OpenVAS Scanner  7.0.1~git
attack.c File Reference

Launches the plugins, and manages multithreading. More...

#include "attack.h"
#include "../misc/network.h"
#include "../misc/nvt_categories.h"
#include "../misc/pcap_openvas.h"
#include "../nasl/nasl_debug.h"
#include "hosts.h"
#include "pluginlaunch.h"
#include "pluginload.h"
#include "pluginscheduler.h"
#include "plugs_req.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <gvm/base/hosts.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <gvm/base/proctitle.h>
#include <gvm/util/nvticache.h>
#include <stdlib.h>
#include <string.h>
#include <sys/wait.h>
#include <unistd.h>
Include dependency graph for attack.c:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  attack_start_args
 

Macros

#define ERR_HOST_DEAD   -1
 
#define ERR_CANT_FORK   -2
 
#define MAX_FORK_RETRIES   10
 
#define KB_RETRY_DELAY   3 /*In sec*/
 
#define PROGRESS_BAR_STYLE   1
 
#define G_LOG_DOMAIN   "sd main"
 GLib log domain. More...
 

Enumerations

enum  net_scan_status { NSS_NONE = 0, NSS_BUSY, NSS_DONE }
 

Functions

static int set_kb_readable (int host_kb_index)
 Add the Host KB index to the list of readable KBs used by ospd-openvas. More...
 
static void set_scan_status (char *status)
 Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly. More...
 
static int comm_send_status (kb_t kb, char *hostname, int curr, int max)
 Sends the status of a host's scan. More...
 
static void error_message_to_client2 (kb_t kb, const char *msg, const char *port)
 
static void report_kb_failure (int errcode)
 
static void fork_sleep (int n)
 
static enum net_scan_status network_scan_status (struct scan_globals *globals)
 
static int scan_is_stopped ()
 
static int nvti_category_is_safe (int category)
 Checks that an NVT category is safe. More...
 
static int get_check_new_vhosts_flag ()
 Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily. More...
 
static void set_check_new_vhosts_flag ()
 Set global check_new_vhosts_flag to indicate that new vhosts must be fetched. More...
 
static void unset_check_new_vhosts_flag ()
 Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched. More...
 
static void check_new_vhosts ()
 Check if a plugin process pushed a new vhost value. More...
 
static int launch_plugin (struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb)
 Launches a nvt. Respects safe check preference (i.e. does not try. More...
 
static int kb_duplicate (kb_t dst, kb_t src, const gchar *filter)
 
static kb_t init_host_kb (struct scan_globals *globals, char *ip_str, kb_t *network_kb)
 Inits or loads the knowledge base for a single host. More...
 
static void attack_host (struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb)
 Attack one host. More...
 
static int host_authorized (const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
 
static char * vhosts_to_str (GSList *list)
 
static int check_host_authorization (gvm_host_t *host, const struct in6_addr *addr, kb_t kb)
 
static void attack_start (struct attack_start_args *args)
 Set up some data and jump into attack_host() More...
 
static void apply_hosts_preferences (gvm_hosts_t *hosts)
 
static int str_in_comma_list (const char *str, const char *comma_list)
 
static int iface_authorized (const char *iface)
 
static int apply_source_iface_preference ()
 
static int check_kb_access ()
 
static void handle_scan_stop_signal ()
 
void attack_network (struct scan_globals *globals, kb_t *network_kb)
 Attack a whole network. More...
 

Variables

int global_scan_stop = 0
 
static kb_t host_kb = NULL
 
static GSList * host_vhosts = NULL
 
static int check_new_vhosts_flag = 0
 

Detailed Description

Launches the plugins, and manages multithreading.

Definition in file attack.c.

Macro Definition Documentation

◆ ERR_CANT_FORK

#define ERR_CANT_FORK   -2

Definition at line 56 of file attack.c.

◆ ERR_HOST_DEAD

#define ERR_HOST_DEAD   -1

Definition at line 55 of file attack.c.

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "sd main"

GLib log domain.

Definition at line 76 of file attack.c.

◆ KB_RETRY_DELAY

#define KB_RETRY_DELAY   3 /*In sec*/

Wait KB_RETRY_DELAY seconds until trying again to get a new kb.

Definition at line 62 of file attack.c.

◆ MAX_FORK_RETRIES

#define MAX_FORK_RETRIES   10

Definition at line 58 of file attack.c.

◆ PROGRESS_BAR_STYLE

#define PROGRESS_BAR_STYLE   1

It switches progress bar styles. If set to 1, time oriented style and it take into account only alive host. If set to 0, it not reflect progress adequately in case of dead host, which will take into account with 0% processed, producing jumps in the process bar.

Definition at line 70 of file attack.c.

Enumeration Type Documentation

◆ net_scan_status

Enumerator
NSS_NONE 
NSS_BUSY 
NSS_DONE 

Definition at line 91 of file attack.c.

92 {
93  NSS_NONE = 0,
94  NSS_BUSY,
95  NSS_DONE,
96 };

Function Documentation

◆ apply_hosts_preferences()

static void apply_hosts_preferences ( gvm_hosts_t *  hosts)
static

Definition at line 800 of file attack.c.

801 {
802  const char *ordering = prefs_get ("hosts_ordering"),
803  *exclude_hosts = prefs_get ("exclude_hosts");
804 
805  if (hosts == NULL)
806  return;
807 
808  /* Hosts ordering strategy: sequential, random, reversed... */
809  if (ordering)
810  {
811  if (!strcmp (ordering, "random"))
812  {
813  gvm_hosts_shuffle (hosts);
814  g_debug ("hosts_ordering: Random.");
815  }
816  else if (!strcmp (ordering, "reverse"))
817  {
818  gvm_hosts_reverse (hosts);
819  g_debug ("hosts_ordering: Reverse.");
820  }
821  }
822  else
823  g_debug ("hosts_ordering: Sequential.");
824 
825  /* Exclude hosts ? */
826  if (exclude_hosts)
827  {
828  /* Exclude hosts, resolving hostnames. */
829  int ret = gvm_hosts_exclude (hosts, exclude_hosts);
830 
831  if (ret > 0)
832  g_message ("exclude_hosts: Skipped %d host(s).", ret);
833  if (ret < 0)
834  g_message ("exclude_hosts: Error.");
835  }
836 
837  /* Reverse-lookup unify ? */
838  if (prefs_get_bool ("reverse_lookup_unify"))
839  g_debug ("reverse_lookup_unify: Skipped %d host(s).",
840  gvm_hosts_reverse_lookup_unify (hosts));
841 
842  /* Hosts that reverse-lookup only ? */
843  if (prefs_get_bool ("reverse_lookup_only"))
844  g_debug ("reverse_lookup_only: Skipped %d host(s).",
845  gvm_hosts_reverse_lookup_only (hosts));
846 }

References hosts.

