Greenbone Vulnerability Manager
22.4.0~dev1
|
The Greenbone Vulnerability Manager management layer. More...
#include "debug_utils.h"
#include "gmp_base.h"
#include "manage.h"
#include "manage_acl.h"
#include "manage_configs.h"
#include "manage_port_lists.h"
#include "manage_report_formats.h"
#include "manage_sql.h"
#include "manage_sql_secinfo.h"
#include "manage_sql_nvts.h"
#include "manage_sql_tickets.h"
#include "manage_sql_tls_certificates.h"
#include "utils.h"
#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <dirent.h>
#include <fcntl.h>
#include <glib.h>
#include <gnutls/x509.h>
#include <math.h>
#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include <gvm/base/gvm_sentry.h>
#include <gvm/base/hosts.h>
#include <bsd/unistd.h>
#include <gvm/osp/osp.h>
#include <gvm/util/fileutils.h>
#include <gvm/util/serverutils.h>
#include <gvm/util/uuidutils.h>
#include <gvm/gmp/gmp.h>
Data Structures | |
struct | scheduled_task_t |
Task info, for scheduler. More... | |
Macros | |
#define | _XOPEN_SOURCE |
Enable extra functions. More... | |
#define | _GNU_SOURCE |
Enable extra GNU functions. More... | |
#define | G_LOG_DOMAIN "md manage" |
GLib log domain. | |
#define | CPE_GETBYNAME_XSL GVM_SCAP_RES_DIR "/cpe_getbyname.xsl" |
CPE selection stylesheet location. | |
#define | CVE_GETBYNAME_XSL GVM_SCAP_RES_DIR "/cve_getbyname.xsl" |
CVE selection stylesheet location. | |
#define | CERT_BUND_ADV_GETBYNAME_XSL GVM_CERT_RES_DIR "/cert_bund_getbyname.xsl" |
CERT_BUND_ADV selection stylesheet location. | |
#define | DFN_CERT_ADV_GETBYNAME_XSL GVM_CERT_RES_DIR "/dfn_cert_getbyname.xsl" |
DFN_CERT_ADV selection stylesheet location. | |
#define | CPE_DICT_FILENAME GVM_SCAP_DATA_DIR "/official-cpe-dictionary_v2.2.xml" |
CPE dictionary location. | |
#define | CVE_FILENAME_FMT GVM_SCAP_DATA_DIR "/nvdcve-2.0-%d.xml" |
CVE data files location format string. More... | |
#define | CERT_BUND_ADV_FILENAME_FMT GVM_CERT_DATA_DIR "/CB-K%02d.xml" |
CERT-Bund data files location format string. More... | |
#define | DFN_CERT_ADV_FILENAME_FMT GVM_CERT_DATA_DIR "/dfn-cert-%04d.xml" |
DFN-CERT data files location format string. More... | |
#define | SCAP_TIMESTAMP_FILENAME GVM_SCAP_DATA_DIR "/timestamp" |
SCAP timestamp location. | |
#define | CERT_TIMESTAMP_FILENAME GVM_CERT_DATA_DIR "/timestamp" |
CERT timestamp location. | |
#define | MAX_CHECKS_DEFAULT "4" |
Default for Scanner max_checks preference. | |
#define | MAX_HOSTS_DEFAULT "20" |
Default for Scanner max_hosts preference. | |
#define | ZERO_SEVERITY_INDEX 4 |
Array index of severity 0.0 in the severity_data_t.counts array. | |
#define | FALLBACK_SYSTEM_REPORT_HEADER |
Header for fallback system report. More... | |
#define | COMMAND "gvmcg 0 titles" |
Command called by get_system_report_types. gvmcg stands for gvm-create-graphs. | |
#define | DEFAULT_DURATION 86400L |
Default duration for system reports. | |
#define | REBUILD_SWITCH(type) |
Adds a switch statement for handling the return value of a gvmd data rebuild. More... | |
#define | DEF(x) |
Define a code snippet for get_nvti_xml. More... | |
Functions | |
gchar * | truncate_certificate (const gchar *certificate) |
Truncate a certificate, removing extra data. More... | |
gchar * | truncate_private_key (const gchar *private_key) |
Truncate a private key, removing extra data. More... | |
int | get_certificate_info (const gchar *certificate, gssize certificate_len, time_t *activation_time, time_t *expiration_time, gchar **md5_fingerprint, gchar **sha256_fingerprint, gchar **subject, gchar **issuer, gchar **serial, gnutls_x509_crt_fmt_t *certificate_format) |
Gathers info from a certificate. More... | |
gchar * | certificate_iso_time (time_t time) |
Converts a certificate time to an ISO time string. More... | |
const gchar * | certificate_time_status (time_t activates, time_t expires) |
Tests the activation and expiration time of a certificate. More... | |
static void | truncate_text (gchar *string, size_t max_len, gboolean xml, const char *suffix) |
Truncates text to a maximum length, optionally appends a suffix. More... | |
gchar * | xml_escape_text_truncated (const char *string, size_t max_len, const char *suffix) |
XML escapes text truncating to a maximum length with a suffix. More... | |
const char * | type_name_plural (const char *type) |
Return the plural name of a resource type. More... | |
const char * | type_name (const char *type) |
Return the name of a resource type. More... | |
int | type_is_scap (const char *type) |
Check if a type is a SCAP type. More... | |
static int | check_available (const gchar *type, resource_t resource, const gchar *permission) |
Check whether a resource is available. More... | |
int | scanner_type_valid (scanner_type_t scanner_type) |
Check if a scanner type is valid. More... | |
const char * | threat_message_type (const char *threat) |
Get the message type of a threat. More... | |
int | severity_in_level (double severity, const char *level) |
Check whether a severity falls within a threat level. More... | |
const char * | severity_to_level (double severity, int mode) |
Get the threat level matching a severity score. More... | |
const char * | severity_to_type (double severity) |
Get the message type matching a severity score. More... | |
int | delete_reports (task_t task) |
Delete all the reports for a task. More... | |
static gchar * | report_results_filter_term (int first, int rows, int apply_overrides, int min_qod) |
Create a basic filter term to get report results. More... | |
