diff --git a/CMakeLists.txt b/CMakeLists.txt index f5a9d513a..cd8135495 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -177,7 +177,7 @@ endif (NOT GVM_ACCESS_KEY_DIR) set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}") -set (OPENVASSD_CONF "${OPENVAS_SYSCONF_DIR}/openvassd.conf") +set (OPENVAS_CONF "${OPENVAS_SYSCONF_DIR}/openvas.conf") set (NVT_TIMEOUT "320") set (SCANNER_NVT_TIMEOUT "36000") @@ -186,18 +186,18 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") ## Version -set (OPENVASSD_VERSION "${PROJECT_VERSION_STRING}") +set (OPENVAS_VERSION "${PROJECT_VERSION_STRING}") # Configure Doxyfile with version number configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY) configure_file (doc/Doxyfile_full.in doc/Doxyfile_full @ONLY) configure_file (doc/Doxyfile_xml.in doc/Doxyfile_xml @ONLY) -configure_file (doc/openvassd.8.in doc/openvassd.8 @ONLY) +configure_file (doc/openvas.8.in doc/openvas.8 @ONLY) configure_file (doc/redis_config_examples/redis_3_2.conf.in doc/redis_config_examples/redis_3_2.conf @ONLY) configure_file (doc/redis_config_examples/redis_4_0.conf.in doc/redis_config_examples/redis_4_0.conf @ONLY) configure_file (VERSION.in VERSION @ONLY) configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY) -configure_file (src/openvassd_log_conf.cmake_in src/openvassd_log.conf) +configure_file (src/openvas_log_conf.cmake_in src/openvas_log.conf) ## Program diff --git a/COPYING b/COPYING index 15fea4d53..7887e5d4c 100644 --- a/COPYING +++ b/COPYING @@ -19,16 +19,10 @@ tool with the following command: src/CMakeLists.txt: GPL-2+ src/attack.c: GPL-2 src/attack.h: GPL-2 -src/comm.c: GPL-2 -src/comm.h: GPL-2 src/hosts.c: GPL-2 src/hosts.h: GPL-2 src/nasl_plugins.c: GPL-2 -src/ntp.c: GPL-2 -src/ntp.h: GPL-2 -src/openvassd.c: GPL-2 -src/otp.c: GPL-2+ -src/otp.h: GPL-2+ +src/openvas.c: GPL-2 src/pluginlaunch.c: GPL-2 src/pluginlaunch.h: GPL-2 src/pluginload.c: GPL-2 diff --git a/INSTALL.md b/INSTALL.md index 6cf1842fd..9ee6a0c38 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -109,10 +109,10 @@ Setting up openvas-scanner Setting up an openvas-scanner requires the following steps: 1. (optional) You may decide to change the default scanner preferences - by setting them in the file `$prefix/etc/openvassd.conf`. If that file does + by setting them in the file `$prefix/etc/openvas.conf`. If that file does not exist (default), then the default settings are used. You can view - them with `openvassd -s`. The output of that command is a valid configuration - file. The man page (`man openvassd`) provides details about the available + them with `openvas -s`. The output of that command is a valid configuration + file. The man page (`man openvas`) provides details about the available settings, among these opportunities to restrict access of scanner regarding scan targets and interfaces. @@ -155,16 +155,16 @@ Setting up an openvas-scanner requires the following steps: 4. You can launch openvas-scanner using the following command: - openvassd + openvas Sending `SIGHUP` to the scanner main process will initiate a reload of the feed content and of the scanner preferences. This will not affect running scans. - Please note that although you can start `openvassd` as a user without elevated - privileges, it is recommended that you start `openvassd` as `root` since a number + Please note that although you can start `openvas` as a user without elevated + privileges, it is recommended that you start `openvas` as `root` since a number of Network Vulnerability Tests (NVTs) require root privileges to perform - certain operations like packet forgery. If you run `openvassd` as a user + certain operations like packet forgery. If you run `openvas` as a user without permission to perform these operations, your scan results are likely to be incomplete. @@ -177,7 +177,7 @@ Logging Configuration If you encounter problems, by default the scanner writes logs to the file - /var/log/gvm/openvassd.log + /var/log/gvm/openvas.log It may contain useful information.The exact location of this file may differ depending on your distribution and installation method. Please have this file @@ -188,14 +188,14 @@ pinpoint the source of your issue. Logging is configured entirely by the file - /etc/openvas/openvassd_log.conf + /etc/openvas/openvas_log.conf The configuration is divided into domains like this one [sd main] prepend=%t %p prepend_time_format=%Y-%m-%d %Hh%M.%S %Z - file=/var/log/gvm/openvassd.log + file=/var/log/gvm/openvas.log level=128 The `level` field controls the amount of logging that is written. diff --git a/doc/greenbone-nvt-sync.8 b/doc/greenbone-nvt-sync.8 index 2f60062e7..8624de0c8 100644 --- a/doc/greenbone-nvt-sync.8 +++ b/doc/greenbone-nvt-sync.8 @@ -18,12 +18,12 @@ In case no subscription key is present, the update synchronisation will use the The script .B greenbone-nvt-sync will fetch all new and updated security checks and install them at the proper -location. Once this is done OpenVAS Scanner, openvassd(8) will automatically detect +location. Once this is done OpenVAS Scanner, openvas(8) will automatically detect that new and updated NVTs are present and consider them for next activities. .SH SEE ALSO For more information see: -.BR openvassd(8), +.BR openvas(8), .br .SH AUTHOR diff --git a/doc/openvas-nasl.1 b/doc/openvas-nasl.1 index c716b9f8d..b2ff71a5a 100644 --- a/doc/openvas-nasl.1 +++ b/doc/openvas-nasl.1 @@ -67,7 +67,7 @@ Output debug information to stderr. Set KB key to value. Can be used multiple times. .SH SEE ALSO -.BR openvassd (8). +.BR openvas (8). .SH HISTORY NASL comes from a private project called 'pkt_forge', which was written in late 1998 by Renaud Deraison and which was an interactive shell to forge and send raw IP packets (this pre-dates Perl's Net::RawIP by a couple of weeks). It was then extended to do a wide range of network-related operations and integrated into the scanner as 'NASL'. diff --git a/doc/openvassd.8.in b/doc/openvas.8.in similarity index 71% rename from doc/openvassd.8.in rename to doc/openvas.8.in index 60de449a3..ce449abea 100644 --- a/doc/openvassd.8.in +++ b/doc/openvas.8.in @@ -1,37 +1,36 @@ -.TH OpenVASSD 8 "January 2011" "Greenbone Vulnerability Management" "User Manuals" +.TH OpenVAS 8 "June 2019" "Greenbone Vulnerability Management" "User Manuals" .SH NAME -openvassd \- The Scanner of the Greenbone Vulnerability Management +openvas \- The Scanner of the Greenbone Vulnerability Management .SH SYNOPSIS -.BI "openvassd [\|-v\|] [\|-h\|] [\|-c " config-file\| "] -.BI " [\|-D\|] [\|-R\|] [\|-P\|] [\|-q\|] [\|-f\|]" +.BI "openvas [\|-v\|] [\|-h\|] [\|-c " config-file\| "] [\|--vendor-version " string\| "] [\|--scan-start " scan-uuid\| "] +.BI " [\|-u\|] [\|-s\|] [\|-y\|]" .SH DESCRIPTION .B Greenbone Vulnerability Management (GVM) is a vulnerability auditing and management framework made up of several modules. The OpenVAS Scanner, -.BR openvassd +.BR openvas is in charge of executing many security tests against many target hosts in a highly optimized way. -.BR openvassd -inspects the remote hosts and attempts to list all the vulnerabilities and common -misconfigurations that affects them. Note that openvassd will run in daemon mode -by default (unless you specify \-f as an option). +.BR openvas +inspects the remote hosts to list all the vulnerabilities and common +misconfigurations that affects them. + +It is a command line tool with parameters to update the feed of vulnerability tests and to start a scan. +The second part of the interface is the redis store where the parameters about a scan task +need to be placed and from where the results can be retrieved. .SH OPTIONS .TP .BI "-c " ", --config-file=" Use the alternate configuration file instead of -.I @OPENVASSD_CONF@ - -.TP -.B "-f, --foreground" -Make the scanner stay in foreground (non-daemon mode) +.I @OPENVAS_CONF@ .TP .B "-v, --version" -Writes the version number and exits +Prints the version number and exits .TP .B "-h, --help" @@ -41,6 +40,10 @@ Show a summary of the commands .BI "--scan-start=" ID for a single scan task. The scanner will start the scan with the data already loaded in a redis KB, which will be found using the given scan-id. +.TP +.B "-u, --update-vt-info" +Updates VT info into redis store from VT files. + .TP .BI "--vendor-version=" Use the alternate vendor instead of the default one during scans. @@ -48,9 +51,9 @@ Use the alternate vendor instead of the default one during scans. .SH THE CONFIGURATION FILE The default -.B openvassd +.B openvas configuration file, -.I @OPENVASSD_CONF@ +.I @OPENVAS_CONF@ contains these options: .IP plugins_folder @@ -71,26 +74,26 @@ x so you need to find a balance between these two options. Note that launching too many plugins at the same time may disable the remote host, either temporarily (ie: inetd closes its ports) or definitely (the remote host crash because it is asked to do too many things at the same time), so be careful. .IP log_whole_attack -If this option is set to 'yes', openvassd will store the name, pid, date and target of each plugin launched. This is helpful for monitoring and debugging purpose, however this option might make openvassd fill your disk rather quickly. +If this option is set to 'yes', openvas will store the name, pid, date and target of each plugin launched. This is helpful for monitoring and debugging purpose, however this option might make openvas fill your disk rather quickly. .IP log_plugins_name_at_load -If this option is set to 'yes', openvassd will log the name of each plugin being loaded at startup, or each time it receives the HUP signal. +If this option is set to 'yes', openvas will log the name of each plugin being loaded at startup, or each time it receives the HUP signal. .IP cgi_path -By default, openvassd looks for default CGIs in /cgi-bin and /scripts. You may +By default, openvas looks for default CGIs in /cgi-bin and /scripts. You may change these to something else to reflect the policy of your site. The