Greenbone Vulnerability Management Libraries  11.0.0
serverutils.c File Reference

GnuTLS based functions for server communication. More...

#include "serverutils.h"
#include "../base/hosts.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <gcrypt.h>
#include <glib.h>
#include <gnutls/x509.h>
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
Include dependency graph for serverutils.c:

Go to the source code of this file.

Macros

#define _GNU_SOURCE
 
#define G_LOG_DOMAIN   "lib serv"
 GLib log domain. More...
 

Functions

static int server_attach_internal (int socket, gnutls_session_t *session, const char *host, int port)
 Attach a socket to a session, and shake hands with the peer. More...
 
static int server_new_internal (unsigned int end_type, const char *priority, const gchar *ca_cert_file, const gchar *cert_file, const gchar *key_file, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
 Make a session for connecting to a server. More...
 
static int close_unix (gvm_connection_t *client_connection)
 Close UNIX socket connection. More...
 
void gvm_connection_free (gvm_connection_t *client_connection)
 Free connection. More...
 
int gvm_server_verify (gnutls_session_t session)
 Verify certificate. More...
 
int load_gnutls_file (const char *file, gnutls_datum_t *loaded_file)
 Loads a file's data into gnutls_datum_t struct. More...
 
void unload_gnutls_file (gnutls_datum_t *data)
 Unloads a gnutls_datum_t struct's data. More...
 
static void set_cert_pub_mem (const char *data)
 Save cert_pub_mem with public certificate. More...
 
static void set_cert_priv_mem (const char *data)
 Save cert_priv_mem with private certificate. More...
 
static const char * get_cert_priv_mem ()
 Get private certificate from cert_priv_mem. More...
 
static const char * get_cert_pub_mem ()
 Get public certificate from cert_pub_mem. More...
 
static int client_cert_callback (gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t *sign_algos, int sign_algos_length, gnutls_retr2_st *st)
 Callback function to be called in order to retrieve the certificate to be used in the handshake. More...
 
int gvm_server_open_verify (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem, int verify)
 Connect to the server using a given host, port and cert. More...
 
int gvm_server_open_with_cert (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem)
 Connect to the server using a given host, port and cert. More...
 
int gvm_server_open (gnutls_session_t *session, const char *host, int port)
 Connect to the server using a given host and port. More...
 
int gvm_server_close (int socket, gnutls_session_t session)
 Close a server connection and its socket. More...
 
void gvm_connection_close (gvm_connection_t *connection)
 Close a server connection and its socket. More...
 
int gvm_server_attach (int socket, gnutls_session_t *session)
 Attach a socket to a session, and shake hands with the peer. More...
 
static int gvm_server_vsendf_internal (gnutls_session_t *session, const char *fmt, va_list ap, int quiet)
 Send a string to the server. More...
 
static int unix_vsendf_internal (int socket, const char *fmt, va_list ap, int quiet)
 Send a string to the server. More...
 
static int gvm_connection_vsendf_internal (gvm_connection_t *connection, const char *fmt, va_list ap, int quiet)
 Send a string to the connection. More...
 
int gvm_server_vsendf (gnutls_session_t *session, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int gvm_socket_vsendf (int socket, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int gvm_connection_vsendf (gvm_connection_t *connection, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int gvm_server_vsendf_quiet (gnutls_session_t *session, const char *fmt, va_list ap)
 Send a string to the server, refraining from logging besides warnings. More...
 
int gvm_connection_vsendf_quiet (gvm_connection_t *connection, const char *fmt, va_list ap)
 Send a string to the server, refraining from logging besides warnings. More...
 
int gvm_server_sendf (gnutls_session_t *session, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_connection_sendf (gvm_connection_t *connection, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_server_sendf_quiet (gnutls_session_t *session, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_connection_sendf_quiet (gvm_connection_t *connection, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_server_sendf_xml (gnutls_session_t *session, const char *format,...)
 Format and send an XML string to the server. More...
 
int gvm_connection_sendf_xml (gvm_connection_t *connection, const char *format,...)
 Format and send an XML string to the server. More...
 
int gvm_server_sendf_xml_quiet (gnutls_session_t *session, const char *format,...)
 Format and send an XML string to the server. More...
 
int gvm_connection_sendf_xml_quiet (gvm_connection_t *connection, const char *format,...)
 Format and send an XML string to the server. More...
 
static int server_new_gnutls_init (gnutls_certificate_credentials_t *server_credentials)
 Initialize a server session. More...
 
static int server_new_gnutls_set (unsigned int end_type, const char *priority, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
 Set the server credencials. More...
 
int gvm_server_new (unsigned int end_type, gchar *ca_cert_file, gchar *cert_file, gchar *key_file, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
 Make a session for connecting to a server. More...
 
int gvm_server_new_mem (unsigned int end_type, const char *ca_cert, const char *pub_key, const char *priv_key, gnutls_session_t *session, gnutls_certificate_credentials_t *credentials)
 Make a session for connecting to a server, with certificates stored in memory. More...
 
int set_gnutls_dhparams (gnutls_certificate_credentials_t creds, const char *dhparams_file)
 Set a gnutls session's Diffie-Hellman parameters. More...
 
int gvm_server_free (int server_socket, gnutls_session_t server_session, gnutls_certificate_credentials_t server_credentials)
 Cleanup a server session. More...
 

Variables

struct sockaddr_in address
 Server address. More...
 
static char * cert_pub_mem = NULL
 
static char * cert_priv_mem = NULL
 

Detailed Description

GnuTLS based functions for server communication.

This library supplies low-level communication functions for communication with a server over GnuTLS.

Definition in file serverutils.c.

Macro Definition Documentation

◆ _GNU_SOURCE

#define _GNU_SOURCE

Definition at line 28 of file serverutils.c.

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib serv"

GLib log domain.

Definition at line 52 of file serverutils.c.

Function Documentation

◆ client_cert_callback()

static int client_cert_callback ( gnutls_session_t  session,
const gnutls_datum_t *  req_ca_rdn,
int  nreqs,
const gnutls_pk_algorithm_t *  sign_algos,
int  sign_algos_length,
gnutls_retr2_st *  st 
)
static

Callback function to be called in order to retrieve the certificate to be used in the handshake.

Parameters
[in]sessionPointer to GNUTLS session. Not in used. Can be NULL.
[in]req_ca_rdnContains a list with the CA names that the server considers trusted. Not in used. Can be NULL.
[in]nreqsNumber of CA requested. Not in used. Can be NULL.
[in]sign_algoscontains a list with server's acceptable public key algorithms. Not in used. Can be NULL.
[in]sign_algos_lengthAlgos list length. Not in used. Can be NULL.
[out]stShould contain the certificates and private keys
Returns
0 on success, non-null otherwise.

