Commit 068737f7 authored by Lock Lin's avatar Lock Lin

Import Upstream version 3.0.2

parents
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
.root-dir
ChangeLog
CHANGES
cnvts/find_service/find_service.c
cnvts/find_service/Makefile
cnvts/install_plug
cnvts/make_world
cnvts/openvas_tcp_scanner/Makefile
cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c
cnvts/ssl_ciphers/Makefile
cnvts/ssl_ciphers/ssl_ciphers.c
cnvts/synscan/openvasicmp.h
cnvts/synscan/openvasip.h
cnvts/synscan/openvasraw.h
cnvts/synscan/openvastcp.h
cnvts/synscan/openvasudp.h
cnvts/synscan/Makefile
cnvts/synscan/synscan.c
config.guess
config.sub
configure
configure.in
COPYING
doc/Doxyfile
doc/Doxyfile_full
doc/HTTP_authentication.txt
doc/kb_entries.txt
doc/nbe_file_format.txt
doc/nsr_file_format.txt
doc/openvas-adduser.8
doc/openvassd.8.in
doc/openvas-mkcert.8
doc/openvas-mkcert-client.1
doc/openvas-mkrand.1
doc/openvas-nvt-sync.8
doc/openvas-rmuser.8
doc/session_saving.txt
doc/TODO.txt
include/config.h
include/config.h.in
include/corevers.h
include/corevers.h.in
include/includes.h
include/threadcompat.h
install-sh
ltmain.sh
Makefile
MANIFEST
openvas-services
openvassd/attack.c
openvassd/attack.h
openvassd/auth.c
openvassd/auth.h
openvassd/comm.c
openvassd/comm.h
openvassd/hosts.c
openvassd/hosts.h
openvassd/locks.c
openvassd/locks.h
openvassd/log.c
openvassd/log.h
openvassd/Makefile
openvassd/nasl_plugins.c
openvassd/nes_plugins.c
openvassd/ntp_11.c
openvassd/ntp_11.h
openvassd/openvassd.c
openvassd/otp_1_0.c
openvassd/otp_1_0.h
openvassd/oval_plugins.c
openvassd/parser.c
openvassd/parser.h
openvassd/piic.c
openvassd/piic.h
openvassd/pluginlaunch.c
openvassd/pluginlaunch.h
openvassd/pluginload.c
openvassd/pluginload.h
openvassd/pluginscheduler.c
openvassd/pluginscheduler.h
openvassd/plugs_hash.c
openvassd/plugs_hash.h
openvassd/plugs_req.c
openvassd/plugs_req.h
openvassd/preferences.c
openvassd/preferences.h
openvassd/processes.c
openvassd/processes.h
openvassd/rules.c
openvassd/rules.h
openvassd/save_kb.c
openvassd/save_kb.h
openvassd/save_tests.c
openvassd/save_tests.h
openvassd/shared_socket.c
openvassd/shared_socket.h
openvassd/sighand.c
openvassd/sighand.h
openvassd/users.c
openvassd/users.h
openvassd/utils.c
openvassd/utils.h
openvas.tmpl.in
po/Makefile
po/openvas-scripts-de.po
po/README
README
ssl/Makefile
ssl/openvas-mkrand.c
tools/greenbone-nvt-sync
tools/openvas-adduser.in
tools/openvas-mkcert.in
tools/openvas-mkcert-client.in
tools/openvas-nvt-sync.in
tools/openvas-rmuser.in
tools/README
VERSION
# OpenVAS
# $Id: Makefile 7028 2010-03-22 02:25:03Z jfs $
# Description: the OpenVAS Makefile.
#
# Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
# - Tim Brown <mailto:timb@openvas.org> (Initial fork)
# - Laban Mwangi <mailto:labanm@openvas.org> (Renaming work)
# - Tarik El-Yassem <mailto:tarik@openvas.org> (Headers section)
#
# Copyright:
# Portions Copyright (C) 2006 Software in the Public Interest, Inc.
# Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include openvas.tmpl
ALLDEPS = openvas.tmpl
all: $(ALLDEPS) scanner sslstuff man mknvts
openvas.tmpl: openvas.tmpl.in configure VERSION
$(SHELL) configure $(CONFIGURE_ARGS)
touch $@
install: all install-bin install-man install-nvts
@echo
@echo ' --------------------------------------------------------------'
@echo ' openvas-scanner has been sucessfully installed. '
@echo " Make sure that $(bindir) and $(sbindir) are in your PATH before"
@echo " you continue."
