OpenVAS Scanner 23.23.1
network.c File Reference

Network Functions. More...

#include "../nasl/nasl_debug.h"
#include "kb_cache.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gvm/base/logging.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/util/kb.h>
#include <gvm/util/serverutils.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include "network.h"
#include "plugutils.h"
#include "support.h"

Data Structures

struct  openvas_connection
struct  csc_hook_s
 Object to store a list of hooks for close_stream_connection. More...

Macros

#define TIMEOUT   20
#define INADDR_NONE   0xffffffff
#define G_LOG_DOMAIN   "lib misc"
 GLib logging domain.
#define OPENVAS_FD_MAX   1024
#define OPENVAS_FD_OFF   1000000
#define OPENVAS_STREAM(x)
#define OVAS_CONNECTION_FROM_FD(fd)
#define INCR_TIMEOUT   1

Functions

static int pid_perror (const char *error)
int stream_get_err (int fd)
static int get_connection_fd (void)
 Returns a free file descriptor.
static int release_connection_fd (int fd, int already_closed)
int openvas_register_connection (int soc, void *ssl, gnutls_certificate_credentials_t certcred, openvas_encaps_t encaps)
int openvas_deregister_connection (int fd)
static int unblock_socket (int soc)
static int block_socket (int soc)
static void tlserror (char *txt, int err)
static void log_message_gnutls (int level, const char *msg)
int openvas_SSL_init ()
 Initializes SSL support.
int openvas_get_socket_from_connection (int fd)
gnutls_session_t ovas_get_tlssession_from_connection (int fd)
static int set_gnutls_protocol (gnutls_session_t session, openvas_encaps_t encaps, const char *priority, unsigned int flags)
static int load_cert_and_key (gnutls_certificate_credentials_t xcred, const char *cert, const char *key, const char *passwd)
 Loads a certificate and the corresponding private key from PEM files.
static int is_ip_address (const char *str)
static int open_SSL_connection (openvas_connection *fp, const char *cert, const char *key, const char *passwd, const char *cafile, const char *hostname, unsigned int flags)
 Open an TLS/SSL connection.
int socket_ssl_safe_renegotiation_status (int fd)
 Check if Secure Renegotiation is supported in the server side.
int socket_ssl_do_handshake (int fd)
 Do a re-handshake of the TLS/SSL protocol.
int socket_negotiate_ssl (int fd, openvas_encaps_t transport, struct script_infos *args)
 Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.
void socket_get_cert (int fd, void **cert, int *certlen)
int socket_get_ssl_version (int fd)
void socket_get_ssl_session_id (int fd, void **sid, size_t *ssize)
int socket_get_ssl_ciphersuite (int fd)
int open_stream_connection_ext (struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
void open_stream_tls_default_priorities (const char *p, const int pflag)
int open_stream_connection (struct script_infos *args, unsigned int port, int transport, int timeout)
int open_stream_auto_encaps_ext (struct script_infos *args, unsigned int port, int timeout, int force)
int stream_set_timeout (int fd, int timeout)
static int read_stream_connection_unbuffered (int fd, void *buf0, int min_len, int max_len)
int read_stream_connection_min (int fd, void *buf0, int min_len, int max_len)
int read_stream_connection (int fd, void *buf0, int len)
static int write_stream_connection4 (int fd, void *buf0, int n, int i_opt)
int write_stream_connection (int fd, void *buf0, int n)
int nsend (int fd, void *data, int length, int i_opt)
int nrecv (int fd, void *data, int length, int i_opt)
void add_close_stream_connection_hook (int(*fnc)(int fd))
 Register a hook function for close_stream_connection.
static int run_csc_hooks (int fd)
 Run the hooks for close_stream_connection.
int close_stream_connection (int fd)
const char * get_encaps_name (openvas_encaps_t code)
const char * get_encaps_through (openvas_encaps_t code)
static int open_socket (struct sockaddr *paddr, int type, int protocol, int timeout, int len)
int open_sock_opt_hn (const char *hostname, unsigned int port, int type, int protocol, int timeout)
int open_sock_tcp (struct script_infos *args, unsigned int port, int timeout)
int open_sock_option (struct script_infos *args, unsigned int port, int type, int protocol, int timeout)
int recv_line (int soc, char *buf, size_t bufsiz)
 Reads a text from the socket stream into the argument buffer, always.
int socket_close (int soc)
int fd_is_stream (int fd)
int stream_get_buffer_sz (int fd)
int stream_set_buffer (int fd, int sz)
int os_send (int soc, void *buf, int len, int opt)
int os_recv (int soc, void *buf, int len, int opt)
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
static int qsort_compar (const void *a, const void *b)
unsigned short * getpts (char *origexpr, int *len)
 Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

Variables

static openvas_connection connections [OPENVAS_FD_MAX]
static struct csc_hook_scsc_hooks
 Linked list of hooks to be run by close_stream_connection.
const char * tls_priorities = "NORMAL:+ARCFOUR-128:%COMPAT"
int tls_priority_flag = NO_PRIORITY_FLAGS
static int __port_closed

Detailed Description

Network Functions.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib misc"

GLib logging domain.