get_data_t * | report_results_get_data (int first, int rows, int apply_overrides, int min_qod) |
Create a new basic get_data_t struct to get report results. More... | |
static int | severity_data_index (double severity) |
Convert a severity value into an index in the counts array. More... | |
double | severity_data_value (int index) |
Convert an index in the counts array to a severity value. More... | |
void | init_severity_data (severity_data_t *data) |
Initialize a severity data structure. More... | |
void | cleanup_severity_data (severity_data_t *data) |
Clean up a severity data structure. More... | |
void | severity_data_add (severity_data_t *severity_data, double severity) |
Add a severity occurrence to the counts of a severity_data_t. More... | |
void | severity_data_add_count (severity_data_t *severity_data, double severity, int count) |
Add a multiple severity occurrences to the counts of a severity_data_t. More... | |
static int | severity_data_range_count (const severity_data_t *severity_data, double min_severity, double max_severity) |
Calculate the total of severity counts in a range. More... | |
void | severity_data_level_counts (const severity_data_t *severity_data, int *errors, int *false_positives, int *logs, int *lows, int *mediums, int *highs) |
Count the occurrences of severities in the levels. More... | |
void | alert_report_data_free (alert_report_data_t *data) |
Frees a alert_report_data_t struct, including contained data. More... | |
void | alert_report_data_reset (alert_report_data_t *data) |
Frees content of an alert_report_data_t, but not the struct itself. More... | |
const char * | alert_condition_name (alert_condition_t condition) |
Get the name of an alert condition. More... | |
const char * | event_name (event_t event) |
Get the name of an alert event. More... | |
gchar * | alert_condition_description (alert_condition_t condition, alert_t alert) |
Get a description of an alert condition. More... | |
gchar * | event_description (event_t event, const void *event_data, const char *task_name) |
Get a description of an alert event. More... | |
const char * | alert_method_name (alert_method_t method) |
Get the name of an alert method. More... | |
alert_condition_t | alert_condition_from_name (const char *name) |
Get an alert condition from a name. More... | |
event_t | event_from_name (const char *name) |
Get an event from a name. More... | |
alert_method_t | alert_method_from_name (const char *name) |
Get an alert method from a name. More... | |
const char * | run_status_name (task_status_t status) |
Get the name of a run status. More... | |
const char * | run_status_name_internal (task_status_t status) |
Get the unique name of a run status. More... | |
void | set_task_interrupted (task_t task, const gchar *message) |
Set a task to interrupted. More... | |
static void | delete_osp_scan (const char *report_id, const char *host, int port, const char *ca_pub, const char *key_pub, const char *key_priv) |
Delete an OSP scan. More... | |
static int | get_osp_scan_report (const char *scan_id, const char *host, int port, const char *ca_pub, const char *key_pub, const char *key_priv, int details, int pop_results, char **report_xml) |
Get an OSP scan's report. More... | |
static osp_scan_status_t | get_osp_scan_status (const char *scan_id, const char *host, int port, const char *ca_pub, const char *key_pub, const char *key_priv) |
Get an OSP scan's status. More... | |
static int | handle_osp_scan (task_t task, report_t report, const char *scan_id) |
Handle an ongoing OSP scan, until success or failure. More... | |
static osp_credential_t * | target_osp_ssh_credential (target_t target) |
Get the SSH credential of a target as an osp_credential_t. More... | |
static osp_credential_t * | target_osp_smb_credential (target_t target) |
Get the SMB credential of a target as an osp_credential_t. More... | |
static osp_credential_t * | target_osp_esxi_credential (target_t target) |
Get the SMB credential of a target as an osp_credential_t. More... | |
static osp_credential_t * | target_osp_snmp_credential (target_t target) |
Get the SMB credential of a target as an osp_credential_t. More... | |
static int | prepare_osp_scan_for_resume (task_t task, const char *scan_id, char **error) |
Prepare a report for resuming an OSP scan. More... | |
static void | add_user_scan_preferences (GHashTable *scanner_options) |
Add OSP preferences for limiting hosts for users. More... | |
static int | launch_osp_openvas_task (task_t task, target_t target, const char *scan_id, int from, char **error) |
Launch an OpenVAS via OSP task. More... | |
static int | run_osp_scan_get_report (task_t task, int from, char **report_id) |
Get the last stopped report or a new one for an OSP scan. More... | |
static int | fork_osp_scan_handler (task_t task, target_t target, int from, char **report_id_return) |
Fork a child to handle an OSP scan's fetching and inserting. More... | |
static int | run_osp_task (task_t task, int from, char **report_id) |
Start a task on an OSP or OpenVAS via OSP scanner. More... | |
int | get_scanner_connection_retry () |
Get the number of retries on a scanner connection lost. More... | |
void | set_scanner_connection_retry (int new_retry) |
Set the number of retries on a scanner connection lost. More... | |
static int | cve_scan_host (task_t task, report_t report, gvm_host_t *gvm_host) |
Perform a CVE "scan" on a host. More... | |
static int | fork_cve_scan_handler (task_t task, target_t target) |
Fork a child to handle a CVE scan's calculating and inserting. More... | |
