OpenVAS Manager  7.0.3~git
manage.c
Go to the documentation of this file.
1 /* OpenVAS Manager
2  * $Id$
3  * Description: Module for OpenVAS Manager: the Manage library.
4  *
5  * Authors:
6  * Matthew Mundell <matthew.mundell@greenbone.net>
7  * Timo Pollmeier <timo.pollmeier@greenbone.net>
8  *
9  * Copyright:
10  * Copyright (C) 2009-2013 Greenbone Networks GmbH
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License
14  * as published by the Free Software Foundation; either version 2
15  * of the License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful,
18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20  * GNU General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
25  */
26 
40 /* time.h in glibc2 needs this for strptime. */
41 #define _XOPEN_SOURCE
42 /* pthread_sigmask () needs this with glibc < 2.19 */
43 #define _GNU_SOURCE
44 
45 #include "manage.h"
46 #include "scanner.h"
47 #include "manage_acl.h"
48 #include "manage_sql.h"
49 #include "ovas-mngr-comm.h"
50 #include "utils.h"
51 
52 #include <assert.h>
53 #include <ctype.h>
54 #include <errno.h>
55 #include <dirent.h>
56 #include <fcntl.h>
57 #include <glib.h>
58 #include <math.h>
59 #include <locale.h>
60 #include <stdio.h>
61 #include <stdlib.h>
62 #include <string.h>
63 #include <strings.h>
64 #include <sys/stat.h>
65 #include <sys/types.h>
66 #include <sys/wait.h>
67 #include <time.h>
68 #include <unistd.h>
69 
70 #include <openvas/base/cvss.h>
71 #include <openvas/base/gpgme_util.h>
72 #include <openvas/base/openvas_string.h>
73 #include <openvas/base/openvas_file.h>
74 #include <openvas/base/openvas_hosts.h>
75 #include <openvas/omp/omp.h>
76 #include <openvas/misc/openvas_server.h>
77 #include <openvas/misc/nvt_categories.h>
78 #include <openvas/misc/openvas_uuid.h>
79 #include <openvas/misc/openvas_proctitle.h>
80 
81 #undef G_LOG_DOMAIN
82 
85 #define G_LOG_DOMAIN "md manage"
86 
90 #define CPE_GETBYNAME_XSL OPENVAS_SCAP_RES_DIR "/cpe_getbyname.xsl"
91 
95 #define CVE_GETBYNAME_XSL OPENVAS_SCAP_RES_DIR "/cve_getbyname.xsl"
96 
100 #define OVALDEF_GETBYNAME_XSL OPENVAS_SCAP_RES_DIR "/ovaldef_getbyname.xsl"
101 
105 #define CERT_BUND_ADV_GETBYNAME_XSL OPENVAS_CERT_RES_DIR "/cert_bund_getbyname.xsl"
106 
110 #define DFN_CERT_ADV_GETBYNAME_XSL OPENVAS_CERT_RES_DIR "/dfn_cert_getbyname.xsl"
111 
115 #define CPE_DICT_FILENAME OPENVAS_SCAP_DATA_DIR "/official-cpe-dictionary_v2.2.xml"
116 
122 #define CVE_FILENAME_FMT OPENVAS_SCAP_DATA_DIR "/nvdcve-2.0-%d.xml"
123 
129 #define CERT_BUND_ADV_FILENAME_FMT OPENVAS_CERT_DATA_DIR "/CB-K%02d.xml"
130 
137 #define DFN_CERT_ADV_FILENAME_FMT OPENVAS_CERT_DATA_DIR "/dfn-cert-%04d.xml"
138 
142 #define SCAP_TIMESTAMP_FILENAME OPENVAS_SCAP_DATA_DIR "/timestamp"
143 
147 #define CERT_TIMESTAMP_FILENAME OPENVAS_CERT_DATA_DIR "/timestamp"
148 
152 #define MAX_CHECKS_DEFAULT "4"
153 
157 #define MAX_HOSTS_DEFAULT "20"
158 
159 extern volatile int termination_signal;
160 
161 static int schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT;
162 
163 
164 /* Certificate and key management. */
165 
173 gchar *
174 truncate_certificate (const gchar* certificate)
175 {
176  gchar *cert_start, *cert_end;
177  cert_start = strstr (certificate, "-----BEGIN CERTIFICATE-----");
178  if (cert_start)
179  {
180  cert_end = strstr (cert_start, "-----END CERTIFICATE-----");
181 
182  if (cert_end == NULL)
183  return NULL;
184 
185  cert_end += strlen ("-----END CERTIFICATE-----");
186 
187  if (cert_end[0] == '\n')
188  cert_end++;
189 
190  return g_strndup (cert_start, cert_end - cert_start);
191  }
192  return NULL;
193 }
194 
202 gchar *
203 truncate_private_key (const gchar* private_key)
204 {
205  gchar *key_start, *key_end;
206  key_end = NULL;
207  key_start = strstr (private_key, "-----BEGIN RSA PRIVATE KEY-----");
208  if (key_start)
209  {
210  key_end = strstr (key_start, "-----END RSA PRIVATE KEY-----");
211 
212  if (key_end)
213  key_end += strlen ("-----END RSA PRIVATE KEY-----");
214  else
215  return NULL;
216  }
217  else
218  {
219  key_start = strstr (private_key, "-----BEGIN DSA PRIVATE KEY-----");
220  if (key_start)
221  {
222  key_end = strstr (key_start, "-----END DSA PRIVATE KEY-----");
223 
224  if (key_end)
225  key_end += strlen ("-----END DSA PRIVATE KEY-----");
226  else
227  return NULL;
228  }
229  }
230 
231  if (key_end && key_end[0] == '\n')
232  key_end++;
233 
234  if (key_start == NULL || key_end == NULL)
235  return NULL;
236  else
237  return g_strndup (key_start, key_end - key_start);
238 }
239 
251 int
252 get_certificate_info (const gchar* certificate,
253  time_t* activation_time, time_t* expiration_time,
254  gchar** fingerprint, gchar** issuer)
255 {
256  gchar *cert_truncated;
257 
258  cert_truncated = NULL;
259  if (activation_time)
260  *activation_time = -1;
261  if (expiration_time)
262  *expiration_time = -1;
263  if (fingerprint)
264  *fingerprint = NULL;
265  if (issuer)
266  *issuer = NULL;
267 
268  if (certificate)
269  {
270  int err;
271  gnutls_datum_t cert_datum;
272  gnutls_x509_crt_t gnutls_cert;
273 
274  cert_truncated = truncate_certificate (certificate);
275  if (cert_truncated == NULL)
276  {
277  return -1;
278  }
279  cert_datum.data = (unsigned char*) cert_truncated;
280  cert_datum.size = strlen (cert_truncated);
281 
282  gnutls_x509_crt_init (&gnutls_cert);
283  err = gnutls_x509_crt_import (gnutls_cert, &cert_datum,
284  GNUTLS_X509_FMT_PEM);
285  if (err)
286  {
287  g_free (cert_truncated);
288  return -1;
289  }
290 
291  if (activation_time)
292  {
293  *activation_time
294  = gnutls_x509_crt_get_activation_time (gnutls_cert);
295  }
296 
297  if (expiration_time)
298  {
299  *expiration_time
300  = gnutls_x509_crt_get_expiration_time (gnutls_cert);
301  }
302 
303  if (fingerprint) {
304  int i;
305  size_t buffer_size = 16;
306  unsigned char buffer[buffer_size];
307  GString *string;
308 
309  string = g_string_new ("");
310 
311  gnutls_x509_crt_get_fingerprint(gnutls_cert, GNUTLS_DIG_MD5,
312  buffer, &buffer_size);
313 
314  for (i = 0; i < buffer_size; i++)
315  {
316  if (i != 0)
317  {
318  g_string_append_c (string, ':');
319  }
320  g_string_append_printf(string, "%02x", buffer[i]);
321  }
322 
323  *fingerprint = string->str;
324  g_string_free (string, FALSE);
325  }
326 
327  if (issuer)
328  {
329  size_t buffer_size;
330  gchar *buffer;
331  gnutls_x509_crt_get_issuer_dn(gnutls_cert, NULL, &buffer_size);
332  buffer = g_malloc(buffer_size);
333  gnutls_x509_crt_get_issuer_dn(gnutls_cert, buffer, &buffer_size);
334 
335  *issuer = buffer;
336  }
337 
338  gnutls_x509_crt_deinit (gnutls_cert);
339  g_free (cert_truncated);
340  }
341  return 0;
342 }
343 
351 gchar *
352 certificate_iso_time (time_t time)
353 {
354  if (time == 0)
355  return (g_strdup ("unlimited"));
356  else if (time == -1)
357  return (g_strdup ("unknown"));
358  else
359  return (g_strdup (iso_time (&time)));
360 }
361 
370 const gchar *
371 certificate_time_status (time_t activates, time_t expires)
372 {
373  time_t now;
374  time (&now);
375 
376  if (activates == -1 || expires == -1)
377  return "unknown";
378  else if (activates > now)
379  return "inactive";
380  else if (expires != 0 && expires < now)
381  return "expired";
382  else
383  return "valid";
384 }
385 
386 
387 /* Helpers. */
388 
396 void
397 slist_free (GSList* list)
398 {
399  GSList *head = list;
400  while (list)
401  {
402  g_free (list->data);
403  list = g_slist_next (list);
404  }
405  g_slist_free (head);
406 }
407 
415 const char *
416 type_name_plural (const char* type)
417 {
418  if (type == NULL)
419  return "ERROR";
420 
421  if (strcasecmp (type, "cpe") == 0)
422  return "CPEs";
423  if (strcasecmp (type, "cve") == 0)
424  return "CVEs";
425  if (strcasecmp (type, "cert_bund_adv") == 0)
426  return "CERT-Bund Advisories";
427  if (strcasecmp (type, "dfn_cert_adv") == 0)
428  return "DFN-CERT Advisories";
429  if (strcasecmp (type, "nvt") == 0)
430  return "NVTs";
431  if (strcasecmp (type, "ovaldef") == 0)
432  return "OVAL Definitions";
433 
434  return "ERROR";
435 }
436 
444 const char *
445 type_name (const char* type)
446 {
447  if (type == NULL)
448  return "ERROR";
449 
450  if (strcasecmp (type, "cpe") == 0)
451  return "CPE";
452  if (strcasecmp (type, "cve") == 0)
453  return "CVE";
454  if (strcasecmp (type, "cert_bund_adv") == 0)
455  return "CERT-Bund Advisory";
456  if (strcasecmp (type, "dfn_cert_adv") == 0)
457  return "DFN-CERT Advisory";
458  if (strcasecmp (type, "nvt") == 0)
459  return "NVT";
460  if (strcasecmp (type, "ovaldef") == 0)
461  return "OVAL Definition";
462 
463  return "ERROR";
464 }
465 
473 int
474 type_is_scap (const char* type)
475 {
476  return (strcasecmp (type, "cpe") == 0)
477  || (strcasecmp (type, "cve") == 0)
478  || (strcasecmp (type, "ovaldef") == 0);
479 }
480 
490 static int
491 check_available (const gchar *type, resource_t resource,
492  const gchar *permission)
493 {
494  if (resource)
495  {
496  gchar *uuid;
497  resource_t found;
498 
499  uuid = resource_uuid (type, resource);
500  if (find_resource_with_permission (type, uuid, &found, permission, 0))
501  {
502  g_free (uuid);
503  return -1;
504  }
505  g_free (uuid);
506  if (found == 0)
507  return 99;
508 
509  return 0;
510  }
511 
512  return -1;
513 }
514 
515 
516 /* Severity related functions. */
517 
525 const char *
526 threat_message_type (const char *threat)
527 {
528  if (strcasecmp (threat, "High") == 0)
529  return "Alarm";
530  if (strcasecmp (threat, "Medium") == 0)
531  return "Alarm";
532  if (strcasecmp (threat, "Low") == 0)
533  return "Alarm";
534  if (strcasecmp (threat, "Log") == 0)
535  return "Log Message";
536  if (strcasecmp (threat, "Debug") == 0)
537  return "Debug Message";
538  if (strcasecmp (threat, "Error") == 0)
539  return "Error Message";
540  if (strcasecmp (threat, "False Positive") == 0)
541  return "False Positive";
542  return NULL;
543 }
544 
552 const char *
553 message_type_threat (const char *type)
554 {
555  if (strcasecmp (type, "Alarm") == 0)
556  return "Alarm";
557  if (strcasecmp (type, "Security Hole") == 0)
558  return "High";
559  if (strcasecmp (type, "Security Warning") == 0)
560  return "Medium";
561  if (strcasecmp (type, "Security Note") == 0)
562  return "Low";
563  if (strcasecmp (type, "Log Message") == 0)
564  return "Log";
565  if (strcasecmp (type, "Debug Message") == 0)
566  return "Debug";
567  if (strcasecmp (type, "Error Message") == 0)
568  return "Error";
569  if (strcasecmp (type, "False Positive") == 0)
570  return "False Positive";
571  return NULL;
572 }
573 
582 int
583 severity_in_level (double severity, const char *level)
584 {
585  const char *class;
586 
587  class = setting_severity ();
588  if (strcmp (class, "classic") == 0)
589  {
590  if (strcmp (level, "high") == 0)
591  return severity > 5 && severity <= 10;
592  else if (strcmp (level, "medium") == 0)
593  return severity > 2 && severity <= 5;
594  else if (strcmp (level, "low") == 0)
595  return severity > 0 && severity <= 2;
596  else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
597  return severity == 0;
598  else
599  return 0;
600  }
601  else if (strcmp (class, "pci-dss") == 0)
602  {
603  if (strcmp (level, "high") == 0)
604  return severity >= 4.0;
605  else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
606  return severity >= 0.0 && severity < 4.0;
607  else
608  return 0;
609  }
610  else
611  {
612  /* NIST/BSI. */
613  if (strcmp (level, "high") == 0)
614  return severity >= 7 && severity <= 10;
615  else if (strcmp (level, "medium") == 0)
616  return severity >= 4 && severity < 7;
617  else if (strcmp (level, "low") == 0)
618  return severity > 0 && severity < 4;
619  else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
620  return severity == 0;
621  else
622  return 0;
623  }
624 }
625 
634 int
635 severity_matches_ov (double severity, double ov_severity)
636 {
637  if (ov_severity <= 0.0)
638  return severity == ov_severity;
639  else
640  return severity >= ov_severity;
641 }
642 
651 const char*
652 severity_to_level (double severity, int mode)
653 {
654  if (severity == SEVERITY_LOG)
655  return "Log";
656  else if (severity == SEVERITY_FP)
657  return "False Positive";
658  else if (severity == SEVERITY_DEBUG)
659  return "Debug";
660  else if (severity == SEVERITY_ERROR)
661  return "Error";
662  else if (severity > 0.0 && severity <= 10.0)
663  {
664  if (mode == 1)
665  return ("Alarm");
666  else if (severity_in_level (severity, "high"))
667  return ("High");
668  else if (severity_in_level (severity, "medium"))
669  return ("Medium");
670  else if (severity_in_level (severity, "low"))
671  return ("Low");
672  else
673  return ("Log");
674  }
675  else
676  {
677  g_warning ("%s: Invalid severity score given: %f",
678  __FUNCTION__, severity);
679  return (NULL);
680  }
681 }
682 
690 const char*
691 severity_to_type (double severity)
692 {
693  if (severity == SEVERITY_LOG)
694  return "Log Message";
695  else if (severity == SEVERITY_FP)
696  return "False Positive";
697  else if (severity == SEVERITY_DEBUG)
698  return "Debug Message";
699  else if (severity == SEVERITY_ERROR)
700  return "Error Message";
701  else if (severity > 0.0 && severity <= 10.0)
702  return "Alarm";
703  else
704  {
705  g_warning ("%s: Invalid severity score given: %f",
706  __FUNCTION__, severity);
707  return (NULL);
708  }
709 }
710 
711 
712 /* Credentials. */
713 
717 credentials_t current_credentials;
718 
719 
720 /* Reports. */
721 
732 int
734 {
735  report_t report;
737  init_report_iterator_task (&iterator, task);
738  while (next_report (&iterator, &report))
739  if (delete_report_internal (report))
740  {
741  cleanup_iterator (&iterator);
742  return -1;
743  }
744  cleanup_iterator (&iterator);
745  return 0;
746 }
747 
751 gchar *
752 report_results_filter_term (int first, int rows,
753  int apply_overrides, int autofp, int min_qod)
754 {
755  return g_strdup_printf ("first=%d rows=%d"
756  " apply_overrides=%d autofp=%d min_qod=%d",
757  first, rows,
758  apply_overrides, autofp, min_qod);
759 }
760 
761 
765 get_data_t*
766 report_results_get_data (int first, int rows,
767  int apply_overrides, int autofp, int min_qod)
768 {
769  get_data_t* get = malloc (sizeof (get_data_t));
770  memset (get, 0, sizeof (get_data_t));
771  get->type = g_strdup ("result");
772  get->filter = report_results_filter_term (first, rows,
773  apply_overrides, autofp, min_qod);
774 
775  return get;
776 }
777 
778 /* Array index of severity 0.0 in the severity_data_t.counts array */
779 #define ZERO_SEVERITY_INDEX 4
780 
788 int
789 severity_data_index (double severity)
790 {
791  int ret;
792  if (severity >= 0.0)
793  ret = (int)(round (severity * SEVERITY_SUBDIVISIONS)) + ZERO_SEVERITY_INDEX;
794  else if (severity == SEVERITY_FP || severity == SEVERITY_DEBUG
795  || severity == SEVERITY_ERROR)
796  ret = (int)(round (severity)) + ZERO_SEVERITY_INDEX;
797  else
798  ret = 0;
799 
800  return ret;
801 }
802 
810 double
812 {
813  double ret;
814  if (index <= ZERO_SEVERITY_INDEX && index > 0)
815  ret = ((double) index) - ZERO_SEVERITY_INDEX;
816  else if (index <= (ZERO_SEVERITY_INDEX
818  ret = (((double) (index - ZERO_SEVERITY_INDEX)) / SEVERITY_SUBDIVISIONS);
819  else
820  ret = SEVERITY_MISSING;
821 
822  return ret;
823 }
824 
830 void
832 {
833  int max_i;
835 
836  data->counts = g_malloc0 (sizeof (int) * (max_i + 1));
837 
838  data->total = 0;
839  data->max = SEVERITY_MISSING;
840 }
841 
847 void
849 {
850  g_free (data->counts);
851 }
852 
859 void
860 severity_data_add (severity_data_t* severity_data, double severity)
861 {
862  (severity_data->counts)[severity_data_index (severity)]++;
863 
864  if (severity_data->total == 0 || severity_data->max <= severity)
865  severity_data->max = severity;
866 
867  (severity_data->total)++;
868 }
869 
877 void
878 severity_data_add_count (severity_data_t* severity_data, double severity,
879  int count)
880 {
881  (severity_data->counts)[severity_data_index (severity)] += count;
882 
883  if (severity_data->total == 0 || severity_data->max <= severity)
884  severity_data->max = severity;
885 
886  (severity_data->total) += count;
887 }
888 
898 int
900  double min_severity, double max_severity)
901 {
902  int i, i_max, count;
903 
904  i_max = severity_data_index (max_severity);
905  count = 0;
906 
907  for (i = severity_data_index (min_severity);
908  i <= i_max;
909  i++)
910  {
911  count += (severity_data->counts)[i];
912  }
913  return count;
914 }
915 
929 void
931  const gchar *severity_class,
932  int *errors, int *debugs, int *false_positives,
933  int *logs, int *lows, int *mediums, int *highs)
934 {
935  if (errors)
936  *errors
937  = severity_data_range_count (severity_data,
938  level_min_severity ("Error",
939  severity_class),
940  level_max_severity ("Error",
941  severity_class));
942 
943  if (debugs)
944  *debugs
945  = severity_data_range_count (severity_data,
946  level_min_severity ("Debug",
947  severity_class),
948  level_max_severity ("Debug",
949  severity_class));
950 
951  if (false_positives)
952  *false_positives
953  = severity_data_range_count (severity_data,
954  level_min_severity ("False Positive",
955  severity_class),
956  level_max_severity ("False Positive",
957  severity_class));
958 
959  if (logs)
960  *logs
961  = severity_data_range_count (severity_data,
962  level_min_severity ("Log",
963  severity_class),
964  level_max_severity ("Log",
965  severity_class));
966 
967  if (lows)
968  *lows
969  = severity_data_range_count (severity_data,
970  level_min_severity ("low",
971  severity_class),
972  level_max_severity ("low",
973  severity_class));
974 
975  if (mediums)
976  *mediums
977  = severity_data_range_count (severity_data,
978  level_min_severity ("medium",
979  severity_class),
980  level_max_severity ("medium",
981  severity_class));
982 
983  if (highs)
984  *highs
985  = severity_data_range_count (severity_data,
986  level_min_severity ("high",
987  severity_class),
988  level_max_severity ("high",
989  severity_class));
990 }
991 
992 
993 /* Task globals. */
994 
999 
1004 
1005 
1006 /* Alerts. */
1007 
1015 const char*
1017 {
1018  switch (condition)
1019  {
1021  return "Always";
1023  return "Filter count at least";
1025  return "Filter count changed";
1027  return "Severity at least";
1029  return "Severity changed";
1030  default:
1031  return "Internal Error";
1032  }
1033 }
1034 
1042 const char*
1044 {
1045  switch (event)
1046  {
1047  case EVENT_TASK_RUN_STATUS_CHANGED: return "Task run status changed";
1048  case EVENT_NEW_SECINFO: return "New SecInfo arrived";
1049  case EVENT_UPDATED_SECINFO: return "Updated SecInfo arrived";
1050  default: return "Internal Error";
1051  }
1052 }
1053 
1062 gchar*
1064  alert_t alert)
1065 {
1066  switch (condition)
1067  {
1069  return g_strdup ("Always");
1071  {
1072  char *level;
1073  gchar *ret;
1074 
1075  level = alert_data (alert, "condition", "severity");
1076  ret = g_strdup_printf ("Filter count at least %s",
1077  level ? level : "0");
1078  free (level);
1079  return ret;
1080  }
1082  return g_strdup ("Filter count changed");
1084  {
1085  char *level = alert_data (alert, "condition", "severity");
1086  gchar *ret = g_strdup_printf ("Task severity is at least '%s'",
1087  level);
1088  free (level);
1089  return ret;
1090  }
1092  {
1093  char *direction;
1094  direction = alert_data (alert, "condition", "direction");
1095  gchar *ret = g_strdup_printf ("Task severity %s", direction);
1096  free (direction);
1097  return ret;
1098  }
1099  default:
1100  return g_strdup ("Internal Error");
1101  }
1102 }
1103 
1113 gchar*
1114 event_description (event_t event, const void *event_data, const char *task_name)
1115 {
1116  switch (event)
1117  {
1119  if (task_name)
1120  return g_strdup_printf
1121  ("The security scan task '%s' changed status to '%s'",
1122  task_name,
1123  run_status_name ((task_status_t) event_data));
1124  return g_strdup_printf ("Task status changed to '%s'",
1125  run_status_name ((task_status_t) event_data));
1126  break;
1127  case EVENT_NEW_SECINFO:
1128  return g_strdup_printf ("New SecInfo arrived");
1129  break;
1130  case EVENT_UPDATED_SECINFO:
1131  return g_strdup_printf ("Updated SecInfo arrived");
1132  break;
1133  default:
1134  return g_strdup ("Internal Error");
1135  }
1136 }
1137 
1145 const char*
1147 {
1148  switch (method)
1149  {
1150  case ALERT_METHOD_EMAIL: return "Email";
1151  case ALERT_METHOD_HTTP_GET: return "HTTP Get";
1152  case ALERT_METHOD_SCP: return "SCP";
1153  case ALERT_METHOD_SEND: return "Send";
1154  case ALERT_METHOD_SMB: return "SMB";
1155  case ALERT_METHOD_SNMP: return "SNMP";
1156  case ALERT_METHOD_SOURCEFIRE: return "Sourcefire Connector";
1157  case ALERT_METHOD_START_TASK: return "Start Task";
1158  case ALERT_METHOD_SYSLOG: return "Syslog";
1159  case ALERT_METHOD_TIPPINGPOINT:return "TippingPoint SMS";
1160  case ALERT_METHOD_VERINICE: return "verinice Connector";
1161  default: return "Internal Error";
1162  }
1163 }
1164 
1173 alert_condition_from_name (const char* name)
1174 {
1175  if (strcasecmp (name, "Always") == 0)
1176  return ALERT_CONDITION_ALWAYS;
1177  if (strcasecmp (name, "Filter count at least") == 0)
1179  if (strcasecmp (name, "Filter count changed") == 0)
1181  if (strcasecmp (name, "Severity at least") == 0)
1183  if (strcasecmp (name, "Severity changed") == 0)
1185  return ALERT_CONDITION_ERROR;
1186 }
1187 
1195 event_t
1196 event_from_name (const char* name)
1197 {
1198  if (strcasecmp (name, "Task run status changed") == 0)
1200  if (strcasecmp (name, "New SecInfo arrived") == 0)
1201  return EVENT_NEW_SECINFO;
1202  if (strcasecmp (name, "Updated SecInfo arrived") == 0)
1203  return EVENT_UPDATED_SECINFO;
1204  return EVENT_ERROR;
1205 }
1206 
1215 alert_method_from_name (const char* name)
1216 {
1217  if (strcasecmp (name, "Email") == 0)
1218  return ALERT_METHOD_EMAIL;
1219  if (strcasecmp (name, "HTTP Get") == 0)
1220  return ALERT_METHOD_HTTP_GET;
1221  if (strcasecmp (name, "SCP") == 0)
1222  return ALERT_METHOD_SCP;
1223  if (strcasecmp (name, "Send") == 0)
1224  return ALERT_METHOD_SEND;
1225  if (strcasecmp (name, "SMB") == 0)
1226  return ALERT_METHOD_SMB;
1227  if (strcasecmp (name, "SNMP") == 0)
1228  return ALERT_METHOD_SNMP;
1229  if (strcasecmp (name, "Sourcefire Connector") == 0)
1230  return ALERT_METHOD_SOURCEFIRE;
1231  if (strcasecmp (name, "Start Task") == 0)
1232  return ALERT_METHOD_START_TASK;
1233  if (strcasecmp (name, "Syslog") == 0)
1234  return ALERT_METHOD_SYSLOG;
1235  if (strcasecmp (name, "TippingPoint SMS") == 0)
1237  if (strcasecmp (name, "verinice Connector") == 0)
1238  return ALERT_METHOD_VERINICE;
1239  return ALERT_METHOD_ERROR;
1240 }
1241 
1242 
1243 /* General task facilities. */
1244 
1252 const char*
1254 {
1255  switch (status)
1256  {
1259  return "Delete Requested";
1262  return "Ultimate Delete Requested";
1263  case TASK_STATUS_DONE: return "Done";
1264  case TASK_STATUS_NEW: return "New";
1265 
1266  case TASK_STATUS_REQUESTED: return "Requested";
1267 
1268  case TASK_STATUS_RUNNING: return "Running";
1269 
1273  return "Stop Requested";
1274 
1275  case TASK_STATUS_STOPPED: return "Stopped";
1276  default: return "Internal Error";
1277  }
1278 }
1279 
1287 const char*
1289 {
1290  switch (status)
1291  {
1292  case TASK_STATUS_DELETE_REQUESTED: return "Delete Requested";
1294  return "Ultimate Delete Requested";
1296  return "Ultimate Delete Waiting";
1297  case TASK_STATUS_DELETE_WAITING: return "Delete Waiting";
1298  case TASK_STATUS_DONE: return "Done";
1299  case TASK_STATUS_NEW: return "New";
1300 
1301  case TASK_STATUS_REQUESTED: return "Requested";
1302 
1303  case TASK_STATUS_RUNNING: return "Running";
1304 
1307  return "Stop Requested";
1308 
1310  return "Stop Waiting";
1311 
1312  case TASK_STATUS_STOPPED: return "Stopped";
1313  default: return "Internal Error";
1314  }
1315 }
1316 
1325 static GSList*
1326 get_files_to_send (task_t task)
1327 {
1328  iterator_t files;
1329  GSList* filelist = NULL;
1330 
1331  init_task_file_iterator (&files, task, NULL);
1332  while (next (&files))
1333  {
1334  const gchar* file_path = task_file_iterator_name (&files);
1335  filelist = g_slist_append (filelist, g_strdup (file_path));
1336  }
1337  cleanup_iterator (&files);
1338 
1339  return filelist;
1340 }
1341 
1349 static gchar*
1350 nvt_selector_plugins (config_t config)
1351 {
1352  GString *plugins, *setting_nvts;
1353  iterator_t families, nvts;
1354  gboolean first;
1355 
1356  first = TRUE;
1357  plugins = g_string_new ("");
1358  setting_nvts = g_string_new ("");
1359 
1360  init_family_iterator (&families, 0, NULL, 1);
1361  while (next (&families))
1362  {
1363  const char *family = family_iterator_name (&families);
1364  if (family)
1365  {
1366  init_nvt_iterator (&nvts, 0, config, family, NULL, 1, NULL);
1367  while (next (&nvts))
1368  {
1369  if (first)
1370  first = FALSE;
1371  else
1372  g_string_append_c (plugins, ';');
1373  g_string_append (plugins, nvt_iterator_oid (&nvts));
1374  }
1375  cleanup_iterator (&nvts);
1376  }
1377  }
1378  cleanup_iterator (&families);
1379 
1380  /* This is a transitional check because previously all NVTs that were
1381  * matched by the iterator below were added to the scan, regardless of
1382  * whether the NVTs were already selected or not. Primarily this is the
1383  * ACT_SETTINGS NVTs. This behavior was removed because it made minimal
1384  * scan configs execute many NVTs without need and thus impacted the
1385  * performance when scanning large numbers of IPs.
1386  *
1387  * However, this code finds out those NVTs that previously were added
1388  * and now are not anymore.
1389  *
1390  * Some special OIDs are exceptions. Those are the ones that are
1391  * automatically activated in case of Credentials have been provided.
1392  * So no need to report them here as well.
1393  *
1394  * With the release 9.0 of OpenVAS Manager this can be finally removed. */
1395  init_nvt_iterator (&nvts, 0, 0, 0, G_STRINGIFY (ACT_SETTINGS), 1, NULL);
1396  while (next (&nvts))
1397  {
1398  const char *oid_str = nvt_iterator_oid (&nvts);
1399 
1400  if (strstr (plugins->str, oid_str) == NULL
1401  && strstr ("1.3.6.1.4.1.25623.1.0.90022;"
1402  "1.3.6.1.4.1.25623.1.0.90023;"
1403  "1.3.6.1.4.1.25623.1.0.103591;"
1404  "1.3.6.1.4.1.25623.1.0.105058;"
1405  "1.3.6.1.4.1.25623.1.0.105076;",
1406  oid_str)
1407  == NULL)
1408  {
1409  g_string_append (setting_nvts, oid_str);
1410  g_string_append_c (setting_nvts, ';');
1411  }
1412  }
1413  cleanup_iterator (&nvts);
1414  if (strlen (setting_nvts->str))
1415  g_info ("%s: NVTs not explicitly activated anymore for this config: %s."
1416  " Please adjust the config if you think this is wrong.",
1417  __FUNCTION__,
1418  setting_nvts->str);
1419  g_string_free (setting_nvts, TRUE);
1420 
1421  return g_string_free (plugins, FALSE);
1422 }
1423 
1434 static gchar*
1435 preference_value (const char* name, const char* full_value)
1436 {
1437  char *bracket = strchr (name, '[');
1438  if (bracket)
1439  {
1440  if (strncmp (bracket, "[radio]:", strlen ("[radio]:")) == 0)
1441  {
1442  char *semicolon = strchr (full_value, ';');
1443  if (semicolon)
1444  return g_strndup (full_value, semicolon - full_value);
1445  }
1446  }
1447  return g_strdup (full_value);
1448 }
1449 
1460 static int
1461 send_config_preferences (config_t config, const char* section_name,
1462  GSList *task_files, GPtrArray *pref_files)
1463 {
1464  iterator_t prefs;
1465 
1466  init_otp_pref_iterator (&prefs, config, section_name);
1467  while (next (&prefs))
1468  {
1469  const char *pref_name = otp_pref_iterator_name (&prefs);
1470  char *value;
1471 
1472  if (strcmp (pref_name, "port_range") == 0)
1473  continue;
1474 
1475  if (send_to_server (pref_name))
1476  {
1477  cleanup_iterator (&prefs);
1478  return -1;
1479  }
1480 
1481  if (sendn_to_server (" <|> ", 5))
1482  {
1483  cleanup_iterator (&prefs);
1484  return -1;
1485  }
1486 
1487  value = preference_value (pref_name,
1488  otp_pref_iterator_value (&prefs));
1489 
1490  if (pref_files)
1491  {
1492  int type_start = -1, type_end = -1, count;
1493 
1494  /* LDAPsearch[entry]:Timeout value */
1495  count = sscanf (pref_name, "%*[^[][%n%*[^]]%n]:", &type_start,
1496  &type_end);
1497  if (count == 0
1498  && type_start > 0
1499  && type_end > 0
1500  && (strncmp (pref_name + type_start,
1501  "file",
1502  type_end - type_start)
1503  == 0))
1504  {
1505  GSList *head;
1506  char *uuid;
1507 
1508  /* A "file" preference.
1509  *
1510  * If the value of the preference is empty, then send an empty
1511  * value.
