Greenbone Vulnerability Management Libraries  11.0.0
osp.c
Go to the documentation of this file.
1 /* Copyright (C) 2014-2019 Greenbone Networks GmbH
2  *
3  * SPDX-License-Identifier: GPL-2.0-or-later
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  */
19 
25 #include "osp.h"
26 
27 #include "../base/hosts.h" /* for gvm_get_host_type */
28 #include "../util/serverutils.h" /* for gvm_server_close, gvm_server_open_w... */
29 
30 #include <assert.h> /* for assert */
31 #include <gnutls/gnutls.h> /* for gnutls_session_int, gnutls_session_t */
32 #include <stdarg.h> /* for va_list */
33 #include <stdlib.h> /* for NULL, atoi */
34 #include <stdio.h> /* for FILE, fprintf and related functions */
35 #include <string.h> /* for strcmp, strlen, strncpy */
36 #include <sys/socket.h> /* for AF_UNIX, connect, socket, SOCK_STREAM */
37 #include <sys/un.h> /* for sockaddr_un, sa_family_t */
38 #include <unistd.h> /* for close */
39 
40 #undef G_LOG_DOMAIN
41 
44 #define G_LOG_DOMAIN "lib osp"
45 
50 {
51  gnutls_session_t session;
52  int socket;
53  char *host;
54  int port;
55 };
56 
60 struct osp_param
61 {
62  char *id;
63  char *name;
64  char *desc;
65  char *def;
67  int mandatory;
68 };
69 
74 {
75  gchar *type;
76  gchar *service;
77  gchar *port;
78  GHashTable *auth_data;
79 };
80 
84 struct osp_target
85 {
86  GSList *credentials;
87  gchar *exclude_hosts;
88  gchar *hosts;
89  gchar *ports;
90 };
91 
96 {
97  gchar *filter;
98 };
99 
104 {
105  gchar *vt_id;
106  GHashTable *vt_values;
107 };
108 
109 static int
110 osp_send_command (osp_connection_t *, entity_t *, const char *, ...)
111  __attribute__ ((__format__ (__printf__, 3, 4)));
112 
125 osp_connection_new (const char *host, int port, const char *cacert,
126  const char *cert, const char *key)
127 {
128  osp_connection_t *connection;
129 
130  if (host && *host == '/')
131  {
132  struct sockaddr_un addr;
133  int len;
134 
135  connection = g_malloc0 (sizeof (*connection));
136  connection->socket = socket (AF_UNIX, SOCK_STREAM, 0);
137  if (connection->socket == -1)
138  return NULL;
139 
140  addr.sun_family = AF_UNIX;
141  strncpy (addr.sun_path, host, sizeof (addr.sun_path) - 1);
142  len = strlen (addr.sun_path) + sizeof (addr.sun_family);
143  if (connect (connection->socket, (struct sockaddr *) &addr, len) == -1)
144  {
145  close (connection->socket);
146  return NULL;
147  }
148  }
149  else
150  {
151  if (port <= 0 || port > 65535)
152  return NULL;
153  if (!host || gvm_get_host_type (host) == -1)
154  return NULL;
155  if (!cert || !key || !cacert)
156  return NULL;
157 
158  connection = g_malloc0 (sizeof (*connection));
159  connection->socket = gvm_server_open_with_cert (
160  &connection->session, host, port, cacert, cert, key);
161  }
162  if (connection->socket == -1)
163  {
164  g_free (connection);
165  return NULL;
166  }
167 
168  connection->host = g_strdup (host);
169  connection->port = port;
170  return connection;
171 }
172 
182 int
183 osp_send_command (osp_connection_t *connection, entity_t *response,
184  const char *fmt, ...)
185 {
186  va_list ap;
187  int rc = 1;
188 
189  va_start (ap, fmt);
190 
191  if (!connection || !fmt || !response)
192  goto out;
193 
194  if (*connection->host == '/')
195  {
196  if (gvm_socket_vsendf (connection->socket, fmt, ap) == -1)
197  goto out;
198  if (read_entity_s (connection->socket, response))
199  goto out;
200  }
201  else
202  {
203  if (gvm_server_vsendf (&connection->session, fmt, ap) == -1)
204  goto out;
205  if (read_entity (&connection->session, response))
206  goto out;
207  }
208 
209  rc = 0;
210 
211 out:
212  va_end (ap);
213 
214  return rc;
215 }
216 
222 void
224 {
225  if (!connection)
226  return;
227 
228  if (*connection->host == '/')
229  close (connection->socket);
230  else
231  gvm_server_close (connection->socket, connection->session);
232  g_free (connection->host);
233  g_free (connection);
234 }
235 
249 int
250 osp_get_version (osp_connection_t *connection, char **s_name, char **s_version,
251  char **d_name, char **d_version, char **p_name,
252  char **p_version)
253 {
254  entity_t entity, child, gchild;
255 
256  if (!connection)
257  return 1;
258 
259  if (osp_send_command (connection, &entity, "<get_version/>"))
260  return 1;
261 
262  child = entity_child (entity, "scanner");
263  if (!child)
264  goto err_get_version;
265  gchild = entity_child (child, "name");
266  if (!gchild)
267  goto err_get_version;
268  if (s_name)
269  *s_name = g_strdup (entity_text (gchild));
270  gchild = entity_child (child, "version");
271  if (!gchild)
272  goto err_get_version;
273  if (s_version)
274  *s_version = g_strdup (entity_text (gchild));
275 
276  child = entity_child (entity, "daemon");
277  if (!child)
278  goto err_get_version;
279  gchild = entity_child (child, "name");
280  if (!gchild)
281  goto err_get_version;
282  if (d_name)
283  *d_name = g_strdup (entity_text (gchild));
