OpenVAS Manager  7.0.3~git
openvasmd.c
Go to the documentation of this file.
1 /* OpenVAS Manager
2  * $Id$
3  * Description: Main module for OpenVAS Manager: the system daemon.
4  *
5  * Authors:
6  * Matthew Mundell <matthew.mundell@greenbone.net>
7  *
8  * Copyright:
9  * Copyright (C) 2009, 2010, 2014-2016 Greenbone Networks GmbH
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
80 #include <locale.h>
81 
82 #include <arpa/inet.h>
83 #include <assert.h>
84 #include <errno.h>
85 #include <fcntl.h>
86 #include <glib.h>
87 #include <glib/gstdio.h>
88 #include <gnutls/gnutls.h>
89 #include <grp.h>
90 #include <netdb.h>
91 #include <netinet/in.h>
92 #include <netinet/ip.h>
93 #include <pwd.h>
94 #include <signal.h>
95 #include <stdio.h>
96 #include <stdlib.h>
97 #include <string.h>
98 #include <sys/select.h>
99 #include <sys/socket.h>
100 #include <sys/un.h>
101 #include <sys/types.h>
102 #include <sys/wait.h>
103 #include <unistd.h>
104 
105 #include <openvas/misc/openvas_logging.h>
106 #include <openvas/misc/openvas_proctitle.h>
107 #include <openvas/misc/openvas_server.h>
108 #include <openvas/base/pidfile.h>
109 #include <openvas/base/pwpolicy.h>
110 
111 #include "logf.h"
112 #include "manage.h"
113 #include "scanner.h"
114 #include "ompd.h"
115 #include "ovas-mngr-comm.h"
116 #include "utils.h"
117 
118 #ifdef GIT_REV_AVAILABLE
119 #include "gitrevision.h"
120 #endif
121 
122 #undef G_LOG_DOMAIN
123 
126 #define G_LOG_DOMAIN "md main"
127 
131 #ifndef OPENVASMD_VERSION
132 #define OPENVASMD_VERSION "-1"
133 #endif
134 
138 #ifndef OPENVAS_OS_NAME
139 #define OPENVAS_OS_NAME "-1"
140 #endif
141 
145 #define OPENVASSD_ADDRESS OPENVAS_RUN_DIR "/openvassd.sock"
146 
150 #ifndef SCANNERCERT
151 #define SCANNERCERT "/var/lib/openvas/CA/servercert.pem"
152 #endif
153 
157 #ifndef SCANNERKEY
158 #define SCANNERKEY "/var/lib/openvas/private/CA/serverkey.pem"
159 #endif
160 
164 #ifndef CACERT
165 #define CACERT "/var/lib/openvas/CA/cacert.pem"
166 #endif
167 
171 #ifndef CLIENTCERT
172 #define CLIENTCERT "/var/lib/openvas/CA/clientcert.pem"
173 #endif
174 
178 #ifndef CLIENTKEY
179 #define CLIENTKEY "/var/lib/openvas/private/CA/clientkey.pem"
180 #endif
181 
187 #define OPENVASSD_PORT 9391
188 
194 #define OPENVASMD_PORT 9390
195 
199 #define MAX_CONNECTIONS 512
200 
204 #define DEFAULT_CLIENT_WATCH_INTERVAL 1
205 
210 
214 int manager_socket = -1;
215 
220 
221 #if LOG
222 
225 FILE* log_stream = NULL;
226 #endif
227 
231 int use_tls = 0;
232 
236 gnutls_session_t client_session;
237 
241 gnutls_certificate_credentials_t client_credentials;
242 
246 static gchar *database = NULL;
247 
251 int is_parent = 1;
252 
256 volatile int termination_signal = 0;
257 
261 volatile int sighup_update_nvt_cache = 0;
262 
266 static gchar **disabled_commands = NULL;
267 
276 
281 
285 char client_address[INET6_ADDRSTRLEN];
286 
290 sigset_t *sigmask_normal = NULL;
291 
295 gchar *priorities_option = "NORMAL";
296 
300 gchar *dh_params_option = NULL;
301 
306 
310 GSList *log_config = NULL;
311 
312 
313 /* Helpers. */
314 
321 static void
322 set_gnutls_priority (gnutls_session_t *session, const char *priority)
323 {
324  const char *errp = NULL;
325  if (gnutls_priority_set_direct (*session, priority, &errp)
326  == GNUTLS_E_INVALID_REQUEST)
327  g_warning ("Invalid GnuTLS priority: %s\n", errp);
328 }
329 
330 
331 /* Forking, serving the client. */
332 
333 /*
334  * Connection watcher thread data
335  */
336 typedef struct {
337  openvas_connection_t *client_connection;
339  pthread_mutex_t mutex;
341 
342 
351 connection_watcher_data_new (openvas_connection_t *client_connection)
352 {
353  connection_watcher_data_t *watcher_data;
354  watcher_data = g_malloc (sizeof (connection_watcher_data_t));
355 
356  watcher_data->client_connection = client_connection;
357  watcher_data->connection_closed = 0;
358  pthread_mutex_init (&(watcher_data->mutex), NULL);
359 
360  return watcher_data;
361 }
362 
370 static void*
371 watch_client_connection (void* data)
372 {
373  int active;
374  connection_watcher_data_t *watcher_data;
375  openvas_connection_t *client_connection;
376 
377  pthread_setcancelstate (PTHREAD_CANCEL_DISABLE, NULL);
378  watcher_data = (connection_watcher_data_t*) data;
379  client_connection = watcher_data->client_connection;
380 
381  pthread_mutex_lock (&(watcher_data->mutex));
382  active = 1;
383  pthread_mutex_unlock (&(watcher_data->mutex));
384 
385  while (active)
386  {
387  pthread_setcancelstate (PTHREAD_CANCEL_ENABLE, NULL);
388  sleep (client_watch_interval);
389  pthread_setcancelstate (PTHREAD_CANCEL_DISABLE, NULL);
390 
391  pthread_mutex_lock (&(watcher_data->mutex));
392 
393  if (watcher_data->connection_closed)
394  {
395  active = 0;
396  pthread_mutex_unlock (&(watcher_data->mutex));
397  continue;
398  }
399  int ret;
400  char buf[1];
401  errno = 0;
402 
403  ret = recv (client_connection->socket, buf, 1, MSG_PEEK);
404 
405  if (ret >= 0)
406  {
407  if (watcher_data->connection_closed == 0)
408  {
409  g_debug ("%s: Client connection closed", __FUNCTION__);
410  sql_cancel ();
411  active = 0;
412  watcher_data->connection_closed = 1;
413  }
414  }
415 
416  pthread_mutex_unlock (&(watcher_data->mutex));
417  }
418 
419  return NULL;
420 }
421 
434 int
435 serve_client (int server_socket, openvas_connection_t *client_connection)
436 {
437  pthread_t watch_thread;
438  connection_watcher_data_t *watcher_data;
439 
440  if (server_socket > 0)
441  {
442  int optval;
443 
444  optval = 1;
445  if (setsockopt (server_socket,
446  SOL_SOCKET, SO_KEEPALIVE,
447  &optval, sizeof (int)))
448  {
449  g_critical ("%s: failed to set SO_KEEPALIVE on scanner socket: %s\n",
450  __FUNCTION__,
451  strerror (errno));
452  exit (EXIT_FAILURE);
453  }
454  }
455 
457  {
458  watcher_data = connection_watcher_data_new (client_connection);
459  pthread_create (&watch_thread, NULL, watch_client_connection,
460  watcher_data);
461  }
462  else
463  {
464  watcher_data = NULL;
465  }
466 
467  if (client_connection->tls
468  && openvas_server_attach (client_connection->socket, &client_session))
469  {
470  g_debug ("%s: failed to attach client session to socket %i\n",
471  __FUNCTION__,
472  client_connection->socket);
473  goto fail;
474  }
475 
476  /* The socket must have O_NONBLOCK set, in case an "asynchronous network
477  * error" removes the data between `select' and `read'. */
478  if (fcntl (client_connection->socket, F_SETFL, O_NONBLOCK) == -1)
479  {
480  g_warning ("%s: failed to set real client socket flag: %s\n",
481  __FUNCTION__,
482  strerror (errno));
483  goto fail;
484  }
485 
486  /* Serve OMP. */
487 
488  /* It's up to serve_omp to openvas_server_free client_*. */
489  if (serve_omp (client_connection, database, disabled_commands, NULL))
490  goto server_fail;
491 
492  if (watcher_data)
493  {
494  pthread_mutex_lock (&(watcher_data->mutex));
495  watcher_data->connection_closed = 1;
496  pthread_mutex_unlock (&(watcher_data->mutex));
497  pthread_cancel (watch_thread);
498  pthread_join (watch_thread, NULL);
499  g_free (watcher_data);
500  }
501  return EXIT_SUCCESS;
502 
503  fail:
504  if (watcher_data)
505  {
506  pthread_mutex_lock (&(watcher_data->mutex));
507  openvas_connection_free (client_connection);
508  watcher_data->connection_closed = 1;
509  pthread_mutex_unlock (&(watcher_data->mutex));
510  }
511  else
512  {
513  openvas_connection_free (client_connection);
514  }
515  server_fail:
516  if (watcher_data)
517  {
518  pthread_mutex_lock (&(watcher_data->mutex));
519  watcher_data->connection_closed = 1;
520  pthread_mutex_unlock (&(watcher_data->mutex));
521  pthread_cancel (watch_thread);
522  pthread_join (watch_thread, NULL);
523  g_free (watcher_data);
524  }
525  return EXIT_FAILURE;
526 }
527 
537 static void
538 accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current)
539 {
540  /* Accept the client connection. */
541  pid_t pid;
542  int client_socket;
543  struct sockaddr_storage addr;
544  socklen_t addrlen = sizeof (addr);
545 
546  while ((client_socket = accept (server_socket, (struct sockaddr *) &addr,
547  &addrlen))
548  == -1)
549  {
550  if (errno == EINTR)
551  continue;
552  if (errno == EAGAIN || errno == EWOULDBLOCK)
553  /* The connection is gone, return to select. */
554  return;
555  g_critical ("%s: failed to accept client connection: %s\n",
556  __FUNCTION__,
557  strerror (errno));
558  exit (EXIT_FAILURE);
559  }
560  sockaddr_as_str (&addr, client_address);
561 
562  /* Fork a child to serve the client. */
563  pid = fork ();
564  switch (pid)
565  {
566  case 0:
567  /* Child. */
568  {
569  int ret;
570  struct sigaction action;
571  openvas_connection_t client_connection;
572 
573  is_parent = 0;
574 
575  /* Restore the sigmask that was blanked for pselect. */
576  pthread_sigmask (SIG_SETMASK, sigmask_current, NULL);
577 
578  memset (&action, '\0', sizeof (action));
579  sigemptyset (&action.sa_mask);
580  action.sa_handler = SIG_DFL;
581  if (sigaction (SIGCHLD, &action, NULL) == -1)
582  {
583  g_critical ("%s: failed to set client SIGCHLD handler: %s\n",
584  __FUNCTION__,
585  strerror (errno));
586  shutdown (client_socket, SHUT_RDWR);
587  close (client_socket);
588  exit (EXIT_FAILURE);
589  }
590 
591  /* The socket must have O_NONBLOCK set, in case an "asynchronous
592  * network error" removes the data between `select' and `read'.
