OpenVAS Scanner  7.0.0~git
nasl_builtin_plugins.h File Reference

Header file for built-in plugins. More...

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellplugin_run_find_service (lex_ctxt *)
 
tree_cellplugin_run_openvas_tcp_scanner (lex_ctxt *)
 
tree_cellplugin_run_synscan (lex_ctxt *)
 
tree_cellplugin_run_nmap (lex_ctxt *)
 Run the nmap_net subsystem. More...
 

Detailed Description

Header file for built-in plugins.

Definition in file nasl_builtin_plugins.h.

Function Documentation

◆ plugin_run_find_service()

tree_cell* plugin_run_find_service ( lex_ctxt )

Definition at line 2373 of file nasl_builtin_find_service.c.

2374 {
2375  struct script_infos *desc = lexic->script_infos;
2376 
2377  oid = lexic->oid;
2378 
2379  kb_t kb = plug_get_kb (desc);
2380  struct kb_item *kbitem, *kbitem_tmp;
2381 
2382  GSList *sons_args[MAX_SONS];
2383  int num_ports = 0;
2384  char *num_sons_s;
2385  int num_sons = 6;
2386  int port_per_son;
2387  int i;
2388  int test_ssl = 1;
2389  char *key = get_plugin_preference (oid, KEY_FILE);
2390  char *cert = get_plugin_preference (oid, CERT_FILE);
2391  char *pempass = get_plugin_preference (oid, PEM_PASS);
2392  char *cafile = get_plugin_preference (oid, CA_FILE);
2393  char *test_ssl_s = get_plugin_preference (oid, TEST_SSL_PREF);
2394 
2395  if (key && key[0] != '\0')
2396  key = (char *) get_plugin_preference_fname (desc, key);
2397  else
2398  key = NULL;
2399 
2400  if (cert && cert[0] != '\0')
2401  cert = (char *) get_plugin_preference_fname (desc, cert);
2402  else
2403  cert = NULL;
2404 
2405  if (cafile && cafile[0] != '\0')
2406  cafile = (char *) get_plugin_preference_fname (desc, cafile);
2407  else
2408  cafile = NULL;
2409 
2410  if (test_ssl_s != NULL)
2411  {
2412  if (strcmp (test_ssl_s, "None") == 0)
2413  test_ssl = 0;
2414  }
2415  g_free (test_ssl_s);
2416  if (key || cert)
2417  {
2418  if (!key)
2419  key = cert;
2420  if (!cert)
2421  cert = key;
2422  plug_set_ssl_cert (desc, cert);
2423  plug_set_ssl_key (desc, key);
2424  }
2425  if (pempass != NULL)
2426  plug_set_ssl_pem_password (desc, pempass);
2427  if (cafile != NULL)
2428  plug_set_ssl_CA_file (desc, cafile);
2429 
2430  signal (SIGTERM, sigterm);
2431  signal (SIGCHLD, sigchld);
2432  num_sons_s = get_plugin_preference (oid, NUM_CHILDREN);
2433  if (num_sons_s != NULL)
2434  num_sons = atoi (num_sons_s);
2435  g_free (num_sons_s);
2436 
2437  if (num_sons <= 0)
2438  num_sons = 6;
2439 
2440  if (num_sons > MAX_SONS)
2441  num_sons = MAX_SONS;
2442 
2443  for (i = 0; i < num_sons; i++)
2444  {
2445  sons[i] = 0;
2446  sons_args[i] = NULL;
2447  }
2448 
2449  if (kb == NULL)
2450  return NULL; // TODO: in old days returned "1". Still relevant?
2451 
2452  kbitem = kb_item_get_pattern (kb, "Ports/tcp/*");
2453 
2454  /* count the number of open TCP ports */
2455  kbitem_tmp = kbitem;
2456  while (kbitem_tmp != NULL)
2457  {
2458  num_ports++;
2459  kbitem_tmp = kbitem_tmp->next;
2460  }
2461 
2462  port_per_son = num_ports / num_sons;
2463 
2464  /* The next two loops distribute the ports across a number of 'sons'.
2465  */
2466 
2467  kbitem_tmp = kbitem;
2468 
2469  for (i = 0; i < num_sons; i = i + 1)
2470  {
2471  int j;
2472 
2473  if (kbitem_tmp != NULL)
2474  {
2475  for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2476  {
2477  sons_args[i] =
2478  g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2479  j++;
2480  kbitem_tmp = kbitem_tmp->next;
2481  }
2482  }
2483  else
2484  break;
2485  }
2486 
2487  for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2488  {
2489  sons_args[i] =
2490  g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2491  i++;
2492  kbitem_tmp = kbitem_tmp->next;
2493  }
2494 
2495  kb_item_free (kbitem);
2496 
2497  for (i = 0; i < num_sons; i++)
2498  if (sons_args[i] == NULL)
2499  break;
2500 
2501  num_sons = i;
2502 
2503  for (i = 0; i < num_sons; i++)
2504  {
2505  usleep (5000);
2506  if (sons_args[i] != NULL)
2507  {
2508  sons[i] = fork ();
2509  if (sons[i] == 0)
2510  {
2511  kb_lnk_reset (kb);
2512  nvticache_reset ();
2513  signal (SIGTERM, _exit);
2514  plugin_do_run (desc, sons_args[i], test_ssl);
2515  exit (0);
2516  }
2517  else
2518  {
2519  if (sons[i] < 0)
2520  sons[i] = 0; /* Fork failed */
2521  }
2522  g_slist_free_full (sons_args[i], g_free);
2523  }
2524  }
2525 
2526  for (;;)
2527  {
2528  int flag = 0;
2529 
2530  for (i = 0; i < num_sons; i++)
2531  {
2532  if (sons[i] != 0)
2533  {
2534  while (waitpid (sons[i], NULL, WNOHANG) && errno == EINTR)
2535  ;
2536 
2537  if (kill (sons[i], 0) >= 0)
2538  flag++;
2539  }
2540  }
2541 
2542  if (flag == 0)
2543  break;
2544  usleep (100000);
2545  }
2546 
2547  return NULL;
2548 }