static int | run_cve_task (task_t task) |
Start a CVE task. More... | |
const char * | get_relay_mapper_path () |
Gets the current path of the relay mapper executable. More... | |
void | set_relay_mapper_path (const char *new_path) |
Gets the current path of the relay mapper executable. More... | |
int | get_relay_migrate_sensors () |
Gets whether to migrate sensors if relays do not match. More... | |
void | set_relay_migrate_sensors (int new_value) |
Sets whether to migrate sensors if relays do not match. More... | |
static int | get_relay_info_entity (const char *original_host, int original_port, const char *protocol, entity_t *ret_entity) |
Gets the info about a scanner relay as an XML entity_t. More... | |
gboolean | relay_supports_scanner_type (const char *original_host, int original_port, scanner_type_t type) |
Gets whether there is a relay supporting the scanner type. More... | |
int | slave_get_relay (const char *original_host, int original_port, const char *original_ca_cert, const char *protocol, gchar **new_host, int *new_port, gchar **new_ca_cert) |
Gets a relay hostname and port for a sensor scanner. More... | |
static int | run_task (const char *task_id, char **report_id, int from) |
Start or resume a task. More... | |
int | start_task (const char *task_id, char **report_id) |
Start a task. More... | |
static int | stop_osp_task (task_t task) |
Stop an OSP task. More... | |
int | stop_task_internal (task_t task) |
Initiate stopping a task. More... | |
int | stop_task (const char *task_id) |
Initiate stopping a task. More... | |
int | resume_task (const char *task_id, char **report_id) |
Resume a task. More... | |
int | move_task (const char *task_id, const char *slave_id) |
Reassign a task to another slave. More... | |
const char * | credential_full_type (const char *abbreviation) |
Get the written-out name of an LSC Credential type. More... | |
static int | get_osp_performance_string (scanner_t scanner, int start, int end, const char *titles, gchar **performance_str, gchar **error) |
Get a performance report from an OSP scanner. More... | |
static void | get_fallback_report_string (GString *fallback_report) |
Get the fallback report as a string. More... | |
static int | get_system_report_types (const char *required_type, gchar ***start, gchar ***types, const char *slave_id) |
Get system report types. More... | |
int | init_system_report_type_iterator (report_type_iterator_t *iterator, const char *type, const char *slave_id) |
Initialise a system report type iterator. More... | |
void | cleanup_report_type_iterator (report_type_iterator_t *iterator) |
Cleanup a report type iterator. More... | |
gboolean | next_report_type (report_type_iterator_t *iterator) |
Increment a report type iterator. More... | |
const char * | report_type_iterator_name (report_type_iterator_t *iterator) |
Return the name from a report type iterator. More... | |
const char * | report_type_iterator_title (report_type_iterator_t *iterator) |
Return the title from a report type iterator. More... | |
void | parse_performance_params (const char *duration, const char *start_time, const char *end_time, time_t *param_1, time_t *param_2, int *params_count) |
Generate params for gvmcg or OSP get_performance. More... | |
int | manage_system_report (const char *name, const char *duration, const char *start_time, const char *end_time, const char *slave_id, char **report) |
Get a system report. More... | |
void | manage_auth_allow_all (int scheduled) |
Ensure that any subsequent authentications succeed. More... | |
const gchar * | get_scheduled_user_uuid () |
Access UUID of user that scheduled the current task. More... | |
void | set_scheduled_user_uuid (const gchar *user_uuid) |
Set UUID of user that scheduled the current task. The previous value is freed and a copy of the UUID is created. More... | |
static scheduled_task_t * | scheduled_task_new (const gchar *task_uuid, const gchar *owner_uuid, const gchar *owner_name) |
Create a schedule task structure. More... | |
static void | scheduled_task_free (scheduled_task_t *scheduled_task) |
Set UUID of user that scheduled the current task. More... | |
static int | scheduled_task_start (scheduled_task_t *scheduled_task, manage_connection_forker_t fork_connection, sigset_t *sigmask_current) |
Start a task, for the scheduler. More... | |
static int | scheduled_task_stop (scheduled_task_t *scheduled_task, manage_connection_forker_t fork_connection, sigset_t *sigmask_current) |
Stop a task, for the scheduler. More... | |
gboolean | feed_sync_required () |
Check if a feed sync is needed without acquiring the feed lock. More... | |
void | manage_sync (sigset_t *sigmask_current, int(*fork_update_nvt_cache)(), gboolean try_gvmd_data_sync) |
Perform any syncing that is due. More... | |
int | manage_rebuild_gvmd_data_from_feed (const char *types, GSList *log_config, const db_conn_info_t *database, gchar **error_msg) |
Rebuild configs, port lists and report formats from feed. More... | |
int | manage_schedule (manage_connection_forker_t fork_connection, gboolean run_tasks, sigset_t *sigmask_current) |
Schedule any actions that are due. More... | |
int | get_schedule_timeout () |
Get the current schedule timeout. More... | |
void | set_schedule_timeout (int new_timeout) |
Set the schedule timeout. More... | |
void | buffer_config_preference_xml (GString *, iterator_t *, config_t, int) |
Buffer XML for the NVT preference of a config. More... | |
static char * | get_cpe_filename () |
Return the path to the CPE dictionary. More... | |
