac + fp->timeout - time (NULL);
687 if (d <= 0)
688 {
689 fp->last_err = ETIMEDOUT;
690 return -1;
691 }
692 to.tv_sec = d;
693 to.tv_usec = 0;
694 errno = 0;
695 if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
696 pid_perror ("select");
697 }
698 while (ret < 0 && errno == EINTR);
699
700 if (ret <= 0)
701 {
702 fp->last_err = ETIMEDOUT;
703 return -1;
704 }
705 }
706}
707
715int
716socket_ssl_safe_renegotiation_status (int fd)
717{
718 openvas_connection *fp;
719
720 if (!fd_is_stream (fd))
721 {
722 g_message ("%s: Socket %d is not stream", __func__, fd);
723 return -1;
724 }
725 fp = OVAS_CONNECTION_FROM_FD (fd);
726
727 return gnutls_safe_renegotiation_status (fp->tls_session);
728}
729
736int
737socket_ssl_do_handshake (int fd)
738{
739 int err, d, ret;
740 openvas_connection *fp;
741 time_t tictac;
742 fd_set fdw, fdr;
743 struct timeval to;
744
745 if (!fd_is_stream (fd))
746 {
747 g_message ("%s: Socket %d is not stream", __func__, fd);
748 return -1;
749 }
750 fp = OVAS_CONNECTION_FROM_FD (fd);
751
752 tictac = time (NULL);
753
754 for (;;)
755 {
756 err = gnutls_handshake (fp->tls_session);
757
758 if (err == 0)
759 {
760 g_debug ("no error during handshake");
761 return 1;
762 }
763 if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
764 && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
765 {
766 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
767 return -1;
768 }
769 else if (err == GNUTLS_E_WARNING_ALERT_RECEIVED)
770 {
771 int last_alert;
772
773 last_alert = gnutls_alert_get (fp->tls_session);
774 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
775
776 g_debug ("* Received alert '%d': %s.\n", last_alert,
777 gnutls_alert_get_name (last_alert));
778 return err;
779 }
780 FD_ZERO (&fdr);
781 FD_SET (fp->fd, &fdr);
782 FD_ZERO (&fdw);
783 FD_SET (fp->fd, &fdw);
784
785 do
786 {
787 d = tictac + fp->timeout - time (NULL);
788 if (d <= 0)
789 {
790 fp->last_err = ETIMEDOUT;
791 g_debug ("%s: time out", __func__);
792 return -1;
793 }
794 to.tv_sec = d;
795 to.tv_usec = 0;
796 errno = 0;
797 if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
798 pid_perror ("select");
799 }
800 while (ret < 0 && errno == EINTR);
801
802 if (ret <= 0)
803 {
804 fp->last_err = ETIMEDOUT;
805 g_debug ("%s: time out", __func__);
806 return -1;
807 }
808 }
809}
810
819int
820socket_negotiate_ssl (int fd, openvas_encaps_t transport,
821 struct script_infos *args)
822{
823 char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
824 char *hostname = NULL;
825 openvas_connection *fp;
826 kb_t kb;
827 char buf[1024];
828 static gboolean connection_failed_msg_sent = FALSE; // send msg only once
829
830 if (!fd_is_stream (fd))
831 {
832 g_message ("Socket %d is not stream", fd);
833 return -1;
834 }
835 fp = OVAS_CONNECTION_FROM_FD (fd);
836 kb = plug_get_kb (args);
837 cert = kb_item_get_str (kb, "SSL/cert");
838 key = kb_item_get_str (kb, "SSL/key");
839 passwd = kb_item_get_str (kb, "SSL/password");
840 cafile = kb_item_get_str (kb, "SSL/CA");
841 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
842 if (kb_item_get_int (kb, buf) <= 0)
843 hostname = plug_get_host_fqdn (args);
844
845 fp->transport = transport;
846 fp->priority = NULL;
847 if (open_SSL_connection (fp, cert, key, passwd, cafile, hostname,
848 NO_PRIORITY_FLAGS)
849 <= 0)
850 {
851 g_free (cert);
852 g_free (key);
853 g_free (passwd);
854 g_free (cafile);
855 if (!connection_failed_msg_sent)
856 {
857 g_message ("Function socket_negotiate_ssl called from %s: "
858 "SSL/TLS connection (host: %s, ip: %s) failed.",
859 nasl_get_plugin_filename (),
860 plug_get_host_fqdn (args) ? plug_get_host_fqdn (args)
861 : "unknown",
862 plug_get_host_ip_str (args) ? plug_get_host_ip_str (args)
863 : "unknown");
864 connection_failed_msg_sent = TRUE;
865 }
866 g_free (hostname);
867 release_connection_fd (fd, 0);
868 return -1;
869 }
870 g_free (hostname);
871 g_free (cert);
872 g_free (key);
873 g_free (passwd);
874 g_free (cafile);
875 return fd;
876}
877
878/*
879 * @brief Get the peer's certificate from an SSL/TLS encapsulated connection.
880 *
881 * @param[in] fd Socket file descriptor.
882 * @param[out] cert Memory pointer to fill cert pointer.
883 * @param[out] certlen Size of cert.
884 */
885
886void
887socket_get_cert (int fd, void **cert, int *certlen)
888{
889 gnutls_session_t session;
890 const gnutls_datum_t *cert_list;
891 unsigned int cert_list_len = 0;
892
893 if (!cert || !certlen)
894 return;
895 if (!fd_is_stream (fd))
896 {
897 g_message ("Socket %d is not stream", fd);
898 return;
899 }
900 session = ovas_get_tlssession_from_connection (fd);
901 if (!session)
902 {
903 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
904 return;
905 }
906 if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
907 return;
908 cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
909 if (cert_list_len == 0)
910 return;
911 *certlen = cert_list[0].size;
912 *cert = g_memdup2 (cert_list[0].data, *certlen);
913}
914
915/*
916 * @brief Get the TLS version of a connection.
917 *
918 * @param[in] fd Socket file descriptor.
919 *
920 * @return OPENVAS_ENCAPS value if valid session and success, -1 if error.
921 */
922int
923socket_get_ssl_version (int fd)
924{
925 gnutls_session_t session;
926 gnutls_protocol_t version;
927
928 if (!fd_is_stream (fd))
929 {
930 g_message ("Socket %d is not stream", fd);
931 return -1;
932 }
933 session = ovas_get_tlssession_from_connection (fd);
934 if (!session)
935 {
936 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
937 return -1;
938 }
939
940 version = gnutls_protocol_get_version (session);
941 switch (version)
942 {
943 case GNUTLS_SSL3:
944 return OPENVAS_ENCAPS_SSLv3;
945 case GNUTLS_TLS1:
946 return OPENVAS_ENCAPS_TLSv1;
947 case GNUTLS_TLS1_1:
948 return OPENVAS_ENCAPS_TLSv11;
949 case GNUTLS_TLS1_2:
950 return OPENVAS_ENCAPS_TLSv12;
951 case GNUTLS_TLS1_3:
952 return OPENVAS_ENCAPS_TLSv13;
953 default:
954 return -1;
955 }
956}
957
958/*
959 * @brief Get the session ID from an SSL/TLS encapsulated connection.
960 *
961 * @param[in] fd Socket file descriptor.
962 * @param[out] sid Pointer where to store Session ID pointer.
963 * @param[out] ssize Size of session id buffer.
