56 #include <arpa/inet.h>
61 #include <gnutls/gnutls.h>
64 #include <netinet/in.h>
65 #include <openvas/misc/openvas_logging.h>
66 #include <openvas/base/openvas_file.h>
67 #include <openvas/base/openvas_networking.h>
68 #include <openvas/base/pidfile.h>
69 #include <openvas/omp/xml.h>
70 #include <openvas/misc/openvas_uuid.h>
80 #include <sys/prctl.h>
82 #include <sys/socket.h>
85 #include <sys/types.h>
88 #include <microhttpd.h>
95 #ifdef SVN_REV_AVAILABLE
96 #include "svnrevision.h"
103 #define G_LOG_DOMAIN "gsad main"
105 #undef G_LOG_FATAL_MASK
106 #define G_LOG_FATAL_MASK G_LOG_LEVEL_ERROR
112 #ifndef MHD_HTTP_NOT_ACCEPTABLE
113 #define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE
119 #define SID_COOKIE_NAME "GSAD_SID"
124 #define DEFAULT_GSAD_HTTPS_PORT 443
129 #define DEFAULT_GSAD_HTTP_PORT 80
134 #define DEFAULT_GSAD_PORT 9392
139 #define DEFAULT_GSAD_REDIRECT_PORT 80
144 #define DEFAULT_OPENVAS_MANAGER_PORT 9390
149 #define POST_BUFFER_SIZE 500000
154 #define MAX_FILE_NAME_SIZE 128
159 #define SESSION_TIMEOUT 15
164 #define DEFAULT_GSAD_FACE "classic"
169 #define DEFAULT_GSAD_X_FRAME_OPTIONS "SAMEORIGIN"
174 #define DEFAULT_GSAD_CONTENT_SECURITY_POLICY \
175 "default-src 'self' 'unsafe-inline';" \
176 " img-src 'self' blob:;" \
177 " frame-ancestors 'self'"
182 #define DEFAULT_GSAD_GUEST_CHART_X_FRAME_OPTIONS "SAMEORIGIN"
187 #define DEFAULT_GSAD_GUEST_CHART_CONTENT_SECURITY_POLICY \
188 "default-src 'self' 'unsafe-inline';" \
189 " img-src 'self' blob:;" \
195 #define DEFAULT_GSAD_HSTS_MAX_AGE 31536000
205 #if GCRYPT_VERSION_NUMBER < 0x010600
219 =
"The requested page or file does not exist.";
224 const char *
ERROR_PAGE =
"<html><body>HTTP Method not supported</body></html>";
230 "<html><body>Bad request.</body></html>";
236 "<html><body>An internal server error has occurred.</body></html>";
241 #define UTF8_ERROR_PAGE(location) \
243 "<head><title>Invalid request</title></head>" \
244 "<body>The request contained invalid UTF-8 in " location ".</body>" \
353 MHD_add_response_header (response,
"X-Frame-Options",
356 MHD_add_response_header (response,
"Content-Security-Policy",
359 MHD_add_response_header (response,
"Strict-Transport-Security",
370 MHD_add_response_header (response,
"X-Frame-Options",
373 MHD_add_response_header (response,
"Content-Security-Policy",
409 static GMutex *mutex = NULL;
440 g_mutex_lock (mutex);
441 for (index = 0; index <
users->len; index++)
445 if (strcmp (item->
username, username) == 0)
448 g_ptr_array_remove (
users, (gpointer) item);
451 user = g_malloc (
sizeof (
user_t));
452 user->
cookie = openvas_uuid_make ();
453 user->
token = openvas_uuid_make ();
454 user->
username = g_strdup (username);
455 user->
password = g_strdup (password);
456 user->
role = g_strdup (role);
457 user->
timezone = g_strdup (timezone);
458 user->
severity = g_strdup (severity);
460 user->
pw_warning = pw_warning ? g_strdup (pw_warning) : NULL;
463 user->
last_filt_ids = g_tree_new_full ((GCompareDataFunc) g_strcmp0,
464 NULL, g_free, g_free);
465 g_ptr_array_add (
users, (gpointer) user);
467 user->time =
time (NULL);
473 user->address = g_strdup (address);
478 #define USER_BAD_TOKEN 1
479 #define USER_EXPIRED_TOKEN 2
480 #define USER_BAD_MISSING_COOKIE 3
481 #define USER_BAD_MISSING_TOKEN 4
482 #define USER_GUEST_LOGIN_FAILED 5
483 #define USER_OMP_DOWN 6
484 #define USER_IP_ADDRESS_MISSMATCH 7
485 #define USER_GUEST_LOGIN_ERROR -1
524 g_mutex_lock (mutex);
525 for (index = 0; index <
users->len; index++)
529 if (item->
guest && (strcmp (item->
cookie, cookie) == 0))
541 g_mutex_unlock (mutex);
566 role, capabilities, language, pw_warning,
567 chart_prefs, autorefresh, address);
571 g_free (capabilities);
575 g_free (autorefresh);
580 g_mutex_lock (mutex);
582 for (index = 0; index <
users->len; index++)
586 if (strcmp (item->
token, token) == 0)
588 if ((cookie == NULL) || strcmp (item->
cookie, cookie))
605 if (strcmp (address, user->
address))
621 g_mutex_unlock (mutex);
638 g_mutex_lock (mutex);
639 for (index = 0; index <
users->len; index++)
643 if (strcmp (item->
token, token) == 0)
646 item->
timezone = g_strdup (timezone);
651 g_mutex_unlock (mutex);
668 g_mutex_lock (mutex);
669 for (index = 0; index <
users->len; index++)
673 if (strcmp (item->
token, token) == 0)
677 item->
password = g_strdup (password);
683 g_mutex_unlock (mutex);
700 g_mutex_lock (mutex);
701 for (index = 0; index <
users->len; index++)
705 if (strcmp (item->
token, token) == 0)
708 item->
severity = g_strdup (severity);
713 g_mutex_unlock (mutex);
730 g_mutex_lock (mutex);
731 for (index = 0; index <
users->len; index++)
735 if (strcmp (item->
token, token) == 0)
743 g_mutex_unlock (mutex);
760 g_mutex_lock (mutex);
761 for (index = 0; index <
users->len; index++)
765 if (strcmp (item->
token, token) == 0)
772 g_mutex_unlock (mutex);
790 g_mutex_lock (mutex);
791 for (index = 0; index <
users->len; index++)
795 if (strcmp (item->
token, token) == 0)
798 pref_id, pref_value);
803 g_mutex_unlock (mutex);
820 g_mutex_lock (mutex);
821 for (index = 0; index <
users->len; index++)
825 if (strcmp (item->
token, token) == 0)
833 g_mutex_unlock (mutex);
849 g_mutex_lock (mutex);
850 for (index = 0; index <
users->len; index++)
854 if (strcmp (item->
username, username) == 0
857 g_debug (
"%s: logging out user '%s', token '%s'",
859 g_ptr_array_remove (
users, (gpointer) item);
863 g_mutex_unlock (mutex);
876 g_mutex_unlock (mutex);
887 g_ptr_array_remove (
users, (gpointer) user);
888 g_mutex_unlock (mutex);
907 g_mutex_lock (mutex);
908 for (index = 0; index <
users->len; index++)
912 if (strcmp (item->
token, token) == 0)
932 g_mutex_unlock (mutex);
949 g_ptr_array_remove (
users, (gpointer) user);
950 g_mutex_unlock (mutex);
974 "|(create_container_task)"
975 "|(create_credential)"
982 "|(create_permission)"
983 "|(create_permissions)"
984 "|(create_port_list)"
985 "|(create_port_range)"
999 "|(delete_credential)"
1004 "|(delete_override)"
1005 "|(delete_permission)"
1006 "|(delete_port_list)"
1007 "|(delete_port_range)"
1009 "|(delete_report_format)"
1012 "|(delete_schedule)"
1016 "|(delete_trash_agent)"
1017 "|(delete_trash_config)"
1018 "|(delete_trash_alert)"
1019 "|(delete_trash_credential)"
1020 "|(delete_trash_filter)"
1021 "|(delete_trash_group)"
1022 "|(delete_trash_note)"
1023 "|(delete_trash_override)"
1024 "|(delete_trash_permission)"
1025 "|(delete_trash_port_list)"
1026 "|(delete_trash_report_format)"
1027 "|(delete_trash_role)"
1028 "|(delete_trash_scanner)"
1029 "|(delete_trash_schedule)"
1030 "|(delete_trash_tag)"
1031 "|(delete_trash_target)"
1032 "|(delete_trash_task)"
1034 "|(delete_user_confirm)"
1036 "|(download_credential)"
1037 "|(download_ssl_cert)"
1038 "|(download_ca_pub)"
1039 "|(download_key_pub)"
1044 "|(edit_config_family)"
1045 "|(edit_config_nvt)"
1046 "|(edit_credential)"
1049 "|(edit_my_settings)"
1052 "|(edit_permission)"
1054 "|(edit_report_format)"
1073 "|(export_credential)"
1074 "|(export_credentials)"
1082 "|(export_override)"
1083 "|(export_overrides)"
1084 "|(export_permission)"
1085 "|(export_permissions)"
1086 "|(export_port_list)"
1087 "|(export_port_lists)"
1088 "|(export_preference_file)"
1089 "|(export_report_format)"
1090 "|(export_report_formats)"
1096 "|(export_scanners)"
1097 "|(export_schedule)"
1098 "|(export_schedules)"
1112 "|(get_assets_chart)"
1114 "|(get_config_family)"
1119 "|(get_credentials)"
1127 "|(get_my_settings)"
1134 "|(get_permissions)"
1137 "|(get_protocol_doc)"
1140 "|(get_report_format)"
1141 "|(get_report_formats)"
1142 "|(get_report_section)"
1151 "|(get_system_reports)"
1158 "|(get_tasks_chart)"
1163 "|(import_port_list)"
1165 "|(import_report_format)"
1171 "|(new_container_task)"
1179 "|(new_permissions)"
1182 "|(new_report_format)"
1199 "|(save_chart_preference)"
1201 "|(save_config_family)"
1202 "|(save_config_nvt)"
1203 "|(save_container_task)"
1204 "|(save_credential)"
1207 "|(save_my_settings)"
1210 "|(save_permission)"
1212 "|(save_report_format)"
1228 "|(upload_port_list)"
1231 "|(verify_report_format)"
1242 openvas_validator_add (
validator,
"aggregate_type",
"^(agent|alert|config|credential|filter|group|host|nvt|note|os|override|permission|port_list|report|report_format|result|role|scanner|schedule|tag|target|task|user|allinfo|cve|cpe|ovaldef|cert_bund_adv|dfn_cert_adv)$");
1243 openvas_validator_add (
validator,
"alive_tests",
"^(Scan Config Default|ICMP Ping|TCP-ACK Service Ping|TCP-SYN Service Ping|ARP Ping|ICMP & TCP-ACK Service Ping|ICMP & ARP Ping|TCP-ACK Service & ARP Ping|ICMP, TCP-ACK Service & ARP Ping|Consider Alive)$");
1342 "^(Browser Language|"
1343 "([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_-]+)?"
