OpenVAS Scanner 23.40.3
network.h File Reference

Header file for module network. More...

#include "scanneraux.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <netinet/in.h>
#include <sys/select.h>
Include dependency graph for network.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define IS_ENCAPS_SSL(x)
#define NO_PRIORITY_FLAGS   0
#define INSECURE_DH_PRIME_BITS   (1 << 0)

Typedefs

typedef enum openvas_encaps openvas_encaps_t

Enumerations

enum  openvas_encaps {
  OPENVAS_ENCAPS_AUTO = 0 , OPENVAS_ENCAPS_IP , OPENVAS_ENCAPS_SSLv23 , OPENVAS_ENCAPS_SSLv2 ,
  OPENVAS_ENCAPS_SSLv3 , OPENVAS_ENCAPS_TLSv1 , OPENVAS_ENCAPS_TLSv11 , OPENVAS_ENCAPS_TLSv12 ,
  OPENVAS_ENCAPS_TLSv13 , OPENVAS_ENCAPS_TLScustom , OPENVAS_ENCAPS_MAX
}

Functions

int open_sock_tcp (struct script_infos *, unsigned int, int)
int open_sock_option (struct script_infos *, unsigned int, int, int, int)
int recv_line (int, char *, size_t)
 Reads a text from the socket stream into the argument buffer, always.
int nrecv (int, void *, int, int)
int socket_close (int)
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
unsigned short * getpts (char *, int *)
 Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
void open_stream_tls_default_priorities (const char *p, const int pflag)
int open_stream_connection (struct script_infos *, unsigned int, int, int)
int open_stream_connection_ext (struct script_infos *, unsigned int, int, int, const char *, int)
int open_stream_auto_encaps_ext (struct script_infos *, unsigned int port, int timeout, int force)
int write_stream_connection (int, void *buf, int n)
int read_stream_connection (int, void *, int)
int read_stream_connection_min (int, void *, int, int)
int nsend (int, void *, int, int)
void add_close_stream_connection_hook (int(*)(int))
 Register a hook function for close_stream_connection.
int close_stream_connection (int)
const char * get_encaps_name (openvas_encaps_t)
const char * get_encaps_through (openvas_encaps_t)
int open_sock_opt_hn (const char *, unsigned int, int, int, int)
int openvas_SSL_init (void)
 Initializes SSL support.
int stream_set_buffer (int, int)
int stream_get_buffer_sz (int)
int stream_get_err (int)
int openvas_register_connection (int s, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
int openvas_deregister_connection (int)
int openvas_get_socket_from_connection (int)
gnutls_session_t ovas_get_tlssession_from_connection (int)
int stream_zero (fd_set *)
int stream_set (int, fd_set *)
int os_send (int, void *, int, int)
int os_recv (int, void *, int, int)
int fd_is_stream (int)
int stream_set_timeout (int, int)
int socket_ssl_safe_renegotiation_status (int)
 Check if Secure Renegotiation is supported in the server side.
int socket_ssl_do_handshake (int)
 Do a re-handshake of the TLS/SSL protocol.
int socket_negotiate_ssl (int, openvas_encaps_t, struct script_infos *)
 Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.
void socket_get_cert (int, void **, int *)
int socket_get_ssl_version (int)
void socket_get_ssl_session_id (int, void **, size_t *)
int socket_get_ssl_compression (int)
int socket_get_ssl_ciphersuite (int)

Detailed Description

Header file for module network.

Definition in file network.h.

Macro Definition Documentation

◆ INSECURE_DH_PRIME_BITS

#define INSECURE_DH_PRIME_BITS   (1 << 0)

Definition at line 49 of file network.h.

Referenced by retry_stream_connection(), and set_gnutls_protocol().

◆ IS_ENCAPS_SSL

#define IS_ENCAPS_SSL ( x)
Value:
((x) >= OPENVAS_ENCAPS_SSLv23 && (x) <= OPENVAS_ENCAPS_TLScustom)
OPENVAS_ENCAPS_TLScustom
@ OPENVAS_ENCAPS_TLScustom
Definition network.h:39
OPENVAS_ENCAPS_SSLv23
@ OPENVAS_ENCAPS_SSLv23
Definition network.h:32

Definition at line 43 of file network.h.

43#define IS_ENCAPS_SSL(x) \
44 ((x) >= OPENVAS_ENCAPS_SSLv23 && (x) <= OPENVAS_ENCAPS_TLScustom)

Referenced by nasl_socket_negotiate_ssl(), and plugin_do_run().

◆ NO_PRIORITY_FLAGS

#define NO_PRIORITY_FLAGS   0

Definition at line 48 of file network.h.

Referenced by nasl_open_sock_tcp_bufsz(), retry_stream_connection(), and socket_negotiate_ssl().

Typedef Documentation

◆ openvas_encaps_t

typedef enum openvas_encaps openvas_encaps_t

Enumeration Type Documentation

◆ openvas_encaps

enum openvas_encaps
Enumerator
OPENVAS_ENCAPS_AUTO 
OPENVAS_ENCAPS_IP 
OPENVAS_ENCAPS_SSLv23 
OPENVAS_ENCAPS_SSLv2 
OPENVAS_ENCAPS_SSLv3 
OPENVAS_ENCAPS_TLSv1 
OPENVAS_ENCAPS_TLSv11 
OPENVAS_ENCAPS_TLSv12 
OPENVAS_ENCAPS_TLSv13 
OPENVAS_ENCAPS_TLScustom 
OPENVAS_ENCAPS_MAX 

Definition at line 28 of file network.h.

29{
30 OPENVAS_ENCAPS_AUTO = 0, /* Request auto detection. */
31 OPENVAS_ENCAPS_IP,
32 OPENVAS_ENCAPS_SSLv23, /* Ask for compatibility options */
33 OPENVAS_ENCAPS_SSLv2,
34 OPENVAS_ENCAPS_SSLv3,
35 OPENVAS_ENCAPS_TLSv1,
36 OPENVAS_ENCAPS_TLSv11,
37 OPENVAS_ENCAPS_TLSv12,
38 OPENVAS_ENCAPS_TLSv13,
39 OPENVAS_ENCAPS_TLScustom, /* SSL/TLS using custom priorities. */
40 OPENVAS_ENCAPS_MAX,
41} openvas_encaps_t;
OPENVAS_ENCAPS_SSLv3
@ OPENVAS_ENCAPS_SSLv3
Definition network.h:34
OPENVAS_ENCAPS_TLSv12
@ OPENVAS_ENCAPS_TLSv12
Definition network.h:37
OPENVAS_ENCAPS_TLSv1
@ OPENVAS_ENCAPS_TLSv1
Definition network.h:35
OPENVAS_ENCAPS_MAX
@ OPENVAS_ENCAPS_MAX
Definition network.h:40
OPENVAS_ENCAPS_IP
@ OPENVAS_ENCAPS_IP
Definition network.h:31
OPENVAS_ENCAPS_TLSv13
@ OPENVAS_ENCAPS_TLSv13
Definition network.h:38
OPENVAS_ENCAPS_SSLv2
@ OPENVAS_ENCAPS_SSLv2
Definition network.h:33
OPENVAS_ENCAPS_TLSv11
@ OPENVAS_ENCAPS_TLSv11
Definition network.h:36
OPENVAS_ENCAPS_AUTO
@ OPENVAS_ENCAPS_AUTO
Definition network.h:30
openvas_encaps_t
enum openvas_encaps openvas_encaps_t

Function Documentation

◆ add_close_stream_connection_hook()

void add_close_stream_connection_hook ( int(* fnc )(int fd))

Register a hook function for close_stream_connection.

The function adds the given hook function to the list of hooks to be run by close_stream_connection. These hooks are intended to test whether they need to close the stream them self. See argument to the hook function is the file descriptor of the stream. The hook shall return 0 if it has taken over control of that file descriptor. The same function is only aded once to the list of hooks.

Parameters
fncThe hook function. See above for details.

Definition at line 1666 of file network.c.

