OpenVAS Scanner  7.0.0~git
openvas.c File Reference
#include "../misc/plugutils.h"
#include "../misc/vendorversion.h"
#include "attack.h"
#include "pluginlaunch.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
#include <errno.h>
#include <fcntl.h>
#include <gcrypt.h>
#include <glib.h>
#include <grp.h>
#include <gvm/base/logging.h>
#include <gvm/base/nvti.h>
#include <gvm/base/prefs.h>
#include <gvm/base/proctitle.h>
#include <gvm/util/kb.h>
#include <gvm/util/nvticache.h>
#include <gvm/util/uuidutils.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <unistd.h>
#include "../misc/network.h"
Include dependency graph for openvas.c:

Go to the source code of this file.

Data Structures

struct  openvas_option
 

Macros

#define G_LOG_DOMAIN   "sd main"
 GLib log domain. More...
 
#define PROCTITLE_WAITING   "openvas: Waiting for incoming connections"
 
#define PROCTITLE_LOADING   "openvas: Loading Handler"
 
#define PROCTITLE_RELOADING   "openvas: Reloading"
 
#define PROCTITLE_SERVING   "openvas: Serving %s"
 

Functions

static void set_globals_from_preferences (void)
 
static void reload_openvas (void)
 
static void handle_reload_signal (int sig)
 
static void handle_termination_signal (int sig)
 
static void init_signal_handlers ()
 Initializes main scanner process' signal handlers. More...
 
static int load_scan_preferences (struct scan_globals *globals)
 Read the scan preferences from redis @input scan_id Scan ID used as key to find the corresponding KB where to take the preferences from. More...
 
static void handle_client (struct scan_globals *globals)
 
static void scanner_thread (struct scan_globals *globals)
 
static int init_openvas (const char *config_file)
 Initialize everything. More...
 
static int flush_all_kbs ()
 
static void gcrypt_init ()
 
void start_single_task_scan ()
 
static void stop_single_task_scan ()
 Search in redis the process ID of a running scan and sends it the kill signal SIGUSR2, which will stop the scan. To find the process ID, it uses the scan_id passed with the –scan-stop option. More...
 
int openvas (int argc, char *argv[])
 openvas. More...
 

Variables

int global_max_hosts = 15
 
int global_max_checks = 10
 
GSList * log_config = NULL
 Logging parameters, as passed to setup_log_handlers. More...
 
static volatile int loading_stop_signal = 0
 
static volatile int termination_signal = 0
 
static char * global_scan_id = NULL
 
static openvas_option openvas_defaults []
 Default values for scanner options. Must be NULL terminated. More...
 

Detailed Description

OpenVAS main module, runs the scanner.

Definition in file openvas.c.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "sd main"

GLib log domain.

Definition at line 78 of file openvas.c.

◆ PROCTITLE_LOADING

#define PROCTITLE_LOADING   "openvas: Loading Handler"

Definition at line 81 of file openvas.c.

◆ PROCTITLE_RELOADING

#define PROCTITLE_RELOADING   "openvas: Reloading"

Definition at line 82 of file openvas.c.

◆ PROCTITLE_SERVING

#define PROCTITLE_SERVING   "openvas: Serving %s"

Definition at line 83 of file openvas.c.

◆ PROCTITLE_WAITING

#define PROCTITLE_WAITING   "openvas: Waiting for incoming connections"

Definition at line 80 of file openvas.c.

Function Documentation

◆ flush_all_kbs()

static int flush_all_kbs ( )
static

Definition at line 341 of file openvas.c.

342 {
343  kb_t kb;
344  int rc;
345 
346  rc = kb_new (&kb, prefs_get ("db_address"));
347  if (rc)
348  return rc;
349 
350  rc = kb_flush (kb, NVTICACHE_STR);
351  return rc;
352 }

Referenced by openvas().

