Commit d0fd3732 authored by Raphaël Hertzog's avatar Raphaël Hertzog

Merge tag 'upstream/3.4.0'

Upstream version 3.4.0
parents aff4fe93 a30bcb76
openvas-scanner 3.4.0 (2012-04-11)
This is the first release of the openvas-scanner 3.4 module for the Open
Vulnerability Assessment System release 6 (OpenVAS-6). Compared
to the previous major release it covers a set of various improvements.
Many thanks to everyone who has contributed to the 3.4.0 release:
Hani Benhabiles, Werner Koch, Michael Meyer, Matthew Mundell, Timo Pollmeier,
Thomas Reinke, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 3.3.x:
* Minimum requirements for openvas-libraries: Increased from 5.0 to 6.0.
* Minimum requirements for GnuTLS: Increased from 2.2 to 2.8.
* New optional OTP version 1.1 which is like 1.0 but sends less info
to the client initially.
* Changed behaviour of NVT sync script "openvas-nvt-sync":
It will now delete scripts not part of the when using rsync,
except for the directory "private/".
A Migration option "--migrate-to-private" of the sync-script will
move private scripts into the "private/" directory.
The Feed Sync will stop with an error until the "private/" is created.
As soon as this directory is created, the synchronisation will ultimately
delete all files in the local feed directory that are not part of the
regular Feed.
* Changed: The magic that NVTs of category ACT_SETTINGS were always enabled
even when user disabled them has been removed. OTP clients now have
to take care to enable as needed.
* Send NODESC and NOSUMMARY instead of whole plugin description and summary when
no result is returned and plugin has all new nvt tags.
* Newline in script tags are now escaped.
* The size of tags is not limited anymore.
* Internal use of NVTI references by OID to allow using the NVTI
cache properly. This significantly lowers the memory consumption
per Scanner process.
* Improve bug tracking by directing diagnostics to the log file.
* Removed deprecated code.
* Closed a number of memory leaks.
* Various code and build cleanups.
* Removed built-in logfile rotation. It is not a good idea to try
to circumvent system environment technology for logrotate.
* New command line switch "--only-cache" to just build the cache and exit.
* Fixed a bug when NVT lacks family specification.
openvas-scanner 3.4+rc1 (2013-03-15)
This is the first release candidate of the openvas-scanner 3.4 module for the
Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-6".
Major changes include not appending summary and description when no result is
sent and plugin is of new style and ability for greenbone-nvt-sync to use
private directory feature for RSYNC_DELETE.
Many thanks to everyone who has contributed to this release:
Timo Pollmeier, Hani Benhabiles, Matthew Mundell.
Main changes compared to 3.4+beta3:
* Send NODESC and NOSUMMARY instead of whole plugin description and summary when
no result is returned and plugin has all new nvt tags.
* Add private directory for RSYNC_DELETE to greenbone-nvt-sync.
openvas-scanner 3.4+beta2 (2013-02-20)
This is the second beta release of the openvas-scanner 3.4 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-6".
Main changes since last beta release are the behaviour change of the Feed
Synchronization routine and the more flexible handling of script tags.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Werner Koch, Matthew Mundell, Timo Pollmeier,
Jan-Oliver Wagner, Michael Wiegand.
Main changes compared to 3.4+beta1:
* Changed behaviour of NVT sync script "openvas-nvt-sync":
It will now delete scripts not part of the when using rsync,
except for the directory "private/".
A Migration option "--migrate-to-private" of the sync-script will
move private scripts into the "private/" directory.
The Feed Sync will stop with an error until the "private/" is created.
As soon as this directory is created, the synchronisation will ultimately
delete all files in the local feed directory that are not part of the
regular Feed.
* Newline in script tags are now escaped.
* The size of tags is not limited anymore.
* Internal use of NVTI references by OID to allow using the NVTI
cache properly. This significantly lowers the memory consumption
per Scanner process.
* Improve bug tracking by directing diagnostics to the log file.
* Memleak fixes and other small bugfixes.