1512  *
1513  * If the value of the preference is the name of a task file,
1514  * then just send the preference value, otherwise send a UUID and
1515  * add the value to the list of preference files (pref_files). */
1516 
1517  if (strcmp (value, "") == 0)
1518  {
1519  g_free (value);
1520  if (sendn_to_server ("\n", 1))
1521  {
1522  cleanup_iterator (&prefs);
1523  return -1;
1524  }
1525  continue;
1526  }
1527 
1528  head = task_files;
1529  while (head)
1530  {
1531  if (strcmp (head->data, value) == 0)
1532  break;
1533  head = g_slist_next (head);
1534  }
1535 
1536  if (head == NULL)
1537  {
1538  uuid = openvas_uuid_make ();
1539  if (uuid == NULL)
1540  {
1541  g_free (value);
1542  cleanup_iterator (&prefs);
1543  return -1;
1544  }
1545 
1546  g_ptr_array_add (pref_files, (gpointer) uuid);
1547  g_ptr_array_add (pref_files, (gpointer) value);
1548 
1549  if (send_to_server (uuid))
1550  {
1551  free (uuid);
1552  g_free (value);
1553  cleanup_iterator (&prefs);
1554  return -1;
1555  }
1556 
1557  if (sendn_to_server ("\n", 1))
1558  {
1559  free (uuid);
1560  g_free (value);
1561  cleanup_iterator (&prefs);
1562  return -1;
1563  }
1564 
1565  continue;
1566  }
1567  }
1568  }
1569 
1570  if (send_to_server (value))
1571  {
1572  g_free (value);
1573  cleanup_iterator (&prefs);
1574  return -1;
1575  }
1576  g_free (value);
1577 
1578  if (sendn_to_server ("\n", 1))
1579  {
1580  cleanup_iterator (&prefs);
1581  return -1;
1582  }
1583  }
1584  cleanup_iterator (&prefs);
1585  return 0;
1586 }
1587 
1595 static int
1596 send_task_preferences (task_t task)
1597 {
1598  gchar *value;
1599 
1600  value = task_preference_value (task, "max_checks");
1601  if (sendf_to_server ("max_checks <|> %s\n",
1602  value ? value : MAX_CHECKS_DEFAULT))
1603  {
1604  g_free (value);
1605  return -1;
1606  }
1607  g_free (value);
1608 
1609  value = task_preference_value (task, "max_hosts");
1610  if (sendf_to_server ("max_hosts <|> %s\n",
1611  value ? value : MAX_HOSTS_DEFAULT))
1612  {
1613  g_free (value);
1614  return -1;
1615  }
1616  g_free (value);
1617 
1618  value = task_preference_value (task, "source_iface");
1619  if (value && sendf_to_server ("source_iface <|> %s\n", value))
1620  {
1621  g_free (value);
1622  return -1;
1623  }
1624  g_free (value);
1625 
1626  return 0;
1627 }
1628 
1634 static int
1635 send_ifaces_access_preferences (void)
1636 {
1637  char *ifaces;
1638  int ifaces_allow;
1639 
1640  ifaces = user_ifaces (current_credentials.uuid);
1641  ifaces_allow = user_ifaces_allow (current_credentials.uuid);
1642 
1643  if (ifaces && strlen (ifaces))
1644  {
1645  char *pref;
1646 
1647  if (ifaces_allow == 1)
1648  pref = "ifaces_allow";
1649  else if (ifaces_allow == 0)
1650  pref = "ifaces_deny";
1651  else
1652  {
1653  g_free (ifaces);
1654  return 0;
1655  }
1656 
1657  if (sendf_to_server ("%s <|> %s\n", pref, ifaces))
1658  {
1659  g_free (ifaces);
1660  return -1;
1661  }
1662  }
1663  g_free (ifaces);
1664  return 0;
1665 }
1666 
1672 static int
1673 send_hosts_access_preferences (void)
1674 {
1675  char *hosts;
1676  int hosts_allow;
1677 
1678  hosts = user_hosts (current_credentials.uuid);
1679  hosts_allow = user_hosts_allow (current_credentials.uuid);
1680 
1681  if (hosts && strlen (hosts))
1682  {
1683  char *pref;
1684 
1685  if (hosts_allow == 1)
1686  pref = "hosts_allow";
1687  else if (hosts_allow == 0)
1688  pref = "hosts_deny";
1689  else
1690  {
1691  g_free (hosts);
1692  return 0;
1693  }
1694 
1695  if (sendf_to_server ("%s <|> %s\n", pref, hosts))
1696  {
1697  g_free (hosts);
1698  return -1;
1699  }
1700  }
1701  g_free (hosts);
1702  return 0;
1703 }
1704 
1710 static char *
1711 finished_hosts_str (report_t stopped_report)
1712 {
1713  iterator_t hosts;
1714  char *str = NULL;
1715 
1716  if (stopped_report == 0)
1717  return NULL;
1718  init_report_host_iterator (&hosts, stopped_report, NULL, 0);
1719  while (next (&hosts))
1720  {
1721  const char *end_time = host_iterator_end_time (&hosts);
1722 
1723  if (end_time && strlen (end_time))
1724  {
1725  char *new_str = str ?
1726  g_strdup_printf ("%s, %s", str,
1727  host_iterator_host (&hosts))
1728  : g_strdup_printf ("%s",
1729  host_iterator_host (&hosts));
1730  g_free (str);
1731  str = new_str;
1732  }
1733  }
1734  return str;
1735 }
1736 
1746 static int
1747 send_scanner_preferences (task_t task, target_t target, report_t stopped_report)
1748 {
1749  char *hosts_ordering, *exclude_hosts, *reverse_lookup_only;
1750  char *reverse_lookup_unify;
1751 
1752  /* Send ifaces_allow / ifaces_deny preferences. */
1753  if (send_ifaces_access_preferences ())
1754  return -1;
1755 
1756  /* Send hosts_allow / hosts_deny preferences. */
1757  if (send_hosts_access_preferences ())
1758  return -1;
1759 
1760  /* Send hosts_ordering preference. */
1761  hosts_ordering = task_hosts_ordering (task);
1762  if (hosts_ordering)
1763  {
1764  if (sendf_to_server ("hosts_ordering <|> %s\n", hosts_ordering))
1765  {
1766  free (hosts_ordering);
1767  return -1;
1768  }
1769  free (hosts_ordering);
1770  }
1771 
1772  /* Send exclude_hosts preference. */
1773  exclude_hosts = target_exclude_hosts (target);
1774  if (exclude_hosts)
1775  {
1776  char *finished, *str;
1777 
1778  finished = finished_hosts_str (stopped_report);
1779  if (finished)
1780  {
1781  str = g_strdup_printf ("%s, %s", exclude_hosts, finished);
1782  g_free (exclude_hosts);
1783  g_free (finished);
1784  exclude_hosts = str;
1785  }
1786  }
1787  else
1788  exclude_hosts = finished_hosts_str (stopped_report);
1789 
1790  if (exclude_hosts)
1791  {
1792  if (sendf_to_server ("exclude_hosts <|> %s\n", exclude_hosts))
1793  {
1794  free (exclude_hosts);
1795  return -1;
1796  }
1797  free (exclude_hosts);
1798  }
1799 
1800  /* Send reverse_lookup_only preference. */
1801  reverse_lookup_only = target_reverse_lookup_only (target);
1802  if (reverse_lookup_only == NULL || strcmp (reverse_lookup_only, "0") == 0)
1803  reverse_lookup_only = "no";
1804  else
1805  reverse_lookup_only = "yes";
1806  if (sendf_to_server ("reverse_lookup_only <|> %s\n", reverse_lookup_only))
1807  return -1;
1808 
1809  /* Send reverse_lookup_unify preference. */
1810  reverse_lookup_unify = target_reverse_lookup_unify (target);
1811  if (reverse_lookup_unify == NULL || strcmp (reverse_lookup_unify, "0") == 0)
1812  reverse_lookup_unify = "no";
1813  else
1814  reverse_lookup_unify = "yes";
1815  if (sendf_to_server ("reverse_lookup_unify <|> %s\n", reverse_lookup_unify))
1816  return -1;
1817 
1818  return 0;
1819 }
1820 
1829 static int
1830 send_file (const char* name, const char* content)
1831 {
1832  size_t content_len = strlen (content);
1833 
1834  if (sendf_to_server ("CLIENT <|> ATTACHED_FILE\n"
1835  "name: %s\n"
1836  "content: octet/stream\n"
1837  "bytes: %i\n",
1838  name,
1839  content_len))
1840  return -1;
1841 
1842  if (sendn_to_server (content, content_len))
1843  return -1;
1844 
1845  return 0;
1846 }
1847 
1856 static int
1857 send_task_file (task_t task, const char* file)
1858 {
1859  iterator_t files;
1860 
1861  init_task_file_iterator (&files, task, file);
1862  while (next (&files))
1863  {
1864  gsize content_len;
1865  guchar *content;
1866  const char *content_64 = task_file_iterator_content (&files);
1867 
1868  content = g_base64_decode (content_64, &content_len);
1869 
1870  if (sendf_to_server ("CLIENT <|> ATTACHED_FILE\n"
1871  "name: %s\n"
1872  "content: octet/stream\n"
1873  "bytes: %i\n",
1874  file,
1875  content_len))
1876  {
1877  g_free (content);
1878  cleanup_iterator (&files);
1879  return -1;
1880  }
1881 
1882  if (sendn_to_server (content, content_len))
1883  {
1884  g_free (content);
1885  cleanup_iterator (&files);
1886  return -1;
1887  }
1888  g_free (content);
1889  }
1890  cleanup_iterator (&files);
1891  return 0;
1892 }
1893 
1901 static int
1902 send_alive_test_preferences (target_t target)
1903 {
1904  alive_test_t alive_test;
1905 
1906  alive_test = target_alive_tests (target);
1907 
1908  if (alive_test == 0)
1909  return 0;
1910 
1911  if (sendf_to_server ("Ping Host[checkbox]:Do a TCP ping <|> %s\n",
1912  alive_test & ALIVE_TEST_TCP_ACK_SERVICE
1913  || alive_test & ALIVE_TEST_TCP_SYN_SERVICE
1914  ? "yes"
1915  : "no"))
1916  return -1;
1917 
1918  if (sendf_to_server ("Ping Host[checkbox]:TCP ping tries also TCP-SYN ping"
1919  " <|> %s\n",
1920  (alive_test & ALIVE_TEST_TCP_SYN_SERVICE)
1921  ? "yes"
1922  : "no"))
1923  return -1;
1924 
1925  if (sendf_to_server ("Ping Host[checkbox]:Do an ICMP ping <|> %s\n",
1926  (alive_test & ALIVE_TEST_ICMP)
1927  ? "yes"
1928  : "no"))
1929  return -1;
1930 
1931  if (sendf_to_server ("Ping Host[checkbox]:Use ARP <|> %s\n",
1932  (alive_test & ALIVE_TEST_ARP)
1933  ? "yes"
1934  : "no"))
1935  return -1;
1936 
1937  if (sendf_to_server ("Ping Host[checkbox]:"
1938  "Mark unrechable Hosts as dead (not scanning) <|> %s\n",
1939  (alive_test & ALIVE_TEST_CONSIDER_ALIVE)
1940  ? "no"
1941  : "yes"))
1942  return -1;
1943 
1944  if (alive_test == ALIVE_TEST_CONSIDER_ALIVE)
1945  {
1946  /* Also select a method, otherwise Ping Host logs a warning. */
1947  if (sendf_to_server ("Ping Host[checkbox]:Do a TCP ping <|> yes\n"))
1948  return -1;
1949  }
1950 
1951  return 0;
1952 }
1953 
1956 
1957 /* Slave tasks. */
1958 
1959 /* Defined in omp.c. */
1960 void buffer_config_preference_xml (GString *, iterator_t *, config_t, int);
1961 
1965 #define RUN_SLAVE_TASK_SLEEP_SECONDS 25
1966 
1971 
1976 
1981 
1986 
1990 gchar *slave_target_uuid = NULL;
1991 
1995 gchar *slave_port_list_uuid = NULL;
1996 
2000 gchar *slave_config_uuid = NULL;
2001 
2005 gchar *slave_task_uuid = NULL;
2006 
2010 gchar *slave_report_uuid = NULL;
2011 
2015 openvas_connection_t *slave_connection = NULL;
2016 
2024 int
2025 update_slave_progress (entity_t get_tasks)
2026 {
2027  entity_t entity;
2028 
2029  entity = entity_child (get_tasks, "task");
2030  if (entity == NULL)
2031  return -1;
2032  entity = entity_child (entity, "progress");
2033  if (entity == NULL)
2034  return -1;
2035 
2036  if (current_report == 0)
2037  return -1;
2038 
2040  atoi (entity_text (entity)));
2041 
2042  return 0;
2043 }
2044 
2052 static int
2053 connection_authenticate (openvas_connection_t *connection)
2054 {
2055  omp_authenticate_info_opts_t auth_opts;
2056 
2057  auth_opts = omp_authenticate_info_opts_defaults;
2058  auth_opts.username = connection->username;
2059  auth_opts.password = connection->password;
2060  if (omp_authenticate_info_ext_c (connection, auth_opts))
2061  return -1;
2062  return 0;
2063 }
2064 
2073 int
2074 slave_authenticate (gnutls_session_t *session, scanner_t slave)
2075 {
2076  int ret;
2077  gchar *login, *password;
2078 
2079  login = scanner_login (slave);
2080  if (login == NULL)
2081  return -1;
2082 
2083  password = scanner_password (slave);
2084  if (password == NULL)
2085  {
2086  g_free (login);
2087  return -1;
2088  }
2089 
2090  ret = omp_authenticate (session, login, password);
2091  g_free (login);
2092  g_free (password);
2093  if (ret)
2094  return -1;
2095  return 0;
2096 }
2097 
2105 static int
2106 slave_connect (openvas_connection_t *connection)
2107 {
2108  char *ca_cert;
2109 
2110  connection->tls = 1;
2111  if (connection->ca_cert == NULL)
2112  ca_cert = manage_default_ca_cert ();
2113  else
2114  ca_cert = NULL;
2115  connection->socket = openvas_server_open_verify
2116  (&connection->session,
2117  connection->host_string,
2118  connection->port,
2119  ca_cert ? ca_cert : connection->ca_cert,
2120  connection->pub_key,
2121  connection->priv_key,
2122  1);
2123  if (connection->socket == -1)
2124  {
2125  g_warning ("%s: failed to open connection to %s on %i",
2126  __FUNCTION__,
2127  connection->host_string,
2128  connection->port);
2129  return -1;
2130  }
2131 
2132  {
2133  int optval;
2134  optval = 1;
2135  if (setsockopt (connection->socket,
2136  SOL_SOCKET, SO_KEEPALIVE,
2137  &optval, sizeof (int)))
2138  {
2139  g_warning ("%s: failed to set SO_KEEPALIVE on slave socket: %s\n",
2140  __FUNCTION__,
2141  strerror (errno));
2142  openvas_connection_close (connection);
2143  return -1;
2144  }
2145  }
2146 
2147  g_debug (" %s: connected\n", __FUNCTION__);
2148 
2149  /* Authenticate using the slave login. */
2150 
2151  if (connection_authenticate (connection))
2152  {
2153  openvas_connection_close (connection);
2154  return 1;
2155  }
2156 
2157  g_debug (" %s: authenticated\n", __FUNCTION__);
2158 
2159  return 0;
2160 }
2161 
2170 static int
2171 slave_sleep_connect (openvas_connection_t *connection, task_t task)
2172 {
2173  do
2174  {
2177  {
2179  g_debug (" %s: task stopped for giveup\n", __FUNCTION__);
2180  else
2181  g_debug (" %s: task stopped\n", __FUNCTION__);
2183  return 3;
2184  }
2185  g_debug (" %s: sleeping for %i\n", __FUNCTION__,
2188  }
2189  while (slave_connect (connection));
2190  g_debug (" %s: connected\n", __FUNCTION__);
2191  return 0;
2192 }
2193 
2201 int
2202 update_end_times (entity_t report)
2203 {
2204  entity_t end;
2205  entities_t entities;
2206 
2207  /* Set the scan end time. */
2208 
2209  entities = report->entities;
2210  while ((end = first_entity (entities)))
2211  {
2212  if (strcmp (entity_name (end), "scan_end") == 0)
2213  {
2214  char *text;
2215  text = entity_text (end);
2216  while (*text && isspace (*text)) text++;
2217  if (*text == '\0')
2218  break;
2220  g_strdup (entity_text (end)));
2221  set_scan_end_time (current_report, entity_text (end));
2222  break;
2223  }
2224  entities = next_entities (entities);
2225  }
2226 
2227  /* Add host details and set the host end times. */
2228 
2229  entities = report->entities;
2230  while ((end = first_entity (entities)))
2231  {
2232  if (strcmp (entity_name (end), "host_end") == 0)
2233  {
2234  entity_t host;
2235  char *text;
2236 
2237  /* Set the end time this way first, in case the slave is
2238  * very old. */
2239 
2240  host = entity_child (end, "host");
2241  if (host == NULL)
2242  return -1;
2243 
2244  text = entity_text (end);
2245  while (*text && isspace (*text)) text++;
2246  if (*text != '\0')
2248  entity_text (host),
2249  entity_text (end));
2250  }
2251 
2252  if (strcmp (entity_name (end), "host") == 0)
2253  {
2254  entity_t ip, time;
2255  char *text;
2256 
2257  ip = entity_child (end, "ip");
2258  if (ip == NULL)
2259  return -1;
2260 
2261  time = entity_child (end, "end");
2262  if (time == NULL)
2263  return -1;
2264 
2265  text = entity_text (time);
2266  while (*text && isspace (*text)) text++;
2267  if ((*text != '\0')
2268  && (scan_host_end_time (current_report, entity_text (ip)) == 0))
2269  {
2271  entity_text (ip),
2272  entity_text (time));
2274  entity_text (ip),
2275  end))
2276  return -1;
2277  }
2278  }
2279 
2280  entities = next_entities (entities);
2281  }
2282 
2283  return 0;
2284 }
2285 
2289 static void
2290 cleanup_slave ()
2291 {
2292  if (slave_connection)
2293  {
2294  if (slave_task_uuid)
2295  omp_stop_task (&slave_connection->session, slave_task_uuid);
2296  openvas_connection_close (slave_connection);
2297  }
2298 }
2299 
2307 static gchar *
2308 get_tasks_last_report (entity_t get_tasks)
2309 {
2310  entity_t task;
2311  task = entity_child (get_tasks, "task");
2312  if (task)
2313  {
2314  entity_t current_report;
2315  current_report = entity_child (task, "current_report");
2316  if (current_report)
2317  {
2318  entity_t report;
2319  report = entity_child (current_report, "report");
2320  if (report && entity_attribute (report, "id"))
2321  return g_strdup (entity_attribute (report, "id"));
2322  }
2323  else
2324  {
2325  entity_t last_report;
2326  last_report = entity_child (task, "last_report");
2327  if (last_report)
2328  {
2329  entity_t report;
2330  report = entity_child (last_report, "report");
2331  if (report && entity_attribute (report, "id"))
2332  return g_strdup (entity_attribute (report, "id"));
2333  }
2334  }
2335  }
2336  return NULL;
2337 }
2338 
2355 static int
2356 setup_ids (openvas_connection_t *connection, task_t task,
2357  entity_t get_tasks, gchar **slave_config_uuid,
2358  gchar **slave_target_uuid, gchar **slave_port_list_uuid,
2362 {
2363  entity_t get_tasks_task;
2364 
2365  assert (slave_config_uuid);
2366  assert (slave_target_uuid);
2367  assert (slave_port_list_uuid);
2368  assert (slave_ssh_credential_uuid);
2369  assert (slave_smb_credential_uuid);
2370  assert (slave_esxi_credential_uuid);
2371  assert (slave_snmp_credential_uuid);
2372 
2373  get_tasks_task = entity_child (get_tasks, "task");
2374  if (get_tasks_task)
2375  {
2376  entity_t entity;
2377 
2378  entity = entity_child (get_tasks_task, "config");
2379  if (entity && entity_attribute (entity, "id"))
2380  *slave_config_uuid = g_strdup (entity_attribute (entity, "id"));
2381 
2382  entity = entity_child (get_tasks_task, "target");
2383  if (entity && entity_attribute (entity, "id"))
2384  *slave_target_uuid = g_strdup (entity_attribute (entity, "id"));
2385 
2386  if (*slave_target_uuid)
2387  {
2388  entity_t get_targets;
2389  int ret;
2390 
2391  while ((ret = omp_get_targets (&connection->session,
2392  *slave_target_uuid, 0, 0,
2393  &get_targets)))
2394  {
2395  if (ret == 404)
2396  {
2397  /* Target missing. */
2398  break;
2399  }
2400  else if (ret)
2401  {
2402  openvas_connection_close (connection);
2403  ret = slave_sleep_connect (connection, task);
2404  if (ret == 3)
2405  return 1;
2406  }
2407  }
2408  if (ret == 0)
2409  {
2410  entity_t target;
2411  target = entity_child (get_targets, "target");
2412  if (target)
2413  {
2414  entity = entity_child (target, "port_list");
2415  if (entity && entity_attribute (entity, "id"))
2416  *slave_port_list_uuid = g_strdup (entity_attribute
2417  (entity, "id"));
2418 
2419  entity = entity_child (target, "ssh_credential");
2420  if (entity && entity_attribute (entity, "id"))
2421  *slave_ssh_credential_uuid = g_strdup (entity_attribute
2422  (entity, "id"));
2423 
2424  entity = entity_child (target, "smb_credential");
2425  if (entity && entity_attribute (entity, "id"))
2426  *slave_smb_credential_uuid = g_strdup (entity_attribute
2427  (entity, "id"));
2428 
2429  entity = entity_child (target, "esxi_credential");
2430  if (entity && entity_attribute (entity, "id"))
2431  *slave_esxi_credential_uuid = g_strdup (entity_attribute
2432  (entity, "id"));
2433 
2434  entity = entity_child (target, "snmp_credential");
2435  if (entity && entity_attribute (entity, "id"))
2436  *slave_snmp_credential_uuid = g_strdup (entity_attribute
2437  (entity, "id"));
2438  }
2439  free_entity (get_targets);
2440  }
2441  }
2442  }
2443  return 0;
2444 }
2445 
2461 static int
2462 slave_setup (openvas_connection_t *connection, const char *name, task_t task,
2466  credential_t target_snmp_credential,
2467  report_t last_stopped_report)
2468 {
2469  const int ret_giveup = 3;
2470  int ret, ret_fail, next_result;
2471  iterator_t credentials, targets;
2472  omp_delete_opts_t del_opts;
2473 
2474  ret_fail = 1;
2475  del_opts = omp_delete_opts_ultimate_defaults;
2476  slave_connection = connection;
2477 
2478  /* Register a cleanup callback to stop the slave task if the process is
2479  * killed, for example by a reboot. On restart Manager will set the task
2480  * status to Stopped, which will match the slave. */
2481  if (atexit (&cleanup_slave))
2482  {
2483  g_critical ("%s: failed to register `atexit' slave_cleanup function\n",
2484  __FUNCTION__);
2485  goto fail;
2486  }
2487 
2488  if (last_stopped_report)
2489  {
2490  /* Resume the task on the slave. */
2491 
2492  slave_task_uuid = report_slave_task_uuid (last_stopped_report);
2493  if (slave_task_uuid == NULL)
2494  {
2495  /* This may happen if someone sets a slave on a local task. Clear
2496  * all the report results and start the task from the beginning. */
2497  trim_report (last_stopped_report);
2498  last_stopped_report = 0;
2499  }
2500  else
2501  {
2502  int ret;
2503  entity_t get_tasks;
2504  const char *status;
2505 
2506  /* Check if the task is running or complete on the slave. */
2507 
2508  while ((ret = omp_get_tasks (&connection->session, slave_task_uuid,
2509  0, 0, &get_tasks)))
2510  {
2511  if (ret == 404)
2512  {
2513  /* Task missing. Perhaps someone removed the task on the slave.
2514  * Clear all the report results and start the task from the
2515  * beginning. */
2516  trim_report (last_stopped_report);
2517  last_stopped_report = 0;
2518  break;
2519  }
2520  else if (ret)
2521  {
2522  openvas_connection_close (connection);
2523  ret = slave_sleep_connect (connection, task);
2524  if (ret == 3)
2525  goto giveup;
2526  }
2527  }
2528 
2529  if (ret == 0)
2530  {
2531  status = omp_task_status (get_tasks);
2532  if (status == NULL)
2533  {
2534  /* An error somewhere. Clear all the report results and
2535  * start the task from the beginning. */
2536  trim_report (last_stopped_report);
2537  last_stopped_report = 0;
2538  }
2539  else if ((strcmp (status, "Running") == 0)
2540  || (strcmp (status, "Done") == 0))
2541  {
2542  /* Task on slave is Running or Done, continue using it as
2543  * is. */
2544 
2545  slave_report_uuid = get_tasks_last_report (get_tasks);
2546  if (slave_report_uuid == NULL)
2547  {
2548  g_warning ("%s: slave report %s missing UUID\n", __FUNCTION__,
2549  slave_task_uuid);
2550  goto fail;
2551  }
2552 
2553  setup_ids (connection, task,
2554  get_tasks, &slave_config_uuid, &slave_target_uuid,
2560  }
2561  else
2562  {
2563  /* Task is there, try resume it. */
2564  switch (omp_resume_task_report (&connection->session,
2567  {
2568  case 0:
2569  if (slave_report_uuid == NULL)
2570  goto fail;
2571  setup_ids (connection, task,
2572  get_tasks, &slave_config_uuid,
2580  break;
2581  case 1:
2582  /* The resume may have failed because the task slave changed or
2583  * because someone removed the task on the slave. Clear all the
2584  * report results and start the task from the beginning.
2585  *
2586  * This and the if above both "leak" the resources on the slave,
2587  * because on the report these resources are replaced with the new
2588  * resources. */
2589  trim_report (last_stopped_report);
2590  last_stopped_report = 0;
2591  break;
2592  default:
2593  free (slave_task_uuid);
2594  goto fail;
2595  }
2596  }
2597  }
2598  }
2599  }
2600 
2601  if (last_stopped_report == 0)
2602  {
2603  /* Create the target credentials on the slave. */
2604 
2606  {
2607  init_credential_iterator_one (&credentials,
2609  if (next (&credentials))
2610  {
2611  const char *user, *password, *private_key;
2612  gchar *user_copy, *password_copy, *private_key_copy;
2613  omp_create_lsc_credential_opts_t opts;
2614 
2615  user = credential_iterator_login (&credentials);
2616  password = credential_iterator_password (&credentials);
2617  private_key = credential_iterator_private_key (&credentials);
2618 
2619  if (user == NULL
2620  || (private_key == NULL && password == NULL))
2621  {
2622  cleanup_iterator (&credentials);
2623  goto fail;
2624  }
2625 
2626  user_copy = g_strdup (user);
2627  password_copy = g_strdup (password);
2628 
2629  opts = omp_create_lsc_credential_opts_defaults;
2630  opts.name = name;
2631  opts.login = user_copy;
2632  opts.passphrase = password_copy;
2633  if (private_key)
2634  {
2635  private_key_copy = g_strdup (private_key);
2636  opts.private_key = private_key_copy;
2637  }
2638  else
2639  private_key_copy = NULL;
2640  opts.comment = "Slave SSH credential created by Master";
2641 
2642  cleanup_iterator (&credentials);
2643 
2644  ret = omp_create_lsc_credential_ext (&connection->session, opts,
2646  g_free (user_copy);
2647  g_free (password_copy);
2648  g_free (private_key_copy);
2649 
2650  if (ret)
2651  {
2652  g_warning ("Could not create slave SSH credential"
2653  " (status %d)."
2654  " Continuing without credential.",
2655  ret);
2657  }
2658  }
2659  }
2660 
2662  {
2663  init_credential_iterator_one (&credentials,
2665  if (next (&credentials))
2666  {
2667  const char *user, *password;
2668  gchar *user_copy, *password_copy, *smb_name;
2669  omp_create_lsc_credential_opts_t opts;
2670 
2671  user = credential_iterator_login (&credentials);
2672  password = credential_iterator_password (&credentials);
2673 
2674  if (user == NULL || password == NULL)
2675  {
2676  cleanup_iterator (&credentials);
2677  goto fail_ssh_credential;
2678  }
2679 
2680  user_copy = g_strdup (user);
2681  password_copy = g_strdup (password);
2682 
2683  opts = omp_create_lsc_credential_opts_defaults;
2684  smb_name = g_strdup_printf ("%ssmb", name);
2685  opts.name = smb_name;
2686  opts.login = user_copy;
2687  opts.passphrase = password_copy;
2688  opts.comment = "Slave SMB credential created by Master";
2689 
2690  cleanup_iterator (&credentials);
2691 
2692  ret = omp_create_lsc_credential_ext (&connection->session, opts,
2694  g_free (smb_name);
2695  g_free (user_copy);
2696  g_free (password_copy);
2697  if (ret)
2698  {
2699  g_warning ("Could not create slave SMB credential"
2700  " (status %d)."
2701  " Continuing without credential.",
2702  ret);
2704  }
2705  }
2706  }
2707 
2709  {
2710  init_credential_iterator_one (&credentials,
2712  if (next (&credentials))
2713  {
2714  const char *user, *password;
2715  gchar *user_copy, *password_copy, *esxi_name;
2716  omp_create_lsc_credential_opts_t opts;
2717 
2718  user = credential_iterator_login (&credentials);
2719  password = credential_iterator_password (&credentials);
2720 
2721  if (user == NULL || password == NULL)
2722  {
2723  cleanup_iterator (&credentials);
2724  goto fail_smb_credential;
2725  }
2726 
2727  user_copy = g_strdup (user);
2728  password_copy = g_strdup (password);
2729 
2730  opts = omp_create_lsc_credential_opts_defaults;
2731  esxi_name = g_strdup_printf ("%sesxi", name);
2732  opts.name = esxi_name;
2733  opts.login = user_copy;
2734  opts.passphrase = password_copy;
2735  opts.comment = "Slave ESXi credential created by Master";
2736 
2737  cleanup_iterator (&credentials);
2738 
2739  ret = omp_create_lsc_credential_ext (&connection->session, opts,
2741  g_free (esxi_name);
2742  g_free (user_copy);
2743  g_free (password_copy);
2744  if (ret)
2745  {
2746  g_warning ("Could not create slave ESXi credential"
2747  " (status %d)."
2748  " Continuing without credential.",
2749  ret);
2751  }
2752  }
2753  }
2754 
2755  if (target_snmp_credential)
2756  {
2757  init_credential_iterator_one (&credentials,
2758  target_snmp_credential);
2759  if (next (&credentials))
2760  {
2761  const char *community, *user, *password, *auth_algorithm;
2762  const char *privacy_password, *privacy_algorithm;
2763  gchar *community_copy, *user_copy, *password_copy;
2764  gchar *auth_algorithm_copy, *privacy_password_copy;
2765  gchar *privacy_algorithm_copy, *snmp_name;
2766  omp_create_lsc_credential_opts_t opts;
2767 
2768  community = credential_iterator_community (&credentials);
2769  user = credential_iterator_login (&credentials);
2770  password = credential_iterator_password (&credentials);
2771  auth_algorithm
2772  = credential_iterator_auth_algorithm (&credentials);
2773  privacy_password
2774  = credential_iterator_privacy_password (&credentials);
2775  privacy_algorithm
2776  = credential_iterator_privacy_algorithm (&credentials);
2777 
2778  if (community == NULL || user == NULL || password == NULL
2779  || auth_algorithm == NULL || privacy_password == NULL
2780  || privacy_algorithm == NULL)
2781  {
2782  cleanup_iterator (&credentials);
2783  goto fail_esxi_credential;
2784  }
2785 
2786  community_copy = g_strdup (community);
2787  user_copy = g_strdup (user);
2788  password_copy = g_strdup (password);
2789  auth_algorithm_copy = g_strdup (auth_algorithm);
2790  privacy_password_copy = g_strdup (privacy_password);
2791  privacy_algorithm_copy = g_strdup (privacy_algorithm);
2792 
2793  opts = omp_create_lsc_credential_opts_defaults;
2794  snmp_name = g_strdup_printf ("%ssnmp", name);
2795  opts.name = snmp_name;
2796  opts.community = community_copy;
2797  opts.login = user_copy;
2798  opts.passphrase = password_copy;
2799  opts.auth_algorithm = auth_algorithm_copy;
2800  opts.privacy_password = privacy_password_copy;
2801  opts.privacy_algorithm = privacy_algorithm_copy;
2802  opts.comment = "Slave SNMP credential created by Master";
2803 
2804  cleanup_iterator (&credentials);
2805 
2806  ret = omp_create_lsc_credential_ext (&connection->session, opts,
2808  g_free (snmp_name);
2809  g_free (community_copy);
2810  g_free (user_copy);
2811  g_free (password_copy);
2812  g_free (auth_algorithm_copy);
2813  g_free (privacy_password_copy);
2814  g_free (privacy_algorithm_copy);
2815  if (ret)
2816  {
2817  g_warning ("Could not create slave SNMP credential"
2818  " (status %d)."