284  gchild = entity_child (child, "version");
285  if (!gchild)
286  goto err_get_version;
287  if (d_version)
288  *d_version = g_strdup (entity_text (gchild));
289 
290  child = entity_child (entity, "protocol");
291  if (!child)
292  goto err_get_version;
293  gchild = entity_child (child, "name");
294  if (!gchild)
295  goto err_get_version;
296  if (p_name)
297  *p_name = g_strdup (entity_text (gchild));
298  gchild = entity_child (child, "version");
299  if (!gchild)
300  goto err_get_version;
301  if (p_version)
302  *p_version = g_strdup (entity_text (gchild));
303 
304  free_entity (entity);
305  return 0;
306 
307 err_get_version:
308  g_warning ("Erroneous OSP <get_version/> response.");
309  if (s_name)
310  g_free (*s_name);
311  if (s_version)
312  g_free (*s_version);
313  if (d_name)
314  g_free (*d_name);
315  if (d_version)
316  g_free (*d_version);
317  if (p_name)
318  g_free (*p_name);
319  if (p_version)
320  g_free (*p_version);
321  free_entity (entity);
322  return 1;
323 }
324 
333 int
334 osp_get_vts_version (osp_connection_t *connection, char **vts_version)
335 {
336  entity_t entity, vts, version;
337 
338  if (!connection)
339  return 1;
340 
341  if (osp_send_command (connection, &entity, "<get_version/>"))
342  return 1;
343 
344  vts = entity_child (entity, "vts");
345  if (!vts)
346  {
347  g_warning ("%s: element VTS missing.", __FUNCTION__);
348  free_entity (entity);
349  return 1;
350  }
351 
352  version = entity_child (vts, "version");
353  if (!version)
354  {
355  g_warning ("%s: element VERSION missing.", __FUNCTION__);
356  free_entity (entity);
357  return 1;
358  }
359 
360  if (vts_version)
361  *vts_version = g_strdup (entity_text (version));
362 
363  free_entity (entity);
364  return 0;
365 }
366 
375 int
377 {
378  if (!connection)
379  return 1;
380 
381  if (vts == NULL)
382  return 1;
383 
384  if (osp_send_command (connection, vts, "<get_vts/>"))
385  return 1;
386 
387  return 0;
388 }
389 
399 int
401 {
402  if (!connection)
403  return 1;
404 
405  if (vts == NULL)
406  return 1;
407 
408  if (opts.filter)
409  {
410  if (osp_send_command (connection, vts, "<get_vts filter='%s'/>", opts.filter))
411  return 1;
412  return 0;
413  }
414 
415  if (osp_send_command (connection, vts, "<get_vts/>"))
416  return 1;
417  return 0;
418 }
419 
428 int
429 osp_delete_scan (osp_connection_t *connection, const char *scan_id)
430 {
431  entity_t entity;
432  int ret = 0;
433  const char *status;
434 
435  if (!connection)
436  return 1;
437 
438  ret = osp_send_command (connection, &entity, "<delete_scan scan_id='%s'/>",
439  scan_id);
440  if (ret)
441  return 1;
442 
443  /* Check response status. */
444  status = entity_attribute (entity, "status");
445  assert (status);
446  if (strcmp (status, "200"))
447  ret = 1;
448 
449  free_entity (entity);
450  return ret;
451 }
452 
463 int
465  osp_get_performance_opts_t opts, char **graph,
466  char **error)
467 {
468  entity_t entity;
469  int rc;
470  time_t now;
471 
472  if (!connection)
473  {
474  if (error)
475  *error = g_strdup ("Couldn't send get_performance command "
476  "to scanner. Not valid connection");
477  return -1;
478  }
479 
480  time (&now);
481 
482  if (!opts.titles || !strcmp (opts.titles, "") || opts.start < 0
483  || opts.start > now || opts.end < 0 || opts.end > now)
484  {
485  if (error)
486  *error = g_strdup ("Couldn't send get_performance command "
487  "to scanner. Bad or missing parameters.");
488  return -1;
489  }
490 
491  rc = osp_send_command (connection, &entity,
492  "<get_performance start='%d' "
493  "end='%d' titles='%s'/>",
494  opts.start, opts.end, opts.titles);
495 
496  if (rc)
497  {
498  if (error)
499  *error = g_strdup ("Couldn't send get_performance command to scanner");
500  return -1;
501  }
502 
503  if (graph && entity_text (entity) && strcmp (entity_text (entity), "\0"))
504  *graph = g_strdup (entity_text (entity));
505  else
506  {
507  const char *text = entity_attribute (entity, "status_text");
508 
509  assert (text);
510  if (error)
511  *error = g_strdup (text);
512  free_entity (entity);
513  return -1;
514  }
515 
516  free_entity (entity);
517  return 0;
518 }
519 
531  osp_get_scan_status_opts_t opts, char **error)
532 {
533  entity_t entity, child;
534  int rc;
536 
537  if (!connection)
538  {
539  if (error)
540  *error = g_strdup ("Couldn't send get_scans command "
541  "to scanner. Not valid connection");
542  return status;
543  }
544 
545  assert (opts.scan_id);
546  rc = osp_send_command (connection, &entity,
547  "<get_scans scan_id='%s'"
548  " details='0'"
549  " pop_results='0'/>",
550  opts.scan_id);
551 
552  if (rc)
553  {
554  if (error)
555  *error = g_strdup ("Couldn't send get_scans command to scanner");
556  return status;
557  }
558 
559  child = entity_child (entity, "scan");
560  if (!child)
561  {
