OpenVAS Scanner  5.1.3
openvassd.c
Go to the documentation of this file.
1 /* OpenVAS
2 * $Id$
3 * Description: Runs the OpenVAS-scanner.
4 *
5 * Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
6 * - Tim Brown <mailto:timb@openvas.org> (Initial fork)
7 * - Laban Mwangi <mailto:labanm@openvas.org> (Renaming work)
8 * - Tarik El-Yassem <mailto:tarik@openvas.org> (Headers section)
9 *
10 * Copyright:
11 * Portions Copyright (C) 2006 Software in the Public Interest, Inc.
12 * Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc.
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2,
16 * as published by the Free Software Foundation
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27 
43 #include <stdlib.h> /* for atoi() */
44 #include <unistd.h> /* for close() */
45 #include <errno.h> /* for errno() */
46 #include <fcntl.h> /* for open() */
47 #include <signal.h> /* for SIGTERM */
48 #include <netdb.h> /* for addrinfo */
49 #include <sys/wait.h> /* for waitpid */
50 #include <sys/un.h>
51 #include <sys/stat.h>
52 #include <pwd.h>
53 #include <grp.h>
54 
55 #include <openvas/misc/openvas_proctitle.h> /* for proctitle_set */
56 #include <openvas/misc/openvas_logging.h> /* for setup_legacy_log_handler */
57 #include <openvas/base/pidfile.h> /* for pidfile_create */
58 #include <openvas/base/nvticache.h> /* nvticache_free */
59 #include <openvas/base/kb.h> /* for KB_PATH_DEFAULT */
60 #include <openvas/base/gpgme_util.h>
61 #include <openvas/misc/prefs.h> /* for prefs_get() */
62 #include <openvas/misc/vendorversion.h> /* for prefs_get() */
63 
64 #include <gcrypt.h> /* for gcry_control */
65 
66 #include "comm.h" /* for comm_loading */
67 #include "attack.h" /* for attack_network */
68 #include "sighand.h" /* for openvas_signal */
69 #include "log.h" /* for log_write */
70 #include "processes.h" /* for create_process */
71 #include "ntp.h" /* for ntp_timestamp_scan_starts */
72 #include "utils.h" /* for wait_for_children1 */
73 #include "pluginlaunch.h" /* for init_loading_shm */
74 
75 #if GNUTLS_VERSION_NUMBER < 0x030300
76 #include <openvas/misc/network.h> /* openvas_SSL_init */
77 #endif
78 
79 #ifdef SVN_REV_AVAILABLE
80 #include "svnrevision.h"
81 #endif
82 
88 
89 static int global_iana_socket = -1;
90 
91 static volatile int loading_stop_signal = 0;
92 static volatile int reload_signal = 0;
93 static volatile int termination_signal = 0;
94 
95 typedef struct
96 {
97  char *option;
98  char *value;
100 
104 static openvassd_option openvassd_defaults[] = {
105  {"plugins_folder", OPENVAS_NVT_DIR},
106  {"cache_folder", OPENVAS_CACHE_DIR},
107  {"include_folders", OPENVAS_NVT_DIR},
108  {"max_hosts", "30"},
109  {"max_checks", "10"},
110  {"be_nice", "no"},
111  {"logfile", OPENVASSD_MESSAGES},
112  {"log_whole_attack", "no"},
113  {"log_plugins_name_at_load", "no"},
114  {"dumpfile", OPENVASSD_DEBUGMSG},
115  {"cgi_path", "/cgi-bin:/scripts"},
116  {"optimize_test", "yes"},
117  {"checks_read_timeout", "5"},
118  {"network_scan", "no"},
119  {"non_simult_ports", "139, 445"},
120  {"plugins_timeout", G_STRINGIFY (NVT_TIMEOUT)},
121  {"scanner_plugins_timeout", G_STRINGIFY (SCANNER_NVT_TIMEOUT)},
122  {"safe_checks", "yes"},
123  {"auto_enable_dependencies", "yes"},
124  {"use_mac_addr", "no"},
125  {"nasl_no_signature_check", "yes"},
126  {"drop_privileges", "no"},
