OpenVAS Scanner 23.43.1
attack.h File Reference

attack.c header. More...

#include "../misc/scanneraux.h"
#include <gvm/util/kb.h>
Include dependency graph for attack.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int attack_network (struct scan_globals *)
 Attack a whole network. return 0 on successes, -1 if there was a critical error.

Detailed Description

attack.c header.

Definition in file attack.h.

Function Documentation

◆ attack_network()

int attack_network ( struct scan_globals * globals)

Attack a whole network. return 0 on successes, -1 if there was a critical error.

Definition at line 1169 of file attack.c.

1170{
1171 int max_hosts = 0, max_checks;
1172 const char *hostlist;
1173 gvm_host_t *host;
1174 plugins_scheduler_t sched;
1175 int fork_retries = 0;
1176 struct timeval then, now;
1177 gvm_hosts_t *hosts;
1178 const gchar *port_range;
1179 int allow_simultaneous_ips;
1180 kb_t arg_host_kb, main_kb;
1181 GSList *unresolved;
1182 char buf[96];
1183 int error = 0;
1184
1185 check_deprecated_prefs ();
1186
1187 gboolean test_alive_hosts_only = prefs_get_bool ("test_alive_hosts_only");
1188 gvm_hosts_t *alive_hosts_list = NULL;
1189 kb_t alive_hosts_kb = NULL;
1190 if (test_alive_hosts_only)
1191 connect_main_kb (&alive_hosts_kb);
1192
1193 gettimeofday (&then, NULL);
1194
1195 if (check_kb_access ())
1196 {
1197 error = -1;
1198 return error;
1199 }
1200 /* Init and check Target List */
1201#ifdef FEATURE_HOST_DISCOVERY_IPV6
1202 alive_test_t alive_test;
1203 const char *target_aux = prefs_get ("TARGET");
1204 char *host_found = "";
1205
1206 get_alive_test_methods (&alive_test);
1207 if (alive_test == 32)
1208 {
1209 int print_results = 0;
1210 run_cli_for_ipv6_network (target_aux, &host_found, print_results);
1211 hostlist = host_found;
1212 // Consider alive the found hosts, to avoid double check later
1213 prefs_set("ALIVE_TEST", "8");
1214 }
1215 else
1216#endif /* FEATURE_HOST_DISCOVERY_IPV6 */
1217 {
1218 hostlist = prefs_get ("TARGET");
1219 }
1220
1221 if (hostlist == NULL)
1222 {
1223 error = -1;
1224 return error;
1225 }
1226
1227 /* Verify the port range is a valid one */
1228 port_range = prefs_get ("port_range");
1229 if (validate_port_range (port_range))
1230 {
1231 connect_main_kb (&main_kb);
1232 message_to_client (
1233 main_kb, "Invalid port list. Ports must be in the range [1-65535]",
1234 NULL, NULL, "ERRMSG");
1235 kb_lnk_reset (main_kb);
1236 g_warning ("Invalid port list. Ports must be in the range [1-65535]. "
1237 "Scan terminated.");
1238 set_scan_status ("finished");
1239
1240 error = -1;
1241 return error;
1242 }
1243
1244 /* Initialize the attack. */
1245 int plugins_init_error = 0;
1246 sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1247 prefs_get_bool ("auto_enable_dependencies"),
1248 &plugins_init_error);
1249 if (!sched)
1250 {
1251 g_message ("Couldn't initialize the plugin scheduler");
1252
1253 error = -1;
1254 return error;
1255 }
1256
1257 if (plugins_init_error > 0)
1258 {
1259 sprintf (buf,
1260 "%d errors were found during the plugin scheduling. "
1261 "Some plugins have not been launched.",
1262 plugins_init_error);
1263
1264 connect_main_kb (&main_kb);
1265 message_to_client (main_kb, buf, NULL, NULL, "ERRMSG");
1266 kb_lnk_reset (main_kb);
1267 }
1268
1269 max_hosts = get_max_hosts_number ();
1270 max_checks = get_max_checks_number ();
1271
1272 hosts = gvm_hosts_new (hostlist);
1273 if (hosts == NULL)
1274 {
1275 char *buffer;
1276 buffer = g_strdup_printf ("Invalid target list: %s.", hostlist);