593  */
594  if (fcntl (client_socket, F_SETFL, O_NONBLOCK) == -1)
595  {
596  g_critical ("%s: failed to set client socket flag: %s\n",
597  __FUNCTION__,
598  strerror (errno));
599  shutdown (client_socket, SHUT_RDWR);
600  close (client_socket);
601  exit (EXIT_FAILURE);
602  }
603  /* Reopen the database (required after fork). */
604  cleanup_manage_process (FALSE);
605  memset (&client_connection, 0, sizeof (client_connection));
606  client_connection.tls = use_tls;
607  client_connection.socket = client_socket;
608  client_connection.session = client_session;
609  client_connection.credentials = client_credentials;
610  ret = serve_client (server_socket, &client_connection);
612  save_tasks ();
613  exit (ret);
614  }
615  case -1:
616  /* Parent when error, return to select. */
617  g_warning ("%s: failed to fork child: %s\n",
618  __FUNCTION__,
619  strerror (errno));
620  close (client_socket);
621  break;
622  default:
623  /* Parent. Return to select. */
624  close (client_socket);
625  break;
626  }
627 }
628 
629 
630 /* Connection forker for scheduler. */
631 
641 static int
642 fork_connection_internal (openvas_connection_t *client_connection, gchar* uuid,
643  int scheduler)
644 {
645  int pid, parent_client_socket, ret;
646  int sockets[2];
647  struct sigaction action;
648 
649  /* Fork a child to use as scheduler client and server. */
650 
651  pid = fork ();
652  switch (pid)
653  {
654  case 0:
655  /* Child. */
656  cleanup_manage_process (FALSE);
657  break;
658 
659  case -1:
660  /* Parent when error. */
661  g_warning ("%s: fork: %s\n", __FUNCTION__, strerror (errno));
662  return -1;
663  break;
664 
665  default:
666  /* Parent. Return to caller. */
667  g_debug ("%s: %i forked %i", __FUNCTION__, getpid (), pid);
668  return pid;
669  break;
670  }
671 
672  /* This is now a child of the main Manager process. It forks again. The
673  * only case that returns is the process that the caller can use for OMP
674  * commands. The caller must exit this process.
675  */
676 
677  /* Restore the sigmask that was blanked for pselect. */
678  if (sigmask_normal)
679  pthread_sigmask (SIG_SETMASK, sigmask_normal, NULL);
680 
681  /* Create a connected pair of sockets. */
682  if (socketpair (AF_UNIX, SOCK_STREAM, 0, sockets))
683  {
684  g_warning ("%s: socketpair: %s\n", __FUNCTION__, strerror (errno));
685  exit (EXIT_FAILURE);
686  }
687 
688  /* Split into a Manager client for the scheduler, and a Manager serving
689  * OMP to that client. */
690 
691  is_parent = 0;
692 
693  pid = fork ();
694  switch (pid)
695  {
696  case 0:
697  /* Child. Serve the scheduler OMP, then exit. */
698 
699  parent_client_socket = sockets[0];
700 
701  memset (&action, '\0', sizeof (action));
702  sigemptyset (&action.sa_mask);
703  action.sa_handler = SIG_DFL;
704  if (sigaction (SIGCHLD, &action, NULL) == -1)
705  {
706  g_critical ("%s: failed to set client SIGCHLD handler: %s\n",
707  __FUNCTION__,
708  strerror (errno));
709  shutdown (parent_client_socket, SHUT_RDWR);
710  close (parent_client_socket);
711  exit (EXIT_FAILURE);
712  }
713 
714  /* The socket must have O_NONBLOCK set, in case an "asynchronous
715  * network error" removes the data between `select' and `read'.
716  */
717  if (fcntl (parent_client_socket, F_SETFL, O_NONBLOCK) == -1)
718  {
719  g_critical ("%s: failed to set client socket flag: %s\n",
720  __FUNCTION__,
721  strerror (errno));
722  shutdown (parent_client_socket, SHUT_RDWR);
723  close (parent_client_socket);
724  exit (EXIT_FAILURE);
725  }
726 
727  init_ompd_process (database, disabled_commands);
728 
729  /* Make any further authentications to this process succeed. This
730  * enables the scheduler to login as the owner of the scheduled
731  * task. */
732  manage_auth_allow_all (scheduler);
734 
735  /* For TLS, create a new session, because the parent may have been in
736  * the middle of using the old one. */
737 
738  if (use_tls)
739  {
740  if (openvas_server_new (GNUTLS_SERVER,
741  CACERT,
742  SCANNERCERT,
743  SCANNERKEY,
746  {
747  g_critical ("%s: client server initialisation failed\n",
748  __FUNCTION__);
749  exit (EXIT_FAILURE);
750  }
751  set_gnutls_priority (&client_session, priorities_option);
752  if (dh_params_option
753  && set_gnutls_dhparams (client_credentials, dh_params_option))
754  g_warning ("Couldn't set DH parameters from %s\n", dh_params_option);
755  }
756 
757  /* Serve client. */
758 
759  g_debug ("%s: serving OMP to client on socket %i",
760  __FUNCTION__, parent_client_socket);
761 
762  memset (client_connection, 0, sizeof (*client_connection));
763  client_connection->tls = use_tls;
764  client_connection->socket = parent_client_socket;
765  client_connection->session = client_session;
766  client_connection->credentials = client_credentials;
767  ret = serve_client (manager_socket, client_connection);
768 
770  save_tasks ();
771  exit (ret);
772  break;
773 
774  case -1:
775  /* Parent when error. */
776 
777  g_warning ("%s: fork: %s\n", __FUNCTION__, strerror (errno));
778  exit (EXIT_FAILURE);
779  break;
780 
781  default:
782  /* Parent. */
783 
784  g_debug ("%s: %i forked %i", __FUNCTION__, getpid (), pid);
785 
786  /* This process is returned as the child of
787  * fork_connection_for_scheduler so that the returned parent can wait
788  * on this process. */
789 
791  openvas_sleep (5);
792 
793  memset (client_connection, 0, sizeof (*client_connection));
794  client_connection->tls = use_tls;
795  client_connection->socket = sockets[1];
796 
797  if (use_tls)
798  {
799  if (openvas_server_new (GNUTLS_CLIENT,
800  CACERT,
801  CLIENTCERT,
802  CLIENTKEY,
803  &client_connection->session,
804  &client_connection->credentials))
805  exit (EXIT_FAILURE);
806 
807  if (openvas_server_attach (client_connection->socket,
808  &client_connection->session))
809  exit (EXIT_FAILURE);
810  }
811 
812  g_debug ("%s: all set to request OMP on socket %i",
813  __FUNCTION__, client_connection->socket);
814 
815  return 0;
816  break;
817  }
818 
819  exit (EXIT_FAILURE);
820  return -1;
821 }
822 
831 static int
832 fork_connection_for_scheduler (openvas_connection_t *client_connection, gchar* uuid)
833 {
834  return fork_connection_internal (client_connection, uuid, 1);
835 }
836 
845 static int
846 fork_connection_for_event (openvas_connection_t *client_connection, gchar* uuid)
847 {
848  return fork_connection_internal (client_connection, uuid, 0);
849 }
850 
851 
852 /* Maintenance functions. */
853 
857 static void
858 log_config_free ()
859 {
860  free_log_configuration (log_config);
861  log_config = NULL;
862 }
863 
869 static void
870 cleanup ()
871 {
872  g_debug (" Cleaning up.\n");
874  cleanup_manage_process (TRUE);
875  g_strfreev (disabled_commands);
876  if (manager_socket > -1) close (manager_socket);
877  if (manager_socket_2 > -1) close (manager_socket_2);
878 #if LOG
879  if (log_stream != NULL)
880  {
881  if (fclose (log_stream))
882  g_critical ("%s: failed to close log stream: %s\n",
883  __FUNCTION__,
884  strerror (errno));
885  }
886 #endif /* LOG */
887  g_debug (" Exiting.\n");
888  if (log_config) log_config_free ();
889 
890  /* Tear down authentication system conf, if any. */
891  openvas_auth_tear_down ();
892 
893  /* Delete pidfile if this process is the parent. */
894  if (is_parent == 1) pidfile_remove ("openvasmd");
895 }
896 
906 void
907 setup_signal_handler (int signal, void (*handler) (int), int block)
908 {
909  struct sigaction action;
910 
911  memset (&action, '\0', sizeof (action));
912  if (block)
913  sigfillset (&action.sa_mask);
914  else
915  sigemptyset (&action.sa_mask);
916  action.sa_handler = handler;
917  if (sigaction (signal, &action, NULL) == -1)
918  {
919  g_critical ("%s: failed to register %s handler\n",
920  __FUNCTION__, sys_siglist[signal]);
921  exit (EXIT_FAILURE);
922  }
923 }
924 
934 void
936  void (*handler) (int, siginfo_t *, void *),
937  int block)
938 {
939  struct sigaction action;
940 
941  memset (&action, '\0', sizeof (action));
942  if (block)
943  sigfillset (&action.sa_mask);
944  else
945  sigemptyset (&action.sa_mask);
946  action.sa_flags |= SA_SIGINFO;
947  action.sa_sigaction = handler;
948  if (sigaction (signal, &action, NULL) == -1)
949  {
950  g_critical ("%s: failed to register %s handler\n",
951  __FUNCTION__, sys_siglist[signal]);
952  exit (EXIT_FAILURE);
953  }
954 }
955 
956 #ifndef NDEBUG
957 #include <execinfo.h>
958 #define BA_SIZE 100
959 #endif
960 
966 void
967 handle_sigabrt (int given_signal)
968 {
969  static int in_sigabrt = 0;
970 
971  if (in_sigabrt) _exit (EXIT_FAILURE);
972  in_sigabrt = 1;
973 
974 #ifndef NDEBUG
975  void *frames[BA_SIZE];
976  int frame_count, index;
977  char **frames_text;
978 
979  /* Print a backtrace. */
980  frame_count = backtrace (frames, BA_SIZE);
981  frames_text = backtrace_symbols (frames, frame_count);
982  if (frames_text == NULL)
983  {
984  perror ("backtrace symbols");
985  frame_count = 0;
986  }
987  for (index = 0; index < frame_count; index++)
988  g_debug ("%s\n", frames_text[index]);
989  free (frames_text);
990 #endif
991 
992  manage_cleanup_process_error (given_signal);
993  cleanup ();
994  /* Raise signal again, to exit with the correct return value. */
