/* Daemon init sequence */
static void
start_check(void)
{
/* Initialize sub-system */
ipvs_start();
init_checkers_queue();
#ifdef _WITH_VRRP_
init_interface_queue();
kernel_netlink_init();
#endif
#ifdef _WITH_SNMP_
if (!reload && snmp)
check_snmp_agent_init();
#endif
/* Parse configuration file */
global_data = alloc_global_data();
check_data = alloc_check_data();
init_data(conf_file, check_init_keywords);
if (!check_data) {
stop_check();
return;
}
/* Post initializations */
log_message(LOG_INFO, "Configuration is using : %lu Bytes", mem_allocated);
/* SSL load static data & initialize common ctx context */
if (!init_ssl_ctx()) {
stop_check();
return;
}
/* Processing differential configuration parsing */
if (reload) {
clear_diff_services();
copy_srv_states();
}
/* Initialize IPVS topology */
if (!init_services()) {
stop_check();
return;
}
/* Dump configuration */
if (debug & 4) {
dump_global_data(global_data);
dump_check_data(check_data);
}
#ifdef _WITH_VRRP_
/* Initialize linkbeat */
init_interface_linkbeat();
#endif
/* Register checkers thread */
register_checkers_thread();
}
/* 准备连接状态
*/
int32 ssl_io::init_connect( int32 fd )
{
if ( init_ssl_ctx( fd ) < 0 ) return -1;
_fd = fd;
SSL_set_connect_state( X_SSL( _ssl_ctx ) );
return do_handshake();
}
/* attempt to negotiate a secure connection */
void pool_ssl_negotiate_serverclient(POOL_CONNECTION *cp) {
cp->ssl_active = -1;
if ( (!pool_config->ssl) || init_ssl_ctx(cp, ssl_conn_serverclient)) {
/* write back an "SSL reject" response before returning */
pool_write_and_flush(cp, "N", 1);
} else {
/* write back an "SSL accept" response */
pool_write_and_flush(cp, "S", 1);
SSL_set_fd(cp->ssl, cp->fd);
SSL_RETURN_VOID_IF( (SSL_accept(cp->ssl) < 0), "SSL_accept");
cp->ssl_active = 1;
}
}
/* attempt to negotiate a secure connection */
void pool_ssl_negotiate_clientserver(POOL_CONNECTION *cp) {
int ssl_packet[2] = { htonl(sizeof(int)*2), htonl(NEGOTIATE_SSL_CODE) };
char server_response;
cp->ssl_active = -1;
if ( (!pool_config->ssl) || init_ssl_ctx(cp, ssl_conn_clientserver))
return;
ereport(DEBUG1,
(errmsg("attempting to negotiate a secure connection"),
errdetail("sending client->server SSL request")));
pool_write_and_flush(cp, ssl_packet, sizeof(int)*2);
if (pool_read(cp, &server_response, 1) < 0)
{
ereport(WARNING,
(errmsg("error while attempting to negotiate a secure connection, pool_read failed")));
return;
}
ereport(DEBUG1,
(errmsg("attempting to negotiate a secure connection"),
errdetail("client->server SSL response: %c", server_response)));
switch (server_response) {
case 'S':
SSL_set_fd(cp->ssl, cp->fd);
SSL_RETURN_VOID_IF( (SSL_connect(cp->ssl) < 0),
"SSL_connect");
cp->ssl_active = 1;
break;
case 'N':
/*
* If backend does not support SSL but pgpool does, we get this.
* i.e. This is normal.
