pax_global_header00006660000000000000000000000064133415415100014507gustar00rootroot0000000000000052 comment=c32cbc912e08bbc8088da9f0aa9c0c2cdfb5ff7b gvm-libs-9.0.3/000077500000000000000000000000001334154151000132405ustar00rootroot00000000000000gvm-libs-9.0.3/.circleci/000077500000000000000000000000001334154151000150735ustar00rootroot00000000000000gvm-libs-9.0.3/.circleci/config.yml000066400000000000000000000004611334154151000170640ustar00rootroot00000000000000version: 2 jobs: build: docker: - image: greenbone/build-env-gvm-libs-openvas-libraries-9.0-debian-jessie-gcc-core steps: - checkout - run: name: Configure and Compile command: mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install gvm-libs-9.0.3/CHANGES000066400000000000000000002670011334154151000142410ustar00rootroot00000000000000SUMMARY OF RELEASE CHANGES FOR OPENVAS-LIBRARIES 9.0 ==================================================== For detailed code changes, please visit https://github.com/greenbone/gvm-libs/commits/openvas-libraries-9.0 or get the entire source code repository and view log history: $ git clone https://github.com/greenbone/gvm-libs.git $ cd gvm-libs && git checkout openvas-libraries-9.0 && git log openvas-libraries 9.0.3 (2018-08-29) This is the third maintenance release of the openvas-libraries 9.0 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Many thanks to everyone who contributed to this release: Hani Benhabiles, Christian Fischer, Matt Mundell, Juan Jose Nicola, Timo Pollmeier and Michael Wiegand. Main changes compared to 9.0.2: * Minimum required openvas-smb version to have WMI support has been raised to 1.0.4. * An issue related to a value inserted in nvticache has been addressed. * Support to specify a regex-based mandatory key has been added. * Nvticache cleanup has been improved. * Handling of duplicate nvt warning has been improved. * An issue related to the support for radcli library has been addressed. openvas-libraries 9.0.2 (2018-03-07) This is the second maintenance release of the openvas-libraries 9.0 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Many thanks to everyone who contributed to this release: Hani Benhabiles, Francesco Colista, Juan Jose Nicola, Timo Pollmeier and Björn Ricks, Michael Wiegand, Jan-Oliver Wagner, Matt Mundell and Albrecht Dreß. Main changes compared to 9.0.1: * Several memory management issues have been addressed. * NASL cryptography support has been updated. * Signature handling has been improved. * Child process signal handling has been improved. * Support for retrieving the prompt during keyboard-interactive SSH authentication has been added. * An issue which caused a segmentation fault in the NASL command 'get_port_state' under certain circumstances has been addressed. * An issue which caused incorrect NTLMSSP hashes under certain circumstances has been addressed. * Handling of connections closed by the client has been improved. * The default connection timeout when detecting services has been increased. * The handling of a number of frequently requested knowledge base keys has been improved. * More context to NVT/NASL related log messages has been added. * An issue which caused an error during close() call on UDP sockets from a NASL script has been addressed. * Support for retrieving vendor version information through a NASL command has been added. * Handling of SIGPIPE from hiredis in case of a socket disconnect has been added. * Handling of Redis connection error has been improved. * An issue which caused several running processes on scanned host under certain circumstances has been addressed. * Support for ldap search during the authentication process has been added. * Simplify scanner signatures verification. NVT's detached signatures were replaced with a digitally signed file with the hash list of the NVTs. * Full nvticache has been moved from .nvti files to Redis * Support for radcli library has been added. * Cleanup and handle of the kb content has been improved. openvas-libraries 9.0.1 (2017-03-07) This is the first maintenance release of the openvas-libraries 9.0 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Many thanks to everyone who contributed to this release: Hani Benhabiles and Timo Pollmeier. Main changes compared to 9.0.0: * Support for virtual hosts using TLS SNI has been added. * SSL handshake handling has been improved. * Error logging has been improved. * Several memory management issues have been addressed. * Support for hostnames without public domain in TLS certificates has been added. * Support for running NVTs with keys with multiple values has been added to openvas-nasl. openvas-libraries 9.0.0 (2016-11-09) This is the first release of the openvas-libraries 9.0 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Compared to the previous major release it covers various improvements for the OpenVAS services and applications. Noteworthy are the support for unix domain sockets, the osp module and shifting the auth.conf file into the OpenVAS Manager database. Many thanks to everyone who contributed to this release: Sebastien Aucouturier, Benoît Allard, Hani Benhabiles, Guillaume Castagnino, Sven Haardiek, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to the 8.0 series: * "auth.conf" moved from filesystem into the OpenVAS Manager database. * Improved stand-alone "nasl" tool for testing single NVTs. * New "osp" submodule and support for OSP 1.1. * Added support for handling unix domain sockets. * Extensive code and performance improvements. * Removed NASL commands: script_description and get_kb_fresh_item. * libksba is now a mandatory dependency. * Minimum required version of gnutls raised to 3.2.15. * Minimum required version of glib raised to 2.32. * Minimum required version of cmake build environment raised to 2.8. Main changes compared to 8.1+beta3: * ECDSA public SSH keys are now handled correctly during export. * Support for the SHA256, SHA384 and SHA512 HMAC algorithms has been added. * Support for the RSA, RC4, DES-EDE-CBC, AES128-CBC and AES256-CBC encryption algorithms has been added. * Support for the SHA256 PRF algorithm has been added. * Handling of attempts to connect to the redis KB has been improved. * Support for SMBv2 signatures has been added. * The built-in 'find_service' plugin has been improved. * Support for the NASL command 'script_description' has been removed. * Support for the NASL command 'get_kb_fresh_item' has been removed. * The minimum required version of the GnuTLS library has been raised to 3.2.15 in order to enforce the presence of newer (more secure) TLS and ciphers. * Support for using an LDAP CA certificate passed via function parameter instead of a file has been added. * The minimum required version of the GLib library has been raised to 2.32 in order to allow the use of newer API elements. * The minimum required version of the openvas_wmiclient and openvas_wincmd libraries has been raised to 1.0.1. * The minimum required version of the CMake build framework has been raised to 2.8. * The libksba library has been made a mandatory dependency. It was initially an optional dependency, but the functionality it provides has since then become an integral part of NASL. * Support for verifying a server certificate when a connection is opened has been added. * Error messages from the NASL interpreter have been improved. * Support for connections via Unix domains sockets has been added. * Handling of connection failures has been improved. * A number of memory leaks have been fixed. * The build process has been improved. * Comprehensive code cleanups. * Various minor fixes and code improvements. openvas-libraries 8.1+beta3 (2016-04-14) This release is the third beta version of the upcoming version 8.1 of openvas-libraries. It will be part of the upcoming "OpenVAS-9". Noteworthy changes since last release are the support for radius as well as numerous build and code improvements. Many thanks to everyone who has contributed this release: Sebastien Aucouturier, Benoît Allard, Hani Benhabiles, Guillaume Castagnino, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 8.1beta2: * Added support for radius as authentication service. * Added --config-file parameter to nasl command to load preferences. * Added --kb option to nasl command to set a KB key. * Added credentials type for SNMP. * Added support for OSP parameter credential type. * Added NASL API function SHA256(). * Special treatment of tag "risk_factor" removed. * NASL API calls security_note, security_warning and security_hole removed. * Improved hostname resolving via IPv6. * Remove usage of the deprecated Glib Trash Stack. * Various minor fixes and code improvements. * Various build improvements. openvas-libraries 8.1+beta2 (2015-10-21) This release is the second beta version of the upcoming 8.1 of openvas-libraries. It will be part of the upcoming "OpenVAS-9". Noteworthy changes since last release are support of first OSP 1.1 features as well as several build and code improvements. Many thanks to everyone who has contributed this release: Hani Benhabiles, Sven Haardiek, Timo Pollmeier and Michael Wiegand. Main changes compared to 8.1beta1: * New NASL functions "ssh_get_host_key" and "DES". * Improved support for pre 0.6.0 versions of libssh. * Extended support for OSP clients, including support of OSP 1.1 features. * Extend build instructions with -Wextra. * Fix left-over file descriptors in the connections table with ssh sockets. * Various minor fixes code improvements. openvas-libraries 8.1+beta1 (2015-07-17) This release is the first beta version of the upcoming 8.1 of openvas-libraries. It will be part of the upcoming "OpenVAS-9". Main new features and other changes of 8.1 compared to 8.0 include reduced memory usage and other internal improvements. Starting with this release, the authentication configuration is expected to be provided through a callback instead of an "auth.conf" file. Many thanks to everyone who has contributed this release: Benoît Allard, Hani Benhabiles, Sven Haardiek, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 8.0.x: * Memory usage has been reduced by using Redis for in-memory NVT OID and file name caches. * Authentication code has been reworked. A manager callback is now used in place of the "auth.conf" file. * Internal data structures have been optimized. * Caching strategies have been improved. * The handling of malformed script_tags has been improved. * OSP related code has been move to a new "osp" submodule to resolve a cyclic dependency between the "base" and "omp" submodules. * Library detection and linking has been improved. * Documentation has been updated. * Support for SNMPv2c has been added. * A number of issues discovered through static code analysis have been addressed. * Obsolete code has been removed. openvas-libraries 8.0.1 (2015-04-01) This is the first maintenance release of the openvas-libraries 8.0 module for the Open Vulnerability Assessment System 8 (OpenVAS-8). It contains some smaller fixes and cleanups, most addressing build and dependency issues. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Matthew Mundell and Michael Wiegand. Main changes compared to 8.0.0: * Small improvements to the configuration and build process to also allow for some static builds. * Bugfix to make it work with libssh 0.5 again. * Improved SNMP NASL commands. * Internal code cleanups and improvements. Among this, removed various unneeded functions and arguments. openvas-libraries 8.0.0 (2015-03-16) This is the first release of the openvas-libraries 8.0 module for the Open Vulnerability Assessment System 8 (OpenVAS-8). Compared to the previous major release it covers a broad set of improvements for the various OpenVAS services and applications. Many thanks to everyone who contributed to this release: Benoît Allard, Hani Benhabiles, Henri Doreau, Andre Heinecke, Michael Meyer, Matthew Mundell, Timo Pollmeier, Thanga Prakash, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to the 7.0 series: * The minimum required version of GnuTLS has been raised to 2.12. * The knowledge base (KB) back end is now based on Redis. This make the hiredis library a mandatory prerequisite. * The libssh library is now a mandatory prerequisite. * OpenVAS Libraries now uses the openvas-smb module for optional WMI and related functionality. * Optional SNMP support has been added, this make Net-SNMP an optional prerequisite. * Support for using ECDSA SSH keys has been added. This requires libssh 0.6.0 or newer. * Support for PKCS#8 encrypted SSH keys has been added. * Support for the new OpenVAS Scanner Protocol (OSP) has been added. * New option "-B" for command line tool "openvas-nasl" to make the script run in description mode first. * Export file names are now more customizable. * The built-in find_service plugin now sends a Host header with HTTP GET requests. * The Host header for HTTP(S) requests will no longer include the port number if the port is 80 or 443 respectively. * The public key part for SSH credentials is no longer required as it is redundant. * Support for the obsolete OMP rcfile element has been removed. * Support for the obsolete target locators concept has been removed. * Support for pausing scan tasks has been removed. * Support for the scanner option "ntp_short_status" has been removed. This was a condensed syntax for OTP "STATUS" command. * NVTi cache files no longer include the "src" element. * The "action" element is no longer included in the OTP "STATUS" response. * Issues which caused some task properties to not be transferred correctly to scan slaves have been fixed. * Significant memory consumption reduction of which primarily OpenVAS Scanner benefits from. * Library checks during package configuration have been improved and are now more comprehensive and consistent. * Handling of linker and compiler flags during package configuration has been improved and simplified. * The build process has been cleaned up. * The User-Agent used for HTTP requests has been updated. * Handling of user specific severity values has been improved. * Handling of IPv6 IPs has been improved. * The strategy for retrying GnuTLS handshakes has been improved. * Improved password policy warning handling. * Improved logging. * Various code quality improvements based on automatic and manual code analysis. Main changes compared to 8.0+beta6: * An issue which caused some task properties to not be transferred correctly to scan slaves has been fixed. * An issue which caused the SSH key type to be missing from exported SSH public keys has been fixed. * An issue with caused SSH credentials from the knowledge base to incorrectly take precedence over those supplied as function arguments has been fixed. * Support for PKCS#8 encrypted SSH keys has been added. * SSH support has been improved. * OMP support has been improved. * Code cleanups. openvas-libraries 8.0+beta6 (2015-02-11) This release is the sixth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-8". This release switches openvas-libraries to using the new openvas-smb module for WMI and related functionality. It also fixes an issue with transferring SSH settings to scan slaves, improves support for OSP and addresses various issues with the configuration and build environment. Many thanks to everyone who has contributed this release: Benoît Allard, Hani Benhabiles, Andre Heinecke, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 8.0+beta5: * openvas-libraries now uses the openvas-smb module for WMI and related functionality. * An issue which caused SSH port setting to not be transferred correctly to scan slaves has been fixed. * OSP support has been improved. * Library checks during package configuration have been improved and are now more comprehensive and consistent. * Handling of linker and compiler flags during package configuration has been improved and simplified. * Various code quality improvements based on automatic and manual code analysis. openvas-libraries 8.0+beta5 (2015-01-12) This release is the fifth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-8". This release adds initial support for SNMP requests and makes export file names more customizable. It also contains improvements to header used for HTTP(S) request along with other improvements and cleanups as well as and updated documentation for WMI support. Many thanks to everyone who has contributed this release: Hani Benhabiles, Michael Meyer, Matthew Mundell, Timo Pollmeier and Jan-Oliver Wagner. Main changes compared to 8.0+beta4: * SNMP support has been added. * Export file names are now more customizable. * The User-Agent used for HTTP requests has been updated. * The Host header for HTTP(S) requests will no longer include the port number if the port is 80 or 443 respectively. * The built-in find_service plugin now sends a Host header with HTTP GET requests. * NVTi cache files no longer include the "src" element. * Handling of user specific severity values has been improved. * Handling of IPv6 IPs has been improved. * OSP support has been improved. * The strategy for retrying GnuTLS handshakes has been improved. * The WMI support documentation has been updated. * The build process has been cleaned up. * Various code quality improvements based on automatic and manual code analysis. openvas-libraries 8.0+beta4 (2014-11-20) This release is the fourth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-8". This release includes the results of yet another significant memory consumption reduction as well as comprehensive code cleanups including various memory leaks. Many thanks to everyone who has contributed this release: Benoît Allard, Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell, Thanga Prakash, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 8.0+beta3: * Raised minimum required version of GnuTLS to 2.12. * Significant memory consumption reduction of which primarily OpenVAS benefits from. * Drop support for scanner option "ntp_short_status". This was a condensed syntax for OTP "STATUS" command. * Removed "action" from the STATUS otp response. * Skip OMP library log messages when sending passwords. * Added support for using ecdsa keys when libssh 0.6.0 or higher is present. * Introduced global preferences store. * Split up single pc file for entire module into one pc file per library. * Improved logging. * Various code quality improvements based on automatic and manual code analysis. openvas-libraries 8.0+beta3 (2014-10-14) This release is the third beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-8". This release includes the results of further consolidation of memory management and comprehensive code cleanups. It addresses multiple memory leaks and improves the stability of concurrent XML parsing. Many thanks to everyone who has contributed this release: Hani Benhabiles, Henri Doreau, Matthew Mundell, Timo Pollmeier and Jan-Oliver Wagner. Main changes compared to 8.0+beta2: * Further steps toward a comprehensive consolidation of memory management. * Further comprehensive code cleanups in a number of areas. * Multiple memory leaks have been identified and addressed. * Stability of concurrent XML parsing has been improved. * WMI support patch has been updated. openvas-libraries 8.0+beta2 (2014-09-22) This release is the second beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-8". This release is the result of further comprehensive code cleanups and steps towards a consolidated memory management. It also features improvements to the logging of the NASL parser and a more versatile detection of the hiredis library. Many thanks to everyone who has contributed this release: Hani Benhabiles, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 8.0+beta1: * Steps toward a comprehensive consolidation of memory management. * Further comprehensive code cleanups in a number of areas. * Error messages from the NASL parser now include script name and line number. * Log messages during OMP XML parsing are now logged with more appropriate log levels. * Detection of the hiredis library has been made more versatile. * GPLv2+ licence notices now contain the exact wording suggested by the Free Software Foundation. openvas-libraries 8.0+beta1 (2014-08-21) This release is the first beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-8". Main new features and other changes of 8.0 compared to 7.0 include the new redis-based backend for the Knowldge Base (KB) and support for OpenVAS Scanner Protocol (OSP). Many thanks to everyone who has contributed this release: Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 7.0.x: * Changed the kowledge base (KB) backend to a redis-based one. This adds the mandatory prerequisite for the library hiredis. * Made libssh a mandatory prerequisite. * Added support functions for new OpenVAS Scanner Potocol (OSP). * Improved password policy warning handling. * New option "-B" for command line tool "openvas-nasl" to make the script run in description mode first. * Dropped the public key part for SSH credentials as it is redundant. * Dropped support for OMP rcfile. * Dropped support for target locators. * Dropped support for pausing scan tasks. * Improved support of server connections including TLS part (GNUTLS). * Various little fixes and extensions. * Comprehensive code-cleanups. openvas-libraries 7.0.1 (2014-04-23) This is the first maintenance release of the openvas-libraries 7.0 module for the Open Vulnerability Assessment System 7 (OpenVAS-7). It contains various smaller fixes and cleanups and adds some NASL API functions for ssl. Many thanks to everyone who has contributed to the 7.0.1 release: Benoît Allard, Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 7.0.0: * Added socket_get_ssl_session_id(), socket_get_ssl_version(), socket_get_ssl_ciphsersuite and socket_get_ssl_compression() to NASL API. * Moved the lsc rpm creator script to module openvas-manager. * Improved compatibility with libssh versions. * Improved package configuration. * Improved sample configuration files. * Various minor bug-fixes. openvas-libraries 7.0.0 (2014-04-09) This is the first release of the openvas-libraries 7.0 module for the Open Vulnerability Assessment System 7 (OpenVAS-7). Compared to the previous major release it covers a broad set of improvements for the various OpenVAS services and applications. Many thanks to everyone who has contributed to the 7.0.0 release: Benoît Allard, Sebastian Aucouturier, Hani Benhabiles, Henri Doreau, Dan Fandrich, Andre Heinecke, Werner Koch, Matthew Mundell, Timo Pollmeier, Thanga Prakash, Thomas Rotter, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 6.0.x: * Add TLSv1.1 and TLSv1.2 support. * Add ability to specify a gnutls priority for a scanner context. * Add debug info when parameters are missing in script_xref / script_tag calls. * Add support for NASL to run commands remotely on Windows when authenticated. * Unify LOG, NOTE and INFO message types as ALARM. * Support for NVT with new style tags has been added. * NVT severity classification now uses the CVSS value of the NVTs instead of separate message types. * The authentication system has been converted to support database users. * Separate key directories are now used for signature verification and credential encryption. * File based user specific rules support has been removed. * File based role management has been removed. * New OpenVAS Hosts API with cleaner code and documentation and various new features (IPv6 ranges, hosts exclusions and deduplications, reverse lookups only/unify hosts, multiple hosts ordering strategies etc,.) * Removal of HG submodule. * Improved support for compiling openvas-libraries in MINGW. * Add support for initializing libgcrypt before use. * Remove handling of .nes dependencies extensions. * The required minimum GnuTLS version has increased to 2.8. * Default build behaviour has been changed to produce only dynamically linked files. * Additional tool "nasl-lint" to support NASL developers. * Support for gzip compression has been added to NASL, introducing a new dependency on zlib. * Some functions of Manager are moved to libraries. * Reimplemented proctitle handling. * Fixed an issue which prevent a static build of openvas-libraries from succeeding. * The port range option "default" has been removed. * Sending of the "SERVER <|> PORT" message of OTP has been removed. * Use UTF-8 for OTP. * Various small fixes, improvements and code cleanups. And additionally changes compared to last beta release 7.0+beta9: * Removed force_pubkey_auth preference as certificates are always verified. * NASL command cert_query: Added "algorithm-name" command type. * New NASL command: socket_ssl_negotiate. * New NASL command: socket_get_cert. * Cleaned up remote authentication module: Dropped ldap and ads, keep only ldap_connect. openvas-libraries 7.0+beta9 (2014-03-28) This is the ninht beta release of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release implements the first steps of PFS support. Many thanks to everyone who contributed to this release: Hani Benhabiles and Jan-Oliver Wagner. Main changes since 7.0+beta8: * First step for PFS support. * Code cleanup. openvas-libraries 7.0+beta8 (2014-03-26) This is the eight beta release of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release adds TLSv1.1 and TLSv2.1 support and cleanup a large amount of code. Many thanks to everyone who contributed to this release: Hani Benhabiles and Jan-Oliver Wagner. Main changes since 7.0+beta7: * Add TLSv1.1 and TLSv1.2 support. * Add ability to specify a gnutls priority for a scanner context. * Code cleanup. openvas-libraries 7.0+beta7 (2014-03-12) This release is the seventh beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release feature a clean reimplementation of process title handling and a small code cleanup. Many thanks to everyone who has contributed this release: Hani Benhabiles and Michael Wiegand. Main changes compared to 7.0+beta5: * Reimplemented proctitle handling. * Code cleanup. openvas-libraries 7.0+beta6 (2014-03-05) This release is the sixth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release removes a large amount of unused code, addresses a number of code quality issue and reenables statically linking openvas-libraries when requested. Many thanks to everyone who has contributed this release: Hani Benhabiles, Henri Doreau, Matthew Mundell, Michael Wiegand and Jan-Oliver Wagner. Main changes compared to 7.0+beta5: * Removed large amount of unused code. * Addressed code quality issues. * Fixed an issue which prevent a static build of openvas-libraries from succeeding. openvas-libraries 7.0+beta5 (2014-02-16) This release is the fifth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release addresses many bug fixes and small improvements as well as code cleanups. Many thanks to everyone who has contributed this release: Benoît Allard, Sebastian Aucouturier, Hani Benhabiles, Henri Doreau, Dan Fandrich, Michael Wiegand, Jan-Oliver Wagner. Main changes compared to 7.0+beta4: * Some functions of Manager are moved to libraries. * Many small fixes, improvements and code cleanups. openvas-libraries 7.0+beta4 (2014-01-09) This release is the fourth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release includes the switch for OTP from latin1 to utf-8 and the new helper tool nasl-lint. Many thanks to everyone who has contributed this release: Benoît Allard, Hani Benhabiles, Matthew Mundell, Michael Wiegand. Main changes compared to 7.0+beta3: * Additional tool "nasl-lint" to support NASL developers. * Use UTF-8 for OTP. * Various small fixes, improvements and code cleanups. openvas-libraries 7.0+beta3 (2013-11-21) This release is the third beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release includes support for gzip compression in NASL scripts and changes the default build behaviour to produce only dynamically linked files. It also features a number of small improvements to the build process and library use as well as code cleanups. Many thanks to everyone who has contributed this release: Hani Benhabiles, Andre Heinecke, Matthew Mundell, Thomas Rotter, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 7.0+beta2: * Support for gzip compression has been added to NASL, introducing a new dependency on zlib. * Default build behaviour has been changed to produce only dynamically linked files. * Simplify handling of certain SSL ports. * Fix support for NASL to run commands remotely on Windows when authenticated. * Add support for initializing libgcrypt before use. * Improved support for compiling openvas-libraries in MINGW. * Various small fixes, improvements and code cleanups. openvas-libraries 7.0+beta2 (2013-09-26) This release is the second beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". This release includes the openvas_hosts interface that replaces the HG module, handling of .nes extensions removal, memory leaks fixes, unifying of message types as alarm, ability for nasl to run windows commands remotely and various other small changes. Many thanks to everyone who has contributed this release: Jan-Oliver Wagner, Michael Wiegand, Henri Doreau, Werner Koch, Matthew Mundell, Hani Benhabiles, Thanga Prakash, Felix Wolfsteller and Timo Pollmeier. Main changes compared to 7.0+beta2: * Remove handling of .nes dependencies extensions. * New OpenVAS Hosts API with cleaner code and documentation and various new features (IPv6 ranges, hosts exclusions and deduplications, reverse lookups only/unify hosts, multiple hosts ordering strategies etc,.) * Removal of HG submodule. * Fix a couple of memory leaks. * openvas-nasl now uses new openvas_hosts interface instead of hg. * Add debug info when parameters are missing in script_xref / script_tag calls. * Add support for NASL to run commands remotely on Windows when authenticated. * Unify LOG, NOTE and INFO message types as ALARM. * Don't interpret threat and cvss parameters in security_message. * Various small fixes, improvements and code cleanups. openvas-libraries 7.0+beta1 (2013-06-20) This release is the first beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-7". Main new features and other changes of 7.0 compared to 6.0 include the removal of functionality now being handler by other modules, changes to the OTP protocol, support for CVSS based severity classification and code cleanups. Many thanks to everyone who has contributed this release: Hani Benhabiles, Hanno Boeck, Henri Doreau, Werner Koch, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 6.0.x: * The port range option "default" has been removed. * Service list handling has been removed. * Support for NVT with new style tags has been added. * The required minimum GnuTLS version has increased to 2.8. * NVT severity classification now uses the CVSS value of the NVTs instead of separate message types. * The authentication system has been converted to support database users. * Separate key directories are now used for signature verification and credential encryption. * File based user specific rules support has been removed. * File based role management has been removed. * Sending of the "SERVER <|> PORT" message of OTP has been removed. * Protocol version has been changed to OTP 2.x. * Code cleanup. openvas-libraries 6.0+beta5 (2013-02-22) This release is the fifth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-6". This release includes support for enforcing a password policy for passwords changes through various OpenVAS modules. Many thanks to everyone who has contributed this release: Hani Benhabiles, Werner Koch and Jan-Oliver Wagner. Main changes compared to 6.0+beta4: * Support for enforcing a password policy has been moved to openvas-libraries. * A bug in NVTI cache handling has been fixed. openvas-libraries 6.0+beta4 (2013-02-19) This release is the fourth beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-6". Major changes are support for LDAPS and memory optimization for NVTI. Many thanks to everyone who has contributed this release: Hani Benhabiles, Henri Doreau, Werner Koch, Preeti Subramanian, Jan-Oliver Wagner and Felix Wolfsteller. Main changes compared to 6.0+beta3: * Internally compute CVSS and Risk Factor always from CVSS Base vector, if available. * Ignore NASL tags setting a risk_factor. It will therefore not be stored in nvti files and not transferred via OTP. * Internal memory storage for NVTI changed to use caching. * Improved binding procedures for MS Active Directory Services. * New: Support for LDAPS. * Added: WMI registry functions. * Various little code improvements, bug-fixes and cleanups. openvas-libraries 6.0+beta3 (2012-12-14) This release is the third beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-6". It fixes an issue which caused credentials to be not transferred correctly when scanning through a slave and improves SSH and X.509 functionality and dependency handling in the build process. Many thanks to everyone who has contributed this release: Werner Koch, Matthew Mundell Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 6.0+beta2: * An issue which caused credentials to be not transferred correctly when scanning through a slave has been fixed. * SSH functionality has been improved. * Library detection and handling of library flags during the build process have been improved. openvas-libraries 6.0+beta2 (2012-11-02) This release is the second beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-6". It improves the handling of system report requests. Many thanks to everyone who has contributed this release: Matthew Mundell and Michael Wiegand. Main changes compared to 6.0+beta1: * Handling of system report requests has been improved. openvas-libraries 6.0+beta1 (2012-10-26) This release is the first beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS-6". Main new feature and other changes of 6.0 compared to 5.0 include: New support of x509 certificate NASL API and improved SSH support. Many thanks to everyone who has contributed this release: Andre Heinecke, Werner Koch, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner, Sascha Wilde and Felix Wolfsteller. Main changes compared to 5.0.x: * Added TLS support for NASL API to allow x509 certificate testing in NVTs. * Improved support of libssh for SSH connection handling. Environment variable "OPENVAS_DISABLE_LIBSSH" can disable the new functionality. * Improved performance by avoiding too many "gpg --version" calls. * Removing the code that prevented special functions being executed by non-authenticated NVTs. Background is that either the whole feed is treated as authenticated or as non-authenticated, but not a mixture of it. * Removed deprecated NASL variable "OPENVAS_NASL_LEVEL". * Several memory leaks fixed. * Various compile for special compilers issues fixed. * Internal code cleanups. * Updated documentation. openvas-libraries 5.0.1 (2012-04-24) This is the first maintenance release of the openvas-libraries 5.0 module for the Open Vulnerability Assessment System 5 (OpenVAS-5). It contains a fix for the route selection and raises the glib dependency to 2.16. Many thanks to everyone who has contributed to the 5.0.1 release: Christian Schmidt, Jan-Oliver Wagner and Michael Wiegand Main changes compared to 5.0.0: * Route selection now uses the most specific route instead of the first matching. * The glib dependency has been raised from 2.12 to 2.16 since the current version already uses functions from 2.16. openvas-libraries 5.0.0 (2012-03-25) This is the first release of the openvas-libraries 5.0 module for the Open Vulnerability Assessment System 5 (OpenVAS-5). Compared to the previous major release it covers a broad set of improvements for the various OpenVAS services and applications. Many thanks to everyone who has contributed to the 5.0.0 release: Michal Ambroz, Henri Doreau, Andre Heinecke, Bernhard Herzog, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 4.0.x: * New NASL function get_script_oid(). * NASL function debug_message() renamed to error_message(). * New NASL function security_message(). * Added "Observer" role for LDAP users. * Extended support for LDAP authentication * The LDAP auth DN validation has been improved. * Vulnerability references (CVE, BID) are not added to result text anymore. * Built-in NVT Find Services now sends only log messages. * Built-in NVT Nmap: Improved efficiency and support CPE sent by Nmap. * Removed copy of regexp and use system functions always. * Replaced deprecated gnutls function calls by proper replacements to simplify build process. * Some support for simpler MacOS compilation. * Removed NASL variable NASL_LEVEL (was already marked deprecated) * Various improvements to build process. * A bug which caused outdated cache files to be used under rare circumstances has been fixed. * Code cleanup and refactoring has taken place in NVT meta data management. * Libssh detection has been improved. * Support for the observer role has been added and functionality for user management has been moved from openvas-administrator to openvas-libraries. * Support for name conversion for legacy .nes dependencies when loading the cache has been removed. * Support for improved SSH functionality has been added. * Support for comprehensive network scanning with nmap has been added. * A number of compiler warnings have been addressed. * Support for shared sockets has been removed. * OpenVAS Libraries will now honor the unscanned_closed_udp preference when deciding how an unscanned UDP port should be treated. * Nmap support has been improved. And additionally changes compared to last release candidate 5.0+rc1: * Made LDAP support default during configuration. This can be disabled with cmake setting BUILD_WITHOUT_LDAP. * Added simple LDAP authentication support. * Added scanner preferences result_prepend_tags and result_append_tags to prepend or append tag contents to the description of a result. This is convenience functionality in preparation for the breaking up of the NVT description block and adding proper handling of refined meta information all over the OpenVAS Framework. openvas-libraries 5.0+rc1 (2012-03-10) This release is the first release candidate of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS 5". This release fixes various build issues and adds some long-waiting API extensions. Many thanks to everyone who has contributed this release: Michal Ambroz, Henri Doreau, Andre Heinecke, Bernhard Herzog, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 5.0+beta2: * New NASL function get_script_oid(). * NASL function debug_message() renamed to error_message(). * New NASL function security_message(). * Added "Observer" role for LDAP users. * Vulnerability references (CVE, BID) are not added to result text anymore. * Built-in NVT Find Services now sends only log messages. * Built-in NVT Nmap: Improved efficiency and support CPE sent by Nmap. * Extended support for LDAP authentication * Removed copy of regexp and use system functions always. * Replaced deprecated gnutls function calls by proper replacements to simplify build process. * Some support for simpler MacOS compilation. * Removed NASL variable NASL_LEVEL (was already marked deprecated) * Various improvements to build process. openvas-libraries 5.0+beta2 (2011-10-07) This release is the second beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS 5". This release fixes a cache file management issue discovered after there release of openvas-libraries 5.0+beta1, introduces support for the observer role and includes the result of a code cleanup and refactoring in the NVT meta data management. NOTE: Due to the changes in 5.0+beta2, it is strongly recommended to delete the contents of the OpenVAS Scanner cache directory to remove obsolete files and to force the Scanner to rebuild the cache. Many thanks to everyone who has contributed this release: Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 5.0+beta1: * A bug which caused outdated cache files to be used under rare circumstances has been fixed. * Code cleanup and refactoring has taken place in NVT meta data management. * Libssh detection has been improved. * The LDAP auth DN validation has been improved. * Support for the observer role has been added and functionality for user management has been moved from openvas-administrator to openvas-libraries. * Support for name conversion for legacy .nes dependencies when loading the cache has been removed. openvas-libraries 5.0+beta1 (2011-06-21) This release is the first beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS 5". Main new feature and other changes of 5.0 compared to 4.0 include: Support for comprehensive network scanning with nmap and for improved SSH functionality. Also support for shared sockets has been removed in accordance with OpenVAS Change Request #53. Many thanks to everyone who has contributed this release: Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 4.0.4: * Support for improved SSH functionality has been added. * Support for comprehensive network scanning with nmap has been added. * A number of compiler warnings have been addressed. * Support for shared sockets has been removed. * OpenVAS Libraries will now honor the unscanned_closed_udp preference when deciding how an unscanned UDP port should be treated. * Nmap support has been improved. openvas-libraries 4.0.4 (2011-05-04) This is the fourth maintenance release of the openvas-libraries 4.0 module for the Open Vulnerability Assessment System (OpenVAS). This release features improvements to the build environment, closes two potential resource leaks and ensures the unscanned_closed setting in honored for UDP ports as well. Many thanks to everyone who has contributed this release: Henri Doreau, Matthew Mundell, Pavel Sejnoha and Michael Wiegand. Main changes compared to 4.0.3: * The handling of internal dependencies while linking has been improved, parallel builds of openvas-libraries should now work. * Two potential resource leaks reported by Pavel Sejnoha and Henri Doreau have been fixed. * The setting "unscanned_closed" is now properly applied to UDP ports. openvas-libraries 4.0.3 (2011-03-03) This is the third maintenance release of the openvas-libraries 4.0 module for the Open Vulnerability Assessment System (OpenVAS). This release fixes a bug which lead to an incorrect dependency resolution when scheduling NVTs due to considering only the first dependency. It also fixes an issue which caused WMI requests to fail. Many thanks to everyone who has contributed this release: Chandrashekhar B and Michael Wiegand. Main changes compared to 4.0.2: * A bug which caused only the first NVT dependency to be considered has been fixed. * A bug which caused WMI connects to fail has been fixed. openvas-libraries 4.0.2 (2011-02-23) This is the second maintenance release of the openvas-libraries 4.0 module for the Open Vulnerability Assessment System (OpenVAS). This release ensures that a file required by OpenVAS Manager and OpenVAS Client to build credential packages for Local Security Checks (LSCs) is installed properly. Releases >= 4.0+rc3 failed to install this file. Many thanks to everyone who has contributed this release: Michael Wiegand and Felix Wolfsteller. Main changes compared to 4.0.1: * The LSC RPM creator support script is now installed correctly. openvas-libraries 4.0.1 (2011-02-21) This is the first maintenance release of the openvas-libraries 4.0 module for the Open Vulnerability Assessment System (OpenVAS). This release features improvements to the build environment, fixes an issue with IPv6 support on older systems and makes the check for administrative privileges more strict. Many thanks to everyone who has contributed this release: Chandrashekhar B, Matthew Mundell and Michael Wiegand. Main changes compared to 4.0.0: * The build environment has been consolidated. * A bug which could cause a segmentation fault when using IPv6 under certain circumstances has been fixed. * The check for administrative user privileges has been made more strict. openvas-libraries 4.0.0 (2011-02-03) This is the first release of the openvas-libraries 4.0 module for the Open Vulnerability Assessment System (OpenVAS). Compared to the previous major release it contains a major cleanup of code, build process and installation. This increases the efficiency of the OpenVAS Libraries, makes the build easier for and the installation compliant with the Filesystem Hierarchy Standard (FHS 2.3). Feature wise this release adds support for a network scan level, improves support for remote LDAP authentication, adds support for the extended OMP 2.0 protocol and introduced numerous other features request from the OpenVAS user community. Many thanks to everyone who has contributed to the 4.0.0 release: Stephan Kleine, Sooraj KS, Christian Kuersteiner, Matthew Mundell, Michael Wiegand, Jan-Oliver Wagner and Felix Wolfsteller. Main changes compared to 3.1.x: * NVT meta data management has been improved, resulting in a smaller memory footprint of the scanner. * Network level scan support. For example a initial port scan across a whole network segment is possible now. * Improved and fixed remote LDAP authentication which allows to manage OpenVAS users in a central LDAP service. * Former binary ".nes" NVTs "find_service", "openvas_tcp_scanner" and "synscan" are now built-in NASL methods. * Superfluous log messages regarding file uploads have been removed. * Further code analysis has resulted in a number of fixes to the code and the build environment in an effort to make the code even more secure and compatible across a wider range of platforms. * The former autotools build environment has been replaces with a build process using cmake and using pkgconfig for dependency checks. Main changes compared to last release candidate 4.0+rc4: * Setting file handling has been updated to match changes in openvas-scanner. * Support for pkg-config has been (re-)introduced. * File locations have been adjusted to conform to the Filesystem Hierarchy Standard. openvas-libraries 4.0+rc4 (2011-01-26) This release is the fourth release candidate for the next major release of the OpenVAS Libraries module. It will be part of the upcoming "OpenVAS 4". It features a number of fixes to the build environment and updated documentation. Many thanks to everyone who has contributed to this release: Stephan Kleine, Christian Kuersteiner, Michael Wiegand, Jan-Oliver Wagner and Felix Wolfsteller. Main changes compared to 4.0+rc3: * The build environment has fixed in a number of places to restore expected behaviour after the move to cmake. * The documentation has been updated to match the changes in the build environment. openvas-libraries 4.0+rc3 (2011-01-20) This release is the third release candidate for the next major release of Libraries module. It will be part of the upcoming "OpenVAS 4". It features a complete exchange of the build process which now is cmake-based. Also, numerous code elements were removed of which it was unclear whether they have still practical relevance. Many thanks to everyone who has contributed to this release: Matthew Mundell, Michael Wiegand, Jan-Oliver Wagner and Felix Wolfsteller. Main changes compared to 4.0+rc2: * Improved and fixed remote LDAP authentication. * Former binary ".nes" NVTs "find_service", "openvas_tcp_scanner" and "synscan" are now built-in NASL methods. * Any autotools-related build environment was removed. * At top-level a cmake-based build environment was introduced. * libopenvas_omp: Activated escaping of characters so that special characters can more save be allowed for some OMP commands. * example_auth.conf was updated with more sensible values. * Bug fix on Credential creation. * this package now initially creates required directories in the installation directory (if not present). This was done by other modules previously (mostly openvas-scanner) * Many old code paths for certain operting system environments have been removed. Most likely, HPUX, Solaris and similar won't compile this code anymore. openvas-libraries 4.0+rc2 (2011-01-10) This release is the second release candidate for the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS 4". It features a more robust user creation process and address further compiler warnings. Many thanks to everyone who has contributed to this release: Matthew Mundell, Michael Wiegand and Felix Wolfsteller. Main changes compared to 4.0+rc1: * The user creation process has been made more robust. * More compiler warnings have been addressed. openvas-libraries 4.0+rc1 (2010-12-20) This release is the first release candidate for the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS 4". It features updated documentation, addresses a number of compiler warning and fixes an incorrect warning in setuid environments. Many thanks to everyone who has contributed to this release: Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 4.0+beta2: * The documentation in the INSTALL_README file has been updated. * A number of compiler warnings by gcc 4.4 has been addressed. * A incorrect error message during user creation that only occurred in setuid environments has been removed. openvas-libraries 4.0+beta2 (2010-12-01) This release is the second beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS 4". It features improved handling of finished GnuTLS session, more consistent NASL functions for SMB and WMI connections and a number of fixes to the code and the build environment in an effort to make the code even more secure and more compatible. Many thanks to everyone who has contributed to this release: Sooraj KS, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 4.0+beta1: * Further code analysis has resulted in a number of fixes to the code and the build environment in an effort to make the code even more secure and compatible across a wider range of platforms. * The arguments for the NASL functions for WMI and SMB connections have been made more consistent. * The handling of finished GnuTLS sessions has been improved, eliminating superfluous log messages. openvas-libraries 4.0+beta1 (2010-11-18) This release is the first beta version of the next major release of openvas-libraries. It will be part of the upcoming "OpenVAS 4". Main new feature and other changes of 4.0 compared to 3.1 include: Support of a network scan level, reduced memory consumption, cleanup and reduction of code base and support of upcoming protocol OMP 2.0. Many thanks to everyone who has contributed to this release: Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.1.3: * Network level scan support. * The code for providing OMP functionality has been cleaned up. * Further code cleanup has lead to the removal of more than 3,500 lines of unused code. * A bug which tried to free memory that was not allocated before under some circumstances has been fixed. * Superfluous log messages regarding file uploads have been removed. * NVT meta data management has been improved, resulting in a smaller memory footprint of the scanner. * The install path for header files has been made more consistent. openvas-libraries 3.1.3 (2010-09-10) This is the 3.1.3 release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS). It fixes primarily a significant memory leak that will improve high load performance by about 40%. This release is recommended for anyone using OpenVAS for large scans to improve performance. Many thanks to everyone who has contributed to this release: Chandrashekhar B, Matthew Mundell, Thomas Reinke (the memory leak fixes), Michael Wiegand. Main changes compared to 3.1.1: * Significant memory leaks are closed. * Bug fix for handling shared file descriptors that now prevents unnecessary use of new file descriptors under certain circumstances. * Little fix in the nasl wmi api. openvas-libraries 3.1.2 (2010-08-04) This is the 3.1.2 release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS). It fixes a build issue that was discovered after the release of openvas-libraries 3.1.1. Many thanks to everyone who has contributed to this release: Michael Wiegand. Main changes compared to 3.1.1: * A bug in the WMI interface stub which caused the build to fail when configured without WMI has been fixed. openvas-libraries 3.1.1 (2010-08-03) This is the 3.1.1 release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS). It clarifies a number of licensing issues, updates the WMI infrastructure and documentation and adds cross compile support for mingw32 to openvas-libraries/base. Many thanks to everyone who has contributed to this release: Raimund Renkert, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.1.0: * Cross compile support for mingw32 has been added to openvas-libraries/base. * Missing copyright and license information has been added to a number of files. * The COPYING file has been updated to better indicate the licenses of individual files and the full text for all licenses has been added. * The WMI infrastructure has been updated to match necessary changes in the API of the WMI patch. * The documentation on using WMI in openvas-libraries has been updated. openvas-libraries 3.1.0 (2010-07-14) This is the 3.1.0 release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS). It adds a number of new features, for example support for NTLMSSP, for LDAP authentication, for preference file uploads to memory, for logging messages to syslog and for scanning virtual web hosts. Many thanks to everyone who has contributed to this release: Tim Brown, Geoff Galitz, Stephan Kleine, Goran Licina, Michael Meyer, Matthew Mundell, Raimund Renkert, Preeti Subramanian, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.5: * Code cleanup: Code from openvas-administrator and openvas-manager which could be more appropriately placed in openvas-libraries has been moved here. * Initial support for LDAP authentication has been added. * IPv6 support has been improved. * Support for building parts of openvas-libraries on Windows has been added. * Support for reading preference file uploads from memory instead of from disk has been added. * Support for NTLMSSP has been added. * Authentication mechanism extended to support LDAP and ADS. * An issue which caused SSH logins with RSA keys on remote systems to fail under certain circumstances has been fixed. * Support for logging to syslog has been added. * Support for scanning virtual web hosts has been added. openvas-libraries 3.1.0.rc3 (2010-07-01) This is the third release candidate of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.1 series. It fixes a build issue Gentoo GNU/Linux systems, addresses a compiler warning in the NTLMSSP code and ensure the most recent releases of openvas-client, openvas-cli and openvas-manager build with openvas-libraries 3.1.0. Many thanks to everyone who has contributed to this release: Preeti Subramanian and Michael Wiegand. Main changes compared to 3.1.0.rc2: * An issue which caused the build to fail on Gentoo GNU/Linux systems has been fixed. * An issue which caused openvas-client, openvas-cli and openvas-manager to fail to build with openvas-libraries has been fixed. openvas-libraries 3.1.0.rc2 (2010-06-28) This is the second release candidate of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.1 series. It extends the authentication mechanism to support LDAP and ADS and introduces support for logging messages to syslog and scanning virtual web hosts. Many thanks to everyone who has contributed to this release: Tim Brown, Goran Licina, Matthew Mundell, Raimund Renkert, Preeti Subramanian, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.1.0.rc1: * QA: A number of compiler warnings have been addressed. * Authentication mechanism extended to support LDAP and ADS. * An issue which caused SSH logins with RSA keys on remote systems to fail under certain circumstances has been fixed. * A bug which caused segmentation faults when using NTLMSSP authentication in openvas-libraries built with WMI supports has been fixed. * Support for logging to syslog has been added. * Support for scanning virtual web hosts has been added. openvas-libraries 3.1.0.rc1 (2010-05-19) This is the first release candidate of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.1 series. It adds support for NTLMSSP, for LDAP authentication, for preference file uploads to memory and for building some parts of openvas-libraries on Windows. Many thanks to everyone who has contributed to this release: Geoff Galitz, Stephan Kleine, Michael Meyer, Matthew Mundell, Raimund Renkert, Preeti Subramanian, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.5: * Code cleanup: Code from openvas-administrator and openvas-manager which could be more appropriately placed in openvas-libraries has been moved here. * Initial support for LDAP authentication has been added. * A bug which caused WMI support to be disabled in the standalone NASL interpreter has been fixed. * IPv6 support has been improved. * Support for building parts of openvas-libraries on Windows has been added. * Support for reading preference file uploads from memory instead of from disk has been added. * Support for NTLMSSP has been added. openvas-libraries 3.0.5 (2010-04-13) This is the fifth maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.0 series. It contains support for resuming tasks, improved packet forgery support for IPv6 environments and a reworked internal build infrastructure. Many thanks to everyone who has contributed to this release: Tim Brown, Stephan Kleine, Vlatko Kosturjak, Matthew Mundell, Mareike Piechowiak, Preeti Subramanian, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.4: * The build infrastructure for the hg and misc modules has been switch to CMake from autoconf. * Support for resuming tasks has been added to OMP. * Packet forgery support for IPv6 has been improved. * A build issue on Mandriva has been fixed. openvas-libraries 3.0.4 (2010-03-03) This is the fourth maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.0 series. It fixes several build issues, adds support for Windows registry hives and for using parts of openvas-libraries with C++. Many thanks to everyone who has contributed to this release: Chandrashekhar B, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.3: * Several build issues on Mandriva have been fixed. * Support for using openvas-libraries in C++ code has been introduced for some OMP libraries. * The openvas-nasl standalone NASL interpreter is now linked dynamically. * A bug which caused some GnuTLS error messages to be printed to stderr instead of to the logs had been fix. * Support for registry hives has been added to the WMI registry functions. * Support for detecting libraries in non-standard locations during the configuration process has been added. * Support for multiple levels of subdirectories in the NVT directory has been improved. openvas-libraries 3.0.3 (2010-02-04) This is the third maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.0 series. It improves support for OMP parsing, adds initial support for dropping privileges, and adds new crypto functions and support for SMB NTLMv1 and NTLMv2. Many thanks to everyone who has contributed to this release: Chandrashekhar B, Tim Brown, Matthew Mundell, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.2: * Initial support for dropping privileges. * New crypto functions and support for SMB NTLMv1 and NTLMv2. openvas-libraries 3.0.2 (2010-01-19) This is the second maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.0 series. It adds support for modifying the scanner configuration file through API calls, for example for use in the openvas-administrator. Many thanks to everyone who has contributed to this release: Matthew Mundell and Michael Wiegand. Main changes compared to 3.0.1: * Support for modifying scanner configuration files has been added. * The API for retrieving settings has been improved. openvas-libraries 3.0.1 (2010-01-11) This is the first maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 3.0 series. It contains an update to the OMP API and solves an issue that raised the version dependency on GnuTLS unnecessarily. Many thanks to everyone who has contributed to this release: Matthew Mundell, Michael Wiegand and Felix Wolfsteller Main changes compared to 3.0.0: * The OMP API has been updated. * An unnecessary GnuTLS call has been removed. * Minor code cleanups. openvas-libraries 3.0.0 (2009-12-18) This is the 3.0.0 release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS). It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 introduces a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client. Also, openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code line count has been reduced even though new features have been added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 also supports the new OpenVAS Manager and OpenVAS Administrator as optional extensions. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support (optional) * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 Main changes compared to 3.0.0-rc1: * A small number of potential resource leaks have been fixed. * IPv6 support has been improved. * Initial support for reading configuration files in the keyfile format has been added. openvas-libraries 3.0.0-rc1 (2009-12-07) This release is the first release candidate of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "release candidate" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Unless serious bugs are discovered, this release candidate will become the final OpenVAS 3.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 * Minimum cmake version raised from 2.4 to 2.6 Main changes compared to 3.0.0-beta7: * A number of build issues on openSUSE 11.2 has been fixed. * 64 bit compatibility has been improved. (Fixes: #1194, #1196) * Temporary files created by NVTs are now correctly placed in the system directory for temporary file (i.e. /tmp). (Fixes: #1170) * The standalone NASL interpreter now supports relative paths. (Fixes: #1101). openvas-libraries 3.0.0-beta7 (2009-11-23) This release is the seventh beta version of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 Main changes compared to 3.0.0-beta6: * IPv6 support has been improved. openvas-libraries 3.0.0-beta6 (2009-11-09) This release is the sixth beta version of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 Main changes compared to 3.0.0-beta5: * XML parsing has been made more robust. openvas-libraries 3.0.0-beta5 (2009-10-26) This release is the fifth beta version of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 Main changes compared to 3.0.0-beta4: * Support for pidfile handling has been added. * Support for LSC RPM creation has been added. * API improvements. * Code cleanup and internal reorganisation. openvas-libraries 3.0.0-beta4 (2009-10-19) This release is the fourth beta version of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 Main changes compared to 3.0.0-beta3: * A number of resource and memory leaks have been identified and fixed. * Signature verification works again. * Command line options for the standalone NASL interpreter have been updated. * API improvements. openvas-libraries 3.0.0-beta3 (2009-10-06) This release is the third beta version of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 Main changes compared to 3.0.0-beta2: * Minimum cmake version raised from 2.4 to 2.6 * Internal library reorganisation * Proctitle now contains the correct binary name for openvas-scanner * Configured values for the local state directory and for the system configuration directory are now honoured correctly during build time openvas-libraries 3.0.0-beta2 (2009-09-28) This release is the second beta version of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intented to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 Main changes compared to 3.0.0-beta1: * Removed any packaging files as they are kept separately. * Extended and cleaned up API (especially "include"'s) * Consistent name scheme for libraries (libopenvas_XXX) where XXX is base, omp, misc, hg and nasl. * New structure of installed header files (subdirectory for each library, except for misc) * Fixed and improved build system (e.g. correct use of DESTDIR) openvas-libraries 3.0.0-beta1 (2009-09-22) This release is the first beta version of openvas-libraries leading up to the upcoming 3.0 release of OpenVAS. It introduces a significantly improved and changed source code architecture and therefore introduces a new API for the other OpenVAS components. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intented to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to this release: Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * WMI-Client support * Integration of openvas-libnasl * New library "base" * New library "omp" * Former libopenvas renamed to libopenvas_misc * New NVT cache implementation to overcome limitations * Several files from openvas-client integrated * Use of "cmake" to build base, omp and nasl * glib dependency raised from 2.6 to 2.12 openvas-libraries 2.0.3 (2009-06-10) This is the third maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 2.0 series. It fixes a small number of issues discovered after the release of openvas-libraries 2.0.2 and introduces new functionality designed to enable improvements in other OpenVAS modules. Main changes since 2.0.2: * Support for localized security messages (e.g. umlauts) has been re-enabled. * New functions for GnuTLS-based communication were added. * New functions for authentication were added. * An improved caching framework has been added ("NVT Info objects"). Many thanks to everyone who has contributed to this release: Matthew Mundell, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. openvas-libraries 2.0.2 (2009-03-06) This is the second maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 2.0 series. It fixes a number of issues discovered after the release of openvas-libraries 2.0.1. Main changes since 2.0.1: * A bug which caused plugins to hang or freeze under certain circumstances due to a blocking pcap device has been fixed. * A bug which caused openvas-libraries to send a truncated HTTP version identifier when constructing HTTP requests has been fixed. * A bug which broke the linking process under certain circumstances has been fixed. Many thanks to everyone who has contributed to this release: Tim Brown, Vlatko Kosturjak, Michael Meyer, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. openvas-libraries 2.0.1 (2009-02-06) This is the first maintenance release of the openvas-libraries module for the Open Vulnerability Assessment System (OpenVAS) 2.0 series. It fixes a number of issues discovered after the release of openvas-libraries 2.0.0 and introduces support for upcoming features. Thanks to the continuing audit of the code, a number of obsolete, unused and/or unnecessary functions were identified and removed. The amount and the quality of the source code documentation has been improved as well. Effect when installing this version: The cache of NVT descriptions (located in plugin_folder/.desc/) will be rebuild at next start of openvasd. The cache files used to have the suffix ".desc" instead of ".nasl", e.g. "x.desc" corrsponds to "x.nasl". Now, the suffix ".desc" is appended, e.g. "x.nasl.desc" corresponds to "x.nasl". This also prevents that e.g. "x.nasl" and "x.nes" (or "x.oval") will overwrite each others' cache file. Recommendation: Clean the entire cache directory before restarting openvasd. If you don't do this, the .desc/ directory will contain all cache files twice. Other than unnecessary disk space consumption this has no bad effect. Main changes since 2.0.0: * Renamed caching files to conflict-free scheme * Prepared support for sub-directories in plugins_folder in accordance with Change Request #24 (http://www.openvas.org/openvas-cr-24.html) * Support for improved management of SSH credentials has been added in accordance with Change Request #20 (http://www.openvas.org/openvas-cr-20.html) * Established automated source code documentation. HTML-Version is available under http://www.openvas.org/src-doc/openvas-libraries/2.0.1/index.html Bugfixes: * A configuration issue which caused the build process to fail on Mac OS X has been fixed. (Solves: #761) * Missing includes which caused the build process to fail on Darwin and NetBSD have been added. (Solves: #860, #862) Many thanks to everyone who has contributed to this release: Tim Brown, Stjepan Gros, Jan-Oliver Wagner, Felix Wolfsteller and Michael Wiegand. openvas-libraries 2.0.0 (2008-12-17) This is the 2.0.0 release of OpenVAS. If you have used the 2.0-beta1, -beta2 or -rc1 release, we recommend that you update all your OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and openvas-client) to 2.0.0. If you are currently using the 1.0.x branch and want to evaluate OpenVAS 2.0.0, we recommend that you install 2.0.0 separately from your OpenVAS 1.0 installation. Instructions on how to do this are available from the OpenVAS website. Main changes since 2.0-rc1: * A bug causing segmentation faults on server startup has been fixed. * The build environment has been updated. Main changes since 1.0.2: * Support for the new script_tag command in NASL scripts has been added. * 64-bit compatibility has been considerably improved. * Support for transferring NVT signature information to the client has been added. * Switch from Nessus plugin IDs to OIDs. * Switch from Nessus Transfer Protocol 1.2 to OpenVAS Transfer Protocol 1.0. Many thanks to everyone who has contributed to this release: Tim Brown, Stjepan Gros, Matthew Mundell, Vlatko Kosturjak, Jan Wagner, Jan-Oliver Wagner, Felix Wolfsteller and Michael Wiegand. openvas-libraries 2.0-rc1 (2008-12-05) This release is the first release candidate for the upcoming 2.0 release of OpenVAS. Unless serious bugs are discovered, this release candidate will become the final OpenVAS 2.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . If you have used the 2.0-beta2 release, we recommend that you update all your OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and openvas-client) to 2.0-rc1. If you are currently using the stable 1.0.x branch and want to take part in testing this release candidate, we recommend that you install 2.0-rc1 separately from your OpenVAS 1.0 installation. Instructions on how to do this are available from the OpenVAS website. Main changes since 2.0-beta2: * Support for the new script_tag command in NASL scripts has been added. * Code quality has been improved; a number of potential buffer overflows have been fixed. * Minor bugfixes. Many thanks to everyone who has contributed to this release: Tim Brown, Matthew Mundell, Felix Wolfsteller and Michael Wiegand. openvas-libraries 2.0-beta2 (2008-11-14) This release is the second beta version of the upcoming 2.0 release of OpenVAS. It contains improved 64-bit compatibility, support for transferring NVT signature information to the client and various improvements. This release is intended to contain all features intended for the final OpenVAS 2.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . If you have used the 2.0-beta1 release, we recommend that you update all your OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and openvas-client) to 2.0-beta2. If you are currently using the stable 1.0.x branch and want to take part in the beta phase for 2.0, we recommend that you install 2.0-beta2 separately from your OpenVAS 1.0 installation. Instructions on how to do this are available from the OpenVAS website. Main changes since 2.0-beta1: * 64-bit compatibility has been considerably improved. * Debian packaging files have been updated. * Support for transferring NVT signature information to the client has been added. * Bugfixes. * Various code cleanups. Many thanks to everyone who has contributed to this release: Tim Brown, Stjepan Gros, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. openvas-libraries 2.0-beta1 (2008-09-23) This release is a first beta version of the upcoming 2.0 release of OpenVAS. This is the first release of openvas-libraries to fully implement OID support and marks the switch from the Nessus Transport Protocol (NTP) to the improved and cleaned up OpenVAS Transport Protocol (OTP). In addition, this release contains minor bug fixes and updates to distribution files. OpenVAS 2.0 will introduce a full set of new modules for OpenVAS Server (openvas-libraries, openvas-libnasl and openvas-server) and the a new OpenVAS-Client. The only module OpenVAS 1.0 and OpenVAS 2.0 will share is openvas-plugins. This means that the OpenVAS NVT Feed is compatible with both generations of OpenVAS. However, in case you plan to try out the new generation of OpenVAS, you should install it separately from OpenVAS 1.0 installation. Instructions on how to do this will be added to the OpenVAS homepage after all relevant modules are released as 2.0-beta1. A separate announcement will officially start the beta testing phase for OpenVAS 2.0. Main changes in this release: * Fix to incorrect library usage that prevented building RPM packages under certain circumstances. * Updates of Debian packaging files. * Switch from Nessus plugin IDs to OIDs. * Switch from Nessus Transport Protocol 1.2 to OpenVAS Transport Protocol 1.0. * Fix to incorrect usage of string functions that could have lead to buffer overflows under certain circumstances. Many thanks to everyone who has contributed to this release: Tim Brown, Vlatko Kosturjak, Jan Wagner, Jan-Oliver Wagner and Michael Wiegand openvas-libraries 1.0.2 (2008-06-30) This release contains improvements to plugin handling and to the packaging files for various distributions as well as minor bug fixes and cleanups. Apart from this, this release prepares OID support for OpenVAS. It is recommended to update to this release, because future releases of openvas-libnasl and openvas-libnasl will require openvas-libraries 1.0.2 as minimum version. * Updates of the OpenSUSE, Fedora and Debian packaging files. * Preparation for support for OpenVAS OIDs. * Increased internal storage space for plugin preferences to allow for plugins with a large number of options. * Fixed a bug that resulted in incorrect memory allocation on certain 64bit installations. * Removed support for unencrypted communication with the client. * Fixed a configuration issue that broke the build process on certain 64bit installations. * Various code cleanups. openvas-libraries 1.0.1 (2008-04-01) Comprehensive code-reduction, include- and config-change release. The changes might cause compile failures or other defects for various operating systems. Reports on problems are appreciated. * Replaced inclusion of includes.h for many modules by respective separate include files. * Configure checks for libresolv have been improved but still fail on some systems. * File includes.h is not installed anymore. * Compile option "--enable-bpf-sharing" and corresponding functionalityx has been removed. * Added several include files which will be installed under include/openvas/ These have been extracted from libopenvas.h which, for convenience, still includes all of the single new include files. * Removed various unused modules and functions. * Various fixes to reduce flawfinder warnings. * Various fixes to reduce compiler warnings. * Updates of the Debian packaging files. openvas-libraries 1.0.0 (2007-10-12) First stable release. * Now installs header files hosts_gatherer.h and hg_utils.h. * More code cleanups. openvas-libraries 0.9.1 (2007-09-13) Further cleanups release. Changes since 0.9.0 (2007-09-13): * Renamed libhosts_gatherer to libopenvas_hg to resolved the last remaining filename conflict with nessus-libraries. * Introduced its own versioning (independent of the other OpenVAS modules). * Internal package improvements for less conflicts with nessus-libraries and less conflicts with LFSH. * Switched on all compile-time warnings. * Fixed some code warnings. openvas-libraries 0.9.0 (2007-07-27) The first initial release of openvas-libraries after the fork from Nessus 2.2.x. Main changes are: * Replace OpenSSL by GNU/TLS (therefore it is allowed now to distribute binary packages with SSL-support) * SSL now mandatory. * Removed libpcap-nessus entirely. Now the system one is to be used. * Many cleanups of ancient remains (still many to come) * Removed various W32-specific elements, because W32 isn't a taget system anyway. * Lots of renaming to avoid conflicts with parallel Nessus installation gvm-libs-9.0.3/CMakeLists.txt000066400000000000000000000271341334154151000160070ustar00rootroot00000000000000# OpenVAS # $Id$ # Description: Top-level cmake control for the Libraries. # # Authors: # Matthew Mundell # Jan-Oliver Wagner # # Copyright: # Copyright (C) 2011-2016 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. cmake_minimum_required(VERSION 2.8) include (openvas_cmake_macros) message ("-- Configuring the Libraries...") project (openvas-libraries C) if (POLICY CMP0005) cmake_policy (SET CMP0005 OLD) endif (POLICY CMP0005) include (FindPkgConfig) if (NOT PKG_CONFIG_FOUND) message(FATAL_ERROR "pkg-config executable not found. Aborting.") endif (NOT PKG_CONFIG_FOUND) if (NOT CMAKE_BUILD_TYPE) set (CMAKE_BUILD_TYPE Debug) endif (NOT CMAKE_BUILD_TYPE) OPTION(OPENVAS_OMP_ONLY "Build only the omp library and the required base and misc libraries" OFF) OPTION(BUILD_STATIC "Build static versions of the openvas libraries" OFF) if (NOT BUILD_STATIC) set (BUILD_SHARED ON) else (NOT BUILD_STATIC) set (BUILD_SHARED OFF) endif (NOT BUILD_STATIC) ## Retrieve svn revision (at configure time) # Not using Subversion_WC_INFO, as it would have to connect to the repo find_program (SVN_EXECUTABLE svn DOC "subversion command line client") macro (Subversion_GET_REVISION dir variable) execute_process (COMMAND ${SVN_EXECUTABLE} info ${CMAKE_SOURCE_DIR}/${dir} OUTPUT_VARIABLE ${variable} OUTPUT_STRIP_TRAILING_WHITESPACE) string (REGEX REPLACE "^(.*\n)?Revision: ([^\n]+).*" "\\2" ${variable} "${${variable}}") endmacro (Subversion_GET_REVISION) if (NOT CMAKE_BUILD_TYPE MATCHES "Release") if (EXISTS "${CMAKE_SOURCE_DIR}/.svn/") if (SVN_EXECUTABLE) Subversion_GET_REVISION(. ProjectRevision) set (SVN_REVISION "~svn${ProjectRevision}") else (SVN_EXECUTABLE) set (SVN_REVISION "~svn") endif (SVN_EXECUTABLE) endif (EXISTS "${CMAKE_SOURCE_DIR}/.svn/") endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # TODO: Check pkg-config (maybe with code like in gsa/CMakeLists.txt). ## CPack configuration set (CPACK_CMAKE_GENERATOR "Unix Makefiles") set (CPACK_GENERATOR "TGZ") set (CPACK_INSTALL_CMAKE_PROJECTS ".;openvas-libraries;ALL;/") set (CPACK_MODULE_PATH "") set (CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING") set (CPACK_RESOURCE_FILE_README "${CMAKE_SOURCE_DIR}/README") set (CPACK_RESOURCE_FILE_WELCOME "${CMAKE_SOURCE_DIR}/README") set (CPACK_SOURCE_GENERATOR "TGZ") set (CPACK_SOURCE_TOPLEVEL_TAG "") set (CPACK_SYSTEM_NAME "") set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "9") set (CPACK_PACKAGE_VERSION_MINOR "0") # Use this scheme for stable releases: set (CPACK_PACKAGE_VERSION_PATCH "3${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") # Use this scheme for +betaN and +rcN releases: #set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}") #set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_PACKAGE_VENDOR "The OpenVAS Project") set (CPACK_SOURCE_IGNORE_FILES "${CMAKE_BINARY_DIR}" "/.svn/" "swp$" "nasl/nasl_grammar.tab.c" "nasl/nasl_grammar.tab.h" "nasl/nasl_grammar.output" ) include (CPack) ## Variables if (SYSCONF_INSTALL_DIR) set (SYSCONFDIR "${SYSCONF_INSTALL_DIR}") endif (SYSCONF_INSTALL_DIR) if (NOT SYSCONFDIR) set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc") endif (NOT SYSCONFDIR) if (NOT EXEC_PREFIX) set (EXEC_PREFIX "${CMAKE_INSTALL_PREFIX}") endif (NOT EXEC_PREFIX) if (NOT BINDIR) set (BINDIR "${EXEC_PREFIX}/bin") endif (NOT BINDIR) if (NOT SBINDIR) set (SBINDIR "${EXEC_PREFIX}/sbin") endif (NOT SBINDIR) if (NOT LIBDIR) set (_DEFAULT_LIBRARY_INSTALL_DIR lib) if (EXISTS "${EXEC_PREFIX}/lib32/" AND CMAKE_SIZEOF_VOID_P EQUAL 4) set (_DEFAULT_LIBRARY_INSTALL_DIR lib32) endif (EXISTS "${EXEC_PREFIX}/lib32/" AND CMAKE_SIZEOF_VOID_P EQUAL 4) if (EXISTS "${CMAKE_INSTALL_PREFIX}/lib64/" AND CMAKE_SIZEOF_VOID_P EQUAL 8) set (_DEFAULT_LIBRARY_INSTALL_DIR lib64) endif (EXISTS "${CMAKE_INSTALL_PREFIX}/lib64/" AND CMAKE_SIZEOF_VOID_P EQUAL 8) set( LIBRARY_INSTALL_DIR "${_DEFAULT_LIBRARY_INSTALL_DIR}") set (LIBDIR "${EXEC_PREFIX}/${LIBRARY_INSTALL_DIR}") endif (NOT LIBDIR) if (NOT LOCALSTATEDIR) set (LOCALSTATEDIR "${CMAKE_INSTALL_PREFIX}/var") endif (NOT LOCALSTATEDIR) if (NOT INCLUDEDIR) set (INCLUDEDIR "${CMAKE_INSTALL_PREFIX}/include") endif (NOT INCLUDEDIR) if (NOT DATADIR) set (DATADIR "${CMAKE_INSTALL_PREFIX}/share") endif (NOT DATADIR) if (NOT OPENVAS_PID_DIR) set (OPENVAS_PID_DIR "${LOCALSTATEDIR}/run") endif (NOT OPENVAS_PID_DIR) #if (NOT SYSCONFDIR) # set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc") #endif (NOT SYSCONFDIR) set (OPENVAS_DATA_DIR "${DATADIR}/openvas") set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas") set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas") set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas") set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas") set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}") set (OPENVAS_HEADER_INSTALL_DIR "${INCLUDEDIR}") add_definitions (-DOPENVASSD_CONF=\\\"${OPENVAS_SYSCONF_DIR}/openvassd.conf\\\") message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") ## Dependency checks ## ## TODO Also check for headers where needed. pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15) pkg_check_modules (GLIB REQUIRED glib-2.0>=2.32) if (NOT OPENVAS_OMP_ONLY) pkg_check_modules (OPENVAS_WMICLIENT libopenvas_wmiclient>=1.0.4) pkg_check_modules (OPENVAS_WINCMD libopenvas_wincmd>=1.0.4) pkg_check_modules (LIBSSH REQUIRED libssh>=0.5.0) message (STATUS "Looking for pcap...") find_library (PCAP pcap) message (STATUS "Looking for pcap... ${PCAP}") if (NOT PCAP) message (SEND_ERROR "The pcap library is required.") endif (NOT PCAP) message (STATUS "Looking for pcap-config...") find_program (PCAP_CONFIG pcap-config) if (PCAP_CONFIG) message (STATUS "Looking for pcap-config... ${PCAP_CONFIG}") execute_process (COMMAND pcap-config --libs OUTPUT_VARIABLE PCAP_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) execute_process (COMMAND pcap-config --cflags OUTPUT_VARIABLE PCAP_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) else (PCAP_CONFIG) message (STATUS "pcap-config not found, using defaults...") set (PCAP_LDFLAGS "-L/usr/lib -lpcap") set (PCAP_CFLAGS "-I/usr/include") endif (PCAP_CONFIG) endif (NOT OPENVAS_OMP_ONLY) if (NOT MINGW) # TODO: We do not have a library lookup for those modules # which also works when cross compiling. Library names # are hardcoded in the corresponding linker commands. message (STATUS "Looking for gpgme...") find_library (GPGME gpgme) message (STATUS "Looking for gpgme... ${GPGME}") if (NOT GPGME) message (SEND_ERROR "The gpgme library is required.") endif (NOT GPGME) execute_process (COMMAND gpgme-config --libs OUTPUT_VARIABLE GPGME_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) execute_process (COMMAND gpgme-config --cflags OUTPUT_VARIABLE GPGME_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) message (STATUS "Looking for netsnmp...") find_library (SNMP snmp) message (STATUS "Looking for netsnmp... ${SNMP}") if (SNMP) execute_process (COMMAND net-snmp-config --libs OUTPUT_VARIABLE SNMP_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) endif (SNMP) message (STATUS "Looking for libgcrypt...") find_library (GCRYPT gcrypt) message (STATUS "Looking for libgcrypt... ${GCRYPT}") if (NOT GCRYPT) message (SEND_ERROR "The libgcrypt library is required.") else (NOT GCRYPT) execute_process (COMMAND libgcrypt-config --libs OUTPUT_VARIABLE GCRYPT_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) execute_process (COMMAND libgcrypt-config --cflags OUTPUT_VARIABLE GCRYPT_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) execute_process (COMMAND libgcrypt-config --version OUTPUT_VARIABLE GCRYPT_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE) message (STATUS " found libgcrypt, version ${GCRYPT_VERSION}") if (GCRYPT_VERSION VERSION_LESS "1.6") message (SEND_ERROR "libgcrypt 1.6 or greater is required") endif (GCRYPT_VERSION VERSION_LESS "1.6") endif (NOT GCRYPT) endif (NOT MINGW) set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector") set (LINKER_HARDENING_FLAGS "-Wl,-z,relro -Wl,-z,now") set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror") ## Version string (REPLACE " " "" OPENVASLIB_VERSION ${CPACK_PACKAGE_VERSION}) string(SUBSTRING ${CPACK_PACKAGE_VERSION_PATCH} 0 1 BETA_INDICATOR) if (BETA_INDICATOR MATCHES "^\\+") set (LIBOPENVASCONFIG_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.0") else (BETA_INDICATOR MATCHES "^\\+") set (LIBOPENVASCONFIG_VERSION "${OPENVASLIB_VERSION}") endif (BETA_INDICATOR MATCHES "^\\+") # Configure Doxyfile with version number configure_file (doc/Doxyfile.in ${CMAKE_BINARY_DIR}/doc/Doxyfile @ONLY) configure_file (doc/Doxyfile_full.in ${CMAKE_BINARY_DIR}/doc/Doxyfile_full @ONLY) configure_file (VERSION.in ${CMAKE_BINARY_DIR}/VERSION @ONLY) configure_file (libopenvas_base.pc.in ${CMAKE_BINARY_DIR}/libopenvas_base.pc @ONLY) configure_file (libopenvas_omp.pc.in ${CMAKE_BINARY_DIR}/libopenvas_omp.pc @ONLY) configure_file (libopenvas_misc.pc.in ${CMAKE_BINARY_DIR}/libopenvas_misc.pc @ONLY) configure_file (libopenvas_nasl.pc.in ${CMAKE_BINARY_DIR}/libopenvas_nasl.pc @ONLY) configure_file (libopenvas_osp.pc.in ${CMAKE_BINARY_DIR}/libopenvas_osp.pc @ONLY) ## Program add_subdirectory (base) add_subdirectory (misc) if (NOT OPENVAS_OMP_ONLY) add_subdirectory (nasl) endif (NOT OPENVAS_OMP_ONLY) add_subdirectory (omp) add_subdirectory (osp) ## Documentation add_subdirectory (doc) ## Install install (FILES doc/openvas-nasl.1 DESTINATION ${DATADIR}/man/man1 ) install (FILES doc/openvas-nasl-lint.1 DESTINATION ${DATADIR}/man/man1 ) install (FILES ${CMAKE_BINARY_DIR}/libopenvas_base.pc DESTINATION ${LIBDIR}/pkgconfig) install (FILES ${CMAKE_BINARY_DIR}/libopenvas_omp.pc DESTINATION ${LIBDIR}/pkgconfig) install (FILES ${CMAKE_BINARY_DIR}/libopenvas_misc.pc DESTINATION ${LIBDIR}/pkgconfig) install (FILES ${CMAKE_BINARY_DIR}/libopenvas_nasl.pc DESTINATION ${LIBDIR}/pkgconfig) install (FILES ${CMAKE_BINARY_DIR}/libopenvas_osp.pc DESTINATION ${LIBDIR}/pkgconfig) install (DIRECTORY DESTINATION ${OPENVAS_LOG_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_DATA_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_PID_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_SYSCONF_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_SYSCONF_DIR}/gnupg DIRECTORY_PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE) install (DIRECTORY DESTINATION ${OPENVAS_STATE_DIR}/gnupg DIRECTORY_PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE) ## Tests enable_testing () ## End gvm-libs-9.0.3/COPYING000066400000000000000000000101421334154151000142710ustar00rootroot00000000000000License information about openvas-libraries ------------------------------------------- The openvas-libraries module reveals a number of different licenses of the GNU family of licenses. The effective license of the modules as a whole is the GNU General Public License Version 2 (GNU GPLv2). Single files, however, are licensed under either under GNU Lesser General Public License (GNU LGPLv2) or under "GNU GPLv2 or any later version" (GNU GPLv2+) or other GPL-compatible licenses. So, subsets of the module can be used under the respective licenses. GPLv2: See file COPYING.GPLv2 LGPLv2: See file COPYING.LGPLv2 The following overview was initially collected 20100726 based on the header of the respective files and since then updated as changes were applied: base/array.[c|h]: GPLv2+ base/CMakeLists.txt: GPLv2+ base/credentials.[c|h]: GPLv2+ base/cvss.[c|h]: GPLv2+ base/drop_privileges.[c|h]: GPLv2+ base/gpgme_util.[c|h]: GPLv2+ base/nvti.[c|h]: GPLv2+ base/nvticache.[c|h]: GPLv2+ base/openvas_file.[c|h]: GPLv2+ base/openvas_hosts.[c|h]: GPLv2+ base/openvas_networking.[c|h]: GPLv2+ base/openvas_string.[c|h]: GPLv2+ base/pwpolicy.[c|h]: GPLv2+ base/pidfile.[c|h]: GPLv2+ base/settings.[c|h]: GPLv2+ base/kb.h: GPLv2+ base/kb_redis.c: GPLv2+ misc/arglists.[c|h]: LGPLv2+ misc/bpf_share.c: GPLv2 misc/bpf_share.h: LGPLv2+ misc/CMakeLists.txt: GPLv2 misc/ftp_funcs.[c|h]: LGPLv2+ misc/ids_send.[c|h]: LGPLv2+ misc/internal_com.h: GPLv2+ misc/ldap_connect_auth.[c|h]: GPLv2+ misc/network.[c|h]: LGPLv2+ misc/nvt_categories.h: LGPLv2+ misc/openvas_auth.[c|h]: GPLv2+ misc/openvas_logging.[c|h]: GPLv2+ misc/openvas_proctitle.[c|h]: GPLv2+ misc/openvas_server.[c|h]: GPLv2+ misc/openvas_uuid.[c|h]: GPLv2+ misc/pcap.c: LGPLv2+ misc/pcap_openvas.h: LGPLv2+ misc/plugutils.[c|h]: LGPLv2+ misc/popen.[c|h]: LGPLv2+ misc/prefs.[c|h]: GPLv2+ misc/support.h: GPLv2+ misc/www_funcs.c: GPLv2 misc/www_funcs.h: LGPLv2+ nasl/arc4.c: GPLv2+ nasl/byteorder.h: GPLv2+ nasl/capture_packet.[c|h]: GPLv2 nasl/charcnv.c: GPLv2+ nasl/charset.h: GPLv2+ nasl/CMakeLists.txt: GPLv2+ nasl/exec.[c|h]: GPLv2 nasl/genrand.c: GPLv2+ nasl/hmacmd5.[c|h]: GPLv2+ nasl/iconv.[c|h]: GPLv2+ nasl/lint.c: GPLv2 nasl/md4.[c|h]: GPLv2+ nasl/md5.[c|h]: Public Domain nasl/nasl.[c|h]: GPLv2 nasl/nasl_builtin_find_service.c: GPLv2 nasl/nasl_builtin_nmap.c: GPLv2+ nasl/nasl_builtin_openvas_tcp_scanner.c: GPLv2 nasl/nasl_builtin_plugins.h: GPLv2+ nasl/nasl_builtin_synscan.c: GPLv2 nasl/nasl_cert.[c|h]: GPLv2+ nasl/nasl_cmd_exec.[c|h]: GPLv2 nasl/nasl_crypto2.[c|h]: GPLv2 nasl/nasl_crypto.[c|h]: GPLv2 nasl/nasl_debug.[c|h]: GPLv2 nasl/nasl_func.[c|h]: GPLv2 nasl/nasl_global_ctxt.h: GPLv2 nasl/nasl_grammar.y: GPLv2 nasl/nasl_host.[c|h]: GPLv2 nasl/nasl_http.[c|h]: GPLv2 nasl/nasl_init.[c|h]: GPLv2 nasl/nasl_isotime.[c|h]: GPLv2+ nasl/nasl_lex_ctxt.[c|h]: GPLv2 nasl/nasl_misc_funcs.[c|h]: GPLv2 nasl/nasl_packet_forgery.[c|h]: GPLv2 nasl/nasl_packet_forgery_v6.[c|h]: GPLv2 nasl/nasl_raw.h: GPLv2 nasl/nasl_scanner_glue.[c|h]: GPLv2 nasl/nasl_signature.[c|h]: GPLv2+ nasl/nasl_smb.[c|h]: GPLv2+ nasl/nasl_socket.[c|h]: GPLv2 nasl/nasl_text_utils.[c|h]: GPLv2 nasl/nasl_tree.[c|h]: GPLv2 nasl/nasl_var.[c|h]: GPLv2 nasl/nasl_wmi.[c|h]: GPLv2+ nasl/ntlmssp.[c|h]: GPLv2+ nasl/openvas_smb_interface.h: GPLv2+ nasl/openvas_wmi_interface.h: GPLv2+ nasl/proto.h: GPLv2+ nasl/smb_crypt2.c: GPLv2+ nasl/smb_crypt.[c|h]: GPLv2+ nasl/smb.h: GPLv2+ nasl/smb_interface_stub.c: GPLv2+ nasl/smb_signing.[c|h]: GPLv2+ nasl/strutils.[c|h]: GPLv2 nasl/wmi_interface_stub.c: GPLv2+ nasl/tests/Makefile: GPLv2+ nasl/tests/signed.nasl: GPLv2+ nasl/tests/test_blowfish.nasl: GPLv2+ nasl/tests/test_bn.nasl: GPLv2+ nasl/tests/test_dh.nasl: GPLv2+ nasl/tests/test_dsa.nasl: GPLv2+ nasl/tests/test_hexstr.nasl: GPLv2+ nasl/tests/test_isotime.nasl: GPLv2+ nasl/tests/test_md.nasl: GPLv2+ nasl/tests/test_privkey.nasl: GPLv2+ nasl/tests/test_rsa.nasl: GPLv2+ nasl/tests/test_script_signing.sh: GPLv2+ nasl/tests/test_socket.nasl: GPLv2+ nasl/tests/testsuiteinit.nasl: GPLv2+ nasl/tests/testsuitesummary.nasl: GPLv2+ omp/CMakeLists.txt: GPLv2+ omp/omp.[c|h]: GPLv2+ omp/xml.[c|h]: GPLv2+ osp/CMakeLists.txt: GPLv2+ osp/osp.[c|h]: GPLv2+ gvm-libs-9.0.3/COPYING.GPLv2000066400000000000000000000432541334154151000151740ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. gvm-libs-9.0.3/COPYING.LGPLv2000066400000000000000000000614471334154151000153140ustar00rootroot00000000000000 GNU LIBRARY GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the library GPL. It is numbered 2 because it goes with version 2 of the ordinary GPL.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Library General Public License, applies to some specially designated Free Software Foundation software, and to any other libraries whose authors decide to use it. You can use it for your libraries, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library, or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link a program with the library, you must provide complete object files to the recipients so that they can relink them with the library, after making changes to the library and recompiling it. And you must show them these terms so they know their rights. Our method of protecting your rights has two steps: (1) copyright the library, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the library. Also, for each distributor's protection, we want to make certain that everyone understands that there is no warranty for this free library. If the library is modified by someone else and passed on, we want its recipients to know that what they have is not the original version, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that companies distributing free software will individually obtain patent licenses, thus in effect transforming the program into proprietary software. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License, which was designed for utility programs. This license, the GNU Library General Public License, applies to certain designated libraries. This license is quite different from the ordinary one; be sure to read it in full, and don't assume that anything in it is the same as in the ordinary license. The reason we have a separate public license for some libraries is that they blur the distinction we usually make between modifying or adding to a program and simply using it. Linking a program with a library, without changing the library, is in some sense simply using the library, and is analogous to running a utility program or application program. However, in a textual and legal sense, the linked executable is a combined work, a derivative of the original library, and the ordinary General Public License treats it as such. Because of this blurred distinction, using the ordinary General Public License for libraries did not effectively promote software sharing, because most developers did not use the libraries. We concluded that weaker conditions might promote sharing better. However, unrestricted linking of non-free programs would deprive the users of those programs of all benefit from the free status of the libraries themselves. This Library General Public License is intended to permit developers of non-free programs to use free libraries, while preserving your freedom as a user of such programs to change the free libraries that are incorporated in them. (We have not seen how to achieve this as regards changes in header files, but we have achieved it as regards changes in the actual functions of the Library.) The hope is that this will lead to faster development of free libraries. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, while the latter only works together with the library. Note that it is possible for a library to be covered by the ordinary General Public License rather than by this special one. GNU LIBRARY GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also compile or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. c) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. d) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Library General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! gvm-libs-9.0.3/ChangeLog000066400000000000000000023123751334154151000150270ustar00rootroot000000000000002018-01-17 Hani Benhabiles Backport misc/ part of r29656. * misc/plugutils.c (get_plugin_preference): When no value is found in memory preferences, use the default one from nvticache. 2017-12-08 Juan Jose Nicola * base/kb_redis.c (redis_no_empty): Free kbr before return in success case. Remove trailing whitespaces. 2017-11-23 Hani Benhabiles Backport r29981. * nasl/nasl_ssh.c (exec_ssh_cmd): Attach session to a pseudo-terminal before executing the command. This ensures that long-running commands are properly terminated by the host on session disconnect. 2017-10-25 Hani Benhabiles Backport r29883. * base/hosts.c (gvm_host_reverse_lookup): Retry on getnameinfo() returning EAI_AGAIN. 2017-10-25 Hani Benhabiles Backport r29916. * nasl/nasl_socket.c (nasl_open_privileged_socket): Set lowest_socket variable, to fix close() error message. 2017-10-09 Juan Jose Nicola * base/kb_redis.c (redis_no_empty): Check ret before to free it to avoid SIGSEGV. 2017-10-02 Juan Jose Nicola * base/kb.h (kb_operations): Add a function comment about why it was written and where it is called from. * base/kb_redis.c (redis_no_empty): Add a function comment about why it was written and where it is called from. 2017-09-27 Juan Jose Nicola * base/kb.h (kb_operations): Add kb_no_empty. (kb_no_empty): New inline function. * base/kb_redis.c (redis_no_empty): New function. (KBRedisOperations): Add kb_no_empty. 2017-09-27 Juan Jose Nicola Backport r29677 with adjustments due to code changes. * base/kb_redis.c (redis_delete_all): Ignore SIGPIPE from hiredis in case of a socket disconnect. 2017-09-22 Juan Jose Nicola Add vendor_version(), which should have been added with r29533. * nasl/nasl_init.c (libfuncs): Add vendor_version(). * Changelog: Correct the log entry of 2017-09-08. 2017-09-11 Hani Benhabiles * nasl/nasl_tree.c, nasl/nasl_tree.h, nasl/exec.c, nasl/nasl_cert.c, nasl/nasl_crypto.c, nasl/nasl_crypto2.c, nasl/nasl_grammar.y, nasl/nasl_http.c, nasl/nasl_misc_funcs.c, nasl/nasl_packet_forgery.c, nasl/nasl_packet_forgery_v6.c, nasl/nasl_scanner_glue.c, nasl/nasl_smb.c, nasl/nasl_socket.c, nasl/nasl_text_utils.c, nasl/nasl_var.c, nasl/nasl_wmi.c, nasl/nasl_func.c, nasl/nasl_func.h, nasl/nasl_init.c, nasl/nasl_init.h, nasl/nasl_lex_ctxt.h, nasl/nasl_misc_funcs.h: Revert r29039, r29040, r29041 and r29042. 2017-09-11 Hani Benhabiles * nasl/nasl_grammar.y, nasl/nasl.h, nasl/nasl_global_ctxt.h: Revert r29043 and r29044. 2017-09-11 Hani Benhabiles * nasl/nasl_global_ctxt.h, nasl/nasl_grammar.y, nasl/nasl_signature.c, nasl/nasl_signature.h: Revert r29048 and r29067. 2017-09-08 Juan Jose Nicola Add the files misc/vendorversion.c and misc/vendorversion.h, that I forget to add in the last commit. 2017-09-08 Juan Jose Nicola Backport r29523 and r29532 with adjustments due to code changes. * misc/CMakeLists.txt: Set new file vendorversion.c. * misc/vendorversion.c: New file with functions to set and to get the vendor version. * misc/vendorversion.h: New file with functions prototypes. * nasl/nasl.c: Include ../misc/vendorversion.h. (main) Add new command line option vendor-version. * nasl/nasl_scanner_glue.c: Include ../misc/vendorversion.h. (nasl_vendor_version): New function. * nasl/nasl_scanner_glue.h: Add function prototype. 2017-09-06 Hani Benhabiles * nasl/nasl_isotime.c: Revert changes in r29097 and 28274. 2017-07-26 Hani Benhabiles Backport r29167. * nasl/nasl_socket.c (nasl_open_sock_udp): Set lowest_socket variable. (nasl_close_socket): Check lowest_socket instead of using hardcoded value. Fixes close() error for udp sockets. * nasl/nasl_ssh.c (nasl_ssh_connect): Set lowest_socket variable. 2017-07-24 Juan Jose Nicola Backport r29164. * nasl/exec.c (cell_cmp): Use cell2str() to copy the cell's values since it checks if the cell is NULL and then they are freed conveniently. 2017-07-18 Juan Jose Nicola * nasl/nasl_ssh.c (verify_session_id): Correct error message for Invalid session id. 2017-07-17 Juan Jose Nicola Backport r28568, r28788, r28859, r28978, r28999, r29013, r29038, r29046, r29070. With adjustments due to code changes. * nasl/nasl_debug.c (nasl_set_filename, nasl_get_filename) (nasl_set_function_filename, nasl_set_function_name) (nasl_get_function_name): New function. (nasl_perror): Climb up in the context to find a line number to be printed in the error message. Use value set by new function. Add the function name to the message. * nasl/nasl_debug.h: Add new function prototype. * nasl/nasl_grammar.y (init_nasl_ctxt): Call nasl_set_filename(). (FUNCTION, INCLUDE): Use new functions to set matching filename for defined functions. (nasl_clean_inc): Check for null value * nasl/nasl_func.c (nasl_func_call): Set correct filename for executed function. Set the function name. * nasl/nasl_var.c (nasl_get_var_by_num, get_array_elem): Add info to the error message. * nasl/nasl_text_utils.c (nasl_substr): Show a more specific error message for nasl_substr() errors. (nasl_string): Add the string in the error message for the case "unknow scape sequence". * nasl/lint.c (nasl_lint_call): Add the line number to the context to be showed in case of error. * nasl/exec.c (nasl_exec): Call nasl_set_filename(). Set line_nb only if it is differente to zero. (exec_nasl_script): Call nasl_set_filename(). (cell2int3): Receive a new argument with variable value and name to give more information in a error message. Handle REF_VAR case to take variable value and name. (cell2intW, cell2int): Add parameter in call to cell2int3(). (cell_cmp): Add the variable name or its content to the error message passed to nasl_perror. * nasl/nasl_ssh.c (verify_session_id): Receive lexic as new parameter. Used nasl_perror() instead of log_legacy_write() to be able to show the NVT name in case of bad/invalid SSH session_id. (nasl_ssh_disconnect, nasl_ssh_get_sock, nasl_ssh_set_login) (nasl_ssh_userauth, nasl_ssh_login_interactive) (nasl_ssh_login_interactive_pass, nasl_ssh_request_exec) (nasl_ssh_get_issue_banner, nasl_ssh_get_server_banner) (nasl_ssh_get_auth_methods, nasl_ssh_shell_open, nasl_ssh_shell_read) (nasl_ssh_shell_write, nasl_ssh_shell_close): Pass lexic as argument when it calls verify_session_id(). 2017-07-17 Hani Benhabiles * nasl/nasl_isotime.c (nasl_isotime_is_valid, nasl_isotime_scan) (nasl_isotime_add): Use correct data length value. 2017-07-12 Hani Benhabiles Backport r29037. * nasl/nasl_global_ctxt.h (naslctxt): Add buffer and index elements. Remove fp element. * nasl/nasl_grammar.y (INCLUDE, mylex): Adjust to use ctxt buffer instead of file pointer. (nasl_clean_ctxt, init_nasl_ctxt): Adjust to naslctxt changes. Adjust nasl_verify_signature() call. * nasl/nasl_signature.c (nasl_verify_signature): Don't re-read file content, get it as parameter instead. * nasl/nasl_signature.h: Adjust function header. 2017-07-12 Hani Benhabiles Backport r28935. * nasl/nasl_grammar.y (file_md5sum): Remove function. (init_nasl_ctx): Check file last modification time to skip signature reverfication. 2017-07-12 Hani Benhabiles Bacport r28888. * nasl/nasl_grammar.y (nasl_clean_inc): New function. (INCLUDE): Save parsed tree cells of included files for later re-usage. Significantly improves load-up performance. * nasl/nasl.h: Add function prototype. 2017-06-29 Hani Benhabiles Backport r28865. * nasl/nasl_global_ctxt.h (naslctxt): Remove maxlen and buffer elements. * nasl/nasl_grammar.y (parse_buffer, parse_len): New variables. (init_nasl_ctx, nasl_clean_ctx, mylex): Adjust to use parse_buffer and parse_len instead of allocating and reallocating a new ctxt buffer each time. Improves parsing performance. 2017-07-11 Hani Benhabiles Backport r28858. * nasl/nasl_tree.c (allloc_tree_cell): Remove unneeded initializations. Remove function parameters. * nasl/nasl_tree.h: Adjust function prototype. * nasl/exec.c, nasl/nasl_cert.c, nasl/nasl_crypto.c, nasl/nasl_crypto2.c, nasl/nasl_grammar.y, nasl/nasl_http.c, nasl/nasl_misc_funcs.c, nasl/nasl_packet_forgery.c, nasl/nasl_packet_forgery_v6.c, nasl/nasl_scanner_glue.c, nasl/nasl_smb.c, nasl/nasl_socket.c, nasl/nasl_text_utils.c, nasl/nasl_tree.c, nasl/nasl_var.c, nasl/nasl_wmi.c: Adjust alloc_tree_cell() calls accordingly. 2017-07-11 Hani Benhabiles Backport r28806, r28777 and r28828. * nasl/lint.c (stringcompare): Remove function. (nasl_lint), nasl/exec.c (exec_nasl_script): Don't call init_nasl_library(). * nasl/nasl_lex_ctxt.c (init_empty_lex_ctxt): Call init_nasl_library(). * nasl/nasl_lex_ctxt.h: Adjust function header. * nasl/nasl_init.c (init_func): Remove unnamed and args elements. (libfuncs): ADjust for struct init_func change. (init_nasl_library): Don't return value. Don't copy insert functions. (func_is_internal): New function. (libvars): Remove unused global variable pcap_timeout. * nasl/nasl_func.c (stringcompare): Remove function. (get_func, free_func, nasl_func_call): Adjust to use func_is_internal(). Remove named args check. Don't check for FUNC_FLAG_COMPAT. (insert_nasl_func): Don't set args names and number or args. * nasl/nasl_func.h: Remove unused definitions. (nasl_func): Remove flags, nb_unnamed_args and args_names elements. * nasl/nasl_misc_funcs.c, nasl/nasl_misc_funcs.h (nasl_func_named_args) (nasl_func_unnamed_arg, nasl_func_has_arg): Remove functions. 2017-07-11 Hani Benhabiles Backport r28778. * nasl/nasl_lex_ctxt.h (lex_ctxt): Change functions element type to GHashTable. * nasl/nasl_func.h: Add function prototype. (nasl_func): Remove next_func element. * nasl/nasl_func.c (hash_str, free_func_chain): Remove unused functions. (get_func, insert_nasl_func): Adjust for functions element change. (get_func_ref_by_name): Adjust get_func() call. (free_func): Remove static modifier. * nasl/nasl_lex_ctxt.c (init_empty_lex_ctxt, free_lex_ctxt): Adjust for functions element change. (dump_ctxt): Remove dumping of functions. 2017-07-11 Hani Benhabiles Backport r28779. * nasl/nasl_func.h (nasl_func): Remove nb_named_args element. * nasl/nasl_func.c (insert_nasl_func, nasl_func_call, free_func): Adjust for nasl_func change. * nasl/nasl_init.c (init_nasl_library): Don't check for named args ordering. * nasl/nasl_misc_funcs.c (nasl_func_named_args, nasl_func_has_arg): Adjust for nasl_func change. 2017-07-06 Michael Wiegand * CHANGES: Add partly complete changes for next release. 2017-06-30 Matthew Mundell Backport r28250. * omp/omp.c (omp_ping_c): Correct check. 2017-06-30 Matthew Mundell Backport r28248. * omp/omp.c (omp_ping_c): New function. * omp/omp.h: Add header accordingly. 2017-06-22 Juan Jose Nicola Backport r28781. * nasl/nasl_ssh.c (nasl_ssh_login_interactive): Set variable to empty string if no authentication is requiered. 2017-06-22 Juan Jose Nicola Backport r28765 and r28771. With adjustments due to code changes. * nasl/nasl_signature.c (examine_signatures): Add argument. Remove while loop because analyze only one signature. Remove not needed variables. Update documentation. (nasl_verify_signature): Add variables. Load file contents into buffers. Use gpgme_data_new_from_mem() instead of gpgme_data_new_from_file(). Search manually the signature inside the file. Update documentation. 2017-06-21 Hani Benhabiles Backport r28118. * misc/plugutils.c (plug_get_key): Add single parameter, to choose whether to fork or not. (plug_get_host_fqdn), nasl/nasl_builtin_find_service.c (plugin_do_run), nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab), nasl/nasl_misc_funcs.c (nasl_open_sock_kdc), nasl/nasl_scanner_glue.c (get_kb_item), nasl/nasl_ssh.c (get_ssh_port): Adjust calls to plug_get_key(). * nasl/nasl_init.c (libfuncs): Add parameter to get_kb_item(). * misc/plugutils.h: Adjust function prototype. 2017-06-13 Hani Benhabiles Backport r28613 and r28629. * misc/plugutils.c (plug_get_host_fqdn): Don't fetch vhosts values from kb if not present in prefs. 2017-06-13 Hani Benhabiles Backport r28581 and r28600. * misc/network.c (set_ids_evasion_mode): Check if NIDS/TCP/enabled key is set before checking other NIDS/TCP/* keys. * misc/www_funcs.c (build_encode_URL): Check if NIDS/HTTP/enabled key is set before checking other NIDS/HTTP/* keys. 2017-05-24 Hani Benhabiles Backport r28454, r28481 and r28482. * util/nvticache.c (nvticache_get_kb): New function. * util/nvticache.h: Add function prototype. * nasl/exec.c (exec_nasl_script): Use nvticache kb for nasl context, to use signature checks from load-up phase. 2017-05-19 Hani Benhabiles Backport r28438. * nasl/nasl_crypto.c (nasl_nt_owf_gen): Fix memory leak. Improve code style. Fix calculation for inputs of more than 64 characters. 2017-05-17 Juan Jose Nicola Backport r28407. With adjustments due to code changes. * nasl/nasl_crypto.c (nasl_nt_owf_gen): Replace code to convert ascii to unicode with g_utf8_to_utf16 to support special characters. 2017-05-16 Hani Benhabiles Backport r28399. * misc/network.c (open_stream_connection): Add RC4 to the default priority strings as it is disabled in newer versions. (set_gnutls_protocol): Remove outdated comment. 2017-05-16 Hani Benhabiles Backport r28394. * nasl/nasl_builtin_find_service.c (plugin_do_run): Change default number of parallel connections to 6 to match the default one in find_service.nasl. 2017-05-15 Hani Benhabiles Backport r28378. * nasl/nasl_builtin_find_service.c (plugin_do_run): Increase rw_timeout and wrap_timeout to match cnx_timeout. 2017-05-10 Juan Jose Nicola Backport r25570, r25578, r25579, r25651, r25652, r25703, r25704 r25731, r26270, r26296,r26305, r26322, r26330, r26944, r27843, r27854 r27928, r28000, r28029, r28093, r27651, r28187. With adjustments due to code changes. Add SSL/TLS cryptography implementations. * nasl/nals.c (gcrypt_init): New function to initilalize libgcrypt. (main): Calls gcrypt_init(). * nasl/nasl_crypto.c (nasl_hmac_sha256): Take only data and key parameters.Constify parameters. (nasl_prf_sha256): New functions. Call nasl_prf(). (prf_sha256): New functions. Fix memory leak. Use correct buffer length. Rename to tls_prf(). Add hmac parameter. (hmac_sha512, nasl_hmac_sha512): New functions. nasl_hmac_sha384): New function. (hmac_sha512): Remove function. (nasl_hmac_sha512): Use nasl_hmac(). (hmac_sha384, nasl_prf, nasl_prf_sha384): New functions. (hmac_md5_for_prf, hmac_sha1, nasl_tls1_prf): New functions. (nasl_prf): Add support por for tls1_prf. (tls_prf): Add option 2 and 3 for MD5 and SHA1 respectively. Replace the seed with the concatenation of the label and the seed. (tls1_prf): New function. Remove useless memory allocation and improve code style. Free allocated memory in case that md5 or sha1 result is NULL before leaving the function. * nasl/nasl_crypto.h: Add new function prototypes. * nasl/nasl_crypto2.c (nasl_rsa_public_encrypt): New function. Add no padding functionality. (nasl_load_privkey_param): Use gnutls_x509_privkey_import2(). (nasl_rsa_get_modulus, nasl_rsa_get_exponent): Added, but then removed functions. (nasl_rc4_encrypt): New functions. (encrypt_data): New functions. Handle GCRY_CIPHER_AES128 case. Add IV parameter. Handle GCRY_CIPHER_AES256 case. Fix used variable for data. Handle GCRY_CIPHER_3DES case. Fix used variable for data. (nasl_aes128_cbc_encrypt, nasl_aes256_cbc_encrypt): New function. (nasl_aes128_ctr_encrypt, nasl_aes256_ctr_encrypt): New functions. (nasl_aes128_gcm_encrypt, nasl_aes256_gcm_encrypt): New functions. (nasl_rsa_private_decrypt): New function. * nasl/nasl_crypto2.h: Add new function header. Remove function headers. * nasl/nasl_init.c (libfuncs): Add rsa_get_modulus() and rsa_get_exponent(). Add rsa_public_encrypt. Add HMAC_SHA512(). Capitalize hmac_sha256() for consistency. Add HMAC_SHA384(). Add prf_sha256() function. Remove rsa_get_modulus() and rsa_get_exponent(). Add rc4_encrypt(). Add aes128_cbc_encrypt(). Add aes128_cbc_encrypt(). Add des_ede_cbc_encrypt(). Add prf_sha384(). Add aes128_ctr_encrypt() and aes256_ctr_encrypt(). Add aes128_gcm_encrypt(), aes256_gcm_encrypt() and tls1_prf(). Add argument to rsa_public_encrypt to set no padding. Add rsa_private_decrypt(). * nasl/nasl_cert.c (nasl_cert_query): Add modulus and exponent commands. * nasl/nasl_text_utils.c (nasl_int): Define r variable as long int instead of int to support bigger numbers. 2017-05-02 Hani Benhabiles Backport r28307. * nasl/nasl_builtin_find_service.c (plugin_do_run): Increase default connection timeout to 20 seconds. 2017-05-02 Juan Jose Nicola Backport r27981, r27982. * nasl/nasl_crypto.c (nasl_ntlm_response): New variable pass_len to be passed to ntlmssp_genauth_ntlm(). (nasl_ntlm2_response): New variable pass_len to be passed to ntlmssp_genauth_ntlm2(). * nasl/ntlmssp.c (ntlmssp_genauth_ntlm2, ntlmssp_genauth_ntlm): Add argument pass_len to be passed to E_deshash_ntlmssp(). * nasl/ntlmssp.h (ntlmssp_genauth_ntlm2, ntlmssp_genauth_ntlm): Add argument pass_len. * nasl/smb_crypt.c (E_deshash_ntlmssp) Add argument pass_len. replace push_ascii_ntlmssp with g_utf8_strup, since it was used only to uppercase the password. * nasl/smb_crypt.h (E_deshash_ntlmssp): Add argument pass_len in prototype. * nasl/charcnv.c (void strupper_m_ntlmssp, push_ascii_ntlmssp): Delete functions. * nasl/proto.h (push_ascii_ntlmssp) Remove function prototype. 2017-04-28 Hani Benhabiles Backport r28291. * misc/network.c (recv_line): Don't set timeout for select() call, as client closing connection case is correctly handled. 2017-04-24 Hani Benhabiles * misc/network.c (open_socket), nasl/nasl_isotime.c (ISOTIME_SIZE): Fix compilation with GCC 7. 2017-04-10 Hani Benhabiles Backport r28204. * nasl/nasl_var.c (array2str): Use glib strings instead of manually reallocating buffer string. Fix invalid memory write. 2017-04-10 Juan Jose Nicola Backport r28191, r28192. * nasl/nasl_init.c (libfuncs): Add ssh_login_interactive() and ssh_login_interactive_pass(). * nasl/nasl_ssh.c (nasl_ssh_login_interactive) (nasl_ssh_login_interactive_pass): New functions. * nasl/nasl_ssh.h Add new functions prototypes. 2017-04-04 Timo Pollmeier * base/openvas_networking.c (sockaddr_as_str): Add cases for UNIX, unknown and other socket types. 2017-03-14 Hani Benhabiles Backport r27986. * misc/plugutils.c (plug_get_key): Set the SIGTERM handler to _exit in forked child case. 2017-03-09 Björn Ricks * omp/xml.c (try_read_entity_and_string_c, try_read_entity_and_string): Don't allocate several MiB on the stack for the xml parser buffer. The heap is the place for this kind of data. Thanks Francesco Colista for reporting. 2017-03-07 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 9.0.2. 2017-03-07 Michael Wiegand Preparing the openvas-libraries 9.0.1 release. * CHANGES: Updated. 2017-02-15 Hani Benhabiles Backport r27650. * nasl/nasl_crypto.c (nasl_ntlm2_response, nasl_ntlm_response): Fix possible segfaults. (nasl_nt_owf_gen, nasl_lm_owf_gen): Fix error messages. 2017-02-08 Hani Benhabiles Backport r27489. * nasl/nasl.c (main): Fork before executing each plugin. This fixes early exit of the main openvas-nasl process when running plug_get_key() on a key with multiple values. 2017-01-30 Hani Benhabiles Backport r26904. * nasl/nasl_cert.c (build_hostname_list): Remove restriction on adding CN values without a dot. 2017-01-27 Hani Benhabiles Backport r27373. * misc/prefs.c (prefs_set): Fix possible use-after-free when old and value point to the same data. 2017-01-17 Hani Benhabiles Backport r27220. * omp/xml.c (try_read_entity_and_string_s): Fix memory leak. 2016-12-09 Hani Benhabiles Backport r26877. * nasl/nasl_socket.c (nasl_close_socket): Improve close() error logging. 2016-11-22 Hani Benhabiles Backport r26704 and r26707. * misc/network.c (socket_negotiate_ssl, open_stream_connection_ext): Check Host/SNI/$Port/force_disable before setting the SNI. 2016-11-16 Hani Benhabiles Backport r26683. * misc/network.c (open_SSL_connection): Don't fail the handshake upon receiving a non-fatal alert like unrecognized name. 2016-11-15 Hani Benhabiles Backport r26648. * misc/network.c (is_ip_address): New function. (open_SSL_connection): Don't use hostname if it is an IP address. 2016-11-11 Timo Pollmeier Backport r26628. * base/openvas_file.c (openvas_export_file_name): Move format_state = 0 assignment so it doesn't overwrite values set in the switch case block. 