2819  " Continuing without credential.",
2820  ret);
2822  }
2823  }
2824  }
2825 
2826  g_debug (" %s: slave SSH credential uuid: %s\n", __FUNCTION__,
2828 
2829  g_debug (" %s: slave SMB credential uuid: %s\n", __FUNCTION__,
2831 
2832  g_debug (" %s: slave ESXi credential uuid: %s\n", __FUNCTION__,
2834 
2835  g_debug (" %s: slave SNMP credential uuid: %s\n", __FUNCTION__,
2837 
2838  /* Create the target on the slave. */
2839 
2840  init_target_iterator_one (&targets, target);
2841  if (next (&targets))
2842  {
2843  const char *hosts, *port, *exclude_hosts, *alive_tests;
2844  const char *reverse_lookup_only, *reverse_lookup_unify;
2845  const char *port_list_uuid;
2846  gchar *hosts_copy, *exclude_hosts_copy;
2847  gchar *alive_tests_copy, *port_range;
2848  omp_create_target_opts_t opts;
2849  int ssh_port;
2850  entity_t get_targets, child;
2851 
2852  hosts = target_iterator_hosts (&targets);
2853  exclude_hosts = target_iterator_exclude_hosts (&targets);
2854  alive_tests = target_iterator_alive_tests (&targets);
2855  reverse_lookup_only
2857  reverse_lookup_unify
2859  if (hosts == NULL)
2860  {
2861  cleanup_iterator (&targets);
2862  goto fail_snmp_credential;
2863  }
2864 
2865  port = target_iterator_ssh_port (&targets);
2866  if (port == NULL)
2867  ssh_port = 0;
2868  else
2869  ssh_port = atoi (port);
2870 
2871  hosts_copy = g_strdup (hosts);
2872  exclude_hosts_copy = g_strdup (exclude_hosts);
2873  alive_tests_copy = g_strdup (alive_tests);
2874  port_range = target_port_range (get_iterator_resource (&targets));
2875  cleanup_iterator (&targets);
2876 
2877  opts = omp_create_target_opts_defaults;
2878  opts.hosts = hosts_copy;
2879  opts.exclude_hosts = exclude_hosts_copy;
2880  opts.alive_tests = alive_tests_copy;
2881  opts.ssh_credential_id = slave_ssh_credential_uuid;
2882  opts.ssh_credential_port = ssh_port;
2883  opts.smb_credential_id = slave_smb_credential_uuid;
2884  opts.esxi_credential_id = slave_esxi_credential_uuid;
2885  opts.snmp_credential_id = slave_snmp_credential_uuid;
2886  opts.port_range = port_range;
2887  opts.name = name;
2888  opts.comment = "Slave target created by Master";
2889  opts.reverse_lookup_only
2890  = reverse_lookup_only ? atoi (reverse_lookup_only) : 0;
2891  opts.reverse_lookup_unify
2892  = reverse_lookup_unify ? atoi (reverse_lookup_unify) : 0;
2893 
2894  ret = omp_create_target_ext (&connection->session, opts,
2896  g_free (hosts_copy);
2897  g_free (exclude_hosts_copy);
2898  g_free (alive_tests_copy);
2899  g_free (port_range);
2900  if (ret == -2)
2901  goto fail_snmp_credential;
2902  if (ret)
2903  {
2905  ret_fail = ret_giveup;
2906  goto fail_snmp_credential;
2907  }
2908 
2909  if (omp_get_targets (&connection->session, slave_target_uuid, 0, 0,
2910  &get_targets))
2911  goto fail_target;
2912  child = entity_child (get_targets, "target");
2913  if (child == NULL)
2914  {
2915  free_entity (get_targets);
2916  goto fail_target;
2917  }
2918  child = entity_child (child, "port_list");
2919  if (child == NULL)
2920  {
2921  free_entity (get_targets);
2922  goto fail_target;
2923  }
2924  port_list_uuid = entity_attribute (child, "id");
2925  if (port_list_uuid == NULL)
2926  {
2927  free_entity (get_targets);
2928  goto fail_target;
2929  }
2930  slave_port_list_uuid = g_strdup (port_list_uuid);
2931  free_entity (get_targets);
2932  }
2933  else
2934  {
2935  cleanup_iterator (&targets);
2936  goto fail_esxi_credential;
2937  }
2938 
2939  g_debug (" %s: slave target uuid: %s\n", __FUNCTION__, slave_target_uuid);
2940 
2941  /* Create the config on the slave. */
2942 
2943  {
2944  config_t config;
2945  iterator_t prefs, selectors;
2946 
2947  /* This must follow the GET_CONFIGS_RESPONSE export case. */
2948 
2949  config = task_config (task);
2950  if (config == 0)
2951  goto fail_target;
2952 
2953  if (openvas_server_sendf (&connection->session,
2954  "<create_config>"
2955  "<get_configs_response"
2956  " status=\"200\""
2957  " status_text=\"OK\">"
2958  "<config id=\"XXX\">"
2959  "<type>0</type>"
2960  "<name>%s</name>"
2961  "<comment>"
2962  "Slave config created by Master"
2963  "</comment>"
2964  "<preferences>",
2965  name))
2966  goto fail_target;
2967 
2968  /* Send NVT timeout preferences where a timeout has been
2969  * specified. */
2970  init_config_timeout_iterator (&prefs, config);
2971  while (next (&prefs))
2972  {
2973  const char *timeout;
2974 
2975  timeout = config_timeout_iterator_value (&prefs);
2976 
2977  if (timeout && strlen (timeout)
2978  && openvas_server_sendf (&connection->session,
2979  "<preference>"
2980  "<nvt oid=\"%s\">"
2981  "<name>%s</name>"
2982  "</nvt>"
2983  "<name>Timeout</name>"
2984  "<type>entry</type>"
2985  "<value>%s</value>"
2986  "</preference>",
2987  config_timeout_iterator_oid (&prefs),
2989  timeout))
2990  {
2991  cleanup_iterator (&prefs);
2992  goto fail_target;
2993  }
2994  }
2995  cleanup_iterator (&prefs);
2996 
2997  init_nvt_preference_iterator (&prefs, NULL);
2998  while (next (&prefs))
2999  {
3000  GString *buffer = g_string_new ("");
3001  buffer_config_preference_xml (buffer, &prefs, config, 0);
3002  if (openvas_server_sendf (&connection->session, "%s", buffer->str))
3003  {
3004  cleanup_iterator (&prefs);
3005  goto fail_target;
3006  }
3007  g_string_free (buffer, TRUE);
3008  }
3009  cleanup_iterator (&prefs);
3010 
3011  if (openvas_server_sendf (&connection->session,
3012  "</preferences>"
3013  "<nvt_selectors>"))
3014  {
3015  cleanup_iterator (&prefs);
3016  goto fail_target;
3017  }
3018 
3019  init_nvt_selector_iterator (&selectors,
3020  NULL,
3021  config,
3023  while (next (&selectors))
3024  {
3025  int type = nvt_selector_iterator_type (&selectors);
3026  if (openvas_server_sendf
3027  (&connection->session,
3028  "<nvt_selector>"
3029  "<name>%s</name>"
3030  "<include>%i</include>"
3031  "<type>%i</type>"
3032  "<family_or_nvt>%s</family_or_nvt>"
3033  "</nvt_selector>",
3034  nvt_selector_iterator_name (&selectors),
3035  nvt_selector_iterator_include (&selectors),
3036  type,
3037  (type == NVT_SELECTOR_TYPE_ALL
3038  ? ""
3039  : nvt_selector_iterator_nvt (&selectors))))
3040  goto fail_target;
3041  }
3042  cleanup_iterator (&selectors);
3043 
3044  if (openvas_server_sendf (&connection->session,
3045  "</nvt_selectors>"
3046  "</config>"
3047  "</get_configs_response>"
3048  "</create_config>")
3049  || (omp_read_create_response (&connection->session,
3051  != 201))
3052  goto fail_target;
3053  }
3054 
3055  g_debug (" %s: slave config uuid: %s\n", __FUNCTION__, slave_config_uuid);
3056 
3057  /* Create the task on the slave. */
3058 
3059  {
3060  gchar *max_checks, *max_hosts, *source_iface;
3061  gchar *hosts_ordering, *comment;
3062  omp_create_task_opts_t opts;
3063  char *name_task, *uuid_report, *uuid_task;
3064 
3065  opts = omp_create_task_opts_defaults;
3066  opts.config_id = slave_config_uuid;
3067  opts.target_id = slave_target_uuid;
3068  opts.name = name;
3069  task_uuid (task, &uuid_task);
3070  name_task = task_name (task);
3071  uuid_report = report_uuid (current_report);
3072  comment = g_strdup_printf ("Slave task for master task %s (%s)"
3073  " report %s.",
3074  name_task,
3075  uuid_task,
3076  uuid_report);
3077  opts.comment = comment;
3078  free (uuid_task);
3079  free (name_task);
3080  free (uuid_report);
3081 
3082  max_checks = task_preference_value (task, "max_checks");
3083  max_hosts = task_preference_value (task, "max_hosts");
3084  source_iface = task_preference_value (task, "source_iface");
3085  hosts_ordering = task_hosts_ordering (task);
3086 
3087  opts.alterable = 0;
3088  opts.in_assets = "no";
3089  opts.max_checks = max_checks ? max_checks : MAX_CHECKS_DEFAULT;
3090  opts.max_hosts = max_hosts ? max_hosts : MAX_HOSTS_DEFAULT;
3091  opts.source_iface = source_iface;
3092  opts.hosts_ordering = hosts_ordering;
3093 
3094  opts.alert_ids = NULL;
3095  opts.observers = NULL;
3096  opts.observer_groups = NULL;
3097  opts.scanner_id = NULL;
3098  opts.schedule_id = NULL;
3099  opts.slave_id = NULL;
3100 
3101  ret = omp_create_task_ext (&connection->session, opts, &slave_task_uuid);
3102  g_free (comment);
3103  g_free (max_checks);
3104  g_free (max_hosts);
3105  g_free (source_iface);
3106  g_free (hosts_ordering);
3107  if (ret)
3108  goto fail_config;
3109  }
3110 
3111  /* Start the task on the slave. */
3112 
3113  if (omp_start_task_report (&connection->session, slave_task_uuid,
3115  goto fail_task;
3116  if (slave_report_uuid == NULL)
3117  goto fail_stop_task;
3118 
3120  }
3121 
3122  /* Setup the current task for functions like set_task_run_status. */
3123 
3124  current_scanner_task = task;
3125 
3126  /* Poll the slave until the task is finished. */
3127 
3128  next_result = 1;
3129  while (1)
3130  {
3131  entity_t get_tasks, report, get_report;
3132  const char *status;
3133  task_status_t run_status;
3134  int status_done;
3135 
3136  /* Check if some other process changed the task status. */
3137 
3138  run_status = task_run_status (task);
3139  switch (run_status)
3140  {
3144  switch (omp_stop_task (&connection->session, slave_task_uuid))
3145  {
3146  case 0:
3147  break;
3148  case 404:
3149  if (ret == 404)
3150  {
3151  /* Resource Missing. */
3152  g_warning ("%s: Task missing on slave", __FUNCTION__);
3154  goto giveup;
3155  }
3156  break;
3157  default:
3158  goto fail_stop_task;
3159  }
3160  if (run_status == TASK_STATUS_DELETE_REQUESTED)
3163  else if (run_status == TASK_STATUS_DELETE_ULTIMATE_REQUESTED)
3166  else
3169  break;
3171  g_debug (" %s: task stopped for giveup\n", __FUNCTION__);
3173  goto giveup;
3174  break;
3175  case TASK_STATUS_STOPPED:
3176  assert (0);
3177  goto fail_stop_task;
3178  break;
3181  case TASK_STATUS_DONE:
3182  case TASK_STATUS_NEW:
3183  case TASK_STATUS_REQUESTED:
3184  case TASK_STATUS_RUNNING:
3187  break;
3188  }
3189 
3190  ret = omp_get_tasks (&connection->session, slave_task_uuid, 0, 0,
3191  &get_tasks);
3192  if (ret == 404)
3193  {
3194  /* Resource Missing. */
3195  g_warning ("%s: Task missing on slave", __FUNCTION__);
3197  goto giveup;
3198  }
3199  else if (ret)
3200  {
3201  openvas_connection_close (connection);
3202  ret = slave_sleep_connect (connection, task);
3203  if (ret == 3)
3204  goto giveup;
3205  continue;
3206  }
3207 
3208  status = omp_task_status (get_tasks);
3209  if (status == NULL)
3210  {
3211  g_warning ("%s: Slave task status was NULL", __FUNCTION__);
3213  goto giveup;
3214  }
3215  status_done = (strcmp (status, "Done") == 0);
3216  if ((strcmp (status, "Running") == 0)
3217  || status_done)
3218  {
3219  int ret2 = 0;
3220  omp_get_report_opts_t opts;
3221 
3222  if (run_status == TASK_STATUS_REQUESTED)
3224 
3225  if ((strcmp (status, "Running") == 0)
3226  && update_slave_progress (get_tasks))
3227  {
3228  free_entity (get_tasks);
3229  goto fail_stop_task;
3230  }
3231 
3232  opts = omp_get_report_opts_defaults;
3233  opts.report_id = slave_report_uuid;
3234  opts.format_id = "a994b278-1f62-11e1-96ac-406186ea4fc5";
3235  opts.filter = g_strdup_printf
3236  ("first=%i rows=-1 levels=hmlgd apply_overrides=0"
3237  " min_qod=0 autofp=0 result_hosts_only=%i"
3238  " sort=created",
3239  next_result,
3240  status_done
3241  /* Request all the hosts to get their end times. */
3242  ? 0
3243  : 1);
3244 
3245  ret = omp_get_report_ext (&connection->session, opts, &get_report);
3246  if (ret)
3247  {
3248  opts.format_id = "d5da9f67-8551-4e51-807b-b6a873d70e34";
3249  ret2 = omp_get_report_ext (&connection->session, opts,
3250  &get_report);
3251  }
3252  g_free (opts.filter);
3253  if ((ret == 404) && (ret2 == 404))
3254  {
3255  /* Resource Missing. */
3256  g_warning ("%s: Task report missing on slave", __FUNCTION__);
3258  goto giveup;
3259  }
3260  if (ret && ret2)
3261  {
3262  free_entity (get_tasks);
3263  openvas_connection_close (connection);
3264  ret = slave_sleep_connect (connection, task);
3265  if (ret == 3)
3266  goto giveup;
3267  continue;
3268  }
3269 
3270  if (update_from_slave (task, get_report, &report, &next_result))
3271  {
3272  free_entity (get_tasks);
3273  free_entity (get_report);
3274  goto fail_stop_task;
3275  }
3276 
3277  if (strcmp (status, "Running") == 0)
3278  {
3279  if (update_end_times (report))
3280  goto fail_stop_task;
3281  free_entity (get_report);
3282  }
3283  }
3284  else if (strcmp (status, "Stopped") == 0)
3285  {
3287  goto succeed_stopped;
3288  }
3289  else if (strcmp (status, "Stop Requested") == 0)
3291  else if ((strcmp (status, "Internal Error") == 0)
3292  || (strcmp (status, "Delete Requested") == 0))
3293  {
3294  free_entity (get_tasks);
3295  goto fail_stop_task;
3296  }
3297 
3298  if (status_done)
3299  {
3300  if (update_end_times (report))
3301  {
3302  free_entity (get_tasks);
3303  free_entity (get_report);
3304  goto fail_stop_task;
3305  }
3306  free_entity (get_report);
3307  if (update_slave_progress (get_tasks))
3308  {
3309  free_entity (get_report);
3310  free_entity (get_tasks);
3311  goto fail_stop_task;
3312  }
3313  free_entity (get_tasks);
3314 
3315  /* Add results to assets. */
3317  if (current_report)
3318  {
3319  hosts_set_max_severity (current_report, NULL, NULL);
3321  }
3322 
3324  break;
3325  }
3326 
3327  free_entity (get_tasks);
3328 
3330  }
3331 
3332  /* Cleanup. */
3333 
3335 
3336  omp_delete_task_ext (&connection->session, slave_task_uuid, del_opts);
3338  omp_delete_config_ext (&connection->session, slave_config_uuid, del_opts);
3339  omp_delete_target_ext (&connection->session, slave_target_uuid, del_opts);
3340  omp_delete_port_list_ext (&connection->session, slave_port_list_uuid, del_opts);
3342  omp_delete_lsc_credential_ext (&connection->session, slave_ssh_credential_uuid,
3343  del_opts);
3345  omp_delete_lsc_credential_ext (&connection->session, slave_smb_credential_uuid,
3346  del_opts);
3348  omp_delete_lsc_credential_ext (&connection->session, slave_esxi_credential_uuid,
3349  del_opts);
3351  omp_delete_lsc_credential_ext (&connection->session, slave_snmp_credential_uuid,
3352  del_opts);
3353  succeed_stopped:
3354  free (slave_task_uuid);
3355  slave_task_uuid = NULL;
3356  free (slave_report_uuid);
3357  slave_report_uuid = NULL;
3358  free (slave_config_uuid);
3359  slave_config_uuid = NULL;
3360  free (slave_target_uuid);
3361  slave_target_uuid = NULL;
3362  free (slave_port_list_uuid);
3363  slave_port_list_uuid = NULL;
3372  openvas_connection_close (connection);
3373  slave_connection = NULL;
3374  g_debug (" %s: succeed\n", __FUNCTION__);
3375  return 0;
3376 
3377  fail_stop_task:
3378  omp_stop_task (&connection->session, slave_task_uuid);
3379  free (slave_report_uuid);
3380  fail_task:
3381  omp_delete_task_ext (&connection->session, slave_task_uuid, del_opts);
3383  free (slave_task_uuid);
3384  fail_config:
3385  omp_delete_config_ext (&connection->session, slave_config_uuid, del_opts);
3386  free (slave_config_uuid);
3387  fail_target:
3388  omp_delete_target_ext (&connection->session, slave_target_uuid, del_opts);
3389  free (slave_target_uuid);
3390  omp_delete_port_list_ext (&connection->session, slave_port_list_uuid, del_opts);
3391  free (slave_port_list_uuid);
3392  fail_snmp_credential:
3394  omp_delete_lsc_credential_ext (&connection->session, slave_snmp_credential_uuid,
3395  del_opts);
3397  fail_esxi_credential:
3399  omp_delete_lsc_credential_ext (&connection->session, slave_esxi_credential_uuid,
3400  del_opts);
3402  fail_smb_credential:
3404  omp_delete_lsc_credential_ext (&connection->session, slave_smb_credential_uuid,
3405  del_opts);
3407  fail_ssh_credential:
3409  omp_delete_lsc_credential_ext (&connection->session, slave_ssh_credential_uuid,
3410  del_opts);
3412  fail:
3413  g_debug (" %s: fail (%i)\n", __FUNCTION__, ret_fail);
3414  openvas_connection_close (connection);
3415  slave_connection = NULL;
3416  return ret_fail;
3417 
3418  giveup:
3419  g_debug (" %s: giveup (%i)\n", __FUNCTION__, ret_giveup);
3420  openvas_connection_close (connection);
3421  slave_connection = NULL;
3422  return ret_giveup;
3423 }
3424 
3441 static int
3442 handle_slave_task (task_t task, target_t target,
3446  credential_t target_snmp_credential,
3447  report_t last_stopped_report,
3448  openvas_connection_t *connection,
3449  const gchar *slave_id,
3450  const gchar *slave_name)
3451 {
3452  char *name, *uuid;
3453  int ret;
3454  gchar *slave_task_name;
3455 
3456  /* Some of the cases in here must write to the session outside an open
3457  * statement. For example, the omp_create_lsc_credential must come after
3458  * cleaning up the credential iterator. This is because the slave may be
3459  * the master, and the open statement would prevent the slave from getting
3460  * a lock on the database and fulfilling the request. */
3461 
3462  g_debug (" Running slave task %llu\n", task);
3463 
3464  // FIX permission checks may the user still access the slave, target, port list etc?
3465 
3467  report_set_slave_name (current_report, slave_name);
3468  report_set_slave_port (current_report, connection->port);
3469  report_set_slave_host (current_report, connection->host_string);
3470 
3471  uuid = openvas_uuid_make ();
3472  if (uuid == NULL)
3473  {
3474  g_warning ("%s: Failed to make UUID", __FUNCTION__);
3475  return -1;
3476  }
3477 
3478  name = task_name (task);
3479  if (name == NULL)
3480  {
3481  free (uuid);
3482  g_warning ("%s: Failed to get task name", __FUNCTION__);
3483  return -1;
3484  }
3485  slave_task_name = g_strdup_printf ("%s for %s", uuid, name);
3486  free (name);
3487  free (uuid);
3488 
3489  while ((ret = slave_connect (connection)))
3490  if (ret == 1)
3491  {
3492  result_t result;
3493  gchar *port_string;
3494 
3495  /* Login failed. */
3496 
3497  port_string = g_strdup_printf ("%i", connection->port);
3498  result = make_result (task,
3499  connection->host_string,
3500  port_string,
3501  /* NVT: Global variable settings. */
3502  "1.3.6.1.4.1.25623.1.0.12288",
3503  "Error Message",
3504  "Authentication with the slave failed.");
3505  g_free (port_string);
3506  if (current_report)
3508 
3509  g_free (slave_task_name);
3510  return 1;
3511  }
3512  else
3513  {
3517  || termination_signal)
3518  {
3519  if (termination_signal)
3520  {
3521  g_debug ("%s: Received %s signal.",
3522  __FUNCTION__,
3523  sys_siglist[get_termination_signal()]);
3524  }
3525  if (current_report)
3526  {
3529  }
3531  g_free (slave_task_name);
3532  return 0;
3533  }
3535  }
3536 
3537  while (1)
3538  {
3540  if (termination_signal)
3541  {
3542  g_debug ("%s: Received %s signal.",
3543  __FUNCTION__,
3544  sys_siglist[get_termination_signal()]);
3545  if (current_report)
3546  {
3549  }
3551  g_free (slave_task_name);
3552  return 0;
3553  }
3554 
3555  ret = slave_setup (connection, slave_task_name,
3556  task, target, target_ssh_credential,
3558  target_snmp_credential, last_stopped_report);
3559  if (ret == 1)
3560  {
3561  ret = slave_sleep_connect (connection, task);
3562  if (ret == 3)
3563  /* User requested "giveup". */
3564  break;
3565  }
3566  else
3567  break;
3568  }
3569 
3571  g_free (slave_task_name);
3572 
3573  return 0;
3574 }
3575 
3576 
3577 /* OSP tasks. */
3578 
3587 static GHashTable *
3588 task_scanner_options (task_t task, target_t target)
3589 {
3590  GHashTable *table;
3591  config_t config;
3592  iterator_t prefs;
3593 
3594  config = task_config (task);
3595  init_preference_iterator (&prefs, config);
3596  table = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
3597  while (next (&prefs))
3598  {
3599  char *name, *value = NULL;
3600  const char *type;
3601 
3602  name = g_strdup (preference_iterator_name (&prefs));
3603  type = preference_iterator_type (&prefs);
3604 
3605  if (g_str_has_prefix (type, "credential_"))
3606  {
3607  credential_t credential = 0;
3608  iterator_t iter;
3609  const char *uuid = preference_iterator_value (&prefs);
3610 
3611  if (!strcmp (preference_iterator_value (&prefs), "0"))
3612  credential = target_ssh_credential (target);
3613  else if (find_resource ("credential", uuid, &credential))
3614  {
3615  g_warning ("Error getting credential for osp parameter %s", name);
3616  g_free (name);
3617  continue;
3618  }
3619  if (credential == 0)
3620  {
3621  g_warning ("No credential for osp parameter %s", name);
3622  g_free (name);
3623  continue;
3624  }
3625 
3626  init_credential_iterator_one (&iter, credential);
3627  if (!next (&iter))
3628  {
3629  g_warning ("No credential for credential_id %llu", credential);
3630  g_free (name);
3631  continue;
3632  }
3633  if (!strcmp (type, "credential_up")
3634  && !strcmp (credential_iterator_type (&iter), "up"))
3635  value = g_strdup_printf ("%s:%s", credential_iterator_login (&iter),
3637  else if (!strcmp (type, "credential_up"))
3638  {
3639  g_warning ("OSP Parameter %s requires credentials of type"
3640  " username+password", name);
3641  g_free (name);
3642  continue;
3643  }
3644  else
3645  abort ();
3646  cleanup_iterator (&iter);
3647  if (!value)
3648  {
3649  g_warning ("No adequate %s for parameter %s", type, name);
3650  g_free (name);
3651  continue;
3652  }
3653  }
3654  else if (!strcmp (name, "definitions_file"))
3655  {
3656  char *fname;
3657 
3658  if (!preference_iterator_value (&prefs))
3659  continue;
3660  fname = g_strdup_printf ("%s/%s", OPENVAS_SCAP_DATA_DIR "/",
3661  preference_iterator_value (&prefs));
3662  value = openvas_file_as_base64 (fname);
3663  if (!value)
3664  continue;
3665  }
3666  else
3667  value = g_strdup (preference_iterator_value (&prefs));
3668  g_hash_table_insert (table, name, value);
3669  }
3670  cleanup_iterator (&prefs);
3671  return table;
3672 }
3673 
3674 static void
3675 delete_osp_scan (const char *report_id, const char *host, int port,
3676  const char *ca_pub, const char *key_pub, const char *key_priv)
3677 {
3678  osp_connection_t *connection;
3679 
3680  connection = osp_connection_new (host, port, ca_pub, key_pub, key_priv);
3681  if (!connection)
3682  {
3683  g_warning ("Couldn't connect to OSP scanner on %s:%d\n", host, port);
3684  return;
3685  }
3686  osp_delete_scan (connection, report_id);
3687  osp_connection_close (connection);
3688 }
3689 
3704 static int
3705 get_osp_scan_report (const char *scan_id, const char *host, int port,
3706  const char *ca_pub, const char *key_pub, const char
3707  *key_priv, int details, char **report_xml)
3708 {
3709  osp_connection_t *connection;
3710  int progress;
3711  char *error = NULL;
3712 
3713  connection = osp_connection_new (host, port, ca_pub, key_pub, key_priv);
3714  if (!connection)
3715  {
3716  g_warning ("Couldn't connect to OSP scanner on %s:%d\n", host, port);
3717  return -1;
3718  }
3719  progress = osp_get_scan (connection, scan_id, report_xml, details, &error);
3720  if (progress > 100 || progress < 0)
3721  {
3722  g_warning ("OSP get_scan %s: %s", scan_id, error);
3723  g_free (error);
3724  progress = -1;
3725  }
3726 
3727  osp_connection_close (connection);
3728  return progress;
3729 }
3730 
3740 static int
3741 handle_osp_scan (task_t task, report_t report, const char *scan_id)
3742 {
3743  char *host, *ca_pub, *key_pub, *key_priv;
3744  int rc, port;
3745  scanner_t scanner;
3746 
3747  scanner = task_scanner (task);
3748  host = scanner_host (scanner);
3749  port = scanner_port (scanner);
3750  ca_pub = scanner_ca_pub (scanner);
3751  key_pub = scanner_key_pub (scanner);
3752  key_priv = scanner_key_priv (scanner);
3753  while (1)
3754  {
3755  char *report_xml = NULL;
3756  int run_status;
3757 
3758  run_status = task_run_status (task);
3759  if (run_status == TASK_STATUS_STOPPED
3760  || run_status == TASK_STATUS_STOP_REQUESTED)
3761  {
3762  rc = -2;
3763  break;
3764  }
3765  int progress = get_osp_scan_report (scan_id, host, port, ca_pub, key_pub,
3766  key_priv, 0, NULL);
3767  if (progress == -1)
3768  {
3769  result_t result = make_osp_result
3770  (task, "", "", threat_message_type ("Error"),
3771  "Erroneous scan progress value", "", "",
3772  QOD_DEFAULT);
3773  report_add_result (report, result);
3774  rc = -1;
3775  break;
3776  }
3777  else if (progress < 100)
3778  {
3779  set_report_slave_progress (report, progress);
3780  openvas_sleep (10);
3781  }
3782  else if (progress == 100)
3783  {
3784  /* Get the full OSP report. */
3785  progress = get_osp_scan_report (scan_id, host, port, ca_pub, key_pub,
3786  key_priv, 1, &report_xml);
3787  assert (progress == 100);
3788  parse_osp_report (task, report, report_xml);
3789  g_free (report_xml);
3790  delete_osp_scan (scan_id, host, port, ca_pub, key_pub, key_priv);
3791  rc = 0;
3792  break;
3793  }
3794  }
3795 
3796  g_free (host);
3797  g_free (ca_pub);
3798  g_free (key_pub);
3799  g_free (key_priv);
3800  return rc;
3801 }
3802 
3811 static GHashTable *
3812 get_osp_task_options (task_t task, target_t target)
3813 {
3814  char *ssh_port;
3815  const char *user, *pass;
3816  iterator_t iter;
3817  credential_t cred;
3818  GHashTable *options = task_scanner_options (task, target);
3819 
3820  if (!options)
3821  return NULL;
3822 
3823  cred = target_ssh_credential (target);
3824  if (cred)
3825  {
3826  ssh_port = target_ssh_port (target);
3827  g_hash_table_insert (options, g_strdup ("port"), ssh_port);
3828 
3829  init_credential_iterator_one (&iter, cred);
3830  if (!next (&iter))
3831  {
3832  g_warning ("%s: LSC Credential not found.", __FUNCTION__);
3833  g_hash_table_destroy (options);
3834  cleanup_iterator (&iter);
3835  return NULL;
3836  }
3837  if (credential_iterator_private_key (&iter))
3838  {
3839  g_warning ("%s: LSC Credential not a user/pass pair.", __FUNCTION__);
3840  g_hash_table_destroy (options);
3841  cleanup_iterator (&iter);
3842  return NULL;
3843  }
3844  user = credential_iterator_login (&iter);
3845  pass = credential_iterator_password (&iter);
3846  g_hash_table_insert (options, g_strdup ("username"), g_strdup (user));
3847  g_hash_table_insert (options, g_strdup ("password"), g_strdup (pass));
3848  cleanup_iterator (&iter);
3849  }
3850  return options;
3851 }
3852 
3863 static int
3864 launch_osp_task (task_t task, target_t target, const char *scan_id,
3865  char **error)
3866 {
3867  osp_connection_t *connection;
3868  char *target_str, *ports_str;
3869  GHashTable *options;
3870  int ret;
3871 
3872  options = get_osp_task_options (task, target);
3873  if (!options)
3874  return -1;
3875  connection = osp_scanner_connect (task_scanner (task));
3876  if (!connection)
3877  {
3878  g_hash_table_destroy (options);
3879  return -1;
3880  }
3881  target_str = target_hosts (target);
3882  ports_str = target_port_range (target);
3883  ret = osp_start_scan (connection, target_str, ports_str, options, scan_id,
3884  error);
3885 
3886  g_hash_table_destroy (options);
3887  osp_connection_close (connection);
3888  g_free (target_str);
3889  g_free (ports_str);
3890  return ret;
3891 }
3892 
3902 static int
3903 fork_osp_scan_handler (task_t task, target_t target)
3904 {
3905  char *report_id, title[128], *error = NULL;
3906  int rc;
3907 
3908  assert (task);
3909  assert (target);
3910 
3911  if (create_current_report (task, &report_id, TASK_STATUS_REQUESTED))
3912  {
3913  g_debug (" %s: failed to create report.\n", __FUNCTION__);
3914  return -1;
3915  }
3916 
3918 
3919  switch (fork ())
3920  {
3921  case 0:
3922  break;
3923  case -1:
3924  /* Parent, failed to fork. */
3925  g_warning ("%s: Failed to fork: %s\n",
3926  __FUNCTION__,
3927  strerror (errno));
3931  current_report = (report_t) 0;
3932  return -9;
3933  default:
3934  /* Parent, successfully forked. */
3935  return 0;
3936  }
3937 
3938  /* Child: Re-open DB after fork and periodically check scan progress.
3939  * If progress == 100%: Parse the report results and other info then exit(0).
3940  * Else, exit(1) in error cases like connection to scanner failure.
3941  */
3944  if (launch_osp_task (task, target, report_id, &error))
3945  {
3946  result_t result;
3947 
3948  g_warning ("OSP start_scan %s: %s", report_id, error);
3949  result = make_osp_result (task, "", "", threat_message_type ("Error"),
3950  error, "", "", QOD_DEFAULT);
3954  set_task_end_time_epoch (task, time (NULL));
3955  set_scan_end_time_epoch (current_report, time (NULL));
3956 
3957  g_free (error);
3958  g_free (report_id);
3959  exit (-1);
3960  }
3961 
3964 
3965  snprintf (title, sizeof (title), "openvasmd: OSP: Handling scan %s", report_id);
3966  proctitle_set (title);
3967 
3968  rc = handle_osp_scan (task, current_report, report_id);
3969  g_free (report_id);
3970  if (rc == 0)
3971  {
3974  }
3975  else if (rc == -1 || rc == -2)
3976  {
3979  }
3980 
3981  set_task_end_time_epoch (task, time (NULL));
3982  set_scan_end_time_epoch (current_report, time (NULL));
3983  current_report = 0;
3985  exit (rc);
3986 }
3987 
3995 int
3997 {
3998  target_t target;
3999 
4000  target = task_target (task);
4001  if (target)
4002  {
4003  char *uuid;
4004  target_t found;
4005 
4006  uuid = target_uuid (target);
4007  if (find_target_with_permission (uuid, &found, "get_targets"))
4008  {
4009  g_free (uuid);
4010  return -1;
4011  }
4012  g_free (uuid);
4013  if (found == 0)
4014  return 99;
4015  }
4016 
4017  if (fork_osp_scan_handler (task, target))
4018  {
4019  g_warning ("Couldn't fork OSP scan handler.\n");
4020  return -1;
4021  }
4022  return 0;
4023 }
4024 
4025 
4026 /* CVE tasks. */
4027 
4036 static int
4037 cve_scan_host (task_t task, openvas_host_t *openvas_host)
4038 {
4039  report_host_t report_host;
4040  gchar *ip, *host;
4041 
4042  host = openvas_host_value_str (openvas_host);
4043 
4044  ip = report_host_ip (host);
4045  if (ip == NULL)
4046  ip = g_strdup (host);
4047 
4048  g_debug ("%s: ip: %s", __FUNCTION__, ip);
4049 
4050  /* Get the last report that applies to the host. */
4051 
4052  if (host_nthlast_report_host (ip, &report_host, 1))
4053  {
4054  g_warning ("%s: Failed to get nthlast report.\n", __FUNCTION__);
4055  g_free (ip);
4056  return 1;
4057  }
4058 
4059  g_debug ("%s: report_host: %llu", __FUNCTION__, report_host);
4060 
4061  if (report_host)
4062  {
4063  iterator_t report_hosts;
4064 
4065  /* Get the report_host for the host. */
4066 
4067  init_report_host_iterator (&report_hosts, 0, NULL, report_host);
4068  if (next (&report_hosts))
4069  {
4070  iterator_t prognosis;
4071  int prognosis_report_host, start_time;
4072 
4073  /* Add report_host with prognosis results and host details. */
4074 
4075  start_time = time (NULL);
4076  prognosis_report_host = 0;
4077  init_host_prognosis_iterator (&prognosis, report_host, 0, -1,
4078  NULL, NULL, 0, NULL);
4079  while (next (&prognosis))
4080  {
4081  const char *app, *cve;
4082  double severity;
4083  gchar *desc, *location;
4084  result_t result;
4085 
4086  if (current_report && (prognosis_report_host == 0))
4087  prognosis_report_host = manage_report_host_add (current_report,
4088  ip,
4089  start_time,
4090  0);
4091 
4092  severity = prognosis_iterator_cvss_double (&prognosis);
4093 
4094  app = prognosis_iterator_cpe (&prognosis);
4095  cve = prognosis_iterator_cve (&prognosis);
4096  location = app_location (report_host, app);
4097 
4098  desc = g_strdup_printf ("The host carries the product: %s\n"
4099  "It is vulnerable according to: %s.\n"
4100  "%s%s%s"
4101  "\n"
4102  "%s",
4103  app,
4104  cve,
4105  location
4106  ? "The product was found at: "
4107  : "",
4108  location ? location : "",
4109  location ? ".\n" : "",
4111  (&prognosis));
4112 
4113  g_debug ("%s: making result with severity %1.1f desc [%s]",
4114  __FUNCTION__, severity, desc);
4115 
4116  result = make_cve_result (task, ip, cve, severity, desc);
4117  g_free (desc);
4118  if (current_report)
4119  {
4121 
4122  insert_report_host_detail (current_report, ip, "cve", cve,
4123  "CVE Scanner", "App", app);
4124 
4125  if (location)
4126  {
4127  insert_report_host_detail (current_report, ip, "cve", cve,
4128  "CVE Scanner", app, location);
4129 
4130  insert_report_host_detail (current_report, ip, "cve", cve,
4131  "CVE Scanner", "detected_at",
4132  location);
4133  insert_report_host_detail (current_report, ip, "cve", cve,
4134  "CVE Scanner", "detected_by",
4135  /* Detected by itself. */
4136  cve);
4137  }
4138  }
4139  g_free (location);
4140  }
4141  cleanup_iterator (&prognosis);
4142 
4143  if (prognosis_report_host)
4144  {
4145  /* Complete the report_host. */
4146 
4147  report_host_set_end_time (prognosis_report_host, time (NULL));
4148  insert_report_host_detail (current_report, ip, "cve", "",
4149  "CVE Scanner", "CVE Scan", "1");
4150  }
4151  }
4152  cleanup_iterator (&report_hosts);
4153  }
4154 
4155  g_free (ip);
4156  return 0;
4157 }
4158 
4168 static int
4169 fork_cve_scan_handler (task_t task, target_t target)
4170 {
4171  int pid;
4172  char *report_id, title[128], *hosts;
4173  openvas_hosts_t *openvas_hosts;
4174  openvas_host_t *openvas_host;
4175 
4176  assert (task);
4177  assert (target);
4178 
4179  if (create_current_report (task, &report_id, TASK_STATUS_REQUESTED))
4180  {
4181  g_debug (" %s: failed to create report.\n", __FUNCTION__);
4182  return -1;
4183  }
4184 
4186 
4187  pid = fork ();
4188  switch (pid)
4189  {
4190  case 0:
4191  break;
4192  case -1:
4193  /* Parent, failed to fork. */
4194  g_warning ("%s: Failed to fork: %s\n",
4195  __FUNCTION__,
4196  strerror (errno));
4200  current_report = (report_t) 0;
4201  return -9;
4202  default:
4203  /* Parent, successfully forked. */
4204  g_debug ("%s: %i forked %i", __FUNCTION__, getpid (), pid);
4205  return 0;
4206  }
4207 
4208  /* Child.