Referenced by attack_network().

Here is the caller graph for this function:

◆ apply_source_iface_preference()

static int apply_source_iface_preference ( )
static

Definition at line 914 of file attack.c.

915 {
916  const char *source_iface = prefs_get ("source_iface");
917  int ret;
918 
919  if (source_iface == NULL)
920  return 0;
921 
922  ret = iface_authorized (source_iface);
923  if (ret == -1)
924  {
925  gchar *msg =
926  g_strdup_printf ("Unauthorized source interface: %s", source_iface);
927  g_warning ("source_iface: Unauthorized source interface %s.",
928  source_iface);
929 
930  g_free (msg);
931  return -1;
932  }
933  else if (ret == -2)
934  {
935  gchar *msg = g_strdup_printf ("Unauthorized source interface: %s"
936  " (system-wide restriction.)",
937  source_iface);
938  g_warning ("source_iface: Unauthorized source interface %s."
939  " (sys_* preference restriction.)",
940  source_iface);
941 
942  g_free (msg);
943  return -1;
944  }
945 
946  if (gvm_source_iface_init (source_iface))
947  {
948  gchar *msg =
949  g_strdup_printf ("Erroneous source interface: %s", source_iface);
950  g_debug ("source_iface: Error with %s interface.", source_iface);
951 
952  g_free (msg);
953  return -2;
954  }
955  else
956  {
957  char *ipstr, *ip6str;
958  ipstr = gvm_source_addr_str ();
959  ip6str = gvm_source_addr6_str ();
960  g_debug ("source_iface: Using %s (%s / %s).", source_iface, ipstr,
961  ip6str);
962 
963  g_free (ipstr);
964  g_free (ip6str);
965  return 0;
966  }
967 }

References iface_authorized().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_host()

static void attack_host ( struct scan_globals globals,
struct in6_addr *  ip,
GSList *  vhosts,
plugins_scheduler_t  sched,
kb_t  kb,
kb_t *  net_kb 
)
static

Attack one host.

Definition at line 526 of file attack.c.

528 {
529  /* Used for the status */
530  int num_plugs, forks_retry = 0;
531  char ip_str[INET6_ADDRSTRLEN];
532 
533  addr6_to_str (ip, ip_str);
535  host_kb = kb;
536  host_vhosts = vhosts;
537  kb_item_set_str (kb, "internal/ip", ip_str, 0);
538  kb_item_set_int (kb, "internal/hostpid", getpid ());
539  proctitle_set ("openvas: testing %s", ip_str);
540  if (net_kb && *net_kb)
541  {
542  kb_delete (kb);
543  kb = init_host_kb (globals, ip_str, net_kb);
544  if (kb == NULL)
545  return;
546  }
547  kb_lnk_reset (kb);
548 
549  /* launch the plugins */
550  pluginlaunch_init (ip_str);
551  num_plugs = plugins_scheduler_count_active (sched);
552  for (;;)
553  {
554  struct scheduler_plugin *plugin;
555  pid_t parent;
556 
557  /* Check that our father is still alive */
558  parent = getppid ();
559  if (parent <= 1 || process_alive (parent) == 0)
560  {
562  return;
563  }
564 
565  if (scan_is_stopped ())
566  plugins_scheduler_stop (sched);
567  plugin = plugins_scheduler_next (sched);
568  if (plugin != NULL && plugin != PLUG_RUNNING)
569  {
570  int e;
571  static int last_status = 0, cur_plug = 0;
572 
573  again:
574  e = launch_plugin (globals, plugin, ip, host_vhosts, kb);
575  if (e < 0)
576  {
577  /*
578  * Remote host died
579  */
580  if (e == ERR_HOST_DEAD)
581  {
582  char buffer[2048];
583  snprintf (
584  buffer, sizeof (buffer),
585  "LOG||| |||general/Host_Details||| |||<host><detail>"
586  "<name>Host dead</name><value>1</value><source>"
587  "<description/><type/><name/></source></detail></host>");
588 #if (PROGRESS_BAR_STYLE == 1)
589  /* In case of a dead host, it sends max_ports = -1 to the
590  manager. The host will not be taken into account to
591  calculate the scan progress. */
592  comm_send_status (kb, ip_str, 0, -1);
593 #endif
594  kb_item_push_str (kb, "internal/results", buffer);
595  goto host_died;
596  }
597  else if (e == ERR_CANT_FORK)
598  {
599  if (forks_retry < MAX_FORK_RETRIES)
600  {
601  forks_retry++;
602  g_debug ("fork() failed - sleeping %d seconds (%s)",
603  forks_retry, strerror (errno));
604  fork_sleep (forks_retry);
605  goto again;
606  }
607  else
608  {
609  g_debug ("fork() failed too many times - aborting");
610  goto host_died;
611  }
612  }
613  }
614 
615  if ((cur_plug * 100) / num_plugs >= last_status
616  && !scan_is_stopped ())
617  {
618  last_status = (cur_plug * 100) / num_plugs + 2;
619  if (comm_send_status (kb, ip_str, cur_plug, num_plugs) < 0)
620  {
622  goto host_died;
623  }
624  }
625  cur_plug++;
626  }
627  else if (plugin == NULL)
628  break;
630  }
631 
632  pluginlaunch_wait (kb);
633  if (!scan_is_stopped ())
634  comm_send_status (kb, ip_str, num_plugs, num_plugs);
635 
636 host_died:
638  plugins_scheduler_free (sched);
639 }

References comm_send_status(), ERR_CANT_FORK, ERR_HOST_DEAD, fork_sleep(), host_kb, host_vhosts, init_host_kb(), launch_plugin(), MAX_FORK_RETRIES, openvas_signal, PLUG_RUNNING, pluginlaunch_init(), pluginlaunch_stop(), pluginlaunch_wait(), pluginlaunch_wait_for_free_process(), plugins_scheduler_count_active(), plugins_scheduler_free(), plugins_scheduler_next(), plugins_scheduler_stop(), process_alive(), scan_is_stopped(), and set_check_new_vhosts_flag().

Referenced by attack_start().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_network()

void attack_network ( struct scan_globals globals,
kb_t *  network_kb 
)

Attack a whole network.

Definition at line 1008 of file attack.c.