@echo " openvassd has been installed into $(sbindir)"
@echo ' --------------------------------------------------------------'
@echo
install-bin:
@test -d $(DESTDIR)${bindir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${bindir}
@test -d $(DESTDIR)${sbindir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${sbindir}
@test -d $(DESTDIR)${sysconfdir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${sysconfdir}
@test -d $(DESTDIR)${sysconfdir}/openvas || $(INSTALL_DIR) -m 755 $(DESTDIR)${sysconfdir}/openvas
@test -d $(DESTDIR)${sysconfdir}/openvas/gnupg || $(INSTALL_DIR) -m 700 $(DESTDIR)${sysconfdir}/openvas/gnupg
@test -d $(DESTDIR)${localstatedir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}
@test -d $(DESTDIR)${OPENVASSD_STATEDIR} || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_STATEDIR}
@test -d $(DESTDIR)${OPENVASSD_STATEDIR}/users || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_STATEDIR}/users
@test -d $(DESTDIR)${OPENVASSD_STATEDIR}/logs || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_STATEDIR}/logs
@test -d $(DESTDIR)${OPENVASSD_STATEDIR}/tmp || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_STATEDIR}/tmp
@test -d $(DESTDIR)${OPENVASSD_STATEDIR}/jobs || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_STATEDIR}/jobs
@test -d $(DESTDIR)${OPENVASSD_STATEDIR}/CA || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_STATEDIR}/CA
@test -d $(DESTDIR)${OPENVASSD_STATEDIR}/private || $(INSTALL_DIR) -m 700 $(DESTDIR)${OPENVASSD_STATEDIR}/private
@test -d $(DESTDIR)${OPENVASSD_STATEDIR}/private/CA || $(INSTALL_DIR) -m 700 $(DESTDIR)${OPENVASSD_STATEDIR}/private/CA
@test -d $(DESTDIR)${OPENVASSD_LOGDIR} || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_LOGDIR}
@test -d $(DESTDIR)${localstatedir}/run || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/run
@test -d $(DESTDIR)${includedir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${includedir}
@test -d $(DESTDIR)${includedir}/openvas || $(INSTALL_DIR) -m 755 $(DESTDIR)${includedir}/openvas
@test -d $(DESTDIR)${OPENVASSD_CACHE} || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASSD_CACHE}
$(INSTALL) -m 755 tools/openvas-nvt-sync $(DESTDIR)${sbindir}
$(INSTALL) -m 755 tools/greenbone-nvt-sync $(DESTDIR)${sbindir}
$(INSTALL) -m 755 tools/openvas-mkcert-client $(DESTDIR)${bindir}/openvas-mkcert-client
$(INSTALL) -m 755 ssl/openvas-mkrand $(DESTDIR)${bindir}/openvas-mkrand
$(INSTALL) -m $(SERVERMODE) openvassd/openvassd $(DESTDIR)${sbindir}/openvassd
$(INSTALL) -m 755 tools/openvas-adduser $(DESTDIR)${sbindir}/openvas-adduser
$(INSTALL) -m 755 tools/openvas-rmuser $(DESTDIR)${sbindir}/openvas-rmuser
$(INSTALL) -m 755 tools/openvas-mkcert $(DESTDIR)${sbindir}/openvas-mkcert
$(INSTALL) -c -m 0444 openvas-services $(DESTDIR)${OPENVASSD_STATEDIR}/openvas-services
install-man:
@echo installing man pages ...