4209  *
4210  * Re-open DB and do prognostic calculation. On success exit(0), else
4211  * exit(1). */
4214 
4215  /* Setup the task. */
4216 
4218 
4219  snprintf (title, sizeof (title), "openvasmd: CVE: Handling scan %s", report_id);
4220  g_free (report_id);
4221  proctitle_set (title);
4222 
4223  hosts = target_hosts (target);
4224  if (hosts == NULL)
4225  {
4226  g_warning ("%s: target hosts is NULL", __FUNCTION__);
4229  exit (1);
4230  }
4231 
4232  reset_task (task);
4233  set_task_start_time_epoch (task, time (NULL));
4235 
4236  /* Add the results. */
4237 
4238  openvas_hosts = openvas_hosts_new (hosts);
4239  free (hosts);
4240  while ((openvas_host = openvas_hosts_next (openvas_hosts)))
4241  if (cve_scan_host (task, openvas_host))
4242  {
4243  g_warning ("%s: cve_scan_host failed", __FUNCTION__);
4246  openvas_hosts_free (openvas_hosts);
4247  exit (1);
4248  }
4249  openvas_hosts_free (openvas_hosts);
4250 
4251  /* Set the end states. */
4252 
4253  set_scan_end_time_epoch (current_report, time (NULL));
4254  set_task_end_time_epoch (task, time (NULL));
4257  current_report = 0;
4259  exit (0);
4260 }
4261 
4269 static int
4270 run_cve_task (task_t task)
4271 {
4272  target_t target;
4273 
4274  target = task_target (task);
4275  if (target)
4276  {
4277  char *uuid;
4278  target_t found;
4279 
4280  uuid = target_uuid (target);
4281  if (find_target_with_permission (uuid, &found, "get_targets"))
4282  {
4283  g_free (uuid);
4284  return -1;
4285  }
4286  g_free (uuid);
4287  if (found == 0)
4288  return 99;
4289  }
4290 
4291  if (fork_cve_scan_handler (task, target))
4292  {
4293  g_warning ("Couldn't fork CVE scan handler.\n");
4294  return -1;
4295  }
4296  return 0;
4297 }
4298 
4299 
4300 /* OTP tasks. */
4301 
4311 int
4312 set_certs (const char *ca_pub, const char *key_pub, const char *key_priv)
4313 {
4314  const char *fallback;
4315 
4316  if (ca_pub == NULL)
4317  fallback = manage_default_ca_cert ();
4318  else
4319  fallback = NULL;
4320 
4321  openvas_scanner_set_certs (fallback ? fallback : ca_pub, key_pub, key_priv);
4322 
4323  if (ca_pub || fallback)
4324  return 0;
4325  return 1;
4326 }
4327 
4335 static int
4336 scanner_setup (scanner_t scanner)
4337 {
4338  int ret, port;
4339  char *host, *ca_pub, *key_pub, *key_priv;
4340 
4341  assert (scanner);
4342  host = scanner_host (scanner);
4343  if (host && *host == '/')
4344  {
4345  /* XXX: Workaround for unix socket case. Should add a flag. */
4346  openvas_scanner_set_unix (host);
4347  return 0;
4348  }
4349  port = scanner_port (scanner);
4350  ret = openvas_scanner_set_address (host, port);
4351  g_free (host);
4352  if (ret)
4353  return ret;
4354  ca_pub = scanner_ca_pub (scanner);
4355  key_pub = scanner_key_pub (scanner);
4356  key_priv = scanner_key_priv (scanner);
4357  ret = 0;
4358  if (set_certs (ca_pub, key_pub, key_priv))
4359  ret = 1;
4360  g_free (ca_pub);
4361  g_free (key_pub);
4362  g_free (key_priv);
4363  return ret;
4364 }
4365 
4380 static int
4381 run_task_setup (task_t task, config_t *config, target_t *target,
4382  port_list_t *port_list, credential_t *ssh_credential,
4383  credential_t *smb_credential, credential_t *esxi_credential,
4384  credential_t *snmp_credential)
4385 {
4386  int ret;
4387 
4388  *config = task_config (task);
4389  *target = task_target (task);
4390  *port_list = target_port_list (*target);
4391  *ssh_credential = target_ssh_credential (*target);
4392  *smb_credential = target_smb_credential (*target);
4393  *esxi_credential = target_esxi_credential (*target);
4394  *snmp_credential = target_credential (*target, "snmp");
4395 
4396  ret = check_available ("config", *config, "get_configs");
4397  if (ret)
4398  return ret;
4399 
4400  ret = check_available ("target", *target, "get_targets");
4401  if (ret)
4402  return ret;
4403 
4404  ret = check_available ("port_list", *port_list, "get_port_lists");
4405  if (ret)
4406  return ret;
4407 
4408  if (*ssh_credential
4409  && ((ret = check_available ("credential",
4410  *ssh_credential,
4411  "get_credentials"))))
4412  return ret;
4413 
4414  if (*smb_credential
4415  && ((ret = check_available ("credential",
4416  *smb_credential,
4417  "get_credentials"))))
4418  return ret;
4419 
4420  if (*esxi_credential
4421  && ((ret = check_available ("credential",
4422  *esxi_credential,
4423  "get_credentials"))))
4424  return ret;
4425 
4426  if (*snmp_credential
4427  && ((ret = check_available ("credential",
4428  *snmp_credential,
4429  "get_credentials"))))
4430  return ret;
4431 
4432  return 0;
4433 }
4434 
4447 static int
4448 run_task_prepare_report (task_t task, char **report_id, int from,
4449  task_status_t run_status,
4450  report_t *last_stopped_report)
4451 {
4452  if ((from == 1)
4453  || ((from == 2)
4454  && (run_status == TASK_STATUS_STOPPED)))
4455  {
4456  if (task_last_stopped_report (task, last_stopped_report))
4457  {
4458  g_debug (" error getting last stopped report.\n");
4459  return -1;
4460  }
4461 
4462  current_report = *last_stopped_report;
4463  if (report_id) *report_id = report_uuid (*last_stopped_report);
4464 
4465  /* Remove partial host information from the report. */
4466 
4467  trim_partial_report (*last_stopped_report);
4468 
4469  /* Ensure the report is marked as requested. */
4470 
4472 
4473  /* Clear the end times of the task and partial report. */
4474 
4476  set_task_end_time (task, NULL);
4477  set_scan_end_time (*last_stopped_report, NULL);
4478  }
4479  else if ((from == 0) || (from == 2))
4480  {
4481  *last_stopped_report = 0;
4482 
4483  /* Create the report. */
4484 
4485  if (create_current_report (task, report_id, TASK_STATUS_REQUESTED))
4486  return -3;
4487 
4488  reset_task (task);
4489  }
4490  else
4491  {
4492  /* "from" must be 0, 1 or 2. */
4493  assert (0);
4494  return -1;
4495  }
4496 
4497  return 0;
4498 }
4499 
4514 static int
4515 run_slave_or_omp_task (task_t task, int from, char **report_id,
4516  openvas_connection_t *connection,
4517  const gchar *slave_id,
4518  const gchar *slave_name)
4519 {
4520  int ret, pid;
4521  task_status_t run_status;
4522  report_t last_stopped_report;
4523  char title[128], *uuid;
4524  target_t target;
4525  config_t config;
4526  credential_t ssh_credential, smb_credential, esxi_credential, snmp_credential;
4527  port_list_t port_list;
4528 
4529  ret = run_task_setup (task, &config, &target, &port_list, &ssh_credential,
4530  &smb_credential, &esxi_credential, &snmp_credential);
4531  if (ret)
4532  return ret;
4533 
4534  /* When resuming, check that the scanner supports it. */
4535 
4536  if (from > 0 && config_type (config) > 0)
4537  return 4;
4538 
4539  /* Mark task "Requested".
4540  *
4541  * Every fail exit from here must reset the run status. */
4542 
4543  if (set_task_requested (task, &run_status))
4544  return 1;
4545 
4546  /* Prepare the report. */
4547 
4548  ret = run_task_prepare_report (task, report_id, from, run_status,
4549  &last_stopped_report);
4550  if (ret)
4551  {
4552  set_task_run_status (task, run_status);
4553  return ret;
4554  }
4555 
4556  /* Check target. */
4557 
4558  if (target_hosts (target) == NULL)
4559  {
4560  g_debug (" target hosts is NULL.\n");
4561  set_task_run_status (task, run_status);
4562  return -4;
4563  }
4564 
4566 
4567  /* Every fail exit from here must reset to this run status, and must
4568  * clear current_report. */
4569 
4576  run_status = TASK_STATUS_INTERNAL_ERROR;
4577 
4578  /* Fork a child to start and handle the task while the parent responds to
4579  * the client. */
4580 
4581  pid = fork ();
4582  switch (pid)
4583  {
4584  case 0:
4585  /* Child. Carry on starting the task, reopen the database (required
4586  * after fork). */
4589  break;
4590  case -1:
4591  /* Parent when error. */
4592  g_warning ("%s: Failed to fork task child: %s\n",
4593  __FUNCTION__,
4594  strerror (errno));
4595  set_task_run_status (task, run_status);
4597  current_report = (report_t) 0;
4598  return -9;
4599  break;
4600  default:
4601  g_debug ("%s: forked %i to run slave/omp task\n",
4602  __FUNCTION__,
4603  pid);
4604  /* Parent. Return, in order to respond to client. */
4605  current_report = (report_t) 0;
4606  return 0;
4607  break;
4608  }
4609 
4610  /* Reset any running information. */
4611 
4612  {
4613  char *iface;
4614  iface = task_preference_value (task, "source_iface");
4615  if (iface)
4617  else
4619  free (iface);
4620  }
4621 
4622  uuid = report_uuid (current_report);
4623  snprintf (title, sizeof (title),
4624  "openvasmd: OTP: Handling slave scan %s",
4625  uuid);
4626  free (uuid);
4627  proctitle_set (title);
4628 
4629  switch (handle_slave_task (task, target, ssh_credential, smb_credential,
4630  esxi_credential, snmp_credential,
4631  last_stopped_report, connection, slave_id,
4632  slave_name))
4633  {
4634  case 0:
4635  break;
4636  default:
4637  assert (0);
4638  case 1:
4639  /* Auth failure. */
4640  case -1:
4641  /* Error. */
4642  g_warning ("%s: handle_slave_task failed", __FUNCTION__);
4643  set_task_run_status (task, run_status);
4645  exit (EXIT_FAILURE);
4646  }
4647  exit (EXIT_SUCCESS);
4648 }
4649 
4662 static int
4663 run_omp_task (task_t task, scanner_t scanner, int from, char **report_id)
4664 {
4665  int ret;
4666  openvas_connection_t connection;
4667  char *scanner_id, *name;
4668 
4669  memset (&connection, 0, sizeof (connection));
4670 
4671  connection.host_string = scanner_host (scanner);
4672  if (connection.host_string == NULL)
4673  {
4674  g_warning ("%s: Scanner has no host", __FUNCTION__);
4675  return -1;
4676  }
4677 
4678  g_debug (" %s: connection.host: %s\n", __FUNCTION__,
4679  connection.host_string);
4680 
4681  connection.port = scanner_port (scanner);
4682  if (connection.port == -1)
4683  {
4684  free (connection.host_string);
4685  g_warning ("%s: Scanner has no port", __FUNCTION__);
4686  return -1;
4687  }
4688 
4689  connection.username = scanner_login (scanner);
4690  if (connection.username == NULL)
4691  {
4692  free (connection.host_string);
4693  g_warning ("%s: Scanner has no login username", __FUNCTION__);
4694  return -1;
4695  }
4696 
4697  connection.password = scanner_password (scanner);
4698  if (connection.password == NULL)
4699  {
4700  free (connection.username);
4701  free (connection.host_string);
4702  g_warning ("%s: Scanner has no login password", __FUNCTION__);
4703  return -1;
4704  }
4705 
4706  connection.ca_cert = scanner_ca_pub (scanner);
4707 
4708  scanner_id = scanner_uuid (scanner);
4709  name = scanner_name (scanner);
4710 
4711  connection.tls = 1;
4712 
4713  ret = run_slave_or_omp_task (task, from, report_id, &connection, scanner_id,
4714  name);
4715 
4716  free (connection.host_string);
4717  free (connection.username);
4718  free (connection.password);
4719  free (connection.ca_cert);
4720  free (scanner_id);
4721  free (name);
4722 
4723  return ret;
4724 }
4725 
4737 int
4738 run_otp_task (task_t task, scanner_t scanner, int from, char **report_id)
4739 {
4740  char title[128], *hosts, *port_range, *port, *uuid;
4741  gchar *plugins;
4742  int fail, pid, ret;
4743  GSList *files = NULL;
4744  GPtrArray *preference_files;
4745  task_status_t run_status;
4746  report_t last_stopped_report;
4747  target_t target;
4748  config_t config;
4749  credential_t ssh_credential, smb_credential, esxi_credential, snmp_credential;
4750  port_list_t port_list;
4751 
4752  /* Setup the task info required for the scan. */
4753 
4754  ret = run_task_setup (task, &config, &target, &port_list, &ssh_credential,
4755  &smb_credential, &esxi_credential, &snmp_credential);
4756  if (ret)
4757  return ret;
4758 
4759  /* When resuming, check that the scanner supports it. */
4760 
4761  if (from > 0 && config_type (config) > 0)
4762  return 4;
4763 
4764  /* For local scans, setup the scanner. */
4765 
4766  switch (scanner_setup (scanner))
4767  {
4768  case 0:
4769  break;
4770  case 1:
4771  return -7;
4772  default:
4773  return -5;
4774  }
4775 
4778  return -5;
4779 
4781  {
4783  return -5;
4784  }
4785 
4786  /* Mark task "Requested".
4787  *
4788  * Every fail exit from here must reset the run status. */
4789 
4790  if (set_task_requested (task, &run_status))
4791  return 1;
4792 
4793  /* Prepare the report. */
4794 
4795  ret = run_task_prepare_report (task, report_id, from, run_status,
4796  &last_stopped_report);
4797  if (ret)
4798  {
4799  set_task_run_status (task, run_status);
4800  return ret;
4801  }
4802 
4803  /* Check target. */
4804 
4805  if (target_hosts (target) == NULL)
4806  {
4807  g_debug (" target hosts is NULL.\n");
4808  set_task_run_status (task, run_status);
4809  return -4;
4810  }
4811 
4813 
4814  /* Every fail exit from here must reset to this run status, and must
4815  * clear current_report. */
4816 
4823  run_status = TASK_STATUS_INTERNAL_ERROR;
4824 
4825  /* Fork a child to start and handle the task while the parent responds to
4826  * the client. */
4827 
4828  pid = fork ();
4829  switch (pid)
4830  {
4831  case 0:
4832  /* Child. Carry on starting the task, reopen the database (required
4833  * after fork). */
4836  break;
4837  case -1:
4838  /* Parent when error. */
4839  g_warning ("%s: Failed to fork task child: %s\n",
4840  __FUNCTION__,
4841  strerror (errno));
4842  set_task_run_status (task, run_status);
4844  current_report = (report_t) 0;
4845  return -9;
4846  break;
4847  default:
4848  /* Parent. Return, in order to respond to client. */
4849  current_report = (report_t) 0;
4850  return 0;
4851  break;
4852  }
4853 
4854  /* Reset any running information. */
4855 
4856  {
4857  char *iface;
4858  iface = task_preference_value (task, "source_iface");
4859  if (iface)
4861  else
4863  free (iface);
4864  }
4865 
4866  uuid = report_uuid (current_report);
4867  snprintf (title, sizeof (title), "openvasmd: OTP: Handling scan %s", uuid);
4868  free (uuid);
4869  proctitle_set (title);
4870 
4875 
4876  /* Send the preferences header. */
4877 
4878  if (send_to_server ("CLIENT <|> PREFERENCES <|>\n"))
4879  {
4880  g_warning ("%s: Failed to send OTP PREFERENCES", __FUNCTION__);
4881  set_task_run_status (task, run_status);
4883  current_report = (report_t) 0;
4884  return -10;
4885  }
4886 
4887  /* Send the plugin list. */
4888 
4889  plugins = nvt_selector_plugins (config);
4890  if (plugins)
4891  {
4892  if (ssh_credential == 0 && smb_credential == 0 && esxi_credential == 0)
4893  fail = sendf_to_server ("plugin_set <|> %s\n", plugins);
4894  else
4895  {
4896  GString *auth_plugins = g_string_new ("");
4897  if (ssh_credential)
4898  g_string_append (auth_plugins, "1.3.6.1.4.1.25623.1.0.90022;");
4899  if (smb_credential)
4900  g_string_append (auth_plugins, "1.3.6.1.4.1.25623.1.0.90023;");
4901  if (esxi_credential)
4902  g_string_append (auth_plugins, "1.3.6.1.4.1.25623.1.0.105058;");
4903  if (snmp_credential)
4904  g_string_append (auth_plugins, "1.3.6.1.4.1.25623.1.0.105076;");
4905 
4906  fail = sendf_to_server ("plugin_set <|> %s%s\n",
4907  auth_plugins->str,
4908  plugins);
4909  g_string_free (auth_plugins, TRUE);
4910  }
4911  }
4912  else
4913  fail = send_to_server ("plugin_set <|> 0\n");
4914  free (plugins);
4915  if (fail)
4916  {
4917  g_warning ("%s: Failed to send OTP plugin_set", __FUNCTION__);
4918  set_task_run_status (task, run_status);
4920  current_report = (report_t) 0;
4921  return -10;
4922  }
4923 
4924  /* Send the scanner and task preferences. */
4925 
4926  if (send_config_preferences (config, "SERVER_PREFS", NULL, NULL))
4927  {
4928  g_warning ("%s: Failed to send OTP SERVER_PREFS", __FUNCTION__);
4929  set_task_run_status (task, run_status);
4931  current_report = (report_t) 0;
4932  return -10;
4933  }
4934 
4935  if (send_task_preferences (task))
4936  {
4937  g_warning ("%s: Failed to send OTP task preferences", __FUNCTION__);
4938  set_task_run_status (task, run_status);
4940  current_report = (report_t) 0;
4941  return -10;
4942  }
4943 
4944  /* Send the port range. */
4945 
4946  port_range = target_port_range (target);
4947  if (sendf_to_server ("port_range <|> %s\n",
4948  port_range ? port_range : "default"))
4949  {
4950  free (port_range);
4951  g_warning ("%s: Failed to send OTP port_range", __FUNCTION__);
4952  set_task_run_status (task, run_status);
4954  current_report = (report_t) 0;
4955  return -10;
4956  }
4957  free (port_range);
4958 
4959  /* Send the SSH LSC port. */
4960 
4961  port = target_ssh_port (target);
4962  if (port && sendf_to_server ("auth_port_ssh <|> %s\n", port))
4963  {
4964  free (port);
4965  g_warning ("%s: Failed to send OTP auth_port_ssh", __FUNCTION__);
4966  set_task_run_status (task, run_status);
4968  current_report = (report_t) 0;
4969  return -10;
4970  }
4971  free (port);
4972 
4973  /* Collect task files to send. */
4974 
4975  files = get_files_to_send (task);
4976 
4977  /* Send the plugins preferences. */
4978 
4979  preference_files = g_ptr_array_new ();
4980  if (send_config_preferences (config, "PLUGINS_PREFS", files, preference_files))
4981  {
4982  g_ptr_array_free (preference_files, TRUE);
4983  slist_free (files);
4984  g_warning ("%s: Failed to send OTP PLUGINS_PREFS", __FUNCTION__);
4985  set_task_run_status (task, run_status);
4987  current_report = (report_t) 0;
4988  return -10;
4989  }
4990 
4991  /* Send other scanner preferences. */
4992 
4993  if (send_scanner_preferences (task, target, last_stopped_report))
4994  {
4995  g_ptr_array_add (preference_files, NULL);
4996  array_free (preference_files);
4997  slist_free (files);
4998  g_warning ("%s: Failed to send OTP scanner preferences", __FUNCTION__);
4999  set_task_run_status (task, run_status);
5001  current_report = (report_t) 0;
5002  return -10;
5003  }
5004 
5005  /* Send credential preferences if there are credentials linked to target. */
5006 
5007  if (ssh_credential)
5008  {
5009  iterator_t credentials;
5010 
5011  init_credential_iterator_one (&credentials, ssh_credential);
5012  if (next (&credentials))
5013  {
5014  const char *user = credential_iterator_login (&credentials);
5015  const char *password = credential_iterator_password (&credentials);
5016 
5017  if (sendf_to_server ("SSH Authorization[entry]:SSH login name:"
5018  " <|> %s\n",
5019  user ? user : "")
5020  || (credential_iterator_private_key (&credentials)
5021  ? sendf_to_server ("SSH Authorization[password]:"
5022  "SSH key passphrase:"
5023  " <|> %s\n",
5024  password ? password : "")
5025  : sendf_to_server ("SSH Authorization[password]:"
5026  "SSH password (unsafe!):"
5027  " <|> %s\n",
5028  password ? password : "")))
5029 
5030  {
5031  fail:
5032  cleanup_iterator (&credentials);
5033  g_ptr_array_add (preference_files, NULL);
5034  array_free (preference_files);
5035  slist_free (files);
5036  g_warning ("%s: Failed to send OTP SSH preferences",
5037  __FUNCTION__);
5038  set_task_run_status (task, run_status);
5040  current_report = (report_t) 0;
5041  return -10;
5042  }
5043 
5044  if (credential_iterator_private_key (&credentials))
5045  {
5046  char *uuid = openvas_uuid_make ();
5047  if (uuid == NULL)
5048  goto fail;
5049 
5050  g_ptr_array_add (preference_files, (gpointer) uuid);
5051  g_ptr_array_add
5052  (preference_files,
5053  (gpointer) g_strdup (credential_iterator_private_key
5054  (&credentials)));
5055 
5056  if (sendf_to_server ("SSH Authorization[file]:"
5057  "SSH private key:"
5058  " <|> %s\n",
5059  uuid))
5060  goto fail;
5061  }
5062  }
5063  cleanup_iterator (&credentials);
5064  }
5065 
5066  if (smb_credential)
5067  {
5068  iterator_t credentials;
5069 
5070  init_credential_iterator_one (&credentials, smb_credential);
5071  if (next (&credentials))
5072  {
5073  const char *user = credential_iterator_login (&credentials);
5074  const char *password = credential_iterator_password (&credentials);
5075 
5076  if (sendf_to_server ("SMB Authorization[entry]:SMB login: <|> %s\n",
5077  user ? user : "")
5078  || sendf_to_server ("SMB Authorization[password]:SMB password:"
5079  " <|> %s\n",
5080  password ? password : ""))
5081  {
5082  cleanup_iterator (&credentials);
5083  g_ptr_array_add (preference_files, NULL);
5084  array_free (preference_files);
5085  slist_free (files);
5086  g_warning ("%s: Failed to send OTP SMB preferences",
5087  __FUNCTION__);
5088  set_task_run_status (task, run_status);
5090  current_report = (report_t) 0;
5091  return -10;
5092  }
5093  }
5094  cleanup_iterator (&credentials);
5095  }
5096 
5097  if (esxi_credential)
5098  {
5099  iterator_t credentials;
5100 
5101  init_credential_iterator_one (&credentials, esxi_credential);
5102  if (next (&credentials))
5103  {
5104  const char *user = credential_iterator_login (&credentials);
5105  const char *password = credential_iterator_password (&credentials);
5106 
5107  if (sendf_to_server ("ESXi Authorization[entry]:ESXi login name:"
5108  " <|> %s\n",
5109  user ? user : "")
5110  || sendf_to_server ("ESXi Authorization[password]:ESXi login password:"
5111  " <|> %s\n",
5112  password ? password : ""))
5113  {
5114  cleanup_iterator (&credentials);
5115  g_ptr_array_add (preference_files, NULL);
5116  array_free (preference_files);
5117  slist_free (files);
5118  g_warning ("%s: Failed to send OTP ESXi preferences",
5119  __FUNCTION__);
5120  set_task_run_status (task, run_status);
5122  current_report = (report_t) 0;
5123  return -10;
5124  }
5125  }
5126  cleanup_iterator (&credentials);
5127  }
5128 
5129  if (snmp_credential)
5130  {
5131  iterator_t credentials;
5132 
5133  init_credential_iterator_one (&credentials, snmp_credential);
5134  if (next (&credentials))
5135  {
5136  const char *community = credential_iterator_community (&credentials);
5137  const char *user = credential_iterator_login (&credentials);
5138  const char *password = credential_iterator_password (&credentials);
5139  const char *auth_algorithm
5140  = credential_iterator_auth_algorithm (&credentials);
5141  const char *privacy_password
5142  = credential_iterator_privacy_password (&credentials);
5143  const char *privacy_algorithm
5144  = credential_iterator_privacy_algorithm (&credentials);
5145 
5146  if (sendf_to_server ("SNMP Authorization[password]:SNMP Community:"
5147  " <|> %s\n",
5148  community ? community : "")
5149  || sendf_to_server ("SNMP Authorization[entry]:SNMPv3 Username:"
5150  " <|> %s\n",
5151  user ? user : "")
5152  || sendf_to_server ("SNMP Authorization[password]:"
5153  "SNMPv3 Password:"
5154  " <|> %s\n",
5155  password ? password : "")
5156  || sendf_to_server ("SNMP Authorization[radio]:"
5157  "SNMPv3 Authentication Algorithm:"
5158  " <|> %s\n",
5159  auth_algorithm ? auth_algorithm : "")
5160  || sendf_to_server ("SNMP Authorization[password]:"
5161  "SNMPv3 Privacy Password:"
5162  " <|> %s\n",
5163  privacy_password ? privacy_password : "")
5164  || sendf_to_server ("SNMP Authorization[radio]:"
5165  "SNMPv3 Privacy Algorithm:"
5166  " <|> %s\n",
5167  privacy_algorithm ? privacy_algorithm : ""))
5168  {
5169  cleanup_iterator (&credentials);
5170  g_ptr_array_add (preference_files, NULL);
5171  array_free (preference_files);
5172  slist_free (files);
5173  g_warning ("%s: Failed to send OTP SNMP preferences",
5174  __FUNCTION__);
5175  set_task_run_status (task, run_status);
5177  current_report = (report_t) 0;
5178  return -10;
5179  }
5180  }
5181  cleanup_iterator (&credentials);
5182  }
5183 
5184  g_ptr_array_add (preference_files, NULL);
5185 
5186  /* Send preferences for target "Alive Test", overriding config values. */
5187 
5188  if (send_alive_test_preferences (target))
5189  {
5190  array_free (preference_files);
5191  slist_free (files);
5192  g_warning ("%s: Failed to send OTP alive test preferences", __FUNCTION__);
5193  set_task_run_status (task, run_status);
5195  current_report = (report_t) 0;
5196  return -10;
5197  }
5198 
5199  /* Send network_targets preference. */
5200 
5201  hosts = target_hosts (target);
5202  assert (hosts);
5203  if (sendf_to_server ("network_targets <|> %s\n", hosts ? hosts : ""))
5204  {
5205  free (hosts);
5206  g_ptr_array_add (preference_files, NULL);
5207  array_free (preference_files);
5208  slist_free (files);
5209  g_warning ("%s: Failed to send OTP network_targets", __FUNCTION__);
5210  set_task_run_status (task, run_status);
5212  current_report = (report_t) 0;
5213  return -10;
5214  }
5215 
5216  /* End off preferences. */
5217 
5218  if (send_to_server ("<|> CLIENT\n"))
5219  {
5220  free (hosts);
5221  array_free (preference_files);
5222  slist_free (files);
5223  g_warning ("%s: Failed to send OTP CLIENT", __FUNCTION__);
5224  set_task_run_status (task, run_status);
5226  current_report = (report_t) 0;
5227  return -10;
5228  }
5229 
5230  /* Send any files stored in the config preferences. */
5231 
5232  {
5233  gchar *file;
5234  int index = 0;
5235  while ((file = g_ptr_array_index (preference_files, index)))
5236  {
5237  GSList *head;
5238  gchar *value;
5239 
5240  index++;
5241 
5242  /* Skip the file if the value of the preference is the name of a
5243  * file associated with the task. */
5244  value = g_ptr_array_index (preference_files, index);
5245  head = files;
5246  while (head)
5247  {
5248  if (strcmp (head->data, value) == 0)
5249  break;
5250  head = g_slist_next (head);
5251  }
5252 
5253  if (head == NULL && send_file (file, value))
5254  {
5255  free (hosts);
5256  array_free (preference_files);
5257  slist_free (files);
5258  g_warning ("%s: Failed to send an OTP file", __FUNCTION__);
5259  set_task_run_status (task, run_status);
5261  current_report = (report_t) 0;
5262  return -10;
5263  }
5264  index++;
5265  }
5266 
5267  array_free (preference_files);
5268  }
5269 
5270  /* Send any files. */
5271 
5272  while (files)
5273  {
5274  GSList *last = files;
5275  if (send_task_file (task, files->data))
5276  {
5277  free (hosts);
5278  slist_free (files);
5279  g_warning ("%s: Failed to send an OTP task file", __FUNCTION__);
5280  set_task_run_status (task, run_status);
5282  current_report = (report_t) 0;
5283  return -10;
5284  }
5285  files = g_slist_next (files);
5286  g_free (last->data);
5287  g_slist_free_1 (last);
5288  }
5289 
5290  /* Send the attack command. */
5291 
5292  /* Send all the hosts to the Scanner. When resuming a stopped task,
5293  * the hosts that have been completely scanned are excluded by being
5294  * included in exclude_hosts preference. */
5295  fail = sendf_to_server ("CLIENT <|> LONG_ATTACK <|>\n%d\n%s\n",
5296  strlen (hosts),
5297  hosts);
5298  free (hosts);
5299  if (fail)
5300  {
5301  g_warning ("%s: Failed to send OTP LONG_ATTACK", __FUNCTION__);
5302  set_task_run_status (task, run_status);
5304  current_report = (report_t) 0;
5305  return -10;
5306  }
5307 
5308  current_scanner_task = task;
5309 
5310  return 2;
5311 }
5312 
5334 static int
5335 run_task (const char *task_id, char **report_id, int from)
5336 {
5337  task_t task;
5338  scanner_t scanner;
5339  int ret;
5340  const char *permission;
5341 
5343  return -6;
5344 
5345  if (from == 0)
5346  permission = "start_task";
5347  else if (from == 1)
5348  permission = "resume_task";
5349  else
5350  {
5351  assert (0);
5352  permission = "internal_error";
5353  }
5354 
5355  task = 0;
5356  if (find_task_with_permission (task_id, &task, permission))
5357  return -1;
5358  if (task == 0)
5359  return 3;
5360 
5361  scanner = task_scanner (task);
5362  assert (scanner);
5363  ret = check_available ("scanner", scanner, "get_scanners");
5364  if (ret)
5365  return ret;
5366 
5367  if (scanner_type (scanner) == SCANNER_TYPE_CVE)
5368  return run_cve_task (task);
5369 
5370  if (scanner_type (scanner) == SCANNER_TYPE_OMP)
5371  return run_omp_task (task, scanner, from, report_id);
5372 
5373  if (scanner_type (scanner) != SCANNER_TYPE_OPENVAS)
5374  return run_osp_task (task);
5375 
5376  return run_otp_task (task, scanner, from, report_id);
5377 }
5378 
5398 int
5399 start_task (const char *task_id, char **report_id)
5400 {
5401  if (acl_user_may ("start_task") == 0)
5402  return 99;
5403 
5404  return run_task (task_id, report_id, 0);
5405 }
5406 
5407 static int
5408 stop_osp_task (task_t task)
5409 {
5410  osp_connection_t *connection;
5411  int ret = -1;
5412  char *scan_id;
5413 
5414  connection = osp_scanner_connect (task_scanner (task));
5415  if (!connection)
5416  goto end_stop_osp;
5417  scan_id = report_uuid (task_running_report (task));
5418  if (!scan_id)
5419  goto end_stop_osp;
5421  ret = osp_stop_scan (connection, scan_id, NULL);
5422  osp_connection_close (connection);
5423  g_free (scan_id);
5424 
5425 end_stop_osp:
5426  set_task_end_time_epoch (task, time (NULL));
5427  set_scan_end_time_epoch (current_report, time (NULL));
5430  if (ret)
5431  return -1;
5432  return 0;
5433 }
5434 
5446 int
5448 {
5449  task_status_t run_status;
5450 
5451  run_status = task_run_status (task);
5452  if (run_status == TASK_STATUS_REQUESTED
5453  || run_status == TASK_STATUS_RUNNING)
5454  {
5455  if (current_scanner_task == task)
5456  {
5457  scanner_t scanner = task_scanner (task);
5458 
5459  assert (scanner);
5460  switch (scanner_setup (scanner))
5461  {
5462  case 0:
5463  break;
5464  case 1:
5465  return -7;
5466  default:
5467  return -5;
5468  }
5471  return -5;
5472  if (send_to_server ("CLIENT <|> STOP_WHOLE_TEST <|> CLIENT\n"))
5473  return -1;
5474  }
5476  return 1;
5477  }
5478  else if (run_status == TASK_STATUS_DELETE_REQUESTED
5479  || run_status == TASK_STATUS_DELETE_WAITING
5480  || run_status == TASK_STATUS_DELETE_ULTIMATE_REQUESTED
5481  || run_status == TASK_STATUS_DELETE_ULTIMATE_WAITING
5482  || run_status == TASK_STATUS_STOP_REQUESTED
5483  || run_status == TASK_STATUS_STOP_WAITING)
5484  {
5485  scanner_t scanner;
5486 
5487  scanner = task_scanner (task);
5488  assert (scanner);
5489  if (scanner_type (scanner) == SCANNER_TYPE_OMP)
5490  {
5491  /* A special request from the user to get the task out of a requested
5492  * state when contact with the slave is lost. */
5494  return 1;
5495  }
5496  }
5497 
5498  return 0;
5499 }
5500 
5513 int
5514 stop_task (const char *task_id)
5515 {
5516  task_t task;
5517 
5518  if (acl_user_may ("stop_task") == 0)
5519  return 99;
5520 
5521  task = 0;
5522  if (find_task_with_permission (task_id, &task, "stop_task"))
5523  return -1;
5524  if (task == 0)
5525  return 3;
5526 
5527  if (config_type (task_config (task)) != 0)
5528  return stop_osp_task (task);
5529 
5530  return stop_task_internal (task);
5531 }
5532 
5542 int
5543 resume_task (const char *task_id, char **report_id)
5544 {
5545  task_t task;
5546  task_status_t run_status;
5547 
5548  if (acl_user_may ("resume_task") == 0)
5549  return 99;
5550 
5551  task = 0;
5552  if (find_task_with_permission (task_id, &task, "resume_task"))
5553  return -1;
5554  if (task == 0)
5555  return 3;
5556 
5557  run_status = task_run_status (task);
5558  if (run_status == TASK_STATUS_STOPPED)
5559  return run_task (task_id, report_id, 1);
5560  return 22;
5561 }
5562 
5575 int
5576 move_task (const char *task_id, const char *slave_id)
5577 {
5578  task_t task;
5579  int task_scanner_type, slave_scanner_type;
5580  scanner_t slave, scanner;