Here is the caller graph for this function:

◆ gcrypt_init()

static void gcrypt_init ( )
static

Definition at line 355 of file openvas.c.

356 {
357  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
358  return;
359  gcry_check_version (NULL);
360  gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
361  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
362  gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
363  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
364 }

Referenced by openvas().

Here is the caller graph for this function:

◆ handle_client()

static void handle_client ( struct scan_globals globals)
static

Definition at line 283 of file openvas.c.

284 {
285  kb_t net_kb = NULL;
286 
287  /* Load preferences from Redis. Scan started with a scan_id. */
289  {
290  g_warning ("No preferences found for the scan %s", globals->scan_id);
291  exit (0);
292  }
293 
294  attack_network (globals, &net_kb);
295  if (net_kb != NULL)
296  {
297  kb_delete (net_kb);
298  net_kb = NULL;
299  }
300 }

References attack_network(), load_scan_preferences(), and scan_globals::scan_id.

Referenced by scanner_thread().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_reload_signal()

static void handle_reload_signal ( int  sig)
static

Definition at line 155 of file openvas.c.

156 {
157  (void) sig;
158  reload_openvas ();
159 }

References reload_openvas().

Referenced by init_signal_handlers(), and reload_openvas().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_termination_signal()

static void handle_termination_signal ( int  sig)
static

Definition at line 162 of file openvas.c.

163 {
164  termination_signal = sig;
165 }

References termination_signal.

Referenced by init_signal_handlers().

Here is the caller graph for this function:

◆ init_openvas()

static int init_openvas ( const char *  config_file)
static

Initialize everything.

Parameters
config_filePath to config file for initialization

Definition at line 320 of file openvas.c.

321 {
322  static gchar *rc_name = NULL;
323  int i;
324 
325  for (i = 0; openvas_defaults[i].option != NULL; i++)
326  prefs_set (openvas_defaults[i].option, openvas_defaults[i].value);
327  prefs_config (config_file);
328 
329  /* Setup logging. */
330  rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL);
331  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
332  log_config = load_log_configuration (rc_name);
333  g_free (rc_name);
334  setup_log_handlers (log_config);
336 
337  return 0;
338 }

References log_config, openvas_defaults, openvas_option::option, option, and set_globals_from_preferences().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_signal_handlers()

static void init_signal_handlers ( )
static

Initializes main scanner process' signal handlers.

Definition at line 171 of file openvas.c.

References handle_reload_signal(), handle_termination_signal(), openvas_signal, and sighand_chld().

Referenced by start_single_task_scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ load_scan_preferences()

static int load_scan_preferences ( struct scan_globals globals)
static

Read the scan preferences from redis @input scan_id Scan ID used as key to find the corresponding KB where to take the preferences from.

Returns
0 on success, -1 if the kb is not found or no prefs are found in the kb.

Definition at line 225 of file openvas.c.

226 {
227  char key[1024];
228  kb_t kb;
229  struct kb_item *res = NULL;
230 
231  g_debug ("Start loading scan preferences.");
232  if (!globals->scan_id)
233  return -1;
234 
235  snprintf (key, sizeof (key), "internal/%s/scanprefs", globals->scan_id);
236  kb = kb_find (prefs_get ("db_address"), key);
237  if (!kb)
238  return -1;
239 
240  res = kb_item_get_all (kb, key);
241  if (!res)
242  return -1;
243 
244  while (res)
245  {
246  gchar **pref = g_strsplit (res->v_str, "|||", 2);
247  if (pref[0])
248  {
249  gchar **pref_name = g_strsplit (pref[0], ":", 3);
250  if (pref_name[1] && pref_name[2]
251  && !strncmp (pref_name[2], "file", 4))
252  {
253  char *file_hash = gvm_uuid_make ();
254  int ret;
255  prefs_set (pref[0], file_hash);
256  ret = store_file (globals, pref[1], file_hash);
257  if (ret)
258  g_debug ("Load preference: Failed to upload file "
259  "for nvt %s preference.",
260  pref_name[0]);
261 
262  g_free (file_hash);
263  }
264  else
265  prefs_set (pref[0], pref[1] ?: "");
266  g_strfreev (pref_name);
267  }
268 
269  g_strfreev (pref);
270  res = res->next;
271  }
272  snprintf (key, sizeof (key), "internal/%s", globals->scan_id);
273  kb_item_set_str (kb, key, "ready", 0);
274  kb_item_set_int (kb, "internal/ovas_pid", getpid ());
275 
276  g_debug ("End loading scan preferences.");
277 
278  kb_item_free (res);
279  return 0;
280 }

