OpenVAS Libraries  6.0+beta5
Data Structures | Macros | Functions
network.c File Reference
#include <errno.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdarg.h>
#include <string.h>
#include <fcntl.h>
#include <stdlib.h>
#include <signal.h>
#include <stdio.h>
#include <sys/time.h>
#include <glib.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "system.h"
#include "network.h"
#include "kb.h"
#include "resolve.h"
#include "ids_send.h"
#include "plugutils.h"
#include "internal_com.h"
#include "support.h"
#include "openvas_logging.h"
#include "../nasl/nasl_ssh.h"
#include <setjmp.h>

Data Structures

struct  openvas_connection
 
struct  ovas_scanner_context_s
 

Macros

#define TIMEOUT   20
 
#define INADDR_NONE   0xffffffff
 
#define ExtFunc
 
#define OPENVAS_FD_MAX   1024
 
#define OPENVAS_FD_OFF   1000000
 
#define OPENVAS_STREAM(x)   (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >=0))
 
#define OVAS_CONNECTION_FROM_FD(fd)   (connections + ((fd) - OPENVAS_FD_OFF))
 
#define INCR_TIMEOUT   1
 

Functions

void convipv4toipv4mappedaddr (struct in_addr inaddr, struct in6_addr *in6addr)
 
int stream_get_err (int fd)
 
int ovas_allocate_connection (int soc, void *ssl, gnutls_certificate_credentials_t certcred)
 
int openvas_register_connection (int soc, void *ssl, gnutls_certificate_credentials_t certcred)
 
int openvas_deregister_connection (int fd)
 
void tlserror (char *txt, int err)
 
int openvas_SSL_init ()
 Initializes SSL support. More...
 
int openvas_get_socket_from_connection (int fd)
 
gnutls_session_t * ovas_get_tlssession_from_connection (int fd)
 
int open_stream_connection_ext (struct arglist *args, unsigned int port, int transport, int timeout, const char *priority)
 
int open_stream_connection (struct arglist *args, unsigned int port, int transport, int timeout)
 
int open_stream_connection_unknown_encaps5 (struct arglist *args, unsigned int port, int timeout, int *p, int *delta_t)
 
int open_stream_connection_unknown_encaps (struct arglist *args, unsigned int port, int timeout, int *p)
 
int open_stream_auto_encaps_ext (struct arglist *args, unsigned int port, int timeout, int force)
 
int open_stream_auto_encaps (struct arglist *args, unsigned int port, int timeout)
 
ovas_scanner_context_t ovas_scanner_context_new (int encaps, const char *certfile, const char *keyfile, const char *passwd, const char *cafile, int force_pubkey_auth)
 Creates a new ovas_scanner_context_t. More...
 
void ovas_scanner_context_free (ovas_scanner_context_t ctx)
 Frees the ovas_scanner_context_t instance ctx. More...
 
int ovas_scanner_context_attach (ovas_scanner_context_t ctx, int soc)
 Sets up SSL/TLS on the socket soc and returns a openvas file. More...
 
void * stream_get_ssl (int fd)
 
int stream_set_timeout (int fd, int timeout)
 
int stream_set_options (int fd, int reset_opt, int set_opt)
 
int read_stream_connection_min (int fd, void *buf0, int min_len, int max_len)
 
int read_stream_connection (int fd, void *buf0, int len)
 
int write_stream_connection (int fd, void *buf0, int n)
 
int nsend (int fd, void *data, int length, int i_opt)
 
int nrecv (int fd, void *data, int length, int i_opt)
 
int close_stream_connection (int fd)
 
int get_encaps (int fd)
 
const char * get_encaps_name (int code)
 
const char * get_encaps_through (int code)
 
int open_sock_opt_hn (const char *hostname, unsigned int port, int type, int protocol, int timeout)
 
int open_sock_tcp_hn (const char *hostname, unsigned int port)
 
int open_sock_tcp (struct arglist *args, unsigned int port, int timeout)
 
int open_sock_udp (struct arglist *args, unsigned int port)
 
struct in_addr _socket_get_next_source_addr (struct in_addr *addr)
 
struct in6_addr _socket_get_next_source_v4_addr (struct in6_addr *addr)
 
struct in6_addr _socket_get_next_source_v6_addr (struct in6_addr *addr)
 
struct in_addr socket_get_next_source_addr ()
 
struct in6_addr socket_get_next_source_v4_addr ()
 
struct in6_addr socket_get_next_source_v6_addr ()
 
int set_socket_source_addr (int soc, int port, int family)
 
void socket_source_init (struct in6_addr *addr, int family)
 
int open_sock_option (struct arglist *args, unsigned int port, int type, int protocol, int timeout)
 