1667{
1668 struct csc_hook_s *hook;
1669
1670 for (hook = csc_hooks; hook; hook = hook->next)
1671 if (hook->fnc == fnc)
1672 return; /* Already added. */
1673
1674 hook = g_malloc0 (sizeof *hook);
1675 hook->fnc = fnc;
1676 hook->next = csc_hooks;
1677 csc_hooks = hook;
1678}
csc_hooks
static struct csc_hook_s * csc_hooks
Linked list of hooks to be run by close_stream_connection.
Definition network.c:108
csc_hook_s
Object to store a list of hooks for close_stream_connection.
Definition network.c:100
csc_hook_s::next
struct csc_hook_s * next
Definition network.c:101
csc_hook_s::fnc
int(* fnc)(int fd)
Definition network.c:102

References csc_hooks, csc_hook_s::fnc, and csc_hook_s::next.

Referenced by next_session_id().

Here is the caller graph for this function:

◆ close_stream_connection()

int close_stream_connection ( int fd)

Definition at line 1705 of file network.c.

1706{
1707 openvas_connection *fp;
1708 if (!OPENVAS_STREAM (fd))
1709 {
1710 errno = EINVAL;
1711 return -1;
1712 }
1713 fp = OVAS_CONNECTION_FROM_FD (fd);
1714 g_debug ("close_stream_connection TCP:%d (fd=%d)", fp->port, fd);
1715
1716 if (!OPENVAS_STREAM (fd)) /* Will never happen if debug is on! */
1717 {
1718 if (fd < 0 || fd > 1024)
1719 {
1720 errno = EINVAL;
1721 return -1;
1722 }
1723 shutdown (fd, 2);
1724 return socket_close (fd);
1725 }
1726 if (!run_csc_hooks (fd))
1727 return release_connection_fd (fd, 1);
1728 else
1729 return release_connection_fd (fd, 0);
1730}
OPENVAS_STREAM
#define OPENVAS_STREAM(x)
Definition network.c:113
socket_close
int socket_close(int soc)
Definition network.c:2142
run_csc_hooks
static int run_csc_hooks(int fd)
Run the hooks for close_stream_connection.
Definition network.c:1694
release_connection_fd
static int release_connection_fd(int fd, int already_closed)
Definition network.c:173
OVAS_CONNECTION_FROM_FD
#define OVAS_CONNECTION_FROM_FD(fd)
Definition network.c:119
openvas_connection
Definition network.c:63
openvas_connection::port
int port
Definition network.c:73

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, openvas_connection::port, release_connection_fd(), run_csc_hooks(), and socket_close().

Referenced by nasl_close_socket(), nasl_end_denial(), nasl_start_denial(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ fd_is_stream()

int fd_is_stream ( int fd)

Definition at line 2152 of file network.c.

2153{
2154 return OPENVAS_STREAM (fd); /* Should probably be smarter... */
2155}

References OPENVAS_STREAM.

Referenced by nasl_close_socket(), nasl_get_source_port(), nasl_recv(), nasl_recv_line(), nasl_send(), nasl_socket_get_error(), socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), socket_get_ssl_version(), socket_negotiate_ssl(), socket_ssl_do_handshake(), and socket_ssl_safe_renegotiation_status().

Here is the caller graph for this function:

◆ get_encaps_name()

const char * get_encaps_name ( openvas_encaps_t code)

Definition at line 1733 of file network.c.

1734{
1735 static char str[100];
1736 switch (code)
1737 {
1738 case OPENVAS_ENCAPS_AUTO:
1739 return "auto";
1740 case OPENVAS_ENCAPS_IP:
1741 return "IP";
1742 case OPENVAS_ENCAPS_SSLv2:
1743 return "SSLv2";
1744 case OPENVAS_ENCAPS_SSLv23:
1745 return "SSLv23";
1746 case OPENVAS_ENCAPS_SSLv3:
1747 return "SSLv3";
1748 case OPENVAS_ENCAPS_TLSv1:
1749 return "TLSv1";
1750 case OPENVAS_ENCAPS_TLSv11:
1751 return "TLSv11";
1752 case OPENVAS_ENCAPS_TLSv12:
1753 return "TLSv12";
1754 case OPENVAS_ENCAPS_TLSv13:
1755 return "TLSv13";
1756 case OPENVAS_ENCAPS_TLScustom:
1757 return "TLScustom";
1758 default:
1759 snprintf (str, sizeof (str), "[unknown transport layer - code %d (0x%x)]",
1760 code, code);
1761 return str;
1762 }
1763}
code
#define code

References code, OPENVAS_ENCAPS_AUTO, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by get_port_transport(), nasl_get_sock_info(), and plugin_do_run().

Here is the caller graph for this function:

◆ get_encaps_through()

const char * get_encaps_through ( openvas_encaps_t code)

Definition at line 1766 of file network.c.

1767{
1768 static char str[100];
1769 switch (code)
1770 {
1771 case OPENVAS_ENCAPS_IP:
1772 return "";
1773 case OPENVAS_ENCAPS_SSLv2:
1774 case OPENVAS_ENCAPS_SSLv23:
1775 case OPENVAS_ENCAPS_SSLv3:
1776 case OPENVAS_ENCAPS_TLSv1:
1777 case OPENVAS_ENCAPS_TLSv11:
1778 case OPENVAS_ENCAPS_TLSv12:
1779 case OPENVAS_ENCAPS_TLSv13:
1780 case OPENVAS_ENCAPS_TLScustom:
1781 return " through SSL/TLS";
1782 default:
1783 snprintf (str, sizeof (str),
1784 " through unknown transport layer - code %d (0x%x)", code,
1785 code);
1786 return str;
1787 }
1788}

References code, OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, and OPENVAS_ENCAPS_TLSv13.

Referenced by mark_acap_server(), mark_adsgone(), mark_avotus_mm_server(), mark_BitTorrent_server(), mark_citrix_server(), mark_dameware_server(), mark_dictd_server(), mark_direct_connect_hub(), mark_eggdrop_server(), mark_ens_server(), mark_exchg_routing_server(), mark_finger_server(), mark_fssniffer(), mark_ftp_server(), mark_fw1(), mark_giop_server(), mark_gnocatan_server(), mark_gnome14_server(), mark_http_proxy(), mark_http_server(), mark_imap_server(), mark_interscan_viruswall(), mark_ircxpro_admin_server(), mark_jabber_server(), mark_LISa_server(), mark_listserv_server(), mark_locked_adsubtract_server(), mark_lpd_server(), mark_lyskom_server(), mark_mon_server(), mark_nagiosd_server(), mark_nntp_server(), mark_ofa_express_server(), mark_pblocald_server(), mark_pbmaster_server(), mark_ph_server(), mark_pnsclient(), mark_pop3pw_server(), mark_ppp_daemon(), mark_psybnc(), mark_quicktime_streaming_server(), mark_remote_nc_server(), mark_rmserver(), mark_shoutcast_server(), mark_smppd_server(), mark_smtp_server(), mark_smux_server(), mark_snpp_server(), mark_spamd_server(), mark_stonegate_auth_server(), mark_sub7_server(), mark_tcpmux_server(), mark_teamspeak2_server(), mark_telnet_server(), mark_time_server(), mark_unknown_svc(), mark_upsmon_server(), mark_uucp_server(), mark_veritas_backup(), mark_vmware_auth(), mark_vtun_server(), mark_websm_server(), mark_whois_plus2_server(), and mark_zebra_server().

◆ get_sock_infos()

int get_sock_infos ( int sock,
int * r_transport,
void ** r_tls_session )

Definition at line 2256 of file network.c.

2257{
2258 openvas_connection *fp;
2259
2260 if (!OPENVAS_STREAM (sock))
2261 return ENOTSOCK;
2262 fp = &(connections[sock - OPENVAS_FD_OFF]);
2263
2264 *r_transport = fp->transport;
2265 *r_tls_session = fp->tls_session;
2266 return 0;
2267}
OPENVAS_FD_OFF
#define OPENVAS_FD_OFF
Definition network.c:92
connections
static openvas_connection connections[OPENVAS_FD_MAX]
Definition network.c:94
openvas_connection::tls_session
gnutls_session_t tls_session
Definition network.c:75
openvas_connection::transport
openvas_encaps_t transport
Definition network.c:69

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_get_sock_info(), and nasl_socket_cert_verify().

