OpenVAS Scanner  7.0.1~git
attack.h File Reference

attack.c header. More...

#include "../misc/scanneraux.h"
#include <gvm/util/kb.h>
Include dependency graph for attack.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void attack_network (struct scan_globals *, kb_t *network_kb)
 Attack a whole network. More...
 

Detailed Description

attack.c header.

Definition in file attack.h.

Function Documentation

◆ attack_network()

void attack_network ( struct scan_globals ,
kb_t *  network_kb 
)

Attack a whole network.

Definition at line 1008 of file attack.c.

1009 {
1010  int max_hosts = 0, max_checks;
1011  const char *hostlist;
1012  gvm_host_t *host;
1013  plugins_scheduler_t sched;
1014  int fork_retries = 0;
1015  GHashTable *files;
1016  struct timeval then, now;
1017  gvm_hosts_t *hosts;
1018  const gchar *network_targets, *port_range;
1019  gboolean network_phase = FALSE;
1020  gboolean do_network_scan = FALSE;
1021  kb_t host_kb;
1022  GSList *unresolved;
1023 
1024  gettimeofday (&then, NULL);
1025 
1026  if (prefs_get_bool ("network_scan"))
1027  do_network_scan = TRUE;
1028  else
1029  do_network_scan = FALSE;
1030 
1031  network_targets = prefs_get ("network_targets");
1032  if (network_targets != NULL)
1033  globals->network_targets = g_strdup (network_targets);
1034 
1035  if (do_network_scan)
1036  {
1037  enum net_scan_status nss;
1038 
1039  nss = network_scan_status (globals);
1040  switch (nss)
1041  {
1042  case NSS_DONE:
1043  network_phase = FALSE;
1044  break;
1045 
1046  case NSS_BUSY:
1047  network_phase = TRUE;
1048  break;
1049 
1050  default:
1051  globals->network_scan_status = g_strdup ("busy");
1052  network_phase = TRUE;
1053  break;
1054  }
1055  }
1056  else
1057  network_kb = NULL;
1058 
1059  if (check_kb_access ())
1060  return;
1061 
1062  /* Init and check Target List */
1063  hostlist = prefs_get ("TARGET");
1064  if (hostlist == NULL)
1065  {
1066  return;
1067  }
1068 
1069  /* Verify the port range is a valid one */
1070  port_range = prefs_get ("port_range");
1071  if (validate_port_range (port_range))
1072  {
1073  return;
1074  }
1075 
1076  /* Initialize the attack. */
1077  int plugins_init_error = 0;
1078  sched = plugins_scheduler_init (prefs_get ("plugin_set"),
1079  prefs_get_bool ("auto_enable_dependencies"),
1080  network_phase, &plugins_init_error);
1081  if (!sched)
1082  {
1083  g_message ("Couldn't initialize the plugin scheduler");
1084  return;
1085  }
1086 
1087  if (plugins_init_error > 0)
1088  {
1089  char buf[96];
1090  int i = atoi (prefs_get ("ov_maindbid"));
1091  kb_t main_kb = NULL;
1092 
1093  sprintf (buf,
1094  "%d errors were found during the plugin scheduling. "
1095  "Some plugins have not been launched.",
1096  plugins_init_error);
1097 
1098  main_kb = kb_direct_conn (prefs_get ("db_address"), i);
1099  error_message_to_client2 (main_kb, buf, NULL);
1100  kb_lnk_reset (main_kb);
1101  }
1102 
1103  max_hosts = get_max_hosts_number ();
1104  max_checks = get_max_checks_number ();
1105 
1106  if (network_phase)
1107  {
1108  if (network_targets == NULL)
1109  {
1110  g_warning (
1111  "WARNING: In network phase, but without targets! Stopping.");
1112  host = NULL;
1113  }
1114  else
1115  {
1116  int rc;
1117 
1118  g_message ("Start a new scan. Target(s) : %s, "
1119  "in network phase with target %s",
1120  hostlist, network_targets);
1121 
1122  rc = kb_new (network_kb, prefs_get ("db_address"));
1123  if (rc)
1124  {
1125  report_kb_failure (rc);
1126  host = NULL;
1127  }
1128  else
1129  kb_lnk_reset (*network_kb);
1130  }
1131  }
1132  else
1133  g_message ("Starts a new scan. Target(s) : %s, with max_hosts = %d and "
1134  "max_checks = %d",
1135  hostlist, max_hosts, max_checks);
1136 
1137  hosts = gvm_hosts_new (hostlist);