5581  task_status_t status;
5582  int should_resume_task = 0;
5583 
5584  if (task_id == NULL)
5585  return -1;
5586  if (slave_id == NULL)
5587  return -1;
5588 
5589  if (acl_user_may ("modify_task") == 0)
5590  return 99;
5591 
5592  /* Find the task. */
5593 
5594  if (find_task_with_permission (task_id, &task, "get_tasks"))
5595  return -1;
5596  if (task == 0)
5597  return 2;
5598 
5599  /* Make sure destination scanner supports slavery. */
5600 
5601  if (strcmp (slave_id, "") == 0)
5602  slave_id = SCANNER_UUID_DEFAULT;
5603 
5604  if (find_scanner_with_permission (slave_id, &slave, "get_scanners"))
5605  return -1;
5606  if (slave == 0)
5607  return 3;
5608 
5609  slave_scanner_type = scanner_type (slave);
5610  if (slave_scanner_type != SCANNER_TYPE_OPENVAS
5611  && slave_scanner_type != SCANNER_TYPE_OMP)
5612  return 7;
5613 
5614  /* Make sure current scanner supports slavery. */
5615 
5616  scanner = task_scanner (task);
5617  if (scanner == 0)
5618  return -1;
5619 
5620  task_scanner_type = scanner_type (scanner);
5621  if (task_scanner_type != SCANNER_TYPE_OPENVAS
5622  && task_scanner_type != SCANNER_TYPE_OMP)
5623  return 4;
5624 
5625  /* Stop task if required. */
5626 
5627  status = task_run_status (task);
5628 
5629  switch (status)
5630  {
5635  case TASK_STATUS_REQUESTED:
5636  // Task cannot be stopped now
5637  return 5;
5638  break;
5639  case TASK_STATUS_RUNNING:
5640  if (task_scanner_type == SCANNER_TYPE_CVE)
5641  return 6;
5642  // Check permissions to stop and resume task
5643  if (acl_user_has_access_uuid ("task", task_id, "stop_task", 0)
5644  && acl_user_has_access_uuid ("task", task_id, "resume_task", 0))
5645  {
5646  // Stop the task, wait and resume after changes
5647  stop_task_internal (task);
5648  should_resume_task = 1;
5649 
5650  status = task_run_status (task);
5651  while (status == TASK_STATUS_STOP_REQUESTED
5653  || status == TASK_STATUS_STOP_WAITING)
5654  {
5655  sleep (5);
5656  status = task_run_status (task);
5657  }
5658  }
5659  else
5660  return 98;
5661  break;
5665  while (status == TASK_STATUS_STOP_REQUESTED
5667  || status == TASK_STATUS_STOP_WAITING)
5668  {
5669  sleep (5);
5670  status = task_run_status (task);
5671  }
5672  break;
5673  default:
5674  break;
5675  }
5676 
5677  /* Update scanner. */
5678 
5679  set_task_scanner (task, slave);
5680 
5681  /* Resume task if required. */
5682 
5683  if (should_resume_task)
5684  {
5685  pid_t pid = getpid ();
5686 
5687  resume_task (task_id, NULL);
5688 
5689  if (getpid () != pid)
5690  return 1;
5691  }
5692 
5693  return 0;
5694 }
5695 
5696 
5697 /* OTP Scanner messaging. */
5698 
5704 int
5706 {
5707  if (send_to_server ("CLIENT <|> BYE <|> ACK\n"))
5708  return -1;
5709  return 0;
5710 }
5711 
5718 int
5720 {
5721  if (send_to_server ("CLIENT <|> COMPLETE_LIST <|> CLIENT\n"))
5722  return -1;
5723  return 0;
5724 }
5725 
5732 int
5734 {
5736  {
5737  task_status_t run_status;
5738 
5739  /* Commit pending transaction if needed. */
5740  manage_transaction_stop (FALSE);
5741 
5742  /* Check if some other process changed the status. */
5743 
5744  run_status = task_run_status (current_scanner_task);
5745  switch (run_status)
5746  {
5748  /* This should only happen for slave tasks. */
5749  assert (0);
5751  if (send_to_server ("CLIENT <|> STOP_WHOLE_TEST <|> CLIENT\n"))
5752  return -1;
5755  return 1;
5756  break;
5758  if (send_to_server ("CLIENT <|> STOP_WHOLE_TEST <|> CLIENT\n"))
5759  return -1;
5762  return 1;
5763  break;
5765  if (send_to_server ("CLIENT <|> STOP_WHOLE_TEST <|> CLIENT\n"))
5766  return -1;
5769  return 1;
5770  break;
5773  case TASK_STATUS_DONE:
5774  case TASK_STATUS_NEW:
5775  case TASK_STATUS_REQUESTED:
5776  case TASK_STATUS_RUNNING:
5778  case TASK_STATUS_STOPPED:
5780  break;
5781  }
5782  }
5783  return 0;
5784 }
5785 
5786 
5787 /* Credentials. */
5788 
5796 const char*
5797 credential_full_type (const char* abbreviation)
5798 {
5799  if (abbreviation == NULL)
5800  return NULL;
5801  else if (strcasecmp (abbreviation, "cc") == 0)
5802  return "client certificate";
5803  else if (strcasecmp (abbreviation, "snmp") == 0)
5804  return "SNMP";
5805  else if (strcasecmp (abbreviation, "up") == 0)
5806  return "username + password";
5807  else if (strcasecmp (abbreviation, "usk") == 0)
5808  return "username + SSH key";
5809  else
5810  return abbreviation;
5811 }
5812 
5813 
5814 /* System reports. */
5815 
5828 static int
5829 get_slave_system_report_types (const char *required_type, gchar ***start,
5830  gchar ***types, const char *slave_id)
5831 {
5832  scanner_t slave = 0;
5833  char *host, **end;
5834  int port, socket;
5835  gnutls_session_t session;
5836  entity_t get, report;
5837  entities_t reports;
5838  int ret = -1;
5839 
5840  if (find_scanner (slave_id, &slave))
5841  return -1;
5842  if (slave == 0)
5843  return 2;
5844 
5845  host = scanner_host (slave);
5846  if (host == NULL) return -1;
5847 
5848  g_debug (" %s: host: %s\n", __FUNCTION__, host);
5849 
5850  port = scanner_port (slave);
5851  if (port == -1)
5852  {
5853  free (host);
5854  return -1;
5855  }
5856 
5857  socket = openvas_server_open (&session, host, port);
5858  free (host);
5859  if (socket == -1) return 4;
5860 
5861  g_debug (" %s: connected\n", __FUNCTION__);
5862 
5863  /* Authenticate using the slave login. */
5864 
5865  if (slave_authenticate (&session, slave))
5866  {
5867  ret = 5;
5868  goto fail;
5869  }
5870 
5871  g_debug (" %s: authenticated\n", __FUNCTION__);
5872 
5873  if (omp_get_system_reports (&session, required_type, 1, &get))
5874  {
5875  ret = 6;
5876  goto fail;
5877  }
5878 
5879  openvas_server_close (socket, session);
5880 
5881  reports = get->entities;
5882  end = *types = *start = g_malloc ((xml_count_entities (reports) + 1)
5883  * sizeof (gchar*));
5884  while ((report = first_entity (reports)))
5885  {
5886  if (strcmp (entity_name (report), "system_report") == 0)
5887  {
5888  entity_t name, title;
5889  gchar *pair;
5890  char *name_text, *title_text;
5891  name = entity_child (report, "name");
5892  title = entity_child (report, "title");
5893  if (name == NULL || title == NULL)
5894  {
5895  *end = NULL;
5896  g_strfreev (*start);
5897  free_entity (get);
5898  return -1;
5899  }
5900  name_text = entity_text (name);
5901  title_text = entity_text (title);
5902  *end = pair = g_malloc (strlen (name_text) + strlen (title_text) + 2);
5903  strcpy (pair, name_text);
5904  pair += strlen (name_text) + 1;
5905  strcpy (pair, title_text);
5906  end++;
5907  }
5908  reports = next_entities (reports);
5909  }
5910  *end = NULL;
5911 
5912  free_entity (get);
5913 
5914  return 0;
5915 
5916  fail:
5917  openvas_server_close (socket, session);
5918  return ret;
5919 }
5920 
5924 #define COMMAND "openvasmr 0 titles"
5925 
5939 static int
5940 get_system_report_types (const char *required_type, gchar ***start,
5941  gchar ***types, const char *slave_id)
5942 {
5943  gchar *astdout = NULL;
5944  gchar *astderr = NULL;
5945  GError *err = NULL;
5946  gint exit_status;
5947 
5948  if (slave_id && strcmp (slave_id, "0"))
5949  return get_slave_system_report_types (required_type, start, types,
5950  slave_id);
5951 
5952  g_debug (" command: " COMMAND);
5953 
5954  if ((g_spawn_command_line_sync (COMMAND,
5955  &astdout,
5956  &astderr,
5957  &exit_status,
5958  &err)
5959  == FALSE)
5960  || (WIFEXITED (exit_status) == 0)
5961  || WEXITSTATUS (exit_status))
5962  {
5963  g_debug ("%s: openvasmr failed with %d", __FUNCTION__, exit_status);
5964  g_debug ("%s: stdout: %s", __FUNCTION__, astdout);
5965  g_debug ("%s: stderr: %s", __FUNCTION__, astderr);
5966  g_free (astdout);
5967  g_free (astderr);
5968  *start = *types = g_malloc0 (sizeof (gchar*) * 2);
5969  (*start)[0] = g_strdup ("fallback Fallback Report");
5970  (*start)[0][strlen ("fallback")] = '\0';
5971  return 3;
5972  }
5973  if (astdout)
5974  {
5975  char **type;
5976  *start = *types = type = g_strsplit (g_strchomp (astdout), "\n", 0);
5977  while (*type)
5978  {
5979  char *space;
5980  space = strchr (*type, ' ');
5981  if (space == NULL)
5982  {
5983  g_strfreev (*types);
5984  *types = NULL;
5985  g_free (astdout);
5986  g_free (astderr);
5987  return -1;
5988  }
5989  *space = '\0';
5990  if (required_type && (strcmp (*type, required_type) == 0))
5991  {
5992  char **next;
5993  /* Found the single given type. */
5994  next = type + 1;
5995  while (*next)
5996  {
5997  free (*next);
5998  next++;
5999  }
6000  next = type + 1;
6001  *next = NULL;
6002  *types = type;
6003  g_free (astdout);
6004  g_free (astderr);
6005  return 0;
6006  }
6007  type++;
6008  }
6009  if (required_type)
6010  {
6011  /* Failed to find the single given type. */
6012  g_free (astdout);
6013  g_free (astderr);
6014  g_strfreev (*types);
6015  return 1;
6016  }
6017  }
6018  else
6019  *start = *types = g_malloc0 (sizeof (gchar*));
6020 
6021  g_free (astdout);
6022  g_free (astderr);
6023  return 0;
6024 }
6025 
6026 #undef COMMAND
6027 
6040 int
6042  const char* type,
6043  const char* slave_id)
6044 {
6045  int ret;
6046 
6047  if (acl_user_may ("get_system_reports") == 0)
6048  return 99;
6049 
6050  ret = get_system_report_types (type, &iterator->start, &iterator->current,
6051  slave_id);
6052  if (ret == 0 || ret == 3)
6053  {
6054  iterator->current--;
6055  return ret;
6056  }
6057  return ret;
6058 }
6059 
6065 void
6067 {
6068  g_strfreev (iterator->start);
6069 }
6070 
6080 gboolean
6082 {
6083  iterator->current++;
6084  if (*iterator->current == NULL) return FALSE;
6085  return TRUE;
6086 }
6087 
6095 const char*
6097 {
6098  return (const char*) *iterator->current;
6099 }
6100 
6108 const char*
6110 {
6111  const char *name = *iterator->current;
6112  return name + strlen (name) + 1;
6113 }
6114 
6131 static int
6132 slave_system_report (const char *name, const char *duration,
6133  const char *start_time, const char *end_time,
6134  const char *slave_id, char **report)
6135 {
6136  scanner_t slave = 0;
6137  char *host;
6138  int port, socket;
6139  gnutls_session_t session;
6140  entity_t get, entity;
6141  entities_t reports;
6142  omp_get_system_reports_opts_t opts;
6143  int ret = -1;
6144 
6145  if (find_scanner (slave_id, &slave))
6146  return -1;
6147  if (slave == 0)
6148  return 2;
6149 
6150  host = scanner_host (slave);
6151  if (host == NULL) return -1;
6152 
6153  g_debug (" %s: host: %s\n", __FUNCTION__, host);
6154 
6155  port = scanner_port (slave);
6156  if (port == -1)
6157  {
6158  free (host);
6159  return -1;
6160  }
6161 
6162  socket = openvas_server_open (&session, host, port);
6163  free (host);
6164  if (socket == -1) return 4;
6165 
6166  g_debug (" %s: connected\n", __FUNCTION__);
6167 
6168  /* Authenticate using the slave login. */
6169 
6170  if (slave_authenticate (&session, slave))
6171  {
6172  ret = 5;
6173  goto fail;
6174  }
6175 
6176  g_debug (" %s: authenticated\n", __FUNCTION__);
6177 
6178  opts = omp_get_system_reports_opts_defaults;
6179  opts.name = name;
6180  opts.duration = duration;
6181  opts.start_time = start_time;
6182  opts.end_time = end_time;
6183  opts.brief = 0;
6184 
6185  if (omp_get_system_reports_ext (&session, opts, &get))
6186  {
6187  ret = 6;
6188  goto fail;
6189  }
6190 
6191  openvas_server_close (socket, session);
6192 
6193  reports = get->entities;
6194  if ((entity = first_entity (reports))
6195  && (strcmp (entity_name (entity), "system_report") == 0))
6196  {
6197  entity = entity_child (entity, "report");
6198  if (entity)
6199  {
6200  *report = g_strdup (entity_text (entity));
6201  return 0;
6202  }
6203  }
6204 
6205  free_entity (get);
6206  g_warning (" %s: error getting entity\n", __FUNCTION__);
6207  return 6;
6208 
6209  fail:
6210  openvas_server_close (socket, session);
6211  return ret;
6212 }
6213 
6217 #define FALLBACK_SYSTEM_REPORT_HEADER \
6218 "This is the most basic, fallback report. The system can be configured to\n" \
6219 "produce more powerful reports. Please contact your system administrator\n" \
6220 "for more information.\n\n"
6221 
6222 #define DEFAULT_DURATION 86400L
6223 
6239 int
6240 manage_system_report (const char *name, const char *duration,
6241  const char *start_time, const char *end_time,
6242  const char *slave_id, char **report)
6243 {
6244  gchar *astdout = NULL;
6245  gchar *astderr = NULL;
6246  GError *err = NULL;
6247  gint exit_status;
6248  gchar *command;
6249  time_t start_time_num, end_time_num, duration_num;
6250  start_time_num = 0;
6251  end_time_num = 0;
6252  duration_num = 0;
6253 
6254  assert (name);
6255 
6256  if (duration && strcmp (duration, ""))
6257  {
6258  duration_num = atol (duration);
6259  if (duration_num == 0)
6260  return manage_system_report ("blank", NULL, NULL, NULL,
6261  NULL, report);
6262  }
6263  if (start_time && strcmp (start_time, ""))
6264  {
6265  start_time_num = parse_iso_time (start_time);
6266  if (start_time_num == 0)
6267  return manage_system_report ("blank", NULL, NULL, NULL,
6268  NULL, report);
6269  }
6270  if (end_time && strcmp (end_time, ""))
6271  {
6272  end_time_num = parse_iso_time (end_time);
6273  if (end_time_num == 0)
6274  return manage_system_report ("blank", NULL, NULL, NULL,
6275  NULL, report);
6276  }
6277 
6278  if (slave_id && strcmp (slave_id, "0"))
6279  return slave_system_report (name, duration, start_time, end_time,
6280  slave_id, report);
6281 
6282  /* For simplicity, it's up to the command to do the base64 encoding. */
6283  if (start_time && strcmp (start_time, ""))
6284  {
6285  if (end_time && strcmp (end_time, ""))
6286  {
6287  command = g_strdup_printf ("openvasmr %ld %ld %s",
6288  start_time_num,
6289  end_time_num,
6290  name);
6291  }
6292  else if (duration && strcmp (duration, ""))
6293  {
6294  command = g_strdup_printf ("openvasmr %ld %ld %s",
6295  start_time_num,
6296  start_time_num + duration_num,
6297  name);
6298  }
6299  else
6300  {
6301  command = g_strdup_printf ("openvasmr %ld %ld %s",
6302  start_time_num,
6303  start_time_num + DEFAULT_DURATION,
6304  name);
6305  }
6306  }
6307  else if (end_time && strcmp (end_time, ""))
6308  {
6309  if (duration && strcmp (duration, ""))
6310  {
6311  command = g_strdup_printf ("openvasmr %ld %ld %s",
6312  end_time_num - duration_num,
6313  end_time_num,
6314  name);
6315  }
6316  else
6317  {
6318  command = g_strdup_printf ("openvasmr %ld %ld %s",
6319  end_time_num - DEFAULT_DURATION,
6320  end_time_num,
6321  name);
6322  }
6323  }
6324  else
6325  {
6326  if (duration && strcmp (duration, ""))
6327  {
6328  command = g_strdup_printf ("openvasmr %ld %s",
6329  duration_num,
6330  name);
6331  }
6332  else
6333  {
6334  command = g_strdup_printf ("openvasmr %ld %s",
6336  name);
6337  }
6338  }
6339 
6340  g_debug (" command: %s", command);
6341 
6342  if ((g_spawn_command_line_sync (command,
6343  &astdout,
6344  &astderr,
6345  &exit_status,
6346  &err)
6347  == FALSE)
6348  || (WIFEXITED (exit_status) == 0)
6349  || WEXITSTATUS (exit_status))
6350  {
6351  int ret;
6352  double load[3];
6353  GError *get_error;
6354  gchar *output;
6355  gsize output_len;
6356  GString *buffer;
6357 
6358  g_debug ("%s: openvasmr failed with %d", __FUNCTION__, exit_status);
6359  g_debug ("%s: stdout: %s", __FUNCTION__, astdout);
6360  g_debug ("%s: stderr: %s", __FUNCTION__, astderr);
6361  g_free (astdout);
6362  g_free (astderr);
6363  g_free (command);
6364 
6365  buffer = g_string_new (FALLBACK_SYSTEM_REPORT_HEADER);
6366 
6367  ret = getloadavg (load, 3);
6368  if (ret == 3)
6369  {
6370  g_string_append_printf (buffer,
6371  "Load average for past minute: %.1f\n",
6372  load[0]);
6373  g_string_append_printf (buffer,
6374  "Load average for past 5 minutes: %.1f\n",
6375  load[1]);
6376  g_string_append_printf (buffer,
6377  "Load average for past 15 minutes: %.1f\n",
6378  load[2]);
6379  }
6380  else
6381  g_string_append (buffer, "Error getting load averages.\n");
6382 
6383  get_error = NULL;
6384  g_file_get_contents ("/proc/meminfo",
6385  &output,
6386  &output_len,
6387  &get_error);
6388  if (get_error)
6389  g_error_free (get_error);
6390  else
6391  {
6392  gchar *safe;
6393  g_string_append (buffer, "\n/proc/meminfo:\n\n");
6394  safe = g_markup_escape_text (output, strlen (output));
6395  g_free (output);
6396  g_string_append (buffer, safe);
6397  g_free (safe);
6398  }
6399 
6400  *report = g_string_free (buffer, FALSE);
6401  return 3;
6402  }
6403  g_free (astderr);
6404  g_free (command);
6405  if (astdout == NULL || strlen (astdout) == 0)
6406  {
6407  g_free (astdout);
6408  if (strcmp (name, "blank") == 0)
6409  return -1;
6410  return manage_system_report ("blank", NULL, NULL, NULL,
6411  NULL, report);
6412  }
6413  else
6414  *report = astdout;
6415  return 0;
6416 }
6417 
6418 
6419 /* Scheduling. */
6420 
6427 
6432 gchar* schedule_user_uuid = NULL;
6433 
6439 void
6440 manage_auth_allow_all (int scheduled)
6441 {
6442  authenticate_allow_all = scheduled ? 1 : 2;
6443 }
6444 
6450 gchar*
6452 {
6453  return schedule_user_uuid;
6454 }
6455 
6461 void
6463 {
6465 }
6466 
6480 int
6481 manage_schedule (int (*fork_connection) (openvas_connection_t *, gchar *),
6482  gboolean run_tasks,
6483  sigset_t *sigmask_current)
6484 {
6485  iterator_t schedules;
6486  GSList *starts = NULL, *stops = NULL;
6487  int ret;
6488  task_t previous_start_task = 0;
6489  task_t previous_stop_task = 0;
6490 
6491  ret = manage_update_nvti_cache ();
6492  if (ret)
6493  {
6494  if (ret == -1)
6495  {
6496  g_warning ("%s: manage_update_nvti_cache error"
6497  " (Perhaps the db went down?)",
6498  __FUNCTION__);
6499  /* Just ignore, in case the db went down temporarily. */
6500  return 0;
6501  }
6502 
6503  return ret;
6504  }
6505 
6506  if (run_tasks == 0)
6507  return 0;
6508 
6509  /* Assemble "starts" and "stops" list containing task uuid and owner name
6510  * for each (scheduled) task to start or stop. */
6511 
6512  ret = init_task_schedule_iterator (&schedules);
6513  if (ret)
6514  {
6515  if (ret == -1)
6516  {
6517  g_warning ("%s: iterator init error"
6518  " (Perhaps the db went down?)",
6519  __FUNCTION__);
6520  /* Just ignore, in case the db went down temporarily. */
6521  return 0;
6522  }
6523 
6524  return ret;
6525  }
6526  /* This iterator runs in an exclusive transaction, so this loop is atomic. */
6527  while (next (&schedules))
6528  if (task_schedule_iterator_start_due (&schedules))
6529  {
6530  time_t first_time, period, period_months;
6531  const char* timezone;
6532  int timed_out;
6533 
6534  /* Check if task schedule is timed out before updating next due time */
6535  timed_out = task_schedule_iterator_timed_out (&schedules);
6536 
6537  /* Update the task schedule info to prevent multiple schedules. */
6538 
6539  first_time = task_schedule_iterator_first_time (&schedules);
6540  period = task_schedule_iterator_period (&schedules);
6541  period_months = task_schedule_iterator_period_months (&schedules);
6542  timezone = task_schedule_iterator_timezone (&schedules);
6543 
6545  (task_schedule_iterator_task (&schedules),
6546  next_time (first_time, period, period_months, timezone, 0));
6547 
6548  /* Skip this task if it was already added to the starts list
6549  * to avoid conflicts between multiple users with permissions.
6550  */
6551 
6552  if (previous_start_task == task_schedule_iterator_task (&schedules))
6553  continue;
6554 
6555  if (timed_out)
6556  {
6557  g_message (" %s: Task timed out: %s",
6558  __FUNCTION__,
6559  task_schedule_iterator_task_uuid (&schedules));
6560  continue;
6561  }
6562 
6563  previous_start_task = task_schedule_iterator_task (&schedules);
6564 
6565  /* Add task UUID and owner name and UUID to the list. */
6566 
6567  starts = g_slist_prepend
6568  (starts,
6569  g_strdup (task_schedule_iterator_task_uuid (&schedules)));
6570  starts = g_slist_prepend
6571  (starts,
6572  g_strdup (task_schedule_iterator_owner_uuid (&schedules)));
6573  starts = g_slist_prepend
6574  (starts,
6575  g_strdup (task_schedule_iterator_owner_name (&schedules)));
6576  }
6577  else if (task_schedule_iterator_stop_due (&schedules))
6578  {
6579  /* Skip this task if it was already added to the stops list
6580  * to avoid conflicts between multiple users with permissions.
6581  */
6582 
6583  if (previous_stop_task == task_schedule_iterator_task (&schedules))
6584  continue;
6585  previous_stop_task = task_schedule_iterator_task (&schedules);
6586 
6587  /* Add task UUID and owner name and UUID to the list. */
6588 
6589  stops = g_slist_prepend
6590  (stops,
6591  g_strdup (task_schedule_iterator_task_uuid (&schedules)));
6592  stops = g_slist_prepend
6593  (stops,
6594  g_strdup (task_schedule_iterator_owner_uuid (&schedules)));
6595  stops = g_slist_prepend
6596  (stops,
6597  g_strdup (task_schedule_iterator_owner_name (&schedules)));
6598  }
6599  cleanup_task_schedule_iterator (&schedules);
6600 
6601  /* Start tasks in forked processes, now that the SQL statement is closed. */
6602 
6603  while (starts)
6604  {
6605  int pid;
6606  openvas_connection_t connection;
6607  gchar *task_uuid, *owner, *owner_uuid;
6608  GSList *head;
6609  omp_authenticate_info_opts_t auth_opts;
6610 
6611  owner = starts->data;
6612  assert (starts->next);
6613  owner_uuid = starts->next->data;
6614  assert (starts->next->next);
6615  task_uuid = starts->next->next->data;
6616 
6617  head = starts;
6618  starts = starts->next->next->next;
6619  g_slist_free_1 (head->next->next);
6620  g_slist_free_1 (head->next);
6621  g_slist_free_1 (head);
6622 
6623  /* Fork a child to start the task and wait for the response, so that the
6624  * parent can return to the main loop. */
6625 
6626  pid = fork ();
6627  switch (pid)
6628  {
6629  case 0:
6630  /* Child. Carry on to start the task, reopen the database (required
6631  * after fork). */
6632 
6633  /* Restore the sigmask that was blanked for pselect. */
6634  pthread_sigmask (SIG_SETMASK, sigmask_current, NULL);
6635 
6638  while (starts)
6639  {
6640  g_free (starts->data);
6641  starts = g_slist_delete_link (starts, starts);
6642  }
6643  break;
6644 
6645  case -1:
6646  /* Parent on error. Reschedule and continue to next task. */
6647  g_warning ("%s: fork failed\n", __FUNCTION__);
6648  reschedule_task (task_uuid);
6649  g_free (task_uuid);
6650  g_free (owner);
6651  g_free (owner_uuid);
6652  continue;
6653 
6654  default:
6655  /* Parent. Continue to next task. */
6656  g_debug ("%s: %i forked %i", __FUNCTION__, getpid (), pid);
6657  g_free (task_uuid);
6658  g_free (owner);
6659  g_free (owner_uuid);
6660  continue;
6661 
6662  }
6663 
6664  /* Run the callback to fork a child connected to the Manager. */
6665 
6666  pid = fork_connection (&connection, owner_uuid);
6667  switch (pid)
6668  {
6669  case 0:
6670  /* Child. Break, start task, exit. */
6671  g_free (owner_uuid);
6672  break;
6673 
6674  case -1:
6675  /* Parent on error. */
6676  g_warning ("%s: fork_connection failed\n", __FUNCTION__);
6677  reschedule_task (task_uuid);
6678  g_free (task_uuid);
6679  g_free (owner);
6680  g_free (owner_uuid);
6681  exit (EXIT_FAILURE);
6682  break;
6683 
6684  default:
6685  {
6686  int status;
6687 
6688  /* Parent. Wait for child, to check return. */
6689 
6690  g_debug ("%s: %i fork_connectioned %i",
6691  __FUNCTION__, getpid (), pid);
6692 
6693  g_free (owner);
6694  g_free (owner_uuid);
6695 
6696  if (signal (SIGCHLD, SIG_DFL) == SIG_ERR)
6697  g_warning ("%s: failed to set SIGCHLD", __FUNCTION__);
6698  while (waitpid (pid, &status, 0) < 0)
6699  {
6700  if (errno == ECHILD)
6701  {
6702  g_warning ("%s: Failed to get child exit,"
6703  " so task '%s' may not have been scheduled",
6704  __FUNCTION__,
6705  task_uuid);
6706  g_free (task_uuid);
6707  exit (EXIT_FAILURE);
6708  }
6709  if (errno == EINTR)
6710  continue;
6711  g_warning ("%s: waitpid: %s",
6712  __FUNCTION__,
6713  strerror (errno));
6714  g_warning ("%s: As a result, task '%s' may not have been"
6715  " scheduled",
6716  __FUNCTION__,
6717  task_uuid);
6718  g_free (task_uuid);
6719  exit (EXIT_FAILURE);
6720  }
6721  if (WIFEXITED (status))
6722  switch (WEXITSTATUS (status))
6723  {
6724  case EXIT_SUCCESS:
6725  {
6726  schedule_t schedule;
6727  int periods;
6728 
6729  /* Child succeeded. */
6730 
6731  schedule = task_schedule_uuid (task_uuid);
6732  if (schedule
6733  && schedule_period (schedule) == 0
6734  && schedule_duration (schedule) == 0
6735  /* Check next time too, in case the user changed
6736  * the schedule after this task was added to the
6737  * "starts" list. */
6738  && task_schedule_next_time_uuid (task_uuid) == 0)
6739  /* A once-off schedule without a duration, remove
6740  * it from the task. If it has a duration it
6741  * will be removed below, after the duration. */
6742  set_task_schedule_uuid (task_uuid, 0, 0);
6743  else if ((periods = task_schedule_periods_uuid
6744  (task_uuid)))
6745  {
6746  /* A task restricted to a certain number of
6747  * scheduled runs. */
6748  if (periods > 1)
6749  {
6750  set_task_schedule_periods (task_uuid,
6751  periods - 1);
6752  }
6753  else if (periods == 1
6754  && schedule_duration (schedule) == 0)
6755  {
6756  /* Last run of a task restricted to a certain
6757  * number of scheduled runs. */
6758  set_task_schedule_uuid (task_uuid, 0, 1);
6759  }
6760  else if (periods == 1)
6761  /* Flag that the task has started, for
6762  * update_duration_schedule_periods. */
6763  set_task_schedule_next_time_uuid (task_uuid, 0);
6764  }
6765  }
6766  g_free (task_uuid);
6767  exit (EXIT_SUCCESS);
6768 
6769  case EXIT_FAILURE:
6770  default:
6771  break;
6772  }
6773 
6774  /* Child failed, reset task schedule time and exit. */
6775 
6776  g_warning ("%s: child failed\n", __FUNCTION__);
6777  reschedule_task (task_uuid);
6778  g_free (task_uuid);
6779 
6780  exit (EXIT_FAILURE);
6781  }
6782  }
6783 
6784  /* Start the task. */
6785 
6786  auth_opts = omp_authenticate_info_opts_defaults;
6787  auth_opts.username = owner;
6788  if (omp_authenticate_info_ext_c (&connection, auth_opts))
6789  {
6790  g_warning ("%s: omp_authenticate failed", __FUNCTION__);
6791  g_free (task_uuid);
6792  g_free (owner);
6793  openvas_connection_free (&connection);
6794  exit (EXIT_FAILURE);
6795  }
6796 
6797  g_free (owner);
6798 
6799  if (omp_resume_task_report_c (&connection, task_uuid, NULL))
6800  {
6801  if (omp_start_task_report_c (&connection, task_uuid, NULL))
6802  {
6803  g_warning ("%s: omp_start_task and omp_resume_task failed", __FUNCTION__);
6804  g_free (task_uuid);
6805  openvas_connection_free (&connection);
6806  exit (EXIT_FAILURE);
6807  }
6808  }
6809 
6810  g_free (task_uuid);
6811  openvas_connection_free (&connection);
6812  exit (EXIT_SUCCESS);
6813  }
6814 
6815  /* Stop tasks in forked processes, now that the SQL statement is closed. */
6816 
6817  while (stops)
6818  {
6819  openvas_connection_t connection;
6820  gchar *task_uuid, *owner, *owner_uuid;
6821  GSList *head;
6822  omp_authenticate_info_opts_t auth_opts;
6823 
6824  owner = stops->data;
6825  assert (stops->next);
6826  owner_uuid = stops->next->data;
6827  assert (stops->next->next);
6828  task_uuid = stops->next->next->data;
6829 
6830  head = stops;
6831  stops = stops->next->next->next;
6832  g_slist_free_1 (head->next->next);
6833  g_slist_free_1 (head->next);
6834  g_slist_free_1 (head);
6835 
6836  /* TODO As with starts above, this should retry if the stop failed. */
6837 
6838  /* Run the callback to fork a child connected to the Manager. */
6839 
6840  switch (fork_connection (&connection, owner_uuid))
6841  {
6842  case 0:
6843  /* Child. Break, stop task, exit. */
6844  while (stops)
6845  {
6846  g_free (stops->data);
6847  stops = g_slist_delete_link (stops, stops);
6848  }
6849  break;
6850 
6851  case -1:
6852  /* Parent on error. */
6853  g_free (task_uuid);
6854  g_free (owner);
6855  g_free (owner_uuid);
6856  while (stops)
6857  {
6858  g_free (stops->data);
6859  stops = g_slist_delete_link (stops, stops);
6860  }
6861  g_warning ("%s: stop fork failed\n", __FUNCTION__);
6862  return -1;
6863  break;
6864 
6865  default:
6866  /* Parent. Continue to next task. */
6867  g_free (task_uuid);
6868  g_free (owner);
6869  g_free (owner_uuid);
6870  continue;
6871  break;
6872  }
6873 
6874  /* Stop the task. */
6875 
6876  auth_opts = omp_authenticate_info_opts_defaults;
6877  auth_opts.username = owner;
6878  if (omp_authenticate_info_ext_c (&connection, auth_opts))
6879  {
6880  g_free (task_uuid);
6881  g_free (owner);
6882  g_free (owner_uuid);
6883  openvas_connection_free (&connection);
6884  exit (EXIT_FAILURE);
6885  }
6886 
6887  if (omp_stop_task_c (&connection, task_uuid))
6888  {
6889  g_free (task_uuid);
6890  g_free (owner);
6891  g_free (owner_uuid);
6892  openvas_connection_free (&connection);
6893  exit (EXIT_FAILURE);
6894  }
6895 
6896  g_free (task_uuid);
6897  g_free (owner);
6898  g_free (owner_uuid);
6899  openvas_connection_free (&connection);
6900  exit (EXIT_SUCCESS);
6901  }
6902 
6905 
6907 
6908  return 0;
6909 }
6910 
6916 int
6918 {
6919  return schedule_timeout;
6920 }
6921 
6927 void
6928 set_schedule_timeout (int new_timeout)
6929 {
6930  if (new_timeout < 0)
6931  schedule_timeout = -1;
6932  else
6933  schedule_timeout = new_timeout;
6934 }
6935 
6936 
6937 /* Report formats. */
6938 
6946 const char *
6948 {
6949  switch (type)
6950  {
6952  return "boolean";
6954  return "integer";
6956  return "selection";
6958  return "string";
6960  return "text";
6962  return "report_format_list";
6963  default:
6964  assert (0);
6966  return "ERROR";
6967  }
6968 }
6969 
6979 {
6980  if (strcmp (name, "boolean") == 0)
6982  if (strcmp (name, "integer") == 0)
6984  if (strcmp (name, "selection") == 0)
6986  if (strcmp (name, "string") == 0)
6988  if (strcmp (name, "text") == 0)
6990  if (strcmp (name, "report_format_list") == 0)
6993 }
6994 
7000 static int
7001 backup_file_name (const char *name)
7002 {
7003  int length = strlen (name);
7004 
7005  if (length && (name[length - 1] == '~'))
7006  return 1;
7007 
7008  if ((length > 3)
7009  && (name[length - 4] == '.'))
7010  return ((name[length - 3] == 'b')
7011  && (name[length - 2] == 'a')
7012  && (name[length - 1] == 'k'))
7013  || ((name[length - 3] == 'B')
7014  && (name[length - 2] == 'A')
7015  && (name[length - 1] == 'K'))
7016  || ((name[length - 3] == 'C')
7017  && (name[length - 2] == 'K')
7018  && (name[length - 1] == 'P'));
7019 
7020  return 0;
7021 }
7022 
7031 static int
7032 get_report_format_files (const char *dir_name, GPtrArray **start)
7033 {
7034  GPtrArray *files;
7035  struct dirent **names;
7036  int n, index;
7037  char *locale;
7038 
7039  files = g_ptr_array_new ();
7040 
7041  locale = setlocale (LC_ALL, "C");
7042  n = scandir (dir_name, &names, NULL, alphasort);
7043  setlocale (LC_ALL, locale);
7044  if (n < 0)
7045  {
7046  g_warning ("%s: failed to open dir %s: %s\n",
7047  __FUNCTION__,
7048  dir_name,
7049  strerror (errno));
7050  return -1;
7051  }
7052 
7053  for (index = 0; index < n; index++)
7054  {
7055  if (strcmp (names[index]->d_name, ".")
7056  && strcmp (names[index]->d_name, "..")
