static void arg_replace_value (struct arglist *arglist, char *name, int type, int length, void *value) { if (arg_get_type (arglist, name) < 0) arg_add_value (arglist, name, type, length, value); else arg_set_value (arglist, name, length, value); }
void plugin_set_running_state(struct arglist * plugin, int state) { if(plugin == NULL) return; if(arg_get_value(plugin, "RUNNING_STATE") != NULL) arg_set_value(plugin, "RUNNING_STATE", sizeof(state), (void*)state); else arg_add_value(plugin, "RUNNING_STATE", ARG_INT, sizeof(state), (void*)state); }
tree_cell * nasl_start_denial(lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; int to = lexic->recv_timeout; int port = plug_get_host_open_port(script_infos); int soc; int alive = 0; tree_cell * p; if(port) { soc = open_stream_connection(script_infos, port, NESSUS_ENCAPS_IP, to); if(soc>=0) { if(arg_get_value(script_infos, "denial_port") != 0) arg_set_value(script_infos, "denial_port", sizeof(int), (void*)port); else arg_add_value(script_infos, "denial_port", ARG_INT, sizeof(int), (void*)port); close_stream_connection(soc); return FAKE_CELL; } } p = nasl_tcp_ping(lexic); if (p != NULL) alive = p->x.i_val; if(arg_get_value(script_infos, "tcp_ping_result") != 0) arg_set_value(script_infos, "tcp_ping_result", sizeof(int), (void*)alive); else arg_add_value(script_infos, "tcp_ping_result", ARG_INT, sizeof(int), (void*)alive); deref_cell(p); return FAKE_CELL; }
struct arglist * store_plugin(struct arglist * plugin, char * file) { char desc_file[PATH_MAX+1]; char path[PATH_MAX+1]; struct plugin plug; struct pprefs pp[MAX_PREFS+1]; char * str; char * dir; struct arglist * arglist, * ret, *prefs; int e; int fd; int num_plugin_prefs = 0; if( current_mode == MODE_SYS ) dir = sys_store_dir; else dir = usr_store_dir; if(strlen(file) + 2 > sizeof(path)) return NULL; strncpy(path, dir, sizeof(path) - 2 - strlen(file)); str = strrchr(path, '/'); if(str != NULL) { str[0] = '\0'; } strcat(path, "/"); strcat(path, file); snprintf(desc_file, sizeof(desc_file), "%s/%s", dir, file); str = strrchr(desc_file, '.'); if( str != NULL ) { str[0] = '\0'; if(strlen(desc_file) + 6 < sizeof(desc_file) ) strcat(desc_file, ".desc"); } bzero(&plug, sizeof(plug)); bzero(pp, sizeof(pp)); plug.magic = MAGIC; plug.id = _plug_get_id(plugin); e = safe_copy(path, plug.path, sizeof(plug.path), path, "path"); if(e < 0)return NULL; plug.timeout = _plug_get_timeout(plugin); plug.category = _plug_get_category(plugin); str = _plug_get_name(plugin); e = safe_copy(str, plug.name, sizeof(plug.name), path, "name"); if(e < 0)return NULL; str = _plug_get_version(plugin); e = safe_copy(str, plug.version, sizeof(plug.version), path, "version"); if(e < 0)return NULL; str = _plug_get_summary(plugin); e = safe_copy(str, plug.summary, sizeof(plug.summary), path, "summary"); if(e < 0)return NULL; str = _plug_get_description(plugin); e = safe_copy(str, plug.description, sizeof(plug.description), path, "description"); if(e < 0)return NULL; str = _plug_get_copyright(plugin); e = safe_copy(str, plug.copyright, sizeof(plug.copyright), path, "copyright"); if(e < 0)return NULL; str = _plug_get_family(plugin); e = safe_copy(str, plug.family, sizeof(plug.family), path, "family"); if(e < 0)return NULL; str = _plug_get_cve_id(plugin); #ifdef DEBUG_STORE if ( str != NULL && strlen(str) > OLD_CVE_SZ ) fprintf(stderr, "WARNING! CVE size will be too long for older versions of Nessus!