Definition at line 275 of file serverutils.c.

279 {
280  int ret;
281  gnutls_datum_t data;
282  static gnutls_x509_crt_t crt;
283  static gnutls_x509_privkey_t key;
284 
285  (void) session;
286  (void) req_ca_rdn;
287  (void) nreqs;
288  (void) sign_algos;
289  (void) sign_algos_length;
290  data.data = (unsigned char *) g_strdup (get_cert_pub_mem ());
291  data.size = strlen (get_cert_pub_mem ());
292  gnutls_x509_crt_init (&crt);
293  ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM);
294  g_free (data.data);
295  if (ret)
296  return ret;
297  st->cert.x509 = &crt;
298  st->cert_type = GNUTLS_CRT_X509;
299  st->ncerts = 1;
300 
301  data.data = (unsigned char *) g_strdup (get_cert_priv_mem ());
302  data.size = strlen (get_cert_priv_mem ());
303  gnutls_x509_privkey_init (&key);
304  ret = gnutls_x509_privkey_import (key, &data, GNUTLS_X509_FMT_PEM);
305  g_free (data.data);
306  if (ret)
307  return ret;
308  st->key.x509 = key;
309  st->key_type = GNUTLS_PRIVKEY_X509;
310  return 0;
311 }

References get_cert_priv_mem(), and get_cert_pub_mem().

Referenced by gvm_server_open_verify().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ close_unix()

static int close_unix ( gvm_connection_t client_connection)
static

Close UNIX socket connection.

Parameters
[in]client_connectionClient connection.
Returns
0 success, -1 error.

Definition at line 76 of file serverutils.c.

77 {
78  /* Turn off blocking. */
79  if (fcntl (client_connection->socket, F_SETFL, O_NONBLOCK) == -1)
80  {
81  g_warning ("%s: failed to set server socket flag: %s\n", __FUNCTION__,
82  strerror (errno));
83  return -1;
84  }
85 
86  if (shutdown (client_connection->socket, SHUT_RDWR) == -1)
87  {
88  if (errno == ENOTCONN)
89  return 0;
90  g_warning ("%s: failed to shutdown server socket: %s\n", __FUNCTION__,
91  strerror (errno));
92  return -1;
93  }
94 
95  if (close (client_connection->socket) == -1)
96  {
97  g_warning ("%s: failed to close server socket: %s\n", __FUNCTION__,
98  strerror (errno));
99  return -1;
100  }
101 
102  return 0;
103 }

References gvm_connection_t::socket.

Referenced by gvm_connection_free().

Here is the caller graph for this function:

◆ get_cert_priv_mem()

static const char* get_cert_priv_mem ( )
static

Get private certificate from cert_priv_mem.

Returns
The DER or PEM encoded certificate.

Definition at line 246 of file serverutils.c.

247 {
248  return cert_priv_mem;
249 }

References cert_priv_mem.

Referenced by client_cert_callback().

Here is the caller graph for this function:

◆ get_cert_pub_mem()

static const char* get_cert_pub_mem ( )
static

Get public certificate from cert_pub_mem.

Returns
The DER or PEM encoded certificate.

Definition at line 256 of file serverutils.c.

257 {
258  return cert_pub_mem;
259 }

References cert_pub_mem.

Referenced by client_cert_callback().

Here is the caller graph for this function:

◆ gvm_connection_close()

void gvm_connection_close ( gvm_connection_t connection)

Close a server connection and its socket.

Parameters
[in]connectionConnection.
Returns
0 on success, -1 on error.

Definition at line 520 of file serverutils.c.

521 {
522  gvm_connection_free (connection);
523 }

References gvm_connection_free().

Here is the call graph for this function:

◆ gvm_connection_free()

void gvm_connection_free ( gvm_connection_t client_connection)

Free connection.

Parameters
[in]client_connectionConnection.

Definition at line 111 of file serverutils.c.

112 {
113  if (client_connection->tls)
114  gvm_server_free (client_connection->socket, client_connection->session,
115  client_connection->credentials);
116  else
117  close_unix (client_connection);
118 }

References close_unix(), gvm_connection_t::credentials, gvm_server_free(), gvm_connection_t::session, gvm_connection_t::socket, and gvm_connection_t::tls.

Referenced by gvm_connection_close().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_connection_sendf()

int gvm_connection_sendf ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 839 of file serverutils.c.

840 {
841  va_list ap;
842  int rc;
843 
844  va_start (ap, format);
845  rc = gvm_connection_vsendf (connection, format, ap);
846  va_end (ap);
847  return rc;
848 }

References gvm_connection_vsendf().

Referenced by gmp_ping_c(), gmp_resume_task_report_c(), gmp_start_task_report_c(), gmp_stop_task_c(), and gvm_connection_sendf_xml().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_connection_sendf_quiet()

int gvm_connection_sendf_quiet ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 879 of file serverutils.c.

881 {
882  va_list ap;
883  int rc;
884 
885  va_start (ap, format);
886  rc = gvm_connection_vsendf_quiet (connection, format, ap);
887  va_end (ap);
888  return rc;
889 }

References gvm_connection_vsendf_quiet().

Referenced by gvm_connection_sendf_xml_quiet().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_connection_sendf_xml()

int gvm_connection_sendf_xml ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 927 of file serverutils.c.

928 {
929  va_list ap;
930  gchar *msg;
931  int rc;
932 
933  va_start (ap, format);
934  msg = g_markup_vprintf_escaped (format, ap);
935  rc = gvm_connection_sendf (connection, "%s", msg);
936  g_free (msg);
937  va_end (ap);
938  return rc;
939 }

References gvm_connection_sendf().

Here is the call graph for this function:

◆ gvm_connection_sendf_xml_quiet()

int gvm_connection_sendf_xml_quiet ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 981 of file serverutils.c.

983 {
984  va_list ap;
985  gchar *msg;
986  int rc;
987 
988  va_start (ap, format);
989  msg = g_markup_vprintf_escaped (format, ap);
990  rc = gvm_connection_sendf_quiet (connection, "%s", msg);
991  g_free (msg);
992  va_end (ap);
993  return rc;
994 }

References gvm_connection_sendf_quiet().

Referenced by gmp_authenticate_info_ext_c().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_connection_vsendf()

int gvm_connection_vsendf ( gvm_connection_t connection,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]connectionConnection.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 773 of file serverutils.c.

775 {
776  return gvm_connection_vsendf_internal (connection, fmt, ap, 0);
777 }

References gvm_connection_vsendf_internal().