Here is the caller graph for this function:

◆ getpts()

unsigned short * getpts ( char * origexpr,
int * len )

Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

of port numbers

This function is (c) Fyodor fyodo.nosp@m.r@dh.nosp@m.p.com and was taken from his excellent and outstanding scanner Nmap See http://www.insecure.org/nmap/ for details about Nmap

Definition at line 2296 of file network.c.

2297{
2298 int exlen;
2299 char *p, *q;
2300 unsigned short *tmp, *ports;
2301 int i = 0, j = 0, start, end;
2302 char *expr;
2303 char *mem;
2304 char *s_start, *s_end;
2305 static unsigned short *last_ret = NULL;
2306 static char *last_expr = NULL;
2307 static int last_num;
2308
2309 expr = g_strdup (origexpr);
2310 exlen = strlen (origexpr);
2311 mem = expr;
2312
2313 if (last_expr != NULL)
2314 {
2315 if (strcmp (last_expr, expr) == 0)
2316 {
2317 if (len != NULL)
2318 *len = last_num;
2319 g_free (mem);
2320 return last_ret;
2321 }
2322 else
2323 {
2324 g_free (last_expr);
2325 last_expr = NULL;
2326 g_free (&last_ret);
2327 last_ret = NULL;
2328 }
2329 }
2330
2331 ports = g_malloc0 (65536 * sizeof (short));
2332 for (; j < exlen; j++)
2333 if (expr[j] != ' ')
2334 expr[i++] = expr[j];
2335 expr[i] = '\0';
2336
2337 if ((s_start = strstr (expr, "T:")) != NULL)
2338 expr = &(s_start[2]);
2339
2340 if ((s_end = strstr (expr, "U:")) != NULL)
2341 {
2342 if (s_end[-1] == ',')
2343 s_end--;
2344 s_end[0] = '\0';
2345 }
2346
2347 i = 0;
2348 while ((p = strchr (expr, ',')))
2349 {
2350 *p = '\0';
2351 if (*expr == '-')
2352 {
2353 start = 1;
2354 end = atoi (expr + 1);
2355 }
2356 else
2357 {
2358 start = end = atoi (expr);
2359 if ((q = strchr (expr, '-')) && *(q + 1))
2360 end = atoi (q + 1);
2361 else if (q && !*(q + 1))
2362 end = 65535;
2363 }
2364 if (start < 1)
2365 start = 1;
2366 if (start > end)
2367 {
2368 g_free (mem);
2369 g_free (ports);
2370 return NULL;
2371 }
2372 for (j = start; j <= end; j++)
2373 ports[i++] = j;
2374 expr = p + 1;
2375 }
2376 if (*expr == '-')
2377 {
2378 start = 1;
2379 end = atoi (expr + 1);
2380 }
2381 else
2382 {
2383 start = end = atoi (expr);
2384 if ((q = strchr (expr, '-')) && *(q + 1))
2385 end = atoi (q + 1);
2386 else if (q && !*(q + 1))
2387 end = 65535;
2388 }
2389 if (start < 1)
2390 start = 1;
2391 if (start > end)
2392 {
2393 g_free (mem);
2394 g_free (ports);
2395 return NULL;
2396 }
2397 for (j = start; j <= end; j++)
2398 ports[i++] = j;
2399 ports[i++] = 0;
2400
2401 qsort (ports, i, sizeof (u_short), qsort_compar);
2402 tmp = g_realloc (ports, i * sizeof (short));
2403 if (len != NULL)
2404 *len = i - 1;
2405 g_free (mem);
2406
2407 last_ret = tmp;
2408 last_expr = g_strdup (origexpr);
2409 last_num = i - 1;
2410 return tmp;
2411}
len
uint8_t len
Definition nasl_packet_forgery.c:1
qsort_compar
static int qsort_compar(const void *a, const void *b)
Definition network.c:2274

References len, and qsort_compar().

Referenced by nasl_scanner_get_port(), and scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nrecv()

int nrecv ( int fd,
void * data,
int length,
int i_opt )

Definition at line 1628 of file network.c.

1629{
1630 int e;
1631 if (OPENVAS_STREAM (fd))
1632 {
1633 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1634 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1635 else
1636 return read_stream_connection (fd, data, length);
1637 }
1638 /* Trying OS's recv()
1639 *
1640 * Do *NOT* use os_recv() here, as it will be blocking until the exact
1641 * amount of requested data arrives
1642 */
1643 block_socket (fd);
1644 do
1645 {
1646 e = recv (fd, data, length, i_opt);
1647 }
1648 while (e < 0 && errno == EINTR);
1649 return e;
1650}
length
u_short length
Definition nasl_packet_forgery.c:4
read_stream_connection
int read_stream_connection(int fd, void *buf0, int len)
Definition network.c:1457
block_socket
static int block_socket(int soc)
Definition network.c:303

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, and read_stream_connection().

Here is the call graph for this function:

◆ nsend()

int nsend ( int fd,
void * data,
int length,
int i_opt )

Definition at line 1589 of file network.c.

1590{
1591 int n = 0;
1592
1593 if (OPENVAS_STREAM (fd))
1594 {
1595 if (connections[fd - OPENVAS_FD_OFF].fd < 0)
1596 g_message ("OpenVAS file descriptor %d closed ?!", fd);
1597 else
1598 return write_stream_connection4 (fd, data, length, i_opt);
1599 }
1600 /* Trying OS's send() */
1601 block_socket (fd); /* ??? */
1602 do
1603 {
1604 struct timeval tv = {0, 5};
1605 fd_set wr;
1606 int e;
1607
1608 FD_ZERO (&wr);
1609 FD_SET (fd, &wr);
1610
1611 errno = 0;
1612 e = select (fd + 1, NULL, &wr, NULL, &tv);
1613 if (e > 0)
1614 n = os_send (fd, data, length, i_opt);
1615 else if (e < 0 && errno == EINTR)
1616 continue;
1617 else
1618 break;
1619 }
1620 while (n <= 0 && errno == EINTR);
1621 if (n < 0)
1622 g_message ("[%d] nsend():send %s", getpid (), strerror (errno));
1623
1624 return n;
1625}
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
write_stream_connection4
static int write_stream_connection4(int fd, void *buf0, int n, int i_opt)
Definition network.c:1463
os_send
int os_send(int soc, void *buf, int len, int opt)
Definition network.c:2216

References block_socket(), connections, length, OPENVAS_FD_OFF, OPENVAS_STREAM, os_send(), timeval(), and write_stream_connection4().

Referenced by nasl_end_denial(), and nasl_send().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_opt_hn()

int open_sock_opt_hn ( const char * hostname,
unsigned int port,
int type,
int protocol,
int timeout )

Definition at line 1890 of file network.c.

1892{
1893 struct sockaddr_in addr;
1894 struct sockaddr_in6 addr6;
1895 struct in6_addr in6addr;
1896
1897 gvm_resolve_as_addr6 (hostname, &in6addr);
1898 if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1899 {
1900 bzero ((void *) &addr, sizeof (addr));
1901 addr.sin_family = AF_INET;
1902 addr.sin_port = htons ((unsigned short) port);
1903 addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1904 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
1905 sizeof (struct sockaddr_in));
1906 }
1907 else
1908 {
1909 bzero ((void *) &addr6, sizeof (addr6));
1910 addr6.sin6_family = AF_INET6;
1911 addr6.sin6_port = htons ((unsigned short) port);
1912 memcpy (&addr6.sin6_addr, &in6addr, sizeof (struct in6_addr));
1913 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
1914 sizeof (struct sockaddr_in6));
1915 }
1916}
protocol
u_char protocol
Definition nasl_packet_forgery.c:3
open_socket
static int open_socket(struct sockaddr *paddr, int type, int protocol, int timeout, int len)
Definition network.c:1791
hostname
const char * hostname
Definition pluginlaunch.c:68

References hostname, open_socket(), and protocol.

