OpenVAS Libraries  9.0.1
Macros | Functions | Variables
openvas_server.c File Reference

GnuTLS based functions for communication with an OpenVAS server. More...

#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <gcrypt.h>
#include <glib.h>
#include <string.h>
#include <stdio.h>
#include "openvas_server.h"

Macros

#define _GNU_SOURCE
 
#define G_LOG_DOMAIN   "lib serv"
 GLib log domain. More...
 

Functions

void openvas_connection_free (openvas_connection_t *client_connection)
 Free connection. More...
 
int openvas_server_verify (gnutls_session_t session)
 Verify certificate. More...
 
int load_gnutls_file (const char *file, gnutls_datum_t *loaded_file)
 Loads a file's data into gnutls_datum_t struct. More...
 
void unload_gnutls_file (gnutls_datum_t *data)
 Unloads a gnutls_datum_t struct's data. More...
 
int openvas_server_open_verify (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem, int verify)
 Connect to the server using a given host, port and cert. More...
 
int openvas_server_open_with_cert (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem)
 Connect to the server using a given host, port and cert. More...
 
int openvas_server_open (gnutls_session_t *session, const char *host, int port)
 Connect to the server using a given host and port. More...
 
int openvas_server_close (int socket, gnutls_session_t session)
 Close a server connection and its socket. More...
 
void openvas_connection_close (openvas_connection_t *connection)
 Close a server connection and its socket. More...
 
int openvas_server_connect (int server_socket, struct sockaddr_in *server_address, gnutls_session_t *server_session)
 Connect to a server. More...
 
int openvas_server_attach (int socket, gnutls_session_t *session)
 Attach a socket to a session, and shake hands with the peer. More...
 
int openvas_server_vsendf (gnutls_session_t *session, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int openvas_connection_vsendf (openvas_connection_t *connection, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int openvas_server_vsendf_quiet (gnutls_session_t *session, const char *fmt, va_list ap)
 Send a string to the server, refraining from logging besides warnings. More...
 
int openvas_connection_vsendf_quiet (openvas_connection_t *connection, const char *fmt, va_list ap)
 Send a string to the server, refraining from logging besides warnings. More...
 
int openvas_server_sendf (gnutls_session_t *session, const char *format,...)
 Format and send a string to the server. More...
 
int openvas_connection_sendf (openvas_connection_t *connection, const char *format,...)
 Format and send a string to the server. More...
 
int openvas_server_sendf_quiet (gnutls_session_t *session, const char *format,...)
 Format and send a string to the server. More...
 
int openvas_connection_sendf_quiet (openvas_connection_t *connection, const char *format,...)
 Format and send a string to the server. More...
 
int openvas_server_sendf_xml (gnutls_session_t *session, const char *format,...)
 Format and send an XML string to the server. More...
 
int openvas_connection_sendf_xml (openvas_connection_t *connection, const char *format,...)
 Format and send an XML string to the server. More...
 
int openvas_server_sendf_xml_quiet (gnutls_session_t *session, const char *format,...)
 Format and send an XML string to the server. More...
 
int openvas_connection_sendf_xml_quiet (openvas_connection_t *connection, const char *format,...)
 Format and send an XML string to the server. More...
 
int openvas_server_new (unsigned int end_type, gchar *ca_cert_file, gchar *cert_file, gchar *key_file, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
 Make a session for connecting to a server. More...
 
int openvas_server_new_mem (unsigned int end_type, const char *ca_cert, const char *pub_key, const char *priv_key, gnutls_session_t *session, gnutls_certificate_credentials_t *credentials)
 Make a session for connecting to a server, with certificates stored in memory. More...
 
int set_gnutls_dhparams (gnutls_certificate_credentials_t creds, const char *dhparams_file)
 Set a gnutls session's Diffie-Hellman parameters. More...
 
int openvas_server_free (int server_socket, gnutls_session_t server_session, gnutls_certificate_credentials_t server_credentials)
 Cleanup a server session. More...
 

Variables

struct sockaddr_in address
 Server address. More...
 

Detailed Description

GnuTLS based functions for communication with an OpenVAS server.

GnuTLS based functions for communication with an OpenVAS server. Copyright (C) 2009, 2012 Greenbone Networks GmbH

Authors: Matthew Mundell matt@.nosp@m.mund.nosp@m.ell.u.nosp@m.kfsn.nosp@m..org Jan-Oliver Wagner jan-o.nosp@m.live.nosp@m.r.wag.nosp@m.ner@.nosp@m.green.nosp@m.bone.nosp@m..net Michael Wiegand micha.nosp@m.el.w.nosp@m.iegan.nosp@m.d@gr.nosp@m.eenbo.nosp@m.ne.n.nosp@m.et Werner Koch wk@gn.nosp@m.upg..nosp@m.org

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

This library supplies low-level communication functions for communication with an OpenVAS server over GnuTLS.

Macro Definition Documentation

◆ _GNU_SOURCE

#define _GNU_SOURCE
Todo:
Ensure that every global init gets a free.

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib serv"

GLib log domain.

Todo:
This module nearly fulfils the requirements to be placed in the base library (the gnutls dependency makes it a candidate for the net library).

Function Documentation

◆ load_gnutls_file()

int load_gnutls_file ( const char *  file,
gnutls_datum_t *  loaded_file 
)

Loads a file's data into gnutls_datum_t struct.

Parameters
[in]fileFile to load.
[out]loaded_fileDestination to load file into.
Returns
0 if success, -1 if error.

◆ openvas_connection_close()

void openvas_connection_close ( openvas_connection_t connection)

Close a server connection and its socket.

Parameters
[in]connectionConnection.
Returns
0 on success, -1 on error.

◆ openvas_connection_free()

void openvas_connection_free ( openvas_connection_t client_connection)

Free connection.

Parameters
[in]client_connectionConnection.

◆ openvas_connection_sendf()

int openvas_connection_sendf ( openvas_connection_t connection,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_connection_sendf_quiet()

int openvas_connection_sendf_quiet ( openvas_connection_t connection,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_connection_sendf_xml()

int openvas_connection_sendf_xml ( openvas_connection_t connection,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_connection_sendf_xml_quiet()

int openvas_connection_sendf_xml_quiet ( openvas_connection_t connection,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_connection_vsendf()

int openvas_connection_vsendf ( openvas_connection_t connection,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]connectionConnection.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ openvas_connection_vsendf_quiet()

int openvas_connection_vsendf_quiet ( openvas_connection_t connection,
const char *  fmt,
va_list  ap 
)

Send a string to the server, refraining from logging besides warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ openvas_server_attach()

int openvas_server_attach ( int  socket,
gnutls_session_t *  session 
)

Attach a socket to a session, and shake hands with the peer.

Parameters
[in]socketSocket.
[in]sessionPointer to GNUTLS session. FIXME: Why is this a pointer to a session?
Returns
0 on success, -1 on error.

◆ openvas_server_close()

int openvas_server_close ( int  socket,
gnutls_session_t  session 
)

Close a server connection and its socket.

Parameters
[in]socketSocket connected to server (from connect_to_server).
[in]sessionGNUTLS session with server.
Returns
0 on success, -1 on error.

◆ openvas_server_connect()

int openvas_server_connect ( int  server_socket,
struct sockaddr_in *  server_address,
gnutls_session_t *  server_session 
)

Connect to a server.

Parameters
[in]server_socketSocket to connect to server.
[in]server_addressServer address.
[in]server_sessionSession to connect to server.
Returns
0 on success, -1 on error.

◆ openvas_server_free()

int openvas_server_free ( int  server_socket,
gnutls_session_t  server_session,
gnutls_certificate_credentials_t  server_credentials 
)

Cleanup a server session.

This shuts down the TLS session, closes the socket and releases the TLS resources.

Parameters
[in]server_socketThe socket connected to the server.
[in]server_sessionThe session with the server.
[in]server_credentialsCredentials or NULL.
Returns
0 success, -1 error.

