Greenbone Security Assistant
7.0.0
|
Main module of Greenbone Security Assistant daemon. More...
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include <gcrypt.h>
#include <glib.h>
#include <gnutls/gnutls.h>
#include <langinfo.h>
#include <locale.h>
#include <netinet/in.h>
#include <openvas/misc/openvas_logging.h>
#include <openvas/base/openvas_file.h>
#include <openvas/base/openvas_networking.h>
#include <openvas/base/pidfile.h>
#include <openvas/omp/xml.h>
#include <openvas/misc/openvas_uuid.h>
#include <pthread.h>
#include <pwd.h>
#include <grp.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <microhttpd.h>
#include "gsad_base.h"
#include "gsad_omp.h"
#include "validator.h"
#include "xslt_i18n.h"
Go to the source code of this file.
Data Structures | |
struct | user |
User information structure, for sessions. More... | |
struct | gsad_connection_info |
Connection information. More... | |
Macros | |
#define | _GNU_SOURCE /* for strcasecmp */ |
The Glib fatal mask, redefined to leave out G_LOG_FLAG_RECURSION. More... | |
#define | G_LOG_DOMAIN "gsad main" |
GLib log domain. More... | |
#define | G_LOG_FATAL_MASK G_LOG_LEVEL_ERROR |
#define | MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE |
The symbol is deprecated, but older versions (0.9.37 - Debian jessie) don't define it yet. More... | |
#define | SID_COOKIE_NAME "GSAD_SID" |
Name of the cookie used to store the SID. More... | |
#define | DEFAULT_GSAD_HTTPS_PORT 443 |
Fallback GSAD port for HTTPS. More... | |
#define | DEFAULT_GSAD_HTTP_PORT 80 |
Fallback GSAD port for HTTP. More... | |
#define | DEFAULT_GSAD_PORT 9392 |
Fallback unprivileged GSAD port. More... | |
#define | DEFAULT_GSAD_REDIRECT_PORT 80 |
Fallback GSAD port. More... | |
#define | DEFAULT_OPENVAS_MANAGER_PORT 9390 |
Fallback Manager port. More... | |
#define | POST_BUFFER_SIZE 500000 |
Buffer size for POST processor. More... | |
#define | MAX_FILE_NAME_SIZE 128 |
Maximum length of "file name" for /help/ URLs. More... | |
#define | SESSION_TIMEOUT 15 |
Max number of minutes between activity in a session. More... | |
#define | DEFAULT_GSAD_FACE "classic" |
Default face name. More... | |
#define | DEFAULT_GSAD_X_FRAME_OPTIONS "SAMEORIGIN" |
Default value for HTTP header "X-Frame-Options". More... | |
#define | DEFAULT_GSAD_CONTENT_SECURITY_POLICY |
Default value for HTTP header "Content-Security-Policy". More... | |
#define | DEFAULT_GSAD_GUEST_CHART_X_FRAME_OPTIONS "SAMEORIGIN" |
Default value for HTTP header "X-Frame-Options" for guest charts. More... | |
#define | DEFAULT_GSAD_GUEST_CHART_CONTENT_SECURITY_POLICY |
Default guest charts value for HTTP header "Content-Security-Policy". More... | |
#define | DEFAULT_GSAD_HSTS_MAX_AGE 31536000 |
Default "max-age" for HTTP header "Strict-Transport-Security". More... | |
#define | UTF8_ERROR_PAGE(location) |
#define | USER_OK 0 |
#define | USER_BAD_TOKEN 1 |
#define | USER_EXPIRED_TOKEN 2 |
#define | USER_BAD_MISSING_COOKIE 3 |
#define | USER_BAD_MISSING_TOKEN 4 |
#define | USER_GUEST_LOGIN_FAILED 5 |
#define | USER_OMP_DOWN 6 |
#define | USER_IP_ADDRESS_MISSMATCH 7 |
#define | USER_GUEST_LOGIN_ERROR -1 |
#define | ELSE(name) |
Add else branch for an OMP operation. More... | |
#define | ELSE(name) |
Add else branch for an OMP operation. More... | |
#define | EXPIRES_LENGTH 100 |
Max length of cookie expires param. More... | |
#define | MAX_HOST_LEN 1000 |
Maximum length of the host portion of the redirect address. More... | |
#define | DATE_2822_LEN 100 |
At least maximum length of rfc2822 format date. More... | |
Typedefs | |
typedef struct user | user_t |
User information type, for sessions. More... | |
Functions | |
void | add_security_headers (struct MHD_Response *response) |
Add security headers to a MHD response. More... | |
void | add_guest_chart_content_security_headers (struct MHD_Response *response) |
Add guest chart content security headers to a MHD response. More... | |
user_t * | user_add (const gchar *username, const gchar *password, const gchar *timezone, const gchar *severity, const gchar *role, const gchar *capabilities, const gchar *language, const gchar *pw_warning, GTree *chart_prefs, const gchar *autorefresh, const char *address) |
Add a user. More... | |
int | user_find (const gchar *cookie, const gchar *token, const char *address, user_t **user_return) |
Find a user, given a token and cookie. More... | |
int | user_set_timezone (const gchar *token, const gchar *timezone) |
Set timezone of user. More... | |
int | user_set_password (const gchar *token, const gchar *password) |
Set password of user. More... | |
int | user_set_severity (const gchar *token, const gchar *severity) |
Set severity class of user. More... | |
int | user_set_language (const gchar *token, const gchar *language) |
Set language of user. More... | |
int | user_set_charts (const gchar *token, const int charts) |
Set charts setting of user. More... | |
int | user_set_chart_pref (const gchar *token, gchar *pref_id, gchar *pref_value) |
Set a chart preference of a user. More... | |
int | user_set_autorefresh (const gchar *token, const gchar *autorefresh) |
Set default autorefresh interval of user. More... | |
int | user_logout_all_sessions (const gchar *username, credentials_t *credentials) |