2016-11-09 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 9.0.1. 2016-11-09 Jan-Oliver Wagner Preparing the openvas-libraries 9.0.0 release. * CHANGES: Updated. * CMakeLists.txt: Update version status from beta to stable. 2016-11-08 Jan-Oliver Wagner * COPYING: Update. It was missing the separation of the osp module. 2016-11-08 Christian Fischer * nasl/nasl_var.c (nasl_array_iterator): Add lexic context to nasl_perror() call. * nasl/nasl_var.h: Adjust function header. * nasl/exec.c (nasl_exec): Adjust nasl_array_iterator call. 2016-11-07 Hani Benhabiles * nasl/exec.c (cell2int3, cell2int, cell2intW, int2cell): Change returned variable from int to long int. (cell_cmp, nasl_exec): Use long int instead of int for nasl integer variables. * nasl/nasl_grammar.y (YYSTYPE): Change num type to long int. * nasl/nasl_tree.h (tree_cell): Change i_val type to long int. * nasl/nasl_tree.c (dump_cell_val): Adjust for i_val type change. * nasl/nasl_var.h (anon_nasl_var): Change v_int type to long int. * nasl/nasl_var.c (array2str, var2str): Adjust for v_int type change. 2016-11-04 Timo Pollmeier * omp/omp.c (omp_get_system_reports_ext): Add new OMP command attributes start_time and end_time. * omp/omp.h (omp_get_system_reports_opts_t): Add new fields start_time and end_time. (omp_get_system_reports_opts_defaults): Add new fields. 2016-11-03 Hani Benhabiles * misc/network.c (open_stream_connection_ext): Set hostname in SSLv2 case too. 2016-11-02 Hani Benhabiles * base/gpgme_util.h: Fix function prototype. 2016-11-02 Hani Benhabiles * misc/network.c (open_SSL_connection): Add hostname parameter. Set TLS SNI accordingly. (socket_negotiate_ssl, open_stream_connection_ext): Adjust open_SSL_connection() call. 2016-10-31 Matthew Mundell * misc/openvas_server.c (openvas_server_open_verify): New function. Like openvas_server_open_with_cert, but with "verify" arg. (openvas_server_open_with_cert): Use new function. * misc/openvas_server.h (openvas_connection_t): Add cert fields. (openvas_server_open_verify): New header. 2016-10-31 Michael Wiegand Make libksba a mandatory dependency of openvas-libraries/nasl. Move and improve dependency check. * CMakeLists.txt: Remove check for libksba. It is only used in "nasl/", so it should be checked there. * INSTALL: Move libksba from the "Recommended" to the general dependencies section. * nasl/CMakeLists.txt: Move dependency check here from top-level CMakeLists.txt. Add version check with version mentioned in INSTALL. Consider it an error if libksba is not found in the required version. Do not make useless calls to ksba-config if ksba was not found or not at the required version. 2016-10-30 Hani Benhabiles * misc/network.c (recv_line): Increase timeout from 5 seconds to 30 seconds. 2016-10-17 Jan-Oliver Wagner Removed NASL function "get_kb_fresh_item". It is not used by any NVT, not in libraries or scanner. It was simply calling get_kb_item() anyway. * nasl/nasl_init.c (libfuncs): Remove entry for get_kb_fresh_item. * nasl/nasl_scanner_glue.c (get_kb_fresh_item): Removed. * nasl/nasl_scanner_glue.h: Removed proto accordingly. 2016-10-17 Hani Benhabiles * nasl/nasl_var.c (nasl_get_var_by_num): Add lexic context to nasl_perror() call. (get_array_elem): Adjust nasl_get_var_by_num() call. * nasl/nasl_var.h: Adjust function header. * nasl/nasl_misc_funcs.c (nasl_make_list, nasl_make_array, nasl_keys) (nasl_make_index, nasl_typeof): Adjust nasl_get_var_by_num() call. 2016-10-07 Hani Benhabiles * base/gpgme_util.c (openvas_init_gpgme_ctx): Fix memory leak. (set_gpghome): New function. (get_sysconf_gpghome): Adjust to use value set by set_gpghome() call. (openvas_init_gpgme_sysconf_ctx): Fix memory leak. * base/gpgme_util.h: Add function header. 2016-10-06 Hani Benhabiles * base/gpgme_util.c (get_sysconf_gpghome): Take OPENVAS_GPGHOME environment variable into consideration. Patch by Jan-Oliver Wagner. 2016-10-04 Hani Benhabiles * nasl/nasl_crypto.c (hmac_sha384, nasl_prf, nasl_prf_sha384): New functions. (prf_sha256): Rename to tls_prf(). Add hmac parameter. (nasl_prf_sha256): Call nasl_prf(). * nasl/nasl_crypto.h: Add function header. * nasl/nasl_init.c (libfuncs): Add prf_sha384(). 2016-10-04 Christian Fischer * nasl/nasl_builtin_find_service.c: Corrected registration of rsync service to match the service name defined by IANA. 2016-09-30 Hani Benhabiles * nasl/nasl_crypto2.c (encrypt_data): Handle GCRY_CIPHER_3DES case. Fix used variable for data. (nasl_des_ede_cbc_encrypt): New function. * nasl/nasl_crypto2.h: Add new function header. * nasl/nasl_init.c (libfuncs): Add des_ede_cbc_encrypt(). 2016-09-29 Hani Benhabiles * nasl/nasl_crypto2.c (encrypt_data): Handle GCRY_CIPHER_AES256 case. Fix used variable for data. (nasl_aes256_cbc_encrypt): New function. * nasl/nasl_crypto2.h: Add new function header. * nasl/nasl_init.c (libfuncs): Add aes256_cbc_encrypt(). 2016-09-28 Matthew Mundell * misc/openvas_server.h (openvas_connection_t): Add more fields. 2016-09-28 Hani Benhabiles * nasl/nasl_crypto2.c (encrypt_data): Handle GCRY_CIPHER_AES128 case. Add IV parameter. (nasl_aes128_cbc_encrypt): New function. * nasl/nasl_crypto2.h: Add new function header. * nasl/nasl_init.c (libfuncs): Add aes128_cbc_encrypt(). 2016-09-26 Hani Benhabiles * nasl/nasl_crypto2.c (encrypt_data, nasl_rc4_encrypt): New functions. * nasl/nasl_crypto2.h: Add new function header. * nasl/nasl_init.c (libfuncs): Add rc4_encrypt(). 2016-09-21 Matthew Mundell * omp/xml.c (try_read_entity_and_string): Correct comment. (xml_search_handle_start_element): Flush space. 2016-09-21 Matthew Mundell * misc/openvas_server.c (server_new_gnutls_set): Add spaces. 2016-09-21 Matthew Mundell Add support for working with a connection, like the openvas_server_* functions, but where the connection can be either over TLS-TCP or a UNIX socket. * misc/openvas_server.h: Export connection functions. (openvas_connection_t): New type. * misc/openvas_server.c (close_unix, openvas_connection_free) (openvas_connection_close, unix_vsendf_internal) (openvas_connection_vsendf_internal, openvas_connection_vsendf) (openvas_connection_vsendf_quiet, openvas_connection_sendf) (openvas_connection_sendf_quiet, openvas_connection_sendf_xml) (openvas_connection_sendf_xml_quiet): New functions. * omp/omp.c (omp_authenticate_info_ext_c, omp_start_task_report_c) (check_response_c, omp_stop_task_c, omp_resume_task_report_c): New functions. * omp/omp.h: Add headers accordingly. * omp/xml.c (try_read_entity_and_string_c, read_entity_and_string_c) (read_entity_and_text_c, read_string_c, try_read_entity_c) (read_entity_c): New function. * omp/xml.h: Add headers accordingly. 2016-09-16 Hani Benhabiles * misc/network.c (ovas_scanner_context_s): Remove unused struct. (ovas_scanner_context_new, ovas_scanner_context_free) (ovas_scanner_context_attach): Remove unused functions. * misc/network.h: Remove unused declarations. 2016-09-13 Hani Benhabiles * base/openvas_networking.c (port_range_ranges): Check if parameter is null. 2016-09-09 Matthew Mundell * misc/openvas_server.h: Add format attribute so that format args are checked. * omp/omp.c (omp_get_report_ext): Add arg accidentally removed in r25040 on 2016-04-21. 2016-09-05 Hani Benhabiles * base/nvticache.c (nvticache_get_name): New function. * base/nvticache.h: Add new function header. 2016-09-02 Matthew Mundell * misc/openvas_server.c (server_attach_internal): Downgrade warnings to debugs, to prevent excess log messages. (openvas_server_free): Same for gnutls_bye message. 2016-08-29 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c: Removed some unused makro definitions. 2016-08-29 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c, nasl/nasl_builtin_openvas_tcp_scanner.c, nasl/nasl_builtin_synscan.c: Remove an unneeded include. 2016-08-17 Hani Benhabiles * nasl/nasl_cert.c (nasl_cert_query): Add key-size command to get the public key size in bits. 2016-08-24 Michael Wiegand * nasl/nasl_var.c (free_array): Remove superfluous assignment of num_elt. It was wrongly introduced in SVN r20496, num_elt is already NULL at this point. 2016-08-22 Michael Meyer * nasl/nasl_cert.c (get_oid_name): Added some algorithm names. 2016-08-17 Hani Benhabiles * misc/network.c (recv_line): Check if the socket was closed by the sender. 2016-08-10 Matthew Mundell * omp/omp.c (omp_create_target_ext): Use a separate return for connection error. 2016-08-03 Hani Benhabiles * nasl/nasl_var.c (free_aray): Nullify hash_elt after free. Fixes use-after-free. 2016-07-21 Björn Ricks * base/gpgme_util.c (openvas_init_gpgme_sysconf_ctx, openvas_init_gpgme_ctx): Refactor initialization of the gpg context into an own function and don't call openvas_init_gpgme_ctx in openvas_init_gpgme_sysconf_ctx to avoid creating an unnecessary directory. 2016-07-21 Björn Ricks * base/gpgme_util.c (openvas_init_gpgme_sysconf_ctx): Try to create sysconfig gnupg directory if directory does not exist yet. 2016-07-22 Timo Pollmeier Add function to search for an XML element with given name and attributes in a file. * omp/xml.c (xml_search_handle_start_element, find_elem_in_xml_file): New functions. * omp/xml.h (xml_search_data_t): New typedef. (find_elem_in_xml_file): New function prototype. 2016-07-21 Björn Ricks * base/gpgme_util.c (openvas_init_gpgme_ctx): Try to create gnupg directory if directory does not exist yet. 2016-07-21 Hani Benhabiles * nasl/nasl_grammar.y (mylex): Exit on unknown escape sequence error. 2016-07-20 Matthew Mundell * omp/omp.c (proctitle_init): Add missing spaces. 2016-07-20 Matthew Mundell * omp/omp.c (proctitle_init): Init __progname and _progname_full because something in this function is nuking them, and they're used by the syslog functions. 2016-07-19 Matthew Mundell * omp/omp.c (omp_authenticate): Check username and password before printing them. 2016-07-15 Hani Benhabiles * base/nvti.c (nvti_free, nvti_from_keyfile, nvti_to_keyfile): Adjust for summary element removal. (nvti_summary, nvti_set_summary): Remove functions. * base/nvti.h: Remove functions headers. (struct nvti): Remove summary element. * nasl/nasl_scanner_glue.c (script_summary): Don't set summary. 2016-07-14 Hani Benhabiles * nasl/nasl_crypto.c (nasl_prf_sha256): Fix error message. 2016-07-08 Matthew Mundell * base/gpgme_util.c (determine_gpghome, openvas_init_gpgme_ctx): Add subdir arg. * base/gpgme_util.h: Adjust header accordingly. 2016-07-05 Hani Benhabiles * nasl/nasl_cert.c (nasl_cert_query): Add modulus and exponent commands. * nasl/nasl_crypto2.c (nasl_rsa_get_modulus, nasl_rsa_get_exponent): Remove functions. * nasl/nasl_crypto2.h: Remove function headers. * nasl/nasl_init.c (libfuncs): Remove rsa_get_modulus() and rsa_get_exponent(). 2016-06-29 Hani Benhabiles * nasl/nasl_crypto.c (prf_sha256): Use correct buffer length. 2016-06-29 Hani Benhabiles * nasl/nasl_crypto.c (prf_sha256): Fix memory leak. 2016-06-28 Hani Benhabiles * nasl/nasl_crypto.c (hmac_sha256): Constify parameters. (prf_sha256, nasl_prf_sha256): New functions * nasl/nasl_crypto.h: Add new function prototype. * nasl/nasl_init.c (libfuncs): Add prf_sha256() function. 2016-06-28 Hani Benhabiles * nasl/nasl_crypto2.c (nasl_load_privkey_param): Use gnutls_x509_privkey_import2(). (nasl_rsa_get_modulus, nasl_rsa_get_exponent): New functions. * nasl/nasl_crypto.h: Add new functions prototypes. * nasl/nasl_init.c (libfuncs): Add rsa_get_modulus() and rsa_get_exponent(). 2016-06-28 Hani Benhabiles * nasl/nasl_crypto.c (nasl_hmac_sha384): New function. (hmac_sha512): Remove function. (nasl_hmac_sha512): Use nasl_hmac(). * nasl/nasl_crypto.h: Add new function prototype. * nasl/nasl_init.c (libfuncs): Add HMAC_SHA384(). 2016-06-28 Hani Benhabiles * nasl/nasl_crypto.c (nasl_hmac_sha256): Take only data and key parameters. (hmac_sha512, nasl_hmac_sha512): New functions. * nasl/nasl_crypto.h: Add new function prototype. * nasl/nasl_init.c (libfuncs): Add HMAC_SHA512(). Capitalize hmac_sha256() for consistency. 2016-06-27 Hani Benhabiles * nasl/nasl_crypto2.c (nasl_rsa_public_encrypt): New function. * nasl/nasl_crypto2.h: Add new function header. * nasl/nasl_init.c (libfuncs): Add rsa_public_encrypt. 2016-06-23 Jan-Oliver Wagner * CMakeLists.txt: Increase required cmake version from 2.6 to 2.8 because 2.8 is the minimum version we are sure it works with. * INSTALL: Update accordingly. 2016-06-23 Jan-Oliver Wagner * CMakeLists.txt, INSTALL: Increase dependency for libopenvas_wmiclient and libopenvas_wincmd from 0.0.1 to 1.0.1. 0.0.1 was a initial start, but meanwhile openvas-smb was release in a stable version. 2016-06-23 Hani Benhabiles * base/nvti.c (nvti_category_is_safe): Move function to nasl/nasl.c. Remove include from misc. * base/nvti.h: Remove function prototype. * nasl/nasl.c (nvti_category_is_safe): New function. 2016-06-22 Jan-Oliver Wagner * base/openvas_hosts.c (openvas_hosts_free): Use g_list_free_full (available since glib 2.28) instead of a foreach/free combination. 2016-06-22 Timo Pollmeier * misc/ldap_connect_auth.c (ldap_connect_authenticate): Add cacert parameter to dummy version of the function. 2016-06-21 Jan-Oliver Wagner * base/openvas_networking.c: Remove a left-over include directive for stdlib.h that has no effect anymore. 2016-06-21 Jan-Oliver Wagner * misc/openvas_logging.c (openvas_log_lock_init): Drop code patch for Glib version < 2.31 because we can rely on presence of at least 2.32. 2016-06-21 Jan-Oliver Wagner * nasl/nasl_ssh.c (my_ssh_pki_import_privkey_base64), misc/openvas_ssh.c (openvas_ssh_public_from_private): Now that we can rely on minimum of 2.32 of glib, we can rely on presence of g_mkdtemp_full and drop the alternative. 2016-06-21 Jan-Oliver Wagner * CMakeLists.txt, INSTALL: Increase dependency for glib from 2.16 to 2.32 in order to allow the use of newer API elements. Also, prior to 2.32 there is subject to the (disputed) CVE-2012-0039. 2016-06-21 Matthew Mundell * misc/network.c (socket_get_ssl_compression): Drop handling of GNUTLS_COMP_LZO which does not exist anymore since GnuTLS version 3.0. 2016-06-21 Matthew Mundell * misc/ldap_connect_auth.c (ldap_connect_authenticate): Make braces consistent. * misc/ldap_connect_auth.h: Neaten indent. 2016-06-21 Matthew Mundell * misc/ldap_connect_auth.c (ldap_connect_authenticate): Add cacert arg. Pass to ldap_auth_bind. (ldap_auth_bind): Add cacert arg. Use for LDAP_OPT_X_TLS_CACERTFILE if given. * misc/ldap_connect_auth.h: Update header accordingly. 2016-06-21 Jan-Oliver Wagner * misc/network.c (my_gnutls_transport_set_lowat_default): Removed this workaround function for GnuTLS < 3.0. (ovas_scanner_context_attach): Removed the call of my_gnutls_transport_set_lowat_default(). * misc/openvas_server.c (my_gnutls_transport_set_lowat_default): Removed this workaround function for GnuTLS < 3.0. (server_new_gnutls_set): Removed the call of my_gnutls_transport_set_lowat_default(). 2016-06-17 Michael Wiegand * INSTALL: Match version requirement update in CMakeLists.txt in documentation as well. 2016-06-14 Jan-Oliver Wagner * CMakeLists.txt: Increase dependency for gnutls from 2.12 to 3.2.15 in order to enforce the presence of newer (more secure) TLS and ciphers. 2016-06-09 Hani Benhabiles * nasl/nasl_snmp.c (snmpv3_get, snmpv1v2c_get): Set MIBS environment variable to "". 2016-06-09 Hani Benhabiles * nasl/nasl_crypto.c (nasl_lm_owf_gen): Fix off-by-one memdup. 2016-06-09 Matthew Mundell * base/openvas_file.c (openvas_export_file_name): Free creation_time_str. 2016-06-09 Matthew Mundell * nasl/nasl_tree.c (dump_cell_val): Add translation. 2016-06-08 Matthew Mundell * nasl/exec.c (cell2str): Use memcpy instead of strncpy, in case it is not a string when type is DATA. 2016-06-08 Matthew Mundell * nasl/exec.c (cell2str): In the STR and DATA case, copy only size bytes from c->x.str_val instead of size + 1, because str_val may not have the extra byte for the trailing NULL when type is DATA. 2016-06-08 Matthew Mundell * nasl/exec.c: Add includes for NASL_DEBUG > 2. 2016-05-31 Jan-Oliver Wagner Increase version for the next official release from 8.1 to 9.0 because the number of changes is more comprehensive than originally assumed. * CMakeLists.txt: Set version to 9.0+beta1. 2016-05-31 Hani Benhabiles * nasl/nasl_builtin_find_service.c (plugin_run_find_service): Fix memory leak. 2016-05-30 Jan-Oliver Wagner * CHANGES, ChangeLog: Fix some version identifiers. 2016-05-30 Hani Benhabiles * nasl/nasl_func.c (nasl_func_call), nasl/nasl_lex_ctxt.h, nasl/nasl_var.c (free_anon_var): Revert previous change. 2016-05-30 Hani Benhabiles * nasl/nasl_builtin_find_service.c (plugin_run_find_service): Fix memory leak. * nasl/nasl_func.c (nasl_func_call): Fix memory leak. * nasl/nasl_lex_ctxt.h: Add function prototype. * nasl/nasl_var.c (free_anon_var): Remove static modifier. 2016-05-30 Hani Benhabiles * misc/openvas_proctitle.c (proctitle_init): Fix memory leak. 2016-05-30 Matthew Mundell * base/kb_redis.c (select_database): Add missing space. 2016-05-27 Jan-Oliver Wagner The NASL command "script_description" is not used anymore by any NVT. It is superceeded by the tag "summary". * nasl/nasl_init.c (libfuncs): Removed "script_description". * nasl/nasl_scanner_glue.c (script_description): Removed. * nasl/nasl_scanner_glue.h: Removed proto accordingly. 2016-05-27 Hani Benhabiles * misc/bpf_share.c (bpf_open_live), misc/plugutils.c (mark_post), nasl/nasl_builtin_find_service.c (plugin_do_run): Fix memory leaks. * imsc/plugutils.h: Constify function parameter. * misc/network.c (ovas_scanner_context_s): Add tls_session element. (ovas_scanner_context_attach): Save context tls session. * nasl/nasl_socket.c (nasl_recv): Fix off-by-one memory write. 2016-05-26 Hani Benhabiles * misc/network.c (set_ids_evasion_mode, open_stream_connection_ext), nasl/nasl_http.c (_http_req): Fix memory leak. * nasl/nasl_misc_funcs.c (nasl_typeof): Fix smaller-by-one memory allocation. 2016-05-26 Matthew Mundell * base/kb_redis.c (get_redis_ctx): Connect inside the retry loop, in case the connection is lost between retries. 2016-05-26 Hani Benhabiles * misc/network.c (ovas_scanner_context_new): Fix allocated memory size. 2016-05-24 Michael Meyer * nasl/nasl_builtin_find_service.c (plugin_do_run): Removed null bytes from buffer. Detect also mariadb. 2016-05-24 Hani Benhabiles * nasl/nasl_crypto.c (md4_data, rc4_data, nasl_get_smb2_sign_key): Remove functions. * nasl/nasl_crypto.h: Remove function header. * nasl/nasl_init.c (libfuncs): Remove get_smb2_sign_key(). 2016-05-17 Timo Pollmeier * nasl/nasl_cmd_exec.c (nasl_pread): Remove Flawfinder annotations. * nasl/nasl_init.c (nasl_version): Remove Flawfinder annotation. * nasl/nasl_misc_funcs.c (nasl_typeof, nasl_gettimeofday): Remove Flawfinder annotations. * nasl/nasl_signature.c (nasl_verify_signature): Remove Flawfinder annotation. 2016-05-17 Timo Pollmeier * misc/ftp_funcs.c (ftp_log_in, ftp_get_pasv_address): Remove RATS annotations. * misc/ids_send.c (which_ttl): Remove RATS annotation. * misc/network.c (get_encaps_name, get_encaps_through): Remove RATS annotations. * misc/openvas_auth.c (get_password_hashes): Remove RATS annotation. * misc/pcap.c (get_random_bytes): Remove RATS annotation. * misc/plugutils.c (host_add_port_proto, proto_post_wrapped) (plug_get_key, plug_get_host_open_port, plug_set_port_transport) (plug_get_port_transport, plug_set_ssl_item, find_in_path): Remove RATS annotations. * misc/www_funcs.c (build_encode_URL): Remove RATS annotations. * nasl/capture_packet.c (init_capture_device): Remove RATS annotation. * nasl/nasl_func.c (nasl_func_call): Remove RATS annotations. * nasl/nasl_misc_funcs.c (nasl_rand): Remove RATS annotation. * nasl/nasl_packet_forgery.c (get_ip_element, nasl_tcp_ping): Remove RATS annotations. * nasl/nasl_packet_forgery_v6.c (nasl_tcp_v6_ping): Remove RATS annotation. * nasl/nasl_scanner_glue.c (isalldigit): Remove RATS annotation. * nasl/nasl_text_utils.c (nasl_hex, nasl_hexstr, _regreplace): Remove RATS annotations. * nasl/nasl_tree.c (dump_cell_val, nasl_type_name, get_line_nb): Remove RATS annotations. * nasl/nasl_var.c (get_var_name, array2str, var2str): Remove RATS annotations. 2016-05-13 Michael Wiegand * nasl/nasl_builtin_synscan.c (plugin_run_synscan): Fix identation to make it clear that the statement is not supposed to be guarded by the preceding 'if' clause. The 'if' clause was split into two lines in r6439 (then openvas-scanner/cnvts/synscan/synscan.c), so it is assumed that it was never intended to guard the statement. 2016-05-10 Hani Benhabiles * nasl/nasl_crypto.c (md4_data, rc4_data, nasl_get_smb2_sign_key): New functions. * nasl/nasl_crypto.h: Add new function header. * nasl/nasl_init.c (libfuncs): Add get_smb2_sign_key(). 2016-05-04 Hani Benhabiles * nasl/nasl_crypto.c (nasl_get_smb2_sign): Remove buflen and keylen parameters. Use buf and key size values. * nasl/nasl_init.c (libfuncs): Adjust get_smb2_signature() parameters. 2016-05-03 Hani Benhabiles * nasl/nasl_crypto.c (nasl_get_smb2_sign): New function. * nasl/nasl_crypto.h: Add new function prototype. * nasl/nasl_init.c (libfuncs): Add get_smb2_signature(). 2016-04-27 Matthew Mundell * omp/omp.h (omp_authenticate_info_opts_defaults): Change "" initialisations from Benoit's patch on 2016-01-20 to NULL, because before the patch it was "{ 0 }" which meant that all fields would be zero'd. This was preventing slaves with credentials from starting, for instance. 2016-04-26 Sven Haardiek * CMakeLists.txt: Remove unused variables and remove the NVT directory creation 2016-04-21 Matthew Mundell * omp/omp.c (omp_get_report_ext): Remove GET_REPORTS attributes that don't exist anymore, and add the new filter attributes. * omp/omp.h (omp_get_report_opts_t, omp_get_report_opts_defaults): Add filter fields. 2016-04-20 Hani Benhabiles * nasl/nasl_crypto.c (hmac_sha256, nasl_hmac_sha256): New functions. * nasl/nasl_crypto.h: Add new function prototype. * nasl/nasl_init.c (libfuncs): Add hmac_sha256() function. 2016-04-18 Michael Wiegand * CMakeLists.txt: Simplify CPACK_SOURCE_IGNORE_FILES by ignoring the entire build directory. 2016-04-15 Hani Benhabiles * misc/openvas_ssh.c (openvas_ssh_public_from_private): Use ssh_pki_key_ecdsa_name() when available. 2016-04-14 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 8.1+beta4. 2016-04-14 Jan-Oliver Wagner Preparing the openvas-libraries 8.1+beta3 release. * CHANGES: Updated. 2016-04-08 Michael Wiegand * INSTALL: Update apt-get line as suggested by Christian Fischer. 2016-03-30 Hani Benhabiles * misc/network.c (open_sock_tcp): Use timeout_retry preference to specify the number of retries when a timeout occurs. 2016-03-14 Hani Benhabiles * misc/openvas_server.c (openvas_server_open_with_cert): Support IPv6 too. 2016-03-03 Hani Benhabiles * nasl/nasl_ssh.c (my_ssh_key_s, my_ssh_key, my_ssh_key_free) (my_ssh_pki_import_privkey_base64, remove_and_free_temp_key_file) (my_ssh_userauth_try_publickey, my_ssh_userauth_publickey): Define only when using LibSSH version older than 0.6. (nasl_ssh_userauth): Use functions from libssh 0.6 when available. 2016-03-01 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_connect): Add csciphers and scciphers parameters to set ssh client-to-server and server-to-client ciphers lists. 2016-02-26 Hani Benhabiles * nasl/nasl_crypto.c (nasl_sha256): New function. * nasl/nasl_crypto.h: Add new function header. * nasl/nasl_init.c (libfuncs): Add SHA256() function. 2016-02-22 Hani Benhabiles * osp/osp.h (osp_param_type_t): Add OSP_PARAM_TYPE_CRD_UP, remove OSP_PARAM_TYPE_CRD_U and OSP_PARAM_TYPE_CRD_P. * osp/osp.c (osp_param_type_str, osp_param_str_to_type): Adjust for osp parameter types changes. 2016-02-11 Benoît Allard * nasl/nasl_builtin_openvas_tcp_scanner.c, nasl/nasl_builtin_synscan.c: The formatting for 'unsigned int' is '%u'. 2016-02-11 Benoît Allard * nasl/charcnv.c (convert_string_internal_ntlmssp): Fix an obvious mistake in the condition checking. 2016-02-10 Hani Benhabiles * nasl/time.c (TIME_T_MAX): Fix define to compile correctly with clang version 3.7. 2016-02-09 Hani Benhabiles Remove usage of the depricated Glib Trash Stack. * nasl/nasl_builtin_nmap.c (nmap_t): Remove free_ports and free_scripts. (nmap_destroy): Adjust for nmap_t changes. (port_destroy): Free the port. (nse_script_destroy): Free the script. (nmap_get_free_port, nmap_get_free_nse_script): Remove unused functions. (tmphost_add_port, tmphost_add_nse_script): Use g_malloc0() to allocate memory. 2016-02-09 Hani Benhabiles * nasl/nasl.c (main): Add --kb option to set a KB key. * doc/openvas-nasl.1: Update documentation. 2016-02-08 Hani Benhabiles * misc/plugutils.c (plug_replace_key): Add debug information similar to set_kb_item(). 2016-01-20 Jan-Oliver Wagner * nasl/nasl_init.c (libfuncs): Remove NASL functions security_note, security_warning and security_hole. * doc/test_ipv6_packet_forgery.nasl: Replace security_note by security_message. 2016-01-20 Benoît Allard * omp/omp.h: Fully initialize the structs. 2016-01-18 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_tag): Finally now that no NVTs have a risk_factor anymore, remove the special treatment of this tag. So, from now on, risk_factor would be a tag like any other. 2016-01-15 Michael Wiegand * base/nvti.c, misc/ldap_connect_auth.c, misc/ldap_connect_auth.h, misc/openvas_logging.c, misc/www_funcs.c, nasl/exec.c, nasl/nasl_builtin_nmap.c, nasl/nasl_builtin_openvas_tcp_scanner.c, nasl/nasl_builtin_synscan.c, nasl/nasl_grammar.y, nasl/nasl_init.c, nasl/nasl_scanner_glue.c: Fixed a number of misspellings in comments and messages. 2016-01-15 Michael Wiegand * misc/CMakeLists.txt: Remove superfluous linking against liblber when building with LDAP support. 2016-01-13 Benoît Allard Patch originally from Guillaume Castagnino. * misc/openvas_server.c: Replace non-existent 'SECURE' cipher suite with 'NORMAL'. 2016-01-11 Michael Wiegand Make a better distinction between hardening flags for compiling and for linking to avoid using flags in a context where they make no sense. * CMakeLists.txt: Separate linker hardening flags from compiler hardening flags. * base/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt, osp/CMakeLists.txt: Use linker hardening flags when linking. 2016-01-08 Michael Wiegand * misc/CMakeLists.txt, nasl/CMakeLists.txt: Explicitly link against more libraries used in the submodules instead of relying on them being already in the link interface of other submodules. 2016-01-08 Michael Wiegand * base/CMakeLists.txt, misc/CMakeLists.txt, omp/CMakeLists.txt: Use LINK_PRIVATE signature instead of PRIVATE for compatibility with CMake < 3.0. 2016-01-07 Michael Wiegand More include statement adjustments. * misc/ldap_connect_auth.c: Use correct path for openvas_string.h. * nasl/nasl_grammar.y: Use correct paths for openvas_logging.h and openvas_file.h. * nasl/exec.c, nasl/genrand.c, nasl/nasl_tree.c: Adjust include statements to refer to the system header file and not a non-existing local file. 2016-01-07 Michael Wiegand * base/CMakeLists.txt, misc/CMakeLists.txt, omp/CMakeLists.txt: Specify link dependencies in target_link_libraries as private to not expose them to the internal link interface and thus prevent internal overlinking when linking between submodules. 2016-01-07 Michael Wiegand * nasl/CMakeLists.txt: Set linker flags explicitly when building binaries. 2016-01-07 Michael Wiegand * nasl/nasl.c: Properly include gnutls.h instead of relying on it being already included. 2016-01-07 Michael Wiegand Handle include search path more strictly to encourage stronger separation of individual submodules and to make dependencies between them more visible. * misc/CMakeLists.txt, nasl/CMakeLists, omp/CMakeLists.txt: Remove relative include_directories commands. * misc/openvas_auth.c, misc/plugutils.h, misc/www_funcs.c, nasl/capture_packet.c, nasl/charcnv.c, nasl/nasl.c, nasl/nasl_builtin_find_service.c, nasl/nasl_builtin_openvas_tcp_scanner.c, nasl/nasl_builtin_synscan.c, nasl/nasl_cert.c, nasl/nasl_cmd_exec.c, nasl/nasl_crypto.c, nasl/nasl_crypto2.c, nasl/nasl_debug.c, nasl/nasl_host.c, nasl/nasl_http.c, nasl/nasl_init.c, nasl/nasl_misc_funcs.c, nasl/nasl_packet_forgery.c, nasl/nasl_packet_forgery_v6.c, nasl/nasl_scanner_glue.c, nasl/nasl_snmp.c, nasl/nasl_socket.c, nasl/nasl_ssh.c, nasl/nasl_wmi.c, omp/omp.c: Adjust include statements to use the appropriate relative location of the header file to include instead of relying on it being somewhere in the search path. 2016-01-06 Michael Wiegand Adapt build environment now that the redis dependency has moved from misc to base. Weed out a few superfluous linkings. * CMakeLists.txt: Don't check for hiredis here, it is only needed by base and will be checked for there. * base/CMakeLists.txt: Add check for hiredis from top-level CMakeLists.txt. Remove GnuTLS include dirs and linker flags since base does not use GnuTLS. Add include dirs and linker flags for hiredis. Remove superfluous linking against LibSSH and openvas_misc_shared. * misc/CMakeLists.txt: Remove superfluous linking against hiredis. 2016-01-05 Michael Wiegand * base/credentials.h, base/cvss.c, base/nvti.c, base/nvticache.c, osp/osp.c: Removed more superfluous includes. 2016-01-05 Michael Wiegand * base/kb_redis.c: Remove superfluous include of misc/arglists.h. 2016-01-04 Hani Benhabiles * osp/osp.h (osp_param_type_t): Add OSP_PARAM_TYPE_CRD_U and OSP_PARAM_TYPE_CRD_P. * osp/osp.c (osp_param_str_to_type, osp_param_type_str): Handle new types. 2016-01-04 Hani Benhabiles Remove circular dependency between base and misc. Fixes build with some environments. * misc/kb.h, misc/kb_redis.c: Move to base/ * base/nvti.c, base/nvticache.c: Use g_warning() instead of log_legacy_write(). * misc/CMakeLists.txt: Remove kb_redis.c and kb.h. * COPYING: Adjust files names. * base/CMakeLists.txt: Add kb_redis.c and kb.h. * misc/plugutils.c, misc/plugutils.h, nasl/nasl.c, nasl/nasl_builtin_nmap.c, nasl/nasl_global_ctxt.h: Fix includes. 2015-12-16 Hani Benhabiles * nasl/nasl_ssh.c (do_nasl_ssh_disconnect): Free ssh channel. (exec_ssh_cmd, nasl_ssh_shell_open): Remove superfluous function calls. (nasl_ssh_shell_close): New function. * nasl/nasl_ssh.h: Add function prototype. * nasl/nasl_init.c (libfuncs): Add ssh_shell_close. 2015-12-09 Michael Wiegand * nasl/nasl.c (main): Fix typo in usage information. 2015-12-08 Hani Benhabiles * nasl/nasl_ssh.c (exec_ssh_cmd_alarm, request_ssh_shell_alarm): New functions. (exec_ssh_cmd, request_ssh_shell): Use SIGALRM to work-around LibSSH calling poll() with an infinite timeout. 2015-12-01 Hani Benhabiles * nasl/nasl_ssh.c (find_session_id): Rename to verify_session_id. Take session_id as parameter instead of lex_ctxt. (nasl_ssh_get_sock, nasl_ssh_set_login, nasl_ssh_userauth) (nasl_ssh_request_exec, nasl_ssh_get_issue_banner) (nasl_ssh_get_server_banner, nasl_ssh_get_host_key) (nasl_ssh_get_auth_methods, nasl_ssh_shell_open, nasl_ssh_shell_read) (nasl_ssh_shell_write): Adjust modified function call. 2015-11-27 Hani Benhabiles Fix left-over file descriptors in the connections table with ssh sockets. Reported by Sebastien Aucouturier. * misc/network.c (release_connection_fd): Add parameter to specify whether socket was already closed. (socket_negotiate_ssl, open_stream_connection_ext) (ovas_scanner_context_attach): Adjust release_connection_fd() call. (close_stream_connection): Adjust to always call release_connection_fd() when releasing an openvas fd. 2015-11-26 Benoît Allard * misc/openvas_server.h: Add an include of glib.h as the gchar type is used. 2015-11-26 Benoît Allard * nasl/nasl_global_ctxt.h: Replace include with "quoted" one. 2015-11-23 Hani Benhabiles * misc/radius.c (radius_init, radius_authenticate): Add IPv6 support. 2015-11-20 Timo Pollmeier * misc/radius.c (radius_authenticate): Add dummy version of this function when Radius authentication is not enabled. 2015-11-20 Michael Wiegand * misc/radius.c: Fix include path. 2015-11-20 Michael Wiegand * misc/CMakeLists.txt: Fail if BUILD_WITH_RADIUS was requested and the freeradius-client library was not found. 2015-11-20 Hani Benhabiles * misc/openvas_auth.c (authentication_methods): Add radius_connect method. * misc/openvas_auth.h: Add AUTHENTICATION_METHOD_RADIUS_CONNECT method. 2015-11-19 Timo Pollmeier * omp/omp.c (omp_create_lsc_credential_ext): Remove test output. 2015-11-19 Timo Pollmeier * omp/omp.c (omp_create_target_ext): Add SNMP credential. (omp_create_lsc_credential_ext): Add SNMP elements. * omp/omp.h (omp_create_target_opts_t): Add field snmp_credential_id. (omp_create_lsc_credential_opts_t): Add fields community, auth_algorithm, privacy_password and privacy_algorithm. 2015-11-17 Hani Benhabiles * INSTALL: Add note on RADIUS support. * misc/openvas_auth.c (openvas_auth_radius_enabled): New function. * misc/openvas_auth.h: Add new function prototype. 2015-11-16 Hani Benhabiles * misc/CMakeLists.txt: Build with freeradius-client library support when BUILD_WITH_RADIUS is set. Add ldflags and radius.c and radius.h files. * misc/radius.c, misc/radius.h: New files. 2015-11-05 Hani Benhabiles * base/openvas_hosts.c (openvavs_host_get_addr6): For HOST_TYPE_NAME hosts, attempt to resolve the hostname's IPv6 address when IPv4 address resolution fails. 2015-10-26 Hani Benhabiles * nasl/nasl.c (main): Add --config-file parameter. Load preferences from config, and use the correct kb path. * CMakeLists.txt: Define OPENVASSD_CONF. * doc/openvas-nasl.1: Update documentation. 2015-10-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 8.1+beta3. 2015-10-21 Michael Wiegand Preparing the openvas-libraries 8.1+beta2 release. * CHANGES: Updated. 2015-10-21 Jan-Oliver Wagner * CHANGES: Updated. 2015-10-19 Hani Benhabiles * osp/osp.c (osp_param): Add mandatory element. (osp_get_scanner_details): Get the parameter's mandatory field. (osp_param_id, osp_param_name, osp_param_desc, osp_param_default): Constify parameter. (osp_parameter_mandatory): New function. * osp/osp.h: Add and adjust functions prototypes. 2015-10-14 Hani Benhabiles * osp/osp.c (osp_get_scan): Make report_xml parameter optional. Add error parameter. (osp_stop_scan, osp_start_scan): Add error parameter and adjust accordingly. * osp/osp.h: Adjust function prototypes. 2015-10-12 Hani Benhabiles * osp/osp.c (osp_start_scan): Add ports parameter. * osp/osp.h: Adjust function prototype. 2015-10-12 Hani Benhabiles * osp/osp.c (osp_start_scan): Fix build in release mode. 2015-10-07 Hani Benhabiles * misc/network.c (read_stream_connection_unbuffered): Don't return early when minimal length is not set. 2015-10-07 Hani Benhabiles * misc/network.c (read_stream_connection_unbuffered): Fix erroneous gnutls_record_recv() return value handling, which caused early return even when not all data was received. 2015-10-06 Hani Benhabiles * base/openvas_networking.c (ipv6_is_enabled): New function. * base/openvas_networking.h: Add function prototype. 2015-10-06 Hani Benhabiles * osp/osp.c (osp_get_scan): Fix return values. Add function documentation. (osp_stop_scan): New function. (osp_start_scan): Add scan_id parameter. Remove result parameter. * osp/osp.h: Add and modify function prototypes. 2015-10-05 Timo Pollmeier * omp/omp.c (omp_create_lsc_credential, omp_create_lsc_credential_key) (omp_create_lsc_credential_ext, omp_delete_lsc_credential_ext): Change OMP commands "create_lsc_credential" and "delete_lsc_credential" to "create_credential" and "delete_credential". 2015-09-18 Hani Benhabiles * nasl/exec.c (exec_nasl_script): Exit forked processes instead of returning. 2015-09-14 Hani Benhabiles * base/nvticache.c (nvticache_reset): Null check cache_kb instead of asserting, as this function may be called from openvas-nasl. 2015-08-31 Hani Benhabiles * nasl/nasl_socket.c (get_udp_data): Create udp_data hash table if not found. 2015-08-28 Hani Benhabiles * base/openvas_networking.c (openvas_ssh_pkcs8_decrypt) (openvas_ssh_public_from_private): Move functions to misc/openvas_ssh.c * base/openvas_networking.h: Remove functions prototypes. * misc/CMakeLists.txt: Add openvas_ssh.h and openvas_ssh.c. * nasl/nasl_ssh.c: Add include. * misc/openvas_ssh.c, misc/openvas_ssh.h: New files. 2015-08-27 Hani Benhabiles * doc/openvas-nasl.1: Update documentation. * misc/prefs.c (prefs_init): Move up, make function static. (preferences_get, prefs_get, prefs_get_bool, prefs_set): Initialize preferences if not done already. * misc/prefs.h: Remove function prototype. 2015-08-27 Hani Benhabiles * base/nvti.c (nvti_category_is_safe): New function. * base/nvti.h: Add function prototype. * nasl/nasl.c (init): Don't set safe check preference. (parse_script_infos): Return nvti entry. (main): Check if script is safe in -s mode. 2015-08-26 Hani Benhabiles * base/openvas_networking.c (sockaddr_as_str): New function. * base/openvas_networking.h: Add function prototype. 2015-08-25 Hani Benhabiles * base/openvas_file.c, base/openvas_file.h (openvas_file_md5sum): Remove function. * nasl/nasl_grammar.y (file_md5sum): New function. Moved from base/openvavs_file.c. (init_nasl_ctx): Adjust to use new function. 2015-08-21 Hani Benhabiles * nasl/nasl_crypto.c (nasl_cipher, nasl_cipher_des): New functions. * nasl/nasl_crypto.h: Add function prototype. * nasl/nasl_init.c (libfuncs): Add nasl DES() function. 2015-08-20 Hani Benhabiles * base/openvas_file.c (openvas_file_md5sum): New function. * base/openvas_file.h: Add function prototype. * nasl/nasl_grammar.y (init_nasl_ctx): Cache the md5sum of the verified file to check that it wasn't changed on later checks. 2015-08-18 Hani Benhabiles * nasl/nasl_global_ctxt.h (naslctxt): Add kb element. * nasl/exec.c (exec_nasl_script): Set context kb. * nasl/nasl_grammar.y (INCLUDE): Set context kb. (init_nasl_ctx): Cache the signature checking result in kb, to prevent checking the same nasl script or include file multiple times. 2015-08-14 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_connect): Check for LibSSH version when using keytype. 2015-08-14 Michael Wiegand * base/drop_privileges.c (drop_privileges): Check effective user ID instead of user ID when deciding if privileges need to be dropped. 2015-08-13 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_connect): Set SSH_OPTIONS_HOSTKEYS value when keytype argument is provided. 2015-08-13 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_get_host_key): Use ssh_get_pubkey() to be compatible with older LibSSH versions. Get whole public key. 2015-08-13 Hani Benhabiles * omp/xml.c (handle_end_element): Fix unused function parameter warning. 2015-08-13 Hani Benhabiles * osp/osp.c (osp_get_scan): Add scan details parameter. * osp/osp.h: Adjust function prototype. 2015-08-13 Hani Benhabiles * nasl/nasl.c, nasl/smb_interface_stub.c, nasl/wmi_interface_stub.c: Fix unused function parameter warnings. 2015-08-13 Hani Benhabiles * misc/ldap_connect_auth.c (ldap_auth_info_new) (ldap_connect_authenticate, ldap_auth_info_free): Fix unused function parameter warnings. 2015-08-12 Hani Benhabiles * misc/CMakeLists.txt: Add -Wextra flag. * misc/ids_send.c (inject, injectv6), misc/kb_redis.c (select_database) (redis2kbitem, redis_get_pattern), misc/network.c (recv_line) (my_gnutls_transport_set_lowat_default), misc/openvas_auth.c (digest_hex, openvas_authenticate_classic), misc/openvas_logging.c (openvas_log_silent), misc/openvas_server.c (client_cert_callback) (openvas_server_vsendf_internal, my_gnutls_transport_set_lowat_default), misc/pcap.c (get_random_bytes), misc/plugutils.c (host_add_port_proto) (scanner_add_port, plug_get_key_sighand_term, plug_get_key_sigchld) (sig_term, sig_chld): Fix signedness and unused function parameters issues. 2015-08-12 Hani Benhabiles * omp/CMakeLists.txt: Add -Wextra flag. * omp/omp.c (omp_get_tasks, omp_get_targets), omp/xml.c (handle_start_element, handle_end_element, handle_text, handle_error) (foreach_print_attribute_format): Fix unused function parameters warning. 2015-08-12 Timo Pollmeier * base/credentials.h (credentials_t): Add field default_severity. 2015-08-11 Hani Benhabiles * omp/omp.c (omp_create_task_ext): Fix different signedness issue. * omp/omp.h (omp_get_report_opts_defaults, omp_get_tasks_opts_defaults) (omp_get_task_opts_defaults, omp_create_task_opts_defaults) (omp_get_system_reports_opts_defaults) (omp_create_lsc_credential_opts_defaults): Initialize appropriately. 2015-08-10 Hani Benhabiles * base/CMakeLists.txt: Add -Wextra. * base/nvti.c (nvti_free), base/openvas_hosts.c (openvas_host_type), base/openvas_networking.c (port_in_port_ranges): Fix signedness issue. (set_from_nvti): Rename to set_keyfile_info, don't take nvti parameter. (nvti_to_keyfile): Adjust set_keyfile_info() calls. * base/openvas_networking.h: Move down range_t definition. * base/openvas_hosts.h: Adjust function prototype. * base/test-hosts.c (main): Check argc. * osp/CMakeLists.txt: Add -Wextra. 2015-08-07 Timo Pollmeier * osp/osp.c (osp_param_name): New function. * osp/osp.h (osp_param_name): New function prototype. 2015-08-06 Hani Benhabiles * misc/plugutils.c, misc/plugutils.h (get_plugin_preference_file_size): Remove superfluous const qualifier as return value is long. 2015-08-04 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_get_host_key): Support pre 0.6.0 Libssh. Get MD5 key to behave similarly for both cases. Free allocated memory. 2015-07-30 Sven Haardiek * CMakeLists.txt: Change non release version style to fit better to debian 2015-07-29 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_get_host_key): New function. * nasl/nasl_ssh.h: Add function prototype. * nasl/nasl_init.c (libfuncs): Add nasl_ssh_get_host_keys(). 2015-07-20 Michael Wiegand * misc/openvas_server.c: Fix typos in documentation. 2015-07-17 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 8.1+beta2. 2015-07-17 Michael Wiegand Preparing the openvas-libraries 8.1+beta1 release. * CHANGES: Updated. * INSTALL: Note that Debian Jessie is now the reference system. 2015-07-14 Hani Benhabiles * osp/osp.c (osp_get_version): Gracefully handle errors in OSP protocol, instead of using assert(). 2015-07-10 Michael Wiegand * doc/Doxyfile.in, doc/Doxyfile_full.in: Updated directory list, harmonized settings with Doxygen configurations of other OpenVAS modules. 2015-07-10 Michael Wiegand * doc/Doxyfile.in, doc/Doxyfile_full.in: Updated Doxygen configuration files with Doxygen 1.8.8. 2015-07-10 Michael Wiegand * base/drop_privileges.c, base/test-hosts.c, base/cvss.c, base/nvti.c, base/openvas_networking.c, base/openvas_hosts.c, base/settings.c, base/openvas_hosts.h, base/nvticache.c, base/pwpolicy.c, omp/omp.c, omp/xml.c, misc/openvas_server.c, misc/network.c, misc/kb.h, misc/ldap_connect_auth.c, misc/openvas_auth.c, nasl/nasl_builtin_nmap.c, nasl/wmi_interface_stub.c, nasl/smb_interface_stub.c, nasl/smb_crypt.c, nasl/nasl_ssh.c: Fix documentation issues found with Doxygen. 2015-07-08 Hani Benhabiles Revert r22625. * misc/kb_redis.c (redis_vcommand, redis_command): Remove functions. (try_database_index, fetch_max_db_index_compat, fetch_max_db_index) (select_database, redis_release_db, redis_transaction_new) (redis_transaction_cmd, redis_transaction_end, redis_cmd): Use redisCommand() and redisvCommand(). 2015-06-25 Hani Benhabiles * base/nvticache.c (nvticache_get_oids): New function. * base/nvticache.h: Add function prototype. 2015-06-18 Hani Benhabiles * base/nvticache.c (nvticache_get_by_name_full, nvticache_get_names): New functions. (nvticache_get_by_oid_full): Use new function. (nvticache_get_oids): Remove function. * base/nvticache.h: Add prototypes. 2015-06-18 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_set_login): Check that username is not empty. (nasl_ssh_userauth): Return on nasl_ssh_set_login() error. 2015-06-17 Hani Benhabiles * nasl/nasl_ssh.c (exec_ssh_cmd): Zero buffer, reset retry counter on read success. 2015-06-15 Hani Benhabiles * misc/plugutils.h, misc/plugutils.c (plug_set_launch, plug_get_launch): Remove unused functions. 2015-06-11 Hani Benhabiles * misc/arglists.c (arg_prepend_value): New function. * misc/arglists.h: Add function prototype. * misc/prefs.c (prefs_set): Use new function. 2015-06-11 Hani Benhabiles * misc/plugutils.c (_add_plugin_preference) (plug_create_from_nvti_and_prefs): Remove functions. (get_plugin_preference): Use g_strchomp(). 2015-06-10 Hani Benhabiles * misc/plugutils.c (proto_post_wrapped, plug_get_key), nasl/nasl_builtin_find_service.c (plugin_run_find_service): Use global_socket instead of SOCKET. 2015-06-10 Matthew Mundell * misc/kb_redis.c (redis_vcommand, redis_command): New functions. Same as redisCommand and redisvCommand, but will retry after EINTR. (try_database_index, fetch_max_db_index_compat, fetch_max_db_index) (select_database, redis_release_db, redis_transaction_new) (redis_transaction_cmd, redis_transaction_end, redis_cmd): Use retry versions of command functions. 2015-06-05 Michael Wiegand * nasl/iconv.c: Remove unused const variable. 2015-06-04 Hani Benhabiles * base/nvticache.c (nvticache_get_oids): New function. * base/nvticache.h: Add function prototype. 2015-06-03 Sven Haardiek * CMakeLists.txt: Enable preprocessor defition for OPENVAS_PID_DIR 2015-06-03 Michael Wiegand Add support for handling timeout option to omp_authenticate_info_ext (). * omp/omp.c (omp_authenticate_info_ext): Use try_read_entity () instead of read_entity () to allow for timeouts. Make function description more accurate. * omp/omp.h (omp_authenticate_info_opts_t): Add timeout value to options. (omp_authenticate_info_opts_defaults): New function to initialize timeout option to 0 for backward compatibility. 2015-06-01 Hani Benhabiles * misc/network.c (open_sock_tcp): Limit timeout log messages to 3 times per port. 2015-06-01 Benoît Allard * nasl/nasl_tree.c (nasl_type_name): Fix a condition operator. 2015-06-01 Benoît Allard * base/test-hosts.c (main): Fix the format string for unsigned ints. 2015-06-01 Benoît Allard * misc/kb_redis.c (redis_cmd), nasl/nasl_crypto.c (nasl_ntlmv1_hash): Fix two cppcheck errors. 2015-06-01 Michael Wiegand Add support for handling timeout options to omp_get_tasks_ext () and omp_get_report_ext (). * omp/omp.c (omp_get_tasks_ext, omp_get_report_ext): Use try_read_entity () instead of read_entity () to allow for timeouts. Adjust function description to include new return value. * omp/omp.h (omp_get_report_opts_t, omp_get_tasks_opts_t): Add timeout value to options. (omp_get_report_opts_defaults, omp_get_tasks_opts_defaults): Initialize timeout option to 0 for backward compatibility. * omp/xml.c (try_read_entity): Note possible timeout return value in comment. 2015-05-27 Michael Wiegand Improve handling of library flags to allow static build for "misc" and "nasl" as well. * misc/CMakeLists.txt: Link against redis for static linking. * nasl/CMakeLists.txt: Link against libm for static linking as well. Check for gio as openvas-nasl-lint uses it. Properly link openvas-nasl-lint against glib and gio. 2015-05-27 Michael Wiegand Improve handling of GnuTLS flags to ensure that the GnuTLS library found by pkg-config correctly takes precedence over other instances. * misc/CMakeLists.txt: Add GNUTLS_INCLUDE_DIRS to include_directories, uses GNUTLS_LDFLAGS when linking. * base/CMakeLists.txt: Add GNUTLS_INCLUDE_DIRS to include_directories, use GNUTLS_LDFLAGS (at the correct position) when linking. 2015-05-26 Sven Haardiek * doc/openvas-nasl-lint.1: Added this manpage for openvas-nasl-lint * CMakeLists.txt: Install manpage for openvas-nasl-lint 2015-05-26 Sven Haardiek * doc/openvas-nasl.1: Replaced minus-sign with hyphen 2015-05-26 Hani Benhabiles * nasl/nasl_init.c (libfuncs): Add snmpv2c_get(). * nasl/nasl_snmp.c (snmpv1_get): Add version parameter. Rename to snmpv1v2c_get(). (nasl_snmpv2c_get, nasl_snmpv1v2c_get): New functions. (nasl_snmpv1_get): Adjust to call new function. * nasl/nasl_snmp.h: Add function prototype. 2015-05-22 Matthew Mundell * misc/ldap_connect_auth.c (ldap_auth_info_from_function): Remove. No longer used. (ldap_auth_info_new): Define dummy version. * misc/ldap_connect_auth.h: Update headers accordingly. 2015-05-22 Matthew Mundell * misc/ldap_connect_auth.c: Define dummy functions when ENABLE_LDAP_AUTH is not defined. 2015-05-22 Matthew Mundell * doc/example.auth.conf: Remove. No longer used. 2015-05-21 Matthew Mundell Remove remaining unused parts of auth. * misc/openvas_auth.c: Remove file doc which is out of date. (authenticators, ldap_connect_configured, struct authenticator) (authenticator_t, get_ldap_info, order_compare) (classic_authenticator_new): Remove. No longer used. (openvas_auth_init_funcs): Remove. Now openvas_auth_init. (openvas_auth_init): New function. Was openvas_auth_init_funcs. Remove ldap arg. * misc/openvas_auth.h: Update headers accordingly. 2015-05-21 Matthew Mundell * misc/openvas_auth.c (classic_get_hash): Remove. No longer used. (openvas_auth_init_funcs): Remove get_hash arg. (openvas_authenticate_classic): Replace unused data arg with hash arg. Use hash arg instead of calling function. * misc/openvas_auth.h: Update headers accordingly. 2015-05-21 Matthew Mundell Remove the mechanism for multiple configurable authentication methods, and associated functions. Expose the basics of classic and LDAP auth so that Manager can call these. * src/CMakeLists.txt (FILES, HEADERS): Add ldap_connect_auth files. * misc/ldap_connect_auth.h: Expose some headers even when LDAP is not compiled, so that Manager can refer to them. * misc/openvas_auth.c: (struct authenticator): Remove fields. No longer used. (openvas_auth_ldap_enabled): New function. (classic_authenticator_new): Remove fields. (openvas_auth_init_funcs): Remove callback args. No longer used. (openvas_authenticate_classic): Export for Manager. (can_user_ldap_connect, openvas_authenticate_method) (openvas_user_uuid_method, openvas_user_exists_classic) (ldap_connect_user_exists, openvas_user_exists) (openvas_user_uuid): Remove. * misc/openvas_auth.h: Update headers accordingly. 2015-05-21 Matthew Mundell Remove usage of auth.conf. Get LDAP settings from manager callback instead. * misc/ldap_connect_auth.c (ldap_auth_info_from_key_file): Remove. No longer used. (ldap_auth_info_from_function): New function. (ldap_auth_info_new): Remove is_connnect arg. * misc/ldap_connect_auth.h: Update headers accordingly. * misc/openvas_auth.c (AUTH_CONF_FILE, GROUP_PREFIX_METHOD) (KEY_ORDER, auth_method_from_string, add_authenticator): Remove. No longer used. (openvas_auth_init_funcs): Add get_ldap_information arg. Add only two authenticators, file and ldap_connect. And add them by hand. (openvas_auth_write_config): Remove. No longer used. * misc/openvas_auth.h: Update headers accordingly. 2015-05-21 Hani Benhabiles * misc/plugutils.c (plug_get_key), nasl/nasl_builtin_find_service.c (plugin_run_find_service): Remove useless socket duplication to fixed value of 4. 2015-05-20 Matthew Mundell Remove unused LDAP elements. * misc/ldap_connect_auth.c (KEY_LDAP_ROLE_ATTRIBUTE, (KEY_LDAP_ROLE_USER_VALUES, KEY_LDAP_ROLE_ADMIN_VALUES) (KEY_LDAP_ROLE_OBSERVER_VALUES, KEY_LDAP_RULE_ATTRIBUTE) (KEY_LDAP_RULETYPE_ATTRIBUTE): Remove. No longer used. (ldap_auth_info_from_key_file, ldap_auth_info_new): Remove role and rule fields. * misc/ldap_connect_auth.h: Update header accordingly. (struct ldap_auth_info): Remove role and rule fields. * misc/openvas_auth.c (user_set_role): Remove. No longer used. (openvas_auth_init_funcs): Remove set_role. No longer used. * misc/openvas_auth.h: Update header accordingly. 2015-05-18 Michael Wiegand * omp/xml.c (read_entity_and_string): Fix misleading comment. read_entity_and_string () has no timeout parameter and calls try_read_entity_and_string () with timeout set to 0, so it cannot return -4. 2015-05-11 Hani Benhabiles * misc/network.c (open_sock_tcp): Always log time-out message. 2015-05-11 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_exclude): When in resolve mode, also check whether a hostname's resolved IP address is excluded. (openvas_host_value_str): Remove g_malloc0() return value check. * base/test-hosts.c (main): Add test for excluded hosts with 2nd cli argument. 2015-04-30 Hani Benhabiles * misc/network.c (open_sock_tcp): Fix NDEBUG value check. 2015-04-30 Michael Wiegand Explicitly link against used libraries. * omp/CMakeLists.txt: libopenvas_omp uses libopenvas_misc, so link against it. * base/CMakeLists.txt: libopenvas_base no longer depends on libopenvas_omp, stop linking against it. libopenvas_base uses libgnutls, so link against it. 2015-04-30 Hani Benhabiles * misc/network.c (open_sock_tcp): Wrap time-out log message in NDEBUG definition test. 2015-04-28 Michael Wiegand * base/openvas_networking.c (openvas_ssh_public_from_private): Ensure openvas-libraries builds with GLib =< 2.30 by wrapping g_mkdtemp_full () in an ifdef and falling back to mkdtemp () when using older GLib versions. Based on patch suggested by Miguel Angel Cabrera Moya. 2015-04-27 Michael Wiegand Move OSP related code into new submodule "osp". This removes the cyclic dependency between "base" and "omp" introduced in r19335. The new submodule currently has dependencies on "base", "misc" and "omp". * CMakeLists.txt: Add handling of "osp/" subdirectory and of pkg-config file for libopenvas_osp. * libopenvas_osp.pc.in: New pkg-config file for libopenvas_osp. * osp/: New. Contains "osp" submodule. * osp/CMakeLists.txt: New. CMakeLists for "osp" submodule. * osp/osp.c: New. Moved here from "base/osp.c", minor adjustments for new location. * osp/osp.h: New. Moved here from "base/osp.h", adjust module name in header for consistency. * base/osp.c: Removed. Moved to "osp/osp.c". * base/osp.h: Removed. Moved to "osp/osp.h". * base/CMakeLists.txt: Remove handling of osp.h and osp.c. 2015-04-27 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_shell_open): Free ssh channel after closing it. 2015-04-27 Michael Wiegand * base/CMakeLists.txt: Link against libssh since base uses it. 2015-04-24 Michael Wiegand * libopenvas_base.pc.in, libopenvas_misc.pc.in, libopenvas_omp.pc.in, libopenvas_nasl.pc.in: Move dependencies from "Requires" to "Requires.private" to prevent overlinking when libopenvas_* is linked against. Update minimum versions to match CMakeLists.txt and INSTALL. 2015-04-21 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_shell_open, nasl_ssh_shell_write): Improve error messages. 2015-04-17 Hani Benhabiles * nasl/nasl_text_utils.c (nasl_egrep): Allocate extra byte as a \n is appended when regex matches. 2015-04-17 Michael Wiegand * CMakeLists.txt: Retrieve SNMP_LDFLAGS only when the libsnmp development libraries were found as net-snmp-config may be present without them. 2015-04-15 Hani Benhabiles Revert r22092 as nasl_perror() could be called before nvticache initialization. * nasl/exec.c (exec_nasl_script): Don't set script name in script_infos arglist. * nasl/nasl_debug.c (nasl_perror): Get script name from nvticache. * base/nvticache.c (nvticache_get_src): Add null check. 2015-04-15 Timo Pollmeier * omp/omp.c (omp_create_task_ext): Check and insert correct id for schedules. 2015-04-10 Hani Benhabiles * base/osp.c (osp_start_scan): Take result pointer as function argument. Return int for success or failure. * base/osp.h: Adjust function prototype. 2015-04-10 Hani Benhabiles * nasl/exec.c (exec_nasl_script): Don't set script name in script_infos arglist. * nasl/nasl_debug.c (nasl_perror): Get script name from nvticache. 2015-04-09 Hani Benhabiles * base/nvticache.c (nvticache_get): Cache nvt dependencies. (nvticache_get_dependencies): New function. * base/nvticache.h: Add function prototype. 2015-04-09 Hani Benhabiles * nasl/nasl_scanner_glue.c (script_tag): Use nasl_perror() to report error, and return directly after that. 2015-04-09 Hani Benhabiles * base/nvticache.c (nvticache_get): Cache nvt excluded_keys, mandatory_keys, required_keys, required_ports, required_udp_ports, category and timeout. (nvticache_get_required_keys, nvticache_get_mandatory_keys) (nvticache_get_excluded_keys, nvticache_get_required_udp_ports) (nvticache_get_required_ports, nvticache_get_category) (nvticache_get_timeout): New functions. * base/nvticache.h: Add functions prototypes. 2015-04-08 Hani Benhabiles * nasl/nasl_scanner_glue.c (script_tag): Add log message when tag value contains | separator. 2015-04-08 Hani Benhabiles * base/nvticache.c (nvticache_get_oid): Fix pattern to search for filename when not exact name is not found. 2015-04-07 Jan-Oliver Wagner * base/nvticache.c: Fix include path to make it build. 2015-04-07 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set version to 8.1.0 and status to beta. 2015-04-07 Hani Benhabiles * base/nvticache.c (nvticache_get): Set oid keys and filename keys under different kb pattern. (nvticache_get_by_oid_full, nvticache_get_src, nvticache_get_oid): Adjust to get values from correct patterns. 2015-04-07 Hani Benhabiles Use Redis to for in-memory nvts oid and filename cache instead of a hash table. Reduces memory usage by ~5M per process. * base/nvticache.c (cache_kb): New variable. Replaces nvtis. (nvticache_initialized, nvticache_init, nvticache_free, nvticache_get) (nvticache_add, nvticache_get_by_oid_full, nvticache_get_src): Adjust to use KB instead of glib hashtable. (nvticache_get_oid, nvticache_reset): New functions. (nvticache_get_filename): Remove function. * base/nvticache.h: Adjust functions prototypes. * misc/plugutils.c (plug_get_key), nasl/nasl_builtin_find_service.c (plugin_run_find_service): Call nvticache_reset() after fork. 2015-04-03 Hani Benhabiles * base/nvticache.h (nvticache_t): Remove struct. * base/nvticache.c (nvticache): Remove variable. (nvtis, cache_path, src_path): New variables. (nvticache_initialized, nvtiache_init, nvticache_free, nvticache_get) (nvticache_add, nvticache_get_by_oid_full, nvticache_get_src) (nvticache_get_filename): Adjust to use new variables. 