1138  unresolved = gvm_hosts_resolve (hosts);
1139  while (unresolved)
1140  {
1141  g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1142  unresolved = unresolved->next;
1143  }
1144  g_slist_free_full (unresolved, g_free);
1145  /* Apply Hosts preferences. */
1147 
1148  /* Don't start if the provided interface is unauthorized. */
1149  if (apply_source_iface_preference () != 0)
1150  {
1151  gvm_hosts_free (hosts);
1152  return;
1153  }
1154  host = gvm_hosts_next (hosts);
1155  if (host == NULL)
1156  goto stop;
1157  hosts_init (max_hosts);
1158  /*
1159  * Start the attack !
1160  */
1162  while (host && !scan_is_stopped ())
1163  {
1164  int pid, rc;
1165  struct attack_start_args args;
1166  char *host_str;
1167 
1168  do
1169  {
1170  rc = kb_new (&host_kb, prefs_get ("db_address"));
1171  if (rc < 0 && rc != -2)
1172  {
1173  report_kb_failure (rc);
1174  goto scan_stop;
1175  }
1176  else if (rc == -2)
1177  {
1178  sleep (KB_RETRY_DELAY);
1179  continue;
1180  }
1181  break;
1182  }
1183  while (1);
1184 
1185  host_str = gvm_host_value_str (host);
1186  if (hosts_new (host_str, host_kb) < 0)
1187  {
1188  g_free (host_str);
1189  goto scan_stop;
1190  }
1191 
1192  if (scan_is_stopped ())
1193  {
1194  g_free (host_str);
1195  continue;
1196  }
1197  args.host = host;
1198  args.globals = globals;
1199  args.sched = sched;
1200  args.net_kb = network_kb;
1201  args.host_kb = host_kb;
1202 
1203  forkagain:
1205  /* Close child process' socket. */
1206  if (pid < 0)
1207  {
1208  fork_retries++;
1209  if (fork_retries > MAX_FORK_RETRIES)
1210  {
1211  /* Forking failed - we go to the wait queue. */
1212  g_debug ("fork() failed - %s. %s won't be tested",
1213  strerror (errno), host_str);
1214  g_free (host_str);
1215  goto stop;
1216  }
1217 
1218  g_debug ("fork() failed - "
1219  "sleeping %d seconds and trying again...",
1220  fork_retries);
1221  fork_sleep (fork_retries);
1222  goto forkagain;
1223  }
1224  hosts_set_pid (host_str, pid);
1225  if (network_phase)
1226  g_message ("Testing %s (network level) [%d]", network_targets, pid);
1227 
1228  if (network_phase)
1229  {
1230  host = NULL;
1231  globals->network_scan_status = g_strdup ("done");
1232  }
1233  else
1234  host = gvm_hosts_next (hosts);
1235  g_free (host_str);
1236  }
1237 
1238  /* Every host is being tested... We have to wait for the processes
1239  * to terminate. */
1240  while (hosts_read () == 0)
1241  ;
1242  g_message ("Test complete");
1243 
1244 scan_stop:
1245  /* Free the memory used by the files uploaded by the user, if any. */
1246  files = globals->files_translation;
1247  if (files)
1248  g_hash_table_destroy (files);
1249 
1250 stop:
1251 
1252  gvm_hosts_free (hosts);
1253  g_free (globals->network_scan_status);
1254  g_free (globals->network_targets);
1255 
1257 
1258  gettimeofday (&now, NULL);
1259  g_message ("Total time to scan all hosts : %ld seconds",
1260  now.tv_sec - then.tv_sec);
1261 
1262  if (do_network_scan && network_phase && !scan_is_stopped ())
1263  attack_network (globals, network_kb);
1264  else
1265  set_scan_status ("finished");
1266 }

References apply_hosts_preferences(), apply_source_iface_preference(), attack_network(), attack_start(), check_kb_access(), create_process(), error_message_to_client2(), scan_globals::files_translation, fork_sleep(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, attack_start_args::host_kb, host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), KB_RETRY_DELAY, MAX_FORK_RETRIES, attack_start_args::net_kb, scan_globals::network_scan_status, network_scan_status(), scan_globals::network_targets, network_targets(), NSS_BUSY, NSS_DONE, openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_is_stopped(), attack_start_args::sched, set_scan_status(), and timeval().