Referenced by nasl_open_sock_kdc().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_option()

int open_sock_option ( struct script_infos * args,
unsigned int port,
int type,
int protocol,
int timeout )

Definition at line 1996 of file network.c.

1998{
1999 struct sockaddr_in addr;
2000 struct sockaddr_in6 addr6;
2001 struct in6_addr *t;
2002
2003 t = plug_get_host_ip (args);
2004 if (!t)
2005 {
2006 g_message ("ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
2007 return (-1);
2008 }
2009 if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
2010 return (-1);
2011 if (IN6_IS_ADDR_V4MAPPED (t))
2012 {
2013 bzero ((void *) &addr, sizeof (addr));
2014 addr.sin_family = AF_INET;
2015 addr.sin_port = htons ((unsigned short) port);
2016 addr.sin_addr.s_addr = t->s6_addr32[3];
2017 return open_socket ((struct sockaddr *) &addr, type, protocol, timeout,
2018 sizeof (struct sockaddr_in));
2019 }
2020 else
2021 {
2022 bzero ((void *) &addr6, sizeof (addr6));
2023 addr6.sin6_family = AF_INET6;
2024 addr6.sin6_port = htons ((unsigned short) port);
2025 memcpy (&addr6.sin6_addr, t, sizeof (struct in6_addr));
2026 return open_socket ((struct sockaddr *) &addr6, type, protocol, timeout,
2027 sizeof (struct sockaddr_in6));
2028 }
2029}
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition plugutils.c:371

References open_socket(), plug_get_host_ip(), and protocol.

Referenced by open_sock_tcp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_sock_tcp()

int open_sock_tcp ( struct script_infos * args,
unsigned int port,
int timeout )

Definition at line 1919 of file network.c.

1920{
1921 int ret, retry = 0;
1922 const char *timeout_retry;
1923
1924 timeout_retry = prefs_get ("timeout_retry");
1925 if (timeout_retry)
1926 retry = atoi (timeout_retry);
1927 if (retry < 0)
1928 retry = 0;
1929
1930 while (retry >= 0)
1931 {
1932 errno = 0;
1933 ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
1934 if (ret >= 0 || errno != ETIMEDOUT)
1935 break;
1936 retry--;
1937 }
1938 if (ret < 0 && errno == ETIMEDOUT)
1939 {
1940 int log_count, attempts = 0;
1941 char *ip_str = plug_get_host_ip_str (args), buffer[1024];
1942 kb_t kb = plug_get_kb (args);
1943 const char *max_attempts;
1944
1945 max_attempts = prefs_get ("open_sock_max_attempts");
1946 if (max_attempts)
1947 attempts = atoi (max_attempts);
1948 if (attempts < 0)
1949 attempts = 0;
1950
1951 g_snprintf (buffer, sizeof (buffer), "ConnectTimeout/%s/%d", ip_str,
1952 port);
1953 log_count = kb_item_get_int (kb, buffer);
1954 if (log_count == -1)
1955 log_count = 0;
1956 if (log_count < 3)
1957 {
1958 g_message ("open_sock_tcp: %s:%d time-out.", ip_str, port);
1959 }
1960 log_count++;
1961 kb_item_set_int_with_main_kb_check (kb, buffer, log_count);
1962 if ((log_count >= attempts) && (attempts != 0))
1963 {
1964 /* After some unsuccessfully attempts, the port is set to closed to
1965 * avoid new attempts from other plugins.
1966 */
1967 if (host_get_port_state (args, port) > 0)
1968 {
1969 char host_port_ip_str[INET6_ADDRSTRLEN];
1970
1971 addr6_to_str (args->ip, host_port_ip_str);
1972 g_snprintf (buffer, sizeof (buffer), "Ports/tcp/%d", port);
1973 g_message ("open_sock_tcp: %s:%d too many timeouts. "
1974 "This port will be set to closed.",
1975 host_port_ip_str, port);
1976 kb_item_set_int_with_main_kb_check (kb, buffer, 0);
1977
1978 snprintf (
1979 buffer, sizeof (buffer),
1980 "ERRMSG|||%s|||%s|||%d/tcp||| |||Too many timeouts. The port"
1981 " was set to closed.",
1982 host_port_ip_str,
1983 plug_current_vhost () ? plug_current_vhost () : " ", port);
1984
1985 kb_item_push_str_with_main_kb_check (get_main_kb (),
1986 "internal/results", buffer);
1987 }
1988 }
1989 g_free (ip_str);
1990 }
1991
1992 return ret;
1993}
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition kb_cache.c:41
open_sock_option
int open_sock_option(struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
Definition network.c:1996
host_get_port_state
int host_get_port_state(struct script_infos *plugdata, int portnum)
Definition plugutils.c:193
plug_current_vhost
const char * plug_current_vhost(void)
Definition plugutils.c:93
kb_item_push_str_with_main_kb_check
int kb_item_push_str_with_main_kb_check(kb_t kb, const char *name, const char *value)
Check if the current kb corresponds to the original scanid, if it matches it kb_item_push_str....
Definition plugutils.c:533
plug_get_host_ip_str
char * plug_get_host_ip_str(struct script_infos *desc)
Definition plugutils.c:377
kb_item_set_int_with_main_kb_check
int kb_item_set_int_with_main_kb_check(kb_t kb, const char *name, int value)
Check if the current kb corresponds to the original scanid, if it matches it call kb_item_set_int....
Definition plugutils.c:609
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition plugutils.c:1157
script_infos::ip
struct in6_addr * ip
Definition scanneraux.h:37

References get_main_kb(), host_get_port_state(), script_infos::ip, kb_item_push_str_with_main_kb_check(), kb_item_set_int_with_main_kb_check(), open_sock_option(), plug_current_vhost(), plug_get_host_ip_str(), and plug_get_kb().

Referenced by open_stream_connection_ext().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_auto_encaps_ext()

int open_stream_auto_encaps_ext ( struct script_infos * args,
unsigned int port,
int timeout,
int force )

Definition at line 1185 of file network.c.

1187{
1188 int fd, transport;
1189
1190 if (force)
1191 {
1192 /* Try SSL/TLS first */
1193 transport = OPENVAS_ENCAPS_TLScustom;
1194 fd = open_stream_connection (args, port, transport, timeout);
1195 if (fd < 0)
1196 {
1197 transport = OPENVAS_ENCAPS_IP;
1198 fd = open_stream_connection (args, port, OPENVAS_ENCAPS_IP, timeout);
1199 if (fd < 0)
1200 return -1;
1201 }
1202 /* Store that encapsulation mode in the KB. */
1203 plug_set_port_transport (args, port, transport);
1204 return fd;
1205 }
1206 else
1207 {
1208 transport = plug_get_port_transport (args, port);
1209 fd = open_stream_connection (args, port, transport, timeout);
1210 return fd;
1211 }
1212 /*NOTREACHED*/
1213}
open_stream_connection
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition network.c:1175
plug_get_port_transport
int plug_get_port_transport(struct script_infos *args, int port)
Definition plugutils.c:1396
plug_set_port_transport
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition plugutils.c:1383

References open_stream_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_TLScustom, plug_get_port_transport(), and plug_set_port_transport().

Referenced by nasl_open_sock_tcp_bufsz().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection()

int open_stream_connection ( struct script_infos * args,
unsigned int port,
int transport,
int timeout )

Definition at line 1175 of file network.c.

1177{
1178 return open_stream_connection_ext (args, port, transport, timeout,
1179 tls_priorities, tls_priority_flag);
1180}
open_stream_connection_ext
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
Definition network.c:1046
tls_priorities
const char * tls_priorities
Definition network.c:146
tls_priority_flag
int tls_priority_flag
Definition network.c:147

References open_stream_connection_ext(), tls_priorities, and tls_priority_flag.