*/
ereport(DEBUG1,
(errmsg("attempting to negotiate a secure connection"),
errdetail("server doesn't want to talk SSL")));
break;
default:
ereport(WARNING,
(errmsg("error while attempting to negotiate a secure connection, unhandled response: %c", server_response)));
break;
}
}
bool ApnsService::Start()
{
auto iter = resolver_addr(false);
if (iter == boost::asio::ip::tcp::resolver::iterator())
{
LOGFMTE("resolver apns host faild");
return false;
}
if (!init_ssl_ctx())
{
return false;
}
for (size_t i = 0; i < apns_params_.ApnsConnCount; i++)
{
auto conn = std::make_shared<ApnsConnection>(*io_service_, *ssl_ctx_, iter, this);
conn->SetIdleTime(apns_params_.IdleTime);
conn->Connect();
apns_conns_.push_back(conn);
}
//feed back service
auto iter_feedback = resolver_addr(true);
if (iter_feedback == boost::asio::ip::tcp::resolver::iterator())
{
LOGFMTE("resolver apns feedback host faild");
return false;
}
fd_conn_.reset(new ApnsFeedBackConnection(*io_service_, *ssl_ctx_, iter_feedback, this));
//get feedback time interval
int t = 24 * 3600;
if (apns_params_.FeedBackTime > 0 && apns_params_.FeedBackTime < (30 * t))
{
t = apns_params_.FeedBackTime;
}
SetTimer(1, 1000 * t, NULL);
LOGFMTD("ApnsService %s start!", apns_params_.Name.c_str());
stopped_ = false;
return true;
}
/*
Connect to host on the given port using tls and return the BIO object
representing the connection.
*/
BIO* connect_tls(const char *host, const char *port){
init_ssl_lib();
//the assignment is redundant, but it's weird not having it
ctx = init_ssl_ctx();
if(!ctx){return NULL;}
BIO *bio = BIO_new_ssl_connect(ctx);
if(!bio){goto err;}
if(BIO_set_conn_hostname(bio, host) == 0){
goto err;
}
if(BIO_set_conn_port(bio, port) == 0){
goto err;
}
SSL *ssl;
BIO_get_ssl(bio, &ssl);
//Handle renegotiation transparently
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
//this is to let the server know what name we used to connect to it
SSL_set_tlsext_host_name(ssl, host);
if(BIO_do_connect(bio) == 0){
goto err;
}
if(BIO_do_handshake(bio) == 0){
goto err;
}
//make sure that the certificate was valid
if(SSL_get_verify_result(ssl) != X509_V_OK){
goto err;
}
return bio;
err:
print_errors();
BIO_free_all(bio);
SSL_CTX_free(ctx);
return NULL;
}
/* Daemon init sequence */
static void
start_check(void)
{
/* Initialize sub-system */
if (ipvs_start() != IPVS_SUCCESS) {
stop_check(KEEPALIVED_EXIT_FATAL);
return;
}
init_checkers_queue();
#ifdef _WITH_VRRP_
init_interface_queue();
kernel_netlink_init();
#endif
/* Parse configuration file */
global_data = alloc_global_data();
check_data = alloc_check_data();
if (!check_data)
stop_check(KEEPALIVED_EXIT_FATAL);
init_data(conf_file, check_init_keywords);
init_global_data(global_data);
/* Post initializations */
#ifdef _MEM_CHECK_
log_message(LOG_INFO, "Configuration is using : %zu Bytes", mem_allocated);
#endif
/* Remove any entries left over from previous invocation */
if (!reload && global_data->lvs_flush)
ipvs_flush_cmd();
#ifdef _WITH_SNMP_CHECKER_
if (!reload && global_data->enable_snmp_checker)
check_snmp_agent_init(global_data->snmp_socket);
#endif
/* SSL load static data & initialize common ctx context */
if (!init_ssl_ctx())
stop_check(KEEPALIVED_EXIT_FATAL);
/* fill 'vsg' members of the virtual_server_t structure.
* We must do that after parsing config, because
* vs and vsg declarations may appear in any order
*/
link_vsg_to_vs();
/* Set the process priority and non swappable if configured */
if (global_data->checker_process_priority)
set_process_priority(global_data->checker_process_priority);
if (global_data->checker_no_swap)
set_process_dont_swap(4096); /* guess a stack size to reserve */
/* Processing differential configuration parsing */
if (reload)
clear_diff_services();
/* Initialize IPVS topology */
if (!init_services())
stop_check(KEEPALIVED_EXIT_FATAL);
/* Dump configuration */
if (__test_bit(DUMP_CONF_BIT, &debug)) {
dump_global_data(global_data);
dump_check_data(check_data);
}
#ifdef _WITH_VRRP_
/* Initialize linkbeat */
init_interface_linkbeat();
#endif
/* Register checkers thread */
register_checkers_thread();
}
/*
* Fetches the resource denoted by |uri|.
