OpenVAS Scanner
7.0.1~git
|
Go to the source code of this file.
◆ nasl_close_socket()
Definition at line 905 of file nasl_socket.c.
909 unsigned int opt_len =
sizeof (type);
920 nasl_perror (lexic,
"close(%d): Invalid socket value\n", soc);
924 e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
927 if (type == SOCK_DGRAM)
936 nasl_perror (lexic,
"close(%d): %s\n", soc, strerror (errno));
References close_stream_connection(), FAKE_CELL, fd_is_stream(), get_int_var_by_num(), lowest_socket, nasl_perror(), rm_udp_data(), struct_lex_ctxt::script_infos, and wait_before_next_probe().
Referenced by http_close_socket().
◆ nasl_get_sock_info()
Get info pertaining to a socket.
- NASL Function: get_sock_info\n
This function is used to retrieve various information about an active socket. It requires the NASL socket number and a string to select the information to retrieve.
Supported keywords are:
- dport Return the destination port. This is an integer. NOTE: Not yet implemented.
- sport Return the source port. This is an integer. NOTE: Not yet implemented.
- encaps Return the encapsulation of the socket. Example output: "TLScustom".
- tls-proto Return a string with the actual TLS protocol in use. n/a" is returned if no SSL/TLS session is active. Example
output: "TLSv1".
- tls-kx Return a string describing the key exchange algorithm. Example output: "RSA".
- tls-certtype Return the type of the certificate in use by the session. Example output: "X.509"
- tls-cipher Return the cipher algorithm in use by the session; Example output: "AES-256-CBC".
- tls-mac Return the message authentication algorithms used by the session. Example output: "SHA1".
- tls-auth Return the peer's authentication type. Example output: "CERT".
- tls-cert Return the peer's certificates for an SSL or TLS connection. This is an array of binary strings or NULL if no certificate is known.
- NASL Unnamed Parameters:\n
- A NASL socket
- A string keyword; see above.
- NASL Named Parameters:\n
- asstring If true return a human readable string instead of an integer. Used only with these keywords: encaps.
- NASL Returns:\n An integer or a string or NULL on error.
- Parameters
-
[in] | lexic | Lexical context of the NASL interpreter. |
- Returns
- A tree cell.
Definition at line 1190 of file nasl_socket.c.
1195 const char *keyword, *s;
1199 gnutls_session_t tls_session;
1206 nasl_perror (lexic,
"error: socket %d is not valid\n");
1215 nasl_perror (lexic,
"error: second argument is not of type string\n");
1233 nasl_perror (lexic,
"error retrieving infos for socket %d: %s\n", sock,
1237 else if (!strcmp (keyword,
"encaps"))
1244 else if (!strcmp (keyword,
"tls-proto"))
1250 gnutls_protocol_get_name (gnutls_protocol_get_version (tls_session));
1251 strval = g_strdup (s ? s :
"[?]");
1253 else if (!strcmp (keyword,
"tls-kx"))
1258 s = gnutls_kx_get_name (gnutls_kx_get (tls_session));
1259 strval = g_strdup (s ? s :
"");
1261 else if (!strcmp (keyword,
"tls-certtype"))
1266 s = gnutls_certificate_type_get_name (
1267 gnutls_certificate_type_get (tls_session));
1268 strval = g_strdup (s ? s :
"");
1270 else if (!strcmp (keyword,
"tls-cipher"))
1275 s = gnutls_cipher_get_name (gnutls_cipher_get (tls_session));
1276 strval = g_strdup (s ? s :
"");
1278 else if (!strcmp (keyword,
"tls-mac"))
1283 s = gnutls_mac_get_name (gnutls_mac_get (tls_session));
1284 strval = g_strdup (s ? s :
"");
1286 else if (!strcmp (keyword,
"tls-auth"))
1292 switch (gnutls_auth_get_type (tls_session))
1294 case GNUTLS_CRD_ANON:
1297 case GNUTLS_CRD_CERTIFICATE:
1300 case GNUTLS_CRD_PSK:
1303 case GNUTLS_CRD_SRP:
1311 strval = g_strdup (s);
1313 else if (!strcmp (keyword,
"tls-cert"))
1318 && gnutls_certificate_type_get (tls_session) == GNUTLS_CRT_X509)
1320 const gnutls_datum_t *
list;
1321 unsigned int nlist = 0;
1325 list = gnutls_certificate_get_peers (tls_session, &nlist);
1332 retc->
x.