Logs out all sessions of a given user, except the current one. More... | |
void | user_release (user_t *user) |
Release a user_t returned by user_add or user_find. More... | |
void | user_remove (user_t *user) |
Remove a user from the session "database", releasing the user_t too. More... | |
int | token_user (const gchar *token, user_t **user_return) |
Find a user, given a token. More... | |
int | token_user_remove (const char *token) |
Remove a user from the session "database", releasing the user_t too. More... | |
void | init_validator () |
Initialise the parameter validator. More... | |
void | free_resources (void *cls, struct MHD_Connection *connection, void **con_cls, enum MHD_RequestTerminationCode toe) |
Free resources. More... | |
int | serve_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *content_type, const char *transfer_encoding, const char *data, uint64_t off, size_t size) |
Serves part of a POST request. More... | |
void | params_mhd_validate_values (const char *parent_name, void *params) |
Validate param values. More... | |
int | exec_omp_post (struct gsad_connection_info *con_info, user_t **user_return, gchar **new_sid, const char *client_address) |
Handle a complete POST request. More... | |
char * | exec_omp_get (struct MHD_Connection *connection, credentials_t *credentials, enum content_type *content_type, gchar **content_type_string, char **content_disposition, gsize *response_size, cmd_response_data_t *response_data) |
Handle a complete GET request. More... | |
int | send_response (struct MHD_Connection *connection, const char *content, int status_code, const gchar *sid, enum content_type content_type, const char *content_disposition, size_t content_length) |
Sends a HTTP response. More... | |
int | send_redirect_to_uri (struct MHD_Connection *connection, const char *uri, user_t *user) |
Sends a HTTP redirection to an uri. More... | |
int | send_redirect_to_urn (struct MHD_Connection *connection, const char *urn, user_t *user) |
Sends an HTTP redirection response to an urn. More... | |
int | redirect_handler (void *cls, struct MHD_Connection *connection, const char *url, const char *method, const char *version, const char *upload_data, size_t *upload_data_size, void **con_cls) |
HTTP request handler for GSAD. More... | |
int | handle_request (void *cls, struct MHD_Connection *connection, const char *url, const char *method, const char *version, const char *upload_data, size_t *upload_data_size, void **con_cls) |
HTTP request handler for GSAD. More... | |
int | gsad_init () |
Initialization routine for GSAD. More... | |
void | gsad_cleanup () |
Cleanup routine for GSAD. More... | |
void | handle_signal_exit (int signal) |
Handle a SIGINT signal. More... | |
int | main (int argc, char **argv) |
Main routine of Greenbone Security Assistant daemon. More... | |
Variables | |
volatile int | termination_signal = 0 |
Flag for signal handler. More... | |
GCRY_THREAD_OPTION_PTHREAD_IMPL | |
Libgcrypt thread callback definition for libgcrypt < 1.6.0. More... | |
const char * | NOT_FOUND_TITLE = "Invalid request" |
Title for "Page not found" messages. More... | |
const char * | NOT_FOUND_MESSAGE = "The requested page or file does not exist." |
Main message for "Page not found" messages. More... | |
const char * | ERROR_PAGE = "<html><body>HTTP Method not supported</body></html>" |
Error page HTML. More... | |
char * | BAD_REQUEST_PAGE |
Bad request error HTML. More... | |
char * | SERVER_ERROR |
Server error HTML. More... | |
struct MHD_Daemon * | gsad_daemon |
The handle on the embedded HTTP daemon. More... | |
struct sockaddr_storage | address |
The IP address of this program, "the GSAD". More... | |
gchar * | redirect_location = NULL |
Location for redirection server. More... | |
pid_t | redirect_pid = 0 |
PID of redirect child in parent, 0 in child. More... | |
pid_t | unix_pid = 0 |
PID of unix socket child in parent, 0 in child. More... | |
int | unix_socket = 0 |
Unix socket to listen on. More... | |
GSList * | log_config = NULL |
Logging parameters, as passed to setup_log_handlers. More... | |
int | use_secure_cookie = 1 |
Whether to use a secure cookie. More... | |
int | session_timeout |
Maximum number of minutes of user idle time. More... | |
gchar * | guest_username = NULL |
Guest username. More... | |
gchar * | guest_password = NULL |
Guest password. More... | |
GPtrArray * | users = NULL |
User session data. More... | |
gchar * | http_x_frame_options |
Current value for HTTP header "X-Frame-Options". More... | |
gchar * | http_content_security_policy |
Current value for HTTP header "Content-Security-Policy". More... | |
gchar * | http_guest_chart_x_frame_options |
Current guest chart specific value for HTTP header "X-Frame-Options". More... | |
gchar * | http_guest_chart_content_security_policy |
Current guest chart value for HTTP header "Content-Security-Policy". More... | |
gchar * | http_strict_transport_security |
Current value of for HTTP header "Strict-Transport-Security". More... | |
gboolean | ignore_http_x_real_ip |
Current preference for using X_Real_IP from HTTP header. More... | |
int | chroot_state = 0 |
Whether chroot is used. More... | |
validator_t | validator |
Parameter validator. More... | |
Main module of Greenbone Security Assistant daemon.