1277 connect_main_kb (&main_kb);
1278 message_to_client (main_kb, buffer, NULL, NULL, "ERRMSG");
1279 g_free (buffer);
1280 /* Send the hosts count to the client as -1,
1281 * because the invalid target list.*/
1282 message_to_client (main_kb, INVALID_TARGET_LIST, NULL, NULL,
1283 "HOSTS_COUNT");
1284 kb_lnk_reset (main_kb);
1285 g_warning ("Invalid target list. Scan terminated.");
1286
1287 error = -1;
1288 goto stop;
1289 }
1290
1291 unresolved = gvm_hosts_resolve (hosts);
1292 while (unresolved)
1293 {
1294 g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1295 unresolved = unresolved->next;
1296 }
1297 g_slist_free_full (unresolved, g_free);
1298
1299 /* Apply Hosts preferences. */
1300 apply_hosts_preferences_ordering (hosts);
1301
1302 int already_excluded = 0;
1303 already_excluded = apply_hosts_reverse_lookup_preferences (hosts);
1304
1305#ifdef FEATURE_HOSTS_ALLOWED_ONLY
1306 // Remove hosts which are denied and/or keep the ones in the allowed host
1307 // lists
1308 // for both, user and system wide settings.
1309 apply_hosts_allow_deny (hosts);
1310#endif
1311
1312 // Remove the excluded hosts
1313 int exc = apply_hosts_excluded (hosts);
1314
1315 /* Send the excluded hosts count to the client, after removing duplicated and
1316 * unresolved hosts.*/
1317 sprintf (buf, "%d", exc + already_excluded);
1318 connect_main_kb (&main_kb);
1319 message_to_client (main_kb, buf, NULL, NULL, "HOSTS_EXCLUDED");
1320 kb_lnk_reset (main_kb);
1321
1322 /* Send the hosts count to the client, after removing duplicated and
1323 * unresolved hosts.*/
1324 sprintf (buf, "%d", gvm_hosts_count (hosts));
1325 connect_main_kb (&main_kb);
1326 message_to_client (main_kb, buf, NULL, NULL, "HOSTS_COUNT");
1327 kb_lnk_reset (main_kb);
1328
1329 host = gvm_hosts_next (hosts);
1330 if (host == NULL)
1331 goto stop;
1332
1333 hosts_init (max_hosts);
1334
1335 g_message ("Vulnerability scan %s started: Target has %d hosts: "
1336 "%s, with max_hosts = %d and max_checks = %d",
1337 globals->scan_id, gvm_hosts_count (hosts), hostlist, max_hosts,
1338 max_checks);
1339
1340 if (test_alive_hosts_only)
1341 {
1342 /* Boolean signalling if alive detection finished. */
1343 gboolean ad_finished = FALSE;
1344 int err;
1345 pthread_t tid;
1346 struct in6_addr tmpaddr;
1347
1348 /* Reset the iterator. */
1349 hosts->current = 0;
1350 err = pthread_create (&tid, NULL, start_alive_detection, (void *) hosts);
1351 if (err == EAGAIN)
1352 g_warning (
1353 "%s: pthread_create() returned EAGAIN: Insufficient resources "
1354 "to create thread.",
1355 __func__);
1356 set_alive_detection_tid (tid);
1357 g_debug ("%s: started alive detection.", __func__);
1358
1359 for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1360 !host && !ad_finished && !scan_is_stopped ();
1361 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1362 {
1363 fork_sleep (1);
1364 }
1365
1366 if (gvm_host_get_addr6 (host, &tmpaddr) == 0)
1367 host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1368 if (host)
1369 {
1370 g_debug (
1371 "%s: Get first host to test from Queue. This host is used for "
1372 "initialising the alive_hosts_list.",
1373 __func__);
1374 }
1375 alive_hosts_list = gvm_hosts_new (gvm_host_value_str (host));
1376 }
1377
1378 if (prefs_get ("report_scripts"))
1379 {
1380 char *path = g_strdup_printf (
1381 "%s/%s-stats.json", prefs_get ("report_scripts"), globals->scan_id);
1382 write_script_stats ("{\"hosts\": {", path, 2);
1383 g_free (path);
1384 }
1385 /*
1386 * Start the attack !
1387 */