1344 "(:([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_-]+)?)*)$");
1397 "^(summary|results|hosts|ports"
1398 "|closed_cves|vulns|os|apps|errors"
1399 "|topology|ssl_certs|cves)$");
1407 "^(agent|alert|asset|config|credential|filter|group|host|nvt|note|os|override|permission|port_list|report|report_format|result|role|scanner|schedule|tag|target|task|user|info|cve|cpe|ovaldef|cert_bund_adv|dfn_cert_adv|"
1408 "Agent|Alert|Asset|Config|Credential|Filter|Group|Host|Note|NVT|Operating System|Override|Permission|Port List|Report|Report Format|Result|Role|Scanner|Schedule|Tag|Target|Task|User|SecInfo|CVE|CPE|OVAL Definition|CERT-Bund Advisory|DFN-CERT Advisory)$");
1411 "^(agent|alert|asset|config|credential|filter|group|host|note|nvt|os|override|permission|port_list|report|report_format|result|role|scanner|schedule|tag|target|task|user|info|"
1412 "Agent|Alert|Asset|Config|Credential|Filter|Group|Host|Note|NVT|Operating System|Override|Permission|Port List|Report|Report Format|Result|Role|Scanner|Schedule|Tag|Target|Task|User|SecInfo|)$");
1658 else if (strcmp (format,
"deb") == 0)
1660 else if (strcmp (format,
"exe") == 0)
1662 else if (strcmp (format,
"html") == 0)
1664 else if (strcmp (format,
"key") == 0)
1666 else if (strcmp (format,
"nbe") == 0)
1668 else if (strcmp (format,
"pdf") == 0)
1670 else if (strcmp (format,
"rpm") == 0)
1672 else if (strcmp (format,
"xml") == 0)
1703 #ifdef SERVE_STATIC_ASSETS
1715 file_reader (
void *cls, uint64_t pos,
char *buf,
int max)
1719 fseek (file, pos, SEEK_SET);
1720 return fread (buf, 1, max, file);
1736 void **con_cls,
enum MHD_RequestTerminationCode toe)
1741 if (NULL == con_info)
1743 g_debug (
"con_info was NULL!\n");
1758 g_free (con_info->
cookie);
1780 const char *filename,
1781 const char *chunk_data,
1785 if ((strncmp (name,
"bulk_selected:", strlen (
"bulk_selected:")) == 0)
1786 || (strncmp (name,
"chart_gen:", strlen (
"chart_gen:")) == 0)
1787 || (strncmp (name,
"chart_init:", strlen (
"chart_init:")) == 0)
1788 || (strncmp (name,
"condition_data:", strlen (
"condition_data:")) == 0)
1789 || (strncmp (name,
"data_columns:", strlen (
"data_columns:")) == 0)
1790 || (strncmp (name,
"event_data:", strlen (
"event_data:")) == 0)
1791 || (strncmp (name,
"settings_changed:", strlen (
"settings_changed:"))
1793 || (strncmp (name,
"settings_default:", strlen (
"settings_default:"))
1795 || (strncmp (name,
"settings_filter:", strlen (
"settings_filter:")) == 0)
1796 || (strncmp (name,
"file:", strlen (
"file:")) == 0)
1797 || (strncmp (name,
"include_id_list:", strlen (
"include_id_list:")) == 0)
1798 || (strncmp (name,
"parameter:", strlen (
"parameter:")) == 0)
1799 || (strncmp (name,
"password:", strlen (
"password:")) == 0)
1800 || (strncmp (name,
"preference:", strlen (
"preference:")) == 0)
1801 || (strncmp (name,
"select:", strlen (
"select:")) == 0)
1802 || (strncmp (name,
"text_columns:", strlen (
"text_columns:")) == 0)
1803 || (strncmp (name,
"trend:", strlen (
"trend:")) == 0)
1804 || (strncmp (name,
"method_data:", strlen (
"method_data:")) == 0)
1805 || (strncmp (name,
"nvt:", strlen (
"nvt:")) == 0)
1806 || (strncmp (name,
"alert_id_optional:", strlen (
"alert_id_optional:"))
1808 || (strncmp (name,
"group_id_optional:", strlen (
"group_id_optional:"))
1810 || (strncmp (name,
"role_id_optional:", strlen (
"role_id_optional:"))
1812 || (strncmp (name,
"related:", strlen (
"related:")) == 0)
1813 || (strncmp (name,
"sort_fields:", strlen (
"sort_fields:")) == 0)
1814 || (strncmp (name,
"sort_orders:", strlen (
"sort_orders:")) == 0)
1815 || (strncmp (name,
"sort_stats:", strlen (
"sort_stats:")) == 0)
1816 || (strncmp (name,
"y_fields:", strlen (
"y_fields:")) == 0)
1817 || (strncmp (name,
"z_fields:", strlen (
"z_fields:")) == 0))
1823 colon = strchr (name,
':');
1827 if ((colon - name) == (strlen (name) - 1))
1838 prefix = g_strndup (name, 1 + colon - name);
1846 else if (param->
values == NULL)
1854 param->
filename = g_strdup (filename);
1867 if ((strcmp (name,
"alert_ids:") == 0)
1868 || (strcmp(name,
"role_ids:") == 0)
1869 || (strcmp(name,
"group_ids:") == 0)
1870 || (strcmp(name,
"id_list:") == 0))
1882 else if (param->
values == NULL)
1885 if (chunk_offset == 0)
1888 index_str = g_strdup_printf (
"%d", param->
array_len);
1896 param->
filename = g_strdup (filename);
1931 serve_post (
void *coninfo_cls,
enum MHD_ValueKind kind,
const char *key,
1932 const char *filename,
const char *content_type,
1933 const char *transfer_encoding,
const char *data, uint64_t off,
1939 con_info->
answercode = MHD_HTTP_INTERNAL_SERVER_ERROR;
1944 params_append_mhd (con_info->
params, key, filename, data, size, off);
1962 gchar *name, *name_name, *value_name;
1964 name_name = g_strdup_printf (
"%sname", parent_name);
1965 value_name = g_strdup_printf (
"%svalue", parent_name);
1973 if ((g_utf8_validate (name, -1, NULL) == FALSE)
1974 || (g_utf8_validate (param->
value, -1, NULL) == FALSE))
1977 param->
value = NULL;
1984 (item_name = g_strdup_printf (
"%s%s:",
1996 param->
value = NULL;
2005 param->
value = NULL;
2012 const gchar *alias_for;
2018 if ((param->
value && (strcmp ((gchar*) name,
"number") == 0))
2019 || (alias_for && (strcmp ((gchar*) alias_for,
"number") == 0)))
2028 param->
value = NULL;
2039 g_free (value_name);
2048 params_mhd_validate (
void *params)
2050 GHashTableIter iter;
2051 gpointer name, value;
2053 g_hash_table_iter_init (&iter, params);
2054 while (g_hash_table_iter_next (&iter, &name, &value))
2059 param->
valid_utf8 = (g_utf8_validate (name, -1, NULL)
2060 && (param->
value == NULL
2061 || g_utf8_validate (param->
value, -1, NULL)));
2063 if ((!g_str_has_prefix (name,
"osp_pref_")
2067 param->
value = NULL;
2072 const gchar *alias_for;
2077 if ((param->
value && (strcmp ((gchar*) name,
"number") == 0))
2078 || (alias_for && (strcmp ((gchar*) alias_for,
"number") == 0)))
2091 #define ELSE(name) \
2092 else if (!strcmp (cmd, G_STRINGIFY (name))) \
2093 con_info->response = name ## _omp (credentials, con_info->params, \
2103 assert (user->
role);
2106 assert (user->
token);
2110 credentials->
role = g_strdup (user->
role);
2119 credentials->
language = g_strdup (language);
2137 g_free (creds->
role);
2139 g_free (creds->
token);
2169 gchar **new_sid,
const char *client_address)
2174 const char *cmd, *caller, *
language;
2177 const char *xml_flag;
2182 params_mhd_validate (con_info->
params);
2186 if (cmd && !strcmp (cmd,
"login"))
2188 const char *password;
2191 if ((password == NULL)
2199 gchar *timezone, *role, *capabilities, *severity, *
language;
2200 gchar *pw_warning, *autorefresh;
2217 char ctime_now[200];
2219 if (ret == -1 || ret == 2)
2230 " Waiting for OMP service to become available."
2233 " Error during authentication."
2243 if (xml_flag && strcmp (xml_flag,
"0"))
2253 g_warning (
"Authentication failure for '%s' from %s",
2261 password, timezone, severity, role, capabilities,
2262 language, pw_warning, chart_prefs, autorefresh,
2265 *user_return = user;
2268 g_free (capabilities);
2271 g_free (pw_warning);
2272 g_free (autorefresh);
2282 char ctime_now[200];
2289 xml =
login_xml (
"Login failed.", NULL, ctime_now, NULL,
2293 if (xml_flag && strcmp (xml_flag,
"0"))
2302 g_warning (
"Authentication failure for '%s' from %s",
2318 "Internal error", __FUNCTION__, __LINE__,
2319 "An internal error occurred inside GSA daemon. "
2320 "Diagnostics: Token missing.",
2321 "/omp?cmd=get_tasks", &response_data);
2325 "Internal error", __FUNCTION__, __LINE__,
2326 "An internal error occurred inside GSA daemon. "
2327 "Diagnostics: Token bad.",
2328 "/omp?cmd=get_tasks", &response_data);
2335 client_address, &user);
2341 "Internal error", __FUNCTION__, __LINE__,
2342 "An internal error occurred inside GSA daemon. "
2343 "Diagnostics: Bad token.",
2344 "/omp?cmd=get_tasks", &response_data);
2354 char ctime_now[200];
2361 if (caller && g_utf8_validate (caller, -1, NULL) == FALSE)
2364 g_warning (
"%s - caller is not valid UTF-8", __FUNCTION__);
2369 xml =
login_xml (
"Session has expired. Please login again.",
2380 if (xml_flag && strcmp (xml_flag,
"0"))
2396 char ctime_now[200];
2401 xml =
login_xml (
"Cookie missing or bad. Please login again.",
2410 if (xml_flag && strcmp (xml_flag,
"0"))
2427 char ctime_now[200];
2434 ?
"Login failed. OMP service is down."
2436 ?
"Login failed. Error during authentication."
2445 if (xml_flag && strcmp (xml_flag,
"0"))
2464 credentials = credentials_new (user, language, client_address);
2466 gettimeofday (&credentials->
cmd_start, NULL);
2471 if (caller && g_utf8_validate (caller, -1, NULL) == FALSE)
2473 g_warning (
"%s - caller is not valid UTF-8", __FUNCTION__);
2476 credentials->
caller = g_strdup (caller ?:
"");
2478 if (new_sid) *new_sid = g_strdup (user->
cookie);
2486 if (setenv (
"TZ", credentials->
timezone, 1) == -1)
2488 g_critical (
"%s: failed to set TZ\n", __FUNCTION__);
2489 exit (EXIT_FAILURE);
2503 "An internal error occurred inside GSA daemon. "
2504 "Diagnostics: Empty command.",
2505 "/omp?cmd=get_tasks", &response_data);
2512 ELSE (create_container_task)
2513 ELSE (create_credential)
2514 ELSE (create_filter)
2517 ELSE (create_permission)
2518 ELSE (create_permissions)
2519 ELSE (create_port_list)
2520 ELSE (create_port_range)
2521 ELSE (create_report)
2525 ELSE (create_scanner)
2526 ELSE (create_schedule)
2528 ELSE (create_target)
2529 ELSE (create_config)
2531 ELSE (create_override)
2536 ELSE (delete_credential)
2537 ELSE (delete_filter)
2540 ELSE (delete_override)
2541 ELSE (delete_permission)
2542 ELSE (delete_port_list)
2543 ELSE (delete_port_range)
2544 ELSE (delete_report)
2545 ELSE (delete_report_format)
2547 ELSE (delete_scanner)
2548 ELSE (delete_schedule)
2551 ELSE (delete_target)
2552 ELSE (delete_trash_agent)
2553 ELSE (delete_trash_config)
2554 ELSE (delete_trash_alert)
2555 ELSE (delete_trash_credential)
2556 ELSE (delete_trash_filter)
2557 ELSE (delete_trash_group)
2558 ELSE (delete_trash_note)
2559 ELSE (delete_trash_override)
2560 ELSE (delete_trash_permission)
2561 ELSE (delete_trash_port_list)
2562 ELSE (delete_trash_report_format)
2563 ELSE (delete_trash_role)
2564 ELSE (delete_trash_scanner)
2565 ELSE (delete_trash_schedule)
2566 ELSE (delete_trash_tag)
2567 ELSE (delete_trash_target)
2568 ELSE (delete_trash_task)
2569 ELSE (delete_config)
2570 ELSE (empty_trashcan)
2571 else if (!strcmp (cmd,
"alert_report"))
2574 (credentials, con_info->
params, &response_data);
2576 ELSE (import_config)
2577 ELSE (import_port_list)
2578 ELSE (import_report)
2579 ELSE (import_report_format)
2580 else if (!strcmp (cmd,
"process_bulk"))
2597 else if (!strcmp (cmd,
"save_chart_preference"))
2599 gchar *pref_id, *pref_value;
2603 &pref_id, &pref_value,
2605 if (pref_id && pref_value)
2609 ELSE (save_config_family)
2610 ELSE (save_config_nvt)
2611 ELSE (save_credential)
2614 else if (!strcmp (cmd,
"save_my_settings"))
2616 char *timezone, *password, *severity, *
language;
2619 &timezone, &password,
2620 &severity, &language,
2644 ELSE (save_override)
2645 ELSE (save_permission)
2646 ELSE (save_port_list)
2647 ELSE (save_report_format)
2650 ELSE (save_schedule)
2654 ELSE (save_container_task)
2655 else if (!strcmp (cmd,
"save_user"))
2657 char *password, *modified_user;
2660 &password, &modified_user, &logout,
2662 if (modified_user && logout)
2679 ELSE (verify_report_format)
2680 ELSE (verify_scanner)
2688 "An internal error occurred inside GSA daemon. "