* Various code and build cleanups.
openvas-scanner 3.4+beta1 (2012-10-26)
This is the first beta release of the openvas-scanner 3.4 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-6".
Main new feature and other changes of 3.4 compared to 3.3 include:
A collection internal and other small improvements, introducing
OTP 1.1 as optional protocol.
Many thanks to everyone who has contributed to this release:
Michael Meyer, Matthew Mundell, Thomas Reinke, Jan-Oliver Wagner
and Michael Wiegand.
Main changes compared to 3.3.x:
* Minimum requirements for openvas-libraries: Increased from 5.0 to 6.0.
* Removed built-in logfile rotation. It is not a good idea to try
to circumvent system environment technology for logrotate.
* New optional OTP version 1.1 which is like 1.0 but sends less info
to the client initially.
* New: command line switch "--only-cache" to just build the cache and exit.
* Changed: The magic that NVTs of category ACT_SETTINGS were always enabled
even when user disabled them has been removed. OTP clients now have
to take care to enable as needed.
* Internal code cleanups for NVTI cache handling.
* Fixed a bug when NVT lacks family specification.
* Removed deprecated code.
* Closed a number of memory leaks.
openvas-scanner 3.3.1 (2012-04-24)
This is the first maintenance release of the openvas-scanner 3.3 module for the Open
......
......@@ -78,12 +78,15 @@ set (CPACK_SOURCE_TOPLEVEL_TAG "")
set (CPACK_SYSTEM_NAME "")
set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "3")
set (CPACK_PACKAGE_VERSION_MINOR "3")
set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION_MINOR "4")
# Use this scheme for stable releases
set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+rc2${SVN_REVISION}")
#set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}")
#set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}${CPACK_PACKAGE_VERSION_PATCH}")
set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_PACKAGE_VENDOR "The OpenVAS Project")
......@@ -101,6 +104,7 @@ set (CPACK_SOURCE_IGNORE_FILES
"log.conf$"
"Doxyfile$"
"Doxyfile_full$"
"openvassd.8$"
"VERSION$"
"tools/openvas-adduser$"
"tools/openvas-mkcert$"
......@@ -182,8 +186,8 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
## list and throw an error, otherwise long install-cmake-install-cmake cycles
## might occur.
pkg_check_modules (LIBOPENVAS REQUIRED libopenvas>=5.0.0)
pkg_check_modules (GNUTLS REQUIRED gnutls>=2.2)
pkg_check_modules (LIBOPENVAS REQUIRED libopenvas>=6.0.0)
pkg_check_modules (GNUTLS REQUIRED gnutls>=2.8)
pkg_check_modules (GLIB REQUIRED glib-2.0>=2.16)
message (STATUS "Looking for pcap...")
......@@ -243,8 +247,8 @@ configure_file (tools/openvas-nvt-sync.in tools/openvas-nvt-sync @ONLY)
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -Werror -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE")
add_subdirectory (src)
......
This diff is collapsed.
INSTALLATION INSTRUCTIONS FOR OPENVAS-SCANNER
=============================================
Please note: The reference systems used by most of the developers are Debian
GNU/Linux 'Lenny' 5.0 and Debian GNU/Linux 'Squeeze' 6.0. The build might fail
on any other systems. Also it is necessary to install dependent development
packages.
Please note: The reference system used by most of the developers is Debian
Debian GNU/Linux 'Squeeze' 6.0. The build might fail on any other systems.
Also it is necessary to install dependent development packages.
Prerequisites for openvas-scanner
......@@ -13,8 +12,8 @@ Prerequisites for openvas-scanner
Prerequisites:
* cmake
* glib-2.0 >= 2.16
* gnutls >= 2.2
* openvas-libraries >= 5.0.0
* gnutls >= 2.8
* openvas-libraries >= 6.0.0
* pkg-config
Prerequisites for building documentation:
......@@ -32,17 +31,20 @@ files before configuring:
$ export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/your/location/lib/pkgconfig
Create a build directory and change into it with
$ mkdir build
$ cd build
Then configure the build with
$ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation .
$ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation ..
or (if you want to use the default installation path /usr/local)
$ cmake .
$ cmake ..
This only needs to be done once. Note: It is assumed that the other
OpenVAS components are installed to the same path. If not, you need to set
some paths separately, see below for details.
This only needs to be done once.
Thereafter, the following commands are useful.
......@@ -50,13 +52,13 @@ Thereafter, the following commands are useful.
$ make doc # build the documentation
$ make doc-full # build more developer-oriented documentation
$ make install # install the build
$ make rebuild_cache # rebuild the make system cache
$ make rebuild_cache # rebuild the cmake cache
$ make install
Please note that you may have to execute "make install" as root, especially if
you have specified a prefix for which your user does not have full permissions.
Please note that you may have to execute this command as root, especially if you
have specified a prefix for which your user does not have full permissions.
To clean up the build environment, simply remove the contents of the "build"
directory you created above.
Setting up openvas-scanner
......
......@@ -25,38 +25,24 @@
## build
set_directory_properties (PROPERTIES CLEAN_NO_CUSTOM true)
set_directory_properties (PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ".built-html;.built-html_full")
include (FindDoxygen)
if (NOT DOXYGEN_EXECUTABLE)
message (STATUS "WARNING: Doxygen is required to build the HTML docs.")
else (NOT DOXYGEN_EXECUTABLE)
set (DOC_FILES
../src/attack.c ../src/auth.c ../src/comm.c ../src/hosts.c
../src/locks.c ../src/log.c ../src/nasl_plugins.c ../src/ntp_11.c
../src/openvassd.c ../src/otp_1_0.c ../src/oval_plugins.c ../src/parser.c
../src/piic.c ../src/pluginlaunch.c ../src/pluginload.c
../src/pluginscheduler.c ../src/plugs_hash.c ../src/plugs_req.c
../src/preferences.c ../src/processes.c ../src/rules.c ../src/save_kb.c
../src/sighand.c ../src/users.c ../src/utils.c
../README ../INSTALL)
add_custom_target (doc COMMENT "Building documentation..."
DEPENDS Doxyfile .built-html)
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile ${CMAKE_CURRENT_BINARY_DIR}/.built-html)
add_custom_target (doc-full COMMENT "Building documentation..."
DEPENDS Doxyfile_full .built-html_full)
endif (NOT DOXYGEN_EXECUTABLE)
add_custom_command (OUTPUT .built-html
COMMAND sh
ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html\;\"
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)
add_custom_command (OUTPUT .built-html
COMMAND sh
ARGS -c \"cd .. && ${DOXYGEN_EXECUTABLE} doc/Doxyfile && touch doc/.built-html\;\"
DEPENDS Doxyfile ${DOC_FILES})
add_custom_command (OUTPUT .built-html_full
COMMAND sh
ARGS -c \"cd .. && ${DOXYGEN_EXECUTABLE} doc/Doxyfile_full && touch doc/.built-html_full\;\"
DEPENDS Doxyfile_full ${DOC_FILES})
add_custom_target (doc-full COMMENT "Building documentation..."
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full)
add_custom_command (OUTPUT .built-html_full
COMMAND sh
ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full\;\"
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full)
endif (NOT DOXYGEN_EXECUTABLE)
