[Openvas-commits] r3100 - in trunk/openvas-libraries: . libopenvas

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Apr 14 14:55:03 CEST 2009 

Author: mwiegand
Date: 2009-04-14 14:55:03 +0200 (Tue, 14 Apr 2009)
New Revision: 3100

Added:
   trunk/openvas-libraries/libopenvas/openvas_server.c
   trunk/openvas-libraries/libopenvas/openvas_server.h
Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/MANIFEST
   trunk/openvas-libraries/Makefile
   trunk/openvas-libraries/libopenvas/Makefile
Log:
Added a new library for GnuTLS based communication, based on work done
by Matthew Mundell for the openvas-manager module.

* libopenvas/openvas_server.c: New. Contains an initial set of functions
for GnuTLS based communication.

* libopenvas/openvas_server.h: New. Header file for the new
functionality.

* libopenvas/Makefile: Updated.

* Makefile: Updated.

* MANIFEST: Updated.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2009-04-14 10:57:57 UTC (rev 3099)
+++ trunk/openvas-libraries/ChangeLog	2009-04-14 12:55:03 UTC (rev 3100)
@@ -1,3 +1,20 @@
+2009-04-14  Michael Wiegand <michael.wiegand at intevation.de>
+
+	Added a new library for GnuTLS based communication, based on work done
+	by Matthew Mundell for the openvas-manager module.
+
+	* libopenvas/openvas_server.c: New. Contains an initial set of function
+	for GnuTLS based communication.
+
+	* libopenvas/openvas_server.h: New. Header file for the new
+	functionality.
+
+	* libopenvas/Makefile: Updated.
+
+	* Makefile: Updated.
+
+	* MANIFEST: Updated.
+
 2009-04-02  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
 
 	* libopenvas/plugutils.c (mark_post): Fixed a probably unintended

Modified: trunk/openvas-libraries/MANIFEST
===================================================================
--- trunk/openvas-libraries/MANIFEST	2009-04-14 10:57:57 UTC (rev 3099)
+++ trunk/openvas-libraries/MANIFEST	2009-04-14 12:55:03 UTC (rev 3100)
@@ -59,6 +59,8 @@
 libopenvas/ntp.h
 libopenvas/openvas_ssh_login.c
 libopenvas/openvas_ssh_login.h
+libopenvas/openvas_server.c
+libopenvas/openvas_server.h
 libopenvas/pcap.c
 libopenvas/pcap_openvas.h
 libopenvas/plugutils.c

Modified: trunk/openvas-libraries/Makefile
===================================================================
--- trunk/openvas-libraries/Makefile	2009-04-14 10:57:57 UTC (rev 3099)
+++ trunk/openvas-libraries/Makefile	2009-04-14 12:55:03 UTC (rev 3100)
@@ -61,6 +61,7 @@
 	$(INSTALL) -m 0444 libopenvas/rand.h $(DESTDIR)${includedir}/openvas
 	$(INSTALL) -m 0444 libopenvas/resolve.h $(DESTDIR)${includedir}/openvas
 	$(INSTALL) -m 0444 libopenvas/openvas_ssh_login.h $(DESTDIR)${includedir}/openvas
+	$(INSTALL) -m 0444 libopenvas/openvas_server.h $(DESTDIR)${includedir}/openvas
 	$(INSTALL) -m 0444 libopenvas/scanners_utils.h $(DESTDIR)${includedir}/openvas
 	$(INSTALL) -m 0444 libopenvas/services1.h $(DESTDIR)${includedir}/openvas
 	$(INSTALL) -m 0444 libopenvas/share_fd.h $(DESTDIR)${includedir}/openvas

Modified: trunk/openvas-libraries/libopenvas/Makefile
===================================================================
--- trunk/openvas-libraries/libopenvas/Makefile	2009-04-14 10:57:57 UTC (rev 3099)
+++ trunk/openvas-libraries/libopenvas/Makefile	2009-04-14 12:55:03 UTC (rev 3100)
@@ -28,17 +28,17 @@
 
 OBJS = plugutils.o system.o network.o resolve.o arglists.o ftp_funcs.o \
 	scanners_utils.o pcap.o hlst.o  harglists.o \
-        www_funcs.o ids_send.o rand.o popen.o \
+	www_funcs.o ids_send.o rand.o popen.o \
 	bpf_share.o rand.o popen.o services.o services1.o \
 	proctitle.o store.o kb.o share_fd.o hash_table_file.o \
-	openvas_ssh_login.o
+	openvas_ssh_login.o openvas_server.o
 	