@test -d $(DESTDIR)${mandir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${mandir}
@test -d $(DESTDIR)${mandir}/man1 || $(INSTALL_DIR) -m 755 $(DESTDIR)${mandir}/man1
@test -d $(DESTDIR)${mandir}/man8 || $(INSTALL_DIR) -m 755 $(DESTDIR)${mandir}/man8
$(INSTALL) -c -m 0444 doc/openvas-mkrand.1 $(DESTDIR)${mandir}/man1/openvas-mkrand.1
$(INSTALL) -c -m 0444 doc/openvassd.8 $(DESTDIR)${mandir}/man8/openvassd.8
$(INSTALL) -c -m 0444 doc/openvas-nvt-sync.8 $(DESTDIR)${mandir}/man8/openvas-nvt-sync.8
$(INSTALL) -c -m 0444 doc/openvas-adduser.8 $(DESTDIR)${mandir}/man8/openvas-adduser.8
$(INSTALL) -c -m 0444 doc/openvas-rmuser.8 $(DESTDIR)${mandir}/man8/openvas-rmuser.8
$(INSTALL) -c -m 0444 doc/openvas-mkcert.8 $(DESTDIR)${mandir}/man8/openvas-mkcert.8
$(INSTALL) -c -m 0444 doc/openvas-mkcert-client.1 $(DESTDIR)${mandir}/man1/openvas-mkcert-client.1
install-nvts:
test -d $(DESTDIR)${libdir}/openvas || $(INSTALL_DIR) -m 755 \
$(DESTDIR)${libdir}/openvas
test -d $(DESTDIR)${libdir}/openvas/plugins || $(INSTALL_DIR) -m 755 \
$(DESTDIR)${libdir}/openvas/plugins
for plugins in bin/*.nes; do \
$(INSTALL) -m 555 $$plugins \
$(DESTDIR)${libdir}/openvas/plugins; \
done
scanner :
cd openvassd && $(MAKE)
sslstuff :
cd ssl && $(MAKE)
mknvts:
cd cnvts && ./make_world
man : $(MAN_OPENVASSD_8)
$(MAN_OPENVASSD_8) : $(MAN_OPENVASSD_8).in
@sed -e 's?@OPENVASSD_CONFDIR@?${OPENVASSD_CONFDIR}?g;s?@OPENVASSD_DATADIR@?${OPENVASSD_DATADIR}?g;s?@OPENVASSD_PLUGINS@?${OPENVASSD_PLUGINS}?g;' $(MAN_OPENVASSD_8).in >$(MAN_OPENVASSD_8)
clean:
cd openvassd && $(MAKE) clean
cd ssl && $(MAKE) clean
cd cnvts && ./make_world clean
-rm -f bin/*.nes
distclean: clean
[ -z "${rootdir}" ] || rm -f ${rootdir}/include/config.h ${rootdir}/include/corevers.h
rm -f openvas.tmpl doc/openvas.1.cat doc/openvassd.8.cat
[ -z "${make_bindir}" ] || rm -f $(make_bindir)/openvas*
rm -f config.cache config.status config.log
rm -f tools/openvas-nvt-sync
rm -f tools/openvas-adduser
rm -f tools/openvas-rmuser
rm -f tools/openvas-mkcert
rm -f tools/openvas-mkcert-client
[ -z "${MAN_OPENVASSD_8}" ] || rm -f ${MAN_OPENVASSD_8}
dist:
version="`cat VERSION`"; \
rm -rf openvas-scanner-$${version}* ; \
mkdir openvas-scanner-$${version} ; \
tar cf openvas-scanner-$${version}/x.tar `cat MANIFEST`; \
( cd openvas-scanner-$${version} ; tar xf x.tar ; rm -f x.tar ) ; \
tar cf openvas-scanner-$${version}.tar openvas-scanner-$${version} ; \
gzip -9 openvas-scanner-$${version}.tar
distcheck:
find . -type f | sed -e 's/^.\///' -e '/~$$/d' -e '/CVS/d' \
-e '/\.o$$/d' -e '/^openvas.tmpl$$/d' \
-e '/^openvassd\/OBJ\/openvassd$$/d' \
-e '/^bin\/openvassd$$/d' \
-e '/^config\.cache$$/d' \
-e '/^config\.log$$/d' \
-e '/^config\.status$$/d' \
-e '/^include\/config\.h$$/d' \
| sort | diff -cb - MANIFEST
# Generates basic code documentation (placed in doc/generated)
doc :
doxygen doc/Doxyfile
# Generates more extensive code documentation with graphs
# (placed in doc/generated) and builts doc/generated/latex/refman.pdf
doc-full:
doxygen doc/Doxyfile_full
if [ -d doc/generated/latex ]; then make -C doc/generated/latex; fi
.PHONY: doc
openvas-scanner
===============
This is the scanner module for the Open Vulnerability Assessment System
(OpenVAS).
For more information, please refer to the OpenVAS website available at
http://www.openvas.org/.
Please see the file COPYING for the license information.
Please refer to the instructions provided below if you want to install
openvas-scanner. If you are not familiar or comfortable with the procedure
described below, we recommend that you use a binary package provided by your
distribution. Information regarding available binary packages is available from
the OpenVAS website.
