OpenVAS Scanner  7.0.1~git
openvas.c File Reference
#include "../misc/plugutils.h"
#include "../misc/vendorversion.h"
#include "attack.h"
#include "pluginlaunch.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
#include <errno.h>
#include <fcntl.h>
#include <gcrypt.h>
#include <glib.h>
#include <grp.h>
#include <gvm/base/logging.h>
#include <gvm/base/nvti.h>
#include <gvm/base/prefs.h>
#include <gvm/base/proctitle.h>
#include <gvm/base/version.h>
#include <gvm/util/kb.h>
#include <gvm/util/nvticache.h>
#include <gvm/util/uuidutils.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <unistd.h>
#include "../misc/network.h"
Include dependency graph for openvas.c:

Go to the source code of this file.

Data Structures

struct  openvas_option
 

Macros

#define G_LOG_DOMAIN   "sd main"
 GLib log domain. More...
 
#define PROCTITLE_WAITING   "openvas: Waiting for incoming connections"
 
#define PROCTITLE_LOADING   "openvas: Loading Handler"
 
#define PROCTITLE_RELOADING   "openvas: Reloading"
 
#define PROCTITLE_SERVING   "openvas: Serving %s"
 

Functions

static void set_globals_from_preferences (void)
 
static void reload_openvas (void)
 
static void handle_reload_signal (int sig)
 
static void handle_termination_signal (int sig)
 
static void init_signal_handlers ()
 Initializes main scanner process' signal handlers. More...
 
static int load_scan_preferences (struct scan_globals *globals)
 Read the scan preferences from redis @input scan_id Scan ID used as key to find the corresponding KB where to take the preferences from. More...
 
static void handle_client (struct scan_globals *globals)
 
static void scanner_thread (struct scan_globals *globals)
 
static int init_openvas (const char *config_file)
 Initialize everything. More...
 
static int flush_all_kbs ()
 
static void gcrypt_init ()
 
void start_single_task_scan ()
 
static void stop_single_task_scan ()
 Search in redis the process ID of a running scan and sends it the kill signal SIGUSR2, which will stop the scan. To find the process ID, it uses the scan_id passed with the –scan-stop option. More...
 
int openvas (int argc, char *argv[])
 openvas. More...
 

Variables

int global_max_hosts = 15
 
int global_max_checks = 10
 
GSList * log_config = NULL
 Logging parameters, as passed to setup_log_handlers. More...
 
static volatile int loading_stop_signal = 0
 
static volatile int termination_signal = 0
 
static char * global_scan_id = NULL
 
static openvas_option openvas_defaults []
 Default values for scanner options. Must be NULL terminated. More...
 

Detailed Description

OpenVAS main module, runs the scanner.

Definition in file openvas.c.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "sd main"

GLib log domain.

Definition at line 79 of file openvas.c.

◆ PROCTITLE_LOADING

#define PROCTITLE_LOADING   "openvas: Loading Handler"

Definition at line 82 of file openvas.c.

◆ PROCTITLE_RELOADING

#define PROCTITLE_RELOADING   "openvas: Reloading"

Definition at line 83 of file openvas.c.

◆ PROCTITLE_SERVING

#define PROCTITLE_SERVING   "openvas: Serving %s"

Definition at line 84 of file openvas.c.

◆ PROCTITLE_WAITING

#define PROCTITLE_WAITING   "openvas: Waiting for incoming connections"

Definition at line 81 of file openvas.c.

Function Documentation

◆ flush_all_kbs()

static int flush_all_kbs ( )
static

Definition at line 342 of file openvas.c.

343 {
344  kb_t kb;
345  int rc;
346 
347  rc = kb_new (&kb, prefs_get ("db_address"));
348  if (rc)
349  return rc;
350 
351  rc = kb_flush (kb, NVTICACHE_STR);
352  return rc;
353 }

Referenced by openvas().