562  const char *text = entity_attribute (entity, "status_text");
563 
564  assert (text);
565  if (error)
566  *error = g_strdup (text);
567  free_entity (entity);
568  return status;
569  }
570 
571  if (!strcmp (entity_attribute (child, "status"), "init"))
572  status = OSP_SCAN_STATUS_INIT;
573  else if (!strcmp (entity_attribute (child, "status"), "running"))
574  status = OSP_SCAN_STATUS_RUNNING;
575  else if (!strcmp (entity_attribute (child, "status"), "stopped"))
576  status = OSP_SCAN_STATUS_STOPPED;
577  else if (!strcmp (entity_attribute (child, "status"), "finished"))
578  status = OSP_SCAN_STATUS_FINISHED;
579 
580  free_entity (entity);
581  return status;
582 }
583 
596 int
597 osp_get_scan_pop (osp_connection_t *connection, const char *scan_id,
598  char **report_xml, int details, int pop_results,
599  char **error)
600 {
601  entity_t entity, child;
602  int progress;
603  int rc;
604 
605  if (!connection)
606  {
607  if (error)
608  *error = g_strdup ("Couldn't send get_scan command "
609  "to scanner. Not valid connection");
610  return -1;
611  }
612  assert (scan_id);
613  rc = osp_send_command (connection, &entity,
614  "<get_scans scan_id='%s'"
615  " details='%d'"
616  " pop_results='%d'/>",
617  scan_id,
618  pop_results ? 1 : 0,
619  details ? 1 : 0);
620  if (rc)
621  {
622  if (error)
623  *error = g_strdup ("Couldn't send get_scans command to scanner");
624  return -1;
625  }
626 
627  child = entity_child (entity, "scan");
628  if (!child)
629  {
630  const char *text = entity_attribute (entity, "status_text");
631 
632  assert (text);
633  if (error)
634  *error = g_strdup (text);
635  free_entity (entity);
636  return -1;
637  }
638  progress = atoi (entity_attribute (child, "progress"));
639  if (report_xml)
640  {
641  GString *string;
642 
643  string = g_string_new ("");
644  print_entity_to_string (child, string);
645  *report_xml = g_string_free (string, FALSE);
646  }
647  free_entity (entity);
648  return progress;
649 }
650 
662 int
663 osp_get_scan (osp_connection_t *connection, const char *scan_id,
664  char **report_xml, int details, char **error)
665 {
666  return osp_get_scan_pop (connection, scan_id, report_xml, details, 0, error);
667 }
668 
678 int
679 osp_stop_scan (osp_connection_t *connection, const char *scan_id, char **error)
680 {
681  entity_t entity;
682  int rc;
683 
684  if (!connection)
685  {
686  if (error)
687  *error = g_strdup ("Couldn't send stop_scan command "
688  "to scanner. Not valid connection");
689  return -1;
690  }
691  assert (scan_id);
692  rc = osp_send_command (connection, &entity, "<stop_scan scan_id='%s'/>",
693  scan_id);
694  if (rc)
695  {
696  if (error)
697  *error = g_strdup ("Couldn't send stop_scan command to scanner");
698  return -1;
699  }
700 
701  rc = atoi (entity_attribute (entity, "status"));
702  if (rc == 200)
703  {
704  free_entity (entity);
705  return 0;
706  }
707  else
708  {
709  const char *text = entity_attribute (entity, "status_text");
710 
711  assert (text);
712  if (error)
713  *error = g_strdup (text);
714  free_entity (entity);
715  return -1;
716  }
717 }
718 
727 static void
728 option_concat_as_xml (gpointer key, gpointer value, gpointer pstr)
729 {
730  char *options_str, *tmp, *key_escaped, *value_escaped;
731 
732  options_str = *(char **) pstr;
733 
734  key_escaped = g_markup_escape_text ((char *) key, -1);
735  value_escaped = g_markup_escape_text ((char *) value, -1);
736  tmp = g_strdup_printf ("%s<%s>%s</%s>", options_str ? options_str : "",
737  key_escaped, value_escaped, key_escaped);
738 
739  g_free (options_str);
740  g_free (key_escaped);
741  g_free (value_escaped);
742  *(char **) pstr = tmp;
743 }
744 
757 int
758 osp_start_scan (osp_connection_t *connection, const char *target,
759  const char *ports, GHashTable *options, const char *scan_id,
760  char **error)
761 {
762  entity_t entity;
763  char *options_str = NULL;
764  int status;
765  int rc;
766 
767  if (!connection)
768  {
769  if (error)
770  *error = g_strdup ("Couldn't send start_scan command "
771  "to scanner. Not valid connection");
772  return -1;
773  }
774 
775  assert (target);
776  /* Construct options string. */
777  if (options)
778  g_hash_table_foreach (options, option_concat_as_xml, &options_str);
779 
780  rc = osp_send_command (connection, &entity,
781  "<start_scan target='%s' ports='%s' scan_id='%s'>"
782  "<scanner_params>%s</scanner_params></start_scan>",
783  target, ports ? ports : "", scan_id ? scan_id : "",
784  options_str ? options_str : "");
785  g_free (options_str);
786  if (rc)
787  {
788  if (error)
789  *error = g_strdup ("Couldn't send start_scan command to scanner");
790  return -1;
791  }
792 
793  status = atoi (entity_attribute (entity, "status"));
794  if (status == 200)
795  {
796  free_entity (entity);
797  return 0;
798  }
799  else
800  {
801  const char *text = entity_attribute (entity, "status_text");