995  setup_signal_handler (given_signal, SIG_DFL, 0);
996  raise (given_signal);
997 }
998 
1004 void
1006 {
1007  termination_signal = signal;
1008 
1009  sql_cancel ();
1010 }
1011 
1017 void
1019 {
1020  /* Queue the update of the NVT cache. */
1022 }
1023 
1029 void
1030 handle_sigsegv (/* unused */ int given_signal)
1031 {
1032  manage_cleanup_process_error (given_signal);
1033 
1034  /* This previously called "cleanup", but it seems that the regular manager
1035  * code runs again before the default handler is invoked, at least when the
1036  * SIGKILL is sent from the command line. This was leading to errors which
1037  * were preventing the default handler from running and dumping core. */
1038 
1039  /* Raise signal again, to exit with the correct return value. */
1040  setup_signal_handler (given_signal, SIG_DFL, 0);
1041  raise (given_signal);
1042 }
1043 
1051 void
1052 handle_sigchld (/* unused */ int given_signal, siginfo_t *info, void *ucontext)
1053 {
1054  int status, pid;
1055  while ((pid = waitpid (-1, &status, WNOHANG)) > 0)
1056  if (update_in_progress == pid)
1057  /* This was the NVT update child, so allow updates again. */
1058  update_in_progress = 0;
1059 }
1060 
1061 
1062 
1066 void
1068 {
1069  static char current = '/';
1070  switch (current)
1071  {
1072  case '\\':
1073  current = '|';
1074  break;
1075  case '|':
1076  current = '/';
1077  break;
1078  case '/':
1079  current = '-';
1080  break;
1081  case '-':
1082  current = '\\';
1083  break;
1084  }
1085  putchar ('\b');
1086  putchar (current);
1087  fflush (stdout);
1088  g_debug (" %c\n", current);
1089 }
1090 
1096 void
1098 {
1099  exit (EXIT_FAILURE);
1100 }
1101 
1113 static int
1114 update_or_rebuild_nvt_cache (int update_nvt_cache, int register_cleanup,
1115  void (*progress) (), int skip_create_tables)
1116 {
1117  int ret;
1118  openvas_connection_t connection;
1119 
1120  /* Initialise OMP daemon. */
1121 
1122  if (update_nvt_cache == 0)
1123  {
1124  proctitle_set ("openvasmd: Rebuilding");
1125  g_info ("%s: Rebuilding NVT cache\n", __FUNCTION__);
1126  }
1127  else
1128  {
1129  proctitle_set ("openvasmd: Updating");
1130  g_info ("%s: Updating NVT cache\n", __FUNCTION__);
1131  }
1132 
1133  switch (init_ompd (log_config,
1134  update_nvt_cache ? -1 : -2,
1135  database,
1136  manage_max_hosts (),
1137  0, /* Max email attachment size. */
1138  0, /* Max email include size. */
1139  0, /* Max email message size. */
1140  progress,
1141  NULL,
1142  skip_create_tables))
1143  {
1144  case 0:
1145  break;
1146  case -2:
1147  g_critical ("%s: database is wrong version\n", __FUNCTION__);
1148  log_config_free ();
1149  exit (EXIT_FAILURE);
1150  break;
1151  case -3:
1152  assert (0);
1153  case -1:
1154  default:
1155  g_critical ("%s: failed to initialise OMP daemon\n", __FUNCTION__);
1156  log_config_free ();
1157  exit (EXIT_FAILURE);
1158  }
1159 
1160  /* Register the `cleanup' function. */
1161 
1162  if (register_cleanup && atexit (&cleanup))
1163  {
1164  g_critical ("%s: failed to register `atexit' cleanup function\n",
1165  __FUNCTION__);
1166  log_config_free ();
1167  exit (EXIT_FAILURE);
1168  }
1169 
1170  /* Register the signal handlers. */
1171 
1173  setup_signal_handler (SIGABRT, handle_sigabrt, 1);
1177  setup_signal_handler (SIGSEGV, handle_sigsegv, 1);
1178  setup_signal_handler (SIGCHLD, SIG_IGN, 0);
1179 
1180  /* Call the OMP client serving function with a special client socket
1181  * value. This invokes a scanner-only manager loop which will
1182  * request and cache the plugins, then exit. */
1183 
1184  connection.socket = update_nvt_cache ? -1 : -2;
1185  ret = serve_omp (&connection, database, NULL, progress);
1187  switch (ret)
1188  {
1189  case 0:
1190  return EXIT_SUCCESS;
1191  case 1:
1192  return 2;
1193  case -2:
1194  g_critical ("%s: scanner OpenVAS Default has no cert\n", __FUNCTION__);
1195  return EXIT_FAILURE;
1196  default:
1197  case -1:
1198  return EXIT_FAILURE;
1199  }
1200 }
1201 
1216 static int
1217 rebuild_nvt_cache_retry (int update_or_rebuild, int register_cleanup,
1218  void (*progress) (), int skip_create_tables)
1219 {
1220  proctitle_set ("openvasmd: Reloading");
1221  g_info ("%s: Reloading NVT cache\n", __FUNCTION__);
1222 
1223  /* Don't ignore SIGCHLD, in order to wait for child process. */
1224  setup_signal_handler (SIGCHLD, SIG_DFL, 0);
1225  while (1)
1226  {
1227  pid_t child_pid = fork ();
1228  if (child_pid > 0)
1229  {
1230  int status, i;
1231  /* Parent: Wait for child. */
1232  if (waitpid (child_pid, &status, 0) > 0 && WEXITSTATUS (status) != 2)
1233  return WEXITSTATUS (status);
1234  /* Child exit status == 2 means that the scanner is still loading. */
1235  for (i = 0; i < 10; i++)
1236  {
1237  if (progress)
1238  progress ();
1239  openvas_sleep (1);
1240  }
1241  }
1242  else if (child_pid == 0)
1243  {
1244  /* Child: Try reload. */
1245  int ret = update_or_rebuild_nvt_cache (update_or_rebuild,
1246  register_cleanup, progress,
1247  skip_create_tables);
1248 
1249  exit (ret);
1250  }
1251  }
1252 }
1253 
1254 
1261 static int
1262 fork_update_nvt_cache ()
1263 {
1264  int pid;
1265  sigset_t sigmask_all, sigmask_current;
1266 
1267  if (update_in_progress)
1268  {
1269  g_debug ("%s: Update skipped because an update is in progress",
1270  __FUNCTION__);
1271  return 1;
1272  }
1273 
1274  update_in_progress = 1;
1275 
1276  /* Block SIGCHLD until parent records the value of the child PID. */
1277  if (sigemptyset (&sigmask_all))
1278  {
1279  g_critical ("%s: Error emptying signal set\n", __FUNCTION__);
1280  return -1;
1281  }
1282  if (pthread_sigmask (SIG_BLOCK, &sigmask_all, &sigmask_current))
1283  {
1284  g_critical ("%s: Error setting signal mask\n", __FUNCTION__);
1285  return -1;
1286  }
1287 
1288  pid = fork ();
1289  switch (pid)
1290  {
1291  case 0:
1292  /* Child. */
1293 
1294  /* Clean up the process. */
1295 
1296  pthread_sigmask (SIG_SETMASK, &sigmask_current, NULL);
1298  cleanup_manage_process (FALSE);
1299  if (manager_socket > -1) close (manager_socket);
1300  if (manager_socket_2 > -1) close (manager_socket_2);
1301  openvas_auth_tear_down ();
1302 
1303  /* Update the cache. */
1304 
1305  g_info (" internal NVT cache update\n");
1306 
1307  rebuild_nvt_cache_retry (1, 0, NULL, 1);
1308 
1309  /* Exit. */
1310 
1311  cleanup_manage_process (FALSE);
1312  exit (EXIT_SUCCESS);
1313 
1314  break;
1315 
1316  case -1:
1317  /* Parent when error. */
1318  g_warning ("%s: fork: %s\n", __FUNCTION__, strerror (errno));
1319  update_in_progress = 0;
1320  if (pthread_sigmask (SIG_SETMASK, &sigmask_current, NULL))
1321  g_warning ("%s: Error resetting signal mask\n", __FUNCTION__);
1322  return -1;
1323 
1324  default:
1325  /* Parent. Unblock signals and continue. */
1326  update_in_progress = pid;
1327  if (pthread_sigmask (SIG_SETMASK, &sigmask_current, NULL))
1328  g_warning ("%s: Error resetting signal mask\n", __FUNCTION__);
1329  return 0;
1330  }
1331 }
1332 
1341 static void
1342 serve_and_schedule ()
1343 {
1344  time_t last_schedule_time = 0;
1345  sigset_t sigmask_all;
1346  static sigset_t sigmask_current;
1347 
1348  if (sigfillset (&sigmask_all))
1349  {
1350  g_critical ("%s: Error filling signal set\n", __FUNCTION__);
1351  exit (EXIT_FAILURE);
1352  }
1353  if (pthread_sigmask (SIG_BLOCK, &sigmask_all, &sigmask_current))
1354  {
1355  g_critical ("%s: Error setting signal mask\n", __FUNCTION__);
1356  exit (EXIT_FAILURE);
1357  }
1358  sigmask_normal = &sigmask_current;
1359  while (1)
1360  {
1361  int ret, nfds;
1362  fd_set readfds, exceptfds;
1363  struct timespec timeout;
1364 
1365  FD_ZERO (&readfds);
1366  FD_SET (manager_socket, &readfds);
1367  if (manager_socket_2 > -1)
1368  FD_SET (manager_socket_2, &readfds);
1369  FD_ZERO (&exceptfds);
1370  FD_SET (manager_socket, &exceptfds);
1371  if (manager_socket_2 > -1)
1372  FD_SET (manager_socket_2, &exceptfds);
1374  nfds = manager_socket + 1;
1375  else
1376  nfds = manager_socket_2 + 1;
1377 
1378  if (termination_signal)
1379  {
1380  g_debug ("Received %s signal.\n",
1381  sys_siglist[termination_signal]);
1382  cleanup ();
1383  /* Raise signal again, to exit with the correct return value. */
1384  setup_signal_handler (termination_signal, SIG_DFL, 0);
1385  pthread_sigmask (SIG_SETMASK, sigmask_normal, NULL);
1386  raise (termination_signal);
1387  }
1388 
1390  {
1391  g_debug ("Received %s signal.\n", sys_siglist[SIGHUP]);
1393  fork_update_nvt_cache ();
1394  }
1395 
1396  if ((time (NULL) - last_schedule_time) > SCHEDULE_PERIOD)
1397  {
1398  if (manage_schedule (fork_connection_for_scheduler,
1401  < 0)
1402  exit (EXIT_FAILURE);
1403 
1404  last_schedule_time = time (NULL);
1405  }
1406 
1407  timeout.tv_sec = SCHEDULE_PERIOD;
1408  timeout.tv_nsec = 0;
1409  ret = pselect (nfds, &readfds, NULL, &exceptfds, &timeout,
1410  sigmask_normal);
1411 
1412  if (ret == -1)
1413  {
1414  /* Error occurred while selecting socket. */
1415  if (errno == EINTR)
1416  continue;
1417  g_critical ("%s: select failed: %s\n",
1418  __FUNCTION__,
1419  strerror (errno));
1420  exit (EXIT_FAILURE);
1421  }
1422 
1423  if (ret > 0)
1424  {
1425  /* Have an incoming connection. */
1426  if (FD_ISSET (manager_socket, &exceptfds))
1427  {
