31 #include "../misc/network.h"
32 #include "../misc/plugutils.h"
43 #include <arpa/inet.h>
46 #include <gnutls/gnutls.h>
47 #include <gvm/base/logging.h>
48 #include <gvm/base/networking.h>
49 #include <gvm/base/prefs.h>
50 #include <netinet/in.h>
57 #define EADDRNOTAVAIL EADDRINUSE
64 #define G_LOG_DOMAIN "lib nasl"
71 int flags = fcntl (soc, F_GETFL, 0);
74 perror (
"fcntl(F_GETFL)");
77 if (fcntl (soc, F_SETFL, O_NONBLOCK | flags) < 0)
79 perror (
"fcntl(F_SETFL,O_NONBLOCK)");
88 int flags = fcntl (soc, F_GETFL, 0);
91 perror (
"fcntl(F_GETFL)");
94 if (fcntl (soc, F_SETFL, (~O_NONBLOCK) & flags) < 0)
96 perror (
"fcntl(F_SETFL,~O_NONBLOCK)");
105 const char *time_between_request;
108 time_between_request = prefs_get (
"time_between_request");
109 if (time_between_request)
110 minwaittime = atoi (time_between_request);
114 static double lastprobesec = 0;
115 static double lastprobeusec = 0;
120 gettimeofday (&tvnow, NULL);
121 if (lastprobesec <= 0)
123 lastprobesec = tvnow.tv_sec - 10;
124 lastprobeusec = tvnow.tv_usec;
127 tvdiff.tv_sec = tvnow.tv_sec - lastprobesec;
128 tvdiff.tv_usec = tvnow.tv_usec - lastprobeusec;
129 if (tvdiff.tv_usec <= 0)
132 tvdiff.tv_usec *= -1;
135 diff_msec = tvdiff.tv_sec * 1000 + tvdiff.tv_usec / 1000;
136 time2wait = (minwaittime - diff_msec) * 1000;
140 gettimeofday (&tvnow, NULL);
141 lastprobesec = tvnow.tv_sec;
142 lastprobeusec = tvnow.tv_usec;
168 int *key = g_memdup (&soc,
sizeof (
int));
171 data_record->
data = g_memdup ((gconstpointer)
data, (guint)
len);
173 if (udp_data == NULL)
176 g_hash_table_new_full (g_int_hash, g_int_equal, g_free, g_free);
180 g_hash_table_replace (udp_data, (gpointer) key, (gpointer) data_record);
189 GHashTable *udp_data;
195 g_hash_table_new_full (g_int_hash, g_int_equal, g_free, g_free);
199 data_record = g_hash_table_lookup (udp_data, (gconstpointer) &soc);
205 return data_record->
data;
215 g_hash_table_remove (udp_data, (gconstpointer) &soc);
226 int sport, current_sport = -1;
230 struct sockaddr_in addr, daddr;
231 struct sockaddr_in6 addr6, daddr6;
246 lexic,
"open_private_socket: missing or undefined parameter dport!\n");
251 current_sport = 1023;
254 if (proto == IPPROTO_TCP)
257 if (IN6_IS_ADDR_V4MAPPED (p))
260 bzero (&addr,
sizeof (addr));
261 if (proto == IPPROTO_TCP)
262 sock = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
264 sock = socket (AF_INET, SOCK_DGRAM, IPPROTO_UDP);
269 bzero (&addr6,
sizeof (addr6));
270 if (proto == IPPROTO_TCP)
271 sock = socket (AF_INET6, SOCK_STREAM, IPPROTO_TCP);
273 sock = socket (AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
285 if (current_sport < 128 && sport < 0)
290 e = gvm_source_set_socket (sock, sport > 0 ? sport : current_sport--, family);
311 if (IN6_IS_ADDR_V4MAPPED (p))
313 bzero (&daddr,
sizeof (daddr));
314 daddr.sin_addr.s_addr = p->s6_addr32[3];
315 daddr.sin_family = AF_INET;
316 daddr.sin_port = htons (dport);
318 e = connect (sock, (
struct sockaddr *) &daddr,
sizeof (daddr));
322 bzero (&daddr6,
sizeof (daddr6));
323 memcpy (&daddr6.sin6_addr, p, sizeof (
struct in6_addr));
324 daddr6.sin6_family = AF_INET6;
325 daddr6.sin6_port = htons (dport);
327 e = connect (sock, (
struct sockaddr *) &daddr6,
sizeof (daddr6));
340 else if (errno != EINPROGRESS)
353 e = select (sock + 1, NULL, &rd, NULL, to > 0 ? &tv : NULL);
355 while (e < 0 && errno == EINTR);
364 opt_sz =
sizeof (opt);
366 if (getsockopt (sock, SOL_SOCKET, SO_ERROR, &opt, &opt_sz) < 0)
368 g_message (
"[%d] open_priv_sock()->getsockopt() failed : %s", getpid (),
394 if (proto == IPPROTO_TCP)
398 retc->
x.