802 
803  assert (text);
804  if (error)
805  *error = g_strdup (text);
806  free_entity (entity);
807  return -1;
808  }
809 }
810 
818 static void
820  GString *xml_string)
821 
822 {
823  GHashTableIter auth_data_iter;
824  gchar *auth_data_name, *auth_data_value;
825 
826  xml_string_append (xml_string,
827  "<credential type=\"%s\" service=\"%s\" port=\"%s\">",
828  credential->type ? credential->type : "",
829  credential->service ? credential->service : "",
830  credential->port ? credential->port : "");
831 
832  g_hash_table_iter_init (&auth_data_iter, credential->auth_data);
833  while (g_hash_table_iter_next (&auth_data_iter,
834  (gpointer*)&auth_data_name,
835  (gpointer*)&auth_data_value))
836  {
837  xml_string_append (xml_string,
838  "<%s>%s</%s>",
839  auth_data_name,
840  auth_data_value,
841  auth_data_name);
842  }
843 
844  xml_string_append (xml_string, "</credential>");
845 }
846 
854 static void
855 target_append_as_xml (osp_target_t *target, GString *xml_string)
856 {
857  xml_string_append (xml_string,
858  "<target>"
859  "<hosts>%s</hosts>"
860  "<exclude_hosts>%s</exclude_hosts>"
861  "<ports>%s</ports>",
862  target->hosts ? target->hosts : "",
863  target->exclude_hosts ? target->exclude_hosts : "",
864  target->ports ? target->ports : "");
865 
866  if (target->credentials)
867  {
868  g_string_append (xml_string, "<credentials>");
869  g_slist_foreach (target->credentials,
870  (GFunc) credential_append_as_xml,
871  xml_string);
872  g_string_append (xml_string, "</credentials>");
873  }
874  xml_string_append (xml_string,
875  "</target>");
876 }
877 
884 static void vt_group_append_as_xml (osp_vt_group_t *vt_group,
885  GString *xml_string)
886 {
887  xml_string_append (xml_string,
888  "<vt_group filter=\"%s\"/>",
889  vt_group->filter);
890 }
891 
900 static void
901 vt_value_append_as_xml (gpointer id, gchar *value, GString *xml_string)
902 {
903  xml_string_append (xml_string,
904  "<vt_value id=\"%s\">%s</vt_value>",
905  id ? id : "",
906  value ? value : "");
907 }
908 
915 static void vt_single_append_as_xml (osp_vt_single_t *vt_single,
916  GString *xml_string)
917 {
918  xml_string_append (xml_string,
919  "<vt_single id=\"%s\">",
920  vt_single->vt_id);
921  g_hash_table_foreach (vt_single->vt_values,
922  (GHFunc) vt_value_append_as_xml,
923  xml_string);
924  xml_string_append (xml_string, "</vt_single>");
925 }
926 
927 
937 int
940  char **error)
941 {
942  gchar *scanner_params_xml = NULL;
943  GString *xml;
944  GSList *list_item;
945  int list_count;
946  int rc, status;
947  entity_t entity;
948  gchar *cmd;
949  char filename[] = "/tmp/osp-cmd-XXXXXX";
950  int fd;
951 
952  if (!connection)
953  {
954  if (error)
955  *error = g_strdup ("Couldn't send start_scan command "
956  "to scanner. Not valid connection");
957  return -1;
958  }
959 
960  fd = mkstemp (filename);
961  FILE *file = fdopen (fd, "w");
962 
963  xml = g_string_sized_new (10240);
964  g_string_append (xml, "<start_scan");
965  if (opts.parallel)
966  xml_string_append (xml, " parallel=\"%d\"", opts.parallel);
967  xml_string_append (xml,
968  " scan_id=\"%s\">",
969  opts.scan_id ? opts.scan_id : "");
970 
971  g_string_append (xml, "<targets>");
972  g_slist_foreach (opts.targets, (GFunc) target_append_as_xml, xml);
973  g_string_append (xml, "</targets>");
974 
975  g_string_append (xml, "<scanner_params>");
976  if (opts.scanner_params)
977  {
978  scanner_params_xml = NULL;
979  g_hash_table_foreach (opts.scanner_params,
980  (GHFunc) option_concat_as_xml,
981  &scanner_params_xml);
982  if (scanner_params_xml)
983  g_string_append (xml, scanner_params_xml);
984  g_free (scanner_params_xml);
985  }
986  g_string_append (xml, "</scanner_params>");
987 
988  g_string_append (xml, "<vt_selection>");
989  g_slist_foreach (opts.vt_groups, (GFunc)vt_group_append_as_xml, xml);
990 
991  fprintf (file, "%s", xml->str);
992 
993  g_string_free (xml, TRUE);
994 
995  xml = g_string_new ("");
996  list_item = opts.vts;
997  list_count = 0;
998  while (list_item)
999  {
1000  list_count ++;
1001  vt_single_append_as_xml (list_item->data, xml);
1002 
1003  list_item = list_item->next;
1004 
1005  if (list_count == 1000)
1006  {
1007  fprintf (file, "%s", xml->str);
1008 
1009  g_string_free (xml, TRUE);
1010  xml = g_string_new ("");
1011  list_count = 0;
1012  }
1013  }
1014 
1015  g_string_append (xml, "</vt_selection>");
1016  g_string_append (xml, "</start_scan>");
1017 
1018  fprintf (file, "%s", xml->str);
1019  fflush (file);
1020  fclose (file);
1021  g_string_free (xml, TRUE);
1022 
1023  g_file_get_contents (filename, &cmd, NULL, NULL);
1024 
1025  rc = osp_send_command (connection, &entity, "%s", cmd);
1026 
1027  g_free (cmd);
1028  unlink (filename);
1029 
1030  if (rc)
1031  {
1032  if (error)
1033  *error = g_strdup ("Could not send start_scan command to scanner");
1034  return -1;
1035  }
1036 
