/* [ close_main_window ]
* Quit or hide, determined by the config files
*/
static gboolean
close_main_window (void)
{
if (preferences_get_bool (PREFS_MINIMIZE_TO_TRAY) &&
preferences_get_bool (PREFS_ENABLE_TRAY_ICON)) {
gui_toggle_visibility ();
return TRUE;
} else {
exit_fortified ();
return FALSE;
}
}
static void
apply_hosts_preferences (openvas_hosts_t *hosts, struct arglist *preferences)
{
char *ordering, *exclude_hosts;
if (hosts == NULL || preferences == NULL)
return;
/* Hosts ordering strategy: sequential, random, reversed... */
ordering = preferences_get_string (preferences, "hosts_ordering");
if (ordering)
{
if (!strcmp (ordering, "random"))
{
openvas_hosts_shuffle (hosts);
log_write ("hosts_ordering: Random.\n");
}
else if (!strcmp (ordering, "reverse"))
{
openvas_hosts_reverse (hosts);
log_write ("hosts_ordering: Reverse.\n");
}
}
else
log_write ("hosts_ordering: Sequential.\n");
/* Exclude hosts ? */
exclude_hosts = preferences_get_string (preferences, "exclude_hosts");
if (exclude_hosts)
{
/* Exclude hosts, resolving hostnames. */
int ret = openvas_hosts_exclude (hosts, exclude_hosts, 1);
if (ret >= 0)
log_write ("exclude_hosts: Skipped %d host(s).\n", ret);
else
log_write ("exclude_hosts: Error.\n");
}
/* Reverse-lookup unify ? */
if (preferences_get_bool (preferences, "reverse_lookup_unify") == 1)
log_write ("reverse_lookup_unify: Skipped %d host(s).\n",
openvas_hosts_reverse_lookup_unify (hosts));
/* Hosts that reverse-lookup only ? */
if (preferences_get_bool (preferences, "reverse_lookup_only") == 1)
log_write ("reverse_lookup_only: Skipped %d host(s).\n",
openvas_hosts_reverse_lookup_only (hosts));
}
void warlock_send (const char *fmt, ...)
{
va_list list;
char *string;
char *to_send;
g_assert (fmt != NULL);
va_start (list, fmt);
g_vasprintf (&string, fmt, list);
va_end (list);
to_send = g_strconcat (string, "\n", NULL);
g_free (string);
if (preferences_get_bool (preferences_get_key (PREF_ECHO))) {
echo (to_send);
}
if (connection != NULL) {
simu_connection_send (connection, to_send);
}
g_free (to_send);
}
static void highlight_add (guint id)
{
WarlockHighlight *highlight;
const char *string;
gboolean case_sensitive;
guint i;
char *name;
string = preferences_get_string (preferences_get_highlight_key (id,
PREF_HIGHLIGHT_STRING));
case_sensitive = preferences_get_bool (preferences_get_highlight_key
(id, PREF_HIGHLIGHT_CASE_SENSITIVE));
highlight = g_new (WarlockHighlight, 1);
highlight->id = id;
highlight->regex = highlight_compile_regex (string, case_sensitive);
highlight->gconf_connections = NULL;
highlight_list = g_slist_append (highlight_list, highlight);
highlight_add_tags (id);
highlight->gconf_connections = g_slist_append
(highlight->gconf_connections, GINT_TO_POINTER
(preferences_notify_add (preferences_get_highlight_key
(id, PREF_HIGHLIGHT_STRING),
change_string, highlight)));
highlight->gconf_connections = g_slist_append
(highlight->gconf_connections, GINT_TO_POINTER
(preferences_notify_add (preferences_get_highlight_key
(id, PREF_HIGHLIGHT_CASE_SENSITIVE),
change_string, highlight)));
for (i = 0; i < HIGHLIGHT_MATCHES; i++) {
name = mangle_name (id, i);
highlight->gconf_connections = g_slist_append
(highlight->gconf_connections, GINT_TO_POINTER
(preferences_notify_add
(preferences_get_highlight_match_key
(id, i, PREF_HIGHLIGHT_MATCH_TEXT_COLOR),
changed_text, name)));
highlight->gconf_connections = g_slist_append
(highlight->gconf_connections, GINT_TO_POINTER
(preferences_notify_add
(preferences_get_highlight_match_key
(id, i, PREF_HIGHLIGHT_MATCH_BASE_COLOR),
changed_background, name)));
highlight->gconf_connections = g_slist_append
(highlight->gconf_connections, GINT_TO_POINTER
(preferences_notify_add
(preferences_get_highlight_match_key
(id, i, PREF_HIGHLIGHT_MATCH_FONT),
changed_font, name)));
}
}
/* [ gui_construct ]
* Create the GUI
*/
void
gui_construct (void)
{
GtkWidget *tablabel;
GtkWidget *statusview_page;
GtkWidget *hitview_page;
GtkWidget *policyview_page;
gchar hostname[40];
if (!gethostname (hostname, 39))
Fortified.window = gnome_app_new (PACKAGE, g_strconcat ("Fortified ", hostname, NULL));
else