◆ INADDR_NONE

#define INADDR_NONE   0xffffffff

◆ INCR_TIMEOUT

#define INCR_TIMEOUT   1

◆ OPENVAS_FD_MAX

#define OPENVAS_FD_MAX   1024

The role of this offset is:

  1. To detect bugs when the program tries to write to a bad fd
  2. See if a fd is a real socket or a "openvas descriptor". This is a quick & dirty hack and should be changed!!!

◆ OPENVAS_FD_OFF

#define OPENVAS_FD_OFF   1000000

◆ OPENVAS_STREAM

#define OPENVAS_STREAM ( x)
Value:
(((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))
#define OPENVAS_FD_OFF
Definition network.c:92
#define OPENVAS_FD_MAX
Definition network.c:91

OPENVAS_STREAM(x) is TRUE if <x> is a OpenVAS-ified fd

◆ OVAS_CONNECTION_FROM_FD

#define OVAS_CONNECTION_FROM_FD ( fd)
Value:
static openvas_connection connections[OPENVAS_FD_MAX]
Definition network.c:94

determine the openvas_connection* from the openvas fd

◆ TIMEOUT

#define TIMEOUT   20

Function Documentation

◆ add_close_stream_connection_hook()

void add_close_stream_connection_hook ( int(* fnc )(int fd))

Register a hook function for close_stream_connection.

The function adds the given hook function to the list of hooks to be run by close_stream_connection. These hooks are intended to test whether they need to close the stream them self. See argument to the hook function is the file descriptor of the stream. The hook shall return 0 if it has taken over control of that file descriptor. The same function is only aded once to the list of hooks.

Parameters
fncThe hook function. See above for details.

◆ block_socket()

int block_socket ( int soc)
static

◆ close_stream_connection()

int close_stream_connection ( int fd)

◆ fd_is_stream()

int fd_is_stream ( int fd)

◆ get_connection_fd()

int get_connection_fd ( void )
static

Returns a free file descriptor.

◆ get_encaps_name()

const char * get_encaps_name ( openvas_encaps_t code)

◆ get_encaps_through()

const char * get_encaps_through ( openvas_encaps_t code)

◆ get_sock_infos()

int get_sock_infos ( int sock,
int * r_transport,
void ** r_tls_session )

◆ getpts()

unsigned short * getpts ( char * origexpr,
int * len )

Converts a string like "-100,200-1024,3000-4000,60000-" into an array.

of port numbers

This function is (c) Fyodor fyodo.nosp@m.r@dh.nosp@m.p.com and was taken from his excellent and outstanding scanner Nmap See http://www.insecure.org/nmap/ for details about Nmap

◆ is_ip_address()

int is_ip_address ( const char * str)
static

◆ load_cert_and_key()

int load_cert_and_key ( gnutls_certificate_credentials_t xcred,
const char * cert,
const char * key,
const char * passwd )
static

Loads a certificate and the corresponding private key from PEM files.

The private key may be encrypted, in which case the password to decrypt the key should be given as the passwd parameter.

Returns
Returns 0 on success and -1 on failure.

◆ log_message_gnutls()

void log_message_gnutls ( int level,
const char * msg )
static

◆ nrecv()

int nrecv ( int fd,
void * data,
int length,
int i_opt )

◆ nsend()

int nsend ( int fd,
void * data,
int length,
int i_opt )

◆ open_sock_opt_hn()

int open_sock_opt_hn ( const char * hostname,
unsigned int port,
int type,
int protocol,
int timeout )

◆ open_sock_option()

int open_sock_option ( struct script_infos * args,
unsigned int port,
int type,
int protocol,
int timeout )

◆ open_sock_tcp()

int open_sock_tcp ( struct script_infos * args,
unsigned int port,
int timeout )

◆ open_socket()

int open_socket ( struct sockaddr * paddr,
int type,
int protocol,
int timeout,
int len )
static

◆ open_SSL_connection()

int open_SSL_connection ( openvas_connection * fp,
const char * cert,
const char * key,
const char * passwd,
const char * cafile,
const char * hostname,
unsigned int flags )
static

Open an TLS/SSL connection.

Parameters
fpFile structure for a the openvas connection
certThe certificate.
keyThe key
passwdThe password
cafileThe CA file
hostnameTargets hostname
flagsExtra options which can not be set via the priority string Supported flags are:
  • NO_PRIORITY_FLAGS
  • INSECURE_DH_PRIME_BITS
Returns
1 on success. -1 on general error or timeout. -2 if DH prime bits on server side are lower than minimum allowed. -3 on Fatal alert received from server

◆ open_stream_auto_encaps_ext()

int open_stream_auto_encaps_ext ( struct script_infos * args,
unsigned int port,
int timeout,
int force )

◆ open_stream_connection()

int open_stream_connection ( struct script_infos * args,
unsigned int port,
int transport,
int timeout )

◆ open_stream_connection_ext()

int open_stream_connection_ext ( struct script_infos * args,
unsigned int port,
int transport,
int timeout,
const char * priority,
int flags )

◆ open_stream_tls_default_priorities()

void open_stream_tls_default_priorities ( const char * p,
const int pflag )

◆ openvas_deregister_connection()

int openvas_deregister_connection ( int fd)

◆ openvas_get_socket_from_connection()

int openvas_get_socket_from_connection ( int fd)

◆ openvas_register_connection()

int openvas_register_connection ( int soc,
void * ssl,
gnutls_certificate_credentials_t certcred,
openvas_encaps_t encaps )
Todo
TLS FIXME: migrate this to TLS
Todo
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.

