27 #include "../nasl/nasl_debug.h"
29 #include <arpa/inet.h>
33 #include <gnutls/gnutls.h>
34 #include <gnutls/x509.h>
35 #include <gvm/base/logging.h>
36 #include <gvm/base/networking.h>
37 #include <gvm/base/prefs.h>
38 #include <gvm/util/kb.h>
39 #include <gvm/util/serverutils.h>
46 #include <sys/types.h>
50 #include <netinet/in.h>
51 #define s6_addr32 __u6_addr.__u6_addr32
61 #define INADDR_NONE 0xffffffff
68 #define G_LOG_DOMAIN "lib misc"
104 #define OPENVAS_FD_MAX 1024
105 #define OPENVAS_FD_OFF 1000000
126 #define OPENVAS_STREAM(x) \
127 (((x - OPENVAS_FD_OFF) < OPENVAS_FD_MAX) && ((x - OPENVAS_FD_OFF) >= 0))
132 #define OVAS_CONNECTION_FROM_FD(fd) (connections + ((fd) -OPENVAS_FD_OFF))
140 g_debug (
"[%d] %s : %s", getpid (), error, strerror (errno));
176 g_message (
"[%d] %s:%d : Out of OpenVAS file descriptors", getpid (),
206 g_debug (
"[%d] release_connection_fd: fd > 0 fd=%d", getpid (), p->
fd);
207 if (shutdown (p->
fd, 2) < 0)
214 pid_perror (
"release_connection_fd: shutdown()");
217 pid_perror (
"release_connection_fd: close()");
223 gnutls_certificate_free_credentials (p->
tls_cred);
228 bzero (p,
sizeof (*p));
245 gnutls_certificate_credentials_t certcred,
284 bzero (p,
sizeof (*p));
298 int flags = fcntl (soc, F_GETFL, 0);
304 if (fcntl (soc, F_SETFL, O_NONBLOCK | flags) < 0)
315 int flags = fcntl (soc, F_GETFL, 0);
321 if (fcntl (soc, F_SETFL, (~O_NONBLOCK) & flags) < 0)
338 g_message (
"[%d] %s: %s", getpid (), txt, gnutls_strerror (err));
344 g_debug (
"LEVEL %d: %s", level, msg);
353 gnutls_global_set_log_level (2);
356 int ret = gnutls_global_init ();
359 tlserror (
"gnutls_global_init", ret);
373 g_message (
"[%d] openvas_get_socket_from_connection: bad fd <%d>",
380 g_message (
"openvas_get_socket_from_connection: fd <%d> is closed", fd);
405 const char *priority)
407 const char *priorities;
414 priorities =
"NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
417 priorities =
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+ARCFOUR-128:%COMPAT";
420 priorities =
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+ARCFOUR-128:%COMPAT";
423 priorities =
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ARCFOUR-128:%COMPAT";
427 "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
430 g_debug (
"*Bug* at %s:%d. Unknown transport %d", __FILE__, __LINE__,
434 priorities = priority;
438 if ((err = gnutls_priority_set_direct (session, priorities, &errloc)))
440 g_message (
"[%d] setting session priorities '%.20s': %s", getpid (),
441 errloc, gnutls_strerror (err));
458 const char *key,
const char *passwd)
460 gnutls_x509_crt_t x509_crt = NULL;
461 gnutls_x509_privkey_t x509_key = NULL;
466 if (load_gnutls_file (cert, &data))
468 g_message (
"[%d] load_cert_and_key: Error loading cert file %s",
473 ret = gnutls_x509_crt_init (&x509_crt);
476 tlserror (
"gnutls_x509_crt_init", ret);
482 ret = gnutls_x509_crt_import (x509_crt, &data, GNUTLS_X509_FMT_PEM);
485 tlserror (
"gnutls_x509_crt_import", ret);
489 unload_gnutls_file (&data);
491 if (load_gnutls_file (key, &data))
493 g_message (
"[%d] load_cert_and_key: Error loading key file %s", getpid (),
498 ret = gnutls_x509_privkey_init (&x509_key);
501 tlserror (
"gnutls_x509_privkey_init", ret);
509 ret = gnutls_x509_privkey_import_pkcs8 (x509_key, &data,