......@@ -30,7 +30,7 @@ PROJECT_NUMBER = @CPACK_PACKAGE_VERSION@
# If a relative path is entered, it will be relative to the location
# where doxygen was started. If left blank the current directory will be used.
OUTPUT_DIRECTORY = doc/generated
OUTPUT_DIRECTORY = @CMAKE_BINARY_DIR@/doc/generated
# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
# 4096 sub-directories (in 2 levels) under the output directory of each output
......@@ -115,7 +115,7 @@ FULL_PATH_NAMES = YES
# If left blank the directory from which doxygen is run is used as the
# path to strip.
STRIP_FROM_PATH =
STRIP_FROM_PATH = @CMAKE_SOURCE_DIR@
# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
# the path mentioned in the documentation of a class, which tells
......@@ -459,7 +459,7 @@ WARN_LOGFILE =
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
INPUT = src
INPUT = @CMAKE_SOURCE_DIR@/src
# If the value of the INPUT tag contains directories, you can use the
# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
......@@ -474,7 +474,7 @@ FILE_PATTERNS =
# should be searched for input files as well. Possible values are YES and NO.
# If left blank NO is used.
RECURSIVE = YES
RECURSIVE = NO
# The EXCLUDE tag can be used to specify files and/or directories that should
# excluded from the INPUT source files. This way you can easily exclude a
......@@ -500,7 +500,7 @@ EXCLUDE_PATTERNS =
# directories that contain example code fragments that are included (see
# the \include command).
EXAMPLE_PATH = .
EXAMPLE_PATH = @CMAKE_SOURCE_DIR@
# If the value of the EXAMPLE_PATH tag contains directories, you can use the
# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
......@@ -744,7 +744,7 @@ TREEVIEW_WIDTH = 250
# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
# generate Latex output.
GENERATE_LATEX = YES
GENERATE_LATEX = NO
# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
# If a relative path is entered the value of OUTPUT_DIRECTORY will be
......
......@@ -30,7 +30,7 @@ PROJECT_NUMBER = @CPACK_PACKAGE_VERSION@
# If a relative path is entered, it will be relative to the location
# where doxygen was started. If left blank the current directory will be used.
OUTPUT_DIRECTORY = doc/generated
OUTPUT_DIRECTORY = @CMAKE_BINARY_DIR@/doc/generated
# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
# 4096 sub-directories (in 2 levels) under the output directory of each output
......@@ -115,7 +115,7 @@ FULL_PATH_NAMES = YES
# If left blank the directory from which doxygen is run is used as the
# path to strip.
STRIP_FROM_PATH =
STRIP_FROM_PATH = @CMAKE_SOURCE_DIR@
# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
# the path mentioned in the documentation of a class, which tells
......@@ -459,7 +459,7 @@ WARN_LOGFILE =
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
INPUT = src
INPUT = @CMAKE_SOURCE_DIR@/src
# If the value of the INPUT tag contains directories, you can use the
# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
......@@ -474,7 +474,7 @@ FILE_PATTERNS =
# should be searched for input files as well. Possible values are YES and NO.
# If left blank NO is used.
RECURSIVE = YES
RECURSIVE = NO
# The EXCLUDE tag can be used to specify files and/or directories that should
# excluded from the INPUT source files. This way you can easily exclude a
......@@ -500,7 +500,7 @@ EXCLUDE_PATTERNS =
# directories that contain example code fragments that are included (see
# the \include command).
EXAMPLE_PATH = ./
EXAMPLE_PATH = @CMAKE_SOURCE_DIR@
# If the value of the EXAMPLE_PATH tag contains directories, you can use the
# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
......@@ -600,7 +600,7 @@ USE_HTAGS = NO
# will generate a verbatim copy of the header file for each class for
# which an include is specified. Set to NO to disable this.
VERBATIM_HEADERS = NO
VERBATIM_HEADERS = YES
#---------------------------------------------------------------------------
# configuration options related to the alphabetical class index
......
This diff is collapsed.
/* OpenVAS
* $Id: attack.c 12526 2012-01-27 10:06:27Z hdoreau $
* $Id: attack.c 15126 2013-01-11 20:27:55Z jan $
* Description: Launches the plugins, and manages multithreading.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -47,6 +47,8 @@
#include <openvas/misc/scanners_utils.h> /* for comm_send_status */
#include <openvas/misc/openvas_ssh_login.h>
#include <openvas/base/nvticache.h> /* for nvticache_t */
#include "attack.h"
#include "auth.h"
#include "comm.h"
......@@ -258,17 +260,26 @@ launch_plugin (struct arglist *globals, plugins_scheduler_t * sched,
{
struct arglist *preferences = arg_get_value (globals, "preferences");
struct arglist *args = plugin->arglist->value;
nvti_t *nvti = arg_get_value (args, "NVTI");
char name[1024];
char *oid = (char *)arg_get_value (args, "OID");
nvticache_t *nvticache = (nvticache_t *)arg_get_value (
arg_get_value (args, "preferences"), "nvticache");
gchar *src = (oid == NULL ? NULL : nvticache_get_src_by_oid (nvticache, oid));
char name[1024], oid_[100];
int optimize = preferences_optimize_test (preferences);
int category = plugin->category;
static int last_status = 0;
gchar *network_scan_status;
gboolean network_scan = FALSE;
strncpy (name, nvti_src (nvti), sizeof (name) - 1);
strncpy (name, src, sizeof (name) - 1);
name[sizeof (name) - 1] = '\0';
g_free (src);
// we need the oid later on and have many exits, so better
// store it locally without need to free it.
