Greenbone Vulnerability Manager
22.4.0~dev1
|
The Greenbone Vulnerability Manager daemon. More...
#include <locale.h>
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <glib/gstdio.h>
#include <gnutls/gnutls.h>
#include <grp.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <execinfo.h>
#include <gvm/base/pidfile.h>
#include <gvm/base/pwpolicy.h>
#include <gvm/base/logging.h>
#include <bsd/unistd.h>
#include <gvm/base/gvm_sentry.h>
#include <gvm/util/fileutils.h>
#include <gvm/util/serverutils.h>
#include <gvm/util/ldaputils.h>
#include "debug_utils.h"
#include "manage.h"
#include "manage_sql_nvts.h"
#include "manage_sql_secinfo.h"
#include "manage_authentication.h"
#include "gmpd.h"
#include "utils.h"
Data Structures | |
struct | connection_watcher_data_t |
Connection watcher thread data. More... | |
Macros | |
#define | G_LOG_DOMAIN "md main" |
GLib log domain. | |
#define | GVMD_VERSION "-1" |
The version number of this program. | |
#define | GVM_OS_NAME "-1" |
The name of the underlying Operating System. | |
#define | SCANNERCERT "/var/lib/openvas/CA/servercert.pem" |
Location of scanner certificate. | |
#define | SCANNERKEY "/var/lib/openvas/private/CA/serverkey.pem" |
Location of scanner certificate private key. | |
#define | CACERT "/var/lib/openvas/CA/cacert.pem" |
Location of Certificate Authority certificate. | |
#define | CLIENTCERT "/var/lib/openvas/CA/clientcert.pem" |
Location of client certificate. | |
#define | CLIENTKEY "/var/lib/openvas/private/CA/clientkey.pem" |
Location of client certificate private key. | |
#define | GVMD_PORT 9390 |
Manager port. More... | |
#define | MAX_CONNECTIONS 512 |
Second argument to ‘listen’. | |
#define | DEFAULT_CLIENT_WATCH_INTERVAL 1 |
Default value for client_watch_interval. | |
#define | DEFAULT_BROKER_ADDRESS "localhost:1883" |
Default broker address. | |
#define | BA_SIZE 100 |
Maximum number of frames in backtrace. More... | |
Functions | |
static void | set_gnutls_priority (gnutls_session_t *session, const char *priority) |
Sets the GnuTLS priorities for a given session. More... | |
static int | option_lock (lockfile_t *lockfile_checking) |
Lock gvm-helping for an option. More... | |
static connection_watcher_data_t * | connection_watcher_data_new (gvm_connection_t *client_connection) |
Create a new connection watcher thread data structure. More... | |
static void * | watch_client_connection (void *data) |
Thread start routine watching the client connection. More... | |
static int | serve_client (int server_socket, gvm_connection_t *client_connection) |
Serve the client. More... | |
static void | accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current) |
Accept and fork. More... | |
static int | fork_connection_internal (gvm_connection_t *client_connection, const gchar *uuid, int scheduler) |
Fork a child connected to the Manager. More... | |
static int | fork_connection_for_scheduler (gvm_connection_t *client_connection, const gchar *uuid) |
Fork a child connected to the Manager. More... | |
static int | fork_connection_for_event (gvm_connection_t *client_connection, const gchar *uuid) |
Fork a child connected to the Manager. More... | |
static void | log_config_free () |
Free logging configuration. | |
static void | cleanup () |
Clean up for exit. More... | |
static void | handle_sigabrt (int given_signal) |
Handle a SIGABRT signal. More... | |
static void | handle_termination_signal (int signal) |
Handle a termination signal. More... | |
static void | handle_sigsegv (int given_signal) |
Handle a SIGSEGV signal. More... | |
static void | handle_sigchld (int given_signal, siginfo_t *info, void *ucontext) |
Handle a SIGCHLD signal. More... | |
static void | handle_sigabrt_simple (int signal) |
Handle a SIGABRT signal. More... | |
static int | update_nvt_cache_osp (const gchar *update_socket) |
Update the NVT Cache using OSP. More... | |
static int | update_nvt_cache_retry () |
Update NVT cache in forked child, retrying if scanner loading. More... | |
static int | fork_update_nvt_cache () |
Update the NVT cache in a child process. More... | |
static int | fork_feed_sync () |
Forks a process to sync the feed. More... | |
static void | serve_and_schedule () |
Serve incoming connections, scheduling periodically. More... | |
static int | manager_listen (const char *address_str_unix, const char *address_str_tls, const char *port_str, const char *socket_owner, const char *socket_group, const char *socket_mode, int *soc) |
Set a socket to listen for connections. More... | |
static gboolean | parse_authentication_goption_arg (const gchar *opt, const gchar *arg, gpointer data, GError **err) |
parse_authentication_goption_arg is used to parse authentication parameter. More... | |
int | gvmd (int argc, char **argv, char *env[]) |
Entry point to the manager. More... | |
Variables | |
static int | client_watch_interval = DEFAULT_CLIENT_WATCH_INTERVAL |
Interval in seconds to check whether client connection was closed. | |
static int | manager_socket = -1 |
The socket accepting GMP connections from clients. | |
static int | manager_socket_2 = -1 |
The optional, second socket accepting GMP connections from clients. | |
static int | use_tls = 0 |
Whether to use TLS for client connections. | |
static gnutls_session_t | client_session |
The client session. | |
static gnutls_certificate_credentials_t | client_credentials |
The client credentials. | |
static db_conn_info_t | database = { NULL, NULL, NULL, NULL } |
Database connection info. | |
static int | is_parent = 1 |
Is this process parent or child? | |
volatile int | termination_signal = 0 |
Flag for signal handlers. | |
static gchar ** | disabled_commands = NULL |
The address of the Scanner. | |
gboolean | disable_encrypted_credentials |
Flag indicating that encrypted credentials are disabled. More... | |
static gboolean | scheduling_enabled |
Flag indicating that task scheduling is enabled. | |
char | client_address [INET6_ADDRSTRLEN] |
The GMP client's address. | |
static sigset_t * | sigmask_normal = NULL |
Signal mask to restore when going from blocked to normal signaling. | |
static gchar * | priorities_option = "NORMAL" |
GnuTLS priorities. | |
static gchar * | dh_params_option = NULL |
GnuTLS DH params file. | |
static int | update_in_progress = 0 |
Whether an NVT update is in progress. | |
static int | feed_version_check_in_progress = 0 |
Whether a feed version check is in progress. | |
GSList * | log_config = NULL |
Logging parameters, as passed to setup_log_handlers. | |
The Greenbone Vulnerability Manager daemon.
