Skip to content

Commit

Permalink
Change: Get NVT feed info via OSP
Browse files Browse the repository at this point in the history 
Instead of calling greenbone-nvt-sync to get feed info, gvmd now gets
the NVT feed info via new or extended OSP commands.

Merge pull request #1769 from timopollmeier/remove-sync-script-dependency
  • Loading branch information
@timopollmeier
timopollmeier authored Apr 5, 2022
2 parents adaf354 + a0c97af commit 692e21c
Show file tree
Hide file tree
Showing 3 changed files with 242 additions and 52 deletions.
148 changes: 96 additions & 52 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3978,11 +3978,6 @@ xml_context = NULL;
*/
static GMarkupParser xml_parser;

/**
* @brief The nvt synchronization script for this daemon.
*/
static const gchar *nvt_sync_script = BINDIR "/greenbone-nvt-sync";


/* Client state. */

Expand Down Expand Up @@ -12173,6 +12168,33 @@ get_feed_lock_status (const char *lockfile_name, gchar **timestamp)
return ret;
}

/**
* @brief Template string for feed descriptions.
*
* The first and second placeholders are replaced with the name,
* the third one with the vendor and the last one with the home URL.
*/
#define FEED_DESCRIPTION_TEMPLATE \
"This script synchronizes an NVT collection with the '%s'.\n" \
"The '%s' is provided by '%s'.\n" \
"Online information about this feed: '%s'.\n"

/**
* @brief Template string for get_nvt_feed error messages.
*
* The placeholder is to be replaced by the actual message.
*/
#define GET_NVT_FEED_ERROR \
"<feed>" \
"<type>NVT</type>" \
"<name></name>" \
"<version></version>" \
"<description></description>" \
"<sync_not_available>" \
"<error>%s</error>" \
"</sync_not_available>" \
"</feed>"

/**
* @brief Get NVT feed.
*
Expand All @@ -12182,73 +12204,95 @@ get_feed_lock_status (const char *lockfile_name, gchar **timestamp)
static void
get_nvt_feed (gmp_parser_t *gmp_parser, GError **error)
{
gchar *feed_description, *feed_identification, *feed_version;
gchar *vts_version, *feed_name, *feed_vendor, *feed_home;

feed_description = NULL;
feed_identification = NULL;
feed_version = NULL;
vts_version = feed_name = feed_vendor = feed_home = NULL;

if (gvm_get_sync_script_description (nvt_sync_script, &feed_description)
&& gvm_get_sync_script_identification (nvt_sync_script,
&feed_identification,
NVT_FEED)
&& gvm_get_sync_script_feed_version (nvt_sync_script,
&feed_version))
switch (nvts_feed_info (&vts_version, &feed_name, &feed_vendor, &feed_home))
{
gchar **ident = g_strsplit (feed_identification, "|", 6);
gchar *selftest_result = NULL;
const char *lockfile_name;
gchar *timestamp;

if (ident[0] == NULL || ident[1] == NULL
|| ident[2] == NULL || ident[3] == NULL)
{
g_strfreev (ident);
SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_feeds"));
}
else
case 0:
{
gchar *feed_description;
gchar *self_test_error_msg;
int ret, lockfile_in_use, self_test_exit_error;

feed_description = g_strdup_printf (FEED_DESCRIPTION_TEMPLATE,
feed_name,
feed_name,
feed_vendor,
feed_home);
SENDF_TO_CLIENT_OR_FAIL
("<feed>"
"<type>NVT</type>"
"<name>%s</name>"
"<version>%s</version>"
"<description>%s</description>",
ident[3],
feed_version,
feed_name,
vts_version,
feed_description);
g_strfreev (ident);
if (gvm_sync_script_perform_selftest (nvt_sync_script,
&selftest_result)
== FALSE)

self_test_error_msg = NULL;
lockfile_in_use = self_test_exit_error = 0;
ret = nvts_check_feed (&lockfile_in_use,
&self_test_exit_error, &self_test_error_msg);
if (ret == 1)
{
SENDF_TO_CLIENT_OR_FAIL ("<sync_not_available>"
"<error>%s</error>"
"</sync_not_available>",
selftest_result ? selftest_result : "");
g_free (selftest_result);
"<error>"
"Could not connect to scanner for"
" sync lock status and self test."
"</error>"
"</sync_not_available>");
}

/* Note: Checking the feed lockfile assumes that the default scanner
* is running locally.
*/
lockfile_name = get_feed_lock_path ();
if (get_feed_lock_status (lockfile_name, &timestamp))
else if (ret)
{
SENDF_TO_CLIENT_OR_FAIL ("<currently_syncing>"
"<timestamp>%s</timestamp>"
"</currently_syncing>",
timestamp);
g_free (timestamp);
SENDF_TO_CLIENT_OR_FAIL ("<sync_not_available>"
"<error>"
"Error getting sync lock status"
" and self test."
"</error>"
"</sync_not_available>");
}
else
{
if (self_test_exit_error > 0 || self_test_exit_error < -1)
SENDF_TO_CLIENT_OR_FAIL ("<sync_not_available>"
"<error>%s</error>"
"</sync_not_available>",
self_test_error_msg
? self_test_error_msg : "");

if (lockfile_in_use > 0 || lockfile_in_use < -1)
SENDF_TO_CLIENT_OR_FAIL ("<currently_syncing>"
"<timestamp></timestamp>"
"</currently_syncing>");
}
g_free (self_test_error_msg);
g_free (feed_description);