This file contains the core of the GSA server process that handles HTTPS requests and communicates with OpenVAS-Manager via the OMP protocol.
Definition in file gsad.c.
#define _GNU_SOURCE /* for strcasecmp */ |
#define DATE_2822_LEN 100 |
#define DEFAULT_GSAD_CONTENT_SECURITY_POLICY |
#define DEFAULT_GSAD_FACE "classic" |
#define DEFAULT_GSAD_GUEST_CHART_CONTENT_SECURITY_POLICY |
#define DEFAULT_GSAD_GUEST_CHART_X_FRAME_OPTIONS "SAMEORIGIN" |
#define DEFAULT_GSAD_HSTS_MAX_AGE 31536000 |
#define DEFAULT_GSAD_HTTP_PORT 80 |
#define DEFAULT_GSAD_HTTPS_PORT 443 |
#define DEFAULT_GSAD_PORT 9392 |
#define DEFAULT_GSAD_REDIRECT_PORT 80 |
#define DEFAULT_GSAD_X_FRAME_OPTIONS "SAMEORIGIN" |
#define DEFAULT_OPENVAS_MANAGER_PORT 9390 |
#define ELSE | ( | name | ) |
Add else branch for an OMP operation.
Definition at line 2828 of file gsad.c.
Referenced by exec_omp_get(), and exec_omp_post().
#define ELSE | ( | name | ) |
#define EXPIRES_LENGTH 100 |
#define G_LOG_FATAL_MASK G_LOG_LEVEL_ERROR |
#define MAX_FILE_NAME_SIZE 128 |
Maximum length of "file name" for /help/ URLs.
Definition at line 154 of file gsad.c.
Referenced by handle_request().
#define MAX_HOST_LEN 1000 |
Maximum length of the host portion of the redirect address.
Definition at line 3713 of file gsad.c.
Referenced by redirect_handler(), and send_redirect_to_urn().
#define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE |
The symbol is deprecated, but older versions (0.9.37 - Debian jessie) don't define it yet.
Definition at line 113 of file gsad.c.
Referenced by handle_request(), redirect_handler(), and send_redirect_to_urn().
#define POST_BUFFER_SIZE 500000 |
Buffer size for POST processor.
Definition at line 149 of file gsad.c.
Referenced by handle_request().
#define SESSION_TIMEOUT 15 |
#define SID_COOKIE_NAME "GSAD_SID" |
Name of the cookie used to store the SID.
Definition at line 119 of file gsad.c.
Referenced by handle_request().
#define USER_BAD_MISSING_COOKIE 3 |
Definition at line 480 of file gsad.c.
Referenced by exec_omp_post(), handle_request(), and user_find().
#define USER_BAD_MISSING_TOKEN 4 |
Definition at line 481 of file gsad.c.
Referenced by handle_request(), and user_find().
#define USER_BAD_TOKEN 1 |
Definition at line 478 of file gsad.c.
Referenced by exec_omp_post(), and handle_request().
#define USER_EXPIRED_TOKEN 2 |
Definition at line 479 of file gsad.c.
Referenced by exec_omp_post(), handle_request(), and user_find().
#define USER_GUEST_LOGIN_ERROR -1 |
Definition at line 485 of file gsad.c.
Referenced by exec_omp_post(), handle_request(), and user_find().
#define USER_GUEST_LOGIN_FAILED 5 |
Definition at line 482 of file gsad.c.
Referenced by exec_omp_post(), handle_request(), and user_find().
#define USER_IP_ADDRESS_MISSMATCH 7 |
Definition at line 484 of file gsad.c.
Referenced by exec_omp_post(), handle_request(), and user_find().
#define USER_OK 0 |
Definition at line 477 of file gsad.c.
Referenced by user_find().
#define USER_OMP_DOWN 6 |
Definition at line 483 of file gsad.c.
Referenced by exec_omp_post(), handle_request(), and user_find().
#define UTF8_ERROR_PAGE | ( | location | ) |
Definition at line 241 of file gsad.c.
Referenced by handle_request(), redirect_handler(), and send_redirect_to_urn().
void add_guest_chart_content_security_headers | ( | struct MHD_Response * | response | ) |
Add guest chart content security headers to a MHD response.
Definition at line 367 of file gsad.c.
References http_content_security_policy, http_guest_chart_content_security_policy, http_guest_chart_x_frame_options, and http_x_frame_options.
Referenced by handle_request().
void add_security_headers | ( | struct MHD_Response * | response | ) |
Add security headers to a MHD response.
Definition at line 350 of file gsad.c.
References http_content_security_policy, http_strict_transport_security, and http_x_frame_options.