Referenced by gvm_connection_sendf().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_connection_vsendf_internal()

static int gvm_connection_vsendf_internal ( gvm_connection_t connection,
const char *  fmt,
va_list  ap,
int  quiet 
)
static

Send a string to the connection.

Parameters
[in]connectionConnection.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
[in]quietWhether to log debug and info messages. Useful for hiding passwords.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 725 of file serverutils.c.

727 {
728  if (connection->tls)
729  return gvm_server_vsendf_internal (&connection->session, fmt, ap, quiet);
730  return unix_vsendf_internal (connection->socket, fmt, ap, quiet);
731 }

References gvm_server_vsendf_internal(), gvm_connection_t::session, gvm_connection_t::socket, gvm_connection_t::tls, and unix_vsendf_internal().

Referenced by gvm_connection_vsendf(), and gvm_connection_vsendf_quiet().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_connection_vsendf_quiet()

int gvm_connection_vsendf_quiet ( gvm_connection_t connection,
const char *  fmt,
va_list  ap 
)

Send a string to the server, refraining from logging besides warnings.

Parameters
[in]connectionConnection.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 804 of file serverutils.c.

806 {
807  return gvm_connection_vsendf_internal (connection, fmt, ap, 1);
808 }

References gvm_connection_vsendf_internal().

Referenced by gvm_connection_sendf_quiet().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_attach()

int gvm_server_attach ( int  socket,
gnutls_session_t *  session 
)

Attach a socket to a session, and shake hands with the peer.

Parameters
[in]socketSocket.
[in]sessionPointer to GNUTLS session. FIXME: Why is this a pointer to a session?
Returns
0 on success, -1 on error.

Definition at line 585 of file serverutils.c.

586 {
587  int ret;
588 
589  ret = server_attach_internal (socket, session, NULL, 0);
590  return ret ? -1 : 0;
591 }

References server_attach_internal().

Here is the call graph for this function:

◆ gvm_server_close()

int gvm_server_close ( int  socket,
gnutls_session_t  session 
)

Close a server connection and its socket.

Parameters
[in]socketSocket connected to server.
[in]sessionGNUTLS session with server.
Returns
0 on success, -1 on error.

Definition at line 507 of file serverutils.c.

508 {
509  return gvm_server_free (socket, session, NULL);
510 }

References gvm_server_free().

Referenced by osp_connection_close().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_free()

int gvm_server_free ( int  server_socket,
gnutls_session_t  server_session,
gnutls_certificate_credentials_t  server_credentials 
)

Cleanup a server session.

This shuts down the TLS session, closes the socket and releases the TLS resources.

Parameters
[in]server_socketThe socket connected to the server.
[in]server_sessionThe session with the server.
[in]server_credentialsCredentials or NULL.
Returns
0 success, -1 error.

Definition at line 1273 of file serverutils.c.

1275 {
1276  /* Turn off blocking. */
1277  // FIX get flags first
1278  if (fcntl (server_socket, F_SETFL, O_NONBLOCK) == -1)
1279  {
1280  g_warning ("%s: failed to set server socket flag: %s\n", __FUNCTION__,
1281  strerror (errno));
1282  return -1;
1283  }
1284 
1285  while (1)
1286  {
1287  int ret = gnutls_bye (server_session, GNUTLS_SHUT_WR);
1288  if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
1289  {
1290  continue;
1291  }
1292  if (ret)
1293  {
1294  g_debug (" Failed to gnutls_bye: %s\n",
1295  gnutls_strerror ((int) ret));
1296  /* Carry on successfully anyway, as this often fails, perhaps
1297  * because the server is closing the connection first. */
1298  break;
1299  }
1300  break;
1301  }
1302 
1303  /* The former separate code in gvm_server_close and here
1304  differed in the order the TLS session and socket was closed. The
1305  way we do it here seems to be the right thing but for full
1306  backward compatibility we do it for calls from
1307  gvm_server_close in the old way. We can distinguish the two
1308  modes by the existence of server_credentials. */
1309  if (server_credentials)
1310  {
1311  if (close (server_socket) == -1)
1312  {
1313  g_warning ("%s: failed to close server socket: %s\n", __FUNCTION__,
1314  strerror (errno));
1315  return -1;
1316  }
1317  gnutls_deinit (server_session);
1318  gnutls_certificate_free_credentials (server_credentials);
1319  }
1320  else
1321  {
1322  gnutls_deinit (server_session);
1323  close (server_socket);
1324  }
1325 
1326  gnutls_global_deinit ();
1327 
1328  return 0;
1329 }

Referenced by gvm_connection_free(), and gvm_server_close().

Here is the caller graph for this function:

◆ gvm_server_new()

int gvm_server_new ( unsigned int  end_type,
gchar *  ca_cert_file,
gchar *  cert_file,
gchar *  key_file,
gnutls_session_t *  server_session,
gnutls_certificate_credentials_t *  server_credentials 
)

Make a session for connecting to a server.

Parameters
[in]end_typeConnection end type (GNUTLS_SERVER or GNUTLS_CLIENT).
[in]ca_cert_fileCertificate authority file.
[in]cert_fileCertificate file.
[in]key_fileKey file.
[out]server_sessionThe session with the server.
[out]server_credentialsServer credentials.
Returns
0 on success, -1 on error.

Definition at line 1155 of file serverutils.c.

1158 {
1159  return server_new_internal (end_type, NULL, ca_cert_file, cert_file, key_file,
1160  server_session, server_credentials);
1161 }

References server_new_internal().

Here is the call graph for this function:

◆ gvm_server_new_mem()

int gvm_server_new_mem ( unsigned int  end_type,
const char *  ca_cert,
const char *  pub_key,
const char *  priv_key,
gnutls_session_t *  session,
gnutls_certificate_credentials_t *  credentials 
)

Make a session for connecting to a server, with certificates stored in memory.

Parameters
[in]end_typeConnecton end type: GNUTLS_SERVER or GNUTLS_CLIENT.
[in]ca_certCertificate authority public key.
[in]pub_keyPublic key.
[in]priv_keyPrivate key.
[out]sessionThe session with the server.
[out]credentialsServer credentials.
Returns
0 on success, -1 on error.

Definition at line 1177 of file serverutils.c.