ref_val = a = g_malloc0 (
sizeof *a);
1334 for (i = 0; i < nlist; i++)
1336 memset (&v, 0,
sizeof v);
1347 nasl_perror (lexic,
"unknown keyword '%s'\n", keyword);
1359 retc->
size = strlen (strval);
References add_var_to_list(), alloc_typed_cell(), CONST_INT, CONST_STR, DYN_ARRAY, FAKE_CELL, get_encaps_name(), get_int_var_by_name(), get_int_var_by_num(), get_sock_infos(), get_str_var_by_num(), get_var_type_by_num(), TC::i_val, nasl_perror(), TC::ref_val, st_nasl_string::s_siz, st_nasl_string::s_val, TC::size, TC::str_val, st_a_nasl_var::v, st_a_nasl_var::v_str, VAR2_DATA, VAR2_STRING, st_a_nasl_var::var_type, and TC::x.
◆ nasl_get_source_port()
Definition at line 1048 of file nasl_socket.c.
1050 struct sockaddr_in ia;
1055 unsigned int type_len =
sizeof (type);
1060 nasl_perror (lexic,
"get_source_port: missing socket parameter\n");
1064 && getsockopt (s, SOL_SOCKET, SO_TYPE, &type, &type_len) == 0
1065 && type == SOCK_DGRAM)
1072 nasl_perror (lexic,
"get_source_port: invalid socket parameter %d\n", s);
1076 if (getsockname (fd, (
struct sockaddr *) &ia, &l) < 0)
1078 nasl_perror (lexic,
"get_source_port: getsockname(%d): %s\n", fd,
1083 retc->
x.
i_val = ntohs (ia.sin_port);
References alloc_typed_cell(), CONST_INT, fd_is_stream(), get_int_var_by_num(), TC::i_val, nasl_perror(), openvas_get_socket_from_connection(), and TC::x.
◆ nasl_join_multicast_group()
Definition at line 950 of file nasl_socket.c.
960 nasl_perror (lexic,
"join_multicast_group: missing parameter\n");
963 if (!inet_aton (a, &m.imr_multiaddr))
965 nasl_perror (lexic,
"join_multicast_group: invalid parameter '%s'\n", a);
968 m.imr_interface.s_addr = INADDR_ANY;
972 if (
jmg_desc[i].in.s_addr == m.imr_multiaddr.s_addr
983 int s = socket (AF_INET, SOCK_DGRAM, 0);
986 nasl_perror (lexic,
"join_multicast_group: socket: %s\n",
991 if (setsockopt (s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &m,
sizeof (m)) < 0)
994 lexic,
"join_multicast_group: setsockopt(IP_ADD_MEMBERSHIP): %s\n",
References alloc_typed_cell(), CONST_INT, jmg::count, get_str_var_by_num(), jmg::in, jmg_desc, jmg_max, nasl_perror(), and jmg::s.
◆ nasl_leave_multicast_group()
Definition at line 1016 of file nasl_socket.c.
1025 nasl_perror (lexic,
"leave_multicast_group: missing parameter\n");
1028 if (!inet_aton (a, &ia))
1030 nasl_perror (lexic,
"leave_multicast_group: invalid parameter '%s'\n", a);
1042 nasl_perror (lexic,
"leave_multicast_group: never joined group %s\n", a);
References FAKE_CELL, get_str_var_by_num(), jmg_desc, jmg_max, and nasl_perror().
◆ nasl_open_priv_sock_tcp()
◆ nasl_open_priv_sock_udp()
◆ nasl_open_sock_tcp()
Open a TCP socket to the target host.
- NASL Function: open_sock_tcp\n
This function is used to create a TCP connection to the target host. It requires the port number as its argument and has various optional named arguments to control encapsulation, timeout and buffering.