2689 "Diagnostics: Unknown command.",
2690 "/omp?cmd=get_tasks", &response_data);
2702 credentials_free (credentials);
2715 params_mhd_add (
void *params,
enum MHD_ValueKind kind,
const char *name,
2718 if ((strncmp (name,
"bulk_selected:", strlen (
"bulk_selected:")) == 0)
2719 || (strncmp (name,
"chart_gen:", strlen (
"chart_gen:")) == 0)
2720 || (strncmp (name,
"chart_init:", strlen (
"chart_init:")) == 0)
2721 || (strncmp (name,
"condition_data:", strlen (
"condition_data:")) == 0)
2722 || (strncmp (name,
"data_columns:", strlen (
"data_columns:")) == 0)
2723 || (strncmp (name,
"event_data:", strlen (
"event_data:")) == 0)
2724 || (strncmp (name,
"settings_changed:", strlen (
"settings_changed:"))
2726 || (strncmp (name,
"settings_default:", strlen (
"settings_default:"))
2728 || (strncmp (name,
"settings_filter:", strlen (
"settings_filter:")) == 0)
2729 || (strncmp (name,
"file:", strlen (
"file:")) == 0)
2730 || (strncmp (name,
"include_id_list:", strlen (
"include_id_list:")) == 0)
2731 || (strncmp (name,
"parameter:", strlen (
"parameter:")) == 0)
2732 || (strncmp (name,
"password:", strlen (
"password:")) == 0)
2733 || (strncmp (name,
"preference:", strlen (
"preference:")) == 0)
2734 || (strncmp (name,
"select:", strlen (
"select:")) == 0)
2735 || (strncmp (name,
"text_columns:", strlen (
"text_columns:")) == 0)
2736 || (strncmp (name,
"trend:", strlen (
"trend:")) == 0)
2737 || (strncmp (name,
"method_data:", strlen (
"method_data:")) == 0)
2738 || (strncmp (name,
"nvt:", strlen (
"nvt:")) == 0)
2739 || (strncmp (name,
"alert_id_optional:", strlen (
"alert_id_optional:"))
2741 || (strncmp (name,
"group_id_optional:", strlen (
"group_id_optional:"))
2743 || (strncmp (name,
"role_id_optional:", strlen (
"role_id_optional:"))
2745 || (strncmp (name,
"related:", strlen (
"related:")) == 0)
2746 || (strncmp (name,
"sort_fields:", strlen (
"sort_fields:")) == 0)
2747 || (strncmp (name,
"sort_orders:", strlen (
"sort_orders:")) == 0)
2748 || (strncmp (name,
"sort_stats:", strlen (
"sort_stats:")) == 0)
2749 || (strncmp (name,
"y_fields:", strlen (
"y_fields:")) == 0)
2750 || (strncmp (name,
"z_fields:", strlen (
"z_fields:")) == 0))
2758 colon = strchr (name,
':');
2760 if ((colon - name) == (strlen (name) - 1))
2767 prefix = g_strndup (name, 1 + colon - name);
2775 else if (param->
values == NULL)
2788 if ((strcmp (name,
"alert_ids:") == 0)
2789 || (strcmp(name,
"role_ids:") == 0)
2790 || (strcmp(name,
"group_ids:") == 0)
2791 || (strcmp(name,
"id_list:") == 0))
2803 else if (param->
values == NULL)
2808 index_str = g_strdup_printf (
"%d", param->
array_len);
2828 #define ELSE(name) \
2829 else if (!strcmp (cmd, G_STRINGIFY (name))) \
2830 return name ## _omp (credentials, params, response_data);
2854 enum content_type* content_type,
2855 gchar **content_type_string,
2857 gsize* response_size,
2861 const int CMD_MAX_SIZE = 27;
2865 (
char *) MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND,
2875 if ((cmd != NULL) && (strlen (cmd) <= CMD_MAX_SIZE))
2877 g_debug (
"cmd: [%s]\n", cmd);
2881 MHD_get_connection_values (connection, MHD_GET_ARGUMENT_KIND,
2882 params_mhd_add, params);
2884 params_mhd_validate (params);
2891 "Internal error", __FUNCTION__, __LINE__,
2892 "An internal error occurred inside GSA daemon. "
2893 "Diagnostics: No valid command for omp.",
2894 "/omp?cmd=get_tasks", response_data);
2902 if (setenv (
"TZ", credentials->
timezone, 1) == -1)
2904 g_critical (
"%s: failed to set TZ\n", __FUNCTION__);
2905 exit (EXIT_FAILURE);
2917 credentials->
charts = atoi (charts);
2921 gettimeofday (&credentials->
cmd_start, NULL);
2927 if (!strcmp (cmd,
"cvss_calculator"))
2930 else if (!strcmp (cmd,
"dashboard"))
2931 return dashboard (credentials, params, response_data);
2933 else if (!strcmp (cmd,
"new_filter"))
2936 ELSE (new_container_task)
2944 ELSE (get_assets_chart)
2947 ELSE (get_tasks_chart)
2948 ELSE (delete_user_confirm)
2953 ELSE (edit_config_family)
2954 ELSE (edit_config_nvt)
2955 ELSE (edit_credential)
2958 ELSE (edit_my_settings)
2962 ELSE (edit_port_list)
2963 ELSE (edit_report_format)
2971 ELSE (auth_settings)
2973 else if (!strcmp (cmd,
"export_agent"))
2975 content_disposition, response_size,
2978 else if (!strcmp (cmd,
"export_agents"))
2980 content_disposition, response_size,
2983 else if (!strcmp (cmd,
"export_alert"))
2985 content_disposition, response_size,
2988 else if (!strcmp (cmd,
"export_alerts"))
2990 content_disposition, response_size,
2993 else if (!strcmp (cmd,
"export_asset"))
2995 content_disposition, response_size,
2998 else if (!strcmp (cmd,
"export_assets"))
3000 content_disposition, response_size,
3003 else if (!strcmp (cmd,
"export_config"))
3005 content_disposition, response_size,
3008 else if (!strcmp (cmd,
"export_configs"))
3010 content_disposition, response_size,
3013 else if (!strcmp (cmd,
"download_credential"))
3016 gchar *credential_login;
3017 const char *credential_id;
3018 const char *package_format;
3020 package_format =
params_value (params,
"package_format");
3021 credential_login = NULL;
3022 credential_id =
params_value (params,
"credential_id");
3033 content_type_from_format_string (content_type, package_format);
3034 g_free (*content_disposition);
3035 *content_disposition = g_strdup_printf
3036 (
"attachment; filename=credential-%s.%s",
3038 && strcmp (credential_login,
""))
3041 (strcmp (package_format,
"key") == 0
3044 g_free (credential_login);
3049 else if (!strcmp (cmd,
"export_credential"))
3051 content_disposition, response_size,
3054 else if (!strcmp (cmd,
"export_credentials"))
3056 content_disposition, response_size,
3059 else if (!strcmp (cmd,
"export_filter"))
3061 content_disposition, response_size,
3064 else if (!strcmp (cmd,
"export_filters"))
3066 content_disposition, response_size,
3069 else if (!strcmp (cmd,
"export_group"))
3071 content_disposition, response_size,
3074 else if (!strcmp (cmd,
"export_groups"))
3076 content_disposition, response_size,
3079 else if (!strcmp (cmd,
"export_note"))
3081 content_disposition, response_size,
3084 else if (!strcmp (cmd,
"export_notes"))
3086 content_disposition, response_size,
3089 else if (!strcmp (cmd,
"export_omp_doc"))
3091 content_disposition, response_size,
3094 else if (!strcmp (cmd,
"export_override"))
3096 content_disposition, response_size,
3099 else if (!strcmp (cmd,
"export_overrides"))
3101 content_disposition, response_size,
3104 else if (!strcmp (cmd,
"export_permission"))
3106 content_disposition, response_size,
3109 else if (!strcmp (cmd,
"export_permissions"))
3111 content_disposition, response_size,
3114 else if (!strcmp (cmd,
"export_port_list"))
3116 content_disposition, response_size,
3119 else if (!strcmp (cmd,
"export_port_lists"))
3121 content_disposition, response_size,
3124 else if (!strcmp (cmd,
"export_preference_file"))
3126 content_disposition, response_size,
3129 else if (!strcmp (cmd,
"export_report_format"))
3131 content_disposition, response_size,
3134 else if (!strcmp (cmd,
"export_report_formats"))
3136 content_disposition, response_size,
3139 else if (!strcmp (cmd,
"export_result"))
3141 content_disposition, response_size,
3144 else if (!strcmp (cmd,
"export_results"))
3146 content_disposition, response_size,
3149 else if (!strcmp (cmd,
"export_role"))
3151 content_disposition, response_size,
3154 else if (!strcmp (cmd,
"export_roles"))
3156 content_disposition, response_size,
3159 else if (!strcmp (cmd,
"export_scanner"))
3161 content_disposition, response_size,
3164 else if (!strcmp (cmd,
"export_scanners"))
3166 content_disposition, response_size,
3169 else if (!strcmp (cmd,
"export_schedule"))
3171 content_disposition, response_size,
3174 else if (!strcmp (cmd,
"export_schedules"))
3176 content_disposition, response_size,
3179 else if (!strcmp (cmd,
"export_tag"))
3181 content_disposition, response_size,
3184 else if (!strcmp (cmd,
"export_tags"))
3186 content_disposition, response_size,
3189 else if (!strcmp (cmd,
"export_target"))
3191 content_disposition, response_size,
3194 else if (!strcmp (cmd,
"export_targets"))
3196 content_disposition, response_size,
3199 else if (!strcmp (cmd,
"export_task"))
3201 content_disposition, response_size,
3204 else if (!strcmp (cmd,
"export_tasks"))
3206 content_disposition, response_size,
3209 else if (!strcmp (cmd,
"export_user"))
3211 content_disposition, response_size,
3214 else if (!strcmp (cmd,
"export_users"))
3216 content_disposition, response_size,
3224 else if (!strcmp (cmd,
"download_agent"))
3226 char *html, *filename;
3237 g_free (*content_disposition);
3238 *content_disposition = g_strdup_printf (
"attachment; filename=%s",
3245 else if (!strcmp (cmd,
"download_ssl_cert"))
3248 g_free (*content_disposition);
3249 *content_disposition = g_strdup_printf
3250 (
"attachment; filename=ssl-cert-%s.pem",
3257 else if (!strcmp (cmd,
"download_ca_pub"))
3260 g_free (*content_disposition);
3261 *content_disposition = g_strdup_printf
3262 (
"attachment; filename=scanner-ca-pub-%s.pem",
3268 else if (!strcmp (cmd,
"download_key_pub"))
3271 g_free (*content_disposition);
3272 *content_disposition = g_strdup_printf
3273 (
"attachment; filename=scanner-key-pub-%s.pem",
3279 ELSE (get_aggregate)
3282 ELSE (get_credential)
3283 ELSE (get_credentials)
3289 ELSE (get_my_settings)
3293 ELSE (get_overrides)
3294 ELSE (get_permission)
3295 ELSE (get_permissions)
3296 ELSE (get_port_list)
3297 ELSE (get_port_lists)
3299 else if (!strcmp (cmd,
"get_report"))
3302 gchar *content_type_omp;
3307 content_disposition,
3310 if (content_type_omp)
3313 *content_type_string = content_type_omp;
3322 ELSE (get_report_format)
3323 ELSE (get_report_formats)
3324 ELSE (get_report_section)
3330 ELSE (get_schedules)
3331 ELSE (get_system_reports)
3342 ELSE (get_config_family)
3343 ELSE (get_config_nvt)
3345 ELSE (get_protocol_doc)
3349 ELSE (new_credential)
3354 ELSE (new_port_list)
3355 ELSE (new_port_range)
3356 ELSE (new_report_format)
3359 ELSE (upload_config)
3360 ELSE (upload_port_list)
3361 ELSE (upload_report)
3370 "Internal error", __FUNCTION__, __LINE__,
3371 "An internal error occurred inside GSA daemon. "
3372 "Diagnostics: Unknown command.",
3373 "/omp?cmd=get_tasks", response_data);
3380 #define EXPIRES_LENGTH 100
3391 attach_sid (
struct MHD_Response *
response,
const char *sid)
3397 struct tm expire_time_broken;
3398 time_t now, expire_time;
3404 tz = getenv (
"TZ") ? g_strdup (getenv (
"TZ")) : NULL;
3405 if (setenv (
"TZ",
"GMT", 1) == -1)
3407 g_critical (
"%s: failed to set TZ\n", __FUNCTION__);
3409 exit (EXIT_FAILURE);
3413 locale = g_strdup (setlocale (LC_ALL, NULL));
3414 setlocale (LC_ALL,
"C");
3418 if (localtime_r (&expire_time, &expire_time_broken) == NULL)
3421 &expire_time_broken);
3425 setlocale (LC_ALL, locale);
3431 if (setenv (
"TZ", tz, 1) == -1)
3433 g_warning (
"%s: Failed to switch to original TZ", __FUNCTION__);
3435 exit (EXIT_FAILURE);
3448 "=%s; expires=%s; path=/; %sHTTPonly",
3452 ret = MHD_add_response_header (response,
"Set-Cookie", value);
3465 remove_sid (
struct MHD_Response *response)
3471 struct tm expire_time_broken;
3475 locale = g_strdup (setlocale (LC_ALL, NULL));
3476 setlocale (LC_ALL,
"C");
3478 expire_time = time (NULL);
3479 if (localtime_r (&expire_time, &expire_time_broken) == NULL)
3482 &expire_time_broken);
3486 setlocale (LC_ALL, locale);
3494 value = g_strdup_printf (
SID_COOKIE_NAME "=0; expires=%s; path=/; %sHTTPonly",
3497 ret = MHD_add_response_header (response,
