28 #include "../misc/network.h"
29 #include "../misc/nvt_categories.h"
30 #include "../misc/pcap_openvas.h"
31 #include "../nasl/nasl_debug.h"
41 #include <arpa/inet.h>
45 #include <gvm/base/hosts.h>
46 #include <gvm/base/networking.h>
47 #include <gvm/base/prefs.h>
48 #include <gvm/base/proctitle.h>
49 #include <gvm/util/nvticache.h>
55 #define ERR_HOST_DEAD -1
56 #define ERR_CANT_FORK -2
58 #define MAX_FORK_RETRIES 10
62 #define KB_RETRY_DELAY 3
70 #define PROGRESS_BAR_STYLE 1
76 #define G_LOG_DOMAIN "sd main"
111 int i = atoi (prefs_get (
"ov_maindbid"));
114 main_kb = kb_direct_conn (prefs_get (
"db_address"), i);
117 kb_item_add_int_unique (main_kb,
"internal/dbindex", host_kb_index);
120 g_warning (
"Not possible to add the kb index %d to the list of "
135 int i = atoi (prefs_get (
"ov_maindbid"));
138 main_kb = kb_direct_conn (prefs_get (
"db_address"), i);
142 char *
scan_id = kb_item_get_str (main_kb, (
"internal/scanid"));
144 snprintf (buffer,
sizeof (buffer),
"internal/%s",
scan_id);
145 kb_item_set_str (main_kb, buffer, status, 0);
149 g_warning (
"Not possible to set the scan as finished");
163 if (strlen (
hostname) > (
sizeof (buffer) - 50))
166 snprintf (buffer,
sizeof (buffer),
"%d/%d", curr,
max);
167 kb_item_push_str (kb,
"internal/status", buffer);
177 sprintf (buf,
"ERRMSG||| |||%s||| |||%s", port ?:
" ", msg ?:
"No error.");
178 kb_item_push_str (kb,
"internal/results", buf);
186 errcode = abs (errcode);
187 msg = g_strdup_printf (
"WARNING: Cannot connect to KB at '%s': %s'",
188 prefs_get (
"db_address"), strerror (errcode));
189 g_warning (
"%s", msg);
198 now = then = time (NULL);
199 while (now - then < n)
201 waitpid (-1, NULL, WNOHANG);
216 if (g_ascii_strcasecmp (nss,
"busy") == 0)
218 else if (g_ascii_strcasecmp (nss,
"done") == 0)
268 struct in6_addr *ip, GSList *vhosts, kb_t kb)
270 int optimize = prefs_get_bool (
"optimize_test"),
pid, ret = 0;
271 char *
oid, *
name, *error = NULL, ip_str[INET6_ADDRSTRLEN];
272 gboolean network_scan = FALSE;
275 addr6_to_str (ip, ip_str);
277 nvti = nvticache_get_nvt (
oid);
282 g_message (
"Plugin '%s' missing from nvticache.",
oid);
284 goto finish_launch_plugin;
288 if (nvti_category (nvti) !=
ACT_END)
291 goto finish_launch_plugin;
295 name = nvticache_get_filename (
oid);
296 g_message (
"Stopped scan wrap-up: Launching %s (%s)",
name,
oid);
304 if (prefs_get_bool (
"safe_checks")
307 if (prefs_get_bool (
"log_whole_attack"))
309 name = nvticache_get_filename (
oid);
310 g_message (
"Not launching %s (%s) against %s because safe checks are"
311 " enabled (this is not an error)",
316 goto finish_launch_plugin;
324 snprintf (asc_id,
sizeof (asc_id),
"Launched/%s",
oid);
326 if (kb_item_get_int (kb, asc_id) > 0)
328 if (prefs_get_bool (
"log_whole_attack"))
329 g_message (
"Not launching %s against %s because it has already "
330 "been lanched in the past (this is not an error)",
333 goto finish_launch_plugin;
336 kb_item_set_int (kb, asc_id, 1);
342 error =
"because a mandatory key is missing";
346 if (prefs_get_bool (
"log_whole_attack"))
348 name = nvticache_get_filename (
oid);
350 "Not launching %s (%s) against %s %s (this is not an error)",
name,
354 goto finish_launch_plugin;
358 if (kb_item_get_int (kb,
"Host/dead") > 0)
360 g_message (
"The remote host %s is dead", ip_str);
364 goto finish_launch_plugin;
373 goto finish_launch_plugin;
376 if (prefs_get_bool (
"log_whole_attack"))
378 name = nvticache_get_filename (
oid);
379 g_message (
"Launching %s (%s) against %s [%d]",
name,
oid, ip_str,
pid);
383 finish_launch_plugin:
391 struct kb_item *items, *p_itm;
393 items = kb_item_get_pattern (src, filter ? filter :
"*");
394 for (p_itm = items; p_itm != NULL; p_itm = p_itm->next)
398 newname = strstr (p_itm->name,
"/");
400 newname = p_itm->name;
404 kb_item_add_str (dst, newname, p_itm->v_str, 0);