964 */
965void
966socket_get_ssl_session_id (int fd, void **sid, size_t *ssize)
967{
968 gnutls_session_t session;
969 void *tmp;
970 *ssize = GNUTLS_MAX_SESSION_ID;
971 int ret;
972
973 if (!sid)
974 return;
975 if (!fd_is_stream (fd))
976 {
977 g_message ("Socket %d is not stream", fd);
978 return;
979 }
980 session = ovas_get_tlssession_from_connection (fd);
981 if (!session)
982 {
983 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
984 return;
985 }
986 tmp = g_malloc0 (*ssize);
987 ret = gnutls_session_get_id (session, tmp, ssize);
988 if (ret == GNUTLS_E_SUCCESS)
989 *sid = tmp;
990 else
991 {
992 g_free (tmp);
993 *ssize = 0;
994 tlserror ("gnutls_session_id", ret);
995 }
996}
997
998/*
999 * @brief Get the cipher suite used by a SSL/TLS connection.
1000 *
1001 * @param[in] fd Socket file descriptor.
1002 *
1003 * @return Cipher Suite ID, -1 if error.
1004 */
1005int
1006socket_get_ssl_ciphersuite (int fd)
1007{
1008 gnutls_session_t session;
1009 gnutls_kx_algorithm_t kx, kx2;
1010 gnutls_cipher_algorithm_t cipher, cipher2;
1011 gnutls_mac_algorithm_t mac, mac2;
1012 size_t idx = 0;
1013 unsigned char cs_id[2];
1014
1015 if (!fd_is_stream (fd))
1016 {
1017 g_message ("Socket %d is not stream", fd);
1018 return -1;
1019 }
1020 session = ovas_get_tlssession_from_connection (fd);
1021 if (!session)
1022 {
1023 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
1024 return -1;
1025 }
1026
1027 kx = gnutls_kx_get (session);
1028 cipher = gnutls_cipher_get (session);
1029 mac = gnutls_mac_get (session);
1030 while (
1031 gnutls_cipher_suite_info (idx, (void *) cs_id, &kx2, &cipher2, &mac2, NULL))
1032 {
1033 if (kx == kx2 && cipher == cipher2 && mac == mac2)
1034 return cs_id[0] + cs_id[1];
1035 idx++;
1036 }
1037 return -1;
1038}
1039
1040/* Extended version of open_stream_connection to allow passing a
1041 priority string and a bit flag variable for setting extra options
1042 which can't be set via the priority string.
1043
1044 ABI_BREAK_NOTE: Merge this with open_stream_connection. */
1045int
1046open_stream_connection_ext (struct script_infos *args, unsigned int port,
1047 int transport, int timeout, const char *priority,
1048 int flags)
1049{
1050 int fd, ret;
1051 openvas_connection *fp;
1052 char *cert = NULL;
1053 char *key = NULL;
1054 char *passwd = NULL;
1055 char *cafile = NULL;
1056 char *hostname = NULL;
1057 char *hostname_aux = NULL;
1058
1059 /* Because plug_get_host_fqdn() forks for each vhost, we fork() before
1060 creating the socket */
1061 hostname_aux = plug_get_host_fqdn (args);
1062
1063 if (!priority)
1064 priority = ""; /* To us an empty string is equivalent to NULL. */
1065
1066 g_debug ("[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
1067 " priority: '%s'",
1068 getpid (), port, transport, timeout, priority);
1069
1070 if (timeout == -2)
1071 timeout = TIMEOUT;
1072
1073 ret = -1;
1074 switch (transport)
1075 {
1076 case OPENVAS_ENCAPS_IP:
1077
1078 case OPENVAS_ENCAPS_SSLv23:
1079 case OPENVAS_ENCAPS_SSLv3:
1080 case OPENVAS_ENCAPS_TLSv1:
1081 case OPENVAS_ENCAPS_TLSv11:
1082 case OPENVAS_ENCAPS_TLSv12:
1083 case OPENVAS_ENCAPS_TLSv13:
1084 case OPENVAS_ENCAPS_TLScustom:
1085 case OPENVAS_ENCAPS_SSLv2:
1086 break;
1087
1088 default:
1089 g_message ("open_stream_connection_ext(): unsupported transport"
1090 " layer %d passed by %s",
1091 transport, args->name);
1092 errno = EINVAL;
1093
1094 g_free (hostname_aux);
1095 return ret;
1096 }
1097
1098 if ((fd = get_connection_fd ()) < 0)
1099 {
1100 g_free (hostname_aux);
1101 return ret;
1102 }
1103 fp = OVAS_CONNECTION_FROM_FD (fd);
1104
1105 fp->transport = transport;
1106 g_free (fp->priority);
1107 if (*priority)
1108 fp->priority = g_strdup (priority);
1109 else
1110 fp->priority = NULL;
1111 fp->timeout = timeout;
1112 fp->port = port;
1113 fp->last_err = 0;
1114
1115 fp->fd = open_sock_tcp (args, port, timeout);
1116 if (fp->fd < 0)
1117 goto failed;
1118
1119 kb_t kb = plug_get_kb (args);
1120 switch (transport)
1121 {
1122 char buf[1024];
1123
1124 case OPENVAS_ENCAPS_IP:
1125 break;
1126 case OPENVAS_ENCAPS_SSLv23:
1127 case OPENVAS_ENCAPS_SSLv3:
1128 case OPENVAS_ENCAPS_TLSv1:
1129 case OPENVAS_ENCAPS_TLSv11:
1130 case OPENVAS_ENCAPS_TLSv12:
1131 case OPENVAS_ENCAPS_TLSv13:
1132 case OPENVAS_ENCAPS_TLScustom:
1133 cert = kb_item_get_str (kb, "SSL/cert");
1134 key = kb_item_get_str (kb, "SSL/key");
1135 passwd = kb_item_get_str (kb, "SSL/password");
1136
1137 cafile = kb_item_get_str (kb, "SSL/CA");
1138
1139 /* fall through */
1140
1141 case OPENVAS_ENCAPS_SSLv2:
1142 /* We do not need a client certificate in this case */
1143 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
1144 if (kb_item_get_int (kb, buf) <= 0)
1145 hostname = hostname_aux;
1146
1147 ret =
1148 open_SSL_connection (fp, cert, key, passwd, cafile, hostname, flags);
1149 g_free (cert);
1150 g_free (key);
1151 g_free (passwd);
1152 g_free (cafile);
1153 if (ret <= 0)
1154 goto failed;
1155 break;
1156 }
1157
1158 g_free (hostname_aux);
1159
1160 return fd;
1161
1162failed:
1163 release_connection_fd (fd, 0);
1164 return ret;
1165}
1166
1167void
1168open_stream_tls_default_priorities (const char *p, const int pflag)
1169{
1170 tls_priorities = p;
1171 tls_priority_flag = pflag;
1172}
1173
1174int
1175open_stream_connection (struct script_infos *args, unsigned int port,
1176 int transport, int timeout)
1177{
1178 return open_stream_connection_ext (args, port, transport, timeout,
1179 tls_priorities, tls_priority_flag);
1180}
1181
1182/* Same as open_stream_auto_encaps but allows to force auto detection
1183 of the protocols if FORCE is true. */
1184int
1185open_stream_auto_encaps_ext (struct script_infos *args, unsigned int port,
1186 int timeout, int force)
1187{
1188 int fd, transport;
1189
1190 if (force)
1191 {
1192 /* Try SSL/TLS first */
1193 transport = OPENVAS_ENCAPS_TLScustom;
1194 fd = open_stream_connection (args, port, transport, timeout);