static char * | get_cve_filename (char *item_id) |
Compute the filename where a given CVE can be found. More... | |
static char * | get_cert_bund_adv_filename (char *item_id) |
Compute the filename where a given CERT-Bund Advisory can be found. More... | |
static char * | get_dfn_cert_adv_filename (char *item_id) |
Compute the filename where a given DFN-CERT Advisory can be found. More... | |
static gchar * | xsl_transform (gchar *stylesheet, gchar *xmlfile, gchar **param_names, gchar **param_values) |
Run xsltproc in an external process. More... | |
gchar * | get_nvt_xml (iterator_t *nvts, int details, int pref_count, int preferences, const char *timeout, config_t config, int close_tag) |
Create and return XML description for an NVT. More... | |
const char * | manage_scap_update_time () |
GET SCAP update time, as a string. More... | |
int | manage_read_info (gchar *type, gchar *uid, gchar *name, gchar **result) |
Read raw information. More... | |
int | validate_username (const gchar *name) |
Validates a username. More... | |
Variables | |
static gchar * | broker_address = NULL |
Address of the broker used for publish-subscribe messaging (MQTT). | |
static gchar * | feed_lock_path = NULL |
Path to the feed lock file. | |
static int | feed_lock_timeout = 0 |
Number of seconds to wait for the feed lock to be released. | |
static gchar * | relay_mapper_path = NULL |
Path to the relay mapper executable, NULL to disable relays. | |
static int | relay_migrate_sensors = 0 |
Whether to migrate sensors if relays do not match. | |
static int | schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT |
Number of minutes before overdue tasks timeout. | |
static int | scanner_connection_retry = SCANNER_CONNECTION_RETRY_DEFAULT |
Default number of auto retries if scanner connection is lost in a running task. | |
credentials_t | current_credentials |
Current credentials during any GMP command. | |
task_t | current_scanner_task = (task_t) 0 |
The task currently running on the scanner. | |
report_t | global_current_report = (report_t) 0 |
The report of the current task. | |
int | authenticate_allow_all = 0 |
Flag for manage_auth_allow_all. More... | |
static gchar * | schedule_user_uuid = NULL |
UUID of user whose scheduled task is to be started (in connection with authenticate_allow_all). | |
The Greenbone Vulnerability Manager management layer.
This file defines a management layer, for implementing Managers such as the Greenbone Vulnerability Manager daemon.
This layer provides facilities for storing and manipulating user data (credentials, targets, tasks, reports, schedules, roles, etc) and general security data (NVTs, CVEs, etc). Task manipulation includes controlling external facilities such as OSP scanners.
Simply put, the daemon's GMP implementation uses this layer to do the work.
#define _GNU_SOURCE |
Enable extra GNU functions.
pthread_sigmask () needs this with glibc < 2.19
#define _XOPEN_SOURCE |
Enable extra functions.
time.h in glibc2 needs this for strptime.
#define CERT_BUND_ADV_FILENAME_FMT GVM_CERT_DATA_DIR "/CB-K%02d.xml" |
CERT-Bund data files location format string.
d should be the year without the century (expressed as YY),
#define CVE_FILENAME_FMT GVM_SCAP_DATA_DIR "/nvdcve-2.0-%d.xml" |
CVE data files location format string.
d should be the year expressed as YYYY.
#define DEF | ( | x | ) |
Define a code snippet for get_nvti_xml.
x | Prefix for names in snippet. |
#define DFN_CERT_ADV_FILENAME_FMT GVM_CERT_DATA_DIR "/dfn-cert-%04d.xml" |
DFN-CERT data files location format string.
First d should be the year expressed as YYYY, second d should be should be Month expressed as MM.
#define FALLBACK_SYSTEM_REPORT_HEADER |
Header for fallback system report.
#define REBUILD_SWITCH | ( | type | ) |
Adds a switch statement for handling the return value of a gvmd data rebuild.
type | The type as a description string, e.g. "port lists" |
|
static |
Add OSP preferences for limiting hosts for users.
[in] | scanner_options | The scanner preferences table to add to. |
gchar* alert_condition_description | ( | alert_condition_t | condition, |
alert_t | alert | ||
) |
Get a description of an alert condition.
[in] | condition | Condition. |
[in] | alert | Alert. |
alert_condition_t alert_condition_from_name | ( | const char * | name | ) |
Get an alert condition from a name.
[in] | name | Condition name. |
const char* alert_condition_name | ( | alert_condition_t | condition | ) |
Get the name of an alert condition.
[in] | condition | Condition. |
alert_method_t alert_method_from_name | ( | const char * | name | ) |
Get an alert method from a name.
[in] | name | Method name. |
const char* alert_method_name | ( | alert_method_t | method | ) |
Get the name of an alert method.
[in] | method | Method. |
void alert_report_data_free | ( | alert_report_data_t * | data | ) |
Frees a alert_report_data_t struct, including contained data.
[in] | data | The struct to free. |
void alert_report_data_reset | ( | alert_report_data_t * | data | ) |
Frees content of an alert_report_data_t, but not the struct itself.
[in] | data | The struct to free. |
void buffer_config_preference_xml | ( | GString * | buffer, |
iterator_t * | prefs, | ||
config_t | config, | ||
int | hide_passwords | ||
) |
Buffer XML for the NVT preference of a config.
[in] | buffer | Buffer. |
[in] | prefs | NVT preference iterator. |
[in] | config | Config. |
[in] | hide_passwords | Whether to hide passwords. |
gchar* certificate_iso_time | ( | time_t | time | ) |
Converts a certificate time to an ISO time string.