 LO_OBJS = plugutils.lo system.lo network.lo resolve.lo arglists.lo \
 	ftp_funcs.lo scanners_utils.lo pcap.lo hlst.lo  harglists.lo \
 	www_funcs.lo ids_send.lo \
 	rand.lo popen.lo bpf_share.lo services.lo services1.lo \
 	proctitle.lo store.lo kb.lo share_fd.lo hash_table_file.lo \
-	openvas_ssh_login.lo
+	openvas_ssh_login.lo openvas_server.lo
 
 # += does not work with non-GNU make ...
 # CFLAGS+=-I../$(CIPHER_SUBDIR)
@@ -122,6 +122,9 @@
 openvas_ssh_login.o: openvas_ssh_login.c openvas_ssh_login.h
 	$(COMPILE) -c openvas_ssh_login.c
 
+openvas_server.o: openvas_server.c openvas_server.h
+	$(COMPILE) -c openvas_server.c
+
 libopenvas.la: $(OBJS)
 	$(LINK) -o libopenvas.la $(LO_OBJS) $(LIBS) -rpath ${libdir} \
 	-version-info ${PACKAGE_VERSION}

Added: trunk/openvas-libraries/libopenvas/openvas_server.c
===================================================================
--- trunk/openvas-libraries/libopenvas/openvas_server.c	2009-04-14 10:57:57 UTC (rev 3099)
+++ trunk/openvas-libraries/libopenvas/openvas_server.c	2009-04-14 12:55:03 UTC (rev 3100)
@@ -0,0 +1,262 @@
+/**
+ * GnuTLS based functions for communication with an OpenVAS server.
+ * Copyright (C) 2009  Greenbone Networks GmbH
+ *
+ * Authors:
+ * Matthew Mundell <matt at mundell.ukfsn.org>
+ * Michael Wiegand <michael.wiegand at greenbone.net>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+ * USA.
+ */
+
+/**
+ * @file openvas_server.c
+ * @brief GnuTLS based functions for communication with an OpenVAS server.
+ *
+ * \todo TODO: More documentation
+ */
+
+#include <glib.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+
+#include "openvas_server.h"
+
+/**
+ * @brief Server address.
+ */
+struct sockaddr_in address;
+
+/**
+ * @brief Connect to the server using a given host and port.
+ *
+ * @param[in]  session  Pointer to GNUTLS session.
+ * @param[in]  host     Host to connect to.
+ * @param[in]  port     Port to connect to.
+ *
+ * @return 0 on success, -1 on error.
+ */
+int
+openvas_connect_to_server (gnutls_session_t * session,
+                           char *host, int port)
+{
+  // TODO: Ensure that host and port have sane values.
+  // TODO: Improve logging.
+
+  /* Initialize security library. */
+
+  int ret = gnutls_global_init();
+  if (ret < 0)
+    {
+      g_message ("Failed to initialize GNUTLS.\n");
+      return -1;
+    }
+
+  /* Setup address. */
+
+  address.sin_family = AF_INET;
+
+  address.sin_port = htons (port);
+
+  if (!inet_aton(host, &address.sin_addr))
+    {
+      g_message ("Failed to create server address %s.\n",
+                 host);
+      return -1;
+    }
+
+  g_message ("Set to connect to address %s port %i\n",
+             host,
+             ntohs (address.sin_port));
+
+  /* Make server socket. */
+
+  int server_socket = socket (PF_INET, SOCK_STREAM, 0);
+  if (server_socket == -1)
+    {
+      g_message ("Failed to create server socket");
+      return -1;
+    }
+
+  /* Setup server session. */
+
+  gnutls_certificate_credentials_t credentials;
+  if (gnutls_certificate_allocate_credentials (&credentials))
+    {
+      g_message ("Failed to allocate server credentials.\n");
+      goto close_fail;
+    }
+
+  if (gnutls_init (session, GNUTLS_CLIENT))
+    {
+      g_message ("Failed to initialise server session.\n");
+      goto server_free_fail;
+    }
+
+  if (gnutls_set_default_priority (*session))
+    {
+      g_message ("Failed to set server session priority.\n");
+      goto server_fail;
+    }
+
+  const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+                              GNUTLS_KX_RSA,
+                              GNUTLS_KX_DHE_DSS,
+                              0 };
+  if (gnutls_kx_set_priority (*session, kx_priority))
+    {
+      g_message ("Failed to set server key exchange priority.\n");
+      goto server_fail;
+    }
+
+  if (gnutls_credentials_set (*session,
+                              GNUTLS_CRD_CERTIFICATE,
+                              credentials))
+    {
+      g_message ("Failed to set server credentials.\n");
+      goto server_fail;
+    }
+
+  /* Connect to server. */
+
+  if (connect (server_socket,
+               (struct sockaddr *) &address,
+               sizeof (struct sockaddr_in))
+      == -1)
+    {
+      g_message ("Failed to connect to server");
+      return -1;
+    }
+
+  g_message ("connected to server\n");
+
+  /* Complete setup of server session. */
+
+  gnutls_transport_set_ptr (*session,
+                            (gnutls_transport_ptr_t) server_socket);
+
+  while (1)
+    {
+      int ret = gnutls_handshake (*session);
+      if (ret >= 0)
+        break;
+      if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
+        continue;
+      g_message ("Failed to shake hands with server.\n");
+      gnutls_perror (ret);
+      if (shutdown (server_socket, SHUT_RDWR) == -1)
+        g_message ("Failed to shutdown server socket");
+      goto server_fail;
+    }
+  g_message ("Shook hands with server.\n");
+
+  return server_socket;
+
+ server_fail:
+  gnutls_deinit (*session);
+
+ server_free_fail:
+  gnutls_certificate_free_credentials (credentials);
+
+ close_fail:
+  close (server_socket);
+
+  return -1;
+}
+
+/**
+ * @brief Connect to the server.
+ *
+ * @param[in]  socket   Socket connected to server (from \ref connect_to_server).
+ * @param[in]  session  GNUTLS session with server.
+ *
+ * @return 0 on success, -1 on error.
+ */
+int
+openvas_close_server_connection (int socket, gnutls_session_t session)
+{
+  /* Turn off blocking. */
+  if (fcntl (socket, F_SETFL, O_NONBLOCK) == -1) return -1;
+
+  gnutls_bye (session, GNUTLS_SHUT_RDWR);
+  close (socket);
+  return 0;
+}
+
+/**
+ * @brief Send a string to the server.
+ *
+ * @param[in]  session  Pointer to GNUTLS session.
+ * @param[in]  string   String to send.
+ *
+ * @return 0 on success, -1 on error.
+ */
+int
+openvas_send_to_server (gnutls_session_t* session, const char* string)
+{
+  size_t left = strlen (string);
+  while (left)
+    {
+      ssize_t count;
+      g_message ("send %i from %.*s[...]\n", left, left < 30 ? left : 30, string);
+      count = gnutls_record_send (*session, string, left);
+      if (count < 0)
+        {
+          if (count == GNUTLS_E_INTERRUPTED)
+            /* Interrupted, try write again. */
+            continue;
+          if (count == GNUTLS_E_REHANDSHAKE)
+            {
+              /* \todo Rehandshake. */
+              g_message ("send_to_server rehandshake\n");
+              continue;
+            }
+          g_message ("Failed to write to server.\n");
+          gnutls_perror (count);
+          return -1;
+        }
+      g_message ("=> %.*s\n", count, string);
+      string += count;
+      left -= count;
+    }
+  g_message ("=> done\n");
+
+  return 0;
+}
+
+/**
+ * @brief Format and send a string to the server.
+ *
+ * @param[in]  session  Pointer to GNUTLS session.
+ * @param[in]  format   printf-style format string for message.
+ *
+ * @return 0 on success, -1 on error.
+ */
+int
+openvas_sendf_to_server (gnutls_session_t* session, const char* format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  gchar* msg = g_strdup_vprintf (format, args);
+  int ret = openvas_send_to_server (session, msg);
+  g_free (msg);
+  va_end (args);
+  return ret;
+}
+
+