1009 {
1010  int max_hosts = 0, max_checks;
1011  const char *hostlist;
1012  gvm_host_t *host;
1013  plugins_scheduler_t sched;
1014  int fork_retries = 0;
1015  GHashTable *files;
1016  struct timeval then, now;
1017  gvm_hosts_t *hosts;
1018  const gchar *network_targets, *port_range;
1019  gboolean network_phase = FALSE;
1020  gboolean do_network_scan = FALSE;
1021  kb_t host_kb;
1022  GSList *unresolved;
1023 
1024  gettimeofday (&then, NULL);
1025 
1026  if (prefs_get_bool ("network_scan"))
1027  do_network_scan = TRUE;
1028  else
1029  do_network_scan = FALSE;
1030 
1031  network_targets = prefs_get ("network_targets");
1032  if (network_targets != NULL)
1033  globals->network_targets = g_strdup (network_targets);
1034 
1035  if (do_network_scan)
1036  {
1037  enum net_scan_status nss;
1038 
1039  nss = network_scan_status (globals);
1040  switch (nss)
1041  {
1042  case NSS_DONE:
1043  network_phase = FALSE;
1044  break;
1045 
1046  case NSS_BUSY:
1047  network_phase = TRUE;
1048  break;
1049 
1050  default:
1051  globals->network_scan_status = g_strdup ("busy");
1052  network_phase = TRUE;
1053  break;
1054  }
1055  }
1056  else
1057  network_kb = NULL;
1058 
1059  if (check_kb_access ())
1060  return;
1061 
1062  /* Init and check Target List */
1063  hostlist = prefs_get ("TARGET");
1064  if (hostlist == NULL)
1065  {
1066  return;
1067  }
1068 
1069  /* Verify the port range is a valid one */
1070  port_range = prefs_get ("port_range");
1071  if (validate_port_range (port_range))
1072  {
1073  return;
1074  }
1075 
1076  /* Initialize the attack. */
1077  int plugins_init_error = 0;
1078  sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1079  prefs_get_bool ("auto_enable_dependencies"),
1080  network_phase, &plugins_init_error);
1081  if (!sched)
1082  {
1083  g_message ("Couldn't initialize the plugin scheduler");
1084  return;
1085  }
1086 
1087  if (plugins_init_error > 0)
1088  {
1089  char buf[96];
1090  int i = atoi (prefs_get ("ov_maindbid"));
1091  kb_t main_kb = NULL;
1092 
1093  sprintf (buf,
1094  "%d errors were found during the plugin scheduling. "
1095  "Some plugins have not been launched.",
1096  plugins_init_error);
1097 
1098  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
1099  error_message_to_client2 (main_kb, buf, NULL);
1100  kb_lnk_reset (main_kb);
1101  }
1102 
1103  max_hosts = get_max_hosts_number ();
1104  max_checks = get_max_checks_number ();
1105 
1106  if (network_phase)
1107  {
1108  if (network_targets == NULL)
1109  {
1110  g_warning (
1111  "WARNING: In network phase, but without targets! Stopping.");
1112  host = NULL;
1113  }
1114  else
1115  {
1116  int rc;
1117 
1118  g_message ("Start a new scan. Target(s) : %s, "
1119  "in network phase with target %s",
1120  hostlist, network_targets);
1121 
1122  rc = kb_new (network_kb, prefs_get ("db_address"));
1123  if (rc)
1124  {
1125  report_kb_failure (rc);
1126  host = NULL;
1127  }
1128  else
1129  kb_lnk_reset (*network_kb);
1130  }
1131  }
1132  else
1133  g_message ("Starts a new scan. Target(s) : %s, with max_hosts = %d and "
1134  "max_checks = %d",
1135  hostlist, max_hosts, max_checks);
1136 
1137  hosts = gvm_hosts_new (hostlist);
1138  unresolved = gvm_hosts_resolve (hosts);
1139  while (unresolved)
1140  {
1141  g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1142  unresolved = unresolved->next;
1143  }
1144  g_slist_free_full (unresolved, g_free);
1145  /* Apply Hosts preferences. */
1147 
1148  /* Don't start if the provided interface is unauthorized. */
1149  if (apply_source_iface_preference () != 0)
1150  {
1151  gvm_hosts_free (hosts);
1152  return;
1153  }
1154  host = gvm_hosts_next (hosts);
1155  if (host == NULL)
1156  goto stop;
1157  hosts_init (max_hosts);
1158  /*
1159  * Start the attack !
1160  */
1162  while (host && !scan_is_stopped ())
1163  {
1164  int pid, rc;
1165  struct attack_start_args args;
1166  char *host_str;
1167 
1168  do
1169  {
1170  rc = kb_new (&host_kb, prefs_get ("db_address"));
1171  if (rc < 0 && rc != -2)
1172  {
1173  report_kb_failure (rc);
1174  goto scan_stop;
1175  }
1176  else if (rc == -2)
1177  {
1178  sleep (KB_RETRY_DELAY);
1179  continue;
1180  }
1181  break;
1182  }
1183  while (1);
1184 
1185  host_str = gvm_host_value_str (host);
1186  if (hosts_new (host_str, host_kb) < 0)
1187  {
1188  g_free (host_str);
1189  goto scan_stop;
1190  }
1191 
1192  if (scan_is_stopped ())
1193  {
1194  g_free (host_str);
1195  continue;
1196  }
1197  args.host = host;
1198  args.globals = globals;
1199  args.sched = sched;
1200  args.net_kb = network_kb;
1201  args.host_kb = host_kb;
1202 
1203  forkagain:
1205  /* Close child process' socket. */
1206  if (pid < 0)
1207  {
1208  fork_retries++;
1209  if (fork_retries > MAX_FORK_RETRIES)
1210  {
1211  /* Forking failed - we go to the wait queue. */
1212  g_debug ("fork() failed - %s. %s won't be tested",
1213  strerror (errno), host_str);
1214  g_free (host_str);
1215  goto stop;
1216  }
1217 
1218  g_debug ("fork() failed - "
1219  "sleeping %d seconds and trying again...",
1220  fork_retries);
1221  fork_sleep (fork_retries);
1222  goto forkagain;
1223  }
1224  hosts_set_pid (host_str, pid);
1225  if (network_phase)
1226  g_message ("Testing %s (network level) [%d]", network_targets, pid);
1227 
1228  if (network_phase)
1229  {
1230  host = NULL;
1231  globals->network_scan_status = g_strdup ("done");
1232  }
1233  else
1234  host = gvm_hosts_next (hosts);
1235  g_free (host_str);
1236  }
1237 
1238  /* Every host is being tested... We have to wait for the processes
1239  * to terminate. */
1240  while (hosts_read () == 0)
1241  ;
1242  g_message ("Test complete");
1243 
1244 scan_stop:
1245  /* Free the memory used by the files uploaded by the user, if any. */
1246  files = globals->files_translation;
1247  if (files)
1248  g_hash_table_destroy (files);
1249 
1250 stop:
1251 
1252  gvm_hosts_free (hosts);
1253  g_free (globals->network_scan_status);
1254  g_free (globals->network_targets);
1255 
1257 
1258  gettimeofday (&now, NULL);
1259  g_message ("Total time to scan all hosts : %ld seconds",
1260  now.tv_sec - then.tv_sec);
1261 
1262  if (do_network_scan && network_phase && !scan_is_stopped ())
1263  attack_network (globals, network_kb);
1264  else
1265  set_scan_status ("finished");
1266 }

References apply_hosts_preferences(), apply_source_iface_preference(), attack_network(), attack_start(), check_kb_access(), create_process(), error_message_to_client2(), scan_globals::files_translation, fork_sleep(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, attack_start_args::host_kb, host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), KB_RETRY_DELAY, MAX_FORK_RETRIES, attack_start_args::net_kb, scan_globals::network_scan_status, network_scan_status(), scan_globals::network_targets, network_targets(), NSS_BUSY, NSS_DONE, openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_is_stopped(), attack_start_args::sched, set_scan_status(), and timeval().