127  {"unscanned_closed", "yes"},
128  {"unscanned_closed_udp", "yes"},
129  // Empty options must be "\0", not NULL, to match the behavior of
130  {"vhosts", "\0"},
131  {"vhosts_ip", "\0"},
132  {"report_host_details", "yes"},
133  {"kb_location", KB_PATH_DEFAULT},
134  {"timeout_retry", "3"},
135  {"time_between_request", "0"},
136  {NULL, NULL}
137 };
138 
139 gchar *unix_socket_path = NULL;
140 
141 static void
142 start_daemon_mode (void)
143 {
144  const char *s;
145  int fd;
146 
147  /* do not block the listener port for subsequent scanners */
148  close (global_iana_socket);
149 
150  /* become process group leader */
151  if (setsid () < 0)
152  {
153  log_write ("Warning: Cannot set process group leader (%s)",
154  strerror (errno));
155  }
156 
157  if ((fd = open ("/dev/tty", O_RDWR)) >= 0)
158  close (fd);
159 
160  /* no input, anymore: provide an empty-file substitute */
161  if ((fd = open ("/dev/null", O_RDONLY)) < 0)
162  {
163  log_write ("Cannot open /dev/null (%s) -- aborting", strerror (errno));
164  exit (0);
165  }
166 
167  dup2 (fd, 0);
168  close (fd);
169 
170  /* provide a dump file to collect stdout and stderr */
171  if ((s = prefs_get ("dumpfile")) == 0)
172  s = OPENVASSD_DEBUGMSG;
173  /* setting "-" denotes terminal mode */
174  if (strcmp (s, "-") == 0)
175  return;
176 
177  fflush (stdout);
178  fflush (stderr);
179 
180  if ((fd = open (s, O_WRONLY | O_CREAT | O_APPEND, 0600)) < 0)
181  {
182  log_write ("Cannot create a new dumpfile %s (%s)-- aborting", s,
183  strerror (errno));
184  exit (2);
185  }
186 
187  dup2 (fd, 1);
188  dup2 (fd, 2);
189  close (fd);
190  setlinebuf (stdout);
191  setlinebuf (stderr);
192 }
193 
194 
195 static void
196 end_daemon_mode (void)
197 {
198  /* clean up all processes the process group */
199  make_em_die (SIGTERM);
200 }
201 
202 static void
203 set_globals_from_preferences (void)
204 {
205  const char *str;
206 
207  if ((str = prefs_get ("max_hosts")) != NULL)
208  {
209  global_max_hosts = atoi (str);
210  if (global_max_hosts <= 0)
211  global_max_hosts = 15;
212  }
213 
214  if ((str = prefs_get ("max_checks")) != NULL)
215  {
216  global_max_checks = atoi (str);
217  if (global_max_checks <= 0)
218  global_max_checks = 10;
219  }
220 }
221 
222 static void
223 handle_reload_signal (int sig)
224 {
225  reload_signal = sig;
226 }
227 
228 static void
229 handle_termination_signal (int sig)
230 {
231  termination_signal = sig;
232 }
233 
234 /*
235  * @brief Handles a client request when the scanner is still loading.
236  *
237  * @param[in] soc Client socket to send and receive from.
238  */
239 static void
240 loading_client_handle (int soc)
241 {
242  int opt = 1;
243  if (soc <= 0)
244  return;
245 
246  setsockopt (soc, SOL_SOCKET, SO_KEEPALIVE, &opt, sizeof (opt));
247  comm_loading (soc);
248  shutdown (soc, 2);
249  close (soc);
250 }
251 
252 /*
253  * @brief Handles term signal received by loading handler child process.
254  */
255 static void
256 handle_loading_stop_signal (int sig)
257 {
258  loading_stop_signal = sig;
259 }
260 
261 static void
262 remove_pidfile ()
263 {
264  pidfile_remove ("openvassd");
265 }
266 
267 /*
268  * @brief Starts a process to handle client requests while the scanner is
269  * loading.
270  *
271  * @return process id of loading handler.