Note that you will need the openvas-libraries and openvas-libnasl modules to
compile openvas-scanner. Further information about these modules is available
from the OpenVAS website as well.
If you have any question or suggestions, please feel free to use the mailing
list and the IRC chat to contact the OpenVAS developers.
Please use the OpenVAS bug tracker located at http://bugs.openvas.org/ to report
bugs.
Compiling openvas-scanner
-------------------------
Before compiling openvas-scanner make sure that you installed openvas-libraries.
Run
$ ./configure
to set up the compilation environment.
During configuration, error messages may show up if openvas-libraries,
openvas-libnasl or other libraries and applications needed to compile
openvas-scanner are not present on your system or do not meet the version
requirements.
In this case, resolve the issues reported and run configure again.
If you want to install openvas-scanner into a different hierarchy, you may
want to use the prefix option during configuration:
$ ./configure --prefix=/opt/openvas
More information about the configuration options is available through the help
option:
$ ./configure --help
Once you have configured openvas-scanner successfully, you can start the
compilation by executing the following command:
$ make
To install openvas-scanner, you can use the following command:
$ make install
Please note that you may have to execute this command as root, especially if you
have specified a prefix for which your user does not have full permissions.
Setting up openvas-scanner
--------------------------
NOTE: This is only a very concise guide to setting up an openvas-scanner. Please
refer to the OpenVAS compendium available at http://www.openvas.org/compendium/
for more detailed information.
Setting up an openvas-scanner requires the following steps:
1) The scanner and the client module of OpenVAS communicate through an SSL
connection. In order to establish this connection, the scanner needs to have
an SSL certificate it can present to the client to prove its identity. You
can interactively create this certificate by using the following command:
$ openvas-mkcert
This command will guide you through the certificate creation and place the
certificates in the correct locations on your system.
2) You need to create at least one user on the openvas-scanner to be able to
login with openvas-client. This can be done through the following command:
$ openvas-adduser
The command will guide you through the user creation and allow you to specify
a name and authentication method for the user and to define rules restricting
the usagen of the scanner by this user. For more details on rules please
refer to the OpenVAS compendium available through the OpenVAS website.
3) You can launch openvas-scanner using the following command:
$ openvassd
Please note that although you can start openvassd as a user without elevated
privileges, it is recommended that you start openvassd as root since a number
of Network Vulnerability Tests (NVTs) require root privileges to perform
certain operations like packet forgery. If you run openvassd as a user
without permission to perform these operations, your scan results are very
likely to be incomplete.
4) Once the scanner has started, you can use the OpenVAS-Client to connect to
your scanner using the username and credentials you specified in step 2.
Please refer to the documentation for the openvas-client module for more
information.
NVTs are available through the openvas-plugins module and through NVT feeds.
Since the update cycle for the openvas-plugins module is quite long, it will
only offer a base coverage and may not detect recently discovered
vulnerabilities. NVT feeds are usually updated a few times per week and offer a
more up-to-date coverage.
Please visit the OpenVAS website for more information on available NVT feeds and
instructions for integrating feeds into your scanner installation.
If you encounter problems, the files /var/log/openvas/openvassd.messages and
/var/log/openvas/openvassd.dump may contain useful information. (The exact
location of these files may differ depending on your distribution and
installation method.) Please have these files ready when contacting the OpenVAS
developers through the OpenVAS mailing list or the online chat or submitting bug
reports at http://bugs.openvas.org/ as they may help to pinpoint the source of
your issue.
include ../../openvas.tmpl
OPENVAS_INCLUDE=$(include) $(GLIB_CFLAGS) $(OPENVAS_CFLAGS)
PLUGNAME=find_service
all : $(PLUGNAME).nes
$(PLUGNAME).nes : $(PLUGNAME).c
$(LIBTOOL) --mode=compile --tag CC $(CC) $(OPENVAS_INCLUDE) -c $(PLUGNAME).c
$(LIBTOOL) --mode=link --tag CC $(CC) $(OPENVAS_INCLUDE) $(LDFLAGS) -o lib$(PLUGNAME).la $(PLUGNAME).lo $(LIBS) $(GLIB_LIBS) \
-rpath $(rootdir)/bin/plugins
../install_plug $(PLUGNAME) $(rootdir)
clean :
@rm -fr *.lo *.nes *.la .libs
@rm -fr *.o
This diff is collapsed.