Here is the caller graph for this function:

◆ gcrypt_init()

static void gcrypt_init ( )
static

Definition at line 356 of file openvas.c.

357 {
358  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
359  return;
360  gcry_check_version (NULL);
361  gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
362  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
363  gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
364  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
365 }

Referenced by openvas().

Here is the caller graph for this function:

◆ handle_client()

static void handle_client ( struct scan_globals globals)
static

Definition at line 284 of file openvas.c.

285 {
286  kb_t net_kb = NULL;
287 
288  /* Load preferences from Redis. Scan started with a scan_id. */
290  {
291  g_warning ("No preferences found for the scan %s", globals->scan_id);
292  exit (0);
293  }
294 
295  attack_network (globals, &net_kb);
296  if (net_kb != NULL)
297  {
298  kb_delete (net_kb);
299  net_kb = NULL;
300  }
301 }

References attack_network(), load_scan_preferences(), and scan_globals::scan_id.

Referenced by scanner_thread().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_reload_signal()

static void handle_reload_signal ( int  sig)
static

Definition at line 156 of file openvas.c.

157 {
158  (void) sig;
159  reload_openvas ();
160 }

References reload_openvas().

Referenced by init_signal_handlers(), and reload_openvas().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_termination_signal()

static void handle_termination_signal ( int  sig)
static

Definition at line 163 of file openvas.c.

164 {
165  termination_signal = sig;
166 }

References termination_signal.

Referenced by init_signal_handlers().

Here is the caller graph for this function:

◆ init_openvas()

static int init_openvas ( const char *  config_file)
static

Initialize everything.

Parameters
config_filePath to config file for initialization

Definition at line 321 of file openvas.c.

322 {
323  static gchar *rc_name = NULL;
324  int i;
325 
326  for (i = 0; openvas_defaults[i].option != NULL; i++)
327  prefs_set (openvas_defaults[i].option, openvas_defaults[i].value);
328  prefs_config (config_file);
329 
330  /* Setup logging. */
331  rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL);
332  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
333  log_config = load_log_configuration (rc_name);
334  g_free (rc_name);
335  setup_log_handlers (log_config);
337 
338  return 0;
339 }

References log_config, openvas_defaults, openvas_option::option, option, and set_globals_from_preferences().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_signal_handlers()

static void init_signal_handlers ( )
static

Initializes main scanner process' signal handlers.

Definition at line 172 of file openvas.c.

References handle_reload_signal(), handle_termination_signal(), openvas_signal, and sighand_chld().

Referenced by start_single_task_scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ load_scan_preferences()

static int load_scan_preferences ( struct scan_globals globals)
static

Read the scan preferences from redis @input scan_id Scan ID used as key to find the corresponding KB where to take the preferences from.

Returns
0 on success, -1 if the kb is not found or no prefs are found in the kb.

Definition at line 226 of file openvas.c.

227 {
228  char key[1024];
229  kb_t kb;
230  struct kb_item *res = NULL;
231 
232  g_debug ("Start loading scan preferences.");
233  if (!globals->scan_id)
234  return -1;
235 
236  snprintf (key, sizeof (key), "internal/%s/scanprefs", globals->scan_id);
237  kb = kb_find (prefs_get ("db_address"), key);
238  if (!kb)
239  return -1;
240 
241  res = kb_item_get_all (kb, key);
242  if (!res)
243  return -1;
244 
245  while (res)
246  {
247  gchar **pref = g_strsplit (res->v_str, "|||", 2);
248  if (pref[0])
249  {
250  gchar **pref_name = g_strsplit (pref[0], ":", 3);
251  if (pref_name[1] && pref_name[2] && !strncmp (pref_name[2], "file", 4)
252  && strcmp (pref[1], ""))
253  {
254  char *file_hash = gvm_uuid_make ();
255  int ret;
256  prefs_set (pref[0], file_hash);
257  ret = store_file (globals, pref[1], file_hash);
258  if (ret)
259  g_debug ("Load preference: Failed to upload file "
260  "for nvt %s preference.",
261  pref_name[0]);
262 
263  g_free (file_hash);
264  }
265  else
266  prefs_set (pref[0], pref[1] ?: "");
267  g_strfreev (pref_name);
268  }
269 
270  g_strfreev (pref);
271  res = res->next;
272  }
273  snprintf (key, sizeof (key), "internal/%s", globals->scan_id);
274  kb_item_set_str (kb, key, "ready", 0);
275  kb_item_set_int (kb, "internal/ovas_pid", getpid ());
276 
277  g_debug ("End loading scan preferences.");
278 
279  kb_item_free (res);
280  return 0;
281 }