\n"); #endif e = safe_copy(str, plug.cve_id, sizeof(plug.cve_id), path, "cve_id"); if(e < 0)return NULL; str = _plug_get_bugtraq_id(plugin); #ifdef DEBUG_STORE if ( str != NULL && strlen(str) > OLD_BID_SZ) fprintf(stderr, "WARNING! BID size will be too long for older versions of Nessus!\n"); #endif e = safe_copy(str, plug.bid, sizeof(plug.bid), path, "bugtraq id"); if(e < 0)return NULL; str = _plug_get_xref(plugin); #ifdef DEBUG_STORE if ( str != NULL && strlen(str) > OLD_XREF_SZ) fprintf(stderr, "WARNING! BID size will be too long for older versions of Nessus!\n"); #endif e = safe_copy(str, plug.xref, sizeof(plug.xref), path, "xref id"); if(e < 0)return NULL; arglist = _plug_get_deps(plugin); str = arglist2str(arglist); e = safe_copy(str, plug.dependencies, sizeof(plug.dependencies), path, "dependencies"); efree(&str); if(e < 0)return NULL; arglist = _plug_get_required_keys(plugin); str = arglist2str(arglist); e = safe_copy(str, plug.required_keys, sizeof(plug.required_keys), path, "required keys"); efree(&str); if(e < 0)return NULL; arglist = _plug_get_excluded_keys(plugin); str = arglist2str(arglist); e = safe_copy(str, plug.excluded_keys, sizeof(plug.excluded_keys), path, "excluded_keys"); efree(&str); if(e < 0)return NULL; arglist = _plug_get_required_ports(plugin); str = arglist2str(arglist); e = safe_copy(str, plug.required_ports, sizeof(plug.required_ports), path, "required ports"); efree(&str); if(e < 0)return NULL; arglist = _plug_get_required_udp_ports(plugin); str = arglist2str(arglist); e = safe_copy(str, plug.required_udp_ports, sizeof(plug.required_udp_ports), path, "required udp ports"); efree(&str); if(e < 0)return NULL; prefs = arg_get_value(plugin, "preferences"); arglist = arg_get_value(plugin, "PLUGIN_PREFS"); if( arglist != NULL ) { char * p_name = _plug_get_name(plugin); while(arglist->next != NULL) { char * name = arglist->name; char * dfl = arglist->value; char * type, * str; type = arglist->name; str = strchr(type, '/'); str[0] = '\0'; name = str + 1; e = safe_copy(type, pp[num_plugin_prefs].type, sizeof(pp[num_plugin_prefs].type), path, "preference-type"); if(e < 0)return NULL; e = safe_copy(name, pp[num_plugin_prefs].name, sizeof(pp[num_plugin_prefs].name), path, "preference-name"); if(e < 0)return NULL; e = safe_copy(dfl, pp[num_plugin_prefs].dfl, sizeof(pp[num_plugin_prefs].dfl), path, "preference-default"); if(e < 0)return NULL; num_plugin_prefs ++; if(num_plugin_prefs >= MAX_PREFS) { fprintf(stderr, "%s: too many preferences\n", path); return NULL; } _add_plugin_preference(prefs, p_name, name, type, dfl); str[0] = '/'; arglist = arglist->next; } } if(num_plugin_prefs > 0) plug.has_prefs = 1; fd = open(desc_file, O_RDWR|O_CREAT|O_TRUNC, 0644); if(fd < 0) { return NULL; } if(write(fd, &plug, sizeof(plug)) < 0) { perror("write "); } if(num_plugin_prefs > 0) { write(fd, pp, sizeof(pp)); } close(fd); arg_set_value(plugin, "preferences", -1, NULL); arg_free_all(plugin); return NULL; }