Fortified.window = gnome_app_new (PACKAGE, "Fortified");
Fortified.ttips = gtk_tooltips_new ();
/* Set up the main window */
g_signal_connect (G_OBJECT (Fortified.window), "delete_event",
G_CALLBACK (close_main_window), NULL);
gnome_window_icon_set_default_from_file (
"/usr/share/pixmaps/fortified.png");
menus_initialize (Fortified.window);
/* The main application is spread out over a set of notebook pages */
notebook = gtk_notebook_new ();
gnome_app_set_contents (GNOME_APP (Fortified.window), notebook);
/* Set up the statusview page */
statusview_page = create_statusview_page ();
tablabel = gtk_label_new (_("Status"));
gtk_notebook_append_page (GTK_NOTEBOOK (notebook), statusview_page, tablabel);
/* Set up the hitview page */
hitview_page = create_hitview_page ();
tablabel = gtk_label_new (_("Events"));
gtk_notebook_append_page (GTK_NOTEBOOK (notebook), hitview_page, tablabel);
/* Set up the the policyview pages */
policyview_page = create_policyview_page ();
tablabel = gtk_label_new (_("Policy"));
gtk_notebook_append_page (GTK_NOTEBOOK (notebook), policyview_page, tablabel);
g_signal_connect_after (G_OBJECT (notebook), "switch-page",
G_CALLBACK (view_switched_cb), NULL);
/* FIXME: By making the window non-resizable the expanders collapse properly,
but it would be nicer if it worked with a resizable window */
//gtk_window_set_resizable (GTK_WINDOW (Fortified.window), FALSE);
/* Show the tray icon */
if (preferences_get_bool (PREFS_ENABLE_TRAY_ICON))
tray_init ();
}
static void change_string (const char *key, gpointer user_data)
{
gboolean case_sensitive;
char *string;
WarlockHighlight *highlight;
highlight = user_data;
string = preferences_get_string (preferences_get_highlight_key
(highlight->id, PREF_HIGHLIGHT_STRING));
case_sensitive = preferences_get_bool (preferences_get_highlight_key
(highlight->id, PREF_HIGHLIGHT_CASE_SENSITIVE));
highlight->regex = highlight_compile_regex (string, case_sensitive);
}
static void
init_toggle (char *name, Preference pref)
{
gboolean bval;
GtkWidget *widget;
widget = glade_xml_get_widget (warlock_xml, name);
bval = preferences_get_bool (preferences_get_key (pref));
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), bval);
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK
(on_checkbutton_toggled), GINT_TO_POINTER (pref));
}
// to be called at program start and anytime the value of auto-log changes
static void
log_toggle (void)
{
char *key;
gboolean autolog;
key = preferences_get_key (PREF_AUTO_LOG);
autolog = preferences_get_bool (key);
g_free (key);
if (autolog && log_file == NULL) {
GError *err;
char *filename, *name, *path, *path_key;
path_key = preferences_get_key (PREF_LOG_PATH);
path = preferences_get_string (path_key);
g_free (path_key);
name = warlock_log_get_name ();
filename = g_build_filename (path, name, NULL);
g_free (name);
g_free (path);
err = NULL;
log_file = g_io_channel_new_file (filename, "a", &err);
if (log_file == NULL) {
echo_f ("Error: \"%s\" for file \"%s\".\n",
err->message, filename);
}
} else if (!autolog && log_file != NULL) {
g_io_channel_close (log_file);
g_io_channel_unref (log_file);
log_file = NULL;
}
}
static WarlockView *
warlock_view_init (const char *name, const char *title,
const char *menu_name)
{
WarlockView *warlock_view;
warlock_view = g_new (WarlockView, 1);
warlock_view->widget = NULL;
warlock_view->menuitem = NULL;
warlock_view->scrolled_window = NULL;
warlock_view->text_view = NULL;
warlock_view->name = name;
warlock_view->title = title;
views = g_list_append (views, warlock_view);
if (menu_name != NULL) {
warlock_view->shown_key = preferences_get_full_key
(g_strconcat (name, "-view", NULL));
warlock_view->shown = preferences_get_bool
(warlock_view->shown_key);
warlock_view->menuitem = warlock_get_widget (menu_name);
gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM
(warlock_view->menuitem), warlock_view->shown);
} else {
warlock_view->shown_key = NULL;
warlock_view->widget = warlock_get_widget ("main_window_frame");
warlock_view->shown = TRUE;
main_view = warlock_view;
}
if (warlock_view->shown)
view_show (warlock_view);
return warlock_view;
}
/**
* @brief Attack a whole network.