Referenced by nasl_end_denial(), nasl_start_denial(), open_stream_auto_encaps_ext(), plugin_do_run(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_connection_ext()

int open_stream_connection_ext ( struct script_infos * args,
unsigned int port,
int transport,
int timeout,
const char * priority,
int flags )

Definition at line 1046 of file network.c.

1049{
1050 int fd, ret;
1051 openvas_connection *fp;
1052 char *cert = NULL;
1053 char *key = NULL;
1054 char *passwd = NULL;
1055 char *cafile = NULL;
1056 char *hostname = NULL;
1057 char *hostname_aux = NULL;
1058
1059 /* Because plug_get_host_fqdn() forks for each vhost, we fork() before
1060 creating the socket */
1061 hostname_aux = plug_get_host_fqdn (args);
1062
1063 if (!priority)
1064 priority = ""; /* To us an empty string is equivalent to NULL. */
1065
1066 g_debug ("[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
1067 " priority: '%s'",
1068 getpid (), port, transport, timeout, priority);
1069
1070 if (timeout == -2)
1071 timeout = TIMEOUT;
1072
1073 ret = -1;
1074 switch (transport)
1075 {
1076 case OPENVAS_ENCAPS_IP:
1077
1078 case OPENVAS_ENCAPS_SSLv23:
1079 case OPENVAS_ENCAPS_SSLv3:
1080 case OPENVAS_ENCAPS_TLSv1:
1081 case OPENVAS_ENCAPS_TLSv11:
1082 case OPENVAS_ENCAPS_TLSv12:
1083 case OPENVAS_ENCAPS_TLSv13:
1084 case OPENVAS_ENCAPS_TLScustom:
1085 case OPENVAS_ENCAPS_SSLv2:
1086 break;
1087
1088 default:
1089 g_message ("open_stream_connection_ext(): unsupported transport"
1090 " layer %d passed by %s",
1091 transport, args->name);
1092 errno = EINVAL;
1093
1094 g_free (hostname_aux);
1095 return ret;
1096 }
1097
1098 if ((fd = get_connection_fd ()) < 0)
1099 {
1100 g_free (hostname_aux);
1101 return ret;
1102 }
1103 fp = OVAS_CONNECTION_FROM_FD (fd);
1104
1105 fp->transport = transport;
1106 g_free (fp->priority);
1107 if (*priority)
1108 fp->priority = g_strdup (priority);
1109 else
1110 fp->priority = NULL;
1111 fp->timeout = timeout;
1112 fp->port = port;
1113 fp->last_err = 0;
1114
1115 fp->fd = open_sock_tcp (args, port, timeout);
1116 if (fp->fd < 0)
1117 goto failed;
1118
1119 kb_t kb = plug_get_kb (args);
1120 switch (transport)
1121 {
1122 char buf[1024];
1123
1124 case OPENVAS_ENCAPS_IP:
1125 break;
1126 case OPENVAS_ENCAPS_SSLv23:
1127 case OPENVAS_ENCAPS_SSLv3:
1128 case OPENVAS_ENCAPS_TLSv1:
1129 case OPENVAS_ENCAPS_TLSv11:
1130 case OPENVAS_ENCAPS_TLSv12:
1131 case OPENVAS_ENCAPS_TLSv13:
1132 case OPENVAS_ENCAPS_TLScustom:
1133 cert = kb_item_get_str (kb, "SSL/cert");
1134 key = kb_item_get_str (kb, "SSL/key");
1135 passwd = kb_item_get_str (kb, "SSL/password");
1136
1137 cafile = kb_item_get_str (kb, "SSL/CA");
1138
1139 /* fall through */
1140
1141 case OPENVAS_ENCAPS_SSLv2:
1142 /* We do not need a client certificate in this case */
1143 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
1144 if (kb_item_get_int (kb, buf) <= 0)
1145 hostname = hostname_aux;
1146
1147 ret =
1148 open_SSL_connection (fp, cert, key, passwd, cafile, hostname, flags);
1149 g_free (cert);
1150 g_free (key);
1151 g_free (passwd);
1152 g_free (cafile);
1153 if (ret <= 0)
1154 goto failed;
1155 break;
1156 }
1157
1158 g_free (hostname_aux);
1159
1160 return fd;
1161
1162failed:
1163 release_connection_fd (fd, 0);
1164 return ret;
1165}
TIMEOUT
#define TIMEOUT
Definition network.c:45
get_connection_fd
static int get_connection_fd(void)
Returns a free file descriptor.
Definition network.c:153
open_sock_tcp
int open_sock_tcp(struct script_infos *args, unsigned int port, int timeout)
Definition network.c:1919
open_SSL_connection
static int open_SSL_connection(openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
Open an TLS/SSL connection.
Definition network.c:580
plug_get_host_fqdn
char * plug_get_host_fqdn(struct script_infos *args)
Definition plugutils.c:291
openvas_connection::fd
int fd
Definition network.c:64
openvas_connection::timeout
int timeout
Definition network.c:71
openvas_connection::priority
char * priority
Definition network.c:70
openvas_connection::last_err
int last_err
Definition network.c:82
script_infos::name
char * name
Definition scanneraux.h:35

References openvas_connection::fd, get_connection_fd(), hostname, openvas_connection::last_err, script_infos::name, open_sock_tcp(), open_SSL_connection(), OPENVAS_ENCAPS_IP, OPENVAS_ENCAPS_SSLv2, OPENVAS_ENCAPS_SSLv23, OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLScustom, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), TIMEOUT, openvas_connection::timeout, and openvas_connection::transport.

Referenced by nasl_open_sock_tcp_bufsz(), open_stream_connection(), and retry_stream_connection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ open_stream_tls_default_priorities()

void open_stream_tls_default_priorities ( const char * p,
const int pflag )

Definition at line 1168 of file network.c.

1169{
1170 tls_priorities = p;
1171 tls_priority_flag = pflag;
1172}

References tls_priorities, and tls_priority_flag.

Referenced by retry_stream_connection().

Here is the caller graph for this function:

◆ openvas_deregister_connection()

int openvas_deregister_connection ( int fd)

Definition at line 259 of file network.c.

260{
261 openvas_connection *p;
262 if (!OPENVAS_STREAM (fd))
263 {
264 errno = EINVAL;
265 return -1;
266 }
267
268 p = connections + (fd - OPENVAS_FD_OFF);
269 /* Fixme: Code duplicated from release_connection_fd. Check usage
270 of this function make sure that TLS stuff is also released in
271 case it is used here. */
272 g_free (p->priority);
273 p->priority = NULL;
274 bzero (p, sizeof (*p));
275 p->transport = -1;
276 return 0;
277}

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, openvas_connection::priority, and openvas_connection::transport.

◆ openvas_get_socket_from_connection()

int openvas_get_socket_from_connection ( int fd)

Definition at line 357 of file network.c.

358{
359 openvas_connection *fp;
360
361 if (!OPENVAS_STREAM (fd))
362 {
363 g_message ("[%d] openvas_get_socket_from_connection: bad fd <%d>",
364 getpid (), fd);
365 return fd;
366 }
367 fp = connections + (fd - OPENVAS_FD_OFF);
368 if (fp->transport <= 0)
369 {
370 g_message ("openvas_get_socket_from_connection: fd <%d> is closed", fd);
371 return -1;
372 }
373 return fp->fd;
374}

References connections, openvas_connection::fd, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::transport.

Referenced by nasl_get_source_port(), nasl_ssh_connect(), and plugin_do_run().

Here is the caller graph for this function:

◆ openvas_register_connection()

int openvas_register_connection ( int soc,
void * ssl,
gnutls_certificate_credentials_t certcred,
openvas_encaps_t encaps )
Todo
TLS FIXME: migrate this to TLS
Todo
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.

Definition at line 234 of file network.c.