510 GNUTLS_X509_FMT_PEM, passwd, 0);
513 tlserror (
"gnutls_x509_privkey_import_pkcs8", ret);
520 ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
523 tlserror (
"gnutls_x509_privkey_import", ret);
528 unload_gnutls_file (&data);
530 ret = gnutls_certificate_set_x509_key (xcred, &x509_crt, 1, x509_key);
533 tlserror (
"gnutls_certificate_set_x509_key", ret);
541 gnutls_x509_crt_deinit (x509_crt);
543 gnutls_x509_privkey_deinit (x509_key);
551 struct sockaddr_in sa;
552 struct sockaddr_in6 sa6;
554 if (inet_pton (AF_INET, str, &(sa.sin_addr)) == 1)
557 return inet_pton (AF_INET6, str, &(sa6.sin6_addr)) == 1;
562 const char *passwd,
const char *cafile,
570 ret = gnutls_init (&(fp->
tls_session), GNUTLS_CLIENT);
591 ret = gnutls_certificate_allocate_credentials (&(fp->
tls_cred));
594 tlserror (
"gnutls_certificate_allocate_credentials", ret);
597 ret = gnutls_credentials_set (fp->
tls_session, GNUTLS_CRD_CERTIFICATE,
601 tlserror (
"gnutls_credentials_set", ret);
605 if (cert != NULL && key != NULL)
613 ret = gnutls_certificate_set_x509_trust_file (fp->
tls_cred, cafile,
614 GNUTLS_X509_FMT_PEM);
617 tlserror (
"gnutls_certificate_set_x509_trust_file", ret);
625 (gnutls_transport_ptr_t) GSIZE_TO_POINTER (fp->
fd));
627 tictac = time (NULL);
636 if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
637 && err != GNUTLS_E_WARNING_ALERT_RECEIVED)
639 g_debug (
"[%d] gnutls_handshake: %s", getpid (),
640 gnutls_strerror (err));
645 FD_SET (fp->
fd, &fdr);
647 FD_SET (fp->
fd, &fdw);
651 d = tictac + fp->
timeout - time (NULL);
660 if ((ret = select (fp->
fd + 1, &fdr, &fdw, NULL, &to)) <= 0)
663 while (ret < 0 && errno == EINTR);
686 char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
694 g_message (
"Socket %d is not stream", fd);
699 cert = kb_item_get_str (kb,
"SSL/cert");
700 key = kb_item_get_str (kb,
"SSL/key");
701 passwd = kb_item_get_str (kb,
"SSL/password");
702 cafile = kb_item_get_str (kb,
"SSL/CA");
703 snprintf (buf,
sizeof (buf),
"Host/SNI/%d/force_disable", fp->
port);
704 if (kb_item_get_int (kb, buf) <= 0)
712 g_message (
"Function socket_negotiate_ssl called from %s: "
713 "SSL/TLS connection failed.",
732 gnutls_session_t session;
733 const gnutls_datum_t *cert_list;
734 unsigned int cert_list_len = 0;
736 if (!cert || !certlen)
740 g_message (
"Socket %d is not stream", fd);
746 g_message (
"Socket %d is not SSL/TLS encapsulated", fd);
749 if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
751 cert_list = gnutls_certificate_get_peers (session, &cert_list_len);
752 if (cert_list_len == 0)
754 *certlen = cert_list[0].size;
755 *cert = g_memdup (cert_list[0].data, *certlen);
768 gnutls_session_t session;
769 gnutls_protocol_t version;
773 g_message (
"Socket %d is not stream", fd);
779 g_message (
"Socket %d is not SSL/TLS encapsulated", fd);
783 version = gnutls_protocol_get_version (session);
809 gnutls_session_t session;
811 *ssize = GNUTLS_MAX_SESSION_ID;
818 g_message (
"Socket %d is not stream", fd);
824 g_message (
"Socket %d is not SSL/TLS encapsulated", fd);
827 tmp = g_malloc0 (*ssize);
828 ret = gnutls_session_get_id (session, tmp, ssize);
829 if (ret == GNUTLS_E_SUCCESS)
835 tlserror (
"gnutls_session_id", ret);
849 gnutls_session_t session;
850 gnutls_kx_algorithm_t kx, kx2;
851 gnutls_cipher_algorithm_t cipher, cipher2;