1181 {
1182  if (server_new_gnutls_init (credentials))
1183  return -1;
1184 
1185  if (pub_key && priv_key)
1186  {
1187  int ret;
1188  gnutls_datum_t pub, priv;
1189 
1190  pub.data = (void *) pub_key;
1191  pub.size = strlen (pub_key);
1192  priv.data = (void *) priv_key;
1193  priv.size = strlen (priv_key);
1194 
1195  ret = gnutls_certificate_set_x509_key_mem (*credentials, &pub, &priv,
1196  GNUTLS_X509_FMT_PEM);
1197  if (ret < 0)
1198  {
1199  g_warning ("%s: %s\n", __FUNCTION__, gnutls_strerror (ret));
1200  return -1;
1201  }
1202  }
1203 
1204  if (ca_cert)
1205  {
1206  int ret;
1207  gnutls_datum_t data;
1208 
1209  data.data = (void *) ca_cert;
1210  data.size = strlen (ca_cert);
1211  ret = gnutls_certificate_set_x509_trust_mem (*credentials, &data,
1212  GNUTLS_X509_FMT_PEM);
1213  if (ret < 0)
1214  {
1215  g_warning ("%s: %s\n", __FUNCTION__, gnutls_strerror (ret));
1216  gnutls_certificate_free_credentials (*credentials);
1217  return -1;
1218  }
1219  }
1220 
1221  if (server_new_gnutls_set (end_type, NULL, session, credentials))
1222  {
1223  gnutls_certificate_free_credentials (*credentials);
1224  return -1;
1225  }
1226 
1227  return 0;
1228 }

References server_new_gnutls_init(), and server_new_gnutls_set().

Referenced by gvm_server_open_verify().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_open()

int gvm_server_open ( gnutls_session_t *  session,
const char *  host,
int  port 
)

Connect to the server using a given host and port.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
Returns
0 on success, -1 on error.

Definition at line 493 of file serverutils.c.

494 {
495  return gvm_server_open_with_cert (session, host, port, NULL, NULL, NULL);
496 }

References gvm_server_open_with_cert().

Here is the call graph for this function:

◆ gvm_server_open_verify()

int gvm_server_open_verify ( gnutls_session_t *  session,
const char *  host,
int  port,
const char *  ca_mem,
const char *  pub_mem,
const char *  priv_mem,
int  verify 
)

Connect to the server using a given host, port and cert.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
[in]ca_memCA cert.
[in]pub_memPublic key.
[in]priv_memPrivate key.
[in]verifyWhether to verify.
Returns
0 on success, -1 on error.
Warning
On success we are leaking the credentials. We can't free them because the session only makes a shallow copy.

Definition at line 327 of file serverutils.c.

330 {
331  int ret;
332  int server_socket;
333  struct addrinfo address_hints;
334  struct addrinfo *addresses, *address;
335  gchar *port_string;
336  int host_type;
337 
338  gnutls_certificate_credentials_t credentials;
339 
340  /* Ensure that host and port have sane values. */
341  if (port < 1 || port > 65535)
342  {
343  g_warning ("Failed to create client TLS session. "
344  "Invalid port %d",
345  port);
346  return -1;
347  }
348  host_type = gvm_get_host_type (host);
350  || host_type == HOST_TYPE_IPV6))
351  {
352  g_warning ("Failed to create client TLS session. Invalid host %s", host);
353  return -1;
354  }
355 
359  if (gvm_server_new_mem (GNUTLS_CLIENT, ca_mem, pub_mem, priv_mem, session,
360  &credentials))
361  {
362  g_warning ("Failed to create client TLS session.");
363  return -1;
364  }
365 
366  if (ca_mem && pub_mem && priv_mem)
367  {
368  set_cert_pub_mem (pub_mem);
369  set_cert_priv_mem (priv_mem);
370 
371  gnutls_certificate_set_retrieve_function (credentials,
373  }
374 
375  /* Create the port string. */
376 
377  port_string = g_strdup_printf ("%i", port);
378 
379  /* Get all possible addresses. */
380 
381  memset (&address_hints, 0, sizeof (address_hints));
382  address_hints.ai_family = AF_UNSPEC; /* IPv4 or IPv6. */
383  address_hints.ai_socktype = SOCK_STREAM;
384  address_hints.ai_protocol = 0;
385 
386  if (getaddrinfo (host, port_string, &address_hints, &addresses))
387  {
388  g_free (port_string);
389  g_warning ("Failed to get server addresses for %s: %s", host,
390  gai_strerror (errno));
391  gnutls_deinit (*session);
392  gnutls_certificate_free_credentials (credentials);
393  return -1;
394  }
395  g_free (port_string);
396 
397  /* Try to connect to each address in turn. */
398 
399  for (address = addresses; address; address = address->ai_next)
400  {
401  /* Make server socket. */
402 
403  if (address->ai_family == AF_INET6)
404  server_socket = socket (PF_INET6, SOCK_STREAM, 0);
405  else
406  server_socket = socket (PF_INET, SOCK_STREAM, 0);
407  if (server_socket == -1)
408  {
409  g_warning ("Failed to create server socket");
410  freeaddrinfo (addresses);
411  gnutls_deinit (*session);
412  gnutls_certificate_free_credentials (credentials);
413  return -1;
414  }
415 
416  /* Connect to server. */
417 
418  if (connect (server_socket, address->ai_addr, address->ai_addrlen) == -1)
419  {
420  close (server_socket);
421  continue;
422  }
423  break;
424  }
425 
426  freeaddrinfo (addresses);
427 
428  if (address == NULL)
429  {
430  g_warning ("Failed to connect to server");
431  gnutls_deinit (*session);
432  gnutls_certificate_free_credentials (credentials);
433  return -1;
434  }
435 
436  g_debug (" Connected to server '%s' port %d.", host, port);
437 
438  /* Complete setup of server session. */
439  ret = server_attach_internal (server_socket, session, host, port);
440  if (ret)
441  {
442  if (ret == -2)
443  {
444  close (server_socket);
445  gnutls_deinit (*session);
446  gnutls_certificate_free_credentials (credentials);
447  }
448  close (server_socket);
449  return -1;
450  }
451  if (verify && gvm_server_verify (*session))
452  {
453  close (server_socket);
454  return -1;
455  }
456 
457  return server_socket;
458 }

References address, client_cert_callback(), gvm_get_host_type(), gvm_server_new_mem(), gvm_server_verify(), HOST_TYPE_IPV4, HOST_TYPE_IPV6, HOST_TYPE_NAME, server_attach_internal(), set_cert_priv_mem(), and set_cert_pub_mem().

Referenced by gvm_server_open_with_cert().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_open_with_cert()

int gvm_server_open_with_cert ( gnutls_session_t *  session,
const char *  host,
int  port,
const char *  ca_mem,
const char *  pub_mem,
const char *  priv_mem 
)

Connect to the server using a given host, port and cert.

Verify if all cert args are given.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
[in]ca_memCA cert.
[in]pub_memPublic key.
[in]priv_memPrivate key.
Returns
0 on success, -1 on error.

Definition at line 475 of file serverutils.c.