Referenced by attack_network(), and handle_client().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ attack_start()

static void attack_start ( struct attack_start_args args)
static

Set up some data and jump into attack_host()

Definition at line 740 of file attack.c.

741 {
742  struct scan_globals *globals = args->globals;
743  char ip_str[INET6_ADDRSTRLEN], *hostnames;
744  struct in6_addr hostip;
745  struct timeval then;
746  kb_t *net_kb = args->net_kb, kb = args->host_kb;
747  int ret;
748 
749  nvticache_reset ();
750  kb_lnk_reset (kb);
751  gettimeofday (&then, NULL);
752 
753  kb_item_set_str (kb, "internal/scan_id", globals->scan_id, 0);
754  set_kb_readable (kb_get_kb_index (kb));
755 
756  /* The reverse lookup is delayed to this step in order to not slow down the
757  * main scan process eg. case of target with big range of IP addresses. */
758  if (prefs_get_bool ("expand_vhosts"))
759  gvm_host_add_reverse_lookup (args->host);
760  if ((ret = gvm_vhosts_exclude (args->host, prefs_get ("exclude_hosts"))) > 0)
761  g_message ("exclude_hosts: Skipped %d vhost(s).", ret);
762  gvm_host_get_addr6 (args->host, &hostip);
763  addr6_to_str (&hostip, ip_str);
764  if (check_host_authorization (args->host, &hostip, kb))
765  {
766  g_warning ("Host %s access denied.", ip_str);
767  return;
768  }
769  if (prefs_get_bool ("test_empty_vhost"))
770  {
771  gvm_vhost_t *vhost =
772  gvm_vhost_new (g_strdup (ip_str), g_strdup ("IP-address"));
773  args->host->vhosts = g_slist_prepend (args->host->vhosts, vhost);
774  }
775  hostnames = vhosts_to_str (args->host->vhosts);
776  if (hostnames)
777  g_message ("Testing %s (Vhosts: %s) [%d]", ip_str, hostnames, getpid ());
778  else
779  g_message ("Testing %s [%d]", ip_str, getpid ());
780  g_free (hostnames);
781  attack_host (globals, &hostip, args->host->vhosts, args->sched, kb, net_kb);
782 
783  if (!scan_is_stopped ())
784  {
785  struct timeval now;
786 
787  gettimeofday (&now, NULL);
788  if (now.tv_usec < then.tv_usec)
789  {
790  then.tv_sec++;
791  now.tv_usec += 1000000;
792  }
793  g_message ("Finished testing %s. Time : %ld.%.2ld secs", ip_str,
794  (long) (now.tv_sec - then.tv_sec),
795  (long) ((now.tv_usec - then.tv_usec) / 10000));
796  }
797 }

References attack_host(), check_host_authorization(), attack_start_args::globals, attack_start_args::host, attack_start_args::host_kb, attack_start_args::net_kb, scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_kb_readable(), timeval(), and vhosts_to_str().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_host_authorization()

static int check_host_authorization ( gvm_host_t *  host,
const struct in6_addr *  addr,
kb_t  kb 
)
static

Definition at line 706 of file attack.c.

708 {
709  gvm_hosts_t *hosts_allow, *hosts_deny;
710  gvm_hosts_t *sys_hosts_allow, *sys_hosts_deny;
711 
712  /* Do we have the right to test this host ? */
713  hosts_allow = gvm_hosts_new (prefs_get ("hosts_allow"));
714  hosts_deny = gvm_hosts_new (prefs_get ("hosts_deny"));
715  if (!host_authorized (host, addr, hosts_allow, hosts_deny))
716  {
717  error_message_to_client2 (kb, "Host access denied.", NULL);
718  return -1;
719  }
720  sys_hosts_allow = gvm_hosts_new (prefs_get ("sys_hosts_allow"));
721  sys_hosts_deny = gvm_hosts_new (prefs_get ("sys_hosts_deny"));
722  if (!host_authorized (host, addr, sys_hosts_allow, sys_hosts_deny))
723  {
725  kb, "Host access denied (system-wide restriction.)", NULL);
726  return -1;
727  }
728 
729  gvm_hosts_free (hosts_allow);
730  gvm_hosts_free (hosts_deny);
731  gvm_hosts_free (sys_hosts_allow);
732  gvm_hosts_free (sys_hosts_deny);
733  return 0;
734 }

References error_message_to_client2(), and host_authorized().

Referenced by attack_start().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_kb_access()

static int check_kb_access ( )
static

Definition at line 970 of file attack.c.

971 {
972  int rc;
973  kb_t kb;
974 
975  rc = kb_new (&kb, prefs_get ("db_address"));
976  if (rc)
977  report_kb_failure (rc);
978  else
979  kb_delete (kb);
980 
981  return rc;
982 }

References report_kb_failure().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_new_vhosts()

static void check_new_vhosts ( )
static

Check if a plugin process pushed a new vhost value.

Parameters
kbHost scan KB.
vhostsList of vhosts to add new vhosts to.
Returns
New vhosts list.

Definition at line 293 of file attack.c.

294 {
295  char *value;
296 
297  if (get_check_new_vhosts_flag () == 0)
298  return;
299 
300  while ((value = kb_item_pop_str (host_kb, "internal/vhosts")))
301  {
302  /* Get the source. */
303  char buffer[4096], *source;
304  gvm_vhost_t *vhost;
305 
306  g_snprintf (buffer, sizeof (buffer), "internal/source/%s", value);
307  source = kb_item_pop_str (host_kb, buffer);
308  assert (source);
309  vhost = gvm_vhost_new (value, source);
310  host_vhosts = g_slist_append (host_vhosts, vhost);
311  }
313 }

References get_check_new_vhosts_flag(), host_kb, host_vhosts, and unset_check_new_vhosts_flag().

Referenced by launch_plugin().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ comm_send_status()

static int comm_send_status ( kb_t  kb,
char *  hostname,
int  curr,
int  max 
)
static

Sends the status of a host's scan.

Definition at line 156 of file attack.c.

157 {
158  char buffer[2048];
159 
160  if (!hostname || !kb)
161  return -1;
162 
163  if (strlen (hostname) > (sizeof (buffer) - 50))
164  return -1;
165 
166  snprintf (buffer, sizeof (buffer), "%d/%d", curr, max);
167  kb_item_push_str (kb, "internal/status", buffer);
168 
169  return 0;
170 }

References hostname, and max.