1037  status = atoi (entity_attribute (entity, "status"));
1038  if (status == 200)
1039  {
1040  free_entity (entity);
1041  return 0;
1042  }
1043  else
1044  {
1045  const char *text = entity_attribute (entity, "status_text");
1046 
1047  assert (text);
1048  if (error)
1049  *error = g_strdup (text);
1050  free_entity (entity);
1051  return -1;
1052  }
1053 
1054  if (error)
1055  *error = NULL;
1056  free_entity (entity);
1057  return 0;
1058 }
1059 
1067 static osp_param_type_t
1068 osp_param_str_to_type (const char *str)
1069 {
1070  assert (str);
1071  if (!strcmp (str, "integer"))
1072  return OSP_PARAM_TYPE_INT;
1073  else if (!strcmp (str, "string"))
1074  return OSP_PARAM_TYPE_STR;
1075  else if (!strcmp (str, "password"))
1076  return OSP_PARAM_TYPE_PASSWORD;
1077  else if (!strcmp (str, "file"))
1078  return OSP_PARAM_TYPE_FILE;
1079  else if (!strcmp (str, "boolean"))
1080  return OSP_PARAM_TYPE_BOOLEAN;
1081  else if (!strcmp (str, "ovaldef_file"))
1083  else if (!strcmp (str, "selection"))
1084  return OSP_PARAM_TYPE_SELECTION;
1085  else if (!strcmp (str, "credential_up"))
1086  return OSP_PARAM_TYPE_CRD_UP;
1087  assert (0);
1088  return 0;
1089 }
1090 
1098 const char *
1100 {
1101  osp_param_type_t type;
1102 
1103  assert (param);
1104  type = param->type;
1105  if (type == OSP_PARAM_TYPE_INT)
1106  return "integer";
1107  else if (type == OSP_PARAM_TYPE_STR)
1108  return "string";
1109  else if (type == OSP_PARAM_TYPE_PASSWORD)
1110  return "password";
1111  else if (type == OSP_PARAM_TYPE_FILE)
1112  return "file";
1113  else if (type == OSP_PARAM_TYPE_BOOLEAN)
1114  return "boolean";
1115  else if (type == OSP_PARAM_TYPE_OVALDEF_FILE)
1116  return "ovaldef_file";
1117  else if (type == OSP_PARAM_TYPE_SELECTION)
1118  return "selection";
1119  else if (type == OSP_PARAM_TYPE_CRD_UP)
1120  return "credential_up";
1121  assert (0);
1122  return NULL;
1123 }
1124 
1134 int
1135 osp_get_scanner_details (osp_connection_t *connection, char **desc,
1136  GSList **params)
1137 {
1138  entity_t entity, child;
1139  entities_t entities;
1140 
1141  assert (connection);
1142 
1143  if (osp_send_command (connection, &entity, "<get_scanner_details/>"))
1144  return 1;
1145  if (params)
1146  {
1147  child = entity_child (entity, "scanner_params");
1148  if (!child)
1149  {
1150  free_entity (entity);
1151  return 1;
1152  }
1153  entities = child->entities;
1154  while (entities)
1155  {
1156  osp_param_t *param;
1157 
1158  child = entities->data;
1159  param = osp_param_new ();
1160  param->id = g_strdup (entity_attribute (child, "id"));
1161  param->type =
1162  osp_param_str_to_type (entity_attribute (child, "type"));
1163  param->name = g_strdup (entity_text (entity_child (child, "name")));
1164  param->desc =
1165  g_strdup (entity_text (entity_child (child, "description")));
1166  param->def = g_strdup (entity_text (entity_child (child, "default")));
1167  if (entity_child (child, "mandatory"))
1168  param->mandatory =
1169  atoi (entity_text (entity_child (child, "mandatory")));
1170  *params = g_slist_append (*params, param);
1171  entities = next_entities (entities);
1172  }
1173  }
1174  if (desc)
1175  {
1176  child = entity_child (entity, "description");
1177  assert (child);
1178  *desc = g_strdup (entity_text (child));
1179  }
1180 
1181  free_entity (entity);
1182  return 0;
1183 }
1184 
1190 osp_param_t *
1192 {
1193  return g_malloc0 (sizeof (osp_param_t));
1194 }
1195 
1203 const char *
1205 {
1206  assert (param);
1207 
1208  return param->id;
1209 }
1210 
1218 const char *
1220 {
1221  assert (param);
1222 
1223  return param->name;
1224 }
1225 
1233 const char *
1235 {
1236  assert (param);
1237 
1238  return param->desc;
1239 }
1240 
1248 const char *
1250 {
1251  assert (param);
1252 
1253  return param->def;
1254 }
1255 
1263 int
1265 {
1266  assert (param);
1267 
1268  return param->mandatory;
1269 }
1270 
1276 void
1278 {
1279  if (!param)
1280  return;
1281  g_free (param->id);
1282  g_free (param->name);
1283  g_free (param->desc);
1284  g_free (param->def);
1285  g_free (param);
1286 }
1287 
1288 
1299 osp_credential_new (const char *type, const char *service, const char *port)
1300 {
1301  osp_credential_t *new_credential;
1302 
1303  new_credential = g_malloc0 (sizeof (osp_credential_t));
1304 
1305  new_credential->type = type ? g_strdup (type) : NULL;
1306  new_credential->service = service ? g_strdup (service) : NULL;
1307  new_credential->port = port ? g_strdup (port) : NULL;
1308  new_credential->auth_data = g_hash_table_new_full (g_str_hash,
1309  g_str_equal,
1310  g_free,
1311  g_free);
1312 
1313  return new_credential;
1314 }
1315 
1321 void
1323 {
1324  if (!credential)
1325  return;
1326 
1327  g_free (credential->type);
1328  g_free (credential->service);
1329  g_free (credential->port);
1330  g_hash_table_destroy (credential->auth_data);
1331  g_free (credential);
1332 }