References script_infos::key, scan_globals::scan_id, and store_file().

Referenced by handle_client().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ openvas()

int openvas ( int  argc,
char *  argv[] 
)

openvas.

Parameters
argcArgument count.
argvArgument vector.

Definition at line 428 of file openvas.c.

429 {
430  int ret;
431 
432  proctitle_init (argc, argv);
433  gcrypt_init ();
434 
435  static gboolean display_version = FALSE;
436  static gchar *config_file = NULL;
437  static gchar *scan_id = NULL;
438  static gchar *stop_scan_id = NULL;
439  static gboolean print_specs = FALSE;
440  static gboolean print_sysconfdir = FALSE;
441  static gboolean update_vt_info = FALSE;
442  GError *error = NULL;
443  GOptionContext *option_context;
444  static GOptionEntry entries[] = {
445  {"version", 'V', 0, G_OPTION_ARG_NONE, &display_version,
446  "Display version information", NULL},
447  {"config-file", 'c', 0, G_OPTION_ARG_FILENAME, &config_file,
448  "Configuration file", "<filename>"},
449  {"cfg-specs", 's', 0, G_OPTION_ARG_NONE, &print_specs,
450  "Print configuration settings", NULL},
451  {"sysconfdir", 'y', 0, G_OPTION_ARG_NONE, &print_sysconfdir,
452  "Print system configuration directory (set at compile time)", NULL},
453  {"update-vt-info", 'u', 0, G_OPTION_ARG_NONE, &update_vt_info,
454  "Updates VT info into redis store from VT files", NULL},
455  {"scan-start", '\0', 0, G_OPTION_ARG_STRING, &scan_id,
456  "ID of scan to start. ID and related data must be stored into redis "
457  "before.",
458  "<string>"},
459  {"scan-stop", '\0', 0, G_OPTION_ARG_STRING, &stop_scan_id,
460  "ID of scan to stop", "<string>"},
461 
462  {NULL, 0, 0, 0, NULL, NULL, NULL}};
463 
464  option_context =
465  g_option_context_new ("- Open Vulnerability Assessment Scanner");
466  g_option_context_add_main_entries (option_context, entries, NULL);
467  if (!g_option_context_parse (option_context, &argc, &argv, &error))
468  {
469  g_print ("%s\n\n", error->message);
470  exit (0);
471  }
472  g_option_context_free (option_context);
473 
474  /* --sysconfdir */
475  if (print_sysconfdir)
476  {
477  g_print ("%s\n", SYSCONFDIR);
478  exit (0);
479  }
480 
481  /* --version */
482  if (display_version)
483  {
484  printf ("OpenVAS %s\n", OPENVAS_VERSION);
485 #ifdef OPENVAS_GIT_REVISION
486  printf ("GIT revision %s\n", OPENVAS_GIT_REVISION);
487 #endif
488  printf ("Most new code since 2005: (C) 2019 Greenbone Networks GmbH\n");
489  printf (
490  "Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>\n");
491  printf ("License GPLv2: GNU GPL version 2\n");
492  printf (
493  "This is free software: you are free to change and redistribute it.\n"
494  "There is NO WARRANTY, to the extent permitted by law.\n\n");
495  exit (0);
496  }
497 
498  /* Switch to UTC so that OTP times are always in UTC. */
499  if (setenv ("TZ", "utc 0", 1) == -1)
500  {
501  g_print ("%s\n\n", strerror (errno));
502  exit (0);
503  }
504  tzset ();
505 
506  if (!config_file)
507  config_file = OPENVAS_CONF;
508  if (update_vt_info)
509  {
510  if (init_openvas (config_file))
511  return 1;
512  if (plugins_init ())
513  return 1;
514  return 0;
515  }
516 
517  if (init_openvas (config_file))
518  return 1;
519 
520  if (prefs_get ("vendor_version") != NULL)
521  vendor_version_set (prefs_get ("vendor_version"));
522 
523  if (stop_scan_id)
524  {
525  global_scan_id = g_strdup (stop_scan_id);
527  exit (0);
528  }
529 
530  if (scan_id)
531  {
532  global_scan_id = g_strdup (scan_id);
534  exit (0);
535  }
536 
537  /* special treatment */
538  if (print_specs)
539  {
540  prefs_dump ();
541  exit (0);
542  }
543  if (flush_all_kbs ())
544  exit (1);
545 
546 #if GNUTLS_VERSION_NUMBER < 0x030300
547  if (openvas_SSL_init () < 0)
548  g_message ("Could not initialize openvas SSL!");
549 #endif
550 
551  /* Ignore SIGHUP while reloading. */
552  openvas_signal (SIGHUP, SIG_IGN);
553 
554  ret = plugins_init ();
555  if (ret)
556  return 1;
557 
558  exit (0);
559 }