1195 if (fd < 0)
1196 {
1197 transport = OPENVAS_ENCAPS_IP;
1198 fd = open_stream_connection (args, port, OPENVAS_ENCAPS_IP, timeout);
1199 if (fd < 0)
1200 return -1;
1201 }
1202 /* Store that encapsulation mode in the KB. */
1203 plug_set_port_transport (args, port, transport);
1204 return fd;
1205 }
1206 else
1207 {
1208 transport = plug_get_port_transport (args, port);
1209 fd = open_stream_connection (args, port, transport, timeout);
1210 return fd;
1211 }
1212 /*NOTREACHED*/
1213}
1214
1215int
1216stream_set_timeout (int fd, int timeout)
1217{
1218 int old;
1219 openvas_connection *fp;
1220 if (!OPENVAS_STREAM (fd))
1221 {
1222 errno = EINVAL;
1223 return 0;
1224 }
1225 fp = OVAS_CONNECTION_FROM_FD (fd);
1226 old = fp->timeout;
1227 fp->timeout = timeout;
1228 return old;
1229}
1230
1231static int
1232read_stream_connection_unbuffered (int fd, void *buf0, int min_len, int max_len)
1233{
1234 int ret, realfd, trp, t, select_status;
1235 int total = 0, flag = 0, timeout = TIMEOUT, waitall = 0;
1236 unsigned char *buf = (unsigned char *) buf0;
1237 openvas_connection *fp = NULL;
1238 fd_set fdr, fdw;
1239 struct timeval tv;
1240 time_t now, then;
1241
1242 if (OPENVAS_STREAM (fd))
1243 {
1244 fp = OVAS_CONNECTION_FROM_FD (fd);
1245 trp = fp->transport;
1246 realfd = fp->fd;
1247 fp->last_err = 0;
1248 if (fp->timeout != -2)
1249 timeout = fp->timeout;
1250 }
1251 else
1252 {
1253 trp = OPENVAS_ENCAPS_IP;
1254 if (fd < 0 || fd > 1024)
1255 {
1256 errno = EBADF;
1257 return -1;
1258 }
1259 realfd = fd;
1260 }
1261
1262#ifndef INCR_TIMEOUT
1263#define INCR_TIMEOUT 1
1264#endif
1265
1266 if (min_len == max_len || timeout <= 0)
1267 waitall = MSG_WAITALL;
1268 if (trp == OPENVAS_ENCAPS_IP)
1269 {
1270 for (t = 0; total < max_len && (timeout <= 0 || t < timeout);)
1271 {
1272 tv.tv_sec = INCR_TIMEOUT; /* Not timeout! */
1273 tv.tv_usec = 0;
1274 FD_ZERO (&fdr);
1275 FD_SET (realfd, &fdr);
1276 if (select (realfd + 1, &fdr, NULL, NULL, timeout > 0 ? &tv : NULL)
1277 <= 0)
1278 {
1279 t += INCR_TIMEOUT;
1280 /* Try to be smart */
1281 if (total > 0 && flag)
1282 return total;
1283 else if (total >= min_len)
1284 flag++;
1285 }
1286 else
1287 {
1288 errno = 0;
1289 ret = recv (realfd, buf + total, max_len - total, waitall);
1290 if (ret < 0)
1291 if (errno != EINTR)
1292 {
1293 return total;
1294 }
1295 else
1296 ret = 0;
1297 else if (ret == 0) /* EOF */
1298 {
1299 return total;
1300 }
1301 /*ret > 0 */
1302 total += ret;
1303 if (min_len > 0 && total >= min_len)
1304 return total;
1305 flag = 0;
1306 }
1307 }
1308 return total;
1309 }
1310
1311 switch (trp)
1312 {
1313 /* OPENVAS_ENCAPS_IP was treated before with the non-OpenVAS fd */
1314 case OPENVAS_ENCAPS_SSLv2:
1315 case OPENVAS_ENCAPS_SSLv23:
1316 case OPENVAS_ENCAPS_SSLv3:
1317 case OPENVAS_ENCAPS_TLSv1:
1318 case OPENVAS_ENCAPS_TLSv11:
1319 case OPENVAS_ENCAPS_TLSv12:
1320 case OPENVAS_ENCAPS_TLSv13:
1321 case OPENVAS_ENCAPS_TLScustom:
1322 if (getpid () != fp->pid)
1323 {
1324 g_debug ("PID %d tries to use a SSL/TLS connection established "
1325 "by PID %d\n",
1326 getpid (), fp->pid);
1327 errno = EINVAL;
1328 return -1;
1329 }
1330
1331 then = time (NULL);
1332 for (t = 0; timeout <= 0 || t < timeout; t = now - then)
1333 {
1334 now = time (NULL);
1335 tv.tv_sec = INCR_TIMEOUT;
1336 tv.tv_usec = 0;
1337 FD_ZERO (&fdr);
1338 FD_ZERO (&fdw);
1339 FD_SET (realfd, &fdr);
1340 FD_SET (realfd, &fdw);
1341
1342 select_status = select (realfd + 1, &fdr, &fdw, NULL, &tv);
1343
1344 if (select_status > 0)
1345 {
1346 /* TLS FIXME: handle rehandshake */
1347 ret = gnutls_record_recv (fp->tls_session, buf + total,
1348 max_len - total);
1349 if (ret > 0)
1350 {
1351 total += ret;
1352 if (total >= max_len)
1353 return total;
1354 }
1355 else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1356 {
1357 /* This branch also handles the case where ret == 0,
1358 * i.e. that the connection has been closed. This is
1359 * for compatibility with the old OpenSSL based openvas
1360 * code which treated SSL_ERROR_ZERO_RETURN as an
1361 * error too.
1362 */
1363 if (ret < 0)
1364 pid_perror ("gnutls_record_recv");
1365 else
1366 g_debug ("gnutls_record_recv[%d]: EOF\n", getpid ());
1367 fp->last_err = EPIPE;
1368 return total;
1369 }
1370 }
1371
1372 if (min_len > 0 && total >= min_len)
1373 return total;
1374 }
1375 if (t >= timeout)
1376 fp->last_err = ETIMEDOUT;
1377 return total;
1378
1379 default:
1380 if (fp->transport || fp->fd != 0)
1381 g_message ("Function %s (calling internal function %s) called from %s: "
1382 "Severe bug! Unhandled transport layer %d (fd=%d).",
1383 nasl_get_function_name () ? nasl_get_function_name ()
1384 : "script_main_function",
1385 __func__, nasl_get_plugin_filename (), fp->transport, fd);
1386 else
1387 g_message ("read_stream_connection_unbuffered: "
1388 "fd=%d is closed",
1389 fd);
1390 errno = EINVAL;
1391 return -1;
1392 }
1393 /*NOTREACHED*/
1394}
1395
1396int
1397read_stream_connection_min (int fd, void *buf0, int min_len, int max_len)
1398{
1399 openvas_connection *fp;
1400
1401 if (OPENVAS_STREAM (fd))
1402 {
1403 fp = OVAS_CONNECTION_FROM_FD (fd);
1404 if (fp->buf != NULL)
1405 {
1406 int l1, l2;
1407
1408 if (max_len == 1)
1409 min_len = 1; /* avoid "magic read" later */
1410 l2 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1411 if (l2 > 0)
1412 {
1413 memcpy (buf0, fp->buf + fp->bufptr, l2);
1414 fp->bufcnt -= l2;
1415 if (fp->bufcnt == 0)
1416 {
1417 fp->bufptr = 0;
1418 fp->buf[0] = '\0'; /* debug */
1419 }
1420 else
1421 fp->bufptr += l2;
1422 if (l2 >= min_len || l2 >= max_len)
1423 return l2;
1424 max_len -= l2;
1425 min_len -= l2;
1426 }
1427 if (min_len > fp->bufsz)
1428 {
1429 l1 = read_stream_connection_unbuffered (fd, (char *) buf0 + l2,
1430 min_len, max_len);
1431 if (l1 > 0)
1432 return l1 + l2;
1433 else
1434 return l2;
1435 }
1436 /* Fill buffer */
1437 l1 =
1438 read_stream_connection_unbuffered (fd, fp->buf, min_len, fp->bufsz);
