OpenVAS Scanner  7.0.0~git
attack.c File Reference

Launches the plugins, and manages multithreading. More...

#include "attack.h"
#include "../misc/network.h"
#include "../misc/nvt_categories.h"
#include "../misc/pcap_openvas.h"
#include "../nasl/nasl_debug.h"
#include "hosts.h"
#include "pluginlaunch.h"
#include "pluginload.h"
#include "pluginscheduler.h"
#include "plugs_req.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gvm/base/hosts.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/base/proctitle.h>
#include <gvm/util/nvticache.h>
#include <stdlib.h>
#include <string.h>
#include <sys/wait.h>
#include <unistd.h>
Include dependency graph for attack.c:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  attack_start_args
 

Macros

#define ERR_HOST_DEAD   -1
 
#define ERR_CANT_FORK   -2
 
#define MAX_FORK_RETRIES   10
 
#define KB_RETRY_DELAY   3 /*In sec*/
 
#define PROGRESS_BAR_STYLE   1
 
#define G_LOG_DOMAIN   "sd main"
 GLib log domain. More...
 

Enumerations

enum  net_scan_status { NSS_NONE = 0, NSS_BUSY, NSS_DONE }
 

Functions

static int set_kb_readable (int host_kb_index)
 Add the Host KB index to the list of readable KBs used by ospd-openvas. More...
 
static void set_scan_status (char *status)
 Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly. More...
 
static int comm_send_status (kb_t kb, char *hostname, int curr, int max)
 Sends the status of a host's scan. More...
 
static void error_message_to_client2 (kb_t kb, const char *msg, const char *port)
 
static void report_kb_failure (int errcode)
 
static void fork_sleep (int n)
 
static enum net_scan_status network_scan_status (struct scan_globals *globals)
 
static int scan_is_stopped ()
 
static int all_scans_are_stopped ()
 
static int nvti_category_is_safe (int category)
 Checks that an NVT category is safe. More...
 
static int launch_plugin (struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb)
 Launches a nvt. Respects safe check preference (i.e. does not try. More...
 
static int kb_duplicate (kb_t dst, kb_t src, const gchar *filter)
 
static kb_t init_host_kb (struct scan_globals *globals, char *ip_str, kb_t *network_kb)
 Inits or loads the knowledge base for a single host. More...
 
static void check_new_vhosts ()
 Check if a plugin process pushed a new vhost value. More...
 
static void attack_host (struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb)
 Attack one host. More...
 
static int host_authorized (const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
 
static char * vhosts_to_str (GSList *list)
 
static int check_host_authorization (gvm_host_t *host, const struct in6_addr *addr, kb_t kb)
 
static void attack_start (struct attack_start_args *args)
 Set up some data and jump into attack_host() More...
 
static void apply_hosts_preferences (gvm_hosts_t *hosts)
 
static int str_in_comma_list (const char *str, const char *comma_list)
 
static int iface_authorized (const char *iface)
 
static int apply_source_iface_preference ()
 
static int check_kb_access ()
 
static void handle_scan_stop_signal ()
 
static void handle_stop_all_scans_signal ()
 
void attack_network (struct scan_globals *globals, kb_t *network_kb)
 Attack a whole network. More...
 

Variables

int global_scan_stop = 0
 
int global_stop_all_scans = 0
 
static kb_t host_kb = NULL
 
static GSList * host_vhosts = NULL
 

Detailed Description

Launches the plugins, and manages multithreading.

Definition in file attack.c.

Macro Definition Documentation

◆ ERR_CANT_FORK

#define ERR_CANT_FORK   -2

Definition at line 56 of file attack.c.

◆ ERR_HOST_DEAD

#define ERR_HOST_DEAD   -1

Definition at line 55 of file attack.c.

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "sd main"

GLib log domain.

Definition at line 76 of file attack.c.

◆ KB_RETRY_DELAY

#define KB_RETRY_DELAY   3 /*In sec*/

Wait KB_RETRY_DELAY seconds until trying again to get a new kb.

Definition at line 62 of file attack.c.

◆ MAX_FORK_RETRIES

#define MAX_FORK_RETRIES   10

Definition at line 58 of file attack.c.

◆ PROGRESS_BAR_STYLE

#define PROGRESS_BAR_STYLE   1

It switches progress bar styles. If set to 1, time oriented style and it take into account only alive host. If set to 0, it not reflect progress adequately in case of dead host, which will take into account with 0% processed, producing jumps in the process bar.

Definition at line 70 of file attack.c.

Enumeration Type Documentation

◆ net_scan_status

Enumerator
NSS_NONE 
NSS_BUSY 
NSS_DONE 

Definition at line 91 of file attack.c.

92 {
93  NSS_NONE = 0,
94  NSS_BUSY,
95  NSS_DONE,
96 };

Function Documentation

◆ all_scans_are_stopped()

static int all_scans_are_stopped ( )
static

Definition at line 235 of file attack.c.

236 {
237  return global_stop_all_scans;
238 }

References global_stop_all_scans.

Referenced by attack_host(), attack_network(), attack_start(), and launch_plugin().

Here is the caller graph for this function:

◆ apply_hosts_preferences()

static void apply_hosts_preferences ( gvm_hosts_t *  hosts)
static

Definition at line 775 of file attack.c.

776 {
777  const char *ordering = prefs_get ("hosts_ordering"),
778  *exclude_hosts = prefs_get ("exclude_hosts");
779 
780  if (hosts == NULL)
781  return;
782 
783  /* Hosts ordering strategy: sequential, random, reversed... */
784  if (ordering)
785  {
786  if (!strcmp (ordering, "random"))
787  {
788  gvm_hosts_shuffle (hosts);
789  g_debug ("hosts_ordering: Random.");
790  }
791  else if (!strcmp (ordering, "reverse"))
792  {
793  gvm_hosts_reverse (hosts);
794  g_debug ("hosts_ordering: Reverse.");
795  }
796  }
797  else
798  g_debug ("hosts_ordering: Sequential.");
799 
800  /* Exclude hosts ? */
801  if (exclude_hosts)
802  {
803  /* Exclude hosts, resolving hostnames. */
804  int ret = gvm_hosts_exclude (hosts, exclude_hosts);
805 
806  if (ret > 0)
807  g_message ("exclude_hosts: Skipped %d host(s).", ret);
808  if (ret < 0)
809  g_message ("exclude_hosts: Error.");
810  }
811 
812  /* Reverse-lookup unify ? */
813  if (prefs_get_bool ("reverse_lookup_unify"))
814  g_debug ("reverse_lookup_unify: Skipped %d host(s).",
815  gvm_hosts_reverse_lookup_unify (hosts));
816 
817  /* Hosts that reverse-lookup only ? */
818  if (prefs_get_bool ("reverse_lookup_only"))
819  g_debug ("reverse_lookup_only: Skipped %d host(s).",
820  gvm_hosts_reverse_lookup_only (hosts));
821 }

References hosts.