- NASL Unnamed Parameters:\n
- A non-negative integer with the TCP port number.
- NASL Named Parameters:\n
- bufsz An integer with the the size buffer size. Note that by default, no buffering is used.
- timeout An integer with the timeout value in seconds. The default timeout is controlled by a global value.
- transport One of the ENCAPS_* constants to force a specific encapsulation mode or force trying of all modes (ENCAPS_AUTO). This is for example useful to select a specific TLS or SSL version or use specific TLS connection setup priorities. See get_port_transport for a description of the ENCAPS constants.
- priority A string value with priorities for an TLS encapsulation. For the syntax of the priority string see the GNUTLS manual. This argument is only used in ENCAPS_TLScustom encapsulation.
- NASL Returns:\n A positive integer as a NASL socket, 0 on connection error or
- NULL on other errors.
- Parameters
-
[in] | lexic | Lexical context of the NASL interpreter. |
- Returns
- A tree cell.
Definition at line 517 of file nasl_socket.c.
References nasl_open_sock_tcp_bufsz().
◆ nasl_open_sock_tcp_bufsz()
Definition at line 417 of file nasl_socket.c.
423 const char *priority;
459 else if (transport == 0)
464 if (bufsz > 0 && soc >= 0)
467 nasl_perror (lexic,
"stream_set_buffer: soc=%d,bufsz=%d\n", soc, bufsz);
471 retc->
x.
i_val = soc < 0 ? 0 : soc;
References alloc_typed_cell(), CONST_INT, get_int_var_by_name(), get_int_var_by_num(), get_str_var_by_name(), get_var_type_by_name(), TC::i_val, nasl_perror(), open_stream_auto_encaps_ext(), open_stream_connection_ext(), OPENVAS_ENCAPS_TLScustom, struct_lex_ctxt::recv_timeout, struct_lex_ctxt::script_infos, stream_set_buffer(), VAR2_DATA, VAR2_STRING, wait_before_next_probe(), and TC::x.
Referenced by http_open_socket(), and nasl_open_sock_tcp().
◆ nasl_open_sock_udp()
Definition at line 529 of file nasl_socket.c.
534 struct sockaddr_in soca;
535 struct sockaddr_in6 soca6;
546 if (IN6_IS_ADDR_V4MAPPED (ia))
548 bzero (&soca,
sizeof (soca));
549 soca.sin_addr.s_addr = ia->s6_addr32[3];
550 soca.sin_port = htons (port);
551 soca.sin_family = AF_INET;
553 soc = socket (AF_INET, SOCK_DGRAM, 0);
556 gvm_source_set_socket (soc, 0, AF_INET);
557 if (connect (soc, (
struct sockaddr *) &soca,
sizeof (soca)) < 0)
565 bzero (&soca6,
sizeof (soca6));
566 memcpy (&soca6.sin6_addr, ia, sizeof (
struct in6_addr));
567 soca6.sin6_port = htons (port);
568 soca6.sin6_family = AF_INET6;
570 soc = socket (AF_INET6, SOCK_DGRAM, 0);
573 gvm_source_set_socket (soc, 0, AF_INET6);
574 if (connect (soc, (
struct sockaddr *) &soca6,
sizeof (soca6)) < 0)
References alloc_typed_cell(), CONST_INT, get_int_var_by_num(), TC::i_val, lowest_socket, plug_get_host_ip(), struct_lex_ctxt::script_infos, and TC::x.
◆ nasl_recv()
Definition at line 701 of file nasl_socket.c.
712 unsigned int opt_len =
sizeof (type);
715 if (len <= 0 || soc <= 0)
721 data = g_malloc0 (len);
723 e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
727 if (e == 0 && type == SOCK_DGRAM)
733 tv.tv_sec = to / retries;
734 tv.tv_usec = (to % retries) * 100000;
736 for (i = 0; i < retries; i++)
741 if (select (soc + 1, &rd, NULL, NULL, &tv) > 0)
744 e = recv (soc, data + new_len, len - new_len, 0);
767 send (soc, data, len, 0);
768 tv.tv_sec = to / retries;
769 tv.tv_usec = (to % retries) * 100000;
782 retc->
x.
str_val = g_memdup (data, new_len);
783 retc->
size = new_len;
References alloc_typed_cell(), CONST_DATA, fd_is_stream(), get_int_var_by_name(), get_udp_data(), read_stream_connection_min(), struct_lex_ctxt::recv_timeout, struct_lex_ctxt::script_infos, TC::size, TC::str_val, stream_set_timeout(), timeval(), and TC::x.