1428  g_critical ("%s: exception in select\n", __FUNCTION__);
1429  exit (EXIT_FAILURE);
1430  }
1431  if ((manager_socket_2 > -1) && FD_ISSET (manager_socket_2, &exceptfds))
1432  {
1433  g_critical ("%s: exception in select (2)\n", __FUNCTION__);
1434  exit (EXIT_FAILURE);
1435  }
1436  if (FD_ISSET (manager_socket, &readfds))
1437  accept_and_maybe_fork (manager_socket, sigmask_normal);
1438  if ((manager_socket_2 > -1) && FD_ISSET (manager_socket_2, &readfds))
1439  accept_and_maybe_fork (manager_socket_2, sigmask_normal);
1440  }
1441 
1442  if (manage_schedule (fork_connection_for_scheduler, scheduling_enabled,
1444  < 0)
1445  exit (EXIT_FAILURE);
1446 
1447  if (termination_signal)
1448  {
1449  g_debug ("Received %s signal.\n",
1450  sys_siglist[termination_signal]);
1451  cleanup ();
1452  /* Raise signal again, to exit with the correct return value. */
1453  setup_signal_handler (termination_signal, SIG_DFL, 0);
1454  pthread_sigmask (SIG_SETMASK, sigmask_normal, NULL);
1455  raise (termination_signal);
1456  }
1457 
1459  {
1460  g_debug ("Received %s signal.\n", sys_siglist[SIGHUP]);
1462  fork_update_nvt_cache ();
1463  }
1464 
1465  last_schedule_time = time (NULL);
1466  }
1467 }
1468 
1482 static int
1483 manager_listen (const char *address_str_unix, const char *address_str_tls,
1484  const char *port_str, const char *socket_owner,
1485  const char *socket_group, const char *socket_mode, int *soc)
1486 {
1487  struct sockaddr *address;
1488  struct sockaddr_un address_unix;
1489  struct sockaddr_storage address_tls;
1490  int address_size;
1491 
1492  memset (&address_tls, 0, sizeof (struct sockaddr_storage));
1493  memset (&address_unix, 0, sizeof (struct sockaddr_un));
1494 
1495  g_debug ("%s: address_str_unix: %s\n", __FUNCTION__, address_str_unix);
1496  if (address_str_unix)
1497  {
1498  struct stat state;
1499 
1500  /* UNIX file socket. */
1501 
1502  address_unix.sun_family = AF_UNIX;
1503  strncpy (address_unix.sun_path,
1504  address_str_unix,
1505  sizeof (address_unix.sun_path) - 1);
1506 
1507  g_debug ("%s: address_unix.sun_path: %s\n",
1508  __FUNCTION__,
1509  address_unix.sun_path);
1510 
1511  *soc = socket (AF_UNIX, SOCK_STREAM, 0);
1512  if (*soc == -1)
1513  {
1514  g_warning ("Failed to create manager socket (UNIX): %s",
1515  strerror (errno));
1516  return -1;
1517  }
1518 
1519  if (stat (address_unix.sun_path, &state) == 0)
1520  {
1521  /* Remove socket so we can bind(). */
1522  unlink (address_unix.sun_path);
1523  }
1524 
1525  address = (struct sockaddr *) &address_unix;
1526  address_size = sizeof (address_unix);
1527  }
1528  else if (address_str_tls)
1529  {
1530  struct sockaddr_in *addr4;
1531  struct sockaddr_in6 *addr6;
1532  int port, optval;
1533 
1534  /* TLS TCP socket. */
1535 
1536  if (port_str)
1537  {
1538  port = atoi (port_str);
1539  if (port <= 0 || port >= 65536)
1540  {
1541  g_warning ("Manager port must be a number between 1 and 65535");
1542  log_config_free ();
1543  return -1;
1544  }
1545  port = htons (port);
1546  }
1547  else
1548  {
1549  struct servent *servent = getservbyname ("otp", "tcp");
1550  if (servent)
1551  port = servent->s_port;
1552  else
1553  port = htons (OPENVASMD_PORT);
1554  }
1555 
1556  addr4 = (struct sockaddr_in *) &address_tls;
1557  addr6 = (struct sockaddr_in6 *) &address_tls;
1558  if (inet_pton (AF_INET6, address_str_tls, &addr6->sin6_addr) > 0)
1559  {
1560  address_tls.ss_family = AF_INET6;
1561  addr6->sin6_port = port;
1562  }
1563  else if (inet_pton (AF_INET, address_str_tls, &addr4->sin_addr) > 0)
1564  {
1565  address_tls.ss_family = AF_INET;
1566  addr4->sin_port = port;
1567  }
1568  else
1569  {
1570  g_warning ("Failed to create manager address %s", address_str_tls);
1571  return -1;
1572  }
1573 
1574  if (address_tls.ss_family == AF_INET6)
1575  *soc = socket (PF_INET6, SOCK_STREAM, 0);
1576  else
1577  *soc = socket (PF_INET, SOCK_STREAM, 0);
1578  if (*soc == -1)
1579  {
1580  g_warning ("Failed to create manager socket (TLS): %s",
1581  strerror (errno));
1582  return -1;
1583  }
1584 
1585  optval = 1;
1586  if (setsockopt (*soc, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int)))
1587  {
1588  g_warning ("Failed to set SO_REUSEADDR on socket: %s",
1589  strerror (errno));
1590  return -1;
1591  }
1592 
1593  address = (struct sockaddr *) &address_tls;
1594  address_size = sizeof (address_tls);
1595  }
1596  else
1597  return 0;
1598 
1599  /* The socket must have O_NONBLOCK set, in case an "asynchronous network
1600  * error" removes the connection between `select' and `accept'. */
1601  if (fcntl (*soc, F_SETFL, O_NONBLOCK) == -1)
1602  {
1603  g_warning ("Failed to set manager socket flag: %s", strerror (errno));
1604  return -1;
1605  }
1606 
1607  if (bind (*soc, address, address_size) == -1)
1608  {
1609  g_warning ("Failed to bind manager socket: %s", strerror (errno));
1610  return -1;
1611  }
1612 
1613  if (address_str_unix)
1614  {
1615  mode_t omode;
1616 
1617  if (socket_owner)
1618  {
1619  struct passwd *passwd;
1620 
1621  passwd = getpwnam (socket_owner);
1622  if (passwd == NULL)
1623  {
1624  g_warning ("%s: User %s not found.", __FUNCTION__, socket_owner);
1625  return -1;
1626  }
1627  if (chown (address_str_unix, passwd->pw_uid, -1) == -1)
1628  {
1629  g_warning ("%s: chown: %s", __FUNCTION__, strerror (errno));
1630  return -1;
1631  }
1632  }
1633 
1634  if (socket_group)
1635  {
1636  struct group *group;
1637 
1638  group = getgrnam (socket_group);
1639  if (group == NULL)
1640  {
1641  g_warning ("%s: Group %s not found.", __FUNCTION__, socket_group);
1642  return -1;
1643  }
1644  if (chown (address_str_unix, -1, group->gr_gid) == -1)
1645  {
1646  g_warning ("%s: chown: %s", __FUNCTION__, strerror (errno));
1647  return -1;
1648  }
1649  }
1650 
1651  if (!socket_mode)
1652  socket_mode = "660";
1653  omode = strtol (socket_mode, 0, 8);
1654  if (omode <= 0 || omode > 4095)
1655  {
1656  g_warning ("%s: Erroneous --listen-mode value", __FUNCTION__);
1657  return -1;
1658  }
1659  if (chmod (address_str_unix, omode) == -1)
1660  {
1661  g_warning ("%s: chmod: %s", __FUNCTION__, strerror (errno));
1662  return -1;
1663  }
1664  }
1665 
1666  if (listen (*soc, MAX_CONNECTIONS) == -1)
1667  {
1668  g_warning ("Failed to listen on manager socket: %s", strerror (errno));
1669  return -1;
1670  }
1671 
1672  return 0;
1673 }
1674 
1690 int
1691 main (int argc, char** argv)
1692 {
1693  /* Process options. */
1694 
1695  static gboolean backup_database = FALSE;
1696  static gboolean check_alerts = FALSE;
1697  static gboolean migrate_database = FALSE;
1698  static gboolean encrypt_all_credentials = FALSE;
1699  static gboolean decrypt_all_credentials = FALSE;
1700  static gboolean disable_password_policy = FALSE;
1701  static gboolean disable_scheduling = FALSE;
1702  static gboolean get_users = FALSE;
1703  static gboolean get_scanners = FALSE;
1704  static gboolean update_nvt_cache = FALSE;
1705  static gboolean rebuild_nvt_cache = FALSE;
1706  static gboolean foreground = FALSE;
1707  static gboolean print_version = FALSE;
1708  static gboolean progress = FALSE;
1709  static int max_ips_per_target = MANAGE_MAX_HOSTS;
1710  static int max_email_attachment_size = 0;
1711  static int max_email_include_size = 0;
1712  static int max_email_message_size = 0;
1713  static int verbose = 0;
1714  static gchar *create_user = NULL;
1715  static gchar *delete_user = NULL;
1716  static gchar *inheritor = NULL;
1717  static gchar *user = NULL;
1718  static gchar *create_scanner = NULL;
1719  static gchar *modify_scanner = NULL;
1720  static gchar *scanner_host = NULL;
1721  static gchar *otp_scanner = NULL;
1722  static gchar *scanner_port = NULL;
1723  static gchar *scanner_type = NULL;
1724  static gchar *scanner_ca_pub = NULL;
1725  static gchar *scanner_key_pub = NULL;
1726  static gchar *scanner_key_priv = NULL;
1727  static int schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT;
1728  static gchar *delete_scanner = NULL;
1729  static gchar *verify_scanner = NULL;
1730  static gchar *priorities = "NORMAL";
1731  static gchar *dh_params = NULL;
1732  static gchar *listen_owner = NULL;
1733  static gchar *listen_group = NULL;
1734  static gchar *listen_mode = NULL;
1735  static gchar *new_password = NULL;
1736  static gchar *optimize = NULL;
1737  static gchar *password = NULL;
1738  static gchar *manager_address_string = NULL;
1739  static gchar *manager_address_string_2 = NULL;
1740  static gchar *manager_address_string_unix = NULL;
1741  static gchar *manager_port_string = NULL;
1742  static gchar *manager_port_string_2 = NULL;
1743  static gchar *modify_setting = NULL;
1744  static gchar *scanner_name = NULL;
1745  static gchar *rc_name = NULL;
1746  static gchar *role = NULL;
1747  static gchar *disable = NULL;
1748  static gchar *value = NULL;
1749  GError *error = NULL;
1750  GOptionContext *option_context;
1751  static GOptionEntry option_entries[]
1752  = {
1753  { "backup", '\0', 0, G_OPTION_ARG_NONE, &backup_database, "Backup the database.", NULL },
1754  { "check-alerts", '\0', 0, G_OPTION_ARG_NONE, &check_alerts, "Check SecInfo alerts.", NULL },
1755  { "client-watch-interval", '\0', 0, G_OPTION_ARG_INT,
1757  "Check if client connection was closed every <number> seconds."