852 gnutls_mac_algorithm_t mac, mac2;
854 unsigned char cs_id[2];
858 g_message (
"Socket %d is not stream", fd);
864 g_message (
"Socket %d is not SSL/TLS encapsulated", fd);
868 kx = gnutls_kx_get (session);
869 cipher = gnutls_cipher_get (session);
870 mac = gnutls_mac_get (session);
872 gnutls_cipher_suite_info (idx, (
void *) cs_id, &kx2, &cipher2, &mac2, NULL))
874 if (kx == kx2 && cipher == cipher2 && mac == mac2)
875 return cs_id[0] + cs_id[1];
887 int transport,
int timeout,
const char *priority)
900 g_debug (
"[%d] open_stream_connection: TCP:%d transport:%d timeout:%d "
902 getpid (), port, transport, timeout, priority);
921 g_message (
"open_stream_connection_ext(): unsupported transport"
922 " layer %d passed by %s",
923 transport, args->
name);
960 cert = kb_item_get_str (kb,
"SSL/cert");
961 key = kb_item_get_str (kb,
"SSL/key");
962 passwd = kb_item_get_str (kb,
"SSL/password");
964 cafile = kb_item_get_str (kb,
"SSL/CA");
970 snprintf (buf,
sizeof (buf),
"Host/SNI/%d/force_disable", fp->
port);
971 if (kb_item_get_int (kb, buf) <= 0)
993 int transport,
int timeout)
996 "NORMAL:+ARCFOUR-128:%COMPAT");
1003 int timeout,
int force)
1051 int ret, realfd, trp, t, select_status;
1052 int total = 0, flag = 0, timeout =
TIMEOUT, waitall = 0;
1053 unsigned char *buf = (
unsigned char *) buf0;
1071 if (fd < 0 || fd > 1024)
1079 #ifndef INCR_TIMEOUT
1080 #define INCR_TIMEOUT 1
1083 if (min_len == max_len || timeout <= 0)
1084 waitall = MSG_WAITALL;
1087 for (t = 0; total < max_len && (timeout <= 0 || t < timeout);)
1092 FD_SET (realfd, &fdr);
1093 if (select (realfd + 1, &fdr, NULL, NULL, timeout > 0 ? &tv : NULL)
1098 if (total > 0 && flag)
1100 else if (total >= min_len)
1106 ret = recv (realfd, buf + total, max_len - total, waitall);
1120 if (min_len > 0 && total >= min_len)
1138 if (getpid () != fp->
pid)
1140 g_debug (
"PID %d tries to use a SSL/TLS connection established "
1142 getpid (), fp->
pid);
1148 for (t = 0; timeout <= 0 || t < timeout; t = now - then)
1155 FD_SET (realfd, &fdr);
1156 FD_SET (realfd, &fdw);
1158 select_status = select (realfd + 1, &fdr, &fdw, NULL, &tv);
1160 if (select_status > 0)
1163 ret = gnutls_record_recv (fp->
tls_session, buf + total,
1168 if (total >= max_len)
1171 else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1182 g_debug (
"gnutls_record_recv[%d]: EOF\n", getpid ());
1188 if (min_len > 0 && total >= min_len)
1197 g_message (
"Function %s called from %s: "
1198 "Severe bug! Unhandled transport layer %d (fd=%d).",
1202 g_message (
"read_stream_connection_unbuffered: "
1219 if (fp->
buf != NULL)
1228 memcpy (buf0, fp->
buf + fp->
bufptr, l2);
1237 if (l2 >= min_len || l2 >= max_len)
1242 if (min_len > fp->
bufsz)
1259 memcpy ((
char *) buf0 + l2, fp->
buf + fp->
bufptr, l1);
1281 unsigned char *buf = (
unsigned char *) buf0;
1289 g_debug (
"write_stream_connection: fd <%d> invalid\n", fd);
1300 for (count = 0; count < n;)
1302 ret = send (fp->
fd, buf + count, n - count, i_opt);
1326 for (count = 0; count < n;)
1328 ret = gnutls_record_send (fp->
tls_session, buf + count, n - count);
1334 else if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN)
1344 g_debug (
"gnutls_record_send[%d]: EOF\n", getpid ());
1360 FD_SET (fp->
fd, &fdr);
1361 FD_SET (fp->
fd, &fdw);
1362 e = select (fp->
fd + 1, &fdr, &fdw, NULL, &tv);
1364 while (e < 0 && errno == EINTR);
1377 g_message (
"Function %s called from %s: "
1378 "Severe bug! Unhandled transport layer %d (fd=%d).",
1382 g_message (
"read_stream_connection_unbuffered: fd=%d is "
1389 if (count == 0 && n > 0)
1402 nsend (
int fd,
void *data,
int length,
int i_opt)
1409 g_message (
"OpenVAS file descriptor %d closed ?!", fd);
1425 e = select (fd + 1, NULL, &wr, NULL, &tv);
1427 n =
os_send (fd, data, length, i_opt);
1428 else if (e < 0 && errno == EINTR)
1433 while (n <= 0 && errno == EINTR);
1435 g_message (
"[%d] nsend():send %s", getpid (), strerror (errno));
1441 nrecv (
int fd,
void *data,
int length,
int i_opt)
1447 g_message (
"OpenVAS file descriptor %d closed ?!", fd);
1459 e = recv (fd, data, length, i_opt);
1461 while (e < 0 && errno == EINTR);
1487 hook = g_malloc0 (
sizeof *hook);
1512 if (hook->
fnc && !hook->
fnc (fd))
1527 g_debug (
"close_stream_connection TCP:%d (fd=%d)", fp->
port, fd);
1531 if (fd < 0 || fd > 1024)
1548 static char str[100];
1570 snprintf (str,
sizeof (str),
"[unknown transport layer - code %d (0x%x)]",
1579 static char str[100];
1591 return " through SSL";
1593 snprintf (str,
sizeof (str),
1594 " through unknown transport layer - code %d (0x%x)",
code,
1601 open_socket (
struct sockaddr *paddr,
int type,
int protocol,
int timeout,
1608 unsigned int opt_sz;
1613 if (paddr->sa_family == AF_INET)
1616 if ((soc = socket (AF_INET, type, protocol)) < 0)
1625 if ((soc = socket (AF_INET6, type, protocol)) < 0)
1642 gvm_source_set_socket (soc, 0, family);
1644 if (connect (soc, paddr, len) < 0)
1653 FD_SET (soc, &fd_w);
1654 to.tv_sec = timeout;
1656 x = select (soc + 1, NULL, &fd_w, NULL, &to);
1677 opt_sz =
sizeof (opt);
1678 if (getsockopt (soc, SOL_SOCKET, SO_ERROR, &opt, &opt_sz) < 0)
1701 int protocol,
int timeout)
1703 struct sockaddr_in addr;
1704 struct sockaddr_in6 addr6;
1705 struct in6_addr in6addr;
1707 gvm_resolve_as_addr6 (
hostname, &in6addr);
1708 if (IN6_IS_ADDR_V4MAPPED (&in6addr))
1710 bzero ((
void *) &addr,
sizeof (addr));
1711 addr.sin_family = AF_INET;
1712 addr.sin_port = htons ((
unsigned short) port);
1713 addr.sin_addr.s_addr = in6addr.s6_addr32[3];
1714 return open_socket ((
struct sockaddr *) &addr, type, protocol, timeout,
1715 sizeof (
struct sockaddr_in));
1719 bzero ((
void *) &addr6,
sizeof (addr6));
1720 addr6.sin6_family = AF_INET6;
1721 addr6.sin6_port = htons ((
unsigned short) port);
1722 memcpy (&addr6.sin6_addr, &in6addr, sizeof (
struct in6_addr));
1723 return open_socket ((
struct sockaddr *) &addr6, type, protocol, timeout,
1724 sizeof (
struct sockaddr_in6));
1732 const char *timeout_retry;
1734 timeout_retry = prefs_get (
"timeout_retry");
1736 retry = atoi (timeout_retry);
1744 if (ret >= 0 || errno != ETIMEDOUT)
1748 if (ret < 0 && errno == ETIMEDOUT)
1750 int log_count, attempts = 0;
1753 const char *max_attempts;
1755 max_attempts = prefs_get (
"open_sock_max_attempts");
1757 attempts = atoi (max_attempts);
1761 g_snprintf (buffer,
sizeof (buffer),
"ConnectTimeout/%s/%d", ip_str,
1763 log_count = kb_item_get_int (kb, buffer);
1764 if (log_count == -1)
1768 g_message (
"open_sock_tcp: %s:%d time-out.", ip_str, port);
1770 kb_item_set_int (kb, buffer, log_count);
1772 if ((log_count >= attempts) && (attempts != 0))