◆ nasl_recv_line()
Definition at line 795 of file nasl_socket.c.
806 if (len == -1 || soc <= 0)
808 nasl_perror (lexic,
"recv_line: missing or undefined parameter"
809 " length or socket\n");
823 data = g_malloc0 (len + 1);
831 if (timeout >= 0 && time (NULL) - t1 < timeout)
837 if ((data[n - 1] ==
'\n') || (n >= len))
850 retc->
size = new_len;
851 retc->
x.
str_val = g_memdup (data, new_len + 1);
References alloc_typed_cell(), CONST_DATA, fd_is_stream(), get_int_var_by_name(), nasl_perror(), read_stream_connection_min(), TC::size, TC::str_val, stream_get_buffer_sz(), stream_set_buffer(), and TC::x.
◆ nasl_send()
Definition at line 861 of file nasl_socket.c.
871 unsigned int type_len =
sizeof (type);
873 if (soc <= 0 || data == NULL)
875 nasl_perror (lexic,
"Syntax error with the send() function\n");
877 "Correct syntax is : send(socket:<soc>, data:<data>\n");
881 if (length <= 0 || length > data_length)
882 length = data_length;
885 && getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &type_len) == 0
886 && type == SOCK_DGRAM)
888 n = send (soc, data, length,
option);
References add_udp_data(), alloc_typed_cell(), CONST_INT, fd_is_stream(), get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), TC::i_val, nasl_perror(), nsend(), option, struct_lex_ctxt::script_infos, wait_before_next_probe(), and TC::x.
Referenced by nasl_send_capture().
◆ nasl_socket_cert_verify()
Verify a certificate.
- NASL Function: socket_cert_verify\n
This function is used to retrieve and verify a certificate from an active socket. It requires the NASL socket number.
- NASL Unnamed Parameters:\n
- NASL Returns:\n 0 in case of successfully verification. A positive integer in
- case of verification error or NULL on other errors.
- Parameters
-
[in] | lexic | Lexical context of the NASL interpreter. |
- Returns
- A tree cell.
Definition at line 1389 of file nasl_socket.c.
1394 gnutls_x509_crt_t *cert = NULL;
1395 gnutls_x509_trust_list_t ca_list;
1396 unsigned int ca_list_size = 0;
1397 unsigned int i, cert_n = 0;
1398 unsigned int voutput;
1399 const gnutls_datum_t *certs;
1402 gnutls_session_t tls_session;
1407 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
1418 nasl_perror (lexic,
"error retrieving tls_session for socket %d: %s\n",
1419 soc, strerror (err));
1426 && gnutls_certificate_type_get (tls_session) == GNUTLS_CRT_X509)
1428 certs = gnutls_certificate_get_peers (tls_session, &cert_n);
1435 cert = g_malloc0 (
sizeof (*cert) * cert_n);
1436 for (i = 0; i < cert_n; i++)
1438 if (gnutls_x509_crt_init (&cert[i]) != GNUTLS_E_SUCCESS)
1440 if (gnutls_x509_crt_import (cert[i], &certs[i], GNUTLS_X509_FMT_DER)
1441 != GNUTLS_E_SUCCESS)
1446 if ((ret = gnutls_x509_trust_list_init (&ca_list, ca_list_size)) < 0)
1448 ret = gnutls_x509_trust_list_add_system_trust (ca_list, 0, 0);
1453 if (gnutls_x509_trust_list_verify_crt (ca_list, cert, cert_n, 0, &voutput,
1455 != GNUTLS_E_SUCCESS)
References alloc_typed_cell(), CONST_INT, get_int_var_by_name(), get_sock_infos(), TC::i_val, nasl_perror(), and TC::x.