References script_infos::key, scan_globals::scan_id, and store_file().

Referenced by handle_client().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas()

int openvas ( int  argc,
char *  argv[] 
)

openvas.

Parameters
argcArgument count.
argvArgument vector.

Definition at line 429 of file openvas.c.

430 {
431  int ret;
432 
433  proctitle_init (argc, argv);
434  gcrypt_init ();
435 
436  static gboolean display_version = FALSE;
437  static gchar *config_file = NULL;
438  static gchar *scan_id = NULL;
439  static gchar *stop_scan_id = NULL;
440  static gboolean print_specs = FALSE;
441  static gboolean print_sysconfdir = FALSE;
442  static gboolean update_vt_info = FALSE;
443  GError *error = NULL;
444  GOptionContext *option_context;
445  static GOptionEntry entries[] = {
446  {"version", 'V', 0, G_OPTION_ARG_NONE, &display_version,
447  "Display version information", NULL},
448  {"config-file", 'c', 0, G_OPTION_ARG_FILENAME, &config_file,
449  "Configuration file", "<filename>"},
450  {"cfg-specs", 's', 0, G_OPTION_ARG_NONE, &print_specs,
451  "Print configuration settings", NULL},
452  {"sysconfdir", 'y', 0, G_OPTION_ARG_NONE, &print_sysconfdir,
453  "Print system configuration directory (set at compile time)", NULL},
454  {"update-vt-info", 'u', 0, G_OPTION_ARG_NONE, &update_vt_info,
455  "Updates VT info into redis store from VT files", NULL},
456  {"scan-start", '\0', 0, G_OPTION_ARG_STRING, &scan_id,
457  "ID of scan to start. ID and related data must be stored into redis "
458  "before.",
459  "<string>"},
460  {"scan-stop", '\0', 0, G_OPTION_ARG_STRING, &stop_scan_id,
461  "ID of scan to stop", "<string>"},
462 
463  {NULL, 0, 0, 0, NULL, NULL, NULL}};
464 
465  option_context =
466  g_option_context_new ("- Open Vulnerability Assessment Scanner");
467  g_option_context_add_main_entries (option_context, entries, NULL);
468  if (!g_option_context_parse (option_context, &argc, &argv, &error))
469  {
470  g_print ("%s\n\n", error->message);
471  exit (0);
472  }
473  g_option_context_free (option_context);
474 
475  /* --sysconfdir */
476  if (print_sysconfdir)
477  {
478  g_print ("%s\n", SYSCONFDIR);
479  exit (0);
480  }
481 
482  /* --version */
483  if (display_version)
484  {
485  printf ("OpenVAS %s\n", OPENVAS_VERSION);
486 #ifdef OPENVAS_GIT_REVISION
487  printf ("GIT revision %s\n", OPENVAS_GIT_REVISION);
488 #endif
489  printf ("gvm-libs %s\n", gvm_libs_version ());
490  printf ("Most new code since 2005: (C) 2019 Greenbone Networks GmbH\n");
491  printf (
492  "Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>\n");
493  printf ("License GPLv2: GNU GPL version 2\n");
494  printf (
495  "This is free software: you are free to change and redistribute it.\n"
496  "There is NO WARRANTY, to the extent permitted by law.\n\n");
497  exit (0);
498  }
499 
500  /* Switch to UTC so that OTP times are always in UTC. */
501  if (setenv ("TZ", "utc 0", 1) == -1)
502  {
503  g_print ("%s\n\n", strerror (errno));
504  exit (0);
505  }
506  tzset ();
507 
508  if (!config_file)
509  config_file = OPENVAS_CONF;
510  if (update_vt_info)
511  {
512  if (init_openvas (config_file))
513  return 1;
514  if (plugins_init ())
515  return 1;
516  return 0;
517  }
518 
519  if (init_openvas (config_file))
520  return 1;
521 
522  if (prefs_get ("vendor_version") != NULL)
523  vendor_version_set (prefs_get ("vendor_version"));
524 
525  if (stop_scan_id)
526  {
527  global_scan_id = g_strdup (stop_scan_id);
529  exit (0);
530  }
531 
532  if (scan_id)
533  {
534  global_scan_id = g_strdup (scan_id);
536  exit (0);
537  }
538 
539  /* special treatment */
540  if (print_specs)
541  {
542  prefs_dump ();
543  exit (0);
544  }
545  if (flush_all_kbs ())
546  exit (1);
547 
548 #if GNUTLS_VERSION_NUMBER < 0x030300
549  if (openvas_SSL_init () < 0)
550  g_message ("Could not initialize openvas SSL!");
551 #endif
552 
553  /* Ignore SIGHUP while reloading. */
554  openvas_signal (SIGHUP, SIG_IGN);
555 
556  ret = plugins_init ();
557  if (ret)
558  return 1;
559 
560  exit (0);
561 }