1333 
1342 const gchar *
1344  const char *name)
1345 {
1346  if (credential == NULL || name == NULL)
1347  return NULL;
1348  return g_hash_table_lookup (credential->auth_data, name);
1349 }
1350 
1358 void
1360  const char *name,
1361  const char *value)
1362 {
1363  if (credential == NULL || name == NULL)
1364  return;
1365 
1366  if (g_regex_match_simple ("^[[:alpha:]][[:alnum:]_]*$", name, 0, 0))
1367  {
1368  if (value)
1369  g_hash_table_replace (credential->auth_data,
1370  g_strdup (name),
1371  g_strdup (value));
1372  else
1373  g_hash_table_remove (credential->auth_data,
1374  value);
1375  }
1376  else
1377  {
1378  g_warning ("%s: Invalid auth data name: %s", __FUNCTION__, name);
1379  }
1380 }
1381 
1391 osp_target_t *
1392 osp_target_new (const char *hosts,
1393  const char *ports,
1394  const char *exclude_hosts)
1395 {
1396  osp_target_t *new_target;
1397  new_target = g_malloc0 (sizeof (osp_target_t));
1398 
1399  new_target->exclude_hosts = exclude_hosts ? g_strdup (exclude_hosts) : NULL;
1400  new_target->hosts = hosts ? g_strdup (hosts) : NULL;
1401  new_target->ports = ports ? g_strdup (ports) : NULL;
1402 
1403  return new_target;
1404 }
1405 
1411 void
1412 osp_target_free (osp_target_t *target)
1413 {
1414  if (!target)
1415  return;
1416 
1417  g_slist_free_full (target->credentials,
1418  (GDestroyNotify) osp_credential_free);
1419  g_free (target->exclude_hosts);
1420  g_free (target->hosts);
1421  g_free (target->ports);
1422  g_free (target);
1423 }
1424 
1431 void
1433 {
1434  if (!target || !credential)
1435  return;
1436 
1437  target->credentials = g_slist_prepend (target->credentials, credential);
1438 }
1439 
1448 osp_vt_group_new (const char *filter)
1449 {
1450  osp_vt_group_t *new_vt_group;
1451  new_vt_group = g_malloc0 (sizeof (osp_vt_group_t));
1452 
1453  new_vt_group->filter = filter ? g_strdup (filter) : NULL;
1454 
1455  return new_vt_group;
1456 }
1457 
1463 void
1465 {
1466  if (!vt_group)
1467  return;
1468 
1469  g_free (vt_group->filter);
1470  g_free (vt_group);
1471 }
1472 
1481 osp_vt_single_new (const char *vt_id)
1482 {
1483  osp_vt_single_t *new_vt_single;
1484  new_vt_single = g_malloc0 (sizeof (osp_vt_single_t));
1485 
1486  new_vt_single->vt_id = vt_id ? g_strdup (vt_id) : NULL;
1487  new_vt_single->vt_values = g_hash_table_new_full (g_str_hash, g_str_equal,
1488  g_free, g_free);
1489 
1490  return new_vt_single;
1491 }
1492 
1498 void
1500 {
1501  if (!vt_single)
1502  return;
1503 
1504  g_hash_table_destroy (vt_single->vt_values);
1505 
1506  g_free (vt_single->vt_id);
1507  g_free (vt_single);
1508 }
1509 
1518 void
1520  const char *name, const char *value)
1521 {
1522  g_hash_table_replace (vt_single->vt_values,
1523  g_strdup (name),
1524  g_strdup (value));
1525 }
1526 
OSP_SCAN_STATUS_FINISHED
@ OSP_SCAN_STATUS_FINISHED
Definition: osp.h:67
osp_connection::port
int port
Definition: osp.c:54
osp_start_scan_opts_t::parallel
int parallel
Number of parallel scans.
Definition: osp.h:119
vt_value_append_as_xml
static void vt_value_append_as_xml(gpointer id, gchar *value, GString *xml_string)
Append VT values as XML to a string buffer.
Definition: osp.c:901
osp_param_new
osp_param_t * osp_param_new(void)
Create a new OSP parameter.
Definition: osp.c:1191
osp_get_vts_ext
int osp_get_vts_ext(osp_connection_t *connection, osp_get_vts_opts_t opts, entity_t *vts)
Get filtered set of VTs from an OSP server.
Definition: osp.c:400
osp_param::mandatory
int mandatory
Definition: osp.c:67
entity_attribute
const char * entity_attribute(entity_t entity, const char *name)
Get an attribute of an entity.
Definition: xmlutils.c:228
osp_scan_status_t
osp_scan_status_t
OSP scan status.
Definition: osp.h:61
entity_child
entity_t entity_child(entity_t entity, const char *name)
Get a child of an entity.
Definition: xmlutils.c:205
osp_vt_single::vt_id
gchar * vt_id
Definition: osp.c:105
osp_vt_single_add_value
void osp_vt_single_add_value(osp_vt_single_t *, const char *, const char *)
OSP_SCAN_STATUS_RUNNING
@ OSP_SCAN_STATUS_RUNNING
Definition: osp.h:65
OSP_PARAM_TYPE_SELECTION
@ OSP_PARAM_TYPE_SELECTION
Definition: osp.h:54
osp_connection::socket
int socket
Definition: osp.c:52
gvm_server_close
int gvm_server_close(int socket, gnutls_session_t session)
Close a server connection and its socket.
Definition: serverutils.c:507
OSP_PARAM_TYPE_OVALDEF_FILE
@ OSP_PARAM_TYPE_OVALDEF_FILE
Definition: osp.h:53
osp_get_performance_opts_t::end
int end
Definition: osp.h:77
osp_connection_new
osp_connection_t * osp_connection_new(const char *, int, const char *, const char *, const char *)
osp.h
API for Open Scanner Protocol communication.
osp_get_scanner_details
int osp_get_scanner_details(osp_connection_t *connection, char **desc, GSList **params)
Get an OSP scanner's details.
Definition: osp.c:1135
osp_start_scan_opts_t::scanner_params
GHashTable * scanner_params
Table of scanner parameters.