478 {
479  return gvm_server_open_verify (session, host, port, ca_mem, pub_mem, priv_mem,
480  ca_mem && pub_mem && priv_mem);
481 }

References gvm_server_open_verify().

Referenced by gvm_server_open(), and osp_send_command().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_sendf()

int gvm_server_sendf ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 819 of file serverutils.c.

820 {
821  va_list ap;
822  int rc;
823 
824  va_start (ap, format);
825  rc = gvm_server_vsendf (session, format, ap);
826  va_end (ap);
827  return rc;
828 }

References gvm_server_vsendf().

Referenced by gmp_create_lsc_credential_ext(), gmp_create_target_ext(), gmp_create_task_ext(), gmp_delete_config_ext(), gmp_delete_lsc_credential_ext(), gmp_delete_port_list_ext(), gmp_delete_report(), gmp_delete_target_ext(), gmp_delete_task(), gmp_delete_task_ext(), gmp_get_report_ext(), gmp_get_system_reports(), gmp_get_system_reports_ext(), gmp_get_targets(), gmp_get_task_ext(), gmp_get_tasks(), gmp_get_tasks_ext(), gmp_modify_task_file(), gmp_ping(), gmp_resume_task_report(), gmp_start_task_report(), gmp_stop_task(), and gvm_server_sendf_xml().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_sendf_quiet()

int gvm_server_sendf_quiet ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 859 of file serverutils.c.

860 {
861  va_list ap;
862  int rc;
863 
864  va_start (ap, format);
865  rc = gvm_server_vsendf_quiet (session, format, ap);
866  va_end (ap);
867  return rc;
868 }

References gvm_server_vsendf_quiet().

Referenced by gvm_server_sendf_xml_quiet().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_sendf_xml()

int gvm_server_sendf_xml ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 902 of file serverutils.c.

903 {
904  va_list ap;
905  gchar *msg;
906  int rc;
907 
908  va_start (ap, format);
909  msg = g_markup_vprintf_escaped (format, ap);
910  rc = gvm_server_sendf (session, "%s", msg);
911  g_free (msg);
912  va_end (ap);
913  return rc;
914 }

References gvm_server_sendf().

Referenced by gmp_create_lsc_credential(), gmp_create_lsc_credential_key(), and gmp_create_task().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_sendf_xml_quiet()

int gvm_server_sendf_xml_quiet ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

Definition at line 954 of file serverutils.c.

955 {
956  va_list ap;
957  gchar *msg;
958  int rc;
959 
960  va_start (ap, format);
961  msg = g_markup_vprintf_escaped (format, ap);
962  rc = gvm_server_sendf_quiet (session, "%s", msg);
963  g_free (msg);
964  va_end (ap);
965  return rc;
966 }

References gvm_server_sendf_quiet().

Referenced by gmp_authenticate(), gmp_authenticate_info_ext(), and gmp_create_lsc_credential().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_verify()

int gvm_server_verify ( gnutls_session_t  session)

Verify certificate.

Parameters
[in]sessionPointer to GNUTLS session.
Returns
0 on success, 1 on failure, -1 on error.

Definition at line 130 of file serverutils.c.

131 {
132  unsigned int status;
133  int ret;
134 
135  ret = gnutls_certificate_verify_peers2 (session, &status);
136  if (ret < 0)
137  {
138  g_warning ("%s: failed to verify peers: %s", __FUNCTION__,
139  gnutls_strerror (ret));
140  return -1;
141  }
142 
143  if (status & GNUTLS_CERT_INVALID)
144  g_warning ("%s: the certificate is not trusted", __FUNCTION__);
145 
146  if (status & GNUTLS_CERT_SIGNER_NOT_CA)
147  g_warning ("%s: the certificate's issuer is not a CA", __FUNCTION__);
148 
149  if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
150  g_warning ("%s: the certificate was signed using an insecure algorithm",
151  __FUNCTION__);
152 
153  if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
154  g_warning ("%s: the certificate hasn't got a known issuer", __FUNCTION__);
155 
156  if (status & GNUTLS_CERT_REVOKED)
157  g_warning ("%s: the certificate has been revoked", __FUNCTION__);
158 
159  if (status & GNUTLS_CERT_EXPIRED)
160  g_warning ("%s: the certificate has expired", __FUNCTION__);
161 
162  if (status & GNUTLS_CERT_NOT_ACTIVATED)
163  g_warning ("%s: the certificate is not yet activated", __FUNCTION__);
164 
165  if (status)
166  return 1;
167 
168  return 0;
169 }

Referenced by gvm_server_open_verify().

Here is the caller graph for this function:

◆ gvm_server_vsendf()

int gvm_server_vsendf ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 743 of file serverutils.c.

744 {
745  return gvm_server_vsendf_internal (session, fmt, ap, 0);
746 }

References gvm_server_vsendf_internal().

Referenced by gvm_server_sendf().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_server_vsendf_internal()

static int gvm_server_vsendf_internal ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap,
int  quiet 
)
static

Send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
[in]quietWhether to log debug and info messages. Useful for hiding passwords.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 605 of file serverutils.c.

607 {
608  char *sref, *string;
609  int rc = 0, left;
610 
611  left = vasprintf (&string, fmt, ap);
612  if (left == -1)
613  string = NULL;
614 
615  sref = string;
616  while (left > 0)
617  {
618  ssize_t count;
619 
620  if (quiet == 0)
621  g_debug (" send %d from %.*s[...]", left, left < 30 ? left : 30,
622  string);
623  count = gnutls_record_send (*session, string, left);
624  if (count < 0)
625  {
626  if (count == GNUTLS_E_INTERRUPTED)
627  /* Interrupted, try write again. */
628  continue;
629  if (count == GNUTLS_E_REHANDSHAKE)
630  {
631  /* \todo Rehandshake. */
632  if (quiet == 0)
633  g_message (" %s rehandshake", __FUNCTION__);
634  continue;
635  }
636  g_warning ("Failed to write to server: %s", gnutls_strerror (count));
637  rc = -1;
638  goto out;
639  }
640  if (count == 0)
641  {
642  /* Server closed connection. */
643  if (quiet == 0)
644  g_debug ("= server closed");
645  rc = 1;
646  goto out;
647  }
648  if (quiet == 0)
649  g_debug ("=> %.*s", (int) count, string);
650  string += count;
651  left -= count;
652  }
653  if (quiet == 0)
654  g_debug ("=> done");
655 
656 out:
657  g_free (sref);
658  return rc;
659 }

Referenced by gvm_connection_vsendf_internal(), gvm_server_vsendf(), and gvm_server_vsendf_quiet().