1388 allow_simultaneous_ips = prefs_get_bool ("allow_simultaneous_ips");
1389 openvas_signal (SIGUSR1, handle_scan_stop_signal);
1390 while (host && !scan_is_stopped ())
1391 {
1392 int pid, rc;
1393 struct attack_start_args args;
1394 char *host_str;
1395
1396 if (!test_alive_hosts_only
1397 && (!allow_simultaneous_ips && host_is_currently_scanned (host)))
1398 {
1399 sleep (1);
1400 // move the host at the end of the list and get the next host.
1401 gvm_hosts_move_current_host_to_end (hosts);
1402 host = gvm_hosts_next (hosts);
1403 continue;
1404 }
1405
1406 do
1407 {
1408 rc = kb_new (&arg_host_kb, prefs_get ("db_address"));
1409 if (rc < 0 && rc != -2)
1410 {
1411 report_kb_failure (rc);
1412 goto stop;
1413 }
1414 else if (rc == -2)
1415 {
1416 sleep (KB_RETRY_DELAY);
1417 continue;
1418 }
1419 break;
1420 }
1421 while (1);
1422
1423 host_str = gvm_host_value_str (host);
1424 connect_main_kb (&main_kb);
1425 if (hosts_new (host_str, arg_host_kb, main_kb) < 0)
1426 {
1427 kb_delete (arg_host_kb);
1428 g_free (host_str);
1429 goto stop;
1430 }
1431
1432 if (scan_is_stopped ())
1433 {
1434 kb_delete (arg_host_kb);
1435 g_free (host_str);
1436 continue;
1437 }
1438
1439 args.host = host;
1440 args.globals = globals;
1441 args.sched = sched;
1442 args.host_kb = arg_host_kb;
1443
1444 forkagain:
1445 pid = create_ipc_process ((ipc_process_func) attack_start, &args);
1446 /* Close child process' socket. */
1447 if (pid < 0)
1448 {
1449 fork_retries++;
1450 if (fork_retries > MAX_FORK_RETRIES)
1451 {
1452 /* Forking failed - we go to the wait queue. */
1453 g_warning ("fork() failed - %s. %s won't be tested",
1454 strerror (errno), host_str);
1455 g_free (host_str);
1456 goto stop;
1457 }
1458
1459 g_debug ("fork() failed - "
1460 "sleeping %d seconds and trying again...",
1461 fork_retries);
1462 fork_sleep (fork_retries);
1463 goto forkagain;
1464 }
1465 hosts_set_pid (host_str, pid);
1466
1467 if (test_alive_hosts_only)
1468 {
1469 struct in6_addr tmpaddr;
1470 gvm_host_t *alive_buf;
1471
1472 while (1)
1473 {
1474 /* Boolean signalling if alive detection finished. */
1475 gboolean ad_finished = FALSE;
1476 for (host = get_host_from_queue (alive_hosts_kb, &ad_finished);
1477 !host && !ad_finished && !scan_is_stopped ();
1478 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1479 {
1480 fork_sleep (1);
1481 }
1482
1483 if (host && !allow_simultaneous_ips
1484 && host_is_currently_scanned (host))
1485 {
1486 struct in6_addr hostip;
1487 char ip_str[INET6_ADDRSTRLEN];
1488 int flag_set;
1489
1490 gvm_host_get_addr6 (host, &hostip);
1491 addr6_to_str (&hostip, ip_str);
1492
1493 // Re-add host at the end of the queue and reallocate the flag
1494 // if it was already set.
1495 flag_set = finish_signal_on_queue (alive_hosts_kb);
1496
1497 put_host_on_queue (alive_hosts_kb, ip_str);
1498 g_debug ("Reallocating the host %s at the end of the queue",
1499 ip_str);
1500
1501 gvm_host_free (host);
1502 host = NULL;
1503
1504 if (flag_set)
1505 {
1506 g_debug ("Reallocating finish signal in the host queue");
1507 realloc_finish_signal_on_queue (alive_hosts_kb);
1508 }
1509 }
1510 else
1511 break;
1512 }
1513
1514 if (host && gvm_host_get_addr6 (host, &tmpaddr) == 0)
1515 {
1516 alive_buf = host;
1517 host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
1518 gvm_host_free (alive_buf);
1519 alive_buf = NULL;
1520 }
1521
1522 if (host)
1523 gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
1524 else
1525 g_debug ("%s: got NULL host, stop/finish scan", __func__);
1526 }
1527 else
1528 {