1439 if (l1 <= 0)
1440 return l2;
1441
1442 fp->bufcnt = l1;
1443 l1 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1444 memcpy ((char *) buf0 + l2, fp->buf + fp->bufptr, l1);
1445 fp->bufcnt -= l1;
1446 if (fp->bufcnt == 0)
1447 fp->bufptr = 0;
1448 else
1449 fp->bufptr += l1;
1450 return l1 + l2;
1451 }
1452 }
1453 return read_stream_connection_unbuffered (fd, buf0, min_len, max_len);
1454}
1455
1456int
1457read_stream_connection (int fd, void *buf0, int len)
1458{
1459 return read_stream_connection_min (fd, buf0, -1, len);
1460}
1461
1462static int
1463write_stream_connection4 (int fd, void *buf0, int n, int i_opt)
1464{
1465 int ret, count;
1466 unsigned char *buf = (unsigned char *) buf0;
1467 openvas_connection *fp;
1468 fd_set fdr, fdw;
1469 struct timeval tv;
1470 int e;
1471
1472 if (!OPENVAS_STREAM (fd))
1473 {
1474 g_debug ("write_stream_connection: fd <%d> invalid\n", fd);
1475 errno = EINVAL;
1476 return -1;
1477 }
1478
1479 fp = OVAS_CONNECTION_FROM_FD (fd);
1480 fp->last_err = 0;
1481
1482 switch (fp->transport)
1483 {
1484 case OPENVAS_ENCAPS_IP:
1485 for (count = 0; count < n;)
1486 {
1487 ret = send (fp->fd, buf + count, n - count, i_opt);
1488
1489 if (ret <= 0)
1490 {
1491 if (ret < 0)
1492 fp->last_err = errno;
1493 else
1494 fp->last_err = EPIPE;
1495 break;
1496 }
1497
1498 count += ret;
1499 }
1500 break;
1501
1502 case OPENVAS_ENCAPS_SSLv2:
1503 case OPENVAS_ENCAPS_SSLv23:
1504 case OPENVAS_ENCAPS_SSLv3:
1505 case OPENVAS_ENCAPS_TLSv1:
1506 case OPENVAS_ENCAPS_TLSv11:
1507 case OPENVAS_ENCAPS_TLSv12:
1508 case OPENVAS_ENCAPS_TLSv13:
1509 case OPENVAS_ENCAPS_TLScustom:
1510
1511 /* i_opt ignored for SSL */
1512 for (count = 0; count < n;)
1513 {
1514 ret = gnutls_record_send (fp->tls_session, buf + count, n - count);
1515
1516 if (ret > 0)
1517 {
1518 count += ret;
1519 }
1520 else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1521 {
1522 /* This branch also handles the case where ret == 0,
1523 * i.e. that the connection has been closed. This is
1524 * for compatibility with the old openvas code which
1525 * treated SSL_ERROR_ZERO_RETURN as an error too.
1526 */
1527 if (ret < 0)
1528 pid_perror ("gnutls_record_send");
1529 else
1530 g_debug ("gnutls_record_send[%d]: EOF\n", getpid ());
1531 fp->last_err = EPIPE;
1532 break;
1533 }
1534
1535 if (fp->timeout >= 0)
1536 tv.tv_sec = fp->timeout;
1537 else
1538 tv.tv_sec = TIMEOUT;
1539 tv.tv_usec = 0;
1540
1541 do
1542 {
1543 errno = 0;
1544 FD_ZERO (&fdr);
1545 FD_ZERO (&fdw);
1546 FD_SET (fp->fd, &fdr);
1547 FD_SET (fp->fd, &fdw);
1548 e = select (fp->fd + 1, &fdr, &fdw, NULL, &tv);
1549 }
1550 while (e < 0 && errno == EINTR);
1551
1552 if (e <= 0)
1553 {
1554 pid_perror ("select");
1555 fp->last_err = ETIMEDOUT;
1556 break;
1557 }
1558 }
1559 break;
1560
1561 default:
1562 if (fp->transport || fp->fd != 0)
1563 g_message ("Function %s (calling internal function %s) called from %s: "
1564 "Severe bug! Unhandled transport layer %d (fd=%d).",
1565 nasl_get_function_name () ? nasl_get_function_name ()
1566 : "script_main_function",
1567 __func__, nasl_get_plugin_filename (), fp->transport, fd);
1568 else
1569 g_message ("read_stream_connection_unbuffered: fd=%d is "
1570 "closed",
1571 fd);
1572 errno = EINVAL;
1573 return -1;
1574 }
1575
1576 if (count == 0 && n > 0)
1577 return -1;
1578 else
1579 return count;
1580}
1581
1582int
1583write_stream_connection (int fd, void *buf0, int n)
1584{
1585 return write_stream_connection4 (fd, buf0, n, 0);
1586}
1587
1588int
1589nsend (int fd, void *data, int length, int i_opt)
1590{
1591 int n = 0;
1592
1593 if (OPENVAS_STREAM (fd))
1594 {
1595 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1596 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1597 else
1598 return write_stream_connection4 (fd, data, length, i_opt);
1599 }
1600 /* Trying OS's send() */
1601 block_socket (fd); /* ??? */
1602 do
1603 {
1604 struct timeval tv = {0, 5};
1605 fd_set wr;
1606 int e;
1607
1608 FD_ZERO (&wr);
1609 FD_SET (fd, &wr);
1610
1611 errno = 0;
1612 e = select (fd + 1, NULL, &wr, NULL, &tv);
1613 if (e > 0)
1614 n = os_send (fd, data, length, i_opt);
1615 else if (e < 0 && errno == EINTR)
1616 continue;
1617 else
1618 break;
1619 }
1620 while (n <= 0 && errno == EINTR);
1621 if (n < 0)
1622 g_message ("[%d] nsend():send %s", getpid (), strerror (errno));
1623
1624 return n;
1625}
1626
1627int
1628nrecv (int fd, void *data, int length, int i_opt)
1629{
1630 int e;
1631 if (OPENVAS_STREAM (fd))
1632 {
1633 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1634 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1635 else
1636 return read_stream_connection (fd, data, length);
1637 }
1638 /* Trying OS's recv()
1639 *
1640 * Do *NOT* use os_recv() here, as it will be blocking until the exact
1641 * amount of requested data arrives
1642 */
1643 block_socket (fd);
1644 do
1645 {
1646 e = recv (fd, data, length, i_opt);
1647 }
1648 while (e < 0 && errno == EINTR);
1649 return e;
1650}
1651
1665void
1666add_close_stream_connection_hook (int (*fnc) (int fd))
1667{
1668 struct csc_hook_s *hook;
1669
1670 for (hook = csc_hooks; hook; hook = hook->next)
1671 if (hook->fnc == fnc)
1672 return; /* Already added. */
1673
1674 hook = g_malloc0 (sizeof *hook);
1675 hook->fnc = fnc;
1676 hook->next = csc_hooks;
1677 csc_hooks = hook;
1678}
1679
1693static int
1694run_csc_hooks (int fd)
1695{
1696 struct csc_hook_s *hook;
1697
1698 for (hook = csc_hooks; hook; hook = hook->next)
1699 if (hook->fnc && !hook->fnc (fd))
1700 return 0;
1701 return -1;
1702}
1703
1704int
1705close_stream_connection (int fd)
1706{
1707 openvas_connection *fp;
1708 if (!OPENVAS_STREAM (fd))
1709 {
1710 errno = EINVAL;
1711 return -1;
1712 }
1713 fp = OVAS_CONNECTION_FROM_FD (fd);
1714 g_debug ("close_stream_connection TCP:%d (fd=%d)", fp->port, fd);
1715
1716 if (!OPENVAS_STREAM (fd)) /* Will never happen if debug is on! */
1717 {
1718 if (fd < 0 || fd > 1024)