References flush_all_kbs(), gcrypt_init(), global_scan_id, init_openvas(), openvas_signal, openvas_SSL_init(), plugins_init(), scan_globals::scan_id, start_single_task_scan(), stop_single_task_scan(), and vendor_version_set().

Referenced by main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ reload_openvas()

static void reload_openvas ( void  )
static

Definition at line 183 of file openvas.c.

184 {
185  static gchar *rc_name = NULL;
186  const char *config_file;
187  int i, ret;
188 
189  /* Ignore SIGHUP while reloading. */
190  openvas_signal (SIGHUP, SIG_IGN);
191 
192  proctitle_set (PROCTITLE_RELOADING);
193  /* Setup logging. */
194  rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL);
195  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
196  log_config = load_log_configuration (rc_name);
197  g_free (rc_name);
198  setup_log_handlers (log_config);
199  g_message ("Reloading the scanner.\n");
200 
201  /* Reload config file. */
202  config_file = prefs_get ("config_file");
203  for (i = 0; openvas_defaults[i].option != NULL; i++)
204  prefs_set (openvas_defaults[i].option, openvas_defaults[i].value);
205  prefs_config (config_file);
206 
207  /* Reload the plugins */
208  ret = plugins_init ();
210 
211  g_message ("Finished reloading the scanner.");
213  proctitle_set (PROCTITLE_WAITING);
214  if (ret)
215  exit (1);
216 }

References handle_reload_signal(), log_config, openvas_defaults, openvas_signal, openvas_option::option, option, plugins_init(), PROCTITLE_RELOADING, PROCTITLE_WAITING, and set_globals_from_preferences().

Referenced by handle_reload_signal().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ scanner_thread()

static void scanner_thread ( struct scan_globals globals)
static

Definition at line 304 of file openvas.c.

305 {
306  nvticache_reset ();
307 
308  globals->scan_id = g_strdup (global_scan_id);
309 
310  handle_client (globals);
311 
312  exit (0);
313 }

References global_scan_id, handle_client(), and scan_globals::scan_id.

Referenced by start_single_task_scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_globals_from_preferences()

static void set_globals_from_preferences ( void  )
static

Definition at line 133 of file openvas.c.