[in] | time | The time as a time_t. |
const gchar* certificate_time_status | ( | time_t | activates, |
time_t | expires | ||
) |
Tests the activation and expiration time of a certificate.
[in] | activates | Activation time. |
[in] | expires | Expiration time. |
|
static |
Check whether a resource is available.
[in] | type | Type. |
[out] | resource | Resource. |
[out] | permission | Permission required for this operation. |
void cleanup_report_type_iterator | ( | report_type_iterator_t * | iterator | ) |
Cleanup a report type iterator.
[in] | iterator | Iterator. |
void cleanup_severity_data | ( | severity_data_t * | data | ) |
Clean up a severity data structure.
[in] | data | The data structure to initialize. |
const char* credential_full_type | ( | const char * | abbreviation | ) |
Get the written-out name of an LSC Credential type.
[in] | abbreviation | The type abbreviation. |
|
static |
Perform a CVE "scan" on a host.
[in] | task | Task. |
[in] | report | The report to add the host, results and details to. |
[in] | gvm_host | Host. |
|
static |
Delete an OSP scan.
[in] | report_id | Report ID. |
[in] | host | Scanner host. |
[in] | port | Scanner port. |
[in] | ca_pub | CA Certificate. |
[in] | key_pub | Certificate. |
[in] | key_priv | Private key. |
int delete_reports | ( | task_t | task | ) |
Delete all the reports for a task.
It's up to the caller to ensure that this runs in a contention safe context (for example within an SQL transaction).
[in] | task | A task descriptor. |
gchar* event_description | ( | event_t | event, |
const void * | event_data, | ||
const char * | task_name | ||
) |
Get a description of an alert event.
[in] | event | Event. |
[in] | event_data | Event data. |
[in] | task_name | Name of task if required in description, else NULL. |
event_t event_from_name | ( | const char * | name | ) |
Get an event from a name.
[in] | name | Event name. |
const char* event_name | ( | event_t | event | ) |
Get the name of an alert event.
[in] | event | Event. |
gboolean feed_sync_required | ( | ) |
Check if a feed sync is needed without acquiring the feed lock.
|
static |
Fork a child to handle a CVE scan's calculating and inserting.
A process is forked to run the task, but the forked process never returns.
[in] | task | The task. |
[in] | target | The target. |
|
static |
Fork a child to handle an OSP scan's fetching and inserting.
[in] | task | The task. |
[in] | target | The target. |
[in] | from | 0 start from beginning, 1 continue from stopped, 2 continue if stopped else start from beginning. |
[out] | report_id_return | UUID of the report. |
|
static |
Compute the filename where a given CERT-Bund Advisory can be found.
[in] | item_id | CERT-Bund identifier without version ("CB-K??/????"). |
int get_certificate_info | ( | const gchar * | certificate, |
gssize | certificate_len, | ||
time_t * | activation_time, | ||
time_t * | expiration_time, | ||
gchar ** | md5_fingerprint, | ||
gchar ** | sha256_fingerprint, | ||
gchar ** | subject, | ||
gchar ** | issuer, | ||
gchar ** | serial, | ||
gnutls_x509_crt_fmt_t * | certificate_format | ||
) |
Gathers info from a certificate.
[in] | certificate | The certificate to get data from. |
[in] | certificate_len | Length of certificate, -1: null-terminated |
[out] | activation_time | Pointer to write activation time to. |
[out] | expiration_time | Pointer to write expiration time to. |
[out] | md5_fingerprint | Pointer for newly allocated MD5 fingerprint. |
[out] | sha256_fingerprint | Pointer for newly allocated SHA-256 fingerprint. |
[out] | subject | Pointer for newly allocated subject DN. |
[out] | issuer | Pointer for newly allocated issuer DN. |
[out] | serial | Pointer for newly allocated serial. |
[out] | certificate_format | Pointer to certificate format. |
|
static |
Return the path to the CPE dictionary.
|
static |
Compute the filename where a given CVE can be found.
[in] | item_id | Full CVE identifier ("CVE-YYYY-ZZZZ"). |
|
static |
Compute the filename where a given DFN-CERT Advisory can be found.
[in] | item_id | Full DFN-CERT identifier ("DFN-CERT-YYYY-ZZZZ"). |
|
static |
Get the fallback report as a string.
[in] | fallback_report | The string for the fallback report. |
gchar* get_nvt_xml | ( | iterator_t * | nvts, |
int | details, | ||
int | pref_count, | ||
int | preferences, | ||
const char * | timeout, | ||
config_t | config, | ||
int | close_tag | ||
) |
Create and return XML description for an NVT.
[in] | nvts | The NVT. |
[in] | details | If true, detailed XML, else simple XML. |
[in] | pref_count | Preference count. Used if details is true. |
[in] | preferences | If true, included preferences. |
[in] | timeout | Timeout. Used if details is true. |
[in] | config | Config, used if preferences is true. |
[in] | close_tag | Whether to close the NVT tag or not. |
|
static |
Get a performance report from an OSP scanner.
[in] | scanner | The scanner to get the performance report from. |
[in] | start | The start time of the performance report. |
[in] | end | The end time of the performance report. |
[in] | titles | The end titles for the performance report. |
[in] | performance_str | The performance string. |
|
static |
Get an OSP scan's report.
[in] | scan_id | Scan ID. |
[in] | host | Scanner host. |
[in] | port | Scanner port. |
[in] | ca_pub | CA Certificate. |
[in] | key_pub | Certificate. |
[in] | key_priv | Private key. |
[in] | details | 1 for detailed report, 0 otherwise. |
[in] | pop_results | 1 to pop results, 0 to leave results intact. |
[out] | report_xml | Scan report. |
|
static |
Get an OSP scan's status.