Referenced by attack_network().

Here is the caller graph for this function:

◆ apply_source_iface_preference()

static int apply_source_iface_preference ( )
static

Definition at line 889 of file attack.c.

890 {
891  const char *source_iface = prefs_get ("source_iface");
892  int ret;
893 
894  if (source_iface == NULL)
895  return 0;
896 
897  ret = iface_authorized (source_iface);
898  if (ret == -1)
899  {
900  gchar *msg =
901  g_strdup_printf ("Unauthorized source interface: %s", source_iface);
902  g_warning ("source_iface: Unauthorized source interface %s.",
903  source_iface);
904 
905  g_free (msg);
906  return -1;
907  }
908  else if (ret == -2)
909  {
910  gchar *msg = g_strdup_printf ("Unauthorized source interface: %s"
911  " (system-wide restriction.)",
912  source_iface);
913  g_warning ("source_iface: Unauthorized source interface %s."
914  " (sys_* preference restriction.)",
915  source_iface);
916 
917  g_free (msg);
918  return -1;
919  }
920 
921  if (gvm_source_iface_init (source_iface))
922  {
923  gchar *msg =
924  g_strdup_printf ("Erroneous source interface: %s", source_iface);
925  g_debug ("source_iface: Error with %s interface.", source_iface);
926 
927  g_free (msg);
928  return -2;
929  }
930  else
931  {
932  char *ipstr, *ip6str;
933  ipstr = gvm_source_addr_str ();
934  ip6str = gvm_source_addr6_str ();
935  g_debug ("source_iface: Using %s (%s / %s).", source_iface, ipstr,
936  ip6str);
937 
938  g_free (ipstr);
939  g_free (ip6str);
940  return 0;
941  }
942 }

References iface_authorized().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_host()

static void attack_host ( struct scan_globals globals,
struct in6_addr *  ip,
GSList *  vhosts,
plugins_scheduler_t  sched,
kb_t  kb,
kb_t *  net_kb 
)
static

Attack one host.

Definition at line 497 of file attack.c.

499 {
500  /* Used for the status */
501  int num_plugs, forks_retry = 0;
502  char ip_str[INET6_ADDRSTRLEN];
503 
504  addr6_to_str (ip, ip_str);
505  openvas_signal (SIGUSR2, check_new_vhosts);
506  host_kb = kb;
507  host_vhosts = vhosts;
508  kb_item_set_str (kb, "internal/ip", ip_str, 0);
509  kb_item_set_int (kb, "internal/hostpid", getpid ());
510  proctitle_set ("openvas: testing %s", ip_str);
511  if (net_kb && *net_kb)
512  {
513  kb_delete (kb);
514  kb = init_host_kb (globals, ip_str, net_kb);
515  if (kb == NULL)
516  return;
517  }
518  kb_lnk_reset (kb);
519 
520  /* launch the plugins */
521  pluginlaunch_init (ip_str);
522  num_plugs = plugins_scheduler_count_active (sched);
523  for (;;)
524  {
525  struct scheduler_plugin *plugin;
526  pid_t parent;
527 
528  /* Check that our father is still alive */
529  parent = getppid ();
530  if (parent <= 1 || process_alive (parent) == 0)
531  {
533  return;
534  }
535 
536  if (scan_is_stopped ())
537  plugins_scheduler_stop (sched);
538  plugin = plugins_scheduler_next (sched);
539  if (plugin != NULL && plugin != PLUG_RUNNING)
540  {
541  int e;
542  static int last_status = 0, cur_plug = 0;
543 
544  again:
545  e = launch_plugin (globals, plugin, ip, host_vhosts, kb);
546  if (e < 0)
547  {
548  /*
549  * Remote host died
550  */
551  if (e == ERR_HOST_DEAD)
552  {
553  char buffer[2048];
554  snprintf (
555  buffer, sizeof (buffer),
556  "LOG||| |||general/Host_Details||| |||<host><detail>"
557  "<name>Host dead</name><value>1</value><source>"
558  "<description/><type/><name/></source></detail></host>");
559 #if (PROGRESS_BAR_STYLE == 1)
560  /* In case of a dead host, it sends max_ports = -1 to the
561  manager. The host will not be taken into account to
562  calculate the scan progress. */
563  comm_send_status (kb, ip_str, 0, -1);
564 #endif
565  kb_item_push_str (kb, "internal/results", buffer);
566  goto host_died;
567  }
568  else if (e == ERR_CANT_FORK)
569  {
570  if (forks_retry < MAX_FORK_RETRIES)
571  {
572  forks_retry++;
573  g_debug ("fork() failed - sleeping %d seconds (%s)",
574  forks_retry, strerror (errno));
575  fork_sleep (forks_retry);
576  goto again;
577  }
578  else
579  {
580  g_debug ("fork() failed too many times - aborting");
581  goto host_died;
582  }
583  }
584  }
585 
586  if ((cur_plug * 100) / num_plugs >= last_status && !scan_is_stopped ()
587  && !all_scans_are_stopped ())
588  {
589  last_status = (cur_plug * 100) / num_plugs + 2;
590  if (comm_send_status (kb, ip_str, cur_plug, num_plugs) < 0)
591  {
593  goto host_died;
594  }
595  }
596  cur_plug++;
597  }
598  else if (plugin == NULL)
599  break;
601  }
602 
603  pluginlaunch_wait (kb);
604  if (!scan_is_stopped () && !all_scans_are_stopped ())
605  comm_send_status (kb, ip_str, num_plugs, num_plugs);
606 
607 host_died:
609  plugins_scheduler_free (sched);
610 }

References all_scans_are_stopped(), check_new_vhosts(), comm_send_status(), ERR_CANT_FORK, ERR_HOST_DEAD, fork_sleep(), host_kb, host_vhosts, init_host_kb(), launch_plugin(), MAX_FORK_RETRIES, openvas_signal, PLUG_RUNNING, pluginlaunch_init(), pluginlaunch_stop(), pluginlaunch_wait(), pluginlaunch_wait_for_free_process(), plugins_scheduler_count_active(), plugins_scheduler_free(), plugins_scheduler_next(), plugins_scheduler_stop(), process_alive(), and scan_is_stopped().

