Greenbone Vulnerability Manager
8.0.1~git
|
The Greenbone Vulnerability Manager daemon. More...
#include "comm.h"
#include "gmpd.h"
#include "manage.h"
#include "manage_sql_secinfo.h"
#include "scanner.h"
#include "utils.h"
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <glib/gstdio.h>
#include <gnutls/gnutls.h>
#include <grp.h>
#include <gvm/base/logging.h>
#include <gvm/base/pidfile.h>
#include <gvm/base/proctitle.h>
#include <gvm/base/pwpolicy.h>
#include <gvm/util/serverutils.h>
#include <locale.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <unistd.h>
#include <execinfo.h>
Data Structures | |
struct | connection_watcher_data_t |
Connection watcher thread data. More... | |
Macros | |
#define | G_LOG_DOMAIN "md main" |
GLib log domain. | |
#define | GVMD_VERSION "-1" |
The version number of this program. | |
#define | GVM_OS_NAME "-1" |
The name of the underlying Operating System. | |
#define | OPENVASSD_ADDRESS GVM_RUN_DIR "/openvassd.sock" |
Scanner (openvassd) address. | |
#define | SCANNERCERT "/var/lib/openvas/CA/servercert.pem" |
Location of scanner certificate. | |
#define | SCANNERKEY "/var/lib/openvas/private/CA/serverkey.pem" |
Location of scanner certificate private key. | |
#define | CACERT "/var/lib/openvas/CA/cacert.pem" |
Location of Certificate Authority certificate. | |
#define | CLIENTCERT "/var/lib/openvas/CA/clientcert.pem" |
Location of client certificate. | |
#define | CLIENTKEY "/var/lib/openvas/private/CA/clientkey.pem" |
Location of client certificate private key. | |
#define | OPENVASSD_PORT 9391 |
Scanner port. More... | |
#define | GVMD_PORT 9390 |
Manager port. More... | |
#define | MAX_CONNECTIONS 512 |
Second argument to ‘listen’. | |
#define | DEFAULT_CLIENT_WATCH_INTERVAL 1 |
Default value for client_watch_interval. | |
#define | BA_SIZE 100 |
Maximum number of frames in backtrace. More... | |
Functions | |
static void | set_gnutls_priority (gnutls_session_t *session, const char *priority) |
Sets the GnuTLS priorities for a given session. More... | |
static int | option_lock (lockfile_t *lockfile_checking) |
Lock gvm-helping for an option. More... | |
static connection_watcher_data_t * | connection_watcher_data_new (gvm_connection_t *client_connection) |
Create a new connection watcher thread data structure. More... | |
static void * | watch_client_connection (void *data) |
Thread start routine watching the client connection. More... | |
static int | serve_client (int server_socket, gvm_connection_t *client_connection) |
Serve the client. More... | |
static void | accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current) |
Accept and fork. More... | |
static int | fork_connection_internal (gvm_connection_t *client_connection, const gchar *uuid, int scheduler) |
Fork a child connected to the Manager. More... | |
static int | fork_connection_for_scheduler (gvm_connection_t *client_connection, const gchar *uuid) |
Fork a child connected to the Manager. More... | |
static int | fork_connection_for_event (gvm_connection_t *client_connection, const gchar *uuid) |
Fork a child connected to the Manager. More... | |
static void | log_config_free () |
Free logging configuration. | |
static void | cleanup () |
Clean up for exit. More... | |
static void | setup_signal_handler (int signal, void(*handler)(int), int block) |
Setup signal handler. More... | |
static void | setup_signal_handler_info (int signal, void(*handler)(int, siginfo_t *, void *), int block) |
Setup signal handler. More... | |
static void | handle_sigabrt (int given_signal) |
Handle a SIGABRT signal. More... | |
static void | handle_termination_signal (int signal) |
Handle a termination signal. More... | |
static void | handle_sigsegv (int given_signal) |
Handle a SIGSEGV signal. More... | |
static void | handle_sigchld (int given_signal, siginfo_t *info, void *ucontext) |
Handle a SIGCHLD signal. More... | |
static void | handle_sigabrt_simple (int signal) |
Handle a SIGABRT signal. More... | |
static int | update_nvt_cache (int register_cleanup) |
Updates the NVT Cache and exits or returns exit code. More... | |
static int | update_nvt_cache_retry () |
Update NVT cache in forked child, retrying if scanner loading. More... | |
static int | fork_update_nvt_cache () |
Update the NVT cache in a child process. More... | |
static void | serve_and_schedule () |
Serve incoming connections, scheduling periodically. More... | |
static int | manager_listen (const char *address_str_unix, const char *address_str_tls, const char *port_str, const char *socket_owner, const char *socket_group, const char *socket_mode, int *soc) |
Set a socket to listen for connections. More... | |
int | main (int argc, char **argv) |
Entry point to the manager. More... | |
Variables | |
static int | client_watch_interval = DEFAULT_CLIENT_WATCH_INTERVAL |
Interval in seconds to check whether client connection was closed. | |
static int | manager_socket = -1 |
The socket accepting GMP connections from clients. | |
static int | manager_socket_2 = -1 |
The optional, second socket accepting GMP connections from clients. | |
static int | use_tls = 0 |
Whether to use TLS for client connections. | |
static gnutls_session_t | client_session |
The client session. | |
static gnutls_certificate_credentials_t | client_credentials |
The client credentials. | |
static gchar * | database = NULL |
Location of the manage database. | |
static int | is_parent = 1 |
Is this process parent or child? | |
volatile int | termination_signal = 0 |
Flag for signal handlers. | |
static gchar ** | disabled_commands = NULL |
The address of the Scanner. | |
gboolean | disable_encrypted_credentials |
Flag indicating that encrypted credentials are disabled. More... | |
static gboolean | scheduling_enabled |
Flag indicating that task scheduling is enabled. | |
char | client_address [INET6_ADDRSTRLEN] |
The GMP client's address. | |
static sigset_t * | sigmask_normal = NULL |
Signal mask to restore when going from blocked to normal signaling. | |
static gchar * | priorities_option = "NORMAL" |
GnuTLS priorities. | |
static gchar * | dh_params_option = NULL |
GnuTLS DH params file. | |
static int | update_in_progress = 0 |
Whether an NVT update is in progress. | |
GSList * | log_config = NULL |
Logging parameters, as passed to setup_log_handlers. | |
The Greenbone Vulnerability Manager daemon.