"Set-Cookie", value);
3512 gsad_add_content_type_header (
struct MHD_Response *response,
3513 enum content_type* ct)
3521 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3525 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3529 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3530 "application/html");
3533 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3537 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3541 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3545 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3549 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3550 "application/xml; charset=utf-8");
3553 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3557 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3561 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3562 "application/octet-stream");
3565 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3569 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3570 "text/html; charset=utf-8");
3573 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3577 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3578 "text/plain; charset=utf-8");
3583 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
3584 "text/plain; charset=utf-8");
3604 int status_code,
const gchar *sid,
3605 enum content_type content_type,
3606 const char *content_disposition,
3607 size_t content_length)
3609 struct MHD_Response *response;
3610 size_t size = (content_length ? content_length : strlen (content));
3613 response = MHD_create_response_from_buffer (size, (
void *) content,
3614 MHD_RESPMEM_MUST_COPY);
3615 gsad_add_content_type_header (response, &content_type);
3617 if (content_disposition)
3618 MHD_add_response_header (response,
"Content-Disposition",
3619 content_disposition);
3623 if (strcmp (sid,
"0"))
3625 if (attach_sid (response, sid) == MHD_NO)
3627 MHD_destroy_response (response);
3633 if (remove_sid (response) == MHD_NO)
3635 MHD_destroy_response (response);
3641 ret = MHD_queue_response (connection, status_code, response);
3642 MHD_destroy_response (response);
3660 struct MHD_Response *response;
3667 body = g_strdup_printf (
"<html><body>Code 303 - Redirecting to"
3668 " <a href=\"%s\">%s<a/></body></html>\n",
3670 response = MHD_create_response_from_buffer (strlen (body), body,
3671 MHD_RESPMEM_MUST_FREE);
3675 g_warning (
"%s: failed to create response, dropping request",
3679 ret = MHD_add_response_header (response, MHD_HTTP_HEADER_LOCATION, uri);
3682 MHD_destroy_response (response);
3683 g_warning (
"%s: failed to add location header, dropping request",
3690 if (attach_sid (response, user->
cookie) == MHD_NO)
3692 MHD_destroy_response (response);
3693 g_warning (
"%s: failed to attach SID, dropping request",
3699 MHD_add_response_header (response, MHD_HTTP_HEADER_EXPIRES,
"-1");
3700 MHD_add_response_header (response, MHD_HTTP_HEADER_CACHE_CONTROL,
"no-cache");
3703 ret = MHD_queue_response (connection, MHD_HTTP_SEE_OTHER, response);
3704 MHD_destroy_response (response);
3713 #define MAX_HOST_LEN 1000
3728 const char *host, *protocol;
3731 host = MHD_lookup_connection_value (connection, MHD_HEADER_KIND,
3732 MHD_HTTP_HEADER_HOST);
3733 if (host && g_utf8_validate (host, -1, NULL) == FALSE)
3737 MHD_HTTP_BAD_REQUEST, NULL,
3748 protocol = MHD_lookup_connection_value (connection, MHD_HEADER_KIND,
3749 "X-Forwarded-Protocol");
3750 if (protocol && g_utf8_validate (protocol, -1, NULL) == FALSE)
3754 MHD_HTTP_BAD_REQUEST, NULL,
3758 else if ((protocol == NULL)
3759 || (strcmp(protocol,
"http") && strcmp(protocol,
"https")))
3767 snprintf (uri,
sizeof (uri),
"%s://%s%s", protocol, host, urn);
3791 const char *url,
const char *method,
3792 const char *version,
const char *upload_data,
3793 size_t *upload_data_size,
void **con_cls)
3800 if ((!strcmp (method,
"GET")) && *con_cls == NULL)
3809 *con_cls = (
void *) con_info;
3814 if (&url[0] == NULL)
3818 if (strcmp (method,
"GET") && strcmp (method,
"POST"))
3826 host = MHD_lookup_connection_value (connection,
3829 if (host && g_utf8_validate (host, -1, NULL) == FALSE)
3833 MHD_HTTP_BAD_REQUEST, NULL,
3837 else if (host == NULL)
3840 if (sscanf (host,
"[%" G_STRINGIFY(
MAX_HOST_LEN)
"[0-9a-f:.]]:%*i", name)
3843 char *name6 = g_strdup_printf (
"[%s]", name);
3848 else if (sscanf (host,
"%" G_STRINGIFY(
MAX_HOST_LEN)
"[^:]:%*i", name) == 1)
3864 #define DATE_2822_LEN 100
3866 #ifdef SERVE_STATIC_ASSETS
3883 static struct MHD_Response*
3885 struct MHD_Connection *connection,
const char* url,
3886 int* http_response_code,
enum content_type* content_type,
3887 char** content_disposition)
3891 char *default_file =
"login/login.html";
3892 struct MHD_Response* response;
3904 if (strstr (url,
".."))
3905 path = g_strconcat (default_file, NULL);
3909 const char* relative_url = url;
3910 if (*url ==
'/') relative_url = url + 1;
3911 path = g_strconcat (relative_url, NULL);
3914 file = fopen (path,
"r");
3918 g_debug (
"File %s failed, ", path);
3920 struct MHD_Response *response;
3922 *http_response_code = MHD_HTTP_NOT_FOUND;
3927 "/login/login.html", NULL);
3928 response = MHD_create_response_from_buffer (strlen (msg),
3930 MHD_RESPMEM_MUST_COPY);
3936 if (strstr (path,
".png"))
3938 else if (strstr (path,
".svg"))
3940 else if (strstr (path,
".html"))
3942 else if (strstr (path,
".css"))
3944 else if (strstr (path,
".js"))
3949 g_debug (
"Default file successful.\n");
3950 if (stat (path, &buf))
3953 g_critical (
"%s: file <%s> can not be stat'ed.\n",
3962 if ((buf.st_mode & S_IFMT) != S_IFREG)
3964 struct MHD_Response *ret;
3969 NULL, &response_data);
3974 ret = MHD_create_response_from_buffer (strlen (res), (
void *) res,
3975 MHD_RESPMEM_MUST_FREE);
3979 response = MHD_create_response_from_callback (buf.st_size, 32 * 1024,
3980 (MHD_ContentReaderCallback) &file_reader,
3982 (MHD_ContentReaderFreeCallback)
3985 mtime = localtime (&buf.st_mtime);
3987 && strftime (date_2822,
DATE_2822_LEN,
"%a, %d %b %Y %H:%M:%S %Z", mtime))
3989 MHD_add_response_header (response,
"Last-Modified", date_2822);
3992 next_week = time (NULL) + 7 * 24 * 60 * 60;
3993 mtime = localtime (&next_week);
3995 && strftime (date_2822,
DATE_2822_LEN,
"%a, %d %b %Y %H:%M:%S %Z", mtime))
3997 MHD_add_response_header (response,
"Expires", date_2822);
4020 handler_send_response (
struct MHD_Connection *connection,
4021 struct MHD_Response *response,
4022 enum content_type *content_type,
4023 char *content_disposition,
4024 int http_response_code,
4030 if (remove_sid (response) == MHD_NO)
4032 MHD_destroy_response (response);
4033 g_warning (
"%s: failed to remove SID, dropping request",
4037 gsad_add_content_type_header (response, content_type);
4038 if (content_disposition != NULL)
4040 MHD_add_response_header (response,
"Content-Disposition",
4041 content_disposition);
4042 g_free (content_disposition);
4044 ret = MHD_queue_response (connection, http_response_code, response);
4053 MHD_destroy_response (response);
4068 append_param (
void *
string,
enum MHD_ValueKind kind,
const char *key,
4080 if (strcmp (key,
"token") && strcmp (key,
"r"))
4082 g_string_append ((GString*)
string, key);
4083 g_string_append ((GString*)
string,
"=");
4084 g_string_append ((GString*)
string, value);
4085 g_string_append ((GString*)
string,
"&");
4099 reconstruct_url (
struct MHD_Connection *connection,
const char *url)
4103 full_url = g_string_new (url);
4106 g_string_append (full_url,
"?r=1&");
4108 MHD_get_connection_values (connection, MHD_GET_ARGUMENT_KIND,
4109 append_param, full_url);
4111 if (full_url->str[strlen (full_url->str) - 1] ==
'&')
4112 full_url->str[strlen (full_url->str) - 1] =
'\0';
4114 return g_string_free (full_url, FALSE);
4127 get_client_address (
struct MHD_Connection *conn,
char *client_address)
4129 const char* x_real_ip;
4133 x_real_ip = MHD_lookup_connection_value (conn,
4138 && x_real_ip && g_utf8_validate (x_real_ip, -1, NULL) == FALSE)
4141 strncpy (client_address, x_real_ip, INET6_ADDRSTRLEN);
4143 strncpy (client_address,
"unix_socket", INET6_ADDRSTRLEN);
4146 const union MHD_ConnectionInfo* info;
4148 info = MHD_get_connection_info (conn, MHD_CONNECTION_INFO_CLIENT_ADDRESS);
4149 sockaddr_as_str ((
struct sockaddr_storage *) info->client_addr,
4175 const char *url,
const char *method,
4176 const char *version,
const char *upload_data,
4177 size_t * upload_data_size,
void **con_cls)
4179 const char *url_base =
"/";
4180 char *default_file =
"/login/login.html", client_address[INET6_ADDRSTRLEN];
4182 char *content_disposition = NULL;
4183 gsize response_size = 0;
4184 int http_response_code = MHD_HTTP_OK;
4185 const char *xml_flag = NULL;
4189 if ((!strcmp (method,
"GET")) && *con_cls == NULL)
4200 *con_cls = (
void *) con_info;
4205 if (&url[0] == NULL)
4213 if (url && (url[0] ==
'/') && (url[1] ==
'/'))
4218 "/login/login.html", NULL);
4226 if (url && (g_utf8_validate (url, -1, NULL) == FALSE))
4230 MHD_HTTP_BAD_REQUEST, NULL,
4236 if (strcmp (method,
"GET") && strcmp (method,
"POST"))
4250 g_debug (
"============= url: %s\n", reconstruct_url (connection, url));
4252 if (!strcmp (&url[0], url_base))
4257 if ((!strcmp (method,
"GET"))
4258 && (!strncmp (&url[0],
"/login/", strlen (
"/login/")))
4259 && !url[strlen (
"/login/")])
4266 if (!strcmp (method,
"GET"))
4268 const char *token, *
cookie, *accept_language, *xml_flag;
4269 const char *omp_cgi_base =
"/omp";
4271 struct MHD_Response *response;
4280 xml_flag = MHD_lookup_connection_value (connection,
4281 MHD_GET_ARGUMENT_KIND,
4290 if (!strcmp (url, default_file))
4295 char ctime_now[200];
4296 const char* accept_language;
4304 accept_language = MHD_lookup_connection_value (connection,
4308 && g_utf8_validate (accept_language, -1, NULL) == FALSE)
4312 MHD_HTTP_BAD_REQUEST, NULL,
4324 if (xml_flag && strcmp (xml_flag,
"0"))
4331 response = MHD_create_response_from_buffer (strlen (res), res,
4332 MHD_RESPMEM_MUST_FREE);
4335 return handler_send_response (connection,
4338 content_disposition,
4343 #ifdef SERVE_STATIC_ASSETS
4345 if (!strcmp (url,
"/favicon.ico")
4346 || !strcmp (url,
"/favicon.gif"))
4348 response = file_content_response (NULL,
4350 &http_response_code,
4352 &content_disposition);
4354 return handler_send_response (connection,
4357 content_disposition,
4364 if (strncmp (url,
"/img/", strlen (
"/img/")) == 0
4365 || strncmp (url,
"/js/", strlen (
"/js/")) == 0
4366 || strncmp (url,
"/css/", strlen (
"/css/")) == 0)
4368 response = file_content_response (NULL,
4370 &http_response_code,
4372 &content_disposition);
4374 return handler_send_response (connection,
4377 content_disposition,
4385 token = MHD_lookup_connection_value (connection,
4386 MHD_GET_ARGUMENT_KIND,
4390 g_debug (
"%s: Missing token in arguments", __FUNCTION__);
4399 cookie = MHD_lookup_connection_value (connection,
4405 get_client_address (connection, client_address);
4406 ret = get_client_address (connection, client_address);
4411 MHD_HTTP_BAD_REQUEST, NULL,
4416 ret =
user_find (cookie, token, client_address, &user);
4428 "Internal error", __FUNCTION__, __LINE__,
4429 "An internal error occurred inside GSA daemon. "
4430 "Diagnostics: Bad token.",
4431 "/omp?cmd=get_tasks", &response_data);
4437 char ctime_now[200];
4442 accept_language = MHD_lookup_connection_value (connection,
4446 && g_utf8_validate (accept_language, -1, NULL) == FALSE)
4450 MHD_HTTP_BAD_REQUEST, NULL,
4456 ?
"Login failed. OMP service is down."
4458 ?
"Login failed. Error during authentication."