Referenced by handle_request(), send_redirect_to_uri(), and send_response().
char* exec_omp_get | ( | struct MHD_Connection * | connection, |
credentials_t * | credentials, | ||
enum content_type * | content_type, | ||
gchar ** | content_type_string, | ||
char ** | content_disposition, | ||
gsize * | response_size, | ||
cmd_response_data_t * | response_data | ||
) |
Handle a complete GET request.
After some input checking, depending on the cmd parameter of the connection, issue an omp command (via *_omp functions).
[in] | connection | Connection. |
[in] | credentials | User credentials. |
[out] | content_type | Return location for the content type of the response. |
[out] | content_type_string | Return location for dynamic content type. |
[out] | content_disposition | Return location for the content_disposition, if any. |
[out] | response_size | Return location for response size, if any. |
[in] | response_data | Response data. Return info is written into here. |
Definition at line 2852 of file gsad.c.
References credentials_t::charts, credentials_t::cmd_start, cvss_calculator(), dashboard(), download_agent_omp(), download_ca_pub(), download_credential_omp(), download_key_pub(), download_ssl_cert(), edit_agent(), edit_alert(), edit_asset(), edit_filter(), edit_group(), edit_note(), edit_override(), edit_permission(), edit_scanner(), edit_schedule(), edit_tag(), edit_target(), edit_user(), ELSE, export_agent_omp(), export_agents_omp(), export_alert_omp(), export_alerts_omp(), export_asset_omp(), export_assets_omp(), export_config_omp(), export_configs_omp(), export_credential_omp(), export_credentials_omp(), export_filter_omp(), export_filters_omp(), export_group_omp(), export_groups_omp(), export_note_omp(), export_notes_omp(), export_omp_doc_omp(), export_override_omp(), export_overrides_omp(), export_permission_omp(), export_permissions_omp(), export_port_list_omp(), export_port_lists_omp(), export_preference_file_omp(), export_report_format_omp(), export_report_formats_omp(), export_result_omp(), export_results_omp(), export_role_omp(), export_roles_omp(), export_scanner_omp(), export_scanners_omp(), export_schedule_omp(), export_schedules_omp(), export_tag_omp(), export_tags_omp(), export_target_omp(), export_targets_omp(), export_task_omp(), export_tasks_omp(), export_user_omp(), export_users_omp(), get_info(), get_report_omp(), GSAD_CONTENT_TYPE_APP_KEY, GSAD_CONTENT_TYPE_DONE, GSAD_CONTENT_TYPE_OCTET_STREAM, gsad_message(), cmd_response_data_t::http_status_code, new_filter_omp(), new_note(), new_override(), new_permission(), new_permissions(), openvas_validate(), credentials_t::params, gsad_connection_info::params, params_given(), params_new(), params_t, params_value(), credentials_t::timezone, credentials_t::token, user_set_charts(), and validator.
Referenced by handle_request().
int exec_omp_post | ( | struct gsad_connection_info * | con_info, |
user_t ** | user_return, | ||
gchar ** | new_sid, | ||
const char * | client_address | ||
) |
Handle a complete POST request.
Ensures there is a command, then depending on the command validates parameters and calls the appropriate OMP function (like create_task_omp).
[in] | con_info | Connection info. |
[out] | user_return | User after successful login. |
[out] | new_sid | SID when appropriate to attach. |
[out] | client_address | Client address. |
Definition at line 2168 of file gsad.c.
References gsad_connection_info::answercode, authenticate_omp(), credentials_t::caller, cmd_response_data_init(), cmd_response_data_reset(), credentials_t::cmd_start, gsad_connection_info::content_disposition, gsad_connection_info::content_length, gsad_connection_info::content_type, user::cookie, gsad_connection_info::cookie, ctime_r_strip_newline(), DEFAULT_GSAD_LANGUAGE, ELSE, get_report_section_omp(), gsad_message(), guest_username, cmd_response_data_t::http_status_code, user::language, gsad_connection_info::language, login_xml(), credentials_t::params, gsad_connection_info::params, params_given(), params_original_value(), params_value(), process_bulk_omp(), cmd_response_data_t::redirect, gsad_connection_info::redirect, gsad_connection_info::response, save_chart_preference_omp(), save_my_settings_omp(), save_user_omp(), credentials_t::timezone, credentials_t::token, user_add(), USER_BAD_MISSING_COOKIE, USER_BAD_TOKEN, USER_EXPIRED_TOKEN, user_find(), USER_GUEST_LOGIN_ERROR, USER_GUEST_LOGIN_FAILED, USER_IP_ADDRESS_MISSMATCH, user_logout_all_sessions(), USER_OMP_DOWN, user_release(), user_set_chart_pref(), user_set_language(), user_set_password(), user_set_severity(), user_set_timezone(), credentials_t::username, and xsl_transform().
Referenced by handle_request().
void free_resources | ( | void * | cls, |
struct MHD_Connection * | connection, | ||
void ** | con_cls, | ||
enum MHD_RequestTerminationCode | toe | ||
) |
Free resources.
Used as free callback for HTTP daemon.
[in] | cls | Dummy parameter. |
[in] | connection | Connection. |
[in] | con_cls | Connection information. |
[in] | toe | Dummy parameter. |
Definition at line 1735 of file gsad.c.