272  */
273 static pid_t
274 loading_handler_start ()
275 {
276  pid_t child_pid, parent_pid;
277 
278  init_loading_shm ();
279  parent_pid = getpid ();
280  child_pid = fork ();
281  if (child_pid != 0)
282  return child_pid;
283 
284  proctitle_set ("openvassd (Loading Handler)");
285  openvas_signal (SIGTERM, handle_loading_stop_signal);
286 
287  /*
288  * Forked process will handle client requests until parent dies or stops it
289  * with loading_handler_stop ().
290  */
291  while (1)
292  {
293  unsigned int lg_address;
294  struct sockaddr_un address;
295  int soc;
296  fd_set set;
297  struct timeval timeout;
298  int rv, ret;
299  pid_t child_pid1;
300 
301  if (loading_stop_signal || kill (parent_pid, 0) < 0)
302  break;
303  lg_address = sizeof (struct sockaddr_un);
304 
305  if (listen (global_iana_socket, 5) < 0)
306  continue;
307 
308  FD_ZERO(&set);
309  FD_SET(global_iana_socket, &set);
310 
311  timeout.tv_sec = 0;
312  timeout.tv_usec = 500000;
313 
314  rv = select(global_iana_socket + 1, &set, NULL, NULL, &timeout);
315  if(rv == -1) /* Select error. */
316  continue;
317  else if(rv == 0) /* Timeout. */
318  continue;
319  else
320  soc = accept (global_iana_socket, (struct sockaddr *) (&address),
321  &lg_address);
322  if (soc == -1)
323  continue;
324 
325  child_pid1 = fork ();
326  if (child_pid1 == 0)
327  {
328  loading_client_handle (soc);
329  close (soc);
330  exit (0);
331  }
332  waitpid (child_pid1, &ret, WNOHANG);
333  }
334  exit (0);
335 }
336 
337 /*
338  * @brief Stops the loading handler process.
339  *
340  * @param[in] handler_pid Pid of loading handler.
341  */
342 void
343 loading_handler_stop (pid_t handler_pid)
344 {
345  terminate_process (handler_pid);
347 }
348 
352 static void
353 init_signal_handlers ()
354 {
355  openvas_signal (SIGTERM, handle_termination_signal);
356  openvas_signal (SIGINT, handle_termination_signal);
357  openvas_signal (SIGQUIT, handle_termination_signal);
358  openvas_signal (SIGHUP, handle_reload_signal);
359  openvas_signal (SIGCHLD, sighand_chld);
360 }
361 
362 /* Restarts the scanner by reloading the configuration. */
363 static void
364 reload_openvassd ()
365 {
366  const char *config_file;
367  pid_t handler_pid;
368  int i, ret;
369 
370  /* Ignore SIGHUP while reloading. */
371  openvas_signal (SIGHUP, SIG_IGN);
372 
373  /* Reinitialize logging before writing to it. */
374  log_init (prefs_get ("logfile"));
375  log_write ("Reloading the scanner.");
376 
377  handler_pid = loading_handler_start ();
378  if (handler_pid < 0)
379  return;
380  /* Reload config file. */
381  config_file = prefs_get ("config_file");
382  for (i = 0; openvassd_defaults[i].option != NULL; i++)
383  prefs_set (openvassd_defaults[i].option, openvassd_defaults[i].value);
384  prefs_config (config_file);
385 
386  /* Reload the plugins */
387  ret = plugins_init ();
388  set_globals_from_preferences ();
389  loading_handler_stop (handler_pid);
390 
391  log_write ("Finished reloading the scanner.");
392  reload_signal = 0;
393  openvas_signal (SIGHUP, handle_reload_signal);
394  if (ret)
395  exit (1);
396 }
397 
398 static void
399 handle_client (struct arglist *globals)
400 {
401  kb_t net_kb = NULL;
402  int soc = arg_get_value_int (globals, "global_socket");
403 
404  /* Become process group leader and the like ... */
405  start_daemon_mode ();
406  if (comm_wait_order (globals))
407  return;
409  attack_network (globals, &net_kb);
410  if (net_kb != NULL)
411  {
412  kb_delete (net_kb);
413  net_kb = NULL;
414  }