*/
static void fetch_uri(const struct URI *uri)
{
spdylay_session_callbacks callbacks;
int fd;
SSL_CTX *ssl_ctx;
SSL *ssl;
struct Request req;
struct Connection connection;
int rv;
nfds_t npollfds = 1;
struct pollfd pollfds[1];
uint16_t spdy_proto_version;
request_init(&req, uri);
setup_spdylay_callbacks(&callbacks);
/* Establish connection and setup SSL */
fd = connect_to(req.host, req.port);
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if(ssl_ctx == NULL) {
dief("SSL_CTX_new", ERR_error_string(ERR_get_error(), NULL));
}
init_ssl_ctx(ssl_ctx, &spdy_proto_version);
ssl = SSL_new(ssl_ctx);
if(ssl == NULL) {
dief("SSL_new", ERR_error_string(ERR_get_error(), NULL));
}
/* To simplify the program, we perform SSL/TLS handshake in blocking
I/O. */
ssl_handshake(ssl, fd);
connection.ssl = ssl;
connection.want_io = IO_NONE;
/* Here make file descriptor non-block */
make_non_block(fd);
set_tcp_nodelay(fd);
printf("[INFO] SPDY protocol version = %d\n", spdy_proto_version);
rv = spdylay_session_client_new(&connection.session, spdy_proto_version,
&callbacks, &connection);
if(rv != 0) {
diec("spdylay_session_client_new", rv);
}
/* Submit the HTTP request to the outbound queue. */
submit_request(&connection, &req);
pollfds[0].fd = fd;
ctl_poll(pollfds, &connection);
/* Event loop */
while(spdylay_session_want_read(connection.session) ||
spdylay_session_want_write(connection.session)) {
int nfds = poll(pollfds, npollfds, -1);
if(nfds == -1) {
dief("poll", strerror(errno));
}
if(pollfds[0].revents & (POLLIN | POLLOUT)) {
exec_io(&connection);
}
if((pollfds[0].revents & POLLHUP) || (pollfds[0].revents & POLLERR)) {
die("Connection error");
}
ctl_poll(pollfds, &connection);
}
/* Resource cleanup */
spdylay_session_del(connection.session);
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ssl_ctx);
shutdown(fd, SHUT_WR);
close(fd);
request_free(&req);
}
/* Daemon init sequence */
static void
start_check(void)
{
/* Initialize sub-system */
if (ipvs_start() != IPVS_SUCCESS) {
stop_check();
return;
}
init_checkers_queue();
#ifdef _WITH_VRRP_
init_interface_queue();
kernel_netlink_init();
#endif
#ifdef _WITH_SNMP_
if (!reload && snmp)
check_snmp_agent_init(snmp_socket);
#endif
/* Parse configuration file */
global_data = alloc_global_data();
check_data = alloc_check_data();
init_data(conf_file, check_init_keywords);
if (!check_data) {
stop_check();
return;
}
init_global_data(global_data);
/* Post initializations */
#ifdef _DEBUG_
log_message(LOG_INFO, "Configuration is using : %lu Bytes", mem_allocated);
#endif
/* SSL load static data & initialize common ctx context */
if (!init_ssl_ctx()) {
stop_check();
return;
}
/* fill 'vsg' members of the virtual_server_t structure.