1758  " 0 to disable. Defaults to "
1759  G_STRINGIFY (DEFAULT_CLIENT_WATCH_INTERVAL) " seconds.",
1760  "<number>" },
1761  { "database", 'd', 0, G_OPTION_ARG_STRING, &database, "Use <file/name> as database for SQLite/Postgres.", "<file/name>" },
1762  { "disable-cmds", '\0', 0, G_OPTION_ARG_STRING, &disable, "Disable comma-separated <commands>.", "<commands>" },
1763  { "disable-encrypted-credentials", '\0', 0, G_OPTION_ARG_NONE,
1765  "Do not encrypt or decrypt credentials.", NULL },
1766  {"disable-password-policy", '\0', 0, G_OPTION_ARG_NONE,
1767  &disable_password_policy, "Do not restrict passwords to the policy.",
1768  NULL},
1769  { "disable-scheduling", '\0', 0, G_OPTION_ARG_NONE, &disable_scheduling, "Disable task scheduling.", NULL },
1770  { "create-user", '\0', 0, G_OPTION_ARG_STRING, &create_user, "Create admin user <username> and exit.", "<username>" },
1771  { "delete-user", '\0', 0, G_OPTION_ARG_STRING, &delete_user, "Delete user <username> and exit.", "<username>" },
1772  { "get-users", '\0', 0, G_OPTION_ARG_NONE, &get_users, "List users and exit.", NULL },
1773  { "create-scanner", '\0', 0, G_OPTION_ARG_STRING, &create_scanner,
1774  "Create global scanner <scanner> and exit.", "<scanner>" },
1775  { "modify-scanner", '\0', 0, G_OPTION_ARG_STRING, &modify_scanner,
1776  "Modify scanner <scanner-uuid> and exit.", "<scanner-uuid>" },
1777  { "scanner-name", '\0', 0, G_OPTION_ARG_STRING, &scanner_name, "Name for --modify-scanner.", "<name>" },
1778  { "scanner-host", '\0', 0, G_OPTION_ARG_STRING, &scanner_host,
1779  "Scanner host for --create-scanner and --modify-scanner. Default is " OPENVASSD_ADDRESS ".",
1780  "<scanner-host>" },
1781  { "otp-scanner", '\0', 0, G_OPTION_ARG_STRING, &otp_scanner,
1782  "Path to scanner unix socket file. Used by --rebuild and --update", "<unixsocket>" },
1783  { "scanner-port", '\0', 0, G_OPTION_ARG_STRING, &scanner_port,
1784  "Scanner port for --create-scanner and --modify-scanner. Default is " G_STRINGIFY (OPENVASSD_PORT) ".",
1785  "<scanner-port>" },
1786  { "scanner-type", '\0', 0, G_OPTION_ARG_STRING, &scanner_type,
1787  "Scanner type for --create-scanner and --mdoify-scanner. Either 'OpenVAS' or 'OSP'.",
1788  "<scanner-type>" },
1789  { "scanner-ca-pub", '\0', 0, G_OPTION_ARG_STRING, &scanner_ca_pub,
1790  "Scanner CA Certificate path for --[create|modify]-scanner.", "<scanner-ca-pub>" },
1791  { "scanner-key-pub", '\0', 0, G_OPTION_ARG_STRING, &scanner_key_pub,
1792  "Scanner Certificate path for --[create|modify]-scanner.", "<scanner-key-public>" },
1793  { "scanner-key-priv", '\0', 0, G_OPTION_ARG_STRING, &scanner_key_priv,
1794  "Scanner private key path for --[create|modify]-scanner.", "<scanner-key-private>" },
1795  { "verify-scanner", '\0', 0, G_OPTION_ARG_STRING, &verify_scanner,
1796  "Verify scanner <scanner-uuid> and exit.", "<scanner-uuid>" },
1797  { "delete-scanner", '\0', 0, G_OPTION_ARG_STRING, &delete_scanner, "Delete scanner <scanner-uuid> and exit.", "<scanner-uuid>" },
1798  { "get-scanners", '\0', 0, G_OPTION_ARG_NONE, &get_scanners, "List scanners and exit.", NULL },
1799  { "schedule-timeout", '\0', 0, G_OPTION_ARG_INT, &schedule_timeout, "Time out tasks that are more than <time> minutes overdue. -1 to disable, 0 for minimum time, default: " G_STRINGIFY (SCHEDULE_TIMEOUT_DEFAULT), "<time>" },
1800  { "foreground", 'f', 0, G_OPTION_ARG_NONE, &foreground, "Run in foreground.", NULL },
1801  { "inheritor", '\0', 0, G_OPTION_ARG_STRING, &inheritor, "Have <username> inherit from deleted user.", "<username>" },
1802  { "listen", 'a', 0, G_OPTION_ARG_STRING, &manager_address_string, "Listen on <address>.", "<address>" },
1803  { "listen2", '\0', 0, G_OPTION_ARG_STRING, &manager_address_string_2, "Listen also on <address>.", "<address>" },
1804  { "listen-owner", '\0', 0, G_OPTION_ARG_STRING, &listen_owner,
1805  "Owner of the unix socket", "<string>" },
1806  { "listen-group", '\0', 0, G_OPTION_ARG_STRING, &listen_group,
1807  "Group of the unix socket", "<string>" },
1808  { "listen-mode", '\0', 0, G_OPTION_ARG_STRING, &listen_mode,
1809  "File mode of the unix socket", "<string>" },
1810  { "max-ips-per-target", '\0', 0, G_OPTION_ARG_INT, &max_ips_per_target, "Maximum number of IPs per target.", "<number>"},
1811  { "max-email-attachment-size", '\0', 0, G_OPTION_ARG_INT, &max_email_attachment_size, "Maximum size of alert email attachments, in bytes.", "<number>"},
1812  { "max-email-include-size", '\0', 0, G_OPTION_ARG_INT, &max_email_include_size, "Maximum size of inlined content in alert emails, in bytes.", "<number>"},
1813  { "max-email-message-size", '\0', 0, G_OPTION_ARG_INT, &max_email_message_size, "Maximum size of user-defined message text in alert emails, in bytes.", "<number>"},
1814  { "migrate", 'm', 0, G_OPTION_ARG_NONE, &migrate_database, "Migrate the database and exit.", NULL },
1815  { "modify-setting", '\0', 0, G_OPTION_ARG_STRING, &modify_setting,
1816  "Modify setting <uuid> and exit.", "<uuid>" },
1817  { "encrypt-all-credentials", '\0', 0, G_OPTION_ARG_NONE,
1818  &encrypt_all_credentials, "(Re-)Encrypt all credentials.", NULL },
1819  { "decrypt-all-credentials", '\0',
1820  G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE,
1821  &decrypt_all_credentials, NULL, NULL },
1822  { "new-password", '\0', 0, G_OPTION_ARG_STRING, &new_password, "Modify user's password and exit.", "<password>" },
1823  { "optimize", '\0', 0, G_OPTION_ARG_STRING, &optimize, "Run an optimization: vacuum, analyze, cleanup-config-prefs, remove-open-port-results, cleanup-port-names, cleanup-result-severities, cleanup-schedule-times, rebuild-report-cache or update-report-cache.", "<name>" },
1824  { "password", '\0', 0, G_OPTION_ARG_STRING, &password, "Password, for --create-user.", "<password>" },
1825  { "port", 'p', 0, G_OPTION_ARG_STRING, &manager_port_string, "Use port number <number>.", "<number>" },
1826  { "port2", '\0', 0, G_OPTION_ARG_STRING, &manager_port_string_2, "Use port number <number> for address 2.", "<number>" },
1827  { "progress", '\0', 0, G_OPTION_ARG_NONE, &progress, "Display progress during --rebuild and --update.", NULL },
1828  { "rebuild", '\0', 0, G_OPTION_ARG_NONE, &rebuild_nvt_cache, "Rebuild the NVT cache and exit.", NULL },
1829  { "role", '\0', 0, G_OPTION_ARG_STRING, &role, "Role for --create-user and --get-users.", "<role>" },
1830  { "update", 'u', 0, G_OPTION_ARG_NONE, &update_nvt_cache, "Update the NVT cache and exit.", NULL },
1831  { "unix-socket", 'c', 0, G_OPTION_ARG_STRING, &manager_address_string_unix, "Listen on UNIX socket at <filename>.", "<filename>" },
1832  { "user", '\0', 0, G_OPTION_ARG_STRING, &user, "User for --new-password.", "<username>" },
1833  { "gnutls-priorities", '\0', 0, G_OPTION_ARG_STRING, &priorities, "Sets the GnuTLS priorities for the Manager socket.", "<priorities-string>" },
1834  { "dh-params", '\0', 0, G_OPTION_ARG_STRING, &dh_params, "Diffie-Hellman parameters file", "<file>" },
1835  { "value", '\0', 0, G_OPTION_ARG_STRING, &value, "Value for --modify-setting.", "<value>" },
1836  { "verbose", 'v', 0, G_OPTION_ARG_NONE, &verbose, "Has no effect. See INSTALL for logging config.", NULL },
1837  { "version", '\0', 0, G_OPTION_ARG_NONE, &print_version, "Print version and exit.", NULL },
1838  { NULL }
1839  };
1840 
1841  /* Set locale based on environment variables. */
1842 
1843  setlocale (LC_ALL, "C.UTF-8");
1844 
1845  /* Process options. */
1846 
1847  option_context = g_option_context_new ("- Manager of the Open Vulnerability Assessment System");
1848  g_option_context_add_main_entries (option_context, option_entries, NULL);
1849  if (!g_option_context_parse (option_context, &argc, &argv, &error))
1850  {
1851  g_option_context_free (option_context);
1852  g_critical ("%s: g_option_context_parse: %s\n\n", __FUNCTION__,
1853  error->message);
1854  exit (EXIT_FAILURE);
1855  }
1856  g_option_context_free (option_context);
1857 
1858  if (print_version)
1859  {
1860  printf ("OpenVAS Manager %s\n", OPENVASMD_VERSION);