References gsad_connection_info::connectiontype, gsad_connection_info::content_disposition, gsad_connection_info::cookie, gsad_connection_info::language, gsad_connection_info::params, params_free(), and gsad_connection_info::postprocessor.
void gsad_cleanup | ( | ) |
Cleanup routine for GSAD.
This routine will stop the http server, free log resources and remove the pidfile.
Definition at line 5376 of file gsad.c.
References gsad_base_cleanup(), gsad_daemon, log_config, redirect_pid, and unix_pid.
Referenced by main().
int gsad_init | ( | ) |
Initialization routine for GSAD.
This routine checks for required files and initializes the gcrypt library.
Definition at line 5301 of file gsad.c.
References init_validator(), and users.
Referenced by main().
int handle_request | ( | void * | cls, |
struct MHD_Connection * | connection, | ||
const char * | url, | ||
const char * | method, | ||
const char * | version, | ||
const char * | upload_data, | ||
size_t * | upload_data_size, | ||
void ** | con_cls | ||
) |
HTTP request handler for GSAD.
This routine is an MHD_AccessHandlerCallback, the request handler for microhttpd.
[in] | cls | Not used for this callback. |
[in] | connection | Connection handle, e.g. used to send response. |
[in] | url | The URL requested. |
[in] | method | "GET" or "POST", others are disregarded. |
[in] | version | Not used for this callback. |
[in] | upload_data | Data used for POST requests. |
[in] | upload_data_size | Size of upload_data. |
[out] | con_cls | For exchange of connection-related data (here a struct gsad_connection_info). |
Definition at line 4174 of file gsad.c.
References accept_language_to_env_fmt(), add_guest_chart_content_security_headers(), add_security_headers(), gsad_connection_info::answercode, BAD_REQUEST_PAGE, credentials_t::caller, credentials_t::capabilities, credentials_t::charts, credentials_t::client_address, cmd_response_data_init(), cmd_response_data_reset(), gsad_connection_info::connectiontype, gsad_connection_info::content_disposition, gsad_connection_info::content_length, gsad_connection_info::content_type, user::cookie, gsad_connection_info::cookie, ctime_r_strip_newline(), ERROR_PAGE, exec_omp_get(), exec_omp_post(), get_system_report_omp(), GSAD_CONTENT_TYPE_APP_XML, GSAD_CONTENT_TYPE_TEXT_HTML, gsad_message(), credentials_t::guest, guest_password, guest_username, cmd_response_data_t::http_status_code, credentials_t::language, user::language, gsad_connection_info::language, login_xml(), MAX_FILE_NAME_SIZE, MHD_HTTP_NOT_ACCEPTABLE, NOT_FOUND_MESSAGE, NOT_FOUND_TITLE, openvas_validate(), credentials_t::params, gsad_connection_info::params, params_new(), params_t, params_value(), POST_BUFFER_SIZE, gsad_connection_info::postprocessor, gsad_connection_info::redirect, gsad_connection_info::response, credentials_t::role, send_redirect_to_uri(), send_redirect_to_urn(), send_response(), serve_post(), SID_COOKIE_NAME, credentials_t::token, user::token, USER_BAD_MISSING_COOKIE, USER_BAD_MISSING_TOKEN, USER_BAD_TOKEN, USER_EXPIRED_TOKEN, user_find(), USER_GUEST_LOGIN_ERROR, USER_GUEST_LOGIN_FAILED, USER_IP_ADDRESS_MISSMATCH, USER_OMP_DOWN, user_release(), user_remove(), credentials_t::username, UTF8_ERROR_PAGE, validator, vendor_version_get(), xsl_transform(), and xsl_transform_with_stylesheet().
Referenced by main().
void handle_signal_exit | ( | int | signal | ) |
Handle a SIGINT signal.
[in] | signal | The signal that caused this function to run. |
Definition at line 5396 of file gsad.c.
References termination_signal.
void init_validator | ( | ) |
Initialise the parameter validator.
Definition at line 963 of file gsad.c.
References openvas_validator_add(), openvas_validator_alias(), openvas_validator_new(), and validator.
Referenced by gsad_init().
int main | ( | int | argc, |
char ** | argv | ||
) |
Main routine of Greenbone Security Assistant daemon.
[in] | argc | Argument counter |
[in] | argv | Argument vector |
Definition at line 5603 of file gsad.c.
References DEFAULT_GSAD_CONTENT_SECURITY_POLICY, DEFAULT_GSAD_FACE, DEFAULT_GSAD_GUEST_CHART_CONTENT_SECURITY_POLICY, DEFAULT_GSAD_GUEST_CHART_X_FRAME_OPTIONS, DEFAULT_GSAD_HSTS_MAX_AGE, DEFAULT_GSAD_HTTP_PORT, DEFAULT_GSAD_HTTPS_PORT, DEFAULT_GSAD_PORT, DEFAULT_GSAD_REDIRECT_PORT, DEFAULT_GSAD_X_FRAME_OPTIONS, DEFAULT_OPENVAS_MANAGER_PORT, G_LOG_FATAL_MASK, gsad_base_init(), gsad_cleanup(), gsad_daemon, gsad_init(), guest_password, guest_username, handle_request(), http_content_security_policy, http_guest_chart_content_security_policy, http_guest_chart_x_frame_options, http_strict_transport_security, http_x_frame_options, ignore_http_x_real_ip, init_language_lists(), label_name_set(), log_config, omp_init(), redirect_handler(), redirect_location, redirect_pid, SESSION_TIMEOUT, session_timeout, set_ext_gettext_enabled(), termination_signal, unix_pid, use_secure_cookie, and vendor_version_set().
void params_mhd_validate_values | ( | const char * | parent_name, |
void * | params | ||
) |
Validate param values.