Referenced by attack_network(), and handle_client().

Here is the call graph for this function:
Here is the caller graph for this function:
scan_globals::network_targets
char * network_targets
Definition: scanneraux.h:34
hosts_read
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition: hosts.c:271
plugins_scheduler
Definition: pluginscheduler.c:49
attack_start_args::host
gvm_host_t * host
Definition: attack.c:88
attack_network
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:1008
attack_start_args
Definition: attack.c:82
apply_source_iface_preference
static int apply_source_iface_preference()
Definition: attack.c:914
plugins_scheduler_init
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int only_network, int *error)
Definition: pluginscheduler.c:313
report_kb_failure
static void report_kb_failure(int errcode)
Definition: attack.c:182
fork_sleep
static void fork_sleep(int n)
Definition: attack.c:194
timeval
struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:105
pid
static pid_t pid
Definition: nasl_builtin_nmap.c:499
plugins_scheduler_free
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition: pluginscheduler.c:534
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
error_message_to_client2
static void error_message_to_client2(kb_t kb, const char *msg, const char *port)
Definition: attack.c:173
attack_start_args::globals
struct scan_globals * globals
Definition: attack.c:84
scan_globals::files_translation
GHashTable * files_translation
Definition: scanneraux.h:36
hosts_init
int hosts_init(int max_hosts)
Definition: hosts.c:153
network_scan_status
static enum net_scan_status network_scan_status(struct scan_globals *globals)
Definition: attack.c:208
hosts_new
int hosts_new(char *name, kb_t kb)
Definition: hosts.c:160
KB_RETRY_DELAY
#define KB_RETRY_DELAY
Definition: attack.c:62
check_kb_access
static int check_kb_access()
Definition: attack.c:970
set_scan_status
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition: attack.c:133
create_process
pid_t create_process(process_func_t function, void *argument)
Create a new process (fork).
Definition: processes.c:97
process_func_t
void(* process_func_t)(void *)
Definition: processes.h:31
net_scan_status
net_scan_status
Definition: attack.c:91
host_kb
static kb_t host_kb
Definition: attack.c:249
attack_start_args::sched
plugins_scheduler_t sched
Definition: attack.c:85
scan_is_stopped
static int scan_is_stopped()
Definition: attack.c:227
scan_globals::network_scan_status
char * network_scan_status
Definition: scanneraux.h:35
host
Host information, implemented as doubly linked list.
Definition: hosts.c:47
attack_start
static void attack_start(struct attack_start_args *args)
Set up some data and jump into attack_host()
Definition: attack.c:740
get_max_checks_number
int get_max_checks_number(void)
Definition: utils.c:174
NSS_BUSY
@ NSS_BUSY
Definition: attack.c:94
handle_scan_stop_signal
static void handle_scan_stop_signal()
Definition: attack.c:985
MAX_FORK_RETRIES
#define MAX_FORK_RETRIES
Definition: attack.c:58
NSS_DONE
@ NSS_DONE
Definition: attack.c:95
get_max_hosts_number
int get_max_hosts_number(void)
Definition: utils.c:143
hosts_set_pid
int hosts_set_pid(char *name, pid_t pid)
Definition: hosts.c:185
hosts
static struct host * hosts
Definition: hosts.c:59
network_targets
tree_cell * network_targets(lex_ctxt *lexic)
Definition: nasl_scanner_glue.c:659
apply_hosts_preferences
static void apply_hosts_preferences(gvm_hosts_t *hosts)
Definition: attack.c:800