Referenced by attack_start().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_network()

void attack_network ( struct scan_globals globals,
kb_t *  network_kb 
)

Attack a whole network.

Definition at line 977 of file attack.c.

978 {
979  int max_hosts = 0, max_checks;
980  const char *hostlist;
981  gvm_host_t *host;
982  plugins_scheduler_t sched;
983  int fork_retries = 0;
984  GHashTable *files;
985  struct timeval then, now;
986  gvm_hosts_t *hosts;
987  const gchar *network_targets, *port_range;
988  gboolean network_phase = FALSE;
989  gboolean do_network_scan = FALSE;
990  kb_t host_kb;
991  GSList *unresolved;
992 
993  gettimeofday (&then, NULL);
994 
995  if (prefs_get_bool ("network_scan"))
996  do_network_scan = TRUE;
997  else
998  do_network_scan = FALSE;
999 
1000  network_targets = prefs_get ("network_targets");
1001  if (network_targets != NULL)
1002  globals->network_targets = g_strdup (network_targets);
1003 
1004  if (do_network_scan)
1005  {
1006  enum net_scan_status nss;
1007 
1008  nss = network_scan_status (globals);
1009  switch (nss)
1010  {
1011  case NSS_DONE:
1012  network_phase = FALSE;
1013  break;
1014 
1015  case NSS_BUSY:
1016  network_phase = TRUE;
1017  break;
1018 
1019  default:
1020  globals->network_scan_status = g_strdup ("busy");
1021  network_phase = TRUE;
1022  break;
1023  }
1024  }
1025  else
1026  network_kb = NULL;
1027 
1028  if (check_kb_access ())
1029  return;
1030 
1031  /* Init and check Target List */
1032  hostlist = prefs_get ("TARGET");
1033  if (hostlist == NULL)
1034  {
1035  return;
1036  }
1037 
1038  /* Verify the port range is a valid one */
1039  port_range = prefs_get ("port_range");
1040  if (validate_port_range (port_range))
1041  {
1042  return;
1043  }
1044 
1045  /* Initialize the attack. */
1046  sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1047  prefs_get_bool ("auto_enable_dependencies"),
1048  network_phase);
1049  if (!sched)
1050  {
1051  g_message ("Couldn't initialize the plugin scheduler");
1052  return;
1053  }
1054 
1055  max_hosts = get_max_hosts_number ();
1056  max_checks = get_max_checks_number ();
1057 
1058  if (network_phase)
1059  {
1060  if (network_targets == NULL)
1061  {
1062  g_warning (
1063  "WARNING: In network phase, but without targets! Stopping.");
1064  host = NULL;
1065  }
1066  else
1067  {
1068  int rc;
1069 
1070  g_message ("Start a new scan. Target(s) : %s, "
1071  "in network phase with target %s",
1072  hostlist, network_targets);
1073 
1074  rc = kb_new (network_kb, prefs_get ("db_address"));
1075  if (rc)
1076  {
1077  report_kb_failure (rc);
1078  host = NULL;
1079  }
1080  else
1081  kb_lnk_reset (*network_kb);
1082  }
1083  }
1084  else
1085  g_message ("Starts a new scan. Target(s) : %s, with max_hosts = %d and "
1086  "max_checks = %d",
1087  hostlist, max_hosts, max_checks);
1088 
1089  hosts = gvm_hosts_new (hostlist);
1090  unresolved = gvm_hosts_resolve (hosts);
1091  while (unresolved)
1092  {
1093  g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1094  unresolved = unresolved->next;
1095  }
1096  g_slist_free_full (unresolved, g_free);
1097  /* Apply Hosts preferences. */
1099 
1100  /* Don't start if the provided interface is unauthorized. */
1101  if (apply_source_iface_preference () != 0)
1102  {
1103  gvm_hosts_free (hosts);
1104  return;
1105  }
1106  host = gvm_hosts_next (hosts);
1107  if (host == NULL)
1108  goto stop;
1109  hosts_init (max_hosts);
1110  /*
1111  * Start the attack !
1112  */
1115  while (host && !scan_is_stopped () && !all_scans_are_stopped ())
1116  {
1117  int pid, rc;
1118  struct attack_start_args args;
1119  char *host_str;
1120 
1121  do
1122  {
1123  rc = kb_new (&host_kb, prefs_get ("db_address"));
1124  if (rc < 0 && rc != -2)
1125  {
1126  report_kb_failure (rc);
1127  goto scan_stop;
1128  }
1129  else if (rc == -2)
1130  {
1131  sleep (KB_RETRY_DELAY);
1132  continue;
1133  }
1134  break;
1135  }
1136  while (1);
1137 
1138  host_str = gvm_host_value_str (host);
1139  if (hosts_new (host_str, host_kb) < 0)
1140  {
1141  g_free (host_str);
1142  goto scan_stop;
1143  }
1144 
1146  {
1147  g_free (host_str);
1148  continue;
1149  }
1150  args.host = host;
1151  args.globals = globals;
1152  args.sched = sched;
1153  args.net_kb = network_kb;
1154  args.host_kb = host_kb;
1155 
1156  forkagain:
1158  /* Close child process' socket. */
1159  if (pid < 0)
1160  {
1161  fork_retries++;
1162  if (fork_retries > MAX_FORK_RETRIES)
1163  {
1164  /* Forking failed - we go to the wait queue. */
1165  g_debug ("fork() failed - %s. %s won't be tested",
1166  strerror (errno), host_str);
1167  g_free (host_str);
1168  goto stop;
1169  }
1170 
1171  g_debug ("fork() failed - "
1172  "sleeping %d seconds and trying again...",
1173  fork_retries);
1174  fork_sleep (fork_retries);
1175  goto forkagain;
1176  }
1177  hosts_set_pid (host_str, pid);
1178  if (network_phase)
1179  g_message ("Testing %s (network level) [%d]", network_targets, pid);
1180 
1181  if (network_phase)
1182  {
1183  host = NULL;
1184  globals->network_scan_status = g_strdup ("done");
1185  }
1186  else
1187  host = gvm_hosts_next (hosts);
1188  g_free (host_str);
1189  }
1190 
1191  /* Every host is being tested... We have to wait for the processes
1192  * to terminate. */
1193  while (hosts_read () == 0)
1194  ;
1195  g_message ("Test complete");
1196  set_scan_status ("finished");
1197 
1198 scan_stop:
1199  /* Free the memory used by the files uploaded by the user, if any. */
1200  files = globals->files_translation;
1201  if (files)
1202  g_hash_table_destroy (files);
1203 
1204 stop:
1205 
1206  if (all_scans_are_stopped ())
1207  {
1208  }
1209 
1210  gvm_hosts_free (hosts);
1211  g_free (globals->network_scan_status);
1212  g_free (globals->network_targets);
1213 
1215 
1216  gettimeofday (&now, NULL);
1217  g_message ("Total time to scan all hosts : %ld seconds",
1218  now.tv_sec - then.tv_sec);
1219 
1220  if (do_network_scan && network_phase && !scan_is_stopped ()
1221  && !all_scans_are_stopped ())
1222  attack_network (globals, network_kb);
1223 }

