[Openvas-commits] r1205 - in branches/openvas-server-1-0: . doc openvasd
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Aug 22 14:57:33 CEST 2008
Author: mwiegand
Date: 2008-08-22 14:57:33 +0200 (Fri, 22 Aug 2008)
New Revision: 1205
Added:
branches/openvas-server-1-0/doc/openvas-mkcert-client.1
Modified:
branches/openvas-server-1-0/CHANGES
branches/openvas-server-1-0/ChangeLog
branches/openvas-server-1-0/Makefile
branches/openvas-server-1-0/openvas-adduser.in
branches/openvas-server-1-0/openvas-mkcert-client.in
branches/openvas-server-1-0/openvas-mkcert.in
branches/openvas-server-1-0/openvas-rmuser.in
branches/openvas-server-1-0/openvasd/Makefile
branches/openvas-server-1-0/openvasd/pluginscheduler.c
Log:
Backported changes from trunk in preparation for the 1.0.2 release.
Modified: branches/openvas-server-1-0/CHANGES
===================================================================
--- branches/openvas-server-1-0/CHANGES 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/CHANGES 2008-08-22 12:57:33 UTC (rev 1205)
@@ -1,3 +1,16 @@
+openvas-server 1.0.2 (2008-08-22)
+
+This is a bug fix release for the OpenVAS-Server 1.0 series. It fixes two issues
+that could under some circumstances break the creation of new users or cause a
+network scan to exit prematurely, reporting an empty result.
+
+These bugs were introduced in 1.0.1, versions 1.0.0 and prior are not affected
+by this bug. If you are having the problems described above, we recommend that
+you upgrade to 1.0.2.
+
+Many thanks to everyone who has contributed to this release: Vlatko Kosturjak
+and Michael Wiegand.
+
openvas-server 1.0.1 (2008-07-03)
This release contains new and improved packaging files for various distributions
Modified: branches/openvas-server-1-0/ChangeLog
===================================================================
--- branches/openvas-server-1-0/ChangeLog 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/ChangeLog 2008-08-22 12:57:33 UTC (rev 1205)
@@ -1,7 +1,72 @@
+2008-08-22 Michael Wiegand <michael.wiegand at intevation.de>
+
+ * openvasd/pluginscheduler.c (hash_link_destroy): Fixed another instance
+ of the memory management issue that resulted in a crash during scans.
+ Backport from -trunk.
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * Makefile: Proper use of OPENVASD_STATEDIR in the Makefile, since using
+ localstatedir does not make sense when we already have a definition
+ (that can be overriden by the user if needed).
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ Added a manpage for openvas-mkcert-client similar to the one written for
+ Nessus.
+
+ * doc/openvas-mkcert-client.1: Added.
+
+ * Makefile: Updated.
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvas-rmuser.in: Exit without error if no errors exist.
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvas-rmuser.in: Final fix for localstatedir definitions.
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvas-adduser.in: Retain proper definition of localstatedir,
+ reverting the change in r150 and fixing properly the definition in the
+ usage in the script. Changing $localstatedir to other thing different
+ from @localstatedir@ is confusing and error prone!
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvas-adduser.in: Should use /var/lib/openvas instead of
+ /var/openvas.
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvas-mkcert.in: Use the proper definitions to setup the location
+ of the private and public CA keys.
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvas-mkcert-client.in: Have nessus-mkcert-client warn if the server
+ certificates cannot be read (happens when you are not root). Based on
+ patch included in Debian since nessus-core 2.2.3-1, in February 2002.
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvas-mkcert-client.in: Proper fix for the FHS issue, the "fix"
+ introduced in release 150 actually made this script use /var/openvas/CA
+ for some of the keys when it should be using /var/lib/openvas/CA instead
+ (/var/openvas is not a FHS directory). This fix is based in the patch
+ introduced in Debian for nessus-core (since, at least 1.2.6, 6 years
+ ago).
+
+2008-08-22 Javier Fernandez-Sanguino <jfs at debian.org>
+
+ * openvasd/Makefile: Remove undefined variable.
+
2008-08-21 Michael Wiegand <michael.wiegand at intevation.de>
- * openvasd/pluginscheduler.c: Fixed a memory management issue that
- resulted in a crash during scans.
+ * openvasd/pluginscheduler.c (hash_add): Fixed a memory management issue
+ that resulted in a crash during scans. Backport from -trunk.