int execute_nasl_script(struct arglist * script_infos, const char* name, const char * cache_dir, int mode) { naslctxt ctx; nasl_func *pf; int err = 0; tree_cell *ret; lex_ctxt *lexic; char old_dir[MAXPATHLEN+1]; char *newdir; char *old; tree_cell tc; struct arglist* prefs = arg_get_value(script_infos, "preferences"); char *str; int to; char * basename; #ifdef ENABLE_PLUGIN_SERVER char * cached_script = NULL; unsigned int cached_script_len = 0; #endif srand48(getpid() + getppid() + (long)time(NULL)); old_dir[sizeof(old_dir) - 1] = '\0'; getcwd(old_dir, sizeof(old_dir) - 1); #if NASL_DEBUG > 2 nasl_trace_fp = stderr; #endif if((old = arg_get_value(script_infos, "script_name")) == NULL) arg_add_value(script_infos, "script_name", ARG_STRING, strlen(name), estrdup(name)); else { efree(&old); arg_set_value(script_infos, "script_name", strlen(name), estrdup(name)); } newdir = strrchr(name, '/'); if(newdir != NULL) { char dir[MAXPATHLEN+1]; char *s; dir[sizeof(dir) - 1] = '\0'; strncpy(dir, name, sizeof(dir) - 1); s = strrchr(dir, '/'); s[0] = '\0'; chdir(dir); basename = newdir + 1; } else basename = (char*)name; bzero(&ctx, sizeof(ctx)); if ( mode & NASL_ALWAYS_SIGNED ) ctx.always_authenticated = 1; #ifdef ENABLE_PLUGIN_SERVER if ( nasl_index_fetch(basename, &cached_script, &cached_script_len) >= 0 ) { if ( nasl_load_parsed_tree_buf(&ctx, cached_script, cached_script_len, basename) < 0 ) { printf("Could not load plugin\n"); efree(&cached_script); chdir(old_dir); return -1; } efree(&cached_script); } else #endif { if (nasl_load_or_parse(&ctx, name, basename, cache_dir) < 0 ) { chdir(old_dir); return -1; } } #if NASL_DEBUG > 4 nasl_dump_tree(ctx.tree); #endif lexic = init_empty_lex_ctxt(); lexic->script_infos = script_infos; if ( mode & NASL_ALWAYS_SIGNED ) lexic->authenticated = 1; else lexic->authenticated = ctx.authenticated; str = arg_get_value(prefs, "checks_read_timeout"); if( str != NULL ) to = atoi(str); else to = 5; if(to <= 0)to = 5; lexic->recv_timeout = to; init_nasl_library(lexic); if (mode & NASL_LINT) { if (nasl_lint(lexic, ctx.tree) == NULL) err --; } else if (! (mode & NASL_EXEC_PARSE_ONLY)) { char *p; bzero(&tc, sizeof(tc)); tc.type = CONST_INT; tc.x.i_val = (mode & NASL_COMMAND_LINE) != 0; add_named_var_to_ctxt(lexic, "COMMAND_LINE", &tc); bzero(&tc, sizeof(tc)); tc.type = CONST_INT; tc.x.i_val = (mode & NASL_EXEC_DESCR) != 0; add_named_var_to_ctxt(lexic, "description", &tc); tc.type = CONST_DATA; p = strrchr(name, '/'); if (p == NULL) p = (char*)name; else p ++; tc.x.str_val = p; tc.size = strlen(p); add_named_var_to_ctxt(lexic, "SCRIPT_NAME", &tc); truc = (lex_ctxt*)ctx.tree; if ((ret = nasl_exec(lexic, ctx.tree)) == NULL) err = -1; else deref_cell(ret); if ((pf = get_func_ref_by_name(lexic, "on_exit")) != NULL) nasl_func_call(lexic, pf, NULL); } #if NASL_DEBUG > 2 { struct rusage ru; if (getrusage(RUSAGE_SELF, &ru) < 0) perror("getrusage"); else { nasl_perror(lexic, "rusage: utime=%d.%03d stime=%d.%03d minflt=%d majflt=%d nswap=%d\n", ru.ru_utime.tv_sec, ru.ru_utime.tv_usec / 1000, ru.ru_stime.tv_sec, ru.ru_stime.tv_usec / 1000, ru.ru_minflt, ru.ru_majflt, ru.ru_nswap); } } #endif #if NASL_DEBUG > 3 nasl_dump_tree(ctx.tree); #endif chdir(old_dir); if ( mode & NASL_EXEC_DONT_CLEANUP ) return err; nasl_clean_ctx(&ctx); free_lex_ctxt(lexic); return err; }