1779 char ip_str[INET6_ADDRSTRLEN];
1781 g_snprintf (buffer,
sizeof (buffer),
"Ports/tcp/%d", port);
1782 g_message (
"open_sock_tcp: %s:%d too many timeouts. "
1783 "This port will be set to closed.",
1785 kb_item_set_int (kb, buffer, 0);
1787 addr6_to_str (args->
ip, ip_str);
1788 snprintf (buffer,
sizeof (buffer),
1789 "ERRMSG|||%s|||%d/tcp||| |||Too many timeouts. The port"
1790 " was set to closed.",
1792 kb_item_push_str (args->
key,
"internal/results", buffer);
1803 int protocol,
int timeout)
1805 struct sockaddr_in addr;
1806 struct sockaddr_in6 addr6;
1812 g_message (
"ERROR ! NO ADDRESS ASSOCIATED WITH NAME");
1815 if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
1817 if (IN6_IS_ADDR_V4MAPPED (t))
1819 bzero ((
void *) &addr,
sizeof (addr));
1820 addr.sin_family = AF_INET;
1821 addr.sin_port = htons ((
unsigned short) port);
1822 addr.sin_addr.s_addr = t->s6_addr32[3];
1823 return open_socket ((
struct sockaddr *) &addr, type, protocol, timeout,
1824 sizeof (
struct sockaddr_in));
1828 bzero ((
void *) &addr6,
sizeof (addr6));
1829 addr6.sin6_family = AF_INET6;
1830 addr6.sin6_port = htons ((
unsigned short) port);
1831 memcpy (&addr6.sin6_addr, t, sizeof (
struct in6_addr));
1832 return open_socket ((
struct sockaddr *) &addr6, type, protocol, timeout,
1833 sizeof (
struct sockaddr_in6));
1849 unsigned int ret = 0;
1854 unsigned int ret = 0;
1877 while (buf[ret - 1] !=
'\0' && buf[ret - 1] !=
'\n' && ret < bufsiz);
1881 if (buf[ret - 1] !=
'\0')
1886 buf[bufsiz - 1] =
'\0';
1903 e = select (soc + 1, &rd, NULL, NULL, NULL);
1904 if (e == 0 && !FD_ISSET (soc, &rd))
1906 if (e < 0 && errno == EINTR)
1910 n = recv (soc, buf + ret, 1, 0);
1931 while (buf[ret - 1] !=
'\0' && buf[ret - 1] !=
'\n' && ret < bufsiz);
1935 if (buf[ret - 1] !=
'\0')
1940 buf[bufsiz - 1] =
'\0';
1994 else if (p->
buf == 0)
1996 p->
buf = g_malloc0 (sz);
2011 b = g_realloc (p->
buf, sz);
2025 char *buf0 = (
char *) buf;
2027 for (n = 0; n < len;)
2030 e = send (soc, buf0 + n, len - n, opt);
2031 if (e < 0 && errno == EINTR)
2044 char *buf0 = (
char *) buf;
2046 for (n = 0; n < len;)
2049 e = recv (soc, buf0 + n, len - n, opt);
2050 if (e < 0 && errno == EINTR)
2083 u_short *aa = (u_short *) a;
2084 u_short *bb = (u_short *) b;
2107 unsigned short *tmp, *ports;
2108 int i = 0, j = 0, start, end;
2111 char *s_start, *s_end;
2112 static unsigned short *last_ret = NULL;
2113 static char *last_expr = NULL;
2114 static int last_num;
2116 expr = g_strdup (origexpr);
2117 exlen = strlen (origexpr);
2120 if (last_expr != NULL)
2122 if (strcmp (last_expr, expr) == 0)
2138 ports = g_malloc0 (65536 *
sizeof (
short));
2139 for (; j < exlen; j++)
2141 expr[i++] = expr[j];
2144 if ((s_start = strstr (expr,
"T:")) != NULL)
2145 expr = &(s_start[2]);
2147 if ((s_end = strstr (expr,
"U:")) != NULL)
2149 if (s_end[-1] ==
',')
2155 while ((p = strchr (expr,
',')))
2161 end = atoi (expr + 1);
2165 start = end = atoi (expr);
2166 if ((q = strchr (expr,
'-')) && *(q + 1))
2168 else if (q && !*(q + 1))
2179 for (j = start; j <= end; j++)
2186 end = atoi (expr + 1);
2190 start = end = atoi (expr);
2191 if ((q = strchr (expr,
'-')) && *(q + 1))
2193 else if (q && !*(q + 1))
2204 for (j = start; j <= end; j++)
2209 tmp = g_realloc (ports, i *
sizeof (
short));
2215 last_expr = g_strdup (origexpr);