References CA_FILE, CERT_FILE, get_plugin_preference(), get_plugin_preference_fname(), KEY_FILE, MAX_SONS, NUM_CHILDREN, struct_lex_ctxt::oid, oid, PEM_PASS, plug_get_kb(), plug_set_ssl_CA_file(), plug_set_ssl_cert(), plug_set_ssl_key(), plug_set_ssl_pem_password(), plugin_do_run(), struct_lex_ctxt::script_infos, sigchld(), sigterm(), sons, and TEST_SSL_PREF.

Here is the call graph for this function:

◆ plugin_run_nmap()

tree_cell* plugin_run_nmap ( lex_ctxt lexic)

Run the nmap_net subsystem.

Parameters
[in]lexicNASL state.
Returns
NULL on error, FAKE_CELL on success.

Definition at line 509 of file nasl_builtin_nmap.c.

510 {
511  nmap_t *nmap;
512 
513  g_debug ("Starting Nmap builtin wrapper\n");
514 
515  /* Initialize our nmap handler */
516  if ((nmap = nmap_create (lexic)) == NULL)
517  {
518  g_debug ("Unable to initialize Nmap\n");
519  return NULL;
520  }
521 
522  /* Execute nmap and store results */
523  nmap_run_and_parse (nmap);
524 
525  /* release resources */
526  nmap_destroy (nmap);
527 
528  return FAKE_CELL;
529 }

References FAKE_CELL, nmap_create(), nmap_destroy(), and nmap_run_and_parse().

Here is the call graph for this function:

◆ plugin_run_openvas_tcp_scanner()

tree_cell* plugin_run_openvas_tcp_scanner ( lex_ctxt )

Definition at line 1060 of file nasl_builtin_openvas_tcp_scanner.c.