syntax of this option is the same as the shell $PATH variable: path1:path2:... .IP port_range -This is the default range of ports that the scanner plugins will probe. The syntax of this option is flexible, it can be a single range ("1-1500"), several ports ("21,23,80"), several ranges of ports ("1-1500,32000-33000"). Note that you can specify UDP and TCP ports by prefixing each range by T or U. For instance, the following range will make openvassd scan UDP ports 1 to 1024 and TCP ports 1 to 65535 : "T:1-65535,U:1-1024". +This is the default range of ports that the scanner plugins will probe. The syntax of this option is flexible, it can be a single range ("1-1500"), several ports ("21,23,80"), several ranges of ports ("1-1500,32000-33000"). Note that you can specify UDP and TCP ports by prefixing each range by T or U. For instance, the following range will make openvas scan UDP ports 1 to 1024 and TCP ports 1 to 65535 : "T:1-65535,U:1-1024". .IP optimize_test -By default, openvassd does not trust the remote host banners. It means that it will check a webserver claiming to be IIS for Apache flaws, and so on. This behavior might generate false positive and will slow the scan down somehow. If you are sure the banners of the remote host have not been tampered with, you can safely enable this option, which will force the plugins to perform their job only against the services they have been designed to check. +By default, openvas does not trust the remote host banners. It means that it will check a webserver claiming to be IIS for Apache flaws, and so on. This behavior might generate false positive and will slow the scan down somehow. If you are sure the banners of the remote host have not been tampered with, you can safely enable this option, which will force the plugins to perform their job only against the services they have been designed to check. .IP test_empty_vhost If set to yes, the scanner will also test the target by using empty vhost value in addition to the target's associated vhost values. .IP checks_read_timeout -Number of seconds that the security checks will wait for when doing a recv(). You should increase this value if you are running openvassd across a slow network slink (testing a host via a dialup connection for instance) +Number of seconds that the security checks will wait for when doing a recv(). You should increase this value if you are running openvas across a slow network slink (testing a host via a dialup connection for instance) .IP timeout_retry Number of retries when a socket connection attempt timesout. @@ -105,7 +108,7 @@ Some devices do not appreciate quick connection establishment and termination ne Whether to expand the target host's list of vhosts with values gathered from sources such as reverse-lookup queries and VT checks for SSL/TLS certificates. .IP non_simult_ports -Some services (in particular SMB) do not appreciate multiple connections at the same time coming from the same host. This option allows you to prevent openvassd to make two connections on the same given ports at the same time. The syntax of this option is "port1[, port2....]". Note that you can use the KB notation of openvassd to designate a service formally. Ex: "139, Services/www", will prevent openvassd from making two connections at the same time on port 139 and on every port which hosts a web server. +Some services (in particular SMB) do not appreciate multiple connections at the same time coming from the same host. This option allows you to prevent openvas to make two connections on the same given ports at the same time. The syntax of this option is "port1[, port2....]". Note that you can use the KB notation of openvas to designate a service formally. Ex: "139, Services/www", will prevent openvas from making two connections at the same time on port 139 and on every port which hosts a web server. .IP plugins_timeout This is the maximum lifetime, in seconds of a plugin. It may happen that some plugins are slow because of the way they are written or the way the remote server behaves. This option allows you to make sure your scan is never caught in an endless loop because of a non-finishing plugin. Doesn't affect ACT_SCANNER plugins. @@ -114,10 +117,10 @@ This is the maximum lifetime, in seconds of a plugin. It may happen that some pl Like plugins_timeout, but for ACT_SCANNER plugins. .IP safe_checks -Most of the time, openvassd attempts to reproduce an exceptional condition to determine if the remote services are vulnerable to certain flaws. This includes the reproduction of buffer overflows or format strings, which may make the remote server crash. If you set this option to 'yes', openvassd will disable the plugins which have the potential to crash the remote services, and will at the same time make several checks rely on the banner of the service tested instead of its behavior towards a certain input. This reduces false positives and makes openvassd nicer towards your network, however this may make you miss important vulnerabilities (as a vulnerability affecting a given service may also affect another one). +Most of the time, openvas attempts to reproduce an exceptional condition to determine if the remote services are vulnerable to certain flaws. This includes the reproduction of buffer overflows or format strings, which may make the remote server crash. If you set this option to 'yes', openvas will disable the plugins which have the potential to crash the remote services, and will at the same time make several checks rely on the banner of the service tested instead of its behavior towards a certain input. This reduces false positives and makes openvas nicer towards your network, however this may make you miss important vulnerabilities (as a vulnerability affecting a given service may also affect another one). .IP auto_enable_dependencies -OpenVAS plugins use the result of each other to execute their job. For instance, a plugin which logs into the remote SMB registry will need the results of the plugin which finds the SMB name of the remote host and the results of the plugin which attempts to log into the remote host. If you want to only select a subset of the plugins available, tracking the dependencies can quickly become tiresome. If you set this option to 'yes', openvassd will automatically enable the plugins that are depended on. +OpenVAS plugins use the result of each other to execute their job. For instance, a plugin which logs into the remote SMB registry will need the results of the plugin which finds the SMB name of the remote host and the results of the plugin which attempts to log into the remote host. If you want to only select a subset of the plugins available, tracking the dependencies can quickly become tiresome. If you set this option to 'yes', openvas will automatically enable the plugins that are depended on. .IP source_iface Name of the network interface that will be used as the source of connections @@ -156,8 +159,6 @@ Like hosts_deny. Can't be overridden by the client. The other options in this file can usually be redefined by the client. -At log in attempt, openvassd checks that the certificate has been signed by a recognized authority. - .SH NETWORK USAGE Bear in mind that OpenVAS can be quite network intensive. Even if the @@ -178,20 +179,19 @@ several parameters that can be modified to reduce network load: .IP checks_read_timeout The default value is set to 5 seconds, that can (should) be increased if network bandwidth is low in the -openvassd.conf or openvasrc configuration files. Notice that it is recommended +openvas.conf or openvasrc configuration files. Notice that it is recommended to increase this this value, if you are running a test outside your LAN (i.e. to Internet hosts through an Internet connection), to over 10 seconds. .IP max_hosts -Number of hosts to test at the same time (this value is set by the OpenVAS -GUI client or by .openvasrc) it can be as low as you want it to be +Number of hosts to test at the same time. It can be as low as you want it to be (obviously 1 is the minimum) .IP max_checks Number of checks to test at the same time it can be as low as you want it to be and it will also reduce network load and improve performance (obviously 1 is the minimum) -Notice that the OpenVAS Scanner will spawn max_hosts * max_checks processes. +Notice that OpenVAS will spawn max_hosts * max_checks processes. Other options might be using the QoS features offered by your server operating system or your network to improve the bandwidth use. @@ -212,7 +212,7 @@ to be transferred significantly. .SH MORE INFORMATION ABOUT Greenbone Vulnerability Management The canonical places where you will find more information -about the OpenVAS Scanner are: +about OpenVAS are: .RS .UR @@ -233,4 +233,4 @@ https://www.openvas.org/ .SH AUTHORS -openvassd was forked from nessusd in 2005. Nessusd was written by Renaud Deraison . Most new code since 2005 developed by Greenbone Networks GmbH. +openvas was forked from nessusd in 2005. Nessusd was written by Renaud Deraison . Most new code since 2005 developed by Greenbone Networks GmbH. diff --git a/misc/plugutils.c b/misc/plugutils.c index f281d6a3b..c40a33e16 100644 --- a/misc/plugutils.c +++ b/misc/plugutils.c @@ -584,7 +584,7 @@ get_plugin_preference_fname (struct script_infos *desc, const char *filename) return NULL; tmpfile = - g_file_open_tmp ("openvassd-file-upload.XXXXXX", &tmpfilename, &error); + g_file_open_tmp ("openvas-file-upload.XXXXXX", &tmpfilename, &error); if (tmpfile == -1) { g_message ("get_plugin_preference_fname: Could not open temporary" diff --git a/misc/scanneraux.h b/misc/scanneraux.h index 16661643d..806460921 100644 --- a/misc/scanneraux.h +++ b/misc/scanneraux.h @@ -35,7 +35,6 @@ struct scan_globals char *network_scan_status; GHashTable *files_translation; GHashTable *files_size_translation; - int global_socket; char *scan_id; }; diff --git a/nasl/CMakeLists.txt b/nasl/CMakeLists.txt index 9cfec088b..5df262428 