4467 if (xml_flag && strcmp (xml_flag,
"0"))
4475 response = MHD_create_response_from_buffer (strlen (res), res,
4476 MHD_RESPMEM_MUST_FREE);
4480 return handler_send_response (connection,
4483 content_disposition,
4496 char ctime_now[200];
4505 cmd = MHD_lookup_connection_value (connection,
4506 MHD_GET_ARGUMENT_KIND,
4510 if (cmd && g_utf8_validate (cmd, -1, NULL))
4512 if (strncmp (cmd,
"export", strlen (
"export")) == 0)
4514 else if (strcmp (cmd,
"get_report") == 0)
4516 const char *report_format_id;
4518 report_format_id = MHD_lookup_connection_value
4520 MHD_GET_ARGUMENT_KIND,
4521 "report_format_id");
4522 if (report_format_id
4523 && g_utf8_validate (report_format_id, -1, NULL))
4528 accept_language = MHD_lookup_connection_value (connection,
4532 && g_utf8_validate (accept_language, -1, NULL) == FALSE)
4536 MHD_HTTP_BAD_REQUEST, NULL,
4542 if ((export == 0) && strncmp (url,
"/logout", strlen (
"/logout")))
4544 full_url = reconstruct_url (connection, url);
4545 if (full_url && g_utf8_validate (full_url, -1, NULL) == FALSE)
4556 if (strncmp (url,
"/logout", strlen (
"/logout")))
4566 ? (strncmp (url,
"/logout", strlen (
"/logout"))
4567 ?
"Session has expired. Please login again."
4568 :
"Already logged out.")
4570 ?
"Cookie missing or bad. Please login again."
4571 :
"Token missing or bad. Please login again."),
4574 full_url ? full_url :
"",
4580 if (xml_flag && strcmp (xml_flag,
"0"))
4589 response = MHD_create_response_from_buffer (strlen (res), res,
4590 MHD_RESPMEM_MUST_FREE);
4593 return handler_send_response (connection,
4596 content_disposition,
4606 if (!strncmp (url,
"/logout", strlen (
"/logout")))
4610 char ctime_now[200];
4619 accept_language = MHD_lookup_connection_value (connection,
4623 && g_utf8_validate (accept_language, -1, NULL) == FALSE)
4627 MHD_HTTP_BAD_REQUEST, NULL,
4632 xml =
login_xml (
"Successfully logged out.",
4640 if (xml_flag && strcmp (xml_flag,
"0"))
4647 response = MHD_create_response_from_buffer (strlen (res), res,
4648 MHD_RESPMEM_MUST_FREE);
4651 return handler_send_response (connection,
4654 content_disposition,
4659 language = g_strdup (user->
language);
4663 accept_language = MHD_lookup_connection_value
4664 (connection, MHD_HEADER_KIND,
"Accept-Language");
4666 && g_utf8_validate (accept_language, -1, NULL) == FALSE)
4670 MHD_HTTP_BAD_REQUEST, NULL,
4675 credentials = credentials_new (user, language, client_address);
4679 credentials = credentials_new (user, language, client_address);
4681 credentials->
caller = reconstruct_url (connection, url);
4683 && g_utf8_validate (credentials->
caller, -1, NULL) == FALSE)
4685 g_free (credentials->
caller);
4686 credentials->
caller = NULL;
4689 sid = g_strdup (user->
cookie);
4695 if (!strncmp (&url[0], omp_cgi_base, strlen (omp_cgi_base)))
4699 unsigned int res_len = 0;
4700 gchar *content_type_string = NULL;
4705 res =
exec_omp_get (connection, credentials, &content_type,
4706 &content_type_string, &content_disposition,
4707 &response_size, &response_data);
4708 if (response_size > 0)
4710 res_len = response_size;
4715 res_len = strlen (res);
4717 xml_flag = credentials->
params
4720 if (xml_flag && strcmp (xml_flag,
"0"))
4724 response = MHD_create_response_from_buffer (res_len, (
void *) res,
4725 MHD_RESPMEM_MUST_FREE);
4726 if (content_type_string)
4728 MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE,
4729 content_type_string);
4730 g_free (content_type_string);
4736 else if (!strncmp (&url[0],
"/system_report/",
4737 strlen (
"/system_report/")))
4741 const char *slave_id;
4745 MHD_get_connection_values (connection, MHD_GET_ARGUMENT_KIND,
4746 params_mhd_add, params);
4748 params_mhd_validate (params);
4750 slave_id = MHD_lookup_connection_value (connection,
4751 MHD_GET_ARGUMENT_KIND,
4756 credentials_free (credentials);
4757 g_warning (
"%s: failed to validate slave_id, dropping request",
4766 &url[0] + strlen (
"/system_report/"),
4774 credentials_free (credentials);
4775 g_warning (
"%s: failed to get system reports, dropping request",
4779 response = MHD_create_response_from_buffer ((
unsigned int) res_len,
4780 res, MHD_RESPMEM_MUST_FREE);
4785 else if (!strncmp (&url[0],
"/help/",
4791 if (!g_ascii_isalpha (url[6]))
4795 "Invalid request", __FUNCTION__, __LINE__,
4796 "The requested help page does not exist.",
4797 "/help/contents.html", &response_data);
4801 gchar **preferred_languages;
4802 gchar *xsl_filename = NULL;
4804 GHashTable *template_attributes;
4805 int template_found = 0;
4808 if (g_regex_match_simple (
"^(?!xml)[[:alpha:]_][[:alnum:]-_.]*$",
4809 page, G_REGEX_CASELESS, 0) == 0)
4812 page = g_strdup (
"_invalid_");
4817 char ctime_now[200];
4821 assert (credentials->
token);
4826 pre = g_markup_printf_escaped
4828 "<version>%s</version>"
4829 "<vendor_version>%s</vendor_version>"
4835 "<charts>%i</charts>"
4837 "<client_address>%s</client_address>"
4838 "<help><%s/></help>",
4850 xml = g_strdup_printf (
"%s"
4851 "<capabilities>%s</capabilities>"
4857 preferred_languages = g_strsplit (credentials->
language,
":", 0);
4860 while (preferred_languages [index] && xsl_filename == NULL)
4862 gchar *help_language;
4863 help_language = g_strdup (preferred_languages [index]);
4864 xsl_filename = g_strdup_printf (
"help_%s.xsl",
4866 if (access (xsl_filename, R_OK) != 0)
4868 g_free (xsl_filename);
4869 xsl_filename = NULL;
4870 if (strchr (help_language,
'_'))
4872 *strchr (help_language,
'_') =
'\0';
4873 xsl_filename = g_strdup_printf (
"help_%s.xsl",
4875 if (access (xsl_filename, R_OK) != 0)
4877 g_free (xsl_filename);
4878 xsl_filename = NULL;
4882 g_free (help_language);
4887 = g_hash_table_new (g_str_hash, g_str_equal);
4889 g_hash_table_insert (template_attributes,
"match", page);
4890 g_hash_table_insert (template_attributes,
"mode",
"help");
4894 = find_element_in_xml_file (xsl_filename,
"xsl:template",
4895 template_attributes);
4897 if (template_found == 0)
4901 = find_element_in_xml_file (
"help.xsl",
"xsl:template",
4902 template_attributes);
4905 if (template_found == 0)
4911 "/help/contents.html", &response_data);
4913 else if (xsl_filename)
4925 g_strfreev (preferred_languages);
4926 g_free (xsl_filename);
4933 "Invalid request", __FUNCTION__, __LINE__,
4934 "Error generating help page.",
4935 "/help/contents.html", &response_data);
4938 response = MHD_create_response_from_buffer (strlen (res), res,
4939 MHD_RESPMEM_MUST_FREE);
4947 #ifdef SERVE_STATIC_ASSETS
4948 response = file_content_response (credentials,
4950 &http_response_code,
4952 &content_disposition);
4957 "/login/login.html", NULL);
4958 response = MHD_create_response_from_buffer (strlen (msg),
4960 MHD_RESPMEM_MUST_COPY);
4974 if (attach_sid (response, sid) == MHD_NO)
4977 MHD_destroy_response (response);
4978 g_warning (
"%s: failed to attach SID, dropping request",
4987 && (strcmp (cmd,
"get_aggregate") == 0
4988 || strcmp (cmd,
"get_assets_chart") == 0
4989 || strcmp (cmd,
"get_tasks_chart") == 0))
4998 credentials_free (credentials);
4999 return handler_send_response (connection,
5002 content_disposition,
5010 credentials_free (credentials);
5011 g_warning (
"%s: memory or file access problem, dropping request",
5017 if (!strcmp (method,
"POST"))
5020 const char *sid, *accept_language;
5024 if (NULL == *con_cls)
5055 *con_cls = (
void *) con_info;
5062 if (0 != *upload_data_size)
5066 *upload_data_size = 0;
5070 sid = MHD_lookup_connection_value (connection,
5076 con_info->
cookie = g_strdup (sid);
5078 accept_language = MHD_lookup_connection_value (connection,
5082 && g_utf8_validate (accept_language, -1, NULL) == FALSE)
5086 MHD_HTTP_BAD_REQUEST, NULL,
5092 get_client_address (connection, client_address);
5093 ret = get_client_address (connection, client_address);
5098 MHD_HTTP_BAD_REQUEST, NULL,
5105 ret =
exec_omp_post (con_info, &user, &new_sid, client_address);
5110 url = g_strdup_printf (
"%s&token=%s",
5127 xml_flag = con_info->
params
5131 if (xml_flag && strcmp (xml_flag,
"0"))
5142 new_sid ? new_sid :
"0",
5153 g_warning (
"%s: something went wrong, dropping request",
5167 drop_privileges (
struct passwd * user_pw)
5169 if (setgroups (0, NULL))
5171 g_critical (
"%s: failed to set groups: %s\n", __FUNCTION__,
5175 if (setgid (user_pw->pw_gid))
5177 g_critical (
"%s: failed to drop group privileges: %s\n", __FUNCTION__,
5181 if (setuid (user_pw->pw_uid))
5183 g_critical (
"%s: failed to drop user privileges: %s\n", __FUNCTION__,
5201 chroot_drop_privileges (gboolean do_chroot, gchar *drop,
5202 const gchar *subdir)
5204 struct passwd *user_pw;
5208 user_pw = getpwnam (drop);
5209 if (user_pw == NULL)
5211 g_critical (
"%s: Failed to drop privileges."