int execute_nasl_script(struct arglist * script_infos, const char* name, int mode) { naslctxt ctx; nasl_func *pf; int err = 0; tree_cell *ret; lex_ctxt *lexic; char old_dir[MAXPATHLEN+1]; char *newdir; char *old; tree_cell description; struct arglist* prefs = arg_get_value(script_infos, "preferences"); char *str; int to; srand48(getpid() + getppid() + (long)time(NULL)); old_dir[sizeof(old_dir) - 1] = '\0'; getcwd(old_dir, sizeof(old_dir) - 1); #if NASL_DEBUG > 2 nasl_trace_fp = stderr; #endif if((old = arg_get_value(script_infos, "script_name")) == NULL) arg_add_value(script_infos, "script_name", ARG_STRING, strlen(name), estrdup(name)); else { efree(&old); arg_set_value(script_infos, "script_name", strlen(name), estrdup(name)); } newdir = strrchr(name, '/'); if(newdir != NULL) { char dir[MAXPATHLEN+1]; char *s; dir[sizeof(dir) - 1] = '\0'; strncpy(dir, name, sizeof(dir) - 1); s = strrchr(dir, '/'); s[0] = '\0'; chdir(dir); } if (init_nasl_ctx(&ctx, name) < 0) { chdir(old_dir); return -1; } if (naslparse(&ctx)) { nasl_perror(NULL, "\nParse error at or near line %d\n", ctx.line_nb); nasl_clean_ctx(&ctx); chdir(old_dir); return -1; } #if NASL_DEBUG > 4 nasl_dump_tree(ctx.tree); #endif lexic = init_empty_lex_ctxt(); lexic->script_infos = script_infos; str = arg_get_value(prefs, "checks_read_timeout"); if( str != NULL ) to = atoi(str); else to = 5; if(to <= 0)to = 5; lexic->recv_timeout = to; init_nasl_library(lexic); if (! (mode & NASL_EXEC_PARSE_ONLY)) { bzero(&description, sizeof(description)); description.type = CONST_INT; description.x.i_val = (mode & NASL_EXEC_DESCR) != 0; add_named_var_to_ctxt(lexic, "description", &description); truc = (lex_ctxt*)ctx.tree; if ((ret = nasl_exec(lexic, ctx.tree)) == NULL) err = -1; else deref_cell(ret); if ((pf = get_func_ref_by_name(lexic, "on_exit")) != NULL) nasl_func_call(lexic, pf, NULL); } #if NASL_DEBUG > 2 { struct rusage ru; if (getrusage(RUSAGE_SELF, &ru) < 0) perror("getrusage"); else { nasl_perror(lexic, "rusage: utime=%d.%02d stime=%d.%02d minflt=%d majflt=%d\n", ru.ru_utime.tv_sec, ru.ru_utime.tv_usec / 10000, ru.ru_stime.tv_sec, ru.ru_stime.tv_usec / 10000, ru.ru_minflt, ru.ru_majflt); } } #endif #if NASL_DEBUG > 3 nasl_dump_tree(ctx.tree); #endif nasl_clean_ctx(&ctx); free_lex_ctxt(lexic); chdir(old_dir); return err; }
/** * @brief Set up some data and jump into attack_host() */ static void attack_start (struct attack_start_args *args) { struct arglist *globals = args->globals; char host_str[1024]; char *mac = args->host_mac_addr; struct arglist *plugs = arg_get_value (globals, "plugins"); struct in6_addr *hostip = &(args->hostip); struct arglist *hostinfos; struct arglist *preferences = arg_get_value (globals, "preferences"); char *non_simult = arg_get_value (preferences, "non_simult_ports"); char *vhosts = arg_get_value (preferences, "vhosts"); char *vhosts_ip = arg_get_value (preferences, "vhosts_ip"); int thread_socket = args->thread_socket; int soc; struct timeval then, now; plugins_scheduler_t sched = args->sched; int i; /* Stringify the IP address. */ if (IN6_IS_ADDR_V4MAPPED (&args->hostip)) inet_ntop (AF_INET, ((char *)(&args->hostip))+12, host_str, sizeof (host_str)); else inet_ntop (AF_INET6, &args->hostip, host_str, sizeof (host_str)); openvas_signal (SIGUSR1, attack_handle_sigusr1); openvas_signal (SIGUSR2, attack_handle_sigusr2); thread_socket = dup2 (thread_socket, 4); /* Close all file descriptors >= 6 */ for (i = 6; i < getdtablesize (); i++) close (i); gettimeofday (&then, NULL); if (non_simult == NULL) { non_simult = estrdup ("139, 445"); arg_add_value (preferences, "non_simult_ports", ARG_STRING, strlen (non_simult), non_simult); } arg_add_value (preferences, "non_simult_ports_list", ARG_ARGLIST, -1, (void *) list2arglist (non_simult)); /* Options regarding the communication with our parent */ openvas_deregister_connection (GPOINTER_TO_SIZE (arg_get_value (globals, "global_socket"))); arg_set_value (globals, "global_socket", -1, GSIZE_TO_POINTER (thread_socket)); /* Wait for the server to confirm it read our data (prevents client desynch) */ arg_add_value (globals, "confirm", ARG_INT, sizeof (int), (void *) 1); soc = thread_socket; if (vhosts == NULL || vhosts_ip == NULL) hostinfos = attack_init_hostinfos (mac, host_str, hostip, args->fqdn); else { char *txt_ip; struct in_addr inaddr; inaddr.s_addr = hostip->s6_addr32[3]; if (IN6_IS_ADDR_V4MAPPED (hostip)) txt_ip = estrdup (inet_ntoa (inaddr)); else { char name[512]; txt_ip = estrdup (inet_ntop (AF_INET6, hostip, name, sizeof (name))); } if (strcmp (vhosts_ip, txt_ip) != 0) vhosts = NULL; hostinfos = attack_init_hostinfos_vhosts (mac, host_str, hostip, vhosts, args->fqdn); } if (mac) strcpy (host_str, mac); plugins_set_socket (plugs, soc); ntp_timestamp_host_scan_starts (globals, host_str); // Start scan attack_host (globals, hostinfos, host_str, sched); // Calculate duration, clean up ntp_timestamp_host_scan_ends (globals, host_str); gettimeofday (&now, NULL); if (now.tv_usec < then.tv_usec) { then.tv_sec++; now.tv_usec += 1000000; } log_write ("Finished testing %s. Time : %ld.%.2ld secs\n", host_str, (long) (now.tv_sec - then.tv_sec), (long) ((now.tv_usec - then.tv_usec) / 10000)); shutdown (soc, 2); close (soc); }
/** * @brief Attack a whole network. */ void attack_network (struct arglist *globals) { int max_hosts = 0, max_checks; int num_tested = 0; char *hostlist; openvas_hosts_t *hosts, *hosts_allow, *hosts_deny; openvas_hosts_t *sys_hosts_allow, *sys_hosts_deny; openvas_host_t *host; int global_socket = -1; struct arglist *preferences = NULL; struct arglist *plugins = NULL; plugins_scheduler_t sched; int fork_retries = 0; GHashTable *files; struct timeval then, now; char buffer[INET6_ADDRSTRLEN]; int network_phase = 0; gchar *network_targets, *port_range; int do_network_scan = 0; int scan_stopped; gettimeofday (&then, NULL); preferences = arg_get_value (globals, "preferences"); if ((do_network_scan = preferences_get_bool (preferences, "network_scan")) == -1) do_network_scan = 0; network_targets = arg_get_value (preferences, "network_targets"); if (network_targets != NULL) arg_add_value (globals, "network_targets", ARG_STRING, strlen (network_targets), network_targets); if (do_network_scan) { gchar *network_scan_status = arg_get_value (globals, "network_scan_status"); if (network_scan_status != NULL) if (g_ascii_strcasecmp (network_scan_status, "done") == 0) network_phase = 0; else network_phase = 1; else { arg_add_value (globals, "network_scan_status", ARG_STRING, strlen ("busy"), "busy"); network_phase = 1; } } num_tested = 0; global_socket = GPOINTER_TO_SIZE (arg_get_value (globals, "global_socket")); plugins = arg_get_value (globals, "plugins"); /* Init and check Target List */ hostlist = arg_get_value (preferences, "TARGET"); if (hostlist == NULL) { error_message_to_client (globals, "Missing target hosts", NULL, NULL); return; } /* Verify the port range is a valid one */ port_range = arg_get_value (preferences, "port_range"); if (validate_port_range (port_range)) { error_message_to_client (globals, "Invalid port range", NULL, port_range); return; } /* Initialize the attack. */ sched = plugins_scheduler_init (plugins, preferences_get_bool (preferences, "auto_enable_dependencies") == 1 ? 