Added: trunk/openvas-libraries/libopenvas/openvas_server.h
===================================================================
--- trunk/openvas-libraries/libopenvas/openvas_server.h	2009-04-14 10:57:57 UTC (rev 3099)
+++ trunk/openvas-libraries/libopenvas/openvas_server.h	2009-04-14 12:55:03 UTC (rev 3100)
@@ -0,0 +1,46 @@
+/**
+ * GnuTLS based functions for communication with an OpenVAS server - header.
+ * Copyright (C) 2009  Greenbone Networks GmbH
+ *
+ * Authors:
+ * Matthew Mundell <matt at mundell.ukfsn.org>
+ * Michael Wiegand <michael.wiegand at greenbone.net>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+ * USA.
+ */
+
+/**
+ * @file openvas_server.h
+ * @brief GnuTLS based functions for communication with an OpenVAS server -
+ * header file.
+ *
+ * \todo TODO: More documentation
+ */
+
+#include <glib.h>
+#include <gnutls/gnutls.h>
+
+int
+openvas_connect_to_server (gnutls_session_t *, char*, int);
+
+int
+openvas_close_server_connection (int, gnutls_session_t);
+
+int
+openvas_send_to_server (gnutls_session_t*, const char*);
+
+int
+openvas_sendf_to_server (gnutls_session_t*, const char*, ...);

More information about the Openvas-commits mailing list