237{
238 int fd;
239 openvas_connection *p;
240
241 if ((fd = get_connection_fd ()) < 0)
242 return -1;
243 p = OVAS_CONNECTION_FROM_FD (fd);
244
245 p->tls_session = ssl;
246 p->tls_cred = certcred;
247
248 p->timeout = TIMEOUT; /* default value */
249 p->port = 0; /* just used for debug */
250 p->fd = soc;
251 p->transport = encaps;
252 p->priority = NULL;
253 p->last_err = 0;
254
255 return fd;
256}
openvas_connection::tls_cred
gnutls_certificate_credentials_t tls_cred
Definition network.c:76

References openvas_connection::fd, get_connection_fd(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, openvas_connection::port, openvas_connection::priority, TIMEOUT, openvas_connection::timeout, openvas_connection::tls_cred, openvas_connection::tls_session, and openvas_connection::transport.

Referenced by nasl_open_privileged_socket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas_SSL_init()

int openvas_SSL_init ( void )

Initializes SSL support.

Definition at line 341 of file network.c.

342{
343 gnutls_global_set_log_level (2);
344 gnutls_global_set_log_function (log_message_gnutls);
345
346 int ret = gnutls_global_init ();
347 if (ret < 0)
348 {
349 tlserror ("gnutls_global_init", ret);
350 return -1;
351 }
352
353 return 0;
354}
tlserror
static void tlserror(char *txt, int err)
Definition network.c:326
log_message_gnutls
static void log_message_gnutls(int level, const char *msg)
Definition network.c:332

References log_message_gnutls(), and tlserror().

Referenced by check_tls(), and main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ os_recv()

int os_recv ( int soc,
void * buf,
int len,
int opt )

Definition at line 2235 of file network.c.

2236{
2237 char *buf0 = (char *) buf;
2238 int e, n;
2239 for (n = 0; n < len;)
2240 {
2241 errno = 0;
2242 e = recv (soc, buf0 + n, len - n, opt);
2243 if (e < 0 && errno == EINTR)
2244 continue;
2245 else if (e <= 0)
2246 return -1;
2247 else
2248 n += e;
2249 }
2250 return n;
2251}

References len.

◆ os_send()

int os_send ( int soc,
void * buf,
int len,
int opt )

Definition at line 2216 of file network.c.

2217{
2218 char *buf0 = (char *) buf;
2219 int e, n;
2220 for (n = 0; n < len;)
2221 {
2222 errno = 0;
2223 e = send (soc, buf0 + n, len - n, opt);
2224 if (e < 0 && errno == EINTR)
2225 continue;
2226 else if (e <= 0)
2227 return -1;
2228 else
2229 n += e;
2230 }
2231 return n;
2232}

References len.

Referenced by nsend().

Here is the caller graph for this function:

◆ ovas_get_tlssession_from_connection()

gnutls_session_t ovas_get_tlssession_from_connection ( int fd)

Definition at line 377 of file network.c.

378{
379 openvas_connection *fp;
380
381 if (!OPENVAS_STREAM (fd))
382 return NULL;
383
384 fp = connections + (fd - OPENVAS_FD_OFF);
385 return fp->tls_session;
386}

References connections, OPENVAS_FD_OFF, OPENVAS_STREAM, and openvas_connection::tls_session.

Referenced by socket_get_cert(), socket_get_ssl_ciphersuite(), socket_get_ssl_session_id(), and socket_get_ssl_version().

Here is the caller graph for this function:

◆ read_stream_connection()

int read_stream_connection ( int fd,
void * buf0,
int len )

Definition at line 1457 of file network.c.

1458{
1459 return read_stream_connection_min (fd, buf0, -1, len);
1460}
read_stream_connection_min
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition network.c:1397

References len, and read_stream_connection_min().

Referenced by nasl_telnet_init(), nrecv(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_stream_connection_min()

int read_stream_connection_min ( int fd,
void * buf0,
int min_len,
int max_len )

Definition at line 1397 of file network.c.

1398{
1399 openvas_connection *fp;
1400
1401 if (OPENVAS_STREAM (fd))
1402 {
1403 fp = OVAS_CONNECTION_FROM_FD (fd);
1404 if (fp->buf != NULL)
1405 {
1406 int l1, l2;
1407
1408 if (max_len == 1)
1409 min_len = 1; /* avoid "magic read" later */
1410 l2 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1411 if (l2 > 0)
1412 {
1413 memcpy (buf0, fp->buf + fp->bufptr, l2);
1414 fp->bufcnt -= l2;
1415 if (fp->bufcnt == 0)
1416 {
1417 fp->bufptr = 0;
1418 fp->buf[0] = '\0'; /* debug */
1419 }
1420 else
1421 fp->bufptr += l2;
1422 if (l2 >= min_len || l2 >= max_len)
1423 return l2;
1424 max_len -= l2;
1425 min_len -= l2;
1426 }
1427 if (min_len > fp->bufsz)
1428 {
1429 l1 = read_stream_connection_unbuffered (fd, (char *) buf0 + l2,
1430 min_len, max_len);
1431 if (l1 > 0)
1432 return l1 + l2;
1433 else
1434 return l2;
1435 }
1436 /* Fill buffer */
1437 l1 =
1438 read_stream_connection_unbuffered (fd, fp->buf, min_len, fp->bufsz);
1439 if (l1 <= 0)
1440 return l2;
1441
1442 fp->bufcnt = l1;
1443 l1 = max_len > fp->bufcnt ? fp->bufcnt : max_len;
1444 memcpy ((char *) buf0 + l2, fp->buf + fp->bufptr, l1);
1445 fp->bufcnt -= l1;
1446 if (fp->bufcnt == 0)
1447 fp->bufptr = 0;
1448 else
1449 fp->bufptr += l1;
1450 return l1 + l2;
1451 }
1452 }
1453 return read_stream_connection_unbuffered (fd, buf0, min_len, max_len);
1454}
read_stream_connection_unbuffered
static int read_stream_connection_unbuffered(int fd, void *buf0, int min_len, int max_len)
Definition network.c:1232
openvas_connection::bufcnt
int bufcnt
Definition network.c:81
openvas_connection::bufptr
int bufptr
Definition network.c:81
openvas_connection::bufsz
int bufsz
Definition network.c:81
openvas_connection::buf
char * buf
Definition network.c:80

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and read_stream_connection_unbuffered().

Referenced by nasl_recv(), nasl_recv_line(), nasl_telnet_init(), plugin_do_run(), read_stream_connection(), and recv_line().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ recv_line()

int recv_line ( int soc,
char * buf,
size_t bufsiz )

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.

Definition at line 2040 of file network.c.

2041{
2042 int n;
2043 unsigned int ret = 0;
2044
2045 /* Dirty SSL hack */
2046 if (OPENVAS_STREAM (soc))
2047 {
2048 buf[0] = '\0';
2049
2050 do
2051 {
2052 n = read_stream_connection_min (soc, buf + ret, 1, 1);
2053 switch (n)
2054 {
2055 case -1:
2056 if (ret == 0)
2057 return -1;
2058 else
2059 return ret;
2060 break;
2061
2062 case 0:
2063 return ret;
2064 break;
2065
2066 default:
2067 ret++;
2068 }
2069 }
2070 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2071
2072 if (ret > 0)
2073 {
2074 if (buf[ret - 1] != '\0')
2075 {
2076 if (ret < bufsiz)
2077 buf[ret] = '\0';
2078 else
2079 buf[bufsiz - 1] = '\0';
2080 }
2081 }
2082
2083 return ret;
2084 }
2085 else
2086 {
2087 fd_set rd;
2088
2089 do
2090 {
2091 int e;
2092 again:
2093 errno = 0;
2094 FD_ZERO (&rd);
2095 FD_SET (soc, &rd);
2096 e = select (soc + 1, &rd, NULL, NULL, NULL);
2097 if (e == 0 && !FD_ISSET (soc, &rd))
2098 return -1;
2099 if (e < 0 && errno == EINTR)
2100 goto again;
2101 if (e > 0)
2102 {
2103 n = recv (soc, buf + ret, 1, 0);
2104 switch (n)
2105 {
2106 case -1:
2107 if (errno == EINTR)
2108 continue;
2109 if (ret == 0)
2110 return -1;
2111 else
2112 return ret;
2113 break;
2114 case 0:
2115 return ret;
2116 break;
2117 default:
2118 ret++;
2119 }
2120 }
2121 else
2122 break;
2123 }
2124 while (buf[ret - 1] != '\0' && buf[ret - 1] != '\n' && ret < bufsiz);
2125
2126 if (ret > 0)
2127 {
2128 if (buf[ret - 1] != '\0')
2129 {
2130 if (ret < bufsiz)
2131 buf[ret] = '\0';
2132 else
2133 buf[bufsiz - 1] = '\0';
2134 }
2135 }
2136 }
2137
2138 return ret;
2139}

References OPENVAS_STREAM, and read_stream_connection_min().