416  comm_terminate (soc);
417 }
418 
419 static void
420 scanner_thread (struct arglist *globals)
421 {
422  int opt = 1, soc;
423 
424  nvticache_reset ();
425  soc = arg_get_value_int (globals, "global_socket");
426  proctitle_set ("openvassd: Serving %s", unix_socket_path);
427 
428  /* Everyone runs with a nicelevel of 10 */
429  if (prefs_get_bool ("be_nice"))
430  {
431  errno = 0;
432  if (nice(10) == -1 && errno != 0)
433  {
434  log_write ("Unable to renice process: %d", errno);
435  }
436  }
437 
438  /* Close the scanner thread - it is useless for us now */
439  close (global_iana_socket);
440 
441  if (soc < 0)
442  goto shutdown_and_exit;
443 
444  setsockopt (soc, SOL_SOCKET, SO_KEEPALIVE, &opt, sizeof (opt));
445  /* arg_set_value *replaces* an existing value, but it shouldn't fail here */
446  arg_add_value (globals, "parent_socket", ARG_INT, GSIZE_TO_POINTER (soc));
447  arg_set_value (globals, "global_socket", GSIZE_TO_POINTER (soc));
448 
449  if (comm_init (soc) < 0)
450  exit (0);
451  handle_client (globals);
452 
453 shutdown_and_exit:
454  shutdown (soc, 2);
455  close (soc);
456 
457  /* Kill left overs */
458  end_daemon_mode ();
459  exit (0);
460 }
461 
462 /*
463  * @brief Terminates the scanner if a termination signal was received.
464  */
465 static void
466 check_termination ()
467 {
468  if (termination_signal)
469  {
470  log_write ("Received the %s signal", strsignal (termination_signal));
471  remove_pidfile ();
472  make_em_die (SIGTERM);
473  log_close ();
474  _exit (0);
475  }
476 }
477 
478 /*
479  * @brief Reloads the scanner if a reload was requested.
480  */
481 static void
482 check_reload ()
483 {
484  if (reload_signal)
485  {
486  proctitle_set ("openvassd: Reloading");
487  reload_openvassd ();
488  proctitle_set ("openvassd: Waiting for incoming connections");
489  }
490 }
491 
492 
497 static void
498 stop_all_scans (void)
499 {
500  int i, ispid;
501  GDir *proc = NULL;
502  const gchar *piddir = NULL;
503  gchar *pidstatfn = NULL;
504  gchar **contents_split = NULL;
505  gchar *contents = NULL;
506  GError *error = NULL;
507  gchar *parentID = NULL;
508  gchar *processID = NULL;
509 
510  proc = g_dir_open ("/proc", 0, &error);
511  if (error != NULL)
512  {
513  log_write ("Unable to open directory: %s\n", error->message);
514  g_error_free (error);
515  return;
516  }
517  while ((piddir = g_dir_read_name (proc)) != NULL)
518  {
519  ispid = 1;
520  for (i = 0; i < (int)strlen (piddir); i++)
521  if (!g_ascii_isdigit (piddir[i]))
522  {
523  ispid = 0;
524  break;
525  }
526  if (!ispid)
527  continue;
528 
529  pidstatfn = g_strconcat ("/proc/", piddir, "/stat", NULL);
530  if (g_file_get_contents (pidstatfn, &contents, NULL, NULL))
531  {
532  contents_split = g_strsplit (contents," ", 6);
533  parentID = g_strdup (contents_split[3]);
534  processID = g_strdup (contents_split[0]);
535 
536  g_free (pidstatfn);
537  pidstatfn = NULL;
538  g_free (contents);
539  contents = NULL;
540  g_strfreev (contents_split);
541  contents_split = NULL;
542 
543  if (atoi(parentID) == (int)getpid())
544  {
545  log_write ("Stopping running scan with PID: %s", processID);
546  kill (atoi(processID), SIGUSR2);
547  }
548  g_free (parentID);
549  parentID = NULL;
550  g_free (processID);
551  processID = NULL;
552  }
553  else
554  {
555  g_free (pidstatfn);
556  pidstatfn = NULL;
557  continue;
558  }
559  }
560 
561  if (proc)
562  g_dir_close (proc);
563 }
564 
569 void
571 {
572  int waitredis = 5, waitkb = 5, ret = 0;
573  kb_t kb_access_aux;
574 