References all_scans_are_stopped(), apply_hosts_preferences(), apply_source_iface_preference(), attack_network(), attack_start(), check_kb_access(), create_process(), scan_globals::files_translation, fork_sleep(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), handle_stop_all_scans_signal(), attack_start_args::host, attack_start_args::host_kb, host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), KB_RETRY_DELAY, MAX_FORK_RETRIES, attack_start_args::net_kb, scan_globals::network_scan_status, network_scan_status(), scan_globals::network_targets, network_targets(), NSS_BUSY, NSS_DONE, openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_is_stopped(), attack_start_args::sched, set_scan_status(), and timeval().

Referenced by attack_network(), and handle_client().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_start()

static void attack_start ( struct attack_start_args args)
static

Set up some data and jump into attack_host()

Definition at line 711 of file attack.c.

712 {
713  struct scan_globals *globals = args->globals;
714  char ip_str[INET6_ADDRSTRLEN], *hostnames;
715  struct in6_addr hostip;
716  struct timeval then;
717  kb_t *net_kb = args->net_kb, kb = args->host_kb;
718  int ret;
719 
720  nvticache_reset ();
721  kb_lnk_reset (kb);
722  gettimeofday (&then, NULL);
723 
724  kb_item_set_str (kb, "internal/scan_id", globals->scan_id, 0);
725  set_kb_readable (kb_get_kb_index (kb));
726 
727  /* The reverse lookup is delayed to this step in order to not slow down the
728  * main scan process eg. case of target with big range of IP addresses. */
729  if (prefs_get_bool ("expand_vhosts"))
730  gvm_host_add_reverse_lookup (args->host);
731  if ((ret = gvm_vhosts_exclude (args->host, prefs_get ("exclude_hosts"))) > 0)
732  g_message ("exclude_hosts: Skipped %d vhost(s).", ret);
733  gvm_host_get_addr6 (args->host, &hostip);
734  addr6_to_str (&hostip, ip_str);
735  if (check_host_authorization (args->host, &hostip, kb))
736  {
737  g_warning ("Host %s access denied.", ip_str);
738  return;
739  }
740  if (prefs_get_bool ("test_empty_vhost"))
741  {
742  gvm_vhost_t *vhost =
743  gvm_vhost_new (g_strdup (ip_str), g_strdup ("IP-address"));
744  args->host->vhosts = g_slist_prepend (args->host->vhosts, vhost);
745  }
746  hostnames = vhosts_to_str (args->host->vhosts);
747  if (hostnames)
748  g_message ("Testing %s (Vhosts: %s) [%d]", ip_str, hostnames, getpid ());
749  else
750  g_message ("Testing %s [%d]", ip_str, getpid ());
751  g_free (hostnames);
752  attack_host (globals, &hostip, args->host->vhosts, args->sched, kb, net_kb);
753 
754  if (!scan_is_stopped () && !all_scans_are_stopped ())
755  {
756  char key[1024];
757  struct timeval now;
758 
759  snprintf (key, sizeof (key), "internal/%s", globals->scan_id);
760  kb_item_set_str (kb, key, "finished", 0);
761 
762  gettimeofday (&now, NULL);
763  if (now.tv_usec < then.tv_usec)
764  {
765  then.tv_sec++;
766  now.tv_usec += 1000000;
767  }
768  g_message ("Finished testing %s. Time : %ld.%.2ld secs", ip_str,
769  (long) (now.tv_sec - then.tv_sec),
770  (long) ((now.tv_usec - then.tv_usec) / 10000));
771  }
772 }

References all_scans_are_stopped(), attack_host(), check_host_authorization(), attack_start_args::globals, attack_start_args::host, attack_start_args::host_kb, attack_start_args::net_kb, scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_kb_readable(), timeval(), and vhosts_to_str().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_host_authorization()

static int check_host_authorization ( gvm_host_t *  host,
const struct in6_addr *  addr,
kb_t  kb 
)
static

Definition at line 677 of file attack.c.

679 {
680  gvm_hosts_t *hosts_allow, *hosts_deny;
681  gvm_hosts_t *sys_hosts_allow, *sys_hosts_deny;
682 
683  /* Do we have the right to test this host ? */
684  hosts_allow = gvm_hosts_new (prefs_get ("hosts_allow"));
685  hosts_deny = gvm_hosts_new (prefs_get ("hosts_deny"));
686  if (!host_authorized (host, addr, hosts_allow, hosts_deny))
687  {
688  error_message_to_client2 (kb, "Host access denied.", NULL);
689  return -1;
690  }
691  sys_hosts_allow = gvm_hosts_new (prefs_get ("sys_hosts_allow"));
692  sys_hosts_deny = gvm_hosts_new (prefs_get ("sys_hosts_deny"));
693  if (!host_authorized (host, addr, sys_hosts_allow, sys_hosts_deny))
694  {
696  kb, "Host access denied (system-wide restriction.)", NULL);
697  return -1;
698  }
699 
700  gvm_hosts_free (hosts_allow);
701  gvm_hosts_free (hosts_deny);
702  gvm_hosts_free (sys_hosts_allow);
703  gvm_hosts_free (sys_hosts_deny);
704  return 0;
705 }

References error_message_to_client2(), and host_authorized().

Referenced by attack_start().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_kb_access()

static int check_kb_access ( )
static

Definition at line 945 of file attack.c.

946 {
947  int rc;
948  kb_t kb;
949 
950  rc = kb_new (&kb, prefs_get ("db_address"));
951  if (rc)
952  report_kb_failure (rc);
953  else
954  kb_delete (kb);
955 
956  return rc;
957 }

References report_kb_failure().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_new_vhosts()

static void check_new_vhosts ( )
static

Check if a plugin process pushed a new vhost value.

Parameters
kbHost scan KB.
vhostsList of vhosts to add new vhosts to.
Returns
New vhosts list.

Definition at line 475 of file attack.c.