Referenced by ftp_get_pasv_address(), and ftp_log_in().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_close()

int socket_close ( int soc)

Definition at line 2142 of file network.c.

2143{
2144 return close (soc);
2145}

Referenced by close_stream_connection(), open_socket(), and release_connection_fd().

Here is the caller graph for this function:

◆ socket_get_cert()

void socket_get_cert ( int fd,
void ** cert,
int * certlen )

Definition at line 887 of file network.c.

888{
889 gnutls_session_t session;
890 const gnutls_datum_t *cert_list;
891 unsigned int cert_list_len = 0;
892
893 if (!cert || !certlen)
894 return;
895 if (!fd_is_stream (fd))
896 {
897 g_message ("Socket %d is not stream", fd);
898 return;
899 }
900 session = ovas_get_tlssession_from_connection (fd);
901 if (!session)
902 {
903 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
904 return;
905 }
906 if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
907 return;
908 cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
909 if (cert_list_len == 0)
910 return;
911 *certlen = cert_list[0].size;
912 *cert = g_memdup2 (cert_list[0].data, *certlen);
913}
fd_is_stream
int fd_is_stream(int fd)
Definition network.c:2152
ovas_get_tlssession_from_connection
gnutls_session_t ovas_get_tlssession_from_connection(int fd)
Definition network.c:377

References fd_is_stream(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_cert().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_ciphersuite()

int socket_get_ssl_ciphersuite ( int fd)

Definition at line 1006 of file network.c.

1007{
1008 gnutls_session_t session;
1009 gnutls_kx_algorithm_t kx, kx2;
1010 gnutls_cipher_algorithm_t cipher, cipher2;
1011 gnutls_mac_algorithm_t mac, mac2;
1012 size_t idx = 0;
1013 unsigned char cs_id[2];
1014
1015 if (!fd_is_stream (fd))
1016 {
1017 g_message ("Socket %d is not stream", fd);
1018 return -1;
1019 }
1020 session = ovas_get_tlssession_from_connection (fd);
1021 if (!session)
1022 {
1023 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
1024 return -1;
1025 }
1026
1027 kx = gnutls_kx_get (session);
1028 cipher = gnutls_cipher_get (session);
1029 mac = gnutls_mac_get (session);
1030 while (
1031 gnutls_cipher_suite_info (idx, (void *) cs_id, &kx2, &cipher2, &mac2, NULL))
1032 {
1033 if (kx == kx2 && cipher == cipher2 && mac == mac2)
1034 return cs_id[0] + cs_id[1];
1035 idx++;
1036 }
1037 return -1;
1038}
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition nasl_crypt_helper.c:97

References fd_is_stream(), mac(), and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_ciphersuite().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_compression()

int socket_get_ssl_compression ( int )

◆ socket_get_ssl_session_id()

void socket_get_ssl_session_id ( int fd,
void ** sid,
size_t * ssize )

Definition at line 966 of file network.c.

967{
968 gnutls_session_t session;
969 void *tmp;
970 *ssize = GNUTLS_MAX_SESSION_ID;
971 int ret;
972
973 if (!sid)
974 return;
975 if (!fd_is_stream (fd))
976 {
977 g_message ("Socket %d is not stream", fd);
978 return;
979 }
980 session = ovas_get_tlssession_from_connection (fd);
981 if (!session)
982 {
983 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
984 return;
985 }
986 tmp = g_malloc0 (*ssize);
987 ret = gnutls_session_get_id (session, tmp, ssize);
988 if (ret == GNUTLS_E_SUCCESS)
989 *sid = tmp;
990 else
991 {
992 g_free (tmp);
993 *ssize = 0;
994 tlserror ("gnutls_session_id", ret);
995 }
996}

References fd_is_stream(), ovas_get_tlssession_from_connection(), and tlserror().

Referenced by nasl_socket_get_ssl_session_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_get_ssl_version()

int socket_get_ssl_version ( int fd)

Definition at line 923 of file network.c.

924{
925 gnutls_session_t session;
926 gnutls_protocol_t version;
927
928 if (!fd_is_stream (fd))
929 {
930 g_message ("Socket %d is not stream", fd);
931 return -1;
932 }
933 session = ovas_get_tlssession_from_connection (fd);
934 if (!session)
935 {
936 g_message ("Socket %d is not SSL/TLS encapsulated", fd);
937 return -1;
938 }
939
940 version = gnutls_protocol_get_version (session);
941 switch (version)
942 {
943 case GNUTLS_SSL3:
944 return OPENVAS_ENCAPS_SSLv3;
945 case GNUTLS_TLS1:
946 return OPENVAS_ENCAPS_TLSv1;
947 case GNUTLS_TLS1_1:
948 return OPENVAS_ENCAPS_TLSv11;
949 case GNUTLS_TLS1_2:
950 return OPENVAS_ENCAPS_TLSv12;
951 case GNUTLS_TLS1_3:
952 return OPENVAS_ENCAPS_TLSv13;
953 default:
954 return -1;
955 }
956}

References fd_is_stream(), OPENVAS_ENCAPS_SSLv3, OPENVAS_ENCAPS_TLSv1, OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12, OPENVAS_ENCAPS_TLSv13, and ovas_get_tlssession_from_connection().

Referenced by nasl_socket_get_ssl_version().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_negotiate_ssl()

int socket_negotiate_ssl ( int fd,
openvas_encaps_t transport,
struct script_infos * args )

Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.

Parameters
[in]fdSocket file descriptor.
[in]transportEncapsulation type.
[in]argScript args.
Returns
-1 if error, socket file descriptor value otherwise.

Definition at line 820 of file network.c.

822{
823 char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
824 char *hostname = NULL;
825 openvas_connection *fp;
826 kb_t kb;
827 char buf[1024];
828 static gboolean connection_failed_msg_sent = FALSE; // send msg only once
829
830 if (!fd_is_stream (fd))
831 {
832 g_message ("Socket %d is not stream", fd);
833 return -1;
834 }
835 fp = OVAS_CONNECTION_FROM_FD (fd);
836 kb = plug_get_kb (args);
837 cert = kb_item_get_str (kb, "SSL/cert");
838 key = kb_item_get_str (kb, "SSL/key");
839 passwd = kb_item_get_str (kb, "SSL/password");
840 cafile = kb_item_get_str (kb, "SSL/CA");
841 snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
842 if (kb_item_get_int (kb, buf) <= 0)
843 hostname = plug_get_host_fqdn (args);
844
845 fp->transport = transport;
846 fp->priority = NULL;
847 if (open_SSL_connection (fp, cert, key, passwd, cafile, hostname,
848 NO_PRIORITY_FLAGS)
849 <= 0)
850 {
851 g_free (cert);
852 g_free (key);
853 g_free (passwd);
854 g_free (cafile);
855 if (!connection_failed_msg_sent)
856 {
857 g_message ("Function socket_negotiate_ssl called from %s: "
858 "SSL/TLS connection (host: %s, ip: %s) failed.",
859 nasl_get_plugin_filename (),
860 plug_get_host_fqdn (args) ? plug_get_host_fqdn (args)
861 : "unknown",
862 plug_get_host_ip_str (args) ? plug_get_host_ip_str (args)
863 : "unknown");
864 connection_failed_msg_sent = TRUE;
865 }
866 g_free (hostname);
867 release_connection_fd (fd, 0);
868 return -1;
869 }
870 g_free (hostname);
871 g_free (cert);
872 g_free (key);
873 g_free (passwd);
874 g_free (cafile);
875 return fd;
876}
nasl_get_plugin_filename
const char * nasl_get_plugin_filename()
Get the current launched plugin filename.
Definition nasl_debug.c:36
NO_PRIORITY_FLAGS
#define NO_PRIORITY_FLAGS
Definition network.h:48

References fd_is_stream(), hostname, nasl_get_plugin_filename(), NO_PRIORITY_FLAGS, open_SSL_connection(), OVAS_CONNECTION_FROM_FD, plug_get_host_fqdn(), plug_get_host_ip_str(), plug_get_kb(), openvas_connection::port, openvas_connection::priority, release_connection_fd(), and openvas_connection::transport.