[in] | scan_id | Scan ID. |
[in] | host | Scanner host. |
[in] | port | Scanner port. |
[in] | ca_pub | CA Certificate. |
[in] | key_pub | Certificate. |
[in] | key_priv | Private key. |
|
static |
Gets the info about a scanner relay as an XML entity_t.
[in] | original_host | The original hostname or IP address. |
[in] | original_port | The original port number. |
[in] | protocol | The protocol to look for, e.g. "GMP" or "OSP". |
[out] | ret_entity | Return location for the parsed XML. |
const char* get_relay_mapper_path | ( | ) |
Gets the current path of the relay mapper executable.
int get_relay_migrate_sensors | ( | ) |
Gets whether to migrate sensors if relays do not match.
int get_scanner_connection_retry | ( | ) |
Get the number of retries on a scanner connection lost.
int get_schedule_timeout | ( | ) |
Get the current schedule timeout.
const gchar* get_scheduled_user_uuid | ( | ) |
Access UUID of user that scheduled the current task.
|
static |
Get system report types.
[in] | required_type | Single type to limit types to. |
[out] | types | Types on success. |
[out] | start | Actual start of types, which caller must free. |
[out] | slave_id | ID of slave. |
|
static |
Handle an ongoing OSP scan, until success or failure.
[in] | task | The task. |
[in] | report | The report. |
[in] | scan_id | The UUID of the scan on the scanner. |
void init_severity_data | ( | severity_data_t * | data | ) |
Initialize a severity data structure.
[in] | data | The data structure to initialize. |
int init_system_report_type_iterator | ( | report_type_iterator_t * | iterator, |
const char * | type, | ||
const char * | slave_id | ||
) |
Initialise a system report type iterator.
[in] | iterator | Iterator. |
[in] | type | Single report type to iterate over, NULL for all. |
[in] | slave_id | ID of slave to get reports from. 0 for local. |
|
static |
Launch an OpenVAS via OSP task.
[in] | task | The task. |
[in] | target | The target. |
[in] | scan_id | The scan uuid. |
[in] | from | 0 start from beginning, 1 continue from stopped, 2 continue if stopped else start from beginning. |
[out] | error | Error return. |
void manage_auth_allow_all | ( | int | scheduled | ) |
Ensure that any subsequent authentications succeed.
[in] | scheduled | Whether this is happening from the scheduler. |
int manage_read_info | ( | gchar * | type, |
gchar * | uid, | ||
gchar * | name, | ||
gchar ** | result | ||
) |
Read raw information.
[in] | type | Type of the requested information. |
[in] | uid | Unique identifier of the requested information |
[in] | name | Name or identifier of the requested information. |
[out] | result | Pointer to the read information location. Will point to NULL on error. |
int manage_rebuild_gvmd_data_from_feed | ( | const char * | types, |
GSList * | log_config, | ||
const db_conn_info_t * | database, | ||
gchar ** | error_msg | ||
) |
Rebuild configs, port lists and report formats from feed.
[in] | types | Comma-separated lists of types to rebuild or "all". |
[in] | log_config | Logging configuration list. |
[in] | database | Connection info for manage database. |
[out] | error_msg | Error message. |
const char* manage_scap_update_time | ( | ) |
GET SCAP update time, as a string.
int manage_schedule | ( | manage_connection_forker_t | fork_connection, |
gboolean | run_tasks, | ||
sigset_t * | sigmask_current | ||
) |
Schedule any actions that are due.
In gvmd, periodically called from the main daemon loop.
[in] | fork_connection | Function that forks a child which is connected to the Manager. Must return PID in parent, 0 in child, or -1 on error. |
[in] | run_tasks | Whether to run scheduled tasks. |
[in] | sigmask_current | Sigmask to restore in child. |
void manage_sync | ( | sigset_t * | sigmask_current, |
int(*)() | fork_update_nvt_cache, | ||
gboolean | try_gvmd_data_sync | ||
) |
Perform any syncing that is due.
In gvmd, periodically called from the main daemon loop.
[in] | sigmask_current | Sigmask to restore in child. |
[in] | fork_update_nvt_cache | Function that forks a child that syncs the NVTS. Child does not return. |
[in] | try_gvmd_data_sync | Whether to try to sync gvmd data objects. |
int manage_system_report | ( | const char * | name, |
const char * | duration, | ||
const char * | start_time, | ||
const char * | end_time, | ||
const char * | slave_id, | ||
char ** | report | ||
) |
Get a system report.
[in] | name | Name of report. |
[in] | duration | Time range of report, in seconds. |
[in] | start_time | Time of first data point in report. |
[in] | end_time | Time of last data point in report. |
[in] | slave_id | ID of slave to get report from. 0 for local. |
[out] | report | On success, report in base64 if such a report exists else NULL. Arbitrary on error. |
int move_task | ( | const char * | task_id, |
const char * | slave_id | ||
) |
Reassign a task to another slave.
[in] | task_id | UUID of task. |
[in] | slave_id | UUID of slave. |
gboolean next_report_type | ( | report_type_iterator_t * | iterator | ) |
Increment a report type iterator.
The caller must stop using this after it returns FALSE.
[in] | iterator | Task iterator. |
void parse_performance_params | ( | const char * | duration, |
const char * | start_time, | ||
const char * | end_time, | ||
time_t * | param_1, | ||
time_t * | param_2, | ||
int * | params_count | ||
) |
Generate params for gvmcg or OSP get_performance.