5212 " Could not determine UID and GID for user \"%s\"!\n",
5225 if (chroot (GSA_DATA_DIR))
5227 g_critical (
"%s: Failed to chroot to \"%s\": %s\n",
5236 if (user_pw && (drop_privileges (user_pw) == FALSE))
5238 g_critical (
"%s: Failed to drop privileges\n",
5245 gchar* root_face_dir = g_build_filename (
"/", subdir, NULL);
5246 if (chdir (root_face_dir))
5248 g_critical (
"%s: failed change to chroot root directory (%s): %s\n",
5252 g_free (root_face_dir);
5255 g_free (root_face_dir);
5259 gchar* data_dir = g_build_filename (GSA_DATA_DIR, subdir, NULL);
5260 if (chdir (data_dir))
5262 g_critical (
"%s: failed to change to \"%s\": %s\n",
5284 my_gnutls_log_func (
int level,
const char *text)
5286 fprintf (stderr,
"[%d] (%d) %s", getpid (), level, text);
5287 if (*text && text[strlen (text) -1] !=
'\n')
5288 putc (
'\n', stderr);
5303 g_debug (
"Initializing the Greenbone Security Assistant...\n");
5306 mutex = g_malloc (
sizeof (GMutex));
5307 g_mutex_init (mutex);
5308 users = g_ptr_array_new ();
5311 if (openvas_file_check_is_dir (GSA_DATA_DIR) < 1)
5313 g_critical (
"%s: Could not access %s!\n", __FUNCTION__, GSA_DATA_DIR);
5319 #if GCRYPT_VERSION_NUMBER < 0x010600
5320 gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
5327 if (!gcry_check_version (NULL))
5329 g_critical (
"%s: libgcrypt version check failed\n", __FUNCTION__);
5335 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
5343 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
5347 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
5352 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
5355 int ret = gnutls_global_init ();
5358 g_critical (
"%s: Failed to initialize GNUTLS.\n", __FUNCTION__);
5365 g_debug (
"Initialization of GSA successful.\n");
5387 pidfile_remove (
"gsad");
5409 register_signal_handlers ()
5413 || signal (SIGHUP, SIG_IGN) == SIG_ERR
5414 || signal (SIGPIPE, SIG_IGN) == SIG_ERR
5416 || signal (SIGCHLD, SIG_IGN) == SIG_ERR)
5418 || signal (SIGCHLD, SIG_DFL) == SIG_ERR)
5425 mhd_logger (
void *arg,
const char *fmt, va_list ap)
5429 vsnprintf (buf,
sizeof (buf), fmt, ap);
5431 g_warning (
"MHD: %s", buf);
5434 static struct MHD_Daemon *
5435 start_unix_http_daemon (
const char *unix_socket_path,
5436 int handler (
void *,
struct MHD_Connection *,
5437 const char *,
const char *,
const char *,
5438 const char *,
size_t *,
void **))
5440 struct sockaddr_un addr;
5447 g_warning (
"%s: Couldn't create UNIX socket", __FUNCTION__);
5450 addr.sun_family = AF_UNIX;
5451 strncpy (addr.sun_path, unix_socket_path, sizeof (addr.sun_path));
5452 if (!stat (addr.sun_path, &ustat))
5456 unlink (addr.sun_path);
5457 oldmask = umask (~ustat.st_mode);
5459 if (bind (
unix_socket, (
struct sockaddr *) &addr,
sizeof (
struct sockaddr_un))
5462 g_warning (
"%s: Error on bind(%s): %s", __FUNCTION__,
5463 unix_socket_path, strerror (errno));
5470 g_warning (
"%s: Error on listen(): %s", __FUNCTION__, strerror (errno));
5474 return MHD_start_daemon
5475 (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG, 0,
5476 NULL, NULL, handler, NULL, MHD_OPTION_NOTIFY_COMPLETED,
5478 MHD_OPTION_PER_IP_CONNECTION_LIMIT, 30,
5479 MHD_OPTION_EXTERNAL_LOGGER, mhd_logger, NULL, MHD_OPTION_END);
5482 static struct MHD_Daemon *
5483 start_http_daemon (
int port,
5484 int handler (
void *,
struct MHD_Connection *,
const char *,
5485 const char *,
const char *,
const char *,
5490 if (
address.ss_family == AF_INET6)
5492 #if MHD_VERSION >= 0x00092800
5493 ipv6_flag = MHD_USE_DUAL_STACK;
5495 ipv6_flag = MHD_USE_IPv6;
5498 ipv6_flag = MHD_NO_FLAG;
5499 return MHD_start_daemon
5500 (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG | ipv6_flag, port,
5501 NULL, NULL, handler, NULL, MHD_OPTION_NOTIFY_COMPLETED,
5503 MHD_OPTION_PER_IP_CONNECTION_LIMIT, 30,
5504 MHD_OPTION_EXTERNAL_LOGGER, mhd_logger, NULL, MHD_OPTION_END);
5507 static struct MHD_Daemon *
5508 start_https_daemon (
int port,
const char *key,
const char *cert,
5509 const char *priorities,
const char *dh_params)
5513 if (
address.ss_family == AF_INET6)
5515 #if MHD_VERSION >= 0x00092800
5516 ipv6_flag = MHD_USE_DUAL_STACK;
5518 ipv6_flag = MHD_USE_IPv6;
5521 ipv6_flag = MHD_NO_FLAG;
5522 return MHD_start_daemon
5523 (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG | MHD_USE_SSL
5525 MHD_OPTION_HTTPS_MEM_KEY, key,
5526 MHD_OPTION_HTTPS_MEM_CERT, cert,
5528 MHD_OPTION_SOCK_ADDR, &
address,
5529 MHD_OPTION_PER_IP_CONNECTION_LIMIT, 30,
5530 MHD_OPTION_HTTPS_PRIORITIES, priorities,
5531 MHD_OPTION_EXTERNAL_LOGGER, mhd_logger, NULL,
5533 #
if MHD_VERSION >= 0x00093500
5534 dh_params ? MHD_OPTION_HTTPS_MEM_DHPARAMS : MHD_OPTION_END,
5546 gsad_address_set_port (
int port)
5548 struct sockaddr_in *gsad_address = (
struct sockaddr_in *) &
address;
5549 struct sockaddr_in6 *gsad_address6 = (
struct sockaddr_in6 *) &
address;
5551 gsad_address->sin_port = htons (port);
5552 gsad_address6->sin6_port = htons (port);
5564 gsad_address_init (
const char *address_str,
int port)
5566 struct sockaddr_in *gsad_address = (
struct sockaddr_in *) &
address;
5567 struct sockaddr_in6 *gsad_address6 = (
struct sockaddr_in6 *) &
address;
5569 gsad_address_set_port (port);
5572 if (inet_pton (AF_INET6, address_str, &gsad_address6->sin6_addr) > 0)
5574 else if (inet_pton (AF_INET, address_str, &gsad_address->sin_addr) > 0)
5578 g_warning (
"Failed to create GSAD address %s", address_str);
5584 gsad_address->sin_addr.s_addr = INADDR_ANY;
5585 gsad_address6->sin6_addr = in6addr_any;
5586 if (ipv6_is_enabled ())
5611 sigset_t sigmask_all, sigmask_current;
5617 g_critical (
"%s: Initialization failed!\nExiting...\n", __FUNCTION__);
5618 exit (EXIT_FAILURE);
5623 static gboolean do_chroot = FALSE;
5624 static gchar *drop = NULL;
5625 static gboolean foreground = FALSE;
5626 static gboolean http_only = FALSE;
5627 static gboolean print_version = FALSE;
5628 static gboolean no_redirect = FALSE;
5629 static gboolean secure_cookie = FALSE;
5631 static gchar *gsad_address_string = NULL;
5632 static gchar *gsad_manager_address_string = NULL;
5633 static gchar *gsad_manager_unix_socket_path = NULL;
5634 static gchar *gsad_port_string = NULL;
5635 static gchar *gsad_redirect_port_string = NULL;
5636 static gchar *gsad_manager_port_string = NULL;
5637 static gchar *gsad_vendor_version_string = NULL;
5638 static gchar *gsad_login_label_name = NULL;
5639 static gchar *ssl_private_key_filename = OPENVAS_SERVER_KEY;
5640 static gchar *ssl_certificate_filename = OPENVAS_SERVER_CERTIFICATE;
5641 static gchar *dh_params_filename = NULL;
5642 static gchar *unix_socket_path = NULL;
5643 static gchar *gnutls_priorities =
"NORMAL";
5644 static int debug_tls = 0;
5645 static gchar *face_name = NULL;
5646 static gchar *guest_user = NULL;
5647 static gchar *guest_pass = NULL;
5650 static gchar *http_guest_chart_frame_opts
5652 static gchar *http_guest_chart_csp
5654 static int hsts_enabled = FALSE;
5656 static gboolean ignore_x_real_ip = FALSE;
5657 static int verbose = 0;
5658 GError *error = NULL;
5659 GOptionContext *option_context;
5660 static GOptionEntry option_entries[] = {
5661 {
"drop-privileges",
'\0',
5662 0, G_OPTION_ARG_STRING, &drop,
5663 "Drop privileges to <user>.",
"<user>" },
5665 0, G_OPTION_ARG_NONE, &foreground,
5666 "Run in foreground.", NULL},
5668 0, G_OPTION_ARG_NONE, &http_only,
5669 "Serve HTTP only, without SSL.", NULL},
5672 0, G_OPTION_ARG_STRING, &gsad_address_string,
5673 "Listen on <address>.",
"<address>" },
5675 0, G_OPTION_ARG_STRING, &gsad_manager_address_string,
5676 "Manager address.",
"<address>" },
5678 0, G_OPTION_ARG_STRING, &gsad_port_string,
5679 "Use port number <number>.",
"<number>"},
5681 0, G_OPTION_ARG_STRING, &gsad_manager_port_string,
5682 "Use manager port number <number>.",
"<number>"},
5684 0, G_OPTION_ARG_STRING, &gsad_redirect_port_string,
5685 "Redirect HTTP from this port number <number>.",
"<number>"},
5686 {
"no-redirect",
'\0',
5687 0, G_OPTION_ARG_NONE, &no_redirect,
5688 "Don't redirect HTTP to HTTPS.", NULL },
5690 0, G_OPTION_ARG_NONE, &verbose,
5691 "Has no effect. See INSTALL for logging config.", NULL },
5693 0, G_OPTION_ARG_NONE, &print_version,
5694 "Print version and exit.", NULL},
5695 {
"vendor-version",
'\0',
5696 0, G_OPTION_ARG_STRING, &gsad_vendor_version_string,
5697 "Use <string> as version in interface.",
"<string>"},
5698 {
"login-label",
'\0',
5699 0, G_OPTION_ARG_STRING, &gsad_login_label_name,
5700 "Use <string> as login label.",
"<string>"},
5701 {
"ssl-private-key",
'k',
5702 0, G_OPTION_ARG_FILENAME, &ssl_private_key_filename,
5703 "Use <file> as the private key for HTTPS",
"<file>"},
5704 {
"ssl-certificate",
'c',
5705 0, G_OPTION_ARG_FILENAME, &ssl_certificate_filename,
5706 "Use <file> as the certificate for HTTPS",
"<file>"},
5708 0, G_OPTION_ARG_FILENAME, &dh_params_filename,
5709 "Diffie-Hellman parameters file",
"<file>"},
5711 0, G_OPTION_ARG_NONE, &do_chroot,
5712 "Do chroot.", NULL},
5713 {
"secure-cookie",
'\0',
5714 0, G_OPTION_ARG_NONE, &secure_cookie,
5715 "Use a secure cookie (implied when using HTTPS).", NULL},
5717 0, G_OPTION_ARG_INT, &timeout,
5718 "Minutes of user idle time before session expires.",
"<number>"},
5720 0, G_OPTION_ARG_INT, &debug_tls,
5721 "Enable TLS debugging at <level>",
"<level>"},
5722 {
"gnutls-priorities",
'\0',
5723 0, G_OPTION_ARG_STRING, &gnutls_priorities,
5724 "GnuTLS priorities string.",
"<string>"},
5726 0, G_OPTION_ARG_STRING, &face_name,
5727 "Use interface files from subdirectory <dir>",
"<dir>"},
5728 {
"guest-username", 0,
5729 0, G_OPTION_ARG_STRING, &guest_user,
5730 "Username for guest user. Enables guest logins.",
"<name>"},
5731 {
"guest-password", 0,
5732 0, G_OPTION_ARG_STRING, &guest_pass,
5733 "Password for guest user. Defaults to guest username.",
"<password>"},
5734 {
"http-frame-opts", 0,
5735 0, G_OPTION_ARG_STRING, &http_frame_opts,
5736 "X-Frame-Options HTTP header. Defaults to \""
5739 0, G_OPTION_ARG_STRING, &http_csp,
5740 "Content-Security-Policy HTTP header. Defaults to \""
5742 {
"http-guest-chart-frame-opts", 0,
5743 0, G_OPTION_ARG_STRING, &http_guest_chart_frame_opts,
5744 "X-Frame-Options HTTP header for guest charts. Defaults to \""
5746 {
"http-guest-chart-csp", 0,
5747 0, G_OPTION_ARG_STRING, &http_guest_chart_csp,
5748 "Content-Security-Policy HTTP header. Defaults to \""
5751 0, G_OPTION_ARG_NONE, &hsts_enabled,
5752 "Enable HTTP Strict-Tranport-Security header.", NULL},
5753 {
"http-sts-max-age", 0,
5754 0, G_OPTION_ARG_INT, &hsts_max_age,
5755 "max-age in seconds for HTTP Strict-Tranport-Security header."