575  while (waitredis != 0)
576  {
577  ret = kb_new (&kb_access_aux, prefs_get ("kb_location"));
578  if (ret)
579  {
580  log_write ("Redis connection lost. Trying to reconnect.");
581  waitredis--;
582  sleep (5);
583  continue;
584  }
585  else
586  {
587  kb_delete (kb_access_aux);
588  break;
589  }
590  }
591 
592  if (waitredis == 0)
593  {
594  log_write ("Critical Redis connection error.");
595  exit (1);
596  }
597 
598  while (waitkb != 0)
599  {
600  kb_access_aux = kb_find (prefs_get ("kb_location"), "nvticache");
601  if (!kb_access_aux)
602  {
603  log_write ("Redis kb not found. Trying again in 2 seconds.");
604  waitkb--;
605  sleep (2);
606  continue;
607  }
608  else
609  {
610  kb_lnk_reset (kb_access_aux);
611  g_free (kb_access_aux);
612  break;
613  }
614  }
615 
616  if (waitredis != 5 || waitkb == 0)
617  {
618  log_write ("Redis connection error. Stopping all the running scans.");
619  stop_all_scans ();
620  reload_openvassd ();
621  }
622 }
623 
624 static void
625 main_loop ()
626 {
627 #ifdef OPENVASSD_SVN_REVISION
628  log_write ("openvassd %s (SVN revision %i) started",
629  OPENVASSD_VERSION,
630  OPENVASSD_SVN_REVISION);
631 #else
632  log_write ("openvassd %s started", OPENVASSD_VERSION);
633 #endif
634  proctitle_set ("openvassd: Waiting for incoming connections");
635  for (;;)
636  {
637  int soc, opts;
638  unsigned int lg_address;
639  struct sockaddr_un address;
640  struct arglist *globals;
641  fd_set set;
642  struct timeval timeout;
643  int rv;
644 
645  check_termination ();
646  check_reload ();
647  check_kb_status ();
649  lg_address = sizeof (struct sockaddr_un);
650 
651  /* Setting the socket to non-blocking and the use of select() for
652  * listen() before accept() is done only for openvas-9. It allows to
653  * go through the loop every 0.5sec without stuck in the accept() call.
654  * In the trunk version the manager ask the the scanner for new NVTs
655  * every 10sec, so the loop is not stuck in accept().
656  */
657  if ((opts = fcntl (global_iana_socket, F_GETFL, 0)) < 0)
658  {
659  log_write ("fcntl: %s", strerror (errno));
660  exit (0);
661  }
662  if (fcntl (global_iana_socket, F_SETFL, opts | O_NONBLOCK) < 0)
663  {
664  log_write ("fcntl: %s", strerror (errno));
665  exit (0);
666  }
667 
668  if (listen (global_iana_socket, 5) < 0)
669  continue;
670 
671  FD_ZERO(&set);
672  FD_SET(global_iana_socket, &set);
673 
674  timeout.tv_sec = 0;
675  timeout.tv_usec = 500000;
676 
677  rv = select(global_iana_socket + 1, &set, NULL, NULL, &timeout);
678  if(rv == -1) /* Select error. */
679  continue;
680  else if(rv == 0) /* Timeout. */
681  continue;
682  else
683  soc = accept (global_iana_socket, (struct sockaddr *) (&address),
684  &lg_address);
685  if (soc == -1)
686  continue;
687 
688  /* Set the socket to blocking again. */
689  if (fcntl (global_iana_socket, F_SETFL, opts) < 0)
690  log_write ("fcntl: %s", strerror (errno));
691 
692  globals = g_malloc0 (sizeof (struct arglist));
693  arg_add_value (globals, "global_socket", ARG_INT, GSIZE_TO_POINTER (soc));
694 
695  /* we do not want to create an io thread, yet so the last argument is -1 */
696  if (create_process ((process_func_t) scanner_thread, globals) < 0)
697  {
698  log_write ("Could not fork - client won't be served");
699  sleep (2);
700  }
701  close (soc);
702  arg_free (globals);
703  }
704 }
705 
716 static int
717 init_unix_network (int *sock, const char *owner, const char *group,
718  const char *mode)
719 {
720  struct sockaddr_un addr;