1719 {
1720 errno = EINVAL;
1721 return -1;
1722 }
1723 shutdown (fd, 2);
1724 return socket_close (fd);
1725 }
1726 if (!run_csc_hooks (fd))
1727 return release_connection_fd (fd, 1);
1728 else
1729 return release_connection_fd (fd, 0);
1730}
1731
1732const char *
1733get_encaps_name (openvas_encaps_t code)
1734{
1735 static char str[100];
1736 switch (code)
1737 {
1738 case OPENVAS_ENCAPS_AUTO:
1739 return "auto";
1740 case OPENVAS_ENCAPS_IP:
1741 return "IP";
1742 case OPENVAS_ENCAPS_SSLv2:
1743 return "SSLv2";
1744 case OPENVAS_ENCAPS_SSLv23:
1745 return "SSLv23";
1746 case OPENVAS_ENCAPS_SSLv3:
1747 return "SSLv3";
1748 case OPENVAS_ENCAPS_TLSv1:
1749 return "TLSv1";
1750 case OPENVAS_ENCAPS_TLSv11:
1751 return "TLSv11";
1752 case OPENVAS_ENCAPS_TLSv12:
1753 return "TLSv12";
1754 case OPENVAS_ENCAPS_TLSv13:
1755 return "TLSv13";
1756 case OPENVAS_ENCAPS_TLScustom:
1757 return "TLScustom";
1758 default:
1759 snprintf (str, sizeof (str), "[unknown transport layer - code %d (0x%x)]",
1760 code, code);
1761 return str;
1762 }
1763}
1764
1765const char *
1766get_encaps_through (openvas_encaps_t code)
1767{
1768 static char str[100];
1769 switch (code)
1770 {
1771 case OPENVAS_ENCAPS_IP:
1772 return "";
1773 case OPENVAS_ENCAPS_SSLv2:
1774 case OPENVAS_ENCAPS_SSLv23:
1775 case OPENVAS_ENCAPS_SSLv3:
1776 case OPENVAS_ENCAPS_TLSv1:
1777 case OPENVAS_ENCAPS_TLSv11:
1778 case OPENVAS_ENCAPS_TLSv12:
1779 case OPENVAS_ENCAPS_TLSv13:
1780 case OPENVAS_ENCAPS_TLScustom:
1781 return " through SSL/TLS";
1782 default:
1783 snprintf (str, sizeof (str),
1784 " through unknown transport layer - code %d (0x%x)", code,
1785 code);
1786 return str;
1787 }
1788}
1789
1790static int
1791open_socket (struct sockaddr *paddr, int type, int protocol, int timeout,
1792 int len)
1793{
1794 fd_set fd_w;
1795 struct timeval to;
1796 int soc, x;
1797 int opt;
1798 unsigned int opt_sz;
1799 int family;
1800
1801 __port_closed = 0;
1802
1803 if (paddr->sa_family == AF_INET)
1804 {
1805 family = AF_INET;
1806 if ((soc = socket (AF_INET, type, protocol)) < 0)
1807 {
1808 pid_perror ("socket");
1809 return -1;
1810 }
1811 }
1812 else
1813 {
1814 family = AF_INET6;
1815 if ((soc = socket (AF_INET6, type, protocol)) < 0)
1816 {
1817 pid_perror ("socket");
1818 return -1;
1819 }
1820 }
1821
1822 if (timeout == -2)
1823 timeout = TIMEOUT;
1824
1825 if (timeout > 0)
1826 if (unblock_socket (soc) < 0)
1827 {
1828 close (soc);
1829 return -1;
1830 }
1831
1832 gvm_source_set_socket (soc, 0, family);
1833
1834 if (connect (soc, paddr, len) < 0)
1835 {
1836 pid_perror ("connect");
1837 again:
1838 switch (errno)
1839 {
1840 case EINPROGRESS:
1841 case EAGAIN:
1842 FD_ZERO (&fd_w);
1843 FD_SET (soc, &fd_w);
1844 to.tv_sec = timeout;
1845 to.tv_usec = 0;
1846 x = select (soc + 1, NULL, &fd_w, NULL, &to);
1847 if (x == 0)
1848 {
1849 pid_perror ("connect->select: timeout");
1850 socket_close (soc);
1851 errno = ETIMEDOUT;
1852 return -1;
1853 }
1854 else if (x < 0)
1855 {
1856 if (errno == EINTR)
1857 {
1858 errno = EAGAIN;
1859 goto again;
1860 }
1861 pid_perror ("select");
1862 socket_close (soc);
1863 return -1;
1864 }
1865
1866 opt = 0;
1867 opt_sz = sizeof (opt);
1868 if (getsockopt (soc, SOL_SOCKET, SO_ERROR, &opt, &opt_sz) < 0)
1869 {
1870 pid_perror ("getsockopt");
1871 socket_close (soc);
1872 return -1;
1873 }
1874 if (opt == 0)
1875 break;
1876 errno = opt;
1877 pid_perror ("SO_ERROR");
1878 /* fallthrough */
1879 default:
1880 __port_closed = 1;
1881 socket_close (soc);
1882 return -1;
1883 }
1884 }
1885 block_socket (soc);
1886 return soc;
1887}
1888
1889int
1890open_sock_opt_hn (const char *hostname, unsigned int port, int type,
1891 int protocol, int timeout)
1892{
1893 struct sockaddr_in addr;
1894 struct sockaddr_in6 addr6;
1895 struct in6_addr in6addr;
1896
1897 gvm_resolve_as_addr6 (hostname, &in6addr);
1898 if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1899 {
1900 bzero ((void *) &addr, sizeof (addr));
1901 addr.sin_family = AF_INET;
1902 addr.sin_port = htons ((unsigned short) port);
1903 addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1904 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1905 sizeof (struct sockaddr_in));
1906 }
1907 else
1908 {
1909 bzero ((void *) &addr6, sizeof (addr6));
1910 addr6.sin6_family = AF_INET6;
1911 addr6.sin6_port = htons ((unsigned short) port);
1912 memcpy (&addr6.sin6_addr, &in6addr, sizeof (struct in6_addr));
1913 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1914 sizeof (struct sockaddr_in6));
1915 }
1916}
1917
1918int
1919open_sock_tcp (struct script_infos *args, unsigned int port, int timeout)
1920{
1921 int ret, retry = 0;
1922 const char *timeout_retry;
1923
1924 timeout_retry = prefs_get ("timeout_retry");
1925 if (timeout_retry)
1926 retry = atoi (timeout_retry);
1927 if (retry < 0)
1928 retry = 0;
1929
1930 while (retry >= 0)
1931 {
1932 errno = 0;
1933 ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
1934 if (ret >= 0 || errno != ETIMEDOUT)
1935 break;
1936 retry--;
1937 }
1938 if (ret < 0 && errno == ETIMEDOUT)
1939 {
1940 int log_count, attempts = 0;
1941 char *ip_str = plug_get_host_ip_str (args), buffer[1024];
1942 kb_t kb = plug_get_kb (args);
1943 const char *max_attempts;
1944
1945 max_attempts = prefs_get ("open_sock_max_attempts");
1946 if (max_attempts)
1947 attempts = atoi (max_attempts);
1948 if (attempts < 0)
1949 attempts = 0;
1950
1951 g_snprintf (buffer, sizeof (buffer), "ConnectTimeout/%s/%d", ip_str,
1952 port);
1953 log_count = kb_item_get_int (kb, buffer);
1954 if (log_count == -1)
1955 log_count = 0;
1956 if (log_count < 3)
1957 {
1958 g_message ("open_sock_tcp: %s:%d time-out.", ip_str, port);
1959 }
1960 log_count++;
1961 kb_item_set_int_with_main_kb_check (kb, buffer, log_count);
1962 if ((log_count >= attempts) && (attempts != 0))
1963 {
1964 /* After some unsuccessfully attempts, the port is set to closed to
1965 * avoid new attempts from other plugins.