476 {
477  char *value;
478 
479  while ((value = kb_item_pop_str (host_kb, "internal/vhosts")))
480  {
481  /* Get the source. */
482  char buffer[4096], *source;
483  gvm_vhost_t *vhost;
484 
485  g_snprintf (buffer, sizeof (buffer), "internal/source/%s", value);
486  source = kb_item_pop_str (host_kb, buffer);
487  assert (source);
488  vhost = gvm_vhost_new (value, source);
489  host_vhosts = g_slist_append (host_vhosts, vhost);
490  }
491 }

References host_kb, and host_vhosts.

Referenced by attack_host().

Here is the caller graph for this function:

◆ comm_send_status()

static int comm_send_status ( kb_t  kb,
char *  hostname,
int  curr,
int  max 
)
static

Sends the status of a host's scan.

Definition at line 156 of file attack.c.

157 {
158  char buffer[2048];
159 
160  if (!hostname || !kb)
161  return -1;
162 
163  if (strlen (hostname) > (sizeof (buffer) - 50))
164  return -1;
165 
166  snprintf (buffer, sizeof (buffer), "%d/%d", curr, max);
167  kb_item_push_str (kb, "internal/status", buffer);
168 
169  return 0;
170 }

References hostname, and max.

Referenced by attack_host(), and Ensure().

Here is the caller graph for this function:

◆ error_message_to_client2()

static void error_message_to_client2 ( kb_t  kb,
const char *  msg,
const char *  port 
)
static

Definition at line 173 of file attack.c.

174 {
175  char buf[2048];
176 
177  sprintf (buf, "ERRMSG||| |||%s||| |||%s", port ?: " ", msg ?: "No error.");
178  kb_item_push_str (kb, "internal/results", buf);
179 }

Referenced by check_host_authorization().

Here is the caller graph for this function:

◆ fork_sleep()

static void fork_sleep ( int  n)
static

Definition at line 194 of file attack.c.

195 {
196  time_t then, now;
197 
198  now = then = time (NULL);
199  while (now - then < n)
200  {
201  waitpid (-1, NULL, WNOHANG);
202  usleep (10000);
203  now = time (NULL);
204  }
205 }

Referenced by attack_host(), and attack_network().

Here is the caller graph for this function:

◆ handle_scan_stop_signal()

static void handle_scan_stop_signal ( )
static

Definition at line 960 of file attack.c.

961 {
963  global_scan_stop = 1;
964 }

References global_scan_stop, and pluginlaunch_stop().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_stop_all_scans_signal()

static void handle_stop_all_scans_signal ( )
static

Definition at line 967 of file attack.c.

968 {
970  hosts_stop_all ();
971 }

References global_stop_all_scans, and hosts_stop_all().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ host_authorized()

static int host_authorized ( const gvm_host_t *  host,
const struct in6_addr *  addr,
const gvm_hosts_t *  hosts_allow,
const gvm_hosts_t *  hosts_deny 
)
static

Definition at line 624 of file attack.c.

626 {
627  /* Check Hosts Access. */
628  if (host == NULL)
629  return 0;
630 
631  if (hosts_deny && gvm_host_in_hosts (host, addr, hosts_deny))
632  return 0;
633  if (hosts_allow && !gvm_host_in_hosts (host, addr, hosts_allow))
634  return 0;
635 
636  return 1;
637 }

Referenced by check_host_authorization().

Here is the caller graph for this function:

◆ iface_authorized()

static int iface_authorized ( const char *  iface)
static

Definition at line 857 of file attack.c.

858 {
859  const char *ifaces_list;
860 
861  if (iface == NULL)
862  return 0;
863 
864  ifaces_list = prefs_get ("ifaces_deny");
865  if (ifaces_list && str_in_comma_list (iface, ifaces_list))
866  return -1;
867  ifaces_list = prefs_get ("ifaces_allow");
868  if (ifaces_list && !str_in_comma_list (iface, ifaces_list))
869  return -1;
870  /* sys_* preferences are similar, but can't be overridden by the client. */
871  ifaces_list = prefs_get ("sys_ifaces_deny");
872  if (ifaces_list && str_in_comma_list (iface, ifaces_list))
873  return -2;
874  ifaces_list = prefs_get ("sys_ifaces_allow");
875  if (ifaces_list && !str_in_comma_list (iface, ifaces_list))
876  return -2;
877 
878  return 1;
879 }

References str_in_comma_list().

Referenced by apply_source_iface_preference().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_host_kb()

static kb_t init_host_kb ( struct scan_globals globals,
char *  ip_str,
kb_t *  network_kb 
)
static

Inits or loads the knowledge base for a single host.

Fills the knowledge base with host-specific login information for local checks if defined.

Parameters
globalsGlobal preference struct.
ip_strIP string of target host.
Returns
A knowledge base.

Definition at line 421 of file attack.c.

422 {
423  kb_t kb;
424  gchar *hostname_pattern;
425  enum net_scan_status nss;
426  const gchar *kb_path = prefs_get ("db_address");
427  int rc;
428 
429  nss = network_scan_status (globals);
430  switch (nss)
431  {
432  case NSS_DONE:
433  rc = kb_new (&kb, kb_path);
434  if (rc)
435  {
436  report_kb_failure (rc);
437  return NULL;
438  }
439 
440  hostname_pattern = g_strdup_printf ("%s/*", ip_str);
441  kb_duplicate (kb, *network_kb, hostname_pattern);
442  g_free (hostname_pattern);
443  break;
444 
445  case NSS_BUSY:
446  assert (network_kb != NULL);
447  assert (*network_kb != NULL);
448  kb = *network_kb;
449  break;
450 
451  default:
452  rc = kb_new (&kb, kb_path);
453  if (rc)
454  {
455  report_kb_failure (rc);
456  return NULL;
457  }
458  }
459 
460  return kb;
461 }

References kb_duplicate(), network_scan_status(), NSS_BUSY, NSS_DONE, and report_kb_failure().

Referenced by attack_host().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ kb_duplicate()

static int kb_duplicate ( kb_t  dst,
kb_t  src,
const gchar *  filter 
)
static

Definition at line 389 of file attack.c.

390 {
391  struct kb_item *items, *p_itm;
392 
393  items = kb_item_get_pattern (src, filter ? filter : "*");
394  for (p_itm = items; p_itm != NULL; p_itm = p_itm->next)
395  {
396  gchar *newname;
397 
398  newname = strstr (p_itm->name, "/");
399  if (newname == NULL)
400  newname = p_itm->name;
401  else
402  newname += 1; /* Skip the '/' */
403 
404  kb_item_add_str (dst, newname, p_itm->v_str, 0);
405  }
406  return 0;
407 }

Referenced by init_host_kb().