5758 {
"ignore-x-real-ip",
'\0',
5759 0, G_OPTION_ARG_NONE, &ignore_x_real_ip,
5760 "Do not use X-Real-IP to determine the client address.", NULL},
5761 {
"unix-socket",
'\0',
5762 0, G_OPTION_ARG_FILENAME, &unix_socket_path,
5763 "Path to unix socket to listen on",
"<file>"},
5764 {
"munix-socket",
'\0',
5765 0, G_OPTION_ARG_FILENAME, &gsad_manager_unix_socket_path,
5766 "Path to Manager unix socket",
"<file>"},
5771 g_option_context_new (
"- Greenbone Security Assistant Daemon");
5772 g_option_context_add_main_entries (option_context, option_entries, NULL);
5773 if (!g_option_context_parse (option_context, &argc, &argv, &error))
5775 g_critical (
"%s: %s\n\n", __FUNCTION__, error->message);
5776 exit (EXIT_FAILURE);
5778 g_option_context_free (option_context);
5785 if (http_only == FALSE && hsts_enabled)
5788 = g_strdup_printf (
"max-age=%d",
5789 hsts_max_age >= 0 ? hsts_max_age
5797 if (register_signal_handlers ())
5799 g_critical (
"Failed to register signal handlers!\n");
5800 exit (EXIT_FAILURE);
5805 printf (
"Greenbone Security Assistant %s\n", GSAD_VERSION);
5806 #ifdef GSAD_SVN_REVISION
5807 printf (
"SVN revision %i\n", GSAD_SVN_REVISION);
5811 printf (
"gnutls %s\n", gnutls_check_version (NULL));
5812 printf (
"libmicrohttpd %s\n", MHD_get_version ());
5814 printf (
"Copyright (C) 2010-2016 Greenbone Networks GmbH\n");
5815 printf (
"License GPLv2+: GNU GPL version 2 or later\n");
5817 (
"This is free software: you are free to change and redistribute it.\n"
5818 "There is NO WARRANTY, to the extent permitted by law.\n\n");
5819 exit (EXIT_SUCCESS);
5824 gnutls_global_set_log_function (my_gnutls_log_func);
5825 gnutls_global_set_log_level (debug_tls);
5831 g_critical (
"%s: libxml must be compiled with thread support\n",
5833 exit (EXIT_FAILURE);
5836 if (gsad_vendor_version_string)
5839 if (gsad_login_label_name)
5843 g_critical (
"Invalid character in login label name\n");
5844 exit (EXIT_FAILURE);
5848 if (no_redirect && gsad_redirect_port_string)
5850 g_warning (
"--no-redirect option given with --rport");
5856 if (setenv (
"TZ",
"utc 0", 1) == -1)
5858 g_critical (
"%s: failed to set timezone\n", __FUNCTION__);
5859 exit (EXIT_FAILURE);
5865 rc_name = g_build_filename (GSA_CONFIG_DIR,
"gsad_log.conf", NULL);
5866 if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
5867 log_config = load_log_configuration (rc_name);
5874 #ifdef GSAD_SVN_REVISION
5875 g_message (
"Starting GSAD version %s (SVN revision %i)\n",
5879 g_message (
"Starting GSAD version %s\n",
5887 if ((timeout < 1) || (timeout > 1440))
5889 g_critical (
"%s: Timeout must be a number from 1 to 1440\n",
5891 exit (EXIT_FAILURE);
5903 if (gsad_port_string)
5905 gsad_port = atoi (gsad_port_string);
5906 if (gsad_port <= 0 || gsad_port >= 65536)
5908 g_critical (
"%s: Port must be a number between 0 and 65536\n",
5910 exit (EXIT_FAILURE);
5914 if (gsad_manager_port_string)
5916 gsad_manager_port = atoi (gsad_manager_port_string);
5917 if (gsad_manager_port <= 0 || gsad_manager_port >= 65536)
5919 g_critical (
"%s: Manager port must be a number between 0 and 65536\n",
5921 exit (EXIT_FAILURE);
5926 old_locale = g_strdup (setlocale (LC_ALL, NULL));
5928 locale = setlocale (LC_ALL,
"");
5932 "Failed to set locale according to environment variables,"
5933 " gettext translations are disabled.",
5937 else if (strcmp (locale,
"C") == 0)
5939 g_message (
"%s: Locale for gettext extensions set to \"C\","
5940 " gettext translations are disabled.",
5946 if (strcasestr (locale,
"en_") != locale)
5948 g_warning (
"%s: Locale defined by environment variables"
5949 " is not an \"en_...\" one.",
5954 if (strcasecmp (nl_langinfo (CODESET),
"UTF-8"))
5955 g_warning (
"%s: Locale defined by environment variables"
5956 " does not use UTF-8 encoding.",
5959 g_debug (
"%s: gettext translation extensions are enabled"
5960 " (using locale \"%s\").",
5961 __FUNCTION__, locale);
5965 setlocale (LC_ALL, old_locale);
5966 g_free (old_locale);
5970 if (gsad_redirect_port_string)
5972 gsad_redirect_port = atoi (gsad_redirect_port_string);
5973 if (gsad_redirect_port <= 0 || gsad_redirect_port >= 65536)
5975 g_critical (
"%s: Redirect port must be a number between 0 and 65536\n",
5977 exit (EXIT_FAILURE);
5981 if (foreground == FALSE)
5984 g_debug (
"Forking...\n");
5985 pid_t pid = fork ();
5993 g_critical (
"%s: Failed to fork!\n", __FUNCTION__);
5994 exit (EXIT_FAILURE);
5998 exit (EXIT_SUCCESS);
6006 if (unix_socket_path)
6009 g_debug (
"Forking for unix socket...\n");
6010 pid_t pid = fork ();
6016 if (prctl (PR_SET_PDEATHSIG, SIGKILL))
6017 g_warning (
"%s: Failed to change parent death signal;"
6018 " unix socket process will remain if parent is killed:"
6026 g_warning (
"%s: Failed to fork for unix socket!\n", __FUNCTION__);
6027 exit (EXIT_FAILURE);
6040 g_debug (
"Forking for redirect...\n");
6041 pid_t pid = fork ();
6047 if (prctl (PR_SET_PDEATHSIG, SIGKILL))
6048 g_warning (
"%s: Failed to change parent death signal;"
6049 " redirect process will remain if parent is killed:"
6059 g_critical (
"%s: Failed to fork for redirect!\n", __FUNCTION__);
6060 exit (EXIT_FAILURE);
6074 g_critical (
"%s: Failed to register cleanup function!\n", __FUNCTION__);
6075 exit (EXIT_FAILURE);
6080 if (pidfile_create (
"gsad"))
6082 g_critical (
"%s: Could not write PID file.\n", __FUNCTION__);
6083 exit (EXIT_FAILURE);
6086 if (gsad_address_init (gsad_address_string, gsad_port))
6092 gsad_address_set_port (gsad_redirect_port);
6097 g_warning (
"%s: start_http_daemon redirect failed !", __FUNCTION__);
6098 return EXIT_FAILURE;
6102 g_debug (
"GSAD started successfully and is redirecting on port %d.\n",
6103 gsad_redirect_port);
6106 else if (unix_socket_path && !
unix_pid)
6110 omp_init (gsad_manager_unix_socket_path,
6111 gsad_manager_address_string,
6118 g_warning (
"%s: start_unix_http_daemon failed !", __FUNCTION__);
6119 return EXIT_FAILURE;
6123 g_debug (
"GSAD started successfully and is listening on unix"
6132 omp_init (gsad_manager_unix_socket_path,
6133 gsad_manager_address_string,
6139 if (
gsad_daemon == NULL && gsad_port_string == NULL)
6141 g_warning (
"Binding to port %d failed, trying default port %d next.",
6144 gsad_address_set_port (gsad_port);
6150 gchar *ssl_private_key = NULL;
6151 gchar *ssl_certificate = NULL;
6152 gchar *dh_params = NULL;
6156 if (!g_file_get_contents (ssl_private_key_filename, &ssl_private_key,
6159 g_critical (
"%s: Could not load private SSL key from %s: %s\n",
6161 ssl_private_key_filename,
6163 g_error_free (error);
6164 exit (EXIT_FAILURE);
6167 if (!g_file_get_contents (ssl_certificate_filename, &ssl_certificate,
6170 g_critical (
"%s: Could not load SSL certificate from %s: %s\n",
6172 ssl_certificate_filename,
6174 g_error_free (error);
6175 exit (EXIT_FAILURE);
6178 if (dh_params_filename &&
6179 !g_file_get_contents (dh_params_filename, &dh_params, NULL,
6182 g_critical (
"%s: Could not load SSL certificate from %s: %s\n",
6183 __FUNCTION__, dh_params_filename, error->message);
6184 g_error_free (error);
6185 exit (EXIT_FAILURE);
6188 gsad_daemon = start_https_daemon (gsad_port, ssl_private_key,
6189 ssl_certificate, gnutls_priorities,
6191 if (
gsad_daemon == NULL && gsad_port_string == NULL)
6193 g_warning (
"Binding to port %d failed, trying default port %d next.",
6196 gsad_address_set_port (gsad_port);
6198 (gsad_port, ssl_private_key, ssl_certificate,
6199 gnutls_priorities, dh_params);
6206 g_critical (
"%s: start_https_daemon failed!\n", __FUNCTION__);
6207 return EXIT_FAILURE;
6211 g_debug (
"GSAD started successfully and is listening on port %d.\n",
6218 if (chroot_drop_privileges (do_chroot, drop,
6221 if (face_name && strcmp (face_name, DEFAULT_GSAD_FACE))
6223 g_critical (
"%s: Cannot use custom face \"%s\".\n",
6224 __FUNCTION__, face_name);
6225 exit (EXIT_FAILURE);
6229 g_critical (
"%s: Cannot use default face \"%s\"!\n",
6230 __FUNCTION__, DEFAULT_GSAD_FACE);
6231 exit (EXIT_FAILURE);
6238 if (sigfillset (&sigmask_all))
6240 g_critical (
"%s: Error filling signal set\n", __FUNCTION__);
6241 exit (EXIT_FAILURE);
6243 if (pthread_sigmask (SIG_BLOCK, &sigmask_all, &sigmask_current))
6245 g_critical (
"%s: Error setting signal mask\n", __FUNCTION__);
6246 exit (EXIT_FAILURE);
6255 signal (termination_signal, SIG_DFL);
6259 if (pselect (0, NULL, NULL, NULL, NULL, &sigmask_current) == -1)
6263 g_critical (
"%s: pselect: %s\n", __FUNCTION__, strerror (errno));
6264 exit (EXIT_FAILURE);
6267 return EXIT_SUCCESS;
char * export_notes_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of notes.
int openvas_validator_alias(validator_t validator, const char *alias, const char *name)
Make an alias for a rule name.
char * get_report_omp(credentials_t *credentials, params_t *params, gsize *report_len, gchar **content_type, char **content_disposition, cmd_response_data_t *response_data)
Get a report and XSL transform the result.
#define DEFAULT_GSAD_HTTP_PORT
Fallback GSAD port for HTTP.
size_t content_length
Content length.
int answercode
HTTP response code.
int gsad_init()
Initialization routine for GSAD.
struct MHD_Daemon * gsad_daemon
The handle on the embedded HTTP daemon.
char * export_scanners_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of scanners.
char * export_permission_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a permission.
char * address
Client's IP address.
gchar * pw_warning
Password policy warning.
int authenticate_omp(const gchar *username, const gchar *password, gchar **role, gchar **timezone, gchar **severity, gchar **capabilities, gchar **language, gchar **pw_warning, GTree **chart_prefs, gchar **autorefresh)
Check authentication credentials.
char * export_role_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a role.
#define ELSE(name)
Add else branch for an OMP operation.
char * export_result_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a result.
char * new_filter_omp(credentials_t *credentials, params_t *params, cmd_response_data_t *response_data)
Returns page to create a new filter.
char * process_bulk_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Returns a process_bulk page.
void set_ext_gettext_enabled(int enabled)
Enable or disable gettext functions for extensions.
int gsad_base_cleanup()
Base init.
char * edit_schedule(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_schedule XML, XSL transform the result.
user_t * user_add(const gchar *username, const gchar *password, const gchar *timezone, const gchar *severity, const gchar *role, const gchar *capabilities, const gchar *language, const gchar *pw_warning, GTree *chart_prefs, const gchar *autorefresh, const char *address)
Add a user.
char * export_users_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of users.
void cmd_response_data_init(cmd_response_data_t *data)
Initializes a cmd_response_data_t struct.
int user_set_chart_pref(const gchar *token, gchar *pref_id, gchar *pref_value)
Set a chart preference of a user.
char * edit_note(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Edit note, get next page, XSL transform the result.
char * capabilities
Capabilites of manager.
#define USER_GUEST_LOGIN_ERROR
#define DEFAULT_GSAD_FACE
Default face name.
param_t * params_get(params_t *params, const char *name)
Get param.
char * timezone
User's timezone.
content_type
Content types.
gchar * language
User Interface Language, in short form like "en".
char * gsad_message(credentials_t *credentials, const char *title, const char *function, int line, const char *msg, const char *backurl, cmd_response_data_t *response_data)
Handles fatal errors.
char * dashboard(credentials_t *credentials, params_t *params, cmd_response_data_t *response_data)
Show a dashboard.
char * export_preference_file_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a file preference.
char * edit_override(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Edit override, get next page, XSL transform the result.
char * SERVER_ERROR
Server error HTML.
char * export_alert_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export an alert.
params_t * params
Request parameters.
#define DEFAULT_GSAD_LANGUAGE
Default language code, used when Accept-Language header is missing.
char * download_ssl_cert(credentials_t *credentials, params_t *params, gsize *response_size, cmd_response_data_t *response_data)
Get an SSL Certificate.
int params_given(params_t *params, const char *name)
Get whether a param was given at all.
#define USER_BAD_MISSING_COOKIE
struct sockaddr_storage address
The IP address of this program, "the GSAD".
gchar * guest_username
Guest username.
int user_set_language(const gchar *token, const gchar *language)
Set language of user.
gchar * http_guest_chart_x_frame_options
Current guest chart specific value for HTTP header "X-Frame-Options".
int unix_socket
Unix socket to listen on.
char * caller
Caller URL, for POST relogin.
int send_response(struct MHD_Connection *connection, const char *content, int status_code, const gchar *sid, enum content_type content_type, const char *content_disposition, size_t content_length)
Sends a HTTP response.
char * export_tag_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a tag.
char * export_port_lists_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of Port Lists.
char * edit_target(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_target XML, XSL transform the result.
int charts
Whether to show charts for this user.
Response information for commands.
char * edit_permission(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_permission XML, XSL transform the result.
char * export_tags_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of tags.
char * edit_user(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_user XML, XSL transform the result.
#define EXPIRES_LENGTH
Max length of cookie expires param.
void omp_init(const gchar *manager_address_unix, const gchar *manager_address_tls, int port_manager)
Init the GSA OMP library.
#define DEFAULT_GSAD_X_FRAME_OPTIONS
Default value for HTTP header "X-Frame-Options".
int main(int argc, char **argv)
Main routine of Greenbone Security Assistant daemon.
char * export_credentials_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of Credentials.
void params_mhd_validate_values(const char *parent_name, void *params)
Validate param values.
validator_t openvas_validator_new()
Create a new validator.
void user_remove(user_t *user)
Remove a user from the session "database", releasing the user_t too.
void params_free(params_t *params)
Make a params.
void set_chroot_state(int state)
Sets the chroot state.
int download_credential_omp(credentials_t *credentials, params_t *params, gsize *result_len, char **html, char **login, cmd_response_data_t *response_data)
Export a Credential in a defined format.
int session_timeout
Maximum number of minutes of user idle time.