1966 */
1967 if (host_get_port_state (args, port) > 0)
1968 {
1969 char host_port_ip_str[INET6_ADDRSTRLEN];
1970
1971 addr6_to_str (args->ip, host_port_ip_str);
1972 g_snprintf (buffer, sizeof (buffer), "Ports/tcp/%d", port);
1973 g_message ("open_sock_tcp: %s:%d too many timeouts. "
1974 "This port will be set to closed.",
1975 host_port_ip_str, port);
1976 kb_item_set_int_with_main_kb_check (kb, buffer, 0);
1977
1978 snprintf (
1979 buffer, sizeof (buffer),
1980 "ERRMSG|||%s|||%s|||%d/tcp||| |||Too many timeouts. The port"
1981 " was set to closed.",
1982 host_port_ip_str,
1983 plug_current_vhost () ? plug_current_vhost () : " ", port);
1984
1985 kb_item_push_str_with_main_kb_check (get_main_kb (),
1986 "internal/results", buffer);
1987 }
1988 }
1989 g_free (ip_str);
1990 }
1991
1992 return ret;
1993}
1994
1995int
1996open_sock_option (struct script_infos *args, unsigned int port, int type,
1997 int protocol, int timeout)
1998{
1999 struct sockaddr_in addr;
2000 struct sockaddr_in6 addr6;
2001 struct in6_addr *t;
2002
2003 t = plug_get_host_ip (args);
2004 if (!t)
2005 {
2006 g_message ("ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
2007 return (-1);
2008 }
2009 if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
2010 return (-1);
2011 if (IN6_IS_ADDR_V4MAPPED (t))
2012 {
2013 bzero ((void *) &addr, sizeof (addr));
2014 addr.sin_family = AF_INET;
2015 addr.sin_port = htons ((unsigned short) port);
2016 addr.sin_addr.s_addr = t->s6_addr32[3];
2017 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
2018 sizeof (struct sockaddr_in));
2019 }
2020 else
2021 {
2022 bzero ((void *) &addr6, sizeof (addr6));
2023 addr6.sin6_family = AF_INET6;
2024 addr6.sin6_port = htons ((unsigned short) port);
2025 memcpy (&addr6.sin6_addr, t, sizeof (struct in6_addr));
2026 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
2027 sizeof (struct sockaddr_in6));
2028 }
2029}
2030
2039int
2040recv_line (int soc, char *buf, size_t bufsiz)
2041{
2042 int n;
2043 unsigned int ret = 0;
2044
2045 /* Dirty SSL hack */
2046 if (OPENVAS_STREAM (soc))
2047 {
2048 buf[0] = '\0';
2049
2050 do
2051 {
2052 n = read_stream_connection_min (soc, buf + ret, 1, 1);
2053 switch (n)
2054 {
2055 case -1:
2056 if (ret == 0)
2057 return -1;
2058 else
2059 return ret;
2060 break;
2061
2062 case 0:
2063 return ret;
2064 break;
2065
2066 default:
2067 ret++;
2068 }
2069 }
2070 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2071
2072 if (ret > 0)
2073 {
2074 if (buf[ret - 1] != '\0')
2075 {
2076 if (ret < bufsiz)
2077 buf[ret] = '\0';
2078 else
2079 buf[bufsiz - 1] = '\0';
2080 }
2081 }
2082
2083 return ret;
2084 }
2085 else
2086 {
2087 fd_set rd;
2088
2089 do
2090 {
2091 int e;
2092 again:
2093 errno = 0;
2094 FD_ZERO (&rd);
2095 FD_SET (soc, &rd);
2096 e = select (soc + 1, &rd, NULL, NULL, NULL);
2097 if (e == 0 && !FD_ISSET (soc, &rd))
2098 return -1;
2099 if (e < 0 && errno == EINTR)
2100 goto again;
2101 if (e > 0)
2102 {
2103 n = recv (soc, buf + ret, 1, 0);
2104 switch (n)
2105 {
2106 case -1:
2107 if (errno == EINTR)
2108 continue;
2109 if (ret == 0)
2110 return -1;
2111 else
2112 return ret;
2113 break;
2114 case 0:
2115 return ret;
2116 break;
2117 default:
2118 ret++;
2119 }
2120 }
2121 else
2122 break;
2123 }
2124 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2125
2126 if (ret > 0)
2127 {
2128 if (buf[ret - 1] != '\0')
2129 {
2130 if (ret < bufsiz)
2131 buf[ret] = '\0';
2132 else
2133 buf[bufsiz - 1] = '\0';
2134 }
2135 }
2136 }
2137
2138 return ret;
2139}
2140
2141int
2142socket_close (int soc)
2143{
2144 return close (soc);
2145}
2146
2147/*
2148 * Select() routines
2149 */
2150
2151int
2152fd_is_stream (int fd)
2153{
2154 return OPENVAS_STREAM (fd); /* Should probably be smarter... */
2155}
2156
2157int
2158stream_get_buffer_sz (int fd)
2159{
2160 openvas_connection *p;
2161 if (!OPENVAS_STREAM (fd))
2162 return -1;
2163 p = OVAS_CONNECTION_FROM_FD (fd);
2164 return p->bufsz;
2165}
2166
2167int
2168stream_set_buffer (int fd, int sz)
2169{
2170 openvas_connection *p;
2171 char *b;
2172
2173 if (!OPENVAS_STREAM (fd))
2174 return -1;
2175
2176 p = OVAS_CONNECTION_FROM_FD (fd);
2177 if (sz < p->bufcnt)
2178 return -1; /* Do not want to lose data */
2179
2180 if (sz == 0)
2181 {
2182 g_free (p->buf);
2183 p->buf = NULL;
2184 p->bufsz = 0;
2185 return 0;
2186 }
2187 else if (p->buf == 0)
2188 {
2189 p->buf = g_malloc0 (sz);
2190 if (p->buf == NULL)
2191 return -1;
2192 p->bufsz = sz;
2193 p->bufptr = 0;
2194 p->bufcnt = 0;
2195 return 0;
2196 }
2197 else
2198 {
2199 if (p->bufcnt > 0)
2200 {
2201 memmove (p->buf, p->buf + p->bufptr, p->bufcnt);
2202 p->bufptr = 0;
2203 }
2204 b = g_realloc (p->buf, sz);
2205 if (b == NULL)
2206 return -1;
2207 p->buf = b;
2208 p->bufsz = sz;
2209 return 0;
2210 }
2211}
2212
2213/*------------------------------------------------------------------*/
2214
2215int
2216os_send (int soc, void *buf, int len, int opt)
2217{
2218 char *buf0 = (char *) buf;
2219 int e, n;
2220 for (n = 0; n < len;)
2221 {
2222 errno = 0;
2223 e = send (soc, buf0 + n, len - n, opt);
2224 if (e < 0 && errno == EINTR)
2225 continue;
2226 else if (e <= 0)
2227 return -1;
2228 else
2229 n += e;
2230 }
2231 return n;
2232}
2233
2234int
2235os_recv (int soc, void *buf, int len, int opt)
2236{
2237 char *buf0 = (char *) buf;
2238 int e, n;
2239 for (n = 0; n < len;)
2240 {
2241 errno = 0;
2242 e = recv (soc, buf0 + n, len - n, opt);
2243 if (e < 0 && errno == EINTR)
2244 continue;
2245 else if (e <= 0)
2246 return -1;
2247 else
2248 n += e;
2249 }
2250 return n;
2251}
2252
2253/* This is a helper function for nasl_get_sock_info. It is used to
2254 retrieve information about SOCK. */
2255int
2256get_sock_infos (int sock, int *r_transport, void **r_tls_session)
2257{
2258 openvas_connection *fp;
2259
2260 if (!OPENVAS_STREAM (sock))
2261 return ENOTSOCK;
2262 fp = &(connections[sock - OPENVAS_FD_OFF]);
2263
2264 *r_transport = fp->transport;
2265 *r_tls_session = fp->tls_session;
2266 return 0;
2267}
2268
2269/*
2270 * 0 is considered as the biggest number, since it
2271 * ends our string
2272 */
2273static int
