Greenbone Vulnerability Manager  22.4.0~dev1
Data Structures | Macros | Functions | Variables
gvmd.c File Reference

The Greenbone Vulnerability Manager daemon. More...

#include <locale.h>
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <glib/gstdio.h>
#include <gnutls/gnutls.h>
#include <grp.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <execinfo.h>
#include <gvm/base/pidfile.h>
#include <gvm/base/pwpolicy.h>
#include <gvm/base/logging.h>
#include <bsd/unistd.h>
#include <gvm/base/gvm_sentry.h>
#include <gvm/util/fileutils.h>
#include <gvm/util/serverutils.h>
#include <gvm/util/ldaputils.h>
#include "debug_utils.h"
#include "manage.h"
#include "manage_sql_nvts.h"
#include "manage_sql_secinfo.h"
#include "manage_authentication.h"
#include "gmpd.h"
#include "utils.h"

Data Structures

struct  connection_watcher_data_t
 Connection watcher thread data. More...
 

Macros

#define G_LOG_DOMAIN   "md main"
 GLib log domain.
 
#define GVMD_VERSION   "-1"
 The version number of this program.
 
#define GVM_OS_NAME   "-1"
 The name of the underlying Operating System.
 
#define SCANNERCERT   "/var/lib/openvas/CA/servercert.pem"
 Location of scanner certificate.
 
#define SCANNERKEY   "/var/lib/openvas/private/CA/serverkey.pem"
 Location of scanner certificate private key.
 
#define CACERT   "/var/lib/openvas/CA/cacert.pem"
 Location of Certificate Authority certificate.
 
#define CLIENTCERT   "/var/lib/openvas/CA/clientcert.pem"
 Location of client certificate.
 
#define CLIENTKEY   "/var/lib/openvas/private/CA/clientkey.pem"
 Location of client certificate private key.
 
#define GVMD_PORT   9390
 Manager port. More...
 
#define MAX_CONNECTIONS   512
 Second argument to ‘listen’.
 
#define DEFAULT_CLIENT_WATCH_INTERVAL   1
 Default value for client_watch_interval.
 
#define DEFAULT_BROKER_ADDRESS   "localhost:1883"
 Default broker address.
 
#define BA_SIZE   100
 Maximum number of frames in backtrace. More...
 

Functions

static void set_gnutls_priority (gnutls_session_t *session, const char *priority)
 Sets the GnuTLS priorities for a given session. More...
 
static int option_lock (lockfile_t *lockfile_checking)
 Lock gvm-helping for an option. More...
 
static connection_watcher_data_tconnection_watcher_data_new (gvm_connection_t *client_connection)
 Create a new connection watcher thread data structure. More...
 
static void * watch_client_connection (void *data)
 Thread start routine watching the client connection. More...
 
static int serve_client (int server_socket, gvm_connection_t *client_connection)
 Serve the client. More...
 
static void accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current)
 Accept and fork. More...
 
static int fork_connection_internal (gvm_connection_t *client_connection, const gchar *uuid, int scheduler)
 Fork a child connected to the Manager. More...
 
static int fork_connection_for_scheduler (gvm_connection_t *client_connection, const gchar *uuid)
 Fork a child connected to the Manager. More...
 
static int fork_connection_for_event (gvm_connection_t *client_connection, const gchar *uuid)
 Fork a child connected to the Manager. More...
 
static void log_config_free ()
 Free logging configuration.
 
static void cleanup ()
 Clean up for exit. More...
 
static void handle_sigabrt (int given_signal)
 Handle a SIGABRT signal. More...
 
static void handle_termination_signal (int signal)
 Handle a termination signal. More...
 
static void handle_sigsegv (int given_signal)
 Handle a SIGSEGV signal. More...
 
static void handle_sigchld (int given_signal, siginfo_t *info, void *ucontext)
 Handle a SIGCHLD signal. More...
 
static void handle_sigabrt_simple (int signal)
 Handle a SIGABRT signal. More...
 
static int update_nvt_cache_osp (const gchar *update_socket)
 Update the NVT Cache using OSP. More...
 
static int update_nvt_cache_retry ()
 Update NVT cache in forked child, retrying if scanner loading. More...
 
static int fork_update_nvt_cache ()
 Update the NVT cache in a child process. More...
 
static int fork_feed_sync ()
 Forks a process to sync the feed. More...
 
static void serve_and_schedule ()
 Serve incoming connections, scheduling periodically. More...
 
static int manager_listen (const char *address_str_unix, const char *address_str_tls, const char *port_str, const char *socket_owner, const char *socket_group, const char *socket_mode, int *soc)
 Set a socket to listen for connections. More...
 
static gboolean parse_authentication_goption_arg (const gchar *opt, const gchar *arg, gpointer data, GError **err)
 parse_authentication_goption_arg is used to parse authentication parameter. More...
 
int gvmd (int argc, char **argv, char *env[])
 Entry point to the manager. More...
 