This file defines the Greenbone Vulnerability Manager daemon. The Manager serves the Greenbone Management Protocol (GMP) to clients such as Greenbone Security Assistant (the web interface). The Manager and GMP give clients full access to an OpenVAS Scanner.
The entry point to the daemon is the main function. From there the references in the function documentation describe the flow of control in the program.
#define BA_SIZE 100 |
Maximum number of frames in backtrace.
For debugging backtrace in handle_sigabrt and handle_sigsegv.
#define GVMD_PORT 9390 |
Manager port.
Used if /etc/services "otp" and –port are missing.
|
static |
Accept and fork.
[in] | server_socket | Manager socket. |
[in] | sigmask_current | Sigmask to restore in child. |
Accept the client connection and fork a child process to serve the client. The child calls serve_client to do the rest of the work.
|
static |
Clean up for exit.
Close sockets and streams.
|
static |
Create a new connection watcher thread data structure.
[in] | client_connection | GVM connection to client to watch. |
|
static |
Fork a child connected to the Manager.
[in] | client_connection | Client connection. |
[in] | uuid | UUID of user. |
|
static |
Fork a child connected to the Manager.
[in] | client_connection | Client connection. |
[in] | uuid | UUID of schedule user. |
|
static |
Fork a child connected to the Manager.
[in] | client_connection | Client connection. |
[in] | uuid | UUID of schedule user. |
[in] | scheduler | Whether this is for the scheduler. |
|
static |
Forks a process to sync the feed.
|
static |
Update the NVT cache in a child process.
int gvmd | ( | int | argc, |
char ** | argv, | ||
char * | env[] | ||
) |
Entry point to the manager.
[in] | argc | The number of arguments in argv. |
[in] | argv | The list of arguments to the program. |
LDAP debugging
|
static |
Handle a SIGABRT signal.
[in] | given_signal | The signal that caused this function to run. |
|
static |
Handle a SIGABRT signal.
[in] | signal | The signal that caused this function to run. |
|
static |
Handle a SIGCHLD signal.
[in] | given_signal | The signal that caused this function to run. |
[in] | info | Signal info. |
[in] | ucontext | User context. |
|
static |
Handle a SIGSEGV signal.
[in] | given_signal | The signal that caused this function to run. |
|
static |
Handle a termination signal.
[in] | signal | The signal that caused this function to run. |
|
static |
Set a socket to listen for connections.
[in] | address_str_unix | File name to bind to. NULL for TLS. |
[in] | address_str_tls | IP or hostname to bind to. |
[in] | port_str | Port to bind to, for TLS. |
[out] | socket_owner | Owner of socket, for UNIX. |
[out] | socket_group | Group of socket, for UNIX. |
[out] | socket_mode | Mode of socket, in octal, for UNIX. |
[out] | soc | Socket listened on. |
|
static |
Lock gvm-helping for an option.
[in] | lockfile_checking | The gvm-checking lockfile. |
|
static |
parse_authentication_goption_arg is used to parse authentication parameter.
[in] | opt | the parameter (e.g. –pepper). |
[in] | arg | the value of the parameter. |
[in] | data | the pointer of the data to set (unused). |
[in] | err | used to set error string on failure. |
|
static |
Serve incoming connections, scheduling periodically.
Enter an infinite loop, waiting for connections and passing the work to ‘accept_and_maybe_fork’.
Periodically, call the manage scheduler to start and stop scheduled tasks.
|
static |
Serve the client.
In all cases, close client_socket before returning.
[in] | server_socket | The socket connected to the Manager. |
[in] | client_connection | The connection to the client. |
|
static |
Sets the GnuTLS priorities for a given session.
[in] | session | Session for which to set the priorities. |
[in] | priority | Priority string. |
|
static |
Update the NVT Cache using OSP.
[in] | update_socket | UNIX socket for contacting openvas-ospd. |
|
static |
Update NVT cache in forked child, retrying if scanner loading.
Forks a child process to rebuild the nvt cache, retrying again if the child process reports that the scanner is still loading.
|
static |
Thread start routine watching the client connection.
[in] | data | The connection data watcher struct. |
gboolean disable_encrypted_credentials |
Flag indicating that encrypted credentials are disabled.
Setting this flag does not change any existing encrypted tuples but simply won't encrypt or decrypt anything. The variable is controlled by the command line option –disable-encrypted-credentials.