Here is the caller graph for this function:

◆ launch_plugin()

static int launch_plugin ( struct scan_globals globals,
struct scheduler_plugin plugin,
struct in6_addr *  ip,
GSList *  vhosts,
kb_t  kb 
)
static

Launches a nvt. Respects safe check preference (i.e. does not try.

destructive nvt if save_checks is yes).

Does not launch a plugin twice if !save_kb_replay.

Returns
ERR_HOST_DEAD if host died, ERR_CANT_FORK if forking failed, 0 otherwise.

Definition at line 267 of file attack.c.

269 {
270  int optimize = prefs_get_bool ("optimize_test"), pid, ret = 0;
271  char *oid, *name, *error = NULL, ip_str[INET6_ADDRSTRLEN];
272  gboolean network_scan = FALSE;
273  nvti_t *nvti;
274 
275  addr6_to_str (ip, ip_str);
276  oid = plugin->oid;
277  nvti = nvticache_get_nvt (oid);
278 
279  /* eg. When NVT was moved/removed by a feed update during the scan. */
280  if (!nvti)
281  {
282  g_message ("Plugin '%s' missing from nvticache.", oid);
284  goto finish_launch_plugin;
285  }
287  {
288  if (nvti_category (nvti) != ACT_END)
289  {
291  goto finish_launch_plugin;
292  }
293  else
294  {
295  name = nvticache_get_filename (oid);
296  g_message ("Stopped scan wrap-up: Launching %s (%s)", name, oid);
297  g_free (name);
298  }
299  }
300 
301  if (network_scan_status (globals) == NSS_BUSY)
302  network_scan = TRUE;
303 
304  if (prefs_get_bool ("safe_checks")
305  && !nvti_category_is_safe (nvti_category (nvti)))
306  {
307  if (prefs_get_bool ("log_whole_attack"))
308  {
309  name = nvticache_get_filename (oid);
310  g_message ("Not launching %s (%s) against %s because safe checks are"
311  " enabled (this is not an error)",
312  name, oid, ip_str);
313  g_free (name);
314  }
316  goto finish_launch_plugin;
317  }
318 
319  if (network_scan)
320  {
321  char asc_id[100];
322 
323  assert (oid);
324  snprintf (asc_id, sizeof (asc_id), "Launched/%s", oid);
325 
326  if (kb_item_get_int (kb, asc_id) > 0)
327  {
328  if (prefs_get_bool ("log_whole_attack"))
329  g_message ("Not launching %s against %s because it has already "
330  "been lanched in the past (this is not an error)",
331  oid, ip_str);
333  goto finish_launch_plugin;
334  }
335  else
336  kb_item_set_int (kb, asc_id, 1);
337  }
338 
339  /* Do not launch NVT if mandatory key is missing (e.g. an important tool
340  * was not found). This is ignored during network wide scanning phases. */
341  if (!network_scan && !mandatory_requirements_met (kb, nvti))
342  error = "because a mandatory key is missing";
343  if (error || (optimize && (error = requirements_plugin (kb, nvti))))
344  {
346  if (prefs_get_bool ("log_whole_attack"))
347  {
348  name = nvticache_get_filename (oid);
349  g_message (
350  "Not launching %s (%s) against %s %s (this is not an error)", name,
351  oid, ip_str, error);
352  g_free (name);
353  }
354  goto finish_launch_plugin;
355  }
356 
357  /* Stop the test if the host is 'dead' */
358  if (kb_item_get_int (kb, "Host/dead") > 0)
359  {
360  g_message ("The remote host %s is dead", ip_str);
363  ret = ERR_HOST_DEAD;
364  goto finish_launch_plugin;
365  }
366 
367  /* Start the plugin */
368  pid = plugin_launch (globals, plugin, ip, vhosts, kb, nvti);
369  if (pid < 0)
370  {
372  ret = ERR_CANT_FORK;
373  goto finish_launch_plugin;
374  }
375 
376  if (prefs_get_bool ("log_whole_attack"))
377  {
378  name = nvticache_get_filename (oid);
379  g_message ("Launching %s (%s) against %s [%d]", name, oid, ip_str, pid);
380  g_free (name);
381  }
382 
383 finish_launch_plugin:
384  nvti_free (nvti);
385  return ret;
386 }

References ACT_END, all_scans_are_stopped(), ERR_CANT_FORK, ERR_HOST_DEAD, mandatory_requirements_met(), name, network_scan_status(), NSS_BUSY, nvti_category_is_safe(), scheduler_plugin::oid, oid, pid, plugin_launch(), PLUGIN_STATUS_DONE, PLUGIN_STATUS_UNRUN, pluginlaunch_stop(), requirements_plugin(), scheduler_plugin::running_state, and scan_is_stopped().

Referenced by attack_host().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ network_scan_status()

static enum net_scan_status network_scan_status ( struct scan_globals globals)
static

Definition at line 208 of file attack.c.

209 {
210  gchar *nss;
211 
212  nss = globals->network_scan_status;
213  if (nss == NULL)
214  return NSS_NONE;
215 
216  if (g_ascii_strcasecmp (nss, "busy") == 0)
217  return NSS_BUSY;
218  else if (g_ascii_strcasecmp (nss, "done") == 0)
219  return NSS_DONE;
220  else
221  return NSS_NONE;
222 }

References scan_globals::network_scan_status, NSS_BUSY, NSS_DONE, and NSS_NONE.

Referenced by attack_network(), init_host_kb(), and launch_plugin().

Here is the caller graph for this function:

◆ nvti_category_is_safe()

static int nvti_category_is_safe ( int  category)
static

Checks that an NVT category is safe.

Parameters
categoryCategory to check.
Returns
0 if category is unsafe, 1 otherwise.

Definition at line 248 of file attack.c.

249 {
250  /* XXX: Duplicated from openvas/nasl. */
251  if (category == ACT_DESTRUCTIVE_ATTACK || category == ACT_KILL_HOST
252  || category == ACT_FLOOD || category == ACT_DENIAL)
253  return 0;
254  return 1;
255 }

References ACT_DENIAL, ACT_DESTRUCTIVE_ATTACK, ACT_FLOOD, and ACT_KILL_HOST.

Referenced by launch_plugin().

Here is the caller graph for this function:

◆ report_kb_failure()

static void report_kb_failure ( int  errcode)
static

Definition at line 182 of file attack.c.