1861 #ifdef OPENVASMD_GIT_REVISION
1862  printf ("GIT revision %s\n", OPENVASMD_GIT_REVISION);
1863 #endif
1864  printf ("Manager DB revision %i\n", manage_db_supported_version ());
1865  printf ("Copyright (C) 2010-2016 Greenbone Networks GmbH\n");
1866  printf ("License GPLv2+: GNU GPL version 2 or later\n");
1867  printf
1868  ("This is free software: you are free to change and redistribute it.\n"
1869  "There is NO WARRANTY, to the extent permitted by law.\n\n");
1870  exit (EXIT_SUCCESS);
1871  }
1872 
1873  /* Ensure client_watch_interval is not negative */
1874 
1875  if (client_watch_interval < 0)
1876  {
1878  }
1879 
1880  /* Set schedule_timeout */
1881 
1882  set_schedule_timeout (schedule_timeout);
1883 
1884  /* Check which type of socket to use. */
1885 
1886  if (manager_address_string_unix == NULL)
1887  {
1888  if (manager_address_string || manager_address_string_2)
1889  use_tls = 1;
1890  else
1891  {
1892  use_tls = 0;
1893  manager_address_string_unix = g_build_filename (OPENVAS_RUN_DIR,
1894  "openvasmd.sock",
1895  NULL);
1896  }
1897  }
1898  else
1899  {
1900  use_tls = 0;
1901  if (manager_address_string || manager_address_string_2)
1902  {
1903  g_critical ("%s: --listen or --listen2 given with --unix-socket\n",
1904  __FUNCTION__);
1905  return EXIT_FAILURE;
1906  }
1907  }
1908 
1909  if (use_tls == 0
1910  && (manager_port_string || manager_port_string_2))
1911  {
1912  g_critical ("%s: --port or --port2 given when listening on UNIX socket\n",
1913  __FUNCTION__);
1914  return EXIT_FAILURE;
1915  }
1916 
1917  /* Set process title. */
1918 
1919  proctitle_init (argc, argv);
1920  proctitle_set ("openvasmd: Initializing.");
1921 
1922  /* Setup initial signal handlers. */
1923 
1925 
1926  /* Switch to UTC for scheduling. */
1927 
1928  if (migrate_database
1930  g_info ("%s: leaving TZ as is, for migrator\n", __FUNCTION__);
1931  else if (setenv ("TZ", "utc 0", 1) == -1)
1932  {
1933  g_critical ("%s: failed to set timezone\n", __FUNCTION__);
1934  exit (EXIT_FAILURE);
1935  }
1936  tzset ();
1937 
1938  /* Set umask to hoard created files, including the database. */
1939 
1940  umask (S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH);
1941 
1942  /* Setup logging. */
1943 
1944  rc_name = g_build_filename (OPENVAS_SYSCONF_DIR,
1945  "openvasmd_log.conf",
1946  NULL);
1947  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
1948  log_config = load_log_configuration (rc_name);
1949  g_free (rc_name);
1950  setup_log_handlers (log_config);
1951 
1952 #ifdef OPENVASMD_GIT_REVISION
1953  g_message (" OpenVAS Manager version %s (GIT revision %s) (DB revision %i)\n",
1955  OPENVASMD_GIT_REVISION,
1957 #else
1958  g_message (" OpenVAS Manager version %s (DB revision %i)\n",
1961 #endif
1962 
1963  if (backup_database)
1964  {
1965  g_info (" Backing up database.\n");
1966 
1967  /* Backup the database and then exit. */
1968  switch (manage_backup_db (database))
1969  {
1970  case 0:
1971  g_info (" Backup succeeded.\n");
1972  return EXIT_SUCCESS;
1973  case -1:
1974  g_critical ("%s: database backup failed\n",
1975  __FUNCTION__);
1976  return EXIT_FAILURE;
1977  default:
1978  assert (0);
1979  g_critical ("%s: strange return from manage_backup_db\n",
1980  __FUNCTION__);
1981  return EXIT_FAILURE;
1982  }
1983  }
1984 
1985  if (disable_password_policy)
1986  openvas_disable_password_policy ();
1987  else
1988  {
1989  gchar *password_policy;
1990  password_policy = g_build_filename (OPENVAS_SYSCONF_DIR,
1991  "pwpolicy.conf",
1992  NULL);
1993  if (g_file_test (password_policy, G_FILE_TEST_EXISTS) == FALSE)
1994  g_warning ("%s: password policy missing: %s\n",
1995  __FUNCTION__,
1996  password_policy);
1997  g_free (password_policy);
1998  }
1999 
2000  if (optimize)
2001  {
2002  int ret;
2003 
2004  ret = manage_optimize (log_config, database, optimize);
2005  log_config_free ();
2006  if (ret)
2007  return EXIT_FAILURE;
2008  return EXIT_SUCCESS;
2009  }
2010 
2011  if (create_scanner)
2012  {
2013  int ret;
2014  scanner_type_t type;
2015  char *stype;
2016 
2017  /* Create the scanner and then exit. */
2018 
2019  if (!scanner_host)
2020  scanner_host = OPENVASSD_ADDRESS;
2021  if (!scanner_port)
2022  scanner_port = G_STRINGIFY (OPENVASSD_PORT);
2023  if (!scanner_ca_pub)
2024  scanner_ca_pub = CACERT;
2025  if (!scanner_key_pub)
2026  scanner_key_pub = CLIENTCERT;
2027  if (!scanner_key_priv)
2028  scanner_key_priv = CLIENTKEY;
2029 
2030  if (!scanner_type || !strcasecmp (scanner_type, "OpenVAS"))
2031  type = SCANNER_TYPE_OPENVAS;
2032  else if (!strcasecmp (scanner_type, "OSP"))
2033  type = SCANNER_TYPE_OSP;
2034  else
2035  {
2036  printf ("Invalid scanner type value.\n");
2037  return EXIT_FAILURE;
2038  }
2039  stype = g_strdup_printf ("%u", type);
2040  ret = manage_create_scanner (log_config, database, create_scanner,
2041  scanner_host, scanner_port, stype,
2042  scanner_ca_pub, scanner_key_pub,
2043  scanner_key_priv);
2044  g_free (stype);
2045  log_config_free ();
2046  if (ret)
2047  return EXIT_FAILURE;
2048  return EXIT_SUCCESS;
2049  }
2050 
2051  if (modify_scanner)
2052  {
2053  int ret;
2054  char *stype;
2055 
2056  /* Modify the scanner and then exit. */
2057 
2058  if (scanner_type)
2059  {
2060  scanner_type_t type;
2061 
2062  if (strcasecmp (scanner_type, "OpenVAS") == 0)
2063  type = SCANNER_TYPE_OPENVAS;
2064  else if (strcasecmp (scanner_type, "OSP") == 0)
2065  type = SCANNER_TYPE_OSP;
2066  else
2067  {
2068  g_warning ("Invalid scanner type value.\n");
2069  return EXIT_FAILURE;
2070  }
2071 
2072  stype = g_strdup_printf ("%u", type);
2073  }
2074  else
2075  stype = NULL;
2076 
2077  ret = manage_modify_scanner (log_config, database, modify_scanner,
2078  scanner_name, scanner_host, scanner_port,
2079  stype, scanner_ca_pub, scanner_key_pub,
2080  scanner_key_priv);
2081  g_free (stype);
2082  log_config_free ();
2083  if (ret)
2084  return EXIT_FAILURE;
2085  return EXIT_SUCCESS;
2086  }
2087 
2088  if (check_alerts)
2089  {
2090  int ret;
2091 
2092  ret = manage_check_alerts (log_config, database);
2093  log_config_free ();
2094  if (ret)
2095  return EXIT_FAILURE;
2096  return EXIT_SUCCESS;
2097  }
2098 
2099  if (create_user)
2100  {
2101  int ret;
2102 
2103  ret = manage_create_user (log_config, database, create_user, password, role);
2104  log_config_free ();
2105  if (ret)
2106  return EXIT_FAILURE;
2107  return EXIT_SUCCESS;
2108  }
2109 
2110  if (delete_user)
2111  {
2112  int ret;
2113 
2114  ret = manage_delete_user (log_config, database, delete_user, inheritor);
2115  log_config_free ();
2116  if (ret)
2117  return EXIT_FAILURE;
2118  return EXIT_SUCCESS;
2119  }
2120 
2121  if (get_users)
2122  {
2123  int ret;
2124 
2125  ret = manage_get_users (log_config, database, role);
2126  log_config_free ();
2127  if (ret)
2128  return EXIT_FAILURE;
2129  return EXIT_SUCCESS;
2130  }
2131 
2132  if (get_scanners)
2133  {
2134  int ret;
2135 
2136  ret = manage_get_scanners (log_config, database);
2137  log_config_free ();
2138  if (ret)
2139  return EXIT_FAILURE;
2140  return EXIT_SUCCESS;
2141  }
2142 
2143  if (delete_scanner)
2144  {
2145  int ret;
2146 
2147  ret = manage_delete_scanner (log_config, database, delete_scanner);
2148  log_config_free ();
2149  if (ret)
2150  return EXIT_FAILURE;
2151  return EXIT_SUCCESS;
2152  }
2153 
2154  if (verify_scanner)
2155  {
2156  int ret;
2157 
2158  ret = manage_verify_scanner (log_config, database, verify_scanner);
2159  log_config_free ();
2160  if (ret)
2161  return EXIT_FAILURE;
2162  return EXIT_SUCCESS;
2163  }
2164 
2165  if (new_password)
2166  {
2167  int ret;
2168 
2169  ret = manage_set_password (log_config, database, user, new_password);
2170  log_config_free ();
2171  if (ret)
2172  return EXIT_FAILURE;
2173  return EXIT_SUCCESS;
2174  }
2175 
2176  if (modify_setting)
2177  {
2178  int ret;
2179 
2180  ret = manage_modify_setting (log_config, database, user,
2181  modify_setting, value);
2182  log_config_free ();