References flush_all_kbs(), gcrypt_init(), global_scan_id, init_openvas(), openvas_signal, openvas_SSL_init(), plugins_init(), scan_globals::scan_id, start_single_task_scan(), stop_single_task_scan(), and vendor_version_set().

Referenced by main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ reload_openvas()

static void reload_openvas ( void  )
static

Definition at line 182 of file openvas.c.

183 {
184  static gchar *rc_name = NULL;
185  const char *config_file;
186  int i, ret;
187 
188  /* Ignore SIGHUP while reloading. */
189  openvas_signal (SIGHUP, SIG_IGN);
190 
191  proctitle_set (PROCTITLE_RELOADING);
192  /* Setup logging. */
193  rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL);
194  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
195  log_config = load_log_configuration (rc_name);
196  g_free (rc_name);
197  setup_log_handlers (log_config);
198  g_message ("Reloading the scanner.\n");
199 
200  /* Reload config file. */
201  config_file = prefs_get ("config_file");
202  for (i = 0; openvas_defaults[i].option != NULL; i++)
203  prefs_set (openvas_defaults[i].option, openvas_defaults[i].value);
204  prefs_config (config_file);
205 
206  /* Reload the plugins */
207  ret = plugins_init ();
209 
210  g_message ("Finished reloading the scanner.");
212  proctitle_set (PROCTITLE_WAITING);
213  if (ret)
214  exit (1);
215 }

References handle_reload_signal(), log_config, openvas_defaults, openvas_signal, openvas_option::option, option, plugins_init(), PROCTITLE_RELOADING, PROCTITLE_WAITING, and set_globals_from_preferences().

Referenced by handle_reload_signal().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ scanner_thread()

static void scanner_thread ( struct scan_globals globals)
static

Definition at line 303 of file openvas.c.

304 {
305  nvticache_reset ();
306 
307  globals->scan_id = g_strdup (global_scan_id);
308 
309  handle_client (globals);
310 
311  exit (0);
312 }

References global_scan_id, handle_client(), and scan_globals::scan_id.

Referenced by start_single_task_scan().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_globals_from_preferences()

static void set_globals_from_preferences ( void  )
static

Definition at line 132 of file openvas.c.