* We must do that after parsing config, because
* vs and vsg declarations may appear in any order
*/
link_vsg_to_vs();
/* Processing differential configuration parsing */
if (reload)
clear_diff_services();
/* Initialize IPVS topology */
if (!init_services()) {
stop_check();
return;
}
/* Dump configuration */
if (__test_bit(DUMP_CONF_BIT, &debug)) {
dump_global_data(global_data);
dump_check_data(check_data);
}
#ifdef _WITH_VRRP_
/* Initialize linkbeat */
init_interface_linkbeat();
#endif
/* Register checkers thread */
register_checkers_thread();
}
int main(int argc, char *argv[])
{
int lsfd;
int ret, n, i;
struct epoll_event event;
struct epoll_event *events = NULL;
connection_t *conn;
connections_head_t *head = NULL;
if (argc != 2) {
fprintf(stdout, "Usage: %s [port]\n", argv[0]);
exit(EXIT_FAILURE);
}
/* init connections cache */
head = init_connections(MAX_CONNECTIONS);
if (NULL == head) {
ERROR_MSG("init_connections\n");
goto error;
}
/* init SSL data */
ret = init_OpenSSL();
if (ret != 0) {
ERROR_MSG("init_OpenSSL\n");
goto error;
}
head->ctx = init_ssl_ctx(SRV_CERTFILE, SRV_PRIKEY, SRV_CAFILE);
if (NULL == head->ctx) {
ERROR_MSG("init_ssl_ctx error\n");
goto error;
}
/* init epoll's data */
head->epfd = epoll_create(MAX_CONNECTIONS);
if (-1 == head->epfd) {
ERROR_MSG("epoll_create\n");
goto error;
}
events = calloc(MAX_EVENTS, sizeof(struct epoll_event));
if (NULL == events) {
ERROR_MSG("calloc\n");
goto error;
}
/* listen's data */
lsfd = start_listen(argv[1]);
if (lsfd < 0) {
ERROR_MSG("start_listen\n");
goto error;
}
/* add the lsfd to events */
conn = get_connection(head);
if (NULL == conn) {
ERROR_MSG("get_connection\n");
goto error;
}
conn->fd = lsfd;
conn->handler = accept_handler;
event.data.ptr = conn;
event.events = EPOLLIN | EPOLLET;
ret = epoll_ctl(head->epfd, EPOLL_CTL_ADD, lsfd, &event);
if (-1 == ret) {
ERROR_MSG("epoll_ctl\n");
goto error;
}
/* The event loop */
while (1)
{
n = epoll_wait(head->epfd, events, MAX_EVENTS, -1);
for (i = 0; i < n; ++i)
{
conn = events[i].data.ptr;
if ((events[i].events & EPOLLERR)
|| (events[i].events & EPOLLHUP)
|| !(events[i].events & EPOLLIN))
{
/* it will delete the event from events at the same time
* due to invoked close
*/
free_connection(head, conn);
} else {
if (conn->handler) {
conn->handler(head, conn);
}
}
}
}
error:
if (events) free(events);
destroy_connections(head);
return EXIT_SUCCESS;
}
int main (int argc, char** argv)
try {
init_signals();
// Initialize OpenSSL
ERR_load_crypto_strings();
SSL_library_init();
SSL_load_error_strings();
// This cipher list is the "Intermediate compatibility" list from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 as of 2014-12-09
vhost_defaults.ciphers = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
vhost_defaults.dhgroup = make_dh(dh_group14_prime, dh_group14_generator); // 2048 bit group
vhost_defaults.ecdhcurve = get_ecdhcurve("prime256v1"); // a.k.a. secp256r1
// Set default SSL options, which can be overridden by config file
vhost_defaults.ssl_options[SSL_OP_NO_COMPRESSION] = true;
vhost_defaults.ssl_options[SSL_OP_NO_SSLv3] = true;
vhost_defaults.ssl_options[SSL_OP_NO_TLSv1] = false;
vhost_defaults.ssl_options[SSL_OP_NO_TLSv1_1] = false;
vhost_defaults.ssl_options[SSL_OP_NO_TLSv1_2] = false;
vhost_defaults.ssl_options[SSL_OP_CIPHER_SERVER_PREFERENCE] = true;
// These can't be overriden by config file:
vhost_defaults.ssl_options[SSL_OP_SINGLE_DH_USE] = true;
vhost_defaults.ssl_options[SSL_OP_SINGLE_ECDH_USE] = true;
vhost_defaults.ssl_options[SSL_OP_NO_SSLv2] = true;
// Command line arguments come in pairs of the form "--name value" and correspond
// directly to the name/value option pairs in the config file (a la OpenVPN).