This file defines the Greenbone Vulnerability Manager daemon. The Manager serves the Greenbone Management Protocol (GMP) to clients such as Greenbone Security Assistant (the web interface). The Manager and GMP give clients full access to an OpenVAS Scanner.
The entry point to the daemon is the main function. From there the references in the function documentation describe the flow of control in the program.
#define BA_SIZE 100 |
Maximum number of frames in backtrace.
For debugging backtrace in handle_sigabrt.
#define GVMD_PORT 9390 |
Manager port.
Used if /etc/services "gmp" and –sport are missing.
#define OPENVASSD_PORT 9391 |
Scanner port.
Used if /etc/services "otp" and –port missing.
|
static |
Accept and fork.
[in] | server_socket | Manager socket. |
[in] | sigmask_current | Sigmask to restore in child. |
Accept the client connection and fork a child process to serve the client. The child calls serve_client to do the rest of the work.
|
static |
Clean up for exit.
Close sockets and streams.
|
static |
Create a new connection watcher thread data structure.
[in] | client_connection | GVM connection to client to watch. |
|
static |
Fork a child connected to the Manager.
[in] | client_connection | Client connection. |
[in] | uuid | UUID of user. |
|
static |
Fork a child connected to the Manager.
[in] | client_connection | Client connection. |
[in] | uuid | UUID of schedule user. |
|
static |
Fork a child connected to the Manager.
[in] | client_connection | Client connection. |
[in] | uuid | UUID of schedule user. |
[in] | scheduler | Whether this is for the scheduler. |
|
static |
Update the NVT cache in a child process.
|
static |
Handle a SIGABRT signal.
[in] | given_signal | The signal that caused this function to run. |
|
static |
Handle a SIGABRT signal.
[in] | signal | The signal that caused this function to run. |
|
static |
Handle a SIGCHLD signal.
[in] | given_signal | The signal that caused this function to run. |
[in] | info | Signal info. |
[in] | ucontext | User context. |
|
static |
Handle a SIGSEGV signal.
[in] | given_signal | The signal that caused this function to run. |
|
static |
Handle a termination signal.
[in] | signal | The signal that caused this function to run. |
int main | ( | int | argc, |
char ** | argv | ||
) |
Entry point to the manager.
[in] | argc | The number of arguments in argv. |
[in] | argv | The list of arguments to the program. |
|
static |
Set a socket to listen for connections.
[in] | address_str_unix | File name to bind to. NULL for TLS. |
[in] | address_str_tls | IP or hostname to bind to. |
[in] | port_str | Port to bind to, for TLS. |
[out] | socket_owner | Owner of socket, for UNIX. |
[out] | socket_group | Group of socket, for UNIX. |
[out] | socket_mode | Mode of socket, in octal, for UNIX. |
[out] | soc | Socket listened on. |
|
static |
Lock gvm-helping for an option.
[in] | lockfile_checking | The gvm-checking lockfile. |
|
static |
Serve incoming connections, scheduling periodically.
Enter an infinite loop, waiting for connections and passing the work to ‘accept_and_maybe_fork’.
Periodically, call the manage scheduler to start and stop scheduled tasks.
|
static |
Serve the client.
Connect to the openvassd scanner, then call serve_gmp to serve GMP.
In all cases, close client_socket before returning.
[in] | server_socket | The socket connected to the Manager. |
[in] | client_connection | The connection to the client. |
|
static |
Sets the GnuTLS priorities for a given session.
[in] | session | Session for which to set the priorities. |
[in] | priority | Priority string. |
|
static |
Setup signal handler.
Exit on failure.
[in] | signal | Signal. |
[in] | handler | Handler. |
[in] | block | Whether to block all other signals during handler. |
|
static |
Setup signal handler.
Exit on failure.
[in] | signal | Signal. |
[in] | handler | Handler. |
[in] | block | Whether to block all other signals during handler. |
|
static |
Updates the NVT Cache and exits or returns exit code.
[in] | register_cleanup | Whether to register cleanup with atexit. |
|
static |
Update NVT cache in forked child, retrying if scanner loading.
Forks a child process to rebuild the nvt cache, retrying again if the child process reports that the scanner is still loading.
|
static |
Thread start routine watching the client connection.
[in] | data | The connection data watcher struct. |
gboolean disable_encrypted_credentials |
Flag indicating that encrypted credentials are disabled.
Setting this flag does not change any existing encrypted tuples but simply won't encrypt or decrypt anything. The variable is controlled by the command line option –disable-encrypted-credentials.