2008-07-31 Tim Brown <timb at nth-dimension.org.uk>
Modified: branches/openvas-server-1-0/Makefile
===================================================================
--- branches/openvas-server-1-0/Makefile 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/Makefile 2008-08-22 12:57:33 UTC (rev 1205)
@@ -56,21 +56,16 @@
@test -d $(DESTDIR)${sysconfdir}/openvas || $(INSTALL_DIR) -m 755 $(DESTDIR)${sysconfdir}/openvas
@test -d $(DESTDIR)${sysconfdir}/openvas/gnupg || $(INSTALL_DIR) -m 755 $(DESTDIR)${sysconfdir}/openvas/gnupg
@test -d $(DESTDIR)${localstatedir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}
- @test -d $(DESTDIR)${localstatedir}/lib || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/lib
- @test -d $(DESTDIR)${localstatedir}/lib/openvas || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/lib/openvas
- @test -d $(DESTDIR)${localstatedir}/lib/openvas/users || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/lib/openvas/users
- @test -d $(DESTDIR)${localstatedir}/lib/openvas/logs || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/lib/openvas/logs
- @test -d $(DESTDIR)${localstatedir}/lib/openvas/tmp || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/lib/openvas/tmp
- @test -d $(DESTDIR)${localstatedir}/lib/openvas/jobs || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/lib/openvas/jobs
- @test -d $(DESTDIR)${localstatedir}/lib/openvas/CA || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/lib/openvas/CA
- @test -d $(DESTDIR)${localstatedir}/log || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/log
- @test -d $(DESTDIR)${localstatedir}/log/openvas || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/log/openvas
+ @test -d $(DESTDIR)${OPENVASD_STATEDIR} || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}
+ @test -d $(DESTDIR)${OPENVASD_STATEDIR}/users || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/users
+ @test -d $(DESTDIR)${OPENVASD_STATEDIR}/logs || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/logs
+ @test -d $(DESTDIR)${OPENVASD_STATEDIR}/tmp || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/tmp
+ @test -d $(DESTDIR)${OPENVASD_STATEDIR}/jobs || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/jobs
+ @test -d $(DESTDIR)${OPENVASD_STATEDIR}/CA || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/CA
+ @test -d $(DESTDIR)${OPENVASD_LOGDIR} || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_LOGDIR}
@test -d $(DESTDIR)${localstatedir}/run || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/run
@test -d $(DESTDIR)${includedir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${includedir}
@test -d $(DESTDIR)${includedir}/openvas || $(INSTALL_DIR) -m 755 $(DESTDIR)${includedir}/openvas
- @test -d $(DESTDIR)${sharedstatedir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${sharedstatedir}
- @test -d $(DESTDIR)${sharedstatedir}/openvas || $(INSTALL_DIR) -m 755 $(DESTDIR)${sharedstatedir}/openvas
- @test -d $(DESTDIR)${sharedstatedir}/openvas/CA || $(INSTALL_DIR) -m 755 $(DESTDIR)${sharedstatedir}/openvas/CA
$(INSTALL) -m 755 openvas-mkcert-client $(DESTDIR)${bindir}/openvas-mkcert-client
$(INSTALL) -m 755 openvasd-config $(DESTDIR)${bindir}/openvasd-config
$(INSTALL) -m 755 ssl/openvas-mkrand $(DESTDIR)${bindir}/openvas-mkrand
@@ -79,7 +74,7 @@
$(INSTALL) -m 755 openvas-adduser $(DESTDIR)${sbindir}/openvas-adduser
$(INSTALL) -m 755 openvas-rmuser $(DESTDIR)${sbindir}/openvas-rmuser
$(INSTALL) -m 755 openvas-mkcert $(DESTDIR)${sbindir}/openvas-mkcert
- $(INSTALL) -c -m 0444 openvas-services $(DESTDIR)${localstatedir}/lib/openvas/openvas-services
+ $(INSTALL) -c -m 0444 openvas-services $(DESTDIR)${OPENVASD_STATEDIR}/openvas-services
$(INSTALL) -c -m 0444 include/includes.h $(DESTDIR)${includedir}/openvas/includes.h
$(INSTALL) -c -m 0444 include/config.h $(DESTDIR)${includedir}/openvas/config.h
$(INSTALL) -c -m 0444 include/threadcompat.h $(DESTDIR)${includedir}/openvas/threadcompat.h
@@ -101,6 +96,7 @@
$(INSTALL) -c -m 0444 doc/openvas-adduser.8 $(DESTDIR)${mandir}/man8/openvas-adduser.8
$(INSTALL) -c -m 0444 doc/openvas-rmuser.8 $(DESTDIR)${mandir}/man8/openvas-rmuser.8
$(INSTALL) -c -m 0444 doc/openvas-mkcert.8 $(DESTDIR)${mandir}/man8/openvas-mkcert.8
+ $(INSTALL) -c -m 0444 doc/openvas-mkcert-client.1 $(DESTDIR)${mandir}/man1/openvas-mkcert-client.1
server :
Added: branches/openvas-server-1-0/doc/openvas-mkcert-client.1
===================================================================
--- branches/openvas-server-1-0/doc/openvas-mkcert-client.1 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/doc/openvas-mkcert-client.1 2008-08-22 12:57:33 UTC (rev 1205)
@@ -0,0 +1,45 @@
+.TH OPENVAS-MKCERT-CLIENT 1 "May 2002" "The OpenVAS Project" "User Manuals"
+.SH NAME
+openvas-mkcert-client \- Creates a client certificate
+.sp
+.SH SYNOPSIS
+.BI openvas-mkcert-client
+
+.SH DESCRIPTION
+
+The
+.B OpenVAS Security Scanner
+protects the communication between the client and the server by using SSL. SSL
+requires the server to present a certificate to the client, and the client can
+optionally present a certificate to the server.