for (int i = 1; i < argc; ) {
if (std::strncmp(argv[i], "--", 2) == 0 && i + 1 < argc) {
process_config_param(argv[i] + 2, argv[i+1]);
i += 2;
} else {
std::clog << argv[0] << ": Bad arguments" << std::endl;
return 2;
}
}
if (vhost_configs.empty()) {
// No vhosts specified, so add one implicitly that matches all local addresses / SNI names.
// It will use the options from vhost_defaults.
vhost_configs.emplace_back();
}
for (size_t i = 0; i < vhost_configs.size(); ++i) {
vhosts.emplace_back();
Vhost& vhost(vhosts.back());
Vhost_config& config(vhost_configs[i]);
vhost.id = i;
vhost.servername_set = config.servername_set;
vhost.servername = config.servername;
init_ssl_ctx(vhost, config);
resolve_addresses(vhost, config);
}
// Free up some memory that's no longer needed:
vhost_configs.clear();
vhost_defaults = Basic_vhost_config();
// Listen
listening_sock = socket(AF_INET6, SOCK_STREAM, 0);
if (listening_sock == -1) {
throw System_error("socket", "", errno);
}
set_reuseaddr(listening_sock);
set_not_v6only(listening_sock);
if (transparent == TRANSPARENT_ON) {
set_transparent(listening_sock);
}
// TODO: support binding to specific IP addresses
struct sockaddr_in6 listening_address;
std::memset(&listening_address, '\0', sizeof(listening_address));
listening_address.sin6_family = AF_INET6;
listening_address.sin6_addr = in6addr_any;
listening_address.sin6_port = htons(listening_port);
if (bind(listening_sock, reinterpret_cast<const struct sockaddr*>(&listening_address), sizeof(listening_address)) == -1) {
throw System_error("bind", "", errno);
}
if (listen(listening_sock, SOMAXCONN) == -1) {
throw System_error("listen", "", errno);
}
// Set up UNIX domain socket for communicating with the key server.
// Put it in a temporary directory with restrictive permissions so
// other users can't traverse its path. We have to use a named
// socket as opposed to a socketpair because we need every child process
// to communicate with the key server using its own socket. (Duping one
// end of a socketpair wouldn't work because then every child would
// be referring to the same underlying socket, which provides
// insufficient isolation.)
temp_directory = make_temp_directory();
filedesc keyserver_sock(make_unix_socket(temp_directory + "/server.sock", &keyserver_sockaddr, &keyserver_sockaddr_len));
if (listen(keyserver_sock, SOMAXCONN) == -1) {
throw System_error("listen", "", errno);
}
// Write PID file, daemonize, etc.