2274qsort_compar (const void *a, const void *b)
2275{
2276 u_short *aa = (u_short *) a;
2277 u_short *bb = (u_short *) b;
2278 if (*aa == 0)
2279 return (1);
2280 else if (*bb == 0)
2281 return (-1);
2282 else
2283 return (*aa - *bb);
2284}
2285
2295unsigned short *
2296getpts (char *origexpr, int *len)
2297{
2298 int exlen;
2299 char *p, *q;
2300 unsigned short *tmp, *ports;
2301 int i = 0, j = 0, start, end;
2302 char *expr;
2303 char *mem;
2304 char *s_start, *s_end;
2305 static unsigned short *last_ret = NULL;
2306 static char *last_expr = NULL;
2307 static int last_num;
2308
2309 expr = g_strdup (origexpr);
2310 exlen = strlen (origexpr);
2311 mem = expr;
2312
2313 if (last_expr != NULL)
2314 {
2315 if (strcmp (last_expr, expr) == 0)
2316 {
2317 if (len != NULL)
2318 *len = last_num;
2319 g_free (mem);
2320 return last_ret;
2321 }
2322 else
2323 {
2324 g_free (last_expr);
2325 last_expr = NULL;
2326 g_free (&last_ret);
2327 last_ret = NULL;
2328 }
2329 }
2330
2331 ports = g_malloc0 (65536 * sizeof (short));
2332 for (; j < exlen; j++)
2333 if (expr[j] != ' ')
2334 expr[i++] = expr[j];
2335 expr[i] = '\0';
2336
2337 if ((s_start = strstr (expr, "T:")) != NULL)
2338 expr = &(s_start[2]);
2339
2340 if ((s_end = strstr (expr, "U:")) != NULL)
2341 {
2342 if (s_end[-1] == ',')
2343 s_end--;
2344 s_end[0] = '\0';
2345 }
2346
2347 i = 0;
2348 while ((p = strchr (expr, ',')))
2349 {
2350 *p = '\0';
2351 if (*expr == '-')
2352 {
2353 start = 1;
2354 end = atoi (expr + 1);
2355 }
2356 else
2357 {
2358 start = end = atoi (expr);
2359 if ((q = strchr (expr, '-')) && *(q + 1))
2360 end = atoi (q + 1);
2361 else if (q && !*(q + 1))
2362 end = 65535;
2363 }
2364 if (start < 1)
2365 start = 1;
2366 if (start > end)
2367 {
2368 g_free (mem);
2369 g_free (ports);
2370 return NULL;
2371 }
2372 for (j = start; j <= end; j++)
2373 ports[i++] = j;
2374 expr = p + 1;
2375 }
2376 if (*expr == '-')
2377 {
2378 start = 1;
2379 end = atoi (expr + 1);
2380 }
2381 else
2382 {
2383 start = end = atoi (expr);
2384 if ((q = strchr (expr, '-')) && *(q + 1))
2385 end = atoi (q + 1);
2386 else if (q && !*(q + 1))
2387 end = 65535;
2388 }
2389 if (start < 1)
2390 start = 1;
2391 if (start > end)
2392 {
2393 g_free (mem);
2394 g_free (ports);
2395 return NULL;
2396 }
2397 for (j = start; j <= end; j++)
2398 ports[i++] = j;
2399 ports[i++] = 0;
2400
2401 qsort (ports, i, sizeof (u_short), qsort_compar);
2402 tmp = g_realloc (ports, i * sizeof (short));
2403 if (len != NULL)
2404 *len = i - 1;
2405 g_free (mem);
2406
2407 last_ret = tmp;
2408 last_expr = g_strdup (origexpr);
2409 last_num = i - 1;
2410 return tmp;
2411}
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition kb_cache.c:41
kb_cache.h
Header file to cache main_kb.
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
pid
static pid_t pid
Definition nasl_cmd_exec.c:39
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition nasl_crypt_helper.c:97
nasl_get_plugin_filename
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition nasl_debug.c:36
nasl_get_function_name
const char * nasl_get_function_name()
Definition nasl_debug.c:76
nasl_debug.h
code
#define code
protocol
u_char protocol
Definition nasl_packet_forgery.c:3
len
uint8_t len
Definition nasl_packet_forgery.c:1
length
u_short length
Definition nasl_packet_forgery.c:4
pid_perror
static int pid_perror(const char *error)
Definition network.c:125
open_socket
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition network.c:1791
write_stream_connection4
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition network.c:1463
open_sock_opt_hn
int open_sock_opt_hn(const char *hostname, unsigned int port, int type, int protocol, int timeout)
Definition network.c:1890
get_encaps_through
const char * get_encaps_through(openvas_encaps_t code)
Definition network.c:1766
stream_get_err
int stream_get_err(int fd)
Definition network.c:132
openvas_get_socket_from_connection
int openvas_get_socket_from_connection(int fd)
Definition network.c:357
stream_set_buffer
int stream_set_buffer(int fd, int sz)
Definition network.c:2168
socket_get_ssl_session_id
void socket_get_ssl_session_id(int fd, void **sid, size_t *ssize)
Definition network.c:966
nsend
int nsend(int fd, void *data, int length, int i_opt)
Definition network.c:1589
is_ip_address
static int is_ip_address(const char *str)
Definition network.c:549
socket_negotiate_ssl
int socket_negotiate_ssl(int fd, openvas_encaps_t transport, struct script_infos *args)
Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.
Definition network.c:820
read_stream_connection_min
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition network.c:1397
getpts
unsigned short * getpts(char *origexpr, int *len)
Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
Definition network.c:2296
socket_ssl_do_handshake
int socket_ssl_do_handshake(int fd)
Do a re-handshake of the TLS/SSL protocol.
Definition network.c:737
open_stream_connection_ext
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
Definition network.c:1046
TIMEOUT
#define TIMEOUT
Definition network.c:45
openvas_register_connection
int openvas_register_connection(int soc, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
Definition network.c:234
load_cert_and_key
static int load_cert_and_key(gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
Loads a certificate and the corresponding private key from PEM files.
Definition network.c:457
fd_is_stream
int fd_is_stream(int fd)
Definition network.c:2152
OPENVAS_STREAM
#define OPENVAS_STREAM(x)
Definition network.c:113
qsort_compar
static int qsort_compar(const void *a, const void *b)
Definition network.c:2274
ovas_get_tlssession_from_connection
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition network.c:377
get_connection_fd
static int get_connection_fd(void)
Returns a free file descriptor.
Definition network.c:153
socket_get_ssl_version
int socket_get_ssl_version(int fd)
Definition network.c:923
socket_close
int socket_close(int soc)
Definition network.c:2142
run_csc_hooks
static int run_csc_hooks(int fd)
Run the hooks for close_stream_connection.