Variables

static int client_watch_interval = DEFAULT_CLIENT_WATCH_INTERVAL
 Interval in seconds to check whether client connection was closed.
 
static int manager_socket = -1
 The socket accepting GMP connections from clients.
 
static int manager_socket_2 = -1
 The optional, second socket accepting GMP connections from clients.
 
static int use_tls = 0
 Whether to use TLS for client connections.
 
static gnutls_session_t client_session
 The client session.
 
static gnutls_certificate_credentials_t client_credentials
 The client credentials.
 
static db_conn_info_t database = { NULL, NULL, NULL, NULL }
 Database connection info.
 
static int is_parent = 1
 Is this process parent or child?
 
volatile int termination_signal = 0
 Flag for signal handlers.
 
static gchar ** disabled_commands = NULL
 The address of the Scanner.
 
gboolean disable_encrypted_credentials
 Flag indicating that encrypted credentials are disabled. More...
 
static gboolean scheduling_enabled
 Flag indicating that task scheduling is enabled.
 
char client_address [INET6_ADDRSTRLEN]
 The GMP client's address.
 
static sigset_t * sigmask_normal = NULL
 Signal mask to restore when going from blocked to normal signaling.
 
static gchar * priorities_option = "NORMAL"
 GnuTLS priorities.
 
static gchar * dh_params_option = NULL
 GnuTLS DH params file.
 
static int update_in_progress = 0
 Whether an NVT update is in progress.
 
static int feed_version_check_in_progress = 0
 Whether a feed version check is in progress.
 
GSList * log_config = NULL
 Logging parameters, as passed to setup_log_handlers.
 

Detailed Description

The Greenbone Vulnerability Manager daemon.

This file defines the Greenbone Vulnerability Manager daemon. The Manager serves the Greenbone Management Protocol (GMP) to clients such as Greenbone Security Assistant (the web interface). The Manager and GMP give clients full access to an OpenVAS Scanner.

The entry point to the daemon is the main function. From there the references in the function documentation describe the flow of control in the program.

Macro Definition Documentation

◆ BA_SIZE

#define BA_SIZE   100

Maximum number of frames in backtrace.

For debugging backtrace in handle_sigabrt and handle_sigsegv.

◆ GVMD_PORT

#define GVMD_PORT   9390

Manager port.

Used if /etc/services "otp" and –port are missing.

Function Documentation

◆ accept_and_maybe_fork()

static void accept_and_maybe_fork ( int  server_socket,
sigset_t *  sigmask_current 
)
static

Accept and fork.

Parameters
[in]server_socketManager socket.
[in]sigmask_currentSigmask to restore in child.

Accept the client connection and fork a child process to serve the client. The child calls serve_client to do the rest of the work.

◆ cleanup()

static void cleanup ( )
static

Clean up for exit.

Close sockets and streams.

Todo:
These should happen via gmp, maybe with "cleanup_gmp ();".

◆ connection_watcher_data_new()

static connection_watcher_data_t* connection_watcher_data_new ( gvm_connection_t *  client_connection)
static

Create a new connection watcher thread data structure.

Parameters
[in]client_connectionGVM connection to client to watch.
Returns
Newly allocated watcher thread data.

◆ fork_connection_for_event()

static int fork_connection_for_event ( gvm_connection_t *  client_connection,
const gchar *  uuid 
)
static

Fork a child connected to the Manager.

Parameters
[in]client_connectionClient connection.
[in]uuidUUID of user.
Returns
PID parent on success, 0 child on success, -1 error.

◆ fork_connection_for_scheduler()

static int fork_connection_for_scheduler ( gvm_connection_t *  client_connection,
const gchar *  uuid 
)
static

Fork a child connected to the Manager.

Parameters
[in]client_connectionClient connection.
[in]uuidUUID of schedule user.
Returns
PID parent on success, 0 child on success, -1 error.

◆ fork_connection_internal()

static int fork_connection_internal ( gvm_connection_t *  client_connection,
const gchar *  uuid,
int  scheduler 
)
static

Fork a child connected to the Manager.

Parameters
[in]client_connectionClient connection.
[in]uuidUUID of schedule user.
[in]schedulerWhether this is for the scheduler.
Returns
PID parent on success, 0 child on success, -1 error.
Todo:
Give the parent time to prepare.

◆ fork_feed_sync()

static int fork_feed_sync ( )
static

Forks a process to sync the feed.

Returns
0 success, 1 check in progress, -1 error. Always exits with EXIT_SUCCESS in child.
Todo:
This should happen via gmp, maybe with "cleanup_gmp ();".

◆ fork_update_nvt_cache()

static int fork_update_nvt_cache ( )
static

Update the NVT cache in a child process.