Here is the caller graph for this function:

◆ gvm_server_vsendf_quiet()

int gvm_server_vsendf_quiet ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap 
)

Send a string to the server, refraining from logging besides warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 789 of file serverutils.c.

790 {
791  return gvm_server_vsendf_internal (session, fmt, ap, 1);
792 }

References gvm_server_vsendf_internal().

Referenced by gvm_server_sendf_quiet().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ gvm_socket_vsendf()

int gvm_socket_vsendf ( int  socket,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]socketSocket to send string through.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 758 of file serverutils.c.

759 {
760  return unix_vsendf_internal (socket, fmt, ap, 0);
761 }

References unix_vsendf_internal().

Here is the call graph for this function:

◆ load_gnutls_file()

int load_gnutls_file ( const char *  file,
gnutls_datum_t *  loaded_file 
)

Loads a file's data into gnutls_datum_t struct.

Parameters
[in]fileFile to load.
[out]loaded_fileDestination to load file into.
Returns
0 if success, -1 if error.

Definition at line 180 of file serverutils.c.

181 {
182  FILE *f = NULL;
183  int64_t filelen;
184  void *ptr;
185 
186  if (!(f = fopen (file, "r")) || fseek (f, 0, SEEK_END) != 0
187  || (filelen = ftell (f)) < 0 || fseek (f, 0, SEEK_SET) != 0
188  || !(ptr = g_malloc0 ((size_t) filelen))
189  || fread (ptr, 1, (size_t) filelen, f) < (size_t) filelen)
190  {
191  if (f)
192  fclose (f);
193  return -1;
194  }
195 
196  loaded_file->data = ptr;
197  loaded_file->size = filelen;
198  fclose (f);
199  return 0;
200 }

Referenced by set_gnutls_dhparams().

Here is the caller graph for this function:

◆ server_attach_internal()

static int server_attach_internal ( int  socket,
gnutls_session_t *  session,
const char *  host,
int  port 
)
static

Attach a socket to a session, and shake hands with the peer.

Parameters
[in]socketSocket.
[in]sessionPointer to GNUTLS session.
[in]hostNULL or the name of the host for diagnostics
[in]portPort number for diagnostics; only used if host is not NULL
Returns
0 on success, -1 on general error, -2 if the TLS handshake failed.

Definition at line 537 of file serverutils.c.

539 {
540  unsigned int retries;
541 
542  gnutls_transport_set_ptr (*session,
543  (gnutls_transport_ptr_t) GSIZE_TO_POINTER (socket));
544 
545  retries = 0;
546  while (1)
547  {
548  int ret = gnutls_handshake (*session);
549  if (ret >= 0)
550  break;
551  if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
552  {
553  if (retries > 10)
554  usleep (MIN ((retries - 10) * 10000, 5000000));
555  retries++;
556  continue;
557  }
558  if (host)
559  g_debug ("Failed to shake hands with server '%s' port %d: %s", host,
560  port, gnutls_strerror (ret));
561  else
562  g_debug ("Failed to shake hands with peer: %s", gnutls_strerror (ret));
563  if (shutdown (socket, SHUT_RDWR) == -1)
564  g_debug ("Failed to shutdown server socket");
565  return -2;
566  }
567  if (host)
568  g_debug (" Shook hands with server '%s' port %d.", host, port);
569  else
570  g_debug (" Shook hands with peer.");
571 
572  return 0;
573 }

Referenced by gvm_server_attach(), and gvm_server_open_verify().

Here is the caller graph for this function:

◆ server_new_gnutls_init()

static int server_new_gnutls_init ( gnutls_certificate_credentials_t *  server_credentials)
static

Initialize a server session.

Parameters
[in]server_credentialsCredentials to be allocated.
Returns
0 on success, -1 on error.

Definition at line 1002 of file serverutils.c.

1003 {
1004  /* Turn off use of /dev/random, as this can block. */
1005  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
1006 
1007  /* Initialize security library. */
1008  if (gnutls_global_init ())
1009  {
1010  g_warning ("Failed to initialize GNUTLS.");
1011  return -1;
1012  }
1013  /* Setup server session. */
1014  if (gnutls_certificate_allocate_credentials (server_credentials))
1015  {
1016  g_warning ("%s: failed to allocate server credentials\n", __FUNCTION__);
1017  return -1;
1018  }
1019  return 0;
1020 }

Referenced by gvm_server_new_mem(), and server_new_internal().

Here is the caller graph for this function:

◆ server_new_gnutls_set()

static int server_new_gnutls_set ( unsigned int  end_type,
const char *  priority,
gnutls_session_t *  server_session,
gnutls_certificate_credentials_t *  server_credentials 
)
static

Set the server credencials.

Parameters
[in]end_typeConnection end type.
[in]priorityTLS priority to be set. If no one is given, NORMAL is default.
[in]server_sessionGNUTLS session.
[in]server_credentialsCredentials to be set.
Returns
0 on success, -1 on error.

Definition at line 1032 of file serverutils.c.

1035 {
1036  int err_gnutls;
1037 
1038  if (gnutls_init (server_session, end_type))
1039  {
1040  g_warning ("%s: failed to initialise server session\n", __FUNCTION__);
1041  return -1;
1042  }
1043 
1044  /* Depending on gnutls version different priority strings are
1045  possible. At least from 3.0 this is an option:
1046  "NONE:+VERS-TLS1.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL"
1047  But in fact this function is only for internal
1048  purposes, not for scanning abilities. So, the conservative "NORMAL"
1049  is chosen.
1050  */
1051 
1052  if ((err_gnutls = gnutls_priority_set_direct (
1053  *server_session, priority ? priority : "NORMAL", NULL)))
1054  {
1055  g_warning ("%s: failed to set tls priorities: %s\n", __FUNCTION__,
1056  gnutls_strerror (err_gnutls));
1057  gnutls_deinit (*server_session);
1058  return -1;
1059  }
1060 
1061  if (gnutls_credentials_set (*server_session, GNUTLS_CRD_CERTIFICATE,
1062  *server_credentials))
1063  {
1064  g_warning ("%s: failed to set server credentials\n", __FUNCTION__);
1065  gnutls_deinit (*server_session);
1066  return -1;
1067  }
1068 
1069  if (end_type == GNUTLS_SERVER)
1070  gnutls_certificate_server_set_request (*server_session,
1071  GNUTLS_CERT_REQUEST);
1072  return 0;
1073 }

Referenced by gvm_server_new_mem(), and server_new_internal().

Here is the caller graph for this function:

◆ server_new_internal()

static int server_new_internal ( unsigned int  end_type,
const char *  priority,
const gchar *  ca_cert_file,
const gchar *  cert_file,
const gchar *  key_file,
gnutls_session_t *  server_session,
gnutls_certificate_credentials_t *  server_credentials 
)
static

Make a session for connecting to a server.