Definition: osp.h:118
osp_target::hosts
gchar * hosts
Definition: osp.c:88
osp_start_scan_ext
int osp_start_scan_ext(osp_connection_t *connection, osp_start_scan_opts_t opts, char **error)
Start an OSP scan against a target.
Definition: osp.c:938
entity_s::entities
entities_t entities
Children.
Definition: xmlutils.h:70
osp_credential::auth_data
GHashTable * auth_data
Definition: osp.c:78
osp_send_command
static int osp_send_command(osp_connection_t *, entity_t *, const char *,...)
Send a command to an OSP server.
Definition: osp.c:110
osp_credential::service
gchar * service
Definition: osp.c:76
entity_text
char * entity_text(entity_t entity)
Get the text an entity.
Definition: xmlutils.c:157
vt_group_append_as_xml
static void vt_group_append_as_xml(osp_vt_group_t *vt_group, GString *xml_string)
Append VT groups as XML to a string buffer.
Definition: osp.c:884
osp_param_free
void osp_param_free(osp_param_t *param)
Free an OSP parameter.
Definition: osp.c:1277
credential_append_as_xml
static void credential_append_as_xml(osp_credential_t *credential, GString *xml_string)
Concatenate a credential as XML.
Definition: osp.c:819
osp_get_scan_status_opts_t::scan_id
const char * scan_id
UUID of the scan which get the status from.
Definition: osp.h:72
osp_credential::port
gchar * port
Definition: osp.c:77
osp_start_scan_opts_t::scan_id
const char * scan_id
UUID to set for scan, null otherwise.
Definition: osp.h:120
osp_param_default
const char * osp_param_default(const osp_param_t *param)
Get an OSP parameter's default value.
Definition: osp.c:1249
read_entity
int read_entity(gnutls_session_t *session, entity_t *entity)
Read an XML entity tree from the manager.
Definition: xmlutils.c:1057
osp_get_scan_status_opts_t
Definition: osp.h:71
osp_get_performance_opts_t::start
int start
Definition: osp.h:76
osp_get_scan_status_ext
osp_scan_status_t osp_get_scan_status_ext(osp_connection_t *connection, osp_get_scan_status_opts_t opts, char **error)
Get a scan status from an OSP server.
Definition: osp.c:530
osp_param_mandatory
int osp_param_mandatory(const osp_param_t *param)
Get an OSP parameter's mandatory value.
Definition: osp.c:1264
free_entity
void free_entity(entity_t entity)
Free an entity, recursively.
Definition: xmlutils.c:127
osp_start_scan_opts_t
Definition: osp.h:114
OSP_PARAM_TYPE_PASSWORD
@ OSP_PARAM_TYPE_PASSWORD
Definition: osp.h:50
osp_vt_group_free
void osp_vt_group_free(osp_vt_group_t *)
OSP_PARAM_TYPE_FILE
@ OSP_PARAM_TYPE_FILE
Definition: osp.h:51
xml_string_append
void xml_string_append(GString *xml, const char *format,...)
Append formatted escaped XML to a string.
Definition: xmlutils.c:1432
osp_credential_new
osp_credential_t * osp_credential_new(const char *type, const char *service, const char *port)
Allocate and initialize a new OSP credential.
Definition: osp.c:1299
osp_get_vts_opts_t::filter
char * filter
the filter to apply for a vt sub-selection.
Definition: osp.h:104
OSP_PARAM_TYPE_BOOLEAN
@ OSP_PARAM_TYPE_BOOLEAN
Definition: osp.h:52
next_entities
entities_t next_entities(entities_t entities)
Return all the entities from an entities_t after the first.
Definition: xmlutils.c:79
osp_start_scan_opts_t::vt_groups
GSList * vt_groups
VT groups to use for the scan.
Definition: osp.h:116
osp_vt_single_free
void osp_vt_single_free(osp_vt_single_t *)
OSP_SCAN_STATUS_ERROR
@ OSP_SCAN_STATUS_ERROR
Definition: osp.h:63
osp_target_free
void osp_target_free(osp_target_t *)
gvm_get_host_type
int gvm_get_host_type(const gchar *str_stripped)
Determines the host type in a buffer.
Definition: hosts.c:768
gvm_server_open_with_cert
int gvm_server_open_with_cert(gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem)
Connect to the server using a given host, port and cert.
Definition: serverutils.c:475
osp_get_vts
int osp_get_vts(osp_connection_t *connection, entity_t *vts)
Get all VTs from an OSP server.
Definition: osp.c:376
osp_param_type_str
const char * osp_param_type_str(const osp_param_t *param)
Get an OSP parameter in string format form its type.
Definition: osp.c:1099
target_append_as_xml
static void target_append_as_xml(osp_target_t *target, GString *xml_string)
Concatenate a target as XML.
Definition: osp.c:855
osp_delete_scan
int osp_delete_scan(osp_connection_t *connection, const char *scan_id)
Delete a scan from an OSP server.
Definition: osp.c:429
osp_get_version
int osp_get_version(osp_connection_t *connection, char **s_name, char **s_version, char **d_name, char **d_version, char **p_name, char **p_version)
Get the scanner version from an OSP server.
Definition: osp.c:250
osp_param_str_to_type
static osp_param_type_t osp_param_str_to_type(const char *str)
Get an OSP parameter's type from its string format.
Definition: osp.c:1068
osp_connection::session
gnutls_session_t session
Definition: osp.c:51
osp_credential::type
gchar * type
Definition: osp.c:75
osp_get_scan_pop
int osp_get_scan_pop(osp_connection_t *connection, const char *scan_id, char **report_xml, int details, int pop_results, char **error)
Get a scan from an OSP server, optionally removing the results.
Definition: osp.c:597
gvm_server_vsendf
int gvm_server_vsendf(gnutls_session_t *session, const char *fmt, va_list ap)
Send a string to the server.