2015-04-02 Hani Benhabiles * base/openvas_hosts.c (openvas_host_reverse_lookup): Export function. * base/openvas_hosts.h: Add function prototype. * nasl/nasl.c (init): Add fqdn function argument. (main): Set the fqdn value as reverse lookup of a host when available. 2015-04-01 Hani Benhabiles Replace hostinfos arglist with struct host_info. * misc/network.c (host_info_init, host_info_free): New functions. * misc/network.h: Add functions prototypes. (struct host_info): New structure. * misc/plugutils.c (plug_get_hostname, plug_get_host_fqdn) (plug_get_host_ip), nasl/nasl_builtin_find_service.c (plugin_do_run), nasl/nasl_builtin_openvas_tcp_scanner.c (plugin_run_openvas_tcp_scanner), nasl/nasl_builtin_synscan.c (plugin_run_synscan): Adjust to get a host_info instead of an arglist. * nasl/nasl.c (init_hostinfos): Remove function. (init): Adjust to use host_info_init() instead of init_hostinfos(). (main): Adjust init() call. 2015-04-01 Hani Benhabiles * misc/ids_send.c (tcp_cksum) nasl/nasl_packet_forgery.c (forge_tcp_packet, forge_udp_packet, set_tcp_elements) (set_udp_elements), nasl/nasl_packet_forgery_v6.c (forge_tcp_v6_packet) (set_tcp_v6_elements, forge_udp_v6_packet, set_udp_v6_elements) (forge_icmp_v6_packet): Simplify g_malloc0() calls for better readability. An extra byte wouldn't hurt and memory allocators do round up to a higher value anyway. 2015-04-01 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 8.0.2. 2015-04-01 Jan-Oliver Wagner Preparing the openvas-libraries 8.0.1 release. * CHANGES: Updated. 2015-03-31 Hani Benhabiles * base/openvas_networking.c (openvas_ssh_public_from_private): Add key type in LibSSH 0.5 case. 2015-03-31 Hani Benhabiles * misc/arglists.c (arg_add_value, arg_set_value): Remove length function parameter. * misc/arglists.h: Adjust function prototypes. (struct arglist): Remove unused length element. * misc/plugutils.c (plug_set_launch, plug_get_key), misc/prefs.c (prefs_set), nasl/exec.c (exec_nasl_script), nasl/nasl.c (init_hostinfos, init, parse_script_infos), nasl/nasl_builtin_find_service.c (plugin_run_find_service), nasl/nasl_misc_funcs.c (nasl_start_denial), nasl/nasl_socket.c (add_udp_data): Adjust arg_add_value() and arg_set_value() calls. 2015-03-31 Hani Benhabiles * nasl/nasl_ssh.c (do_nasl_ssh_disconnect): Check channel is not null before calling ssh_channel_close(). Fixes segfault on libssh 0.5. 2015-03-31 Hani Benhabiles * nasl/nasl_builtin_find_service.c (plugin_do_run): Fix possible double-free and adjust banner variable check. 2015-03-30 Hani Benhabiles * nasl/nasl_host.c (get_host_ip, nasl_this_host), nasl/nasl_smb.c (nasl_smb_connect, nasl_win_cmd_exec), nasl/nasl_wmi.c (nasl_wmi_connect, nasl_wmi_connect_rsop, nasl_wmi_connect_reg): Use addr6_as_str(). 2015-03-27 Hani Benhabiles * misc/arglists.c (arg_get_value_int): New function. * misc/arglists.h: Add function prototype. * misc/plugutils.c (plug_get_launch, proto_post_wrapped, plug_get_key), nasl/nasl_builtin_find_service.c (plugin_run_find_service), nasl/nasl_misc_funcs.c (nasl_end_denial): Use arg_get_value_int(). 2015-03-27 Hani Benhabiles * nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab): Remove unused hostinfos function argument. (plugin_run_openvas_tcp_scanner): Adjust function call. 2015-03-26 Hani Benhabiles * misc/network.c (auth_printf, auth_send, auth_gets): Remove functions. * misc/network.h: Remove functions prototypes. 2015-03-25 Hani Benhabiles * base/openvas_file.c (openvas_export_file_name): Remove useless variables values setting. * nasl/nasl_packet_forgery.c (set_tcp_elements, nasl_send_packets), nasl/nasl_grammar.y (mylex): Fix null pointer checks. * misc/internal_com.h (INTERNAL_COMM_CTRL_STOP): Remove inused definition. 2015-03-25 Matthew Mundell * base/openvas_file.c (openvas_export_file_name): Check that strings are long enough beofre g_strndup. Check if strptime return is NULL before calling strlen on it. Add missing space. 2015-03-25 Matthew Mundell * omp/omp.c (omp_delete_port_list_ext): New function. * omp/omp.h: Add header accordingly. 2015-03-23 Michael Wiegand Fix includes of math.h. * nasl/nasl_builtin_openvas_tcp_scanner.c: Add reason for include. * nasl/nasl_scanner_glue.c: Remove superfluous include. 2015-03-23 Michael Wiegand * nasl/CMakeLists.txt: Remove duplicate flags. 2015-03-23 Michael Wiegand * INSTALL: Document what needs to be done to build a statically linked version of OpenVAS Libaries. 2015-03-20 Michael Wiegand * libopenvas_misc.pc.in: Set libgcrypt as "Libs.private" so pkg-config knows it is needed for static linking against libopenvas_misc. 2015-03-20 Michael Wiegand * base/CMakeLists.txt: Build test-hosts only with dynamic linking for the time being due to issue with statically linking the binary. Add TODO. 2015-03-20 Michael Wiegand * libopenvas_base.pc.in: Make gio dependency visible for pkg-config. 2015-03-18 Matthew Mundell * base/drop_privileges.c (drop_privileges): Drop supplementary groups too. * base/drop_privileges.h: Add define accordingly. 2015-03-17 Hani Benhabiles * nasl/nasl_snmp.c (snmpv3_get): Add privacy password and privacy protocol support, rename password and algorithm to authpass and authproto for consistency. (nasl_snmpv3_get): Add privpass and privproto arguments and add adequate values checks. Rename password to authpass and algorithm to authproto. * nasl/nasl_init.c (libfuncs): Adjust snmpv3_get() function arguments. 2015-03-16 Hani Benhabiles * nasl/nasl_snmp.c (snmp_get): Return integer for success or failure, Add function parameter for string result, and adjust function accordingly. (snmpv3_get, snmpv1_get): Adjust for snmp_get() function change. (array_from_snmp_result): New function. (nasl_snmpv3_get, nasl_snmpv1_get): Adjust for called functions changes and use array_from_snmp_result() accordingly. (proto_is_valid): Document function. 2015-03-16 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 8.0.1. 2015-03-16 Michael Wiegand Preparing the openvas-libraries 8.0.0 release. * CHANGES: Updated. * CMakeLists.txt: Switch version scheme. 2015-03-13 Hani Benhabiles * misc/plugutils.c (get_plugin_preference): Improve code style. 2015-03-04 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_userauth): Don't get any of the credentials from the KB if one is already provided as function argument. This fixes KB password taking presedence over argument private keys, for example. 2015-03-03 Hani Benhabiles * base/openvas_networking.c: Add include to fix build issue on some systems. 2015-03-03 Hani Benhabiles * base/openvas_networking.c (openvas_ssh_pkcs8_decrypt): Fix function call. 2015-03-03 Hani Benhabiles * base/openvas_networking.c: Add include to fix build issue on some systems. 2015-03-03 Hani Benhabiles * base/openvas_networking.c (openvas_ssh_pkcs8_decrypt) (openvas_ssh_public_from_private): New. Moved and adjusted from openvas_ssh_login.c. * base/openvas_networking.h: Add new functions prototypes. * misc/openvas_ssh_login.c, misc/openvas_ssh_login.h: Remove files. * nasl/nasl_ssh.c (add_tlv, pkcs8_to_sshprivatekey): Remove unused functions. (my_ssh_pki_import_privkey_base64): Call openvas_ssh_pkcs8_decrypt() instead of pkcs8_to_sshprivatekey(). * COPYING, misc/CMakeLists.txt: Adjust for openvas_ssh_login.{c,h} removal. 2015-03-03 Hani Benhabiles * misc/openvas_ssh_login.c (ssh_pkcs8_to_private): Replace gnutls_x509_privkey_export2() with gnutls_x509_privkey_export() as it is not available in GnuTLS 2.12. 2015-03-02 Hani Benhabiles * base/osp.c, base/osp.h (osp_param_name, osp_param_type), misc/plugutils.c (plug_get_port_transport_name): Remove unused functions. * base/hash_table_file.c, base/hash_table_file.h: Remove files containing unused functions. * COPYING, base/CMakeLists.txt: Adjust for hash_table_file.{c,h} removal. 2015-03-02 Hani Benhabiles * misc/openvas_ssh_login.c (file_check_exists, openvas_ssh_login_new) (openvas_ssh_login_free, read_from_keyfile) (openvas_ssh_login_file_read_buffer): Remove functions. (ssh_pkcs8_to_private): New function. (openvas_ssh_public_from_private): Support PKCS#8 encrypted ssh keys. * misc/openvas_ssh_login.h: Remove unused prototypes and definitions. 2015-02-24 Hani Benhabiles * misc/openvas_ssh_login.c (openvas_ssh_public_from_private): Add ssh key type to the exported public key string. 2015-02-23 Timo Pollmeier * omp/omp.c (OMP_FMT_STRING_ATTRIB): New function-style macro. (omp_get_report_ext): Add new options max_results, host_first_result, host_max_results, type, host, pos, timezone, alert_id, delta_report_id, delta_states, host_levels, search_phrase, host_search_phrase, min_cvss_base, min_qod, notes, notes_details, ignore_pagination. (omp_get_system_reports_ext): Add new option slave_id. * omp/omp.h (omp_get_report_opts_t): Add fields for new options. (omp_get_report_opts_defaults): Initialize report_id, first_result, max_results. (omp_get_system_reports_opts_t): Add new field slave_id. 2015-02-20 Timo Pollmeier * omp/omp.c (omp_create_task_ext): Add options alterable, hosts_ordering, scanner, schedule, schedule_periods, slave_id, in_assets, source_iface, alerts, observers, observer_groups. * omp/omp.h: Add #include "../base/array.h". (omp_create_task_opts_t): Add new options listed above. 2015-02-17 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_userauth): Don't attempt to authenticate if provided private key is empty. 2015-02-17 Hani Benhabiles Replace custom dynamic buffer implementation with glib's GString. * nasl/nasl_ssh.c (membuf_t): Remove struct. (init_membuf, put_membuf, put_membuf_str, put_membuf_comma_str) (put_membuf_byte, get_membuf): Remove functions. (g_string_comma_str): New function. (add_tlv, pkcs8_to_sshprivatekey, exec_ssh_cmd, nasl_ssh_request_exec) (nasl_ssh_get_auth_methods): Adjust to use GString instead of membuf_t. 2015-02-16 Hani Benhabiles * nasl/nasl_ssh.c (read_ssh_nonblocking, nasl_ssh_shell_read): Adjust to use g_string_* functions instead of membuf. 2015-02-16 Hani Benhabiles * nasl/nasl_init.c (libfuncs): Add ssh_shell_open, ssh_shell_read and ssh_shell_write functions. * nasl/nasl_ssh.c (session_table_item_s): Add channel element. (do_nasl_ssh_disconnect): Close channel too. (exec_ssh_cmd): Improve code style. (request_ssh_shell, nasl_ssh_shell_open, read_ssh_nonblocking) (nasl_ssh_shell_read, nasl_ssh_shell_write): New functions. * nasl/nasl_ssh.h: Add new functions prototypes. 2015-02-12 Hani Benhabiles * nasl/nasl_ssh.c (exec_ssh_cmd): Handle reading response loop using nonblocking interface and passive waiting to handle infinite loop case. 2015-02-11 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 8.0+beta7. 2015-02-11 Michael Wiegand Preparing the openvas-libraries 8.0+beta6 release. * CHANGES: Updated. 2015-02-11 Hani Benhabiles * nasl/nasl_ssh.c (exec_ssh_cmd): Revert to using ssh_channel_read() as ssh_channel_read_timeout() is a recently added function. 2015-02-11 Hani Benhabiles * nasl/nasl_ssh.c (exec_ssh_command): New function. Set timeout and rework response reading loop to fix infinite loop case. (nasl_ssh_request_exec): Refactor code to use exec_ssh_command() accordingly. 2015-02-10 Timo Pollmeier * omp/omp.h (omp_create_target_opts_t): Add field esxi_credential_id. * omp/omp.c (omp_create_target_ext): Handle new esxi_credential_id option to select ESXi credentials. 2015-02-10 Timo Pollmeier * omp/omp.h (omp_create_target_opts_t): Add fields exclude_hosts, alive_tests, reverse_lookup_only, reverse_lookup_unify. * omp/omp.c (omp_create_target_ext): Handle options exclude_hosts, alive_tests, reverse_lookup_only, reverse_lookup_unify. Free all temporary strings at the end. 2015-02-10 Matthew Mundell * omp/omp.c (omp_create_lsc_credential_ext): New function. * omp/omp.h: Add headers accordingly. 2015-02-09 Hani Benhabiles * misc/scanners_utils.c, misc/scanners_utils.h: Remove files. * nasl/nasl_builtin_nmap.c, nasl/nasl_builtin_synscan.c, nasl/nasl_scanner_glue.c: Adjust headers includes. * COPYING: Remove scanners_utils.[c,h] license details. * misc/CMakeLists.txt: Delete removed files from build process. * misc/network.c (getpts, qsort_compar): New functions. * misc/network.h: Add getpts() prototype. 2015-02-09 Matthew Mundell * omp/omp.c (omp_create_target_ext): Add SSH port option. * omp/omp.h (omp_create_target_opts_t): Add ssh_credential_port. (omp_create_target_opts_defaults): Init ssh_credential_port. 2015-02-06 Hani Benhabiles * misc/network.c, misc/openvas_server.c, nasl/nasl_ssh.c: Remove work-arounds for old gnutls versions < 2.12 which are unsupported. 2015-02-06 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_userauth): Refactor code. Always try to get the private key and keep support for empty passwords. Based on patch by Michel Pelletier. 2015-02-04 Hani Benhabiles * nasl/nasl_packet_forgery.c (pseudo_udp_hdr): Add an extra byte for padding so that the udp checksum is calculated correctly. 2015-01-23 Michael Wiegand Simplify handling of library flags in CMakeLists.txt files, thereby removing the need for clumsy workarounds. * CMakeLists.txt: Remove redundant queries of library flags which were already retrieved by CMake. * base/CMakeLists.txt: Check for libraries with pkg_check_modules. Set include directories with include_directories instead of target properties. * misc/CMakeLists.txt: Check for libraries with pkg_check_modules. Set include directories with include_directories instead of target properties. * omp/CMakeLists.txt: Set include directories with include_directories instead of target properties. Remove quotes in target_link_libraries so that CMake lists get expanded correctly. Use GNUTLS_LDFLAGS retrieved by pkg_check_modules instead of hardcoding value. * nasl/CMakeLists.txt: Check for libraries with pkg_check_modules. Set include directories with include_directories instead of target properties. Remove quotes in target_link_libraries so that CMake lists get expanded correctly. Remove duplication of WMI related flags and variables. 2015-01-22 Hani Benhabiles * base/osp.h: Move struct osp_param definition to base/osp.c as as it is not unused elsewhere. 2015-01-22 Hani Benhabiles * base/osp.c (osp_get_scanner_description): Remove function. (osp_get_scanner_params): Rename to osp_get_scanner_details(). Also return the scanner's description. * base/osp.h: Export struct osp_param. Remove and modify functions prototypes. * misc/ids_send.c (ids_send): Return on getpeername() error. 2015-01-20 Jan-Oliver Wagner * doc/wmi-howto.txt: Removed. This is not required anymore since we we use openvas-smb. * INSTALL: Fixed recommend from wmi to openvas-smb 2015-01-19 Hani Benhabiles * base/osp.c (osp_get_version): Update function documentation. (osp_get_scanner_description): New function. * base/osp.h: Add new function prototype. 2015-01-19 Benoît Allard * nasl/nasl_smb.ci (nasl_win_cmd_exec): Fix memory leak of 'ip'. 2015-01-19 Benoît Allard * base/osp.c: Fix redefinition of osp_connection_t. 2015-01-19 Hani Benhabiles Fix build warnings in Release mode. * base/osp.c (osp_param_str_to_type, osp_param_type_str): Always return values. * nasl/nasl_ssh.c (nasl_ssh_request_exec): Zero compat_buf buffer. 2015-01-16 Jan-Oliver Wagner Switch dependency and build procedure from wmi package to openvas-smb. This is based on a patch by Andre Heinecke. * CMakeLists.txt: Switch dependencies from wmiclient to libopenvas_wmiclient and from wmicmd to libopenvas_wincmd. * nasl/CMakeLists.txt: Consider libopenvas_smb methods for variable setting instead wmi methods. 2015-01-15 Hani Benhabiles * base/osp.c (osp_get_scanner_version): Also extract scanner name, daemon name, daemon version, protocol name and protocol version. Rename function to osp_get_version(). * base/osp.h: Rename function prototype. 2015-01-15 Michael Wiegand * CMakeLists.txt: Remove duplicate cmake_minimum_required. 2015-01-15 Michael Wiegand * base/CMakeLists.txt: Link test-hosts with the correct library when in a static build. 2015-01-12 Michael Wiegand Add check for required libgcrypt. It was already expected to be present (see usage of libgcrypt-config), but never checked for. Starting with GnuTLS 3.0, libgcrypt is no longer a dependency of libgnutls, so a separate check is required anyway for the future. * CMakeLists.txt: Try to find libgcrypt before calling libgcrypt-config. Raise SEND_ERROR if the library can not be found. * INSTALL: Note libgcrypt as prerequisite. 2015-01-12 Michael Wiegand * nasl/CMakeLists.txt: Check for bison before attempting to use it. 2015-01-12 Michael Wiegand * CMakeLists.txt, misc/CMakeLists.txt: Make it a SEND_ERROR instead of a FATAL_ERROR if a required library was not found with find_library. This mimics the behavior of pkg_check_modules and makes it possible for the user to gather all required libraries after one CMake run instead of having to step through all dependencies one by one. Remove now obsolete TODO. 2015-01-12 Michael Wiegand * CMakeLists.txt: Check if pkg-config was found. Abort and log a fatal error if it is not found. 2015-01-12 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 8.0+beta6. 2015-01-12 Michael Wiegand Preparing the openvas-libraries 8.0+beta5 release. * CHANGES: Updated. 2015-01-08 Matthew Mundell * misc/openvas_server.c (server_attach_internal): Use unsigned int for retries, to avoid passing negatives to the sleep function. 2015-01-08 Matthew Mundell * misc/openvas_server.c (server_attach_internal): Sleep between retries of gnutls_handshake. 2015-01-08 Hani Benhabiles * INSTALL: Update to mention netsnmp for improved SNMP support. 2015-01-06 Timo Pollmeier * base/openvas_file.c (openvas_export_file_name): Add parameters name and format_name and support new placeholders %F (report format) and %N (name). Escape quote marks (") in format string. * base/openvas_file.h (openvas_export_file_name): Update parameters. 2014-12-30 Jan-Oliver Wagner * nasl/nasl_http.c (_http_req): Added comments to explain the handling of port 80 and 443. 2014-12-29 Hani Benhabiles * nasl/nasl_http.c (_http_req): Don't append port number in host header in 443 value case too. 2014-12-29 Hani Benhabiles * nasl/nasl_http.c (_http_req): Don't append port number to http host header when its value is 80. 2014-12-19 Michael Wiegand * doc/wmi-howto.txt: Document location of latest patch and describe how the patch should be applied. 2014-12-17 Hani Benhabiles * misc/plugutils.c (proto_post_wrapped, get_plugin_preference): Add function parameter null checks. 2014-12-15 Hani Benhabiles * base/osp.h (OSP_PARAM_TYPE_SELECTION): New enum value. * base/osp.c (osp_param_str_to_type, osp_param_type_str): Handle OSP_PARAM_TYPE_SELECTION case accordingly. 2014-12-15 Jan-Oliver Wagner * omp/omp.c (omp_resume_or_start_task_report, omp_resume_or_start_task): Removed. * omp/omp.h: Removed protos accordingly. 2014-12-12 Jan-Oliver Wagner * omp/omp.c (omp_resume_stopped_task_report): Renamed to omp_resumt_task_report and apply the xml command resume_task instead of resume_stopped_task. * omp/omp.h: Adjust proto accordingly. 2014-12-12 Hani Benhabiles * base/osp.h (OSP_PARAM_TYPE_OVALDEF_FILE): New enum value. * base/osp.c (osp_param_str_to_type, osp_param_type_str): Handle OSP_PARAM_TYPE_OVALDEF_FILE case accordingly. 2014-12-09 Hani Benhabiles * base/openvas_networking.c (addr6_as_str): New function. * base/openvas_networking.h: Add new function prototype. * misc/plugutils.c (plug_get_host_ip_str), misc/www_funcs.c (build_encode_URL), nasl/nasl_host.c (nasl_this_host): Refactor code to use addr6_as_str() * misc/network.c (open_sock_tcp): Adjust code to use plug_get_host_ip_str(). 2014-12-09 Hani Benhabiles * misc/plugutils.c (plug_get_host_ip_str): New function. * misc/plugutils.h: Add new function header. * nasl/nasl_init.c (libfuncs): Adjust snmpv1_get() and snmpv3_get() function arguments. * nasl/nasl_snmp.c (proto_is_valid): New function. (nasl_snmpv1_get, nasl_snmpv3_get): Take port and protocol as function arguments instead instead of peername. Adjust functions accordingly. 2014-12-08 Jan-Oliver Wagner * misc/arglists.c (arg_dup): Removed unused method. * misc/arglists.h: Removed proto accordingly. 2014-12-04 Hani Benhabiles * nasl/nasl_init.c (libfuncs): Add snmpv3_get() nasl function. * nasl/nasl_snmp.c (snmp_get, snmpv3_get, nasl_snmpv3_get): New functions. (snmpv1_get): Refactor code and call snmp_get() accordingly. 2014-12-03 Hani Benhabiles * nasl/nasl_socket.c (nasl_open_privileged_socket): Call openvas_register_connection() with OPENVAS_ENCAPS_IP encapsulation. 2014-12-02 Hani Benhabiles * CMakeLists.txt: Add check for netsnmp-dev. * nasl/CMakeLists.txt: Define HAVE_NETSNMP based on netsnmp-dev presence. 2014-12-02 Hani Benhabiles * nasl/nasl_builtin_find_service.c (plugin_do_run): Add Host header to HTTP get request. 2014-12-02 Hani Benhabiles * misc/www_funcs.c (build_encode_URL), nasl/nasl_builtin_find_service.c (plugin_do_run): Revert previous change for the being time. 2014-12-02 Hani Benhabiles * misc/www_funcs.c (build_encode_URL), nasl/nasl_builtin_find_service.c (plugin_do_run): Use HTTP version 1.1 instead of version 1.0. 2014-12-01 Timo Pollmeier * base/credentials.h (credentials_t): Add components severity_class and dynamic_severity. * base/credentials.c (free_credentials): Free severity_class and set dynamic_severity to 0. 2014-11-28 Hani Benhabiles * nasl/nasl_snmp.c: Put headers includes within HAVE_NETSNMP check. 2014-11-28 Hani Benhabiles * nasl/nasl_snmp.c, nasl/nasl_snmp.h: New files. * CMakeLists.txt: Get netsnmp ld flags. (HAVE_NETSNMP): New variable. * nasl/CMakeLists.txt: Add nasl_snmp.c and netsnmp ld flags to build process. * nasl/nasl_init.c (libfuncs): Add snmpv1_get() function when netsnmp is available. 2014-11-27 Jan-Oliver Wagner * CHANGES: Fixed paste accident. 2014-11-27 Hani Benhabiles * nasl/nasl.c (init_hostinfos): Don't set useless PORTS value. 2014-11-26 Timo Pollmeier * base/openvas_file.c: Add #define _GNU_SOURCE and include and . (openvas_export_file_name): New function. * base/openvas_file.h (openvas_export_file_name): New prototype. 2014-11-25 Michael Meyer * nasl/nasl_http.c(_http_req): Updated User-Agent. 2014-11-21 Hani Benhabiles * base/nvticache.c (nvticache_add): Adjust call to nvti_to_keyfile. * base/nvti.h: Remove and adjust functions prototypes. (struct nvti): Remove src element. * base/nvti.c (nvti_free, nvti_from_keyfile): Adjust for src element removal. (nvti_src, nvti_set_src): Delete functions. (nvti_to_keyfile): Add src function argument. Adjust for src element removal. 2014-11-21 Hani Benhabiles * CMakeLists.txt (EXTRA_LIBS, EXTRA_CFLAGS): Delete variables. * libopenvas_base.pc.in, libopenvas_misc.pc.in, libopenvas_nasl.pc.in, libopenvas_omp.pc.in: Don't use removed variables. 2014-11-20 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 8.0+beta5. 2014-11-20 Jan-Oliver Wagner Preparing the openvas-libraries 8.0+beta4 release. * CHANGES: Updated. 2014-11-20 Hani Benhabiles * nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab) (plugin_run_openvas_tcp_scanner), nasl/nasl_builtin_synscan.c (scan), nasl/nasl_scanner_glue.c (nasl_scanner_status): Don't call comm_send_status(). 2014-11-20 Hani Benhabiles * misc/scanner_utils.c (comm_send_status): Remove action argument and don't send it as part of the STATUS otp response. * misc/scanner_utils.h: Adjust function prototype. * nasl/nasl_builtin_opevnas_tcp_scanner.c (banner_grab) (plugin_run_openas_tcp_scanner), nasl/nasl_builtin_synscan.c (scan) nasl/nasl_scanner_glue.c (nasl_scanner_status): Adjust comm_send_status() call. 2014-11-20 Hani Benhabiles * misc/CMakeLists.txt: Link against libgcrypt in none mingw case. 2014-11-19 Jan-Oliver Wagner Save the path to the NVT directory in the cache hash table. This is a considerable memory reduction. * base/nvticache.c (nvticache_get): Don't use the full src path anymore for the hash table. Use just the NVT path name without path to NVT directory. (nvticache_get_by_oid_full): No need to drop the NVT directory path anymore. (nvticache_get_src): Don't return a simple pointer to the full patch anymore. Instead build the full filename and then return a newly allocated object. * base/nvticache.h: Adjust proto accordingly. 2014-11-19 Jan-Oliver Wagner * misc/plugutils.c (plug_create_from_nvti_and_prefs): Finally drop setting the "OID" element and thus save considerable amount of memory. 2014-11-19 Jan-Oliver Wagner Replace more cases of using "OID" from arglists by explicit oid. This requires some extensive changes. * nasl/nasl_misc_funcs.c (simple_register_host_detail): Get the oid from the lexic context instead of via arglist. * misc/plugutils.c (mark_successful_plugin, mark_post, proto_post_wrapped): Add parameter "oid" and use this instead of "OID" from the arglist. (proto_post_alarm, post_alarm, proto_post_log, post_log, proto_post_error, -post_error): Add parameter "oid" and use it for subsequent calls. (get_plugin_preference): Replace arglist parameter by oid. * misc/plugutils.h: Adjust protos accordingly. * nasl/nasl_scanner_glue.c (script_get_preference, script_get_preference_file_content, script_get_preference_file_location): Adjust call of get_plugin_preference. (proto_post_something_t, post_something_t): Adjust to new parameter of post functions. (security_something): Add oid to calls of post functions. * nasl/nasl_builtin_find_service.c: Changed function headers to comply with styleguide. Change any call of post_* to apply oid as first parameter. (oid): New. Global variable that contains the OID of this NVT. (plugin_do_run): Adjust call of get_plugin_preference. (plugin_run_find_service): Set the global oid from the lexic context. Adjust call of get_plugin_preference. * nasl/nasl_builtin_nmap.c (nmap_t): Add element "oid". (nmap_create): Set the oid and adjust call of get_plugin_preference. (build_cmd_line, add_scantype_arguments, add_timing_arguments): Adjust call of get_plugin_preference. 2014-11-19 Hani Benhabiles * base/CMakeLists.txt: Link base library against gpgme. Remove redundant test-hosts link against gpgme. 2014-11-19 Hani Benhabiles * base/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Remove unneeded linking and cleanup code. 2014-11-19 Hani Benhabiles * nasl/CMakeLists.txt, misc/CMakeLists.txt, base/CMakeLists.txt, omp/CMakeLists.txt: Move variables HARDENING_FLAGS, CMAKE_C_FLAGS_DEBUG to CMakeLists.txt * CMakeLists.txt (HARDENING_FLAGS, CMAKE_C_FLAGS_DEBUG): New variables. 2014-11-18 Hani Benhabiles * misc/kb_redis.c (redis_get_single): Force int only for KB_TYPE_INT case, as this function is also called by redis_get_str(). 2014-11-17 Hani Benhabiles * libopenvas_base.pc.in, libopenvas_misc.pc.in, libopenvas_nasl.pc.in, libopenvas_omp.pc.in: New files. * libopenvas.pc.in: Remove file. * CMakeLists.txt: Configure and install new files instead of libopenvas.pc.in. 2014-11-16 Jan-Oliver Wagner * nasl/nasl_func.c (nasl_func_call): Copy over oid as well to new context. 2014-11-16 Jan-Oliver Wagner * nasl/nasl_lex_ctxt.h (lex_ctxt): Add element "oid" to struct. * nasl/nasl_lex_ctxt.c (init_empty_lex_ctxt): Initialize new element "oid" with NULL. * nasl/exec.c (exec_nasl_script): Add new parameter for oid and set the oid to the lexic context. * nasl/nasl.h: Adjust proto accordingly. * nasl/nasl_scanner_glue.c (get_script_oid): Get the OID from the lexic context instead of from the arglist. * nasl/nasl.c (parse_script_infos): Adjust call of exec_nasl_script(). (main): Adjust call of exec_nasl_script() with the oid achieved from the description-run before. * nasl/nasl-lint.c (process_file): Adjust call of exec_nasl_script(). 2014-11-12 Hani Benhabiles * misc/internal_com.h (INTERNAL_COMM_CTRL_STOP): New define. 2014-11-12 Jan-Oliver Wagner * base/nvticache.c (nvticache_get_filename): New. Get the source filename of an OID without the NVT main directory path. * base/nvticache.h: Added proto accordingly. 2014-11-11 Hani Benhabiles * misc/plugutils.c (mark_post), misc/scanners_utils.c (getpts), misc/www_funcs.c (build_encode_URL), nasl/nasl_builtin_find_service.c (plugin_do_run), nasl/nasl_smb.c (nasl_smb_connect), nasl/nasl_wmi.c (nasl_wmi_connect, nasl_wmi_connect_rsop, nasl_wmi_connect_reg): Fix possible memory leak. * nasl/nasl_smb.c (nasl_smb_versioninfo, nasl_smb_close) (nasl_smb_file_SDDL, nasl_smb_file_owner_sid, nasl_smb_file_group_sid) (nasl_smb_file_trustee_rights, nasl_win_cmd_exec), nasl/nasl_wmi.c (nasl_wmi_versioninfo, nasl_wmi_close, nasl_wmi_query) (nasl_wmi_reg_get_sz, nasl_wmi_reg_enum_value, nasl_wmi_reg_enum_key) (nasl_wmi_reg_get_bin_val, nasl_wmi_reg_get_dword_val) (nasl_wmi_reg_get_ex_string_val, nasl_wmi_reg_get_mul_string_val) (nasl_wmi_reg_get_qword_val, nasl_wmi_reg_set_dword_val) (nasl_wmi_reg_set_qword_val, nasl_wmi_reg_set_ex_string_val) (nasl_wmi_reg_set_string_val, nasl_wmi_reg_create_key) (nasl_wmi_reg_delete_key): Remove useless null check. 2014-11-11 Hani Benhabiles * misc/plugutils.c (plug_get_key): Free results list. 2014-11-11 Hani Benhabiles * misc/plugutils.c (plug_get_key): Fix memory leak. * nasl/nasl_ssh.c (get_ssh_port): Get ssh port key in separate variable as it is not const. 2014-11-11 Hani Benhabiles Fix memory leak in plug_get_key() call. * misc/plugutils.c (plug_get_host_fqdn): Remove const specifier from return value. Duplicate returned FQDN value too. (plug_get_key): Duplicate memory in KB_TYPE_INT case too. * misc/plugutils.h: Adjust function prototype. * nasl/nasl_builtin_find_service.c (plugin_do_run), nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab), nasl/nasl_host.c (get_hostname), nasl/nasl_http.c (_http_req), nasl/misc_funcs.c (nasl_open_sock_kdc), nasl/nasl_scanner_glue.c (get_kb_item), nasl/nasl_ssh.c (get_ssh_port): Adjust to free memory returned by plug_get_key() and plug_get_host_fqdn(). 2014-11-11 Benoît Allard * nasl/nasl_builtin_synscan.c, nasl/nasl_raw.h: Define _DEFAULT_SOURCE, _BSD_SOURCE is deprecated from glibc-2.20 on and generates warning. See https://sourceware.org/glibc/wiki/Release/2.20#Packaging_Changes 2014-11-09 Jan-Oliver Wagner Final step of switching to global preference store. * misc/plugutils.c (add_plugin_preference): Drop argument "prefs". Use prefs_set instead of setting a arglist. (plug_create_from_nvti_and_prefs): Drop argument "prefs". Do not add anymore a "preferences" arglist to the plugin arglist. (proto_post_wrapped): Use prefs_get() instead of get_preferences(). (get_preference): Remnoved. (get_plugin_preference): Do not get the preferences from the "desc" and get it directly via preferences_get instead. * misc/plugutils.h: Adjust protos accordingly. * nasl/nasl_builtin_synscan.c (plugin_run_synscan): Use prefs_get instead of preferences_get. * nasl/nasl_http.c (cgibin): Use prefs_get instead of directly accessing the plugin arglist for "preferences". * nasl/nasl_builtin_nmap.c (add_portrange): User prefs_get instead of "preferences" from plugin aglist. * nasl/nasl-lint.c (main): Do not set the "preferences" arglist. * nasl/nasl_ssh.c (get_ssh_port): Use prefs_get instead of getting "preferences" from the arglist. * nasl/nasl_scanner_glue.c (safe_checks): Use prefs_get_bool instead of getting "preferences" from the arglist. (nasl_get_preference, nasl_scanner_get_port): Use prefs_get instead of getting "preferences" from the arglist. * nasl/exec.c (exec_nasl_script): Use prefs_get instead of getting "preferences" from the arglist. * nasl/nasl.c (init): Use prefs_get instead of getting "preferences" from the arglist. 2014-11-07 Hani Benhabiles * nasl/nasl_cmd_exec.c (nasl/nasl_cmd_exec.c (nasl_pread): Dereference tree cell after usage, to fix memory leak. 2014-11-07 Hani Benhabiles * nasl/nasl_func.c (free_func): Free args_names after freeing all the pointers. 2014-11-06 Hani Benhabiles * base/nvticache.h: Export nvticache_free() header. 2014-11-05 Jan-Oliver Wagner * misc/plugutils.c (unscanned_ports_as_closed): Use prefs_get_bool directly and thus simplify code and drop argument "preferences". (kb_get_port_state_proto): Use get_prefs() directly and thus drop argument "prefs". * nasl/nasl_builtin_openvas_tcp_scanner.c (plugin_run_openvas_tcp_scanner): Use prefs_get directly. 2014-11-05 Jan-Oliver Wagner Move preferences handling from scanner to libraries because we need to access it from some modules here directly while at the same time getting rid of storing preferences pointer in the arglists. * misc/prefs.c, misc/prefs.h: New. * misc/CMakeLists.txt: Handle module prefs. * COPYING: Add module prefs. 2014-11-03 Michael Wiegand * nasl/nasl_smb.c (nasl_win_cmd_exec): Allocate extra bytes for all parts of the wincmd argument vector to compensate for convenience byte lost in the switch from emalloc () to g_malloc0 (). Patch provided by Thanga Prakash. 2014-11-03 Michael Wiegand * nasl/nasl_smb.c (nasl_win_cmd_exec): Make sure "cmd" variable is not empty before attempting query. Patch provided by Thanga Prakash. 2014-11-02 Jan-Oliver Wagner * misc/scanners_utils.c (comm_send_status): Don't consider scanner option "ntp_short_status" anymore. This short syntax of "STATUS" command of OTP is not supported anymore. 2014-10-30 Hani Benhabiles * misc/openvas_ssh_login.c (openvas_ssh_public_from_private): Use newer libssh API when available. This allows supporting ecdsa keys when using libssh 0.6.0 or higher. 2014-10-29 Matthew Mundell Skip OMP library log messages when sending passwords. * misc/openvas_server.c (openvas_server_vsendf_internal): New function. Body from openvas_server_vsendf, with quiet arg. (openvas_server_vsendf): Call openvas_server_vsendf_internal. (openvas_server_vsendf_quiet, openvas_server_sendf_quiet) (openvas_server_sendf_xml_quiet): New functions. * misc/openvas_server.h: Add header accordingly. * omp/omp.c (omp_authenticate, omp_authenticate_info_ext) (omp_create_lsc_credential): Use quiet send function when logging. 2014-10-28 Jan-Oliver Wagner * nasl/nasl.c, nasl/nasl.h, nasl/nasl_debug.c, nasl/nasl_debug.h, nasl/openvas_smb_interface.h, nasl/openvas_wmi_interface.h: Made any method without parameter explicitly use "void" to inticate this and help compiler to identify wrong usage. 2014-10-28 Jan-Oliver Wagner * misc/openvas_auth.c, misc/openvas_auth.h, misc/openvas_logging.c, misc/openvas_logging.h, misc/network.c, misc/network.h, misc/openvas_uuid.c, misc/openvas_uuid.h: Made any method without parameter explicitly use "void" to inticate this and help compiler to identify wrong usage. 2014-10-28 Jan-Oliver Wagner * base/nvti.c, base/openvas_networking.c, base/nvti.h, base/openvas_networking.h, base/osp.c, base/nvticache.c, base/osp.h, base/nvticache.h: Made any method without parameter explicitly use "void" to inticate this and help compiler to identify wrong usage. 2014-10-28 Michael Meyer * misc/plugutils.c (plug_set_key): Added newline to output. 2014-10-28 Hani Benhabiles * misc/pcap.c (v6_routethrough): Remove null pointer dereference. * misc/plugutils.c (kb_get_port_state_proto): Set default proto value to fix possible null pointer dereference. 2014-10-27 Hani Benhabiles * misc/arglists.c, misc/bpf_share.c, misc/pcap.c, nasl/charcnv.c: Use log_legacy_write() instead of printf() for printing errors and warnings. 2014-10-27 Hani Benhabiles * base/nvticache.c (nvticache_initialized): New function. * base/nvticache.h: Add new function prototype. * misc/plugutils.c (proto_post_wrapped, get_plugin_preference): Check that nvti cache is initialized. 2014-10-25 Hani Benhabiles * nasl/nasl_text_utils.c (_regreplace, nasl_substr): Adequately add extra byte for null terminator. 2014-10-24 Hani Benhabiles * base/nvticache.c (nvticache_get_src): New function. * base/nvticache.h: Add new function prototype. 2014-10-23 Hani Benhabiles * nasl/nasl_text_utils.c (nasl_rawstring, nasl_insstr, nasl_chomp): Adequately add extra byte for null terminator. 2014-10-22 Hani Benhabiles * nasl/nasl_grammar.y (ipaddr): Use g_strdup_printf() instead of g_malloc0() + snprintf(). * nasl/nasl_tree.c (dup_cell), nasl/nasl_var.c (affect_to_anon_var) (rray2str): Adequately add extra byte for null terminator when allocating memory buffers. 2014-10-22 Hani Benhabiles * nasl/nasl_cert.c (parse_dn_part_for_CN): Set p pointer properly. Fixes scanner segfault introduced by r20560. 2014-10-21 Henri Doreau * misc/network.c (internal_recv): Reworked the way memory is managed. The function now always allocates memory (how much is needed) and lets the caller responsible for releasing it with g_free eventually. * misc/plugutils.c (plug_get_key): Free the internal_recv buffer after use. 2014-10-21 Henri Doreau * misc/plugutils.c (_add_plugin_preference): Replaced g_malloc0() + snprintf() by g_strdup_printf(). * nasl/exec.c (cell2str): Replaced g_malloc0() + snprintf() by g_strdup_printf(). 2014-10-21 Henri Doreau * nasl/nasl_builtin_find_service.c (fwd_data): Don't pre-allocate a buffer for internal_recv() and systematically free it after use. 2014-10-20 Hani Benhabiles * nasl/exec.c (nasl_exec): Add extra byte when allocating memory for CONST_DATA and CONST_STRING cases, used for null terminator. 2014-10-17 Michael Wiegand The required minimum version for the GnuTLS library has actually been 2.12 for a while now. Adjust documentation and checks accordingly. * INSTALL: Update prerequisites. * CMakeLists: Adjust minimum version in gnutls check. 2014-10-14 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 8.0+beta4. 2014-10-14 Michael Wiegand Preparing the openvas-libraries 8.0+beta3 release. * CHANGES: Updated. 2014-10-13 Jan-Oliver Wagner * base/hash_table_file.c: Moved here from misc/. * base/hash_table_file.h: Moved here from misc/. * misc/hash_table_file.c: Moved to base/. * misc/hash_table_file.h: Moved to base/. * base/CMakeLists.txt: Added handling of module hash_table_file. * misc/CMakeLists.txt: Removed handling of module hash_table_file. * COPYING: Adapted directory accordingly. 2014-10-13 Jan-Oliver Wagner Various fixes for issues identified via clang analysis. * misc/plugutils.c (plug_get_key): Removed dead assignment. * nasl/iconv.c (smb_iconv_open_ntlmssp): Removed dead assignment of variable "from" and "to". * nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab): Moved assignment into DEBUG code. * misc/network.c (read_stream_connection_unbuffered): Removed dead assigment of "now". * misc/www_funcs.c (build_encode_URL): Removed dead assignment of n_slash. * misc/ids_send.c (ids_send): Removed useless bzero of variable su. su is a NULL pointer here. 2014-10-13 Jan-Oliver Wagner * nasl/nasl_packet_forgery_v6.c (forge_icmp_v6_packet): Replaced realloc() by g_realloc() and free() by g_free(). * nasl/nasl_cert.c (parse_dn_for_CN, build_hostname_list): Replaced free() by g_free(). 2014-10-13 Jan-Oliver Wagner * nasl/nasl_wmi.c (nasl_wmi_connect, nasl_wmi_connect_rsop, nasl_wmi_connect_reg): Replaced emalloc() by g_malloc0(). * nasl/nasl_smb.c (nasl_win_cmd_exec): Replaced emalloc() by g_malloc0(). * nasl/nasl_packet_forgery.c (forge_ip_packet, set_ip_elements, insert_ip_options, forge_tcp_packet, get_tcp_element, set_tcp_elements, forge_udp_packet, get_udp_element, set_udp_elements, forge_icmp_packet, forge_igmp_packet, nasl_pcap_next, nasl_send_capture): Replaced emalloc() by g_malloc0(). * nasl/nasl_packet_forgery_v6.c (forge_ipv6_packet, set_ipv6_elements, insert_ipv6_options, forge_tcp_v6_packet, get_tcp_v6_element, set_tcp_v6_elements, forge_udp_v6_packet, get_udp_v6_element, set_udp_v6_elements, forge_icmp_v6_packet, forge_igmp_v6_packet): Replaced emalloc() by g_malloc0(). * nasl/nasl_grammar.y (ipaddr, init_nasl_ctx, mylex): Replaced emalloc() by g_malloc0(). * misc/CMakeLists.txt: Removed handlung of system.c and system.h. * misc/system.c, misc/system.h: Removed. * COPYING: Removed module "system". And removed doubled entry for strutils. 2014-10-12 Jan-Oliver Wagner * doc/wmi-howto.txt: Updated for an updated patch that does not use emalloc anymore but rather g_malloc0. 2014-10-12 Jan-Oliver Wagner * misc/system.c (efree): Removed as all uses are eliminated now. * misc/system.h: Removed proto accordingly. * nasl/nasl_grammar.y (inc, nasl_clean_ctx): Replaced efree() by g_free(). * nasl/nasl_packet_forgery.c (forge_tcp_packet, set_tcp_elements, forge_udp_packet, set_udp_elements, nasl_send_packet, nasl_send_capture): Replaced efree() by g_free(). * nasl/nasl_packet_forgery_v6.c (forge_tcp_v6_packet, set_tcp_v6_elements, forge_udp_v6_packet, set_udp_v6_elements, forge_icmp_v6_packet, nasl_send_v6packet): Replaced efree() by g_free(). 2014-10-11 Jan-Oliver Wagner * misc/system.c (erealloc): Removed as all uses are eliminated now. * misc/system.h: Removed proto accordingly. * nasl/nasl_grammar.y (mylex): Replaced erealloc() by g_realloc(). Don't check for NULL anymore as this makes no sense anymore. 2014-10-11 Jan-Oliver Wagner * misc/system.c (estrdup): Removed as all uses are eliminated now. * misc/system.h: Removed proto accordingly. * nasl/nasl_wmi.c (nasl_wmi_connect, nasl_wmi_connect_rsop, nasl_wmi_connect_reg): Replaced estrdup() by g_strdup(). * nasl/nasl_smb.c (nasl_smb_connect, nasl_win_cmd_exec): Replaced estrdup() by g_strdup(). * nasl/nasl_grammar.y (mylex): Replaced estrdup() by g_strdup(). * nasl/nasl_packet_forgery_v6.c (get_ipv6_element): Replaced estrdup() by g_strdup(). 2014-10-11 Jan-Oliver Wagner * nasl/nasl_socket.c (nasl_recv, nasl_recv_line): Replaced emalloc() by g_malloc0() and efree() by g_free(). (nasl_join_multicast_group): Replaced erealloc() by g_realloc() and removed subsequent and now useless test for NULL. (nasl_get_sock_info): Replaced estrdup() by g_strdup() and emalloc() by g_malloc0(). * nasl/capture_packet.c (init_capture_device, init_v6_capture_device): Replaced estrdup() by g_strdup(), emalloc() by gmalloc0() and efree() by g_free(). (capture_next_packet): Replaced emalloc() by gmalloc0(). (capture_next_v6_packet): Replaced emalloc() by g_malloc0(). 2014-10-10 Hani Benhabiles * base/nvti.c, base/nvti.h (nvtis_new, nvtis_free, nvtis_add) (nvtis_lookup, free_nvti_for_hash_table): Restore functions as they are still used in Manager. * base/nvticache.c (nvticache_init): Fix hash table initialization to free memory correctly. 2014-10-10 Hani Benhabiles Decrease the in-memory nvti cache size, reducing the memory consumption of all scanner processes by ~6m. * base/nvticache.c (nvticache_init, nvticache_free): Call glib hash table helpers directly. (nvticache_get): Insert the nvti's src as hash table value instead of the whole nvti struct. Return the nvti directly to the caller, who should free it accordingly. (nvticache_get_by_oid_full): Adjust for the nvti src value being stored directly in the hash table. (nvticache_get_src_by_oid): Remove unused function. * base/nvticache.h: Adjust and remove functions prototypes. * base/nvti.c (free_nvti_for_hash_table, nvtis_new, nvtis_free) (nvtis_add, nvtis_remove, nvtis_lookup, nvti_shrink): Remove unused functions. * base/nvti.h: Remove deleted functions prototypes and nvtis_t typedef. 2014-10-09 Jan-Oliver Wagner * nasl/nasl_func.c (insert_nasl_func): Replaced emalloc() by g_malloc0() and estrdup() by g_strdup(). (nasl_func_call): Replaced emalloc() by g_malloc0() and efree() by g_free(). (free_func): Replaced efree() by gfree() and free() by g_free(). * nasl/nasl_misc_funcs.c (nasl_make_list, nasl_make_array, nasl_keys, nasl_func_named_args, nasl_gettimeofday, nasl_localtime, nasl_dec2str): Replaced emalloc() by g_malloc0(). * nasl/nasl_cert.c (build_hostname_list, make_hexstring, get_name): Replaced emalloc() by g_malloc0(). (get_name, nasl_cert_query): Replaced emalloc() by g_malloc0() and estrdup() by g_strdup(). 2014-10-09 Jan-Oliver Wagner * nasl/nasl_isotime.c (nasl_isotime_now, nasl_isotime_scan, nasl_isotime_print, nasl_isotime_add): Replaced estrdup() by g_strdup(). 2014-10-09 Hani Benhabiles * misc/network.c (internal_recv): Don't preallocate buffer memory. This fixes a possible memory leak that led to growing scanner process size over time. 2014-10-09 Hani Benhabiles * nasl/nasl.h: Remove NASL_EXEC_DONT_CLEANUP. Adjust values. * nasl/exec.c (exec_nasl_script): Don't check for NASL_EXEC_DONT_CLEANUP. 2014-10-09 Jan-Oliver Wagner * omp/xml.c (free_entity): Replace free() by g_free(). * nasl/nasl_tree.c (alloc_RE_cell): Replaced free() by g_free(). * nasl/exec.c (nasl_exec): Replaced free() by g_free(). 2014-10-09 Jan-Oliver Wagner * base/openvas_compress.c: Added inlude for glib and removed inlude of own include file. (openvas_compress, openvas_uncompress): Replace calloc() by g_malloc0() and drop now useless test for NULL. Replaced free() by g_free(). * base/openvas_compress.h: Removed useless includes. 2014-10-09 Jan-Oliver Wagner * nasl/exec.c (cell2str): Replace malloc() by g_malloc0() and drop now useless test for NULL. * nasl/nasl_tree.c (alloc_tree_cell): Replace malloc() by g_malloc0() and drop now useless test for NULL. * nasl/nasl_cert.c (parse_dn_part_for_CN): Replace malloc() by g_malloc0() and drop now useless test for NULL. * base/openvas_networking.c (openvas_source_addr_str, openvas_source_addr6_str): Replace malloc() by g_malloc0() and drop now useless test for NULL. 2014-10-08 Henri Doreau * base/settings.c (settings_init_from_file): Fixed memory leak. 2014-10-08 Henri Doreau * base/nvti.c (nvti_to_keyfile): Fixed memory leak. 2014-10-08 Hani Benhabiles * base/nvticache.c (nvticache_init, nvticache_free, nvticache_get) (nvticache_add, nvticache_get_by_oid_full, nvticache_get_src_by_oid): Add asserts and fix code style. 2014-10-08 Hani Benhabiles * base/nvti.c (nvti_clone): Remove unused function. * base/nvticache.c (nvticache_get_by_oid): Rename to nvticache_get_by_oid_full(). Fix code style. * base/nvticache.h, base/nvti.h: Adjust functions prototypes. * misc/plugutils.c (proto_post_wrapped, get_plugin_preference): Call nvticache_get_by_oid_full(). 2014-10-07 Hani Benhabiles Simplify nvti cache API by moving the cache variable handling to nvticache.c file instead of by the API caller. * base/nvticache.c (nvticache): New variable for nvti cache. (nvticache_new): Rename to nvticache_new(), set the nvticache variable and return void. (nvticache_free, nvticache_get, nvticache_add, nvticache_get_by_oid) (nvticache_get_src_by_oid): Use nvticache variable, remove cache function argument. * base/nvticache.h: Adjust functions prototypes. * misc/plugutils.c (proto_post_wrapped, get_plugin_preference): Adjust nvticache_get_by_oid() calls. 2014-10-07 Hani Benhabiles * base/nvti.c (nvti_pref): Constify return value. (nvti_to_keyfile, nvti_clone): Adjsut nvti_pref() calls. * base/nvti.h, base/nvticache.h, misc/plugutils.h: Adjust functions prototypes. * base/nvticache.c (nvticache_get): Constify return value. Remove extraneous nvti cloning. * misc/plugutils.c (plug_create_from_nvti_and_prefs): Constify function argument and variable. 2014-10-06 Jan-Oliver Wagner * nasl/nasl_builtin_synscan.c (add_packet): Replaced emalloc() by g_malloc0(). (rm_packet, rm_dead_packets, scan): Replaced efree() by g_free(). * nasl/nasl_builtin_find_service.c (mark_smtp_server, mark_snpp_server, mark_ftp_server): Replaced emalloc() by g_malloc0() and efree() by g_free(). (mark_pop_server): Replaced estrdup() by g_strdup() and efree() by g_free(). (plugin_do_run): Replaved efree() by g_free(), estrdup() by g_strdup() and emalloc() by g_malloc0(). (fwd_data): Replaced efree() by g_free(). (plugin_run_find_service): Replaced emalloc() by g_malloc0(). 2014-10-06 Jan-Oliver Wagner * nasl/exec.c, nasl/lint.c, nasl/nasl_cmd_exec.c, nasl/nasl_crypto.c, nasl/nasl_http.c, nasl/nasl_misc_funcs.c, nasl/nasl_packet_forgery.c, nasl/nasl_packet_forgery_v6.c, nasl/nasl_scanner_glue.c, nasl/nasl_socket.c: Removed unneeded include of strutil.h. 2014-10-06 Jan-Oliver Wagner * nasl/strutils.c: Removed unneeded includes. * nasl/strutils.h: Remove unneeded include. * nasl/nasl_builtin_openvas_tcp_scanner.c: Removed unneeded include. * nasl/nasl_text_utils.c: Made include of regex.h no look local. 2014-10-06 Timo Pollmeier Make the manager response buffer a local variable of try_read_entity_and_string to avoid overwriting by concurrent threads. * omp/xml.c (buffer_start, buffer_point, buffer_end): Remove. (try_read_entity_and_string): Add buffer_start and buffer_end as local variables. 2014-10-06 Jan-Oliver Wagner * nasl/smb_crypt.c (NTLMv2_generate_client_data_ntlmssp): Replaced emalloc() by g_malloc0(). * nasl/smb_crypt.h: Do not inlude system.h anymore. * nasl/nasl_crypto.c (nasl_get_sign): Replaced emalloc() by g_malloc0() and dropped superflous zero'ing of mem. (nasl_ntlmv2_response, nasl_ntlm2_response, nasl_ntlm_response, nasl_keyexchg, nasl_ntlmv1_hash, nasl_insert_hexzeros: Replaced emalloc() by g_malloc0(). (nasl_ntv2_owf_gen, nasl_ntlmv2_hash): Replaced emalloc() by g_malloc0() and efree by g_free(). * nasl/ntlmssp.c (ntlmssp_genauth_keyexchg): Replaced emalloc() by g_malloc0(). * nasl/nasl_crypto2.c (set_mpi_retc, nasl_bn_cmp, nasl_bn_random, nasl_pem_to, nasl_dh_generate_key, nasl_dh_compute_key, nasl_rsa_public_decrypt, nasl_rsa_sign, nasl_dsa_do_verify): Replaced emalloc() by g_malloc0(). Increased allocated size to 1 if it was 0. (strip_pkcs1_padding, nasl_dsa_do_signnasl_bf_cbc): Replaced emalloc() by g_malloc0() and efree() by g_free. 2014-10-06 Jan-Oliver Wagner * nasl/nasl_host.c (get_hostname, get_host_ip, nasl_this_host, get_port_transport): Replaced estrdup() by g_strdup(). (nasl_this_host_name): Replaced emalloc() by g_malloc0(). (nasl_same_host): Replavced estrdup() by g_strdup(), emalloc() by g_malloc0() and efree() by g_free(). * nasl/nasl_cmd_exec.c (nasl_pread): Replaced emalloc() by g_malloc0(), estrdup() by G_strdup and efree() by g_free(). Dropped check for successful alloc because process would terminate if this fails. (nasl_fread): Replaced emalloc() by g_malloc0() and erealloc() by g_realloc(). Dropped check for successful alloc because process would terminate if this fails. (nasl_file_read): Replaced emalloc() by g_malloc0(). Dropped check for successful alloc because process would terminate if this fails. 2014-10-05 Jan-Oliver Wagner * nasl/nasl_host.c (nasl_same_host): Fixed memleak. 2014-10-04 Jan-Oliver Wagner * nasl/nasl_http.c (_http_req): Replaced emalloc() by g_malloc0() and efree() by g_free(). (cgibin): Replaced estrdup() by g_strdup(). * nasl/nasl_ssh.c (init_membuf): Replaced emalloc() by g_malloc0(). (put_membuf): Replaced erealloc() by g_realloc(). Simplified code because a failing memory alloction will terminate process anyway. (get_membuf, pkcs8_to_sshprivatekey, nasl_ssh_request_exec): Replaced efree() by g_free(). (nasl_ssh_get_issue_banner, nasl_ssh_get_server_banner): Replaced estrdup() g_strdup(). * nasl/nasl_signature.c (nasl_verify_signature): Replaced emalloc() by g_malloc0() and efree() by g_free(). * nasl/nasl_scanner_glue.c (script_get_preference): Replaced estrdup() by g_strdup(). (script_get_preference_file_location, get_kb_list): Replaced emalloc() by g_malloc0(). (get_kb_item): Replaced estrdup() by gstrdup(). (security_something): Replaced efree() g_free(). * nasl/nasl_lex_ctxt.c (init_empty_lex_ctxt): Replaced emalloc() by g_malloc0(). (free_lex_ctxt): Replced efree() by g_free(). 2014-10-04 Jan-Oliver Wagner * nasl/nasl_text_utils.c (nasl_string, nasl_strcat): Replaced emalloc() by g_malloc0() and increased allocated size by 1. Replaced erealloc() by g_realloc(). (nasl_rawstring): Replaced emalloc() by g_malloc0(). (nasl_hex): Replaced estrdup() by g_strdup(). (nasl_hexstr): Replaced emalloc() by g_malloc0(). (nasl_ereg): Replaced estrdup() by g_strdup() and efree() by g_free(). (_regreplace): Replaced emalloc() by g_malloc0() and efree() by g_free(). (nasl_egrep): Replaced estrdup() by g_strdup(), efree() by g_free() and emalloc() by g_malloc0(). (nasl_eregmatch): Replaced emalloc() by g_malloc0(). (nasl_substr, nasl_insstr, nasl_split, nasl_chomp, nasl_crap): Replaced emalloc() by g_malloc0(). (nasl_str_replace): Replaced emalloc() by g_malloc0() and erelloc() by g_realloc(). 2014-10-03 Hani Benhabiles * nasl/nasl_debug.c (nasl_perror): Remove duplicate if/else branches. 2014-10-02 Hani Benhabiles * nasl/nasl_var.c (copy_anon_var, affect_to_anon_var) (nasl_read_var_ref): Add extra byte when allocating memory for variables of type VAR2_STRING and VAR2_DATA. Fixes segfaults on rare situations. 2014-10-02 Hani Benhabiles * base/pwpolicy.c (parse_pattern_line): Clarify comparison expression. * misc/ids_send.c, misc/network.c, misc/pcap.c, misc/popen.c, nasl/exec.c, nasl/nasl.c, nasl/nasl_builtin_find_service.c, nasl/nasl_packet_forgery.c, nasl/nasl_packet_forgery_v6.c: Remove useless macro definitions checks as these variables are always present. * nasl/nasl_init.c (init_nasl_library): Remove useless variable assignment. * misc/network.c (socket_get_ssl_session_id): Set session size correctly. 2014-10-01 Hani Benhabiles * base/pwpolicy.c (parse_pattern_line), misc/pcap.c (getipv4routes), nasl/md4.c (mdfour64_ntlmssp), nasl/nasl_builtin_find_service.c (fwd_data), nasl/nasl_init.c (init_nasl_library), nasl/nasl_packet_forgery.c (nasl_tcp_ping), nasl/nasl_packet_forgery_v6.c (nasl_tcp_v6_ping), nasl/nasl_socket (nasl_get_sock_info): Remove useless variable assignments. 2014-09-29 Jan-Oliver Wagner * nasl/nasl_tree.c (alloc_RE_cell): Replaced emalloc() by g_malloc0() and efree() by g_free(). (dup_cell): Replaced emalloc() by g_malloc0(). (free_tree): Replaced free() by g_free(). 2014-09-29 Jan-Oliver Wagner Consolidate the two almost identical functions free_array() and clear_array() into a single free_array(). * nasl/nasl_var.c (free_array): Set counter max_idx to 0 after deleting the content just like clear_array() did it. It doesn't hurt in case of free'ing the object. (clear_array): Removed because free_array() is doing the very same thing now. (clear_anon_var, copy_array): Call free_array() instead of clear_array(). 2014-09-28 Jan-Oliver Wagner * nasl/nasl_var.c (free_array, clear_anon_var): Removed useless return. 2014-09-28 Jan-Oliver Wagner * nasl/nasl_var.c (nasl_get_var_by_num, get_var_ref_by_num): Replaced erealloc() by g_realloc() and emalloc() by g_malloc0(). (get_var_by_name, get_var_ref_by_name, get_array_elem, dup_named_var, nasl_affect): Replaced emalloc() by g_malloc0() and estrdup() by g_strdup(). (get_variable_by_name, create_named_var, nasl_read_var_ref, make_array_from_elems, copy_anon_var, dup_anon_var, copy_array, copy_ref_array, affect_to_anon_var): Replaced emalloc() by g_malloc0(). (free_array, free_var_chain, free_anon_var, clear_array, clear_anon_var): Replaced efree() by g_free(). (add_numbered_var_to_ctxt, nasl_incr_variable, array2str, add_var_to_list): Replaced erealloc() by g_realloc(). (add_var_to_array): Replaced erealloc() by g_realloc(), emalloc() by g_malloc0() and estrdup() by g_strdup(). 2014-09-26 Jan-Oliver Wagner Replace the libc memory functions by the g_* functions to consolidate the memory management. * misc/openvas_server.c (openvas_server_vsendf): Replace free() by g_free(). * misc/ldap_connect_auth.c (ldap_auth_bind): Replaced strdup() by g_strdup(). * misc/openvas_ssh_login.c (openvas_ssh_public_from_private): Replace free() by g_free(). * misc/openvas_uuid.c (openvas_uuid_make): Replace malloc() by g_malloc0(). * misc/plugutils.c (plug_get_key): Replaced strdup() by g_strdup(). * misc/network.c (stream_set_buffer): Replace malloc() by g_malloc0() and realloc() by g_realloc(). * misc/scanners_utils.c (getpts): Replace realloc() by g_realloc(). 2014-09-24 Jan-Oliver Wagner * nasl/exec.c (cell2str_and_size): Removed. It was deactivated by ifdef and marked deprecated since a very long time. 2014-09-24 Jan-Oliver Wagner Replace more old internal calls for memory management by respective glib functions. * nasl/exec.c (cell2str, cell2str_and_size): Replaced estrdup() by g_strdup(). (cell_cmp): Replaced efree() by g_free(). (nasl_exec): Replaced emalloc() by g_malloc0(), estrdup() and g_strdup() and efree() by g_free(). (exec_nasl_script): Replaced estrdup() by g_strdup() and efree() by g_free(). 2014-09-24 Hani Benhabiles * nasl/nasl_text_utils.c (nasl_display): Flush stdout after printing the message. 2014-09-24 Hani Benhabiles * misc/plugutils.c (sig_alarm): Remove function. (plug_get_key): Don't exit plugin process after 120 seconds as some plugins may run longer and have a higher timeout value. 2014-09-23 Hani Benhabiles * base/osp.c (osp_param_str_to_type, osp_param_type_str): Handle new osp boolean param type. * base/osp.h (osp_param_type_t): Add new param type OSP_PARAM_TYPE_BOOLEAN. 2014-09-22 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 8.0+beta3. 2014-09-22 Michael Wiegand Preparing the openvas-libraries 8.0+beta2 release. * CHANGES: Updated. 2014-09-22 Michael Wiegand Make libhiredis requirements more precise with information taken from the INSTALL file of openvas-scanner. * INSTALL: Add required minimum version to libhiredis entry, taken from openvas-scanner/INSTALL. * CMakeLists.txt: Add required minimum version to pkg-config check of libhiredis. 2014-09-21 Jan-Oliver Wagner Replace more old internal calls for memory management by respective glib functions. * misc/ids_send.c (tcp_cksum, injectv6): Replaced emalloc() by g_malloc0() and efree() by g_free(). (inject): Replaced efree() by g_free(). (ids_send, ids_open_sock_tcp): Replaced estdup() by g_strdup() and efree() by g_free(). * misc/hash_table_file.c (hash_table_from_gkeyfile): Replaced estrdup() by g_strdup(). * misc/network.c (release_connection_fd, openvas_deregister_connection): Replaced efree() by g_free(). (open_stream_connection_ext): Replaced efree() by g_free() and estrdup() by gstrdup(). (add_close_stream_connection_hook): Replaced emalloc() by g_malloc0(). (stream_set_buffer): Replaced efree() by g_free(). (internal_recv): Replaced erealloc() by g_realloc() and efree() by g_free(). * misc/popen.c: Removed unneeded include of system.h. * misc/www_funcs.c (build_encode_URL): Replaced emalloc() by g_malloc0(), efree() by g_free() and estrdup() by g_strdup(). * misc/scanners_utils.c (getpts): Replaced estrdup() by g_strdup(), efree() by g_free() and emalloc() by g_malloc0(). 2014-09-21 Jan-Oliver Wagner Replace old internal calls for memory management by respective glib functions. * misc/arglists.c (cache_add_name): Replaced emalloc() by g_malloc0() and estrdup() by g_strdup(). (cache_dec): Replaced efree() by g_free(). (arg_add_value): Replaced emalloc() by g_malloc0(). (arg_dup): Replaced estrdup() by g_strdup() and emalloc() by g_malloc0(). (arg_free, arg_free_all): Replace efree() by g_free(). * misc/plugutils.c (_add_plugin_preference): Replaced estdup() by g_strdup(), efree() by g_free() and emalloc() by g_malloc0(). (plug_create_from_nvti_and_prefs): Replaced emalloc() by g_malloc0(). (mark_post): Replace estrdup() by g_strdup(). (proto_post_wrapped): Replaced emalloc() by g_malloc0() and efree() by g_free(). (get_plugin_preference): Replaced estrdup() by g_strdup() and efree() by g_free(). * misc/pcap.c (v6_get_mac_addr): Replace estrdup() by g_strdup(), efree() by g_free() and emalloc() by g_malloc0(). * misc/kb_redis.c: Drop unneeded include of system_internal.h. * misc/system_internal.h: Removed as it is not used anymore. * COPYING: Removed entry about system_internal.h. 2014-09-12 Jan-Oliver Wagner This step prepares to consolidate the memory management to use system methods rather than trying to manage memory on our own. Two misconcepts now need to be carefully removed from all over the code (by replacing the e* functions with the g_* functions): The overallocation of 1 byte (Scanner shows defects if not adding it in the allocation routine) and the setting of pointers to NULL after free'ing. * misc/system.c (emalloc): Replaced internal allocation strategy by simply calling g_malloc0. (efree): Call g_free() instead of free() to match allocation method. (erealloc): Replaced internal allocation strategy by simply calling g_realloc(). 2014-09-11 Matthew Mundell * misc/system.c (erealloc): Use z in format specifier for size_t, else compiler complains. 2014-09-10 Hani Benhabiles * misc/openvas_logging.c (openvas_log_lock_init, openvas_log_lock) (openvas_log_unlock): New functions. (openvas_log_func): Use locking functions when outputting messages. Fixes possible crashes when used by multiple threads simultaneously. 2014-09-09 Hani Benhabiles * misc/plugutils.c, misc/popen.c, misc/system.c, misc/www_funcs.c, nasl/iconv.c, nasl/nasl_builtin_find_service.c, nasl/nasl_builtin_nmap.c, nasl/nasl_builtin_openvas_tcp_scanner.c, nasl/nasl_builtin_synscan.c, nasl/nasl_cert.c, nasl/nasl_crypto2.c, nasl/nasl_debug.c, nasl/nasl_grammar.y: Use log_legacy_write() instead of fprintf to stderr fd. 2014-09-09 Hani Benhabiles * base/nvti.c, misc/arglists.c, misc/ids_send.c, misc/system.c, nasl/nasl_host.c, nasl/nasl_smb.c, nasl/nasl_socket.c, nasl/nasl_ssh.c, nasl/nasl_wmi.c: Use log_legacy_write() instead of fprintf to stderr fd. 2014-09-09 Hani Benhabiles * nasl/exec.c (cell_cmp, exec_nasl_script): Use adequate logging function instead of fprintf() to stderr which might be closed. 2014-09-08 Hani Benhabiles * base/osp.c (osp_param_t): Add element for default value. (osp_get_scanner_params): Get parameter default value too. (osp_param_default): New function. (osp_param_free): Free default value. * base/osp.h: Add new function prototype. 2014-09-08 Hani Benhabiles * nasl/exec.c (exec_nasl_script): Print script path too, on parse failure. 2014-09-05 Michael Wiegand * nasl/nasl_builtin_find_service.c: Add proper copyright and license notice header. 2014-09-03 Hani Benhabiles * base/osp.c (osp_param_type_str): New function. (osp_param_str_to_type): Check for integer instead of int. * base/osp.h: Add new function prototype. 2014-09-03 Hani Benhabiles * base/osp.c (struct osp_param): New struct. (osp_param_str_to_type, osp_get_scanner_params, osp_param_new) (osp_param_free, osp_param_id, osp_param_desc, osp_param_name) (osp_param_type): New functions. * base/osp.h: Add function prototypes and struct typedef. (osp_param_type_t): New enum. 2014-09-03 Michael Wiegand * doc/CMakeLists.txt: Use appropriate text for second paragraph of the license notice. 2014-09-03 Michael Wiegand Make license of CMakeLists.txt files consistent. * doc/CMakeLists.txt: Change license from LGPLv2+ to GPLv2+. * misc/CMakeLists.txt: Change license from GPLv2 to GPLv2+. 2014-09-02 Hani Benhabiles * nasl/nasl_lex_ctxt.h (struct_lex_ctxt): Add line_nb element. * nasl/nasl_debug (nasl_perror): Print the error's line number after the script name. * nasl/exec.c (nasl_exec): Set the lexical context's line number. 2014-09-01 Michael Wiegand * CMakeLists.txt: Re-add parts removed in r20187 as a fallback for finding the hiredis library. Upstream does not (yet) support pkg-config, so pkg-config files may or may not exist depending on the distribution. 2014-09-01 Michael Wiegand * CMakeLists.txt, openvas_cmake_macros, nasl/tests/test_script_signing.sh, omp/CMakeLists.txt: Ensure the GPLv2+ license notice uses the paragraph suggested by the Free Software Foundation. 2014-09-01 Michael Wiegand * nasl/CMakeLists.txt, nasl/nasl_builtin_nmap.c, nasl/nasl_builtin_plugins.h, nasl/nasl_cert.c, nasl/nasl_cert.h, nasl/nasl_isotime.c, nasl/nasl_isotime.h, nasl/nasl_signature.c, nasl/nasl_signature.h, nasl/nasl_smb.c, nasl/nasl_smb.h, nasl/nasl_ssh.c, nasl/nasl_ssh.h, nasl/nasl_wmi.c, nasl/nasl_wmi.h, nasl/ntlmssp.c, nasl/ntlmssp.h, nasl/openvas_smb_interface.h, nasl/openvas_wmi_interface.h, nasl/proto.h, nasl/smb_interface_stub.c, nasl/wmi_interface_stub.c, nasl/tests/Makefile, nasl/tests/signed.nasl, nasl/tests/test_blowfish.nasl, nasl/tests/test_bn.nasl, nasl/tests/test_dh.nasl, nasl/tests/test_dsa.nasl, nasl/tests/test_hexstr.nasl, nasl/tests/test_isotime.nasl, nasl/tests/test_md.nasl, nasl/tests/test_privkey.nasl, nasl/tests/test_rsa.nasl, nasl/tests/test_socket.nasl, nasl/tests/testsuiteinit.nasl, nasl/tests/testsuitesummary.nasl: Ensure the GPLv2+ license notice uses the paragraph suggested by the Free Software Foundation. 2014-09-01 Michael Wiegand * misc/hash_table_file.c, misc/hash_table_file.h, misc/kb.h, misc/kb_redis.c, misc/ldap_connect_auth.c, misc/ldap_connect_auth.h, misc/openvas_proctitle.c, misc/openvas_proctitle.h, misc/openvas_ssh_login.c, misc/openvas_ssh_login.h, misc/support.h: Ensure the GPLv2+ license notice uses the paragraph suggested by the Free Software Foundation. 2014-09-01 Michael Wiegand * base/array.c, base/array.h, base/CMakeLists.txt, base/credentials.c, base/credentials.h, base/cvss.c, base/cvss.h, base/drop_privileges.c, base/drop_privileges.h, base/gpgme_util.c, base/gpgme_util.h, base/nvti.c, base/nvticache.c, base/nvticache.h, base/nvti.h, base/openvas_compress.c, base/openvas_compress.h, base/openvas_file.c, base/openvas_file.h, base/openvas_hosts.c, base/openvas_hosts.h, base/openvas_networking.c, base/openvas_networking.h, base/openvas_string.c, base/openvas_string.h, base/osp.c, base/osp.h, base/pidfile.c, base/pidfile.h, base/pwpolicy.c, base/pwpolicy.h, base/settings.c, base/settings.h, base/test-hosts.c: Ensure the GPLv2+ license notice uses the paragraph suggested by the Free Software Foundation. 2014-08-31 Jan-Oliver Wagner * nasl/nasl_text_utils.c (nasl_rawstring): Removed dead initialization. * nasl/nasl_packet_forgery_v6.c (set_udp_v6_elements): Removed dead initialization and therefore a memory leak. (nasl_tcp_v6_ping): Removed dead assignment. * nasl/nasl_packet_forgery.c (set_udp_elements): Removed dead initialization and therefore a memory leak. (nasl_tcp_ping): Removed dead assignment. * misc/openvas_auth.c (openvas_auth_write_config): Removed dead initialization and therefore a memory leak. * nasl/nasl_builtin_synscan.c (packetdead): Removed dead assignment and dropped unnecessary "else". * nasl/nasl_text_utils.c (nasl_rawstring): Removed dead assignment. * nasl/nasl_func.c (nasl_func_call): Removed dead assignment. * misc/scanner_utils.c (getpts): Removed dead assignments. * misc/network.c (auth_send): Removed dead assignment. 2014-08-31 Jan-Oliver Wagner * nasl/nasl_packet_forgery_v6.c (forge_icmp_v6_packet): Added missing free'ing of memory. 2014-08-31 Jan-Oliver Wagner * misc/network.c (stream_set_buffer): Add missing assignment. 2014-08-31 Jan-Oliver Wagner * nasl/nasl_crypto2.c: Removed unneeded include's and unneeded macro MAP_FAILED. 2014-08-29 Hani Benhabiles * misc/openvas_server.c (cert_file, key_file): Rename variables to cert_pub_mem and cert_priv_mem. (key, crt): Move static variables within client_cert_callback(). (set_cert_file, set_key_file, get_key_file, get_cert_file): Rename set_cert_pub_mem, set_cert_priv_mem, get_cert_pub_mem, get_cert_priv_mem respectively. (client_cert_callback): Use certs variables as memory pointers instead of file paths. (openvas_server_open_with_cert): Use openvas_server_new_mem(). Rename function arguments for clarity. (openvas_server_new_mem): Constify function arguments. * misc/openvas_server.h: Adjust function argument. * base/osp.c (osp_connection_new): Update function comments to specify that certs functions arguments are used as memory pointers instead of file paths. 2014-08-29 Michael Wiegand * omp/omp.c, omp/omp.h, omp/xml.c, omp/xml.h: Ensure the GPLv2+ license notice uses the paragraph suggested by the Free Software Foundation. 2014-08-28 Hani Benhabiles * base/openvas_string.c (openvas_string_flatten_string_list) (openvas_string_list_free): Remove unused functions. * base/openvas_string.h: Remove functions prototypes. 2014-08-27 Jan-Oliver Wagner Encapsulate name_cache into arglist modules as it is not used anywhere else anymore. misc/arglist.h: Removed protos for cache_inc and cache_dec. (struct name_cache): Removed. misc/arglist.c: Added struct name_cache here. (cache_inc, cache_dec): Made static. 2014-08-27 Jan-Oliver Wagner * misc/arglist.c (str2arglist): Removed. It is meanwhile not used anymore anywhere. * misc/arglist.h: Removed proto accordingly. 2014-08-27 Michael Wiegand * CMakeLists.txt: Use pkg-config to find the hiredis library and to retrieve the appropriate flags. 2014-08-26 Michael Wiegand * omp/xml.c (try_read_entity_and_string, parse_entity) (compare_find_attribute, compare_entities): Make log levels more precise; change g_message to either g_warning or g_debug based on severity. 2014-08-21 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 8.0+beta2. 2014-08-21 Jan-Oliver Wagner Preparing the openvas-libraries 8.0+beta1 release. * CHANGES: Updated. * INSTALL: Added libhiredis and moved libssh to the right place. 2014-08-15 Hani Benhabiles * misc/openvas_ssh_login.c (openvas_ssh_public_from_private): Fix segfault when an erroneous private key is used. 2014-08-13 Hani Benhabiles * omp/omp.c, omp/omp.h (omp_pause_task, omp_resume_paused_task): Delete functions. 2014-08-11 Hani Benhabiles * base/osp.c (osp_start_scan): Insert scan options in scanner_params xml element. 2014-08-07 Jan-Oliver Wagner * doc/example.target.locators: Removed. This example is not needed anymore as the target locator support was removed. 2014-08-07 Jan-Oliver Wagner * misc/ldap_connect_auth.c (ldap_auth_bind_query, ldap_auth_query): Removed unused functions. * misc/ldap_connect_auth.h: Removed protos accordingly. 2014-08-06 Jan-Oliver Wagner Remove the target locator support. * misc/resource_request.c, misc/resource_request.h: Removed. * misc/CMakeLists.txt: Removed handling of module resource_request. * COPYING: Removed module resource_request. 2014-08-06 Henri Doreau * misc/openvas_server.h (openvas_server_send): Removed unused function. 2014-08-06 Henri Doreau * omp/omp.c (omp_ping, omp_authenticate, omp_authenticate_info_ext) (omp_create_task, omp_modify_task_file, omp_create_lsc_credential) (omp_create_lsc_credential_key: Replaced last openvas_server_send statements by openvas_server_sendf or openvas_server_sendf_xml equivalents. 2014-08-01 Henri Doreau openvas_server_send API enhancement and cleanup. Added variadic versions of the existing functions to reduce the complexity of the calling code. * misc/openvas_server.h (openvas_server_send): Turned into a static inline wrapper for openvas_server_sendf, to be removed eventually. (openvas_server_vsendf): New. * misc/openvas_server.c (openvas_server_send); Renamed openvas_server_vsendf. Use variable arguments. (openvas_server_sendf): Call openvas_server_vsendf. (openvas_server_sendf_xml): Call openvas_server_vsendf. * base/osp.c (osp_send_command): Set the proper attributes to the function prototype to enable compile-time format string checks. Reorder arguments to make it able to handle formatted commands. Transmit the va_list accordingly to the underlying function. (osp_get_scanner_version, osp_delete_scan, osp_get_scan) (osp_start_scan): Updated calls to osp_send_command accordingly. Removed unneeded string formatting. Removed a non ISO C pattern. * omp/omp.c (omp_create_task_ext): Use openvas_server_sendf to pass in formatted commands instead of formatting them in the calling code. 2014-08-01 Matthew Mundell * omp/openvas_auth.c (ldap_connect_user_exists): Only define when LDAP is enabled. 2014-07-31 Matthew Mundell * omp/openvas_auth.c (add_authenticator): Use custom function for user_exists, because openvas_user_exists_classic looks only for users of type "file". (ldap_connect_user_exists): New function. 2014-07-30 Hani Benhabiles * base/osp.c (osp_delete_scan): New function. (osp_start_scan): Update documentation. * base/osp.h: Add and adjust prototypes. 2014-07-25 Hani Benhabiles * base/openvas_file.c (openvas_file_as_base64): Use error variable adequately. 2014-07-18 Hani Benhabiles * misc/openvas_server.c (openvas_server_new_mem): Output error strings from gnutls instead of hardcoded ones. 2014-07-17 Hani Benhabiles * misc/openvas_server.c (server_new_gnutls_init, server_new_gnutls_set): New functions. (server_new_internal): Call new functions. Refactor code accordingly. (openvas_server_new_mem): New function. (set_gnutls_dhparams): Fix memory leak. * misc/openvas_server.h: Add new function prototype. 2014-07-17 Michael Meyer * nasl/nasl_http.c (_http_req): Added Cache-Control Header. 2014-07-16 Hani Benhabiles * misc/openvas_server.c (openvas_server_connect): Remove interrupted case handling. * misc/openvas_server.h: Adjust function prototype. 2014-07-16 Hani Benhabiles * misc/openvas_server.c (openvas_server_open_with_cert) (openvas_server_connect): Call openvas_server_verify() at the end of the function. 2014-07-15 Matthew Mundell * omp/omp.c (omp_get_tasks_ext): Add filter option. Remove actions. * omp/omp.h (omp_get_tasks_opts_t): Add "filter" option. (omp_get_tasks_opts_defaults): Init filter. 2014-07-14 Hani Benhabiles * base/nvti.c (nvtis_remove): New function. * base/nvti.h: Add new function prototype. * base/nvticache.c (nvticache_get): Replace the old nvt entry when a duplicate OID is found and output a log message accordingly. 2014-07-14 Hani Benhabiles * base/nvti.c (nvti_shrink): Fix possible use-after free and double-free errors by nullifying the pointers after freeing the allocated memory. 2014-07-14 Hani Benhabiles * nasl/nasl_socket.c (nasl_close_socket): Adjust check for file descriptor value. Update documentation to explain rationale. 2014-07-09 Jan-Oliver Wagner * misc/network.c (open_SSL_connection, ovas_scanner_context_new): Don't call openvas_SSL_init anymore because it is already initialized by main process and does not need initialization again. (openvas_SSL_init): Drop the prevention to not execute gnutls_global_init twice because this function is called once only anyway. 2014-07-09 Jan-Oliver Wagner * misc/network.c (log_message_gnutls): New callback function for DEBUG_SSL. (openvas_SSL_init): Added gnutls debugging for DEBUG_SSL. 2014-07-07 Hani Benhabiles * misc/network.c: Use OVAS_CONNECTION_FROM_FD() macro instead of accessing the connections array directly. 2014-07-01 Hani Benhabiles * misc/arglists.h (struct arglist): Reorder struct elements to reduce space wasted on struct memory alignment. Reduces structure size from 48 to 40 on x64. 2014-06-26 Jan-Oliver Wagner * base/cvss.c (toenum): Also accept "AU" as "Au". 2014-06-24 Jan-Oliver Wagner More elegant setting of constant _HAVE_LIBSSH. * nasl/nasl_init.c (init_nasl_library): Removed explicit adding of _HAVE_LIBSSH. (libivars): Added _HAVE_LIBSSH to this list. 2014-06-24 Jan-Oliver Wagner * nasl/nasl_init.c (init_nasl_library): Re-add setting the NASL variable _HAVE_LIBSSH in order to keep compatiblity until OpenVAS-7 expires. Also fix typo about function name. 2014-06-20 Matthew Mundell * misc/plugutils.c (proto_post_wrapped): Remove the g_strescape of the result text because it will be converted to UTF-8. And do the UTF-8 conversion here, because it was moved out of nsend in r18531 (because nsend is also used to send internal messages). 2014-06-17 Hani Benhabiles * nasl/nasl (main): Add -B to specify running the script in description mode first, before running in normal mode if no error was found. When unset, use the old behaviour of running only once. * doc/openvas-nasl.1: Update documentation. 2014-06-16 Hani Benhabiles * misc/plugutils.c (plug_set_key): Add back kb debug information when global_nasl_debug is set. 2014-06-12 Hani Benhabiles * nasl/nasl.c (parse_script_infos): Code style update. Don't try to add nvt OID value if it is not present. 2014-06-12 Hani Benhabiles * nasl/nasl.c (parse_script_infos): Use script_infos when parsing the plugin description instead of creating a new arglist. 2014-06-11 Matthew Mundell Remove or disable remains of OMP rcfile support. * omp/omp.c (omp_create_task_rc): Remove. (omp_get_tasks, omp_get_tasks_ext): Remove rcfile option from OMP. (omp_modify_task_file): Remove rc from variable name for clarity. (omp_get_targets): Add missing arg. * omp/omp.h: Update headers accordingly. 2014-06-06 Hani Benhabiles * misc/kb_redis.c (redis_flush_all): Issue FLUSHALL instead of FLUSHDB. 2014-06-05 Henri Doreau * misc/kb.h (kb_flush): Operate on currently selected operation set. * misc/kb_redis.c (redis_flush_all): Issue FLUSHALL on an initialized kb context. 2014-06-05 Hani Benhabiles * misc/kb.h (kb_operations): Add kb_flush element. (kb_flush): New function. * misc/kb_redis.c (redis_flush_all): New function. (KBRedisOperations): Set kb_flush element to redis_flush_all. 2014-06-05 Hani Benhabiles * nasl/nasl_packet_forgery.c, nasl/nasl_packet_forgery_v6.c, nasl/nasl_init.c, nasl/nasl_packet_forgery.h, nasl/nasl_packet_forgery_v6.h: Revert 19582. Some of the functions might be used in the future. 2014-06-04 Hani Benhabiles * nasl/nasl_packet_forgery.c (insert_ip_options, dump_ip_packet) (set_tcp_elements, dump_tcp_packet, set_udp_elements, dump_udp_packet): Remove never used functions. * nsal/nasl_packet_forgery_v6.c (get_ipv6_element, set_ipv6_elements) (dump_ipv6_packet, insert_ipv6_options, forge_tcp_v6_packet) (get_tcp_v6_element, dump_tcp_v6_packet, set_tcp_v6_elements) (dump_tcp_v6_packet, get_icmp_v6_element, dump_udp_v6_packet) (set_udp_v6_elements, forge_igmp_v6_packet): Remove never used functions. * nasl/nasl_init.c (libfuncs): Remove never used functions. * nasl/nasl_packet_forgery.h, nasl/nasl_packet_forgery_v6.h: Delete removed functions prototypes. 2014-05-27 Hani Benhabiles Fix errors found when building with Clang 3.4 * misc/network.c (socket_get_ssl_version): Change return type to int as function returns -1 in errors. (read_stream_connection_unbuffered, write_stream_connection4): Check if enum value is equal to zero instead of -1. * misc/network.h: Update function prototype. * misc/openvas_auth.c (auth_method_name): Remove useless negative value checking for enum value. * misc/openvas_server.c (load_gnutls_file): Adjust filelen variable type as ftell() returns -1 on error. * nasl/nasl_builtin_find_service.c (mark_swat_server, mark_vqserver) (mark_mldonkey, mark_http_server, mark_locked_adsubtract_server) (mark_http_proxy, mark_linuxconf): Adjust buffer argument to be unsigned to match style of other functions. (mark_ssh_server, mark_wild_shell): Remove unused function argument. (plugin_do_run): Do not provide too many arguments to function calls. * nasl/nasl_crypto2.c (mpi_from_string): Don't check unsigned value for negativeness. * nasl/nasl_isotime.c (days_per_month): Style update. Abort instead of g_error(). * nasl/nasl_packet_forgery.c (set_udp_elements): Cast parameter in function call. * nasl/nasl_socket.c (nasl_socket_get_ssl_version): Adjust variable type. * nasl/nasl_wmi.c (nasl_wmi_close): Remove superfluous semicolon leading to always return 1. 2014-06-02 Jan-Oliver Wagner Cleanups that can be done because libssh is now mandatory. * nasl/nasl_init.c (libfuncs): Don't protect funcs anymore with HAVE_LIBSSH. (init_nasl_library): Remove adding variables to NASL to disable LIBSSH via environment variable OPENVAS_DISABLE_LIBSSH. * nasl/CMakeLists.txt, nasl/nasl.c, nasl/nasl_ssh.c, nasl/nasl_ssh.h, misc/CMakeLists.txt, misc/openvas_ssh_login.c: Don't handle "HAVE_LIBSSH" anymore. * nasl/nasl_cert.c: Fix wrong comment. * doc/Doxyfile.in, doc/Doxyfile_full.in: Drop HAVE_LIBSSH. * INSTALL: Note libssh as mandatory, not as recommended. 2014-05-27 Hani Benhabiles * nasl/nasl.c (parse_script_infos): New function. (main): Make first parse of the executed nvt's description in order to get information such as the OID. 2014-05-22 Hani Benhabiles * base/osp.c (osp_get_scan): New function. (osp_get_scanner_version): Fix memory leak. Code style update. * base/osp.h: Add new function's prototype. 2014-05-21 Henri Doreau * misc/kb.h (KB_PATH_DEFAULT): Define default KB location there. * nasl/nasl.c (KB_PATH_DEFAULT): Remove definition. 2014-05-21 Jan-Oliver Wagner * CMakeLists.txt: Make libssh mandatory. This allows to drop ssh code from NVTs once OpenVAS-7 is retired. 2014-05-19 Michael Wiegand * doc/openvas-nasl.1: Remove reference to long dead OpenVAS-Client. Fix reference to man page of OpenVAS Scanner. 2014-05-16 Hani Benhabiles * base/osp.c (osp_get_scanner_version): Adjust for null version argument value. (osp_start_scan, option_concat_as_xml): New function. * base/openvas_file.c (openvas_file_as_base64): New function. * base/openvas_file.h, base/osp.h: Add new functions prototypes. 2014-05-14 Hani Benhabiles Fix build with LibSSH >= 0.6.0. Reported by Daniel Malament. Suggested by Simon Desee. * nasl/nasl_ssh.h: Include libssh/legacy.h after libssh/libssh.h * nasl/nasl_ssh.c (nasl_ssh_get_banner): Constify banner variable. Remove ssh_string_free_char() call. 2014-05-07 Hani Benhabiles * misc/openvas_auth.c (openvas_auth_init): Remove unused function. * nasl/nasl_socket.c (nasl_open_sock_tcp_bufsz, nasl_recv) (nasl_join_multicast_group, nasl_get_sock_info): Reduce variables scopes. (nasl_socket_get_error): Remove macro checks for defined variables. * omp/omp.c (omp_authenticate_info): Remove unused function. * misc/openvas_auth.h, omp/omp.h: Delete removed functions prototypes. 2014-05-06 Hani Benhabiles * omp/omp.c (omp_create_lsc_credential_key): Remove public_key function argument. * omp/omp.h: Adjust function prototype. 2014-05-06 Timo Pollmeier Add omp_authenticate_info_ext function, which uses a struct for passing parameters, including a new parameter for password policy warnings. * omp/omp.c (omp_authenticate_info): Change into a wrapper for new omp_authenticate_info_ext. (omp_authenticate_info_ext): New function. Uses most functionality from previous omp_authenticate_info version and has an added output option for password policy warnings. * omp/omp.h (omp_authenticate_info_opts_t): New typedef. Options for omp_authenticate_info_ext. (omp_authenticate_info_ext): New function prototype. 2014-05-06 Hani Benhabiles * misc/openvas_ssh_login.c (openvas_ssh_public_from_private): New function. (read_from_keyfile): Fix check for empty string. * misc/openvas_ssh_login.h: Add new function prototype. * misc/CMakeLists.txt: Link against libssh when found. * omp/omp.c (omp_create_lsc_credential_key): Fix string formatting when public_key argument is null. 2014-05-02 Hani Benhabiles * misc/openvas_ssh_login.c (KEY_SSHLOGIN_PUBKEY_FILE): Remove definition. (openvas_ssh_login_new): Remove pubkey_file argument. Adjust accordingly. (openvas_ssh_login_free): Adjust for public_key_path element removal. (read_from_keyfile): Adjust function call. Don't read pubkey_file key file entry. * misc/openvas_ssh_login.h: Adjust function prototype. (openvas_ssh_login): Remove public_key_path element. 2014-05-01 Jan-Oliver Wagner * COPYING: Updated according to recent changes and fixed wrong license info for module misc/resource_request. 2014-05-01 Henri Doreau * misc/kb_redis.c (fetch_max_db_index): Indentation fix. 2014-04-28 Hani Benhabiles * base/osp.c, base/osp.h: New files. * base/CMakeLists.txt, nasl/CMakeLists.txt: Add new files to build process, and adjust linking accordingly. 2014-04-25 Hani Benhabiles * misc/network.c (socket_get_ssl_ciphersuite): Refix sign issue. API in GnuTLS 2.x takes a char * while it takes an unsigned char * in GnuTLS 3.x. Cast to void pointer to be compatible with both. 2014-04-24 Henri Doreau * misc/network.c (socket_get_ssl_compression): Added preprocessor checks to ensure GNUTLS_COMP_LZO is available. * misc/network.c (socket_get_ssl_ciphersuite): Fix signedess issue. 2014-04-24 Henri Doreau * misc/plugutils.c: Removed a useless OPENVASNT definition check. 2014-04-24 Henri Doreau * nasl/nasl_builtin_nmap.c (nmap_run_and_parse): Indentation fix. 2014-04-24 Hani Benhabiles * base/openvas_hosts.c, base/openvas_hosts.h (determine_host_type): Rename to openvas_get_host_type. Export function. 2014-04-23 Henri Doreau * misc/arglist.h (ARG_STRUCT): Removed arglist type which is never assigned anywhere. * misc/arglist.c (arg_add_value, arg_set_value, arg_dup, arg_free_all): removed unused ARG_STRUCT handling cases. 2014-04-23 Henri Doreau * misc/internal_com.h (INTERNAL_COMM_MSG_TYPE_KB, INTERNAL_COMM_KB_*): removed unused macros. 2014-04-23 Henri Doreau * misc/plugutils.c (addslashes/rmslashes): Removed unused functions. * misc/plugutils.c: Updated headers accordingly. 2014-04-23 Henri Doreau Expose a new KB interface to the rest of the application. Implement a redis-based backend. KBs are now global and shared between all processes of a same task. Concurrent tasks transparently share a same redis server using multiple namespaces. The new KB interface has been slightly modified to reflect the change and allow alternative backends in the least intrusive way. * misc/kb.c: Removed. * misc/kb.h: Rewritten to expose new interface. * misc/kb_redis.c: New. Redis-backend. * misc/CMakeLists.txt: Link against hiredis (redis client library). * CMakeLists.txt: Look for hiredis (redis client library). * misc/plugutils.c (plug_get_fresh_key, plug_set_replace_key): Removed obsolete functions. (plug_set_key, plug_replace_key, plug_get_key, plug_get_host_open_port): Updated to use the new KB interface. * misc/plugutils.h (plug_get_fresh_key): Removed prototype. * nasl/nasl.c (DEFAULT_KB_LOCATION): new. (init, main): Use the new KB interface. * nasl/nasl_builtin_nmap.c (get_script_list, get_script_args): Updated to use the new KB interface and structures. * nasl/nasl_scanner_glue.c (get_kb_list, get_kb_fresh_item): Updated to use the new KB interface and structures. 2014-04-23 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set version to 8.0.0 and status to beta. 2014-04-23 Jan-Oliver Wagner * CHANGES: Fix some revision references. 2014-04-23 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 7.0.2. 2014-04-23 Jan-Oliver Wagner Preparing the openvas-libraries 7.0.1 release. * CHANGES: Updated. 2014-04-21 Hani Benhabiles * misc/plugutils.c (get_plugin_preference_fname): Check content size error properly. 2014-04-18 Hani Benhabiles Add socket_get_ssl_ciphsersuite() nasl API. * misc/network.c, misc/network.h (socket_get_ssl_ciphersuite): New function. * nasl/nasl_init.c (libfuncs): Export socket_get_ssl_ciphersuite. * nasl/nasl_socket.c, nasl/nasl_socket.h (nasl_socket_get_ssl_ciphersuite): New function 2014-04-18 Hani Benhabiles Add socket_get_ssl_session_id(), socket_get_ssl_version() and socket_get_ssl_compression nasl APIs. * misc/network.c (socket_get_ssl_version, socket_get_ssl_session_id) (socket_get_ssl_compression): New functions. (socket_get_cert): Fix function documentation. * misc/network.h: Add new functions prototypes. * nasl/nasl_init.c (libfuncs): Export new functions. * nasl/nasl_socket.c (nasl_socket_get_ssl_session_id) (nasl_socket_get_ssl_compression, nasl_socket_get_ssl_version): New functions. * nasl/nasl_socket.h: Add new functions prototypes. 2014-04-16 Henri Doreau * misc/network.c (auth_printf): Replaced a brutal 1MB stack allocation by a variable-length heap one. 2014-04-16 Hani Benhabiles * CMakeLists.txt, base/CMakeLists.txt: Move check and linking with libldap and liblber to new base libraries module as it is only needed there. 2014-04-16 Matthew Mundell * misc/openvas_auth.c (AUTH_CONF_FILE): Add openvasmd to path. 2014-04-16 Benoît Allard * CMakeLists.txt: Don't install openvas-lsc-rpm-creator.sh, it doesn't exists anymore here. 2014-04-16 Benoît Allard * tools/openvas-lsc-rpm-creator.sh: Move to openvas-manager. This is spawn by the manager and nothing in libraries references it. 2014-04-15 Jan-Oliver Wagner * misc/openvas_auth.c (openvas_auth_init_funcs, openvas_auth_write_config): To ensure consistency, use the makro AUTH_CONF_FILE that was defined for this purpose. 2014-04-15 Hani Benhabiles * CMakeLists.txt: Remove check for zlib. Remove gio from GLIB ldflags. * base/CMakeLists.txt: Check for and link against zlib and gio. 2014-04-15 Jan-Oliver Wagner * doc/example.auth.conf: Fixed typo in key name. 2014-04-14 Hani Benhabiles * nasl/nasl_ssh.c (nasl_ssh_get_server_banner): Enable function if libssh 0.6.0 or higher is available. * nasl/nasl_ssh.h: Add libssh include. 2014-04-14 Hani Benhabiles * misc/network.c (socket_get_cert): Fix cert_list_len value check as it is never negative. 2014-04-11 Jan-Oliver Wagner * doc/example.auth.conf: Removed "ldap" because this is not supported anymore. Fixed some notes as now Manager is caring for this file and it has a new location. 2014-04-09 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 7.0.1. 2014-04-09 Jan-Oliver Wagner Preparing the openvas-libraries 7.0.0 release. * CHANGES: Updated. * CMakeLists.txt: Set version to 7.0.0. 2014-04-09 Hani Benhabiles * nasl/exec.c (exec_nasl_script): Print parse error line on all types of parsing errors. * nasl/nasl_grammar.y: Remove dead code. 2014-04-09 Hani Benhabiles * base/openvas_string.h, base/openvas_string.c (openvas_strv_contains_str): Remove unused function. 2014-04-08 Hani Benhabiles Remove LDAP authentication. Refactor LDAP-CONNECT authentication. * misc/CMakeLists.txt: Remove ldap_auth.c from build process. * misc/ldap_auth.c, misc/ldap_auth.h: Remove file. * COPYING: Remove ldap_auth module entry. * misc/ldap_connect_auth.c: Remove deleted header include. (KEY_LDAP_HOST, KEY_LDAP_DN_AUTH, KEY_LDAP_ROLE_ATTRIBUTE) (KEY_LDAP_ROLE_USER_VALUES, KEY_LDAP_ROLE_ADMIN_VALUES) (KEY_LDAP_ROLE_OBSERVER_VALUES, KEY_LDAP_RULE_ATTRIBUTE) (KEY_LDAP_RULETYPE_ATTRIBUTE): Add defines from removed file. (ldap_auth_info_from_key_file, ldap_auth_info_free, ldap_auth_info_new) (ldap_auth_info_auth_dn, ldap_auth_bind, ldap_auth_bind_query) (ldap_auth_dn_is_good, ldap_auth_query): New functions, moved from removed file. * misc/ldap_connect_auth.h: Add new functions prototypes. Update style. (struct ldap_auth_info): New struct, moved from removed file. * misc/openvas_auth.c: Remove unneeded include. Update documentation. (authentication_methods): Remove ldap method. (add_authenticator): Remove AUTHENTICATION_METHOD_LDAP case handling. (openvas_auth_write_config): Remove ldap method handling. * misc/openvas_auth.h (authentication_method): Remove AUTHENTICATION_METHOD_LDAP enum value. * misc/resource_request.c: Adjust include. 2014-04-08 Hani Benhabiles Remove ADS authentication. * misc/ads_auth.c, misc/ads_auth.h: Delete files. * misc/openvas_auth.c: Remove deleted header include. Update documentation. (add_authenticator): Don't handle AUTHENTICATION_METHOD_ADS case. (openvas_auth_write_config): Don't handle "method:ads" key file. (authentication_methods): Remove "ads" value. * misc/openvas_auth.h (authentication_method): Remove AUTHENTICATION_METHOD_ADS enum value. * misc/resource_request.c: Remove deleted header include. (SOURCE_TYPE_ADS): Remove define. (resource_request_resource): Don't handle "ads" case. * COPYING: Remove ads_auth license entry. * doc/example.auth.conf, doc/example.target.locators: Update documentation. * misc/CMakeLists.txt: Remove deleted file from build. 2014-04-07 Hani Benhabiles * misc/bpf_share.c, misc/bpf_share.h (bpf_server): Remove unused function. 2014-04-07 Hani Benhabiles * misc/network.c (socket_get_cert): Check that used socket is TLS encapsulated. 2014-04-07 Hani Benhabiles * misc/network.c (open_stream_connection_unknown_encaps5): Remove function. (open_stream_auto_encaps_ext): Make tried encapsulations explicit. Fix code style. * misc/network.h: Remove function prototype. * nasl/nasl_builtin_find_service.c (plugin_do_run): Adjust for removed function. Improve code style. 2014-04-05 Jan-Oliver Wagner * README: Rephrased a bit and mention the virtual machine. * INSTALL: Updated Debian installation hint to version 7. 2014-04-04 Hani Benhabiles * misc/network.c (get_connection_fd): Check connection availability with pid element as transport value of 0 is ENCAPS_AUTO and might be valid. (release_connection_fd): Reset pid element value. (open_stream_connection_unknown_encaps5): Use OPENVAS_ENCAPS_TLScustom to automatically negotiate TLS version. Update log messages. (open_stream_connection_unknown_encaps): Remove function. (open_stream_auto_encaps_ext): Improve code style. * misc/network.h: Remove function prototype. * nasl/nasl_host.c (get_port_transport): Update documentation. * nasl/nasl_socket.c (nasl_open_sock_tcp_bufsz): Improve code style. 2014-04-04 Hani Benhabiles Add NASL socket_get_cert() API. * misc/network.c (ovas_get_tlssession_from_connection): Return gnutls_session_t as it is a pointer already. (socket_negotiate_ssl): Use OVAS_CONNECTION_FROM_FD() to get connection pointer. Update documentation. (socket_get_cert): New function. * misc/network.h: Add socket_get_cert prototype. Adjust ovas_get_tlssession_from_connection one. * nasl/nasl_init.c (libfuncs): Rename socket_ssl_negotiate to socket_negotiate_ssl. Add socket_get_cert. * nasl/nasl_socket.c (nasl_socket_ssl_negotiate): Rename to nasl_socket_negotiate_ssl. (nasl_socket_get_cert): New function. * nasl/nasl_socket.h: Add and adjust functions prototypes. 2014-04-03 Hani Benhabiles Add nasl socket_ssl_negotiate() API for SSL negotiation support for already open sockets. * misc/network.c (open_SSL_connection): Remove timeout argument. Use value already present on openvas_connection struct. (socket_negotiate_ssl): New function. (open_stream_connection_ext): Adjust open_SSL_connection() call. * misc/network.h: Add socket_negotiate_ssl() prototype. * nasl/nasl_init.c (libfuncs): Add socket_ssl_negotiate() nasl function. * nasl/nasl_socket.c (nasl_socket_ssl_negotiate): New function. * nasl/nasl_socket.h: Add nasl_socket_ssl_negotiate() prototype. 2014-04-02 Hani Benhabiles * misc/network.c (load_cert_and_key): Handle load_gnutls_file return value accordingly. 2014-04-02 Hani Benhabiles * nasl/nasl_cert.c (get_oid_name): Return NULL instead of "Unknown". (nasl_cert_query): Use digest's oid as name of algorithm if get_oid_name returned null. 2014-04-01 Hani Benhabiles * nasl/nasl_cert.c (get_oid_name): New function. (nasl_cert_query): Add "algorithm-name" command type. 2014-03-31 Hani Benhabiles Remove force_pubkey_auth preference as certificates are always verified. * misc/network.c (ovas_scanner_context_new): Remove force_pubkey_auth parameter. Update comments. (ovas_scanner_context_attach): Always use GNUTLS_CERT_REQUIRE. Update comments. * misc/network.h: Adjust function prototype. 2014-03-28 Benoît Allard Post release version bump. * CMakeLists.txt: 7.0+beta10 2014-03-28 Benoît Allard Prepare next release. * CHANGES: Updated 2014-03-28 Hani Benhabiles First step for PFS support. * misc/openvas_server.c (load_gnutls_file): Return code for success or failure. Close file adequately. (client_cert_callback): Adjust load_gnutls_file() calls. (set_gnutls_dhparams): New function. * misc/openvas_server.h: Add new function prototype. * misc/network.c (ovas_scanner_context_new): Add function argument to set the Diffie-Hellman parameters. * misc/network.h: Adjust function prototype. 2014-03-27 Jan-Oliver Wagner * base/nvti.c (nvti_free, nvti_shrink, nvti_from_keyfile, nvti_to_keyfile, nvti_clone): Removed handling of sign_key_ids. (nvti_sign_key_ids, nvti_set_sign_key_ids): Removed. * base/nvti.h: Removed protos accordingly. (struct nvti): Removd element sign_key_ids. 2014-03-26 Benoît Allard Post release version bump. * CMakeLists.txt: 7.0+beta9 2014-03-26 Benoît Allard Preparing the openvas-libraries 7.0+beta8 release. * CHANGES: Updated 2014-03-26 Hani Benhabiles Add TLSv1.1 and TLSv1.2 support. * misc/plugutils.h: Remove OPENVAS_ENCAPS_* defines. Move IS_ENCAPS_SSL to misc/network.h. * misc/network.h (openvas_encaps_t): New enum. Add OPENVAS_ENCAPS_TLSv11, OPENVAS_ENCAPS_TLSv12 and OPENVAS_ENCAPS_MAX. Adjust functions prototypes. * misc/network.c (openvas_connection): Change transport element type to openvas_encaps_t. (openvas_register_connection, set_gnutls_protocol) (ovas_scanner_context_new): Change encaps argument from int to openvas_encaps_t. (open_stream_connection_ext, open_stream_connection_unknown_encaps5) (open_stream_auto_encaps_ext, read_stream_connection_unbuffered, write_stream_connection4, get_encaps_name, get_encaps_through): Support OPENVAS_ENCAPS_TLSv11 and OPENVAS_ENCAPS_TLSv12 cases. * nasl/nasl_init.c (libvars): Expose ENCAPS_TLSv11, ENCAPS_TLSv12 and ENCAPS_MAX variables to nasl interpreter. * nasl/nasl_socket.c (nasl_open_privileged_socket): Register connection using OPENVAS_ENCAPS_TLScustom to support different tls versions instead of fixed version with OPENVAS_ENCAPS_TLSv1. 2014-03-25 Hani Benhabiles * misc/network.c (set_gnutls_protocol): Simplify hardcoded priority strings to enable cipher suites as supported by the used version of gnutls library. 2014-03-25 Hani Benhabiles * nasl/nasl_socket.c (nasl_open_sock_tcp_bufsz): Allow using default priority string in OPENVAS_ENCAPS_TLScustom transport case. Update code style. 2014-03-24 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_with_max): Return on invalid string. (openvas_hosts_removed): Update documentation. * base/openvas_hosts.h (struct openvas_hosts): Update documentation. 2014-03-24 Hani Benhabiles * base/nvti.c, base/nvti.h (nvti_add_sign_key_id): Remove unused function. * nasl/nasl_signature.c, nasl/nasl_signature.h (nasl_extract_signature_fprs): Remove unused function. 2014-03-21 Hani Benhabiles * misc/network.c (struct ovas_scanner_context_s): Add element for gnutls priority string. (ovas_scanner_context_new): Add function parameter for priority string. Adjust allocation. (ovas_scanner_context_attach): Remove priority parameter. Use the value from the context instead. (ovas_scanner_context_free): Adjust to free priority element. * misc/network.h: Adjust function prototypes. 2014-03-20 Hani Benhabiles Add ability to specify a gnutls priority for a scanner context. * misc/network.c (ovas_scanner_context_attach) (openvas_register_connection): Add priority parameter Set the openvas connection's transport value according to the specified encaps value. Adjust set_gnutls_protocol call. (read_stream_connection_unbuffered, write_stream_connection4) (get_encaps_through): Handle OPENVAS_ENCAPS_TLScustom case. (pid_notice): Remove function. (set_gnutls_protocol, open_SSL_connection, open_socket): Delete calls to removed function. * misc/network.h: Adjust ovas_scanner_context_attach prototype. * nasl/nasl_socket.c (nasl_open_privileged_socket): Adjust openvas_register_connection. 2014-03-15 Jan-Oliver Wagner * misc/otp.h: Removed. * misc/CMakeLists.txt, COPYING: Removed otp.h accordingly. 2014-03-13 Hani Benhabiles Remove unused misc/rand and base/certificate. Replace nasl_memmem and nasl_strndup. * COPYING: Remove misc/rand.[c|h] and base/certificate.[c|h} license. * base/CMakeLists.txt: base/certificate.[c|h] from build process. * misc/CMakeLists.txt: Remove misc/rand.[c|h] from build process. * misc/rand.c, misc/rand.h, base/certificate.c, base/certificate.h: Remove files. * misc/plugutils.c: Remove rand.h include. * nasl/exec.c (cell2str, cell2str_and_size), nasl/nasl_crypto.c (nasl_gcrypt_hash, nasl_lm_owf_gen), nasl/nasl_misc_funcs.c (nasl_telnet_init), nasl/nasl_packet_forgery.c (get_icmp_element), nasl/nasl_packet_forgery_v6.c (get_icmp_element), nasl/nasl_scanner_glue.c (security_something), nasl/nasl_socket.c (nasl_recv, nasl_recv_line), nasl/nasl_text_utils.c (nasl_tolower) (nasl_toupper, nasl_strstr): Replace nasl_strndup() call with g_memdup. This function's name is misleading as it uses bcopy instead of behaving like strndup and g_strndup. * nasl/exec.c (nasl_exec), nasl/nasl_text_utils.c (nasl_split) (nasl_strstr, nasl_stridx, nasl_str_replace): Replace nasl_memmem which is a "slower memmem implementation" with memmem. * nasl/strutils.c (nasl_memmem, nasl_strndup), nasl/nasl_signature.c (nasl_get_pubkey, nasl_get_all_certificates): Delete unused functions. * nasl/strutils.h, nasl/nasl_signature.h: Remove function prototypes. 2014-03-12 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 7.0+beta8. 2014-03-12 Michael Wiegand Preparing the openvas-libraries 7.0+beta7 release. * CHANGES: Updated. 2014-03-11 Hani Benhabiles * misc/network.h: Remove useless include and define. * misc/otp.h (OTP_LOADING): New define. 2014-03-06 Hani Benhabiles * src/openvas_proctitle.c, src/openvas_proctitle.h: New files. * misc/proctitle.c, misc/proctitle.h: Remove files. * COPYING: Remove misc/proctitle.c and header license entry. Add license entry misc/openvas_proctitle.c and its header. * misc/CMakeLists.txt: Build and include new openvas_proctitle files instead of removed implementation. 2014-03-05 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 7.0+beta7. 2014-03-05 Michael Wiegand Preparing the openvas-libraries 7.0+beta6 release. * CHANGES: Updated. * CMakeLists.txt: Explicitly prevent bison generated files from being considered for the source tarball. 2014-03-05 Hani Benhabiles * omp/omp.c, omp/omp.h (omp_modify_task_file, omp_delete_task) (omp_delete_report): Revert removal as still being used. 2014-03-05 Hani Benhabiles * misc/openvas_server.h: Include gnutls/x509.h instead of gnutls/abstract.h as it is sufficient for prior client certificates changes and is present in older gnutls releases. 2014-03-04 Henri Doreau * misc/plugutils.c (plug_get_key): Minor style fix. 2014-03-04 Hani Benhabiles * base/certificate.c (certificate_create_full, certificate_trusted) (certificates_size, certificates_find), base/nvti.c (nvti_cvss_base_vector, nvti_cvss, nvti_as_text) (nvti_as_openvas_nvt_cache_entry, nvtis_size), base/openvas_compress.c (openvas_compress_string), base/openvas_file.c (openvas_file_read_b64_encode), base/openvas_networking.c (openvas_source_iface_str), base/openvas_string.c (openvas_isalnumstr) (openvas_isbase64, openvas_string_list_to_xml), base/settings.c (settings_init, settings_set, settings_save, init_settings_iterator) omp/omp.c (omp_authenticate_env, omp_create_task_rc_file, (omp_start_task, omp_abort_task, omp_resume_stopped_task) (get_omp_response_503, omp_get_nvt_all, omp_get_nvt_feed_checksum) (omp_get_dependencies_503, omp_wait_for_task_start) (omp_wait_for_task_end, omp_wait_for_task_stop, omp_wait_for_task_delete) (omp_delete_task, omp_get_status, omp_get_tasks, omp_get_report) (omp_get_report_format, omp_delete_report, omp_get_results) (omp_modify_task, omp_modify_task_file, omp_get_preferences) (omp_get_preferences_503, omp_get_certificates, omp_until_up) (omp_create_target, omp_delete_target, omp_create_config) (omp_create_config_from_rc_file, omp_delete_config) (omp_delete_lsc_credential, omp_create_agent, omp_delete_agent) (omp_get_nvt_details_503), omp/xml.c (add_attribute) (print_entities_to_string, print_entities, print_entities_format): Remove unused functions. * base/certificate.h, base/nvti.h, base/openvas_compress.h, base/openvas_file.h, base/openvas_networking.h, base/openvas_string.h, base/settings.h: Delete removed functions prototypes. 2014-03-04 Hani Benhabiles * misc/openvas_logging.c, misc/openvas_logging.h: Revert removal of openvas_logging_silent as it is still used in openvas-cli. 2014-03-04 Hani Benhabiles * COPYING: Remove license details for share_fd.c, share_fd.h and BSD2. * COPYING.BSD2: Remove file. * misc/CMakeLists.txt: Don't build and include share_fd.c and share_fd.h * misc/share_fd.c, misc/share_fd.h: Remove files. * misc/ads_auth.c (ldap_object_get_attribute_values) (ldap_object_attribute_has_value), misc/arglists.c (arg_free_name) (arg_set_type, arg_get_length, init_element, arg_add_value_at_head), misc/hash_table_file.c (add_to_keyfile, hash_table_file_write) (hash_table_file_read), misc/network.c (open_stream_auto_encaps) (stream_get_ssl, stream_set_options, get_encaps, open_sock_tcp_hn) (open_sock_udp, stream_isset, stream_pending), misc/openvas_auth.c (openvas_authenticate), misc/openvas_logging.c (openvas_log_silent), misc/openvas_ssh_login.c (openvas_ssh_login_prefstring) (add_ssh_login_to_file, openvas_ssh_login_file_write) (openvas_ssh_login_file_read), misc/pcap.c (is_local_ip, get_mac_addr), misc/plugutils.c (openvaslib_version, openvas_lib_version) (plug_add_host, host_add_port, host_add_port_udp, post_log_udp) (post_error_udp): Remove unused functions. * misc/arglists.h, misc/hash_table_file.h, misc/network.h, misc/openvas_auth.h, misc/openvas_logging.h, misc/openvas_ssh_login.h, misc/pcap_openvas.h: Delete removed functions prototypes. 2014-03-03 Hani Benhabiles * misc/plugutils.c (plugin_is_newstyle): Remove unused function. * misc/plugutils.h: Remove function prototype. * nasl/nasl_packet_forgery_v6.c (struct v6pseudo_icmp_hdr): Remove unused nothing element. * nasl/nasl_packet_forgery.c (struct pseudo_udp_hdr): Remvoe unused nothing element. 2014-03-03 Jan-Oliver Wagner Removed documentation of BSD3 license as recently last code under BSD3 was removed. * COPYING: Removed note on BSD3. * COPYING.BSD3: Removed. 2014-03-03 Hani Benhabiles * COPYING: Remove lsearch.c license. * nasl/lsearch.c: Remove unused file. * misc/network.c (ovas_allocate_connection): Rename to openvas_register_connection for consistency. (openvas_register_connection): Remove useless function. (ovas_scanner_context_attach): Adjust function call. * nasl/CMakeLists.txt: Don't build lsearch.c * nasl/genrand.c (set_rand_reseed_callback_ntlmssp) (set_need_random_reseed_ntlmssp), nasl/hmacmd5.c, (hmac_md5_init_rfc2104), nasl/nasl_builtin_synscan.c (find_rtt), nasl/nasl_crypto2.c (map_file), nasl/nasl_lex_ctxt.c (get_top_level_ctxt), nasl/nasl_var.c (get_var_type_by_name), nasl/smb_crypt.c (D_P16, E_old_pw_hash, cred_hash1, cred_hash2) (cred_hash3, sam_pwd_hash, SMBencrypt_ntlmssp, E_md5hash_ntlmssp), nasl/time.c (convert_timeval_to_timespec_ntlmssp) (convert_timespec_to_time_t_ntlmssp) convert_timespec_to_timeval_ntlmssp): Remove unused functions. * nasl/proto.h, nasl/smb_crypt.h, nasl/nasl_lex_ctxt.h: Remove deleted functions' prototypes. * nasl/nasl_scanner_glue.c (script_get_preference_file_content): Fix usage of data pointer instead of data size in error checking. 2014-02-27 Michael Wiegand * misc/CMakeLists.txt: Link against base when doing a static build. 2014-02-27 Hani Benhabiles * misc/network.c (verify_peer_certificate): Remove function. (ovas_scanner_context_attach): Adequately use openvas_server_verify instead of verify_peer_certificate. 2014-02-25 Hani Benhabiles * base/openvas_compress.c (openvas_compress, openvas_uncompress): Remove unecessary check for unsigned value. 2014-02-24 Matthew Mundell * omp/omp.c (get_omp_response_503): Always free response. Use whole number for sleep, because 0.5 will be truncated to zero. 2014-02-22 Michael Wiegand * base/openvas_hosts.c (openvas_hosts_new_with_max): Remove useless comparison as an unsigned int will never be < 0. 2014-02-21 Hani Benhabiles * misc/openvas_server.c (load_file, unload_file): Add function comments. Rename to load_gnutls_file and unload_gnutls_file. (client_cert_callback): Adjust functions calls. * misc/openvas_server.h: Add functions headers. * misc/network.c (load_file, unload_file): Remove unused functions. (load_cert_and_key): Use functions from misc/openvas_server.c and adjust calls accordingly. Remove double-free call. 2014-02-18 Hani Benhabiles * misc/openvas_server.c (server_new_internal): Constify string arguments. (load_file, unload_file, sert_cert_file, set_key_file, get_key_file) (get_cert_file, client_cert_callback, openvas_server_open_with_cert): New functions. (openvas_server_open): Call openvas_server_open(). * misc/openvas_server.h: Add include and function prototype. 2014-02-16 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 7.0+beta6. 2014-02-16 Jan-Oliver Wagner Preparing the openvas-libraries 7.0+beta5 release. * CHANGES: Updated. 2014-02-14 Hani Benhabiles * base/nvti.c (nvti_from_keyfile): Call g_warning instead of g_error which causes the scanner to abort when an erroneous nvti cache file is present. 2014-02-12 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_new_with_max): New function, allows setting a max number of hosts limit. (openvas_hosts_new): Call openvas_hosts_new_with_max(). * base/openvas_hosts.h: Add new function prototype accordingly. 2014-02-10 Hani Benhabiles * misc/plugutils.c (kb_get_port_state_proto): Fix kb_item_get_int return value check to match previous style. 2014-02-07 Hani Benhabiles * base/openvas_hosts.c (cidr_get_ip): Free allocated memory in case of error. 2014-02-07 Hani Benhabiles * misc/network (open_stream_connection_ext): Don't return error on OPENVAS_ENCAPS_SSLv2 transport value as it is supported. * nasl/nasl_socket (nasl_recv_line): Fix parameter name in error message. 2014-02-07 Hani Benhabiles * misc/network (open_sock_tcp): Adequately print target host address when in time-out case. 2014-02-06 Hani Benhabiles * nasl/nasl_socket.c (rm_udp_data): Check hash table pointer is valid before removing it. 2014-02-05 Hani Benhabiles * base/openvas_networking.c (port_in_port_ranges): New function. * base/openvas_networking.h: Add function prototype accordingly. * misc/plugutils.c (port_in_ports, unscanned_udp_ports_as_closed): Remove functions as unused anymore. (unscanned_ports_as_closed): Add argument for port protocol. (kb_get_port_state_proto): Use port_range_ranges and port_in_port_ranges before trying to determine port state. Fix usage of unscanned_port_as_closed. Style update. * misc/plugutils.h: Add base/openvas_networking.h include. 2014-02-05 Michael Wiegand * base/openvas_networking.c (validate_port_range): Fix typo in comment. 2014-02-04 Hani Benhabiles * base/openvas_networking.c (port_range_ranges): New function from Manager. * base/openvas_networking.h: Add includes and function prototypes accordingly. (struct range): New struct. (port_protocol_t): New enum. 2014-02-04 Hani Benhabiles * base/openvas_networking.c (validate_port_range): New function. * base/openvas_networking.h: Add validate_port_range prototype. 2014-02-04 Michael Wiegand * nasl/nasl_grammar.y: Updated to ensure compatibility with bison >= 3.0. Patch provided by Dan Fandrich. 2014-01-31 Hani Benhabiles * misc/network.c (open_sock_tcp): Don't silently stop trying to open sockets for a tcp port when a previous test failed. Add log message upon failure. 2014-01-30 Jan-Oliver Wagner * base/settings.c (settings_save): Return error upon error always. This also resolves a dead assignment. 2014-01-30 Jan-Oliver Wagner * INSTALL: Add section about static code analysis with CLang. 2014-01-23 Benoît Allard * nasl/nasl_signature.c (nasl_extract_signature_fprs): Initialize an unitialized variable 2014-01-22 Henri Doreau * nasl/nasl_builtin_find_service.c (plugin_run_find_service): Renamed variable "one_true_pipe" into "unix_sock", because it's a unix socket, not a pipe. 2014-01-22 Henri Doreau * nasl/nasl_builtin_find_service.c (plugin_run_find_service): Minor style fix. 2014-01-20 Henri Doreau * nasl/nasl_builtin_find_service.c (mark_vtun_server, mark_wrapped_svc) (plugin_do_run): Fixed line wrapping. 2014-01-20 Henri Doreau * nasl/nasl_builtin_find_service.c: Re-indented using indent(1) -nut. 2014-01-16 Jan-Oliver Wagner Finally removing/resolving last oldstyle kb remains. * nasl/nasl_builtin_find_service.c (HASH_MAX, plug_get_oldstyle_kb): Removed. (plugin_run_find_service): Replace the last uses of oldstyle kb by new style kb. This simplifies the loops by one level and removed a count bug. 2014-01-16 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c (plugin_run_find_service): Addionally to the oldstyle kb, get a newstyle handle of the kb. Replace the while statement using the oldstyle kb to count the number of open ports with new style kb. This also removes a count bug that would deliver one too less in case the last kb element contains a port. 2014-01-16 Jan-Oliver Wagner Isolating old style kb function to the only place where it still used. * misc/kb.c (plug_get_oldstyle_kb): Removed. * misc/kb.h: Removed proto accordingly. * nasl/nasl_builtin_find_service.c (HASH_MAX, plug_get_oldstyle_kb): New. Copy from above place, with some comment and using kb_t typedef. 2014-01-16 Michael Wiegand * base/nvticache.c (nvticache_get): Also return NULL if the file could be read, but is empty. This fixes a segfault when an empty nvti file is encountered when reading the cache. Patch suggested by Sebastien Aucouturier. 2014-01-10 Jan-Oliver Wagner * misc/kb.h: Add a typedef kb_t for struct kb_item **. * misc/plugutils.c, misc/network.c, misc/plugutils.h, misc/www_funcs.c, nasl/nasl_http.c, nasl/nasl_builtin_nmap.c, nasl/nasl_scanner_glue.c, nasl/nasl_ssh.c: Use kb_t. 2014-01-10 Jan-Oliver Wagner * misc/plugutils.c, nasl/nasl.c, nasl/nasl_scanner_glue.c: Formatting fixes. 2014-01-09 Benoit Allard Post release version bump. * CMakeLists.txt: Set version to 7.0+beta5. 2014-01-09 Benoit Allard * CHANGES: Set date for 7.0+beta4 release 2014-01-08 Hani Benhabiles Fix a regression reported by Henri Doreau with authenticated scans. * misc/network.c (nsend): Revert parts of revision 18495 caused by utf-8 conversion (auth_send): Convert data to UTF-8 before sending it. 2014-01-06 Jan-Oliver Wagner Preparing the openvas-libraries 7.0+beta4 release. * CHANGES: Updated. But set no date yet. 2014-01-02 Hani Benhabiles * nasl/nasl_grammar.y (INCLUDE): Adjust to return error code if the file to include wasn't located. * nasl/exec.c (exec_nasl_script): Handle naslparse return code adequately. 2013-12-30 Hani Benhabiles * nasl/nasl-lint.c (main): Add glib version check around g_type_init as it is deprecated starting from version 2.35. 2013-12-27 Benoît Allard * nasl/nasl-lint.c: Replace tabs by spaces, and remove trailing whitespaces 2013-12-27 Benoît Allard Add a standalone NASL-linter * nasl/nasl-lint.c: Add * nasl/CMakeLists.txt: Add instructions to build openvas-nasl-lint 2013-12-17 Hani Benhabiles * misc/network.c (nsend): Convert data to UTF-8 before sending it. Adjust function accordingly. (internal_send): Fix variable used for message length. 2013-12-12 Hani Benhabiles * nasl/nasl_http (_http_req): Add port value in http host header. 2013-12-11 Hani Benhabiles * base/openvas_networking.c (openvas_source_iface_init): Check for ifa_addr value before dereferencing it. One case where this has a null value is the tun interface created by vpnc. 2013-12-09 Hani Benhabiles * nasl/nasl.c: Add -e option for openvas-nasl to specify the source interface. * doc/openvas-nasl.1: Update documentation. 2013-12-09 Hani Benhabiles * base/openvas_networking.c (openvas_source_iface_is_set): New function. * base/openvas_networking.h: Add new function prototype. * misc/pcap.c (v6_getsourceip, getsourceip): Don't recheck source interface as callers already do it. Remove verbose error prints. * misc/pcap_openvas.h: Add function prototype. * nasl/nasl_host.c (nasl_this_host): Check if source_iface is set before trying to use its address. Refactor code to better handle error returns. 2013-11-26 Matthew Mundell * misc/nvti.c (set_from_key): New function. (nvti_from_keyfile): Use set_from_key to set the string fields, so that UTF-8 conversion is always done. Convert preferences to UTF-8. (set_from_nvti): New function. (nvti_to_keyfile): Use set_from_nvti to write strings to the keyfile, so that ISO conversion is always done. Convert preferences to ISO. 2013-11-26 Michael Wiegand Remove obsolete certificate_file implementation. * base/openvas_certificate_file.c, base/openvas_certificate_file.h: Removed. This was used for saving certificate information to files and was only used in the now obsolete Gtk client. * base/CMakeLists.txt: Remove handling of openvas_certificate_file.c and openvas_certificate_file.h. * COPYING: Remove reference to openvas_certificate_file.c and openvas_certificate_file.h. Bump date. 2013-11-22 Michael Wiegand Remove obsolete severity_filter implementation. * base/severity_filter.c, base/severity_filter.h: Removed. This was a early client side implementation of the overrides concept and was only used in the now obsolete Gtk client. * base/CMakeLists.txt: Remove handling of severity_filter.c and severity_filter.h. * COPYING: Remove reference to severity_filter.c and severity_filter.h. 2013-11-22 Michael Wiegand * nasl/nasl_grammar.y (init_nasl_ctx): Print error message to stderr instead of stdout for consistency. 2013-11-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 7.0+beta4. 