7057  && (backup_file_name (names[index]->d_name) == 0))
7058  g_ptr_array_add (files, g_strdup (names[index]->d_name));
7059  free (names[index]);
7060  }
7061  free (names);
7062 
7063  g_ptr_array_add (files, NULL);
7064 
7065  *start = files;
7066  return 0;
7067 }
7068 
7076 gchar *
7077 predefined_report_format_dir (const gchar *uuid)
7078 {
7079  return g_build_filename (OPENVAS_DATA_DIR,
7080  "openvasmd",
7081  "report_formats",
7082  uuid,
7083  NULL);
7084 }
7085 
7095 int
7097  report_format_t report_format)
7098 {
7099  gchar *dir_name, *uuid;
7100 
7101  uuid = report_format_uuid (report_format);
7102  if (uuid == NULL)
7103  return -1;
7104 
7105  if (report_format_predefined (report_format))
7106  dir_name = predefined_report_format_dir (uuid);
7107  else
7108  {
7109  gchar *owner_uuid;
7110 
7111  owner_uuid = report_format_owner_uuid (report_format);
7112  if (owner_uuid == NULL)
7113  return -1;
7114  dir_name = g_build_filename (OPENVAS_STATE_DIR,
7115  "openvasmd",
7116  "report_formats",
7117  owner_uuid,
7118  uuid,
7119  NULL);
7120  g_free (owner_uuid);
7121  }
7122 
7123  g_free (uuid);
7124 
7125  if (get_report_format_files (dir_name, &iterator->start))
7126  {
7127  g_free (dir_name);
7128  return -1;
7129  }
7130 
7131  iterator->current = iterator->start->pdata;
7132  iterator->current--;
7133  iterator->dir_name = dir_name;
7134  return 0;
7135 }
7136 
7142 void
7144 {
7145  array_free (iterator->start);
7146  g_free (iterator->dir_name);
7147 }
7148 
7158 gboolean
7160 {
7161  iterator->current++;
7162  if (*iterator->current == NULL) return FALSE;
7163  return TRUE;
7164 }
7165 
7173 const char*
7175 {
7176  return (const char*) *iterator->current;
7177 }
7178 
7186 gchar*
7188 {
7189  gchar *path_name, *content;
7190  GError *error;
7191  gsize content_size;
7192 
7193  path_name = g_build_filename (iterator->dir_name,
7194  (gchar*) *iterator->current,
7195  NULL);
7196 
7197  /* Read in the contents. */
7198 
7199  error = NULL;
7200  if (g_file_get_contents (path_name,
7201  &content,
7202  &content_size,
7203  &error)
7204  == FALSE)
7205  {
7206  if (error)
7207  {
7208  g_debug ("%s: failed to read %s: %s",
7209  __FUNCTION__, path_name, error->message);
7210  g_error_free (error);
7211  }
7212  g_free (path_name);
7213  return NULL;
7214  }
7215 
7216  g_free (path_name);
7217 
7218  /* Base64 encode the contents. */
7219 
7220  if (content && (content_size > 0))
7221  {
7222  gchar *base64 = g_base64_encode ((guchar*) content, content_size);
7223  g_free (content);
7224  return base64;
7225  }
7226 
7227  return content;
7228 }
7229 
7230 
7231 /* Scanner Tags. */
7232 
7240 void
7241 parse_tags (const char *scanner_tags, gchar **tags, gchar **cvss_base)
7242 {
7243  gchar **split, **point;
7244  GString *tags_buffer;
7245  gboolean first;
7246 
7247  tags_buffer = g_string_new ("");
7248  split = g_strsplit (scanner_tags, "|", 0);
7249  point = split;
7250  *cvss_base = NULL;
7251  first = TRUE;
7252 
7253  while (*point)
7254  {
7255  if (strncmp (*point, "cvss_base=", strlen ("cvss_base=")) == 0)
7256  {
7257  /* Skip this tag. */
7258  }
7259  else if (strncmp (*point,
7260  "cvss_base_vector=",
7261  strlen ("cvss_base_vector="))
7262  == 0)
7263  {
7264  if (*cvss_base == NULL)
7265  *cvss_base = g_strdup_printf ("%.1f",
7266  get_cvss_score_from_base_metrics
7267  (*point
7268  + strlen ("cvss_base_vector=")));
7269  if (first)
7270  first = FALSE;
7271  else
7272  g_string_append_c (tags_buffer, '|');
7273  g_string_append (tags_buffer, *point);
7274  }
7275  else
7276  {
7277  if (first)
7278  first = FALSE;
7279  else
7280  g_string_append_c (tags_buffer, '|');
7281  g_string_append (tags_buffer, *point);
7282  }
7283  point++;
7284  }
7285 
7286  if (tags_buffer->len == 0)
7287  {
7288  g_string_free (tags_buffer, TRUE);
7289  *tags = g_strdup ("NOTAG");
7290  }
7291  else
7292  *tags = g_string_free (tags_buffer, FALSE);
7293  g_strfreev (split);
7294 }
7295 
7296 
7297 /* Slaves. */
7298 
7310 int
7311 delete_slave_task (const gchar *host, int port, const gchar *username,
7312  const gchar *password, const char *slave_task_uuid)
7313 {
7314  int socket;
7315  gnutls_session_t session;
7316  entity_t get_tasks, get_targets, entity, task, credential, port_list;
7319 
7320  omp_delete_opts_t del_opts = omp_delete_opts_ultimate_defaults;
7321 
7322  /* Connect to the slave. */
7323 
7324  g_debug (" %s: host: %s\n", __FUNCTION__, host);
7325 
7326  socket = openvas_server_open (&session, host, port);
7327  if (socket == -1) return -1;
7328 
7329  g_debug (" %s: connected\n", __FUNCTION__);
7330 
7331  /* Authenticate using the slave login. */
7332 
7333  if (omp_authenticate (&session, username, password))
7334  return -1;
7335 
7336  g_debug (" %s: authenticated\n", __FUNCTION__);
7337 
7338  /* Get the UUIDs of the slave resources. */
7339 
7340  if (omp_get_tasks (&session, slave_task_uuid, 0, 0, &get_tasks))
7341  goto fail;
7342 
7343  task = entity_child (get_tasks, "task");
7344  if (task == NULL)
7345  goto fail_free_task;
7346 
7347  entity = entity_child (task, "config");
7348  if (entity == NULL)
7349  goto fail_free_task;
7350  slave_config_uuid = entity_attribute (entity, "id");
7351 
7352  entity = entity_child (task, "target");
7353  if (entity == NULL)
7354  goto fail_free_task;
7355  slave_target_uuid = entity_attribute (entity, "id");
7356 
7357  if (omp_get_targets (&session, slave_target_uuid, 0, 0, &get_targets))
7358  goto fail_free_task;
7359 
7360  entity = entity_child (get_targets, "target");
7361  if (entity == NULL)
7362  goto fail_free;
7363 
7364  port_list = entity_child (entity, "port_list");
7365  if (port_list == NULL)
7366  goto fail_free;
7367  slave_port_list_uuid = entity_attribute (port_list, "id");
7368 
7369  credential = entity_child (entity, "ssh_credential");
7370  if (credential == NULL)
7371  goto fail_free;
7372  slave_ssh_credential_uuid = entity_attribute (credential, "id");
7373 
7374  credential = entity_child (entity, "smb_credential");
7375  if (credential == NULL)
7376  goto fail_free;
7377  slave_smb_credential_uuid = entity_attribute (credential, "id");
7378 
7379  /* Remove the slave resources. */
7380 
7381  omp_stop_task (&session, slave_task_uuid);
7382  if (omp_delete_task_ext (&session, slave_task_uuid, del_opts))
7383  goto fail_config;
7384  if (omp_delete_config_ext (&session, slave_config_uuid, del_opts))
7385  goto fail_target;
7386  if (omp_delete_target_ext (&session, slave_target_uuid, del_opts))
7387  goto fail_credential;
7388  if (omp_delete_port_list_ext (&session, slave_port_list_uuid, del_opts))
7389  goto fail_credential;
7390  if (omp_delete_lsc_credential_ext (&session, slave_smb_credential_uuid,
7391  del_opts))
7392  goto fail;
7393  if (omp_delete_lsc_credential_ext (&session, slave_ssh_credential_uuid,
7394  del_opts))
7395  goto fail;
7396 
7397  /* Cleanup. */
7398 
7399  free_entity (get_targets);
7400  free_entity (get_tasks);
7401  openvas_server_close (socket, session);
7402  return 0;
7403 
7404  fail_config:
7405  omp_delete_config_ext (&session, slave_config_uuid, del_opts);
7406  fail_target:
7407  omp_delete_target_ext (&session, slave_target_uuid, del_opts);
7408  omp_delete_port_list_ext (&session, slave_port_list_uuid, del_opts);
7409  fail_credential:
7410  omp_delete_lsc_credential_ext (&session, slave_smb_credential_uuid, del_opts);
7411  omp_delete_lsc_credential_ext (&session, slave_ssh_credential_uuid, del_opts);
7412  fail_free:
7413  free_entity (get_targets);
7414  fail_free_task:
7415  free_entity (get_tasks);
7416  fail:
7417  openvas_server_close (socket, session);
7418  return -1;
7419 }
7420 
7427 static char *
7428 get_cpe_filename ()
7429 {
7430  return g_strdup (CPE_DICT_FILENAME);
7431 }
7432 
7441 static char *
7442 get_cve_filename (char *item_id)
7443 {
7444  int year;
7445 
7446  if (sscanf (item_id, "%*3s-%d-%*d", &year) == 1)
7447  {
7448  /* CVEs before 2002 are stored in the 2002 file. */
7449  if (year <= 2002)
7450  year = 2002;
7451  return g_strdup_printf (CVE_FILENAME_FMT, year);
7452  }
7453  return NULL;
7454 }
7455 
7464 static char *
7465 get_ovaldef_filename (char *item_id)
7466 {
7467  char *result, *short_filename;
7468 
7469  result = NULL;
7470  short_filename = get_ovaldef_short_filename (item_id);
7471 
7472  if (*short_filename)
7473  {
7474  result = g_strdup_printf ("%s/%s", OPENVAS_SCAP_DATA_DIR, short_filename);
7475  }
7476  free (short_filename);
7477 
7478  return result;
7479 }
7480 
7489 static char *
7490 get_cert_bund_adv_filename (char *item_id)
7491 {
7492  int year;
7493 
7494  if (sscanf (item_id, "CB-K%d-%*s", &year) == 1)
7495  {
7496  return g_strdup_printf (CERT_BUND_ADV_FILENAME_FMT, year);
7497  }
7498  return NULL;
7499 }
7500 
7509 static char *
7510 get_dfn_cert_adv_filename (char *item_id)
7511 {
7512  int year;
7513 
7514  if (sscanf (item_id, "DFN-CERT-%d-%*s", &year) == 1)
7515  {
7516  return g_strdup_printf (DFN_CERT_ADV_FILENAME_FMT, year);
7517  }
7518  return NULL;
7519 }
7520 
7534 gchar *
7535 xsl_transform (gchar *stylesheet, gchar *xmlfile, gchar **param_names,
7536  gchar **param_values)
7537 {
7538  int i, param_idx;
7539  gchar **cmd, *cmd_full;
7540  gint exit_status;
7541  gboolean success;
7542  gchar *standard_out = NULL, *standard_err = NULL;
7543 
7544  param_idx = 0;
7545  if (param_names && param_values)
7546  while (param_names[param_idx] && param_values[param_idx])
7547  param_idx++;
7548 
7549  cmd = (gchar **)g_malloc ((4 + param_idx * 3) * sizeof (gchar *));
7550 
7551  i = 0;
7552  cmd[i++] = "xsltproc";
7553  if (param_idx)
7554  {
7555  int j;
7556 
7557  for (j = 0; j < param_idx; j++)
7558  {
7559  cmd[i++] = "--stringparam";
7560  cmd[i++] = param_names[j];
7561  cmd[i++] = param_values[j];
7562  }
7563  }
7564  cmd[i++] = stylesheet;
7565  cmd[i++] = xmlfile;
7566  cmd[i] = NULL;
7567 
7568 
7569  /* DEBUG: display the final command line. */
7570  cmd_full = g_strjoinv (" ", cmd);
7571  g_debug ("%s: Spawning in parent dir: %s\n",
7572  __FUNCTION__, cmd_full);
7573  g_free (cmd_full);
7574  /* --- */
7575 
7576  if ((g_spawn_sync (NULL,
7577  cmd,
7578  NULL, /* Environment. */
7579  G_SPAWN_SEARCH_PATH,
7580  NULL, /* Setup function. */
7581  NULL,
7582  &standard_out,
7583  &standard_err,
7584  &exit_status,
7585  NULL)
7586  == FALSE)
7587  || (WIFEXITED (exit_status) == 0)
7588  || WEXITSTATUS (exit_status))
7589  {
7590  g_debug ("%s: failed to transform the xml: %d (WIF %i, WEX %i)",
7591  __FUNCTION__,
7592  exit_status,
7593  WIFEXITED (exit_status),
7594  WEXITSTATUS (exit_status));
7595  g_debug ("%s: stderr: %s\n", __FUNCTION__, standard_err);
7596  g_debug ("%s: stdout: %s\n", __FUNCTION__, standard_out);
7597  success = FALSE;
7598  }
7599  else if (strlen (standard_out) == 0)
7600  success = FALSE; /* execution succeeded but nothing was found */
7601  else
7602  success = TRUE; /* execution succeeded and we have a result */
7603 
7604  /* Cleanup. */
7605  g_free (cmd);
7606  g_free (standard_err);
7607 
7608  if (success)
7609  return standard_out;
7610 
7611  g_free (standard_out);
7612  return NULL;
7613 }
7614 
7622 static const char*
7623 category_name (int category)
7624 {
7625  static const char *categories[] = { ACT_STRING_LIST_ALL };
7626  if (category >= ACT_FIRST && category <= ACT_END)
7627  {
7628  return categories[category];
7629  }
7630  return categories[ACT_UNKNOWN];
7631 }
7632 
7638 #define DEF(x) \
7639  const char* x = nvt_iterator_ ## x (nvts); \
7640  gchar* x ## _text = x \
7641  ? g_markup_escape_text (x, -1) \
7642  : g_strdup ("");
7643 
7657 gchar *
7658 get_nvti_xml (iterator_t *nvts, int details, int pref_count,
7659  int preferences, const char *timeout, config_t config,
7660  int close_tag)
7661 {
7662  const char* oid = nvt_iterator_oid (nvts);
7663  const char* name = nvt_iterator_name (nvts);
7664  gchar* msg;
7665 
7666  gchar* name_text = g_markup_escape_text (name, strlen (name));
7667  if (details)
7668  {
7669  GString *cert_refs_str, *tags_str, *buffer;
7670  iterator_t cert_refs_iterator, tags;
7671  gchar *tag_name_esc, *tag_value_esc, *tag_comment_esc;
7672 
7673  DEF (copyright);
7674  DEF (family);
7675  DEF (version);
7676  DEF (xref);
7677  DEF (tag);
7678 
7679 #undef DEF
7680 
7681  cert_refs_str = g_string_new ("");
7682  if (manage_cert_loaded())
7683  {
7684  init_nvt_cert_bund_adv_iterator (&cert_refs_iterator, oid, 0, 0);
7685  while (next (&cert_refs_iterator))
7686  {
7687  g_string_append_printf (cert_refs_str,
7688  "<cert_ref type=\"CERT-Bund\" id=\"%s\"/>",
7689  get_iterator_name (&cert_refs_iterator));
7690  }
7691  cleanup_iterator (&cert_refs_iterator);
7692 
7693  init_nvt_dfn_cert_adv_iterator (&cert_refs_iterator, oid, 0, 0);
7694  while (next (&cert_refs_iterator))
7695  {
7696  g_string_append_printf (cert_refs_str,
7697  "<cert_ref type=\"DFN-CERT\" id=\"%s\"/>",
7698  get_iterator_name (&cert_refs_iterator));
7699  }
7700  cleanup_iterator (&cert_refs_iterator);
7701  }
7702  else
7703  {
7704  g_string_append (cert_refs_str, "<warning>database not available</warning>");
7705  }
7706 
7707  tags_str = g_string_new ("");
7708  g_string_append_printf (tags_str,
7709  "<count>%i</count>",
7710  resource_tag_count ("nvt",
7712  (nvts),
7713  1));
7714 
7715  init_resource_tag_iterator (&tags, "nvt",
7716  get_iterator_resource (nvts),
7717  1, NULL, 1);
7718  while (next (&tags))
7719  {
7720  tag_name_esc = g_markup_escape_text (resource_tag_iterator_name
7721  (&tags),
7722  -1);
7723  tag_value_esc = g_markup_escape_text (resource_tag_iterator_value
7724  (&tags),
7725  -1);
7726  tag_comment_esc = g_markup_escape_text (resource_tag_iterator_comment
7727  (&tags),
7728  -1);
7729  g_string_append_printf (tags_str,
7730  "<tag id=\"%s\">"
7731  "<name>%s</name>"
7732  "<value>%s</value>"
7733  "<comment>%s</comment>"
7734  "</tag>",
7736  tag_name_esc,
7737  tag_value_esc,
7738  tag_comment_esc);
7739  g_free (tag_name_esc);
7740  g_free (tag_value_esc);
7741  g_free (tag_comment_esc);
7742  }
7743  cleanup_iterator (&tags);
7744 
7745  buffer = g_string_new ("");
7746 
7747  g_string_append_printf (buffer,
7748  "<nvt oid=\"%s\">"
7749  "<name>%s</name>"
7750  "<creation_time>%s</creation_time>"
7751  "<modification_time>%s</modification_time>"
7752  "<user_tags>%s</user_tags>"
7753  "<category>%s</category>"
7754  "<copyright>%s</copyright>"
7755  "<family>%s</family>"
7756  "<version>%s</version>"
7757  "<cvss_base>%s</cvss_base>"
7758  "<qod>"
7759  "<value>%s</value>"
7760  "<type>%s</type>"
7761  "</qod>"
7762  "<cve_id>%s</cve_id>"
7763  "<bugtraq_id>%s</bugtraq_id>"
7764  "<cert_refs>%s</cert_refs>"
7765  "<xrefs>%s</xrefs>"
7766  "<tags>%s</tags>"
7767  "<preference_count>%i</preference_count>"
7768  "<timeout>%s</timeout>",
7769  oid,
7770  name_text,
7773  : "",
7776  : "",
7777  tags_str->str,
7778  category_name (nvt_iterator_category (nvts)),
7779  copyright_text,
7780  family_text,
7781  version_text,
7782  nvt_iterator_cvss_base (nvts)
7783  ? nvt_iterator_cvss_base (nvts)
7784  : "",
7785  nvt_iterator_qod (nvts),
7786  nvt_iterator_qod_type (nvts),
7787  nvt_iterator_cve (nvts),
7788  nvt_iterator_bid (nvts),
7789  cert_refs_str->str,
7790  xref_text,
7791  tag_text,
7792  pref_count,
7793  timeout ? timeout : "");
7794  g_free (copyright_text);
7795  g_free (family_text);
7796  g_free (version_text);
7797  g_free (xref_text);
7798  g_free (tag_text);
7799  g_string_free(cert_refs_str, 1);
7800  g_string_free(tags_str, 1);
7801 
7802  if (preferences)
7803  {
7804  iterator_t prefs;
7805  const char *nvt_name = nvt_iterator_name (nvts);
7806 
7807  /* Send the preferences for the NVT. */
7808 
7809  xml_string_append (buffer,
7810  "<preferences>"
7811  "<timeout>%s</timeout>",
7812  timeout ? timeout : "");
7813 
7814  init_nvt_preference_iterator (&prefs, nvt_name);
7815  while (next (&prefs))
7816  buffer_config_preference_xml (buffer, &prefs, config, 1);
7817  cleanup_iterator (&prefs);
7818 
7819  xml_string_append (buffer, "</preferences>");
7820  }
7821 
7822  xml_string_append (buffer, close_tag ? "</nvt>" : "");
7823  msg = g_string_free (buffer, FALSE);
7824  }
7825  else
7826  msg = g_strdup_printf
7827  ("<nvt oid=\"%s\"><name>%s</name>"
7828  "<user_tags><count>%i</count></user_tags>%s",
7829  oid, name_text,
7830  resource_tag_count ("nvt", get_iterator_resource (nvts), 1),
7831  close_tag ? "</nvt>" : "");
7832  g_free (name_text);
7833  return msg;
7834 }
7835 
7841 const char *
7843 {
7844  gchar *content;
7845  GError *error;
7846  gsize content_size;
7847  struct tm update_time;
7848 
7849  /* Read in the contents. */
7850 
7851  error = NULL;
7852  if (g_file_get_contents (SCAP_TIMESTAMP_FILENAME,
7853  &content,
7854  &content_size,
7855  &error)
7856  == FALSE)
7857  {
7858  if (error)
7859  {
7860  g_debug ("%s: failed to read %s: %s",
7861  __FUNCTION__, SCAP_TIMESTAMP_FILENAME, error->message);
7862  g_error_free (error);
7863  }
7864  return "";
7865  }
7866 
7867  memset (&update_time, 0, sizeof (struct tm));
7868  if (strptime (content, "%Y%m%d%H%M", &update_time))
7869  {
7870  static char time_string[100];
7871  strftime (time_string, 99, "%FT%T.000%z", &update_time);
7872  return time_string;
7873  }
7874  return "";
7875 }
7876 
7888 int
7889 manage_read_info (gchar *type, gchar *uid, gchar *name, gchar **result)
7890 {
7891  gchar *fname;
7892  gchar *pnames[2] = { "refname", NULL };
7893  gchar *pvalues[2] = { name, NULL };
7894 
7895  assert (result != NULL);
7896  *result = NULL;
7897 
7898  if (g_ascii_strcasecmp ("CPE", type) == 0)
7899  {
7900  fname = get_cpe_filename ();
7901  if (fname)
7902  {
7903  gchar *cpe;
7904  cpe = xsl_transform (CPE_GETBYNAME_XSL, fname, pnames, pvalues);
7905  g_free (fname);
7906  if (cpe)
7907  *result = cpe;
7908  }
7909  }
7910  else if (g_ascii_strcasecmp ("CVE", type) == 0)
7911  {
7912  fname = get_cve_filename (uid);
7913  if (fname)
7914  {
7915  gchar *cve;
7916  cve = xsl_transform (CVE_GETBYNAME_XSL, fname, pnames, pvalues);
7917  g_free (fname);
7918  if (cve)
7919  *result = cve;
7920  }
7921  }
7922  else if (g_ascii_strcasecmp ("NVT", type) == 0)
7923  {
7924  iterator_t nvts;
7925  nvt_t nvt;
7926 
7927  if (!find_nvt (name ? name : uid, &nvt) && nvt)
7928  {
7929  init_nvt_iterator (&nvts, nvt, 0, NULL, NULL, 0, NULL);
7930 
7931  if (next (&nvts))
7932  *result = get_nvti_xml (&nvts,
7933  1, /* Include details. */
7934  0, /* Preference count. */
7935  1, /* Include preferences. */
7936  NULL, /* Timeout. */
7937  0, /* Config. */
7938  1); /* Close tag. */
7939 
7940  cleanup_iterator (&nvts);
7941  }
7942  }
7943  else if (g_ascii_strcasecmp ("OVALDEF", type) == 0)
7944  {
7945  fname = get_ovaldef_filename (uid);
7946  if (fname)
7947  {
7948  gchar *ovaldef;
7949  ovaldef = xsl_transform (OVALDEF_GETBYNAME_XSL, fname,
7950  pnames, pvalues);
7951  g_free (fname);
7952  if (ovaldef)
7953  *result = ovaldef;
7954  }
7955  }
7956  else if (g_ascii_strcasecmp ("CERT_BUND_ADV", type) == 0)
7957  {
7958  fname = get_cert_bund_adv_filename (uid);
7959  if (fname)
7960  {
7961  gchar *adv;
7963  pnames, pvalues);
7964  g_free (fname);
7965  if (adv)
7966  *result = adv;
7967  }
7968  }
7969  else if (g_ascii_strcasecmp ("DFN_CERT_ADV", type) == 0)
7970  {
7971  fname = get_dfn_cert_adv_filename (uid);
7972  if (fname)
7973  {
7974  gchar *adv;
7976  pnames, pvalues);
7977  g_free (fname);
7978  if (adv)
7979  *result = adv;
7980  }
7981  }
7982 
7983  if (*result == NULL)
7984  return -1;
7985 
7986  return 1;
7987 }
7988 
7989 
7990 /* Users. */
7991 
8000 int
8001 validate_username (const gchar * name)
8002 {
8003  if (g_regex_match_simple ("^[[:alnum:]-_.]+$", name, 0, 0))
8004  return 0;
8005  else
8006  return 1;
8007 }
8008 
8009 
8010 /* Resource aggregates. */
8011 
8017 void
8019 {
8020  g_free (sort_data->field);
8021  g_free (sort_data->stat);
8022  g_free (sort_data);
8023 }
8024 
8025 
8026 /* Feeds. */
8027 
8039 gboolean
8040 openvas_sync_script_perform_selftest (const gchar * sync_script,
8041  gchar ** result)
8042 {
8043  g_assert (sync_script);
8044  g_assert_cmpstr (*result, ==, NULL);
8045 
8046  gchar *script_working_dir = g_path_get_dirname (sync_script);
8047 
8048  gchar **argv = (gchar **) g_malloc (3 * sizeof (gchar *));
8049  argv[0] = g_strdup (sync_script);
8050  argv[1] = g_strdup ("--selftest");
8051  argv[2] = NULL;
8052 
8053  gchar *script_out;
8054  gchar *script_err;
8055  gint script_exit;
8056  GError *error = NULL;
8057 
8058  if (!g_spawn_sync
8059  (script_working_dir, argv, NULL, 0, NULL, NULL, &script_out, &script_err,
8060  &script_exit, &error))
8061  {
8062  if (*result != NULL)
8063  {
8064  *result =
8065  g_strdup_printf ("Failed to execute synchronization " "script: %s",
8066  error->message);
8067  }
8068 
8069  g_free (script_working_dir);
8070  g_strfreev (argv);
8071  g_free (script_out);
8072  g_free (script_err);
8073  g_error_free (error);
8074 
8075  return FALSE;
8076  }
8077 
8078  if (script_exit != 0)
8079  {
8080  if (script_err != NULL)
8081  {
8082  *result = g_strdup_printf ("%s", script_err);
8083  }
8084 
8085  g_free (script_working_dir);
8086  g_strfreev (argv);
8087  g_free (script_out);
8088  g_free (script_err);
8089 
8090  return FALSE;
8091  }
8092 
8093  g_free (script_working_dir);
8094  g_strfreev (argv);
8095  g_free (script_out);
8096  g_free (script_err);
8097 
8098  return TRUE;
8099 }
8100 
8111 gboolean
8112 openvas_get_sync_script_identification (const gchar * sync_script,
8113  gchar ** identification,
8114  int feed_type)
8115 {
8116  g_assert (sync_script);
8117  if (identification)
8118  g_assert_cmpstr (*identification, ==, NULL);
8119 
8120  gchar *script_working_dir = g_path_get_dirname (sync_script);
8121 
8122  gchar **argv = (gchar **) g_malloc (3 * sizeof (gchar *));
8123  argv[0] = g_strdup (sync_script);
8124  argv[1] = g_strdup ("--identify");
8125  argv[2] = NULL;
8126 
8127  gchar *script_out;
8128  gchar *script_err;
8129  gint script_exit;
8130  GError *error = NULL;
8131 
8132  gchar **script_identification;
8133 
8134  if (!g_spawn_sync
8135  (script_working_dir, argv, NULL, 0, NULL, NULL, &script_out, &script_err,
8136  &script_exit, &error))
8137  {
8138  g_warning ("Failed to execute %s: %s", sync_script, error->message);
8139 
8140  g_free (script_working_dir);
8141  g_strfreev (argv);
8142  g_free (script_out);
8143  g_free (script_err);
8144  g_error_free (error);
8145 
8146  return FALSE;
8147  }
8148 
8149  if (script_exit != 0)
8150  {
8151  g_warning ("%s returned a non-zero exit code.", sync_script);
8152 
8153  g_free (script_working_dir);
8154  g_strfreev (argv);
8155  g_free (script_out);
8156  g_free (script_err);
8157 
8158  return FALSE;
8159  }
8160 
8161  script_identification = g_strsplit (script_out, "|", 6);
8162 
8163  if ((script_identification[0] == NULL)
8164  || (feed_type == NVT_FEED
8165  && g_ascii_strncasecmp (script_identification[0], "NVTSYNC", 7))
8166  || (feed_type == SCAP_FEED
8167  && g_ascii_strncasecmp (script_identification[0], "SCAPSYNC", 7))
8168  || (feed_type == CERT_FEED
8169  && g_ascii_strncasecmp (script_identification[0], "CERTSYNC", 7))
8170  || g_ascii_strncasecmp (script_identification[0], script_identification[5], 7))
8171  {
8172  g_warning ("%s is not a feed synchronization script", sync_script);
8173 
8174  g_free (script_working_dir);
8175  g_strfreev (argv);
8176  g_free (script_out);
8177  g_free (script_err);
8178 
8179  g_strfreev (script_identification);
8180 
8181  return FALSE;
8182  }
8183 
8184  if (identification)
8185  *identification = g_strdup (script_out);
8186 
8187  g_free (script_working_dir);
8188  g_strfreev (argv);
8189  g_free (script_out);
8190  g_free (script_err);
8191 
8192  g_strfreev (script_identification);
8193 
8194  return TRUE;
8195 }
8196 
8206 gboolean
8207 openvas_get_sync_script_description (const gchar * sync_script,
8208  gchar ** description)
8209 {
8210  g_assert (sync_script);
8211  g_assert_cmpstr (*description, ==, NULL);
8212 
8213  gchar *script_working_dir = g_path_get_dirname (sync_script);
8214 
8215  gchar **argv = (gchar **) g_malloc (3 * sizeof (gchar *));
8216  argv[0] = g_strdup (sync_script);
8217  argv[1] = g_strdup ("--describe");
8218  argv[2] = NULL;
8219 
8220  gchar *script_out;
8221  gchar *script_err;
8222  gint script_exit;
8223  GError *error = NULL;
8224 
8225  if (!g_spawn_sync
8226  (script_working_dir, argv, NULL, 0, NULL, NULL, &script_out, &script_err,
8227  &script_exit, &error))
8228  {
8229  g_warning ("Failed to execute %s: %s", sync_script, error->message);
8230 
8231  g_free (script_working_dir);
8232  g_strfreev (argv);
8233  g_free (script_out);
8234  g_free (script_err);
8235  g_error_free (error);
8236 
8237  return FALSE;
8238  }
8239 
8240  if (script_exit != 0)
8241  {
8242  g_warning ("%s returned a non-zero exit code.", sync_script);
8243 
8244  g_free (script_working_dir);
8245  g_strfreev (argv);
8246  g_free (script_out);
8247  g_free (script_err);
8248 
8249  return FALSE;
8250  }
8251 
8252  *description = g_strdup (script_out);
8253 
8254  g_free (script_working_dir);
8255  g_strfreev (argv);
8256  g_free (script_out);
8257  g_free (script_err);
8258 
8259  return TRUE;
8260 }
8261 
8272 gboolean
8273 openvas_get_sync_script_feed_version (const gchar * sync_script,
8274  gchar ** feed_version)
8275 {
8276  g_assert (sync_script);
8277  g_assert_cmpstr (*feed_version, ==, NULL);
8278 
8279  gchar *script_working_dir = g_path_get_dirname (sync_script);
8280 
8281  gchar **argv = (gchar **) g_malloc (3 * sizeof (gchar *));
8282  argv[0] = g_strdup (sync_script);
8283  argv[1] = g_strdup ("--feedversion");
8284  argv[2] = NULL;
8285 
8286  gchar *script_out;
8287  gchar *script_err;
8288  gint script_exit;
8289  GError *error = NULL;
8290 
8291  if (!g_spawn_sync
8292  (script_working_dir, argv, NULL, 0, NULL, NULL, &script_out, &script_err,
8293  &script_exit, &error))
8294  {
8295  g_warning ("Failed to execute %s: %s", sync_script, error->message);
8296 
8297  g_free (script_working_dir);
8298  g_strfreev (argv);
8299  g_free (script_out);
8300  g_free (script_err);
8301  g_error_free (error);
8302 
8303  return FALSE;
8304  }
8305 
8306  if (script_exit != 0)
8307  {
8308  g_warning ("%s returned a non-zero exit code.", sync_script);
8309 
8310  g_free (script_working_dir);
8311  g_strfreev (argv);
8312  g_free (script_out);
8313  g_free (script_err);
8314 
8315  return FALSE;
8316  }
8317 
8318  *feed_version = g_strdup (script_out);
8319 
8320  g_free (script_working_dir);
8321  g_strfreev (argv);
8322  g_free (script_out);
8323  g_free (script_err);
8324 
8325  return TRUE;
8326 }
8327 
8341 int
8342 openvas_sync_feed (const gchar * sync_script, const gchar * current_user,
8343  int feed_type)
8344 {
8345  int fd, ret = 2;
8346  gchar *lockfile_name, *lockfile_dirname;
8347  gchar *script_identification_string = NULL;
8348  pid_t pid;
8349  mode_t old_mask;
8350 
8351  g_assert (sync_script);
8352  g_assert (current_user);
8353 
8354  if (acl_user_may (feed_type == NVT_FEED
8355  ? "sync_feed"
8356  : (feed_type == SCAP_FEED)
8357  ? "sync_scap"
8358  : "sync_cert") == 0)
8359  return 99;
8360 
8362  (sync_script, &script_identification_string, feed_type))
8363  {
8364  g_warning ("No valid synchronization script supplied!");
8365  return -1;
8366  }
8367 
8368  /* Open the lock file. */
8369 
8370  lockfile_name =
8371  g_build_filename (g_get_tmp_dir (), "openvas-feed-sync", sync_script, NULL);
8372  lockfile_dirname = g_path_get_dirname (lockfile_name);
8373  old_mask = umask (0);
8374  if (g_mkdir_with_parents (lockfile_dirname,
8375  /* "-rwxrwxrwx" */
8376  S_IRWXU | S_IRWXG | S_IRWXO))
8377  {
8378  umask (old_mask);
8379  g_warning ("Failed to create lock dir '%s': %s", lockfile_dirname,
8380  strerror (errno));
8381  g_free (lockfile_name);
8382  g_free (lockfile_dirname);
8383  return -1;
8384  }
8385  umask (old_mask);
8386  g_free (lockfile_dirname);
8387 
8388  fd =
8389  open (lockfile_name, O_RDWR | O_CREAT | O_EXCL,
8390  S_IWUSR | S_IRUSR | S_IROTH | S_IRGRP /* "-rw-r--r--" */ );
8391  if (fd == -1)
8392  {
8393  if (errno == EEXIST)
8394  return 1;
8395  g_warning ("Failed to open lock file '%s': %s", lockfile_name,
8396  strerror (errno));
8397  g_free (lockfile_name);
8398  return -1;
8399  }
8400 
8401  /* Close and remove the lock file around the fork. Another process may get
8402  * the lock here, in which case the child will simply fail to get the
8403  * lock. */
8404 
8405  if (close (fd))
8406  {
8407  g_free (lockfile_name);
8408  g_warning ("Failed to close lock file: %s", strerror (errno));
8409  return -1;
8410  }
8411 
8412  if (unlink (lockfile_name))
8413  {
8414  g_free (lockfile_name);
8415  g_warning ("Failed to remove lock file: %s", strerror (errno));
8416  return -1;
8417  }
8418 
8419  /* Setup SIGCHLD for waiting. */
8420 
8421  if (signal (SIGCHLD, SIG_DFL) == SIG_ERR)
8422  {
8423  g_warning ("Failed to set SIG_DFL");
8424  return -1;
8425  }
8426 
8427  /* Fork a child to run the sync while the parent responds to
8428  * the client. */
8429 
8430  pid = fork ();
8431  switch (pid)
8432  {
8433  case 0:
8434  /* Child. Carry on to sync. */
8435  break;
8436  case -1:
8437  /* Parent when error. */
8438  g_warning ("%s: failed to fork sync child: %s\n", __FUNCTION__,
8439  strerror (errno));
8440  return -1;
8441  break;
8442  default:
8443  /* Parent. Return in order to respond to client. */
8444  return 0;
8445  break;
8446  }
8447 
8448  /* Open the lock file. */
8449 
8450  fd =
8451  open (lockfile_name, O_RDWR | O_CREAT | O_EXCL,
8452  S_IWUSR | S_IRUSR | S_IROTH | S_IRGRP /* "-rw-r--r--" */ );
8453  if (fd == -1)
8454  {
8455  if (errno == EEXIST)
8456  return 11;
8457  g_warning ("Failed to open lock file '%s' (child): %s", lockfile_name,
8458  strerror (errno));
8459  g_free (lockfile_name);
8460  return -10;
8461  }
8462 
8463  /* Write the current time and user to the lock file. */
8464 
8465  {
8466  const char *output;
8467  int count, left;
8468  time_t now;
8469 
8470  time (&now);
8471  output = ctime (&now);
8472  left = strlen (output);
8473  while (1)
8474  {
8475  count = write (fd, output, left);
8476  if (count < 0)
8477  {
8478  if (errno == EINTR || errno == EAGAIN)
8479  continue;
8480  g_warning ("%s: write: %s", __FUNCTION__, strerror (errno));
8481  goto exit;
8482  }
8483  if (count == left)
8484  break;
8485  left -= count;
8486  output += count;
8487  }
8488 
8489  output = current_user;
8490  left = strlen (output);
8491  while (1)
8492  {
8493  count = write (fd, output, left);
8494  if (count < 0)
8495  {
8496  if (errno == EINTR || errno == EAGAIN)
8497  continue;
8498  g_warning ("%s: write: %s", __FUNCTION__, strerror (errno));
8499  goto exit;
8500  }
8501  if (count == left)
8502  break;
8503  left -= count;
8504  output += count;
8505  }
8506 
8507  while (1)
8508  {
8509  count = write (fd, "\n", 1);
8510  if (count < 0)
8511  {
8512  if (errno == EINTR || errno == EAGAIN)
8513  continue;
8514  g_warning ("%s: write: %s", __FUNCTION__, strerror (errno));
8515  goto exit;
8516  }
8517  if (count == 1)
8518  break;
8519  }
8520  }