2183  if (ret)
2184  return EXIT_FAILURE;
2185  return EXIT_SUCCESS;
2186  }
2187 
2188  if (migrate_database)
2189  {
2190  g_info (" Migrating database.\n");
2191 
2192  /* Migrate the database to the version supported by this manager. */
2193  switch (manage_migrate (log_config, database))
2194  {
2195  case 0:
2196  g_info (" Migration succeeded.\n");
2197  return EXIT_SUCCESS;
2198  case 1:
2199  g_warning ("%s: databases are already at the supported version\n",
2200  __FUNCTION__);
2201  return EXIT_SUCCESS;
2202  case 2:
2203  g_warning ("%s: database migration too hard\n",
2204  __FUNCTION__);
2205  return EXIT_FAILURE;
2206  case 11:
2207  g_warning ("%s: cannot migrate SCAP database\n",
2208  __FUNCTION__);
2209  return EXIT_FAILURE;
2210  case 12:
2211  g_warning ("%s: cannot migrate CERT database\n",
2212  __FUNCTION__);
2213  return EXIT_FAILURE;
2214  case -1:
2215  g_critical ("%s: database migration failed\n",
2216  __FUNCTION__);
2217  return EXIT_FAILURE;
2218  case -11:
2219  g_critical ("%s: SCAP database migration failed\n",
2220  __FUNCTION__);
2221  return EXIT_FAILURE;
2222  case -12:
2223  g_critical ("%s: CERT database migration failed\n",
2224  __FUNCTION__);
2225  return EXIT_FAILURE;
2226  default:
2227  assert (0);
2228  g_critical ("%s: strange return from manage_migrate\n",
2229  __FUNCTION__);
2230  return EXIT_FAILURE;
2231  }
2232  }
2233 
2234  if (encrypt_all_credentials)
2235  {
2236  int ret;
2237 
2238  ret = manage_encrypt_all_credentials (log_config, database);
2239  log_config_free ();
2240  if (ret)
2241  return EXIT_FAILURE;
2242  return EXIT_SUCCESS;
2243  }
2244 
2245  if (decrypt_all_credentials)
2246  {
2247  int ret;
2248 
2249  ret = manage_decrypt_all_credentials (log_config, database);
2250  log_config_free ();
2251  if (ret)
2252  return EXIT_FAILURE;
2253  return EXIT_SUCCESS;
2254  }
2255 
2256  if (update_nvt_cache || rebuild_nvt_cache)
2257  {
2258  int ret;
2259 
2260  /* Run the NVT caching manager: update NVT cache and then exit. */
2261 
2262  /* Use --otp-scanner if provided instead of default scanner. */
2263  if (otp_scanner)
2264  {
2265  openvas_scanner_set_unix (otp_scanner);
2267  {
2269  return EXIT_FAILURE;
2270  }
2271  }
2272  if (progress)
2273  {
2274  if (update_nvt_cache)
2275  printf ("Updating NVT cache... \\");
2276  else
2277  printf ("Rebuilding NVT cache... \\");
2278  fflush (stdout);
2279  }
2280  ret = rebuild_nvt_cache_retry (update_nvt_cache, 1,
2281  progress ? spin_progress : NULL,
2282  0);
2283  if (progress)
2284  {
2285  putchar ('\b');
2286  if (ret == EXIT_SUCCESS)
2287  printf ("done.\n");
2288  else
2289  printf ("failed.\n");
2290  fflush (stdout);
2291  }
2292  return ret;
2293  }
2294 
2295  /* Run the standard manager. */
2296 
2297  if (foreground == FALSE)
2298  {
2299  /* Fork into the background. */
2300  pid_t pid = fork ();
2301  switch (pid)
2302  {
2303  case 0:
2304  /* Child. */
2305  break;
2306  case -1:
2307  /* Parent when error. */
2308  g_critical ("%s: failed to fork into background: %s\n",
2309  __FUNCTION__,
2310  strerror (errno));
2311  log_config_free ();
2312  exit (EXIT_FAILURE);
2313  break;
2314  default:
2315  /* Parent. */
2316  log_config_free ();
2317  exit (EXIT_SUCCESS);
2318  break;
2319  }
2320  }
2321 
2322  /* Initialise OMP daemon. */
2323 
2324  switch (init_ompd (log_config, 0, database, max_ips_per_target,
2325  max_email_attachment_size, max_email_include_size,
2326  max_email_message_size, NULL,
2327  fork_connection_for_event, 0))
2328  {
2329  case 0:
2330  break;
2331  case -2:
2332  g_critical ("%s: database is wrong version\n", __FUNCTION__);
2333  log_config_free ();
2334  exit (EXIT_FAILURE);
2335  break;
2336  case -3:
2337  g_critical ("%s: database must be initialised"
2338  " (with --update or --rebuild)\n",
2339  __FUNCTION__);
2340  log_config_free ();
2341  exit (EXIT_FAILURE);
2342  break;
2343  case -4:
2344  g_critical ("%s: --max-ips-per-target out of range"
2345  " (min=1, max=%i, requested=%i)\n",
2346  __FUNCTION__,
2348  max_ips_per_target);
2349  log_config_free ();
2350  exit (EXIT_FAILURE);
2351  break;
2352  case -1:
2353  default:
2354  g_critical ("%s: failed to initialise OMP daemon\n", __FUNCTION__);
2355  log_config_free ();
2356  exit (EXIT_FAILURE);
2357  }
2358 
2359  /* Register the `cleanup' function. */
2360 
2361  if (atexit (&cleanup))
2362  {
2363  g_critical ("%s: failed to register `atexit' cleanup function\n",
2364  __FUNCTION__);
2365  log_config_free ();
2366  exit (EXIT_FAILURE);
2367  }
2368 
2369  /* Set our pidfile. */
2370 
2371  if (pidfile_create ("openvasmd")) exit (EXIT_FAILURE);
2372 
2373  /* Setup global variables. */
2374 
2375  if (disable)
2376  disabled_commands = g_strsplit (disable, ",", 0);
2377 
2378  scheduling_enabled = (disable_scheduling == FALSE);
2379 
2380  /* Create the manager socket(s). */
2381 
2382 #if LOG
2383  /* Open the log file. */
2384 
2385  if (g_mkdir_with_parents (OPENVAS_LOG_DIR,
2386  0755) /* "rwxr-xr-x" */
2387  == -1)
2388  {
2389  g_critical ("%s: failed to create log directory: %s\n",
2390  __FUNCTION__,
2391  strerror (errno));
2392  exit (EXIT_FAILURE);
2393  }
2394 
2395  log_stream = fopen (LOG_FILE, "w");
2396  if (log_stream == NULL)
2397  {
2398  g_critical ("%s: failed to open log file: %s\n",
2399  __FUNCTION__,
2400  strerror (errno));
2401  exit (EXIT_FAILURE);
2402  }
2403 #endif
2404 
2405  /* Register the signal handlers. */
2406 
2408  setup_signal_handler (SIGABRT, handle_sigabrt, 1);
2412  setup_signal_handler (SIGSEGV, handle_sigsegv, 1);
2414 
2415  /* Setup security. */
2416 
2417  if (use_tls)
2418  {
2419  if (openvas_server_new (GNUTLS_SERVER,
2420  CACERT,
2421  SCANNERCERT,
2422  SCANNERKEY,
2423  &client_session,
2425  {
2426  g_critical ("%s: client server initialisation failed\n",
2427  __FUNCTION__);
2428  exit (EXIT_FAILURE);
2429  }
2430  priorities_option = priorities;
2431  set_gnutls_priority (&client_session, priorities);
2432  dh_params_option = dh_params;
2433  if (dh_params && set_gnutls_dhparams (client_credentials, dh_params))
2434  g_warning ("Couldn't set DH parameters from %s\n", dh_params);
2435  }
2436 
2438  g_message ("Encryption of credentials has been disabled.");
2439 
2440  if (manager_listen (use_tls
2441  ? NULL
2442  : manager_address_string_unix,
2443  use_tls
2444  ? (manager_address_string
2445  ? manager_address_string
2446  : (ipv6_is_enabled () ? "::" : "0.0.0.0"))
2447  : NULL,
2448  manager_port_string,
2449  listen_owner,
2450  listen_group,
2451  listen_mode,
2452  &manager_socket))
2453  return EXIT_FAILURE;
2454  if (manager_listen (NULL,
2455  manager_address_string_2,
2456  manager_port_string_2,
2457  NULL,
2458  NULL,
2459  NULL,
2460  &manager_socket_2))
2461  return EXIT_FAILURE;
2462 
2463  /* Initialise the process for manage_schedule. */
2464 
2465  init_manage_process (0, database);
2466 
2467  /* Initialize the authentication system. */
2468 
2469  // TODO Should be part of manage init.
2470  if (openvas_auth_init ())
2471  exit (EXIT_FAILURE);
2472 
2473  /* Enter the main forever-loop. */
2474 
2475  proctitle_set ("openvasmd");
2476  serve_and_schedule ();
2477 
2478  return EXIT_SUCCESS;
2479 }
void handle_sigsegv(int given_signal)
Handle a SIGSEGV signal.
Definition: openvasmd.c:1030
Protos for communication between openvas-manager and openvas-server.
#define SCHEDULE_PERIOD
Seconds between calls to manage_schedule.
Definition: manage.h:2792
#define BA_SIZE
Definition: openvasmd.c:958
void init_manage_process(int, const gchar *)
Initialize the manage library for a process.
Definition: manage_sql.c:14303
int delete_user(const char *, const char *, int, int, const char *, const char *)
Delete a user.
Definition: manage_sql.c:65361
#define LOG_FILE
Name of log file.
Definition: logf.h:51
void handle_sigabrt_simple(int signal)
Handle a SIGABRT signal.
Definition: openvasmd.c:1097
GSList * log_config
Logging parameters, as passed to setup_log_handlers.