#!/bin/sh
#
# Some systems have their librairies named <name>.so.0.0.0 and
# <name>.so.0 and some other systems have their librairies called
# <name>.so.0.0. We just pick the right one...
#
if [ -f .libs/lib$1.so.0 ];then
test -d $2/bin/ || mkdir $2/bin/
cp .libs/lib$1.so.0 $2/bin/$1.nes
cp .libs/lib$1.so.0 $1.nes
else
if [ -f .libs/lib$1.so.0.0 ];then
test -d $2/bin|| mkdir $2/bin
cp .libs/lib$1.so.0.0 $2/bin/$1.nes
cp .libs/lib$1.so.0.0 $1.nes
else
if [ -f .libs/lib$1.so.1.0 ];then
test -d $2/bin|| mkdir $2/bin
cp .libs/lib$1.so.1.0 $2/bin/$1.nes
cp .libs/lib$1.so.1.0 $1.nes
else if [ -f .libs/lib$1.sl.0.0 ]; then # HP/UX
test -d $2/bin|| mkdir $2/bin
cp .libs/lib$1.sl.0.0 $2/bin/$1.nes
cp .libs/lib$1.sl.0.0 $1.nes
else
if [ -f .libs/$1.so.0.0.0 ];then # Digital UNIX
test -d $2/bin || mkdir $2/bin
cp .libs/$1.so.0.0.0 $2/bin/$1.nes
cp .libs/lib$1.so.0.0.0 $1.nes
else
if [ -f .libs/lib$1.0.0.0.dylib ]; then # Darwin
test -d $2/bin || mkdir $2/bin
cp .libs/lib$1.0.0.0.dylib $2/bin/$1.nes
cp .libs/lib$1.0.0.0.dylib $1.nes
fi
fi
fi
fi
fi
fi
#!/bin/sh
BADPLUGINS=""
os=`uname`
case "$os" in
Darwin)
MAKEFLAG="-f Makefile.darwin"
;;
*)
MAKEFLAG=""
;;
esac
for i in *;
do if [ -d $i -a $i != CVS ]; then
if [ "$i" != "3com_hub" ] ;
then
cd $i
${MAKE:-make} $MAKEFLAG $1
if [ $? -ne 0 ];then
BADPLUGINS="$BADPLUGINS $i"
fi
cd ..
fi
fi
done
if test -n "$BADPLUGINS"; then
echo "Warning : the following plugins could not be built : "
echo $BADPLUGINS
exit 0
fi
include ../../openvas.tmpl
OPENVAS_INCLUDE=$(include) $(GLIB_CFLAGS) $(OPENVAS_CFLAGS)
PLUGNAME=openvas_tcp_scanner
# If you compile this plugin with -DSTATISTICS or -DCOMPUTE_RTT,
# add -lm after $LIBS
all : $(PLUGNAME).nes
$(PLUGNAME).nes : $(PLUGNAME).c
$(LIBTOOL) --mode=compile --tag CC $(CC) $(OPENVAS_INCLUDE) -c $(PLUGNAME).c
$(LIBTOOL) --mode=link --tag CC $(CC) $(OPENVAS_INCLUDE) $(LDFLAGS) -o lib$(PLUGNAME).la $(PLUGNAME).lo $(LIBS) $(GLIB_LIBS) -lm $(LIBUTIL) \
-rpath $(rootdir)/bin/plugins
../install_plug $(PLUGNAME) $(rootdir)
clean :
@rm -fr *.lo *.nes *.la .libs
@rm -fr *.o
This diff is collapsed.
include ../../openvas.tmpl
OPENVAS_INCLUDE=$(include) $(GLIB_CFLAGS) $(OPENVAS_CFLAGS)
PLUGNAME=ssl_ciphers
all : $(PLUGNAME).nes
$(PLUGNAME).nes : $(PLUGNAME).c
$(LIBTOOL) --mode=compile --tag CC $(CC) $(OPENVAS_INCLUDE) -c $(PLUGNAME).c
$(LIBTOOL) --mode=link --tag CC $(CC) $(LDFLAGS) -o lib$(PLUGNAME).la $(PLUGNAME).lo $(LIBS) $(GLIB_LIBS) \
-rpath $(rootdir)/bin/plugins
../install_plug $(PLUGNAME) $(rootdir)
clean :
@rm -fr *.lo *.nes *.la .libs
@rm -fr *.o
/*
* Check SSL ciphers & certificates
*
* This plugin connects to a SSL server, checks its certificate and the
* available ciphers
*
* This plugin was written by Michel Arboi <arboi@alussinan.org>
*/
#include "includes.h"
#include <openvas/system.h> /* for emalloc */
#ifndef ssl_get_cipher_by_char
#define ssl_get_cipher_by_char(ssl,ptr) \
((ssl)->method->get_cipher_by_char((unsigned char*)ptr))
#endif
#define EN_NAME "SSL ciphers"
#define EN_DESC "\
This plugin connects to a SSL server, and\n\
checks its certificate and the available (shared) SSLv2 ciphers.\n\
Weak (export version) ciphers are reported."