Parameters
[in]end_typeConnection end type (GNUTLS_SERVER or GNUTLS_CLIENT).
[in]priorityCustom priority string or NULL.
[in]ca_cert_fileCertificate authority file.
[in]cert_fileCertificate file.
[in]key_fileKey file.
[out]server_sessionThe session with the server.
[out]server_credentialsServer credentials.
Returns
0 on success, -1 on error.

Definition at line 1090 of file serverutils.c.

1094 {
1095  if (server_new_gnutls_init (server_credentials))
1096  return -1;
1097 
1098  if (cert_file && key_file)
1099  {
1100  int ret;
1101 
1102  ret = gnutls_certificate_set_x509_key_file (
1103  *server_credentials, cert_file, key_file, GNUTLS_X509_FMT_PEM);
1104  if (ret < 0)
1105  {
1106  g_warning ("%s: failed to set credentials key file: %s\n",
1107  __FUNCTION__, gnutls_strerror (ret));
1108  g_warning ("%s: cert file: %s\n", __FUNCTION__, cert_file);
1109  g_warning ("%s: key file : %s\n", __FUNCTION__, key_file);
1110  gnutls_certificate_free_credentials (*server_credentials);
1111  return -1;
1112  }
1113  }
1114 
1115  if (ca_cert_file)
1116  {
1117  int ret;
1118 
1119  ret = gnutls_certificate_set_x509_trust_file (
1120  *server_credentials, ca_cert_file, GNUTLS_X509_FMT_PEM);
1121  if (ret < 0)
1122  {
1123  g_warning ("%s: failed to set credentials trust file: %s\n",
1124  __FUNCTION__, gnutls_strerror (ret));
1125  g_warning ("%s: trust file: %s\n", __FUNCTION__, ca_cert_file);
1126  gnutls_certificate_free_credentials (*server_credentials);
1127  return -1;
1128  }
1129  }
1130 
1131  if (server_new_gnutls_set (end_type, priority, server_session,
1132  server_credentials))
1133  {
1134  gnutls_certificate_free_credentials (*server_credentials);
1135  return -1;
1136  }
1137 
1138  return 0;
1139 }

References server_new_gnutls_init(), and server_new_gnutls_set().

Referenced by gvm_server_new().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_cert_priv_mem()

static void set_cert_priv_mem ( const char *  data)
static

Save cert_priv_mem with private certificate.

Parameters
[in]dataThe DER or PEM encoded certificate.

Definition at line 234 of file serverutils.c.

235 {
236  if (cert_priv_mem)
237  g_free (cert_priv_mem);
238  cert_priv_mem = g_strdup (data);
239 }

References cert_priv_mem.

Referenced by gvm_server_open_verify().

Here is the caller graph for this function:

◆ set_cert_pub_mem()

static void set_cert_pub_mem ( const char *  data)
static

Save cert_pub_mem with public certificate.

Parameters
[in]dataThe DER or PEM encoded certificate.

Definition at line 222 of file serverutils.c.

223 {
224  if (cert_pub_mem)
225  g_free (cert_pub_mem);
226  cert_pub_mem = g_strdup (data);
227 }

References cert_pub_mem.

Referenced by gvm_server_open_verify().

Here is the caller graph for this function:

◆ set_gnutls_dhparams()

int set_gnutls_dhparams ( gnutls_certificate_credentials_t  creds,
const char *  dhparams_file 
)

Set a gnutls session's Diffie-Hellman parameters.

Parameters
[in]credsGnuTLS credentials.
[in]dhparams_filePath to PEM file containing the DH parameters.
Returns
0 on success, -1 on error.

Definition at line 1239 of file serverutils.c.

1241 {
1242  int ret;
1243  gnutls_datum_t data;
1244 
1245  if (!creds || !dhparams_file)
1246  return -1;
1247 
1248  if (load_gnutls_file (dhparams_file, &data))
1249  return -1;
1250  gnutls_dh_params_t params = g_malloc0 (sizeof (gnutls_dh_params_t));
1251  ret = gnutls_dh_params_import_pkcs3 (params, &data, GNUTLS_X509_FMT_PEM);
1252  unload_gnutls_file (&data);
1253  if (ret)
1254  return -1;
1255  else
1256  gnutls_certificate_set_dh_params (creds, params);
1257  return 0;
1258 }

References load_gnutls_file(), and unload_gnutls_file().

Here is the call graph for this function:

◆ unix_vsendf_internal()

static int unix_vsendf_internal ( int  socket,
const char *  fmt,
va_list  ap,
int  quiet 
)
static

Send a string to the server.

Parameters
[in]socketSocket.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
[in]quietWhether to log debug and info messages. Useful for hiding passwords.
Returns
0 on success, 1 if server closed connection, -1 on error.

Definition at line 673 of file serverutils.c.

674 {
675  char *string_start, *string;
676  int rc = 0, left;
677 
678  left = vasprintf (&string, fmt, ap);
679  if (left == -1)
680  string = NULL;
681 
682  string_start = string;
683  while (left > 0)
684  {
685  ssize_t count;
686 
687  if (quiet == 0)
688  g_debug (" send %d from %.*s[...]", left, left < 30 ? left : 30,
689  string);
690  count = write (socket, string, left);
691  if (count < 0)
692  {
693  if (errno == EINTR || errno == EAGAIN)
694  continue;
695  g_warning ("Failed to write to server: %s", strerror (errno));
696  rc = -1;
697  goto out;
698  }
699  if (quiet == 0)
700  g_debug ("=> %.*s", (int) count, string);
701 
702  string += count;
703  left -= count;
704  }
705  if (quiet == 0)
706  g_debug ("=> done");
707 
708 out:
709  g_free (string_start);
710  return rc;
711 }

Referenced by gvm_connection_vsendf_internal(), and gvm_socket_vsendf().

Here is the caller graph for this function:

◆ unload_gnutls_file()

void unload_gnutls_file ( gnutls_datum_t *  data)

Unloads a gnutls_datum_t struct's data.

Parameters
[in]dataPointer to gnutls_datum_t struct to be unloaded.

Definition at line 208 of file serverutils.c.

209 {
210  if (data)
211  g_free (data->data);
212 }

Referenced by set_gnutls_dhparams().

Here is the caller graph for this function:

Variable Documentation

◆ address

struct sockaddr_in address

Server address.

Definition at line 57 of file serverutils.c.

Referenced by gvm_server_open_verify().

◆ cert_priv_mem

char* cert_priv_mem = NULL
static

Definition at line 215 of file serverutils.c.