Definition network.c:1694
read_stream_connection_unbuffered
static int read_stream_connection_unbuffered(int fd, void *buf0, int min_len, int max_len)
Definition network.c:1232
release_connection_fd
static int release_connection_fd(int fd, int already_closed)
Definition network.c:173
read_stream_connection
int read_stream_connection(int fd, void *buf0, int len)
Definition network.c:1457
nrecv
int nrecv(int fd, void *data, int length, int i_opt)
Definition network.c:1628
open_stream_tls_default_priorities
void open_stream_tls_default_priorities(const char *p, const int pflag)
Definition network.c:1168
get_sock_infos
int get_sock_infos(int sock, int *r_transport, void **r_tls_session)
Definition network.c:2256
open_sock_tcp
int open_sock_tcp(struct script_infos *args, unsigned int port, int timeout)
Definition network.c:1919
INCR_TIMEOUT
#define INCR_TIMEOUT
os_send
int os_send(int soc, void *buf, int len, int opt)
Definition network.c:2216
unblock_socket
static int unblock_socket(int soc)
Definition network.c:286
tlserror
static void tlserror(char *txt, int err)
Definition network.c:326
log_message_gnutls
static void log_message_gnutls(int level, const char *msg)
Definition network.c:332
write_stream_connection
int write_stream_connection(int fd, void *buf0, int n)
Definition network.c:1583
socket_get_ssl_ciphersuite
int socket_get_ssl_ciphersuite(int fd)
Definition network.c:1006
block_socket
static int block_socket(int soc)
Definition network.c:303
csc_hooks
static struct csc_hook_s * csc_hooks
Linked list of hooks to be run by close_stream_connection.
Definition network.c:108
open_SSL_connection
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
Open an TLS/SSL connection.
Definition network.c:580
os_recv
int os_recv(int soc, void *buf, int len, int opt)
Definition network.c:2235
open_sock_option
int open_sock_option(struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
Definition network.c:1996
openvas_SSL_init
int openvas_SSL_init()
Initializes SSL support.
Definition network.c:341
open_stream_connection
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition network.c:1175
OVAS_CONNECTION_FROM_FD
#define OVAS_CONNECTION_FROM_FD(fd)
Definition network.c:119
socket_get_cert
void socket_get_cert(int fd, void **cert, int *certlen)
Definition network.c:887
tls_priorities
const char * tls_priorities
Definition network.c:146
OPENVAS_FD_OFF
#define OPENVAS_FD_OFF
Definition network.c:92
add_close_stream_connection_hook
void add_close_stream_connection_hook(int(*fnc)(int fd))
Register a hook function for close_stream_connection.
Definition network.c:1666
openvas_deregister_connection
int openvas_deregister_connection(int fd)
Definition network.c:259
socket_ssl_safe_renegotiation_status
int socket_ssl_safe_renegotiation_status(int fd)
Check if Secure Renegotiation is supported in the server side.
Definition network.c:716
get_encaps_name
const char * get_encaps_name(openvas_encaps_t code)
Definition network.c:1733
recv_line
int recv_line(int soc, char *buf, size_t bufsiz)
Reads a text from the socket stream into the argument buffer, always.
Definition network.c:2040
stream_set_timeout
int stream_set_timeout(int fd, int timeout)
Definition network.c:1216
__port_closed
static int __port_closed
Definition network.c:283
open_stream_auto_encaps_ext
int open_stream_auto_encaps_ext(struct script_infos *args, unsigned int port, int timeout, int force)
Definition network.c:1185
connections
static openvas_connection connections[OPENVAS_FD_MAX]
Definition network.c:94
stream_get_buffer_sz
int stream_get_buffer_sz(int fd)
Definition network.c:2158
tls_priority_flag
int tls_priority_flag
Definition network.c:147
OPENVAS_FD_MAX
#define OPENVAS_FD_MAX
Definition network.c:91
set_gnutls_protocol
static int set_gnutls_protocol(gnutls_session_t session, openvas_encaps_t encaps, const char *priority, unsigned int flags)
Definition network.c:394
close_stream_connection
int close_stream_connection(int fd)
Definition network.c:1705
network.h
Header file for module network.
OPENVAS_ENCAPS_SSLv3
@ OPENVAS_ENCAPS_SSLv3
Definition network.h:34
OPENVAS_ENCAPS_TLScustom
@ OPENVAS_ENCAPS_TLScustom
Definition network.h:39
OPENVAS_ENCAPS_TLSv12
@ OPENVAS_ENCAPS_TLSv12
Definition network.h:37
OPENVAS_ENCAPS_TLSv1
@ OPENVAS_ENCAPS_TLSv1
Definition network.h:35
OPENVAS_ENCAPS_IP
@ OPENVAS_ENCAPS_IP
Definition network.h:31
OPENVAS_ENCAPS_TLSv13
@ OPENVAS_ENCAPS_TLSv13
Definition network.h:38
OPENVAS_ENCAPS_SSLv2
@ OPENVAS_ENCAPS_SSLv2
Definition network.h:33
OPENVAS_ENCAPS_SSLv23
@ OPENVAS_ENCAPS_SSLv23
Definition network.h:32
OPENVAS_ENCAPS_TLSv11
@ OPENVAS_ENCAPS_TLSv11
Definition network.h:36
OPENVAS_ENCAPS_AUTO
@ OPENVAS_ENCAPS_AUTO
Definition network.h:30
openvas_encaps_t
enum openvas_encaps openvas_encaps_t
INSECURE_DH_PRIME_BITS
#define INSECURE_DH_PRIME_BITS
Definition network.h:49
NO_PRIORITY_FLAGS
#define NO_PRIORITY_FLAGS
Definition network.h:48
hostname
const char * hostname
Definition pluginlaunch.c:68
host_get_port_state
int host_get_port_state(struct script_infos *plugdata, int portnum)
Definition plugutils.c:193
plug_get_port_transport
int plug_get_port_transport(struct script_infos *args, int port)
Definition plugutils.c:1396
plug_current_vhost
const char * plug_current_vhost(void)
Definition plugutils.c:93
plug_set_port_transport
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition plugutils.c:1383
plug_get_host_fqdn
char * plug_get_host_fqdn(struct script_infos *args)
Definition plugutils.c:291
kb_item_push_str_with_main_kb_check
int kb_item_push_str_with_main_kb_check(kb_t kb, const char *name, const char *value)
Check if the current kb corresponds to the original scanid, if it matches it kb_item_push_str....
Definition plugutils.c:533
plug_get_host_ip_str
char * plug_get_host_ip_str(struct script_infos *desc)
Definition plugutils.c:377
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition plugutils.c:371
kb_item_set_int_with_main_kb_check
int kb_item_set_int_with_main_kb_check(kb_t kb, const char *name, int value)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_set_int....
Definition plugutils.c:609
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition plugutils.c:1157
plugutils.h
Header file for module plugutils.
csc_hook_s
Object to store a list of hooks for close_stream_connection.
Definition network.c:100
csc_hook_s::next
struct csc_hook_s * next
Definition network.c:101
csc_hook_s::fnc
int(* fnc)(int fd)
Definition network.c:102
openvas_connection
Definition network.c:63
openvas_connection::fd
int fd
Definition network.c:64
openvas_connection::bufcnt
int bufcnt
Definition network.c:81
openvas_connection::bufptr
int bufptr
Definition network.c:81
openvas_connection::timeout
int timeout
Definition network.c:71
openvas_connection::tls_session
gnutls_session_t tls_session
Definition network.c:75
openvas_connection::bufsz
int bufsz
Definition network.c:81
openvas_connection::priority
char * priority
Definition network.c:70
openvas_connection::last_err
int last_err
Definition network.c:82
openvas_connection::transport
openvas_encaps_t transport
Definition network.c:69
openvas_connection::tls_cred
gnutls_certificate_credentials_t tls_cred
Definition network.c:76
openvas_connection::port
int port
Definition network.c:73
openvas_connection::buf
char * buf
Definition network.c:80
openvas_connection::pid
pid_t pid
Definition network.c:78
script_infos
Definition scanneraux.h:29
script_infos::ip
struct in6_addr * ip
Definition scanneraux.h:37
script_infos::name
char * name
Definition scanneraux.h:35
support.h
Support macros for special platforms.