strncpy (oid_, oid, sizeof (oid_) - 1);
oid_[sizeof (oid_) - 1] = '\0';
network_scan_status = arg_get_value (globals, "network_scan_status");
if (network_scan_status != NULL)
if (g_ascii_strcasecmp (network_scan_status, "busy") == 0)
......@@ -308,7 +319,6 @@ launch_plugin (struct arglist *globals, plugins_scheduler_t * sched,
if (save_kb (globals))
{
char *oid = nvti_oid (nvti);
char asc_id[100];
snprintf (asc_id, sizeof (asc_id), "Launched/%s", oid);
......
This diff is collapsed.
/* OpenVAS
* $Id: log.c 9926 2011-01-11 20:33:45Z jan $
* $Id: log.c 16004 2013-04-11 08:03:54Z mwiegand $
* Description: Manages the logfile of OpenVAS.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -41,42 +41,6 @@
static FILE *log;
#define MAX_LOG_SIZE_MEGS 500 /* 500 Megs */
void
rotate_log_file (const char *filename)
{
char path[1024];
int i = 0;
struct stat st;
if (stat (filename, &st) == 0)
{
if (st.st_size < 1024 * 1024 * MAX_LOG_SIZE_MEGS)
return;
}
else
return; /* Could not stat the log file */
log_close ();
for (i = 0; i < 1024; i++)
{
int e;
snprintf (path, sizeof (path), "%s.%d", filename, i);
e = stat (path, &st);
if (e < 0 && errno == ENOENT)
break;
}
if (i == 1024)
return; /* ?? */
rename (filename, path);
}
/**
* @brief Initialization of the log file.
*/
......@@ -96,7 +60,6 @@ log_init (const char *filename)
else
{
rotate_log_file (filename);
int fd = open (filename, O_WRONLY | O_CREAT | O_APPEND
#ifdef O_LARGEFILE
| O_LARGEFILE
......@@ -104,8 +67,8 @@ log_init (const char *filename)
, 0644);
if (fd < 0)
{
perror ("log_init():open ");
printf ("Could not open the logfile, using stderr\n");
fprintf (stderr, "log_init():open : %s\n", strerror (errno));
fprintf (stderr, "Could not open the logfile, using stderr\n");
log = stderr;
}
......@@ -149,19 +112,16 @@ log_close ()
/*
* write into the logfile
* write into the logfile using a va_list.
* Nothing fancy here...
*/
void
log_write (const char *str, ...)
log_vwrite (const char *str, va_list arg_ptr)
{
va_list param;
char disp[4096];
char *tmp;
va_start (param, str);
vsnprintf (disp, sizeof (disp), str, param);
va_end (param);
vsnprintf (disp, sizeof (disp), str, arg_ptr);
tmp = disp;
while ((tmp = (char *) strchr (tmp, '\n')) != NULL)
......@@ -184,3 +144,17 @@ log_write (const char *str, ...)
else
syslog (LOG_NOTICE, "%s", disp);
}
/*
* write into the logfile
* Nothing fancy here...
*/
void
log_write (const char *str, ...)