Referenced by nasl_socket_negotiate_ssl().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_do_handshake()

int socket_ssl_do_handshake ( int fd)

Do a re-handshake of the TLS/SSL protocol.

Parameters
[in]fdSocket file descriptor.
Returns
1 on success, less than 0 on failure or error.

Definition at line 737 of file network.c.

738{
739 int err, d, ret;
740 openvas_connection *fp;
741 time_t tictac;
742 fd_set fdw, fdr;
743 struct timeval to;
744
745 if (!fd_is_stream (fd))
746 {
747 g_message ("%s: Socket %d is not stream", __func__, fd);
748 return -1;
749 }
750 fp = OVAS_CONNECTION_FROM_FD (fd);
751
752 tictac = time (NULL);
753
754 for (;;)
755 {
756 err = gnutls_handshake (fp->tls_session);
757
758 if (err == 0)
759 {
760 g_debug ("no error during handshake");
761 return 1;
762 }
763 if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
764 && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
765 {
766 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
767 return -1;
768 }
769 else if (err == GNUTLS_E_WARNING_ALERT_RECEIVED)
770 {
771 int last_alert;
772
773 last_alert = gnutls_alert_get (fp->tls_session);
774 g_debug ("[%d] %s: %s", getpid (), __func__, gnutls_strerror (err));
775
776 g_debug ("* Received alert '%d': %s.\n", last_alert,
777 gnutls_alert_get_name (last_alert));
778 return err;
779 }
780 FD_ZERO (&fdr);
781 FD_SET (fp->fd, &fdr);
782 FD_ZERO (&fdw);
783 FD_SET (fp->fd, &fdw);
784
785 do
786 {
787 d = tictac + fp->timeout - time (NULL);
788 if (d <= 0)
789 {
790 fp->last_err = ETIMEDOUT;
791 g_debug ("%s: time out", __func__);
792 return -1;
793 }
794 to.tv_sec = d;
795 to.tv_usec = 0;
796 errno = 0;
797 if ((ret = select (fp->fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
798 pid_perror ("select");
799 }
800 while (ret < 0 && errno == EINTR);
801
802 if (ret <= 0)
803 {
804 fp->last_err = ETIMEDOUT;
805 g_debug ("%s: time out", __func__);
806 return -1;
807 }
808 }
809}
pid_perror
static int pid_perror(const char *error)
Definition network.c:125

References openvas_connection::fd, fd_is_stream(), openvas_connection::last_err, OVAS_CONNECTION_FROM_FD, pid_perror(), openvas_connection::timeout, timeval(), and openvas_connection::tls_session.

Referenced by nasl_socket_ssl_do_handshake().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ socket_ssl_safe_renegotiation_status()

int socket_ssl_safe_renegotiation_status ( int fd)

Check if Secure Renegotiation is supported in the server side.

Parameters
[in]fdSocket file descriptor.
Returns
1 if supported, 0 if not supported and less than 0 on error.

Definition at line 716 of file network.c.

717{
718 openvas_connection *fp;
719
720 if (!fd_is_stream (fd))
721 {
722 g_message ("%s: Socket %d is not stream", __func__, fd);
723 return -1;
724 }
725 fp = OVAS_CONNECTION_FROM_FD (fd);
726
727 return gnutls_safe_renegotiation_status (fp->tls_session);
728}

References fd_is_stream(), OVAS_CONNECTION_FROM_FD, and openvas_connection::tls_session.

Referenced by nasl_socket_check_ssl_safe_renegotiation().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stream_get_buffer_sz()

int stream_get_buffer_sz ( int fd)

Definition at line 2158 of file network.c.

2159{
2160 openvas_connection *p;
2161 if (!OPENVAS_STREAM (fd))
2162 return -1;
2163 p = OVAS_CONNECTION_FROM_FD (fd);
2164 return p->bufsz;
2165}

References openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_recv_line().

Here is the caller graph for this function:

◆ stream_get_err()

int stream_get_err ( int fd)

Definition at line 132 of file network.c.

133{
134 openvas_connection *p;
135
136 if (!OPENVAS_STREAM (fd))
137 {
138 errno = EINVAL;
139 return -1;
140 }
141
142 p = OVAS_CONNECTION_FROM_FD (fd);
143 return p->last_err;
144}

References openvas_connection::last_err, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_socket_get_error().

Here is the caller graph for this function:

◆ stream_set()

int stream_set ( int ,
fd_set *  )

◆ stream_set_buffer()

int stream_set_buffer ( int fd,
int sz )

Definition at line 2168 of file network.c.

2169{
2170 openvas_connection *p;
2171 char *b;
2172
2173 if (!OPENVAS_STREAM (fd))
2174 return -1;
2175
2176 p = OVAS_CONNECTION_FROM_FD (fd);
2177 if (sz < p->bufcnt)
2178 return -1; /* Do not want to lose data */
2179
2180 if (sz == 0)
2181 {
2182 g_free (p->buf);
2183 p->buf = NULL;
2184 p->bufsz = 0;
2185 return 0;
2186 }
2187 else if (p->buf == 0)
2188 {
2189 p->buf = g_malloc0 (sz);
2190 if (p->buf == NULL)
2191 return -1;
2192 p->bufsz = sz;
2193 p->bufptr = 0;
2194 p->bufcnt = 0;
2195 return 0;
2196 }
2197 else
2198 {
2199 if (p->bufcnt > 0)
2200 {
2201 memmove (p->buf, p->buf + p->bufptr, p->bufcnt);
2202 p->bufptr = 0;
2203 }
2204 b = g_realloc (p->buf, sz);
2205 if (b == NULL)
2206 return -1;
2207 p->buf = b;
2208 p->bufsz = sz;
2209 return 0;
2210 }
2211}

References openvas_connection::buf, openvas_connection::bufcnt, openvas_connection::bufptr, openvas_connection::bufsz, OPENVAS_STREAM, and OVAS_CONNECTION_FROM_FD.

Referenced by nasl_open_sock_tcp_bufsz(), and nasl_recv_line().

Here is the caller graph for this function:

◆ stream_set_timeout()

int stream_set_timeout ( int fd,
int timeout )

Definition at line 1216 of file network.c.

1217{
1218 int old;
1219 openvas_connection *fp;
1220 if (!OPENVAS_STREAM (fd))
1221 {
1222 errno = EINVAL;
1223 return 0;
1224 }
1225 fp = OVAS_CONNECTION_FROM_FD (fd);
1226 old = fp->timeout;
1227 fp->timeout = timeout;
1228 return old;
1229}

References OPENVAS_STREAM, OVAS_CONNECTION_FROM_FD, and openvas_connection::timeout.

Referenced by nasl_recv(), and plugin_do_run().

Here is the caller graph for this function:

◆ stream_zero()

int stream_zero ( fd_set * )

◆ write_stream_connection()

int write_stream_connection ( int fd,
void * buf,
int n )

Definition at line 1583 of file network.c.

1584{
1585 return write_stream_connection4 (fd, buf0, n, 0);
1586}

References write_stream_connection4().

Referenced by ftp_get_pasv_address(), ftp_log_in(), nasl_telnet_init(), and plugin_do_run().

Here is the call graph for this function:
Here is the caller graph for this function: