OpenVAS Libraries  9.0.3
nasl.h File Reference
#include <glib.h>
#include "../misc/arglists.h"
Include dependency graph for nasl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define NASL_EXEC_DESCR   (1 << 0)
 
#define NASL_EXEC_PARSE_ONLY   (1 << 1)
 
#define NASL_ALWAYS_SIGNED   (1 << 2)
 
#define NASL_COMMAND_LINE   (1 << 3)
 
#define NASL_LINT   (1 << 4)
 
#define NASL_ERR_NOERR   0
 
#define NASL_ERR_ETIMEDOUT   1
 
#define NASL_ERR_ECONNRESET   2
 
#define NASL_ERR_EUNREACH   3
 
#define NASL_ERR_EUNKNOWN   99
 

Functions

int nasl_verify_signature (const char *filename)
 
char * nasl_extract_signature_fprs (const char *filename)
 
GSList * nasl_get_all_certificates (void)
 
int add_nasl_inc_dir (const char *)
 Adds the given string as directory for searching for includes. More...
 
void nasl_clean_inc (void)
 
int exec_nasl_script (struct arglist *, const char *, const char *, int)
 Execute a NASL script. More...
 
int execute_preparsed_nasl_script (struct arglist *, char *, char *, int, int)
 
char * nasl_version (void)
 
pid_t nasl_server_start (char *, char *)
 
void nasl_server_recompile (char *, char *)
 

Macro Definition Documentation

◆ NASL_ALWAYS_SIGNED

#define NASL_ALWAYS_SIGNED   (1 << 2)

Definition at line 62 of file nasl.h.

Referenced by exec_nasl_script(), and main().

◆ NASL_COMMAND_LINE

#define NASL_COMMAND_LINE   (1 << 3)

Definition at line 63 of file nasl.h.

Referenced by exec_nasl_script(), and main().

◆ NASL_ERR_ECONNRESET

#define NASL_ERR_ECONNRESET   2

Definition at line 69 of file nasl.h.

Referenced by nasl_socket_get_error().

◆ NASL_ERR_ETIMEDOUT

#define NASL_ERR_ETIMEDOUT   1

Definition at line 68 of file nasl.h.

Referenced by nasl_socket_get_error().

◆ NASL_ERR_EUNKNOWN

#define NASL_ERR_EUNKNOWN   99

Definition at line 71 of file nasl.h.

◆ NASL_ERR_EUNREACH

#define NASL_ERR_EUNREACH   3

Definition at line 70 of file nasl.h.

Referenced by nasl_socket_get_error().

◆ NASL_ERR_NOERR

#define NASL_ERR_NOERR   0

Definition at line 67 of file nasl.h.

Referenced by nasl_socket_get_error().

◆ NASL_EXEC_DESCR

#define NASL_EXEC_DESCR   (1 << 0)

Definition at line 60 of file nasl.h.

Referenced by exec_nasl_script(), and main().

◆ NASL_EXEC_PARSE_ONLY

#define NASL_EXEC_PARSE_ONLY   (1 << 1)

Definition at line 61 of file nasl.h.

Referenced by exec_nasl_script(), and main().

◆ NASL_LINT

#define NASL_LINT   (1 << 4)

Definition at line 64 of file nasl.h.

Referenced by exec_nasl_script(), and main().

Function Documentation

◆ add_nasl_inc_dir()

int add_nasl_inc_dir ( const char *  dir)

Adds the given string as directory for searching for includes.

Parameters
dirA directory path. This function will add a copy of this parameter to the list of include folders. This means the parameter can be freed elsewhere without affecting the list.
Returns
0 in case of success. -1 if the stat on the given directory path was unsuccessful. -2 if the given directory path was not a directory.

Definition at line 2610 of file nasl_grammar.tab.c.

Referenced by main().

2611 {
2612  if (dir == NULL)
2613  {
2614  return 0;
2615  }
2616 
2617  // Allow initialization with empty element
2618  if (*dir == '\0')
2619  {
2620  inc_dirs = g_slist_append (inc_dirs, g_strdup((gchar *)dir));
2621  return 0;
2622  }
2623 
2624  struct stat stat_buf;
2625 
2626  if (stat (dir, &stat_buf) != 0)
2627  return -1;
2628 
2629  if (S_ISDIR(stat_buf.st_mode) != 0)
2630  {
2631  inc_dirs = g_slist_append (inc_dirs, g_strdup((gchar *)dir));
2632  return 0;
2633  }
2634  else
2635  return -2;
2636 }
Here is the caller graph for this function:

◆ exec_nasl_script()

int exec_nasl_script ( struct arglist script_infos,
const char *  name,
const char *  oid,
int  mode 
)

Execute a NASL script.

"mode" is a bit field: bit #0 (1) is "description" Bit #1 (2) is "parse only"

Parameters
script_infosThe plugin as arglist. Has to be allocated.
nameFilename.
modeBit field describing launch mode (description, parse always signed).
Returns
0 if the script was executed successfully, negative values if an error occurred.
Todo:
Initialization of the library seems intuitively be necessary only once (involves "linking" the nasl functions to c code). Consider a "prototype" context that has to be created only once and of which copies are made when needed.

Definition at line 1711 of file exec.c.

References add_named_var_to_ctxt(), naslctxt::always_authenticated, arg_add_value(), arg_get_value(), arg_set_value(), ARG_STRING, CONST_DATA, CONST_INT, deref_cell(), err, free_lex_ctxt(), get_func_ref_by_name(), TC::i_val, init_empty_lex_ctxt(), init_nasl_ctx(), init_nasl_library(), naslctxt::kb, naslctxt::line_nb, log_legacy_write(), name, NASL_ALWAYS_SIGNED, nasl_clean_ctx(), NASL_COMMAND_LINE, nasl_dump_tree(), nasl_exec(), NASL_EXEC_DESCR, NASL_EXEC_PARSE_ONLY, nasl_func_call(), NASL_LINT, nasl_lint(), nasl_perror(), nasl_set_filename(), nasl_trace_fp, naslparse(), nvticache_get_kb(), nvticache_initialized(), struct_lex_ctxt::oid, oid, plug_get_kb(), prefs_get(), struct_lex_ctxt::recv_timeout, struct_lex_ctxt::script_infos, TC::size, TC::str_val, naslctxt::tree, truc, TC::type, and TC::x.

1713 {
1714  naslctxt ctx;
1715  nasl_func *pf;
1716  int err = 0, to, process_id;
1717  tree_cell *ret;
1718  lex_ctxt *lexic;
1719  gchar *old_dir;
1720  gchar *newdir;
1721  char *old;
1722  tree_cell tc;
1723  const char *str;
1724 
1725  srand48 (getpid () + getppid () + (long) time (NULL));
1726 
1727  old_dir = g_get_current_dir ();
1728 
1729 #if NASL_DEBUG > 2
1730  nasl_trace_fp = stderr;
1731 #endif
1732  if ((old = arg_get_value (script_infos, "script_name")) == NULL)
1733  arg_add_value (script_infos, "script_name", ARG_STRING, g_strdup (name));
1734  else
1735  {
1736  g_free (old);
1737  arg_set_value (script_infos, "script_name", g_strdup (name));
1738  }
1739 
1740  newdir = g_path_get_dirname (name);
1741 
1742  if (g_chdir (newdir) != 0)
1743  {
1744  g_free (old_dir);
1745  g_free (newdir);
1746  return -1;
1747  }
1748  g_free (newdir);
1749 
1750  bzero (&ctx, sizeof (ctx));
1751  if (mode & NASL_ALWAYS_SIGNED)
1752  ctx.always_authenticated = 1;
1753  if (nvticache_initialized ())
1754  ctx.kb = nvticache_get_kb ();
1755  else
1756  ctx.kb = plug_get_kb (script_infos);
1757 
1758 
1759  if (init_nasl_ctx (&ctx, name) == 0)
1760  {
1761  if (naslparse (&ctx))
1762  {
1763  log_legacy_write ("\n%s: Parse error at or near line %d\n",
1764  name, ctx.line_nb);
1765  nasl_clean_ctx (&ctx);
1766  g_chdir (old_dir);
1767  g_free (old_dir);
1768  return -1;
1769  }
1770  }
1771  else
1772  {
1773  g_chdir (old_dir);
1774  g_free (old_dir);
1775  return -1;
1776  }
1777 
1778 #if NASL_DEBUG > 4
1779  nasl_dump_tree (ctx.tree);
1780 #endif
1781  lexic = init_empty_lex_ctxt ();
1782  lexic->script_infos = script_infos;
1783  lexic->oid = oid;
1785 
1786  str = prefs_get ("checks_read_timeout");
1787  if (str != NULL)
1788  to = atoi (str);
1789  else
1790  to = 5;
1791 
1792  if (to <= 0)
1793  to = 5;
1794 
1795  lexic->recv_timeout = to;
1796 
1801  init_nasl_library (lexic);
1802 
1803  process_id = getpid ();
1804  if (mode & NASL_LINT)
1805  {
1806  if (nasl_lint (lexic, ctx.tree) == NULL)
1807  err--;
1808  }
1809  else if (!(mode & NASL_EXEC_PARSE_ONLY))
1810  {
1811  char *p;
1812 
1813  bzero (&tc, sizeof (tc));
1814  tc.type = CONST_INT;
1815  tc.x.i_val = (mode & NASL_COMMAND_LINE) != 0;
1816  add_named_var_to_ctxt (lexic, "COMMAND_LINE", &tc);
1817 
1818  bzero (&tc, sizeof (tc));
1819  tc.type = CONST_INT;
1820  tc.x.i_val = (mode & NASL_EXEC_DESCR) != 0;
1821  add_named_var_to_ctxt (lexic, "description", &tc);
1822 
1823  tc.type = CONST_DATA;
1824  p = strrchr (name, '/');
1825  if (p == NULL)
1826  p = (char *) name;
1827  else
1828  p++;
1829  tc.x.str_val = p;
1830  tc.size = strlen (p);
1831  add_named_var_to_ctxt (lexic, "SCRIPT_NAME", &tc);
1832 
1833  truc = (lex_ctxt *) ctx.tree;
1834  if ((ret = nasl_exec (lexic, ctx.tree)) == NULL)
1835  err = -1;
1836  else
1837  deref_cell (ret);
1838 
1839  if ((pf = get_func_ref_by_name (lexic, "on_exit")) != NULL)
1840  nasl_func_call (lexic, pf, NULL);
1841  }
1842 
1843 #if NASL_DEBUG > 2
1844  {
1845  struct rusage ru;
1846 
1847  if (getrusage (RUSAGE_SELF, &ru) < 0)
1848  perror ("getrusage");
1849  else
1850  {
1851  nasl_perror (lexic,
1852  "rusage: utime=%d.%03d stime=%d.%03d minflt=%d majflt=%d nswap=%d\n",
1853  ru.ru_utime.tv_sec, ru.ru_utime.tv_usec / 1000,
1854  ru.ru_stime.tv_sec, ru.ru_stime.tv_usec / 1000,
1855  ru.ru_minflt, ru.ru_majflt, ru.ru_nswap);
1856  }
1857  }
1858 #endif
1859 
1860 #if NASL_DEBUG > 3
1861  nasl_dump_tree (ctx.tree);
1862 #endif
1863 
1864  if (g_chdir (old_dir) != 0)
1865  {
1866  g_free (old_dir);
1867  return -1;
1868  }
1869  g_free (old_dir);
1870 
1871  nasl_clean_ctx (&ctx);
1872  free_lex_ctxt (lexic);
1873  if (process_id != getpid ())
1874  exit (0);
1875 
1876  return err;
1877 }
FILE * nasl_trace_fp
Definition: exec.c:386
#define err(x)
int arg_set_value(struct arglist *arglst, const char *name, void *value)
Definition: arglists.c:225
#define NASL_EXEC_PARSE_ONLY
Definition: nasl.h:61
void nasl_clean_ctx(naslctxt *)
short type
Definition: nasl_tree.h:107
tree_cell * tree
char * str_val
Definition: nasl_tree.h:113
const char * oid
void nasl_dump_tree(const tree_cell *c)
Definition: nasl_tree.c:439
void deref_cell(tree_cell *c)
Definition: nasl_tree.c:202
int always_authenticated
void nasl_set_filename(const char *filename)
Definition: nasl_debug.c:71
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
int init_nasl_ctx(naslctxt *, const char *)
Initialize a NASL context for a NASL file.
const gchar * prefs_get(const gchar *key)
Get a string preference value via a key.
Definition: prefs.c:86
union TC::@7 x
tree_cell * nasl_lint(lex_ctxt *, tree_cell *)
Definition: lint.c:36
void free_lex_ctxt(lex_ctxt *c)
Definition: nasl_lex_ctxt.c:46
kb_t plug_get_kb(struct arglist *args)
Definition: plugutils.c:710
#define NASL_COMMAND_LINE
Definition: nasl.h:63
lex_ctxt * init_empty_lex_ctxt()
Definition: nasl_lex_ctxt.c:29
void arg_add_value(struct arglist *arglst, const char *name, int type, void *value)
Definition: arglists.c:170
named_nasl_var * add_named_var_to_ctxt(lex_ctxt *, const char *, tree_cell *)
Definition: nasl_var.c:908
Definition: nasl_tree.h:105
#define NASL_EXEC_DESCR
Definition: nasl.h:60
const char * name
Definition: nasl_init.c:524
int nvticache_initialized(void)
Return whether the nvt cache is initialized.
Definition: nvticache.c:60
lex_ctxt * truc
Definition: exec.c:388
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:94
kb_t nvticache_get_kb(void)
Return the nvticache kb.
Definition: nvticache.c:97
#define NASL_LINT
Definition: nasl.h:64
#define NASL_ALWAYS_SIGNED
Definition: nasl.h:62
int init_nasl_library(lex_ctxt *lexic)
Adds "built-in" variable and function definitions to a context.
Definition: nasl_init.c:651
tree_cell * nasl_func_call(lex_ctxt *lexic, const nasl_func *f, tree_cell *arg_list)
Definition: nasl_func.c:147
int naslparse(naslctxt *)
long int i_val
Definition: nasl_tree.h:114
#define ARG_STRING
Definition: arglists.h:38
const char * oid
Definition: nasl_lex_ctxt.h:40
struct arglist * script_infos
Definition: nasl_lex_ctxt.h:39
void * arg_get_value(struct arglist *args, const char *name)
Definition: arglists.c:252
nasl_func * get_func_ref_by_name(lex_ctxt *ctxt, const char *name)
Definition: nasl_func.c:126
tree_cell * nasl_exec(lex_ctxt *lexic, tree_cell *st)
Execute a parse tree.
Definition: exec.c:800
int size
Definition: nasl_tree.h:110
Here is the call graph for this function:

◆ execute_preparsed_nasl_script()

int execute_preparsed_nasl_script ( struct arglist ,
char *  ,
char *  ,
int  ,
int   
)

◆ nasl_clean_inc()

void nasl_clean_inc ( void  )

Definition at line 2890 of file nasl_grammar.tab.c.

References includes_hash.

2891 {
2892  if (!includes_hash)
2893  return;
2894  g_hash_table_destroy (includes_hash);
2895  includes_hash = NULL;
2896 }
GHashTable * includes_hash

◆ nasl_extract_signature_fprs()

char* nasl_extract_signature_fprs ( const char *  filename)

◆ nasl_get_all_certificates()

GSList* nasl_get_all_certificates ( void  )

◆ nasl_server_recompile()

void nasl_server_recompile ( char *  ,
char *   
)

◆ nasl_server_start()

pid_t nasl_server_start ( char *  ,
char *   
)

◆ nasl_verify_signature()

int nasl_verify_signature ( const char *  filename)

Checks the detached OpenPGP signature of the file given by FILENAME. The name of the signature file is derived from FILENAME by appending ".asc".

If a signature file exists and it contains at least one fully valid signature, the function returns 0. If all of the signatures are not valid or were made by an unknown or untrusted key, the function returns 1. If an error occurs or the file does not have a corresponding detached signature the function returns -1.

Parameters
filenameFilename (e.g. 1.txt) for which to check signature (e.g. 1.txt.asc).
Returns
Zero, if files exists and at least one signature is fully trusted. 1 if all signatures are invalid or untrusted key. -1 on missing file or error.

Definition at line 118 of file nasl_signature.c.

119 {
120  int retcode = -1, sig_count = 0;
121  char *sigfilename = NULL;
122  gsize siglen = 0, flen = 0;
123  gchar * scontent = NULL;
124  gchar * offset = NULL;
125  gchar * endpos = NULL;
126  gchar * fcontent = NULL;
127  gboolean success;
128  gpgme_error_t err;
129  gpgme_ctx_t ctx = openvas_init_gpgme_sysconf_ctx ();
130  gpgme_data_t sig = NULL, text = NULL;
131 
132  if (ctx == NULL)
133  {
134  nasl_trace (NULL, "gpgme context could not be initialized.\n");
135  goto fail;
136  }
137 
138  /* Scriptfile is buffered. */
139  nasl_trace (NULL, "nasl_verify_signature: loading scriptfile '%s'\n",
140  filename);
141  if (!g_file_get_contents (filename, &fcontent, &flen, NULL))
142  goto fail;
143 
144  /* Signatures file is buffered. */
145  sigfilename = g_malloc0 (strlen (filename) + 4 + 1);
146  strcpy (sigfilename, filename);
147  strcat (sigfilename, ".asc");
148  nasl_trace (NULL, "nasl_verify_signature: loading signature file '%s'\n",
149  sigfilename);
150  success = g_file_get_contents (sigfilename, &scontent, NULL, NULL);
151  /* If the signature file doesn't exist, fail without an error message
152  * because an unsigned file is a very common and expected
153  * condition */
154  if (!success)
155  goto fail;
156 
157 /* Start to parse the signature file to find signatures. */
158  offset = g_strstr_len (scontent, strlen(scontent), "-----B");
159  if (!offset)
160  {
161  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
162  sigfilename);
163  goto fail;
164  }
165  endpos = g_strstr_len (offset,-1, "-----E");
166  if (endpos)
167  siglen = strlen(offset) - strlen(endpos) + 17 ;
168  else
169  {
170  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
171  sigfilename);
172  goto fail;
173  }
174 
175  do
176  {
177  sig_count++;
178 
179  /* Load file in memory. */
180  err = gpgme_data_new_from_mem (&text, fcontent, flen, 1);
181  if (err)
182  {
183  print_gpgme_error ("gpgme_data_new_from_file", err);
184  goto fail;
185  }
186 
187  /* Load a founded signature in memory. */
188  err = gpgme_data_new_from_mem (&sig, offset, siglen, 1);
189  if (err)
190  nasl_trace (NULL, "nasl_verify_signature: %s: %s\n",
191  sigfilename, gpgme_strerror (err));
192 
193  /* Verify the signature. */
194  err = gpgme_op_verify (ctx, sig, text, NULL);
195  nasl_trace (NULL, "nasl_verify_signature: gpgme_op_verify "
196  "-> '%d'\n", err);
197  if (err)
198  print_gpgme_error ("gpgme_op_verify", err);
199  else
200  {
201  if (examine_signatures (gpgme_op_verify_result (ctx), sig_count))
202  {
203  retcode = 0;
204  goto fail;
205  }
206  else
207  retcode = 1;
208  }
209 
210  /* Search a new signature. */
211  offset = g_strstr_len (offset + 1, strlen(offset), "-----B");
212  if (offset)
213  {
214  if ( (endpos = g_strstr_len (offset, strlen (offset), "-----E")) )
215  siglen = (strlen(offset) - strlen(endpos) + 17);
216  else
217  {
218  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
219  sigfilename);
220  goto fail;
221  }
222  }
223 
224  gpgme_data_release (sig);
225  sig = NULL;
226  gpgme_data_release (text);
227  text = NULL;
228 
229  } while (offset);
230 
231  fail:
232  g_free (scontent);
233  g_free (fcontent);
234  if (sig)
235  gpgme_data_release (sig);
236  if (text)
237  gpgme_data_release (text);
238  if (ctx != NULL)
239  gpgme_release (ctx);
240  g_free (sigfilename);
241 
242  return retcode;
243 }
#define err(x)
gpgme_ctx_t openvas_init_gpgme_sysconf_ctx(void)
Returns a new gpgme context using the sycconf directory.
Definition: gpgme_util.c:277
void nasl_trace(lex_ctxt *lexic, char *msg,...)
Prints debug message in printf fashion to nasl_trace_fp if it exists.
Definition: nasl_debug.c:165

◆ nasl_version()

char* nasl_version ( void  )

Definition at line 724 of file nasl_init.c.

725 {
726  static char vers[sizeof (OPENVASLIB_VERSION) + 1];
727  strncpy (vers, OPENVASLIB_VERSION, sizeof (vers) - 1);
728  vers[sizeof (vers) - 1] = '\0';
729  return vers;
730 }