#define DEFAULT_GSAD_GUEST_CHART_X_FRAME_OPTIONS
Default value for HTTP header "X-Frame-Options" for guest charts.
char * export_agent_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a agent.
void set_language_code(gchar **lang, const gchar *language)
Set language code of user.
#define DATE_2822_LEN
At least maximum length of rfc2822 format date.
#define USER_GUEST_LOGIN_FAILED
char * export_override_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export an override.
#define SESSION_TIMEOUT
Max number of minutes between activity in a session.
#define MHD_HTTP_NOT_ACCEPTABLE
The symbol is deprecated, but older versions (0.9.37 - Debian jessie) don't define it yet...
gchar * capabilities
Capabilities.
char * export_schedule_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a schedule.
void openvas_validator_add(validator_t validator, const char *name, const char *regex)
Add or overwrite a validation rule.
char * export_config_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a config.
int connectiontype
1=POST, 2=GET.
void cmd_response_data_reset(cmd_response_data_t *data)
Clears a cmd_response_data_t struct.
#define USER_IP_ADDRESS_MISSMATCH
gchar * guest_password
Guest password.
int serve_post(void *coninfo_cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *content_type, const char *transfer_encoding, const char *data, uint64_t off, size_t size)
Serves part of a POST request.
char * get_report_section_omp(credentials_t *credentials, params_t *params, cmd_response_data_t *response_data)
Get a report section, XSL transform the result.
Structure of credential related information.
char * export_groups_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of groups.
const char * params_original_value(params_t *params, const char *name)
Get original value of param, before validation.
GTree * chart_prefs
Chart preferences.
gchar * severity
Severity class.
#define DEFAULT_GSAD_PORT
Fallback unprivileged GSAD port.
gchar * accept_language_to_env_fmt(const char *accept_language)
Convert an Accept-Language string to the LANGUAGE env variable form.
int user_set_password(const gchar *token, const gchar *password)
Set password of user.
char * username
Name of user.
char * export_assets_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of assets.
const char * NOT_FOUND_TITLE
Title for "Page not found" messages.
char * export_filters_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of filters.
int exec_omp_post(struct gsad_connection_info *con_info, user_t **user_return, gchar **new_sid, const char *client_address)
Handle a complete POST request.
gchar * openvas_validator_alias_for(validator_t validator, const char *alias)
Get the name of the rule for which a rule is an alias.
char * content_disposition
Content disposition of reponse.
char * new_override(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Return the new overrides page.
int user_set_autorefresh(const gchar *token, const gchar *autorefresh)
Set default autorefresh interval of user.
GSList * log_config
Logging parameters, as passed to setup_log_handlers.
Headers/structs for a string validator.
char * autorefresh
Auto-refresh interval.
GTree * last_filt_ids
Last filter ids.
char * client_address
Client's address.
int openvas_validate(validator_t validator, const char *name, const char *value)
Validate a string for a given rule.
char * export_user_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a user.
gchar * redirect
Redirect URL.
char * token
Request session token.
gchar * timezone
Timezone.
#define DEFAULT_GSAD_HSTS_MAX_AGE
Default "max-age" for HTTP header "Strict-Transport-Security".
char * edit_agent(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_agent XML, XSL transform the result.
Headers/structs used generally in GSA.
char * edit_tag(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_tag XML, XSL transform the result.
#define MAX_FILE_NAME_SIZE
Maximum length of "file name" for /help/ URLs.
char * edit_scanner(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_scanner XML, XSL transform the result.
char * export_roles_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of roles.
char * cvss_calculator(credentials_t *credentials, params_t *params, cmd_response_data_t *response_data)
void vendor_version_set(const gchar *version)
Set the vendor version.
char * new_permission(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup new_permission XML, XSL transform the result.
char * export_results_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of results.
char * export_tasks_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of tasks.
pid_t unix_pid
PID of unix socket child in parent, 0 in child.
validator_t validator
Parameter validator.
struct timeval cmd_start
Seconds since command page handler started.
char * save_user_omp(credentials_t *credentials, params_t *params, char **password_return, char **modified_user, int *logout_user, cmd_response_data_t *response_data)
Modify a user, get all users, XSL transform the result.
gchar * login_xml(const gchar *message, const gchar *token, const gchar *time, const gchar *url, const gchar *i18n, const gchar *guest)
Generate XML for login page.
char * export_overrides_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of overrides.
pid_t redirect_pid
PID of redirect child in parent, 0 in child.
int guest
Whether the user is a guest.
char * export_schedules_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of schedules.
char * export_configs_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of scan configs.
char * response
HTTP response text.
char * BAD_REQUEST_PAGE
Bad request error HTML.
#define SID_COOKIE_NAME
Name of the cookie used to store the SID.
char * xsl_transform_with_stylesheet(const char *xml_text, const char *xsl_stylesheet, cmd_response_data_t *response_data)
XSL Transformation.
params_t * params_new()
Make a params.
#define USER_BAD_MISSING_TOKEN
void user_release(user_t *user)
Release a user_t returned by user_add or user_find.
char * export_alerts_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of alerts.
#define DEFAULT_GSAD_HTTPS_PORT
Fallback GSAD port for HTTPS.
int user_logout_all_sessions(const gchar *username, credentials_t *credentials)
Logs out all sessions of a given user, except the current one.
char * edit_alert(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_alert XML, XSL transform the result.
char * export_report_formats_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of Report Formats.
struct MHD_PostProcessor * postprocessor
POST processor.
char * edit_filter(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_filter XML, XSL transform the result.
char * edit_asset(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit XML, XSL transform the result.
char * new_note(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Return the new notes page.
int chroot_state
Whether chroot is used.
int user_set_severity(const gchar *token, const gchar *severity)
Set severity class of user.
int send_redirect_to_uri(struct MHD_Connection *connection, const char *uri, user_t *user)
Sends a HTTP redirection to an uri.
gchar * http_x_frame_options
Current value for HTTP header "X-Frame-Options".
char * export_scanner_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a scanner.
int send_redirect_to_urn(struct MHD_Connection *connection, const char *urn, user_t *user)
Sends an HTTP redirection response to an urn.
void free_resources(void *cls, struct MHD_Connection *connection, void **con_cls, enum MHD_RequestTerminationCode toe)
Free resources.
int gsad_base_init()
Base init.
GPtrArray * users
User session data.
char * download_ca_pub(credentials_t *credentials, params_t *params, gsize *response_size, cmd_response_data_t *response_data)
Get a Scanner's CA Certificate.
char * export_agents_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of agents.
#define USER_EXPIRED_TOKEN
void gsad_cleanup()
Cleanup routine for GSAD.
int guest
Whether the user is a guest user.
param_t * params_append_bin(params_t *params, const char *name, const char *chunk_data, int chunk_size, int chunk_offset)
Append binary data to a param.
char * new_permissions(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup new_permissions XML, XSL transform the result.
gchar * username
Login name.
char * export_credential_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a Credential.
char * export_omp_doc_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Download the OMP doc.
char * token
Session token.
const char * params_value(params_t *params, const char *name)
Get value of param.
char * export_report_format_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a report format.
char * exec_omp_get(struct MHD_Connection *connection, credentials_t *credentials, enum content_type *content_type, gchar **content_type_string, char **content_disposition, gsize *response_size, cmd_response_data_t *response_data)
Handle a complete GET request.
void handle_signal_exit(int signal)
Handle a SIGINT signal.
gboolean params_iterator_next(params_iterator_t *iterator, char **name, param_t **param)
Increment a params iterator.
GTree * last_filt_ids
Last used filter ids.
char * language
Language code e.g. en.
int init_language_lists()
Initialize the list of available languages.
char * get_system_report_omp(credentials_t *credentials, const char *url, params_t *params, enum content_type *content_type, gsize *content_length, cmd_response_data_t *response_data)
Return system report image.
char * download_key_pub(credentials_t *credentials, params_t *params, gsize *response_size, cmd_response_data_t *response_data)
Get a Scanner's Certificate.
const gchar * vendor_version_get()
Get the vendor version.
int charts
Whether to show charts for this user.
char * export_task_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a task.
char * pw_warning
Password policy warning message.
User information structure, for sessions.
char * get_info(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Requests SecInfo.
int user_find(const gchar *cookie, const gchar *token, const char *address, user_t **user_return)
Find a user, given a token and cookie.
gchar * redirect
HTTP status code.
void add_guest_chart_content_security_headers(struct MHD_Response *response)
Add guest chart content security headers to a MHD response.
gchar * http_content_security_policy
Current value for HTTP header "Content-Security-Policy".
char * xsl_transform(const char *xml_text, cmd_response_data_t *response_data)
XSL Transformation.
#define UTF8_ERROR_PAGE(location)
void init_validator()
Initialise the parameter validator.
GHashTable * validator_t
A set of name rule pairs.
GTree * chart_prefs
Chart preferences.
volatile int termination_signal
Flag for signal handler.
char * export_group_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a group.
const char * ERROR_PAGE
Error page HTML.
char * severity
Severity class.
gchar * http_guest_chart_content_security_policy
Current guest chart value for HTTP header "Content-Security-Policy".
int download_agent_omp(credentials_t *credentials, params_t *params, gsize *result_len, char **html, char **filename, cmd_response_data_t *response_data)
Get an agent, XSL transform the result.
#define MAX_HOST_LEN
Maximum length of the host portion of the redirect address.
#define DEFAULT_GSAD_REDIRECT_PORT
Fallback GSAD port.
gboolean ignore_http_x_real_ip
Current preference for using X_Real_IP from HTTP header.
gchar * password
Password.
void add_security_headers(struct MHD_Response *response)
Add security headers to a MHD response.
#define params_iterator_init
char * current_page
Current page URL, for refresh.
char * cookie
Value of SID cookie param.
char * export_port_list_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a Port List.
const char * NOT_FOUND_MESSAGE
Main message for "Page not found" messages.
char * language
Accept-Language browser header.
gchar * redirect_location
Location for redirection server.
int user_set_timezone(const gchar *token, const gchar *timezone)
Set timezone of user.
char * export_targets_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of targets.
char * cookie
Cookie token.
char * save_my_settings_omp(credentials_t *credentials, params_t *params, const char *accept_language, char **timezone, char **password, char **severity, char **language, cmd_response_data_t *response_data)
Returns page with user's settings, for editing.
char * export_note_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a note.
int use_secure_cookie
Whether to use a secure cookie.
char * export_target_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a target.
#define DEFAULT_OPENVAS_MANAGER_PORT
Fallback Manager port.
int redirect_handler(void *cls, struct MHD_Connection *connection, const char *url, const char *method, const char *version, const char *upload_data, size_t *upload_data_size, void **con_cls)
HTTP request handler for GSAD.
params_t * params
Request parameters.
char * ctime_r_strip_newline(time_t *time, char *string)
Return string from ctime_r with newline replaces with terminator.
char * edit_group(credentials_t *credentials, params_t *params, const char *extra_xml, cmd_response_data_t *response_data)
Setup edit_group XML, XSL transform the result.
gchar * autorefresh
Auto-Refresh interval.
#define params_iterator_t
GCRY_THREAD_OPTION_PTHREAD_IMPL
Libgcrypt thread callback definition for libgcrypt < 1.6.0.
Headers for GSA's OMP communication module.
char * export_asset_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export an asset.
char * save_chart_preference_omp(credentials_t *credentials, params_t *params, gchar **pref_id, gchar **pref_value, cmd_response_data_t *response_data)
Save chart preferences.
#define POST_BUFFER_SIZE
Buffer size for POST processor.
int user_set_charts(const gchar *token, const int charts)
Set charts setting of user.
int label_name_set(const gchar *name)
Set the login label.
gchar * http_strict_transport_security
Current value of for HTTP header "Strict-Transport-Security".
int token_user_remove(const char *token)
Remove a user from the session "database", releasing the user_t too.
char * password
User's password.
char * export_filter_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a filter.
char * export_permissions_omp(credentials_t *credentials, params_t *params, enum content_type *content_type, char **content_disposition, gsize *content_length, cmd_response_data_t *response_data)
Export a list of permissions.
param_t * params_add(params_t *params, const char *name, const char *value)
Add a param.
#define DEFAULT_GSAD_GUEST_CHART_CONTENT_SECURITY_POLICY
Default guest charts value for HTTP header "Content-Security-Policy".
int handle_request(void *cls, struct MHD_Connection *connection, const char *url, const char *method, const char *version, const char *upload_data, size_t *upload_data_size, void **con_cls)
HTTP request handler for GSAD.
#define DEFAULT_GSAD_CONTENT_SECURITY_POLICY
Default value for HTTP header "Content-Security-Policy".
enum content_type content_type
Content type of response.
int token_user(const gchar *token, user_t **user_return)
Find a user, given a token.
1.8.8