#define COPYRIGHT "(C) 2002 Michel Arboi"
#define SUMMARY "checks the server certificate and available SSLv2 ciphers"
int plugin_init(desc)
struct arglist * desc;
{
#ifndef HAVE_SSL
return -1;
#else
plug_set_id(desc, 10863);
plug_set_version(desc, "$Revision: 1852 $");
plug_set_name(desc, EN_NAME, NULL);
plug_set_description(desc, EN_DESC, NULL);
plug_set_summary(desc, SUMMARY, NULL);
plug_set_copyright(desc, COPYRIGHT, NULL);
plug_set_category(desc, ACT_GATHER_INFO);
plug_set_family(desc, "General", NULL);
plug_set_dep(desc, "find_service.nes");
return 0;
#endif
}
static void report_cat(char ** report, int * report_sz, char * msg)
{
if ( *report == NULL )
{
*report_sz = 1024;
*report = emalloc ( *report_sz );
}
if ( strlen(*report) + strlen(msg) + 1 >= *report_sz )
{
int new_sz = *report_sz;
while ( strlen(*report) + strlen(msg) + 1 > new_sz )
{
new_sz *= 2;
}
*report_sz = new_sz;
*report = erealloc(*report, *report_sz);
}
strcat(*report, msg);
if ( msg[strlen(msg) - 1] != '\n' )
strcat(*report, "\n");
}
int plugin_run(env)
struct arglist * env;
{
#ifndef HAVE_SSL
return -1;
#else
char *p, *q, *trp_name, *trp0_name;
int port, trp, trp0, cnx = -1, bits;
char buf[2048], *pbuf, rep[512], *prep;
SSL_CIPHER *c = NULL;
SSL *ssl = NULL;
int weak = 0, medium = 0, strong = 0, null =0, nCiphers = 0;
int cert_printed = 0;
char *msg;
X509 *cert;
BIO *b;
BUF_MEM *bptr;
int rejected[3];
char * report = NULL;
int report_sz = 0;
int warning = 0;
int type;
p = plug_get_key(env, "Transport/SSL", &type);
if ( p == NULL )
return 0;
if ( type == KB_TYPE_STR )
port = atoi(p);
else
port = (int)p;
trp0 = plug_get_port_transport(env, port);
trp0_name = (char*)get_encaps_name(trp0);
for (trp = OPENVAS_ENCAPS_SSLv2; trp <= OPENVAS_ENCAPS_TLSv1; trp ++)
{
if (cnx >= 0)
{
close_stream_connection(cnx);
cnx = -1;
}
if ((cnx = open_stream_connection(env, port, trp, -2)) < 0)
{
rejected[trp - OPENVAS_ENCAPS_SSLv2] = 1;
continue;
}
rejected[trp - OPENVAS_ENCAPS_SSLv2] = 0;
if ((ssl = (SSL*)stream_get_ssl(cnx)) == NULL)
continue;
trp_name = (char*)get_encaps_name(trp);
if (! cert_printed)
{
cert = SSL_get_peer_certificate(ssl);
if(cert != NULL)
{
b = BIO_new(BIO_s_mem());
if(X509_print(b, cert) > 0)
{
BIO_get_mem_ptr(b, &bptr);
msg = emalloc(bptr->length + 1 + 80);
snprintf(msg, bptr->length + 1 + 80, "Here is the %s server certificate:\n",
trp_name);
for (p = msg; *p != '\0'; p ++) /*NOP*/ ;
strncpy(p, bptr->data, bptr->length);
report_cat(&report, &report_sz, msg);
efree(&msg);
}
BIO_free(b);
cert_printed ++;
}
}