134 {
135  const char *str;
136 
137  if ((str = prefs_get ("max_hosts")) != NULL)
138  {
139  global_max_hosts = atoi (str);
140  if (global_max_hosts <= 0)
141  global_max_hosts = 15;
142  }
143 
144  if ((str = prefs_get ("max_checks")) != NULL)
145  {
146  global_max_checks = atoi (str);
147  if (global_max_checks <= 0)
148  global_max_checks = 10;
149  }
150 }

References global_max_checks, and global_max_hosts.

Referenced by init_openvas(), and reload_openvas().

Here is the caller graph for this function:

◆ start_single_task_scan()

void start_single_task_scan ( )

Definition at line 368 of file openvas.c.

369 {
370  struct scan_globals *globals;
371 
372 #if GNUTLS_VERSION_NUMBER < 0x030300
373  if (openvas_SSL_init () < 0)
374  g_message ("Could not initialize openvas SSL!");
375 #endif
376 
377 #ifdef OPENVAS_GIT_REVISION
378  g_message ("openvas %s (GIT revision %s) started", OPENVAS_VERSION,
379  OPENVAS_GIT_REVISION);
380 #else
381  g_message ("openvas %s started", OPENVAS_VERSION);
382 #endif
383 
384  if (plugins_cache_init ())
385  {
386  g_message ("Failed to initialize nvti cache.");
387  exit (1);
388  }
390 
391  globals = g_malloc0 (sizeof (struct scan_globals));
392 
393  scanner_thread (globals);
394  exit (0);
395 }

References init_signal_handlers(), openvas_SSL_init(), plugins_cache_init(), and scanner_thread().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stop_single_task_scan()

static void stop_single_task_scan ( )
static

Search in redis the process ID of a running scan and sends it the kill signal SIGUSR2, which will stop the scan. To find the process ID, it uses the scan_id passed with the –scan-stop option.

Definition at line 403 of file openvas.c.

404 {
405  char key[1024];
406  kb_t kb;
407  int pid;
408 
409  if (!global_scan_id)
410  exit (1);
411 
412  snprintf (key, sizeof (key), "internal/%s", global_scan_id);
413  kb = kb_find (prefs_get ("db_address"), key);
414  if (!kb)
415  exit (1);
416 
417  pid = kb_item_get_int (kb, "internal/ovas_pid");
418  kill (pid, SIGUSR1);
419 
420  exit (0);
421 }

References global_scan_id, and pid.

Referenced by openvas().

Here is the caller graph for this function:

Variable Documentation

◆ global_max_checks

int global_max_checks = 10

Definition at line 90 of file openvas.c.

Referenced by get_max_checks_number(), and set_globals_from_preferences().

◆ global_max_hosts

int global_max_hosts = 15

Globals that should not be touched (used in utils module).

Definition at line 89 of file openvas.c.

Referenced by get_max_hosts_number(), and set_globals_from_preferences().

◆ global_scan_id

char* global_scan_id = NULL
static

Definition at line 99 of file openvas.c.

Referenced by openvas(), scanner_thread(), and stop_single_task_scan().

◆ loading_stop_signal

volatile int loading_stop_signal = 0
static

Definition at line 97 of file openvas.c.

◆ log_config

GSList* log_config = NULL

Logging parameters, as passed to setup_log_handlers.

Definition at line 95 of file openvas.c.

Referenced by init_openvas(), and reload_openvas().

◆ openvas_defaults

openvas_option openvas_defaults[]
static
Initial value:
= {
{"plugins_folder", OPENVAS_NVT_DIR},
{"include_folders", OPENVAS_NVT_DIR},
{"max_hosts", "30"},
{"max_checks", "10"},
{"log_whole_attack", "no"},
{"log_plugins_name_at_load", "no"},
{"optimize_test", "yes"},
{"network_scan", "no"},
{"non_simult_ports", "139, 445, 3389, Services/irc"},
{"plugins_timeout", G_STRINGIFY (NVT_TIMEOUT)},
{"scanner_plugins_timeout", G_STRINGIFY (SCANNER_NVT_TIMEOUT)},
{"safe_checks", "yes"},
{"auto_enable_dependencies", "yes"},
{"drop_privileges", "no"},
{"report_host_details", "yes"},
{"db_address", KB_PATH_DEFAULT},
{"vendor_version", "\0"},
{NULL, NULL}}

Default values for scanner options. Must be NULL terminated.

