OpenVAS Manager
7.0.3~git
|
The OpenVAS Manager daemon. More...
#include <locale.h>
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <glib/gstdio.h>
#include <gnutls/gnutls.h>
#include <grp.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <openvas/misc/openvas_logging.h>
#include <openvas/misc/openvas_proctitle.h>
#include <openvas/misc/openvas_server.h>
#include <openvas/base/pidfile.h>
#include <openvas/base/pwpolicy.h>
#include "logf.h"
#include "manage.h"
#include "scanner.h"
#include "ompd.h"
#include "ovas-mngr-comm.h"
#include "utils.h"
#include <execinfo.h>
Go to the source code of this file.
Data Structures | |
struct | connection_watcher_data_t |
Macros | |
#define | G_LOG_DOMAIN "md main" |
GLib log domain. More... | |
#define | OPENVASMD_VERSION "-1" |
The version number of this program. More... | |
#define | OPENVAS_OS_NAME "-1" |
The name of the underlying Operating System. More... | |
#define | OPENVASSD_ADDRESS OPENVAS_RUN_DIR "/openvassd.sock" |
Scanner (openvassd) address. More... | |
#define | SCANNERCERT "/var/lib/openvas/CA/servercert.pem" |
Location of scanner certificate. More... | |
#define | SCANNERKEY "/var/lib/openvas/private/CA/serverkey.pem" |
Location of scanner certificate private key. More... | |
#define | CACERT "/var/lib/openvas/CA/cacert.pem" |
Location of Certificate Authority certificate. More... | |
#define | CLIENTCERT "/var/lib/openvas/CA/clientcert.pem" |
Location of client certificate. More... | |
#define | CLIENTKEY "/var/lib/openvas/private/CA/clientkey.pem" |
Location of client certificate private key. More... | |
#define | OPENVASSD_PORT 9391 |
Scanner port. More... | |
#define | OPENVASMD_PORT 9390 |
Manager port. More... | |
#define | MAX_CONNECTIONS 512 |
Second argument to ‘listen’. More... | |
#define | DEFAULT_CLIENT_WATCH_INTERVAL 1 |
Default value for client_watch_interval. More... | |
#define | BA_SIZE 100 |
Functions | |
int | serve_client (int server_socket, openvas_connection_t *client_connection) |
Serve the client. More... | |
void | setup_signal_handler (int signal, void(*handler)(int), int block) |
Setup signal handler. More... | |
void | setup_signal_handler_info (int signal, void(*handler)(int, siginfo_t *, void *), int block) |
Setup signal handler. More... | |
void | handle_sigabrt (int given_signal) |
Handle a SIGABRT signal. More... | |
void | handle_termination_signal (int signal) |
Handle a termination signal. More... | |
void | handle_sighup_update (int signal) |
Handle a SIGHUP signal by updating the NVT cache. More... | |
void | handle_sigsegv (int given_signal) |
Handle a SIGSEGV signal. More... | |
void | handle_sigchld (int given_signal, siginfo_t *info, void *ucontext) |
Handle a SIGCHLD signal. More... | |
void | spin_progress () |
Nudge the progress indicator. More... | |
void | handle_sigabrt_simple (int signal) |
Handle a SIGABRT signal. More... | |
int | main (int argc, char **argv) |
Entry point to the manager. More... | |
Variables | |
int | client_watch_interval = DEFAULT_CLIENT_WATCH_INTERVAL |
Interval in seconds to check whether client connection was closed. More... | |
int | manager_socket = -1 |
The socket accepting OMP connections from clients. More... | |
int | manager_socket_2 = -1 |
The optional, second socket accepting OMP connections from clients. More... | |
int | use_tls = 0 |
Whether to use TLS for client connections. More... | |
gnutls_session_t | client_session |
The client session. More... | |
gnutls_certificate_credentials_t | client_credentials |
The client credentials. More... | |
int | is_parent = 1 |
Is this process parent or child? More... | |
volatile int | termination_signal = 0 |
Flag for signal handlers. More... | |
volatile int | sighup_update_nvt_cache = 0 |
Flag for SIGHUP handler. More... | |
gboolean | disable_encrypted_credentials |
Flag indicating that encrypted credentials are disabled. More... | |
gboolean | scheduling_enabled |
Flag indicating that task scheduling is enabled. More... | |
char | client_address [INET6_ADDRSTRLEN] |
The OMP client's address. More... | |
sigset_t * | sigmask_normal = NULL |
Signal mask to restore when going from blocked to normal signaling. More... | |
gchar * | priorities_option = "NORMAL" |
GnuTLS priorities. More... | |
gchar * | dh_params_option = NULL |
GnuTLS DH params file. More... | |
int | update_in_progress = 0 |
Whether a SIGHUP initiated NVT update is in progress. More... | |
GSList * | log_config = NULL |
Logging parameters, as passed to setup_log_handlers. More... | |
The OpenVAS Manager daemon.
This file defines the OpenVAS Manager daemon. The Manager serves the OpenVAS Management Protocol (OMP) to clients such as OpenVAS-Client. The Manager and OMP give clients full access to an OpenVAS Scanner.
The entry point to the daemon is the main function. From there the references in the function documentation describe the flow of control in the program.
Definition in file openvasmd.c.
#define BA_SIZE 100 |
Definition at line 958 of file openvasmd.c.
Referenced by handle_sigabrt().
#define CACERT "/var/lib/openvas/CA/cacert.pem" |
Location of Certificate Authority certificate.
Definition at line 165 of file openvasmd.c.
Referenced by migrate_129_to_130().
#define CLIENTCERT "/var/lib/openvas/CA/clientcert.pem" |
Location of client certificate.
Definition at line 172 of file openvasmd.c.
Referenced by migrate_129_to_130().
#define CLIENTKEY "/var/lib/openvas/private/CA/clientkey.pem" |
Location of client certificate private key.
Definition at line 179 of file openvasmd.c.
Referenced by migrate_129_to_130().
#define DEFAULT_CLIENT_WATCH_INTERVAL 1 |
Default value for client_watch_interval.
Definition at line 204 of file openvasmd.c.
#define G_LOG_DOMAIN "md main" |
GLib log domain.
Definition at line 126 of file openvasmd.c.
#define MAX_CONNECTIONS 512 |
Second argument to ‘listen’.
Definition at line 199 of file openvasmd.c.
#define OPENVAS_OS_NAME "-1" |
The name of the underlying Operating System.
Definition at line 139 of file openvasmd.c.
#define OPENVASMD_PORT 9390 |
Manager port.
Used if /etc/services "omp" and –sport are missing.
Definition at line 194 of file openvasmd.c.
#define OPENVASMD_VERSION "-1" |
The version number of this program.
Definition at line 132 of file openvasmd.c.
#define OPENVASSD_ADDRESS OPENVAS_RUN_DIR "/openvassd.sock" |
Scanner (openvassd) address.
Definition at line 145 of file openvasmd.c.
#define OPENVASSD_PORT 9391 |
Scanner port.
Used if /etc/services "otp" and –port missing.
Definition at line 187 of file openvasmd.c.
#define SCANNERCERT "/var/lib/openvas/CA/servercert.pem" |
Location of scanner certificate.
Definition at line 151 of file openvasmd.c.
#define SCANNERKEY "/var/lib/openvas/private/CA/serverkey.pem" |
Location of scanner certificate private key.
Definition at line 158 of file openvasmd.c.
void handle_sigabrt | ( | int | given_signal | ) |
Handle a SIGABRT signal.
[in] | given_signal | The signal that caused this function to run. |
Definition at line 967 of file openvasmd.c.
References BA_SIZE, and manage_cleanup_process_error().
void handle_sigabrt_simple | ( | int | signal | ) |
Handle a SIGABRT signal.
[in] | signal | The signal that caused this function to run. |
Definition at line 1097 of file openvasmd.c.
void handle_sigchld | ( | int | given_signal, |
siginfo_t * | info, | ||
void * | ucontext | ||
) |
Handle a SIGCHLD signal.
[in] | given_signal | The signal that caused this function to run. |
[in] | info | Signal info. |
[in] | ucontext | User context. |
Definition at line 1052 of file openvasmd.c.
References update_in_progress.
void handle_sighup_update | ( | int | signal | ) |
Handle a SIGHUP signal by updating the NVT cache.
[in] | signal | The signal that caused this function to run. |
Definition at line 1018 of file openvasmd.c.
References sighup_update_nvt_cache.
void handle_sigsegv | ( | int | given_signal | ) |
Handle a SIGSEGV signal.
[in] | given_signal | The signal that caused this function to run. |
Definition at line 1030 of file openvasmd.c.