[in] | parent_name | Name of the parent param. |
[in] | params | Values. |
Definition at line 1958 of file gsad.c.
References openvas_validate(), openvas_validator_alias_for(), param::original_value, params_iterator_init, params_iterator_next(), params_iterator_t, param::valid, param::valid_utf8, validator, param::value, and param::value_size.
int redirect_handler | ( | void * | cls, |
struct MHD_Connection * | connection, | ||
const char * | url, | ||
const char * | method, | ||
const char * | version, | ||
const char * | upload_data, | ||
size_t * | upload_data_size, | ||
void ** | con_cls | ||
) |
HTTP request handler for GSAD.
This routine is an MHD_AccessHandlerCallback, the request handler for microhttpd.
[in] | cls | Not used for this callback. |
[in] | connection | Connection handle, e.g. used to send response. |
[in] | url | The URL requested. |
[in] | method | "GET" or "POST", others are disregarded. |
[in] | version | Not used for this callback. |
[in] | upload_data | Data used for POST requests. |
[in] | upload_data_size | Size of upload_data. |
[out] | con_cls | For exchange of connection-related data (here a struct gsad_connection_info). |
Definition at line 3790 of file gsad.c.
References gsad_connection_info::connectiontype, ERROR_PAGE, GSAD_CONTENT_TYPE_TEXT_HTML, MAX_HOST_LEN, MHD_HTTP_NOT_ACCEPTABLE, gsad_connection_info::params, params_new(), redirect_location, send_redirect_to_uri(), send_response(), and UTF8_ERROR_PAGE.
Referenced by main().
int send_redirect_to_uri | ( | struct MHD_Connection * | connection, |
const char * | uri, | ||
user_t * | user | ||
) |
Sends a HTTP redirection to an uri.
[in] | connection | The connection handle. |
[in] | uri | The full URI to redirect to. |
[in] | user | User to add cookie for, or NULL. |
Definition at line 3656 of file gsad.c.
References add_security_headers(), and user::cookie.
Referenced by handle_request(), redirect_handler(), and send_redirect_to_urn().
int send_redirect_to_urn | ( | struct MHD_Connection * | connection, |
const char * | urn, | ||
user_t * | user | ||
) |
Sends an HTTP redirection response to an urn.
[in] | connection | The connection handle. |
[in] | urn | The full urn to redirect to. |
[in] | user | User to add cookie for, or NULL. |
Definition at line 3725 of file gsad.c.
References BAD_REQUEST_PAGE, GSAD_CONTENT_TYPE_TEXT_HTML, MAX_HOST_LEN, MHD_HTTP_NOT_ACCEPTABLE, send_redirect_to_uri(), send_response(), use_secure_cookie, and UTF8_ERROR_PAGE.
Referenced by handle_request().
int send_response | ( | struct MHD_Connection * | connection, |
const char * | content, | ||
int | status_code, | ||
const gchar * | sid, | ||
enum content_type | content_type, | ||
const char * | content_disposition, | ||
size_t | content_length | ||
) |
Sends a HTTP response.
[in] | connection | The connection handle. |
[in] | content | The content. |
[in] | status_code | The HTTP status code. |
[in] | sid | Session ID, or NULL. |
[in] | content_type | The content type. |
[in] | content_disposition | The content disposition or NULL. |
[in] | content_length | Content length, 0 for strlen (content). |
Definition at line 3603 of file gsad.c.
References add_security_headers().
Referenced by handle_request(), redirect_handler(), and send_redirect_to_urn().
int serve_post | ( | void * | coninfo_cls, |
enum MHD_ValueKind | kind, | ||
const char * | key, | ||
const char * | filename, | ||
const char * | content_type, | ||
const char * | transfer_encoding, | ||
const char * | data, | ||
uint64_t | off, | ||
size_t | size | ||
) |
Serves part of a POST request.
Implements an MHD_PostDataIterator.
Called one or more times to collect the multiple parts (key/value pairs) of a POST request. Fills the params of a gsad_connection_info.
After serve_post, the connection info is free'd.
[in,out] | coninfo_cls | Connection info (a gsad_connection_info). |
[in] | kind | Type of request data (header, cookie, etc.). |
[in] | key | Name of data (name of request variable). |
[in] | filename | Name of uploaded file if any, else NULL. |
[in] | content_type | MIME type of data if known, else NULL. |
[in] | transfer_encoding | Transfer encoding if known, else NULL. |
[in] | data | Data. |
[in] | off | Offset into entire data. |
[in] | size | Size of data, in bytes. |
Definition at line 1931 of file gsad.c.
References gsad_connection_info::answercode, gsad_connection_info::params, gsad_connection_info::response, and SERVER_ERROR.