+
+This script
+.B openvas-mkcert-client
+generates a client certificate.
+
+.SH SEE ALSO
+
+.BR openvasd (8),\ openvas-mkcert (8),\ openssl(1)
+
+.SH MORE INFORMATION ABOUT THE OpenVAS PROJECT
+The canonical places where you will find more information
+about the OpenVAS project are:
+
+.RS
+.UR
+http://www.openvas.org/
+.UE
+(Official site)
+.br
+.UR
+http://cvs.openvas.org/
+.UE
+(Developers site)
+.RE
+
+
+.SH AUTHOR
+
+.B openvas-mkcert-client
+was written by Michel Arboi <arboi at bigfoot.com> based on
+.B openvas-mkcert
Modified: branches/openvas-server-1-0/openvas-adduser.in
===================================================================
--- branches/openvas-server-1-0/openvas-adduser.in 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/openvas-adduser.in 2008-08-22 12:57:33 UTC (rev 1205)
@@ -92,7 +92,7 @@
bindir=@bindir@
sbindir=@sbindir@
datadir=@datadir@
-localstatedir=@localstatedir@/lib
+localstatedir=@localstatedir@
PATH=$PATH:$sbindir:$bindir:/usr/ssl/bin:/usr/local/ssl/bin:/opt/ssl/bin
@@ -154,7 +154,7 @@
do
echo $Xn "`gettext "Login :"` $Xc"
read login
- if [ -d $localstatedir/openvas/users/$login ];
+ if [ -d $localstatedir/lib/openvas/users/$login ];
then
gettext "This login already exists. Choose another one."; echo
else
@@ -284,9 +284,9 @@
#echo "$login:$password" > $TMPDIR/adduser.$$
-chmod 0700 "$localstatedir/openvas/"
-mkdir -p "$localstatedir/openvas/users/$login"
-chmod 0700 "$localstatedir/openvas/users/$login"
+chmod 0700 "$localstatedir/lib/openvas/"
+mkdir -p "$localstatedir/lib/openvas/users/$login"
+chmod 0700 "$localstatedir/lib/openvas/users/$login"
@@ -297,10 +297,16 @@
# Create the auth. dir, which contains the user rules,
# password, and plugin acl
#
-mkdir -p "$localstatedir/openvas/users/$login/auth"
-chmod 0700 "$localstatedir/openvas/users/$login/auth"
+mkdir -p "$localstatedir/lib/openvas/users/$login/auth"
+chmod 0700 "$localstatedir/lib/openvas/users/$login/auth"
+#
+# Create the plugins dir, which contains the user plugins
+#
+mkdir -p "$localstatedir/lib/openvas/users/$login/plugins"
+chmod 0700 "$localstatedir/lib/openvas/users/$login/plugins"
+
if [ "$auth" = "pass" ]; then
if [ "$MD5CMD" ]; then
test -c /dev/urandom &&
@@ -309,17 +315,17 @@
}
SEED=`(echo $SEED; date; df; ls -l; echo $URANDOM) | $MD5CMD | awk '{print $1}'`
H=`echo $Xn $SEED$password$Xc | $MD5CMD | awk '{print $1}'`
- echo $H $SEED > "$localstatedir/openvas/users/$login/auth/hash"
+ echo $H $SEED > "$localstatedir/lib/openvas/users/$login/auth/hash"
else
- echo "$password" > "$localstatedir/openvas/users/$login/auth/password"
+ echo "$password" > "$localstatedir/lib/openvas/users/$login/auth/password"
fi
elif [ "$auth" = "cert" ]; then
- echo "$dn" > "$localstatedir/openvas/users/$login/auth/dname"
+ echo "$dn" > "$localstatedir/lib/openvas/users/$login/auth/dname"
fi
-cp $tmpAddUserFile "$localstatedir/openvas/users/$login/auth/rules"
+cp $tmpAddUserFile "$localstatedir/lib/openvas/users/$login/auth/rules"
Modified: branches/openvas-server-1-0/openvas-mkcert-client.in
===================================================================
--- branches/openvas-server-1-0/openvas-mkcert-client.in 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/openvas-mkcert-client.in 2008-08-22 12:57:33 UTC (rev 1205)
@@ -40,7 +40,7 @@
prefix=@prefix@
datadir=@datadir@
sysconfdir=@sysconfdir@
-localstatedir=@localstatedir@/lib
+localstatedir=@localstatedir@
sharedstatedir=@sharedstatedir@
sbindir=@exec_prefix@/sbin
bindir=@exec_prefix@/bin
@@ -134,8 +134,8 @@
-OPENVASPRIV="$localstatedir/openvas/CA"
-OPENVASPUB="$sharedstatedir/openvas/CA"
+OPENVASPRIV="@OPENVAS_STATEDIR@/private/CA"
+OPENVASPUB="@OPENVAS_SHAREDSTATEDIR@/CA"
while [ ! -d "$OPENVASPRIV" ]; do
gettext "OpenVAS server 'private' directory: "
@@ -150,6 +150,8 @@
CAKEY=$OPENVASPRIV/cakey.pem
CACERT=$OPENVASPUB/cacert.pem
+[ -r "$CAKEY" ] || echo "WARN: $CAKEY is not readable, this script will not be able to find the server certificate (hint: are you root?)"