2013-11-21 Michael Wiegand Preparing the openvas-libraries 7.0+beta3 release. * CHANGES: Updated. 2013-11-19 Jan-Oliver Wagner * misc/openvas_auth.c: Removed some outdated documentation about the users directory. 2013-11-19 Jan-Oliver Wagner * base/accessrules.c, base/accessrules.h: Removed. This was a so far unused implementation anyway. With the change from rules to host access this is not needed anymore. * COPYING: Removed this module. 2013-11-19 Jan-Oliver Wagner * misc/openvas_auth.c (openvas_auth_make_user_rules): Removed. The file based rules were removed and thus this function is not relevant anymore. Actually it is not called anywhere anymore. (RULES_FILE_HEADER): Removed. * misc/openvas_auth.h: Removed proto accordingly. 2013-11-19 Matthew Mundell * misc/openvas_auth.c (openvas_auth_init): Add return. (openvas_auth_init_funcs): Init Libgrypt. * misc/openvas_auth.h: Update headers accordingly. 2013-11-18 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c (plugin_do_run): Do not magically double timeouts for the list of services that are recognized by this plugin. Now the timeouts as given in the preferences are applied to all ports. This makes the behaviour transparent for the user. 2013-11-18 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c (plugin_do_run): Treat SSL ports like any unknown one. Essentially this means that the timeouts as specified by the NVT preference are applied instead of magically doubling the timeouts. Since the list of known SSL ports is arbitrary and also entirely outdated there is no reason to handle the currenty hard-coded list in a special way. Additionally it is not transparent to the user that some (not visible which ones) SSL ports are tested with doubled timeouts and others with the regular (user-visible) timeout. (known_ssl_port): Removed this now unused function. 2013-11-16 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c (plugin_run_find_service): Make test_ssl = 1 represent "All", test_ssl = 0 for "None" and have any other string degfault to "All". This essentially drops the previously considered "Known SSL Ports". (plugin_do_run): Don't care about known ports anymore. 2013-11-14 Hani Benhabiles * base/openvas_hosts.c (openvas_host_in_hosts): Add parameter to use as an already resolved address for hostnames checking. * base/openvas_hosts.h: Adjust openvas_host_in_hosts prototype. 2013-11-14 Hani Benhabiles * base/openvas_hosts.c (openvas_host_in_hosts): Make comparing of strings case-insensitive. 2013-11-12 Thomas Rotter * nasl/nasl_init.c: Added missing win_cmd_exec 2013-11-08 Hani Benhabiles * base/openvas_hosts.c (openvas_host_in_hosts): New function. * base/openvas_hosts.h: Add function prototype. 2013-11-08 Hani Benhabiles * misc/system.c, misc/system.h, misc/system_internal.h: Remove unused funtion estrlen. 2013-11-06 Hani Benhabiles * misc/plugutils.c (plug_set_replace_key): Add switch variable to output debug info to stderr. * nasl/nasl.c (main): Set global_nasl_debug variable when -d flag is set. * doc/openvas-nasl.1: Update documentation. 2013-10-30 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_new): Break in uninitialized ips_func variable case. Fixes build on gcc 4.8. 2013-10-30 Hani Benhabiles * base/openvas_compress.c (openvas_compress, openvas_uncompress): Refactor code and fix single step compress/uncompress. Fix memory leaks in inflate/deflate internal structures. 2013-10-29 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_description): Added note under which condition it can be removed. * nasl/nasl_init.c: Added note here accordingly. 2013-10-29 Hani Benhabiles * base/openvas_compress.c (openvas_compress, openvas_uncompress): Unconstify src pointer when z_const is not defined to fix building on with older zlib versions. 2013-10-29 Hani Benhabiles * base/openvas_compress.h: Fix define typo. 2013-10-29 Hani Benhabiles * base/openvas_compress.c: Define ZLIB_CONST so that z_const is defined as const. (openvas_compress): Use deflateInit and deflate instead of compress call. Adjust stream initialization and error handling accordingly. (openvas_uncompress): Use inflateInit2 and inflate with automatic header detection when decoding zlib/gzip format. Adjust stream initialization and error handling accordingly. * base/openvas_compress.h: Add macro check to prevent multiple includes. 2013-10-28 Matthew Mundell * misc/openvas_server.c (verify_certificate): Remove. Now openvas_server_verify. (openvas_server_verify): New function. (server_new_internal): Remove call to set verify function, which requires GnuTLS 2.10. * misc/openvas_server.h: Add header accordingly. 2013-10-28 Hani Benhabiles * base/nvti.c (nvti_free, nvti_shrink): Don't free description. (nvti_description, nvti_set_description): Delete functions. (nvti_from_keyfile, nvti_to_keyfile, nvti_clone): Don't apply description value. * base/nvti.h: Remove prototypes accordingly. * nasl/nasl_scanner_glue.c (script_description): Don't call removed function. 2013-10-28 Matthew Mundell * misc/openvas_server.c (verify_certificate): New function. (server_new_internal): Set verification callback. 2013-10-28 Hani Benhabiles * nasl/nasl_init.c (libfuncs): Add gzip and gunzip functions. * nasl/nasl_misc_funcs.c: Include openvas_compress.h (nasl_gunzip, nasl_gzip): New functions. * nasl/nasl_misc_funcs.h: Add new functions prototypes. 2013-10-28 Hani Benhabiles * base/openvas_compress.h, base/openvas_compress.c: Move zlib.h include from .h file to .c 2013-10-28 Hani Benhabiles * INSTALL: Add zlib library dependency. * base/openvas_compress.h, base/openvas_compress.c: Use unsigned long instead of uLong/size_t to match the code base. 2013-10-28 Hani Benhabiles * base/openvas_compress.h, base/openvas_compress.c: Use uLong instead of size_t. Solves build on 32 bits systems. 2013-10-25 Hani Benhabiles * base/openvas_compress.h, base/openvas_compress.c: New files. * CMakeLists.txt: Link against zlib. * base/CMakeLists.txt: Add openvas_compress.c and openvas_compress.h files to the build process. 2013-10-24 Michael Wiegand Change default build behaviour to build openvas-libraries only dynamically / shared linked by default. For static linking between the OpenVAS libraries the option BUILD_STATIC has been added. Based in large parts on a patch suggested by Andre Heinecke. * CMakeLists.txt: Add new option BUILD_STATIC. * misc/CMakeLists.txt: Add handling of BUILD_STATIC and BUILD_SHARED. Update MINGW case and move it into BUILD_SHARED case. * omp/CMakeLists.txt: Add handling of BUILD_STATIC and BUILD_SHARED. Move MINGW case into BUILD_SHARED case. * nasl/CMakeLists.txt: Add handling of BUILD_STATIC and BUILD_SHARED. Link openvas-nasl binary against static or dynamic OpenVAS libraries depending on what was built. * base/CMakeLists.txt: Add handling of BUILD_STATIC and BUILD_SHARED. Update MINGW case and move it into BUILD_SHARED case. Link test-hosts binary against static or dynamic OpenVAS libraries depending on what was built. 2013-10-22 Hani Benhabiles * misc/resolve.c, misc/resolve.h: Delete files. * base/CMakeLists.txt: Remove resolve.c and resolve.h from build. * misc/ids_send.c: Don't include resolve.h * misc/network.c: Don't include resolve.h (open_sock_opt_hn): Replace nn_resolve call with openvas_resolve_as_addr6. * nasl/nasl_host.c: Don't include resolve.h (nasl_this_host): Replace nn_resolve call with openvas_resolve_as_addr6. * COPYING: Remove deleted files licensing. 2013-10-22 Hani Benhabiles * base/openvas_hosts.c (openvas_host_resolve): Call openvas_resolve. * base/openvas_networking.c (openvas_resolve) (openvas_resolve_as_addr6): New functions. * base/openvas_networking.h: Add include and new prototypes. 2013-10-18 Hani Benhabiles * misc/network.c (open_socket): Call openvas_source_set_socket instead of set_socket_source_addr. (_socket_get_next_source_addr, _socket_get_next_source_v4_addr) (_socket_get_next_source_v6_addr, socket_get_next_source_addr) (socket_get_next_source_v4_addr, socket_get_next_source_v6_addr, (set_socket_source_addr, socket_source_init): Delete functions. * misc/network.h: Include openvas_networking.h. Remove deleted functions prototypes. * misc/pcap.c (v6_getsourceip, getsourceip, v6_routethrough) (routethrough): Call adequate openvas_source functions instead of removed ones. * nasl/nasl_host.c: Add include. (nasl_this_host): Adequately call openvas_source functions. * nasl/nasl_socket.c: Add include (nasl_open_sock_udp, nasl_open_privileged_socket): Adequately call openvas_source functions. 2013-10-18 Hani Benhabiles * base/openvas_hosts.c (ipv4_mapped_ipv6): Delete function. (openvas_host_get_addr6): Call ipv4_as_ipv6 instead of deleted function. * base/openvas_hosts.h: Include openvas_networking.h 2013-10-18 Hani Benhabiles * base/openvas_networking.c, base/openvas_networking.h: New files. * COPYING: Add license information for new files. * base/CMakeLists.txt: Build new files. 2013-10-17 Jan-Oliver Wagner * COPYING: Remove recently removed comm.h. 2013-10-17 Hani Benhabiles * misc/network.c, misc/network.h: Remove unused function convipv4toipv4mappedaddr. * misc/plugutils.c, misc/scanner_utils.c, nasl/nasl_scanner_glue.c: Don't include comm.h header. * misc/comm.h: Remove file. 2013-10-14 Hani Benhabiles * misc/plugutils.c (proto_post_wrapped): Don't append description when plugin is not new style in empty action case. 2013-10-03 Michael Wiegand * CMakeLists.txt: Avoid library detection when cross compiling since it is unreliable in this situation. Added TODO. Patch suggested by Andre Heinecke. 2013-09-28 Michael Wiegand * CMakeLists.txt: Add option to build only the omp part of openvas-libraries. This can be used to prevent building of the nasl part when this part is not required or desired. Patch suggested by Andre Heinecke. 2013-09-28 Michael Wiegand * omp/CMakeLists.txt: Do not apply hardening flags when using MINGW. Patch suggested by Andre Heinecke. 2013-09-28 Michael Wiegand * misc/CMakeLists.txt: Do not apply hardening flags when using MINGW. Patch suggested by Andre Heinecke. 2013-09-28 Michael Wiegand * base/openvas_hosts.c, base/pidfile.c, misc/openvas_auth.c: Revert patches accidentally included in last commit. 2013-09-28 Michael Wiegand * base/CMakeLists.txt: Add missing files to MINGW section. 2013-09-26 Hani Benhabiles Post release version bump. * CMakeLists.txt: Set version to 7.0+beta3. 2013-09-26 Hani Benhabiles Preparing the openvas-libraries 7.0+beta2 release. * CHANGES: Updated. 2013-09-20 Hani Benhabiles * misc/plugutils.c (plug_set_dep): Remove handling of dependencies with .nes extension case as they were fully converted. 2013-09-18 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_resolve): New function. (openvas_hosts_exclude): Add boolean to choose whether to resolve excluded hostnames before filtering them out. Call new function adequately. * base/openvas_hosts.h: Add and modify function prototypes. 2013-09-16 Hani Benhabiles Add support for IPv6 short range-expressed networks. * base/openvas_hosts.c (is_long_range_network, long_range_network_ips): Fix comments and coding style. (is_short_range6_network, short_range6_network_ips): New functions. (determine_host_type, openvas_hosts_new): Handle short IPv6 range case. * base/openvas_hosts.h (host_type): Add HOST_TYPE_RANGE6_SHORT value. 2013-09-13 Hani Benhabiles Add support for IPv6 long range-expressed networks. * base/openvas_hosts.c: Coding style and documentation typos fixes. (is_long_range6_network, long_range6_network_ips): New functions. (determine_host_type, openvas_hosts_new): Handle IPv6 long ranges case. * base/openvas_hosts.h (host_type): Add HOST_TYPE_RANGE6_LONG value. 2013-09-12 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_reverse): New function. * base/openvas_hosts.h: Add prototype accordingly. 2013-09-12 Hani Benhabiles Huge performance boost for hosts deduplication and exclusion. * base/openvas_hosts.c (openvas_host_equal): Remove unused function. (openvas_hosts_remove_duplicates): Rename to openvas_hosts_deduplicate. Use a hash table to deduplicate in O(N) time. (openvas_hosts_new): Adjust function call. (openvas_hosts_remove_element): New function. (openvas_hosts_exclude): Use a hash table to exclude hosts in O(N+M) time. (openvas_hosts_reverse_lookup_only, openvas_hosts_reverse_lookup_unify): Code style fix. 2013-09-11 Hani Benhabiles * base/openvas_hosts.c (openvas_host_reverse_lookup): Return looked-up value. Update documentation. (openvas_hosts_resolve_lookup_only): Adjust for previous change. (openvas_hosts_resolve_lookup_unify): New function. (openvas_hosts_new): Remove debug output functions. * base/openvas_hosts.h: Add prototype accordingly. 2013-09-11 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_shuffle): Add null pointer check. (openvas_host_reverse_lookup, openvas_hosts_reverse_lookup_only): New functions. * base/openvas_hosts.h: Add prototype accordingly. 2013-09-10 Timo Pollmeier * base/openvas_hosts.c (openvas_hosts_free): Free hosts list in two steps instead of using g_list_free_full. 2013-09-10 Hani Benhabiles * base/openvas_hosts.c (openvas_hosts_exclude): New function. (openvas_hosts_count, openvas_hosts_removed, openvas_hosts_free) (openvas_hosts_shuffle, openvas_host_equal): Coding style fix. * base/openvas_hosts.h: Add openvas_hosts_exclude prototype. (openvas_hosts_t): Update comment. 2013-09-10 Hani Benhabiles A couple of changes based on suggestions by Henri Doreau, more to follow. * base/openvas_hosts.h: name the HOST_TYPE_* enum as host_type. (openvas_host): Change type's type to host_type. (openvas_hosts): Make removed variable unsigned. * base/openvas_hosts.c (openvas_hosts_remove_duplicates): Declare elements variable at top of the block. 2013-09-10 Jan-Oliver Wagner * misc/resolve.c (host2ip): Removed. It is an unused function. 2013-09-06 Hani Benhabiles Fix a couple of memory leaks. * misc/pcap.c (v6_getinterfaces): Call freeifaddrs if getifaddrs call succeeds. * misc/plugutils.c (plug_set_replace_key): Free str when soc is null too. * nasl/nasl_host.c (get_host_ip): Use the already duplicated txt_ip instead of duplicating it again. 2013-09-05 Jan-Oliver Wagner * base/test-hosts.c: New. A stand-alone test tool for module openvas_hosts. Developed by Hani Benhabiles. * base/CMakeLists.txt: Add handling for test-hosts.c. 2013-09-05 Jan-Oliver Wagner * doc/Doxyfile.in: Removed handling of module hg. 2013-09-05 Jan-Oliver Wagner * hg/: Removed. 2013-09-05 Hani Benhabiles Remove unused hg/ module. * hg/hg_filter.h, hg/hg_subnet.c, hg/hg_utils.c, hg/test.c, hg/hosts_gatherer.c, hg/hg_dns_axfr.c, hg/hg_subnet.h, hg/hg_utils.h, hg/hg_add_hosts.c, hg/hosts_gatherer.h, hg/hg_dns_axfr.h, hg/README.txt, hg/hg_add_hosts.h, hg/CMakeLists.txt, hg/hg_filter.c, hg/hg_debug.c: Removed. * COPYING: Remove hg license information. * nasl/CMakeLists, CMakeLists, libopenvas.pc.in: Remove hg directory and library related entries. 2013-09-05 Hani Benhabiles Add CIDR IPv6 ranges support. * base/openvas_hosts.c (cidr_block_ips): Detail documentation. (is_cidr6_block, cidr6_get_block, cidr6_get_ip, cidr6_block_ips): New functions. (determine_host_type): Check for IPv6 CIDR-blocks syntax. (openvas_hoss_remove_duplicates): Fix duplicates count substraction. (openvas_hosts_new): Handle adding single hosts for CIDR IPv6 blocks. * base/openvas_hosts.h: Add HOST_TYPE_CIDR6_BLOCK value. 2013-09-05 Hani Benhabiles Cache openvas_hosts count, instead of counting host objects each time. * base/openvas_hosts.c (openvas_hosts_remove_duplicates): Substract duplicates from count. (openvas_hosts_new): Increment hosts count when adding a host object. (openvas_hosts_count): Return count element value. 2013-09-05 Hani Benhabiles * base/openvas_hosts.c, src/openvas_hosts.h: Rename openvas_host_addr6 to openvas_host_get_addr6 to make it clearer that interface resolves address when unavailable. * nasl/nasl.c: Remove system.h include. Replace usage of emalloc/estrdup/efree with equivalent glib functions. (main): Handle openvas_host_get_addr6 error. Free hostname. 2013-09-04 Hani Benhabiles Remove hg module usage and integrate openvas_hosts interface for openvas-nasl. * nasl/nasl.c: Remove useless includes. Include base/openvas_hosts.h (main): Replace hg_* functions with openvas_hosts_* and openvas_host_* functions and make necessary adjustments. 2013-09-04 Hani Benhabiles * base/openvas_hosts.c (ipv4_mapped_ipv6, openvas_host_addr6): New functions. * base/openvas_hosts.h: Add openvas_host_addr6 function prototype. 2013-09-03 Hani Benhabiles * COPYING: Add license for new files. 2013-09-03 Hani Benhabiles Initial commit for new Hosts API that will replace hg module. * base/openvas_hosts.c, base/openvas_hosts.c: New files. * base/CMakeLists.txt: Add new files to build process. 2013-08-29 Michael Wiegand * COPYING: Update date to reflect the latest change. 2013-08-22 Felix Wolfsteller * nasl/nasl_scanner_glue.c (script_xref): Conform to coding style. 2013-08-22 Felix Wolfsteller * nasl/nasl.c (main): Document obligatory command line argument and clarify that multiple can be given (in error message when none is passed). 2013-08-22 Felix Wolfsteller * nasl/nasl_scanner_glue.c (script_xref, script_tag): Use nasl_perror to print the NVT name, verbose debugging messages when parameters are not set. 2013-08-22 Hani Benhabiles * nasl/nasl_scanner_glue.c (script_xref, script_tag): Make error message more descriptive by printing the NVT name. 2013-08-14 Jan-Oliver Wagner * INSTALL: Updated reference system from Debian 6 to 7. 2013-08-01 Hani Benhabiles * hg/hosts_gatherer.h: Fix comment typo. 2013-07-31 Jan-Oliver Wagner Adding capability to NASL to run commands on a remote Windows machine when being authenticated. Similar like it is already possible to run commands on remote Linux systems using ssh. These patches were developed by Thanga Prakash . * nasl/smb_interface_stub.c (wincmd): New. * nasl/openvas_smb_interface.h: Add proto accordingly. * nasl/nasl_smb.c (nasl_win_cmd_exec): New. * nasl/nasl_smb.h: Add proto accordingly. * nasl/CMakeLists.txt: Added checks for wincmd library and handle if is found. * doc/wmi-howto.txt: Updated to consider additional patch and installation. * CMakeLists.txt: Add configure check for wincmd. 2013-07-24 Matthew Mundell * INSTALL: Reorder PKG_CONFIG_PATH export, in case another openvas installation is already in existing PKG_CONFIG_PATH. 2013-07-18 Michael Wiegand * hg/hg_utils.c (hg_get_name_from_ip): Hide debug output behind NDEBUG ndefines so it does not show up when built with the "Release" build type. 2013-07-16 Matthew Mundell * misc/plugutils.c (proto_post_wrapped): Enable sending of ALARM in place of LOG, NOTE and INFO. 2013-07-16 Matthew Mundell * ChangeLog: Clean up a little formatting. 2013-07-12 Werner Koch Remove circular dependency between misc/ and nasl/ introduced by me on 2012-09-20. * misc/network.c: Remove nasl_ssh.h include. (struct csc_hook_s): New. (csc_hooks): New. (add_close_stream_connection_hook): New. (run_csc_hooks): New. (close_stream_connection): Call run_csc_hooks instead of nasl_ssh_internal_close. * misc/network.h (add_close_stream_connection_hook): New prototype. * nasl/nasl_ssh.c (nasl_ssh_internal_close): Make static and rename to nasl_ssh_close_hook. (next_session_id): Register hook. 2013-07-01 Jan-Oliver Wagner * misc/plugutils.c (proto_post_wrapped): Handle message according to cvss here instead of in proto_post_alarm. (proto_post_alarm): Removed cvss-depending code. 2013-07-01 Jan-Oliver Wagner Renamed "alert" to "alarm" to not mix up with the alerts as used in OpenVAS Manager. * nasl/nasl_builtin_find_service.c: Replaced all calls of post_alert by post_alarm. * misc/plugutils.c (proto_post_alert, post_alert): Renamed to proto_post_alarm and post_alarm. * misc/plugutils.h: Renamed protos accordingly. * nasl/nasl_scanner_glue.c (security_message): Renamed call accordingly. 2013-07-01 Michael Wiegand * base/gpgme_util.c (openvas_init_gpgme_ctx) (openvas_init_gpgme_sysconf_ctx): Hide debug output behind NDEBUG ndefines so it does not show up when built with the "Release" build type. 2013-07-01 Michael Wiegand Remove files containing now obsolete convenience code. The functionality was not currently in use and is now available directly in glib. * base/hash_table_util.c, base/hash_table_util.h: Removed. * base/CMakeLists.txt: Updated to no longer include the removed files. * COPYING: Updated to no longer include the removed files. 2013-06-29 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c: Replaced all calls of post_hole by post_alert. * misc/plugutils.c (proto_post_hole, post_hole, post_hole_udp) (post_info, post_info_udp, proto_post_info, post_note) (post_note_udp, proto_post_note): Removed. * misc/plugutils.h: Removed protos accordingly. 2013-06-28 Jan-Oliver Wagner Move the decision of the message level to the message sending. This reduces the retrievals of the nvt details from cache by one. * nasl/nasl_scanner_glue.c (security_message): Don't use the CVSS of the NVT to determine actual message level. Instead call the new alert function. * misc/plugutils.c (proto_post_alert, post_alert): New. Use the CVSS of the NVT to apply the actual message. * misc/plugutils.h: Added protos accordingly. 2013-06-28 Jan-Oliver Wagner Remove parameters "threat" and "cvss" from security_message. In fact these were forseen for a transitional phase according to CR 59. Meanwhile any NVT has a CVSS and a NVT should never send different severities decided at runtime. * nasl/nasl_init.c (lib_funcs): Removed parameters "threat" and "cvss" from security_message. * nasl/nasl_scanner_glue.c (security_message): Don't interpret and handle parameters "threat" and "cvss". 2013-06-27 Michael Wiegand Improve handling of linker flags, partly based on a patch by Guillaume Rousse. * CMakeLists.txt: Gather linker flags for GnuTLS via pkg-config, for libgcrypt via libgcrypt-config. Hard code LDAP_LDFLAGS if libldap is found since libldap does not provide it's linker flags. * misc/CMakeLists.txt: Gather linker flags for uuid via pkg-config when not using MINGW. Consolidate target_link_libraries calls and use linker flags gathered during configuration instead of hard coded values. * base/CMakeLists.txt: Add GPGME_LDFLAGS to target_link_libraries to ensure linking works with strict linking options. 2013-06-27 Michael Wiegand * CMakeLists.txt: Make SVN revision in version string available again for out-of-source build. 2013-06-24 Henri Doreau * base/cvss.c (toenum): Use a separate variable to express success or failure, in order to not use negative values in enums. 2013-06-24 Michael Wiegand * nasl/nasl_builtin_openvas_tcp_scanner.c (std_port): Fix typo in comment and comment syntax. 2013-06-21 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c (mark_remote_nc_server): Don't send a "hole" message anymore. Just a "log". The security aspect is handled by another NVT (JM_RemoteNC.nasl). 2013-06-20 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 7.0+beta2. 2013-06-20 Michael Wiegand Preparing the openvas-libraries 7.0+beta1 release. * CHANGES: Updated. 2013-06-20 Michael Wiegand * misc/otp.h: Increase protocol defines for protocol version switch. 2013-06-19 Hani Benhabiles * base/nvti.c, base/nvti.h (nvti_risk_factor): Remove function. 2013-06-19 Michael Wiegand * base/cvss.c (toenum): Add todo regarding negative values in enums. 2013-06-19 Michael Wiegand Add support for setting the "autofp" parameter via omp_get_report_ext. * omp/omp.h (omp_get_report_opts_t): Add autofp. * omp/omp.c (omp_get_report_ext): Add autofp. 2013-06-12 Hani Benhabiles * misc/pcap.c (v6_routethrough, routethrough): Fix error message. 2013-06-11 Jan-Oliver Wagner Remove "SERVER <|> PORT" message of OTP. This remove results in the report that have no reference to a NVT. It has no internal impact on scanner and will not affect the port list reported via host details or via special port listing NVTs. * misc/plugutils.c (scanner_add_port): Removed sending a "SERVER <|> PORT" message. The port will still be registered in the KB. 2013-06-06 Matthew Mundell * misc/openvas_auth.c (user_set_rules): Remove. Jan recently removed rules support (openvas_auth_init_funcs): Remove set_rules arg. * misc/openvas_auth.h: Update header accordingly. 2013-05-16 Hani Benhabiles * omp/omp.c (omp_authenticate_info): Add parameter for severity class. * omp/omp.h: Update omp_authenticate_info prototype accordingly. 2013-05-21 Jan-Oliver Wagner * misc/openvas_auth.c (openvas_auth_user_set_allowed_methods, openvas_auth_user_methods): Removed. This is handled in Manager database now. (openvas_auth_mkmethodsdir): Removed now-unused function. * misc/openvas_auth.h: Removed protos accordingly. * CMakeLists.txt, misc/CMakeLists.txt: Remove handling of now-unused OPENVAS_USERS_DIR. 2013-05-21 Jan-Oliver Wagner Renamed "OPENVAS_USERS_DIR/.auth.conf" to OPENVAS_STATE_DIR/auth.conf. * misc/openvas_auth.c (openvas_auth_init_funcs, openvas_auth_write_config): Replaced OPENVAS_USERS_DIR by OPENVAS_STATE_DIR. 2013-05-21 Jan-Oliver Wagner * misc/ads_auth.c (ads_authenticate): Removed any role management. We don't let directory services do role management anymore. * misc/openvas_auth.c (openvas_is_user_admin, openvas_is_user_observer, openvas_set_user_role): Removed. The role management is done in Manager dabase now. * misc/openvas_auth.h: Removed protos accordingly. 2013-05-20 Jan-Oliver Wagner * src/plugutils.c (scanner_add_port): Remove dead code that make no sense. It sets a variable "confirm" as static, but this variable is never used. 2013-05-20 Jan-Oliver Wagner * src/plugutils.c (scanner_add_port): Removed code path for case of presense of a "DIFF_SCAN" argument. This one is not set anywhere nor does it make much sense. Probably remains of some experiments. 2013-05-16 Hani Benhabiles * base/openvas_file.c (openvas_file_copy, openvas_file_move): Check Glib version before using recently deprecated g_type_init(). 2013-05-14 Jan-Oliver Wagner Removing file-based user-specific rules support. * misc/openvas_auth.c (openvas_auth_user_rules, openvas_auth_user_uuid_rules, uuid_file_contents, openvas_auth_mkrulesdir, openvas_auth_store_user_rules): Removed. * misc/openvas_auth.h: Removed protos accordingly. * misc/ldap_auth.c (ldap_authenticate): Removed querying rules. (ldap_auth_query_rules): Removed. * misc/ads_auth.c (ads_authenticate): Removed querying rules. (ads_query_rules): Removed. 2013-05-14 Michael Wiegand * base/nvti.c (nvti_from_keyfile): Consistently free result of conversion. 2013-05-07 Michael Wiegand * CMakeLists.txt: Move creation of GnuPG homedirs here since openvas-libraries expects the directories to exist. 2013-05-07 Werner Koch * nasl/nasl_signature.c (nasl_extract_signature_fprs) (nasl_get_all_certificates): Also use sysconf directory. 2013-05-07 Werner Koch * nasl/nasl_signature.c (nasl_extract_signature_fprs): Set ERR if CTX creation failed. Also move all var definitions to the top. 2013-04-30 Werner Koch Use the sysconf directory for signature verification again. * base/gpgme_util.c (get_sysconf_gpghome): New. (openvas_init_gpgme_sysconf_ctx): New. * base/gpgme_util.h: Add prototype. * nasl/nasl_signature.c (nasl_verify_signature): Use new function. 2013-04-26 Werner Koch * base/CMakeLists.txt: Add definition for OPENVAS_STATE_DIR. * base/gpgme_util.c (determine_gpghome): Change to use OPENVAS_STATE_DIR. (log_gpgme): New. 2013-04-26 Matthew Mundell * misc/openvas_auth.c (openvas_auth_init_funcs): Set initialized flag even when there was no .auth.conf. 2013-04-25 Matthew Mundell Convert authentication system to support database users. * misc/openvas_auth.c (enum authentication_method) (auth_method_t): Remove. Now in openvas_auth.h. (auth_method_name): New function. (add_authenticator): Set role function in ldap info. (openvas_auth_init): Call through to new funcs version. (openvas_auth_init_funcs): New function. Body from openvas_auth_init, but also initialises global functions. (openvas_authenticate_classic): Use global function to get hash, instead of reading it from disk. (can_user_ldap_connect): Use global function to check if user exists, instead of reading disk. (openvas_authenticate): Require the initilisation function to have been called. (openvas_authenticate_method): Require the initilisation function to have been called. Export. Set method in ldap_connect case too. (openvas_user_uuid_method, openvas_user_exists_classic): Use global function instead of reading disk. (openvas_authenticate_uuid, openvas_auth_user_methodsdir) (openvas_user_modify): Remove. Out of use. (openvas_user_exists): Remove old tracing. (openvas_auth_make_user_rules): New function. Body from openvas_auth_store_user_rules. (openvas_auth_store_user_rules): Use global function instead of reading disk. Add method arg. * misc/openvas_auth.h: Update headers accordingly. * misc/ldap_auth.c (user_dir_path): Remove. (ldap_auth_query_rules): Remove disk calls. Pass method to openvas_auth_store_user_rules. (ldap_authenticate): Remove disk calls. Set role via callback function from info. * misc/ldap_auth.h (ldap_auth_info): Add user_set_role. * misc/adc_auth.c (ads_query_rules): Add method to openvas_auth_store_user_rules. 2013-04-25 Michael Wiegand * nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab): Fix name in error message. 2013-04-11 Henri Doreau * misc/kb.c: Fixed typo. 2013-04-10 Werner Koch * nasl/nasl_cert.c: Include gcrypt.h. (make_hexstring): New. (tohex): New macro. (get_fingerprint): New. (get_name): New. (nasl_cert_query): Replace some code by the new functions. (nasl_cert_query): Add commands "image", "fpr-sha-256", and "fpr-sha-1". 2013-04-09 Hani Benhabiles * base/cvss.c (__get_cvss_score): Add 0.0 to result to fix cases where result equals -0.0. (get_cvss_score_from_base): Return -1.0 instead of 0.0 when passed a null pointer to indicate an error as documented. 2013-04-09 Hani Benhabiles * base/cvss.c (impact_map): Fix Authentication Single Instance value from "C" to "S". 2013-04-09 Werner Koch * nasl/nasl_ssh.c (nasl_ssh_get_auth_methods): Fix length of returned string. A garbage byte at the end was returned. 2013-04-04 Hani Benhabiles * misc/openvas_auth.c (openvas_auth_init): Test for authentication configuration's existence before trying to load it. Log key file loading error as warning. 2013-04-04 Jan-Oliver Wagner This patch forces the scanner to only consider the CVSS of the NVT to decide about the severity class (HOLE, WARNING, NOTE, also known as Hight, Medium, Low) sent with the result. The scanner relies here on presence of a CVSS assigned to each NVT which was established in March 2013 for the regular feed. This change has significant impact on reporting behaviour because many (mostly older and various generic/sepcial ones) used either a mixture of security_note, _hole, _warning or are not in line with the assigned CVSS. For the latter case, these NVTs need to be fixed. Either the CVSS assignment was wrong, or the severity type. In some cases this will require to break up the NVT into multiple ones, separating log activity out into a NVT of its own. Splitting up into multiple NVTs is also relevant for those NVTs where severity message mixture was used. The hardest case to resolve will be NVTs that use the severity class as user preference. The analysis for mismatches can be done on NASL source code level of NVTs, simply comparing security_* calls with CVSS tag. At the end of the day any such mismatch must be resolved in the regular feed. * nasl/nasl_init.c (libfuncs): Replace call of security_hole, security_warning and security_note by call of security_message. Also left a comment on when the API functions can be ultimately eliminated. * nasl/nasl_scanner_glue.c (security_hole, security_warning, security_note): Removed. * nasl/nasl_scanner_glue.h: Removed protos accordingly. 2013-04-03 Werner Koch * misc/openvas_server.c (server_attach_internal): Fix doc buglet. (openvas_server_attach): Ditto. 2013-04-02 Werner Koch * misc/openvas_server.c (server_attach): Factor all code out to .. (server_attach_internal): new function. Add and use args HOST and PORT. Return -2 on handshake failure. (openvas_server_new): Factor all code out to .. (server_new_internal): new function. Add optional arg PRIORITY. (openvas_server_open): Replace duplicate code by calls to server_new_internal and server_attach_internal. (openvas_server_connect): Replace handshake code by a call to openvas_server_attach. (openvas_server_free): Add backward compatibility change to allow use by openvas_server_close. (openvas_server_close): Replace by call to openvas_server_free. 2013-03-28 Hani Benhabiles * misc/proctitle.c (setproctitle): Remove "openvassd:" from new process name as the library call may be used by other daemons. 2013-03-26 Werner Koch * INSTALL: State that gnutls 2.8 is required. * misc/openvas_server.c (openvas_server_new): Change type of the END_TYPE arg to unsigned int. On most platforms this is compatible to the enum used by gnutls 2.x. * misc/openvas_server.h (openvas_server_new): Ditto. 2013-03-14 Jan-Oliver Wagner * CMakeLists.txt: Increased dependency to gnutls from 2.2 to 2.8. 2013-03-07 Hani Benhabiles * misc/plugutils.c (plugin_is_newstyle): Change tag name detection to vuldetect. 2013-03-06 Henri Doreau * nasl/nasl_builtin_nmap.c: Changed license from GPLv2 to GPLv2+ copyrighted by Greenbone. 2013-03-05 Hani Benhabiles * misc/plugutils.c (plugin_is_newstyle): New function. (proto_post_wrapped): Don't append nvt description to action when plugin has new style tags. * misc/plugutils.h: Add plugin_is_newstyle header. 2013-03-01 Jan-Oliver Wagner Removing handling of services list from libraries/scanner. Basically this is about the statice services list that is used to return a service identifier for port numbers. In case of a ssh running at port 80, the result so far would still be "http (80/tcp)" which is pretty misleading. The scanner should not at all use some static services list and match the ports to it. It should rather try to identify a service and report this (which is actually done via NVTs). In fact it should be the task of the Manager to attach IANA definition for informational purposes. Ideally the detected service is also shown. * misc/services1.c, misc/services1.h, misc/services.c, misc/services.h: Removed. * misc/scanners_utils.c: Removed unused include of "services.h". * misc/plugutils.c (proto_post_wrapped, scanner_add_port): Removed sending of the service name via OTP. For example "80/tcp" is now sent instead of "http (80/tcp)" * misc/CMakeLists.txt: Removed handling of modules services1.c and services.c. * nasl/nasl_builtin_openvas_tcp_scanner.c (std_port): Reduced to always return false. The code used the services list to determine whether it was a standard port. Now any port is judged to be a non-standard port. A todo about this to be resolved is left in the code. * CMakeLists.txt: Removed installtion of file "openvas-services". * COPYING: Removed modules services1 and services. * openvas-services: Removed. 2013-03-01 Jan-Oliver Wagner Remove handling of "default" as a option for the port range. It is a arbitrary and intransparent option for the users. Scanner clients should always send an explicit port range. * nasl/nasl_builtin_nmap.c (get_default_portrange): Removed. (add_portrange): Removed handling of case where port range is "default". (cmp): Removed. * nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab): Removed code to try to get default ports for services list. Exit with error when port_list is empty. * nasl/nasl_builtin_synscan.c (scan): Don't apply "default" as a fallback when port list is empty. * misc/scanners_utils.c (getpts): Remove handling for port lists of type "default". 2013-03-01 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set version to 7.0.0 and status to beta. 2013-02-27 Timo Pollmeier * omp.c (omp_delete_task_ext, omp_delete_target_ext) (omp_delete_config_ext, omp_delete_lsc_credential_ext): New functions to delete tasks, targets, configs and lsc_credentials with options. * omp.h (omp_delete_opts_t): New typedef for omp_delete_... options. (omp_delete_opts_defaults, omp_delete_opts_ultimate_defaults): New constants for omp_delete_opts_t default values. (omp_delete_task_ext, omp_delete_target_ext) (omp_delete_config_ext, omp_delete_lsc_credential_ext): New function prototypes. 2013-02-25 Michael Wiegand * base/CMakeLists.txt: Add GPGME_CFLAGS to compiler flags. Patch suggested by Hanno Boeck. 2013-02-22 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta6. 2013-02-22 Michael Wiegand * nasl/nasl.c (main): Update year in copyright notice. 2013-02-22 Michael Wiegand Preparing the openvas-libraries 6.0+beta5 release. * CHANGES: Updated. 2013-02-21 Werner Koch * misc/network.c (load_file, unload_file, load_cert_and_key): Replace gnutls_datum by gnutls_datum_t. 2013-02-21 Hani Benhabiles * base/nvticache.c (get_plugin_preference): Check prefs is not null before using it. Style update to remove mixed declarations and code. 2013-02-21 Werner Koch * base/nvticache.c (nvticache_get_by_oid): Take care of a NULL used for CACHE. * base/pwpolicy.c (policy_checking_failed): New. (parse_pattern_line): Split error messages into a log message and a shorter version for the user. (openvas_validate_password): Ditto. 2013-02-21 Jan-Oliver Wagner * COPYING: Added module pwpolicy. 2013-02-20 Werner Koch * base/pwpolicy.c: New. Taken from openvas-administrator. * base/pwpolicy.h: New. * base/CMakeLists.h: Add new files. * base/CMakeLists.txt: Change -D OPENVAS_SYSCONFDIR to OPENVAS_SYSCONF_DIR for consistency. * base/gpgme_util.c (determine_gpghome): Adjust for this change. * nasl/CMakeLists.txt: Change -D OPENVAS_SYSCONFDIR to OPENVAS_SYSCONF_DIR for consistency. It is not used anyway. * misc/openvas_server.c (openvas_server_open): Print host and port in debug and warning messages. 2013-02-19 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta5. 2013-02-19 Michael Wiegand * CHANGES: Updated. 2013-02-19 Michael Wiegand Move "-Werror" flag to the "Debug" build type. * misc/CMakeLists.txt, omp/CMakeLists.txt, nasl/CMakeLists.txt, hg/CMakeLists.txt, base/CMakeLists.txt: Move "-Werror" from CMAKE_C_FLAGS to CMAKE_C_FLAGS_DEBUG to keep it out of the "Release" build type. * CMakeLists.txt: Do not set any flags as this is currently handled by the individual CMakeLists.txt in the subdirectories. 2013-02-18 Jan-Oliver Wagner Deperecating "script_dependencie" which is some very old work around for typos that happend when trying to spell "script_dependencies". * nasl/nasl_init.c (libfuncs): Removed "script_dependencie", renamed mapping to "script_dependencies". * nasl_scanner_glue.c (script_dependencie): Renamed to script_dependencies. * nasl_scanner_glue.h: Adjusted proto accordingly. 2013-02-17 Jan-Oliver Wagner Preparing the openvas-libraries 6.0+beta4 release. * CHANGES: Updated. 2013-02-14 Werner Koch * misc/openvas_auth.c (get_password_hashes): Remove partly hardwired use of MD5 to be future proof. Rename variable to avoid a Libgcrypt namespace clash. 2013-02-12 Hani Benhabiles * nasl/md5.c (MD5Final): memset with sizeof buffer, not pointer. Via Michal Ambroz. 2013-02-08 Matthew Mundell * omp/omp.h (omp_get_report_opts_t, omp_get_report_opts_defaults): Add levels. * omp/omp.c (omp_get_report_ext): Add levels. 2013-02-07 Michael Wiegand * doc/wmi-howto.txt: Fix cmake call, make example appropriate for out-of-source builds. 2013-02-07 Jan-Oliver Wagner * doc/wmi-howto.txt: Updated with hint on second wmi patch. 2013-02-07 Michael Wiegand Make sure openvas-libraries compiles as well without WMI support. * nasl/openvas_wmi_interface.h: Include stdint.h for use of uint32_t and uint64_t. * nasl/wmi_interface_stub.c (wmi_reg_set_dword_val) (wmi_reg_set_qword_val): Fix wrong types in function declaration. 2013-02-07 Veerendra G.G * nasl/nasl_wmi.c, nasl/nasl_wmi.h, nasl/nasl_init.c, nasl/wmi_interface_stub.c, nasl/openvas_wmi_interface.h: Added 6 new WMI Registry functions. 2013-02-06 Matthew Mundell * omp/omp.c (OMP_FMT_BOOL_ATTRIB): Add the attribute when it is 0 too, because the OMP default is sometimes 1. 2013-01-29 Werner Koch * nasl/nasl.c: Include libssh and nasl_signature.h. (main): Display library versions if --debug-tls is given. 2013-01-28 Michael Wiegand * misc/openvas_auth.c (openvas_auth_init): Downgrade log level for debug message. 2013-01-24 Werner Koch Change to allow printing of useful diagnostics even if stderr is redirected to the bit bucket. * misc/network.c: Include openvas_logging.h. Replace all fprintf to stderr calls by calls to log_legacy_write. (openvas_get_socket_from_connection): Repalce fflush by log_legacy_fflush. (verify_peer_certificate): Add messages for not yet valid and expired certifciates, print invalid status last, and pretty print those messages. * misc/openvas_logging.c: Include stdarg.h. (legacy_log_handler): New variable. (setup_legacy_log_handler, log_legacy_write, log_legacy_fflush): New. * misc/openvas_logging.h: Add prototypes for new functions. * misc/openvas_logging.c: Include gnutls.h. (log_func_for_gnutls): New. (setup_log_handlers): Enable GNUTLS logging if the evnvar OPENVAS_GNUTLS_DEBUG is set. 2013-01-24 Michael Wiegand * misc/openvas_auth.c (openvas_auth_write_config): Correct group for allow-plaintext entry. 2013-01-21 Chandrashekhar B * nasl/nasl_packet_forgery_v6.c (forge_udp_v6_packet): IPv6 packet length was set to 40 more than the size in UDP forging. (set_udp_v6_elements): IPv6 packet length was set to 40 more than the size in UDP forging. 2013-01-21 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Before giving up if StartTLS failed, try to establish ldaps connection. 2013-01-21 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Renamed parameter from force_starttls to force_encryption (upcoming: ldaps support). 2013-01-21 Hani Benhabiles * base/accessrules.c (accessrule_set_oid): Rename into accessrule_set_rule to match header. * base/credentials.h (credentials_t): Fix documentation. 2013-01-19 Matthew Mundell * omp/omp.c (check_response): Return OMP status if there is one. Reflect this in docs of callers. 2013-01-18 Hani Benhabiles Patch by Henri Doreau. * base/openvas_file.c: Include errno.h. (openvas_file_check_is_dir): Use g_lstat instead of stat. Code cleanup. (openvas_file_copy, openvas_file_move): Code deduplication and cleanup. 2013-01-18 Hani Benhabiles * base/openvas_file.c (openvas_file_rmdir_rf): Remove function as it duplicates with openvas_file_remove_recurse. (openvas_file_copy): Use g_file_copy and g_file_new_path functions from gio. (openvas_file_move): Use g_file_move and g_file_new_path functions from gio. * base/openvas_file.h: Remove openvas_file_rmdir_rf header. Include gio. * CMakeLists.txt: Add gio from glib to pkg-config command. 2013-01-17 Jan-Oliver Wagner Make module openvas_ssh_login independent of module system. * misc/openvas_ssh_login.c (openvas_ssh_login_new): Use g_malloc0 instead of emalloc. (openvas_ssh_login_free): Use g_free instead if efree. 2013-01-17 Jan-Oliver Wagner * COPYING: Added entry for new module base/gpgme_util. 2013-01-17 Jan-Oliver Wagner * base/README.txt: Improve text and extend mission to any mandatory library. 2013-01-17 Werner Koch * base/CMakeLists.txt (CMAKE_C_FLAGS): Add -D_FILE_OFFSETS_BITS=64. 2013-01-17 Werner Koch Move gpgme initialization from nasl/ to base/. This removes the script name from the error messages, but those errors are anyway not script specific. * nasl/nasl_signature.c (locale.h): Remove include. (determine_gpghome): Remove. (init_openvas_gpgme_ctx): Remove. * nasl/nasl_signature.h: Include gpgme_util.h. * base/gpgme_util.c, base/gpgme_util.c: New files with the removed functions. (init_openvas_gpgme_ctx): Rename to openvas_init_gpgme_ctx. Change all callers. * base/CMakeLists.txt: Add gpgme_utils.c and gpgme_util.h. (add_definition): Add OpenVAS_SYSCONFDIR. 2013-01-17 Hani Benhabiles * base/openvas_file.c (openvas_file_copy, openvas_file_move) (openvas_file_rmdir_rf): New functions. * base/openvas_file.h: Add headers accordingly. 2013-01-17 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): If switching to StartTLS fails and allow-plaintext is true, close and re-establish connection, to overcome fact that ADS does not allow bind after StartTLS negotiation fail. Reuse ldapuri, thus free at other places. 2013-01-17 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Abort if password is of zero length. Default ADS behaviour allows binding with correct username but empty password. 2013-01-11 Jan-Oliver Wagner * base/nvticache.c (nvticache_get_src_by_oid): New. Returns the copy of the src string. This function is special because src is the only element that is directly stored in a shrinked nvti object. Using this function prevents the loading of the nvti object from filesystem when only src is needed. * base/nvticache.h: Added proto accordingly. 2013-01-06 Jan-Oliver Wagner Third part towards clean separation of NVTI into the NVTI Cache: The nvti objects in memory are shrinked to essential data and details are loaded from file when needed. This decreases memory consumption by around 30M per process in my test environment. * base/nvti.c (nvti_shrink): New. Free memory of all elements except src and oid. * base/nvti.h: Add proto for nvti_shrink. * base/nvticache.c (nvticache_get): Search the nvtis and return nvti if found. If new, shrink it and then add it to nvtis. In any case a cloned, shrinked nvti is returned. (nvticache_get_by_oid): Because the nvti is shrinked, load the full object from file, create a new object and return it. * nasl/nasl_scanner_glue.c (security_message): Free the nvti object because it is a clone now. * misc/plugutils.c (plug_create_from_nvti_and_prefs): Use a copy of the oid string for OID. (proto_post_wrapped, get_plugin_preference): Free the nvti object after use. 2013-01-06 Jan-Oliver Wagner Second part towards clean separation of NVTI into the NVTI Cache: The nvti objects are stored in the cache object in memory and all remaining access to NVTI object via "NVTI" is replaced by access via OID. The only exception is the parsing code for the description block where the OID is not necessarily known at the beginning and therefore can not be relied on. * base/nvticache.h (struct nvticache): Added collection of NVTIs. (nvticache_get_by_oid): Added proto. * base/nvticache.c (nvticache_new): Initialize nvtis. (nvticache_free): Free the nvtis. (nvticache_get): Add the new nvti to the nvtis. (nvticache_get_by_oid): New. * misc/plugutils.c (plug_create_from_nvti_and_prefs): Don't set the NVTI anymore. Don't duplicate the oid string when setting the OID. (proto_post_wrapped, get_plugin_preference): Don't get the object via NVTI, get it via OID. * nasl/nasl_scanner_glue.c (get_script_oid): Create a copy of the OID when setting the str_val. (security_message): Get the nvti object via OID instead of via NVTI. 2013-01-06 Jan-Oliver Wagner First part towards clean separation of NVTI into the NVTI Cache: Plugin arg_list are provided with explicit OID element. And whereever only the OID is required, it is directly retrieved instead via NVTI. This increases memory consumption per process sligthly and makes processing more complicated. The latter is neglectable in terms of performance. The first adds about 3M per process. * misc/plugutils.c (plug_create_from_nvti_and_prefs): Set OID additional to NVTI as arg list element. (mark_successful_plugin, mark_post): Use OID element directly instead of NVTI. * nasl/nasl_scanner_glue.c (get_script_oid): Use OID element directly instead of NVTI. * nasl/nasl_misc_funcs.c (simple_register_host_detail): Use OID element directly instead of NVTI. 2013-01-04 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (security_message): Removed unneeded check. It was misplaced here. 2013-01-04 Felix Wolfsteller * hg/CMakeLists.txt: In commented hg-test executable target, also statically link against nasl (because of nasl*ssh_internal_close). 2012-12-28 Henri Doreau * base/cvss.c (get_cvss_score_from_base_metrics): Check for a valid toenum() return value. 2012-12-27 Henri Doreau Refactored code to match the project's coding standards. * base/cvss.c (toenum, get_impact_subscore) (get_exploitability_subscore, get_cvss_score_from_base_metrics): Reworked code to use the new struct cvss and impact_item table. Numerous style fixes. (set_impact_from_str, __get_cvss_score): New. * base/cvss.h: Updated headers accordingly. 2012-12-20 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_tag): Ignore tags setting a risk_factor. It will therefore not be stored in nvti files and not transferred via OTP. 2012-12-20 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_see_also): Removed. It was marked unused anyway and will not be used in the future. * nasl/nasl_scanner_glue.h: Remove proto accordingly. 2012-12-20 Jan-Oliver Wagner * base/nvti.c (nvti_free): Don't free risk factor anymore. (nvti_risk_factor): Compute the risk factor based on cvss. (nvti_set_risk_factor): Removed. (nvti_clone): Don't clone risk factor anymore. * base/nvti.h: Removed proto accordingly. (struct nvti): Removed element risk_factor. 2012-12-18 Jan-Oliver Wagner * COPYING: Added cvss module. * base/cvss.c (cvss_as_str): New. * base/cvss.h: Added proto accordingly. 2012-12-17 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (security_message): Directly retrieve the cvss value from the NVTI meta data when there is no parameter given. 2012-12-17 Jan-Oliver Wagner * nasl/exec.c: Replaced all calls of cvt_bool by cell2bool. (cvt_bool): Remove. It is a unused wrapper around cell2bool() since ages. 2012-12-17 Jan-Oliver Wagner * base/nvti.c (nvti_cvss): Add missing free'ing. Convert cvss separately from stored base value as last resort. 2012-12-17 Jan-Oliver Wagner * base/nvti.c (nvti_cvss): Compute cvss from cvss_base_vector. 2012-12-16 Jan-Oliver Wagner * base/cvss.c, base/cvss.h: New. Implemented by Preeti Subramanian. * base/CMakeLists.txt: Add new module cvss to build routines. 2012-12-14 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta4. 2012-12-14 Michael Wiegand Preparing the openvas-libraries 6.0+beta3 release. * CHANGES: Updated. 2012-12-14 Jan-Oliver Wagner * base/nvti.c (nvti_cvss): New. Returns the cvss of a nvt as double value. * base/nvti.h: Added proto accordingly. 2012-12-13 Jan-Oliver Wagner * base/nvti.c (nvti_cvss_base_vector): New. Pulls out the cvss_base_vector from the tag string. * base/nvti.h: Added proto accordingly. 2012-12-13 Matthew Mundell * omp/omp.c (omp_get_task_ext): New function. * omp/omp.h: Add header accordingly. (omp_get_task_opts_t): New type. (omp_get_task_opts_defaults): New variable. 2012-12-12 Matthew Mundell * omp/omp.c (omp_get_tasks_ext): New function. * omp/omp.h: Add header accordingly. (omp_get_tasks_opts_t): New type. (omp_get_tasks_opts_defaults): New variable. 2012-12-04 Matthew Mundell * omp/omp.c (omp_create_target_ext): Add missing closing slashes in credential XML. 2012-11-28 Jan-Oliver Wagner * nasl/exec.c (cell2bool): Finally remove error message that hint at possible wrong usage of this function. 2012-11-23 Werner Koch * nasl/nasl_ssh.c: Include gcrypt.h. (add_tlv): Fixup negative integer values. (mpi_from_gnutls_datum, mpi_to_gnutls_datum): New. Only used with gnutls < 2.11. (pkcs8_to_sshprivatekey): Swap P and Q is needed and recompute u. Only used with gnutls < 2.11. 2012-11-21 Werner Koch * nasl/nasl_ssh.c (pkcs8_to_sshprivatekey): Pass an empty string instead of NULL for the passphrase to gnutls import. 2012-11-20 Werner Koch * nasl/nasl_ssh.c: Change to print most diagnostics only in verbose mode. (my_ssh_pki_import_privkey_base64): Add arg VERBOSE. Let caller pass that arg. 2012-11-20 Werner Koch * nasl/nasl_ssh.c (put_membuf_str, put_membuf_comma_str): New. (nasl_ssh_get_auth_methods): New. * nasl/nasl_ssh.h (nasl_ssh_get_auth_methods): Add prototype. * nasl/nasl_init.c (libfunc) : New. 2012-11-20 Werner Koch * nasl/nasl_ssh.c (nasl_ssh_request_exec): Add named arguments "stdout" and "stderr" to allow selection of the output stream. Implemented a basic compatibility mode for the NASL based ssh code. * nasl/nasl_init.c (libfunc) : Add the new named args. * nasl/nasl_ssh.c (nasl_ssh_get_server_banner): New function stub to be prepared for libssh 0.6. * nasl/nasl_ssh.h (nasl_ssh_get_server_banner): Add Prototype. * nasl/nasl_init.c (libfunc) : Add commented out init for the new function. 2012-11-20 Michael Wiegand * CMakeLists.txt: Fall back to manual setting of flags for libpcap < 1.0.0 since it does not yet have pcap-config. 2012-11-19 Michael Wiegand * nasl/CMakeLists.txt: Actually link openvas_nasl against libksba. 2012-11-19 Michael Wiegand Use detected flags instead of hardcoding them. * CMakeLists.txt: Add detection of pcap flags. * nasl/CMakeLists.txt, omp/CMakeLists.txt: Use variables instead of relying on hardcoded values. 2012-11-19 Michael Wiegand * nasl/CMakeLists.txt: Use correct variable to determine whether libksba was found. 2012-11-08 Michael Wiegand * doc/CMakeLists.txt: Remove superfluous directory creation. 2012-11-07 Jan-Oliver Wagner * nasl/tests/test_rsa.nasl, nasl/tests/test_privkey.nasl, nasl/tests/test_dh.nasl, nasl/tests/test_bn.nasl, nasl/tests/test_script_signing.sh, nasl/tests/test_md.nasl, nasl/tests/test_dsa.nasl, nasl/tests/testsuitesummary.nasl, nasl/tests/signed.nasl, nasl/tests/test_blowfish.nasl, nasl/tests/test_hexstr.nasl, nasl/tests/testsuiteinit.nasl, nasl/tests/Makefile: Change license from GPLv2 to GPLv2+. * COPYING: Updated accordingly. 2012-11-02 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta3. 2012-11-02 Michael Wiegand Preparing the openvas-libraries 6.0+beta2 release. * CHANGES: Updated. 2012-11-01 Michael Wiegand * INSTALL: Update reference system section. 2012-10-31 Matthew Mundell * omp/omp.c (omp_get_system_reports_ext): New function. * omp/omp.h (omp_get_system_reports_opts_t): New type. (omp_get_system_reports_opts_defaults): New variable. (omp_get_system_reports_ext): New function. 2012-10-26 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta2. 2012-10-26 Michael Wiegand Preparing the openvas-libraries 6.0+beta1 release. * CHANGES: Updated. 2012-10-26 Michael Wiegand * INSTALL: Fix wrong module name in comment. 2012-10-26 Michael Wiegand * doc/Doxyfile.in: Set EXTRACT_ALL to YES for consistency across modules. 2012-10-26 Michael Wiegand Update "doc" and "doc-full" targets for out-of-source builds. * doc/CMakeLists.txt: Update commands and targets to work with out-of-source builds. * doc/Doxyfile.in: Updated to work with out-of-source builds. * doc/Doxyfile_full.in: Stripped trailing spaces, harmonized with Doxyfile.in. 2012-10-26 Michael Wiegand * CMakeLists.txt: Simplify usage of CMAKE_CURRENT_BINARY_DIR to CMAKE_BINARY_DIR since the two are identical in this context. 2012-10-26 Michael Wiegand * INSTALL: Update instructions to use out-of-source building, fix typo. 2012-10-26 Michael Wiegand * COPYING: Fix typo, update date. 2012-10-23 Michael Wiegand * nasl/nasl_text_utils.c (nasl_string): Remove stray PID from error message. 2012-10-23 Matthew Mundell * omp/omp.c (omp_create_target_ext): New function. * omp/omp.h (omp_create_target_opts_t): New type. (omp_create_target_opts_defaults): New variable. (omp_create_target_ext): New function. 2012-10-22 Jan-Oliver Wagner * CHANGES: Prepared for upcoming first beta release for 6.0. 2012-10-22 Jan-Oliver Wagner * COPYING: Added missing entries for the new files added recently. 2012-10-22 Werner Koch * nasl/nasl_init.c (init_nasl_library) [HAVE_LIBSSH]: Define nasl constant "_HAVE_LIBSSH" by default. Allow to disable it using OPENVAS_DISABLE_LIBSSH. Remove use of envvar OPENVAS_USE_LIBSSH. 2012-10-18 Werner Koch * nasl/nasl_cert.c (spacep, digitp, hexdigitp, atoi_1, atoi_2) (atoi_4, xtoi_1, xtoi_2): New. (parse_dn_part_for_CN, parse_dn_for_CN): New. (build_hostname_list): New. (nasl_cert_query): Implement "serial" and add "hostnames". 2012-10-17 Werner Koch * nasl/nasl.c (main): Add option --debug-tls. (my_gnutls_log_func): New. * nasl/nasl_socket.c: Include gnutls.h. (nasl_open_sock_tcp_bufsz): Support ENCAPS_TLScustom. (nasl_open_sock_tcp): Document. (nasl_get_sock_info): New. * misc/network.c (openvas_connection): Add field PRIORITY. (pid_notice): New. (release_connection_fd, openvas_deregister_connection): Free PRIORITY. (ovas_allocate_connection): Clear PRIORITY. Replace sequence operator by semicolon for bert readability. (set_gnutls_protocol): Add arg "priority" and implement ENCAPS_TLScustom. (open_SSL_connection): Pass priority to set_gnutls_protocol. (open_stream_connection): Factor all code out to... (open_stream_connection_ext): new. Support priority. (ovas_scanner_context_attach): Pass NULL for priority to set_gnutls_protocol. (get_sock_infos): New. * nasl/nasl_init.c (libfunc) : Add named arg "priority". (libfunc) : New. (libfunc) : Add named arg "asstring". (libivars) : New. * nasl/tests/test_socket.nasl: New. * misc/plugutils.h (OPENVAS_ENCAPS_AUTO): Add constant for 0. (OPENVAS_ENCAPS_TLScustom): New. (IS_ENCAPS_SSL): Adjust. * misc/network.c (get_encaps_name): Print strings for ENCAPS_AUTO and ENCAPS_TLScustom. * misc/network.c (open_stream_auto_encaps): Factor code out to ... (open_stream_auto_encaps_ext): new. Add arg "force". * nasl/nasl_socket.c (nasl_open_sock_tcp_bufsz): Allow forcing of transport auto detection. * nasl/nasl_host.c (get_port_transport): Implement named argument "asstring". 2012-10-17 Werner Koch * INSTALL: Add recommendation for libssl and libksba. 2012-10-17 Matthew Mundell * misc/openvas_server.c (openvas_server_close): Deinit the session. 