424 gchar *hostname_pattern;
426 const gchar *kb_path = prefs_get (
"db_address");
433 rc = kb_new (&kb, kb_path);
440 hostname_pattern = g_strdup_printf (
"%s/*", ip_str);
442 g_free (hostname_pattern);
446 assert (network_kb != NULL);
447 assert (*network_kb != NULL);
452 rc = kb_new (&kb, kb_path);
479 while ((value = kb_item_pop_str (
host_kb,
"internal/vhosts")))
482 char buffer[4096], *source;
485 g_snprintf (buffer,
sizeof (buffer),
"internal/source/%s", value);
486 source = kb_item_pop_str (
host_kb, buffer);
488 vhost = gvm_vhost_new (value, source);
501 int num_plugs, forks_retry = 0;
502 char ip_str[INET6_ADDRSTRLEN];
504 addr6_to_str (ip, ip_str);
508 kb_item_set_str (kb,
"internal/ip", ip_str, 0);
509 kb_item_set_int (kb,
"internal/hostpid", getpid ());
510 proctitle_set (
"openvas: testing %s", ip_str);
511 if (net_kb && *net_kb)
542 static int last_status = 0, cur_plug = 0;
555 buffer,
sizeof (buffer),
556 "LOG||| |||general/Host_Details||| |||<host><detail>"
557 "<name>Host dead</name><value>1</value><source>"
558 "<description/><type/><name/></source></detail></host>");
559 #if (PROGRESS_BAR_STYLE == 1)
565 kb_item_push_str (kb,
"internal/results", buffer);
573 g_debug (
"fork() failed - sleeping %d seconds (%s)",
574 forks_retry, strerror (errno));
580 g_debug (
"fork() failed too many times - aborting");
589 last_status = (cur_plug * 100) / num_plugs + 2;
598 else if (plugin == NULL)
625 const gvm_hosts_t *hosts_allow,
const gvm_hosts_t *hosts_deny)
631 if (hosts_deny && gvm_host_in_hosts (
host, addr, hosts_deny))
633 if (hosts_allow && !gvm_host_in_hosts (
host, addr, hosts_allow))
653 string = g_string_new (((gvm_vhost_t *)
list->data)->value);
654 if (g_slist_length (
list) == 1)
655 return g_string_free (
string, FALSE);
659 g_string_append (
string,
", ");
660 g_string_append (
string, ((gvm_vhost_t *)
list->data)->value);
663 return g_string_free (
string, FALSE);
680 gvm_hosts_t *hosts_allow, *hosts_deny;
681 gvm_hosts_t *sys_hosts_allow, *sys_hosts_deny;
684 hosts_allow = gvm_hosts_new (prefs_get (
"hosts_allow"));
685 hosts_deny = gvm_hosts_new (prefs_get (
"hosts_deny"));
691 sys_hosts_allow = gvm_hosts_new (prefs_get (
"sys_hosts_allow"));
692 sys_hosts_deny = gvm_hosts_new (prefs_get (
"sys_hosts_deny"));
696 kb,
"Host access denied (system-wide restriction.)", NULL);
700 gvm_hosts_free (hosts_allow);
701 gvm_hosts_free (hosts_deny);
702 gvm_hosts_free (sys_hosts_allow);
703 gvm_hosts_free (sys_hosts_deny);
714 char ip_str[INET6_ADDRSTRLEN], *hostnames;
715 struct in6_addr hostip;
722 gettimeofday (&then, NULL);
724 kb_item_set_str (kb,
"internal/scan_id", globals->
scan_id, 0);
729 if (prefs_get_bool (
"expand_vhosts"))
730 gvm_host_add_reverse_lookup (args->
host);
731 if ((ret = gvm_vhosts_exclude (args->
host, prefs_get (
"exclude_hosts"))) > 0)
732 g_message (
"exclude_hosts: Skipped %d vhost(s).", ret);
733 gvm_host_get_addr6 (args->
host, &hostip);
734 addr6_to_str (&hostip, ip_str);
737 g_warning (
"Host %s access denied.", ip_str);
740 if (prefs_get_bool (
"test_empty_vhost"))
743 gvm_vhost_new (g_strdup (ip_str), g_strdup (
"IP-address"));
744 args->
host->vhosts = g_slist_prepend (args->
host->vhosts, vhost);
748 g_message (
"Testing %s (Vhosts: %s) [%d]", ip_str, hostnames, getpid ());
750 g_message (
"Testing %s [%d]", ip_str, getpid ());
759 snprintf (key,
sizeof (key),
"internal/%s", globals->
scan_id);
760 kb_item_set_str (kb, key,
"finished", 0);
762 gettimeofday (&now, NULL);
763 if (now.tv_usec < then.tv_usec)
766 now.tv_usec += 1000000;
768 g_message (
"Finished testing %s. Time : %ld.%.2ld secs", ip_str,
769 (
long) (now.tv_sec - then.tv_sec),
770 (
long) ((now.tv_usec - then.tv_usec) / 10000));
777 const char *ordering = prefs_get (
"hosts_ordering"),
778 *exclude_hosts = prefs_get (
"exclude_hosts");
786 if (!strcmp (ordering,
"random"))