Returns
0 success, 1 update in progress, -1 error. Always exits with EXIT_SUCCESS in child.
Todo:
This should happen via gmp, maybe with "cleanup_gmp ();".

◆ gvmd()

int gvmd ( int  argc,
char **  argv,
char *  env[] 
)

Entry point to the manager.

Parameters
[in]argcThe number of arguments in argv.
[in]argvThe list of arguments to the program.
Returns
EXIT_SUCCESS on success, EXIT_FAILURE on failure.

LDAP debugging

◆ handle_sigabrt()

static void handle_sigabrt ( int  given_signal)
static

Handle a SIGABRT signal.

Parameters
[in]given_signalThe signal that caused this function to run.

◆ handle_sigabrt_simple()

static void handle_sigabrt_simple ( int  signal)
static

Handle a SIGABRT signal.

Parameters
[in]signalThe signal that caused this function to run.

◆ handle_sigchld()

static void handle_sigchld ( int  given_signal,
siginfo_t *  info,
void *  ucontext 
)
static

Handle a SIGCHLD signal.

Parameters
[in]given_signalThe signal that caused this function to run.
[in]infoSignal info.
[in]ucontextUser context.

◆ handle_sigsegv()

static void handle_sigsegv ( int  given_signal)
static

Handle a SIGSEGV signal.

Parameters
[in]given_signalThe signal that caused this function to run.

◆ handle_termination_signal()

static void handle_termination_signal ( int  signal)
static

Handle a termination signal.

Parameters
[in]signalThe signal that caused this function to run.

◆ manager_listen()

static int manager_listen ( const char *  address_str_unix,
const char *  address_str_tls,
const char *  port_str,
const char *  socket_owner,
const char *  socket_group,
const char *  socket_mode,
int *  soc 
)
static

Set a socket to listen for connections.

Parameters
[in]address_str_unixFile name to bind to. NULL for TLS.
[in]address_str_tlsIP or hostname to bind to.
[in]port_strPort to bind to, for TLS.
[out]socket_ownerOwner of socket, for UNIX.
[out]socket_groupGroup of socket, for UNIX.
[out]socket_modeMode of socket, in octal, for UNIX.
[out]socSocket listened on.
Returns
0 success, -1 error.

◆ option_lock()

static int option_lock ( lockfile_t lockfile_checking)
static

Lock gvm-helping for an option.

Parameters
[in]lockfile_checkingThe gvm-checking lockfile.
Returns
0 success, -1 failed.

◆ parse_authentication_goption_arg()

static gboolean parse_authentication_goption_arg ( const gchar *  opt,
const gchar *  arg,
gpointer  data,
GError **  err 
)
static

parse_authentication_goption_arg is used to parse authentication parameter.

Parameters
[in]optthe parameter (e.g. –pepper).
[in]argthe value of the parameter.
[in]datathe pointer of the data to set (unused).
[in]errused to set error string on failure.
Returns
TRUE success, FALSE on failure.

◆ serve_and_schedule()

static void serve_and_schedule ( )
static

Serve incoming connections, scheduling periodically.

Enter an infinite loop, waiting for connections and passing the work to ‘accept_and_maybe_fork’.

Periodically, call the manage scheduler to start and stop scheduled tasks.

◆ serve_client()

static int serve_client ( int  server_socket,
gvm_connection_t *  client_connection 
)
static

Serve the client.

In all cases, close client_socket before returning.

Parameters
[in]server_socketThe socket connected to the Manager.
[in]client_connectionThe connection to the client.
Returns
EXIT_SUCCESS on success, EXIT_FAILURE on failure.

◆ set_gnutls_priority()

static void set_gnutls_priority ( gnutls_session_t *  session,
const char *  priority 
)
static

Sets the GnuTLS priorities for a given session.

Parameters
[in]sessionSession for which to set the priorities.
[in]priorityPriority string.

◆ update_nvt_cache_osp()

static int update_nvt_cache_osp ( const gchar *  update_socket)
static

Update the NVT Cache using OSP.

Parameters
[in]update_socketUNIX socket for contacting openvas-ospd.
Returns
0 success, -1 error, 1 VT integrity check failed.

◆ update_nvt_cache_retry()

static int update_nvt_cache_retry ( )
static

Update NVT cache in forked child, retrying if scanner loading.

Forks a child process to rebuild the nvt cache, retrying again if the child process reports that the scanner is still loading.

Returns
Exit status of child spawned to do rebuild.

◆ watch_client_connection()

static void* watch_client_connection ( void *  data)
static

Thread start routine watching the client connection.

Parameters
[in]dataThe connection data watcher struct.
Returns
Always NULL.

Variable Documentation

◆ disable_encrypted_credentials

gboolean disable_encrypted_credentials

Flag indicating that encrypted credentials are disabled.

Setting this flag does not change any existing encrypted tuples but simply won't encrypt or decrypt anything. The variable is controlled by the command line option –disable-encrypted-credentials.