183 {
184  gchar *msg;
185 
186  errcode = abs (errcode);
187  msg = g_strdup_printf ("WARNING: Cannot connect to KB at '%s': %s'",
188  prefs_get ("db_address"), strerror (errcode));
189  g_warning ("%s", msg);
190  g_free (msg);
191 }

Referenced by attack_network(), check_kb_access(), and init_host_kb().

Here is the caller graph for this function:

◆ scan_is_stopped()

static int scan_is_stopped ( )
static

Definition at line 227 of file attack.c.

228 {
229  return global_scan_stop;
230 }

References global_scan_stop.

Referenced by attack_host(), attack_network(), attack_start(), and launch_plugin().

Here is the caller graph for this function:

◆ set_kb_readable()

static int set_kb_readable ( int  host_kb_index)
static

Add the Host KB index to the list of readable KBs used by ospd-openvas.

Definition at line 109 of file attack.c.

110 {
111  int i = atoi (prefs_get ("ov_maindbid"));
112  kb_t main_kb = NULL;
113 
114  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
115  if (main_kb)
116  {
117  kb_item_add_int_unique (main_kb, "internal/dbindex", host_kb_index);
118  return 0;
119  }
120  g_warning ("Not possible to add the kb index %d to the list of "
121  "ready to read kb",
122  host_kb_index);
123  return -1;
124 }

Referenced by attack_start().

Here is the caller graph for this function:

◆ set_scan_status()

static void set_scan_status ( char *  status)
static

Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.

Parameters
[in]statusStatus to set.

Definition at line 133 of file attack.c.

134 {
135  int i = atoi (prefs_get ("ov_maindbid"));
136  kb_t main_kb = NULL;
137 
138  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
139  if (main_kb)
140  {
141  char buffer[96];
142  char *scan_id = kb_item_get_str (main_kb, ("internal/scanid"));
143 
144  snprintf (buffer, sizeof (buffer), "internal/%s", scan_id);
145  kb_item_set_str (main_kb, buffer, status, 0);
146 
147  return;
148  }
149  g_warning ("Not possible to set the scan as finished");
150 }

References scan_globals::scan_id.

Referenced by attack_network().

Here is the caller graph for this function:

◆ str_in_comma_list()

static int str_in_comma_list ( const char *  str,
const char *  comma_list 
)
static

Definition at line 824 of file attack.c.

825 {
826  gchar **element, **split;
827 
828  if (str == NULL || comma_list == NULL)
829  return 0;
830 
831  split = g_strsplit (comma_list, ",", 0);
832  element = split;
833  while (*element)
834  {
835  gchar *stripped = g_strstrip (*element);
836 
837  if (stripped && strcmp (stripped, str) == 0)
838  {
839  g_strfreev (split);
840  return 1;
841  }
842 
843  element++;
844  }
845 
846  g_strfreev (split);
847  return 0;
848 }

Referenced by iface_authorized().

Here is the caller graph for this function:

◆ vhosts_to_str()

static char* vhosts_to_str ( GSList *  list)
static

Definition at line 647 of file attack.c.

648 {
649  GString *string;
650 
651  if (!list)
652  return NULL;
653  string = g_string_new (((gvm_vhost_t *) list->data)->value);
654  if (g_slist_length (list) == 1)
655  return g_string_free (string, FALSE);
656  list = list->next;
657  while (list)
658  {
659  g_string_append (string, ", ");
660  g_string_append (string, ((gvm_vhost_t *) list->data)->value);
661  list = list->next;
662  }
663  return g_string_free (string, FALSE);
664 }

References list::next.

Referenced by attack_start().

Here is the caller graph for this function:

Variable Documentation

◆ global_scan_stop

int global_scan_stop = 0

◆ global_stop_all_scans

int global_stop_all_scans = 0

Definition at line 232 of file attack.c.

Referenced by all_scans_are_stopped(), and handle_stop_all_scans_signal().

◆ host_kb

kb_t host_kb = NULL
static

Definition at line 463 of file attack.c.

Referenced by attack_host(), attack_network(), and check_new_vhosts().

◆ host_vhosts

GSList* host_vhosts = NULL
static

Definition at line 464 of file attack.c.

Referenced by attack_host(), and check_new_vhosts().