788 gvm_hosts_shuffle (
hosts);
789 g_debug (
"hosts_ordering: Random.");
791 else if (!strcmp (ordering,
"reverse"))
793 gvm_hosts_reverse (
hosts);
794 g_debug (
"hosts_ordering: Reverse.");
798 g_debug (
"hosts_ordering: Sequential.");
804 int ret = gvm_hosts_exclude (
hosts, exclude_hosts);
807 g_message (
"exclude_hosts: Skipped %d host(s).", ret);
809 g_message (
"exclude_hosts: Error.");
813 if (prefs_get_bool (
"reverse_lookup_unify"))
814 g_debug (
"reverse_lookup_unify: Skipped %d host(s).",
815 gvm_hosts_reverse_lookup_unify (
hosts));
818 if (prefs_get_bool (
"reverse_lookup_only"))
819 g_debug (
"reverse_lookup_only: Skipped %d host(s).",
820 gvm_hosts_reverse_lookup_only (
hosts));
826 gchar **element, **split;
828 if (str == NULL || comma_list == NULL)
831 split = g_strsplit (comma_list,
",", 0);
835 gchar *stripped = g_strstrip (*element);
837 if (stripped && strcmp (stripped, str) == 0)
859 const char *ifaces_list;
864 ifaces_list = prefs_get (
"ifaces_deny");
867 ifaces_list = prefs_get (
"ifaces_allow");
871 ifaces_list = prefs_get (
"sys_ifaces_deny");
874 ifaces_list = prefs_get (
"sys_ifaces_allow");
891 const char *source_iface = prefs_get (
"source_iface");
894 if (source_iface == NULL)
901 g_strdup_printf (
"Unauthorized source interface: %s", source_iface);
902 g_warning (
"source_iface: Unauthorized source interface %s.",
910 gchar *msg = g_strdup_printf (
"Unauthorized source interface: %s"
911 " (system-wide restriction.)",
913 g_warning (
"source_iface: Unauthorized source interface %s."
914 " (sys_* preference restriction.)",
921 if (gvm_source_iface_init (source_iface))
924 g_strdup_printf (
"Erroneous source interface: %s", source_iface);
925 g_debug (
"source_iface: Error with %s interface.", source_iface);
932 char *ipstr, *ip6str;
933 ipstr = gvm_source_addr_str ();
934 ip6str = gvm_source_addr6_str ();
935 g_debug (
"source_iface: Using %s (%s / %s).", source_iface, ipstr,
950 rc = kb_new (&kb, prefs_get (
"db_address"));
979 int max_hosts = 0, max_checks;
980 const char *hostlist;
983 int fork_retries = 0;
988 gboolean network_phase = FALSE;
989 gboolean do_network_scan = FALSE;
993 gettimeofday (&then, NULL);
995 if (prefs_get_bool (
"network_scan"))
996 do_network_scan = TRUE;
998 do_network_scan = FALSE;
1004 if (do_network_scan)
1012 network_phase = FALSE;
1016 network_phase = TRUE;
1021 network_phase = TRUE;
1032 hostlist = prefs_get (
"TARGET");
1033 if (hostlist == NULL)
1039 port_range = prefs_get (
"port_range");
1040 if (validate_port_range (port_range))
1047 prefs_get_bool (
"auto_enable_dependencies"),
1051 g_message (
"Couldn't initialize the plugin scheduler");
1063 "WARNING: In network phase, but without targets! Stopping.");
1070 g_message (
"Start a new scan. Target(s) : %s, "
1071 "in network phase with target %s",
1074 rc = kb_new (network_kb, prefs_get (
"db_address"));
1081 kb_lnk_reset (*network_kb);
1085 g_message (
"Starts a new scan. Target(s) : %s, with max_hosts = %d and "
1087 hostlist, max_hosts, max_checks);
1089 hosts = gvm_hosts_new (hostlist);
1090 unresolved = gvm_hosts_resolve (
hosts);
1093 g_warning (
"Couldn't resolve hostname '%s'", (
char *) unresolved->data);
1094 unresolved = unresolved->next;
1096 g_slist_free_full (unresolved, g_free);
1103 gvm_hosts_free (
hosts);
1123 rc = kb_new (&
host_kb, prefs_get (
"db_address"));
1124 if (rc < 0 && rc != -2)
1138 host_str = gvm_host_value_str (
host);
1153 args.
net_kb = network_kb;
1165 g_debug (
"fork() failed - %s. %s won't be tested",
1166 strerror (errno), host_str);
1171 g_debug (
"fork() failed - "
1172 "sleeping %d seconds and trying again...",
1195 g_message (
"Test complete");
1202 g_hash_table_destroy (files);
1210 gvm_hosts_free (
hosts);
1216 gettimeofday (&now, NULL);
1217 g_message (
"Total time to scan all hosts : %ld seconds",
1218 now.tv_sec - then.tv_sec);