*/
void
attack_network (struct arglist *globals)
{
int max_hosts = 0, max_checks;
int num_tested = 0;
char *hostlist;
openvas_hosts_t *hosts, *hosts_allow, *hosts_deny;
openvas_hosts_t *sys_hosts_allow, *sys_hosts_deny;
openvas_host_t *host;
int global_socket = -1;
struct arglist *preferences = NULL;
struct arglist *plugins = NULL;
plugins_scheduler_t sched;
int fork_retries = 0;
GHashTable *files;
struct timeval then, now;
char buffer[INET6_ADDRSTRLEN];
int network_phase = 0;
gchar *network_targets, *port_range;
int do_network_scan = 0;
int scan_stopped;
gettimeofday (&then, NULL);
preferences = arg_get_value (globals, "preferences");
if ((do_network_scan = preferences_get_bool (preferences, "network_scan")) == -1)
do_network_scan = 0;
network_targets = arg_get_value (preferences, "network_targets");
if (network_targets != NULL)
arg_add_value (globals, "network_targets", ARG_STRING,
strlen (network_targets), network_targets);
if (do_network_scan)
{
gchar *network_scan_status = arg_get_value (globals, "network_scan_status");
if (network_scan_status != NULL)
if (g_ascii_strcasecmp (network_scan_status, "done") == 0)
network_phase = 0;
else
network_phase = 1;
else
{
arg_add_value (globals, "network_scan_status", ARG_STRING,
strlen ("busy"), "busy");
network_phase = 1;
}
}
num_tested = 0;
global_socket = GPOINTER_TO_SIZE (arg_get_value (globals, "global_socket"));
plugins = arg_get_value (globals, "plugins");
/* Init and check Target List */
hostlist = arg_get_value (preferences, "TARGET");
if (hostlist == NULL)
{
error_message_to_client (globals, "Missing target hosts", NULL, NULL);
return;
}
/* Verify the port range is a valid one */
port_range = arg_get_value (preferences, "port_range");
if (validate_port_range (port_range))
{
error_message_to_client (globals, "Invalid port range", NULL, port_range);
return;
}
/* Initialize the attack. */
sched = plugins_scheduler_init (plugins,
preferences_get_bool (preferences, "auto_enable_dependencies") == 1 ? 1 : 0,
network_phase);
max_hosts = get_max_hosts_number (preferences);
max_checks = get_max_checks_number (preferences);
if (network_phase)
{
network_targets = arg_get_value (preferences, "network_targets");
if (network_targets == NULL)
{
log_write ("WARNING: In network phase, but without targets! Stopping.\n");
host = NULL;
}
else
{
log_write
("Start a new scan. Target(s) : %s, in network phase with target %s\n",
hostlist, network_targets);
}
}
else
{
log_write ("Starts a new scan. Target(s) : %s, with max_hosts = %d and"
" max_checks = %d\n", hostlist, max_hosts, max_checks);
}
hosts = openvas_hosts_new (hostlist);
/* Apply Hosts preferences. */
apply_hosts_preferences (hosts, preferences);
/* Don't start if the provided interface is unauthorized. */
if (apply_source_iface_preference (globals, preferences) != 0)
{
openvas_hosts_free (hosts);
error_message_to_client (globals, "Interface not authorized for scanning", NULL, NULL);
return;
}
/* hosts_allow/deny lists. */
hosts_allow = openvas_hosts_new (preferences_get_string
(preferences, "hosts_allow"));
hosts_deny = openvas_hosts_new (preferences_get_string
(preferences, "hosts_deny"));
/* sys_* preferences, which can't be overriden by the client. */
sys_hosts_allow = openvas_hosts_new (preferences_get_string
(preferences, "sys_hosts_allow"));
sys_hosts_deny = openvas_hosts_new (preferences_get_string
(preferences, "sys_hosts_deny"));
host = openvas_hosts_next (hosts);
if (host == NULL)
goto stop;
hosts_init (global_socket, max_hosts);
/*
* Start the attack !