Referenced by handle_request().
int token_user | ( | const gchar * | token, |
user_t ** | user_return | ||
) |
Find a user, given a token.
If a user is returned, it's up to the caller to release the user.
[in] | token | Token request parameter. |
[out] | user_return | User. |
Definition at line 902 of file gsad.c.
References session_timeout, user::time, user::token, and users.
Referenced by token_user_remove().
int token_user_remove | ( | const char * | token | ) |
Remove a user from the session "database", releasing the user_t too.
[in] | token | User's token. |
Definition at line 944 of file gsad.c.
References token_user(), and users.
user_t* user_add | ( | const gchar * | username, |
const gchar * | password, | ||
const gchar * | timezone, | ||
const gchar * | severity, | ||
const gchar * | role, | ||
const gchar * | capabilities, | ||
const gchar * | language, | ||
const gchar * | pw_warning, | ||
GTree * | chart_prefs, | ||
const gchar * | autorefresh, | ||
const char * | address | ||
) |
Add a user.
Creates and initializes a user object with given parameters
It's up to the caller to release the returned user.
[in] | username | Name of user. |
[in] | password | Password for user. |
[in] | timezone | Timezone of user. |
[in] | severity | Severity class setting of user. |
[in] | role | Role of user. |
[in] | capabilities | Capabilities of manager. |
[in] | language | User Interface Language (language name or code) |
[in] | pw_warning | Password policy warning. |
[in] | chart_prefs | The chart preferences. |
[in] | autorefresh | The autorefresh preference. |
[in] | address | Client's IP address. |
Definition at line 433 of file gsad.c.
References user::autorefresh, user::capabilities, user::chart_prefs, user::cookie, guest_username, user::last_filt_ids, user::password, user::pw_warning, user::role, session_timeout, set_language_code(), user::severity, user::time, user::timezone, user::token, user::username, and users.
Referenced by exec_omp_post(), and user_find().
int user_find | ( | const gchar * | cookie, |
const gchar * | token, | ||
const char * | address, | ||
user_t ** | user_return | ||
) |
Find a user, given a token and cookie.
If a user is returned, it's up to the caller to release the user.
[in] | cookie | Token in cookie. |
[in] | token | Token request parameter. |
[in] | address | Client's IP address. |
[out] | user_return | User. |
Definition at line 503 of file gsad.c.
References user::address, authenticate_omp(), user::autorefresh, user::capabilities, user::chart_prefs, user::cookie, user::guest, guest_password, guest_username, user::language, user::pw_warning, user::role, session_timeout, user::severity, user::time, user::timezone, user::token, user_add(), USER_BAD_MISSING_COOKIE, USER_BAD_MISSING_TOKEN, USER_EXPIRED_TOKEN, USER_GUEST_LOGIN_ERROR, USER_GUEST_LOGIN_FAILED, USER_IP_ADDRESS_MISSMATCH, USER_OK, USER_OMP_DOWN, and users.
Referenced by exec_omp_post(), and handle_request().
int user_logout_all_sessions | ( | const gchar * | username, |
credentials_t * | credentials | ||
) |
Logs out all sessions of a given user, except the current one.
[in] | username | User name. |
[in] | credentials | Current user's credentials. |
Definition at line 846 of file gsad.c.
References credentials_t::token, user::token, user::username, and users.
Referenced by exec_omp_post().
void user_release | ( | user_t * | user | ) |
Release a user_t returned by user_add or user_find.
[in] | user | User. |
Definition at line 874 of file gsad.c.
Referenced by exec_omp_post(), and handle_request().
void user_remove | ( | user_t * | user | ) |
Remove a user from the session "database", releasing the user_t too.
[in] | user | User. |
Definition at line 885 of file gsad.c.
References users.
Referenced by handle_request().
int user_set_autorefresh | ( | const gchar * | token, |
const gchar * | autorefresh | ||
) |
Set default autorefresh interval of user.
[in] | token | User token. |
[in] | autorefresh | Autorefresh interval. |
Definition at line 816 of file gsad.c.
References user::autorefresh, user::token, and users.
int user_set_chart_pref | ( | const gchar * | token, |
gchar * | pref_id, | ||
gchar * | pref_value | ||
) |
Set a chart preference of a user.
[in] | token | User token. |
[in] | pref_id | ID of the chart preference. |
[in] | pref_value | Preference value to set. |
Definition at line 786 of file gsad.c.
References user::chart_prefs, user::token, and users.
Referenced by exec_omp_post().
int user_set_charts | ( | const gchar * | token, |
const int | charts | ||
) |
Set charts setting of user.
[in] | token | User token. |
[in] | charts | Whether to show charts. |
Definition at line 756 of file gsad.c.
References user::charts, user::token, and users.
Referenced by exec_omp_get().
int user_set_language | ( | const gchar * | token, |
const gchar * | language | ||
) |
Set language of user.
[in] | token | User token. |
[in] | language | Language. |
Definition at line 726 of file gsad.c.
References user::language, set_language_code(), user::token, and users.
Referenced by exec_omp_post().
int user_set_password | ( | const gchar * | token, |
const gchar * | password | ||
) |
Set password of user.
[in] | token | User token. |
[in] | password | Password. |
Definition at line 664 of file gsad.c.