1061 {
1062  struct script_infos *desc = lexic->script_infos;
1063  const char *port_range = prefs_get ("port_range");
1064  const char *p;
1065  struct in6_addr *p_addr;
1066  unsigned int timeout = 0, max_cnx, min_cnx, x;
1067  int safe_checks = prefs_get_bool ("safe_checks");
1068 
1069  p = prefs_get ("checks_read_timeout");
1070  if (p != NULL)
1071  timeout = atoi (p);
1072  if (timeout <= 0)
1073  timeout = 5;
1074  {
1075  int max_host = 0, max_checks = 0, cur_sys_fd = 0, max_sys_fd = 0;
1076  struct rlimit rlim;
1077  FILE *fp;
1078  int i;
1079  double loadavg[3], maxloadavg = -1.0;
1080  int stderr_fd = dup (2);
1081  int devnull_fd = open ("/dev/null", O_WRONLY);
1082  /* Avoid error messages from sysctl */
1083  if (devnull_fd <= 0)
1084  {
1085  if (stderr_fd != -1)
1086  close (stderr_fd);
1087  return NULL;
1088  }
1089  dup2 (devnull_fd, 2);
1090 
1091  p = prefs_get ("max_hosts");
1092  if (p != NULL)
1093  max_host = atoi (p);
1094  if (max_host <= 0)
1095  max_host = 15;
1096 
1097  p = prefs_get ("max_checks");
1098  if (p != NULL)
1099  max_checks = atoi (p);
1100  if (max_checks <= 0 || max_checks > 5)
1101  {
1102  max_checks = 5; /* bigger values do not make sense */
1103  g_debug ("openvas_tcp_scanner: max_checks forced to %d", max_checks);
1104  }
1105 
1106  min_cnx = 8 * max_checks;
1107  if (safe_checks)
1108  max_cnx = 24 * max_checks;
1109  else
1110  max_cnx = 80 * max_checks;
1111 
1112  getloadavg (loadavg, 3);
1113  for (i = 0; i < 3; i++)
1114  if (loadavg[i] > maxloadavg)
1115  maxloadavg = loadavg[i];
1116 
1117  if (max_sys_fd <= 0)
1118  {
1119  fp = popen ("sysctl fs.file-nr", "r");
1120  if (fp != NULL)
1121  {
1122  if (fscanf (fp, "%*s = %*d %d %d", &cur_sys_fd, &max_sys_fd) == 1)
1123  max_sys_fd -= cur_sys_fd;
1124  else
1125  max_sys_fd = 0;
1126  pclose (fp);
1127  }
1128  }
1129  if (max_sys_fd <= 0)
1130  {
1131  fp = popen ("sysctl fs.file-max", "r");
1132  if (fp != NULL)
1133  {
1134  if (fscanf (fp, "%*s = %d", &max_sys_fd) < 1)
1135  max_sys_fd = 0;
1136  pclose (fp);
1137  }
1138  }
1139 
1140  if (max_sys_fd <= 0)
1141  {
1142  fp = popen ("sysctl kern.maxfiles", "r");
1143  if (fp != NULL)
1144  {
1145  if (fscanf (fp, "%*s = %d", &max_sys_fd) < 1)
1146  max_sys_fd = 0;
1147  pclose (fp);
1148  }
1149  }
1150 
1151  /* Restore stderr */
1152  close (devnull_fd);
1153  dup2 (stderr_fd, 2);
1154  close (stderr_fd);
1155 
1156  if (maxloadavg >= 0.0)
1157  max_cnx /= (1.0 + maxloadavg);
1158 
1159  if (max_sys_fd <= 0)
1160  max_sys_fd = 16384; /* reasonable default */
1161  /* Let's leave at least 1024 FD for other processes */
1162  if (max_sys_fd < 1024)
1163  x = GRAB_MIN_SOCK;
1164  else
1165  {
1166  max_sys_fd -= 1024;
1167  x = max_sys_fd / max_host;
1168  }
1169  if (max_cnx > x)
1170  max_cnx = x;
1171  if (max_cnx > GRAB_MAX_SOCK)
1172  max_cnx = GRAB_MAX_SOCK;
1173  if (max_cnx < GRAB_MIN_SOCK)
1174  max_cnx = GRAB_MIN_SOCK;
1175 
1176  if (safe_checks && max_cnx > GRAB_MAX_SOCK_SAFE)
1177  max_cnx = GRAB_MAX_SOCK_SAFE;
1178 
1179  if (getrlimit (RLIMIT_NOFILE, &rlim) < 0)
1180  perror ("getrlimit(RLIMIT_NOFILE)");
1181  else
1182  {
1183  /* value = one greater than the maximum file descriptor number */
1184  if (rlim.rlim_cur != RLIM_INFINITY && max_cnx >= rlim.rlim_cur)
1185  max_cnx = rlim.rlim_cur - 1;
1186  }
1187  x = max_cnx / 2;
1188  if (min_cnx > x)
1189  min_cnx = x > 0 ? x : 1;
1190  }
1191 
1192  p_addr = desc->ip;
1193  if (p_addr == NULL)
1194  return NULL; // TODO: before it returned "1";
1195  if (banner_grab (p_addr, port_range, timeout, min_cnx, max_cnx, desc) < 0)
1196  return NULL; // TODO: before it returned "1";
1197  plug_set_key (desc, "Host/scanned", ARG_INT, (void *) 1);
1198  plug_set_key (desc, "Host/scanners/openvas_tcp_scanner", ARG_INT, (void *) 1);
1199  return NULL;
1200 }

References ARG_INT, banner_grab(), GRAB_MAX_SOCK, GRAB_MAX_SOCK_SAFE, GRAB_MIN_SOCK, script_infos::ip, plug_set_key(), safe_checks(), and struct_lex_ctxt::script_infos.

Here is the call graph for this function:

◆ plugin_run_synscan()

tree_cell* plugin_run_synscan ( lex_ctxt )

Definition at line 782 of file nasl_builtin_synscan.c.