i_val = sock < 0 ? 0 : sock;
423 const char *priority;
459 else if (transport == 0)
464 if (bufsz > 0 && soc >= 0)
467 nasl_perror (lexic,
"stream_set_buffer: soc=%d,bufsz=%d\n", soc, bufsz);
471 retc->
x.
i_val = soc < 0 ? 0 : soc;
534 struct sockaddr_in soca;
535 struct sockaddr_in6 soca6;
546 if (IN6_IS_ADDR_V4MAPPED (ia))
548 bzero (&soca,
sizeof (soca));
549 soca.sin_addr.s_addr = ia->s6_addr32[3];
550 soca.sin_port = htons (port);
551 soca.sin_family = AF_INET;
553 soc = socket (AF_INET, SOCK_DGRAM, 0);
556 gvm_source_set_socket (soc, 0, AF_INET);
557 if (connect (soc, (
struct sockaddr *) &soca,
sizeof (soca)) < 0)
565 bzero (&soca6,
sizeof (soca6));
566 memcpy (&soca6.sin6_addr, ia, sizeof (
struct in6_addr));
567 soca6.sin6_port = htons (port);
568 soca6.sin6_family = AF_INET6;
570 soc = socket (AF_INET6, SOCK_DGRAM, 0);
573 gvm_source_set_socket (soc, 0, AF_INET6);
574 if (connect (soc, (
struct sockaddr *) &soca6,
sizeof (soca6)) < 0)
592 int soc, transport, ret;
600 nasl_perror (lexic,
"socket_ssl_negotiate: Erroneous socket value %d\n",
609 "socket_ssl_negotiate: Erroneous transport value %d\n",
625 int soc, cert_len = 0;
632 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
640 retc->
size = cert_len;
655 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
659 if (sid == NULL || sid_len == 0)
663 retc->
size = sid_len;
712 unsigned int opt_len =
sizeof (type);
715 if (len <= 0 || soc <= 0)
721 data = g_malloc0 (len);
723 e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
727 if (e == 0 && type == SOCK_DGRAM)
733 tv.tv_sec = to / retries;
734 tv.tv_usec = (to % retries) * 100000;
736 for (i = 0; i < retries; i++)
741 if (select (soc + 1, &rd, NULL, NULL, &tv) > 0)
744 e = recv (soc, data + new_len, len - new_len, 0);
767 send (soc, data, len, 0);
768 tv.tv_sec = to / retries;
769 tv.tv_usec = (to % retries) * 100000;
782 retc->
x.
str_val = g_memdup (data, new_len);
783 retc->
size = new_len;
806 if (len == -1 || soc <= 0)
808 nasl_perror (lexic,
"recv_line: missing or undefined parameter"
809 " length or socket\n");
823 data = g_malloc0 (len + 1);
831 if (timeout >= 0 && time (NULL) - t1 < timeout)
837 if ((data[n - 1] ==
'\n') || (n >= len))
850 retc->
size = new_len;
851 retc->
x.
str_val = g_memdup (data, new_len + 1);
871 unsigned int type_len =
sizeof (type);
873 if (soc <= 0 || data == NULL)
875 nasl_perror (lexic,
"Syntax error with the send() function\n");
877 "Correct syntax is : send(socket:<soc>, data:<data>\n");
881 if (length <= 0 || length > data_length)
882 length = data_length;
885 && getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &type_len) == 0
886 && type == SOCK_DGRAM)
888 n = send (soc, data, length,
option);
909 unsigned int opt_len =
sizeof (type);
920 nasl_perror (lexic,
"close(%d): Invalid socket value\n", soc);
924 e = getsockopt (soc, SOL_SOCKET, SO_TYPE, &type, &opt_len);
927 if (type == SOCK_DGRAM)
936 nasl_perror (lexic,
"close(%d): %s\n", soc, strerror (errno));
960 nasl_perror (lexic,
"join_multicast_group: missing parameter\n");
963 if (!inet_aton (a, &m.imr_multiaddr))
965 nasl_perror (lexic,
"join_multicast_group: invalid parameter '%s'\n", a);
968 m.imr_interface.s_addr = INADDR_ANY;
972 if (
jmg_desc[i].in.s_addr == m.imr_multiaddr.s_addr
983 int s = socket (AF_INET, SOCK_DGRAM, 0);
986 nasl_perror (lexic,
"join_multicast_group: socket: %s\n",
991 if (setsockopt (s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &m,
sizeof (m)) < 0)
994 lexic,
"join_multicast_group: setsockopt(IP_ADD_MEMBERSHIP): %s\n",
1025 nasl_perror (lexic,
"leave_multicast_group: missing parameter\n");
1028 if (!inet_aton (a, &ia))
1030 nasl_perror (lexic,
"leave_multicast_group: invalid parameter '%s'\n", a);
1042 nasl_perror (lexic,
"leave_multicast_group: never joined group %s\n", a);
1050 struct sockaddr_in ia;
1055 unsigned int type_len =
sizeof (type);
1060 nasl_perror (lexic,
"get_source_port: missing socket parameter\n");
1064 && getsockopt (s, SOL_SOCKET, SO_TYPE, &type, &type_len) == 0
1065 && type == SOCK_DGRAM)
1072 nasl_perror (lexic,
"get_source_port: invalid socket parameter %d\n", s);
1076 if (getsockname (fd, (
struct sockaddr *) &ia, &l) < 0)
1078 nasl_perror (lexic,
"get_source_port: getsockname(%d): %s\n", fd,
1083 retc->
x.