721  struct stat ustat;
722  int unix_socket;
723  mode_t omode;
724 
725  unix_socket = socket (AF_UNIX, SOCK_STREAM, 0);
726  if (unix_socket == -1)
727  {
728  log_write ("%s: Couldn't create UNIX socket", __FUNCTION__);
729  return -1;
730  }
731  addr.sun_family = AF_UNIX;
732  strncpy (addr.sun_path, unix_socket_path, sizeof (addr.sun_path) - 1);
733  if (!stat (addr.sun_path, &ustat))
734  {
735  /* Remove socket so we can bind(). */
736  unlink (addr.sun_path);
737  }
738  if (bind (unix_socket, (struct sockaddr *) &addr, sizeof (struct sockaddr_un))
739  == -1)
740  {
741  log_write ("%s: Error on bind(%s): %s", __FUNCTION__,
742  unix_socket_path, strerror (errno));
743  return -1;
744  }
745 
746  if (owner)
747  {
748  struct passwd *pwd = getpwnam (owner);
749  if (!pwd)
750  {
751  log_write ("%s: User %s not found.", __FUNCTION__, owner);
752  return -1;
753  }
754  if (chown (unix_socket_path, pwd->pw_uid, -1) == -1)
755  {
756  log_write ("%s: chown: %s", __FUNCTION__, strerror (errno));
757  return -1;
758  }
759  }
760 
761  if (group)
762  {
763  struct group *grp = getgrnam (group);
764  if (!grp)
765  {
766  log_write ("%s: Group %s not found.", __FUNCTION__, group);
767  return -1;
768  }
769  if (chown (unix_socket_path, -1, grp->gr_gid) == -1)
770  {
771  log_write ("%s: chown: %s", __FUNCTION__, strerror (errno));
772  return -1;
773  }
774  }
775 
776  if (!mode)
777  mode = "660";
778  omode = strtol (mode, 0, 8);
779  if (omode <= 0 || omode > 4095)
780  {
781  log_write ("%s: Erroneous liste-mode value", __FUNCTION__);
782  return -1;
783  }
784  if (chmod (unix_socket_path, strtol (mode, 0, 8)) == -1)
785  {
786  log_write ("%s: chmod: %s", __FUNCTION__, strerror (errno));
787  return -1;
788  }
789 
790  if (listen (unix_socket, 128) == -1)
791  {
792  log_write ("%s: Error on listen(): %s", __FUNCTION__, strerror (errno));
793  return -1;
794  }
795 
796  *sock = unix_socket;
797  return 0;
798 }
799 
805 static int
806 init_openvassd (int dont_fork, const char *config_file)
807 {
808  int i;
809 
810  for (i = 0; openvassd_defaults[i].option != NULL; i++)
811  prefs_set (openvassd_defaults[i].option, openvassd_defaults[i].value);
812  prefs_config (config_file);
813 
814  log_init (prefs_get ("logfile"));
815  if (dont_fork == FALSE)
816  setup_legacy_log_handler (log_vwrite);
817 
818  set_globals_from_preferences ();
819 
820  return 0;
821 }
822 
823 static void
824 set_daemon_mode ()
825 {
826  /* Close stdin, stdout and stderr */
827  int i = open ("/dev/null", O_RDONLY, 0640);
828  if (dup2 (i, STDIN_FILENO) != STDIN_FILENO)
829  log_write ("Could not redirect stdin to /dev/null: %s\n", strerror (errno));
830  if (dup2 (i, STDOUT_FILENO) != STDOUT_FILENO)
831  log_write ("Could not redirect stdout to /dev/null: %s\n",
832  strerror (errno));
833  if (dup2 (i, STDERR_FILENO) != STDERR_FILENO)
834  log_write ("Could not redirect stderr to /dev/null: %s\n",
835  strerror (errno));
836  close (i);
837  if (fork ())
838  exit (0);
839  setsid ();
840 }
841 
842 static int
843 flush_all_kbs ()
844 {
845  kb_t kb;
846  int rc;
847 
848  rc = kb_new (&kb, prefs_get ("kb_location"));
849  if (rc)
850  return rc;
851 
852  rc = kb_flush (kb, "nvticache");
853  return rc;
854 }
855 
856 static void
857 gcrypt_init ()
858 {
859  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
860  return;
861  gcry_check_version (NULL);
862  gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
863  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