Referenced by attack_host(), and Ensure().

Here is the caller graph for this function:

◆ error_message_to_client2()

static void error_message_to_client2 ( kb_t  kb,
const char *  msg,
const char *  port 
)
static

Definition at line 173 of file attack.c.

174 {
175  char buf[2048];
176 
177  sprintf (buf, "ERRMSG||| |||%s||| |||%s", port ?: " ", msg ?: "No error.");
178  kb_item_push_str (kb, "internal/results", buf);
179 }

Referenced by attack_network(), and check_host_authorization().

Here is the caller graph for this function:

◆ fork_sleep()

static void fork_sleep ( int  n)
static

Definition at line 194 of file attack.c.

195 {
196  time_t then, now;
197 
198  now = then = time (NULL);
199  while (now - then < n)
200  {
201  waitpid (-1, NULL, WNOHANG);
202  usleep (10000);
203  now = time (NULL);
204  }
205 }

Referenced by attack_host(), and attack_network().

Here is the caller graph for this function:

◆ get_check_new_vhosts_flag()

static int get_check_new_vhosts_flag ( )
static

Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(), to avoid fetching unnecessarily.

Returns
1 means new vhosts must be fetched. 0 nothing to do.

Definition at line 259 of file attack.c.

260 {
261  return check_new_vhosts_flag;
262 }

References check_new_vhosts_flag.

Referenced by check_new_vhosts().

Here is the caller graph for this function:

◆ handle_scan_stop_signal()

static void handle_scan_stop_signal ( )
static

Definition at line 985 of file attack.c.

986 {
987  int i = atoi (prefs_get ("ov_maindbid"));
988  kb_t main_kb = NULL;
989  char *pid;
990 
991  global_scan_stop = 1;
992  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
993  pid = kb_item_get_str (main_kb, ("internal/ovas_pid"));
994  kb_lnk_reset (main_kb);
995 
996  if (atoi (pid) == getpid ())
997  hosts_stop_all ();
998  else
1000 
1001  g_free (pid);
1002 }

References global_scan_stop, hosts_stop_all(), pid, and pluginlaunch_stop().

Referenced by attack_network().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ host_authorized()

static int host_authorized ( const gvm_host_t *  host,
const struct in6_addr *  addr,
const gvm_hosts_t *  hosts_allow,
const gvm_hosts_t *  hosts_deny 
)
static

Definition at line 653 of file attack.c.

655 {
656  /* Check Hosts Access. */
657  if (host == NULL)
658  return 0;
659 
660  if (hosts_deny && gvm_host_in_hosts (host, addr, hosts_deny))
661  return 0;
662  if (hosts_allow && !gvm_host_in_hosts (host, addr, hosts_allow))
663  return 0;
664 
665  return 1;
666 }

Referenced by check_host_authorization().

Here is the caller graph for this function:

◆ iface_authorized()

static int iface_authorized ( const char *  iface)
static

Definition at line 882 of file attack.c.

883 {
884  const char *ifaces_list;
885 
886  if (iface == NULL)
887  return 0;
888 
889  ifaces_list = prefs_get ("ifaces_deny");
890  if (ifaces_list && str_in_comma_list (iface, ifaces_list))
891  return -1;
892  ifaces_list = prefs_get ("ifaces_allow");
893  if (ifaces_list && !str_in_comma_list (iface, ifaces_list))
894  return -1;
895  /* sys_* preferences are similar, but can't be overridden by the client. */
896  ifaces_list = prefs_get ("sys_ifaces_deny");
897  if (ifaces_list && str_in_comma_list (iface, ifaces_list))
898  return -2;
899  ifaces_list = prefs_get ("sys_ifaces_allow");
900  if (ifaces_list && !str_in_comma_list (iface, ifaces_list))
901  return -2;
902 
903  return 1;
904 }

References str_in_comma_list().

Referenced by apply_source_iface_preference().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_host_kb()

static kb_t init_host_kb ( struct scan_globals globals,
char *  ip_str,
kb_t *  network_kb 
)
static

Inits or loads the knowledge base for a single host.

Fills the knowledge base with host-specific login information for local checks if defined.

Parameters
globalsGlobal preference struct.
ip_strIP string of target host.
Returns
A knowledge base.

Definition at line 480 of file attack.c.

481 {
482  kb_t kb;
483  gchar *hostname_pattern;
484  enum net_scan_status nss;
485  const gchar *kb_path = prefs_get ("db_address");
486  int rc;
487 
488  nss = network_scan_status (globals);
489  switch (nss)
490  {
491  case NSS_DONE:
492  rc = kb_new (&kb, kb_path);
493  if (rc)
494  {
495  report_kb_failure (rc);
496  return NULL;
497  }
498 
499  hostname_pattern = g_strdup_printf ("%s/*", ip_str);
500  kb_duplicate (kb, *network_kb, hostname_pattern);
501  g_free (hostname_pattern);
502  break;
503 
504  case NSS_BUSY:
505  assert (network_kb != NULL);
506  assert (*network_kb != NULL);
507  kb = *network_kb;
508  break;
509 
510  default:
511  rc = kb_new (&kb, kb_path);
512  if (rc)
513  {
514  report_kb_failure (rc);
515  return NULL;
516  }
517  }
518 
519  return kb;
520 }

References kb_duplicate(), network_scan_status(), NSS_BUSY, NSS_DONE, and report_kb_failure().

Referenced by attack_host().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ kb_duplicate()

static int kb_duplicate ( kb_t  dst,
kb_t  src,
const gchar *  filter 
)
static

Definition at line 448 of file attack.c.

449 {
450  struct kb_item *items, *p_itm;
451 
452  items = kb_item_get_pattern (src, filter ? filter : "*");
453  for (p_itm = items; p_itm != NULL; p_itm = p_itm->next)
454  {
455  gchar *newname;
456 
457  newname = strstr (p_itm->name, "/");
458  if (newname == NULL)
459  newname = p_itm->name;
460  else
461  newname += 1; /* Skip the '/' */
462 
463  kb_item_add_str (dst, newname, p_itm->v_str, 0);
464  }
465  return 0;
466 }

Referenced by init_host_kb().

Here is the caller graph for this function:

◆ launch_plugin()

static int launch_plugin ( struct scan_globals globals,
struct scheduler_plugin plugin,
struct in6_addr *  ip,
GSList *  vhosts,
kb_t  kb 
)
static

Launches a nvt. Respects safe check preference (i.e. does not try.

destructive nvt if save_checks is yes).

Does not launch a plugin twice if !save_kb_replay.

Returns
ERR_HOST_DEAD if host died, ERR_CANT_FORK if forking failed, 0 otherwise.