SEND_TO_CLIENT_OR_FAIL ("</feed>");
}

g_free (feed_version);
break;
case 1:
SENDF_TO_CLIENT_OR_FAIL
(GET_NVT_FEED_ERROR,
"Could not connect to scanner to get feed info");
break;
case 2:
SENDF_TO_CLIENT_OR_FAIL
(GET_NVT_FEED_ERROR,
"Scanner is still starting");
break;
default:
SENDF_TO_CLIENT_OR_FAIL
(GET_NVT_FEED_ERROR,
"Error getting feed info from scanner");
}
g_free (feed_identification);
g_free (feed_description);

g_free (vts_version);
g_free (feed_name);
g_free (feed_vendor);
g_free (feed_home);
}

/**
Expand Down
140 changes: 140 additions & 0 deletions src/manage.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6492,6 +6492,146 @@ gvm_get_sync_script_feed_version (const gchar * sync_script,
return TRUE;
}

/**
* @brief Get VTs feed information from a scanner.
*
* @param[in] update_socket Socket to use to contact ospd-openvas scanner.
* @param[out] vts_version Output of scanner feed version.
* @param[out] feed_name Output of feed name.
* @param[out] feed_vendor Output of feed vendor.
* @param[out] feed_home Output of feed name home URL.
*
* @return 0 success, 1 connection to scanner failed, 2 scanner still starting,
* -1 other error.
*/
static int
nvts_feed_info_internal (const gchar *update_socket,
gchar **vts_version,
gchar **feed_name,
gchar **feed_vendor,
gchar **feed_home)
{
osp_connection_t *connection;
gchar *error;

connection = osp_connection_new (update_socket, 0, NULL, NULL, NULL);
if (!connection)
{
g_warning ("%s: failed to connect to %s", __func__, update_socket);
return 1;
}

error = NULL;
if (osp_get_vts_feed_info (connection,
vts_version,
feed_name,
feed_vendor,
feed_home,
&error))
{
if (error && strcmp (error, "OSPd OpenVAS is still starting") == 0)
{
g_free (error);
osp_connection_close (connection);
return 2;
}
g_warning ("%s: failed to get VT feed info. %s",
__func__, error ? : "");
g_free (error);
osp_connection_close (connection);
return -1;
}

osp_connection_close (connection);

return 0;
}

/**
* @brief Get VTs feed information from the scanner using VT update socket.
*
* @param[out] vts_version Output of scanner feed version.
* @param[out] feed_name Output of feed name.
* @param[out] feed_vendor Output of feed vendor.
* @param[out] feed_home Output of feed name home URL.
*
* @return 0 success, 1 connection to scanner failed, 2 scanner still starting,
* -1 other error.
*/
int
nvts_feed_info (gchar **vts_version, gchar **feed_name, gchar **feed_vendor,
gchar **feed_home)
{
return nvts_feed_info_internal (get_osp_vt_update_socket (),
vts_version,
feed_name,
feed_vendor,
feed_home);
}

/**
* @brief Check the VTs feed sync for information using a OSP socket.
*
* @param[in] update_socket Socket to use to contact ospd-openvas scanner.
* @param[out] lockfile_in_use Whether the lockfile is in use.
* @param[out] self_test_exit_error Whether the sync script self check failed.
* @param[out] self_test_error_msg Self check error message if failed.
*
* @return 0 success, 1 connection to scanner failed, -1 other error.
*/
static int
nvts_check_feed_internal (const char *update_socket,
int *lockfile_in_use,
int *self_test_exit_error,
char **self_test_error_msg)
{
osp_connection_t *connection;
gchar *error;

connection = osp_connection_new (update_socket, 0, NULL, NULL, NULL);
if (!connection)
{
g_warning ("%s: failed to connect to %s", __func__, update_socket);
return 1;
}

error = NULL;
if (osp_check_feed (connection,
lockfile_in_use, self_test_exit_error,
self_test_error_msg, &error))
{
g_warning ("%s: failed to get VT feed info. %s",
__func__, error ? : "");
g_free (error);
osp_connection_close (connection);
return -1;
}

osp_connection_close (connection);

return 0;
}

/**
* @brief Check the VTs feed sync for information using the default OSP socket.
*
* @param[out] lockfile_in_use Whether the lockfile is in use.
* @param[out] self_test_exit_error Whether the sync script self check failed.
* @param[out] self_test_error_msg Self check error message if failed.
*
* @return 0 success, 1 connection to scanner failed, -1 other error.
*/
int
nvts_check_feed (int *lockfile_in_use,
int *self_test_exit_error,
char **self_test_error_msg)
{
return nvts_check_feed_internal (get_osp_vt_update_socket (),
lockfile_in_use,
self_test_exit_error,
self_test_error_msg);
}

/**
* @brief Migrates SCAP or CERT database, waiting until migration terminates.
*
Expand Down
6 changes: 6 additions & 0 deletions src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3656,6 +3656,12 @@ gvm_get_sync_script_description (const gchar *, gchar **);
gboolean
gvm_get_sync_script_feed_version (const gchar *, gchar **);

int
nvts_feed_info (gchar **, gchar **, gchar **, gchar **);

int
nvts_check_feed (int *, int *, gchar **);

int
manage_update_nvts_osp (const gchar *);

Expand Down

0 comments on commit 692e21c

Please sign in to comment.