Definition: serverutils.c:743
osp_param
Struct holding options for OSP parameters.
Definition: osp.c:60
osp_param::type
osp_param_type_t type
Definition: osp.c:66
osp_param::name
char * name
Definition: osp.c:63
osp_connection::host
char * host
Definition: osp.c:53
osp_param_desc
const char * osp_param_desc(const osp_param_t *param)
Get an OSP parameter's description.
Definition: osp.c:1234
osp_get_performance_opts_t::titles
char * titles
Definition: osp.h:78
OSP_PARAM_TYPE_CRD_UP
@ OSP_PARAM_TYPE_CRD_UP
Definition: osp.h:55
osp_connection_close
void osp_connection_close(osp_connection_t *connection)
Close a connection to an OSP server.
Definition: osp.c:223
osp_credential_set_auth_data
void osp_credential_set_auth_data(osp_credential_t *credential, const char *name, const char *value)
Get authentication data from an OSP credential.
Definition: osp.c:1359
OSP_PARAM_TYPE_STR
@ OSP_PARAM_TYPE_STR
Definition: osp.h:49
osp_credential_free
void osp_credential_free(osp_credential_t *credential)
Free an OSP credential.
Definition: osp.c:1322
osp_vt_single_new
osp_vt_single_t * osp_vt_single_new(const char *)
osp_param::def
char * def
Definition: osp.c:65
osp_vt_single::vt_values
GHashTable * vt_values
Definition: osp.c:106
osp_target::ports
gchar * ports
Definition: osp.c:89
OSP_SCAN_STATUS_INIT
@ OSP_SCAN_STATUS_INIT
Definition: osp.h:64
osp_get_vts_version
int osp_get_vts_version(osp_connection_t *connection, char **vts_version)
Get the VTs version from an OSP server.
Definition: osp.c:334
osp_get_vts_opts_t
Definition: osp.h:103
osp_target_new
osp_target_t * osp_target_new(const char *, const char *, const char *)
option_concat_as_xml
static void option_concat_as_xml(gpointer key, gpointer value, gpointer pstr)
Concatenate options as xml.
Definition: osp.c:728
osp_target::exclude_hosts
gchar * exclude_hosts
Definition: osp.c:87
entity_s
XML element.
Definition: xmlutils.h:65
osp_param_type_t
osp_param_type_t
OSP parameter types.
Definition: osp.h:46
osp_param::id
char * id
Definition: osp.c:62
osp_target::credentials
GSList * credentials
Definition: osp.c:86
OSP_PARAM_TYPE_INT
@ OSP_PARAM_TYPE_INT
Definition: osp.h:48
gvm_socket_vsendf
int gvm_socket_vsendf(int socket, const char *fmt, va_list ap)
Send a string to the server.
Definition: serverutils.c:758
osp_credential
Struct credential information for OSP.
Definition: osp.c:73
read_entity_s
int read_entity_s(int socket, entity_t *entity)
Read an XML entity tree from the socket.
Definition: xmlutils.c:1071
osp_start_scan_opts_t::targets
GSList * targets
Target hosts to scan.
Definition: osp.h:115
osp_start_scan
int osp_start_scan(osp_connection_t *connection, const char *target, const char *ports, GHashTable *options, const char *scan_id, char **error)
Start an OSP scan against a target.
Definition: osp.c:758
osp_param_name
const char * osp_param_name(const osp_param_t *param)
Get an OSP parameter's name.
Definition: osp.c:1219
osp_vt_single
Struct holding vt_group information.
Definition: osp.c:103
vt_single_append_as_xml
static void vt_single_append_as_xml(osp_vt_single_t *vt_single, GString *xml_string)
Append single VTs as XML to a string buffer.
Definition: osp.c:915
print_entity_to_string
void print_entity_to_string(entity_t entity, GString *string)
Print an XML entity tree to a GString, appending it if string is not.
Definition: xmlutils.c:1197
osp_target
Struct holding target information.
Definition: osp.c:84
OSP_SCAN_STATUS_STOPPED
@ OSP_SCAN_STATUS_STOPPED
Definition: osp.h:66
osp_get_performance_opts_t
Definition: osp.h:75
osp_stop_scan
int osp_stop_scan(osp_connection_t *connection, const char *scan_id, char **error)
Stop a scan on an OSP server.
Definition: osp.c:679
osp_connection
Struct holding options for OSP connection.
Definition: osp.c:49
osp_param_id
const char * osp_param_id(const osp_param_t *param)
Get an OSP parameter's id.
Definition: osp.c:1204
osp_get_performance_ext
int osp_get_performance_ext(osp_connection_t *connection, osp_get_performance_opts_t opts, char **graph, char **error)
Get performance graphics from an OSP server.
Definition: osp.c:464
osp_vt_group::filter
gchar * filter
Definition: osp.c:97
osp_start_scan_opts_t::vts
GSList * vts
Single VTs to use for the scan.
Definition: osp.h:117
osp_vt_group_new
osp_vt_group_t * osp_vt_group_new(const char *)
osp_credential_get_auth_data
const gchar * osp_credential_get_auth_data(osp_credential_t *credential, const char *name)
Get authentication data from an OSP credential.
Definition: osp.c:1343
osp_vt_group
Struct holding vt_group information.
Definition: osp.c:95
osp_target_add_credential
void osp_target_add_credential(osp_target_t *, osp_credential_t *)
entities_t
GSList * entities_t
Entities.
Definition: xmlutils.h:60
osp_param::desc
char * desc
Definition: osp.c:64
osp_get_scan
int osp_get_scan(osp_connection_t *connection, const char *scan_id, char **report_xml, int details, char **error)
Get a scan from an OSP server.
Definition: osp.c:663