+
while [ ! -f "$CAKEY" ]; do
eval_gettext "\$CAKEY: not found or not a file."
gettext "OpenVAS CA private key: "
@@ -175,7 +177,7 @@
done
if [ "$R" = `gettext "y"` ]; then
- USERSDIR=$localstatedir/openvas/users
+ USERSDIR=$localstatedir/lib/openvas/users
while [ ! -d "$USERSDIR" ]; do
eval_gettext "\$USERSDIR: not a directory."; echo
gettext "Users directory? "
Modified: branches/openvas-server-1-0/openvas-mkcert.in
===================================================================
--- branches/openvas-server-1-0/openvas-mkcert.in 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/openvas-mkcert.in 2008-08-22 12:57:33 UTC (rev 1205)
@@ -131,8 +131,8 @@
exit 1
esac
-OPENVASPRIV="$localstatedir/openvas/CA"
-OPENVASPUB="$sharedstatedir/openvas/CA"
+OPENVASPRIV="@OPENVASD_STATEDIR@/private/CA"
+OPENVASPUB="@OPENVASD_SHAREDSTATEDIR@/CA"
if [ ! -d "$OPENVASPRIV" ]; then
mkdir -p "$OPENVASPRIV"
chmod 0700 "$OPENVASPRIV"
Modified: branches/openvas-server-1-0/openvas-rmuser.in
===================================================================
--- branches/openvas-server-1-0/openvas-rmuser.in 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/openvas-rmuser.in 2008-08-22 12:57:33 UTC (rev 1205)
@@ -38,7 +38,7 @@
datadir=@datadir@
sysconfdir=@sysconfdir@
sharedstatedir=@sharedstatedir@
-localstatedir=@localstatedir@/lib
+localstatedir=@localstatedir@
libdir=@libdir@
includedir=@includedir@
oldincludedir=@oldincludedir@
@@ -100,10 +100,12 @@
exit 1
}
-if [ -d "$localstatedir/openvas/users/$login" ];
+if [ -d "$localstatedir/lib/openvas/users/$login" ];
then
- rm -rf "$localstatedir/openvas/users/$login"
+ rm -rf "$localstatedir/lib/openvas/users/$login"
gettext "user removed."; echo
else
gettext "user does not exist"; echo
fi
+
+exit 0
Modified: branches/openvas-server-1-0/openvasd/Makefile
===================================================================
--- branches/openvas-server-1-0/openvasd/Makefile 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/openvasd/Makefile 2008-08-22 12:57:33 UTC (rev 1205)
@@ -5,7 +5,7 @@
$(DL_LIB) \
$(COMPAT_LIB) $(LIBWRAP) \
$(RUN_LIBS)
-OPENVAS_INCLUDE=$(NESSUS_OPENVAS_CFLAGS) $(include) $(DEFS)
+OPENVAS_INCLUDE=$(include) $(DEFS)
OBJS = auth.o \
attack.o \
comm.o \
Modified: branches/openvas-server-1-0/openvasd/pluginscheduler.c
===================================================================
--- branches/openvas-server-1-0/openvasd/pluginscheduler.c 2008-08-22 12:48:25 UTC (rev 1204)
+++ branches/openvas-server-1-0/openvasd/pluginscheduler.c 2008-08-22 12:57:33 UTC (rev 1205)
@@ -223,10 +223,6 @@
}
efree(&h->dependencies_ptr);
- arg_free_all(h->plugin->required_ports);
- arg_free_all(h->plugin->required_udp_ports);
- arg_free_all(h->plugin->required_keys);
- arg_free_all(h->plugin->excluded_keys);
efree(&h->plugin);
if( h->ports != NULL )
More information about the Openvas-commits
mailing list