ExtFunc int recv_line (int soc, char *buf, size_t bufsiz)
 Reads a text from the socket stream into the argument buffer, always. More...
 
int socket_close (int soc)
 
void auth_printf (struct arglist *globals, char *data,...)
 Writes data to the global socket of the thread. More...
 
void auth_send (struct arglist *globals, char *data)
 
char * auth_gets (struct arglist *globals, char *buf, size_t bufsiz)
 Reads data from the global socket of the thread. More...
 
int stream_zero (fd_set *set)
 
int stream_set (int fd, fd_set *set)
 
int stream_isset (int fd, fd_set *set)
 
int fd_is_stream (int fd)
 
int stream_get_buffer_sz (int fd)
 
int stream_set_buffer (int fd, int sz)
 
int os_send (int soc, void *buf, int len, int opt)
 
int os_recv (int soc, void *buf, int len, int opt)
 
int internal_send (int soc, char *data, int msg_type)
 
int internal_recv (int soc, char **data, int *data_sz, int *msg_type)
 
int stream_pending (int fd)
 
int get_sock_infos (int sock, int *r_transport, void **r_tls_session)
 

Macro Definition Documentation

#define ExtFunc
#define INADDR_NONE   0xffffffff
#define INCR_TIMEOUT   1
#define OPENVAS_FD_MAX   1024

The role of this offset is:

  1. To detect bugs when the program tries to write to a bad fd
  2. See if a fd is a real socket or a "openvas descriptor". This is a quick & dirty hack and should be changed!!!
#define OPENVAS_FD_OFF   1000000
#define OPENVAS_STREAM (   x)    (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >=0))

OPENVAS_STREAM(x) is TRUE if <x> is a OpenVAS-ified fd

#define OVAS_CONNECTION_FROM_FD (   fd)    (connections + ((fd) - OPENVAS_FD_OFF))

determine the openvas_connection* from the openvas fd

#define TIMEOUT   20

Function Documentation

struct in_addr _socket_get_next_source_addr ( struct in_addr *  addr)
struct in6_addr _socket_get_next_source_v4_addr ( struct in6_addr *  addr)
struct in6_addr _socket_get_next_source_v6_addr ( struct in6_addr *  addr)
char* auth_gets ( struct arglist globals,
char *  buf,
size_t  bufsiz 
)

Reads data from the global socket of the thread.

void auth_printf ( struct arglist globals,
char *  data,
  ... 
)

Writes data to the global socket of the thread.

void auth_send ( struct arglist globals,
char *  data 
)
int close_stream_connection ( int  fd)
void convipv4toipv4mappedaddr ( struct in_addr  inaddr,
struct in6_addr *  in6addr 
)
int fd_is_stream ( int  fd)
int get_encaps ( int  fd)
const char* get_encaps_name ( int  code)
const char* get_encaps_through ( int  code)
int get_sock_infos ( int  sock,
int *  r_transport,
void **  r_tls_session 
)
int internal_recv ( int  soc,
char **  data,
int *  data_sz,
int *  msg_type 
)

internal_send() / internal_recv() :

When processes are passing messages to each other, the format is <length><msg>, with <length> being a long integer. The functions internal_send() and internal_recv() encapsulate and decapsulate the messages themselves.

int internal_send ( int  soc,
char *  data,
int  msg_type 
)
Todo:
internal_send and internal_recv. could make an own module (ipc), in which the type constants could be moved, too.

internal_send() / internal_recv() :

When processes are passing messages to each other, the format is <length><msg>, with <length> being a long integer. The functions internal_send() and internal_recv() encapsulate and decapsulate the messages themselves.

int nrecv ( int  fd,
void *  data,
int  length,
int  i_opt 
)
int nsend ( int  fd,
void *  data,
int  length,
int  i_opt 
)
int open_sock_opt_hn ( const char *  hostname,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)
int open_sock_option ( struct arglist args,
unsigned int  port,
int  type,
int  protocol,
int  timeout 
)
int open_sock_tcp ( struct arglist args,
unsigned int  port,
int  timeout 
)
int open_sock_tcp_hn ( const char *  hostname,
unsigned int  port 
)
int open_sock_udp ( struct arglist args,
unsigned int  port 
)
int open_stream_auto_encaps ( struct arglist args,
unsigned int  port,
int  timeout 
)
int open_stream_auto_encaps_ext ( struct arglist args,
unsigned int  port,
int  timeout,
int  force 
)
int open_stream_connection ( struct arglist args,
unsigned int  port,
int  transport,
int  timeout 
)
int open_stream_connection_ext ( struct arglist args,
unsigned int  port,
int  transport,
int  timeout,
const char *  priority 
)
int open_stream_connection_unknown_encaps ( struct arglist args,
unsigned int  port,
int  timeout,
int *  p 
)
int open_stream_connection_unknown_encaps5 ( struct arglist args,
unsigned int  port,
int  timeout,
int *  p,
int *  delta_t 
)
Parameters
delta_ttime in micro-seconds
int openvas_deregister_connection ( int  fd)
int openvas_get_socket_from_connection ( int  fd)
int openvas_register_connection ( int  soc,
void *  ssl,
gnutls_certificate_credentials_t  certcred 
)
Parameters
socSocket to use.
int openvas_SSL_init ( )