133 {
134  const char *str;
135 
136  if ((str = prefs_get ("max_hosts")) != NULL)
137  {
138  global_max_hosts = atoi (str);
139  if (global_max_hosts <= 0)
140  global_max_hosts = 15;
141  }
142 
143  if ((str = prefs_get ("max_checks")) != NULL)
144  {
145  global_max_checks = atoi (str);
146  if (global_max_checks <= 0)
147  global_max_checks = 10;
148  }
149 }

References global_max_checks, and global_max_hosts.

Referenced by init_openvas(), and reload_openvas().

Here is the caller graph for this function:

◆ start_single_task_scan()

void start_single_task_scan ( )

Definition at line 367 of file openvas.c.

368 {
369  struct scan_globals *globals;
370  int ret = 0;
371 
372 #if GNUTLS_VERSION_NUMBER < 0x030300
373  if (openvas_SSL_init () < 0)
374  g_message ("Could not initialize openvas SSL!");
375 #endif
376 
377 #ifdef OPENVAS_GIT_REVISION
378  g_message ("openvas %s (GIT revision %s) started", OPENVAS_VERSION,
379  OPENVAS_GIT_REVISION);
380 #else
381  g_message ("openvas %s started", OPENVAS_VERSION);
382 #endif
383 
384  openvas_signal (SIGHUP, SIG_IGN);
385  ret = plugins_init ();
386  if (ret)
387  exit (0);
389 
390  globals = g_malloc0 (sizeof (struct scan_globals));
391 
392  scanner_thread (globals);
393  exit (0);
394 }

References init_signal_handlers(), openvas_signal, openvas_SSL_init(), plugins_init(), and scanner_thread().

Referenced by openvas().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stop_single_task_scan()

static void stop_single_task_scan ( )
static

Search in redis the process ID of a running scan and sends it the kill signal SIGUSR2, which will stop the scan. To find the process ID, it uses the scan_id passed with the –scan-stop option.

Definition at line 402 of file openvas.c.

403 {
404  char key[1024];
405  kb_t kb;
406  int pid;
407 
408  if (!global_scan_id)
409  exit (1);
410 
411  snprintf (key, sizeof (key), "internal/%s", global_scan_id);
412  kb = kb_find (prefs_get ("db_address"), key);
413  if (!kb)
414  exit (1);
415 
416  pid = kb_item_get_int (kb, "internal/ovas_pid");
417  kill (pid, SIGUSR2);
418 
419  exit (0);
420 }

References global_scan_id, and pid.

Referenced by openvas().

Here is the caller graph for this function:

Variable Documentation

◆ global_max_checks

int global_max_checks = 10

Definition at line 89 of file openvas.c.

Referenced by get_max_checks_number(), and set_globals_from_preferences().

◆ global_max_hosts

int global_max_hosts = 15

Globals that should not be touched (used in utils module).

Definition at line 88 of file openvas.c.

Referenced by get_max_hosts_number(), and set_globals_from_preferences().

◆ global_scan_id

char* global_scan_id = NULL
static

Definition at line 98 of file openvas.c.

Referenced by openvas(), scanner_thread(), and stop_single_task_scan().

◆ loading_stop_signal

volatile int loading_stop_signal = 0
static

Definition at line 96 of file openvas.c.

◆ log_config

GSList* log_config = NULL

Logging parameters, as passed to setup_log_handlers.

Definition at line 94 of file openvas.c.

Referenced by init_openvas(), and reload_openvas().

◆ openvas_defaults

openvas_option openvas_defaults[]
static
Initial value:
= {
{"plugins_folder", OPENVAS_NVT_DIR},
{"include_folders", OPENVAS_NVT_DIR},
{"max_hosts", "30"},
{"max_checks", "10"},
{"log_whole_attack", "no"},
{"log_plugins_name_at_load", "no"},
{"optimize_test", "yes"},
{"network_scan", "no"},
{"non_simult_ports", "139, 445, 3389, Services/irc"},
{"plugins_timeout", G_STRINGIFY (NVT_TIMEOUT)},
{"scanner_plugins_timeout", G_STRINGIFY (SCANNER_NVT_TIMEOUT)},
{"safe_checks", "yes"},
{"auto_enable_dependencies", "yes"},
{"drop_privileges", "no"},
{"report_host_details", "yes"},
{"db_address", KB_PATH_DEFAULT},
{"vendor_version", "\0"},
{NULL, NULL}}

Default values for scanner options. Must be NULL terminated.