1529 host = gvm_hosts_next (hosts);
1530 }
1531 g_free (host_str);
1532 }
1533
1534 /* Every host is being tested... We have to wait for the processes
1535 * to terminate. */
1536 while (hosts_read () == 0)
1537 if (scan_is_stopped () == 1)
1538 killpg (getpid (), SIGUSR1);
1539
1540 g_debug ("Test complete");
1541
1542stop:
1543
1544 if (test_alive_hosts_only)
1545 {
1546 int err;
1547 void *retval;
1548
1549 kb_lnk_reset (alive_hosts_kb);
1550 g_debug ("%s: free alive detection data ", __func__);
1551
1552 /* need to wait for alive detection to finish */
1553 g_debug ("%s: waiting for alive detection thread to be finished...",
1554 __func__);
1555 /* Join alive detection thread. */
1556 err = pthread_join (get_alive_detection_tid (), &retval);
1557 if (err == EDEADLK)
1558 g_debug ("%s: pthread_join() returned EDEADLK.", __func__);
1559 if (err == EINVAL)
1560 g_debug ("%s: pthread_join() returned EINVAL.", __func__);
1561 if (err == ESRCH)
1562 g_debug ("%s: pthread_join() returned ESRCH.", __func__);
1563 if (retval == PTHREAD_CANCELED)
1564 g_debug ("%s: pthread_join() returned PTHREAD_CANCELED.", __func__);
1565 /* Set flag signaling that alive deteciton thread was joined. */
1566 if (err == 0)
1567 ad_thread_joined (TRUE);
1568 g_debug ("%s: Finished waiting for alive detection thread.", __func__);
1569 }
1570
1571 plugins_scheduler_free (sched);
1572
1573 gettimeofday (&now, NULL);
1574 if (test_alive_hosts_only)
1575 {
1576 g_message ("Vulnerability scan %s finished in %ld seconds: "
1577 "%d alive hosts of %d",
1578 globals->scan_id, now.tv_sec - then.tv_sec,
1579 gvm_hosts_count (alive_hosts_list), gvm_hosts_count (hosts));
1580 }
1581 else
1582 g_message ("Vulnerability scan %s finished in %ld seconds: %d hosts",
1583 globals->scan_id, now.tv_sec - then.tv_sec,
1584 gvm_hosts_count (hosts));
1585
1586 if (prefs_get ("report_scripts"))
1587 {
1588 char *buff =
1589 g_strdup_printf ("},\"scan_time\": {\"start\": %ld, \"stop\": %ld}}",
1590 then.tv_sec, now.tv_sec);
1591 char *path = g_strdup_printf (
1592 "%s/%s-stats.json", prefs_get ("report_scripts"), globals->scan_id);
1593
1594 write_script_stats (buff, path, 1);
1595
1596 g_free (buff);
1597 g_free (path);
1598 }
1599
1600 gvm_hosts_free (hosts);
1601 if (alive_hosts_list)
1602 gvm_hosts_free (alive_hosts_list);
1603
1604 set_scan_status ("finished");
1605
1606 return error;
1607}
scan_is_stopped
static int scan_is_stopped(void)
Definition attack.c:267
attack_start
static void attack_start(struct ipc_context *ipcc, struct attack_start_args *args)
Set up some data and jump into attack_host().
Definition attack.c:837
apply_hosts_reverse_lookup_preferences
static int apply_hosts_reverse_lookup_preferences(gvm_hosts_t *hosts)
Definition attack.c:1008
apply_hosts_excluded
static int apply_hosts_excluded(gvm_hosts_t *hosts)
Definition attack.c:917
handle_scan_stop_signal
static void handle_scan_stop_signal()
Definition attack.c:1109
set_alive_detection_tid
static void set_alive_detection_tid(pthread_t tid)
Definition attack.c:1078
fork_sleep
static void fork_sleep(int n)
Definition attack.c:249
check_deprecated_prefs
static void check_deprecated_prefs(void)
Check if any deprecated prefs are in pref table and print warning.
Definition attack.c:739
connect_main_kb
static int connect_main_kb(kb_t *main_kb)
Connect to the main kb. Must be released with kb_lnk_reset() after use.
Definition attack.c:97
report_kb_failure
static void report_kb_failure(int errcode)
Definition attack.c:237
check_kb_access
static int check_kb_access(void)