{
va_list param;
va_start (param, str);
log_vwrite (str, param);
va_end (param);
}
......@@ -32,11 +32,15 @@
#ifndef _OPENVAS_LOG_H
#define _OPENVAS_LOG_H
#include <stdarg.h>
void log_init (const char *);
void log_close (void);
#ifdef __GNUC__
void log_vwrite (const char *, va_list) __attribute__ ((format (printf, 1, 0)));
void log_write (const char *, ...) __attribute__ ((format (printf, 1, 2)));
#else
void log_vwrite (const char *, va_list);
void log_write (const char *, ...);
#endif
......
/* OpenVAS
* $Id: nasl_plugins.c 11288 2011-07-10 20:26:24Z jan $
* $Id: nasl_plugins.c 15274 2013-01-25 08:15:11Z mattm $
* Description: Launches NASL plugins.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -33,6 +33,7 @@
#include <stdio.h> /* for fprintf() */
#include <unistd.h> /* for close() */
#include <signal.h> /* for SIGTERM */
#include <string.h> /* for strlen() */
#include <sys/stat.h>
#include <glib.h>
......@@ -41,12 +42,12 @@
#include <utime.h>
#include <openvas/base/drop_privileges.h> /* for drop_privileges */
#include <openvas/base/nvticache.h> /* for nvticache_add */
#include <openvas/nasl/nasl.h>
#include <openvas/misc/network.h> /* for internal_send */
#include <openvas/misc/nvt_categories.h> /* for ACT_SCANNER */
#include <openvas/misc/plugutils.h> /* for plug_set_launch */
#include <openvas/misc/internal_com.h> /* for INTERNAL_COMM_CTRL_FINISHED */
#include <openvas/misc/store.h> /* for store_plugin */
#include <openvas/misc/system.h> /* for emalloc */
#include <openvas/misc/proctitle.h> /* for setproctitle */
......@@ -78,9 +79,9 @@ static void nasl_thread (struct arglist *);
/**
* @brief Add *one* .nasl plugin to the plugin list and return the pointer to it.
*
* The plugin is first attempted to be loaded from the cache calling
* store_load_plugin. If that fails, it is parsed (via exec_nasl_script) and
* added to the store.
* The plugin is first attempted to be loaded from the cache.
* If that fails, it is parsed (via exec_nasl_script) and
* added to the cache.
* If a plugin with the same (file)name is already present in the plugins
* arglist, it will be replaced.
*
......@@ -101,7 +102,7 @@ nasl_plugin_add (char *folder, char *name, struct arglist *plugins,
struct arglist *prev_plugin = NULL;
int nasl_mode;
nasl_mode = NASL_EXEC_DESCR;
nvti_t * nvti = NULL;
nvti_t *nvti;
snprintf (fullname, sizeof (fullname), "%s/%s", folder, name);
......@@ -110,10 +111,14 @@ nasl_plugin_add (char *folder, char *name, struct arglist *plugins,
nasl_mode |= NASL_ALWAYS_SIGNED;
}
plugin_args = store_load_plugin (name, preferences);
nvti = nvticache_get (arg_get_value(preferences, "nvticache"), name);
plugin_args = plug_create_from_nvti_and_prefs (nvti, preferences);
if (plugin_args == NULL)
{
char *sign_fprs = nasl_extract_signature_fprs (fullname);
nvti_free (nvti);
// If server accepts signed plugins only, discard if signature file missing.
if (preferences_nasl_no_signature_check (preferences) == 0
&& sign_fprs == NULL)
......@@ -140,6 +145,10 @@ nasl_plugin_add (char *folder, char *name, struct arglist *plugins,
return NULL;
}
// this extra pointer was only necessary during parsing the
// description part of a NASL. Now we can remove it from the args.
if (arg_get_value (plugin_args, "NVTI"))
arg_del_value (plugin_args, "NVTI");
nvti_set_src (nvti, fullname);
nvti_add_sign_key_id (nvti, sign_fprs);
......@@ -162,8 +171,12 @@ nasl_plugin_add (char *folder, char *name, struct arglist *plugins,
if (nvti_oid (nvti) != NULL)
{
store_plugin (plugin_args, name);
plugin_args = store_load_plugin (name, preferences);
nvticache_add (arg_get_value(preferences, "nvticache"), nvti, name);
arg_set_value (plugin_args, "preferences", -1, NULL);
arg_free_all (plugin_args);
nvti_free (nvti);
nvti = nvticache_get (arg_get_value(preferences, "nvticache"), name);
plugin_args = plug_create_from_nvti_and_prefs (nvti, preferences);
}
else
// Most likely an exit was hit before the description could be parsed.