783 {
784  struct script_infos *env = lexic->script_infos;
785  unsigned long rtt;
786  struct in6_addr *dst6 = plug_get_host_ip (env);
787  struct in_addr *dst;
788  struct in_addr inaddr;
789 
790  inaddr.s_addr = dst6->s6_addr32[3];
791  dst = &inaddr;
792 
793  if (islocalhost (dst))
794  return NULL;
795 
796  rtt = htonl (1 << 28);
797 
798  const char *range = prefs_get ("port_range");
799  scan (env, (char *) range, dst6, rtt);
800  plug_set_key (env, "Host/scanned", ARG_INT, (void *) 1);
801  plug_set_key (env, "Host/scanners/synscan", ARG_INT, (void *) 1);
802  return NULL;
803 }

References ARG_INT, islocalhost(), plug_get_host_ip(), plug_set_key(), scan(), and struct_lex_ctxt::script_infos.

Here is the call graph for this function:
script_infos::ip
struct in6_addr * ip
Definition: scanneraux.h:51
script_infos
Definition: scanneraux.h:43
KEY_FILE
#define KEY_FILE
Definition: nasl_builtin_find_service.c:41
MAX_SONS
#define MAX_SONS
Definition: nasl_builtin_find_service.c:2342
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:285
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:627
sons
static pid_t sons[MAX_SONS]
Definition: nasl_builtin_find_service.c:2344
GRAB_MAX_SOCK_SAFE
#define GRAB_MAX_SOCK_SAFE
Definition: nasl_builtin_openvas_tcp_scanner.c:59
nmap_destroy
static void nmap_destroy(nmap_t *nmap)
Release a nmap handler and associated resources.
Definition: nasl_builtin_nmap.c:582
plug_set_ssl_key
void plug_set_ssl_key(struct script_infos *args, char *key)
Definition: plugutils.c:884
plugin_do_run
static int plugin_do_run(struct script_infos *desc, GSList *h, int test_ssl)
Definition: nasl_builtin_find_service.c:1482
GRAB_MAX_SOCK
#define GRAB_MAX_SOCK
Definition: nasl_builtin_openvas_tcp_scanner.c:46
FAKE_CELL
#define FAKE_CELL
Definition: nasl_tree.h:119
plug_set_ssl_CA_file
void plug_set_ssl_CA_file(struct script_infos *args, char *key)
Definition: plugutils.c:900
nmap_create
static nmap_t * nmap_create(lex_ctxt *lexic)
Instantiate a new nmap handler, rebuild command line or open XML file to parse.
Definition: nasl_builtin_nmap.c:540
nmap_t
Main nmap execution handler.
Definition: nasl_builtin_nmap.c:293
scan
int scan(struct script_infos *env, char *portrange, struct in6_addr *dst6, unsigned long rtt)
Definition: nasl_builtin_synscan.c:680
oid
const char * oid
Definition: nasl_builtin_find_service.c:57
nmap_run_and_parse
static int nmap_run_and_parse(nmap_t *nmap)
Run nmap and parse its XML output (or load an external file if requested).
Definition: nasl_builtin_nmap.c:1099
islocalhost
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition: pcap.c:268
safe_checks
tree_cell * safe_checks(lex_ctxt *lexic)
Definition: nasl_scanner_glue.c:602
PEM_PASS
#define PEM_PASS
Definition: nasl_builtin_find_service.c:42
get_plugin_preference_fname
const char * get_plugin_preference_fname(struct script_infos *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
Definition: plugutils.c:455
ARG_INT
#define ARG_INT
Definition: plugutils.h:34
sigterm
static void sigterm(int s)
Definition: nasl_builtin_find_service.c:2347
CERT_FILE
#define CERT_FILE
Definition: nasl_builtin_find_service.c:40
CA_FILE
#define CA_FILE
Definition: nasl_builtin_find_service.c:43
plug_set_ssl_cert
void plug_set_ssl_cert(struct script_infos *args, char *cert)
Definition: plugutils.c:878
plug_set_ssl_pem_password
void plug_set_ssl_pem_password(struct script_infos *args, char *key)
Definition: plugutils.c:890
plug_set_key
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
Definition: plugutils.c:585
get_plugin_preference
char * get_plugin_preference(const char *oid, const char *name)
Definition: plugutils.c:396
banner_grab
static int banner_grab(const struct in6_addr *pia, const char *portrange, const int read_timeout, int min_cnx, int max_cnx, struct script_infos *desc)
Definition: nasl_builtin_openvas_tcp_scanner.c:155
sigchld
static void sigchld(int s)
Definition: nasl_builtin_find_service.c:2361
TEST_SSL_PREF
#define TEST_SSL_PREF
Definition: nasl_builtin_find_service.c:47
NUM_CHILDREN
#define NUM_CHILDREN
Definition: nasl_builtin_find_service.c:49
GRAB_MIN_SOCK
#define GRAB_MIN_SOCK
Definition: nasl_builtin_openvas_tcp_scanner.c:52