8521 
8522  /* Fork a child to be the sync process. */
8523 
8524  pid = fork ();
8525  switch (pid)
8526  {
8527  case 0:
8528  {
8529  FILE *sync_err, *sync_out;
8530 
8531  /* Child. Become the sync process. */
8532 
8533  sync_out = freopen ("/tmp/openvasad_sync_out", "w", stdout);
8534  if (sync_out == NULL)
8535  {
8536  g_warning ("Failed to reopen stdout: %s", strerror (errno));
8537  exit (EXIT_FAILURE);
8538  }
8539 
8540  sync_err = freopen ("/tmp/openvasad_sync_err", "w", stderr);
8541  if (sync_err == NULL)
8542  {
8543  g_warning ("Failed to reopen stderr: %s", strerror (errno));
8544  fclose (sync_out);
8545  exit (EXIT_FAILURE);
8546  }
8547 
8548  if (execl (sync_script, sync_script, (char *) NULL))
8549  {
8550  g_warning ("Failed to execl %s: %s", sync_script, strerror (errno));
8551  fclose (sync_out);
8552  fclose (sync_err);
8553  exit (EXIT_FAILURE);
8554  }
8555 
8556  fclose (sync_out);
8557  fclose (sync_err);
8558  exit (EXIT_FAILURE);
8559  }
8560  case -1:
8561  /* Parent when error. */
8562 
8563  g_warning ("%s: failed to fork syncer: %s\n", __FUNCTION__,
8564  strerror (errno));
8565  ret = -1;
8566  goto exit;
8567  break;
8568  default:
8569  {
8570  int status;
8571 
8572  /* Parent on success. Wait for child, and handle result. */
8573 
8574  while (wait (&status) < 0)
8575  {
8576  if (errno == ECHILD)
8577  {
8578  g_warning ("Failed to get child exit status");
8579  ret = -10;
8580  goto exit;
8581  }
8582  if (errno == EINTR)
8583  continue;
8584  g_warning ("wait: %s", strerror (errno));
8585  ret = -10;
8586  goto exit;
8587  }
8588  if (WIFEXITED (status))
8589  switch (WEXITSTATUS (status))
8590  {
8591  case EXIT_SUCCESS:
8592  break;
8593  case EXIT_FAILURE:
8594  default:
8595  g_warning ("Error during synchronization.");
8596  ret = -10;
8597  break;
8598  }
8599  else
8600  {
8601  g_message ("Error during synchronization.");
8602  ret = -10;
8603  }
8604 
8605  break;
8606  }
8607  }
8608 
8609 exit:
8610 
8611  /* Close the lock file. */
8612 
8613  if (close (fd))
8614  {
8615  g_free (lockfile_name);
8616  g_warning ("Failed to close lock file (child): %s", strerror (errno));
8617  return -10;
8618  }
8619 
8620  /* Remove the lock file. */
8621 
8622  if (unlink (lockfile_name))
8623  {
8624  g_free (lockfile_name);
8625  g_warning ("Failed to remove lock file (child): %s", strerror (errno));
8626  return -10;
8627  }
8628 
8629  g_free (lockfile_name);
8630 
8631  return ret;
8632 }
8633 
8644 int
8645 openvas_migrate_secinfo (const gchar * sync_script, int feed_type)
8646 {
8647  int fd, ret = 0;
8648  gchar *lockfile_name, *lockfile_dirname;
8649  pid_t pid;
8650  mode_t old_mask;
8651 
8652  g_assert (sync_script);
8653 
8654  if (feed_type != SCAP_FEED && feed_type != CERT_FEED)
8655  {
8656  g_warning ("Unsupported feed_type!");
8657  return -1;
8658  }
8659 
8661  (sync_script, NULL, feed_type))
8662  {
8663  g_warning ("No valid synchronization script supplied!");
8664  return -1;
8665  }
8666 
8667  /* Open the lock file. */
8668 
8669  lockfile_name =
8670  g_build_filename (g_get_tmp_dir (), "openvas-feed-sync", sync_script, NULL);
8671  lockfile_dirname = g_path_get_dirname (lockfile_name);
8672  old_mask = umask (0);
8673  if (g_mkdir_with_parents (lockfile_dirname,
8674  /* "-rwxrwxrwx" */
8675  S_IRWXU | S_IRWXG | S_IRWXO))
8676  {
8677  umask (old_mask);
8678  g_warning ("Failed to create lock dir '%s': %s", lockfile_dirname,
8679  strerror (errno));
8680  g_free (lockfile_name);
8681  g_free (lockfile_dirname);
8682  return -1;
8683  }
8684  umask (old_mask);
8685  g_free (lockfile_dirname);
8686 
8687  fd =
8688  open (lockfile_name, O_RDWR | O_CREAT | O_EXCL,
8689  S_IWUSR | S_IRUSR | S_IROTH | S_IRGRP /* "-rw-r--r--" */ );
8690  if (fd == -1)
8691  {
8692  if (errno == EEXIST)
8693  return 1;
8694  g_warning ("Failed to open lock file '%s': %s", lockfile_name,
8695  strerror (errno));
8696  g_free (lockfile_name);
8697  return -1;
8698  }
8699 
8700  /* Write the current time and user to the lock file. */
8701  {
8702  const char *output;
8703  int count, left;
8704  time_t now;
8705 
8706  time (&now);
8707  output = ctime (&now);
8708  left = strlen (output);
8709  while (1)
8710  {
8711  count = write (fd, output, left);
8712  if (count < 0)
8713  {
8714  if (errno == EINTR || errno == EAGAIN)
8715  continue;
8716  g_warning ("%s: write: %s", __FUNCTION__, strerror (errno));
8717  goto exit;
8718  }
8719  if (count == left)
8720  break;
8721  left -= count;
8722  output += count;
8723  }
8724 
8725  output = ""; // user name
8726  left = strlen (output);
8727  while (1)
8728  {
8729  count = write (fd, output, left);
8730  if (count < 0)
8731  {
8732  if (errno == EINTR || errno == EAGAIN)
8733  continue;
8734  g_warning ("%s: write: %s", __FUNCTION__, strerror (errno));
8735  goto exit;
8736  }
8737  if (count == left)
8738  break;
8739  left -= count;
8740  output += count;
8741  }
8742 
8743  while (1)
8744  {
8745  count = write (fd, "\n", 1);
8746  if (count < 0)
8747  {
8748  if (errno == EINTR || errno == EAGAIN)
8749  continue;
8750  g_warning ("%s: write: %s", __FUNCTION__, strerror (errno));
8751  goto exit;
8752  }
8753  if (count == 1)
8754  break;
8755  }
8756  }
8757 
8758  /* Fork a child to be the sync process. */
8759 
8760  pid = fork ();
8761  switch (pid)
8762  {
8763  case 0:
8764  {
8765  FILE *sync_err, *sync_out;
8766 
8767  /* Child. Become the sync process. */
8768 
8769  sync_out = freopen ("/tmp/openvasad_sync_out", "w", stdout);
8770  if (sync_out == NULL)
8771  {
8772  g_warning ("Failed to reopen stdout: %s", strerror (errno));
8773  exit (EXIT_FAILURE);
8774  }
8775 
8776  sync_err = freopen ("/tmp/openvasad_sync_err", "w", stderr);
8777  if (sync_err == NULL)
8778  {
8779  g_warning ("Failed to reopen stderr: %s", strerror (errno));
8780  fclose (sync_out);
8781  exit (EXIT_FAILURE);
8782  }
8783 
8784  if (execl (sync_script, sync_script, "--migrate", (char *) NULL))
8785  {
8786  g_warning ("Failed to execl %s: %s", sync_script, strerror (errno));
8787  fclose (sync_out);
8788  fclose (sync_err);
8789  exit (EXIT_FAILURE);
8790  }
8791 
8792  fclose (sync_out);
8793  fclose (sync_err);
8794  exit (EXIT_FAILURE);
8795  }
8796  case -1:
8797  /* Parent when error. */
8798 
8799  g_warning ("%s: failed to fork syncer: %s\n", __FUNCTION__,
8800  strerror (errno));
8801  ret = -1;
8802  goto exit;
8803  break;
8804  default:
8805  {
8806  int status;
8807 
8808  /* Parent on success. Wait for child, and handle result. */
8809 
8810  while (wait (&status) < 0)
8811  {
8812  if (errno == ECHILD)
8813  {
8814  g_warning ("Failed to get child exit status");
8815  ret = -1;
8816  goto exit;
8817  }
8818  if (errno == EINTR)
8819  continue;
8820  g_warning ("wait: %s", strerror (errno));
8821  ret = -1;
8822  goto exit;
8823  }
8824  if (WIFEXITED (status))
8825  switch (WEXITSTATUS (status))
8826  {
8827  case EXIT_SUCCESS:
8828  break;
8829  case EXIT_FAILURE:
8830  default:
8831  g_warning ("Error during SecInfo migration.");
8832  ret = -1;
8833  break;
8834  }
8835  else
8836  {
8837  g_message ("Error during SecInfo migration.");
8838  ret = -1;
8839  }
8840 
8841  break;
8842  }
8843  }
8844 
8845 exit:
8846 
8847  /* Close the lock file. */
8848 
8849  if (close (fd))
8850  {
8851  g_free (lockfile_name);
8852  g_warning ("Failed to close lock file: %s", strerror (errno));
8853  return -1;
8854  }
8855 
8856  /* Remove the lock file. */
8857 
8858  if (unlink (lockfile_name))
8859  {
8860  g_free (lockfile_name);
8861  g_warning ("Failed to remove lock file: %s", strerror (errno));
8862  return -1;
8863  }
8864 
8865  g_free (lockfile_name);
8866 
8867  return ret;
8868 }
8869 
8879 int
8880 openvas_current_sync (const gchar * sync_script, gchar ** timestamp,
8881  gchar ** user)
8882 {
8883  gchar *lockfile_name, *content, **lines;
8884  GError *error = NULL;
8885 
8886  g_assert (sync_script);
8887 
8888  lockfile_name =
8889  g_build_filename (g_get_tmp_dir (), "openvas-feed-sync", sync_script, NULL);
8890  if (!g_file_get_contents (lockfile_name, &content, NULL, &error))
8891  {
8892  if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT)
8893  || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES))
8894  {
8895  g_error_free (error);
8896  g_free (lockfile_name);
8897  return 0;
8898  }
8899 
8900  g_warning ("%s: %s", __FUNCTION__, error->message);
8901  g_error_free (error);
8902  g_free (lockfile_name);
8903  return -1;
8904  }
8905 
8906  lines = g_strsplit (content, "\n", 2);
8907  g_free (content);
8908  if (lines[0] && lines[1])
8909  {
8910  *timestamp = g_strdup (lines[0]);
8911  *user = g_strdup (lines[1]);
8912 
8913  g_free (lockfile_name);
8914  g_strfreev (lines);
8915  return 1;
8916  }
8917 
8918  g_free (lockfile_name);
8919  g_strfreev (lines);
8920  return -1;
8921 }
8922 
8923 
8924 /* Wizards. */
8925 
8948 int
8949 manage_run_wizard (const gchar *name,
8950  int (*run_command) (void*, gchar*, gchar**),
8951  void *run_command_data,
8952  array_t *params,
8953  int read_only,
8954  const char *mode,
8955  gchar **command_error,
8956  gchar **command_error_code,
8957  gchar **ret_response)
8958 {
8959  GString *params_xml;
8960  gchar *file, *file_name, *response, *extra, *extra_wrapped, *wizard;
8961  gsize wizard_len;
8962  GError *get_error;
8963  entity_t entity, mode_entity, params_entity, read_only_entity;
8964  entity_t param_def, step;
8965  entities_t modes, steps, param_defs;
8966  int ret, forked;
8967  const gchar *point;
8968 
8969  forked = 0;
8970 
8971  if (acl_user_may ("run_wizard") == 0)
8972  return 99;
8973 
8974  if (command_error)
8975  *command_error = NULL;
8976 
8977  if (command_error_code)
8978  *command_error_code = NULL;
8979 
8980  if (ret_response)
8981  *ret_response = NULL;
8982 
8983  point = name;
8984  while (*point && (isalnum (*point) || *point == '_')) point++;
8985  if (*point)
8986  return 1;
8987 
8988  /* Read wizard from file. */
8989 
8990  file_name = g_strdup_printf ("%s.xml", name);
8991  file = g_build_filename (OPENVAS_DATA_DIR,
8992  "openvasmd",
8993  "wizards",
8994  file_name,
8995  NULL);
8996  g_free (file_name);
8997 
8998  get_error = NULL;
8999  g_file_get_contents (file,
9000  &wizard,
9001  &wizard_len,
9002  &get_error);
9003  g_free (file);
9004  if (get_error)
9005  {
9006  g_warning ("%s: Failed to read wizard: %s\n",
9007  __FUNCTION__,
9008  get_error->message);
9009  g_error_free (get_error);
9010  return -1;
9011  }
9012 
9013  /* Parse wizard. */
9014 
9015  entity = NULL;
9016  if (parse_entity (wizard, &entity))
9017  {
9018  g_warning ("%s: Failed to parse wizard\n", __FUNCTION__);
9019  g_free (wizard);
9020  return -1;
9021  }
9022  g_free (wizard);
9023 
9024  /* Select mode */
9025  if (mode && strcmp (mode, ""))
9026  {
9027  modes = entity->entities;
9028  int mode_found = 0;
9029  while (mode_found == 0 && (mode_entity = first_entity (modes)))
9030  {
9031  if (strcasecmp (entity_name (mode_entity), "mode") == 0)
9032  {
9033  entity_t name_entity;
9034  name_entity = entity_child (mode_entity, "name");
9035 
9036  if (strcmp (entity_text (name_entity), mode) == 0)
9037  mode_found = 1;
9038  }
9039  modes = next_entities (modes);
9040  }
9041 
9042  if (mode_found == 0)
9043  {
9044  free_entity (entity);
9045  if (ret_response)
9046  *ret_response = g_strdup ("");
9047 
9048  if (forked)
9049  return 3;
9050  else
9051  return 0;
9052  }
9053  }
9054  else
9055  {
9056  mode_entity = entity;
9057  }
9058 
9059  /* If needed, check if wizard is marked as read only.
9060  * This does not check the actual commands.
9061  */
9062  if (read_only)
9063  {
9064  read_only_entity = entity_child (mode_entity, "read_only");
9065  if (read_only_entity == NULL)
9066  {
9067  free_entity (entity);
9068  return 5;
9069  }
9070  }
9071 
9072  /* Check params */
9073  params_xml = g_string_new ("");
9074  params_entity = entity_child (mode_entity, "params");
9075  if (params_entity)
9076  param_defs = params_entity->entities;
9077 
9078  while (params_entity && (param_def = first_entity (param_defs)))
9079  {
9080  if (strcasecmp (entity_name (param_def), "param") == 0)
9081  {
9082  entity_t name_entity, regex_entity, optional_entity;
9083  const char *name, *regex;
9084  int optional;
9085  int param_found = 0;
9086 
9087  name_entity = entity_child (param_def, "name");
9088  if ((name_entity == NULL)
9089  || (strcmp (entity_text (name_entity), "") == 0))
9090  {
9091  g_warning ("%s: Wizard PARAM missing NAME\n",
9092  __FUNCTION__);
9093  free_entity (entity);
9094  return -1;
9095  }
9096  else
9097  name = entity_text (name_entity);
9098 
9099  regex_entity = entity_child (param_def, "regex");
9100  if ((regex_entity == NULL)
9101  || (strcmp (entity_text (regex_entity), "") == 0))
9102  {
9103  g_warning ("%s: Wizard PARAM missing REGEX\n",
9104  __FUNCTION__);
9105  free_entity (entity);
9106  return -1;
9107  }
9108  else
9109  regex = entity_text (regex_entity);
9110 
9111  optional_entity = entity_child (param_def, "optional");
9112  optional = (optional_entity
9113  && strcmp (entity_text (optional_entity), "")
9114  && strcmp (entity_text (optional_entity), "0"));
9115 
9116  if (params)
9117  {
9118  guint index = params->len;
9119  while (index--)
9120  {
9121  name_value_t *pair;
9122 
9123  pair = (name_value_t*) g_ptr_array_index (params, index);
9124 
9125  if (pair == NULL)
9126  continue;
9127 
9128  if ((pair->name)
9129  && (pair->value)
9130  && (strcmp (pair->name, name) == 0))
9131  {
9132  index = 0; // end loop;
9133  param_found = 1;
9134 
9135  if (g_regex_match_simple (regex, pair->value, 0, 0) == 0)
9136  {
9137  *command_error
9138  = g_strdup_printf ("Value '%s' is not valid for"
9139  " parameter '%s'.",
9140  pair->value, name);
9141  free_entity (entity);
9142  g_string_free (params_xml, TRUE);
9143  return 6;
9144  }
9145  }
9146  }
9147  }
9148 
9149  if (optional == 0 && param_found == 0)
9150  {
9151  *command_error = g_strdup_printf ("Mandatory wizard param '%s'"
9152  " missing",
9153  name);
9154  free_entity (entity);
9155  return 6;
9156  }
9157 
9158 
9159  }
9160  param_defs = next_entities (param_defs);
9161  }
9162 
9163  /* Buffer params */
9164  if (params)
9165  {
9166  guint index = params->len;
9167  while (index--)
9168  {
9169  name_value_t *pair;
9170 
9171  pair = (name_value_t*) g_ptr_array_index (params, index);
9172  xml_string_append (params_xml,
9173  "<param>"
9174  "<name>%s</name>"
9175  "<value>%s</value>"
9176  "</param>",
9177  pair->name ? pair->name : "",
9178  pair->value ? pair->value : "");
9179  }
9180  }
9181 
9182  /* Run each step of the wizard. */
9183 
9184  response = NULL;
9185  extra = NULL;
9186  steps = mode_entity->entities;
9187  while ((step = first_entity (steps)))
9188  {
9189  if (strcasecmp (entity_name (step), "step") == 0)
9190  {
9191  entity_t command, extra_xsl;
9192  gchar *omp;
9193  int xsl_fd, xml_fd;
9194  char xsl_file_name[] = "/tmp/openvasmd-xsl-XXXXXX";
9195  FILE *xsl_file, *xml_file;
9196  char xml_file_name[] = "/tmp/openvasmd-xml-XXXXXX";
9197  char extra_xsl_file_name[] = "/tmp/openvasmd-extra-xsl-XXXXXX";
9198  char extra_xml_file_name[] = "/tmp/openvasmd-extra-xml-XXXXXX";
9199 
9200  /* Get the command element. */
9201 
9202  command = entity_child (step, "command");
9203  if (command == NULL)
9204  {
9205  g_warning ("%s: Wizard STEP missing COMMAND\n",
9206  __FUNCTION__);
9207  free_entity (entity);
9208  g_free (response);
9209  g_free (extra);
9210  g_string_free (params_xml, TRUE);
9211  return -1;
9212  }
9213 
9214  /* Save the command XSL from the element to a file. */
9215 
9216  xsl_fd = mkstemp (xsl_file_name);
9217  if (xsl_fd == -1)
9218  {
9219  g_warning ("%s: Wizard XSL file create failed\n",
9220  __FUNCTION__);
9221  free_entity (entity);
9222  g_free (response);
9223  g_free (extra);
9224  g_string_free (params_xml, TRUE);
9225  return -1;
9226  }
9227 
9228  xsl_file = fdopen (xsl_fd, "w");
9229  if (xsl_file == NULL)
9230  {
9231  g_warning ("%s: Wizard XSL file open failed\n",
9232  __FUNCTION__);
9233  close (xsl_fd);
9234  free_entity (entity);
9235  g_free (response);
9236  g_free (extra);
9237  g_string_free (params_xml, TRUE);
9238  return -1;
9239  }
9240 
9241  if (first_entity (command->entities))
9242  print_entity (xsl_file, first_entity (command->entities));
9243 
9244  /* Write the params as XML to a file. */
9245 
9246  xml_fd = mkstemp (xml_file_name);
9247  if (xml_fd == -1)
9248  {
9249  g_warning ("%s: Wizard XML file create failed\n",
9250  __FUNCTION__);
9251  fclose (xsl_file);
9252  unlink (xsl_file_name);
9253  free_entity (entity);
9254  g_free (response);
9255  g_free (extra);
9256  g_string_free (params_xml, TRUE);
9257  return -1;
9258  }
9259 
9260  xml_file = fdopen (xml_fd, "w");
9261  if (xml_file == NULL)
9262  {
9263  g_warning ("%s: Wizard XML file open failed\n",
9264  __FUNCTION__);
9265  fclose (xsl_file);
9266  unlink (xsl_file_name);
9267  close (xml_fd);
9268  free_entity (entity);
9269  g_free (response);
9270  g_free (extra);
9271  g_string_free (params_xml, TRUE);
9272  return -1;
9273  }
9274 
9275  if (fprintf (xml_file,
9276  "<wizard>"
9277  "<params>%s</params>"
9278  "<previous>"
9279  "<response>%s</response>"
9280  "<extra_data>%s</extra_data>"
9281  "</previous>"
9282  "</wizard>\n",
9283  params_xml->str ? params_xml->str : "",
9284  response ? response : "",
9285  extra ? extra : "")
9286  < 0)
9287  {
9288  fclose (xsl_file);
9289  unlink (xsl_file_name);
9290  fclose (xml_file);
9291  unlink (xml_file_name);
9292  free_entity (entity);
9293  g_warning ("%s: Wizard failed to write XML\n",
9294  __FUNCTION__);
9295  g_free (response);
9296  g_free (extra);
9297  g_string_free (params_xml, TRUE);
9298  return -1;
9299  }
9300 
9301  fflush (xml_file);
9302 
9303  /* Combine XSL and XML to get the OMP command. */
9304 
9305  omp = xsl_transform (xsl_file_name, xml_file_name, NULL,
9306  NULL);
9307  fclose (xsl_file);
9308  unlink (xsl_file_name);
9309  fclose (xml_file);
9310  unlink (xml_file_name);
9311  if (omp == NULL)
9312  {
9313  g_warning ("%s: Wizard XSL transform failed\n",
9314  __FUNCTION__);
9315  free_entity (entity);
9316  g_free (response);
9317  g_free (extra);
9318  g_string_free (params_xml, TRUE);
9319  return -1;
9320  }
9321 
9322  /* Run the OMP command. */
9323 
9324  g_free (response);
9325  response = NULL;
9326  ret = run_command (run_command_data, omp, &response);
9327  if (ret == 3)
9328  {
9329  /* Parent after a start_task fork. */
9330  forked = 1;
9331  }
9332  else if (ret == 0)
9333  {
9334  /* Command succeeded. */
9335  }
9336  else if (ret == 2)
9337  {
9338  /* Process forked to run a task. */
9339  free_entity (entity);
9340  g_free (response);
9341  g_free (extra);
9342  g_string_free (params_xml, TRUE);
9343  return 2;
9344  }
9345  else if (ret == -10)
9346  {
9347  /* Process forked to run a task. Task start failed. */
9348  free_entity (entity);
9349  g_free (response);
9350  g_free (extra);
9351  g_string_free (params_xml, TRUE);
9352  return -10;
9353  }
9354  else if (ret == -2)
9355  {
9356  /* to_scanner buffer full. */
9357  free_entity (entity);
9358  g_free (response);
9359  g_free (extra);
9360  g_string_free (params_xml, TRUE);
9361  return -2;
9362  }
9363  else
9364  {
9365  free_entity (entity);
9366  g_free (response);
9367  g_free (extra);
9368  g_string_free (params_xml, TRUE);
9369  return -1;
9370  }
9371 
9372  /* Exit if the command failed. */
9373 
9374  if (response)
9375  {
9376  const char *status;
9377  entity_t response_entity;
9378 
9379  response_entity = NULL;
9380  if (parse_entity (response, &response_entity))
9381  {
9382  g_warning ("%s: Wizard failed to parse response\n",
9383  __FUNCTION__);
9384  free_entity (entity);
9385  g_free (response);
9386  g_free (extra);
9387  g_string_free (params_xml, TRUE);
9388  return -1;
9389  }
9390 
9391  status = entity_attribute (response_entity, "status");
9392  if ((status == NULL)
9393  || (strlen (status) == 0)
9394  || (status[0] != '2'))
9395  {
9396  g_debug ("response was %s\n", response);
9397  if (command_error)
9398  {
9399  const char *text;
9400  text = entity_attribute (response_entity, "status_text");
9401  if (text)
9402  *command_error = g_strdup (text);
9403  }
9404  if (command_error_code)
9405  {
9406  *command_error_code = g_strdup (status);
9407  }
9408  free_entity (response_entity);
9409  free_entity (entity);
9410  g_free (response);
9411  g_free (extra);
9412  g_string_free (params_xml, TRUE);
9413  return 4;
9414  }
9415 
9416  free_entity (response_entity);
9417  }
9418 
9419  /* Get the extra_data element. */
9420 
9421  extra_xsl = entity_child (step, "extra_data");
9422  if (extra_xsl)
9423  {
9424  /* Save the extra_data XSL from the element to a file. */
9425 
9426  xsl_fd = mkstemp (extra_xsl_file_name);
9427  if (xsl_fd == -1)
9428  {
9429  g_warning ("%s: Wizard extra_data XSL file create failed\n",
9430  __FUNCTION__);
9431  free_entity (entity);
9432  g_free (response);
9433  g_free (extra);
9434  g_string_free (params_xml, TRUE);
9435  return -1;
9436  }
9437 
9438  xsl_file = fdopen (xsl_fd, "w");
9439  if (xsl_file == NULL)
9440  {
9441  g_warning ("%s: Wizard extra_data XSL file open failed\n",
9442  __FUNCTION__);
9443  close (xsl_fd);
9444  free_entity (entity);
9445  g_free (response);
9446  g_free (extra);
9447  g_string_free (params_xml, TRUE);
9448  return -1;
9449  }
9450 
9451  if (first_entity (extra_xsl->entities))
9452  print_entity (xsl_file, first_entity (extra_xsl->entities));
9453 
9454  /* Write the params as XML to a file. */
9455 
9456  xml_fd = mkstemp (extra_xml_file_name);
9457  if (xml_fd == -1)
9458  {
9459  g_warning ("%s: Wizard XML file create failed\n",
9460  __FUNCTION__);
9461  fclose (xsl_file);
9462  unlink (xsl_file_name);
9463  free_entity (entity);
9464  g_free (response);
9465  g_free (extra);
9466  g_string_free (params_xml, TRUE);
9467  return -1;
9468  }
9469 
9470  xml_file = fdopen (xml_fd, "w");
9471  if (xml_file == NULL)
9472  {
9473  g_warning ("%s: Wizard XML file open failed\n",
9474  __FUNCTION__);
9475  fclose (xsl_file);
9476  unlink (xsl_file_name);
9477  close (xml_fd);
9478  free_entity (entity);
9479  g_free (response);
9480  g_free (extra);
9481  g_string_free (params_xml, TRUE);
9482  return -1;
9483  }
9484 
9485  if (fprintf (xml_file,
9486  "<wizard>"
9487  "<params>%s</params>"
9488  "<current>"
9489  "<response>%s</response>"
9490  "</current>"
9491  "<previous>"
9492  "<extra_data>%s</extra_data>"
9493  "</previous>"
9494  "</wizard>\n",
9495  params_xml->str ? params_xml->str : "",
9496  response ? response : "",
9497  extra ? extra : "")
9498  < 0)
9499  {
9500  fclose (xsl_file);
9501  unlink (extra_xsl_file_name);
9502  fclose (xml_file);
9503  unlink (extra_xml_file_name);
9504  free_entity (entity);
9505  g_warning ("%s: Wizard failed to write XML\n",
9506  __FUNCTION__);
9507  g_free (response);
9508  g_free (extra);
9509  g_string_free (params_xml, TRUE);
9510  return -1;
9511  }
9512 
9513  fflush (xml_file);
9514 
9515  g_free (extra);
9516  extra = xsl_transform (extra_xsl_file_name, extra_xml_file_name,
9517  NULL, NULL);
9518  fclose (xsl_file);
9519  unlink (extra_xsl_file_name);
9520  fclose (xml_file);
9521  unlink (extra_xml_file_name);
9522  }
9523  }
9524  steps = next_entities (steps);
9525  }
9526 
9527  if (extra)
9528  extra_wrapped = g_strdup_printf ("<extra_data>%s</extra_data>",
9529  extra);
9530  else
9531  extra_wrapped = NULL;
9532  g_free (extra);
9533 
9534  if (ret_response)
9535  *ret_response = response;
9536 
9537  if (extra_wrapped && (forked == 0))
9538  {
9539  entity_t extra_entity, status_entity, status_text_entity;
9540  ret = parse_entity (extra_wrapped, &extra_entity);
9541  if (ret == 0)
9542  {
9543  status_entity = entity_child (extra_entity, "status");
9544  status_text_entity = entity_child (extra_entity, "status_text");
9545 
9546  if (status_text_entity && command_error)
9547  {
9548  *command_error = g_strdup (entity_text (status_text_entity));
9549  }
9550 
9551  if (status_entity && command_error_code)
9552  {
9553  *command_error_code = g_strdup (entity_text (status_entity));
9554  }
9555  free_entity (extra_entity);
9556  }
9557  else
9558  {
9559  g_warning ("%s: failed to parse extra data", __FUNCTION__);
9560  free_entity (entity);
9561  g_string_free (params_xml, TRUE);
9562  return -1;
9563  }
9564  }
9565 
9566  free_entity (entity);
9567  g_string_free (params_xml, TRUE);
9568 
9569  /* All the steps succeeded. */
9570 
9571  if (forked)
9572  return 3;
9573  return 0;
9574 }
9575 
9581 int
9583 {
9584  return termination_signal;
9585 }
int move_task(const char *task_id, const char *slave_id)
Reassign a task to another slave.
Definition: manage.c:5576
char * target_port_range(target_t)
Return the port range of a target, in OTP format.
Definition: manage_sql.c:35030
void severity_data_add_count(severity_data_t *severity_data, double severity, int count)
Add a multiple severity occurrences to the counts of a severity_data_t.
Definition: manage.c:878
int report_format_predefined(report_format_t)
Return whether a report format is predefined.
Definition: manage_sql.c:51674
Protos for communication between openvas-manager and openvas-server.
int task_schedule_periods_uuid(const gchar *)
Set the next time a scheduled task will be due.
Definition: manage_sql.c:19000
alert_condition_t
Types of alert conditions.
Definition: manage.h:501
const char * preference_iterator_name(iterator_t *)
int start_task(const char *task_id, char **report_id)
Start a task.
Definition: manage.c:5399
const char * task_file_iterator_name(iterator_t *)
gchar * slave_smb_credential_uuid
Slave credential UUID.
Definition: manage.c:1975
long long int schedule_t
Definition: manage.h:299
const char * credential_iterator_auth_algorithm(iterator_t *)
void report_set_slave_name(report_t, const gchar *)
Set the name of the slave on a report.
Definition: manage_sql.c:21525
const char * target_iterator_alive_tests(iterator_t *)
Get the alive test description from a target iterator.
Definition: manage_sql.c:34656
void report_add_result(report_t, result_t)
Add a result to a report.
Definition: manage_sql.c:21590
void trim_report(report_t report)
Prepare a partial report for restarting the scan from the beginning.
Definition: manage_sql.c:25501
task_status_t
Task statuses, also used as scan/report statuses.
Definition: manage.h:218
const char * resource_tag_iterator_value(iterator_t *)
int manage_report_host_details(report_t report, const char *ip, entity_t entity)
Add host details to a report host.
Definition: manage_sql.c:60642
char * alert_data(alert_t alert, const char *type, const char *name)
Return data associated with an alert.
Definition: manage_sql.c:8810
#define COMMAND
Command called by get_system_report_types.
Definition: manage.c:5924
const char * nvt_iterator_qod(iterator_t *)
alert_condition_t alert_condition_from_name(const char *name)
Get an alert condition from a name.
Definition: manage.c:1173
char * target_hosts(target_t)
Return the hosts associated with a target.
Definition: manage_sql.c:34855
void report_set_slave_port(report_t, int)
Set the port of the slave of a report.
Definition: manage_sql.c:21559
gboolean openvas_get_sync_script_identification(const gchar *sync_script, gchar **identification, int feed_type)
Retrieves the ID string of a feed sync script, with basic validation.
Definition: manage.c:8112
int resume_task(const char *task_id, char **report_id)
Resume a task.
Definition: manage.c:5543
result_t make_cve_result(task_t, const char *, const char *, double, const char *)
Make a CVE result.
Definition: manage_sql.c:19979
void init_nvt_cert_bund_adv_iterator(iterator_t *, const char *, int, const char *)
Initialise an CERT-Bund iterator, for advisories relevant to a NVT.
Definition: manage_sql.c:64094
int openvas_sync_feed(const gchar *sync_script, const gchar *current_user, int feed_type)
Forks a child to synchronize the local feed collection.
Definition: manage.c:8342
#define CPE_GETBYNAME_XSL
CPE selection stylesheet location.
Definition: manage.c:90
char * user_uuid(user_t)
Return the UUID of a user.
Definition: manage_sql.c:66308
int severity_data_range_count(const severity_data_t *severity_data, double min_severity, double max_severity)
Calculate the total of severity counts in a range.
Definition: manage.c:899
long long int credential_t
Definition: manage.h:279
const char * type_name_plural(const char *type)
Return the plural name of a resource type.
Definition: manage.c:416
gchar * file_iterator_content_64(file_iterator_t *iterator)
Return the file contents from a file iterator.
Definition: manage.c:7187
gchar * user_hosts(const char *)
Return the hosts of a user.
Definition: manage_sql.c:66413
char * target_ssh_port(target_t)
Return the SSH LSC port of a target.
Definition: manage_sql.c:34943
int slave_authenticate(gnutls_session_t *session, scanner_t slave)
Authenticate with a slave.
Definition: manage.c:2074
int run_otp_task(task_t task, scanner_t scanner, int from, char **report_id)
Start an OTP scanner task.
Definition: manage.c:4738
gchar * report_host_ip(const char *host)
Get the IP of a host, using the &#39;hostname&#39; report host details.
Definition: manage_sql.c:31487
schedule_t task_schedule_uuid(const gchar *)
Return the schedule of a task.
Definition: manage_sql.c:18938
char * report_format_owner_uuid(report_format_t)
Return the UUID of the owner of a report format.
Definition: manage_sql.c:51501
int get_certificate_info(const gchar *certificate, time_t *activation_time, time_t *expiration_time, gchar **fingerprint, gchar **issuer)
Gathers info from a certificate.
Definition: manage.c:252
const char * credential_iterator_password(iterator_t *)
Get the password from a Credential iterator.
Definition: manage_sql.c:42963
void init_family_iterator(iterator_t *, int, const char *, int)
Initialise an NVT selector family iterator.
Definition: manage_sql.c:39576
gchar * stat
The statistic to sort by.
Definition: manage.h:4101
gchar * slave_report_uuid
Slave report UUID.
Definition: manage.c:2010
void parse_tags(const char *scanner_tags, gchar **tags, gchar **cvss_base)
Split up the tags received from the scanner.
Definition: manage.c:7241
gpointer * current
Current file.
Definition: manage.h:3054
const char * prognosis_iterator_cve(iterator_t *)
void openvas_scanner_set_certs(const char *ca_pub, const char *key_pub, const char *key_priv)
Set the scanner&#39;s CA Certificate, and public/private key pair.
Definition: scanner.c:853
long long int alert_t
Definition: manage.h:280
resource_t get_iterator_resource(iterator_t *)
Get the resource from a GET iterator.
Definition: manage_sql.c:44322
void reinit_manage_process()
Reinitialize the manage library for a process.
Definition: manage_sql.c:14347
const char * manage_scap_update_time()
GET SCAP update time, as a string.
Definition: manage.c:7842
const char * event_name(event_t event)
Get the name of an alert event.
Definition: manage.c:1043
const char * get_iterator_name(iterator_t *)
const char * severity_to_type(double severity)
Get the message type matching a severity score.
