OpenVAS Scanner  5.1.3
attack.c File Reference
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/wait.h>
#include <arpa/inet.h>
#include <stdlib.h>
#include <glib.h>
#include <fcntl.h>
#include <openvas/base/openvas_hosts.h>
#include <openvas/base/openvas_networking.h>
#include <openvas/misc/openvas_proctitle.h>
#include <openvas/base/kb.h>
#include <openvas/misc/network.h>
#include <openvas/misc/nvt_categories.h>
#include <openvas/misc/pcap_openvas.h>
#include <openvas/misc/prefs.h>
#include <openvas/misc/internal_com.h>
#include <openvas/base/nvticache.h>
#include "attack.h"
#include "comm.h"
#include "hosts.h"
#include "log.h"
#include "ntp.h"
#include "pluginlaunch.h"
#include "pluginload.h"
#include "pluginscheduler.h"
#include "plugs_req.h"
#include "processes.h"
#include "sighand.h"
#include "utils.h"
Include dependency graph for attack.c:

Go to the source code of this file.

Data Structures

struct  attack_start_args
 

Macros

#define ERR_HOST_DEAD   -1
 
#define ERR_CANT_FORK   -2
 
#define MAX_FORK_RETRIES   10
 
#define PROGRESS_BAR_STYLE   1
 

Enumerations

enum  net_scan_status { NSS_NONE = 0, NSS_BUSY, NSS_DONE }
 

Functions

void attack_network (struct arglist *globals, kb_t *network_kb)
 Attack a whole network. More...
 

Variables

int global_scan_stop = 0
 
int global_stop_all_scans = 0
 

Macro Definition Documentation

◆ ERR_CANT_FORK

#define ERR_CANT_FORK   -2

Definition at line 66 of file attack.c.

◆ ERR_HOST_DEAD

#define ERR_HOST_DEAD   -1

Definition at line 65 of file attack.c.

◆ MAX_FORK_RETRIES

#define MAX_FORK_RETRIES   10

Definition at line 68 of file attack.c.

◆ PROGRESS_BAR_STYLE

#define PROGRESS_BAR_STYLE   1

It switchs progress bar styles. If set to 1, time oriented style and it take into account only alive host. If set to 0, it not reflect progress adequately in case of dead host, which will take into account with 0% processed, producing jumps in the process bar.

Definition at line 77 of file attack.c.

Enumeration Type Documentation

◆ net_scan_status

Enumerator
NSS_NONE 
NSS_BUSY 
NSS_DONE 

Definition at line 93 of file attack.c.

93  {
94  NSS_NONE = 0,
95  NSS_BUSY,
96  NSS_DONE,
97 };

Function Documentation

◆ attack_network()

void attack_network ( struct arglist *  globals,
kb_t *  network_kb 
)

Attack a whole network.

Definition at line 920 of file attack.c.