1 : 0, network_phase); max_hosts = get_max_hosts_number (preferences); max_checks = get_max_checks_number (preferences); if (network_phase) { network_targets = arg_get_value (preferences, "network_targets"); if (network_targets == NULL) { log_write ("WARNING: In network phase, but without targets! Stopping.\n"); host = NULL; } else { log_write ("Start a new scan. Target(s) : %s, in network phase with target %s\n", hostlist, network_targets); } } else { log_write ("Starts a new scan. Target(s) : %s, with max_hosts = %d and" " max_checks = %d\n", hostlist, max_hosts, max_checks); } hosts = openvas_hosts_new (hostlist); /* Apply Hosts preferences. */ apply_hosts_preferences (hosts, preferences); /* Don't start if the provided interface is unauthorized. */ if (apply_source_iface_preference (globals, preferences) != 0) { openvas_hosts_free (hosts); error_message_to_client (globals, "Interface not authorized for scanning", NULL, NULL); return; } /* hosts_allow/deny lists. */ hosts_allow = openvas_hosts_new (preferences_get_string (preferences, "hosts_allow")); hosts_deny = openvas_hosts_new (preferences_get_string (preferences, "hosts_deny")); /* sys_* preferences, which can't be overriden by the client. */ sys_hosts_allow = openvas_hosts_new (preferences_get_string (preferences, "sys_hosts_allow")); sys_hosts_deny = openvas_hosts_new (preferences_get_string (preferences, "sys_hosts_deny")); host = openvas_hosts_next (hosts); if (host == NULL) goto stop; hosts_init (global_socket, max_hosts); /* * Start the attack ! */ while (host) { int pid; char *hostname; struct in6_addr host_ip; hostname = openvas_host_value_str (host); if (openvas_host_get_addr6 (host, &host_ip) == -1) { log_write ("Couldn't resolve target %s\n", hostname); error_message_to_client (globals, "Couldn't resolve hostname.", hostname, NULL); g_free (hostname); host = openvas_hosts_next (hosts); continue; } /* Do we have the right to test this host ? */ if (!host_authorized (host, &host_ip, hosts_allow, hosts_deny)) { error_message_to_client (globals, "Host access denied.", hostname, NULL); log_write ("Host %s access denied.", hostname); } else if (!host_authorized (host, &host_ip, sys_hosts_allow, sys_hosts_deny)) { error_message_to_client (globals, "Host access denied" " (system-wide restriction.)", hostname, NULL); log_write ("Host %s access denied (sys_* preference restriction.)", hostname); } else { struct attack_start_args args; int s; char *MAC = NULL; int mac_err = -1; gchar *name; if (preferences_get_bool (preferences, "use_mac_addr") > 0 && v6_is_local_ip (&host_ip)) { mac_err = v6_get_mac_addr (&host_ip, &MAC); if (mac_err > 0) { /* remote host is down */ g_free (hostname); host = openvas_hosts_next (hosts); continue; } } s = hosts_new (globals, hostname); if (s < 0) goto scan_stop; args.globals = globals; memcpy (&args.hostip, &host_ip, sizeof (struct in6_addr)); name = openvas_host_value_str (host); strncpy (args.fqdn, name, sizeof (args.fqdn)); g_free (name); args.host_mac_addr = MAC; args.sched = sched; args.thread_socket = s; forkagain: pid = create_process ((process_func_t) attack_start, &args); if (pid < 0) { fork_retries++; if (fork_retries > MAX_FORK_RETRIES) { /* Forking failed - we go to the wait queue. */ log_write ("fork() failed - %s. %s won't be tested\n", strerror (errno), hostname); efree (&MAC); goto stop; } log_write ("fork() failed - sleeping %d seconds and trying again...