......@@ -176,16 +189,22 @@ nasl_plugin_add (char *folder, char *name, struct arglist *plugins,
{
/* Discard invalid plugins */
fprintf (stderr, "%s failed to load\n", name);
nvti_free (nvti);
return NULL;
}
nvti = arg_get_value (plugin_args, "NVTI");
if (nvti_oid (nvti) == NULL)
{
/* Discard invalid plugins */
fprintf (stderr, "%s failed to load, no OID\n", name);
nvti_free (nvti);
plugin_free (plugin_args);
return NULL;
}
arg_add_value (plugin_args, "OID", ARG_STRING, strlen (nvti_oid (nvti)) , g_strdup (nvti_oid (nvti)));
nvti_free (nvti);
plug_set_launch (plugin_args, LAUNCH_DISABLED);
prev_plugin = arg_get_value (plugins, name);
......@@ -213,7 +232,8 @@ nasl_plugin_launch (struct arglist *globals, struct arglist *plugin,
int category = 0;
int module;
struct arglist *d = emalloc (sizeof (struct arglist));
nvti_t * nvti = arg_get_value (plugin, "NVTI");
nvti_t * nvti = nvticache_get_by_oid (arg_get_value (arg_get_value (plugin,
"preferences"), "nvticache"), arg_get_value (plugin, "OID"));
arg_add_value (plugin, "HOSTNAME", ARG_ARGLIST, -1, hostinfos);
if (arg_get_value (plugin, "globals"))
......@@ -226,11 +246,12 @@ nasl_plugin_launch (struct arglist *globals, struct arglist *plugin,
arg_add_value (plugin, "key", ARG_PTR, -1, kb);
arg_add_value (d, "args", ARG_ARGLIST, -1, plugin);
arg_add_value (d, "name", ARG_STRING, -1, name);
arg_add_value (d, "preferences", ARG_STRING, -1, preferences);
arg_add_value (d, "name", ARG_STRING, strlen (name), name);
arg_add_value (d, "preferences", ARG_ARGLIST, -1, preferences);
category = nvti_category (nvti);
timeout = preferences_plugin_timeout (preferences, nvti_oid (nvti));
nvti_free (nvti);
if (timeout == 0)
{
if (category == ACT_SCANNER)
......
/* OpenVAS
* $Id: ntp_11.c 12529 2012-01-27 12:46:22Z hdoreau $
* $Id: ntp_11.c 15127 2013-01-11 20:52:19Z jan $
* Description: OpenVAS Communication Manager; it manages the OpenVAS Transfer Protocol,
* version 1.1 and 1.2.
*
......@@ -32,13 +32,16 @@
#include <glib.h>
#include <openvas/base/nvti.h> /* for nvti_name */
#include <openvas/misc/network.h> /* for recv_line */
#include <openvas/misc/plugutils.h> /* for plug_get_deps */
#include <openvas/misc/system.h> /* for emalloc */
#include <openvas/misc/hash_table_file.h>
#include <openvas/misc/openvas_ssh_login.h>
#include <openvas/misc/internal_com.h> /* for INTERNAL_COMM_MSG_TYPE_DATA */
#include <openvas/base/nvticache.h> /* for nvticache_t */
#include "ntp_11.h"
#include "otp_1_0.h"
#include "comm.h"
......@@ -751,7 +754,14 @@ _find_plugin (struct arglist **array, char *fname, int start, int end, int rend)
plugin = array[start];
if (strcmp (fname, plugin->name) == 0)
return nvti_name (arg_get_value (plugin->value, "NVTI"));