kb_duplicate
static int kb_duplicate(kb_t dst, kb_t src, const gchar *filter)
Definition: attack.c:389
host_authorized
static int host_authorized(const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
Definition: attack.c:624
scan_globals::network_targets
char * network_targets
Definition: scanneraux.h:34
ACT_FLOOD
@ ACT_FLOOD
Definition: nvt_categories.h:47
ERR_HOST_DEAD
#define ERR_HOST_DEAD
Definition: attack.c:55
plugins_scheduler_stop
void plugins_scheduler_stop(plugins_scheduler_t sched)
Definition: pluginscheduler.c:501
hosts_read
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition: hosts.c:250
plugins_scheduler
Definition: pluginscheduler.c:49
launch_plugin
static int launch_plugin(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb)
Launches a nvt. Respects safe check preference (i.e. does not try.
Definition: attack.c:267
attack_start_args::host
gvm_host_t * host
Definition: attack.c:88
scheduler_plugin
Definition: pluginscheduler.h:40
attack_network
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:977
attack_start_args
Definition: attack.c:82
attack_host
static void attack_host(struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb)
Attack one host.
Definition: attack.c:497
apply_source_iface_preference
static int apply_source_iface_preference()
Definition: attack.c:889
report_kb_failure
static void report_kb_failure(int errcode)
Definition: attack.c:182
iface_authorized
static int iface_authorized(const char *iface)
Definition: attack.c:857
fork_sleep
static void fork_sleep(int n)
Definition: attack.c:194
timeval
struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:105
pid
static pid_t pid
Definition: nasl_builtin_nmap.c:499
ERR_CANT_FORK
#define ERR_CANT_FORK
Definition: attack.c:56
plugins_scheduler_free
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition: pluginscheduler.c:536
comm_send_status
static int comm_send_status(kb_t kb, char *hostname, int curr, int max)
Sends the status of a host's scan.
Definition: attack.c:156
PLUGIN_STATUS_DONE
@ PLUGIN_STATUS_DONE
Definition: pluginscheduler.h:37
plugins_scheduler_init
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int only_network)
Definition: pluginscheduler.c:310
ACT_END
@ ACT_END
Definition: nvt_categories.h:48
name
const char * name
Definition: nasl_init.c:377
plugins_scheduler_count_active
int plugins_scheduler_count_active(plugins_scheduler_t sched)
Definition: pluginscheduler.c:343
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
handle_stop_all_scans_signal
static void handle_stop_all_scans_signal()
Definition: attack.c:967
requirements_plugin
char * requirements_plugin(kb_t kb, nvti_t *nvti)
Determine if the plugin requirements are met.
Definition: plugs_req.c:264
host_vhosts
static GSList * host_vhosts
Definition: attack.c:464
NSS_NONE
@ NSS_NONE
Definition: attack.c:93
error_message_to_client2
static void error_message_to_client2(kb_t kb, const char *msg, const char *port)
Definition: attack.c:173
attack_start_args::globals
struct scan_globals * globals
Definition: attack.c:84
ACT_DENIAL
@ ACT_DENIAL
Definition: nvt_categories.h:45
scan_globals::files_translation
GHashTable * files_translation
Definition: scanneraux.h:36
hosts_init
int hosts_init(int max_hosts)
Definition: hosts.c:137
oid
const char * oid
Definition: nasl_builtin_find_service.c:57
max
#define max
Definition: nasl_wmi.c:48
scheduler_plugin::running_state
enum plugin_status running_state
Definition: pluginscheduler.h:44
network_scan_status
static enum net_scan_status network_scan_status(struct scan_globals *globals)
Definition: attack.c:208
str_in_comma_list
static int str_in_comma_list(const char *str, const char *comma_list)
Definition: attack.c:824
hosts_new
int hosts_new(char *name, kb_t kb)
Definition: hosts.c:144
KB_RETRY_DELAY
#define KB_RETRY_DELAY
Definition: attack.c:62
pluginlaunch_init
void pluginlaunch_init(const char *host)
Definition: pluginlaunch.c:265
pluginlaunch_wait
void pluginlaunch_wait(kb_t kb)
Waits and 'pushes' processes until num_running_processes is 0.
Definition: pluginlaunch.c:370
check_kb_access
static int check_kb_access()
Definition: attack.c:945
check_host_authorization
static int check_host_authorization(gvm_host_t *host, const struct in6_addr *addr, kb_t kb)
Definition: attack.c:677
set_scan_status
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition: attack.c:133
vhosts_to_str
static char * vhosts_to_str(GSList *list)
Definition: attack.c:647
create_process
pid_t create_process(process_func_t function, void *argument)
Create a new process (fork).
Definition: processes.c:97
process_func_t
void(* process_func_t)(void *)
Definition: processes.h:31
net_scan_status
net_scan_status
Definition: attack.c:91
process_alive
int process_alive(pid_t pid)
Definition: utils.c:204
scan_globals
Definition: scanneraux.h:32
PLUG_RUNNING
#define PLUG_RUNNING
Definition: pluginscheduler.h:49
host_kb
static kb_t host_kb
Definition: attack.c:463
scheduler_plugin::oid
char * oid
Definition: pluginscheduler.h:42
attack_start_args::sched
plugins_scheduler_t sched
Definition: attack.c:85
PLUGIN_STATUS_UNRUN
@ PLUGIN_STATUS_UNRUN
Definition: pluginscheduler.h:35
plugin_launch
int plugin_launch(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb, nvti_t *nvti)
Definition: pluginlaunch.c:343
scan_is_stopped
static int scan_is_stopped()
Definition: attack.c:227
scan_globals::network_scan_status
char * network_scan_status
Definition: scanneraux.h:35
init_host_kb
static kb_t init_host_kb(struct scan_globals *globals, char *ip_str, kb_t *network_kb)
Inits or loads the knowledge base for a single host.
Definition: attack.c:421
host
Host information, implemented as doubly linked list.
Definition: hosts.c:46
attack_start
static void attack_start(struct attack_start_args *args)
Set up some data and jump into attack_host()
Definition: attack.c:711
get_max_checks_number
int get_max_checks_number(void)
Definition: utils.c:174
NSS_BUSY
@ NSS_BUSY
Definition: attack.c:94
hosts_stop_all
void hosts_stop_all(void)
Definition: hosts.c:196
handle_scan_stop_signal
static void handle_scan_stop_signal()
Definition: attack.c:960
MAX_FORK_RETRIES
#define MAX_FORK_RETRIES
Definition: attack.c:58
mandatory_requirements_met
int mandatory_requirements_met(kb_t kb, nvti_t *nvti)
Check whether mandatory requirements for plugin are met.
Definition: plugs_req.c:247
pluginlaunch_wait_for_free_process
void pluginlaunch_wait_for_free_process(kb_t kb)
Waits and 'pushes' processes until the number of running processes has changed.
Definition: pluginlaunch.c:403
hostname
const char * hostname
Definition: pluginlaunch.c:76
check_new_vhosts
static void check_new_vhosts()
Check if a plugin process pushed a new vhost value.
Definition: attack.c:475
NSS_DONE
@ NSS_DONE
Definition: attack.c:95
attack_start_args::net_kb
kb_t * net_kb
Definition: attack.c:86
get_max_hosts_number
int get_max_hosts_number(void)
Definition: utils.c:143
ACT_KILL_HOST
@ ACT_KILL_HOST
Definition: nvt_categories.h:46
all_scans_are_stopped
static int all_scans_are_stopped()
Definition: attack.c:235
pluginlaunch_stop
void pluginlaunch_stop()
Definition: pluginlaunch.c:302
nvti_category_is_safe
static int nvti_category_is_safe(int category)
Checks that an NVT category is safe.
Definition: attack.c:248
list::next
struct list * next
Definition: nasl_builtin_synscan.c:265
hosts_set_pid
int hosts_set_pid(char *name, pid_t pid)
Definition: hosts.c:169
hosts
static struct host * hosts
Definition: hosts.c:58
ACT_DESTRUCTIVE_ATTACK
@ ACT_DESTRUCTIVE_ATTACK
Definition: nvt_categories.h:44
scan_globals::scan_id
char * scan_id
Definition: scanneraux.h:38
set_kb_readable
static int set_kb_readable(int host_kb_index)
Add the Host KB index to the list of readable KBs used by ospd-openvas.
Definition: attack.c:109
attack_start_args::host_kb
kb_t host_kb
Definition: attack.c:87
global_stop_all_scans
int global_stop_all_scans
Definition: attack.c:232
plugins_scheduler_next
struct scheduler_plugin * plugins_scheduler_next(plugins_scheduler_t h)
Definition: pluginscheduler.c:444
network_targets
tree_cell * network_targets(lex_ctxt *lexic)
Definition: nasl_scanner_glue.c:635
global_scan_stop
int global_scan_stop
Definition: attack.c:224
list
Definition: nasl_builtin_synscan.c:259
apply_hosts_preferences
static void apply_hosts_preferences(gvm_hosts_t *hosts)
Definition: attack.c:775