864  gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
865  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
866 }
867 
873 int
874 main (int argc, char *argv[])
875 {
876  int ret;
877  pid_t handler_pid;
878 
879  proctitle_init (argc, argv);
880  gcrypt_init ();
881 
882  static gboolean display_version = FALSE;
883  static gboolean dont_fork = FALSE;
884  static gchar *config_file = NULL;
885  static gchar *vendor_version_string = NULL;
886  static gchar *listen_owner = NULL;
887  static gchar *listen_group = NULL;
888  static gchar *listen_mode = NULL;
889  static gchar *gnupg_dir = NULL;
890  static gboolean print_specs = FALSE;
891  static gboolean print_sysconfdir = FALSE;
892  static gboolean only_cache = FALSE;
893  GError *error = NULL;
894  GOptionContext *option_context;
895  static GOptionEntry entries[] = {
896  {"version", 'V', 0, G_OPTION_ARG_NONE, &display_version,
897  "Display version information", NULL},
898  {"foreground", 'f', 0, G_OPTION_ARG_NONE, &dont_fork,
899  "Do not run in daemon mode but stay in foreground", NULL},
900  {"config-file", 'c', 0, G_OPTION_ARG_FILENAME, &config_file,
901  "Configuration file", "<filename>"},
902  {"vendor-version", '\0', 0, G_OPTION_ARG_STRING, &vendor_version_string,
903  "Use <string> as vendor version.", "<string>"},
904  {"cfg-specs", 's', 0, G_OPTION_ARG_NONE, &print_specs,
905  "Print configuration settings", NULL},
906  {"sysconfdir", 'y', 0, G_OPTION_ARG_NONE, &print_sysconfdir,
907  "Print system configuration directory (set at compile time)", NULL},
908  {"only-cache", 'C', 0, G_OPTION_ARG_NONE, &only_cache,
909  "Exit once the NVT cache has been initialized or updated", NULL},
910  {"unix-socket", 'c', 0, G_OPTION_ARG_FILENAME, &unix_socket_path,
911  "Path of unix socket to listen on", "<filename>"},
912  {"listen-owner", '\0', 0, G_OPTION_ARG_STRING, &listen_owner,
913  "Owner of the unix socket", "<string>"},
914  {"listen-group", '\0', 0, G_OPTION_ARG_STRING, &listen_group,
915  "Group of the unix socket", "<string>"},
916  {"listen-mode", '\0', 0, G_OPTION_ARG_STRING, &listen_mode,
917  "File mode of the unix socket", "<string>"},
918  {"gnupg-home", 'c', 0, G_OPTION_ARG_STRING, &gnupg_dir,
919  "Gnupg home directory", "<directory>"},
920  {NULL, 0, 0, 0, NULL, NULL, NULL}
921  };
922 
923  option_context =
924  g_option_context_new ("- Scanner of the Open Vulnerability Assessment System");
925  g_option_context_add_main_entries (option_context, entries, NULL);
926  if (!g_option_context_parse (option_context, &argc, &argv, &error))
927  {
928  g_print ("%s\n\n", error->message);
929  exit (0);
930  }
931  g_option_context_free (option_context);
932 
933  if (print_sysconfdir)
934  {
935  g_print ("%s\n", SYSCONFDIR);
936  exit (0);
937  }
938 
939  /* Switch to UTC so that OTP times are always in UTC. */
940  if (setenv ("TZ", "utc 0", 1) == -1)
941  {
942  g_print ("%s\n\n", strerror (errno));
943  exit (0);
944  }
945  tzset ();
946 
947  if (!unix_socket_path)
948  unix_socket_path = g_build_filename (OPENVAS_RUN_DIR, "openvassd.sock", NULL);
949 
950  if (display_version)
951  {
952  printf ("OpenVAS Scanner %s\n", OPENVASSD_VERSION);
953 #ifdef OPENVASSD_SVN_REVISION
954  printf ("SVN revision %i\n", OPENVASSD_SVN_REVISION);
955 #endif
956  printf
957  ("Most new code since 2005: (C) 2016 Greenbone Networks GmbH\n");
958  printf
959  ("Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>\n");
960  printf ("License GPLv2: GNU GPL version 2\n");
961  printf
962  ("This is free software: you are free to change and redistribute it.\n"