100644 --- a/nasl/CMakeLists.txt +++ b/nasl/CMakeLists.txt @@ -179,9 +179,9 @@ if (KSBA) add_definitions (-DHAVE_LIBKSBA) endif (KSBA) -if (OPENVASSD_CONF) - add_definitions (-DOPENVASSD_CONF="${OPENVASSD_CONF}") -endif (OPENVASSD_CONF) +if (OPENVAS_CONF) + add_definitions (-DOPENVAS_CONF="${OPENVAS_CONF}") +endif (OPENVAS_CONF) set_source_files_properties (nasl_grammar.tab.c GENERATED) diff --git a/nasl/nasl.c b/nasl/nasl.c index 8ca234451..ddc90d9ee 100644 --- a/nasl/nasl.c +++ b/nasl/nasl.c @@ -333,7 +333,7 @@ main (int argc, char **argv) add_nasl_inc_dir (include_dir); } - prefs_config (config_file ?: OPENVASSD_CONF); + prefs_config (config_file ?: OPENVAS_CONF); while ((host = gvm_hosts_next (hosts))) { struct in6_addr ip6; diff --git a/nasl/nasl_scanner_glue.c b/nasl/nasl_scanner_glue.c index 539dabbfa..5433881f8 100644 --- a/nasl/nasl_scanner_glue.c +++ b/nasl/nasl_scanner_glue.c @@ -18,10 +18,10 @@ /** * @file nasl_scanner_glue.c - * @brief glue between openvassd and nasl scripts. + * @brief glue between openvas and nasl scripts. * * This file contains all the functions that make the "glue" between - * as NASL script and openvassd. + * as NASL script and openvas. * (script_*(), *kb*(), scanner_*()) */ @@ -871,12 +871,12 @@ set_kb_item (lex_ctxt *lexic) /*------------------------[ Reporting a problem ]---------------------------*/ /** - * Function is used when the script wants to report a problem back to openvassd. + * Function is used when the script wants to report a problem back to openvas. */ typedef void (*proto_post_something_t) (const char *, struct script_infos *, int, const char *, const char *); /** - * Function is used when the script wants to report a problem back to openvassd. + * Function is used when the script wants to report a problem back to openvas. */ typedef void (*post_something_t) (const char *, struct script_infos *, int, const char *); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3571c5902..d64f341cb 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -57,13 +57,13 @@ else (NOT GCRYPT) endif (GCRYPT_VERSION VERSION_LESS "1.6") endif (NOT GCRYPT) -add_executable (openvassd attack.c comm.c hosts.c - nasl_plugins.c ntp.c openvassd.c otp.c +add_executable (openvas attack.c hosts.c + nasl_plugins.c openvas.c pluginlaunch.c pluginload.c pluginscheduler.c plugs_req.c processes.c sighand.c utils.c) -set_target_properties (openvassd PROPERTIES LINKER_LANGUAGE C) +set_target_properties (openvas PROPERTIES LINKER_LANGUAGE C) include_directories (${GLIB_INCLUDE_DIRS} ${LIBOPENVAS_NASL_INCLUDE_DIRS} ${LIBGVM_BASE_INCLUDE_DIRS} @@ -82,7 +82,7 @@ if (NOT CMAKE_BUILD_TYPE MATCHES "Release") -P ${CMAKE_SOURCE_DIR}/cmake/GetGit.cmake) # explicitly say that the executable depends on custom target - add_dependencies (openvassd revisiontag) + add_dependencies (openvas revisiontag) # include the output directory, where the gitversion.h file is generated include_directories (${CMAKE_CURRENT_BINARY_DIR}) @@ -92,9 +92,9 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror -Wextra") -if (OPENVASSD_VERSION) - add_definitions (-DOPENVASSD_VERSION="${OPENVASSD_VERSION}") -endif (OPENVASSD_VERSION) +if (OPENVAS_VERSION) + add_definitions (-DOPENVAS_VERSION="${OPENVAS_VERSION}") +endif (OPENVAS_VERSION) add_definitions (-DPREFIX="${CMAKE_INSTALL_PREFIX}") @@ -102,9 +102,9 @@ if (OPENVAS_NVT_DIR) add_definitions (-DOPENVAS_NVT_DIR="${OPENVAS_NVT_DIR}") endif (OPENVAS_NVT_DIR) -if (OPENVASSD_CONF) - add_definitions (-DOPENVASSD_CONF="${OPENVASSD_CONF}") -endif (OPENVASSD_CONF) +if (OPENVAS_CONF) + add_definitions (-DOPENVAS_CONF="${OPENVAS_CONF}") +endif (OPENVAS_CONF) if (OPENVAS_STATE_DIR) add_definitions (-DOPENVAS_STATE_DIR="${OPENVAS_STATE_DIR}") @@ -139,7 +139,7 @@ if (CMAKE_SYSTEM_NAME MATCHES "FreeBSD") endif (CMAKE_SYSTEM_NAME MATCHES "FreeBSD") -target_link_libraries (openvassd openvas_nasl_shared ${LIBOPENVAS_NASL_LDFLAGS} +target_link_libraries (openvas openvas_nasl_shared ${LIBOPENVAS_NASL_LDFLAGS} ${LIBOPENVAS_MISC_LDFLAGS} ${LIBGVM_BASE_LDFLAGS} ${GLIB_LDFLAGS} ${GCRYPT_LDFLAGS} @@ -160,8 +160,8 @@ add_dependencies (check cppcheck) ## Tag files -set (C_FILES "attack.c" "comm.c" "hosts.c" - "nasl_plugins.c" "ntp.c" "openvassd.c" "otp.c" +set (C_FILES "attack.c" "hosts.c" + "nasl_plugins.c" "openvas.c" "pluginlaunch.c" "pluginload.c" "pluginscheduler.c" "plugs_req.c" "processes.c" "sighand.c" "utils.c") @@ -174,12 +174,12 @@ add_dependencies (tags etags ctags) ## Install -install (TARGETS openvassd +install (TARGETS openvas RUNTIME DESTINATION ${SBINDIR} PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) -install (FILES ${CMAKE_BINARY_DIR}/src/openvassd_log.conf +install (FILES ${CMAKE_BINARY_DIR}/src/openvas_log.conf DESTINATION ${OPENVAS_SYSCONF_DIR}) install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync @@ -187,7 +187,7 @@ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) -install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8 +install (FILES ${CMAKE_BINARY_DIR}/doc/openvas.8 DESTINATION ${DATADIR}/man/man8 ) diff --git a/src/attack.c b/src/attack.c index ee1faf970..03364ca66 100644 --- a/src/attack.c +++ b/src/attack.c @@ -29,7 +29,6 @@ #include "../misc/nvt_categories.h" /* for ACT_INIT */ #include "../misc/pcap_openvas.h" /* for v6_is_local_ip */ #include "../nasl/nasl_debug.h" /* for nasl_*_filename */ -#include "comm.h" #include "hosts.h" #include "pluginlaunch.h" #include "pluginload.h" @@ -141,16 +140,6 @@ comm_send_status (kb_t kb, char *hostname, int curr, int max) return 0; } -static void -error_message_to_client (int soc, const char *msg, const char *hostname, - const char *port) -{ - if (is_otp_scan ()) - send_printf ( - soc, "SERVER <|> ERRMSG <|> %s <|> <|> %s <|> %s <|> <|> SERVER\n", - hostname ?: "", port ?: "", msg ?: "No error."); -} - static void error_message_to_client2 (kb_t kb, const char *msg, const char *port) { @@ -161,7 +150,7 @@ error_message_to_client2 (kb_t kb, const char *msg, const char *port) } static void -report_kb_failure (int soc, int errcode) +report_kb_failure (int errcode) { gchar *msg; @@ -169,7 +158,6 @@ report_kb_failure (int soc, int errcode) msg = g_strdup_printf ("WARNING: Cannot connect to KB at '%s': %s'", prefs_get ("db_address"), strerror (errcode)); g_warning ("%s", msg); - error_message_to_client (soc, msg, NULL, NULL); g_free (msg); } @@ -406,17 +394,16 @@ init_host_kb (struct scan_globals *globals, char *ip_str, kb_t *network_kb) gchar *hostname_pattern; enum net_scan_status nss; const gchar *kb_path = prefs_get ("db_address"); - int rc, soc; + int rc; nss = network_scan_status (globals); - soc = globals->global_socket; switch (nss) { case NSS_DONE: rc = kb_new (&kb, kb_path); if (rc) { - report_kb_failure (soc, rc); + report_kb_failure (rc); return NULL; } @@ -435,7 +422,7 @@ init_host_kb (struct scan_globals *globals, char *ip_str, kb_t *network_kb) rc = kb_new (&kb, kb_path); if (rc) { - report_kb_failure (soc, rc); + report_kb_failure (rc); return NULL; } } @@ -490,7 +477,7 @@ attack_host (struct scan_globals *globals, struct in6_addr *ip, GSList *vhosts, host_vhosts = vhosts; kb_item_set_str (kb, "internal/ip", ip_str, 0); kb_item_set_int (kb, "internal/hostpid", getpid ()); - proctitle_set ("openvassd: testing %s", ip_str); + proctitle_set ("openvas: testing %s", ip_str); if (net_kb && *net_kb) { kb_delete (kb); @@ -705,8 +692,7 @@ attack_start (struct attack_start_args *args) gettimeofday (&then, NULL); kb_item_set_str (kb, "internal/scan_id", globals->scan_id, 0); - if (!is_otp_scan ()) - set_kb_readable (kb_get_kb_index (kb)); + set_kb_readable (kb_get_kb_index (kb)); /* The reverse lookup is delayed to this step in order to not slow down the * main scan process eg. case of target with big range of IP addresses. */ @@ -737,14 +723,12 @@ attack_start (struct attack_start_args *args) if (!scan_is_stopped () && !all_scans_are_stopped ()) { - if (!is_otp_scan ()) - { - char key[1024]; - snprintf (key, sizeof (key), "internal/%s", globals->scan_id); - kb_item_set_str (kb, key, "finished", 0); - } + char key[1024]; struct timeval now; + snprintf (key, sizeof (key), "internal/%s", globals->scan_id); + kb_item_set_str (kb, key, "finished", 0); + gettimeofday (&now, NULL); if (now.tv_usec < then.tv_usec) { @@ -872,7 +856,7 @@ iface_authorized (const char *iface) * unauthorized value, -2 if iface can't be used. */ static int -apply_source_iface_preference (int soc) +apply_source_iface_preference () { const char *source_iface = prefs_get ("source_iface"); int ret; @@ -887,7 +871,6 @@ apply_source_iface_preference (int soc) g_strdup_printf ("Unauthorized source interface: %s", source_iface); g_warning ("source_iface: Unauthorized source interface %s.", source_iface); - error_message_to_client (soc, msg, NULL, NULL); g_free (msg); return -1; @@ -900,7 +883,6 @@ apply_source_iface_preference (int soc) g_warning ("source_iface: Unauthorized source interface %s." " (sys_* preference restriction.)", source_iface); - error_message_to_client (soc, msg, NULL, NULL); g_free (msg); return -1; @@ -911,7 +893,6 @@ apply_source_iface_preference (int soc) gchar *msg = g_strdup_printf ("Erroneous source interface: %s", source_iface); g_debug ("source_iface: Error with %s interface.", source_iface); - error_message_to_client (soc, msg, NULL, NULL); g_free (msg); return -2; @@ -931,14 +912,14 @@ apply_source_iface_preference (int soc) } static int -check_kb_access (int soc) +check_kb_access () { int rc; kb_t kb; rc = kb_new (&kb, prefs_get ("db_address")); if (rc) - report_kb_failure (soc, rc); + report_kb_failure (rc); else kb_delete (kb); @@ -968,7 +949,6 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) int max_hosts = 0, max_checks; const char *hostlist; gvm_host_t *host; - int global_socket = -1; plugins_scheduler_t sched; int fork_retries = 0; GHashTable *files; @@ -1015,16 +995,13 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) else network_kb = NULL; - global_socket = globals->global_socket; - if (check_kb_access (global_socket)) + if (check_kb_access ()) return; /* Init and check Target List */ hostlist = prefs_get ("TARGET"); if (hostlist == NULL) { - error_message_to_client (global_socket, "Missing target hosts", NULL, - NULL); return; } @@ -1032,8 +1009,6 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) port_range = prefs_get ("port_range"); if (validate_port_range (port_range)) { - error_message_to_client (global_socket, "Invalid port range", NULL, - port_range); return; } @@ -1043,10 +1018,6 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) network_phase); if (!sched) { - error_message_to_client (global_socket, - "Couldn't initialize " - "the plugin scheduler", - NULL, NULL); g_message ("Couldn't initialize the plugin scheduler"); return; } @@ -1073,7 +1044,7 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) rc = kb_new (network_kb, prefs_get ("db_address")); if (rc) { - report_kb_failure (global_socket, rc); + report_kb_failure (rc); host = NULL; } else @@ -1090,8 +1061,6 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) while (unresolved) { g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data); - error_message_to_client (global_socket, "Couldn't resolve hostname", - unresolved->data, NULL); unresolved = unresolved->next; } g_slist_free_full (unresolved, g_free); @@ -1099,17 +1068,15 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) apply_hosts_preferences (hosts); /* Don't start if the provided interface is unauthorized. */ - if (apply_source_iface_preference (global_socket) != 0) + if (apply_source_iface_preference () != 0) { gvm_hosts_free (hosts); - error_message_to_client ( - global_socket, "Interface not authorized for scanning", NULL, NULL); return; } host = gvm_hosts_next (hosts); if (host == NULL) goto stop; - hosts_init (global_socket, max_hosts); + hosts_init (max_hosts); /* * Start the attack ! */ @@ -1124,11 +1091,11 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) rc = kb_new (&host_kb, prefs_get ("db_address")); if (rc) { - report_kb_failure (global_socket, rc); + report_kb_failure (rc); goto scan_stop; } host_str = gvm_host_value_str (host); - if (hosts_new (globals, host_str, host_kb) < 0) + if (hosts_new (host_str, host_kb) < 0) { g_free (host_str); goto scan_stop; @@ -1182,7 +1149,7 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) /* Every host is being tested... We have to wait for the processes * to terminate. */ - while (hosts_read (globals) == 0) + while (hosts_read () == 0) ; g_message ("Test complete"); @@ -1196,10 +1163,6 @@ attack_network (struct scan_globals *globals, kb_t *network_kb) if (all_scans_are_stopped ()) { - error_message_to_client (global_socket, - "The whole scan was stopped. " - "Fatal Redis connection error.", - "", NULL); } gvm_hosts_free (hosts); diff --git a/src/comm.c b/src/comm.c deleted file mode 100644 index 2c5b53103..000000000 --- a/src/comm.c +++ /dev/null @@ -1,186 +0,0 @@ -/* Portions Copyright (C) 2009-2019 Greenbone Networks GmbH - * Portions Copyright (C) 2006 Software in the Public Interest, Inc. - * Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc. - * - * SPDX-License-Identifier: GPL-2.0-only - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/** - * @file comm.c - * @brief Communication manager; it manages the NTP Protocol version 1.0 - * and 1.1. - */ - -#include "ntp.h" /* for ntp_parse_input() */ -#include "pluginload.h" /* for current_loading_plugins() */ -#include "utils.h" /* for send_printf() */ - -#include /* for errno */ -#include /* for FILE */ -#include /* for strncmp() */ - -#undef G_LOG_DOMAIN -/** - * @brief GLib log domain. - */ -#define G_LOG_DOMAIN "sd main" - -/** - * @brief Initializes the communication between the scanner (us) and the client. - * - * @return 0 if success, -1 if error. - */ -int -comm_init (int soc) -{ - char buf[1024]; - int n; - - /* We must read the version of the OTP the client - wants us to use */ - n = recv_line (soc, buf, sizeof (buf) - 1); - if (n <= 0) - { - g_debug ("Failed reading client-requested OTP version."); - return -1; - } - - buf[sizeof (buf) - 1] = '\0'; - if (strncmp (buf, "< OTP/2.0 >", 11)) - { - if (g_str_is_ascii (buf)) - g_debug ("Unknown client-requested OTP version: %s.", buf); - else - g_debug ("Unknown client-requested OTP version."); - return -1; - } - nsend (soc, "< OTP/2.0 >\n", 12, 0); - return 0; -} - -/** - * @brief Informs the client that the scanner is still loading. - * - * @param[in] soc Socket to send and receive from. - * - * @return 0 if success, -1 if error. - */ -int -comm_loading (int soc) -{ - int n, len; - char buf[256]; - n = recv_line (soc, buf, sizeof (buf) - 1); - if (n <= 0) - { - g_debug ("Failed reading client input."); - return -1; - } - /* Always respond with SCANNER_LOADING. */ - g_snprintf (buf, sizeof (buf), "SCANNER_LOADING <|> %d <|> %d\n", - current_loading_plugins (), total_loading_plugins ()); - len = strlen (buf); - n = nsend (soc, buf, len, 0); - if (n != len) - return -1; - while (n > 0) - n = recv_line (soc, buf, sizeof (buf) - 1); - - return 0; -} - -/** - * Determines if the client is still connected. - * @return 1 if the client is here, 0 if it's not. - */ -static int -is_client_present (int soc) -{ - fd_set rd; - struct timeval tv; - int e; - - FD_ZERO (&rd); - FD_SET (soc, &rd); -again: - tv.tv_sec = 2; - tv.tv_usec = 0; - errno = 0; - e = select (soc + 1, &rd, NULL, NULL, &tv); - if (e < 0) - { - if (errno == EINTR) - goto again; - return 0; - } - - if (e > 0 && !data_left (soc)) - return 0; - return 1; -} - -/** - * @brief This function must be called at the end of a session. - */ -void -comm_terminate (int soc) -{ - send_printf (soc, "SERVER <|> BYE <|> BYE <|> SERVER\n"); - while (is_client_present (soc)) - { - char buffer[4096]; - int n; - - n = recv_line (soc, buffer, sizeof (buffer) - 1); - if (n < 0 || *buffer == '\0') - return; - } -} - -/** - * @brief This function waits for the attack order of the client. - * Meanwhile, it processes all the messages the client could send. - */ -int -comm_wait_order (struct scan_globals *globals) -{ - int soc = globals->global_socket; - - for (;;) - { - static char str[2048]; - int n; - - memset (str, '\0', sizeof (str)); - n = recv_line (soc, str, sizeof (str) - 1); - if (n < 0) - { - g_warning ("Client closed the communication"); - return -1; - } - if (str[0] == '\0' && !is_client_present (soc)) - return -1; - - n = ntp_parse_input (globals, str); - if (n == 0) - return 0; - else if (n == -1) - { - g_warning ("Client input parsing error: %s", str); - return -1; - } - } -} diff --git a/src/comm.h b/src/comm.h deleted file mode 100644 index 387db8143..000000000 --- a/src/comm.h +++ /dev/null @@ -1,43 +0,0 @@ -/* Portions Copyright (C) 2009-2019 Greenbone Networks GmbH - * Portions Copyright (C) 2006 Software in the Public Interest, Inc. - * Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc. - * - * SPDX-License-Identifier: GPL-2.0-only - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/** - * @file comm.h - * @brief comm.c header. - */ - -#ifndef _OPENVAS_COMM_H -#define _OPENVAS_COMM_H - -#include "../misc/scanneraux.h" - -int -comm_init (int); - -int -comm_loading (int); - -void -comm_terminate (int); - -int -comm_wait_order (struct scan_globals *); - -#endif diff --git a/src/hosts.c b/src/hosts.c index 66217ef6d..9f4ab2c66 100644 --- a/src/hosts.c +++ b/src/hosts.c @@ -26,7 +26,6 @@ #include "hosts.h" /* for hosts_new() */ #include "../misc/network.h" /* for internal_recv */ -#include "ntp.h" /* for ntp_parse_input() */ #include "utils.h" /* for data_left() */ #include /* for errno() */ @@ -57,110 +56,44 @@ struct host * as a g_hash_table (name -> [soc,pid]), see hosts_get.*/ static struct host *hosts = NULL; -static int g_soc = -1; static int g_max_hosts = 15; -/*-------------------------------------------------------------------------*/ +/*-------------------------------------------------------------------*/ +extern int global_scan_stop; -static int -send_to_client (int out, char *buf) +static void +host_set_time (kb_t kb, char *key) { - int n, len = strlen (buf); - - assert (out); - for (n = 0; n < len;) - { - int e; - e = nsend (out, buf + n, len - n, 0); - if (e < 0 && errno == EINTR) - continue; - else if (e < 0) - return -1; - else - n += e; - } - return 0; + char timestr[1024]; + char *tmp; + time_t t; + int len; + + t = time (NULL); + tmp = ctime (&t); + timestr[sizeof (timestr) - 1] = '\0'; + strncpy (timestr, tmp, sizeof (timestr) - 1); + len = strlen (timestr); + if (timestr[len - 1] == '\n') + timestr[len - 1] = '\0'; + + kb_item_push_str (kb, key, timestr); } -static int -forward_status (struct host *h, int out) -{ - char *status = NULL, *buf = NULL; - - /* Send the message to the client only if it is a OTP scan. */ - if (!is_otp_scan ()) - return 0; - - status = kb_item_pop_str (h->host_kb, "internal/status"); - if (!status) - return 0; - buf = g_strdup_printf ("SERVER <|> STATUS <|> %s <|> %s <|> SERVER\n", h->ip, - status); - g_free (status); - if (send_to_client (out, buf) < 0) - { - g_free (buf); - return -1; - } - g_free (buf); - return 0; -} - -static int -forward (struct host *h, int out) -{ - /* Send the message to the client only if it is a OTP scan. */ - if (!is_otp_scan ()) - return 0; - - forward_status (h, out); - while (1) - { - char **values, *buf = kb_item_pop_str (h->host_kb, "internal/results"); - if (!buf) - return 0; - - /* Type|||Hostname|||Port/Proto|||OID|||Message */ - values = g_strsplit (buf, "|||", 5); - assert (values && values[0] && !values[5]); - g_free (buf); - /* OTP: Type <|> IP <|> Hostname <|> Port/Proto <|> Message <|> OID */ - buf = g_strdup_printf ( - "SERVER <|> %s <|> %s <|> %s <|> %s <|> %s <|> %s <|> SERVER\n", - values[0], h->ip, values[1], values[2], values[4], values[3]); - if (send_to_client (out, buf) < 0) - { - g_free (buf); - return -1; - } - g_free (buf); - } - - return 1; -} - -/*-------------------------------------------------------------------*/ -extern int global_scan_stop; - static void host_rm (struct host *h) { if (h->pid != 0) waitpid (h->pid, NULL, WNOHANG); - while (forward (h, g_soc) > 0) - ; if (!global_scan_stop) - ntp_timestamp_host_scan_ends (g_soc, h->host_kb, h->ip); + host_set_time (h->host_kb, "internal/end_time"); if (h->next != NULL) h->next->prev = h->prev; if (h->prev != NULL) h->prev->next = h->next; - if (is_otp_scan () || global_scan_stop == 1) - kb_delete (h->host_kb); - g_free (h->name); g_free (h->ip); g_free (h); @@ -200,21 +133,20 @@ hosts_get (char *name) } int -hosts_init (int soc, int max_hosts) +hosts_init (int max_hosts) { - g_soc = soc; g_max_hosts = max_hosts; return 0; } int -hosts_new (struct scan_globals *globals, char *name, kb_t kb) +hosts_new (char *name, kb_t kb) { struct host *h; while (hosts_num () >= g_max_hosts) { - if (hosts_read (globals) < 0) + if (hosts_read () < 0) return -1; } if (global_scan_stop) @@ -290,11 +222,10 @@ hosts_read_data (void) /* Scan started. */ h->ip = kb_item_get_str (h->host_kb, "internal/ip"); if (h->ip) - ntp_timestamp_host_scan_starts (g_soc, h->host_kb, h->ip); + host_set_time (h->host_kb, "internal/start_time"); } if (h->ip) { - forward (h, g_soc); if (kill (h->pid, 0) < 0) /* Process is dead */ { if (!h->prev) @@ -309,63 +240,13 @@ hosts_read_data (void) } } -/** - * Returns -1 if no socket, error or client asked to stop tests, 0 otherwise. - */ -static int -hosts_read_client (struct scan_globals *globals) -{ - struct timeval tv; - int e = 0; - fd_set rd; - - if (g_soc == -1) - return 0; - - FD_ZERO (&rd); - FD_SET (g_soc, &rd); - - for (;;) - { - tv.tv_sec = 0; - tv.tv_usec = 1000; - e = select (g_soc + 1, &rd, NULL, NULL, &tv); - if (e < 0 && errno == EINTR) - continue; - else - break; - } - - if (e > 0 && FD_ISSET (g_soc, &rd) != 0) - { - int result; - char buf[4096]; - - result = recv_line (g_soc, buf, sizeof (buf) - 1); - if (result <= 0) - return -1; - result = ntp_parse_input (globals, buf); - if (result == -1) - return -1; - } - - return 0; -} - /** * @brief Returns -1 if client asked to stop all tests or connection was lost or * error. 0 otherwise. */ int -hosts_read (struct scan_globals *globals) +hosts_read (void) { - if (hosts_read_client (globals) < 0 && is_otp_scan ()) - { - hosts_stop_all (); - g_debug ("Client abruptly closed the communication"); - return -1; - } - if (hosts == NULL) return -1; diff --git a/src/hosts.h b/src/hosts.h index 00e776787..bfb8a7d95 100644 --- a/src/hosts.h +++ b/src/hosts.h @@ -29,16 +29,16 @@ #include "../misc/scanneraux.h" int -hosts_init (int, int); +hosts_init (int); int -hosts_new (struct scan_globals *, char *, kb_t); +hosts_new (char *, kb_t); int hosts_set_pid (char *, pid_t); int -hosts_read (struct scan_globals *); +hosts_read (void); void hosts_stop_all (void); diff --git a/src/nasl_plugins.c b/src/nasl_plugins.c index d491aa5a3..9f33fc3ce 100644 --- a/src/nasl_plugins.c +++ b/src/nasl_plugins.c @@ -182,7 +182,7 @@ nasl_thread (struct script_infos *args) kb = args->key; kb_lnk_reset (kb); addr6_to_str (args->ip, ip_str); - proctitle_set ("openvassd: testing %s (%s)", ip_str, args->name); + proctitle_set ("openvas: testing %s (%s)", ip_str, args->name); if (prefs_get_bool ("nasl_no_signature_check")) nasl_mode |= NASL_ALWAYS_SIGNED; diff --git a/src/ntp.c b/src/ntp.c deleted file mode 100644 index 8c3d6b57e..000000000 --- a/src/ntp.c +++ /dev/null @@ -1,435 +0,0 @@ -/* Portions Copyright (C) 2009-2019 Greenbone Networks GmbH - * Portions Copyright (C) 2006 Software in the Public Interest, Inc. - * Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc. - * - * SPDX-License-Identifier: GPL-2.0-only - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/** - * @file ntp.c - * @brief OpenVAS Transfer Protocol handling. - */ - -#include "ntp.h" - -#include "../misc/network.h" /* for recv_line */ -#include "comm.h" -#include "hosts.h" -#include "otp.h" -#include "utils.h" - -#include -#include /* for prefs_set() */ -#include /* for snprintf() */ -#include /* for atoi() */ -#include /* for strlen() */ - -#ifndef MIN -#define MIN(x, y) ((x) < (y) ? (x) : (y)) -#endif - -#undef G_LOG_DOMAIN -/** - * @brief GLib log domain. - */ -#define G_LOG_DOMAIN "sd main" - -static int -ntp_read_prefs (int); -static int -ntp_long_attack (int); -static int -ntp_recv_file (struct scan_globals *); - -/** - * @brief Parses the input sent by the client before the NEW_ATTACK message. - */ -int -ntp_parse_input (struct scan_globals *globals, char *input) -{ - char *str; - int result = 1; /* default return value is 1 */ - int soc = globals->global_socket; - - if (*input == '\0') - return -1; - str = strstr (input, " <|> "); - if (str == NULL) - return 1; - - str[0] = '\0'; - - if (strcmp (input, "CLIENT") == 0) - { - input = str + 5; - str = strchr (input, ' '); - if (str != NULL) - str[0] = '\0'; - - if (input[strlen (input) - 1] == '\n') - input[strlen (input) - 1] = '\0'; - - switch (otp_get_client_request (input)) - { - case CREQ_ATTACHED_FILE: - ntp_recv_file (globals); - break; - - case CREQ_LONG_ATTACK: - result = ntp_long_attack (soc); - break; - - case CREQ_PREFERENCES: - ntp_read_prefs (soc); - break; - - case CREQ_STOP_WHOLE_TEST: - g_message ("Stopping the whole test (requested by client)"); - hosts_stop_all (); - break; - - case CREQ_UNKNOWN: - break; - } - } - - return (result); -} - -static int -ntp_long_attack (int soc) -{ - char input[16384]; - int size; - char *target; - int n; - - n = recv_line (soc, input, sizeof (input) - 1); - if (n <= 0) - return -1; - - g_debug ("long_attack :%s\n", input); - if (!strncmp (input, "<|> CLIENT", sizeof ("<|> CLIENT"))) - return 1; - size = atoi (input); - target = g_malloc0 (size + 1); - - n = 0; - while (n < size) - { - int e; - e = nrecv (soc, target + n, size - n, 0); - if (e > 0) - n += e; - else - { - g_free (target); - return -1; - } - } - - prefs_set ("TARGET", target); - - g_free (target); - - return 0; -} - -/** - * @brief Reads in "server" prefs sent by client. - * - * @param soc Socket to read from. - * @return Always 0. - */ -static int -ntp_read_prefs (int soc) -{ - char *input; - int input_sz = 1024 * 1024 * 2; /* this is sufficient for a plugin_set - for up to 69K OIDs */ - - input = g_malloc0 (input_sz); - for (;;) - { - int n; - input[0] = '\0'; - n = recv_line (soc, input, input_sz - 1); - - if (n < 0 || input[0] == '\0') - { - g_debug ("Empty data string -- closing comm. channel"); - exit (0); - } - - if (strstr (input, "<|> CLIENT") != NULL) /* finished = 1; */ - break; - /* else */ - - { - char *pref; - char *v; - pref = input; - v = strchr (input, '<'); - if (v) - { - char *value; - v -= 1; - v[0] = 0; - - value = v + 5; - /* - * "system" prefs can't be changed - */ - if (is_scanner_only_pref (pref)) - continue; - - if (value[0] != '\0') - value[strlen (value) - 1] = '\0'; - - prefs_set (pref, value); - } - } - } - - g_free (input); - return (0); -} - -/** - * @brief Adds a 'translation' entry for a file sent by the client. - * - * Files sent by the client are stored in memory on the server side. - * In order to access these files, their original name ('local' to the client) - * can be 'translated' into the file contents of the in-memory copy of the - * file on the server side. - * - * @param globals Global struct. - * @param remotename Name of the file as referenced by the client. - * @param contents Contents of the file. - */ -static void -files_add_translation (struct scan_globals *globals, const char *remotename, - char *contents) -{ - GHashTable *trans = globals->files_translation; - // Register the mapping table if none there yet - if (trans == NULL) - { - trans = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); - globals->files_translation = trans; - } - - g_hash_table_insert (trans, g_strdup (remotename), contents); -} - -/** - * @brief Adds a 'content size' entry for a file sent by the client. - * - * Files sent by the client are stored in memory on the server side. - * Because they may be binary we need to store the size of the uploaded file as - * well. This function sets up a mapping from the original name sent by the - * client to the file size. - * - * @param globals Global struct. - * @param remotename Name of the file as referenced by the client. - * @param filesize Size of the file in bytes. - */ -static void -files_add_size_translation (struct scan_globals *globals, - const char *remotename, const long filesize) -{ - GHashTable *trans = globals->files_size_translation; - gchar *filesize_str = g_strdup_printf ("%ld", filesize); - - // Register the mapping table if none there yet - if (trans == NULL) - { - trans = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); - globals->files_size_translation = trans; - } - - g_hash_table_insert (trans, g_strdup (remotename), g_strdup (filesize_str)); -} - -/** - * @brief Receive a file sent by the client. - * - * @return 0 if successful, -1 in case of errors. - */ -int -ntp_recv_file (struct scan_globals *globals) -{ - int soc = globals->global_socket; - char input[4096]; - char *origname, *contents; - gchar *cont_ptr = NULL; - int n; - size_t bytes = 0, tot = 0; - - n = recv_line (soc, input, sizeof (input) - 1); - if (n <= 0) - return -1; - - if (strncmp (input, "name: ", strlen ("name: ")) == 0) - { - origname = g_strdup (input + sizeof ("name: ") - 1); - if (origname[strlen (origname) - 1] == '\n') - origname[strlen (origname) - 1] = '\0'; - } - else - return -1; - - n = recv_line (soc, input, sizeof (input) - 1); - if (n <= 0) - { - g_free (origname); - return -1; - } - /* XXX content: message. Ignored for the moment */ - - n = recv_line (soc, input, sizeof (input) - 1); - if (n <= 0) - { - g_free (origname); - return -1; - } - - if (strncmp (input, "bytes: ", sizeof ("bytes: ") - 1) == 0) - { - char *t = input + sizeof ("bytes: ") - 1; - bytes = atol (t); - } - else - { - g_free (origname); - return -1; - } - - /* We now know that we have to read bytes from the remote socket. */ - - contents = g_try_malloc0 (bytes); - - if (contents == NULL) - { - g_debug ("ntp_recv_file: Failed to allocate memory for uploaded file."); - g_free (origname); - return -1; - } - - cont_ptr = contents; - while (tot < bytes) - { - bzero (input, sizeof (input)); - n = nrecv (soc, input, MIN (sizeof (input) - 1, bytes - tot), 0); - if (n < 0) - { - g_debug ("11_recv_file: nrecv(%d)", soc); - break; - } - else - { - memcpy ((cont_ptr + (tot * sizeof (char))), &input, n); - tot += n; - } - } - send_printf (soc, "SERVER <|> FILE_ACCEPTED <|> SERVER\n"); - /* Add the fact that what the remote client calls is actually - * stored in here and has a size of bytes. */ - files_add_translation (globals, origname, contents); - files_add_size_translation (globals, origname, bytes); - - g_free (origname); - return 0; -} - -/*---------------------------------------------------------- - - Communication protocol: timestamps - - ----------------------------------------------------------*/ - -static int -__ntp_timestamp_scan (int soc, char *msg) -{ - char timestr[1024]; - char *tmp; - time_t t; - int len; - - t = time (NULL); - tmp = ctime (&t); - timestr[sizeof (timestr) - 1] = '\0'; - strncpy (timestr, tmp, sizeof (timestr) - 1); - len = strlen (timestr); - if (timestr[len - 1] == '\n') - timestr[len - 1] = '\0'; - - send_printf (soc, "SERVER <|> TIME <|> %s <|> %s <|> SERVER\n", msg, timestr); - return 0; -} - -static int -__ntp_timestamp_scan_host (int soc, kb_t kb, char *msg, char *host) -{ - char timestr[1024]; - char *tmp; - time_t t; - int len; - - t = time (NULL); - tmp = ctime (&t); - timestr[sizeof (timestr) - 1] = '\0'; - strncpy (timestr, tmp, sizeof (timestr) - 1); - len = strlen (timestr); - if (timestr[len - 1] == '\n') - timestr[len - 1] = '\0'; - - /* Send the message to the client only if it is a OTP scan. */ - if (is_otp_scan ()) - send_printf (soc, "SERVER <|> TIME <|> %s <|> %s <|> %s <|> SERVER\n", msg, - host, timestr); - /* For external tools */ - if (!strcmp (msg, "HOST_START")) - kb_item_push_str (kb, "internal/start_time", timestr); - else - kb_item_push_str (kb, "internal/end_time", timestr); - - return 0; -} - -int -ntp_timestamp_scan_starts (int soc) -{ - return __ntp_timestamp_scan (soc, "SCAN_START"); -} - -int -ntp_timestamp_scan_ends (int soc) -{ - return __ntp_timestamp_scan (soc, "SCAN_END"); -} - -int -ntp_timestamp_host_scan_starts (int soc, kb_t kb, char *host) -{ - return __ntp_timestamp_scan_host (soc, kb, "HOST_START", host); -} - -int -ntp_timestamp_host_scan_ends (int soc, kb_t kb, char *host) -{ - return __ntp_timestamp_scan_host (soc, kb, "HOST_END", host); -} diff --git a/src/ntp.h b/src/ntp.h deleted file mode 100644 index 24b527d79..000000000 --- a/src/ntp.h +++ /dev/null @@ -1,45 +0,0 @@ -/* Portions Copyright (C) 2009-2019 Greenbone Networks GmbH - * Portions Copyright (C) 2006 Software in the Public Interest, Inc. - * Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc. - * - * SPDX-License-Identifier: GPL-2.0-only - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/** - * @file ntp.h - * @brief Header for ntp.c. - */ - -#ifndef _OPENVAS_NTP_H -#define _OPENVAS_NTP_H - -#include "../misc/scanneraux.h" - -int -ntp_parse_input (struct scan_globals *, char *); - -int -ntp_timestamp_host_scan_starts (int, kb_t, char *); - -int -ntp_timestamp_host_scan_ends (int, kb_t, char *); - -int -ntp_timestamp_scan_starts (int); - -int -ntp_timestamp_scan_ends (int); -#endif diff --git a/src/openvassd.c b/src/openvas.c similarity index 54% rename from src/openvassd.c rename to src/openvas.c index 8fb9978bb..6692a9214 100644 --- a/src/openvassd.c +++ b/src/openvas.c @@ -36,12 +36,9 @@ #include "../misc/plugutils.h" /* nvticache_free */ #include "../misc/vendorversion.h" /* for vendor_version_set */ #include "attack.h" /* for attack_network */ -#include "comm.h" /* for comm_loading */ -#include "ntp.h" /* for ntp_timestamp_scan_starts */ #include "pluginlaunch.h" /* for init_loading_shm */ #include "processes.h" /* for create_process */ #include "sighand.h" /* for openvas_signal */ -#include "utils.h" /* for wait_for_children1 */ #include /* for errno() */ #include /* for open() */ @@ -50,7 +47,6 @@ #include #include /* for setup_log_handler, load_log_configuration, free_log_configuration*/ #include /* for prefs_get() */ -#include /* for pidfile_create */ #include /* for prefs_get() */ #include /* for proctitle_set */ #include /* for KB_PATH_DEFAULT */ @@ -80,10 +76,10 @@ */ #define G_LOG_DOMAIN "sd main" -#define PROCTITLE_WAITING "openvassd: Waiting for incoming connections" -#define PROCTITLE_LOADING "openvassd: Loading Handler" -#define PROCTITLE_RELOADING "openvassd: Reloading" -#define PROCTITLE_SERVING "openvassd: Serving %s" +#define PROCTITLE_WAITING "openvas: Waiting for incoming connections" +#define PROCTITLE_LOADING "openvas: Loading Handler" +#define PROCTITLE_RELOADING "openvas: Reloading" +#define PROCTITLE_SERVING "openvas: Serving %s" /** * Globals that should not be touched (used in utils module). @@ -96,8 +92,6 @@ int global_max_checks = 10; */ GSList *log_config = NULL; -static int global_iana_socket = -1; - static volatile int loading_stop_signal = 0; static volatile int termination_signal = 0; static char *global_scan_id = NULL; @@ -106,12 +100,12 @@ typedef struct { char *option; char *value; -} openvassd_option; +} openvas_option; /** * @brief Default values for scanner options. Must be NULL terminated. */ -static openvassd_option openvassd_defaults[] = { +static openvas_option openvas_defaults[] = { {"plugins_folder", OPENVAS_NVT_DIR}, {"include_folders", OPENVAS_NVT_DIR}, {"max_hosts", "30"}, @@ -134,26 +128,6 @@ static openvassd_option openvassd_defaults[] = { gchar *unix_socket_path = NULL; -static void -start_daemon_mode (void) -{ - /* do not block the listener port for subsequent scanners */ - close (global_iana_socket); - - /* become process group leader */ - if (setsid () < 0) - { - g_warning ("Cannot set process group leader (%s)\n", strerror (errno)); - } -} - -static void -end_daemon_mode (void) -{ - /* clean up all processes the process group */ - make_em_die (SIGTERM); -} - static void set_globals_from_preferences (void) { @@ -175,13 +149,13 @@ set_globals_from_preferences (void) } static void -reload_openvassd (void); +reload_openvas (void); static void handle_reload_signal (int sig) { (void) sig; - reload_openvassd (); + reload_openvas (); } static void @@ -190,126 +164,6 @@ handle_termination_signal (int sig) termination_signal = sig; } -/* - * @brief Handles a client request when the scanner is still loading. - * - * @param[in] soc Client socket to send and receive from. - */ -static void -loading_client_handle (int soc) -{ - int opt = 1; - if (soc <= 0) - return; - - if (setsockopt (soc, SOL_SOCKET, SO_KEEPALIVE, &opt, sizeof (opt)) < 0) - g_warning ("setsockopt: %s", strerror (errno)); - comm_loading (soc); -} - -/* - * @brief Handles term signal received by loading handler child process. - */ -static void -handle_loading_stop_signal (int sig) -{ - loading_stop_signal = sig; -} - -static void -remove_pidfile () -{ - pidfile_remove ("openvassd"); -} - -static int -get_client_timedout (int sockfd, struct sockaddr *addr, socklen_t lg_address, - struct timeval *timeout) -{ - int ret; - fd_set set; - - FD_ZERO (&set); - FD_SET (sockfd, &set); - ret = select (sockfd + 1, &set, NULL, NULL, timeout); - if (ret <= 0) /* error or timeout. */ - return -1; - return accept (global_iana_socket, addr, &lg_address); -} - -/* - * @brief Starts a process to handle client requests while the scanner is - * loading. - * - * @return process id of loading handler. - */ -static pid_t -loading_handler_start () -{ - pid_t child_pid, parent_pid; - - init_loading_shm (); - parent_pid = getpid (); - child_pid = fork (); - if (child_pid != 0) - return child_pid; - - proctitle_set (PROCTITLE_WAITING); - openvas_signal (SIGTERM, handle_loading_stop_signal); - - if (listen (global_iana_socket, 5) < 0) - { - g_warning ("%s: Error on listen(): %s", __FUNCTION__, strerror (errno)); - exit (1); - } - - /* - * Forked process will handle client requests until parent dies or stops it - * with loading_handler_stop (). - */ - while (1) - { - struct sockaddr_un address; - int soc; - struct timeval timeout; - pid_t child_pid1; - - if (loading_stop_signal || kill (parent_pid, 0) < 0) - break; - - timeout.tv_sec = 0; - timeout.tv_usec = 500000; - soc = - get_client_timedout (global_iana_socket, (struct sockaddr *) &address, - sizeof (address), &timeout); - if (soc == -1) - continue; - - child_pid1 = fork (); - if (child_pid1 == 0) - { - loading_client_handle (soc); - shutdown (soc, 2); - close (soc); - exit (0); - } - waitpid (child_pid1, NULL, WNOHANG); - } - exit (0); -} - -/* - * @brief Stops the loading handler process. - * - * @param[in] handler_pid Pid of loading handler. - */ -void -loading_handler_stop (pid_t handler_pid) -{ - terminate_process (handler_pid); - destroy_loading_shm (); -} - /** * @brief Initializes main scanner process' signal handlers. */ @@ -325,11 +179,10 @@ init_signal_handlers () /* Restarts the scanner by reloading the configuration. */ static void -reload_openvassd () +reload_openvas () { static gchar *rc_name = NULL; const char *config_file; - pid_t handler_pid; int i, ret; /* Ignore SIGHUP while reloading. */ @@ -337,26 +190,22 @@ reload_openvassd () proctitle_set (PROCTITLE_RELOADING); /* Setup logging. */ - rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvassd_log.conf", NULL); + rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL); if (g_file_test (rc_name, G_FILE_TEST_EXISTS)) log_config = load_log_configuration (rc_name); g_free (rc_name); setup_log_handlers (log_config); g_message ("Reloading the scanner.