Definition: manage.c:691
int nvt_iterator_category(iterator_t *)
Get the category from an NVT iterator.
Definition: manage_sql.c:38026
long long int target_t
Definition: manage.h:285
char * report_slave_task_uuid(report_t)
Return the UUID of the task on the slave.
Definition: manage_sql.c:25467
const char * resource_tag_iterator_uuid(iterator_t *)
void init_host_prognosis_iterator(iterator_t *, report_host_t, int, int, const char *, const char *, int, const char *)
Initialise a report host prognosis iterator.
Definition: manage_sql.c:20412
void cleanup_report_type_iterator(report_type_iterator_t *iterator)
Cleanup a report type iterator.
Definition: manage.c:6066
const char * get_iterator_modification_time(iterator_t *)
const char * credential_iterator_type(iterator_t *)
gboolean host_nthlast_report_host(const char *host, report_host_t *report_host, int position)
Get N&#39;th last report_host given a host.
Definition: manage_sql.c:26519
long long int config_t
Definition: manage.h:278
gchar * get_ovaldef_short_filename(char *item_id)
Get the short file name for an OVALDEF.
Definition: manage_sql.c:64305
#define OVALDEF_GETBYNAME_XSL
OVALDEF selection stylesheet location.
Definition: manage.c:100
port_list_t target_port_list(target_t target)
Return the port list associated with a target, if any.
Definition: manage_sql.c:34996
double prognosis_iterator_cvss_double(iterator_t *)
Get the CVSS from a result iterator as a double.
Definition: manage_sql.c:20223
A report format file iterator.
Definition: manage.h:3051
void init_severity_data(severity_data_t *data)
Initialize a severity data structure.
Definition: manage.c:831
int init_system_report_type_iterator(report_type_iterator_t *iterator, const char *type, const char *slave_id)
Initialise a system report type iterator.
Definition: manage.c:6041
int scan_host_end_time(report_t, const char *)
Get the end time of a scanned host.
Definition: manage_sql.c:24353
credential_t target_ssh_credential(target_t target)
Return the SSH credential associated with a target, if any.
Definition: manage_sql.c:34957
gchar * alert_condition_description(alert_condition_t condition, alert_t alert)
Get a description of an alert condition.
Definition: manage.c:1063
const char * otp_pref_iterator_name(iterator_t *)
int config_type(config_t)
Return the type of a config.
Definition: manage_sql.c:35710
int user_hosts_allow(const char *)
Return whether hosts value of a user denotes allowed.
Definition: manage_sql.c:66432
const char * preference_iterator_value(iterator_t *)
#define SEVERITY_SUBDIVISIONS
Definition: manage_utils.h:46
int openvas_sleep(unsigned int seconds)
Sleep for some number of seconds, handling interrupts.
Definition: utils.c:70
gchar * truncate_certificate(const gchar *certificate)
Truncate a certificate, removing extra data.
Definition: manage.c:174
int sendn_to_server(const void *msg, size_t n)
Send a number of bytes to the server.
void set_task_run_status(task_t, task_status_t)
Set the run state of a task.
Definition: manage_sql.c:18307
#define NVT_SELECTOR_TYPE_ANY
Special NVT selector type for selecting all types in interfaces.
Definition: manage.h:2006
int scan_start_time_epoch(report_t)
Get the start time of a scan, in seconds since the epoch.
Definition: manage_sql.c:24198
A generic SQL iterator.
Definition: iterator.h:52
const char * config_timeout_iterator_value(iterator_t *)
void init_task_file_iterator(iterator_t *iterator, task_t task, const char *file)
Initialise a task file iterator.
Definition: manage_sql.c:32760
void init_report_host_iterator(iterator_t *, report_t, const char *, report_host_t)
Initialise a host iterator.
Definition: manage_sql.c:23477
time_t task_schedule_iterator_period(iterator_t *iterator)
Get the period from a task schedule iterator.
Definition: manage_sql.c:49407
#define MAX_CHECKS_DEFAULT
Default for Scanner max_checks preference.
Definition: manage.c:152
#define CVE_FILENAME_FMT
CVE data files location format string.
Definition: manage.c:122
const char * nvt_iterator_cvss_base(iterator_t *)
gchar * get_nvti_xml(iterator_t *nvts, int details, int pref_count, int preferences, const char *timeout, config_t config, int close_tag)
Create and return XML description for an NVT.
Definition: manage.c:7658
char * task_hosts_ordering(task_t)
Return the hosts ordering of a task.
Definition: manage_sql.c:17973
gchar * name
Name.
Definition: manage.h:65
int * counts
Definition: manage.h:988
const char * resource_tag_iterator_comment(iterator_t *)
#define QOD_DEFAULT
Default quality of detection percentage.
Definition: manage.h:1105
int manage_cert_loaded()
Check whether CERT is available.
Definition: manage_pg.c:2643
int sendf_to_server(const char *format,...)
Format and send a message to the server.
#define CVE_GETBYNAME_XSL
CVE selection stylesheet location.
Definition: manage.c:95
task_t current_scanner_task
The task currently running on the scanner.
Definition: manage.c:998
int acl_user_has_access_uuid(const char *type, const char *uuid, const char *permission, int trash)
Test whether the user may access a resource.
Definition: manage_acl.c:758
void hosts_set_max_severity(report_t, int *, int *)
Set the maximum severity of each host in a scan.
Definition: manage_sql.c:60390
const char * threat_message_type(const char *threat)
Get the message type of a threat.
Definition: manage.c:526
void init_report_iterator_task(iterator_t *, task_t)
Initialise a report iterator.
Definition: manage_sql.c:21997
result_t make_osp_result(task_t, const char *, const char *, const char *, const char *, const char *, const char *, int)
Make an OSP result.
Definition: manage_sql.c:19565
void set_scan_host_end_time(report_t, const char *, const char *)
Set the end time of a scanned host.
Definition: manage_sql.c:24374
void report_set_source_iface(report_t, const gchar *)
Set the source interface of a report.
Definition: manage_sql.c:21573
const char * alert_method_name(alert_method_t method)
Get the name of an alert method.
Definition: manage.c:1146
const char * nvt_iterator_cve(iterator_t *)
const char * nvt_iterator_name(iterator_t *)
void report_set_slave_uuid(report_t, const gchar *)
Set the UUID of the slave on a report.
Definition: manage_sql.c:21508
long long int nvt_t
Definition: manage.h:294
void manage_auth_allow_all(int scheduled)
Ensure that any subsequent authentications succeed.
Definition: manage.c:6440
int set_task_requested(task_t task, task_status_t *status)
Atomically set the run state of a task to requested.
Definition: manage_sql.c:18336
void set_task_scanner(task_t, scanner_t)
Set the scanner of a task.
Definition: manage_sql.c:18208
gchar * certificate_iso_time(time_t time)
Converts a certificate time to an ISO time string.
Definition: manage.c:352
void cleanup_task_schedule_iterator(iterator_t *iterator)
Cleanup a task schedule iterator.
Definition: manage_sql.c:49341
alert_method_t
Types of alerts.
Definition: manage.h:482
int task_uuid(task_t, char **)
Return the UUID of a task.
Definition: manage_sql.c:17885
double max
Definition: manage.h:990
int openvas_scanner_connected()
Whether we have started a connection to the Scanner using openvas_scanner_connect().
Definition: scanner.c:764
int update_from_slave(task_t task, entity_t get_report, entity_t *report, int *next_result)
Update the local task from the slave task.
Definition: manage_sql.c:53064
const char * credential_iterator_private_key(iterator_t *)
Get the private_key from a Credential iterator.
Definition: manage_sql.c:42978
int manage_update_nvti_cache()
Update the memory cache of NVTs, if this has been requested.
Definition: manage_sql.c:14475
gchar * slave_target_uuid
Slave target UUID.
Definition: manage.c:1990
const char * host_iterator_host(iterator_t *)
const char * nvt_iterator_bid(iterator_t *)
int parse_iso_time(const char *text_time)
Convert an ISO time into seconds since epoch.
Definition: manage_sql.c:875
int run_osp_task(task_t task)
Start a task on an OSP scanner.
Definition: manage.c:3996
#define DEFAULT_DURATION
Definition: manage.c:6222
int severity_matches_ov(double severity, double ov_severity)
Check whether a severity matches an override&#39;s severity.
Definition: manage.c:635
void reset_task(task_t)
Reset all running information for a task.
Definition: manage_sql.c:32668
void reschedule_task(const gchar *task_id)
Set a task&#39;s schedule so that it runs again next scheduling round.
Definition: manage_sql.c:19482
GPtrArray * start
Array of files.
Definition: manage.h:3053
config_t task_config(task_t)
Return the config of a task.
Definition: manage_sql.c:18016
long long int result_t
Definition: manage.h:287
credential_t target_esxi_credential(target_t target)
Return the ESXi credential associated with a target, if any.
Definition: manage_sql.c:34983
char * target_exclude_hosts(target_t)
Return the excluded hosts associated with a target.
Definition: manage_sql.c:34870
task_status_t task_run_status(task_t)
Return the run state of a task.
Definition: manage_sql.c:18238
const char * task_schedule_iterator_task_uuid(iterator_t *)
report_format_param_type_t report_format_param_type_from_name(const char *name)
Get a report format param type from a name.
Definition: manage.c:6978
const char * credential_iterator_privacy_password(iterator_t *)
Get the privacy password from a Credential iterator.
Definition: manage_sql.c:43008
void set_task_schedule_next_time_uuid(const gchar *task_id, time_t time)
Set the next time a scheduled task will be due.
Definition: manage_sql.c:19071
const char * credential_full_type(const char *abbreviation)
Get the written-out name of an LSC Credential type.
Definition: manage.c:5797
gchar * app_location(report_host_t, const gchar *)
Get the location of an App for a report&#39;s host.
Definition: manage_sql.c:20236
int get_schedule_timeout()
Get the current schedule timeout.
Definition: manage.c:6917
const char * nvt_selector_iterator_nvt(iterator_t *)
const char * target_iterator_hosts(iterator_t *)
gboolean find_target_with_permission(const char *, target_t *, const char *)
Find a target for a specific permission, given a UUID.
Definition: manage_sql.c:32834
void(* progress)()
Function to mark progress.
Definition: manage_sql.c:352
credential_t target_credential(target_t, const char *)
Get a credential from a target.
Definition: manage_sql.c:33168
const char * host_iterator_end_time(iterator_t *)
char * task_preference_value(task_t, const char *)
Get the value of a task preference.
Definition: manage_sql.c:41190
gboolean openvas_get_sync_script_feed_version(const gchar *sync_script, gchar **feed_version)
Retrieves the version of a feed handled by the sync, with basic validation.
Definition: manage.c:8273
gchar * field
The field to sort by.
Definition: manage.h:4100
#define ZERO_SEVERITY_INDEX
Definition: manage.c:779
volatile int termination_signal
Flag for signal handlers.
Definition: openvasmd.c:256
void clear_duration_schedules(task_t)
Clear once-off schedules from tasks where the duration has passed.
Definition: manage_sql.c:19289
Command data for a get command.
Definition: manage.h:310
char * scanner_login(scanner_t)
Return the login associated with a scanner.
Definition: manage_sql.c:48269
gboolean openvas_get_sync_script_description(const gchar *sync_script, gchar **description)
Retrieves description of a feed sync script, with basic validation.
Definition: manage.c:8207
gchar * slave_port_list_uuid
Slave target UUID.
Definition: manage.c:1995
gboolean find_nvt(const char *, nvt_t *)
Find an NVT given an identifier.
Definition: manage_sql.c:37440
void set_task_start_time_epoch(task_t, int)
Set the start time of a task.
Definition: manage_sql.c:18509
void hosts_set_identifiers()
Setup hosts and their identifiers after a scan, from host details.
Definition: manage_sql.c:60125
#define MAX_HOSTS_DEFAULT
Default for Scanner max_hosts preference.
Definition: manage.c:157
gchar * event_description(event_t event, const void *event_data, const char *task_name)
Get a description of an alert event.
Definition: manage.c:1114
const char * task_schedule_iterator_owner_uuid(iterator_t *)
void manage_session_init(const char *uuid)
Setup session.
Definition: manage_pg.c:46
int create_current_report(task_t task, char **report_id, task_status_t status)
Create the current report for a task.
Definition: manage_sql.c:21002
#define NVT_FEED
Definition: manage.h:4141
int delete_slave_task(const gchar *host, int port, const gchar *username, const gchar *password, const char *slave_task_uuid)
Delete a task on a slave.
Definition: manage.c:7311
void set_scan_end_time(report_t, const char *)
Set the end time of a scan.
Definition: manage_sql.c:24318
char * scanner_uuid(scanner_t)
Return the UUID of a scanner.
Definition: manage_sql.c:48119
int update_end_times(entity_t report)
Update end times, and optionally add host details.
Definition: manage.c:2202
gboolean task_schedule_iterator_stop_due(iterator_t *iterator)
Get the stop due state from a task schedule iterator.
Definition: manage_sql.c:49539
char * scanner_password(scanner_t)
Return the password associated with a scanner.
Definition: manage_sql.c:48287
result_t make_result(task_t, const char *, const char *, const char *, const char *, const char *)
Make a result.
Definition: manage_sql.c:19892
long long int report_t
Definition: manage.h:288
#define SEVERITY_MISSING
Definition: manage_utils.h:40
void init_nvt_dfn_cert_adv_iterator(iterator_t *, const char *, int, const char *)
Initialise an DFN-CERT iterator, for advisories relevant to a NVT.
Definition: manage_sql.c:64272
int send_to_server(const char *msg)
Send a message to the server.
void set_report_slave_task_uuid(report_t report, const char *uuid)
Set the UUID of the slave task, on the local task.
Definition: manage_sql.c:25486
int update_slave_progress(entity_t get_tasks)
Update the locally cached task progress from the slave.
Definition: manage.c:2025
const char * prognosis_iterator_cpe(iterator_t *)
void set_scan_start_time_epoch(report_t, time_t)
Set the start time of a scan.
Definition: manage_sql.c:24243
unsigned int task_id(task_t)
Return the identifier of a task.
Definition: manage_sql.c:17869
target_t task_target(task_t)
Return the target of a task.
Definition: manage_sql.c:18111
void init_credential_iterator_one(iterator_t *, credential_t)
Initialise a Credential iterator, given a single Credential.
Definition: manage_sql.c:42803
double level_max_severity(const char *level, const char *class)
Get the minimum severity for a severity level and class.
Definition: manage_utils.c:454
const char * nvt_iterator_qod_type(iterator_t *iterator)
int openvas_scanner_is_loading()
Checks whether the connected to OpenVAS Scanner is still loading plugins. To be called right after op...
Definition: scanner.c:876
gchar * slave_ssh_credential_uuid
Slave credential UUID.
Definition: manage.c:1970
gboolean next_report(iterator_t *, report_t *)
Read the next report from an iterator.
Definition: manage_sql.c:22036
#define SCANNER_UUID_DEFAULT
UUID of &#39;OpenVAS Default&#39; scanner.
Definition: manage_sql.h:203
#define SCAP_TIMESTAMP_FILENAME
SCAP timestamp location.
Definition: manage.c:142
void cleanup_severity_data(severity_data_t *data)
Clean up a severity data structure.
Definition: manage.c:848
int init_report_format_file_iterator(file_iterator_t *iterator, report_format_t report_format)
Initialise a report format file iterator.
Definition: manage.c:7096
alive_test_t
Alive tests.
Definition: manage.h:252
int openvas_scanner_set_address(const char *addr, int port)
Set the scanner&#39;s address and port. Will try to resolve addr if it is a hostname. ...
Definition: scanner.c:807
char * manage_default_ca_cert()
Get the default CA cert.
Definition: manage_sql.c:63139
gchar * xsl_transform(gchar *stylesheet, gchar *xmlfile, gchar **param_names, gchar **param_values)
Run xsltproc in an external process.
Definition: manage.c:7535
#define NVT_SELECTOR_TYPE_ALL
NVT selector type for "all" rule.
Definition: manage.h:1991
void insert_report_host_detail(report_t, const char *, const char *, const char *, const char *, const char *, const char *)
Insert a host detail into a report.
Definition: manage_sql.c:21054
void hosts_set_details(report_t report)
Store certain host details in the assets after a scan.
Definition: manage_sql.c:60474
task_t task_schedule_iterator_task(iterator_t *iterator)
Get the task from a task schedule iterator.
Definition: manage_sql.c:49355
time_t task_schedule_iterator_period_months(iterator_t *iterator)
Get the period months from a task schedule iterator.
Definition: manage_sql.c:49421
void parse_osp_report(task_t task, report_t report, const char *report_xml)
Parse an OSP report.
Definition: manage_sql.c:31533
gboolean openvas_sync_script_perform_selftest(const gchar *sync_script, gchar **result)
Request a feed synchronization script selftest.
Definition: manage.c:8040
#define SEVERITY_MAX
Definition: manage_utils.h:44
openvas_connection_t * slave_connection
Slave session.
Definition: manage.c:2015
void set_schedule_timeout(int new_timeout)
Set the schedule timeout.
Definition: manage.c:6928
#define RUN_SLAVE_TASK_SLEEP_SECONDS
Number of seconds to sleep between polls to slave.
Definition: manage.c:1965
char * scanner_host(scanner_t)
Return the host of a scanner.
Definition: manage_sql.c:48144
void init_config_timeout_iterator(iterator_t *, config_t)
Initialise a config timeout iterator.
Definition: manage_sql.c:37315
#define DEF(x)
Define a code snippet for get_nvti_xml.
Definition: manage.c:7638
void init_preference_iterator(iterator_t *, config_t)
Initialise a preference iterator.
Definition: manage_sql.c:36569
const char * otp_pref_iterator_value(iterator_t *)
int scanner_port(scanner_t)
Return the port of a scanner.
Definition: manage_sql.c:48157
int set_certs(const char *ca_pub, const char *key_pub, const char *key_priv)
Initialise OpenVAS scanner variables, checking for defaults.
Definition: manage.c:4312
const gchar * certificate_time_status(time_t activates, time_t expires)
Tests the activation and expiration time of a certificate.
Definition: manage.c:371
long long int port_list_t
Definition: manage.h:297
gchar * report_results_filter_term(int first, int rows, int apply_overrides, int autofp, int min_qod)
Create a basic filter term to get report results.
Definition: manage.c:752
const char * task_file_iterator_content(iterator_t *)
#define SEVERITY_ERROR
Definition: manage_utils.h:38
char * scanner_ca_pub(scanner_t)
Return the CA Certificate of a scanner.
Definition: manage_sql.c:48197
const char * get_iterator_creation_time(iterator_t *)
void slist_free(GSList *list)
Free an slist of pointers, including the pointers.
Definition: manage.c:397
void severity_data_level_counts(const severity_data_t *severity_data, const gchar *severity_class, int *errors, int *debugs, int *false_positives, int *logs, int *lows, int *mediums, int *highs)
Count the occurrences of severities in the levels.
Definition: manage.c:930
const char * config_timeout_iterator_nvt_name(iterator_t *)
char * iso_time(time_t *)
Create an ISO time from seconds since epoch.
Definition: manage_sql.c:1138
void severity_data_add(severity_data_t *severity_data, double severity)
Add a severity occurrence to the counts of a severity_data_t.
Definition: manage.c:860
int stop_task_internal(task_t task)
Initiate stopping a task.
Definition: manage.c:5447
const char * run_status_name(task_status_t status)
Get the name of a run status.
Definition: manage.c:1253
int openvas_current_sync(const gchar *sync_script, gchar **timestamp, gchar **user)
Determine if the administrator is synchronizing with a feed.
Definition: manage.c:8880
void init_otp_pref_iterator(iterator_t *iterator, config_t config, const char *section)
Initialise an "OTP" preference iterator.
Definition: manage_sql.c:36649
void update_duration_schedule_periods(task_t)
Update tasks with limited run schedules which have durations.
Definition: manage_sql.c:19334
const char * report_format_param_type_name(report_format_param_type_t type)
Get the name of a report format param type.
Definition: manage.c:6947
gboolean task_schedule_iterator_start_due(iterator_t *iterator)
Get the start due state from a task schedule iterator.
Definition: manage_sql.c:49507
void buffer_config_preference_xml(GString *, iterator_t *, config_t, int)
Buffer XML for the NVT preference of a config.
Definition: omp.c:11120
void set_task_end_time_epoch(task_t, time_t)
Set the end time of a task.
Definition: manage_sql.c:24166
gboolean find_task_with_permission(const char *, task_t *, const char *)
Find a task for a specific permission, given a UUID.
Definition: manage_sql.c:32587
const char * type_name(const char *type)
Return the name of a resource type.
Definition: manage.c:445
char * target_reverse_lookup_unify(target_t)
Return the reverse_lookup_unify value of a target.
Definition: manage_sql.c:34898
gchar * resource_uuid(const gchar *type, resource_t resource)
Get the UUID of a resource.
Definition: manage_sql.c:4971
time_t task_schedule_iterator_first_time(iterator_t *iterator)
Get the first time from a task schedule iterator.
Definition: manage_sql.c:49435
int delete_report_internal(report_t report)
Delete a report.
Definition: manage_sql.c:25198
int openvas_scanner_connect()
Create a new connection to the scanner and set it as current scanner.
Definition: scanner.c:619
void init_nvt_preference_iterator(iterator_t *, const char *)
Initialise an NVT preference iterator.
Definition: manage_sql.c:40989
int set_report_scan_run_status(report_t report, task_status_t status)
Return the run status of the scan associated with a report.
Definition: manage_sql.c:24512
report_t task_running_report(task_t)
Return the running report of a task.
Definition: manage_sql.c:18393
int validate_username(const gchar *name)
Validates a username.
Definition: manage.c:8001
gboolean next_file(file_iterator_t *iterator)
Increment a report type iterator.
Definition: manage.c:7159
gchar * truncate_private_key(const gchar *private_key)
Truncate a private key, removing extra data.
Definition: manage.c:203
int init_resource_tag_iterator(iterator_t *, const char *, resource_t, int, const char *, int)
Initialise a iterator of tags attached to a resource.
Definition: manage_sql.c:67664
report_t current_report
The report of the current task.
Definition: manage.c:1003
const char * file_iterator_name(file_iterator_t *iterator)
Return the name from a file iterator.
Definition: manage.c:7174
int set_task_schedule_uuid(const gchar *task_id, schedule_t schedule, int periods)
Set the schedule of a task.
Definition: manage_sql.c:18836
gchar ** current
Current type.
Definition: manage.h:2616
#define CPE_DICT_FILENAME
CPE dictionary location.
Definition: manage.c:115
double severity_data_value(int index)
Convert an index in the counts array to a severity value.
Definition: manage.c:811
int nvt_selector_iterator_type(iterator_t *)
Get the type from an NVT selector.
Definition: manage_sql.c:39558
int severity_data_index(double severity)
Convert a severity value into an index in the counts array.
Definition: manage.c:789
double level_min_severity(const char *level, const char *class)
Get the minimum severity for a severity level and class.
Definition: manage_utils.c:403
void report_host_set_end_time(report_host_t, time_t)
Set end time of a report host.
Definition: manage_sql.c:60071
#define SEVERITY_FP
Definition: manage_utils.h:34
const char * setting_severity()
Return the Severity Class user setting.
Definition: manage_sql.c:62125
char * scanner_key_priv(scanner_t)
Return the private key of a scanner.
Definition: manage_sql.c:48230
int get_termination_signal()
Gets the last termination signal or 0.
Definition: manage.c:9582
scanner_t task_scanner(task_t)
Return the scanner of a task.
Definition: manage_sql.c:18183
gchar * schedule_user_uuid
UUID of user whose scheduled task is to be started (in connection with authenticate_allow_all).
Definition: manage.c:6432
void init_nvt_selector_iterator(iterator_t *, const char *, config_t, int)
Initialise an NVT selector iterator.
Definition: manage_sql.c:39482
int init_task_schedule_iterator(iterator_t *iterator)
Initialise a task schedule iterator.
Definition: manage_sql.c:49284
gchar * user_ifaces(const char *)
Return the ifaces of a user.
Definition: manage_sql.c:66374
const char * prognosis_iterator_description(iterator_t *)
int set_report_slave_progress(report_t report, int progress)
Set slave progress of a report.
Definition: manage_sql.c:25451
#define SEVERITY_DEBUG
Definition: manage_utils.h:36
int manage_check_current_task()
Handle state changes to current task made by other processes.
Definition: manage.c:5733
#define SCAP_FEED
Definition: manage.h:4142
char * target_reverse_lookup_only(target_t)
Return the reverse_lookup_only value of a target.
Definition: manage_sql.c:34884
const char * task_schedule_iterator_owner_name(iterator_t *)
void cleanup_iterator(iterator_t *)
Cleanup an iterator.
Definition: sql.c:664
#define CERT_FEED
Definition: manage.h:4143
const char * credential_iterator_login(iterator_t *)
int authenticate_allow_all
Flag for manage_auth_allow_all.
Definition: manage.c:6426
int openvas_scanner_init(int cache_mode)
Initializes the already setup connection with the Scanner.
Definition: scanner.c:778
int schedule_duration(schedule_t)
Return the duration of a schedule.
Definition: manage_sql.c:49034
int user_ifaces_allow(const char *)
Return whether ifaces value of a user denotes allowed.
Definition: manage_sql.c:66393
const char * report_type_iterator_title(report_type_iterator_t *iterator)
Return the title from a report type iterator.
Definition: manage.c:6109
gboolean find_resource(const char *, const char *, resource_t *)
Find a resource given a UUID.
Definition: manage_sql.c:4411
int resource_tag_count(const char *, resource_t, int)
Count number of tags attached to a resource.
Definition: manage_sql.c:67743
gchar * predefined_report_format_dir(const gchar *uuid)
Get the directory of a report format.
Definition: manage.c:7077
int acl_user_may(const char *operation)
Test whether a user may perform an operation.
Definition: manage_acl.c:56
long long int report_host_t
Definition: manage.h:289
gboolean find_scanner(const char *, scanner_t *)
Find a scanner given a UUID.
Definition: manage_sql.c:47292
int openvas_scanner_set_unix(const char *path)
Set the scanner&#39;s unix socket path.
Definition: scanner.c:833
const char * alert_condition_name(alert_condition_t condition)
Get the name of an alert condition.
Definition: manage.c:1016
const char * target_iterator_ssh_port(iterator_t *)
void set_task_schedule_next_time(task_t task, time_t time)
Set the next time a scheduled task will be due.
Definition: manage_sql.c:19058
credentials_t current_credentials
Current credentials during any OMP command.
Definition: manage.c:717
#define g_info(...)
Defines g_info for glib versions older than 2.40.
Definition: manage.h:55
void set_task_end_time(task_t task, char *time)
Set the end time of a task.
Definition: manage_sql.c:24145
void cleanup_file_iterator(file_iterator_t *iterator)
Cleanup a report type iterator.
Definition: manage.c:7143
char * report_uuid(report_t)
Return the UUID of a report.
Definition: manage_sql.c:21382
const char * family_iterator_name(iterator_t *)
void init_target_iterator_one(iterator_t *, target_t)
Initialise a target iterator, given a single target.
Definition: manage_sql.c:34462
int task_last_stopped_report(task_t, report_t *)
Get the report from the most recently stopped invocation of task.
Definition: manage_sql.c:18608
void manage_transaction_stop(gboolean)
Commit the current transaction, if any.
Definition: manage_sql.c:32976
gchar * slave_task_uuid
Slave task UUID.
Definition: manage.c:2005
void auto_delete_reports()
Auto delete reports.
Definition: manage_sql.c:19380
int acknowledge_bye()
Acknowledge a scanner BYE.
Definition: manage.c:5705
void trim_partial_report(report_t)
Prepare a partial report for resumption of the scan.
Definition: manage_sql.c:25532
const char * message_type_threat(const char *type)
Get the threat of a message type.
Definition: manage.c:553
const char * nvt_iterator_oid(iterator_t *)
report_host_t manage_report_host_add(report_t, const char *, time_t, time_t)
Add a report host.
Definition: manage_sql.c:60014
const char * run_status_name_internal(task_status_t status)
Get the unique name of a run status.
Definition: manage.c:1288
int delete_reports(task_t task)
Delete all the reports for a task.
Definition: manage.c:733
void sort_data_free(sort_data_t *sort_data)
Free a sort_data_t struct and its related resources.
Definition: manage.c:8018
#define DFN_CERT_ADV_FILENAME_FMT
DFN-CERT data files location format string.
Definition: manage.c:137
char * port_list_uuid(port_list_t)
Return the UUID of a port_list.
Definition: manage_sql.c:56660
gboolean find_resource_with_permission(const char *type, const char *uuid, resource_t *resource, const char *permission, int trash)
Find a resource given a UUID and a permission.
Definition: manage_sql.c:4459
char * scanner_name(scanner_t)
Return the name of a scanner.
Definition: manage_sql.c:48105
#define DFN_CERT_ADV_GETBYNAME_XSL
DFN_CERT_ADV selection stylesheet location.
Definition: manage.c:110
char * report_format_uuid(report_format_t)
Return the UUID of a report format.
Definition: manage_sql.c:51487
scanner_type
Scanner types.
Definition: manage.h:267
void set_report_scheduled(report_t report)
Set a report&#39;s scheduled flag.
Definition: manage_sql.c:18252
A system report type iterator.
Definition: manage.h:2613
gchar * slave_snmp_credential_uuid
Slave credential UUID.
Definition: manage.c:1985
alert_method_t alert_method_from_name(const char *name)
Get an alert method from a name.
Definition: manage.c:1215
const char * target_iterator_reverse_lookup_only(iterator_t *)
const char * credential_iterator_privacy_algorithm(iterator_t *)
int forked
Hack for returning fork status to caller.
Definition: omp.c:4974
time_t next_time(time_t first, int period, int period_months, const char *timezone, int periods_offset)
Calculate the next time from now given a start time and a period.
Definition: manage_utils.c:287
credential_t target_smb_credential(target_t target)
Return the SMB credential associated with a target, if any.
Definition: manage_sql.c:34970
gboolean next(iterator_t *)
Increment an iterator.
Definition: sql.c:689
int manage_system_report(const char *name, const char *duration, const char *start_time, const char *end_time, const char *slave_id, char **report)
Get a system report.
Definition: manage.c:6240
const char * severity_to_level(double severity, int mode)
Get the threat level matching a severity score.
Definition: manage.c:652
char * target_uuid(target_t)
Return the UUID of a target.
Definition: manage_sql.c:34773
#define SCHEDULE_TIMEOUT_DEFAULT
Default for schedule_timeout in minutes.
Definition: manage.h:2803
gboolean next_report_type(report_type_iterator_t *iterator)
Increment a report type iterator.
Definition: manage.c:6081
int type_is_scap(const char *type)
Check if a type is a SCAP type.
Definition: manage.c:474
const char * target_iterator_exclude_hosts(iterator_t *)
void init_nvt_iterator(iterator_t *, nvt_t, config_t, const char *, const char *, int, const char *)
Initialise an NVT iterator.
Definition: manage_sql.c:37843
int nvt_selector_iterator_include(iterator_t *)
Get whether the selector rule is an include rule.
Definition: manage_sql.c:39524
gchar ** start
First type.
Definition: manage.h:2615
get_data_t * report_results_get_data(int first, int rows, int apply_overrides, int autofp, int min_qod)
Create a new basic get_data_t struct to get report results.
Definition: manage.c:766
int acknowledge_feed_version_info()
Acknowledge scanner PLUGINS_FEED_VERSION message,.
Definition: manage.c:5719
int manage_schedule(int(*fork_connection)(openvas_connection_t *, gchar *), gboolean run_tasks, sigset_t *sigmask_current)
Schedule any actions that are due.
Definition: manage.c:6481
const char * report_type_iterator_name(report_type_iterator_t *iterator)
Return the name from a report type iterator.
Definition: manage.c:6096
int stop_task(const char *task_id)
Initiate stopping a task.
Definition: manage.c:5514
event_t event_from_name(const char *name)
Get an event from a name.
Definition: manage.c:1196
const char * target_iterator_reverse_lookup_unify(iterator_t *)
gboolean find_scanner_with_permission(const char *, scanner_t *, const char *)
Find a scanner for a specific permission, given a UUID.
Definition: manage_sql.c:47309
#define CERT_BUND_ADV_FILENAME_FMT
CERT-Bund data files location format string.
Definition: manage.c:129
gchar * slave_esxi_credential_uuid
Slave credential UUID.
Definition: manage.c:1980
alive_test_t target_alive_tests(target_t target)
Return a target&#39;s alive tests.
Definition: manage_sql.c:35087
int manage_run_wizard(const gchar *name, int(*run_command)(void *, gchar *, gchar **), void *run_command_data, array_t *params, int read_only, const char *mode, gchar **command_error, gchar **command_error_code, gchar **ret_response)
Run a wizard.
Definition: manage.c:8949
gchar * dir_name
Dir holding files.
Definition: manage.h:3055
const char * resource_tag_iterator_name(iterator_t *)
int severity_in_level(double severity, const char *level)
Check whether a severity falls within a threat level.
Definition: manage.c:583
void report_set_slave_host(report_t, const gchar *)
Set the host of the slave of a report.
Definition: manage_sql.c:21542
long long int task_t
Definition: manage.h:286
event_t
Types of task events.
Definition: manage.h:471
int openvas_migrate_secinfo(const gchar *sync_script, int feed_type)
Migrates SCAP or CERT database, waiting until migration terminates.
Definition: manage.c:8645
#define CERT_BUND_ADV_GETBYNAME_XSL
CERT_BUND_ADV selection stylesheet location.
Definition: manage.c:105
char * task_name(task_t)
Return the name of a task.
Definition: manage_sql.c:17945
Name value pair.
Definition: manage.h:63
long long int scanner_t
Definition: manage.h:300
#define SEVERITY_LOG
Definition: manage_utils.h:32
char * scanner_key_pub(scanner_t)
Return the Certificate of a scanner.
Definition: manage_sql.c:48210
const char * preference_iterator_type(iterator_t *)
int set_task_schedule_periods(const gchar *, int)
Set the schedule periods of a task, given a UUID.
Definition: manage_sql.c:18869
osp_connection_t * osp_scanner_connect(scanner_t)
Create a new connection to an OSP scanner.
Definition: manage_sql.c:48347
#define FALLBACK_SYSTEM_REPORT_HEADER
Header for fallback system report.
Definition: manage.c:6217
report_format_param_type_t
Report format param types.
Definition: manage.h:3079
void set_scan_end_time_epoch(report_t, time_t)
Set the end time of a scan.
Definition: manage_sql.c:24304
const char * nvt_selector_iterator_name(iterator_t *)
gchar * value
Param value.
Definition: manage.h:66
void set_scheduled_user_uuid(gchar *user_uuid)
Set UUID of user that scheduled the current task.
Definition: manage.c:6462
gchar * get_scheduled_user_uuid()
Access UUID of user that scheduled the current task.
Definition: manage.c:6451
const char * task_schedule_iterator_timezone(iterator_t *)
const char * config_timeout_iterator_oid(iterator_t *)
gboolean task_schedule_iterator_timed_out(iterator_t *iterator)
Get if schedule of task in iterator is timed out.
Definition: manage_sql.c:49587
long long int resource_t
A resource, like a task or target.
Definition: iterator.h:42
int manage_read_info(gchar *type, gchar *uid, gchar *name, gchar **result)
Read raw information.
Definition: manage.c:7889
int openvas_scanner_close()
Finish the connection to the Scanner and free internal buffers.
Definition: scanner.c:551
long long int report_format_t
Definition: manage.h:290
const char * credential_iterator_community(iterator_t *)
Get the SNMP community from a Credential iterator.
Definition: manage_sql.c:42993
int schedule_period(schedule_t)
Return the period of a schedule.
Definition: manage_sql.c:49020
gchar * slave_config_uuid
Slave config UUID.
Definition: manage.c:2000
time_t task_schedule_next_time_uuid(const gchar *)
Set the next time a scheduled task will be due.
Definition: manage_sql.c:19038