References user::password, user::pw_warning, user::token, and users.
Referenced by exec_omp_post().
int user_set_severity | ( | const gchar * | token, |
const gchar * | severity | ||
) |
Set severity class of user.
[in] | token | User token. |
[in] | severity | Severity class. |
Definition at line 696 of file gsad.c.
References user::severity, user::token, and users.
Referenced by exec_omp_post().
int user_set_timezone | ( | const gchar * | token, |
const gchar * | timezone | ||
) |
Set timezone of user.
[in] | token | User token. |
[in] | timezone | Timezone. |
Definition at line 634 of file gsad.c.
References user::timezone, user::token, and users.
Referenced by exec_omp_post().
struct sockaddr_storage address |
char* BAD_REQUEST_PAGE |
Bad request error HTML.
Definition at line 229 of file gsad.c.
Referenced by handle_request(), and send_redirect_to_urn().
int chroot_state = 0 |
Whether chroot is used.
Definition at line 344 of file gsad.c.
Referenced by get_chroot_state(), and set_chroot_state().
const char* ERROR_PAGE = "<html><body>HTTP Method not supported</body></html>" |
Error page HTML.
Definition at line 224 of file gsad.c.
Referenced by handle_request(), and redirect_handler().
GCRY_THREAD_OPTION_PTHREAD_IMPL |
struct MHD_Daemon* gsad_daemon |
The handle on the embedded HTTP daemon.
Definition at line 250 of file gsad.c.
Referenced by gsad_cleanup(), and main().
gchar* guest_password = NULL |
Guest password.
Definition at line 304 of file gsad.c.
Referenced by handle_request(), main(), and user_find().
gchar* guest_username = NULL |
Guest username.
Definition at line 299 of file gsad.c.
Referenced by exec_omp_post(), handle_request(), main(), user_add(), and user_find().
gchar* http_content_security_policy |
Current value for HTTP header "Content-Security-Policy".
Definition at line 319 of file gsad.c.
Referenced by add_guest_chart_content_security_headers(), add_security_headers(), and main().
gchar* http_guest_chart_content_security_policy |
Current guest chart value for HTTP header "Content-Security-Policy".
Definition at line 329 of file gsad.c.
Referenced by add_guest_chart_content_security_headers(), and main().
gchar* http_guest_chart_x_frame_options |
Current guest chart specific value for HTTP header "X-Frame-Options".
Definition at line 324 of file gsad.c.
Referenced by add_guest_chart_content_security_headers(), and main().
gchar* http_strict_transport_security |
Current value of for HTTP header "Strict-Transport-Security".
Definition at line 334 of file gsad.c.
Referenced by add_security_headers(), and main().
gchar* http_x_frame_options |
Current value for HTTP header "X-Frame-Options".
Definition at line 314 of file gsad.c.
Referenced by add_guest_chart_content_security_headers(), add_security_headers(), and main().
gboolean ignore_http_x_real_ip |
GSList* log_config = NULL |
Logging parameters, as passed to setup_log_handlers.
Definition at line 282 of file gsad.c.
Referenced by gsad_cleanup(), and main().
const char* NOT_FOUND_MESSAGE = "The requested page or file does not exist." |
Main message for "Page not found" messages.
Definition at line 219 of file gsad.c.
Referenced by handle_request().
const char* NOT_FOUND_TITLE = "Invalid request" |
Title for "Page not found" messages.
Definition at line 213 of file gsad.c.
Referenced by handle_request().
gchar* redirect_location = NULL |
Location for redirection server.
Definition at line 260 of file gsad.c.
Referenced by main(), and redirect_handler().
pid_t redirect_pid = 0 |
PID of redirect child in parent, 0 in child.
Definition at line 265 of file gsad.c.
Referenced by gsad_cleanup(), and main().
char* SERVER_ERROR |
Server error HTML.
Definition at line 235 of file gsad.c.
Referenced by serve_post().
int session_timeout |
Maximum number of minutes of user idle time.
Definition at line 294 of file gsad.c.
Referenced by main(), token_user(), user_add(), and user_find().
volatile int termination_signal = 0 |
Flag for signal handler.
Definition at line 200 of file gsad.c.
Referenced by handle_signal_exit(), and main().
pid_t unix_pid = 0 |
PID of unix socket child in parent, 0 in child.
Definition at line 270 of file gsad.c.
Referenced by gsad_cleanup(), and main().
int use_secure_cookie = 1 |
Whether to use a secure cookie.
This is always true when using HTTPS.
Definition at line 289 of file gsad.c.
Referenced by main(), and send_redirect_to_urn().
GPtrArray* users = NULL |
User session data.
Definition at line 309 of file gsad.c.
Referenced by create_group_omp(), create_role_omp(), gsad_init(), save_group_omp(), save_role_omp(), token_user(), token_user_remove(), user_add(), user_find(), user_logout_all_sessions(), user_remove(), user_set_autorefresh(), user_set_chart_pref(), user_set_charts(), user_set_language(), user_set_password(), user_set_severity(), and user_set_timezone().
validator_t validator |
Parameter validator.
Definition at line 957 of file gsad.c.
Referenced by exec_omp_get(), handle_request(), init_validator(), and params_mhd_validate_values().