\n"); - handler_pid = loading_handler_start (); - if (handler_pid < 0) - return; /* Reload config file. */ config_file = prefs_get ("config_file"); - for (i = 0; openvassd_defaults[i].option != NULL; i++) - prefs_set (openvassd_defaults[i].option, openvassd_defaults[i].value); + for (i = 0; openvas_defaults[i].option != NULL; i++) + prefs_set (openvas_defaults[i].option, openvas_defaults[i].value); prefs_config (config_file); /* Reload the plugins */ ret = plugins_init (); set_globals_from_preferences (); - loading_handler_stop (handler_pid); g_message ("Finished reloading the scanner."); openvas_signal (SIGHUP, handle_reload_signal); @@ -412,119 +261,34 @@ static void handle_client (struct scan_globals *globals) { kb_t net_kb = NULL; - int soc = globals->global_socket; - /* Become process group leader and the like ... */ - if (is_otp_scan ()) - { - start_daemon_mode (); - if (comm_wait_order (globals)) - return; - ntp_timestamp_scan_starts (soc); - } - else + /* Load preferences from Redis. Scan started with a scan_id. */ + if (load_scan_preferences (globals->scan_id)) { - /* Load preferences from Redis. Scan started with a scan_id. */ - if (load_scan_preferences (globals->scan_id)) - { - g_warning ("No preferences found for the scan %s", globals->scan_id); - exit (0); - } + g_warning ("No preferences found for the scan %s", globals->scan_id); + exit (0); } + attack_network (globals, &net_kb); if (net_kb != NULL) { kb_delete (net_kb); net_kb = NULL; } - if (is_otp_scan ()) - { - ntp_timestamp_scan_ends (soc); - comm_terminate (soc); - } } static void scanner_thread (struct scan_globals *globals) { - int opt = 1; - int soc = -1; - nvticache_reset (); - if (is_otp_scan () && !global_scan_id) - { - globals->scan_id = (char *) gvm_uuid_make (); - soc = globals->global_socket; - proctitle_set (PROCTITLE_SERVING, unix_socket_path); - - /* Close the scanner thread - it is useless for us now */ - close (global_iana_socket); - - if (soc < 0) - goto shutdown_and_exit; - - if (setsockopt (soc, SOL_SOCKET, SO_KEEPALIVE, &opt, sizeof (opt)) < 0) - goto shutdown_and_exit; - - globals->global_socket = soc; - - if (comm_init (soc) < 0) - exit (0); - } - else - globals->scan_id = g_strdup (global_scan_id); + globals->scan_id = g_strdup (global_scan_id); handle_client (globals); -shutdown_and_exit: - if (is_otp_scan () && !global_scan_id) - { - shutdown (soc, 2); - close (soc); - /* Kill left overs */ - end_daemon_mode (); - } exit (0); } -/** - * @brief Free logging configuration. - */ -static void -log_config_free () -{ - free_log_configuration (log_config); - log_config = NULL; -} - -/* - * @brief Terminates the scanner if a termination signal was received. - */ -static void -check_termination () -{ - if (termination_signal) - { - g_debug ("Received the %s signal", strsignal (termination_signal)); - if (log_config) - log_config_free (); - remove_pidfile (); - make_em_die (SIGTERM); - _exit (0); - } -} - -/* - * @brief Reloads the scanner if a reload was requested or the feed was updated. - */ -static void -check_reload () -{ - if (nvticache_check_feed ()) - reload_openvassd (); -} - /** * @brief Get the pid and ppid from /proc to find the running scan pids. * Send SIGUSR2 kill signal to all running scans to stop them. @@ -652,152 +416,8 @@ check_kb_status () { g_message ("Redis connection error. Stopping all the running scans."); stop_all_scans (); - reload_openvassd (); - } -} - -static void -main_loop () -{ -#ifdef OPENVASSD_GIT_REVISION - g_message ("openvassd %s (GIT revision %s) started", OPENVASSD_VERSION, - OPENVASSD_GIT_REVISION); -#else - g_message ("openvassd %s started", OPENVASSD_VERSION); -#endif - proctitle_set (PROCTITLE_WAITING); - for (;;) - { - int soc; - struct sockaddr_un address; - struct scan_globals *globals; - struct timeval timeout; - - check_termination (); - wait_for_children1 (); - - timeout.tv_sec = 10; - timeout.tv_usec = 0; - soc = - get_client_timedout (global_iana_socket, (struct sockaddr *) &address, - sizeof (address), &timeout); - check_kb_status (); - if (soc == -1) - { - check_reload (); - continue; - } - - globals = g_malloc0 (sizeof (struct scan_globals)); - globals->global_socket = soc; - /* Set scan type 1:OTP, 0:OSP */ - set_scan_type (1); - - if (create_process ((process_func_t) scanner_thread, globals) < 0) - { - g_debug ("Could not fork - client won't be served"); - sleep (2); - } - close (soc); - g_free (globals); - } -} - -/** - * Initialization of the network in unix socket case: - * we setup the socket that will listen for incoming connections on - * unix_socket_path. - * - * @param[out] sock Socket to be initialized. - * - * @return 0 on success. -1 on failure. - */ -static int -init_unix_network (int *sock, const char *owner, const char *group, - const char *mode) -{ - struct sockaddr_un addr; - struct stat ustat; - int unix_socket; - mode_t omode; - - unix_socket = socket (AF_UNIX, SOCK_STREAM, 0); - if (unix_socket == -1) - { - g_debug ("%s: Couldn't create UNIX socket", __FUNCTION__); - return -1; - } - addr.sun_family = AF_UNIX; - strncpy (addr.sun_path, unix_socket_path, sizeof (addr.sun_path) - 1); - if (!stat (addr.sun_path, &ustat)) - { - /* Remove socket so we can bind(). */ - unlink (addr.sun_path); - } - if (bind (unix_socket, (struct sockaddr *) &addr, sizeof (struct sockaddr_un)) - == -1) - { - g_debug ("%s: Error on bind(%s): %s", __FUNCTION__, unix_socket_path, - strerror (errno)); - goto init_unix_err; - } - - if (owner) - { - struct passwd *pwd = getpwnam (owner); - if (!pwd) - { - g_debug ("%s: User %s not found.", __FUNCTION__, owner); - goto init_unix_err; - } - if (chown (unix_socket_path, pwd->pw_uid, -1) == -1) - { - g_debug ("%s: chown: %s", __FUNCTION__, strerror (errno)); - goto init_unix_err; - } - } - - if (group) - { - struct group *grp = getgrnam (group); - if (!grp) - { - g_debug ("%s: Group %s not found.", __FUNCTION__, group); - goto init_unix_err; - } - if (chown (unix_socket_path, -1, grp->gr_gid) == -1) - { - g_debug ("%s: chown: %s", __FUNCTION__, strerror (errno)); - goto init_unix_err; - } - } - - if (!mode) - mode = "660"; - omode = strtol (mode, 0, 8); - if (omode <= 0 || omode > 4095) - { - g_debug ("%s: Erroneous liste-mode value", __FUNCTION__); - goto init_unix_err; - } - if (chmod (unix_socket_path, strtol (mode, 0, 8)) == -1) - { - g_debug ("%s: chmod: %s", __FUNCTION__, strerror (errno)); - goto init_unix_err; - } - - if (listen (unix_socket, 128) == -1) - { - g_debug ("%s: Error on listen(): %s", __FUNCTION__, strerror (errno)); - goto init_unix_err; + reload_openvas (); } - - *sock = unix_socket; - return 0; - -init_unix_err: - close (unix_socket); - return -1; } /** @@ -806,17 +426,17 @@ init_unix_network (int *sock, const char *owner, const char *group, * @param config_file Path to config file for initialization */ static int -init_openvassd (const char *config_file) +init_openvas (const char *config_file) { static gchar *rc_name = NULL; int i; - for (i = 0; openvassd_defaults[i].option != NULL; i++) - prefs_set (openvassd_defaults[i].option, openvassd_defaults[i].value); + for (i = 0; openvas_defaults[i].option != NULL; i++) + prefs_set (openvas_defaults[i].option, openvas_defaults[i].value); prefs_config (config_file); /* Setup logging. */ - rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvassd_log.conf", NULL); + rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL); if (g_file_test (rc_name, G_FILE_TEST_EXISTS)) log_config = load_log_configuration (rc_name); g_free (rc_name); @@ -826,17 +446,6 @@ init_openvassd (const char *config_file) return 0; } -static void -set_daemon_mode () -{ - if (fork ()) - { /* Parent. */ - log_config_free (); - exit (0); - } - setsid (); -} - static int flush_all_kbs () { @@ -874,14 +483,13 @@ start_single_task_scan () g_message ("Could not initialize openvas SSL!"); #endif -#ifdef OPENVASSD_GIT_REVISION - g_message ("openvassd %s (GIT revision %s) started", OPENVASSD_VERSION, - OPENVASSD_GIT_REVISION); +#ifdef OPENVAS_GIT_REVISION + g_message ("openvas %s (GIT revision %s) started", OPENVAS_VERSION, + OPENVAS_GIT_REVISION); #else - g_message ("openvassd %s started", OPENVASSD_VERSION); + g_message ("openvas %s started", OPENVAS_VERSION); #endif - pidfile_create ("openvassd"); openvas_signal (SIGHUP, SIG_IGN); ret = plugins_init (); if (ret) @@ -890,14 +498,12 @@ start_single_task_scan () globals = g_malloc0 (sizeof (struct scan_globals)); - /* Set scan type 1:OTP, 0:OSP */ - set_scan_type (0); scanner_thread (globals); exit (0); } /** - * @brief openvassd. + * @brief openvas. * @param argc Argument count. * @param argv Argument vector. */ @@ -905,29 +511,22 @@ int main (int argc, char *argv[]) { int ret; - pid_t handler_pid; proctitle_init (argc, argv); gcrypt_init (); static gboolean display_version = FALSE; - static gboolean dont_fork = FALSE; static gchar *config_file = NULL; static gchar *vendor_version_string = NULL; - static gchar *listen_owner = NULL; - static gchar *listen_group = NULL; - static gchar *listen_mode = NULL; static gchar *scan_id = NULL; static gboolean print_specs = FALSE; static gboolean print_sysconfdir = FALSE; - static gboolean only_cache = FALSE; + static gboolean update_vt_info = FALSE; GError *error = NULL; GOptionContext *option_context; static GOptionEntry entries[] = { {"version", 'V', 0, G_OPTION_ARG_NONE, &display_version, "Display version information", NULL}, - {"foreground", 'f', 0, G_OPTION_ARG_NONE, &dont_fork, - "Do not run in daemon mode but stay in foreground", NULL}, {"config-file", 'c', 0, G_OPTION_ARG_FILENAME, &config_file, "Configuration file", ""}, {"vendor-version", '\0', 0, G_OPTION_ARG_STRING, &vendor_version_string, @@ -936,18 +535,12 @@ main (int argc, char *argv[]) "Print configuration settings", NULL}, {"sysconfdir", 'y', 0, G_OPTION_ARG_NONE, &print_sysconfdir, "Print system configuration directory (set at compile time)", NULL}, - {"only-cache", 'C', 0, G_OPTION_ARG_NONE, &only_cache, - "Exit once the NVT cache has been initialized or updated", NULL}, - {"unix-socket", 'c', 0, G_OPTION_ARG_FILENAME, &unix_socket_path, - "Path of unix socket to listen on", ""}, - {"listen-owner", '\0', 0, G_OPTION_ARG_STRING, &listen_owner, - "Owner of the unix socket", ""}, - {"listen-group", '\0', 