std::ofstream pid_file_out;
if (!pid_file.empty()) {
// Open PID file before forking so we can report errors
pid_file_out.open(pid_file.c_str(), std::ofstream::out | std::ofstream::trunc);
if (!pid_file_out) {
throw Configuration_error("Unable to open PID file " + pid_file + " for writing.");
}
pid_file_created = true;
}
if (run_as_daemon) {
daemonize();
}
if (pid_file_out) {
pid_file_out << getpid() << '\n';
pid_file_out.close();
}
// Spawn the master key server process
keyserver_pid = spawn(keyserver_main, std::move(keyserver_sock));
// Spawn spare children to accept() and service connections
if (pipe(children_pipe) == -1) {
throw System_error("pipe", "", errno);
}
set_nonblocking(children_pipe[0], true);
spawn_children();
// Wait for signals and readability on children_pipe
sigset_t empty_sigset;
sigemptyset(&empty_sigset);
fd_set readfds;
FD_ZERO(&readfds);
FD_SET(children_pipe[0], &readfds);
is_running = 1;
struct timespec timeout = { 2, 0 };
int select_res = 0;
while (is_running && ((select_res = pselect(children_pipe[0] + 1, &readfds, NULL, NULL, failed_children ? &timeout : NULL, &empty_sigset)) >= 0 || errno == EINTR)) {
if (failed_children && std::time(NULL) >= last_failed_child_time + 2) {
failed_children = 0;
}
if (pending_sigchld) {
on_sigchld();
pending_sigchld = 0;
}
if (select_res > 0) {
read_children_pipe();
}
FD_SET(children_pipe[0], &readfds);
}
if (is_running && select_res == -1) {
throw System_error("pselect", "", errno);
}
cleanup();
return 0;
} catch (const System_error& error) {
std::clog << "titus: System error: " << error.syscall;
if (!error.target.empty()) {
std::clog << ": " << error.target;
}
std::clog << ": " << std::strerror(error.number) << std::endl;
cleanup();
return 3;
} catch (const Openssl_error& error) {
std::clog << "titus: OpenSSL error: " << error.message() << std::endl;
cleanup();
return 4;
} catch (const Configuration_error& error) {
std::clog << "titus: Configuration error: " << error.message << std::endl;
cleanup();
return 5;
} catch (const Too_many_failed_children& error) {
// TODO: better error reporting when this happens
std::clog << "titus: Too many child processes failed." << std::endl;
cleanup();
return 7;
} catch (const Keyserver_died& error) {
// TODO: better error reporting when this happens
std::clog << "titus: Key server died." << std::endl;
cleanup();
return 8;
}
/**
* @brief openvassd.
* @param argc Argument count.
* @param argv Argument vector.
*/
int
main (int argc, char *argv[])
{
int exit_early = 0, scanner_port = 9391;
pid_t handler_pid;
char *myself;
struct arglist *options = emalloc (sizeof (struct arglist));
struct addrinfo *mysaddr;
struct addrinfo hints;
struct addrinfo ai;
struct sockaddr_in saddr;
struct sockaddr_in6 s6addr;
proctitle_init (argc, argv);
gcrypt_init ();
if ((myself = strrchr (*argv, '/')) == 0)
myself = *argv;
else
myself++;
static gboolean display_version = FALSE;
static gboolean dont_fork = FALSE;
static gchar *address = NULL;
static gchar *port = NULL;
static gchar *config_file = NULL;
static gchar *gnutls_priorities = "NORMAL";
static gchar *dh_params = NULL;
static gboolean print_specs = FALSE;
static gboolean print_sysconfdir = FALSE;
static gboolean only_cache = FALSE;
GError *error = NULL;
GOptionContext *option_context;
static GOptionEntry entries[] = {
{"version", 'V', 0, G_OPTION_ARG_NONE, &display_version,
"Display version information", NULL},
{"foreground", 'f', 0, G_OPTION_ARG_NONE, &dont_fork,
"Do not run in daemon mode but stay in foreground", NULL},
{"listen", 'a', 0, G_OPTION_ARG_STRING, &address,
"Listen on <address>", "<address>"},
{"port", 'p', 0, G_OPTION_ARG_STRING, &port,
"Use port number <number>", "<number>"},
{"config-file", 'c', 0, G_OPTION_ARG_FILENAME, &config_file,
"Configuration file", "<.rcfile>"},
{"cfg-specs", 's', 0, G_OPTION_ARG_NONE, &print_specs,