Definition: openvasmd.c:310
int modify_scanner(const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *)
Modify an scanner.
Definition: manage_sql.c:47471
int use_tls
Whether to use TLS for client connections.
Definition: openvasmd.c:231
#define SCANNERKEY
Location of scanner certificate private key.
Definition: openvasmd.c:158
int manager_socket_2
The optional, second socket accepting OMP connections from clients.
Definition: openvasmd.c:219
int client_watch_interval
Interval in seconds to check whether client connection was closed.
Definition: openvasmd.c:209
int manage_verify_scanner(GSList *, const gchar *, const gchar *)
Verify the given scanner.
Definition: manage_sql.c:47246
int verify_scanner(const char *, char **)
Verify a scanner.
Definition: manage_sql.c:48508
int sql_cancel()
Cancels the current SQL statement.
Definition: manage_sql.c:68501
char client_address[INET6_ADDRSTRLEN]
The OMP client&#39;s address.
Definition: openvasmd.c:285
int manage_get_users(GSList *, const gchar *, const gchar *)
List users.
Definition: manage_sql.c:64849
int manage_encrypt_all_credentials(GSList *, const gchar *)
Encrypt or re-encrypt all credentials.
Definition: manage_sql.c:6567
int create_user(const gchar *, const gchar *, const gchar *, int, const gchar *, int, const array_t *, array_t *, gchar **, array_t *, gchar **, gchar **, user_t *, int)
Adds a new user to the OpenVAS installation.
Definition: manage_sql.c:65080
int save_tasks()
Dummy function.
Definition: manage_sql.c:31977
int is_parent
Is this process parent or child?
Definition: openvasmd.c:251
int manage_modify_scanner(GSList *, const gchar *, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *)
Modify the given scanner.
Definition: manage_sql.c:47048
void handle_sigchld(int given_signal, siginfo_t *info, void *ucontext)
Handle a SIGCHLD signal.
Definition: openvasmd.c:1052
int openvas_sleep(unsigned int seconds)
Sleep for some number of seconds, handling interrupts.
Definition: utils.c:70
int delete_scanner(const char *, int)
Delete a scanner.
Definition: manage_sql.c:47629
gnutls_session_t client_session
The client session.
Definition: openvasmd.c:236
int manage_optimize(GSList *, const gchar *, const gchar *)
Run one of the optimizations.
Definition: manage_sql.c:68265
void cleanup_manage_process(gboolean)
Cleanup the manage library.
Definition: manage_sql.c:17128
int update_in_progress
Whether a SIGHUP initiated NVT update is in progress.
Definition: openvasmd.c:305
int manage_max_hosts()
Get the maximum allowed number of hosts per target.
Definition: manage_sql.c:32808
void manage_auth_allow_all(int scheduled)
Ensure that any subsequent authentications succeed.
Definition: manage.c:6440
#define MANAGE_ABSOLUTE_MAX_IPS_PER_TARGET
Absolute maximum number of IPs per target.
Definition: manage.h:1531
int main(int argc, char **argv)
Entry point to the manager.
Definition: openvasmd.c:1691
void handle_sighup_update(int signal)
Handle a SIGHUP signal by updating the NVT cache.
Definition: openvasmd.c:1018
void setup_signal_handler_info(int signal, void(*handler)(int, siginfo_t *, void *), int block)
Setup signal handler.
Definition: openvasmd.c:935
int manage_backup_db(const gchar *)
Backup the database to a file.
Definition: manage_pg.c:2680
openvas_connection_t * client_connection
Definition: openvasmd.c:337
#define OPENVASSD_ADDRESS
Scanner (openvassd) address.
Definition: openvasmd.c:145
int manage_create_scanner(GSList *, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *)
#define DEFAULT_CLIENT_WATCH_INTERVAL
Default value for client_watch_interval.
Definition: openvasmd.c:204
void(* progress)()
Function to mark progress.
Definition: manage_sql.c:352
gnutls_certificate_credentials_t client_credentials
The client credentials.
Definition: openvasmd.c:241
int manage_migrate(GSList *, const gchar *)
Migrate database to version supported by this manager.
int manage_create_user(GSList *, const gchar *, const gchar *, const gchar *, const gchar *)
Create the given user.
Definition: manage_sql.c:64694
#define OPENVASMD_PORT
Manager port.
Definition: openvasmd.c:194
void handle_sigabrt(int given_signal)
Handle a SIGABRT signal.
Definition: openvasmd.c:967
int serve_omp(openvas_connection_t *client_connection, const gchar *database, gchar **disable, void(*progress)())
Serve the OpenVAS Management Protocol (OMP).
Definition: ompd.c:493
int manage_decrypt_all_credentials(GSList *, const gchar *)
Decrypt all credentials.
Definition: manage_sql.c:6599
#define CLIENTCERT
Location of client certificate.
Definition: openvasmd.c:172
int serve_client(int server_socket, openvas_connection_t *client_connection)
Serve the client.
Definition: openvasmd.c:435
void set_schedule_timeout(int new_timeout)
Set the schedule timeout.
Definition: manage.c:6928
char * scanner_host(scanner_t)
Return the host of a scanner.
Definition: manage_sql.c:48144
int scanner_port(scanner_t)
Return the port of a scanner.
Definition: manage_sql.c:48157
void handle_termination_signal(int signal)
Handle a termination signal.
Definition: openvasmd.c:1005
int manage_set_password(GSList *, const gchar *, const gchar *, const gchar *)
Set the password of a user.
Definition: manage_sql.c:64941
int manage_modify_setting(GSList *, const gchar *, const gchar *, const gchar *, const char *)
Change value of a setting.
Definition: manage_sql.c:63024
char * scanner_ca_pub(scanner_t)
Return the CA Certificate of a scanner.
Definition: manage_sql.c:48197
#define SCANNERCERT
Location of scanner certificate.
Definition: openvasmd.c:151
void init_ompd_process(const gchar *database, gchar **disable)
Initialise a process forked within the OMP daemon.
Definition: ompd.c:137
gchar * dh_params_option
GnuTLS DH params file.
Definition: openvasmd.c:300
int openvas_scanner_connect()
Create a new connection to the scanner and set it as current scanner.
Definition: scanner.c:619
#define MAX_CONNECTIONS
Second argument to `listen&#39;.
Definition: openvasmd.c:199
pthread_mutex_t mutex
Definition: openvasmd.c:339
gboolean manage_migrate_needs_timezone(GSList *, const gchar *)
Check whether the migration needs the real timezone.
char * scanner_key_priv(scanner_t)
Return the private key of a scanner.
Definition: manage_sql.c:48230
#define MANAGE_MAX_HOSTS
Default maximum number of hosts a target may specify.
Definition: manage.h:1536
int init_ompd(GSList *log_config, int nvt_cache_mode, const gchar *database, int max_ips_per_target, int max_email_attachment_size, int max_email_include_size, int max_email_message_size, void(*progress)(), int(*fork_connection)(openvas_connection_t *, gchar *), int skip_db_check)
Initialise the OMP library for the OMP daemon.
Definition: ompd.c:117
A printf like macro for logging communication.
int openvas_scanner_init(int cache_mode)
Initializes the already setup connection with the Scanner.
Definition: scanner.c:778
#define OPENVASMD_VERSION
The version number of this program.
Definition: openvasmd.c:132
int manage_db_supported_version()
Return the database version supported by this manager.
Definition: manage_sql.c:6250
int openvas_scanner_set_unix(const char *path)
Set the scanner&#39;s unix socket path.
Definition: scanner.c:833
#define g_info(...)
Defines g_info for glib versions older than 2.40.
Definition: manage.h:55
#define CLIENTKEY
Location of client certificate private key.
Definition: openvasmd.c:179
#define CACERT
Location of Certificate Authority certificate.
Definition: openvasmd.c:165
int manage_delete_scanner(GSList *, const gchar *, const gchar *)
Delete the given scanner.
Definition: manage_sql.c:46977
int manage_check_alerts(GSList *, const gchar *)
Check if any SecInfo alerts are due.
Definition: manage_sql.c:6886
sigset_t * sigmask_normal
Signal mask to restore when going from blocked to normal signaling.
Definition: openvasmd.c:290
volatile int sighup_update_nvt_cache
Flag for SIGHUP handler.
Definition: openvasmd.c:261
char * scanner_name(scanner_t)
Return the name of a scanner.
Definition: manage_sql.c:48105
scanner_type
Scanner types.
Definition: manage.h:267
void setup_signal_handler(int signal, void(*handler)(int), int block)
Setup signal handler.
Definition: openvasmd.c:907
int modify_setting(const gchar *, const gchar *, const gchar *, gchar **)
Set the value of a setting.
Definition: manage_sql.c:62354
volatile int termination_signal
Flag for signal handlers.
Definition: openvasmd.c:256
gboolean scheduling_enabled
Flag indicating that task scheduling is enabled.
Definition: openvasmd.c:280
#define SCHEDULE_TIMEOUT_DEFAULT
Default for schedule_timeout in minutes.
Definition: manage.h:2803
void spin_progress()
Nudge the progress indicator.
Definition: openvasmd.c:1067
enum scanner_type scanner_type_t
Scanner types.
int create_scanner(const char *, const char *, const char *, const char *, const char *, scanner_t *, const char *, const char *)
Create a scanner.
Definition: manage_sql.c:47333
int manage_schedule(int(*fork_connection)(openvas_connection_t *, gchar *), gboolean run_tasks, sigset_t *sigmask_current)
Schedule any actions that are due.
Definition: manage.c:6481
#define OPENVASSD_PORT
Scanner port.
Definition: openvasmd.c:187
gboolean disable_encrypted_credentials
Flag indicating that encrypted credentials are disabled.
Definition: openvasmd.c:275
gchar * priorities_option
GnuTLS priorities.
Definition: openvasmd.c:295
int manage_get_scanners(GSList *, const gchar *)
List scanners.
Definition: manage_sql.c:48608
int manage_delete_user(GSList *, const gchar *, const gchar *, const gchar *)
Delete the given user.
Definition: manage_sql.c:64789
char * scanner_key_pub(scanner_t)
Return the Certificate of a scanner.
Definition: manage_sql.c:48210
int manager_socket
The socket accepting OMP connections from clients.
Definition: openvasmd.c:214
void manage_cleanup_process_error(int)
Cleanup as immediately as possible.
Definition: manage_sql.c:17154
void set_scheduled_user_uuid(gchar *user_uuid)
Set UUID of user that scheduled the current task.
Definition: manage.c:6462
int openvas_scanner_close()
Finish the connection to the Scanner and free internal buffers.
Definition: scanner.c:551