◆ openvas_SSL_init()

int openvas_SSL_init ( void )

Initializes SSL support.

◆ os_recv()

int os_recv ( int soc,
void * buf,
int len,
int opt )

◆ os_send()

int os_send ( int soc,
void * buf,
int len,
int opt )

◆ ovas_get_tlssession_from_connection()

gnutls_session_t ovas_get_tlssession_from_connection ( int fd)

◆ pid_perror()

int pid_perror ( const char * error)
static

Same as perror(), but prefixes the data by our pid.

◆ qsort_compar()

int qsort_compar ( const void * a,
const void * b )
static

◆ read_stream_connection()

int read_stream_connection ( int fd,
void * buf0,
int len )

◆ read_stream_connection_min()

int read_stream_connection_min ( int fd,
void * buf0,
int min_len,
int max_len )

◆ read_stream_connection_unbuffered()

int read_stream_connection_unbuffered ( int fd,
void * buf0,
int min_len,
int max_len )
static

◆ recv_line()

int recv_line ( int soc,
char * buf,
size_t bufsiz )

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.

◆ release_connection_fd()

int release_connection_fd ( int fd,
int already_closed )
static

◆ run_csc_hooks()

int run_csc_hooks ( int fd)
static

Run the hooks for close_stream_connection.

The function runs all registered hooks until the first hook returns with zero to indicate that it has taken over control of the socket. Further hooks are then not anymore run because the file descriptor is not anymore valid.

Parameters
fdThe file descriptor of the stream.
Returns
Zero if one of the hooks has closed the connection; non-zero otherwise.

◆ set_gnutls_protocol()

int set_gnutls_protocol ( gnutls_session_t session,
openvas_encaps_t encaps,
const char * priority,
unsigned int flags )
static

Sets the priorities for the GnuTLS session according to encaps. PRIORITY is used to convey custom priorities; it is only used if ENCAPS is set to OPENVAS_ENCAPS_TLScustom.

◆ socket_close()

int socket_close ( int soc)

◆ socket_get_cert()

void socket_get_cert ( int fd,
void ** cert,
int * certlen )

◆ socket_get_ssl_ciphersuite()

int socket_get_ssl_ciphersuite ( int fd)

◆ socket_get_ssl_session_id()

void socket_get_ssl_session_id ( int fd,
void ** sid,
size_t * ssize )

◆ socket_get_ssl_version()

int socket_get_ssl_version ( int fd)

◆ socket_negotiate_ssl()

int socket_negotiate_ssl ( int fd,
openvas_encaps_t transport,
struct script_infos * args )

Upgrade an ENCAPS_IP socket to an SSL/TLS encapsulated one.

Parameters
[in]fdSocket file descriptor.
[in]transportEncapsulation type.
[in]argScript args.
Returns
-1 if error, socket file descriptor value otherwise.

◆ socket_ssl_do_handshake()

int socket_ssl_do_handshake ( int fd)

Do a re-handshake of the TLS/SSL protocol.

Parameters
[in]fdSocket file descriptor.
Returns
1 on success, less than 0 on failure or error.

◆ socket_ssl_safe_renegotiation_status()

int socket_ssl_safe_renegotiation_status ( int fd)

Check if Secure Renegotiation is supported in the server side.

Parameters
[in]fdSocket file descriptor.
Returns
1 if supported, 0 if not supported and less than 0 on error.

◆ stream_get_buffer_sz()

int stream_get_buffer_sz ( int fd)

◆ stream_get_err()

int stream_get_err ( int fd)

◆ stream_set_buffer()

int stream_set_buffer ( int fd,
int sz )

◆ stream_set_timeout()

int stream_set_timeout ( int fd,
int timeout )

◆ tlserror()

void tlserror ( char * txt,
int err )
static

◆ unblock_socket()

int unblock_socket ( int soc)
static

◆ write_stream_connection()

int write_stream_connection ( int fd,
void * buf0,
int n )

◆ write_stream_connection4()

int write_stream_connection4 ( int fd,
void * buf0,
int n,
int i_opt )
static

Variable Documentation

◆ __port_closed

int __port_closed
static

◆ connections

openvas_connection connections[OPENVAS_FD_MAX]
static

◆ csc_hooks

struct csc_hook_s* csc_hooks
static

Linked list of hooks to be run by close_stream_connection.

◆ tls_priorities

const char* tls_priorities = "NORMAL:+ARCFOUR-128:%COMPAT"

◆ tls_priority_flag

int tls_priority_flag = NO_PRIORITY_FLAGS