0, G_OPTION_ARG_STRING, &listen_group, - "Group of the unix socket", ""}, - {"listen-mode", '\0', 0, G_OPTION_ARG_STRING, &listen_mode, - "File mode of the unix socket", ""}, + {"update-vt-info", 'u', 0, G_OPTION_ARG_NONE, &update_vt_info, + "Updates VT info into redis store from VT files", NULL}, {"scan-start", '\0', 0, G_OPTION_ARG_STRING, &scan_id, - "ID for this scan task", ""}, + "ID of scan to start. ID and related data must be stored into redis " + "before.", + ""}, {NULL, 0, 0, 0, NULL, NULL, NULL}}; option_context = @@ -960,29 +553,19 @@ main (int argc, char *argv[]) } g_option_context_free (option_context); + /* --sysconfdir */ if (print_sysconfdir) { g_print ("%s\n", SYSCONFDIR); exit (0); } - /* Switch to UTC so that OTP times are always in UTC. */ - if (setenv ("TZ", "utc 0", 1) == -1) - { - g_print ("%s\n\n", strerror (errno)); - exit (0); - } - tzset (); - - if (!unix_socket_path) - unix_socket_path = - g_build_filename (OPENVAS_RUN_DIR, "openvassd.sock", NULL); - + /* --version */ if (display_version) { - printf ("OpenVAS Scanner %s\n", OPENVASSD_VERSION); -#ifdef OPENVASSD_GIT_REVISION - printf ("GIT revision %s\n", OPENVASSD_GIT_REVISION); + printf ("OpenVAS Scanner %s\n", OPENVAS_VERSION); +#ifdef OPENVAS_GIT_REVISION + printf ("GIT revision %s\n", OPENVAS_GIT_REVISION); #endif printf ("Most new code since 2005: (C) 2019 Greenbone Networks GmbH\n"); printf ( @@ -994,21 +577,31 @@ main (int argc, char *argv[]) exit (0); } + /* Switch to UTC so that OTP times are always in UTC. */ + if (setenv ("TZ", "utc 0", 1) == -1) + { + g_print ("%s\n\n", strerror (errno)); + exit (0); + } + tzset (); + + unix_socket_path = g_build_filename (OPENVAS_RUN_DIR, "openvas.sock", NULL); + if (vendor_version_string) vendor_version_set (vendor_version_string); if (!config_file) - config_file = OPENVASSD_CONF; - if (only_cache) + config_file = OPENVAS_CONF; + if (update_vt_info) { - if (init_openvassd (config_file)) + if (init_openvas (config_file)) return 1; if (plugins_init ()) return 1; return 0; } - if (init_openvassd (config_file)) + if (init_openvas (config_file)) return 1; if (scan_id) @@ -1018,13 +611,6 @@ main (int argc, char *argv[]) exit (0); } - if (!print_specs) - { - if (init_unix_network (&global_iana_socket, listen_owner, listen_group, - listen_mode)) - return 1; - } - /* special treatment */ if (print_specs) { @@ -1039,22 +625,12 @@ main (int argc, char *argv[]) g_message ("Could not initialize openvas SSL!"); #endif - // Daemon mode: - if (dont_fork == FALSE) - set_daemon_mode (); - pidfile_create ("openvassd"); - /* Ignore SIGHUP while reloading. */ openvas_signal (SIGHUP, SIG_IGN); - handler_pid = loading_handler_start (); - if (handler_pid < 0) - return 1; ret = plugins_init (); - loading_handler_stop (handler_pid); if (ret) return 1; - init_signal_handlers (); - main_loop (); + exit (0); } diff --git a/src/openvassd_log_conf.cmake_in b/src/openvas_log_conf.cmake_in similarity index 83% rename from src/openvassd_log_conf.cmake_in rename to src/openvas_log_conf.cmake_in index a9134b1c7..a72059711 100644 --- a/src/openvassd_log_conf.cmake_in +++ b/src/openvas_log_conf.cmake_in @@ -7,12 +7,12 @@ prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/openvassd.log +file=${GVM_LOG_DIR}/openvas.log level=127 [*] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/openvassd.log +file=${GVM_LOG_DIR}/openvas.log level=127 diff --git a/src/otp.c b/src/otp.c deleted file mode 100644 index dcb8c19c1..000000000 --- a/src/otp.c +++ /dev/null @@ -1,52 +0,0 @@ -/* Copyright (C) 2009-2019 Greenbone Networks GmbH - * - * SPDX-License-Identifier: GPL-2.0-or-later - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/** - * @file otp.c - * @brief Implements OpenVAS Transfer Protocol. - */ - -#include "otp.h" - -#include "../misc/network.h" - -#include -#include - -/** - * @brief Find the enum identifier for the client request which is given - * @brief as string. - * - * @param str Enum identifier of OTP command (a client_request_t). - * @see client_request_t - */ -client_request_t -otp_get_client_request (char *str) -{ - if (!strcmp (str, "ATTACHED_FILE")) - return (CREQ_ATTACHED_FILE); - if (!strcmp (str, "LONG_ATTACK")) - return (CREQ_LONG_ATTACK); - if (!strcmp (str, "PREFERENCES")) - return (CREQ_PREFERENCES); - if (!strcmp (str, "STOP_WHOLE_TEST")) - return (CREQ_STOP_WHOLE_TEST); - - return (CREQ_UNKNOWN); -} diff --git a/src/otp.h b/src/otp.h deleted file mode 100644 index c2caaed2d..000000000 --- a/src/otp.h +++ /dev/null @@ -1,40 +0,0 @@ -/* Copyright (C) 2009-2019 Greenbone Networks GmbH - * - * SPDX-License-Identifier: GPL-2.0-or-later - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/** - * @file otp.h - * @brief Protos for OpenVAS Transfer Protocol. - */ - -#ifndef _OTP_H -#define _OTP_H - -typedef enum -{ - CREQ_UNKNOWN, - CREQ_ATTACHED_FILE, - CREQ_LONG_ATTACK, - CREQ_PREFERENCES, - CREQ_STOP_WHOLE_TEST, -} client_request_t; - -client_request_t -otp_get_client_request (char *); - -#endif diff --git a/src/pluginlaunch.c b/src/pluginlaunch.c index 7355b5967..1c2c03ab9 100644 --- a/src/pluginlaunch.c +++ b/src/pluginlaunch.c @@ -266,7 +266,7 @@ pluginlaunch_init (const char *host) if (max_running_processes >= MAX_PROCESSES) { g_debug ("max_checks (%d) > MAX_PROCESSES (%d) - modify " - "openvas-scanner/openvassd/pluginlaunch.c", + "openvas-scanner/openvas/pluginlaunch.c", max_running_processes, MAX_PROCESSES); max_running_processes = MAX_PROCESSES - 1; } diff --git a/src/pluginload.c b/src/pluginload.c index 80f1e7e52..c143a3923 100644 --- a/src/pluginload.c +++ b/src/pluginload.c @@ -232,7 +232,7 @@ cleanup_leftovers (int num_files) size_t count; GSList *oids, *element; - proctitle_set ("openvassd: Cleaning leftover NVTs."); + proctitle_set ("openvas: Cleaning leftover NVTs."); count = nvticache_count (); if ((int) count <= num_files) @@ -295,7 +295,7 @@ plugins_reload_from_dir (void *folder) set_current_loading_plugins (loaded_files); percentile = (loaded_files * 100) / num_files; eta = calculate_eta (start_time, loaded_files, num_files); - proctitle_set ("openvassd: Reloaded %d of %d NVTs" + proctitle_set ("openvas: Reloaded %d of %d NVTs" " (%d%% / ETA: %02d:%02d)", loaded_files, num_files, percentile, eta / 60, eta % 60); @@ -311,7 +311,7 @@ plugins_reload_from_dir (void *folder) if (err_count == 20) { g_debug ("Stopped loading plugins: High number of errors."); - proctitle_set ("openvassd: Error loading NVTs."); + proctitle_set ("openvas: Error loading NVTs."); g_slist_free_full (files, g_free); exit (1); } @@ -322,7 +322,7 @@ plugins_reload_from_dir (void *folder) g_slist_free_full (files, g_free); nasl_clean_inc (); - proctitle_set ("openvassd: Reloaded all the NVTs."); + proctitle_set ("openvas: Reloaded all the NVTs."); exit (0); } diff --git a/src/pluginscheduler.c b/src/pluginscheduler.c index 2e1fc4bbe..f3c2d661b 100644 --- a/src/pluginscheduler.c +++ b/src/pluginscheduler.c @@ -20,7 +20,7 @@ /** * @file pluginscheduler.c - * @brief Tells openvassd which plugin should be executed next. + * @brief Tells openvas which plugin should be executed next. */ #include "pluginscheduler.h" diff --git a/src/sighand.c b/src/sighand.c index ef698ee36..c82e7e35b 100644 --- a/src/sighand.c +++ b/src/sighand.c @@ -23,19 +23,11 @@ * @brief Provides signal handling functions. */ -#include "sighand.h" - -#include "string.h" -#include "utils.h" - -#include /* for errno() */ -#include -#include /* for G_LOG_DOMAIN, for g_critical() */ -#include -#include /* for kill() */ -#include /* for shutdown() */ -#include /* for wait() */ -#include /* for getpid() */ +#include /* for backtrace() */ +#include /* for G_LOG_DOMAIN, for g_critical() */ +#include /* for kill() */ +#include /* for waitpid() */ +#include /* for getpid() */ #undef G_LOG_DOMAIN /** diff --git a/src/utils.c b/src/utils.c index d59e29afe..2c842f3e5 100644 --- a/src/utils.c +++ b/src/utils.c @@ -26,8 +26,6 @@ #include "utils.h" #include "../misc/network.h" /* for stream_zero */ -#include "comm.h" -#include "ntp.h" #include "pluginscheduler.h" #include /* for errno() */ @@ -40,7 +38,6 @@ extern int global_max_hosts; extern int global_max_checks; -int global_scan_type = 1; #undef G_LOG_DOMAIN /** @@ -48,25 +45,6 @@ int global_scan_type = 1; */ #define G_LOG_DOMAIN "sd main" -/** - * @brief Check the scan type - * @return 1 if OTP type, 0 if OSP. - */ -int -is_otp_scan () -{ - return global_scan_type; -} - -/** - * @brief Set the scan type - */ -void -set_scan_type (int type) -{ - global_scan_type = type; -} - /** * Get the max number of hosts to test at the same time. */ @@ -86,7 +64,7 @@ get_max_hosts_number (void) else if (max_hosts > global_max_hosts) { g_debug ("Client tried to raise the maximum hosts number - %d." - " Using %d. Change 'max_hosts' in openvassd.conf if you" + " Using %d. Change 'max_hosts' in openvas.conf if you" " believe this is incorrect", max_hosts, global_max_hosts); max_hosts = global_max_hosts; @@ -117,7 +95,7 @@ get_max_checks_number (void) else if (max_checks > global_max_checks) { g_debug ("Client tried to raise the maximum checks number - %d." - " Using %d. Change 'max_checks' in openvassd.conf if you" + " Using %d. Change 'max_checks' in openvas.conf if you" " believe this is incorrect", max_checks, global_max_checks); max_checks = global_max_checks; diff --git a/src/utils.h b/src/utils.h index db35dac6b..54238b3b5 100644 --- a/src/utils.h +++ b/src/utils.h @@ -28,11 +28,6 @@ #include /* for pid_t */ -int -is_otp_scan (void); -void -set_scan_type (int); - int get_max_hosts_number (void); diff --git a/tools/greenbone-nvt-sync.in b/tools/greenbone-nvt-sync.in index a2fd2b232..f0f928be1 100644 --- a/tools/greenbone-nvt-sync.in +++ b/tools/greenbone-nvt-sync.in @@ -20,7 +20,7 @@ # This script updates the local Network Vulnerability Tests (NVTs) from the # Greenbone Security Feed (GSF) or the Greenbone Community Feed (GCF). -VERSION=@OPENVASSD_VERSION@ +VERSION=@OPENVAS_VERSION@ # SETTINGS # ========