◆ openvas_server_new()

int openvas_server_new ( unsigned int  end_type,
gchar *  ca_cert_file,
gchar *  cert_file,
gchar *  key_file,
gnutls_session_t *  server_session,
gnutls_certificate_credentials_t *  server_credentials 
)

Make a session for connecting to a server.

Parameters
[in]end_typeConnection end type (GNUTLS_SERVER or GNUTLS_CLIENT).
[in]ca_cert_fileCertificate authority file.
[in]cert_fileCertificate file.
[in]key_fileKey file.
[out]server_sessionThe session with the server.
[out]server_credentialsServer credentials.
Returns
0 on success, -1 on error.

◆ openvas_server_new_mem()

int openvas_server_new_mem ( unsigned int  end_type,
const char *  ca_cert,
const char *  pub_key,
const char *  priv_key,
gnutls_session_t *  session,
gnutls_certificate_credentials_t *  credentials 
)

Make a session for connecting to a server, with certificates stored in memory.

Parameters
[in]end_typeConnecton end type: GNUTLS_SERVER or GNUTLS_CLIENT.
[in]ca_certCertificate authority public key.
[in]pub_keyPublic key.
[in]priv_keyPrivate key.
[out]sessionThe session with the server.
[out]credentialsServer credentials.
Returns
0 on success, -1 on error.

◆ openvas_server_open()

int openvas_server_open ( gnutls_session_t *  session,
const char *  host,
int  port 
)

Connect to the server using a given host and port.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
Returns
0 on success, -1 on error.

◆ openvas_server_open_verify()

int openvas_server_open_verify ( gnutls_session_t *  session,
const char *  host,
int  port,
const char *  ca_mem,
const char *  pub_mem,
const char *  priv_mem,
int  verify 
)

Connect to the server using a given host, port and cert.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
[in]ca_memCA cert.
[in]pub_memPublic key.
[in]priv_memPrivate key.
[in]verifyWhether to verify.
Returns
0 on success, -1 on error.
Todo:
Ensure that host and port have sane values.
Todo:
Improve logging.
Todo:
On success we are leaking the credentials. We can't free them because the session only makes a shallow copy. A solution would be to lookup already created credentials and reuse them.
Todo:
Use openvas_server_connect.

◆ openvas_server_open_with_cert()

int openvas_server_open_with_cert ( gnutls_session_t *  session,
const char *  host,
int  port,
const char *  ca_mem,
const char *  pub_mem,
const char *  priv_mem 
)

Connect to the server using a given host, port and cert.

Verify if all cert args are given.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
[in]ca_memCA cert.
[in]pub_memPublic key.
[in]priv_memPrivate key.
Returns
0 on success, -1 on error.

◆ openvas_server_sendf()

int openvas_server_sendf ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_server_sendf_quiet()

int openvas_server_sendf_quiet ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_server_sendf_xml()

int openvas_server_sendf_xml ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_server_sendf_xml_quiet()

int openvas_server_sendf_xml_quiet ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ openvas_server_verify()

int openvas_server_verify ( gnutls_session_t  session)

Verify certificate.

Parameters
[in]sessionPointer to GNUTLS session.
Returns
0 on success, 1 on failure, -1 on error.

◆ openvas_server_vsendf()

int openvas_server_vsendf ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ openvas_server_vsendf_quiet()

int openvas_server_vsendf_quiet ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap 
)

Send a string to the server, refraining from logging besides warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ set_gnutls_dhparams()

int set_gnutls_dhparams ( gnutls_certificate_credentials_t  creds,
const char *  dhparams_file 
)

Set a gnutls session's Diffie-Hellman parameters.

Parameters
[in]credsGnuTLS credentials.
[in]dhparams_filePath to PEM file containing the DH parameters.
Returns
0 on success, -1 on error.

◆ unload_gnutls_file()

void unload_gnutls_file ( gnutls_datum_t *  data)

Unloads a gnutls_datum_t struct's data.

Parameters
[in]dataPointer to gnutls_datum_t struct to be unloaded.

Variable Documentation

◆ address

struct sockaddr_in address

Server address.