Definition at line 110 of file openvas.c.

Referenced by init_openvas(), and reload_openvas().

◆ termination_signal

volatile int termination_signal = 0
static

Definition at line 98 of file openvas.c.

Referenced by handle_termination_signal().

attack_network
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:1008
script_infos::key
kb_t key
Definition: scanneraux.h:46
init_signal_handlers
static void init_signal_handlers()
Initializes main scanner process' signal handlers.
Definition: openvas.c:172
log_config
GSList * log_config
Logging parameters, as passed to setup_log_handlers.
Definition: openvas.c:95
global_max_checks
int global_max_checks
Definition: openvas.c:90
start_single_task_scan
void start_single_task_scan()
Definition: openvas.c:368
handle_termination_signal
static void handle_termination_signal(int sig)
Definition: openvas.c:163
handle_reload_signal
static void handle_reload_signal(int sig)
Definition: openvas.c:156
store_file
int store_file(struct scan_globals *globals, const char *file, const char *file_hash)
Stores a file type preference in a hash table.
Definition: utils.c:110
gcrypt_init
static void gcrypt_init()
Definition: openvas.c:356
pid
static pid_t pid
Definition: nasl_builtin_nmap.c:499
global_scan_id
static char * global_scan_id
Definition: openvas.c:99
stop_single_task_scan
static void stop_single_task_scan()
Search in redis the process ID of a running scan and sends it the kill signal SIGUSR2,...
Definition: openvas.c:403
scanner_thread
static void scanner_thread(struct scan_globals *globals)
Definition: openvas.c:304
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
openvas_SSL_init
int openvas_SSL_init()
Initializes SSL support.
Definition: network.c:351
PROCTITLE_RELOADING
#define PROCTITLE_RELOADING
Definition: openvas.c:83
plugins_init
int plugins_init(void)
Definition: pluginload.c:376
script_infos::globals
struct scan_globals * globals
Definition: scanneraux.h:45
PROCTITLE_WAITING
#define PROCTITLE_WAITING
Definition: openvas.c:81
option
#define option
scan_globals
Definition: scanneraux.h:32
openvas_defaults
static openvas_option openvas_defaults[]
Default values for scanner options. Must be NULL terminated.
Definition: openvas.c:110
termination_signal
static volatile int termination_signal
Definition: openvas.c:98
sighand_chld
void sighand_chld(pid_t pid)
Definition: sighand.c:103
handle_client
static void handle_client(struct scan_globals *globals)
Definition: openvas.c:284
flush_all_kbs
static int flush_all_kbs()
Definition: openvas.c:342
set_globals_from_preferences
static void set_globals_from_preferences(void)
Definition: openvas.c:133
init_openvas
static int init_openvas(const char *config_file)
Initialize everything.
Definition: openvas.c:321
vendor_version_set
void vendor_version_set(const gchar *version)
Set vendor version.
Definition: vendorversion.c:40
global_max_hosts
int global_max_hosts
Definition: openvas.c:89
scan_globals::scan_id
char * scan_id
Definition: scanneraux.h:38
openvas_option::option
char * option
Definition: openvas.c:103
reload_openvas
static void reload_openvas(void)
Definition: openvas.c:183
load_scan_preferences
static int load_scan_preferences(struct scan_globals *globals)
Read the scan preferences from redis @input scan_id Scan ID used as key to find the corresponding KB ...
Definition: openvas.c:226
plugins_cache_init
int plugins_cache_init(void)
Main function for nvticache initialization without loading the plugins.
Definition: pluginload.c:359