Definition at line 325 of file attack.c.

327 {
328  int optimize = prefs_get_bool ("optimize_test"), pid, ret = 0;
329  char *oid, *name, *error = NULL, ip_str[INET6_ADDRSTRLEN];
330  gboolean network_scan = FALSE;
331  nvti_t *nvti;
332 
333  addr6_to_str (ip, ip_str);
334  oid = plugin->oid;
335  nvti = nvticache_get_nvt (oid);
336 
337  /* eg. When NVT was moved/removed by a feed update during the scan. */
338  if (!nvti)
339  {
340  g_message ("Plugin '%s' missing from nvticache.", oid);
342  goto finish_launch_plugin;
343  }
344  if (scan_is_stopped ())
345  {
346  if (nvti_category (nvti) != ACT_END)
347  {
349  goto finish_launch_plugin;
350  }
351  else
352  {
353  name = nvticache_get_filename (oid);
354  g_message ("Stopped scan wrap-up: Launching %s (%s)", name, oid);
355  g_free (name);
356  }
357  }
358 
359  if (network_scan_status (globals) == NSS_BUSY)
360  network_scan = TRUE;
361 
362  if (prefs_get_bool ("safe_checks")
363  && !nvti_category_is_safe (nvti_category (nvti)))
364  {
365  if (prefs_get_bool ("log_whole_attack"))
366  {
367  name = nvticache_get_filename (oid);
368  g_message ("Not launching %s (%s) against %s because safe checks are"
369  " enabled (this is not an error)",
370  name, oid, ip_str);
371  g_free (name);
372  }
374  goto finish_launch_plugin;
375  }
376 
377  if (network_scan)
378  {
379  char asc_id[100];
380 
381  assert (oid);
382  snprintf (asc_id, sizeof (asc_id), "Launched/%s", oid);
383 
384  if (kb_item_get_int (kb, asc_id) > 0)
385  {
386  if (prefs_get_bool ("log_whole_attack"))
387  g_message ("Not launching %s against %s because it has already "
388  "been lanched in the past (this is not an error)",
389  oid, ip_str);
391  goto finish_launch_plugin;
392  }
393  else
394  kb_item_set_int (kb, asc_id, 1);
395  }
396 
397  /* Do not launch NVT if mandatory key is missing (e.g. an important tool
398  * was not found). This is ignored during network wide scanning phases. */
399  if (!network_scan && !mandatory_requirements_met (kb, nvti))
400  error = "because a mandatory key is missing";
401  if (error || (optimize && (error = requirements_plugin (kb, nvti))))
402  {
404  if (prefs_get_bool ("log_whole_attack"))
405  {
406  name = nvticache_get_filename (oid);
407  g_message (
408  "Not launching %s (%s) against %s %s (this is not an error)", name,
409  oid, ip_str, error);
410  g_free (name);
411  }
412  goto finish_launch_plugin;
413  }
414 
415  /* Stop the test if the host is 'dead' */
416  if (kb_item_get_int (kb, "Host/dead") > 0)
417  {
418  g_message ("The remote host %s is dead", ip_str);
421  ret = ERR_HOST_DEAD;
422  goto finish_launch_plugin;
423  }
424 
425  /* Update vhosts list and start the plugin */
426  check_new_vhosts ();
427  pid = plugin_launch (globals, plugin, ip, vhosts, kb, nvti);
428  if (pid < 0)
429  {
431  ret = ERR_CANT_FORK;
432  goto finish_launch_plugin;
433  }
434 
435  if (prefs_get_bool ("log_whole_attack"))
436  {
437  name = nvticache_get_filename (oid);
438  g_message ("Launching %s (%s) against %s [%d]", name, oid, ip_str, pid);
439  g_free (name);
440  }
441 
442 finish_launch_plugin:
443  nvti_free (nvti);
444  return ret;
445 }

References ACT_END, check_new_vhosts(), ERR_CANT_FORK, ERR_HOST_DEAD, mandatory_requirements_met(), name, network_scan_status(), NSS_BUSY, nvti_category_is_safe(), scheduler_plugin::oid, oid, pid, plugin_launch(), PLUGIN_STATUS_DONE, PLUGIN_STATUS_UNRUN, pluginlaunch_stop(), requirements_plugin(), scheduler_plugin::running_state, and scan_is_stopped().

Referenced by attack_host().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ network_scan_status()

static enum net_scan_status network_scan_status ( struct scan_globals globals)
static

Definition at line 208 of file attack.c.

209 {
210  gchar *nss;
211 
212  nss = globals->network_scan_status;
213  if (nss == NULL)
214  return NSS_NONE;
215 
216  if (g_ascii_strcasecmp (nss, "busy") == 0)
217  return NSS_BUSY;
218  else if (g_ascii_strcasecmp (nss, "done") == 0)
219  return NSS_DONE;
220  else
221  return NSS_NONE;
222 }

References scan_globals::network_scan_status, NSS_BUSY, NSS_DONE, and NSS_NONE.

Referenced by attack_network(), init_host_kb(), and launch_plugin().

Here is the caller graph for this function:

◆ nvti_category_is_safe()

static int nvti_category_is_safe ( int  category)
static

Checks that an NVT category is safe.

Parameters
categoryCategory to check.
Returns
0 if category is unsafe, 1 otherwise.

Definition at line 240 of file attack.c.

241 {
242  /* XXX: Duplicated from openvas/nasl. */
243  if (category == ACT_DESTRUCTIVE_ATTACK || category == ACT_KILL_HOST
244  || category == ACT_FLOOD || category == ACT_DENIAL)
245  return 0;
246  return 1;
247 }

References ACT_DENIAL, ACT_DESTRUCTIVE_ATTACK, ACT_FLOOD, and ACT_KILL_HOST.

Referenced by launch_plugin().

Here is the caller graph for this function:

◆ report_kb_failure()

static void report_kb_failure ( int  errcode)
static

Definition at line 182 of file attack.c.

183 {
184  gchar *msg;
185 
186  errcode = abs (errcode);
187  msg = g_strdup_printf ("WARNING: Cannot connect to KB at '%s': %s'",
188  prefs_get ("db_address"), strerror (errcode));
189  g_warning ("%s", msg);
190  g_free (msg);
191 }

Referenced by attack_network(), check_kb_access(), and init_host_kb().

Here is the caller graph for this function:

◆ scan_is_stopped()

static int scan_is_stopped ( )
static

Definition at line 227 of file attack.c.

228 {
229  return global_scan_stop;
230 }

References global_scan_stop.

Referenced by attack_host(), attack_network(), attack_start(), and launch_plugin().

Here is the caller graph for this function:

◆ set_check_new_vhosts_flag()

static void set_check_new_vhosts_flag ( )
static

Set global check_new_vhosts_flag to indicate that new vhosts must be fetched.