Referenced by get_cert_priv_mem(), and set_cert_priv_mem().

◆ cert_pub_mem

char* cert_pub_mem = NULL
static

Definition at line 214 of file serverutils.c.

Referenced by get_cert_pub_mem(), and set_cert_pub_mem().

gvm_server_new_mem
int gvm_server_new_mem(unsigned int end_type, const char *ca_cert, const char *pub_key, const char *priv_key, gnutls_session_t *session, gnutls_certificate_credentials_t *credentials)
Make a session for connecting to a server, with certificates stored in memory.
Definition: serverutils.c:1177
gvm_server_verify
int gvm_server_verify(gnutls_session_t session)
Verify certificate.
Definition: serverutils.c:130
unload_gnutls_file
void unload_gnutls_file(gnutls_datum_t *data)
Unloads a gnutls_datum_t struct's data.
Definition: serverutils.c:208
gvm_connection_sendf
int gvm_connection_sendf(gvm_connection_t *connection, const char *format,...)
Format and send a string to the server.
Definition: serverutils.c:839
server_new_internal
static int server_new_internal(unsigned int, const char *, const gchar *, const gchar *, const gchar *, gnutls_session_t *, gnutls_certificate_credentials_t *)
Make a session for connecting to a server.
Definition: serverutils.c:1090
HOST_TYPE_IPV6
@ HOST_TYPE_IPV6
Definition: hosts.h:43
server_attach_internal
static int server_attach_internal(int, gnutls_session_t *, const char *, int)
Attach a socket to a session, and shake hands with the peer.
Definition: serverutils.c:537
close_unix
static int close_unix(gvm_connection_t *client_connection)
Close UNIX socket connection.
Definition: serverutils.c:76
unix_vsendf_internal
static int unix_vsendf_internal(int socket, const char *fmt, va_list ap, int quiet)
Send a string to the server.
Definition: serverutils.c:673
server_new_gnutls_init
static int server_new_gnutls_init(gnutls_certificate_credentials_t *server_credentials)
Initialize a server session.
Definition: serverutils.c:1002
HOST_TYPE_IPV4
@ HOST_TYPE_IPV4
Definition: hosts.h:39
gvm_get_host_type
int gvm_get_host_type(const gchar *str_stripped)
Determines the host type in a buffer.
Definition: hosts.c:768
gvm_server_open_with_cert
int gvm_server_open_with_cert(gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem)
Connect to the server using a given host, port and cert.
Definition: serverutils.c:475
gvm_connection_t::socket
int socket
Socket.
Definition: serverutils.h:46
gvm_server_vsendf_internal
static int gvm_server_vsendf_internal(gnutls_session_t *session, const char *fmt, va_list ap, int quiet)
Send a string to the server.
Definition: serverutils.c:605
cert_pub_mem
static char * cert_pub_mem
Definition: serverutils.c:214
gvm_connection_t::tls
int tls
Whether uses TCP-TLS (vs UNIX socket).
Definition: serverutils.h:45
load_gnutls_file
int load_gnutls_file(const char *file, gnutls_datum_t *loaded_file)
Loads a file's data into gnutls_datum_t struct.
Definition: serverutils.c:180
gvm_server_free
int gvm_server_free(int server_socket, gnutls_session_t server_session, gnutls_certificate_credentials_t server_credentials)
Cleanup a server session.
Definition: serverutils.c:1273
gvm_server_vsendf
int gvm_server_vsendf(gnutls_session_t *session, const char *fmt, va_list ap)
Send a string to the server.
Definition: serverutils.c:743
gvm_server_open_verify
int gvm_server_open_verify(gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem, int verify)
Connect to the server using a given host, port and cert.
Definition: serverutils.c:327
client_cert_callback
static int client_cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t *sign_algos, int sign_algos_length, gnutls_retr2_st *st)
Callback function to be called in order to retrieve the certificate to be used in the handshake.
Definition: serverutils.c:275
gvm_connection_t::credentials
gnutls_certificate_credentials_t credentials
Credentials.
Definition: serverutils.h:48
gvm_connection_vsendf_internal
static int gvm_connection_vsendf_internal(gvm_connection_t *connection, const char *fmt, va_list ap, int quiet)
Send a string to the connection.
Definition: serverutils.c:725
gvm_connection_free
void gvm_connection_free(gvm_connection_t *client_connection)
Free connection.
Definition: serverutils.c:111
get_cert_pub_mem
static const char * get_cert_pub_mem()
Get public certificate from cert_pub_mem.
Definition: serverutils.c:256
gvm_connection_vsendf_quiet
int gvm_connection_vsendf_quiet(gvm_connection_t *connection, const char *fmt, va_list ap)
Send a string to the server, refraining from logging besides warnings.
Definition: serverutils.c:804
gvm_server_vsendf_quiet
int gvm_server_vsendf_quiet(gnutls_session_t *session, const char *fmt, va_list ap)
Send a string to the server, refraining from logging besides warnings.
Definition: serverutils.c:789
cert_priv_mem
static char * cert_priv_mem
Definition: serverutils.c:215
host_type
host_type
Definition: hosts.h:36
server_new_gnutls_set
static int server_new_gnutls_set(unsigned int end_type, const char *priority, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
Set the server credencials.
Definition: serverutils.c:1032
get_cert_priv_mem
static const char * get_cert_priv_mem()
Get private certificate from cert_priv_mem.
Definition: serverutils.c:246
gvm_server_sendf
int gvm_server_sendf(gnutls_session_t *session, const char *format,...)
Format and send a string to the server.
Definition: serverutils.c:819
gvm_server_sendf_quiet
int gvm_server_sendf_quiet(gnutls_session_t *session, const char *format,...)
Format and send a string to the server.
Definition: serverutils.c:859
gvm_connection_sendf_quiet
int gvm_connection_sendf_quiet(gvm_connection_t *connection, const char *format,...)
Format and send a string to the server.
Definition: serverutils.c:879
HOST_TYPE_NAME
@ HOST_TYPE_NAME
Definition: hosts.h:38
address
struct sockaddr_in address
Server address.
Definition: serverutils.c:57
gvm_connection_t::session
gnutls_session_t session
Session.
Definition: serverutils.h:47
gvm_connection_vsendf
int gvm_connection_vsendf(gvm_connection_t *connection, const char *fmt, va_list ap)
Send a string to the server.
Definition: serverutils.c:773
set_cert_priv_mem
static void set_cert_priv_mem(const char *data)
Save cert_priv_mem with private certificate.
Definition: serverutils.c:234
set_cert_pub_mem
static void set_cert_pub_mem(const char *data)
Save cert_pub_mem with public certificate.
Definition: serverutils.c:222