"Print configuration settings", NULL},
{"sysconfdir", 'y', 0, G_OPTION_ARG_NONE, &print_sysconfdir,
"Print system configuration directory (set at compile time)", NULL},
{"only-cache", 'C', 0, G_OPTION_ARG_NONE, &only_cache,
"Exit once the NVT cache has been initialized or updated", NULL},
{"gnutls-priorities", '\0', 0, G_OPTION_ARG_STRING, &gnutls_priorities,
"GnuTLS priorities string", "<string>"},
{"dh-params", '\0', 0, G_OPTION_ARG_STRING, &dh_params,
"Diffie-Hellman parameters file", "<string>"},
{NULL}
};
option_context =
g_option_context_new ("- Scanner of the Open Vulnerability Assessment System");
g_option_context_add_main_entries (option_context, entries, NULL);
if (!g_option_context_parse (option_context, &argc, &argv, &error))
{
g_print ("%s\n\n", error->message);
exit (0);
}
g_option_context_free (option_context);
if (print_sysconfdir)
{
g_print ("%s\n", SYSCONFDIR);
exit (0);
}
/* Switch to UTC so that OTP times are always in UTC. */
if (setenv ("TZ", "utc 0", 1) == -1)
{
g_print ("%s\n\n", strerror (errno));
exit (0);
}
tzset ();
if (print_specs)
exit_early = 2; /* no cipher initialization */
if (address != NULL)
{
memset (&hints, 0, sizeof (hints));
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo (address, NULL, &hints, &mysaddr))
{
printf ("Invalid IP address.\n");
printf ("Please use %s --help for more information.\n", myself);
exit (0);
}
/* deep copy */
ai.ai_family = mysaddr->ai_family;
if (ai.ai_family == AF_INET)
{
memcpy (&saddr, mysaddr->ai_addr, mysaddr->ai_addrlen);
ai.ai_addr = (struct sockaddr *) &saddr;
}
else
{
memcpy (&s6addr, mysaddr->ai_addr, mysaddr->ai_addrlen);
ai.ai_addr = (struct sockaddr *) &s6addr;
}
ai.ai_family = mysaddr->ai_family;
ai.ai_protocol = mysaddr->ai_protocol;
ai.ai_socktype = mysaddr->ai_socktype;
ai.ai_addrlen = mysaddr->ai_addrlen;
freeaddrinfo (mysaddr);
}
else
{
/* Default to IPv4 */
/*Warning: Not filling all the fields */
saddr.sin_addr.s_addr = INADDR_ANY;
saddr.sin_family = ai.ai_family = AF_INET;
ai.ai_addrlen = sizeof (saddr);
ai.ai_addr = (struct sockaddr *) &saddr;
}
if (port != NULL)
{
scanner_port = atoi (port);
if ((scanner_port <= 0) || (scanner_port >= 65536))
{
printf ("Invalid port specification.\n");
printf ("Please use %s --help for more information.\n", myself);
exit (1);
}
}
if (display_version)
{
printf ("OpenVAS Scanner %s\n", OPENVASSD_VERSION);
printf
("Nessus origin: (C) 2004 Renaud Deraison <*****@*****.**>\n");
printf
("Most new code since OpenVAS: (C) 2013 Greenbone Networks GmbH\n");
printf ("License GPLv2: GNU GPL version 2\n");
printf
("This is free software: you are free to change and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n\n");
exit (0);
}
if (config_file != NULL)
arg_add_value (options, "acc_hint", ARG_INT, sizeof (int), (void *) 1);
if (!config_file)
{
config_file = emalloc (strlen (OPENVASSD_CONF) + 1);
strncpy (config_file, OPENVASSD_CONF, strlen (OPENVASSD_CONF));
}
arg_add_value (options, "scanner_port", ARG_INT, sizeof (gpointer),
GSIZE_TO_POINTER (scanner_port));
arg_add_value (options, "config_file", ARG_STRING, strlen (config_file),
config_file);
arg_add_value (options, "addr", ARG_PTR, -1, &ai);
if (only_cache)
{
init_openvassd (options, 0, 1, dont_fork);
init_plugins (options);
exit (0);
}
init_openvassd (options, 1, exit_early, dont_fork);
g_options = options;
global_iana_socket = GPOINTER_TO_SIZE (arg_get_value (options, "isck"));
global_plugins = arg_get_value (options, "plugins");
/* special treatment */
if (print_specs)
dump_cfg_specs (global_preferences);
if (exit_early)
exit (0);
init_ssl_ctx (gnutls_priorities, dh_params);
// Daemon mode:
if (dont_fork == FALSE)
set_daemon_mode ();
pidfile_create ("openvassd");
handler_pid = loading_handler_start ();
init_plugins (options);
loading_handler_stop (handler_pid);
main_loop ();
exit (0);
}