i_val = ntohs (ia.sin_port);
1120 g_message (
"socket_get_error: Erroneous socket value %d", soc);
1124 g_message (
"Unknown error %d %s", err, strerror (err));
1195 const char *keyword, *s;
1199 gnutls_session_t tls_session;
1206 nasl_perror (lexic,
"error: socket %d is not valid\n");
1215 nasl_perror (lexic,
"error: second argument is not of type string\n");
1233 nasl_perror (lexic,
"error retrieving infos for socket %d: %s\n", sock,
1237 else if (!strcmp (keyword,
"encaps"))
1244 else if (!strcmp (keyword,
"tls-proto"))
1250 gnutls_protocol_get_name (gnutls_protocol_get_version (tls_session));
1251 strval = g_strdup (s ? s :
"[?]");
1253 else if (!strcmp (keyword,
"tls-kx"))
1258 s = gnutls_kx_get_name (gnutls_kx_get (tls_session));
1259 strval = g_strdup (s ? s :
"");
1261 else if (!strcmp (keyword,
"tls-certtype"))
1266 s = gnutls_certificate_type_get_name (
1267 gnutls_certificate_type_get (tls_session));
1268 strval = g_strdup (s ? s :
"");
1270 else if (!strcmp (keyword,
"tls-cipher"))
1275 s = gnutls_cipher_get_name (gnutls_cipher_get (tls_session));
1276 strval = g_strdup (s ? s :
"");
1278 else if (!strcmp (keyword,
"tls-mac"))
1283 s = gnutls_mac_get_name (gnutls_mac_get (tls_session));
1284 strval = g_strdup (s ? s :
"");
1286 else if (!strcmp (keyword,
"tls-auth"))
1292 switch (gnutls_auth_get_type (tls_session))
1294 case GNUTLS_CRD_ANON:
1297 case GNUTLS_CRD_CERTIFICATE:
1300 case GNUTLS_CRD_PSK:
1303 case GNUTLS_CRD_SRP:
1311 strval = g_strdup (s);
1313 else if (!strcmp (keyword,
"tls-cert"))
1318 && gnutls_certificate_type_get (tls_session) == GNUTLS_CRT_X509)
1320 const gnutls_datum_t *
list;
1321 unsigned int nlist = 0;
1325 list = gnutls_certificate_get_peers (tls_session, &nlist);
1332 retc->
x.
ref_val = a = g_malloc0 (
sizeof *a);
1334 for (i = 0; i < nlist; i++)
1336 memset (&v, 0,
sizeof v);
1347 nasl_perror (lexic,
"unknown keyword '%s'\n", keyword);
1359 retc->
size = strlen (strval);
1394 gnutls_x509_crt_t *cert = NULL;
1395 gnutls_x509_trust_list_t ca_list;
1396 unsigned int ca_list_size = 0;
1397 unsigned int i, cert_n = 0;
1398 unsigned int voutput;
1399 const gnutls_datum_t *certs;
1402 gnutls_session_t tls_session;
1407 nasl_perror (lexic,
"socket_get_cert: Erroneous socket value %d\n", soc);
1418 nasl_perror (lexic,
"error retrieving tls_session for socket %d: %s\n",
1419 soc, strerror (err));
1426 && gnutls_certificate_type_get (tls_session) == GNUTLS_CRT_X509)
1428 certs = gnutls_certificate_get_peers (tls_session, &cert_n);
1435 cert = g_malloc0 (
sizeof (*cert) * cert_n);
1436 for (i = 0; i < cert_n; i++)
1438 if (gnutls_x509_crt_init (&cert[i]) != GNUTLS_E_SUCCESS)
1440 if (gnutls_x509_crt_import (cert[i], &certs[i], GNUTLS_X509_FMT_DER)
1441 != GNUTLS_E_SUCCESS)
1446 if ((ret = gnutls_x509_trust_list_init (&ca_list, ca_list_size)) < 0)
1448 ret = gnutls_x509_trust_list_add_system_trust (ca_list, 0, 0);
1453 if (gnutls_x509_trust_list_verify_crt (ca_list, cert, cert_n, 0, &voutput,
1455 != GNUTLS_E_SUCCESS)