963  "There is NO WARRANTY, to the extent permitted by law.\n\n");
964  exit (0);
965  }
966 
967  if (gnupg_dir)
968  set_gpghome (gnupg_dir);
969 
970  if (vendor_version_string)
971  vendor_version_set (vendor_version_string);
972 
973  if (!config_file)
974  config_file = OPENVASSD_CONF;
975  if (only_cache)
976  {
977  if (init_openvassd (dont_fork, config_file))
978  return 1;
979  if (plugins_init ())
980  return 1;
981  return 0;
982  }
983 
984  if (init_openvassd (dont_fork, config_file))
985  return 1;
986  if (!print_specs)
987  {
988  if (init_unix_network (&global_iana_socket, listen_owner, listen_group,
989  listen_mode))
990  return 1;
991  }
992 
993  /* special treatment */
994  if (print_specs)
995  {
996  prefs_dump ();
997  exit (0);
998  }
999  flush_all_kbs ();
1000 
1001 #if GNUTLS_VERSION_NUMBER < 0x030300
1002  if (openvas_SSL_init () < 0)
1003  log_write ("Could not initialize openvas SSL!");
1004 #endif
1005 
1006  // Daemon mode:
1007  if (dont_fork == FALSE)
1008  set_daemon_mode ();
1009  pidfile_create ("openvassd");
1010 
1011  /* Ignore SIGHUP while reloading. */
1012  openvas_signal (SIGHUP, SIG_IGN);
1013  handler_pid = loading_handler_start ();
1014  if (handler_pid < 0)
1015  return 1;
1016  ret = plugins_init ();
1017  loading_handler_stop (handler_pid);
1018  if (ret)
1019  return 1;
1020  init_signal_handlers ();
1021  main_loop ();
1022  exit (0);
1023 }
void log_init(const char *filename)
Initialization of the log file.
Definition: log.c:48
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:92
void log_write(const char *str,...)
Write into the logfile / syslog.
Definition: log.c:140
int global_max_hosts
Definition: openvassd.c:86
int comm_loading(int soc)
Informs the client that the scanner is still loading.
Definition: comm.c:89
int global_max_checks
Definition: openvassd.c:87
int ntp_timestamp_scan_ends(int soc)
Definition: ntp.c:425
int plugins_init(void)
Definition: pluginload.c:358
gchar * unix_socket_path
Definition: openvassd.c:139
void attack_network(struct arglist *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:920
void check_kb_status()
Check if Redis Server is up and if the KB exists. If KB does not exist,force a reload and stop all th...
Definition: openvassd.c:570
void loading_handler_stop(pid_t handler_pid)
Definition: openvassd.c:343
void log_vwrite(const char *str, va_list arg_ptr)
Write into the logfile / syslog using a va_list.
Definition: log.c:110
void sighand_chld(pid_t pid)
Definition: sighand.c:109
int main(int argc, char *argv[])
openvassd.
Definition: openvassd.c:874
void destroy_loading_shm(void)
Definition: pluginload.c:165
void make_em_die(int sig)
Definition: sighand.c:53
int comm_init(int soc)
Initializes the communication between the scanner (us) and the client.
Definition: comm.c:57
void(* process_func_t)(void *)
Definition: processes.h:31
void log_close()
Definition: log.c:90
void init_loading_shm(void)
Definition: pluginload.c:132
int comm_wait_order(struct arglist *globals)
This function waits for the attack order of the client. Meanwhile, it processes all the messages the ...
Definition: comm.c:303
int ntp_timestamp_scan_starts(int soc)
Definition: ntp.c:419
int terminate_process(pid_t pid)
Definition: processes.c:43
void comm_terminate(int soc)
This function must be called at the end of a session.
Definition: comm.c:146
pid_t create_process(process_func_t function, void *argument)
Create a new process (fork).
Definition: processes.c:77
void wait_for_children1(void)
Definition: utils.c:202