Definition attack.c:1060
apply_hosts_preferences_ordering
static void apply_hosts_preferences_ordering(gvm_hosts_t *hosts)
Definition attack.c:985
INVALID_TARGET_LIST
#define INVALID_TARGET_LIST
Definition attack.c:63
message_to_client
static void message_to_client(kb_t kb, const char *msg, const char *ip_str, const char *port, const char *type)
Definition attack.c:224
KB_RETRY_DELAY
#define KB_RETRY_DELAY
Definition attack.c:59
MAX_FORK_RETRIES
#define MAX_FORK_RETRIES
Definition attack.c:55
ad_thread_joined
static gboolean ad_thread_joined(gboolean joined)
Set and get if alive detection thread was already joined by main thread.
Definition attack.c:1100
get_alive_detection_tid
static pthread_t get_alive_detection_tid()
Definition attack.c:1083
set_scan_status
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition attack.c:136
hosts
static struct host * hosts
Definition hosts.c:49
host_is_currently_scanned
int host_is_currently_scanned(gvm_host_t *host_to_check)
Returns 1 if the host is being scanned. 0 otherwise.
Definition hosts.c:271
hosts_set_pid
int hosts_set_pid(char *name, pid_t pid)
Definition hosts.c:177
hosts_read
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition hosts.c:253
hosts_init
int hosts_init(int max_hosts)
Definition hosts.c:144
hosts_new
int hosts_new(char *name, kb_t kb, kb_t main_kb)
Definition hosts.c:151
ipc_process_func
void(* ipc_process_func)(struct ipc_context *, void *)
Definition ipc.h:47
main_kb
kb_t main_kb
Definition kb_cache.c:15
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
pid
static pid_t pid
Definition nasl_cmd_exec.c:39
plugins_scheduler_free
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition pluginscheduler.c:518
plugins_scheduler_init
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int *error)
Definition pluginscheduler.c:302
plugins_scheduler_t
struct plugins_scheduler * plugins_scheduler_t
Definition pluginscheduler.h:34
create_ipc_process
pid_t create_ipc_process(ipc_process_func func, void *args)
initializes a communication channels and calls a function with a new process
Definition processes.c:195
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition sighand.c:79
attack_start_args
Definition attack.c:76
attack_start_args::globals
struct scan_globals * globals
Definition attack.c:77
attack_start_args::sched
plugins_scheduler_t sched
Definition attack.c:80
host
Host information, implemented as doubly linked list.
Definition hosts.c:37
scan_globals::scan_id
char * scan_id
Definition scanneraux.h:22
write_script_stats
void write_script_stats(const char *buf, const char *path, int mode)
Writes scripts stats into a file.
Definition utils.c:271
get_max_hosts_number
int get_max_hosts_number(void)
Definition utils.c:137
get_max_checks_number
int get_max_checks_number(void)
Definition utils.c:168

References ad_thread_joined(), apply_hosts_excluded(), apply_hosts_preferences_ordering(), apply_hosts_reverse_lookup_preferences(), attack_start(), check_deprecated_prefs(), check_kb_access(), connect_main_kb(), create_ipc_process(), fork_sleep(), get_alive_detection_tid(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, host_is_currently_scanned(), attack_start_args::host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), INVALID_TARGET_LIST, KB_RETRY_DELAY, main_kb, MAX_FORK_RETRIES, message_to_client(), openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_alive_detection_tid(), set_scan_status(), timeval(), and write_script_stats().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function: