29 #include <sys/types.h> 34 #include "../misc/arglists.h" 35 #include "../misc/network.h" 36 #include "../misc/plugutils.h" 37 #include "../base/nvticache.h" 43 #define CERT_FILE "SSL certificate : " 44 #define KEY_FILE "SSL private key : " 45 #define PEM_PASS "PEM password : " 46 #define CA_FILE "CA file : " 47 #define CNX_TIMEOUT_PREF "Network connection timeout : " 48 #define RW_TIMEOUT_PREF "Network read/write timeout : " 49 #define WRAP_TIMEOUT_PREF "Wrapped service read timeout : " 50 #define TEST_SSL_PREF "Test SSL based services" 53 #define NUM_CHILDREN "Number of connections done in parallel : " 58 register_service (
struct arglist *desc,
int port,
const char *proto)
64 if (port < 0 || proto == NULL ||
65 (l = strlen (proto)) == 0 || l >
sizeof (k) - 10)
68 (
"find_service->register_service: invalid value - port=%d, proto=%s",
69 port, proto == NULL ?
"(null)" : proto);
74 snprintf (k,
sizeof (k),
"Services/%s", proto);
90 snprintf (k,
sizeof (k),
"Known/tcp/%d", port);
95 mark_chargen_server (
struct arglist *desc,
int port)
97 register_service (desc, port,
"chargen");
98 post_log (
oid, desc, port,
"Chargen is running on this port");
104 register_service (desc, port,
"echo");
105 post_log (
oid, desc, port,
"An echo server is running on this port");
114 register_service (desc, port,
"http-rpc-epmap");
115 snprintf (ban,
sizeof (ban),
"http-rpc-epmap/banner/%d", port);
120 register_service (desc, port,
"ncacn_http");
121 snprintf (ban,
sizeof (ban),
"ncacn_http/banner/%d", port);
130 register_service (desc, port,
"vnc");
131 snprintf (ban,
sizeof (ban),
"vnc/banner/%d", port);
139 register_service (desc, port,
"nntp");
140 snprintf (ban,
sizeof (ban),
"nntp/banner/%d", port);
142 snprintf (ban,
sizeof (ban),
"An NNTP server is running on this port%s",
151 register_service (desc, port,
"swat");
157 register_service (desc, port,
"vqServer-admin");
165 register_service (desc, port,
"mldonkey");
166 snprintf (ban,
sizeof (ban),
"A mldonkey server is running on this port");
177 register_service (desc, port,
"www");
178 snprintf (ban,
sizeof (ban),
"www/banner/%d", port);
180 snprintf (ban,
sizeof (ban),
"A web server is running on this port%s",
188 unsigned char *buffer,
int trp)
191 register_service (desc, port,
"AdSubtract");
192 snprintf (ban,
sizeof (ban),
"AdSubtract/banner/%d", port);
194 snprintf (ban,
sizeof (ban),
195 "A (locked) AdSubtract server is running on this port%s",
201 mark_gopher_server (
struct arglist *desc,
int port)
203 register_service (desc, port,
"gopher");
204 post_log (
oid, desc, port,
"A gopher server is running on this port");
209 mark_gnutella_servent (
struct arglist *desc,
int port,
char *buffer,
int trp)
213 register_service (desc, port,
"gnutella");
214 snprintf (ban,
sizeof (ban),
"www/banner/%d", port);
216 snprintf (ban,
sizeof (ban),
"A Gnutella servent is running on this port%s",
226 register_service (desc, port,
"realserver");
227 snprintf (ban,
sizeof (ban),
"realserver/banner/%d", port);
230 snprintf (ban,
sizeof (ban),
"A RealMedia server is running on this port%s",
239 register_service (desc, port,
"smtp");
240 snprintf (ban,
sizeof (ban),
"smtp/banner/%d", port);
243 if (strstr (buffer,
" postfix"))
247 char *report = g_malloc0 (255 + strlen (buffer));
248 char *t = strchr (buffer,
'\n');
251 snprintf (report, 255 + strlen (buffer),
"An SMTP server is running on this port%s\n\ 252 Here is its banner : \n%s",
262 char ban[512], *report, *t;
263 register_service (desc, port,
"snpp");
264 snprintf (ban,
sizeof (ban),
"snpp/banner/%d", port);
267 report = g_malloc0 (255 + strlen (buffer));
268 t = strchr (buffer,
'\n');
271 snprintf (report, 255 + strlen (buffer),
272 "An SNPP server is running on this port%s\n\ 281 register_service (desc, port,
"ftp");
287 snprintf (ban,
sizeof (ban),
"ftp/banner/%d", port);
292 char *report = g_malloc0 (255 + strlen (buffer));
293 char *t = strchr (buffer,
'\n');
296 snprintf (report, 255 + strlen (buffer),
"An FTP server is running on this port%s.\n\ 297 Here is its banner : \n%s",
305 snprintf (report,
sizeof (report),
306 "An FTP server is running on this port%s.",
315 register_service (desc, port,
"ssh");
316 while ((buffer[strlen (buffer) - 1] ==
'\n') ||
317 (buffer[strlen (buffer) - 1] ==
'\r'))
318 buffer[strlen (buffer) - 1] =
'\0';
319 post_log (
oid, desc, port,
"An ssh server is running on this port");
327 register_service (desc, port,
"http_proxy");
328 snprintf (ban,
sizeof (ban),
"An HTTP proxy is running on this port%s",
336 char *c = strchr (buffer,
'\n');
342 buffer2 = g_strdup (buffer);
343 for (i = 0; i < strlen (buffer2); i++)
344 buffer2[i] = tolower (buffer2[i]);
345 if (!strcmp (buffer2,
"+ok"))
347 register_service (desc, port,
"pop1");
348 snprintf (ban,
sizeof (ban),
"pop1/banner/%d", port);
351 else if (strstr (buffer2,
"pop2"))
353 register_service (desc, port,
"pop2");
354 snprintf (ban,
sizeof (ban),
"pop2/banner/%d", port);
356 post_log (
oid, desc, port,
"a pop2 server is running on this port");
360 register_service (desc, port,
"pop3");
361 snprintf (ban,
sizeof (ban),
"pop3/banner/%d", port);
363 post_log (
oid, desc, port,
"A pop3 server is running on this port");
372 register_service (desc, port,
"imap");
373 snprintf (ban,
sizeof (ban),
"imap/banner/%d", port);
376 snprintf (ban,
sizeof (ban),
"An IMAP server is running on this port%s",
385 register_service (desc, port,
"auth");
386 post_log (
oid, desc, port,
"An identd server is running on this port");
397 register_service (desc, port,
"postgresql");
399 post_log (
oid, desc, port,
"A PostgreSQL server is running on this port");
405 register_service (desc, port,
"mysql");
407 post_log (
oid, desc, port,
"A MySQL server is running on this port");
413 register_service (desc, port,
"cvspserver");
415 post_log (
oid, desc, port,
"A CVS pserver server is running on this port");
422 register_service (desc, port,
"cvsup");
423 post_log (
oid, desc, port,
"A CVSup server is running on this port");
430 register_service (desc, port,
"cvslockserver");
432 post_log (
oid, desc, port,
"A CVSLock server server is running on this port");
438 register_service (desc, port,
"rsync");
439 post_log (
oid, desc, port,
"A rsync server is running on this port");
447 register_service (desc, port,
"wild_shell");
450 "A shell seems to be running on this port ! (this is a possible backdoor)");
457 register_service (desc, port,
"telnet");
459 snprintf (ban,
sizeof (ban),
460 "A telnet server seems to be running on this port%s",
470 register_service (desc, port,
"gnome14");
472 snprintf (ban,
sizeof (ban),
473 "A Gnome 1.4 server seems to be running on this port%s",
483 register_service (desc, port,
"eggdrop");
485 snprintf (ban,
sizeof (ban),
486 "An eggdrop IRC bot seems to be running a control server on this port%s",
495 register_service (desc, port,
"netbus");
496 post_alarm (
oid, desc, port,
"NetBus is running on this port");
504 register_service (desc, port,
"linuxconf");
505 snprintf (ban,
sizeof (ban),
"linuxconf/banner/%d", port);
507 post_log (
oid, desc, port,
"Linuxconf is running on this port");
511 mark_finger_server (
struct arglist *desc,
int port,
unsigned char *banner,
516 register_service (desc, port,
"finger");
518 snprintf (tmp,
sizeof (tmp),
519 "A finger server seems to be running on this port%s",
526 mark_vtun_server (
struct arglist *desc,
int port,
unsigned char *banner,
531 snprintf (tmp,
sizeof (tmp),
"vtun/banner/%d", port);
534 register_service (desc, port,
"vtun");
538 snprintf (tmp,
sizeof (tmp),
539 "A VTUN server seems to be running on this port%s",
543 snprintf (tmp,
sizeof (tmp),
544 "A VTUN server seems to be running on this port%s\n" 551 mark_uucp_server (
struct arglist *desc,
int port,
unsigned char *banner,
556 snprintf (tmp,
sizeof (tmp),
"uucp/banner/%d", port);
559 register_service (desc, port,
"uucp");
561 snprintf (tmp,
sizeof (tmp),
562 "An UUCP server seems to be running on this port%s",
569 mark_lpd_server (
struct arglist *desc,
int port,
unsigned char *banner,
int trp)
573 register_service (desc, port,
"lpd");
574 snprintf (tmp,
sizeof (tmp),
575 "A LPD server seems to be running on this port%s",
583 mark_lyskom_server (
struct arglist *desc,
int port,
unsigned char *banner,
588 register_service (desc, port,
"lyskom");
589 snprintf (tmp,
sizeof (tmp),
590 "A LysKOM server seems to be running on this port%s",
597 mark_ph_server (
struct arglist *desc,
int port,
unsigned char *banner,
int trp)
601 register_service (desc, port,
"ph");
602 snprintf (tmp,
sizeof (tmp),
603 "A PH server seems to be running on this port%s",
609 mark_time_server (
struct arglist *desc,
int port,
unsigned char *banner,
int trp)
613 register_service (desc, port,
"time");
614 snprintf (tmp,
sizeof (tmp),
615 "A time server seems to be running on this port%s",
622 mark_ens_server (
struct arglist *desc,
int port,
char *banner,
int trp)
625 register_service (desc, port,
"iPlanetENS");
627 snprintf (tmp,
sizeof (tmp),
628 "An iPlanet ENS (Event Notification Server) seems to be running on this port%s",
634 mark_citrix_server (
struct arglist *desc,
int port,
const char *banner,
int trp)
638 register_service (desc, port,
"citrix");
639 snprintf (tmp,
sizeof (tmp),
640 "a Citrix server seems to be running on this port%s",
646 mark_giop_server (
struct arglist *desc,
int port,
const char *banner,
int trp)
650 register_service (desc, port,
"giop");
651 snprintf (tmp,
sizeof (tmp),
652 "A GIOP-enabled service is running on this port%s",
659 mark_exchg_routing_server (
struct arglist *desc,
int port,
char *buffer,
664 register_service (desc, port,
"exchg-routing");
665 snprintf (ban,
sizeof (ban),
"exchg-routing/banner/%d", port);
668 snprintf (ban,
sizeof (ban),
669 "A Microsoft Exchange routing server is running on this port%s",
677 mark_tcpmux_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
681 register_service (desc, port,
"tcpmux");
682 snprintf (msg,
sizeof (msg),
683 "A tcpmux server seems to be running on this port%s",
690 mark_BitTorrent_server (
struct arglist *desc,
int port,
unsigned char *buffer,
int trp)
694 register_service (desc, port,
"BitTorrent");
695 snprintf (msg,
sizeof (msg),
696 "A BitTorrent server seems to be running on this port%s",
702 mark_smux_server (
struct arglist *desc,
int port,
unsigned char *buffer,
707 register_service (desc, port,
"smux");
708 snprintf (msg,
sizeof (msg),
709 "A SNMP Multiplexer (smux) seems to be running on this port%s",
721 mark_LISa_server (
struct arglist *desc,
int port,
unsigned char *banner,
726 register_service (desc, port,
"LISa");
727 snprintf (tmp,
sizeof (tmp),
"A LISa daemon is running on this port%s",
741 mark_msdtc_server (
struct arglist *desc,
int port,
unsigned char *buffer)
743 register_service (desc, port,
"msdtc");
744 post_log (
oid, desc, port,
"A MSDTC server is running on this port");
748 mark_pop3pw_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
751 register_service (desc, port,
"pop3pw");
752 snprintf (ban,
sizeof (ban),
"pop3pw/banner/%d", port);
754 snprintf (ban,
sizeof (ban),
"A pop3pw server is running on this port%s",
773 mark_whois_plus2_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
776 register_service (desc, port,
"whois++");
777 snprintf (ban,
sizeof (ban),
"whois++/banner/%d", port);
779 snprintf (ban,
sizeof (ban),
"A whois++ server is running on this port%s",
794 mark_mon_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
797 register_service (desc, port,
"mon");
798 snprintf (ban,
sizeof (ban),
"mon/banner/%d", port);
800 snprintf (ban,
sizeof (ban),
"A mon server is running on this port%s",
807 mark_fw1 (
struct arglist *desc,
int port,
char *buffer,
int trp)
810 register_service (desc, port,
"cpfw1");
812 snprintf (ban,
sizeof (ban),
813 "A CheckPoint FW1 SecureRemote or FW1 FWModule server is running on this port%s",
829 mark_psybnc (
struct arglist *desc,
int port,
char *buffer,
int trp)
832 register_service (desc, port,
"psybnc");
834 snprintf (ban,
sizeof (ban),
"A PsyBNC IRC proxy is running on this port%s",
847 mark_shoutcast_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
850 register_service (desc, port,
"shoutcast");
852 snprintf (ban,
sizeof (ban),
"A shoutcast server is running on this port%s",
865 mark_adsgone (
struct arglist *desc,
int port,
char *buffer,
int trp)
868 register_service (desc, port,
"adsgone");
870 snprintf (ban,
sizeof (ban),
871 "An AdsGone (a popup banner blocking server) is running on this port%s",
897 mark_acap_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
900 register_service (desc, port,
"acap");
901 snprintf (ban,
sizeof (ban),
"acap/banner/%d", port);
904 snprintf (ban,
sizeof (ban),
"An ACAP server is running on this port%s",
926 mark_nagiosd_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
929 register_service (desc, port,
"nagiosd");
930 snprintf (ban,
sizeof (ban),
"A nagiosd server is running on this port%s",
944 mark_teamspeak2_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
947 register_service (desc, port,
"teamspeak2");
948 snprintf (ban,
sizeof (ban),
949 "A teamspeak2 server is running on this port%s",
971 mark_websm_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
974 register_service (desc, port,
"websm");
975 snprintf (ban,
sizeof (ban),
"A WEBSM server is running on this port%s",
986 mark_ofa_express_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
989 register_service (desc, port,
"ofa_express");
990 snprintf (ban,
sizeof (ban),
991 "An OFA/Express server is running on this port%s",
1006 mark_smppd_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1009 register_service (desc, port,
"smppd");
1010 snprintf (ban,
sizeof (ban),
1011 "A SuSE Meta pppd server is running on this port%s",
1024 mark_upsmon_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1027 register_service (desc, port,
"upsmon");
1028 snprintf (ban,
sizeof (ban),
1029 "An upsd/upsmon server is running on this port%s",
1043 mark_sub7_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1046 register_service (desc, port,
"sub7");
1047 snprintf (ban,
sizeof (ban),
"The Sub7 trojan is running on this port%s",
1061 mark_spamd_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1064 register_service (desc, port,
"spamd");
1065 snprintf (ban,
sizeof (ban),
1066 "a spamd server (part of spamassassin) is running on this port%s",
1073 mark_quicktime_streaming_server (
struct arglist *desc,
int port,
char *buffer,
1077 register_service (desc, port,
"quicktime-streaming-server");
1078 snprintf (ban,
sizeof (ban),
1079 "a quicktime streaming server is running on this port%s",
1086 mark_dameware_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1089 register_service (desc, port,
"dameware");
1090 snprintf (ban,
sizeof (ban),
"a dameware server is running on this port%s",
1096 mark_stonegate_auth_server (
struct arglist *desc,
int port,
char *buffer,
1100 register_service (desc, port,
"SG_ClientAuth");
1101 snprintf (ban,
sizeof (ban),
1102 "a StoneGate authentication server is running on this port%s",
1112 register_service (desc, port,
"listserv");
1114 snprintf (ban,
sizeof (ban),
1115 "A LISTSERV daemon seems to be running on this port%s",
1126 register_service (desc, port,
"FsSniffer");
1128 snprintf (ban,
sizeof (ban),
1129 "A FsSniffer backdoor seems to be running on this port%s",
1139 register_service (desc, port,
"RemoteNC");
1141 snprintf (ban,
sizeof (ban),
1142 "A RemoteNC backdoor seems to be running on this port%s",
1152 mark_wrapped_svc (
struct arglist *desc,
int port,
int delta)
1156 snprintf (msg,
sizeof (msg),
1157 "The service closed the connection after %d seconds " 1158 "without sending any data\n" 1159 "It might be protected by some TCP wrapper\n", delta);
1166 port_to_name (
int port)
1212 return "Http-Rpc-Epmap";
1228 return "Compaq Management Server";
1230 return "CVSpserver";
1246 mark_unknown_svc (
struct arglist *desc,
int port,
const unsigned char *banner,
int trp)
1248 char tmp[1600], *norm = NULL;
1252 snprintf (tmp,
sizeof (tmp),
"unknown/banner/%d", port);
1255 norm = (
char *) port_to_name (port);
1259 snprintf (tmp,
sizeof (tmp),
1260 "An unknown service is running on this port%s.\n" 1268 mark_gnuserv (
struct arglist *desc,
int port)
1270 register_service (desc, port,
"gnuserv");
1271 post_log (
oid, desc, port,
"gnuserv is running on this port");
1275 mark_iss_realsecure (
struct arglist *desc,
int port)
1277 register_service (desc, port,
"issrealsecure");
1278 post_log (
oid, desc, port,
"ISS RealSecure is running on this port");
1282 mark_vmware_auth (
struct arglist *desc,
int port,
char *buffer,
int trp)
1286 register_service (desc, port,
"vmware_auth");
1288 snprintf (ban,
sizeof (ban),
1289 "A VMWare authentication daemon is running on this port%s:\n%s",
1295 mark_interscan_viruswall (
struct arglist *desc,
int port,
char *buffer,
int trp)
1299 register_service (desc, port,
"interscan_viruswall");
1301 snprintf (ban,
sizeof (ban),
1302 "An interscan viruswall is running on this port%s:\n%s",
1308 mark_ppp_daemon (
struct arglist *desc,
int port,
char *buffer,
int trp)
1312 register_service (desc, port,
"pppd");
1314 snprintf (ban,
sizeof (ban),
"A PPP daemon is running on this port%s",
1320 mark_zebra_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1324 register_service (desc, port,
"zebra");
1325 snprintf (ban,
sizeof (ban),
"zebra/banner/%d", port);
1327 snprintf (ban,
sizeof (ban),
1328 "A zebra daemon (bgpd or zebrad) is running on this port%s",
1334 mark_ircxpro_admin_server (
struct arglist *desc,
int port,
char *buffer,
1339 register_service (desc, port,
"ircxpro_admin");
1341 snprintf (ban,
sizeof (ban),
1342 "An IRCXPro administrative server is running on this port%s",
1349 mark_gnocatan_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1353 register_service (desc, port,
"gnocatan");
1355 snprintf (ban,
sizeof (ban),
1356 "A gnocatan game server is running on this port%s",
1363 mark_pbmaster_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1367 register_service (desc, port,
"power-broker-master");
1369 snprintf (ban,
sizeof (ban),
1370 "A PowerBroker master server is running on this port%s:\n%s",
1377 mark_dictd_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1381 register_service (desc, port,
"dicts");
1383 snprintf (ban,
sizeof (ban),
1384 "A dictd server is running on this port%s:\n%s",
1392 mark_pnsclient (
struct arglist *desc,
int port,
char *buffer,
int trp)
1396 register_service (desc, port,
"pNSClient");
1398 snprintf (ban,
sizeof (ban),
1399 "A Netsaint plugin (pNSClient.exe) is running on this port%s",
1406 mark_veritas_backup (
struct arglist *desc,
int port,
char *buffer,
int trp)
1409 register_service (desc, port,
"VeritasNetBackup");
1411 snprintf (ban,
sizeof (ban),
"VeritasNetBackup is running on this port%s",
1417 mark_pblocald_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1421 register_service (desc, port,
"power-broker-master");
1423 snprintf (ban,
sizeof (ban),
1424 "A PowerBroker locald server is running on this port%s:\n%s",
1430 mark_jabber_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1433 register_service (desc, port,
"jabber");
1434 snprintf (ban,
sizeof (ban),
1435 "jabber daemon seems to be running on this port%s",
1442 mark_avotus_mm_server (
struct arglist *desc,
int port,
char *buffer,
int trp)
1446 register_service (desc, port,
"avotus_mm");
1448 snprintf (ban,
sizeof (ban),
1449 "An avotus 'mm' server is running on this port%s:\n%s",
1455 mark_socks_proxy (
struct arglist *desc,
int port,
int ver)
1459 snprintf (str,
sizeof (str),
"socks%d", ver);
1460 register_service (desc, port, str);
1461 snprintf (str,
sizeof (str),
"A SOCKS%d proxy is running on this port. ",
1467 mark_direct_connect_hub (
struct arglist *desc,
int port,
int trp)
1471 register_service (desc, port,
"DirectConnectHub");
1472 snprintf (str,
sizeof (str),
1473 "A Direct Connect Hub is running on this port%s",
1488 #define MAX_SHIFT (3*365*86400) 1489 #define DIFF_1970_1900 2208988800U 1492 may_be_time (time_t * rtime)
1495 #define ABS(x) (((x) < 0) ? -(x):(x)) 1497 time_t now = time (NULL);
1508 plugin_do_run (
struct arglist *desc,
struct arglist *h,
int test_ssl)
1510 char *head =
"Ports/tcp/", *host_fqdn;
1511 u_short unknown[65535];
1512 int num_unknown = 0;
1513 int len_head = strlen (head);
1515 int rw_timeout = 20, cnx_timeout = 20, wrap_timeout = 20;
1526 struct in_addr *p_ip = hostinfo->
ip;
1530 http_get = g_strdup_printf (
"GET / HTTP/1.0\r\nHost: %s\r\n\r\n",
1534 if (rw_timeout_s != NULL && (x = atoi (rw_timeout_s)) > 0)
1536 if (cnx_timeout_s != NULL && (x = atoi (cnx_timeout_s)) > 0)
1538 if (wrap_timeout_s != NULL && (x = atoi (wrap_timeout_s)) >= 0)
1541 bzero (unknown,
sizeof (unknown));
1543 while (h && h->
next)
1545 if ((strlen (h->
name) > len_head) && !strncmp (h->
name, head, len_head))
1552 unsigned char *banner = NULL, *bannerHex = NULL;
1554 int port = atoi (h->
name + len_head);
1556 int unindentified_service = 0;
1557 int three_digits = 0;
1558 int maybe_wrapped = 0;
1562 int diff_tv = 0, diff_tv2 = 0;
1563 int type, no_banner_grabbed = 0;
1565 #define DIFFTV1000(t1,t2) ((t1.tv_sec - t2.tv_sec)*1000 + (t1.tv_usec - t2.tv_usec)/1000) 1567 bzero (buffer,
sizeof (buffer));
1569 snprintf (
kb,
sizeof (
kb),
"BannerHex/%d", port);
1571 if (type ==
ARG_STRING && bannerHex != NULL && bannerHex[0] !=
'\0')
1574 banner_len = strlen ((
char *) bannerHex) / 2;
1575 if (banner_len >=
sizeof (buffer))
1576 banner_len =
sizeof (buffer) - 1;
1577 for (i = 0; i < banner_len; i++)
1579 c1 = bannerHex[2 * i];
1580 if (c1 >= 0 && c1 <= 9)
1582 else if (c1 >=
'a' && c1 <=
'f')
1584 else if (c1 >=
'A' && c1 <=
'F')
1588 c2 = bannerHex[2 * i + 1];
1589 if (c2 >= 0 && c2 <= 9)
1591 else if (c2 >=
'a' && c2 <=
'f')
1593 else if (c2 >=
'A' && c2 <=
'F')
1597 buffer[i] = c1 << 4 | c2;
1601 banner = (
unsigned char *) buffer;
1604 (
"find_service(%s): found hex banner in KB for port %d len=%d",
1605 inet_ntoa (*p_ip), port, banner_len);
1609 if (banner_len == 0)
1611 snprintf (
kb,
sizeof (
kb),
"Banner/%d", port);
1615 banner_len = strlen ((
char *) banner);
1618 (
"find_service(%s): found banner in KB for port %d len=%d",
1619 inet_ntoa (*p_ip), port, banner_len);
1627 (
"find_service(%s): banner is known on port %d -" 1628 " will not open a new connection", inet_ntoa (*p_ip), port);
1637 (
"find_service(%s): banner is unknown on port %d" 1638 " - connecting...", inet_ntoa (*p_ip), port);
1650 gettimeofday (&tv1, NULL);
1652 if (cnx < 0 && test_ssl)
1655 gettimeofday (&tv1, NULL);
1658 gettimeofday (&tv2, NULL);
1662 if (cnx >= 0 || banner_len > 0)
1670 snprintf (k,
sizeof (k),
"FindService/CnxTime1000/%d",
1673 GSIZE_TO_POINTER (diff_tv));
1674 snprintf (k,
sizeof (k),
"FindService/CnxTime/%d", port);
1676 GSIZE_TO_POINTER (((diff_tv +
1678 if (diff_tv / 1000 > cnx_timeout)
1680 GSIZE_TO_POINTER (1));
1684 (
"find_service(%s): Port %d is open. \"Transport\" is %d",
1685 inet_ntoa (*p_ip), port, trp);
1693 snprintf (report,
sizeof (report),
1694 "A %s server answered on this port\n",
1698 GSIZE_TO_POINTER (port));
1706 if (banner != (
unsigned char *) buffer)
1708 if (len >=
sizeof (buffer))
1709 len =
sizeof (buffer) - 1;
1710 memcpy (buffer, banner, len);
1716 snprintf (
kb,
sizeof (
kb),
"/tmp/NoBanner/%d", port);
1721 no_banner_grabbed = GPOINTER_TO_SIZE (p);
1723 no_banner_grabbed = atoi ((
char *) p);
1728 (
"find_service(%s): no banner on port %d according to KB",
1729 inet_ntoa (*p_ip), port);
1732 if (!no_banner_grabbed)
1740 FD_SET (realfd, &rfds);
1741 FD_SET (realfd, &wfds);
1743 (void) gettimeofday (&tv1, NULL);
1745 tv.tv_sec = rw_timeout;
1746 x = select (realfd + 1, &rfds, &wfds, NULL, &tv);
1757 if (FD_ISSET (realfd, &rfds))
1762 sizeof (buffer) - 2);
1765 (void) gettimeofday (&tv2, NULL);
1774 (
"find_service(%s): no banner was found by" 1775 " openvas_tcp_scanner on port %d - sending GET" 1776 " without waiting", inet_ntoa (*p_ip), port);
1782 if (len <= 0 && !timeout)
1786 if (!no_banner_grabbed)
1788 (
"No banner on port %d - sending GET", port);
1792 (void) gettimeofday (&tv1, NULL);
1794 buffer[
sizeof (buffer) - 1] =
'\0';
1797 sizeof (buffer) - 1);
1804 if (len > 0 && len < 8
1805 && strncmp (buffer,
"HTTP/1.", len) == 0)
1809 sizeof (buffer) - 1 -
1815 (void) gettimeofday (&tv2, NULL);
1820 snprintf (k,
sizeof (k),
"FindService/RwTime1000/%d",
1823 GSIZE_TO_POINTER (diff_tv));
1824 snprintf (k,
sizeof (k),
"FindService/RwTime/%d", port);
1826 GSIZE_TO_POINTER ((diff_tv +
1828 if (diff_tv / 1000 > rw_timeout)
1830 ARG_INT, GSIZE_TO_POINTER (1));
1836 banner = g_malloc0 (len + 1);
1837 memcpy (banner, buffer, len);
1840 for (i = 0; i < len; i++)
1841 buffer[i] = ( buffer[i] ==
'\0' ) ?
'x' : tolower (buffer[i]);
1843 line = g_strdup (buffer);
1845 if (strchr (line,
'\n') != NULL)
1847 char *t = strchr (line,
'\n');
1850 if (isdigit (banner[0]) && isdigit (banner[1])
1851 && isdigit (banner[2]) && (banner[3] ==
'\0' 1852 || isspace (banner[3])
1853 || banner[3] ==
'-'))
1860 GSIZE_TO_POINTER (port));
1871 snprintf (
kb,
sizeof (
kb),
"FindService/tcp/%d/get_http",
1874 snprintf (
kb,
sizeof (
kb),
1875 "FindService/tcp/%d/spontaneous", port);
1879 char buf2[
sizeof (buffer) * 2 + 1];
1884 if (len >=
sizeof (buffer))
1885 len =
sizeof (buffer);
1887 for (y = 0; y < len; y++)
1889 snprintf (buf2 + 2 * y,
sizeof (buf2) - (2 * y),
1890 "%02x", (
unsigned char) banner[y]);
1891 if (banner[y] ==
'\0')
1899 origline = g_strdup ((
char *) banner);
1900 if (strchr (origline,
'\n') != NULL)
1902 char *t = strchr (origline,
'\n');
1905 line_len = strlen (origline);
1911 if ((!strncmp (line,
"http/1.", 7) ||
1912 strstr ((
char *) banner,
1913 "<title>Not supported</title>")))
1919 && (strstr (line,
"http/1.1 400 bad request") !=
1923 (line,
"http/1.0 403 forbidden",
1924 strlen (
"http/1.0 403 forbidden")) == 0
1925 && strstr (buffer,
"server: adsubtract") != NULL))
1933 if (((u_char) buffer[0] == 255)
1934 && (((u_char) buffer[1] == 251)
1935 || ((u_char) buffer[1] == 252)
1936 || ((u_char) buffer[1] == 253)
1937 || ((u_char) buffer[1] == 254)))
1939 else if (((u_char) buffer[0] == 0)
1940 && ((u_char) buffer[1] == 1)
1941 && ((u_char) buffer[2] == 1)
1942 && ((u_char) buffer[3] == 0))
1946 (line,
"http/1.0 403 forbidden",
1947 strlen (
"http/1.0 403 forbidden")) == 0
1948 && strstr (buffer,
"server: adsubtract") != NULL)
1952 else if (strstr ((
char *) banner,
"Eggdrop") != NULL &&
1953 strstr ((
char *) banner,
"Eggheads") != NULL)
1955 else if (strncmp (line,
"$lock ", strlen (
"$lock ")) == 0)
1956 mark_direct_connect_hub (desc, port, trp);
1957 else if (len > 34 && strstr (&(buffer[34]),
"iss ecnra"))
1958 mark_iss_realsecure (desc, port);
1959 else if (len == 4 && origline[0] ==
'Q' && origline[1] == 0
1960 && origline[2] == 0 && origline[3] == 0)
1961 mark_fw1 (desc, port, origline, trp);
1962 else if (strstr (line,
"adsgone blocked html ad") != NULL)
1963 mark_adsgone (desc, port, origline, trp);
1964 else if (strncmp (line,
"icy 200 ok", strlen (
"icy 200 ok"))
1966 mark_shoutcast_server (desc, port, origline, trp);
1967 else if ((!strncmp (line,
"200", 3)
1970 (line,
"running eudora internet mail server")))
1971 || (strstr (line,
"+ok applepasswordserver") !=
1973 mark_pop3pw_server (desc, port, origline, trp);
1975 if ((strstr (line,
"smtp")
1976 || strstr (line,
"simple mail transfer")
1977 || strstr (line,
"mail server")
1978 || strstr (line,
"messaging")
1979 || strstr (line,
"Weasel"))
1980 && !strncmp (line,
"220", 3))
1982 else if (strstr (line,
"220 ***************") || strstr (line,
"220 eSafe@"))
1985 else if (strstr (line,
"220 esafealert") != NULL)
1987 else if (strncmp (line,
"220", 3) == 0 &&
1988 strstr (line,
"groupwise internet agent") != NULL)
1990 else if (strncmp (line,
"220", 3) == 0
1991 && strstr (line,
" SNPP ") != NULL)
1993 else if (strncmp (line,
"200", 3) == 0 &&
1994 strstr (line,
"mail ") != NULL)
1996 else if (strncmp (line,
"421", 3) == 0
1997 && strstr (line,
"smtp ") != NULL)
1999 else if ( line[0] !=
'\0' && ( ( strncmp (buffer + 1,
"host '", 6) == 0) || ( strstr (buffer,
"mysql") != NULL || strstr (buffer,
"mariadb") != NULL ) ) )
2001 else if (!strncmp (line,
"efatal", 6)
2002 || !strncmp (line,
"einvalid packet length",
2003 strlen (
"einvalid packet length")))
2005 else if (strstr (line,
"cvsup server ready") != NULL)
2007 else if (!strncmp (line,
"cvs [pserver aborted]:", 22) ||
2008 !strncmp (line,
"cvs [server aborted]:", 21))
2010 else if (!strncmp (line,
"cvslock ", 8))
2012 else if (!strncmp (line,
"@rsyncd", 7))
2014 else if ((len == 4) && may_be_time ((time_t *) banner))
2015 mark_time_server (desc, port, banner, trp);
2016 else if (strstr (buffer,
"rmserver")
2017 || strstr (buffer,
"realserver"))
2020 if ((strstr (line,
"ftp") || strstr (line,
"winsock")
2021 || strstr (line,
"axis network camera")
2022 || strstr (line,
"netpresenz")
2023 || strstr (line,
"serv-u")
2024 || strstr (line,
"service ready for new user"))
2025 && !strncmp (line,
"220", 3))
2027 else if (strncmp (line,
"220-", 4) == 0)
2030 else if (strstr (line,
"220") && strstr (line,
"whois+"))
2031 mark_whois_plus2_server (desc, port, origline, trp);
2032 else if (strstr (line,
"520 command could not be executed"))
2033 mark_mon_server (desc, port, origline, trp);
2034 else if (strstr (line,
"ssh-"))
2036 else if (!strncmp (line,
"+ok", 3)
2037 || (!strncmp (line,
"+", 1)
2038 && strstr (line,
"pop")))
2040 else if (strstr (line,
"imap4")
2041 && !strncmp (line,
"* ok", 4))
2043 else if (strstr (line,
"*ok iplanet messaging multiplexor"))
2045 else if (strstr (line,
"*ok communigate pro imap server"))
2047 else if (strstr (line,
"* ok courier-imap"))
2049 else if (strncmp (line,
"giop", 4) == 0)
2050 mark_giop_server (desc, port, origline, trp);
2051 else if (strstr (line,
"microsoft routing server"))
2052 mark_exchg_routing_server (desc, port, origline, trp);
2054 else if (strstr (line,
"gap service ready"))
2055 mark_ens_server (desc, port, origline, trp);
2056 else if (strstr (line,
"-service not available"))
2057 mark_tcpmux_server (desc, port, origline, trp);
2062 else if (strlen (line) > 2 && line[0] == 0x7F
2064 && strncmp (&line[2],
"ica", 3) == 0)
2065 mark_citrix_server (desc, port, origline, trp);
2067 else if (strstr (origline,
" INN ")
2068 || strstr (origline,
" Leafnode ")
2069 || strstr (line,
" nntp daemon")
2070 || strstr (line,
" nnrp service ready")
2071 || strstr (line,
"posting ok")
2072 || strstr (line,
"posting allowed")
2073 || strstr (line,
"502 no permission")
2074 || (strcmp (line,
"502") == 0
2075 && strstr (line,
"diablo") != NULL))
2077 else if (strstr (buffer,
"networking/linuxconf")
2078 || strstr (buffer,
"networking/misc/linuxconf")
2079 || strstr (buffer,
"server: linuxconf"))
2081 else if (strncmp (buffer,
"gnudoit:", 8) == 0)
2082 mark_gnuserv (desc, port);
2084 if ((buffer[0] ==
'0' 2085 && strstr (buffer,
"error.host\t1") != NULL)
2086 || (buffer[0] ==
'3' 2088 "That item is not currently available")))
2089 mark_gopher_server (desc, port);
2092 (buffer,
"www-authenticate: basic realm=\"swat\""))
2094 else if (strstr (buffer,
"vqserver") &&
2095 strstr (buffer,
"www-authenticate: basic realm=/"))
2097 else if (strstr (buffer,
"1invalid request") != NULL)
2099 else if (strstr (buffer,
"get: command not found"))
2101 else if (strstr (buffer,
"microsoft windows") != NULL &&
2102 strstr (buffer,
"c:\\") != NULL &&
2103 strstr (buffer,
"(c) copyright 1985-") != NULL &&
2104 strstr (buffer,
"microsoft corp.") != NULL)
2106 else if (strstr (buffer,
"netbus"))
2108 else if (strstr (line,
"0 , 0 : error : unknown-error") ||
2109 strstr (line,
"0, 0: error: unknown-error") ||
2110 strstr (line,
"get : error : unknown-error") ||
2111 strstr (line,
"0 , 0 : error : invalid-port"))
2113 else if (!strncmp (line,
"http/1.", 7) && strstr (line,
"proxy"))
2116 else if (!strncmp (line,
"http/1.", 7)
2117 && strstr (buffer,
"via: "))
2119 else if (!strncmp (line,
"http/1.", 7)
2120 && strstr (buffer,
"proxy-connection: "))
2122 else if (!strncmp (line,
"http/1.", 7)
2123 && strstr (buffer,
"cache")
2124 && strstr (line,
"bad request"))
2127 else if (strncmp (line,
"http/1.", 7) == 0 &&
2128 strstr (buffer,
"gnutella") != NULL)
2129 mark_gnutella_servent (desc, port, banner, trp);
2131 else if (!strncmp (origline,
"RFB 00", 6)
2132 && strstr (line,
".00"))
2134 else if (!strncmp (line,
"ncacn_http/1.", 13))
2136 else if (line_len >= 14 &&
2139 strncmp (origline,
http_get, line_len) == 0)
2141 else if (strstr ((
char *) banner,
"!\"#$%&'()*+,-./")
2142 && strstr ((
char *) banner,
"ABCDEFGHIJ")
2143 && strstr ((
char *) banner,
"abcdefghij")
2144 && strstr ((
char *) banner,
"0123456789"))
2145 mark_chargen_server (desc, port);
2146 else if (strstr (line,
"vtun server"))
2147 mark_vtun_server (desc, port, banner, trp);
2148 else if (strcmp (line,
"login: password: ") == 0)
2149 mark_uucp_server (desc, port, banner, trp);
2150 else if (strcmp (line,
"bad request") == 0 ||
2151 strstr (line,
"invalid protocol request (71): gget / http/1.0") || (strncmp (line,
"lpd:", 4) == 0) || (strstr (line,
"lpsched") != NULL) || (strstr (line,
"malformed from address") != NULL) || (strstr (line,
"no connect permissions") != NULL) ||
2152 strcmp (line,
"bad request") == 0)
2153 mark_lpd_server (desc, port, banner, trp);
2154 else if (strstr (line,
"%%lyskom unsupported protocol"))
2155 mark_lyskom_server (desc, port, banner, trp);
2156 else if (strstr (line,
"598:get:command not recognized"))
2157 mark_ph_server (desc, port, banner, trp);
2158 else if (strstr (line,
"BitTorrent prot"))
2159 mark_BitTorrent_server (desc, port, banner, trp);
2160 else if (banner[0] ==
'A' && banner[1] == 0x01
2161 && banner[2] == 0x02 && banner[3] ==
'\0')
2162 mark_smux_server (desc, port, banner, trp);
2165 (line,
"0 succeeded\n", strlen (
"0 succeeded\n")))
2166 mark_LISa_server (desc, port, banner, trp);
2167 else if (strlen ((
char *) banner) == 3 && banner[2] ==
'\n')
2168 mark_msdtc_server (desc, port, banner);
2170 if ((!strncmp (line,
"220", 3)
2171 && strstr (line,
"poppassd")))
2172 mark_pop3pw_server (desc, port, origline, trp);
2173 else if (strstr (line,
"welcome!psybnc@") != NULL)
2174 mark_psybnc (desc, port, origline, trp);
2175 else if (strncmp (line,
"* acap ", strlen (
"* acap ")) == 0)
2176 mark_acap_server (desc, port, origline, trp);
2177 else if (strstr (origline,
"Sorry, you (") != NULL &&
2179 "are not among the allowed hosts...\n") !=
2181 mark_nagiosd_server (desc, port, origline, trp);
2182 else if (strstr (line,
"[ts].error") != NULL ||
2183 strstr (line,
"[ts].\n") != NULL)
2184 mark_teamspeak2_server (desc, port, origline, trp);
2185 else if (strstr (origline,
"Language received from client:")
2186 && strstr (origline,
"Setlocale:"))
2187 mark_websm_server (desc, port, origline, trp);
2188 else if (strncmp (origline,
"CNFGAPI", 7) == 0)
2189 mark_ofa_express_server (desc, port, origline, trp);
2190 else if (strstr (line,
"suse meta pppd") != NULL)
2191 mark_smppd_server (desc, port, origline, trp);
2194 (origline,
"ERR UNKNOWN-COMMAND",
2195 strlen (
"ERR UNKNOWN-COMMAND")) == 0)
2196 mark_upsmon_server (desc, port, origline, trp);
2198 if (strncmp (line,
"connected. ", strlen (
"connected. "))
2199 == 0 && strstr (line,
"legends") != NULL)
2200 mark_sub7_server (desc, port, origline, trp);
2201 else if (strncmp (line,
"spamd/", strlen (
"spamd/")) == 0)
2202 mark_spamd_server (desc, port, origline, trp);
2203 else if (strstr (line,
" dictd ")
2204 && strncmp (line,
"220", 3) == 0)
2205 mark_dictd_server (desc, port, origline, trp);
2206 else if (strncmp (line,
"220 ", 4) == 0 &&
2208 "vmware authentication daemon") != NULL)
2209 mark_vmware_auth (desc, port, origline, trp);
2210 else if (strncmp (line,
"220 ", 4) == 0 &&
2211 strstr (line,
"interscan version") != NULL)
2212 mark_interscan_viruswall (desc, port, origline, trp);
2213 else if ((strlen ((
char *) banner) > 1)
2214 && (banner[0] ==
'~')
2215 && (banner[strlen ((
char *) banner) - 1] ==
'~')
2216 && (strchr ((
char *) banner,
'}') != NULL))
2217 mark_ppp_daemon (desc, port, origline, trp);
2218 else if (strstr ((
char *) banner,
"Hello, this is zebra ")
2220 mark_zebra_server (desc, port, origline, trp);
2221 else if (strstr (line,
"ircxpro ") != NULL)
2222 mark_ircxpro_admin_server (desc, port, origline, trp);
2225 (origline,
"version report",
2226 strlen (
"version report")) == 0)
2227 mark_gnocatan_server (desc, port, origline, trp);
2228 else if (strncmp (origline,
"RTSP/1.0", strlen (
"RTSP/1.0"))
2229 && strstr (origline,
"QTSS/") != NULL)
2230 mark_quicktime_streaming_server (desc, port, origline,
2232 else if (strlen (origline) >= 2 && origline[0] == 0x30
2233 && origline[1] == 0x11 && origline[2] == 0)
2234 mark_dameware_server (desc, port, origline, trp);
2235 else if (strstr (line,
"stonegate firewall") != NULL)
2236 mark_stonegate_auth_server (desc, port, origline, trp);
2237 else if (strncmp (line,
"pbmasterd", strlen (
"pbmasterd"))
2239 mark_pbmaster_server (desc, port, origline, trp);
2240 else if (strncmp (line,
"pblocald", strlen (
"pblocald")) ==
2242 mark_pblocald_server (desc, port, origline, trp);
2245 (line,
"<stream:error>invalid xml</stream:error>",
2246 strlen (
"<stream:error>invalid xml</stream:error>"))
2248 mark_jabber_server (desc, port, origline, trp);
2251 (line,
"/c -2 get ctgetoptions",
2252 strlen (
"/c -2 get ctgetoptions")) == 0)
2253 mark_avotus_mm_server (desc, port, origline, trp);
2256 (line,
"error:wrong password",
2257 strlen (
"error:wrong password")) == 0)
2258 mark_pnsclient (desc, port, origline, trp);
2260 if (strncmp (line,
"1000 2", strlen (
"1000 2"))
2262 mark_veritas_backup (desc, port, origline, trp);
2265 (line,
"the file name you specified is invalid")
2266 && strstr (line,
"listserv"))
2270 (line,
"control password:",
2271 strlen (
"control password:")) == 0)
2275 (line,
"remotenc control password:",
2276 strlen (
"remotenc control password:")) == 0)
2280 (
unsigned char *) strstr ((
char *) banner,
2281 "finger: GET: no such user"))
2283 && strstr ((
char *) banner,
2284 "finger: /: no such user") != NULL
2285 && strstr ((
char *) banner,
2286 "finger: HTTP/1.0: no such user") != NULL)
2287 || strstr ((
char *) banner,
2288 "Login Name TTY Idle When Where")
2289 || strstr ((
char *) banner,
"Line User")
2290 || strstr ((
char *) banner,
"Login name: GET"))
2295 while (p - banner > 0 && isspace (*p))
2299 mark_finger_server (desc, port, p ? banner : NULL,
2306 else if (banner[0] == 5 && banner[1] <= 8 &&
2307 banner[2] == 0 && banner[3] <= 4)
2308 mark_socks_proxy (desc, port, 5);
2309 else if (banner[0] == 0 && banner[1] >= 90
2311 mark_socks_proxy (desc, port, 4);
2313 unindentified_service = !flg;
2322 (
"find_service(%s): could not read anything from port %d",
2323 inet_ntoa (*p_ip), port);
2325 unindentified_service = 1;
2326 #define TESTSTRING "OpenVAS Wrap Test" 2341 if (port == 513 || port == 514 )
2348 int nfd, fd, x, flag = 0;
2353 (
"find_service(%s): potentially wrapped service on port %d",
2354 inet_ntoa (*p_ip), port);
2365 tv.tv_sec = wrap_timeout;
2368 signal (SIGALRM, SIG_IGN);
2370 (void) gettimeofday (&tv1, NULL);
2371 x = select (fd + 1, &rfds, NULL, NULL, &tv);
2372 (void) gettimeofday (&tv2, NULL);
2376 (
"find_service(%s): select(port=%d)=%d after" 2377 " %d.%03d s on %d", inet_ntoa (*p_ip), port, x,
2378 diff_tv2, diff_tv2 / 1000, wrap_timeout);
2389 x = recv (fd, &b, 1, MSG_DONTWAIT);
2390 if (x == 0 || (x < 0 && errno == EPIPE))
2407 if (send (fd,
"Z", 1, MSG_DONTWAIT) < 0)
2417 if (diff_tv2 <= 2 * diff_tv + 1)
2419 mark_wrapped_svc (desc, port, diff_tv2 / 1000);
2420 unindentified_service = 0;
2425 The service on port %s:%d closes the connection in %d.%03d s when we send garbage,\n\ 2426 and in %d.%03d when we just wait. It is probably not wrapped", inet_ntoa (*p_ip), port, diff_tv / 1000, diff_tv % 1000, diff_tv2 / 1000, diff_tv2 % 1000);
2432 if (unindentified_service && port != 139 && port != 135
2439 unknown[num_unknown++] = port;
2445 mark_unknown_svc (desc, port, banner, trp);
2452 (
"find_service(%s): could not connect to port %d",
2453 inet_ntoa (*p_ip), port);
2465 #define MAX_SONS 128 2476 kill (sons[i], SIGTERM);
2487 waitpid (sons[i], NULL, WNOHANG);
2492 fwd_data (
int in,
int out, pid_t sender)
2516 struct kb_item *kbitem, *kbitem_tmp;
2534 if (key && key[0] !=
'\0')
2539 if (cert && cert[0] !=
'\0')
2544 if (cafile && cafile[0] !=
'\0')
2549 if (test_ssl_s != NULL)
2551 if (strcmp (test_ssl_s,
"None") == 0)
2563 if (pempass != NULL)
2569 signal (SIGTERM, sigterm);
2570 signal (SIGCHLD, sigchld);
2571 if (num_sons_s != NULL)
2572 num_sons = atoi (num_sons_s);
2583 for (i = 0; i < num_sons; i++)
2586 sons_args[i] = NULL;
2592 kbitem = kb_item_get_pattern (
kb,
"Ports/tcp/*");
2595 kbitem_tmp = kbitem;
2596 while (kbitem_tmp != NULL)
2599 kbitem_tmp = kbitem_tmp->
next;
2602 port_per_son = num_ports / num_sons;
2607 kbitem_tmp = kbitem;
2609 for (i = 0; i < num_sons; i = i + 1)
2613 if (kbitem_tmp != NULL)
2615 for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2617 if (sons_args[i] == NULL)
2618 sons_args[i] = g_malloc0 (
sizeof (
struct arglist));
2622 kbitem_tmp = kbitem_tmp->
next;
2630 for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2632 if (sons_args[i] == NULL)
2633 sons_args[i] = g_malloc0 (
sizeof (
struct arglist));
2636 kbitem_tmp = kbitem_tmp->
next;
2642 for (i = 0; i < num_sons; i++)
2643 if (sons_args[i] == NULL)
2650 for (i = 0; i < num_sons; i++)
2653 if (sons_args[i] != NULL)
2655 if (socketpair (AF_UNIX, SOCK_STREAM, 0, sons_pipe[i]) < 0)
2657 perror (
"socketpair ");
2668 close (sons_pipe[i][1]);
2670 soc = sons_pipe[i][0];
2671 arg_set_value (globals,
"global_socket", GSIZE_TO_POINTER (soc));
2672 signal (SIGTERM, _exit);
2673 plugin_do_run (desc, sons_args[i], test_ssl);
2678 close (sons_pipe[i][0]);
2698 for (i = 0; i < num_sons; i++)
2700 if (sons[i] != 0 && (sons_pipe[i][1] >= 0))
2702 FD_SET (sons_pipe[i][1], &rd);
2703 if (sons_pipe[i][1] >
max)
2704 max = sons_pipe[i][1];
2709 tv.tv_usec = 100000;
2711 e = select (
max + 1, &rd, NULL, NULL, &tv);
2712 if (e < 0 && errno == EINTR)
2717 for (i = 0; i < num_sons; i++)
2719 if (sons[i] != 0 && sons_pipe[i][1] >= 0
2720 && FD_ISSET (sons_pipe[i][1], &rd) != 0)
2722 if (fwd_data (sons_pipe[i][1], unix_sock, sons[i]) < 0)
2724 close (sons_pipe[i][1]);
2725 sons_pipe[i][1] = -1;
2726 while (waitpid (sons[i], NULL, WNOHANG)
2733 for (i = 0; i < num_sons; i++)
2737 while (waitpid (sons[i], NULL, WNOHANG) && errno == EINTR);
2739 if (kill (sons[i], 0) < 0)
2741 fwd_data (sons_pipe[i][1], unix_sock, sons[i]);
2742 close (sons_pipe[i][1]);
2743 sons_pipe[i][1] = -1;
tree_cell * plugin_run_find_service(lex_ctxt *lexic)
void mark_postgresql(struct arglist *desc, int port, char *buffer)
const char * get_encaps_name(openvas_encaps_t code)
void mark_echo_server(struct arglist *desc, int port)
void plug_replace_key(struct arglist *args, char *name, int type, void *value)
void kb_item_free(struct kb_item *)
Release a KB item (or a list).
void mark_rsync(struct arglist *desc, int port, char *buffer, int trp)
void nvticache_reset()
Reset connection to KB. To be called after a fork().
void mark_nntp_server(struct arglist *desc, int port, char *buffer, int trp)
tree_cell * http_get(lex_ctxt *lexic)
int arg_set_value(struct arglist *arglst, const char *name, void *value)
void mark_netbus_server(struct arglist *desc, int port, char *buffer)
void mark_swat_server(struct arglist *desc, int port, unsigned char *buffer)
void plug_set_key(struct arglist *args, char *name, int type, const void *value)
void * plug_get_key(struct arglist *args, char *name, int *type, int single)
void mark_telnet_server(struct arglist *desc, int port, char *buffer, int trp)
Knowledge base item (defined by name, type (int/char*) and value). Implemented as a singly linked lis...
void plug_set_ssl_CA_file(struct arglist *args, char *key)
void arg_free(struct arglist *arg)
void mark_linuxconf(struct arglist *desc, int port, unsigned char *buffer)
int openvas_get_socket_from_connection(int fd)
void mark_locked_adsubtract_server(struct arglist *desc, int port, unsigned char *buffer, int trp)
int open_stream_connection(struct arglist *args, unsigned int port, int transport, int timeout)
void mark_mysql(struct arglist *desc, int port, char *buffer)
#define DIFFTV1000(t1, t2)
void mark_imap_server(struct arglist *desc, int port, char *buffer, int trp)
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
void mark_cvsupserver(struct arglist *desc, int port, char *buffer, int trp)
char * plug_get_host_fqdn(struct arglist *desc)
void mark_ssh_server(struct arglist *desc, int port, char *buffer)
const char * get_plugin_preference_fname(struct arglist *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
#define WRAP_TIMEOUT_PREF
int read_stream_connection(int fd, void *buf0, int len)
void plug_set_port_transport(struct arglist *args, int port, int tr)
void plug_set_ssl_pem_password(struct arglist *args, char *key)
kb_t plug_get_kb(struct arglist *args)
void post_log(const char *oid, struct arglist *desc, int port, const char *action)
Post a log message about a tcp port.
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
int internal_recv(int soc, char **data, int *data_sz, int *msg_type)
void arg_add_value(struct arglist *arglst, const char *name, int type, void *value)
Top-level KB. This is to be inherited by KB implementations.
void mark_http_proxy(struct arglist *desc, int port, unsigned char *buffer, int trp)
void mark_cvspserver(struct arglist *desc, int port, char *buffer, int trp)
void mark_rmserver(struct arglist *desc, int port, char *buffer, int trp)
void post_alarm(const char *oid, struct arglist *desc, int port, const char *action)
void mark_auth_server(struct arglist *desc, int port, char *buffer)
void mark_eggdrop_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_gnome14_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_fssniffer(struct arglist *desc, int port, char *buffer, int trp)
struct timeval timeval(unsigned long val)
void mark_ncacn_http_server(struct arglist *desc, int port, char *buffer)
int write_stream_connection(int fd, void *buf0, int n)
void mark_remote_nc_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_pop_server(struct arglist *desc, int port, char *buffer)
const char * get_encaps_through(openvas_encaps_t code)
int arg_get_value_int(struct arglist *args, const char *name)
int internal_send(int soc, char *data, int msg_type)
void mark_wild_shell(struct arglist *desc, int port, char *buffer)
void plug_set_ssl_cert(struct arglist *args, char *cert)
void plug_set_ssl_key(struct arglist *args, char *key)
void mark_mldonkey(struct arglist *desc, int port, unsigned char *buffer)
void mark_smtp_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_snpp_server(struct arglist *desc, int port, char *buffer, int trp)
struct arglist * script_infos
void mark_listserv_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_vnc_server(struct arglist *desc, int port, char *buffer)
void mark_vqserver(struct arglist *desc, int port, unsigned char *buffer)
void * arg_get_value(struct arglist *args, const char *name)
void mark_ftp_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_cvslockserver(struct arglist *desc, int port, char *buffer, int trp)
void mark_http_server(struct arglist *desc, int port, unsigned char *buffer, int trp)
int stream_set_timeout(int fd, int timeout)
char * get_plugin_preference(const char *oid, const char *name)
int close_stream_connection(int fd)