Definition at line 269 of file attack.c.

270 {
272 }

References check_new_vhosts_flag.

Referenced by attack_host().

Here is the caller graph for this function:

◆ set_kb_readable()

static int set_kb_readable ( int  host_kb_index)
static

Add the Host KB index to the list of readable KBs used by ospd-openvas.

Definition at line 109 of file attack.c.

110 {
111  int i = atoi (prefs_get ("ov_maindbid"));
112  kb_t main_kb = NULL;
113 
114  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
115  if (main_kb)
116  {
117  kb_item_add_int_unique (main_kb, "internal/dbindex", host_kb_index);
118  return 0;
119  }
120  g_warning ("Not possible to add the kb index %d to the list of "
121  "ready to read kb",
122  host_kb_index);
123  return -1;
124 }

Referenced by attack_start().

Here is the caller graph for this function:

◆ set_scan_status()

static void set_scan_status ( char *  status)
static

Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.

Parameters
[in]statusStatus to set.

Definition at line 133 of file attack.c.

134 {
135  int i = atoi (prefs_get ("ov_maindbid"));
136  kb_t main_kb = NULL;
137 
138  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
139  if (main_kb)
140  {
141  char buffer[96];
142  char *scan_id = kb_item_get_str (main_kb, ("internal/scanid"));
143 
144  snprintf (buffer, sizeof (buffer), "internal/%s", scan_id);
145  kb_item_set_str (main_kb, buffer, status, 0);
146 
147  return;
148  }
149  g_warning ("Not possible to set the scan as finished");
150 }

References scan_globals::scan_id.

Referenced by attack_network().

Here is the caller graph for this function:

◆ str_in_comma_list()

static int str_in_comma_list ( const char *  str,
const char *  comma_list 
)
static

Definition at line 849 of file attack.c.

850 {
851  gchar **element, **split;
852 
853  if (str == NULL || comma_list == NULL)
854  return 0;
855 
856  split = g_strsplit (comma_list, ",", 0);
857  element = split;
858  while (*element)
859  {
860  gchar *stripped = g_strstrip (*element);
861 
862  if (stripped && strcmp (stripped, str) == 0)
863  {
864  g_strfreev (split);
865  return 1;
866  }
867 
868  element++;
869  }
870 
871  g_strfreev (split);
872  return 0;
873 }

Referenced by iface_authorized().

Here is the caller graph for this function:

◆ unset_check_new_vhosts_flag()

static void unset_check_new_vhosts_flag ( )
static

Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched.

Definition at line 279 of file attack.c.

280 {
282 }

References check_new_vhosts_flag.

Referenced by check_new_vhosts().

Here is the caller graph for this function:

◆ vhosts_to_str()

static char* vhosts_to_str ( GSList *  list)
static

Definition at line 676 of file attack.c.

677 {
678  GString *string;
679 
680  if (!list)
681  return NULL;
682  string = g_string_new (((gvm_vhost_t *) list->data)->value);
683  if (g_slist_length (list) == 1)
684  return g_string_free (string, FALSE);
685  list = list->next;
686  while (list)
687  {
688  g_string_append (string, ", ");
689  g_string_append (string, ((gvm_vhost_t *) list->data)->value);
690  list = list->next;
691  }
692  return g_string_free (string, FALSE);
693 }

References list::next.

Referenced by attack_start().

Here is the caller graph for this function:

Variable Documentation

◆ check_new_vhosts_flag

int check_new_vhosts_flag = 0
static

◆ global_scan_stop

int global_scan_stop = 0

◆ host_kb

kb_t host_kb = NULL
static

Definition at line 249 of file attack.c.

Referenced by attack_host(), attack_network(), and check_new_vhosts().

◆ host_vhosts

GSList* host_vhosts = NULL
static

Definition at line 250 of file attack.c.

Referenced by attack_host(), and check_new_vhosts().