2012-10-17 Matthew Mundell * omp/xml.c (try_read_entity_and_string): Always free xml_context. (read_entity_and_text): Free string in fail case. 2012-10-15 Werner Koch * nasl/nasl_socket.c (nasl_open_sock_tcp_bufsz): Add a fixme comment. * misc/network.c (plug_get_port_transport) (plug_set_port_transport): Remove "extern" prototypes as they are already declared by plugutils.h. * misc/plugutils.c (plug_get_port_transport): Document function. * nasl/nasl_host.c (get_port_transport): Ditto. 2012-10-12 Andre Heinecke * nasl/CMakeLists.txt: Remove hard library references to ksba 2012-10-12 Matthew Mundell * omp/xml.c (xml_string_append): New function. * omp/xml.h: Add header accordingly. 2012-10-11 Werner Koch * nasl/nasl_cert.c: New. * nasl/nasl_isotime.c: New. * nasl/nasl_init.c: Include nasl_cert.h and nasl_isotime.h. (libfuncs) [HAVE_LIBSSH]: Add "cert_*" functions. (libfuncs): Add "isotime_*" functions. * nasl/tests/test_isotime.nasl: New. * nasl/tests/Makefile (TEST_SCRIPTS): Add test_isotime.nasl * CMakeLists.txt: Check for libksba. * nasl/CMakeLists.txt (add_custom_command): Add nasl_cert.c and nasl_isotime.c. (add_definitions): Define HAVE_LIBKSBA. (set_target_properties): Add KSAB_CFLAGS. (target_link_libraries): Add ksba. 2012-10-10 Jan-Oliver Wagner * nasl/nasl_init.c (libfuncs): Fixed buggy definition of nasl function security_message. 2012-10-09 Werner Koch Add a simple way to document NASL function APIs. * doc/Doxyfile.in (ALIASES): Add commands naslfn, nasluparam, naslnparam, naslret. (PREDEFINED): Add HAVE_LIBSSH and HAVE_LIBKSBA so that doxygen is able to parse the doc strings. * nasl/nasl_ssh.c: Document the NASL API. * doc/Doxyfile.in: Remove trailing white space. 2012-09-25 Andre Heinecke * nasl/CMakeLists.txt: Fix library order when linking openvas-nasl 2012-09-20 Werner Koch * nasl/nasl_init.c (libfuncs) [HAVE_LIBSSH]: Add functions "ssh_set_login" and "ssh_get_issue_banner". * nasl/nasl_ssh.c: Include "network.h" (session_table_item_s): Add fields AUTHMETHODS and AUTHMETHODS_VALID. (nasl_ssh_connect): Fix use with provided socket. (nasl_ssh_disconnect): Factor some code out to ... (do_nasl_ssh_disconnect): New. (nasl_ssh_internal_close): New. Also as dummy for !HAVE_LIBSSH. (nasl_ssh_userauth): Factor some code out to ... (nasl_ssh_set_login, get_authmethods): New. * misc/network.c: Include "nasl_ssh.h". (release_connection_fd) [DEBUG_SSL]: Improve debug output. (close_stream_connection) [DEBUG_SSL]: Ditto. (close_stream_connection): Try to close ssh connections. * nasl/nasl_init.c (libfuncs) [HAVE_LIBSSH]: Remove ssh_exec. * nasl/nasl_ssh.c (nasl_ssh_exec): Remove. Not needed because the NASL function ssh_cmd_exec does now use the new libssh code. (file_utils_rmdir_rf, check_is_dir, type_to_char): Remove. (public_key_types_e): Remove. * nasl/nasl_ssh.c (pkcs8_to_sshprivatekey): Provide fallback for older gnutls versions. 2012-09-19 Werner Koch * nasl/nasl_ssh.c (nasl_ssh_userauth): Detect available authentication methods and allow only those. Implement keyboard-interactive authentication method. * nasl/nasl_ssh.c (session_table_item_s): Add field VERBOSE. (nasl_ssh_connect): Set VERBOSE if OPENVAS_LIBSSH_DEBUG is set. 2012-09-19 Werner Koch * nasl/nasl_ssh.c (my_ssh_pki_import_privkey_base64): Use mkdtemp for glib < 2.30. 2012-09-19 Werner Koch Support public key authentication with libssh. The ssh public key is not needed anymore. The code uses a wrappers to be prepared for the forthcoming libssh 0.6 API. * nasl/nasl_ssh.c: Include gnutls.h and libssh/legacy.h. (get_membuf): New. (my_ssh_key): New type. (my_ssh_key_free, add_tl, add_tlv, pkcs8_to_sshprivatekey) (remove_and_free_temp_key_file) (my_ssh_pki_import_privkey_base64) (my_ssh_userauth_try_publickey, my_ssh_userauth_publickey): New. (nasl_ssh_connect): Use envvar OPENVAS_LIBSSH_DEBUG to allow libssh debugging. (nasl_ssh_userauth): Add public key authentication. 2012-09-11 Matthew Mundell * misc/openvas_logging.c (free_log_configuration): Free syslog_ident. (openvas_log_func): Free prepend. * omp/xml.c (free_entity): Free the actual entity too. (handle_text): Free the old value of current->text when replacing it. 2012-09-08 Jan-Oliver Wagner * base/nvti.c (nvti_clone): Don't create copies of the strings, the nvti_set_* functions will do anyway. This way removing a memleak. Thanks to Matthew Mundell for pointing this out. 2012-09-07 Jan-Oliver Wagner * misc/plugutils.c (plug_get_required_keys, plug_get_mandatory_keys, plug_get_excluded_keys, plug_get_required_ports, plug_get_required_udp_ports, plug_get_deps): Removed. * misc/plugutils.h: Removed protos accordingly. 2012-09-07 Jan-Oliver Wagner * base/nvti.c (nvti_clone): New. * base/nvti.h: Added proto accordingly. 2012-08-29 Jan-Oliver Wagner * CMakeLists.txt: Removed non-pkg-config routines to detect libssh. Since the minimum required version is 0.5.0 and libssh has from 0.5.0 ships always a libssh.pc file, we can rely on the pkgconfig detection. Apart from this, the compilation would fail if libssh < 0.5 and no libssh.pc is available like on Debian 6. 2012-08-21 Werner Koch * nasl/nasl_ssh.c (next_session_id, get_ssh_port) (nasl_ssh_connect, find_session_id, nasl_ssh_disconnect) (nasl_ssh_session_id_from_sock, nasl_ssh_get_sock) (nasl_ssh_userauth, nasl_ssh_request_exec): New. * nasl/nasl_ssh.h: Add prototypes for new functions. * nasl/nasl_init.c: Include stdlib.h. (libfuncs) [HAVE_LIBSSH]: Add new ssh functions. (init_nasl_library) [HAVE_LIBSSH]: Define "_HAVE_LIBSSH". * CMakeLists.txt: Require libssh 0.5 so we will be able to switch to the the new pki API. * nasl/nasl_ssh.c: Remove libssh 0.4 compatibility macros. Check that SSH_OK has the expected value. (DIM, DIMof): New. (init_membuf, put_membuf, get_membuf): New. Taken from GnuPG. 2012-08-21 Werner Koch * misc/plugutils.c (plug_set_replace_key): Do not send a change notification if the global socket is not available. This is for example the case in the standalone interpreter. * misc/: Remove trailing white space from all files. 2012-08-16 Werner Koch * nasl/tests/signed.nasl.asc: Re-create - the signature was broken. * nasl/tests/Makefile (check): Fix file name of openvas-nasl. * nasl/tests/test_script_signing.sh (NASL): Ditto. (check_script): Remove bashism (use of "==" as test operator). * nasl/: Remove trailing white space from all files. * nasl/nasl_ssh.c (nasl_ssh_exec): Check error of ssh_new. Print ssh error strings to diagnostics. Use ssh_disconnect after a failed userauth. 2012-08-07 Matthew Mundell Add extended version of omp_create_task to allow preferences to be set. * omp/omp.h: Add header accordingly. (omp_create_task_opts_t): New type. (omp_create_task_opts_defaults): New variable. * omp/omp.c (omp_create_task_ext): New function. 2012-07-26 Werner Koch * nasl/nasl_crypto2.c (nasl_sexp_from_privkey): Re-compute the inverse of P and Q after swapping their values. 2012-07-24 Matthew Mundell * omp/omp.h (omp_get_report_opts_t): Reorder fields slightly. (omp_get_report_opts_defaults): Init by position instead of by name, so that this compiles in C++. 2012-07-23 Werner Koch * misc/network.c (my_gnutls_transport_set_lowat_default): New. Used only for GnuTLS >= 2.11.1 and < 2.99.0. (ovas_scanner_context_attach): Call new function. * misc/openvas_server.c (my_gnutls_transport_set_lowat_default): New. See above. (openvas_server_open, openvas_server_new): Call new function. 2012-07-20 Matthew Mundell * omp/omp.h (omp_get_report_opts_defaults): Make static. Use new format_id. Missed piece of Sascha Wilde's patch. 2012-07-20 Werner Koch * misc/openvas_logging.c (openvas_log_func): Trim off extra LF from MESSAGE to avoid empty lines in the log. Replace g_string hack by a single g_strdup_printf. 2012-07-04 Sascha Wilde * omp/omp.c (OMP_FMT_BOOL_ATTRIB): New define. (omp_get_report_ext): Converted function to be a generic interface to OMP get_reports using an single omp_get_report_opts_t argument for configuration. (omp_get_report): Use new omp_get_report_ext implementation. * omp/omp.h: Update header accordingly. (typedef struct omp_get_report_opts_t): New struct type to represent all possible options (attributes) of OMP get_reports. (omp_get_report_opts_defaults): Sensible default values for initialization of new omp_get_report_opts_t objects. 2012-07-18 Matthew Mundell * misc/otp.h (OTP_11): New define. Part of OTP 1.1 patch by Jan-Oliver Wagner. 2012-07-16 Jan-Oliver Wagner Avoid too many "gpg --version" calls. Patch developed by Werner Koch. * nasl/nasl_signature.c (init_openvas_gpgme_ctx): Initialize gpgme only once. Thanks to the global engine setting function, there is no need to do it for each new context. 2012-07-16 Michael Wiegand * nasl/CMakeLists.txt: Remove superfluous quotes. 2012-07-13 Jan-Oliver Wagner * misc/kb.h (NEW_KB_MGMT): Removed. Deprectated loong time ago. 2012-07-13 Jan-Oliver Wagner * nasl/exec.c (execute_nasl_script): Removed. This was marked deprecated since two major releases already. 2012-07-12 Jan-Oliver Wagner * misc/plugutils.c (_add_plugin_preference): New. Moved here from store.c. (plug_create_from_nvti_and_prefs): New. A reduced version of store_load_plugin from store.c. * misc/plugutils.h: Added proto accordingly. * misc/store.c, misc/store.h: Removed no unneeded module. * COPYING: Removed entry for removed module. * misc/CMakeLists.txt: Removed handling of module store. 2012-07-11 Jan-Oliver Wagner * misc/store.c (store_init): Removed. The initialization is now done by scanner directly via nvticache_new(). (nvti_cache): Removed. This global variable is not necessary anymore because scanner will handle the variable in a global context. (store_load_plugin): Use the nvticache fomr the arglist instead the the static global one. (store_plugin): Removed. The remaining simple calls for nvti_cache were moved to the respective code in the Scanner. * misc/store.h: Removed protos accordingly. * CMakeLists.txt: Also install nvticache.h. 2012-07-10 Jan-Oliver Wagner Post branch version bump. (A little late as the branch actually happened already). * CMakeLists.txt: Set version to 6.0.0 and status to beta. 2012-07-10 Jan-Oliver Wagner * misc/store.c (store_plugin): Reduced code by using new function nvticache_add(). 2012-07-10 Jan-Oliver Wagner * base/nvticache.c (nvticache_add): New function to write a nvti file to the cache. * base/nvticache.h: Add proto accordingly. 2012-07-10 Jan-Oliver Wagner * misc/store.c (store_plugin): Removed code that handles the unused variable "path". 2012-07-10 Jan-Oliver Wagner * misc/plugutils.c (proto_post_wrapped): Resolved unnecessary call of arg_get_value. 2012-07-05 Jan-Oliver Wagner Removing preparse module which was a left-over of a never-finished concept of pre-compiled nasl files. * nasl/preparse.c, nasl/preparse.h: Removed. * nasl/exec.c (exec_nasl_script): Replaced call of nasl_reload_or_parse() by immediate calls to init and parse a nasl. * nasl/lint.c: Removed unnecessary include of preparse.h. * nasl/CMakeLists.txt: Removed handling of module preparse.c. COPYING: Remove preparse.c|h from the list. 2012-07-05 Jan-Oliver Wagner * nasl/nasl_grammar.y: Removed TODO about signature checking. The signature check is ensured via function call of init_nasl_ctx(). 2012-07-05 Michael Wiegand * nasl/CMakeLists.txt: Ensure that compilation with modern gccs works by moving linker flags from LINK_FLAGS to target_link_libraries. 2012-07-03 Felix Wolfsteller * hg/CMakeLists.txt: Commented hg-test executable target, as it causes build failures in certain environments. 2012-07-03 Felix Wolfsteller * hg/hg_add_hosts.c (hg_add_host): Initialize struct with sensible value before using, stunt with bufferlength. 2012-07-02 Felix Wolfsteller * hg/test.c: Fix definition of bufferlen for inet_ntop. 2012-07-02 Felix Wolfsteller * hg/test.c: Fix switch/case statement (resolving a TODO), expand usage output. 2012-07-01 Felix Wolfsteller * hg/CMakeLists.txt: Add new executable 'hg-test' which is a minimal testing interface to the hg module. * hg/test.c: Adapt to older IPv6 library changes. 2012-06-28 Matthew Mundell Add omp_get_report_ext, for control of overrides. Patch by Werner Koch. * omp/omp.c (omp_get_report_ext): New function. Body from omp_get_report. (omp_get_report): Call through to omp_get_report_ext. * omp/omp.h: Update headers accordingly. 2012-06-19 Michael Meyer * nasl/nasl_builtin_nmap.c: Typo fixed. 2012-06-14 Jan-Oliver Wagner * base/nvti.c: Added sanity NULL-check to various functions. 2012-06-13 Matthew Mundell * omp/omp.c (omp_create_task, omp_read_create_response) (omp_create_lsc_credential, omp_create_lsc_credential_key): Use gchar for return param. * omp/omp.h: Update headers accordingly. 2012-06-12 Jan-Oliver Wagner * nasl/nasl.h: Removed history of NASL_LEVEL as it is not relevant for current code anymore. (OPENVAS_NASL_LEVEL): Removed Macro. * nasl/nasl_init.c (libivars): Removed NASL built-in variable "OPENVAS_NASL_LEVEL". 2012-06-11 Matthew Mundell * misc/network.c (verify_peer_certificate): Add TODO. 2012-06-09 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c: Removed now unused macro SECRET_KB_PREFIX. 2012-06-09 Jan-Oliver Wagner Removing code that tries to remember which part of NVTs is authenticated. * nasl/exec.c (exec_nasl_script): Removed code that sets "authenticated" status. * nasl/nasl_func.c (nasl_func_call): Removed code to handle "authenticated" status. * nasl/nasl_grammar.y (INCLUDE): Remove downgrading present script in case non authenticated include file is loaded. Left todo that we need to ensure only signed include files are considered at all. (init_nasl_ctx): Removed initialization of "authenticated". Changed check to directly ignore non-signed NVTs. * nasl/nasl_scanner_glue.c (get_kb_list, get_kb_item, get_kb_fresh_item, replace_kb_item, set_kb_item): Drop check for authenticated status. * nasl/nasl_global_ctxt.h (struct naslctxt): Removed element "authenticated". * nasl/nasl_lex_ctxt (struct struct_lex_ctxt): Removed element "authenticated". 2012-06-09 Jan-Oliver Wagner Removing the code that prevented special functions being executed by non-authenticated NVTs. Background is that either the whole feed is treated as authenticated or as non-authenticated, but not a mixture of it. * nasl/nasl_cmd_exec.c (nasl_pread, nasl_find_in_path, nasl_fread, nasl_unlink, nasl_fwrite, nasl_get_tmp_dir, nasl_file_stat, nasl_file_open, nasl_file_close, nasl_file_read, nasl_file_write, nasl_file_seek): Removed check that ensured the NVT is authenticated. * nasl/nasl_crypto2.c (nasl_pem_to, nasl_rsa_sign, nasl_dsa_do_sign): Removed check that ensured the NVT is authenticated. * nasl/nasl_host.c (nasl_same_host): Removed check that ensured the NVT is authenticated. * nasl/nasl_scanner_glue.c (script_get_preference_file_location): Removed check that ensured the NVT is authenticated. * nasl/exec.c (check_authenticated): Removed function. * nasl/exec.h: Removed proto accordingly. 2012-06-07 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_init): Added debug message to provide information about disable authenticators. * misc/ldap_auth.c (ldap_auth_info_new): Added parameter to indicate whether certain options are obligatory (for ldap-method) or not (for ldap_connect-method). (ldap_auth_info_from_key_file): Set new parameter depending on authenticators group name. * misc/ldap_auth.h (ldap_auth_info_new): Updated header accordingly. 2012-05-22 Matthew Mundell * nasl/nasl_misc_funcs.c (simple_register_host_detail): Revert last commit. 2012-05-21 Matthew Mundell * nasl/nasl_misc_funcs.c (simple_register_host_detail): Add CVE as source description if there is one. 2012-04-24 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0.2. 2012-04-24 Michael Wiegand Preparing the openvas-libraries 5.0.1 release. * CHANGES: Updated. 2012-04-24 Michael Wiegand * misc/pcap.c (routethrough): Use the most specific route and not the first matching route. Patch suggested by Christian Schmidt . 2012-03-28 Jan-Oliver Wagner * CMakeLists.txt, INSTALL: Raised dependency for glib from 2.12 to 2.16. We are using already methods from 2.16 and other OpenVAS modules have already 2.16 as minimum requirement. 2012-03-27 Jan-Oliver Wagner * CMakeLists.txt: Fixed svn revisioning. 2012-03-25 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 5.0.1. 2012-03-25 Jan-Oliver Wagner Preparing the openvas-libraries 5.0.0 release. * CHANGES: Updated. * CMakeLists.txt: Version bump to 5.0.0. 2012-03-23 Matthew Mundell * omp/omp.c (omp_create_lsc_credential_key): New function. * omp/omp.h: Add header accordingly. 2012-03-21 Jan-Oliver Wagner * CMakeLists.txt: Fixed build for LDAP. 2012-03-16 Jan-Oliver Wagner * CMakeLists.txt: Added check for LDAP library and make LDAP default in case it is found. BUILD_WITHOUT_LDAP will explicitely disable LDAP. * misc/CMakeLists.txt: Removed check for ldap library. * INSTALL: Added hint on ldap. 2012-03-16 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_dn_is_good): Allow special cases for ADS use cases. 2012-03-15 Felix Wolfsteller * doc/example.auth.conf: Add a simple example for "ldap_connect" authentication configuration (this is an exclusive per-user authentication without authorization). 2012-03-15 Felix Wolfsteller * misc/ldap_connect_auth.c (ldap_connect_authenticate): Do not call ldap_user_exists, only bind. Also, undbind. * misc/openvas_auth.c (add_authenticator): Do not use ldap_user_exists but the "classic" file-exist for ldap_connect authenticator. * misc/ldap_auth.c (ldap_auth_new): Allow NULL for certain parameters. 2012-03-13 Jan-Oliver Wagner * misc/plugutils.c (proto_post_wrapped): Ensure the newline after the actual result text is always placed where it was before. This lowers the number of changed results texts significantly. 2012-03-13 Michael Wiegand * misc/plugutils.c (proto_post_wrapped): Add support for using the scanner preferences result_prepend_tags and result_append_tags to prepend or append tag contents to the description of a result. This is convenience functionality in preparation for the breaking up of the NVT description block and adding proper handling of refined meta information all over the OpenVAS Framework. 2012-03-12 Jan-Oliver Wagner * nasl/nasl_misc_funcs.c: Added NASL_EXIT_DEPRECATED. (nasl_do_exit): Added a comment to remind on this reserved exit code for future handling. 2012-03-12 Matthew Mundell * nasl/nasl_scanner_glue.c (security_message): Use HUGE_VAL because HUGE_VALF is for strtof, and add missing negation. 2012-03-10 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 5.0+rc2. 2012-03-10 Jan-Oliver Wagner Preparing the openvas-libraries 5.0+rc1 release. * CHANGES: Updated. * CMakeLists.txt: Version bump to 5.0+rc1. 2012-03-08 Matthew Mundell * nasl/nasl_builtin_nmap.c (PREF_UDP_PORT_SCAN): Remove. (build_cmd_line): Always enable UDP scan. (xmltag_close_cpe): Flush trailing whitespace. 2012-03-06 Matthew Mundell Add NASL function security_message. This change is part of CR 59. * nasl/nasl_init.c (libfuncs): Add security_message. * nasl/nasl_scanner_glue.c (security_message): New function. * nasl/nasl_scanner_glue.h: Add header accordingly. 2012-03-05 Matthew Mundell * nasl/nasl_debug.c (nasl_perror): Add prospective code to send an ERRMSG to the client. 2012-03-02 Felix Wolfsteller * misc/openvas_server.c (openvas_server_open), nasl/nasl_ssh.c (nasl_ssh_exec): Fixed memleaks spotted by cppcheck. 2012-03-02 Felix Wolfsteller * misc/openvas_auth.c (openvas_modify_user): Documentation added. 2012-03-01 Jan-Oliver Wagner * nasl/nasl.h: Removed prot for deprecated function execute_nasl_script. 2012-03-01 Jan-Oliver Wagner This patch was developed by Bernhard Herzog. * misc/network.c (set_gnutls_priorities, set_gnutls_sslv23) (set_gnutls_sslv3, set_gnutls_tlsv1): Removed. (set_gnutls_protocol): Use gnutls_priority_set_direct to set the various priorities instead of (indirectly via the now removed set_gnutls_* functions) using the deprecated functions gnutls_protocol_set_priority, gnutls_cipher_set_priority, gnutls_compression_set_priority, gnutls_mac_set_priority. The gnutls_priority_set_direct function accepts all the priority settings as a single string. 2012-03-01 Jan-Oliver Wagner * nasl/nasl.h: Removed NASL_LEVEL as it is long time deprecated. * nasl/nasl_init.c (libivars): Removed NASL_LEVEL as it is long time deprecated. 2012-03-01 Jan-Oliver Wagner * misc/openvas_server.c (openvas_server_new): Removed dead code about a magic user "admin" that was removed long time ago. 2012-03-01 Jan-Oliver Wagner This patch was developed by Bernhard Herzog. * misc/openvas_server.c (openvas_server_open): Remove the call to the deprecated gnutls_kx_set_priority function. The preceding gnutls_set_default_priority call should have set suitable key exchange priorities. The key exchange algorithms set by gnutls_set_default_priority (in gnutls 3.0.9) include all the algorithms set by the gnutls_kx_set_priority, although in different order, and some more, like the EC variants. (openvas_server_new): Use gnutls_priority_set_direct to set the various priorities instead of the deprecated gnutls_*_set_priority functions. As priority string now uses the SECURE choice as it is primarily for internal OpenVAS connections. 2012-02-29 Jan-Oliver Wagner * nasl/nasl_tree.c (alloc_RE_cell): Print error string along with error code to help understand RE errors. 2012-02-29 Felix Wolfsteller * base/openvas_string.h, base/openvas_string.c (openvas_string_list_to_xml): Utility function to create a xml tree of depth one from a list of strings. 2012-02-29 Felix Wolfsteller * misc/CMakeLists.txt: Compile new module ldap_connect_auth (if build with ldap flag is set). * misc/openvas_auth.c: Added stub for new ldap_connect authenticator. (order_compare): Let the ldap_connect authenticator always be the first. (add_authenticator): Respect and add ldap_connect authenticator. (openvas_auth_init): Remember whether ldap_connect authenticator was configured. (openvas_auth_write_config): Write ldap_connect part of config, validate given values. Closed leaking string in error case. (can_user_ldap_connect): New. Return true if ldap_connect enabled for user. (openvas_authenticate, openvas_authenticate_method): Realise exclusivity of ldap_connect mehtod. (openvas_auth_user_methodsdir): New, convenience to find users auth/methods directory. (openvas_user_modify): Added ability to set allowed methods per user. (openvas_auth_user_set_allowed_methods): New. Set allowed methods per user. (openvas_auth_mkmethodsdir): New. Create users auth/methods directory. (openvas_auth_user_methods): New. Access allowed methods for a user. * misc/openvas_auth.h (openvas_user_modify): Adjusted signature. (openvas_auth_user_methods, openvas_auth_user_set_allowed_methods): New, exposed functions (will be used by openvas-administrator). 2012-02-28 Jan-Oliver Wagner * COPYING: Added recently added modules misc/ldap_connect_auth.h and misc/ldap_connect_auth.c. 2012-02-28 Jan-Oliver Wagner Several Cmake improvements towards full out-of-source builds by Andre Heinecke. * doc/Doxyfile.in, doc/Doxyfile_full.in: Use @CMAKE_CURRENT_BINARY_DIR@. * CMakeLists.txt: Set minimum cmake version to 2.6. Use ${CMAKE_CURRENT_BINARY_DIR} and ${CMAKE_SOURCE_DIR}. 2012-02-28 Jan-Oliver Wagner Make it easier to compile on MacOS. Patch by Andre Heinecke. * misc/support.h: New. Support for MacOS. * misc/network.c, misc/ids_send.c, misc/resolve.c, misc/pcap.c, misc/www_funcs.c, hg/hg_add_hosts.c: Use support.h. * COPYING: Add support.h. 2012-02-28 Jan-Oliver Wagner Remove local copy of regexp. * nasl/nasl_tree.c (alloc_RE_cell): Replaced call of nasl_regcomp by regcomp and nasl_regfree by regfree. * nasl/preparse.c, nasl/lint.c: Removed unecessary include of nasl_regex.h. * nasl/nasl_text_utils.c (nasl_ereg): Replaced call of nasl_regexec by regexec and nasl_regfree by regfree. Removed call of nasl_re_set_syntax because POSIX is the default anyway. (_regreplace): Replaced call of nasl_regcomp by regcomp and nasl_regexec by regexec and nasl_regfree by regfree. (nasl_egrep): Replaced call of nasl_regcomp by regcomp and nasl_regexec by regexec and nasl_regfree by regfree. Removed call of nasl_re_set_syntax because POSIX is the default anyway. (nasl_eregmatch): Replaced call of nasl_regcomp by by regcomp and nasl_regexec by regexec and nasl_regfree by regfree. Removed call of nasl_re_set_syntax because POSIX is the default anyway. * nasl/exec.c (nasl_exec): Replaced call of nasl_regexec by regexec. * nasl/CMakeLists.txt: Removed handling of module regex.c. Removed openSUSE special treatment for compile problem in regexp.c. * nasl/regex.c, nasl/nasl_regex.h: Removed. * COPYING: Removed entries for removed files nasl/regex.c and nasl/nasl_regex.h. 2012-02-28 Felix Wolfsteller * misc/ldap_connect_auth.h, misc/ldap_connect_auth.c: New ldap_connect_auth authenticator stub. 2012-02-28 Felix Wolfsteller * misc/ldap_auth.h, misc/ldap_auth.c (ldap_auth_info_auth_dn): Expose function to be reusable in upcoming ldap_connect authenticator. 2012-02-27 Matthew Mundell Rename NASL debug_function to error_function. Rename the associated OTP token from DEBUG to ERRMSG. * misc/plugutils.c (proto_post_debug, post_debug, post_debug_udp): Remove. (proto_post_error, post_error, post_error_udp): New functions. Rename from debug versions. * misc/plugutils.h: Update headers accordingly. * nasl/nasl_init.c (libfuncs): Rename debug_message to error_message. * nasl/nasl_scanner_glue.c (debug_message): Remove. (error_message): New function. Rename from debug version. * nasl/nasl_scanner_glue.h: Update headers accordingly. 2012-02-23 Jan-Oliver Wagner * CMakeLists.txt: Increased dependency for gnutls from 2.0 to 2.2 to ensure we can use gnutls_priority_set_direct which is the replacement for the deprecated function gnutls_protocol_set_priority. 2012-02-09 Henri Doreau Initial changes for a false positive auto detection/removal feature. * nasl/nasl_misc_funcs.c (simple_register_host_detail): New. (nasl_do_exit): Store the exit code as host detail if equals to NASL_EXIT_NOTVULN. 2012-02-09 Matthew Mundell * nasl/nasl_builtin_nmap.c (save_open_ports): Use strncmp to match open ports, so that "open|filtered" is included. 2012-02-08 Matthew Mundell * nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab): Check for the T: and U: type specifiers in the port range. 2012-01-26 Henri Doreau * misc/arglists.h: Export arg_del_value(). 2012-01-26 Henri Doreau * nasl/nasl_builtin_nmap.c (nmap_run_and_parse): Set proper signal handlers to prevent the nmap subprocess from being zombified if the scan is stopped. (sig_h, sig_c): New. 2012-01-19 Henri Doreau Handle CPE codes produced by nmap, if any. Changes are backward compatible, with versions of nmap that don't output CPEs. * nasl/nasl_builtin_nmap.c (simple_item_destroy, xml_read_text) (xmltag_open_cpe, xmltag_close_cpe, set_opentag_callbacks) (set_closetag_callbacks, nmap_run_and_parse, current_host_reset) (port_destroy, register_service, save_detected_os): Added code to handle text sections. Read, store and report content of tags. 2012-01-18 Henri Doreau Code cleanup to improve efficiency and maintainability. * nasl/nasl_builtin_nmap.c (nmap_destroy, list_free) (current_host_reset, port_destroy, nse_script_destroy) (nmap_get_free_port, nmap_get_free_nse_script, tmphost_add_port) (tmphost_add_nse_hostscript, tmphost_add_nse_portscript) (save_open_ports, save_portscripts, save_hostscripts): Replaced custom linked lists by GSLists from GLib. Use GTrashStacks to prevent from constantly alloc/free'ing the same structures. 2012-01-09 Jan-Oliver Wagner * nasl/nasl_builtin_find_service.c: Turn any post_note and post_info into post_log message. This change is part of CR#57. 2012-01-03 Henri Doreau * misc/plugutils.c (proto_post_wrapped): Don't add vulnerability references to the script results. 2011-12-27 Jan-Oliver Wagner * INSTALL: Re-arranged text a bit and added some Debian 6 info. 2011-12-20 Henri Doreau * misc/plugutils.c (proto_post_wrapped): Fixed typo in comment. 2011-12-15 Matthew Mundell * misc/ldap_auth.c (ldap_user_exists): Search entire subtree. 2011-12-15 Matthew Mundell * misc/ldap_auth.c (ldap_user_exists): Replace static role attribute with actual one. 2011-12-14 Matthew Mundell * misc/ldap_auth.c (ldap_auth_info_new): Remove role_observer_values requirement. (ldap_auth_bind): Use LDAP_VERSION3 instead of number. 2011-12-12 Matthew Mundell Implement LDAP observers. * misc/ldap_auth.h: Update headers accordingly. (struct ldap_auth_info): Add role_observer_values. * misc/ldap_auth.c (KEY_LDAP_ROLE_OBSERVER_VALUES): New define. (ldap_auth_info_new, ldap_auth_info_free): Add arg role_observer_values. (ldap_auth_query_role, ldap_authenticate): Add observer role. (ldap_auth_info_from_key_file): Handle KEY_LDAP_ROLE_OBSERVER_VALUES. (ldap_user_exists): New function. * src/openvas_auth.c (struct authenticator): Add user_exists. (classic_authenticator_new, add_authenticator): Init user_exists. (openvas_user_exists_classic): New function. Body from openvas_user_exists. (openvas_user_exists, openvas_user_uuid): Try all authentication types. 2011-12-07 Matthew Mundell * omp/omp.c (omp_get_report): NULL-check response. Check the response for errors. 2011-11-30 Henri Doreau Export a new function get_script_oid() to NASL. * nasl/nasl_init.c: Add get_script_oid() to the list of the NASL functions. * nasl/nasl_scanner_glue.c (get_script_oid): New function. * nasl/nasl_scanner_glue.h: Update header accordingly. 2011-11-10 Michael Wiegand * CMakeLists.txt: Adjust path of source file in install to point to the correct file for out-of-source builds. 2011-11-10 Michael Wiegand * doc/Doxyfile.in, doc/Doxyfile_full.in: Use CPACK_PACKAGE_VERSION instead of a static value for the version. 2011-11-10 Michael Wiegand * nasl/CMakeLists.txt: Adjust bison call in custom command to enable out-of-source builds. 2011-11-10 Michael Wiegand * misc/network.c (open_SSL_connection): Call gnutls_transport_set_lowat only for gnutls < 2.12.0 since it is deprecated in newer versions. Patch suggested by Stephan Kleine. 2011-11-07 Michael Wiegand * nasl/smb_crypt.h: Ensure that the license text contains the correct address if the Free Software Foundation. 2011-11-07 Michael Wiegand * hg/hg_add_hosts.c, hg/hg_add_hosts.h, hg/hg_debug.c, hg/hg_dns_axfr.c, hg/hg_dns_axfr.h, hg/hg_filter.c, hg/hg_filter.h, hg/hg_subnet.c, hg/hg_subnet.h, hg/hg_utils.c, hg/hg_utils.h, hg/hosts_gatherer.c, hg/hosts_gatherer.h, hg/test.c, misc/bpf_share.c, misc/comm.h, misc/kb.c, misc/nvt_categories.h, misc/pcap.c, misc/popen.c, misc/rand.c, misc/rand.h, misc/resolve.c, misc/resolve.h, misc/scanners_utils.c, misc/scanners_utils.h, misc/services1.c, misc/services.h, misc/www_funcs.c, nasl/arc4.c, nasl/byteorder.h, nasl/capture_packet.c, nasl/capture_packet.h, nasl/charcnv.c, nasl/charset.h, nasl/exec.c, nasl/exec.h, nasl/genrand.c, nasl/hmacmd5.c, nasl/hmacmd5.h, nasl/iconv.c, nasl/iconv.h, nasl/lint.c, nasl/md4.c, nasl/md4.h, nasl/nasl_builtin_openvas_tcp_scanner.c, nasl/nasl.c, nasl/nasl_cmd_exec.c, nasl/nasl_cmd_exec.h, nasl/nasl_crypto2.c, nasl/nasl_crypto2.h, nasl/nasl_crypto.c, nasl/nasl_crypto.h, nasl/nasl_debug.c, nasl/nasl_debug.h, nasl/nasl_func.c, nasl/nasl_func.h, nasl/nasl_global_ctxt.h, nasl/nasl_grammar.y, nasl/nasl.h, nasl/nasl_host.c, nasl/nasl_host.h, nasl/nasl_http.c, nasl/nasl_http.h, nasl/nasl_init.c, nasl/nasl_init.h, nasl/nasl_lex_ctxt.c, nasl/nasl_lex_ctxt.h, nasl/nasl_misc_funcs.c, nasl/nasl_misc_funcs.h, nasl/nasl_packet_forgery.c, nasl/nasl_packet_forgery.h, nasl/nasl_packet_forgery_v6.c, nasl/nasl_packet_forgery_v6.h, nasl/nasl_raw.h, nasl/nasl_regex.h, nasl/nasl_scanner_glue.c, nasl/nasl_scanner_glue.h, nasl/nasl_socket.c, nasl/nasl_socket.h, nasl/nasl_text_utils.c, nasl/nasl_text_utils.h, nasl/nasl_tree.c, nasl/nasl_tree.h, nasl/nasl_var.c, nasl/nasl_var.h, nasl/preparse.c, nasl/preparse.h, nasl/regex.c, nasl/smb_crypt2.c, nasl/smb_crypt.c, nasl/smb.h, nasl/smb_signing.c, nasl/smb_signing.h, nasl/strutils.c, nasl/strutils.h, nasl/time.c: Ensure that the license text contains the correct address if the Free Software Foundation. Suggested by Michal Ambroz. 2011-11-07 Michael Wiegand * COPYING.GPLv2, COPYING.LGPLv2: Update with fresh copies obtained from http://www.gnu.org/licenses/old-licenses/ to ensure the licenses contains the correct address of the Free Software Foundation and to have consistent formatting. Suggested by Michal Ambroz. 2011-10-26 Michael Wiegand * hg/hg_utils.c (hg_get_name_from_ip): Make debug messages more useful. 2011-10-07 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0+beta3. 2011-10-07 Michael Wiegand Preparing the openvas-libraries 5.0+beta2 release. * CHANGES: Updated. 2011-10-06 Michael Wiegand * ChangeLog: Fix path in last entry. 2011-10-05 Matthew Mundell * misc/openvas_auth.c (openvas_user_modify): New function. Body from openvas-administrator openvas_admin_modify_user. * misc/openvas_auth.h: Add header accordingly. 2011-09-27 Matthew Mundell * omp/omp.c (omp_authenticate_info): New function. * omp/omp.h: Add header accordingly. * base/credentials.h (credentials_t): Add timezone and role. * base/credentials.c (free_credentials): Free timezone and role. 2011-09-22 Matthew Mundell * misc/openvas_auth.c (openvas_is_user_observer): New function. (openvas_set_user_role): Add observer role. * misc/openvas_auth.h: Add header accordingly. 2011-09-21 Matthew Mundell * misc/openvas_auth.c (openvas_auth_store_user_rules): Correct doc typo. 2011-09-21 Matthew Mundell * misc/openvas_auth.c (openvas_user_exists): New function. * misc/openvas_auth.h: Add header accordingly. * ChangeLog: Cleanup some entries. 2011-09-13 Michael Wiegand * nasl/nasl_ssh.c (nasl_ssh_exec): Remove superfluous log messages for non-error cases. 2011-08-08 Matthew Mundell Validate LDAP auth DN. * misc/openvas_auth.c (openvas_auth_write_config): Validate the LDAP auth DN. Adjust return accordingly. * misc/ldap_auth.c (auth_dn_is_good): Rename to ldap_auth_dn_is_good. Update callers. (ldap_auth_dn_is_good): New function. Was auth_dn_is_good. Conver to DN to validate. * misc/ldap_auth.h: Add header accordingly. 2011-07-13 Matthew Mundell * ChangeLog: Always close the parentheses on the line they are opened on, as this is much easier to parse. 2011-07-13 Michael Wiegand * CMakeLists.txt: Do not try to fix LIBSSH_CFLAGS and LIBSSH_LDFLAGS if they have already been set by pkg-config. 2011-07-12 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_id): Create legacy OID directly and update nvti directly. (script_oid): Replace call of plug_set_oid by nvti_set_oid. * misc/plugutils.c (plug_set_id, plug_set_oid): Removed the now unused functions. * misc/plugutils.h: Removed protos accordingly. 2011-07-12 Jan-Oliver Wagner * misc/plugutils.c (plug_set_id): Don't store the ID in the arglist structure anymore. Now use g_strdup_printf to create the legacy oid. (plug_get_id): Removed. Not used anywhere. (plug_set_oid): If a oid is set, any previous set legacy oid will now be overwritten. 2011-07-12 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_category): Replaced call of plug_set_category by nvti_set_category. * misc/plugutils.c (plug_set_nvti, plug_set_category): Removed the now unused functions. * misc/plugutils.h: Removed protos accordingly. 2011-07-12 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_cve_id): Replaced call of plug_set_cve_id by nvti_add_cve. (script_bugtraq_id): Replaced call of plug_set_bugtraq_id by nvti_add_bid. * misc/plugutils.c (plug_set_cve_id, plug_set_bugtraq_id) (plug_set_sign_key_ids, plug_require_key, plug_mandatory_key) (plug_exclude_key, plug_require_port, plug_require_udp_port): Removed. These functions are not used anymore. * misc/plugutils.h: Removed protos accordingly. 2011-07-12 Jan-Oliver Wagner * misc/plugutils.c (plug_set_id, plug_set_oid, plug_set_cve_id) (plug_set_bugtraq_id, plug_set_xref, plug_set_tag, plug_set_sign_key_ids) (plug_require_key, plug_get_required_keys, plug_mandatory_key) (plug_get_mandatory_keys, plug_exclude_key, plug_get_excluded_keys) (plug_require_port, plug_get_required_ports, plug_require_udp_port) (plug_get_required_udp_ports, plug_set_dep, plug_get_deps) (plug_set_category, mark_successful_plugin, mark_post) (proto_post_wrapped, add_plugin_preference, get_plugin_preference): Replaced calls of plug_get_nvti by direct access to arglist structure. (plug_get_nvti): Removed. It is not being used anymore now. * misc/plugutils.h: Removed proto accordingly. 2011-07-12 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_require_keys, script_mandatory_keys) (script_exclude_keys, script_require_ports, script_require_udp_ports): Replace plug_* call by corresponding call of nvti_add_*. 2011-07-12 Jan-Oliver Wagner * base/nvti.c (nvti_add_sign_key_id, nvti_add_cve, nvti_add_bid) (nvti_add_required_keys, nvti_add_mandatory_keys, nvti_add_excluded_keys) (nvti_add_required_ports, nvti_add_required_udp_ports) (nvti_add_sign_key_id): New methods to add elements to alreay existing ones. * base/nvti.h: Added new protos accordingly. 2011-07-12 Jan-Oliver Wagner * misc/store.c (store_load_plugin): Replaced call of plug_set_nvti by direct arglist retrieval. 2011-07-12 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_elem): Removed. Last trace of old i18n attempt. (script_name, script_description, script_copyright, script_summary) (script_family): Replaced script_elem call with direct call of the corresponding nvti function. * misc/plugutils.c (plug_set_family, plug_set_name, plug_set_summary) (plug_set_description, plug_set_copyright): Removed the now unused functions. * misc/plugutils.h: Removed protos accordingly. 2011-07-10 Jan-Oliver Wagner * misc/plugutils.c (plug_set_version, plug_get_version, plug_set_path) (plug_get_path, plug_get_oid, plug_get_cve_id, plug_get_bugtraq_id) (plug_get_xref, plug_get_tag, plug_get_sign_key_ids, plug_get_family) (plug_set_timeout, plug_get_timeout, plug_get_name, plug_get_summary) (plug_get_description, plug_get_copyright, plug_get_category): Removed. These functions are not used anymore. (proto_post_wrapped): Replaced call of plug_get_oid() by nvti_oid(). * misc/plugutils.h: Removed protos accordingly. 2011-07-10 Jan-Oliver Wagner * misc/plugutils.c (mark_successful_plugin, proto_post_wrapped) (get_plugin_preference): Replace use of plug_*() by direct call of nvti_*() where nvti elements are concerned. * nasl/nasl_scanner_glue.c (script_timeout, script_version): Replace use of plug_*() by direct call of nvti_*() where nvti elements are concerned. 2011-07-01 Henri Doreau * nasl/nasl_builtin_nmap.c: Minor coding style fixes. 2011-07-01 Henri Doreau * nasl/nasl_builtin_nmap.c (setup_xml_parser): Removed superfluous check of the return value of g_hash_table_new which is guaranteed to succeed. * nasl/nasl_builtin_nmap.c (setup_xml_parser, set_opentag_callbacks) (set_closetag_callbacks): Changed return type to void. * nasl/nasl_builtin_nmap.c (nmap_create): No need to check the return value of setup_xml_parser() anymore. 2011-07-01 Henri Doreau * nasl/nasl_builtin_nmap.c: Improved documentation (formatting and content). * nasl/nasl_builtin_nmap.c (tmphost_add_port) (tmphost_add_nse_hostscript, tmphost_add_nse_portscript) (current_host_saveall, save_host_state, save_open_ports) (register_service, save_detected_os, save_tcpseq_details) (save_ipidseq_details, save_traceroute_details, save_portscripts) (save_hostscripts): Changed return type to void. 011-07-01 Henri Doreau * nasl/nasl_builtin_nmap.c (nmap_run_and_parse): Added a check to distinguish between error and eof after fread() on imported files. 2011-07-01 Henri Doreau * nasl/nasl_builtin_nmap.c (get_default_portrange): Moved the internal cmp() function to a higher level as nested functions are not standard (GCC extension). 2011-07-01 Henri Doreau * nasl/nasl_builtin_nmap.c (nmap_create, add_arg, tmphost_add_port) (tmphost_add_nse_hostscript, tmphost_add_nse_portscript): Removed superfluous checks of the return value of g_malloc which doesn't return on failure. 2011-07-01 Henri Doreau * nasl/nasl_builtin_nmap.c (register_service): Ensure that port version is set before registering it. 2011-06-29 Jan-Oliver Wagner * misc/arglists.c (arg_set_name, arglist2str): Removed now unused functions. * misc/arglists.h: Removed protos accordingly. 2011-06-29 Jan-Oliver Wagner * base/nvti.c (nvti_add_sign_key_id): New. * base/nvti.h: Added proto accordingly. 2011-06-28 Jan-Oliver Wagner * misc/store.c (store_load_plugin): Removed conversion of ".nes" to ".nasl" for dependencies. When a cache file is created, the conversion is always done already. This change makes it mandatory to remove the old cache when migrating from OpenVAS-4 to OpenVAS-5 in order to ensure to not have any old cache file with ".nes" somewhere. 2011-06-27 Jan-Oliver Wagner * misc/plugutils.c (plug_require_key, plug_mandatory_key) (plug_exclude_key, plug_require_port, plug_require_udp_port) (plug_set_dep): Replace intermediate step of converting csv strings to arglist and back again just for adding one entry by direct string modification. 2011-06-22 Michael Wiegand Enforce that timestamps for newly cached files are identical with those of the original NVTs. This prevents cache issues for rare cases where the cache file was erroneously considered new than an update NVT. * base/nvti.c (nvti_to_keyfile): Set the timestamp of the cache file to the timestamp of the original NVT. * base/nvticache.c (nvticache_get): Accept caches with the same timestamp as the original file. 2011-06-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0+beta2. 2011-06-21 Michael Wiegand Preparing the openvas-libraries 5.0+beta1 release. * CHANGES: Updated. * CMakeLists.txt: Updated. 2011-06-17 Henri Doreau * nasl/nasl_builtin_nmap.c (port_destroy, xmltag_open_service) (register_service): Improved version detection support to report additional information about the discovered services. 2011-06-17 Henri Doreau * nasl/nasl_builtin_nmap.c (build_cmd_line): Use -Pn instead of the deprecated -P0 to disable the ping phase. 2011-06-16 Michael Wiegand Add infrastructure for improved ssh support as outlined in OpenVAS Change Request #54 (http://www.openvas.org/openvas-cr-54.html). * nasl/nasl_ssh.c: New. Contains the new ssh functionality through libssh. * nasl/nasl_ssh.h: New. Header file for the new ssh functionality. * nasl/CMakeLists.txt: Add handling of nasl_ssh.c. * nasl/nasl_init.c: Add ssh_exec to the list of NASL commands. * CMakeLists.txt: Add detection and identification of libssh. * INSTALL: Add note that libssh >= 0.4.5 is required for improved ssh support. 2011-06-15 Henri Doreau * nasl/nasl_builtin_nmap.c: improved code documentation 2011-06-15 Henri Doreau * nasl/nasl_builtin_nmap.c (get_default_portrange): removed obsolete and unused variable initialization code. 2011-06-15 Henri Doreau * nasl/nasl_host.c (nasl_islocalhost, nasl_islocalnet), nasl/smb_crypt (SMBencrypt_ntlmssp), nasl/nasl_packet_forgery.c (forge_tcp_packet) (nasl_tcp_ping), nasl/nasl_packet_forgery_v6.c (set_ipv6_elements) (forge_tcp_v6_packet, get_udp_v6_element), nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab), nasl/nasl_misc_funcs.c (nasl_make_array), nasl/nasl_builtin_synscan.c (plugin_run_synscan), nasl/charcnv.c (convert_string_internal_ntlmssp): fixed GCC 4.6 warnings concerning set but never used variables. 2011-06-08 Henri Doreau * nasl/nasl_func.c (get_func), nasl/nasl_var.c (get_var_ref_by_name): removed dead code contained in #ifdef SILLY_OPT checks. 2011-06-06 Henri Doreau * nasl/nasl_builtin_nmap.c (build_cmd_line): don't systematically disable DNS resolution. Added an option to do so. Re-enabled it by default. 2011-05-31 Jan-Oliver Wagner * misc/internal_com.h: Removed all *SHARED_SOCKET* defines as they are not needed anymore. 2011-05-31 Jan-Oliver Wagner * COPYING: Added misc/internal_com.h and nasl/nasl_builtin_nmap.c. 2011-05-31 Jan-Oliver Wagner * misc/internal_com.h: New. Collects INTERNAL_COM* defines. * misc/plugutils.h: Removed INTERNAL_COM* defines. * misc/network.c, misc/plugutils.c: Add include of internal_com.h. * misc/scanners_utils.c: Replace inlucde of plugutils.h by internal_com.h. * misc/CMakeLists.txt: Install internal_com.h. 2011-05-31 Matthew Mundell * nasl/nasl_builtin_nmap.c (register_service, save_traceroute_details): Do cast in 64 bit friendly way, else compilation fails. 2011-05-31 Matthew Mundell Deal with GCC 4.6 warnings. Thanks to Stephan Kleine for original patch. * misc/network.c (renice_myself): Check nice return. * misc/plugutils.c (plug_get_key): Remove stray variable usage left from Nessus times. 2011-05-31 Henri Doreau Added a new builtin module to perform comprehensive network scanning with nmap. * nasl/nasl_builtin_nmap.c: New. Exports plugin_run_nmap() to NASL. This function calls nmap to perform network wide scanning. Results are stored in the knowledge base to be read and reported by an external NASL plugin. * nasl/CMakeLists.txt: Updated to handle nasl_builtin_nmap.c. * nasl/nasl_builtin_plugins.h: Updated with plugin_run_nmap prototype. * nasl/nasl_init.c: Added new function plugin_run_nmap to the list of NASL functions. 2011-05-30 Jan-Oliver Wagner * nasl/nasl_init.c (libfuncs): removed registration of functions "shared_socket_register", "shared_socket_acquire", "shared_socket_release" and "shared_socket_destroy". * nasl/nasl_scanner_glue.c (SECRET_SOCKET_PREFIX, nasl_shared_socket_register, nasl_shared_socket_acquire, nasl_shared_socket_release, nasl_shared_socket_destroy): Removed. * nasl/nasl_scanner_glue.h: Removed protos accordingly. * misc/plugutils.c (shared_socket_register, shared_socket_acquire, shared_socket_release, shared_socket_destroy): Removed. * misc/plugutils.h: Removed protos accordingly. 2011-05-30 Michael Wiegand Post branch version bump. * CMakeLists.txt: Set version to 5.0.0. 2011-05-24 Matthew Mundell * omp/omp.c (omp_get_system_reports): Return status code instead of 1, as in other functions. Thanks to Stephan Kleine for reporting. 2011-05-23 Michael Wiegand * misc/plugutils.c: Add support for separate control of unscanned_closed behavior for UDP ports. (unscanned_udp_ports_as_closed): New function to honor the unscanned_closed_udp preference. (kb_get_port_state_proto): Use unscanned_udp_ports_as_closed instead of unscanned_ports_as_closed for UDP ports. 2011-05-04 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0.5. 2011-05-04 Michael Wiegand Preparing the openvas-libraries 4.0.4 release. * CHANGES: Updated. 2011-04-15 Henri Doreau * nasl/nasl_grammar.y (init_nasl_ctx), nasl/nasl.c (main): fixed memory leaks reported by valgrind. 2011-04-15 Henri Doreau * misc/popen.c (openvas_popen4): replaced raw fd numbers for stdin/stdout/stderr by the corresponding STD*_FILENO macros from unistd.h 2011-04-11 Matthew Mundell * omp/xml.c (try_read_entity_and_string): New function. Body from read_entity_and_string, with timeout arg. (read_entity_and_string): Call through to try_read_entity_and_string. (try_read_entity): New function. (read_entity): Call through to try_read_entity. * omp/omp.c (omp_ping): New function. * omp/xml.h, omp/omp.h: Add headers accordingly. 2011-03-19 Matthew Mundell * omp/xml.c (parse_entity): New function. * omp/xml.h: Add header accordingly. 2011-03-09 Michael Wiegand * misc/plugutils.c (kb_get_port_state_proto): Honor unscanned_closed setting for UDP ports as well. 2011-03-07 Matthew Mundell * omp/xml.c (handle_end_element, read_entity_and_string): Free context data list elements. From valgrind by Pavel Sejnoha. 2011-03-07 Michael Wiegand * hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Refer to libraries by their target name to allow cmake to handle dependencies correctly. Add missing link between misc and base when doing static linking. 2011-03-03 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0.4. 2011-03-03 Michael Wiegand Preparing the openvas-libraries 4.0.3 release. * CHANGES: Updated. 2011-03-02 Chandrashekhar B * nasl/nasl_wmi.c (nasl_wmi_connect, nasl_wmi_connect_reg, nasl_wmi_connect_rsop): Fixed an issue with fetching IP string from the struct * nasl/nasl_smb.c (nasl_smb_connect): Fixed an issue with fetching IP string from the struct. 2011-03-01 Michael Wiegand * misc/arglists.c (str2arglist): Fix handling of input string. Inserting null bytes into the string caused resulting arglists to end prematurely. 2011-02-23 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0.3. 2011-02-23 Michael Wiegand Preparing the openvas-libraries 4.0.2 release. * CHANGES: Updated. 2011-02-23 Felix Wolfsteller * doc/example.auth.conf: Fixed parameter name as spotted by Michael Wiegand. 2011-02-23 Felix Wolfsteller * doc/example.auth.conf: Corrected comment about which parameter to pass to cmake in order to compile libraries with LDAP-support. Switch example to "enable" keyword. 2011-02-22 Michael Wiegand * CMakeLists.txt: Ensure that tools/openvas-lsc-rpm-creator.sh gets installed to the location OpenVAS Manager expects it to be. 2011-02-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0.2. 2011-02-21 Michael Wiegand Preparing the openvas-libraries 4.0.1 release. * CHANGES: Updated. 2011-02-16 Michael Wiegand * misc/openvas_auth.c (openvas_is_user_admin): Make check for administrative privileges stricter; isadmin is expected to be a regular file. 2011-02-15 Chandrashekhar B * misc/pcap.c (v6_getinterfaces): Fixed a segfault issue when null ifaddrs struct is encountered. 2011-02-08 Michael Wiegand * CMakeLists.txt: Replace call to deprecated exec_program with execute_process. 2011-02-07 Michael Wiegand * doc/wmi-howto.txt: Fix date. 2011-02-07 Michael Wiegand Further consolidation: Move common checks in submodules to top-level CMakeLists.txt so they are only executed once. Improve pkg-config support. * hg/CMakeLists.txt, base/CMakeLists.txt, nasl/CMakeLists.txt, misc/CMakeLists.txt, omp/CMakeLists.txt: Remove checks for glib and gpgme flags since they are now done by the top-level CMakeLists.txt. * CMakeLists.txt: Make sure flags for glib and gpgme are set. Add gpgme flags to EXTRA_LIBS and EXTRA_CFLAGS so pkg-config sees them. * libopenvas.pc.in: Add EXTRA_LIBS and EXTRA_CFLAGS to care for libraries which are not yet pkg-config compliant. 2011-02-04 Matthew Mundell * misc/openvas_logging.c (openvas_log_func): Correct typo in format. 2011-02-03 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0.1. 2011-02-03 Michael Wiegand Preparing the openvas-libraries 4.0.0 release. * CHANGES: Updated. * CMakeLists.txt: Updated. 2011-02-03 Michael Wiegand * CMakeLists.txt: Attempt to detect whether we are installing on a 32 or 64 bit system and set LIBDIR accordingly. 2011-02-03 Michael Wiegand * doc/wmi-howto.txt: Updated to match new wmi version and new patch. 2011-02-02 Michael Wiegand Switch libwmiclient detection to pkg-config. * CMakeLists.txt: Use pkg_check_modules to find libwmiclient. * nasl/CMakeLists.txt: Use WMICLIENT_FOUND instead of HAVE_WMI as an indicator for the presence of libwmiclient. 2011-02-02 Michael Wiegand Install openvas-services into the correct location according to the FHS. * CMakeLists.txt: Install openvas-services to OPENVAS_DATA_DIR instead of OPENVAS_STATE_DIR. * misc/CMakeLists.txt: Define OPENVAS_DATA_DIR if it is set OPENVAS_DATA_DIR. * misc/services.h: Update define so OPENVAS_SERVICES points to the correct location. 2011-02-02 Michael Wiegand Move installation of openvas-services file from openvas-scanner to openvas-libraries since the only function using it resides in openvas-libraries. * openvas-services: New. Was openvas-scanner/openvas-services. * CMakeLists.txt: Add handling of openvas-services. 2011-02-01 Michael Wiegand * INSTALL: Improved example as suggested by Felix Wolfsteller. 2011-02-01 Michael Wiegand Add/resurrect pkg-config support to openvas-libraries and remove now obsolete libopenvas-config infrastructure. * tools/libopenvas-config.in: Removed. * doc/libopenvas-config.1: Removed. * libopenvas.pc.in: New. Template for pkg-config metadata file for openvas-libraries. * CMakeLists.txt: Move checks for glib and gnutls to pkg-config. Remove handling of libopenvas-config. Add handling of libopenvas.pc. * INSTALL: Update requirements. Add hint on setting PKG_CONFIG_PATH. 2011-01-28 Michael Wiegand * base/settings.c: Adapt settings handling to new openvas-scanner behaviour. (settings_init_from_file): New function to read setting from a file. (settings_init): Read settings directly from the output of "openvassd -s" now. (settings_save): Only write new or changed settings to the settings file. (init_settings_iterator_from_file): New function to initialize an iterator from a file. * base/settings.h: Updated. 2011-01-26 Michael Wiegand Post release version bump. * CMakeLists.txt: Set to 4.0+rc5. 2011-01-26 Michael Wiegand Preparing the openvas-libraries 4.0+rc4 release. * CHANGES: Updated. 2011-01-26 Michael Wiegand Ensure that the command "libopenvas-config --version" returns a string in the expected format even when CPACK_PACKAGE_VERSION_PATCH indicates that this is a beta or rc version. * CMakeLists.txt: Define LIBOPENVASCONFIG_VERSION based on the contents of CPACK_PACKAGE_VERSION_PATCH. * tools/libopenvas-config.in: Use LIBOPENVASCONFIG_VERSION instead of OPENVASLIB_VERSION for the version display. 2011-01-26 Michael Wiegand * misc/network.c (write_stream_connection4): Fix format string in debug message. Spotted by Felix Wolfsteller. 2011-01-26 Michael Wiegand * README: Remove outdated information, redirect readers to the INSTALL file instead. 2011-01-25 Jan-Oliver Wagner * INSTALL: Added hint on wmi cient library. * doc/wmi-howto.txt: Adpated to cmake messages and added note on library name. 2011-01-25 Stephan Kleine * omp/CMakeLists.txt, misc/CMakeLists.txt, hg/CMakeLists.txt: fix link_directories for out of source builds. 2011-01-25 Stephan Kleine * CMakeLists.txt: install man pages into proper directory. 2011-01-25 Christian Kuersteiner * misc/network.c (open_socket): Removed unnecessary parameter. 2011-01-25 Michael Wiegand * nasl/CMakeList.txt: Add option to ignore warnings regarding unprototyped calls in nasl/regex.c to fix the build process with recent versions of openSUSE. * INSTALL: Add section documenting compiler options. 2011-01-25 Michael Wiegand * doc/CMakeLists.txt: New. Added missing file required to build documentation. 2011-01-25 Michael Wiegand * nasl/CMakeList.txt: Fix linking of nasl libraries with other parts of openvas-libraries to fix build issue with newer cmake versions. 2011-01-20 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set to 4.0+rc4 2011-01-20 Jan-Oliver Wagner Quick fixes before release. * TODO: Removed. The last two entries are not of notable relevance anymore (AIX and module dependency problem). * CMakeLists.txt: Add libopenvas-config for CPack. 2011-01-20 Jan-Oliver Wagner Preparing the openvas-libraries 4.0+rc3 release. * openvas_macros.cmake, openvas_cmake_macros: Renamed openvas_macros.cmake to openvas_cmake_macros to avoid confusion with temporary .cmake files and to avoid special treatment in the CMakeLists.txt for CPack. * libopenvas.pc.in: Removed. It is was yet another remains of the autotools time. * CHANGES: Updated. 2011-01-08 Matthew Mundell * base/openvas_file.c: Remove todos about moving into this module. 2011-01-03 Felix Wolfsteller Fix rule saving for ldap authenticated users by ensuring existence of 2011-01-20 Jan-Oliver Wagner * nasl/CMakeLists.txt: Pass OPENVASLIB_VERSION properly for compilation. * nasl/nasl_init.c (libsvars, nasl_version): Renamed VERSION to OPENVASLIB_VERSION. 2011-01-19 Matthew Mundell * misc/openvas_server.c (openvas_server_sendf_xml): New function, from gsa. * misc/openvas_server.h: Add header accordingly. * omp/omp.c (omp_create_target): Send with openvas_server_send_xml so that special chars in args are encoded. 2011-01-19 Jan-Oliver Wagner * nasl/nasl_tcp.h, nasl/nasl_ip.h, nasl/nasl_udp.h, nasl/nasl_icmp.h: Removed. These don't add anything anymore. * nasl/nasl_raw.h: Include netinet componentd rather than the above header files that did include them. * nasl/nasl_init.c: Include nasl_raw.h (early as it sets some relevant makros). Dont't include nasl_tcp anymore. * COPYING: Updated. 2011-01-19 Matthew Mundell * misc/arglists.c (arg_set_name): New function. * misc/arglists.h: Add header accordingly. * misc/store.c (store_load_plugin): Convert any dependencies of file type "nes" to "nasl", now that all NESs are NASLs. 2011-01-19 Jan-Oliver Wagner * CMakeLists.txt: Create installation directory for openvas sysconf (usually /etc/openvas/) 2011-01-19 Matthew Mundell * CMakeLists.txt (CPACK_PACKAGE_VERSION_PATCH): Remove "0". (CPACK_PACKAGE_VERSION0): Remove ".". * misc/CMakeLists.txt: Set PATCH_VERS to "0" if the patch version is missing. 2011-01-18 Jan-Oliver Wagner * nasl/nasl_icmp.h: Removed code path for not HAS_ICMP_ICMP_LIFETIME. * hg/hg_dns_axfr.c: Activated code path for HAVE_NETINET_IN_H. * misc/plugutils.c (sig_n): Activated code path for HAVE_SIGACTION, removed code path for not HAVE_SIGACTION. * misc/proctitle.c: Activated code path for not HAVE_SETPROCTITLE. Activated code path for HAVE_VNSPRINTF. * misc/proctitle.h: Activated code path for not HAVE_SETPROCTITLE. * misc/share_fd.c: Activate code path for HAVE_SENDMSG, for HAVE_RECVMSG and for HAVE_CONTROL_IN_MSGHDR. Activate code for not HAVE_ACCRIGHTS_IN_MSGHDR. * misc/system.c: Activated code path for HAVE_MALLOC_H. * CMakeLists.txt: Added install directive for several directories. 2011-01-18 Jan-Oliver Wagner * INSTALL: Updated to cmake build system and harmonized with other modules. 2011-01-18 Jan-Oliver Wagner Resolving libvers.h.in. * include/, include/libvers.h.in: Removed. * misc/plugutils.c: Removed include of libvers.h. Harmonized macros for VERSION and version elements with CMakeLists.txt. * misc/CMakeLists.txt: Add transfer of version makros. * COPYING: Updated. 2011-01-18 Jan-Oliver Wagner * include/libopenvas.h: Removed. It was no code in there anyway. * COPYING: Updated. 