*/
while (host)
{
int pid;
char *hostname;
struct in6_addr host_ip;
hostname = openvas_host_value_str (host);
if (openvas_host_get_addr6 (host, &host_ip) == -1)
{
log_write ("Couldn't resolve target %s\n", hostname);
error_message_to_client (globals, "Couldn't resolve hostname.",
hostname, NULL);
g_free (hostname);
host = openvas_hosts_next (hosts);
continue;
}
/* Do we have the right to test this host ? */
if (!host_authorized (host, &host_ip, hosts_allow, hosts_deny))
{
error_message_to_client (globals, "Host access denied.",
hostname, NULL);
log_write ("Host %s access denied.", hostname);
}
else if (!host_authorized (host, &host_ip, sys_hosts_allow,
sys_hosts_deny))
{
error_message_to_client (globals, "Host access denied"
" (system-wide restriction.)",
hostname, NULL);
log_write ("Host %s access denied (sys_* preference restriction.)",
hostname);
}
else
{
struct attack_start_args args;
int s;
char *MAC = NULL;
int mac_err = -1;
gchar *name;
if (preferences_get_bool (preferences, "use_mac_addr") > 0
&& v6_is_local_ip (&host_ip))
{
mac_err = v6_get_mac_addr (&host_ip, &MAC);
if (mac_err > 0)
{
/* remote host is down */
g_free (hostname);
host = openvas_hosts_next (hosts);
continue;
}
}
s = hosts_new (globals, hostname);
if (s < 0)
goto scan_stop;
args.globals = globals;
memcpy (&args.hostip, &host_ip, sizeof (struct in6_addr));
name = openvas_host_value_str (host);
strncpy (args.fqdn, name, sizeof (args.fqdn));
g_free (name);
args.host_mac_addr = MAC;
args.sched = sched;
args.thread_socket = s;
forkagain:
pid = create_process ((process_func_t) attack_start, &args);
if (pid < 0)
{
fork_retries++;
if (fork_retries > MAX_FORK_RETRIES)
{
/* Forking failed - we go to the wait queue. */
log_write ("fork() failed - %s. %s won't be tested\n",
strerror (errno), hostname);
efree (&MAC);
goto stop;
}
log_write
("fork() failed - sleeping %d seconds and trying again...\n",
fork_retries);
fork_sleep (fork_retries);
goto forkagain;
}
hosts_set_pid (hostname, pid);
if (network_phase)
log_write ("Testing %s (network level) [%d]\n",
network_targets, pid);
else
log_write ("Testing %s (%s) [%d]\n",
hostname, inet_ntop (AF_INET6,
&args.hostip,
buffer,
sizeof (buffer)),
pid);
if (MAC != NULL)
efree (&MAC);
}
num_tested++;
if (network_phase)
{
host = NULL;
arg_set_value (globals, "network_scan_status", strlen ("done"), "done");
}
else
{
g_free (hostname);
host = openvas_hosts_next (hosts);
}
}
/* Every host is being tested... We have to wait for the processes
* to terminate. */
while (hosts_read (globals) == 0)
;
log_write ("Test complete");
scan_stop:
/* Free the memory used by the files uploaded by the user, if any. */
files = arg_get_value (globals, "files_translation");
if (files)
g_hash_table_foreach_remove (files, (GHRFunc) free_uploaded_file, NULL);
stop:
scan_stopped = GPOINTER_TO_SIZE(arg_get_value (globals, "stop_required"));
openvas_hosts_free (hosts);
openvas_hosts_free (hosts_allow);
openvas_hosts_free (hosts_deny);
openvas_hosts_free (sys_hosts_allow);
openvas_hosts_free (sys_hosts_deny);
plugins_scheduler_free (sched);
gettimeofday (&now, NULL);
log_write ("Total time to scan all hosts : %ld seconds\n",
now.tv_sec - then.tv_sec);
if (do_network_scan && network_phase && !scan_stopped)
attack_network (globals);
return;
}