[in] | duration | The duration as a string |
[in] | start_time | The start time as a string |
[in] | end_time | The end time as a string |
[out] | param_1 | Output of the first parameter (start or duration) |
[out] | param_2 | Output of the second parameter (end time) |
[out] | params_count | The number of valid parameters |
|
static |
Prepare a report for resuming an OSP scan.
[in] | task | The task of the scan. |
[in] | scan_id | The scan uuid. |
[out] | error | Error return. |
gboolean relay_supports_scanner_type | ( | const char * | original_host, |
int | original_port, | ||
scanner_type_t | type | ||
) |
Gets whether there is a relay supporting the scanner type.
[in] | original_host | The original hostname or IP address. |
[in] | original_port | The original port number. |
[in] | type | The scanner type to check. |
|
static |
Create a basic filter term to get report results.
[in] | first | First row. |
[in] | rows | Number of rows. |
[in] | apply_overrides | Whether to apply overrides. |
[in] | min_qod | Minimum QOD. |
get_data_t* report_results_get_data | ( | int | first, |
int | rows, | ||
int | apply_overrides, | ||
int | min_qod | ||
) |
Create a new basic get_data_t struct to get report results.
[in] | first | First row. |
[in] | rows | Number of rows. |
[in] | apply_overrides | Whether to apply overrides. |
[in] | min_qod | Minimum QOD. |
const char* report_type_iterator_name | ( | report_type_iterator_t * | iterator | ) |
Return the name from a report type iterator.
[in] | iterator | Iterator. |
const char* report_type_iterator_title | ( | report_type_iterator_t * | iterator | ) |
Return the title from a report type iterator.
[in] | iterator | Iterator. |
int resume_task | ( | const char * | task_id, |
char ** | report_id | ||
) |
Resume a task.
A process will be forked to handle the task, but the forked process will never return.
[in] | task_id | Task UUID. |
[out] | report_id | If successful, ID of the resultant report. |
|
static |
Start a CVE task.
[in] | task | The task. |
|
static |
Get the last stopped report or a new one for an OSP scan.
[in] | task | The task. |
[in] | from | 0 start from beginning, 1 continue from stopped, 2 continue if stopped else start from beginning. |
[out] | report_id | UUID of the report. |
|
static |
Start a task on an OSP or OpenVAS via OSP scanner.
[in] | task | The task. |
[in] | from | 0 start from beginning, 1 continue from stopped, 2 continue if stopped else start from beginning. |
[out] | report_id | The report ID. |
const char* run_status_name | ( | task_status_t | status | ) |
Get the name of a run status.
[in] | status | Run status. |
const char* run_status_name_internal | ( | task_status_t | status | ) |
Get the unique name of a run status.
[in] | status | Run status. |
|
static |
Start or resume a task.
A process will be forked to handle the task, but the forked process will never return.
[in] | task_id | The task ID. |
[out] | report_id | The report ID. |
[in] | from | 0 start from beginning, 1 continue from stopped, 2 continue if stopped else start from beginning. |
int scanner_type_valid | ( | scanner_type_t | scanner_type | ) |
Check if a scanner type is valid.
[in] | scanner_type | Scanner type. |
|
static |
Set UUID of user that scheduled the current task.
[in] | scheduled_task | Scheduled task. |
|
static |
Create a schedule task structure.
[in] | task_uuid | UUID of task. |
[in] | owner_uuid | UUID of owner. |
[in] | owner_name | Name of owner. |
|
static |
Start a task, for the scheduler.
[in] | scheduled_task | Scheduled task. |
[in] | fork_connection | Function that forks a child which is connected to the Manager. Must return PID in parent, 0 in child, or -1 on error. |
[in] | sigmask_current | Sigmask to restore in child. |
|
static |
Stop a task, for the scheduler.
[in] | scheduled_task | Scheduled task. |
[in] | fork_connection | Function that forks a child which is connected to the Manager. Must return PID in parent, 0 in child, or -1 on error. |
[in] | sigmask_current | Sigmask to restore in child. |
void set_relay_mapper_path | ( | const char * | new_path | ) |
Gets the current path of the relay mapper executable.
[in] | new_path | The new relay mapper path. |
void set_relay_migrate_sensors | ( | int | new_value | ) |
Sets whether to migrate sensors if relays do not match.
[in] | new_value | The new value. |
void set_scanner_connection_retry | ( | int | new_retry | ) |
Set the number of retries on a scanner connection lost.
new_retry | The number of retries on a scanner connection lost. |
void set_schedule_timeout | ( | int | new_timeout | ) |
Set the schedule timeout.
new_timeout | The new schedule timeout in minutes. |
void set_scheduled_user_uuid | ( | const gchar * | user_uuid | ) |
Set UUID of user that scheduled the current task. The previous value is freed and a copy of the UUID is created.
user_uuid | UUID of user that scheduled the current task. |
void set_task_interrupted | ( | task_t | task, |
const gchar * | message | ||
) |
Set a task to interrupted.
Expects global_current_report to match the task.
[in] | task | Task |
[in] | message | Message for error result. |
void severity_data_add | ( | severity_data_t * | severity_data, |
double | severity | ||
) |
Add a severity occurrence to the counts of a severity_data_t.
[in] | severity_data | The severity count struct to add to. |
[in] | severity | The severity to add. |
void severity_data_add_count | ( | severity_data_t * | severity_data, |
double | severity, | ||
int | count | ||
) |
Add a multiple severity occurrences to the counts of a severity_data_t.