◆ nasl_socket_get_cert()
Definition at line 623 of file nasl_socket.c.
625 int soc, cert_len = 0;
632 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
640 retc->
size = cert_len;
References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), nasl_perror(), TC::size, socket_get_cert(), TC::str_val, and TC::x.
◆ nasl_socket_get_error()
Definition at line 1088 of file nasl_socket.c.
1120 g_message (
"socket_get_error: Erroneous socket value %d", soc);
1124 g_message (
"Unknown error %d %s", err, strerror (err));
References alloc_typed_cell(), CONST_INT, fd_is_stream(), get_int_var_by_num(), TC::i_val, NASL_ERR_ECONNRESET, NASL_ERR_ETIMEDOUT, NASL_ERR_EUNREACH, NASL_ERR_NOERR, stream_get_err(), and TC::x.
◆ nasl_socket_get_ssl_ciphersuite()
◆ nasl_socket_get_ssl_session_id()
◆ nasl_socket_get_ssl_version()
◆ nasl_socket_negotiate_ssl()
Definition at line 590 of file nasl_socket.c.
592 int soc, transport, ret;
600 nasl_perror (lexic,
"socket_ssl_negotiate: Erroneous socket value %d\n",
609 "socket_ssl_negotiate: Erroneous transport value %d\n",
References alloc_typed_cell(), CONST_INT, get_int_var_by_name(), TC::i_val, IS_ENCAPS_SSL, nasl_perror(), OPENVAS_ENCAPS_TLScustom, struct_lex_ctxt::script_infos, socket_negotiate_ssl(), and TC::x.
static char * get_udp_data(struct script_infos *script_infos, int soc, int *len)
int get_var_size_by_name(lex_ctxt *, const char *)
struct in6_addr * plug_get_host_ip(struct script_infos *args)
int openvas_get_socket_from_connection(int fd)
struct timeval timeval(unsigned long val)
const char * get_encaps_name(openvas_encaps_t code)
char * get_str_var_by_name(lex_ctxt *, const char *)
int open_stream_auto_encaps_ext(struct script_infos *args, unsigned int port, int timeout, int force)
void socket_get_cert(int fd, void **cert, int *certlen)
int socket_get_ssl_version(int fd)
#define NASL_ERR_EUNREACH
@ OPENVAS_ENCAPS_TLScustom
int stream_set_buffer(int fd, int sz)
void nasl_perror(lex_ctxt *lexic, char *msg,...)
int get_var_type_by_name(lex_ctxt *, const char *)
static void rm_udp_data(struct script_infos *script_infos, int soc)
int stream_get_err(int fd)
int nsend(int fd, void *data, int length, int i_opt)
static int add_udp_data(struct script_infos *script_infos, int soc, char *data, int len)
#define NASL_ERR_ECONNRESET
long int get_int_var_by_name(lex_ctxt *, const char *, int)
int socket_get_ssl_ciphersuite(int fd)
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
tree_cell * nasl_open_sock_tcp_bufsz(lex_ctxt *lexic, int bufsz)
long int get_int_var_by_num(lex_ctxt *, int, int)
char * get_str_var_by_num(lex_ctxt *, int)
int stream_get_buffer_sz(int fd)
static void wait_before_next_probe()
void socket_get_ssl_session_id(int fd, void **sid, size_t *ssize)
int socket_negotiate_ssl(int fd, openvas_encaps_t transport, struct script_infos *args)
static tree_cell * nasl_open_privileged_socket(lex_ctxt *lexic, int proto)
static struct jmg * jmg_desc
int get_var_type_by_num(lex_ctxt *, int)
Returns NASL variable/cell type, VAR2_UNDEF if value is NULL.
int add_var_to_list(nasl_array *a, int i, const anon_nasl_var *v)
union st_a_nasl_var::@4 v
int close_stream_connection(int fd)
int get_sock_infos(int sock, int *r_transport, void **r_tls_session)
tree_cell * alloc_typed_cell(int typ)
#define NASL_ERR_ETIMEDOUT
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority)
int stream_set_timeout(int fd, int timeout)