References manage_cleanup_process_error(), and setup_signal_handler().
void handle_termination_signal | ( | int | signal | ) |
Handle a termination signal.
[in] | signal | The signal that caused this function to run. |
Definition at line 1005 of file openvasmd.c.
References sql_cancel(), and termination_signal.
int main | ( | int | argc, |
char ** | argv | ||
) |
Entry point to the manager.
[in] | argc | The number of arguments in argv. |
[in] | argv | The list of arguments to the program. |
Definition at line 1691 of file openvasmd.c.
int serve_client | ( | int | server_socket, |
openvas_connection_t * | client_connection | ||
) |
Serve the client.
Connect to the openvassd scanner, then call serve_omp to serve OMP.
In all cases, close client_socket before returning.
[in] | server_socket | The socket connected to the Manager. |
[in] | client_connection | The connection to the client. |
Definition at line 435 of file openvasmd.c.
References client_watch_interval.
void setup_signal_handler | ( | int | signal, |
void(*)(int) | handler, | ||
int | block | ||
) |
Setup signal handler.
Exit on failure.
[in] | signal | Signal. |
[in] | handler | Handler. |
[in] | block | Whether to block all other signals during handler. |
Definition at line 907 of file openvasmd.c.
Referenced by handle_sigsegv().
void setup_signal_handler_info | ( | int | signal, |
void(*)(int, siginfo_t *, void *) | handler, | ||
int | block | ||
) |
Setup signal handler.
Exit on failure.
[in] | signal | Signal. |
[in] | handler | Handler. |
[in] | block | Whether to block all other signals during handler. |
Definition at line 935 of file openvasmd.c.
void spin_progress | ( | ) |
char client_address[INET6_ADDRSTRLEN] |
The OMP client's address.
Definition at line 285 of file openvasmd.c.
gnutls_certificate_credentials_t client_credentials |
The client credentials.
Definition at line 241 of file openvasmd.c.
gnutls_session_t client_session |
The client session.
Definition at line 236 of file openvasmd.c.
int client_watch_interval = DEFAULT_CLIENT_WATCH_INTERVAL |
Interval in seconds to check whether client connection was closed.
Definition at line 209 of file openvasmd.c.
Referenced by serve_client().
gchar* dh_params_option = NULL |
GnuTLS DH params file.
Definition at line 300 of file openvasmd.c.
gboolean disable_encrypted_credentials |
Flag indicating that encrypted credentials are disabled.
Setting this flag does not change any existing encrypted tuples but simply won't encrypt or decrypt anything. The variable is controlled by the command line option –disable-encrypted-credentials.
Definition at line 275 of file openvasmd.c.
Referenced by lsc_crypt_decrypt(), migrate_156_to_157(), migrate_158_to_159(), migrate_160_to_161(), and migrate_165_to_166().
int is_parent = 1 |
Is this process parent or child?
Definition at line 251 of file openvasmd.c.
GSList* log_config = NULL |
Logging parameters, as passed to setup_log_handlers.
Definition at line 310 of file openvasmd.c.
int manager_socket = -1 |
The socket accepting OMP connections from clients.
Definition at line 214 of file openvasmd.c.
int manager_socket_2 = -1 |
The optional, second socket accepting OMP connections from clients.
Definition at line 219 of file openvasmd.c.
gchar* priorities_option = "NORMAL" |
GnuTLS priorities.
Definition at line 295 of file openvasmd.c.
gboolean scheduling_enabled |
Flag indicating that task scheduling is enabled.
Definition at line 280 of file openvasmd.c.
volatile int sighup_update_nvt_cache = 0 |
Flag for SIGHUP handler.
Definition at line 261 of file openvasmd.c.
Referenced by handle_sighup_update().
sigset_t* sigmask_normal = NULL |
Signal mask to restore when going from blocked to normal signaling.
Definition at line 290 of file openvasmd.c.
volatile int termination_signal = 0 |
Flag for signal handlers.
Definition at line 256 of file openvasmd.c.
Referenced by handle_termination_signal().
int update_in_progress = 0 |
Whether a SIGHUP initiated NVT update is in progress.
Definition at line 305 of file openvasmd.c.
Referenced by handle_sigchld().
int use_tls = 0 |
Whether to use TLS for client connections.
Definition at line 231 of file openvasmd.c.