Definition at line 109 of file openvas.c.

Referenced by init_openvas(), and reload_openvas().

◆ termination_signal

volatile int termination_signal = 0
static

Definition at line 97 of file openvas.c.

Referenced by handle_termination_signal().

attack_network
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:977
script_infos::key
kb_t key
Definition: scanneraux.h:46
init_signal_handlers
static void init_signal_handlers()
Initializes main scanner process' signal handlers.
Definition: openvas.c:171
log_config
GSList * log_config
Logging parameters, as passed to setup_log_handlers.
Definition: openvas.c:94
global_max_checks
int global_max_checks
Definition: openvas.c:89
start_single_task_scan
void start_single_task_scan()
Definition: openvas.c:367
handle_termination_signal
static void handle_termination_signal(int sig)
Definition: openvas.c:162
handle_reload_signal
static void handle_reload_signal(int sig)
Definition: openvas.c:155
store_file
int store_file(struct scan_globals *globals, const char *file, const char *file_hash)
Stores a file type preference in a hash table.
Definition: utils.c:110
gcrypt_init
static void gcrypt_init()
Definition: openvas.c:355
pid
static pid_t pid
Definition: nasl_builtin_nmap.c:499
global_scan_id
static char * global_scan_id
Definition: openvas.c:98
stop_single_task_scan
static void stop_single_task_scan()
Search in redis the process ID of a running scan and sends it the kill signal SIGUSR2,...
Definition: openvas.c:402
scanner_thread
static void scanner_thread(struct scan_globals *globals)
Definition: openvas.c:303
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
openvas_SSL_init
int openvas_SSL_init()
Initializes SSL support.
Definition: network.c:351
PROCTITLE_RELOADING
#define PROCTITLE_RELOADING
Definition: openvas.c:82
plugins_init
int plugins_init(void)
Definition: pluginload.c:359
script_infos::globals
struct scan_globals * globals
Definition: scanneraux.h:45
PROCTITLE_WAITING
#define PROCTITLE_WAITING
Definition: openvas.c:80
option
#define option
scan_globals
Definition: scanneraux.h:32
openvas_defaults
static openvas_option openvas_defaults[]
Default values for scanner options. Must be NULL terminated.
Definition: openvas.c:109
termination_signal
static volatile int termination_signal
Definition: openvas.c:97
sighand_chld
void sighand_chld(pid_t pid)
Definition: sighand.c:103
handle_client
static void handle_client(struct scan_globals *globals)
Definition: openvas.c:283
flush_all_kbs
static int flush_all_kbs()
Definition: openvas.c:341
set_globals_from_preferences
static void set_globals_from_preferences(void)
Definition: openvas.c:132
init_openvas
static int init_openvas(const char *config_file)
Initialize everything.
Definition: openvas.c:320
vendor_version_set
void vendor_version_set(const gchar *version)
Set vendor version.
Definition: vendorversion.c:40
global_max_hosts
int global_max_hosts
Definition: openvas.c:88
scan_globals::scan_id
char * scan_id
Definition: scanneraux.h:38
openvas_option::option
char * option
Definition: openvas.c:102
reload_openvas
static void reload_openvas(void)
Definition: openvas.c:182
load_scan_preferences
static int load_scan_preferences(struct scan_globals *globals)
Read the scan preferences from redis @input scan_id Scan ID used as key to find the corresponding KB ...
Definition: openvas.c:225