[in] | severity_data | The severity count struct to add to. |
[in] | severity | The severity to add. |
[in] | count | The number of occurrences to add. |
|
static |
Convert a severity value into an index in the counts array.
[in] | severity | Severity value. |
void severity_data_level_counts | ( | const severity_data_t * | severity_data, |
int * | errors, | ||
int * | false_positives, | ||
int * | logs, | ||
int * | lows, | ||
int * | mediums, | ||
int * | highs | ||
) |
Count the occurrences of severities in the levels.
[in] | severity_data | The severity counts data to evaluate. |
[out] | errors | The number of error messages. |
[out] | false_positives | The number of False Positives. |
[out] | logs | The number of Log messages. |
[out] | lows | The number of Low severity results. |
[out] | mediums | The number of Medium severity results. |
[out] | highs | The number of High severity results. |
|
static |
Calculate the total of severity counts in a range.
[in] | severity_data | The severity data struct to get counts from. |
[in] | min_severity | The minimum severity included in the range. |
[in] | max_severity | The maximum severity included in the range. |
double severity_data_value | ( | int | index | ) |
Convert an index in the counts array to a severity value.
[in] | index | Index in the counts array. |
int severity_in_level | ( | double | severity, |
const char * | level | ||
) |
Check whether a severity falls within a threat level.
[in] | severity | Severity. |
[in] | level | Threat level. |
const char* severity_to_level | ( | double | severity, |
int | mode | ||
) |
Get the threat level matching a severity score.
[in] | severity | severity score |
[in] | mode | 0 for normal levels, 1 to use "Alarm" for severity > 0.0 |
const char* severity_to_type | ( | double | severity | ) |
Get the message type matching a severity score.
[in] | severity | severity score |
int slave_get_relay | ( | const char * | original_host, |
int | original_port, | ||
const char * | original_ca_cert, | ||
const char * | protocol, | ||
gchar ** | new_host, | ||
int * | new_port, | ||
gchar ** | new_ca_cert | ||
) |
Gets a relay hostname and port for a sensor scanner.
If no mapper is available, a copy of the original host, port and CA certificate are returned.
[in] | original_host | The original hostname or IP address. |
[in] | original_port | The original port number. |
[in] | original_ca_cert | The original CA certificate. |
[in] | protocol | The protocol to look for, e.g. "GMP" or "OSP". |
[out] | new_host | The hostname or IP address of the relay. |
[out] | new_port | The port number of the relay. |
[out] | new_ca_cert | The CA certificate of the relay. |
int start_task | ( | const char * | task_id, |
char ** | report_id | ||
) |
Start a task.
A process will be forked to handle the task, but the forked process will never return.
[in] | task_id | The task ID. |
[out] | report_id | The report ID. |
|
static |
Stop an OSP task.
[in] | task | The task. |
int stop_task | ( | const char * | task_id | ) |
Initiate stopping a task.
[in] | task_id | Task UUID. |
int stop_task_internal | ( | task_t | task | ) |
Initiate stopping a task.
[in] | task | Task. |
|
static |
Get the SMB credential of a target as an osp_credential_t.
[in] | target | The target to get the credential from. |
|
static |
Get the SMB credential of a target as an osp_credential_t.
[in] | target | The target to get the credential from. |
|
static |
Get the SMB credential of a target as an osp_credential_t.
[in] | target | The target to get the credential from. |
|
static |
Get the SSH credential of a target as an osp_credential_t.
[in] | target | The target to get the credential from. |
const char* threat_message_type | ( | const char * | threat | ) |
Get the message type of a threat.
threat | Threat. |
gchar* truncate_certificate | ( | const gchar * | certificate | ) |
Truncate a certificate, removing extra data.
[in] | certificate | The certificate. |
gchar* truncate_private_key | ( | const gchar * | private_key | ) |
Truncate a private key, removing extra data.
[in] | private_key | The private key. |
|
static |
Truncates text to a maximum length, optionally appends a suffix.
Note: The string is modified in place instead of allocating a new one. With the xml option the function will avoid cutting the string in the middle of XML entities, but element tags will be ignored.
[in,out] | string | The string to truncate. |
[in] | max_len | The maximum length in bytes. |
[in] | xml | Whether to preserve XML entities. |
[in] | suffix | The suffix to append when the string is shortened. |
int type_is_scap | ( | const char * | type | ) |
Check if a type is a SCAP type.
[in] | type | Resource type. |
const char* type_name | ( | const char * | type | ) |
Return the name of a resource type.
[in] | type | Resource type. |
const char* type_name_plural | ( | const char * | type | ) |
Return the plural name of a resource type.
[in] | type | Resource type. |
int validate_username | ( | const gchar * | name | ) |
Validates a username.
[in] | name | The name. |
gchar* xml_escape_text_truncated | ( | const char * | string, |
size_t | max_len, | ||
const char * | suffix | ||
) |
XML escapes text truncating to a maximum length with a suffix.
Note: The function will avoid cutting the string in the middle of XML entities.
[in] | string | The string to truncate. |
[in] | max_len | The maximum length in bytes. |
[in] | suffix | The suffix to append when the string is shortened. |
|
static |
Run xsltproc in an external process.
[in] | stylesheet | XSL stylesheet to use. |
[in] | xmlfile | XML file to process. |
[in] | param_names | NULL terminated array of stringparam names (can be NULL). |
[in] | param_values | NULL terminated array of stringparam values (can be NULL). |
int authenticate_allow_all = 0 |
Flag for manage_auth_allow_all.
Flag to force authentication to succeed.
1 if set via scheduler, 2 if set via event, else 0.