kb_duplicate
static int kb_duplicate(kb_t dst, kb_t src, const gchar *filter)
Definition: attack.c:448
get_check_new_vhosts_flag
static int get_check_new_vhosts_flag()
Return check_new_vhosts_flag. After reading must be clean with unset_check_new_vhosts_flag(),...
Definition: attack.c:259
host_authorized
static int host_authorized(const gvm_host_t *host, const struct in6_addr *addr, const gvm_hosts_t *hosts_allow, const gvm_hosts_t *hosts_deny)
Definition: attack.c:653
scan_globals::network_targets
char * network_targets
Definition: scanneraux.h:34
ACT_FLOOD
@ ACT_FLOOD
Definition: nvt_categories.h:47
ERR_HOST_DEAD
#define ERR_HOST_DEAD
Definition: attack.c:55
plugins_scheduler_stop
void plugins_scheduler_stop(plugins_scheduler_t sched)
Definition: pluginscheduler.c:499
hosts_read
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition: hosts.c:271
plugins_scheduler
Definition: pluginscheduler.c:49
launch_plugin
static int launch_plugin(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb)
Launches a nvt. Respects safe check preference (i.e. does not try.
Definition: attack.c:325
attack_start_args::host
gvm_host_t * host
Definition: attack.c:88
scheduler_plugin
Definition: pluginscheduler.h:40
attack_network
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:1008
attack_start_args
Definition: attack.c:82
attack_host
static void attack_host(struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, plugins_scheduler_t sched, kb_t kb, kb_t *net_kb)
Attack one host.
Definition: attack.c:526
apply_source_iface_preference
static int apply_source_iface_preference()
Definition: attack.c:914
plugins_scheduler_init
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int only_network, int *error)
Definition: pluginscheduler.c:313
report_kb_failure
static void report_kb_failure(int errcode)
Definition: attack.c:182
iface_authorized
static int iface_authorized(const char *iface)
Definition: attack.c:882
fork_sleep
static void fork_sleep(int n)
Definition: attack.c:194
timeval
struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:105
pid
static pid_t pid
Definition: nasl_builtin_nmap.c:499
ERR_CANT_FORK
#define ERR_CANT_FORK
Definition: attack.c:56
set_check_new_vhosts_flag
static void set_check_new_vhosts_flag()
Set global check_new_vhosts_flag to indicate that new vhosts must be fetched.
Definition: attack.c:269
plugins_scheduler_free
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition: pluginscheduler.c:534
comm_send_status
static int comm_send_status(kb_t kb, char *hostname, int curr, int max)
Sends the status of a host's scan.
Definition: attack.c:156
PLUGIN_STATUS_DONE
@ PLUGIN_STATUS_DONE
Definition: pluginscheduler.h:37
check_new_vhosts_flag
static int check_new_vhosts_flag
Definition: attack.c:251
ACT_END
@ ACT_END
Definition: nvt_categories.h:48
name
const char * name
Definition: nasl_init.c:377
plugins_scheduler_count_active
int plugins_scheduler_count_active(plugins_scheduler_t sched)
Definition: pluginscheduler.c:341
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
requirements_plugin
char * requirements_plugin(kb_t kb, nvti_t *nvti)
Determine if the plugin requirements are met.
Definition: plugs_req.c:264
host_vhosts
static GSList * host_vhosts
Definition: attack.c:250
NSS_NONE
@ NSS_NONE
Definition: attack.c:93
error_message_to_client2
static void error_message_to_client2(kb_t kb, const char *msg, const char *port)
Definition: attack.c:173
attack_start_args::globals
struct scan_globals * globals
Definition: attack.c:84
ACT_DENIAL
@ ACT_DENIAL
Definition: nvt_categories.h:45
scan_globals::files_translation
GHashTable * files_translation
Definition: scanneraux.h:36
hosts_init
int hosts_init(int max_hosts)
Definition: hosts.c:153
oid
const char * oid
Definition: nasl_builtin_find_service.c:57
max
#define max
Definition: nasl_wmi.c:48
scheduler_plugin::running_state
enum plugin_status running_state
Definition: pluginscheduler.h:44
network_scan_status
static enum net_scan_status network_scan_status(struct scan_globals *globals)
Definition: attack.c:208
str_in_comma_list
static int str_in_comma_list(const char *str, const char *comma_list)
Definition: attack.c:849
hosts_new
int hosts_new(char *name, kb_t kb)
Definition: hosts.c:160
KB_RETRY_DELAY
#define KB_RETRY_DELAY
Definition: attack.c:62
pluginlaunch_init
void pluginlaunch_init(const char *host)
Definition: pluginlaunch.c:265
pluginlaunch_wait
void pluginlaunch_wait(kb_t kb)
Waits and 'pushes' processes until num_running_processes is 0.
Definition: pluginlaunch.c:370
check_kb_access
static int check_kb_access()
Definition: attack.c:970
check_host_authorization
static int check_host_authorization(gvm_host_t *host, const struct in6_addr *addr, kb_t kb)
Definition: attack.c:706
set_scan_status
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition: attack.c:133
vhosts_to_str
static char * vhosts_to_str(GSList *list)
Definition: attack.c:676
create_process
pid_t create_process(process_func_t function, void *argument)
Create a new process (fork).
Definition: processes.c:97
process_func_t
void(* process_func_t)(void *)
Definition: processes.h:31
net_scan_status
net_scan_status
Definition: attack.c:91
process_alive
int process_alive(pid_t pid)
Definition: utils.c:204
scan_globals
Definition: scanneraux.h:32
PLUG_RUNNING
#define PLUG_RUNNING
Definition: pluginscheduler.h:49
host_kb
static kb_t host_kb
Definition: attack.c:249
scheduler_plugin::oid
char * oid
Definition: pluginscheduler.h:42
attack_start_args::sched
plugins_scheduler_t sched
Definition: attack.c:85
PLUGIN_STATUS_UNRUN
@ PLUGIN_STATUS_UNRUN
Definition: pluginscheduler.h:35
plugin_launch
int plugin_launch(struct scan_globals *globals, struct scheduler_plugin *plugin, struct in6_addr *ip, GSList *vhosts, kb_t kb, nvti_t *nvti)
Definition: pluginlaunch.c:343
scan_is_stopped
static int scan_is_stopped()
Definition: attack.c:227
scan_globals::network_scan_status
char * network_scan_status
Definition: scanneraux.h:35
init_host_kb
static kb_t init_host_kb(struct scan_globals *globals, char *ip_str, kb_t *network_kb)
Inits or loads the knowledge base for a single host.
Definition: attack.c:480
host
Host information, implemented as doubly linked list.
Definition: hosts.c:47
attack_start
static void attack_start(struct attack_start_args *args)
Set up some data and jump into attack_host()
Definition: attack.c:740
get_max_checks_number
int get_max_checks_number(void)
Definition: utils.c:174
NSS_BUSY
@ NSS_BUSY
Definition: attack.c:94
hosts_stop_all
void hosts_stop_all(void)
Definition: hosts.c:211
handle_scan_stop_signal
static void handle_scan_stop_signal()
Definition: attack.c:985
MAX_FORK_RETRIES
#define MAX_FORK_RETRIES
Definition: attack.c:58
mandatory_requirements_met
int mandatory_requirements_met(kb_t kb, nvti_t *nvti)
Check whether mandatory requirements for plugin are met.
Definition: plugs_req.c:247
pluginlaunch_wait_for_free_process
void pluginlaunch_wait_for_free_process(kb_t kb)
Waits and 'pushes' processes until the number of running processes has changed.
Definition: pluginlaunch.c:403
hostname
const char * hostname
Definition: pluginlaunch.c:76
check_new_vhosts
static void check_new_vhosts()
Check if a plugin process pushed a new vhost value.
Definition: attack.c:293
NSS_DONE
@ NSS_DONE
Definition: attack.c:95
unset_check_new_vhosts_flag
static void unset_check_new_vhosts_flag()
Unset global check_new_vhosts_flag. Must be called once the vhosts have been fetched.
Definition: attack.c:279
attack_start_args::net_kb
kb_t * net_kb
Definition: attack.c:86
get_max_hosts_number
int get_max_hosts_number(void)
Definition: utils.c:143
ACT_KILL_HOST
@ ACT_KILL_HOST
Definition: nvt_categories.h:46
pluginlaunch_stop
void pluginlaunch_stop()
Definition: pluginlaunch.c:302
nvti_category_is_safe
static int nvti_category_is_safe(int category)
Checks that an NVT category is safe.
Definition: attack.c:240
list::next
struct list * next
Definition: nasl_builtin_synscan.c:265
hosts_set_pid
int hosts_set_pid(char *name, pid_t pid)
Definition: hosts.c:185
hosts
static struct host * hosts
Definition: hosts.c:59
ACT_DESTRUCTIVE_ATTACK
@ ACT_DESTRUCTIVE_ATTACK
Definition: nvt_categories.h:44
scan_globals::scan_id
char * scan_id
Definition: scanneraux.h:38
set_kb_readable
static int set_kb_readable(int host_kb_index)
Add the Host KB index to the list of readable KBs used by ospd-openvas.
Definition: attack.c:109
attack_start_args::host_kb
kb_t host_kb
Definition: attack.c:87
plugins_scheduler_next
struct scheduler_plugin * plugins_scheduler_next(plugins_scheduler_t h)
Definition: pluginscheduler.c:442
network_targets
tree_cell * network_targets(lex_ctxt *lexic)
Definition: nasl_scanner_glue.c:659
global_scan_stop
int global_scan_stop
Definition: attack.c:224
list
Definition: nasl_builtin_synscan.c:259
apply_hosts_preferences
static void apply_hosts_preferences(gvm_hosts_t *hosts)
Definition: attack.c:800