Commit da38ea58 authored by Sophie Brun's avatar Sophie Brun

Imported Upstream version 1.3.0

parent a08005af
openvas-cli 1.3.0 (2014-04-10)
This is the 1.3.0 release of the OpenVAS Command Line Interface (CLI) for the
Open Vulnerability Assessment System release 7 (OpenVAS-7).
The mission of OpenVAS CLI Client is to allow creating batch processes for
OpenVAS Manager using the protocol OMP. The command line tool runs on various
Windows, MacOSX, GNU/Linux and other unixoid operating systems.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Andre Heinecke, Jan-Oliver Wagner and Michael Wiegand.
Main changes since 1.2.x:
* Support for building a statically linked version of the OMP client has been
added.
* Support for entering passwords on Microsoft Windows has been added.
* Support for Unicode passwords on Microsoft Windows has been added.
* The Nagios plugin has been improved and now supports features like automatic
false positive filtering, display of DFN CERT IDs and Nagios compatible
performance data.
* The openvas-libraries dependency has been raised to 7.0.0.
And additionally changes compared to last 1.3+beta2:
* Add support for Windows style help requests using "/?".
* Add --use-certs option to use OpenVAS client certificates for authentication.
openvas-cli 1.3+beta2 (2013-09-30)
This is the second beta release of the 1.3 version of the OpenVAS Command Line
Interface (CLI) for the Open Vulnerability Assessment System (OpenVAS).
OpenVAS CLI 1.3 is part of the upcoming OpenVAS-7 and supports OMP 2.0,
OMP 3.0, OMP 4.0 and compatible subsets of future versions.
This release adds support for building a statically linked version of the OMP
client and improves Microsoft Windows compatibility.
Many thanks to everyone who has contributed to this release:
Andre Heinecke, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 1.3.1+beta1:
* Support for building a statically linked version of the OMP client has been
added.
* Support for entering passwords on Microsoft Windows has been added.
* Support for Unicode passwords on Microsoft Windows has been added.
openvas-cli 1.3+beta1 (2013-07-02)
This is the first beta release of the 1.3 version of the OpenVAS Command Line
Interface (CLI) for the Open Vulnerability Assessment System (OpenVAS).
OpenVAS CLI 1.3 is part of the upcoming OpenVAS-7 and supports OMP 2.0,
OMP 3.0, OMP 4.0 and compatible subsets of future versions.
This release features an updated and improved Nagios Plugin.
Many thanks to everyone who has contributed to this release:
Michael Wiegand.
Main changes compared to 1.2.0:
* The Nagios plugin has been improved and now supports features like automatic
false positive filtering, display of DFN CERT IDs and Nagios compatible
performance data.
* The openvas-libraries dependency has been raised to 7.0.0.
openvas-cli 1.2.0 (2013-04-15) openvas-cli 1.2.0 (2013-04-15)
This is the 1.2.0 release of the OpenVAS Command Line Interface (CLI) for the This is the 1.2.0 release of the OpenVAS Command Line Interface (CLI) for the
......
...@@ -51,14 +51,14 @@ macro (Subversion_GET_REVISION dir variable) ...@@ -51,14 +51,14 @@ macro (Subversion_GET_REVISION dir variable)
endmacro (Subversion_GET_REVISION) endmacro (Subversion_GET_REVISION)
if (NOT CMAKE_BUILD_TYPE MATCHES "Release") if (NOT CMAKE_BUILD_TYPE MATCHES "Release")
if (EXISTS ".svn/") if (EXISTS "${CMAKE_SOURCE_DIR}/.svn/")
if (SVN_EXECUTABLE) if (SVN_EXECUTABLE)
Subversion_GET_REVISION(. ProjectRevision) Subversion_GET_REVISION(. ProjectRevision)
set (SVN_REVISION ".SVN.r${ProjectRevision}") set (SVN_REVISION ".SVN.r${ProjectRevision}")
else (SVN_EXECUTABLE) else (SVN_EXECUTABLE)
set (SVN_REVISION ".SVN") set (SVN_REVISION ".SVN")
endif (SVN_EXECUTABLE) endif (SVN_EXECUTABLE)
endif (EXISTS ".svn/") endif (EXISTS "${CMAKE_SOURCE_DIR}/.svn/")
endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
## CPack configuration ## CPack configuration
...@@ -75,7 +75,7 @@ set (CPACK_SOURCE_TOPLEVEL_TAG "") ...@@ -75,7 +75,7 @@ set (CPACK_SOURCE_TOPLEVEL_TAG "")
set (CPACK_SYSTEM_NAME "") set (CPACK_SYSTEM_NAME "")
set (CPACK_TOPLEVEL_TAG "") set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "1") set (CPACK_PACKAGE_VERSION_MAJOR "1")
set (CPACK_PACKAGE_VERSION_MINOR "2") set (CPACK_PACKAGE_VERSION_MINOR "3")
# Use this scheme for stable releases: # Use this scheme for stable releases:
set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}") set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}")
...@@ -154,7 +154,7 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") ...@@ -154,7 +154,7 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
## list and throw an error, otherwise long install-cmake-install-cmake cycles ## list and throw an error, otherwise long install-cmake-install-cmake cycles
## might occur. ## might occur.
pkg_check_modules (LIBOPENVAS REQUIRED libopenvas>=6.0.0) pkg_check_modules (LIBOPENVAS REQUIRED libopenvas>=7.0.0)
pkg_check_modules (GNUTLS REQUIRED gnutls>=2.8) pkg_check_modules (GNUTLS REQUIRED gnutls>=2.8)
pkg_check_modules (GLIB REQUIRED glib-2.0) pkg_check_modules (GLIB REQUIRED glib-2.0)
...@@ -165,7 +165,7 @@ execute_process (COMMAND pkg-config --libs glib-2.0 ...@@ -165,7 +165,7 @@ execute_process (COMMAND pkg-config --libs glib-2.0
OUTPUT_VARIABLE GLIB_LDFLAGS OUTPUT_VARIABLE GLIB_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE) OUTPUT_STRIP_TRAILING_WHITESPACE)
if (BUILD_STATIC_NAGIOS) if (BUILD_STATIC_NAGIOS OR BUILD_STATIC_OMP)
execute_process (COMMAND pkg-config --static --cflags gnutls execute_process (COMMAND pkg-config --static --cflags gnutls
OUTPUT_VARIABLE GNUTLS_CFLAGS OUTPUT_VARIABLE GNUTLS_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE) OUTPUT_STRIP_TRAILING_WHITESPACE)
...@@ -179,7 +179,7 @@ if (BUILD_STATIC_NAGIOS) ...@@ -179,7 +179,7 @@ if (BUILD_STATIC_NAGIOS)
execute_process (COMMAND pkg-config --static --libs libopenvas execute_process (COMMAND pkg-config --static --libs libopenvas
OUTPUT_VARIABLE OPENVAS_LDFLAGS OUTPUT_VARIABLE OPENVAS_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE) OUTPUT_STRIP_TRAILING_WHITESPACE)
else (BUILD_STATIC_NAGIOS) else (BUILD_STATIC_NAGIOS OR BUILD_STATIC_OMP)
execute_process (COMMAND pkg-config --cflags gnutls execute_process (COMMAND pkg-config --cflags gnutls
OUTPUT_VARIABLE GNUTLS_CFLAGS OUTPUT_VARIABLE GNUTLS_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE) OUTPUT_STRIP_TRAILING_WHITESPACE)
...@@ -193,7 +193,7 @@ else (BUILD_STATIC_NAGIOS) ...@@ -193,7 +193,7 @@ else (BUILD_STATIC_NAGIOS)
execute_process (COMMAND pkg-config --libs libopenvas execute_process (COMMAND pkg-config --libs libopenvas
OUTPUT_VARIABLE OPENVAS_LDFLAGS OUTPUT_VARIABLE OPENVAS_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE) OUTPUT_STRIP_TRAILING_WHITESPACE)
endif (BUILD_STATIC_NAGIOS) endif (BUILD_STATIC_NAGIOS OR BUILD_STATIC_OMP)
## Version ## Version
...@@ -207,7 +207,11 @@ configure_file (VERSION.in VERSION) ...@@ -207,7 +207,11 @@ configure_file (VERSION.in VERSION)
## Program ## Program
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") if (MINGW)
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2")
else (MINGW)
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
endif (MINGW)
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror") set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall") set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall")
......
2014-04-10 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Preparing the openvas-cli 1.3.0 release.
* CHANGES: Updated.
* CMakeLists.txt: Updated version to 1.3.0.
* INSTALL: Fixed typo.
* README: Update command line options.
2014-02-26 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c (main, filter_report): Spell "vulnerabilities"
correctly.
2014-02-26 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c (filter_report): Do not respond "OMP UNKNOWN"
upon not finding results as this may be legitimate, but note it in the
output.
2014-02-24 Hani Benhabiles <hani.benhabiles@greenbone.net>
* omp.omp.c (read_password): Fix always false boolean to integer
comparison.
2014-02-18 Hani Benhabiles <hani.benhabiles@greenbone.net>
Add --use-certs option to use OpenVAS client certificates for
authentication.
* omp/CMakeLists.txt: Add definitions for openvas client certificate
file paths.
* omp/omp.c (server_connection_t): Add use_certs element.
(manager_open): Call openvas_server_open_with_certs() if connection is
set to use certs. Adjust function accordingly.
(main): Add --use-certs options. Adjust function accordingly.
2014-02-14 Hani Benhabiles <hani.benhabiles@greenbone.net>
* nagios/check_omp.c (main): Remove useless initialization.
* omp/omp.c (manager_get_reports): Fix memory leak.
(main): Fix memory leak. Reduce variable scope.
2014-01-29 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* INSTALL: Reworked the section about Clang a bit.
2014-01-24 Michael Wiegand <michael.wiegand@greenbone.net>
* INSTALL: Describe static code analysis with the Clang Static
Analyzer.
2014-01-02 Michael Wiegand <michael.wiegand@greenbone.net>
* omp/omp.c (main): Add support for Windows style help requests
using "/?".
2013-10-25 Michael Wiegand <michael.wiegand@greenbone.net>
* CMakeLists.txt, omp/CMakeLists.txt: Adjust linker and compiler flags
when building for MINGW. Patch suggested by Andre Heinecke.
2013-10-03 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c (filter_report): Use unsigned integer for
comparisions with unsigned integer.
2013-10-03 Michael Wiegand <michael.wiegand@greenbone.net>
* doc/CMakeLists.txt: Do not abort if Doxygen is not present.
2013-09-30 Michael Wiegand <michael.wiegand@greenbone.net>
Post release version bump.
* CMakeLists.txt: Updated version to 1.3+beta3.
2013-09-30 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-cli 1.3+beta2 release.
* CHANGES: Updated.
2013-08-22 Andre Heinecke <andre.heinecke@greenbone.net>
Handle unicode in passwords on Windows
* omp/omp.c (read_password): Use unicode read function
and convert it to UTF-8.
2013-08-22 Andre Heinecke <andre.heinecke@greenbone.net>
Add windows implementation of read_password for omp
* omp/omp.c (read_password): Add a WinAPI implementation
of read_password as termios is not available on Windows.
2013-08-16 Michael Wiegand <michael.wiegand@greenbone.net>
Add support for building a static version of the OMP client.
* CMakeLists.txt: Retrieve flags for static linking if
BUILD_STATIC_OMP is set.
* nagios/CMakeLists.txt: Do static linking if BUILD_STATIC_OMP is set.
* INSTALL: Add instructions for building a static version of the OMP
client.
2013-08-14 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* INSTALL: Updated reference system from Debian 6 to 7.
2013-07-02 Michael Wiegand <michael.wiegand@greenbone.net>
Post release version bump.
* CMakeLists.txt: Updated version to 1.3+beta2.
2013-07-02 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-cli 1.3+beta1 release.
* CHANGES: Updated.
* CMakeLists.txt: Set version to 1.3+beta1. Switch version scheme.
Update openvas-libraries dependency to 7.0.0.
* INSTALL: Update dependencies.
2013-07-02 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c (filter_report): Improve handling of multiple
DFN-CERT ids per result.
2013-06-26 Michael Wiegand <michael.wiegand@greenbone.net>
* CMakeLists.txt: Make SVN revision in version string available again
for out-of-source build.
2013-06-19 Michael Wiegand <michael.wiegand@greenbone.net>
Add support for displaying DFN-CERT ids in output.
* nagios/check_omp.c (main): Enable "--dfn" option.
(filter_report): Collect and display DFN-CERT ids when requested.
2013-06-19 Michael Wiegand <michael.wiegand@greenbone.net>
Add support for including the timestamp of the scan end in the output
and for using the Automatic False Positive Filtering feature.
* nagios/check_omp.c (main): Add new options for displaying scan end
time and for autofp parameter.
(filter_report): Display scan end time when requested. Include autofp
parameter in request.
2013-05-29 Michael Wiegand <michael.wiegand@greenbone.net>
Do not display NVT messages of type "log" unless they are explicitly
requested.
* nagios/check_omp.c (main): Add new option for displaying log
messages.
(filter_report): Do not show log message count with vulnerability
code. Display log messages only when requested. Initialize variables
so compilers know they will not be used uninitialized.
2013-05-21 Michael Wiegand <michael.wiegand@greenbone.net>
Improve reporting of detected vulnerabilities.
* nagios/check_omp.c (respond_perf_data): New. Output for cases where
a pipe symbol is desired, i. e. performance data.
(filter_report): Add support for collecting and displaying the OID,
name and result text for each vulnerability. Improved counting, low
and log are now handled as well. Wording in output harmonized with
other modules. Add support for displaying a link to the report.
(cmd_status_impl): Merged duplicate code into filter_report ().
(main): Expose new options. Free GOptionContext when it is no longer
needed.
2013-04-29 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c (main): Print connection details only when
explicitly requested via "--details" switch.
2013-04-29 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c (cmd_status_impl): Repair variable name clash
introduced with last commit.
2013-04-29 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c (main, cmd_status_impl): Use "task" consistently
when referring to tasks.
2013-04-29 Michael Wiegand <michael.wiegand@greenbone.net>
* nagios/check_omp.c: Format according to coding style. Command was
'indent --no-tabs --ignore-newlines -l 80'.
2013-04-15 Michael Wiegand <michael.wiegand@greenbone.net>
Post release version bump.
* CMakeLists.txt: Updated version to 1.2.1.
2013-04-15 Michael Wiegand <michael.wiegand@greenbone.net> 2013-04-15 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-cli 1.2.0 release. Preparing the openvas-cli 1.2.0 release.
......
...@@ -2,7 +2,7 @@ INSTALLATION INSTRUCTIONS FOR OPENVAS-CLI ...@@ -2,7 +2,7 @@ INSTALLATION INSTRUCTIONS FOR OPENVAS-CLI
========================================= =========================================
Please note: The reference systems used by most of the developers is Debian Please note: The reference systems used by most of the developers is Debian
GNU/Linux 'Squeeze' 6.0. The build might fail on any other systems. GNU/Linux 'Wheezy' 7. The build might fail on any other systems.
Also it is necessary to install dependent development packages. Also it is necessary to install dependent development packages.
Prerequisites for openvas-cli Prerequisites for openvas-cli
...@@ -12,19 +12,21 @@ Prerequisites: ...@@ -12,19 +12,21 @@ Prerequisites:
* cmake * cmake
* glib-2.0 * glib-2.0
* gnutls (>= 2.8) * gnutls (>= 2.8)
* openvas-libraries (>= 6.0.0) * openvas-libraries (>= 7.0.0)
* pkg-config * pkg-config
Prerequisites for building documentation: Prerequisites for building documentation:
* Doxygen * Doxygen
* xmltoman (optional, for building man page) * xmltoman (optional, for building man page)
Prerequisites for static code analysis:
* clang
Compiling openvas-cli Compiling openvas-cli
--------------------- ---------------------
If you have installed required libraries to a non-standard location, remember to If you have installed required libraries to a non-standard location, remember to
set the PKG_CONFIG_PATH environment variable to the location of you pkg-config set the PKG_CONFIG_PATH environment variable to the location of your pkg-config
files before configuring: files before configuring:
$ export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/your/location/lib/pkgconfig $ export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/your/location/lib/pkgconfig
...@@ -54,6 +56,29 @@ Thereafter, the following commands are useful. ...@@ -54,6 +56,29 @@ Thereafter, the following commands are useful.
$ make rebuild_cache # rebuild the cmake cache $ make rebuild_cache # rebuild the cmake cache
Static code analysis with the Clang Static Analyzer
---------------------------------------------------
If you want to use the Clang Static Analyzer (http://clang-analyzer.llvm.org/)
to do a static code analysis, you can do so by adding the following parameter
when configuring the build:
-DCMAKE_C_COMPILER=/usr/share/clang/scan-build/ccc-analyzer
Note that the example above uses the default location of ccc-analyzer in Debian
GNU/Linux and may be different in other environments.
To have the analysis results aggregated into a set of HTML files, use the
following command:
$ scan-build make
The tool will provide a hint on how to launch a web browser with the results.
It is recommended to do this analysis in a separate, empty build directory and
to empty the build directory before "scan-build" call.
Compiling stand-alone Nagios plugin Compiling stand-alone Nagios plugin
----------------------------------- -----------------------------------
...@@ -65,3 +90,13 @@ with the "BUILD_STATIC_NAGIOS" option: ...@@ -65,3 +90,13 @@ with the "BUILD_STATIC_NAGIOS" option:
Then use the "make" and "make install" commands to build the binary. Then use the "make" and "make install" commands to build the binary.
Compiling stand-alone OMP command line client
---------------------------------------------
In order build a stand-alone (i.e. statically linked) version of the OMP command
line client omp in the "omp/" subdirectory, openvas-cli must be configured
with the "BUILD_STATIC_OMP" option:
$ cmake -DBUILD_STATIC_OMP=1 ..
Then use the "make" and "make install" commands to build the binary.
...@@ -26,33 +26,38 @@ Usage: ...@@ -26,33 +26,38 @@ Usage:
omp [OPTION...] - OpenVAS OMP Command Line Interface omp [OPTION...] - OpenVAS OMP Command Line Interface
Help Options: Help Options:
-?, --help Show help options -?, --help Show help options
Application Options: Application Options:
-h, --host=<host> Connect to manager on host <host> -h, --host=<host> Connect to manager on host <host>
-p, --port=<number> Use port number <number> -p, --port=<number> Use port number <number>
-V, --version Print version. -V, --version Print version.
-v, --verbose Verbose messages. -v, --verbose Verbose messages (WARNING: may reveal passwords).
-u, --username=<username> OMP username --use-certs Use client certificates to authenticate
-w, --password=<password> OMP password -u, --username=<username> OMP username
--configfile=<configfile> Configuration file for connection parameters. -w, --password=<password> OMP password
-P, --prompt Prompt to exit. --config-file=<config-file> Configuration file for connection parameters.
-n, --name=<name> Name for create-task. -P, --prompt Prompt to exit.
-C, --create-task Create a task. -O, --get-omp-version Print OMP version.
-m, --comment=<name> Comment for create-task. -n, --name=<name> Name for create-task.
-c, --config=<config> Config for create-task. -C, --create-task Create a task.
-r, --rc Create task with RC read from stdin. -m, --comment=<name> Comment for create-task.
-t, --target=<target> Target for create-task. -c, --config=<config> Config for create-task.
-E, --delete-report Delete one or more reports. -r, --rc Create task with RC read from stdin.
-D, --delete-task Delete one or more tasks. -t, --target=<target> Target for create-task.
-R, --get-report Get report of one task. -E, --delete-report Delete one or more reports.
-f, --format=<format> Format for get-report. -D, --delete-task Delete one or more tasks.
-G, --get-status Get status of one, many or all tasks. -R, --get-report Get report of one task.
-i, --pretty-print In combination with -X, pretty print the response. -F, --get-report-formats Get report formats. (OMP 2.0 only)
-S, --start-task Start one or more tasks. -f, --format=<format> Format for get-report.
-M, --modify-task Modify a task. -G, --get-tasks Get status of one, many or all tasks.
--file Add text in stdin as file on task. -g, --get-configs Get configs.
-X, --xml=<command> XML command (e.g. "<help/>", "<get_version/>") -T, --get-targets Get targets.
-i, --pretty-print In combination with -X, pretty print the response.
-S, --start-task Start one or more tasks.
-M, --modify-task Modify a task.
--file Add text in stdin as file on task.
-X, --xml=<command> XML command (e.g. "<help/>""). "-" to read from stdin.
Some commands return elements in base64 encoding. Some commands return elements in base64 encoding.
Here is an example how to extract such into a file: Here is an example how to extract such into a file:
......
...@@ -50,7 +50,7 @@ include (FindDoxygen) ...@@ -50,7 +50,7 @@ include (FindDoxygen)
## Emit warning if Doxygen not found. ## Emit warning if Doxygen not found.
## Otherwise, create doc and doc-full targets. ## Otherwise, create doc and doc-full targets.
if (NOT DOXYGEN_EXECUTABLE) if (NOT DOXYGEN_EXECUTABLE)
message (WARNING "Doxygen is required to build the HTML docs.") message (STATUS "Doxygen is required to build the HTML docs.")
else (NOT DOXYGEN_EXECUTABLE) else (NOT DOXYGEN_EXECUTABLE)
add_custom_target (doc COMMENT "Building documentation..." add_custom_target (doc COMMENT "Building documentation..."
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/.built-html ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile) DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/.built-html ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)
......
This diff is collapsed.
...@@ -39,6 +39,14 @@ if (OPENVAS_LOG_DIR) ...@@ -39,6 +39,14 @@ if (OPENVAS_LOG_DIR)
add_definitions (-DOPENVAS_LOG_DIR=\\\"${OPENVAS_LOG_DIR}\\\") add_definitions (-DOPENVAS_LOG_DIR=\\\"${OPENVAS_LOG_DIR}\\\")
endif (OPENVAS_LOG_DIR) endif (OPENVAS_LOG_DIR)
set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")
set (OPENVAS_CLIENT_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/clientcert.pem")
set (OPENVAS_CLIENT_KEY "${OPENVAS_STATE_DIR}/private/CA/clientkey.pem")
set (OPENVAS_CA_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/cacert.pem")
add_definitions (-DCACERT=\\\"${OPENVAS_CA_CERTIFICATE}\\\")
add_definitions (-DCLIENTCERT=\\\"${OPENVAS_CLIENT_CERTIFICATE}\\\")
add_definitions (-DCLIENTKEY=\\\"${OPENVAS_CLIENT_KEY}\\\")
if (MINGW) if (MINGW)
set (GLIB_LDFLAGS "-L${CROSS_ENV}/lib") set (GLIB_LDFLAGS "-L${CROSS_ENV}/lib")
set (OPENVAS_LDFLAGS "-L${CMAKE_INSTALL_PREFIX}/lib") set (OPENVAS_LDFLAGS "-L${CMAKE_INSTALL_PREFIX}/lib")
...@@ -53,12 +61,23 @@ if (MINGW) ...@@ -53,12 +61,23 @@ if (MINGW)
set_target_properties (omp PROPERTIES COMPILE_FLAGS set_target_properties (omp PROPERTIES COMPILE_FLAGS
"-I${CMAKE_INSTALL_PREFIX}/include ${GLIB_CFLAGS}") "-I${CMAKE_INSTALL_PREFIX}/include ${GLIB_CFLAGS}")
target_link_libraries (omp "${GLIB_LDFLAGS} ${OPENVAS_LDFLAGS} -lglib-2.0 -lgnutls -lws2_32 -lgcrypt -lintl -lgpg-error -liconv -lz -lole32 -lopenvas_omp -lopenvas_misc") target_link_libraries (omp "${GLIB_LDFLAGS} ${OPENVAS_LDFLAGS} -lopenvas_omp -lopenvas_misc -lglib-2.0 -lgthread-2.0 -lgnutls -ltasn1 -lkdewin -lws2_32 -lgcrypt -lintl -lgpg-error -liconv -lz -lole32 -lwinmm")
else (MINGW) else (MINGW)
set_target_properties (omp PROPERTIES COMPILE_FLAGS set_target_properties (omp PROPERTIES COMPILE_FLAGS
"${GNUTLS_CFLAGS} ${OPENVAS_CFLAGS} ${GLIB_CFLAGS}") "${GNUTLS_CFLAGS} ${OPENVAS_CFLAGS} ${GLIB_CFLAGS}")
target_link_libraries (omp "${GNUTLS_LDFLAGS} ${GLIB_LDFLAGS} ${OPENVAS_LDFLAGS}") if (BUILD_STATIC_OMP)
set(CMAKE_EXE_LINKER_FLAGS -static)
set(CMAKE_FIND_LIBRARY_SUFFIXES .a)
set(CMAKE_EXE_LINK_DYNAMIC_C_FLAGS)
set(CMAKE_SHARED_LIBRARY_C_FLAGS)
set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS)
set_property(GLOBAL PROPERTY TARGET_SUPPORTS_SHARED_LIBS FALSE)
target_link_libraries (omp "${OPENVAS_LDFLAGS} -lgpg-error -lgpgme")
else (BUILD_STATIC_OMP)
target_link_libraries (omp "${GNUTLS_LDFLAGS} ${GLIB_LDFLAGS} ${OPENVAS_LDFLAGS}")
endif (BUILD_STATIC_OMP)
endif (MINGW) endif (MINGW)
## Install ## Install
......
...@@ -55,7 +55,9 @@ ...@@ -55,7 +55,9 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#ifndef _WIN32
#include <termios.h> /* for tcsetattr */ #include <termios.h> /* for tcsetattr */
#endif
#include <unistd.h> /* for getpid */ #include <unistd.h> /* for getpid */
#include <openvas/misc/openvas_server.h> #include <openvas/misc/openvas_server.h>
...@@ -98,6 +100,7 @@ typedef struct ...@@ -98,6 +100,7 @@ typedef struct
gchar *host_string; ///< Server host string. gchar *host_string; ///< Server host string.
gchar *port_string; ///< Server port string. gchar *port_string; ///< Server port string.
gint port; ///< Port of server. gint port; ///< Port of server.
gboolean use_certs; ///< Use client certificates to authenticate.
} server_connection_t; } server_connection_t;
/** /**
...@@ -176,9 +179,14 @@ connection_from_file (const gchar * conf_file_path) ...@@ -176,9 +179,14 @@ connection_from_file (const gchar * conf_file_path)
static gboolean static gboolean
manager_open (server_connection_t * connection) manager_open (server_connection_t * connection)
{ {
connection->socket = if (connection->use_certs)
openvas_server_open (&connection->session, connection->host_string, connection->socket = openvas_server_open_with_cert
connection->port); (&connection->session, connection->host_string,
connection->port, CACERT, CLIENTCERT, CLIENTKEY);
else
connection->socket = openvas_server_open
(&connection->session, connection->host_string,
connection->port);
if (connection->socket == -1) if (connection->socket == -1)
{ {
...@@ -186,6 +194,9 @@ manager_open (server_connection_t * connection) ...@@ -186,6 +194,9 @@ manager_open (server_connection_t * connection)
exit (EXIT_FAILURE); exit (EXIT_FAILURE);
} }
if (connection->use_certs)
return TRUE;
if (omp_authenticate if (omp_authenticate
(&connection->session, connection->username, connection->password)) (&connection->session, connection->username, connection->password))
{ {
...@@ -701,6 +712,7 @@ manager_get_reports (server_connection_t * connection, gchar ** report_ids, ...@@ -701,6 +712,7 @@ manager_get_reports (server_connection_t * connection, gchar ** report_ids,
manager_close (connection); manager_close (connection);
return -1; return -1;
} }
g_free (report);
} }
return 0; return 0;
...@@ -787,6 +799,7 @@ manager_get_report_formats (server_connection_t * connection) ...@@ -787,6 +799,7 @@ manager_get_report_formats (server_connection_t * connection)
* @todo Move this function to openvas-libraries since openvas-administrator * @todo Move this function to openvas-libraries since openvas-administrator
* uses it as well. * uses it as well.
*/ */
#ifndef _WIN32
ssize_t ssize_t
read_password (char **lineptr, size_t *n, FILE *stream) read_password (char **lineptr, size_t *n, FILE *stream)
{ {
...@@ -809,6 +822,68 @@ read_password (char **lineptr, size_t *n, FILE *stream) ...@@ -809,6 +822,68 @@ read_password (char **lineptr, size_t *n, FILE *stream)
return nread; return nread;
} }
#else
ssize_t
read_password (char **lineptr, size_t *n, FILE *stream)
{
HANDLE hConsoleHandle;
DWORD nread;
(void) stream;
unsigned int bufSize = 512;
if (!lineptr || !n)
{
return -1;
}
bufSize = *n ? *n : bufSize;
hConsoleHandle = CreateFile ("CONIN$", GENERIC_READ | GENERIC_WRITE,
0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL,
NULL);
if (hConsoleHandle == INVALID_HANDLE_VALUE)
return -1;
if (!SetConsoleMode (hConsoleHandle, ENABLE_LINE_INPUT |
ENABLE_PROCESSED_INPUT))
return -1;
/* Read the password */
{
wchar_t wcsbuf[bufSize];
int n2;
ReadConsoleW (hConsoleHandle, &wcsbuf, bufSize - 2, &nread, NULL);
CloseHandle (hConsoleHandle);
if (nread <= 2)
return -1;
/* Remove CR/LF */
wcsbuf[nread - 2] = '\n';
wcsbuf[nread - 1] = '\0';
/* Convert to UTF-8 */
n2 = WideCharToMultiByte (CP_UTF8, 0, wcsbuf, nread - 1,
NULL, 0, NULL, NULL);
if (n2 < 0)
return -1;
*lineptr = g_malloc (n2 + 1);
nread = WideCharToMultiByte (CP_UTF8, 0, wcsbuf, nread - 1,
*lineptr, n2, NULL, NULL);
if (nread < 0)
{
g_free (*lineptr);
return -1;
}
}
return nread;