\n", fork_retries); fork_sleep (fork_retries); goto forkagain; } hosts_set_pid (hostname, pid); if (network_phase) log_write ("Testing %s (network level) [%d]\n", network_targets, pid); else log_write ("Testing %s (%s) [%d]\n", hostname, inet_ntop (AF_INET6, &args.hostip, buffer, sizeof (buffer)), pid); if (MAC != NULL) efree (&MAC); } num_tested++; if (network_phase) { host = NULL; arg_set_value (globals, "network_scan_status", strlen ("done"), "done"); } else { g_free (hostname); host = openvas_hosts_next (hosts); } } /* Every host is being tested... We have to wait for the processes * to terminate. */ while (hosts_read (globals) == 0) ; log_write ("Test complete"); scan_stop: /* Free the memory used by the files uploaded by the user, if any. */ files = arg_get_value (globals, "files_translation"); if (files) g_hash_table_foreach_remove (files, (GHRFunc) free_uploaded_file, NULL); stop: scan_stopped = GPOINTER_TO_SIZE(arg_get_value (globals, "stop_required")); openvas_hosts_free (hosts); openvas_hosts_free (hosts_allow); openvas_hosts_free (hosts_deny); openvas_hosts_free (sys_hosts_allow); openvas_hosts_free (sys_hosts_deny); plugins_scheduler_free (sched); gettimeofday (&now, NULL); log_write ("Total time to scan all hosts : %ld seconds\n", now.tv_sec - then.tv_sec); if (do_network_scan && network_phase && !scan_stopped) attack_network (globals); return; }
static void scanner_thread (struct arglist *globals) { struct arglist *prefs = arg_get_value (globals, "preferences"); char asciiaddr[INET6_ADDRSTRLEN], x509_dname[512] = { '\0' }; int opt = 1, soc2 = -1, nice_retval, family, soc; void *addr = arg_get_value (globals, "client_address"); struct sockaddr_in *saddr = NULL; struct sockaddr_in6 *s6addr = NULL; family = GPOINTER_TO_SIZE (arg_get_value (globals, "family")); soc = GPOINTER_TO_SIZE (arg_get_value (globals, "global_socket")); if (family == AF_INET) { saddr = (struct sockaddr_in *) addr; inet_ntop (AF_INET, &saddr->sin_addr, asciiaddr, sizeof(asciiaddr)); } else { s6addr = (struct sockaddr_in6 *) addr; inet_ntop (AF_INET6, &s6addr->sin6_addr, asciiaddr, sizeof (asciiaddr)); } proctitle_set ("openvassd: Serving %s", asciiaddr); /* Everyone runs with a nicelevel of 10 */ if (preferences_benice (prefs)) { errno = 0; nice_retval = nice (10); if (nice_retval == -1 && errno != 0) { log_write ("Unable to renice process: %d", errno); } } /* Close the scanner thread - it is useless for us now */ close (global_iana_socket); soc2 = ovas_scanner_context_attach (ovas_scanner_ctx, soc); if (soc2 < 0) goto shutdown_and_exit; /* FIXME: The pre-gnutls code optionally printed information about * the peer's certificate at this point. */ setsockopt (soc, SOL_SOCKET, SO_KEEPALIVE, &opt, sizeof (opt)); /* arg_set_value *replaces* an existing value, but it shouldn't fail here */ (void) arg_set_value (globals, "global_socket", -1, GSIZE_TO_POINTER (soc2)); if (comm_init (soc2) < 0) { close_stream_connection (soc); exit (0); } /* Get X.509 cert subject name */ if (get_x509_dname (soc2, x509_dname, sizeof (x509_dname)) != 0) goto shutdown_and_exit; if (!check_client (x509_dname)) { auth_printf (globals, "Bad login attempt !\n"); log_write ("bad login attempt from %s\n", asciiaddr); goto shutdown_and_exit; } handle_client (globals); shutdown_and_exit: if (soc2 >= 0) close_stream_connection (soc2); else { shutdown (soc, 2); close (soc); } /* Kill left overs */ end_daemon_mode (); exit (0); }