921 {
922  int max_hosts = 0, max_checks;
923  const char *hostlist;
924  openvas_host_t *host;
925  int global_socket = -1;
926  plugins_scheduler_t sched;
927  int fork_retries = 0;
928  GHashTable *files;
929  struct timeval then, now;
930  openvas_hosts_t *hosts;
931 
932  const gchar *network_targets, *port_range;
933  gboolean network_phase = FALSE;
934  gboolean do_network_scan = FALSE;
935 
936  gettimeofday (&then, NULL);
937 
938  if (prefs_get_bool ("network_scan"))
939  do_network_scan = TRUE;
940  else
941  do_network_scan = FALSE;
942 
943  network_targets = prefs_get ("network_targets");
944  if (network_targets != NULL)
945  arg_add_value (globals, "network_targets", ARG_STRING,
946  (char *) network_targets);
947 
948  if (do_network_scan)
949  {
950  enum net_scan_status nss;
951 
952  nss = network_scan_status (globals);
953  switch (nss)
954  {
955  case NSS_DONE:
956  network_phase = FALSE;
957  break;
958 
959  case NSS_BUSY:
960  network_phase = TRUE;
961  break;
962 
963  default:
964  arg_add_value (globals, "network_scan_status", ARG_STRING,
965  "busy");
966  network_phase = TRUE;
967  break;
968  }
969  }
970  else
971  network_kb = NULL;
972 
973  global_socket = arg_get_value_int (globals, "global_socket");
974  if (check_kb_access(global_socket))
975  return;
976 
977  /* Init and check Target List */
978  hostlist = prefs_get ("TARGET");
979  if (hostlist == NULL)
980  {
981  error_message_to_client (global_socket, "Missing target hosts", NULL,
982  NULL);
983  return;
984  }
985 
986  /* Verify the port range is a valid one */
987  port_range = prefs_get ("port_range");
988  if (validate_port_range (port_range))
989  {
990  error_message_to_client (global_socket, "Invalid port range", NULL,
991  port_range);
992  return;
993  }
994 
995  /* Initialize the attack. */
996  sched = plugins_scheduler_init
997  (prefs_get ("plugin_set"), prefs_get_bool ("auto_enable_dependencies"),
998  network_phase);
999 
1000  max_hosts = get_max_hosts_number ();
1001  max_checks = get_max_checks_number ();
1002 
1003  if (network_phase)
1004  {
1005  if (network_targets == NULL)
1006  {
1007  log_write ("WARNING: In network phase, but without targets! Stopping.");
1008  host = NULL;
1009  }
1010  else
1011  {
1012  int rc;
1013 
1014  log_write ("Start a new scan. Target(s) : %s, "
1015  "in network phase with target %s",
1016  hostlist, network_targets);
1017 
1018  rc = kb_new (network_kb, prefs_get ("kb_location"));
1019  if (rc)
1020  {
1021  report_kb_failure (global_socket, rc);
1022  host = NULL;
1023  }
1024  else
1025  kb_lnk_reset (*network_kb);
1026  }
1027  }
1028  else
1029  {
1030  log_write ("Starts a new scan. Target(s) : %s, with max_hosts = %d and "
1031  "max_checks = %d", hostlist, max_hosts, max_checks);
1032  }
1033 
1034  hosts = openvas_hosts_new (hostlist);
1035  /* Apply Hosts preferences. */
1036  apply_hosts_preferences (hosts);
1037 
1038  /* Don't start if the provided interface is unauthorized. */
1039  if (apply_source_iface_preference (global_socket) != 0)
1040  {
1041  openvas_hosts_free (hosts);
1042  error_message_to_client
1043  (global_socket, "Interface not authorized for scanning", NULL, NULL);
1044  return;
1045  }
1046  host = openvas_hosts_next (hosts);
1047  if (host == NULL)
1048  goto stop;
1049  hosts_init (global_socket, max_hosts);
1050  /*
1051  * Start the attack !
1052  */
1053  openvas_signal (SIGUSR1, handle_scan_stop_signal);
1054  openvas_signal (SIGUSR2, handle_stop_all_scans_signal);
1055  while (host && !scan_is_stopped () && !all_scans_are_stopped())
1056  {
1057  int pid;
1058  struct attack_start_args args;
1059  char *host_str;
1060  int soc[2];
1061 
1062  host_str = openvas_host_value_str (host);
1063  if (socketpair (AF_UNIX, SOCK_STREAM, 0, soc) < 0
1064  || hosts_new (globals, host_str, soc[1]) < 0)
1065  {
1066  g_free (host_str);
1067  goto scan_stop;
1068  }
1069 
1070  if (scan_is_stopped () || all_scans_are_stopped ())
1071  {
1072  close (soc[0]);
1073  close (soc[1]);
1074  g_free (host_str);
1075  continue;
1076  }
1077  args.host = host;
1078  args.globals = globals;
1079  args.sched = sched;
1080  args.thread_socket = soc[0];
1081  args.parent_socket = soc[1];
1082  args.net_kb = network_kb;
1083 
1084  forkagain:
1085  pid = create_process ((process_func_t) attack_start, &args);
1086  /* Close child process' socket. */
1087  close (args.thread_socket);
1088  if (pid < 0)
1089  {
1090  fork_retries++;
1091  if (fork_retries > MAX_FORK_RETRIES)
1092  {
1093  /* Forking failed - we go to the wait queue. */
1094  log_write ("fork() failed - %s. %s won't be tested",
1095  strerror (errno), host_str);
1096  g_free (host_str);
1097  goto stop;
1098  }
1099 
1100  log_write ("fork() failed - "
1101  "sleeping %d seconds and trying again...",
1102  fork_retries);
1103  fork_sleep (fork_retries);
1104  goto forkagain;
1105  }
1106  hosts_set_pid (host_str, pid);
1107  if (network_phase)
1108  log_write ("Testing %s (network level) [%d]",
1109  network_targets, pid);
1110 
1111  if (network_phase)
1112  {
1113  host = NULL;
1114  arg_set_value (globals, "network_scan_status", "done");
1115  }
1116  else
1117  host = openvas_hosts_next (hosts);
1118  g_free (host_str);
1119  }
1120 
1121  /* Every host is being tested... We have to wait for the processes
1122  * to terminate. */
1123  while (hosts_read (globals) == 0)
1124  ;
1125 
1126  log_write ("Test complete");
1127 
1128 scan_stop:
1129  /* Free the memory used by the files uploaded by the user, if any. */
1130  files = arg_get_value (globals, "files_translation");
1131  if (files)
1132  g_hash_table_destroy (files);
1133 
1134 stop:
1135  if (all_scans_are_stopped ())
1136  {
1137  error_message_to_client
1138  (global_socket, "The whole scan was stopped. "
1139  "Fatal Redis connection error.", "", NULL);
1140  }
1142 
1143  gettimeofday (&now, NULL);
1144  log_write ("Total time to scan all hosts : %ld seconds",
1145  now.tv_sec - then.tv_sec);
1146 
1147  if (do_network_scan && network_phase &&
1148  !scan_is_stopped () && !all_scans_are_stopped ())
1149  attack_network (globals, network_kb);
1150 }
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:92
openvas_host_t * host
Definition: attack.c:90
void log_write(const char *str,...)
Write into the logfile / syslog.
Definition: log.c:140
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int only_network)
#define MAX_FORK_RETRIES
Definition: attack.c:68
void plugins_scheduler_free(plugins_scheduler_t sched)
void attack_network(struct arglist *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:920
int hosts_new(struct arglist *globals, char *name, int soc)
Definition: hosts.c:178
struct arglist * globals
Definition: attack.c:85
int hosts_init(int soc, int max_hosts)
Definition: hosts.c:168
Host information, implemented as doubly linked list.
Definition: hosts.c:44
plugins_scheduler_t sched
Definition: attack.c:86
int get_max_hosts_number(void)
Definition: utils.c:120
void(* process_func_t)(void *)
Definition: processes.h:31
int hosts_set_pid(char *name, pid_t pid)
Definition: hosts.c:204
int hosts_read(struct arglist *globals)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition: hosts.c:357
pid_t create_process(process_func_t function, void *argument)
Create a new process (fork).
Definition: processes.c:77
int get_max_checks_number(void)
Definition: utils.c:150
net_scan_status
Definition: attack.c:93

Variable Documentation

◆ global_scan_stop

int global_scan_stop = 0

Definition at line 181 of file attack.c.

◆ global_stop_all_scans

int global_stop_all_scans = 0

Definition at line 189 of file attack.c.