Initializes SSL support.

int os_recv ( int  soc,
void *  buf,
int  len,
int  opt 
)
int os_send ( int  soc,
void *  buf,
int  len,
int  opt 
)
int ovas_allocate_connection ( int  soc,
void *  ssl,
gnutls_certificate_credentials_t  certcred 
)
Todo:
TLS FIXME: migrate this to TLS
Todo:
Fix the voidness of the ssl parameter (problematic in 64bit env.) here or on caller-side
Parameters
socSocket to use.
gnutls_session_t* ovas_get_tlssession_from_connection ( int  fd)
int ovas_scanner_context_attach ( ovas_scanner_context_t  ctx,
int  soc 
)

Sets up SSL/TLS on the socket soc and returns a openvas file.

descriptor.

The parameters for the SSL/TLS layer are taken from ctx. Afterwards, the credentials of ctx are also referenced by the SSL/TLS objects associated with the openvas file descriptor. This means that the context ctx must not be freed until the openvas file descriptor is closed.

If the context's force_pubkey_auth member is true (!= 0), the client must provide a certificate. If force_pubkey_auth is false, the client certificate is optional. In any case, if the client provides a certificate, the certificate is verified. If the verification fails, ovas_scanner_context_attach returns -1.

Returns
The openvas file descriptor on success and -1 on failure.
void ovas_scanner_context_free ( ovas_scanner_context_t  ctx)

Frees the ovas_scanner_context_t instance ctx.

If ctx is NULL, nothing is done.

Parameters
ctxovas_scanner_context_t to free.
ovas_scanner_context_t ovas_scanner_context_new ( int  encaps,
const char *  certfile,
const char *  keyfile,
const char *  passwd,
const char *  cafile,
int  force_pubkey_auth 
)

Creates a new ovas_scanner_context_t.

The parameter encaps should be one of the OPENVAS_ENCAPS_* constants. If any of the SSL encapsulations are used, the parameters certfile, keyfile, and cafile should be the filenames of the scanner certificate and corresponding key and the CA certificate. The optional passwd parameter is used as the password to decrypt the keyfile if it is encrypted.

The force_pubkey_auth parameter is a boolean controlling public key authentication of the client. If force_pubkey_auth is true, the client must authenticate itself with a certificate. Otherwise the client will be asked for a certificate but doesn't have to present one.

int read_stream_connection ( int  fd,
void *  buf0,
int  len 
)
int read_stream_connection_min ( int  fd,
void *  buf0,
int  min_len,
int  max_len 
)
ExtFunc int recv_line ( int  soc,
char *  buf,
size_t  bufsiz 
)

Reads a text from the socket stream into the argument buffer, always.

appending a '\0' byte.

Parameters
bufBuffer to read into.
Returns
Number of bytes read, without the trailing '\0'.
int set_socket_source_addr ( int  soc,
int  port,
int  family 
)
int socket_close ( int  soc)
struct in_addr socket_get_next_source_addr ( )
struct in6_addr socket_get_next_source_v4_addr ( )
struct in6_addr socket_get_next_source_v6_addr ( )
void socket_source_init ( struct in6_addr *  addr,
int  family 
)
int stream_get_buffer_sz ( int  fd)
int stream_get_err ( int  fd)
void* stream_get_ssl ( int  fd)

TLS: This function is only used in one place, openvas-plugins/plugins/ssl_ciphers/ssl_ciphers.c:145 (function plugin_run). The code there prints information about the certificates and the server's ciphers if sslv2 is used. Some of the functionality should perhaps be moved to openvas-libraries.

int stream_isset ( int  fd,
fd_set *  set 
)
int stream_pending ( int  fd)
int stream_set ( int  fd,
fd_set *  set 
)
int stream_set_buffer ( int  fd,
int  sz 
)
int stream_set_options ( int  fd,
int  reset_opt,
int  set_opt 
)
int stream_set_timeout ( int  fd,
int  timeout 
)
int stream_zero ( fd_set *  set)
void tlserror ( char *  txt,
int  err 
)
int write_stream_connection ( int  fd,
void *  buf0,
int  n 
)