2011-01-18 Jan-Oliver Wagner Resolving config.h. * include/config.h.in: Removed. * misc/pcap.c: Removed include of config.h. Remove conditional include of sys/sockio.h (HAVE_SYS_SOCKIO_H). (getinterfaces): Removed code paths for HAVE_SOCKADDR_SA_LEN, activated code path for HAVE_STRUCT_IFMAP. * misc/share_fd.c: Removed include of config.h. * nasl/nasl_tcp.h: Activated code path for HAVE_NETINET_TCP_H and for HAVE_STRUCT_TCPHDR. * nasl/nasl_ip.h: Activated code path for HAVE_NETINET_IP_H and for HAVE_STRUCT_TCPHDR. Deactivate code for HAVE_STRUCT_IP_CSUM. * nasl/nasl_udp.h: Activate code path for HAVE_STRUCT_UDPHDR. Deactivated code for not HAVE_BSD_STRUCT_UDPHDR. * nasl/nasl_icmp.h: Activate code patch for HAVE_NETINET_IP_ICMP_H and HAVE_STRUCT_ICMP. * nasl/regex.c: Removed include of config.h. Activate code for HAVE_STRING_H and HAVE_STDLIB_H. * COPYING: Updated. 2011-01-18 Matthew Mundell * omp/omp.c (omp_create_target): Separate credential arg into per protocol args. * omp/omp.h: Add header accordingly. 2011-01-18 Matthew Mundell * omp/omp.c (omp_create_target): Use new SSH_LSC_CREDENTIAL element instead of old LSC_CREDENTIAL. 2011-01-18 Felix Wolfsteller * doc/example.auth.conf: Updated with more sensible values and additional comments. 2011-01-17 Jan-Oliver Wagner * CMakeLists.txt: Install users directory. 2011-01-17 Jan-Oliver Wagner * include/nvt_categories.h, misc/nvt_categories.h: Moved nvt_categories.h from include directory to misc directory as the include directory is going to be eliminated. Misc was the best match although in libraries it is only used in nasl. * misc/CMakeLists.txt: Install nvt_categories.h. 2011-01-17 Jan-Oliver Wagner * CMakeLists.txt: Added test for wmiclient library. * tools/libopenvas-config.in: Cleaned up variable substitution to work with cmake. Removed egd handling. 2011-01-17 Matthew Mundell Remove standalone parts of builtin plugins, as they can be run standalone via the NASL wrappers. * nasl/nasl_builtin_openvas_tcp_scanner.c (read_sysctl_maxsysfd) (compute_min_max_cnx, usage, main): Remove. * nasl/nasl_builtin_synscan.c (scan): Set fallback port range for openvas-nasl. (plugin_run_synscan): Change time format string types to longs. (main): Remove. 2011-01-17 Jan-Oliver Wagner * CMakeLists.txt: Added test for wmiclient library. * tools/libopenvas-config.in: Cleaned up variable substitution to work with cmake. Removed egd handling. 2011-01-17 Jan-Oliver Wagner * CMakeLists.txt: Fixed sequence of lib build. 2011-01-16 Matthew Mundell * omp/omp.c (omp_authenticate, omp_create_task, omp_create_task_rc) (omp_create_config, omp_create_lsc_credential, omp_create_agent) (omp_delete_agent, omp_get_nvt_details_503): Print with g_markup_printf_escaped so that special chars in args are encoded. 2011-01-15 Jan-Oliver Wagner * omp/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, hg/CMakeLists.txt: Since these are not stand-alone cmake controls anymore, several parts were remove as they are part of the parent cmake control. * CMakeLists.txt: Added subdirectories omp, misc, nasl and hg. 2011-01-15 Jan-Oliver Wagner * CMakeLists.txt: New. * base/CMakeLists.txt: Since this is not a stand-alone cmake control anymore, several parts were remove as they are part of the parent cmake control. 2011-01-14 Jan-Oliver Wagner * VERSION.in: Use cmake makro. * doc/Doxyfile, doc/Doxyfile.in: Renamed Doxyfile to Doxyfile.in. * doc/Doxyfile_full, doc/Doxyfile_full.in: Renamed Doxyfile_full to Doxyfile_full.in. 2011-01-14 Jan-Oliver Wagner * INSTALL_README, INSTALL: Renamed INSTALL_README to INSTALL to be consistent with other OpenVAS modules. * VERSION, VERSION.in: Renamed VERSION to VERSION.in to prepare cmake handling. * libopenvas-config.in, tools/libopenvas-config.in: Moved libopenvas-config.in into tools/ directory for consistency. * TODO: Removed entries about MANIFEST and configure.in as these files don't exists anymore. 2011-01-14 Jan-Oliver Wagner Removing autotools build environment. * configure, configure.in, config.guess, config.sub, ltmain.sh, openvas-libraries.tmpl.in, MANIFEST, Makefile, .root-dir, aclocal.m4, install-sh: Removed. 2011-01-14 Matthew Mundell * misc/plugutils.c (plug_set_dep): Convert the dependency file type to "nasl" if it is "nes", now that all NESs are NASLs. 2011-01-14 Jan-Oliver Wagner * MANIFEST, COPYING: Updated. 2011-01-14 Matthew Mundell * nasl/nasl_builtin_openvas_tcp_scanner.c (plugin_init): Remove. (plugin_run_openvas_tcp_scanner): Return NULL instead of 0. 2011-01-14 Matthew Mundell Add a NASL builtin command to replace the synscan NES NVT. * nasl/CMakeLists.txt: Add builtin openvas_tcp_scanner to FILES. * nasl/nasl_builtin_synscan.c: New file. A copy of openvas-scanner/cnvts/synscan/synscan.c, modified slightly for NASL caller. * nasl/nasl_builtin_plugins.h: Add header. * nasl/nasl_init.c (libfuncs): Add plugin_run_synscan. 2011-01-13 Matthew Mundell Add a NASL builtin command to replace the openvas_tcp_scanner NES NVT. * nasl/CMakeLists.txt: Add builtin openvas_tcp_scanner to FILES. Add maths lib to link libraries. * nasl/nasl_builtin_openvas_tcp_scanner.c: New file. A copy of openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, modified slightly for NASL caller. * nasl/nasl_builtin_plugins.h: Add header. * nasl/nasl_init.c (libfuncs): Add plugin_run_openvas_tcp_scanner. 2011-01-13 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_write_config): Changed defaults of certain ldap attribute names to more sensible values. 2011-01-13 Matthew Mundell * nasl/nasl_builtin_find_service.c (plugin_run_find_service): Remove tracing. 2011-01-13 Matthew Mundell Add a builtin version of the find_service C NVT, to replace the C version. Most of work by Jan-Oliver Wagner. * nasl/CMakeLists.txt: Use Greenbone addresses. Add builtin find_service to FILES. * nasl/nasl_builtin_find_service.c: New file. A copy of openvas-scanner/cnvts/find_service/find_service.c, modified slightly for NASL caller. * nasl/nasl_builtin_plugins.h: New file. * nasl/nasl_init.c (libfuncs): Add plugin_run_find_service. 2011-01-12 Felix Wolfsteller * misc/openvas_auth.c (openvas_is_user_admin): Return 1 also if a "remote admin" with the given username is found. 2011-01-12 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Slightly improved log messages. 2011-01-12 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Removed obsolete variable. Check return of ldap_initialize. 2011-01-10 Michael Wiegand Post release version bump. * VERSION: Set to 4.0.0.rc3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2011-01-10 Michael Wiegand Preparing the openvas-libraries 4.0+rc2 release. * VERSION: Set to 4.0.0.rc2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2011-01-08 Matthew Mundell * base/openvas_file.c: Remove todos about moving into this module. 2011-01-03 Felix Wolfsteller Fix rule saving for ldap authenticated users by ensuring existence of rules directory. * misc/ldap_auth.c (ldap_auth_query_rules): Create users rules directory if it does not exist (previously done by openvas_auth_store_user_rules). Save rules also if none fetched (i.e. empty, default rules). 2011-01-03 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_store_user_rules): Clarify parameter documentation. 2011-01-03 Felix Wolfsteller * misc/ldap_auth.c (user_dir_path): New function to determine user directory. (ldap_auth_query_rules, ldap_authenticate): Use new function. 2011-01-03 Felix Wolfsteller * misc/openvas_auth.c: Minimal structural improvement of module documentation. 2011-01-03 Felix Wolfsteller * misc/openvas_auth.c: Updated module documentation to include the possibility to use an ADS as remote authentication source. Removed todo comment about OPENVAS_USER_DIR, which is not used anymore. 2011-01-03 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_mkrulesdir): New function to create the directory where users rules are placed ("auth"). * misc/openvas_auth.h (openvas_auth_mkrulesdir): Proto for new function. 2011-01-03 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_store_user_rules): Removed use of temporary variable "auth_dir_name" wich became superflous in revision 9746, note in documentation that directory has to exist prior to function call. 2011-01-03 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_user_rules) (openvas_auth_user_uuid_rules): Removed one todo comment, precised one other brief comment. 2010-12-31 Felix Wolfsteller * misc/ldap_auth.h, misc/ldap_auth.c (ldap_auth_query_role): Made a parameter const. 2010-12-20 Michael Wiegand Make sure function calls match the prototype for the function. Discovered by Stephan Kleine. * nasl/nasl_host.c (nasl_this_host): Adjust calls to socket_get_next_source_v4_addr and socket_get_next_source_v6_addr to match their prototypes. * misc/pcap.c (v6_getsourceip, getsourceip, v6_routethrough) (routethrough): Adjust calls to socket_get_next_source_addr, socket_get_next_source_v4_addr and socket_get_next_source_v6_addr to match their prototypes. 2010-12-20 Michael Wiegand Post release version bump. * VERSION: Set to 4.0.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-12-20 Michael Wiegand Preparing the openvas-libraries 4.0+rc1 release. * VERSION: Set to 4.0.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-12-20 Michael Wiegand * tools/openvas-macros.cmake: Removed outdated and unused CMake macros. 2010-12-17 Jan-Oliver Wagner * TODO: Removed 2 old entries about header files that are solved meanwhile. 2010-12-17 Michael Wiegand * configure.in: Fix help string for --enable-cmake-release parameter. * configure: Regenerated. 2010-12-17 Michael Wiegand * INSTALL_README: Updated and rephrased a large part of the installation instruction, removed outdated information. 2010-12-17 Michael Wiegand * misc/openvas_auth.c (openvas_auth_store_user_rules): Removed superfluous call to g_mkdir_with_parents (). The "auth" directory already exists at this point and this call has been observed to behave badly when called in setuid binaries. 2010-12-10 Michael Wiegand Address compiler warnings from gcc 4.4 to ensure openvas-libraries compiles without warnings with newer compilers as well. * nasl/lsearch.c (lfind): Remove superfluous function which is also provided by glibc. * nasl/CMakeLists.txt: Add "-fno-strict-aliasing" to CFLAGS to silence warnings caused by macros defined in nasl/byteorder.h. * misc/share_fd.c (send_fd, recv_fd): Do not use CMSG_DATA macro to avoid double casting. * misc/ids_send.c (ids_send): Avoid casting between different types of sockaddr structs; use a union containing the different types instead. 2010-12-07 Michael Wiegand * INSTALL_README: Updated prerequisites. 2010-12-01 Michael Wiegand Post release version bump to 4.0+beta3.SVN. * VERSION: Set to 4.0.0.beta3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-12-01 Michael Wiegand Preparing the openvas-libraries 4.0+beta2 release. * VERSION: Set to 4.0.0.beta2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-11-26 Matthew Mundell * misc/openvas_server.c (openvas_server_free): Only shut down the local side of the session in the gnutls_bye, and remove the interrupted countdown. 2010-11-26 Matthew Mundell * misc/openvas_server.c (openvas_server_open, openvas_server_connect) (openvas_server_attach, openvas_server_send, openvas_server_new) (openvas_server_free): Make failure messages g_warnings, and trace messages g_debugs. 2010-11-26 Michael Wiegand Ensure the last commit actually compiles and does not produce warnings. * nasl/nasl_wmi.c: Added missing includes. (nasl_wmi_connect, nasl_wmi_connect_rsop, nasl_wmi_connect_reg): Call inet_ntoa () with a proper in_addr struct instead of trying to cast a uint32_t to it. * nasl/nasl_smb.c: Added missing includes. (nasl_smb_connect): Call inet_ntoa () with a proper in_addr struct instead of trying to cast a uint32_t to it. 2010-11-26 Sooraj KS * nasl/nasl_wmi.c (wmi_connect, wmi_connect_rsop, wmi_connect_reg): removed host argument and fetch host internally. * nasl/nasl_smb.c (smb_connect): removed host argument and fetch host internally. * nasl/nasl_init.c: updated function declarations. 2010-11-26 Michael Wiegand * base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Add a collection of code hardening flags to CMAKE_C_FLAGS, inspired by hardening-wrapper on Debian. 2010-11-26 Michael Wiegand * nasl/nasl_cmd_exec.c (nasl_fwrite): Check return value of call to ftruncate () and report an error if the call failed. 2010-11-26 Michael Wiegand * nasl/exec.c (exec_nasl_script): Removed superfluous use of chdir (). 2010-11-26 Michael Wiegand * misc/pcap.c (getipv4routes, routethrough): Handle cases when opening /proc/net/route worked, but no content can be read. 2010-11-26 Michael Wiegand * misc/rand.c (openvas_init_random): Check return values of calls to fread () and fclose () and log a warning if something seems wrong with /dev/urandom. 2010-11-26 Michael Wiegand * misc/openvas_ssh_login.c (openvas_ssh_login_file_write): Check return value and return FALSE if the call to write () failed. * ChangeLog: Added missing function name to last entry. 2010-11-26 Michael Wiegand * misc/network.c (renice_myself): Addressed compiler warning and catch result of call to nice (). Added todo for checking the return value. 2010-11-24 Michael Wiegand * misc/ads_auth.c: Ensure strcasestr () is available by defining _GNU_SOURCE. Fixes a compiler warning when building with ENABLE_LDAP_AUTH. 2010-11-18 Jan-Oliver Wagner * nasl/nasl_signature.c (nasl_get_pubkey): Moved memory allocation for key_string a bit more down to save one free(). Changed g_malloc to g_malloc0. Fixed efree() calls to use g_free and to release to correct pointer. 2010-11-18 Michael Wiegand * misc/CMakeLists.txt: Add services.h to the list of headers to be installed. 2010-11-18 Michael Wiegand Post release version bump to 4.0+beta2.SVN. * VERSION: Set to 4.0.0.beta2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-11-18 Michael Wiegand Preparing the openvas-libraries 4.0+beta1 release. * VERSION: Set to 4.0.0.beta1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-11-17 Jan-Oliver Wagner * CHANGES: Updated for 4.0+beta1. 2010-11-17 Michael Wiegand * hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Add -Werror to compiler flags so that compiler warnings are now treated as errors. 2010-11-17 Michael Wiegand * misc/www_funcs.c (build_encode_URL): Addressed yet another compiler warning. Call inet_ntop () with a proper in_addr pointer instead of trying to cast a uint32_t to it. 2010-11-17 Preeti Subramanian * misc/ids_send.c (open_sock_tcp): Addressed compiler warnings. Changed src6 to instance of structure in6_addr. 2010-11-17 Michael Wiegand Addressed more 64 bit compiler warnings. * misc/openvas_server.c (openvas_server_send): Cast argument to int when using it to specify field precision. * omp/xml.c (read_entity_and_string): Cast argument to int when using it to specify field precision. 2010-11-17 Michael Wiegand Addressed two 64 bit compiler warnings. * misc/openvas_server.c (openvas_server_send): Use %zu for size_t. * omp/xml.c (read_entity_and_string): Cast to match format string. 2010-11-16 Jan-Oliver Wagner * nasl/nasl_func.c (qsortcmp): Added this typedef to allow proper cast. (insert_nasl_func): Apply cast to qsortcmp for strcmp used in qsort. 2010-11-16 Jan-Oliver Wagner * misc/bpf_share.c (bpf_open_live): Lowered limit of for-loop by 1 because currently it would exceed the fixed field size. This is just from reading the code and because we got a compiler warning "array subscript is above array bounds". It is unclear how or whether there is any positive effect in practice at all. 2010-11-16 Michael Wiegand Addressed compiler warnings regarding uninitialized variables and unused functions. * nasl/nasl_packet_forgery_v6.c (forge_icmp_v6_packet): Make sure routersolicit, routeradvert, neighborsolicit and neighboradvert are initialized before use. * hg/hg_add_hosts.c (hg_add_ipv6host_with_options): Addressed TODO, ensure c_hostname is initialized before use. * misc/openvas_logging.c (openvas_syslog_func): Removed superfluous function, logging to syslog is now handled by openvas_log_func. (openvas_log_func): Ensure log_domain_entry is initialized before use. 2010-11-14 Jan-Oliver Wagner * base/CMakeLists.txt: Removed accidental change in last commit. 2010-11-13 Jan-Oliver Wagner * misc/system.c (inet_aton): Removed this function. This function appears to be available on any relevant OpenVAS platform and thus we do not need a fall-back anymore. 2010-11-09 Jan-Oliver Wagner * misc/CMakeLists.txt: Changed install directory for headers of library "misc" from "openvas" to "openvas/misc". * nasl/nasl.h, hg/hosts_gatherer.h, misc/plugutils.h, nasl/nasl_debug.c: Adjusted include paths accordingly. 2010-11-09 Michael Wiegand New functions for network level scans as described in OpenVAS Change Request #49 (see http://www.openvas.org/openvas-cr-49.html). * nasl/nasl_scanner_glue.c (scan_phase, network_targets): New functions to retrieve the current scan phase and network targes from the KB. * nasl/nasl_scanner_glue.h: Updated. * nasl/nasl_init.c: Exposed new functions. 2010-11-07 Jan-Oliver Wagner This patch removes the use of arglist elements for storing NVT meta data. It is replaced by usng the NVTI structure. This lowers the overall memory footprint of the scanner. It is also intended that the use of the plug_set* and plug_get* commands is reduced in the scanner, removed entirely in the optimal case. * misc/plugutils.c (plug_set_nvti, plug_get_nvti): New. (plug_set_version, plug_get_version, plug_set_path, plug_get_path, plug_set_id, plug_get_oid, plug_get_oid, plug_set_cve_id, plug_get_cve_id, plug_set_bugtraq_id, plug_get_bugtraq_id, plug_set_xref, plug_get_xref, plug_set_tag, plug_get_tag, plug_set_sign_key_ids, plug_get_sign_key_ids, plug_set_family, plug_get_family, plug_require_key, plug_get_required_keys, plug_mandatory_key, plug_get_mandatory_keys, plug_exclude_key, plug_get_excluded_keys, plug_require_port, plug_get_required_ports, plug_require_udp_port, plug_get_required_udp_ports, plug_set_dep, plug_get_deps, plug_set_timeout, plug_get_timeout, plug_set_name, plug_get_name, plug_set_summary, plug_get_summary, plug_set_description, plug_get_description, plug_set_copyright, plug_get_copyright, plug_set_category, plug_get_category, add_plugin_preference): Set and get the data from the nvti object instead of using arglist elements. * misc/plugutils.h: Added nvti and new protos. * misc/store.c (store_load_plugin, store_plugin): Only handle the nvti obejct. 2010-10-27 Michael Wiegand Post branch version bump. * VERSION: Set to 3.2.0.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-10-26 Michael Wiegand Do not log errors when there are no errors. * nasl/nasl_scanner_glue.c (script_get_preference_file_content): Do not log an error if the content for files that were not uploaded could not be found. (script_get_preference_file_location): Do not log an error if the location of a file that was not uploaded could not be determined. 2010-10-26 Michael Wiegand * configure.in: Fix module name in error message. 2010-10-21 Matthew Mundell * base/array.c (array_free): Iterate using length, instead of depending on the caller to terminate the array. 2010-10-17 Jan-Oliver Wagner Move arglist-related functions into module arglists. * misc/arglists.c (arglist2str, str2arglist): New. * misc/arglists.h: Added protos accordingly. * misc/store.c (arglist2str, str2arglist): Removed. 2010-10-14 Jan-Oliver Wagner Drop over 3500 lines of code by replacing a last use of the hlst and harglists code. * nasl/nasl_socket.c (struct udp_record): New. Stores a udp record with length information to be used for hashtable. (add_udp_data, get_udp_data, rm_udp_data): Replace the whole implementation of harglists by glib's hashtable. * nasl/nasl.c: Removed include of harglists.h. * misc/hlst.c, misc/hlst.h, misc/harglists.c, misc/harglists.h: Removed. * misc/CMakeLists.txt: Removed handling of modules hlst and harglist. * COPYING, MANIFEST: Removed entries for harglist and hlst. 2010-09-28 Matthew Mundell * omp/omp.c (omp_start_task_report, omp_resume_or_start_task_report) (omp_resume_or_start_task): Return 1 on OMP failure. (omp_start_task): Doc return value. (omp_get_system_reports): New function. * omp/omp.h: Add header accordingly. * omp/xml.c (xml_count_entities): New function. * omp/xml.h: Add header accordingly. 2010-09-16 Matthew Mundell * omp/omp.c (omp_get_targets): New function. * omp/omp.h: Add header accordingly. 2010-09-14 Matthew Mundell * omp/omp.c (omp_get_rules_503): Remove. Pre OMP 1.0 command. (omp_get_report_format): Match GET_REPORTS call to Manager trunk. (omp_get_nvt_details_503): Remove timeout attribute, which requires a config attribute. * omp/omp.h: Remove header accordingly. 2010-09-14 Matthew Mundell * omp/omp.c (omp_create_task): Pass IDs in OMP. Read response with omp_read_create_response. (omp_read_create_response, omp_pause_task, omp_resume_paused_task) (omp_resume_stopped_task, omp_resume_stopped_task_report): New functions. (omp_wait_for_task_delete): Free entity after use. (omp_get_report): Add first_result_number argument. Match GET_REPORTS call to Manager trunk. (omp_get_results): New function. (omp_create_target): Add credential arg and UUID return arg. Use omp_read_create_response. (omp_delete_target, omp_delete_config): Use openvas_server_sendf. (omp_create_lsc_credential): Add password arg and UUID return arg. Use omp_read_create_response. (omp_delete_lsc_credential): Add UUID return arg. Use openvas_server_sendf. * omp/omp.h: Update headers accordingly. 2010-09-10 Jan-Oliver Wagner * CHANGES: Fixed two typos. 2010-09-10 Jan-Oliver Wagner Post release version bump. * VERSION: Set to 3.1.4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-09-10 Jan-Oliver Wagner Preparing the openvas-libraries 3.1.3 release. * CHANGES: Updated. * VERSION: Set to 3.1.3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-09-05 Thomas Reinke * misc/store.c: kept memory management model consistent by using estrdup instead of g_strdup for arglists when freeing up is done with efree 2010-09-03 Thomas Reinke * misc/store.c: removed extra plug_set_family call 2010-09-03 Thomas Reinke * base/nvti.c: free memory allocated from use of glib routines 2010-08-23 Michael Wiegand * misc/share_fd.c: Add missing includes to make sure all neccessary defines are indeed defined and recv_fd operates properly. 2010-08-11 Matthew Mundell * omp/omp.c (omp_get_report, omp_get_report_format): Temporarily pass format to GET_REPORTS again, to remain compatible with Manager 1.0. 2010-08-10 Matthew Mundell * omp/omp.c (omp_get_report, omp_get_report_format): Pass format_id instead of format to GET_REPORTS. Note bad name. 2010-08-06 Chandrashekhar B * nasl/nasl_wmi.c (nasl_wmi_connect_reg, nasl_wmi_connect_rsop): namespace argument is not required for these two functions, removed. 2010-08-04 Michael Wiegand Post release version bump. * VERSION: Set to 3.1.3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-08-04 Michael Wiegand Preparing the openvas-libraries 3.1.2 release. * CHANGES: Updated. * VERSION: Set to 3.1.2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * nasl/wmi_interface_stub.c: Fixed incorrect function name in WMI interface stub which caused the build to fail when compiled without WMI. 2010-08-03 Michael Wiegand Post release version bump. * VERSION: Set to 3.1.2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-08-03 Michael Wiegand Preparing the openvas-libraries 3.1.1 release. * CHANGES: Updated. * VERSION: Set to 3.1.1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-08-03 Michael Wiegand * base/CMakeLists.txt, hg/CMakeLists.txt: Make messages printed during the build process even more consistent. Inconsistency spotted by Felix Wolfsteller. 2010-08-03 Michael Wiegand * doc/wmi-howto.txt: Updated WMI documentation. 2010-08-03 Michael Wiegand Updated WMI infrastructure. * nasl/nasl_wmi.c (nasl_wmi_connect, nasl_wmi_connect_rsop) (nasl_wmi_connect_rsop): Adjusted WMI function calls to new patch API based on work done by Chandrashekhar B. * nasl/openvas_wmi_interface.h: Updated prototypes. * nasl/CMakeLists.txt: Include "wmiclient" in target_link_libraries if it is present. * nasl/wmi_interface_stub.c: Adjusted to new patch API. 2010-07-28 Michael Wiegand * base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt: Make messages printed during the build process more consistent. Removed superfluous and wrongly placed messages. 2010-07-28 Michael Wiegand * nasl/CMakeLists.txt: Removed duplicate calls to external programs, consolidated calls in one place. Moved the setting of link_directories up to ensure it is set before the first target_link_libraries call. 2010-07-26 Jan-Oliver Wagner * nasl/nasl_icmp.h, nasl/nasl_ip.h, nasl/nasl_raw.h, nasl/nasl_tcp.h, nasl/nasl_udp.h: Added missing header with author, copyright and license. Since this header file was part of libnasl, the full header of libnasl/nasl/capture_packet.c is used as a typical representative of this module. * nasl/proto.h: Added missing header. Copied from ntlmssp.h. * COPYING: Completed. 2010-07-26 Jan-Oliver Wagner * nasl/smb_crypt.h: Added missing header with author, copyright and license. Since this header file was developed for smb_crypt.c the full header of smb_crypt.c is used for smb_crypt.h as well. * nasl/smb_signing.h: Added missing header with author, copyright and license. Since this header file was developed for smb_signing.c the full header of smb_signing.c is used for smb_signing.h as well. * nasl/tests/Makefile, nasl/tests/signed.nasl, nasl/tests/test_script_signing.sh: Added missing header. 2010-07-26 Jan-Oliver Wagner * COPYING.BSD3: New. * nasl/md4.h: Added missing header with author, copyright and license. Since this header file was developed for md4.c the full header of md4.c is used for md4.h as well. * nasl/md5.h: Added missing header with author, copyright and license. Since this header file was developed for md5.c the full header of md5.c is used for md5.h as well. * nasl/nasl.h: Added missing header with author, copyright and license. Since this header file was developed for nasl.c the full header of nasl.c is used for nasl.h as well. * MANIFEST: Updated. 2010-07-26 Jan-Oliver Wagner * configure: Updated. 2010-07-26 Jan-Oliver Wagner This patch removes the config.h file of nasl which was a static version derived from the previous libnasl module. It contained static settings like LINUX=1 and therfore likely caused trouble on various systems that differ from the system where the static file was created (Debian "Lenny" 5.0). Any macro not occuring in nasl/* was not considered for the migration to the config.h in include/. * include/config.h.in: Added some sizes as needed for nasl. * configure.in: Added various checks as needed for nasl. * nasl/config.h: Removed. This work-around static config.h is not needed anymore. * MANIFEST: Updated. 2010-07-26 Jan-Oliver Wagner * COPYING: Added more entries. List is still incomplete. 2010-07-25 Jan-Oliver Wagner * COPYING.BSD2: New. * MANIFEST: Updated. 2010-07-25 Jan-Oliver Wagner * misc/rand.h: Added missing header with author, copyright and license. Since this header file was developed for rand.c the full header of rand.c is used for rand.h as well. 2010-07-25 Jan-Oliver Wagner * COPYING: New. Summary of licenses for each file of this package. First part - not complete yet. 2010-07-25 Jan-Oliver Wagner Added license information for module "proctitle". I searched the "LICENSE" file of LPRng and found this: "* You may use "LPRng" or "IFHP" under either the terms of the GNU GPL License or the Artistc License. These licenses are included below. The licenses were obtained from the http://www.opensource.org web site on 28 Aug 2003". So, the files are actually GPLv2. * misc/proctitle.c, misc/proctitle.h: Added clearifying license note. 2010-07-25 Jan-Oliver Wagner * misc/ids_send.h: Added missing header with author, copyright and license. Since this header file was developed for ids_send.c the full header of ids_send.c is used for ids_send.h as well. 2010-07-24 Jan-Oliver Wagner * COPYING: Renamed to COPYING.LGPLv2. * COPYING.LGPLv2: New. Former COPYING. * COPYING.GPLv2: New. * MANIFEST: Updated. 2010-07-15 Raimund Renkert * base/CMakeLists.txt: Added crosscompile support for mingw32. 2010-07-14 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.1.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-07-14 Michael Wiegand Preparing the openvas-libraries 3.1.0 release. * CHANGES: Updated. * VERSION: Set to 3.1.0. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-07-14 Michael Wiegand * tools/openvas-lsc-rpm-creator.sh: Updated with new version generated by ../tools/openvas-lsc-target-preparation. 2010-07-13 Matthew Mundell * omp/omp.c (omp_get_nvt_all): Switch to GET_NVTS. (omp_get_status): Align param. (omp_get_tasks): Add details arg. Update caller. (omp_get_report): Add s to command. (omp_get_nvt_details_503): Switch to GET_NVTS. * omp/omp.h: Update header accordingly. 2010-07-09 Michael Wiegand Make cmake environment more flexible as discussed on openvas-devel. * configure.in: Add new configuration options --enable-verbose-makefile and --enable-cmake-release and pass their values to the output files. * configure: Regenerated. * openvas-libraries.tmpl.in: Add new variables VERBOSE_MAKEFILE and BUILD_TYPE. * Makefile (all): Add VERBOSE_MAKEFILE and BUILD_TYPE to the calls to cmake. * base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Set CMAKE_BUILD_TYPE only to "Debug" if it is not already set. Do not set CMAKE_VERBOSE_MAKEFILE, let it default to OFF. 2010-07-08 Matthew Mundell * misc/network.c (auth_printf): Increase buffer size, as the public keys included in OTP CERTIFICATES can be larger than 65535. 2010-07-07 Matthew Mundell * nasl/nasl_signature.c (nasl_get_pubkey): Terminate key_string. 2010-07-01 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.0.rc4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-07-01 Michael Wiegand Preparing the openvas-libraries 3.1.0.rc3 release. * CHANGES: Updated. * VERSION: Set to 3.1.0.rc3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-06-30 Michael Wiegand * nasl/CMakeLists.txt: Use gpgme-config to get the correct flags for building with gpgme. This fixes an issue which caused the build to fail on Gentoo. 2010-06-30 Michael Wiegand * omp/omp.c (omp_abort_task): Brought back as a deprecated wrapper function for omp_stop_task to ensure backward compatibility. (omp_get_status): Brought back as a deprecated wrapper function for omp_get_tasks to ensure backward compatibility. * omp/omp.h: Updated. * ChangeLog: Fixed entry from 2010-06-22. 2010-06-29 Preeti Subramanian * nasl/smb_crypt.h: Removed warning. 2010-06-28 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.0.rc3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-06-28 Michael Wiegand Preparing the openvas-libraries 3.1.0.rc2 release. * CHANGES: Updated. * VERSION: Set to 3.1.0.rc2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * MANIFEST: Added missing entry. 2010-06-28 Michael Wiegand * ChangeLog: Fixed non-ASCII character. 2010-06-28 Michael Wiegand * misc/openvas_auth.c (openvas_authenticate_uuid): Log uuid as well. 2010-06-28 Michael Wiegand * misc/plugutils.h: Expose plug_set_ssl_CA_file since it is needed by openvas-scanner/cnvts/find_service/find_service.c. * misc/plugutils.c: Removed now obsolete TODO. 2010-06-28 Michael Wiegand * misc/plugutils.h: Removed duplicate declarations of plug_get_bugtraq_id and plug_get_cve_id. 2010-06-28 Michael Wiegand * base/pidfile.c: Added missing include. 2010-06-28 Michael Wiegand * base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Removed redundant compiler flags from CMAKE_C_FLAGS_DEBUG; CMAKE_C_FLAGS will be passed to the compiler in any case, so there is no need to put the flags into CMAKE_C_FLAGS_DEBUG as well. 2010-06-28 Michael Wiegand * misc/plugutils.c (get_plugin_preference_file_content): Removed superfluous const qualifier from return type. * misc/plugutils.h: Updated. * nasl/nasl_scanner_glue.c (script_get_preference_file_content): Removed const qualifier to match updated function declaration. 2010-06-28 Michael Wiegand * hg/hg_dns_axfr.c (hg_dns_axfr_decode): Cast union parameter for hg_dns_axfr_add_host to the expected type, thereby resolving a compiler warning. 2010-06-28 Michael Wiegand * misc/resource_request.c (resource_request_resource): Use g_ascii_strcasecmp instead of strcasecmp, thereby removing the need for including strings.h and resolving a compiler warning. 2010-06-28 Michael Wiegand * base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Make CMake generated Makefiles less verbose to make it easier to spot compiler warnings. 2010-06-28 Michael Wiegand * base/drop_privileges.c (drop_privileges_error): Set format string when calling g_set_error. 2010-06-25 Michael Wiegand * misc/plugutils.c (plug_get_host_fqdn): Use plug_get_key to get vhosts from the KB; this forks if there is more than one vhost and results in a different return value in each fork. 2010-06-25 Michael Wiegand * misc/openvas_auth.c (openvas_authenticate_uuid): Added event logging to user authentication. 2010-06-25 Michael Wiegand * misc/openvas_logging.c: Added to elements to openvas_logging_t for syslog related configuration. (facility_int_from_string): New. Convenience function to convert a syslog facility string to its corresponding integer value. (openvas_log_func): Enable support for logging to syslog. 2010-06-22 Matthew Mundell * omp/omp.c (omp_abort_task): Remove. (omp_stop_task): New function. Rename from omp_abort_task. * omp/omp.h: Update header accordingly. 2010-06-22 Michael Wiegand * base/CMakeLists.txt: Make sure drop_privileges.c gets build and drop_privileges.h gets installed. 2010-06-19 Jan-Oliver Wagner * doc/example.target.sources: Renamed to doc/example.target.locators. 2010-06-18 Jan-Oliver Wagner * doc/example.auth.conf: More "OpenVAS" in example. 2010-06-18 Matthew Mundell * omp/omp.c: Replace GET_STATUS with GET_TASKS in comments. (omp_wait_for_task_start, omp_wait_for_task_end) (omp_wait_for_task_stop, omp_wait_for_task_delete): Use new name GET_TASKS in OMP. (omp_get_status): Remove. (omp_get_tasks): New function. Rename from omp_get_status. * omp/omp.h: Update headers accordingly. 2010-06-17 Felix Wolfsteller * nasl/nasl_misc_funcs.c: Indented with `indent --no-tabs --ignore-newlines -l 80` . 2010-06-16 Tim Brown * nasl/nasl_misc_funcs.c, nasl/nasl_misc_funcs.h, nasl/nasl_init.c: Added get_byte_order function as proposed by Goran Licina . 2010-06-10 Raimund Renkert * omp/xml.h: Donate entity struct a name. 2010-06-09 Preeti Subramanian Bug Fix. Changed function names related to NTLMSSP by appending _ntlmssp. This would prevent conflicts that occur while WMI and NTLMSSP features co-exist. * nasl/smb_signing.c, nasl/smb_signing.h, nasl/proto.h, nasl/genrand.c, nasl/nasl_crypto.c, nasl/charset.h, nasl/time.c, nasl/ntlmssp.c, nasl/smb_crypt.c, nasl/smb_crypt.h, nasl/smb_crypt2.c, nasl/iconv.c, nasl/md4.c, nasl/md4.h, nasl/charcnv.c, nasl/arc4.c: Changed conflicting function names by appending names with _ntlmssp. 2010-06-08 Felix Wolfsteller Refactored, resolved code duplicate. * misc/ads_auth.c (ads_auth_bind): Removed. (ads_auth_bind_query): Use ldap_auth_bind instead of ads_auth_bind. (ads_authenticate): Use ldap_auth_bind instead of ads_auth_bind. Prevent login attempt without given domain. * misc/ldap_auth.c (ldap_auth_bind): Made non-static. * misc/ldap_auth.h (ldap_auth_bind): Expose. 2010-06-08 Felix Wolfsteller * misc/openvas_auth.c, misc/ldap_auth.c, misc/ads_auth.c: `make indent` * misc/resource_request.c: Added macro for file name, `make indent`. 2010-06-08 Felix Wolfsteller * openvas_macros.cmake: New file containing indentation target definitions (refactored from base/CMakeLists). * misc/CMakeLists.txt, base/CMakeLists.txt: Include new file, create indentation targets. 2010-06-08 Felix Wolfsteller * base/CMakeList.txt: Added experimental "indent" target that calls indent on all source files in base. * base/credentials.h, openvas_string.c: Indented using new make target. 2010-06-07 Felix Wolfsteller Adressed openldap deprecation warnings, resolving respective todos. * misc/ads_auth.c (ldap_object_get_attribute_values): Changed return type, use ldap_get_values_len instead of ldap_get_values, copy values returned by ldap. (ads_auth_bind): duplicate and free value passed to ldap that is marked const in signature. (ldap_object_attribute_has_value, ads_query_rules): Adjusted to changed ldap_object_get_attribute_values. (ads_authenticate): Declare variable dn earlier. * misc/ldap_auth.c (ldap_auth_bind): duplicate and free value passed to ldap that is marked const in signature. (ldap_auth_query): Improved const-correctness, use ldap_get_values_len instead of ldap_get_values. (ldap_auth_query_rules, ldap_auth_query_role): use ldap_get_values_len instead of ldap_get_values. (ldap_authenticate): Removed unused variable. 2010-06-07 Felix Wolfsteller Adressed openldap deprecation warnings, resolving respective todos. Resolved code duplicates. * misc/ads_auth.c (ads_auth_bind): Use ldap_sasl_bind instead of deprecated ldap_simple_bind. (ads_authenticate): Use ads_auth_bind instead of binding with duplicate code. * misc/ldap_auth.c (ldap_auth_bind): Use ldap_sasl_bind instead of deprecated ldap_simple_bind. (ldap_authenticate): Use ldap_auth_bind instead of binding with duplicate code. 2010-06-03 Felix Wolfsteller * base/openvas_string.c (openvas_string_flatten_string_list): Do not terminate with given separator. (openvas_string_list_free): New. Convenience function to free a list of gchar*s. * base/openvas_string.h (openvas_string_list_free): Added proto. 2010-06-03 Felix Wolfsteller * base/openvas_string.c (openvas_string_flatten_string_list): Donate own memory to returned variable. 2010-06-03 Felix Wolfsteller * base/openvas_string.c (openvas_string_flatten_string_list): New utility function. * base/openvas_string.h (openvas_string_flatten_string_list): Added proto. 2010-06-03 Felix Wolfsteller Added module to retrieve resources from sources. In the current implementation this means retrieve strings from an ADS/LDAP- directory. Implementation was done aiming at these strings becoming target definitions. Sources are configurable via a configuration file residing in the openvas-sysconfdir (PREFIX/etc/openvas). * misc/resource_request.c, misc/resource_request.h: New module to expose source names and request resources string. * misc/CMakeLists.txt: Added new module, repaired setting of OPENVAS_SYSCONF_DIR. * MANIFEST: Added new files of new module. * doc/example.target.sources: Added exemplary source definitions. 2010-06-03 Michael Wiegand * nasl/nasl_crypto2.c (set_mpi_retc): Removed padding of returned buffer for cases when the most significant bit in the libgcrypt API response was set as this caused problems during SSH logins with RSA keys. Changed function documentation to explain this change. 2010-06-03 Felix Wolfsteller * misc/ads_auth.c (ads_auth_bind): New function, binds to ads. (ads_auth_bind_query): New function, binds to ads and returns result of query. Added todo, as duplicate code was introduced. * misc/ldap_auth.c (ldap_auth_bind): New function, binds with ldap. (ldap_auth_query): New function, queries via a bound ldap handle. (ldap_auth_bind_query): Convenience wrapper for the two new functions. Added todo about duplicate code. * misc/ldap_auth.h (ldap_auth_query, ldap_auth_bind_query): Added protos. * misc/ads_auth.h (ads_auth_bind_query): Added proto. 2010-06-03 Felix Wolfsteller * misc/ads_auth.c (ads_authenticate): Close memleaks. 2010-06-02 Felix Wolfsteller * configure.in: Added small comment. * nasl/CMakeLists.txt: As done in configure, add prefix/lib or libdir to path to search for libraries. Fixes linking of the openvas-nasl standalone interpretor against wmi-libs if these are not in the default path. 2010-05-31 Felix Wolfsteller * misc/ads_auth.c (ldap_object_get_attribute_values): NULL-terminate the attribute array. 2010-05-31 Felix Wolfsteller For configured ADS authentication: made rules working. * misc/ads_auth.c: Added some documenting text. (domain_to_ldap_dc): Added error condition, comment. (ads_auth_info_from_key_file): Improved debug message. (ldap_object_get_attribute_values): New function to query values of an attribute of an ldap object. (ldap_object_attribute_has_value): New function. Conveniently checks the values of an attribute. (ads_query_rules): New function to find and save accessrule of a user. (ads_authenticate): Use new ads_query_rules instead of ldap_auth_query_rules. Save rules and role in users-remote/ads instead of users-remote/ldap . * misc/ads_auth.h (ads_auth_info): Improved doc. * misc/ldap_auth.c (ldap_auth_query_rules): Added todo about usage of deprecated ldap function. (ldap_auth_query_role): Added deprecation todo, made role check work with multiple value attributes. 2010-05-28 Felix Wolfsteller * misc/ldap_auth.c (ldap_authenticate): Adressed todo regarding deprecated ldap functions. Use ldap_initialize with an ldap uri instead of ldap_open, ldap_unbind_ext_s instead of ldap_unbind. * misc/ads_auth.c (ads_authenticate): Adressed todo regarding deprecated ldap functions. Use ldap_initialize with an ldap uri instead of ldap_open. Made warnings/debug output more specific. 2010-05-28 Felix Wolfsteller Prevent certain formatting attacks by dissallowing percentage sign in username. * misc/openvas_auth.c (openvas_authenticate): Return -1 (failure) if percentage sign is found in username, adjusted documentation, improved debug message. 2010-05-27 Jan-Oliver Wagner * misc/CMakeLists.txt: Make library compile again when using BUILD_WITH_LDAP. 2010-05-27 Felix Wolfsteller Made StartTLS requirement configurable, solving 2 todos. The configuration entry is not found in the exemplary .auth.conf as it is highly advised not to use it other for testing purposes. * misc/ldap_auth.h (ldap_auth_info): Added field whether StartTLS is mandatory, adjusted proto. * misc/ldap_auth.c (ldap_auth_info_new): Added parameter whehter StartTLS is required. (ldap_authenticate): Respect new configuration entry. (ldap_auth_info_from_key_file): Read in new configuration entry. * misc/ads_auth.c (ads_authenticate): Use parameter to decide wheter StartTLS initialization success is mandatory. 2010-05-27 Felix Wolfsteller * misc/openvas_auth.c (openvas_write_config_file): When one of two methods is configured, do not create default entries for the other. Updated doc. 2010-05-27 Felix Wolfsteller Last part of commits for basic support for authentication against an ADS. Authenticator implementation in openvas_auth module. * misc/openvas_auth.c: Include ads_auth header. (authentication_method): Add ADS Method enum. (authentication_methods): Add ADS Mehtod string, made warning more prominent and marked semantically. (add_authenticator): Init and add an ADS authenticator. (openvas_auth_write_config): Add exemplary ADS authentication config. 2010-05-27 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_info_free): Handle case where parameter is NULL, updated doc. (ldap_auth_info_create_dn): Renamed to ldap_auth_info_auth_dn. (ldap_auth_info_auth_dn): Renamed from ldap_auth_info_create_dn. (ldap_authenticate): Updated call. 2010-05-27 Felix Wolfsteller Added basic support for authentication against an ADS (Active Directory Server). Note that to test, a configure switch (BUILD_WITH_LDAP) has to be set and appropriate values have to be entered in the authentication configuration file. * misc/ads_auth.c, misc/ads_auth.h: New module, analogous to the ldap authenticator. * doc/example.auth.conf: Added exemplary ADS authentication configuration. * misc/CMakeLists.txt: Add ads_auth module if BUILD_WITH_LDAP configure switch is set. * MANIFEST: Added new files. 2010-05-27 Felix Wolfsteller * misc/ldap_auth.c: Use angle bracket include for ldap header. (ldap_auth_query_rules): Made non-static. (ldap_auth_query_role): Made non-static. (ldap_authenticate): Make connection without StartTLS possible if macro is defined, added todo about usage of configuration entry instead of compile-time-macro. * misc/ldap_auth.h: Include ldap header. Be empty if ENABLE_LDAP_AUTH is undefined. (ldap_auth_query_rules): Expose proto. (ldap_auth_query_role): Expose proto. 2010-05-20 Felix Wolfsteller * base/CMakeLists.txt: Experimental indent target to check whether code conforms to GNU Coding Style as parsed by the indent tool. 2010-05-20 Felix Wolfsteller * misc/ldap_auth.c (ldap_authenticate): Require ldap-server to talk LDAPv3 and proper StartTLS initialization. 2010-05-20 Felix Wolfsteller * base/openvas_certificate_file.c (openvas_certificate_file_write): Adressed compiler warning that prevented build on some systems. Open the file, close it directly, set contents with GLib File Utility Functions. 2010-05-19 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-05-19 Michael Wiegand Preparing the openvas-libraries 3.1.0.rc1 release. * CHANGES: Updated. * VERSION: Set to 3.1.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-05-19 Michael Wiegand * omp/omp.h, omp/xml.c, omp/xml.h: Format according to coding style. Command was 'indent --no-tabs --ignore-newlines -l 80 *.c *.h'. 2010-05-19 Michael Wiegand * base/settings.c, base/openvas_string.c, base/drop_privileges.h, base/credentials.h, base/nvticache.c, base/settings.h, base/openvas_string.h, base/nvticache.h, base/openvas_file.c, base/accessrules.c, base/openvas_certificate_file.c, base/pidfile.c, base/array.c, base/openvas_file.h, base/severity_filter.c, base/nvti.c, base/accessrules.h, base/openvas_certificate_file.h, base/certificate.c, base/array.h, base/severity_filter.h, base/nvti.h, base/hash_table_util.c, base/certificate.h, base/hash_table_util.h, base/drop_privileges.c, base/credentials.c: Format according to coding style. Command was 'indent --no-tabs --ignore-newlines -l 80 *.c *.h'. 2010-05-19 Michael Wiegand * nasl/strutils.h, nasl/capture_packet.h, nasl/nasl_http.h, nasl/nasl_tcp.h, nasl/nasl_wmi.c, nasl/config.h, nasl/nasl_tree.c, nasl/nasl_signature.c, nasl/nasl_crypto2.c, nasl/nasl_tree.h, nasl/preparse.c, nasl/nasl_signature.h, nasl/nasl_crypto2.h, nasl/preparse.h, nasl/nasl_host.c, nasl/nasl_crypto.c, nasl/nasl_host.h, nasl/nasl_crypto.h, nasl/nasl_debug.c, nasl/nasl_socket.c, nasl/nasl_func.c, nasl/nasl_debug.h, nasl/nasl_socket.h, nasl/nasl_func.h, nasl/nasl_packet_forgery.c, nasl/nasl_text_utils.c, nasl/nasl_scanner_glue.c, nasl/exec.c, nasl/nasl_packet_forgery.h, nasl/nasl_text_utils.h, nasl/nasl_scanner_glue.h, nasl/exec.h, nasl/nasl_ip.h, nasl/nasl_packet_forgery_v6.c, nasl/nasl_smb.c, nasl/nasl_packet_forgery_v6.h, nasl/openvas_smb_interface.h, nasl/nasl_smb.h, nasl/nasl_var.c, nasl/lint.c, nasl/nasl_misc_funcs.c, nasl/nasl_lex_ctxt.c, nasl/nasl_var.h, nasl/nasl_misc_funcs.h, nasl/nasl_lex_ctxt.h, nasl/openvas_wmi_interface.h, nasl/nasl_global_ctxt.h, nasl/nasl_cmd_exec.c, nasl/nasl_cmd_exec.h, nasl/nasl.c, nasl/nasl.h, nasl/wmi_interface_stub.c, nasl/nasl_icmp.h, nasl/nasl_udp.h, nasl/nasl_init.c, nasl/nasl_init.h, nasl/strutils.c, nasl/capture_packet.c, nasl/nasl_http.c: Format according to coding style. Command was 'indent --no-tabs --ignore-newlines -l 80 *.c *.h'. 2010-05-19 Michael Wiegand * misc/comm.h, misc/harglists.c, misc/openvas_uuid.c, misc/kb.h, misc/store.h, misc/services1.c, misc/harglists.h, misc/openvas_uuid.h, misc/services1.h, misc/resolve.c, misc/openvas_logging.c, misc/pcap.c, misc/services.c, misc/resolve.h, misc/system.c, misc/services.h, misc/plugutils.c, misc/arglists.c, misc/system.h, misc/hash_table_file.c, misc/bpf_share.c, misc/network.c, misc/scanners_utils.c, misc/openvas_auth.c, misc/plugutils.h, misc/arglists.h, misc/hash_table_file.h, misc/bpf_share.h, misc/network.h, misc/openvas_server.c, misc/openvas_auth.h, misc/ldap_auth.c, misc/scanners_utils.h, misc/proctitle.c, misc/openvas_server.h, misc/ldap_auth.h, misc/otp.h, misc/hlst.c, misc/proctitle.h, misc/share_fd.c, misc/hlst.h, misc/openvas_ssh_login.c, misc/share_fd.h, misc/popen.c, misc/www_funcs.c, misc/pcap_openvas.h, misc/rand.c, misc/openvas_ssh_login.h, misc/system_internal.h, misc/popen.h, misc/ftp_funcs.c, misc/www_funcs.h, misc/ids_send.c, misc/rand.h, misc/kb.c, misc/ftp_funcs.h, misc/store.c, misc/ids_send.h: Format according to coding style. Command was 'indent --no-tabs --ignore-newlines -l 80 *.c *.h'. 2010-05-19 Michael Wiegand * hg/hg_filter.c, hg/hg_debug.c, hg/hg_utils.c, hg/hg_subnet.c, hg/test.c, hg/hosts_gatherer.c, hg/hg_dns_axfr.c, hg/hg_utils.h, hg/hg_subnet.h, hg/hosts_gatherer.h, hg/hg_add_hosts.c, hg/hg_dns_axfr.h, hg/hg_add_hosts.h: Format according to coding style. Command was 'indent --no-tabs --ignore-newlines -l 80 *.c *.h'. 2010-05-19 Felix Wolfsteller * misc/bpf_share.c: Minor doc added. 2010-05-18 Felix Wolfsteller * misc/CMakeLists.txt: Improved check for ldap libraries, be happy with both libldap2 and libldap. 2010-05-17 Preeti Subramanian NTLMSSP feature support. * nasl/smb_signing.c: Added new module. * nasl/smb_signing.h: Added new module. * nasl/byteorder.h: Added new module. * nasl/proto.h: Added new module. * nasl/genrand.c: Added new module. * nasl/time.c: Added new module. * nasl/charset.h: Added new module. * nasl/ntlmssp.c: Added new module. * nasl/ntlmssp.h: Added new module. * nasl/iconv.c: Added new module. * nasl/iconv.h: Added new module. * nasl/md4.c: Added new module. * nasl/md4.h: Added new module. * nasl/charcnv.c: Added new module. * nasl/nasl_misc_funcs.c (nasl_dec2str): Added utility function. * nasl/nasl_misc_funcs.h (nasl_dec2str): Added function declaration. * nasl/nasl_crypto.c (nasl_get_sign) (nasl_ntlmv2_response) (nasl_ntlm2_response) (nasl_ntlm_response) (nasl_keyexchg) (nasl_insert_hexzeros): Added new functions to support NTLMSSP responses. * nasl/nasl_crypto.h: Added new functions to support NTLMSSP responses. * nasl/smb_crypt.c (SMBsesskeygen_ntv1) (SMBOWFencrypt) (SMBencrypt) (SMBencrypt_hash) (SMBNTencrypt_hash) (SMBsesskeygen_lm_sess_key) (E_md5hash) (E_deshash) (SMBsesskeygen_ntv2) (NTLMv2_generate_client_data) (NTLMv2_generate_response) (LMv2_generate_response) (SMBNTLMv2encrypt_hash): Added new functions to support NTLMSSP. * nasl/smb_crypt.h: Added new functions. * nasl/smb_crypt2.c: Added file include. * nasl/smb_crypt.c (SMBOWFencrypt_ntv2): Modified function calls to remove warnings. * nasl/hmacmd5.h (hmac_md5): Added function declaration to remove warning. * nasl/CMakeLists.txt: Added new functions. * nasl/nasl_init.c: Added newly defined functions. * MANIFEST: Added new modules. 2010-05-14 Michael Wiegand * misc/openvas_auth.c (openvas_set_user_role): Fix glib API call to g_set_file_contents to better conform to the API documentation; passing 0 as length seems to break glib file creation under certain circumstances. Bug found by Michael Meyer. 2010-05-12 Matthew Mundell Add CVSS base and risk factor to nvti_t. * base/nvti.c (nvti_cvss_base, nvti_risk_factor, nvti_set_cvss_base) (nvti_set_risk_factor): New functions. (nvti_free): Free cvss_base and risk_factor. * base/nvti.h: Add headers accordingly. (nvti_t): Add cvss_base and risk_factor. 2010-05-11 Michael Wiegand Changed preference file infrastructure to handle file uploads stored in memory instead of on disk. Part of OpenVAS Change Request #47 (http://www.openvas.org/openvas-cr-47.html). * misc/plugutils.c (get_plugin_preference_fname): Changed to write the file contents from memory to a temporary file and return the name of the temporary file. This is currently necessary for NVTs which need to access a file, but will become deprecated soon. (get_plugin_preference_file_content): New. Provides the contents of an uploaded preference file. (get_plugin_preference_file_size): New. Provides the size of an uploaded preference file. * misc/plugutils.h: Updated. * nasl/nasl_scanner_glue.c (script_get_preference_file_content): Changed to serve file from memory instead of from disk. 2010-05-11 Michael Wiegand * misc/openvas_ssh_login.c: Refactored and added functionality to read ssh login data from a buffer instead of from a file. Patch provided by Felix Wolfsteller. (read_from_keyfile, openvas_ssh_login_file_read_buffer): New. (openvas_ssh_login_file_read): Refactored to use read_from_keyfile. * misc/openvas_ssh_login.h: Updated. 2010-05-10 Matthew Mundell * misc/openvas_auth.c (openvas_set_user_role): Return -2 if all roles fail to match. 2010-05-07 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_init): Use strcmp instead of g_strcmp. 2010-05-07 Felix Wolfsteller Extended openvas-auth module to be able to write and merge its config. Also, added an "enabled" parameter to disable authentication configurations without loosing the details. * misc/openvas_auth.c (openvas_auth_init): Respect enabled parameter, except for file-based authentication which is always enabled. (openvas_auth_write_config): New, interface for changes of the configuration. Added newline before #endif macro. * misc/openvas_auth.h: Unified header comment with implementation file. (openvas_auth_write_config): Added proto. * doc/example.auth.conf: Added exemplary enabled parameters, added comment. 2010-05-06 Michael Meyer * nasl/nasl_packet_forgery_v6.c: Removed unneeded "and not icmp6" from pcap filter string. 2010-05-05 Preeti Subramanian * nasl/nasl_packet_forgery_v6.c (nasl_tcp_v6_ping): Bug Fix. Corrected tcp ping for IPv6 2010-05-04 Matthew Mundell * base/array.c (free_array): Rename array_free. Update caller. (array_free): New function. Was free_array. * base/array.h: Update header accordingly. 2010-05-04 Matthew Mundell * misc/pcap.c (getinterfaces): Indent `for' properly. 2010-05-04 Felix Wolfsteller * base/openvas_file.h, base/array.h: Fixed include-guard comments. 2010-05-04 Felix Wolfsteller Added array module, extracted from openvas-manager and openvas-administrator. * base/array.c, base/array.h: New modules, extracted functions from openvas-manager and openvas-administrator. * MANIFEST, base/CMakeLists.txt: Added new module. 2010-05-03 Michael Wiegand * misc/openvas_server.h: Restored lost include for non-Windows builds. 2010-05-03 Preeti Subramanian Added a function to check if the target is IPv6: * nasl/nasl_host.c (nasl_target_is_ipv6): Added new function * nasl/nasl_host.h: Added new function * nasl/nasl_init.c: Added TARGET_IS_IPV6 as nasl function 2010-05-03 Felix Wolfsteller * misc/openvas_uuid.c: Fixed compiler warning by adding missing stdlib include, thanks mwiegand for spotting. 2010-05-02 Jan-Oliver Wagner Windows support (partial, only what is need to run OMP clients) contributed Raimund Renkert: * base/CMakeLists.txt, omp/CMakeLists.txt, misc/CMakeLists.txt: Add MINGW support and switch off what is not needed for OMP clients. * omp/omp.c: Added support for Windows (just include/define). * misc/openvas_auth.c: Deactivate large parts of the code that is not necessary for Windows support for OMP clients. * misc/openvas_server.c: Deactivate some signal handling for Windows. * misc/openvas_server.h: Include Windows-specific sockets. 2010-04-30 Jan-Oliver Wagner * doc/test_ipv6_packet_forgery.nasl: New. A test/demonstrator for the IPv6 package forgery. Developed by Preeti Subramanian. 2010-04-30 Felix Wolfsteller * base/openvas_file.c (openvas_file_read_b64_encode): New utility function to read in a file and return its content base64 encoded. * base/openvas_file.h: Added proto. 2010-04-27 Felix Wolfsteller Merge changes to credentials from openvas-manager. * base/credentials.h (struct credentials): Added uuid field. * base/credentials.c (free_credentials): Use easier openvas-manager variant, todo about possible leakage of uuid. 2010-04-27 Felix Wolfsteller Added near-duplicate code from openvas-administrator / openvas-manager. * base/credentials.h, base/credentials.c: New module, moved from openvas-administrator/oap module. * base/CMakeLists.txt: Added header and source files to respective lists. * MANIFEST: Added new files. 2010-04-27 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_user_uuid_rules): Emit debug message with g_debug, check parameters passed to strcmp, fix bug where wrong variable is passed as users rules file name parameter. 2010-04-26 Felix Wolfsteller * misc/openvas_auth.c: Set the log domain. (uuid_file_contents): New function to access file content as uuid. (openvas_user_uuid): Clarified doc. (openvas_auth_user_uuid_rules): New function, reworked rules access for remotely authenticated users. (openvas_auth_user_rules): Deprecated in favor of the new openvas_auth_user_uuid_rules function. * misc/openvas_auth.h: Added proto. * misc/ldap_auth.c: Set the log domain. 2010-04-23 Michael Wiegand * misc/pcap.c (getinterfaces): Reworked for loop which broke strict-aliasing rules by dereferencing a type-punned pointer. Patch was authored by Matthew Mundell. 2010-04-21 Preeti Subramanian * misc/pcap.c (v6_getinterfaces): Replaced pcap_findalldevs() with getifaddrs(). 2010-04-20 Felix Wolfsteller Mark remotely authenticated Administrators with isadmin flag. Resolved several other minor todos. * misc/ldap_auth.c (ldap_authenticate): Corrected role check, trigger isadmin flag setting / deleting. * misc/ldap_auth.h: Removed todos, which were resolved. Improved documentation. * misc/openvas_auth.c: Improved documentation. (openvas_authenticate_classic): Resolved todo and memleak. (openvas_user_uuid, openvas_user_uuid_method): Handle error case, simplified condition. (openvas_is_user_admin): Clarified todo. (openvas_set_user_role): Added new parameter, doc. Can optionally take the directory where to save the isadmin flag. (openvas_auth_store_user_roles): Made todo visible with doxygen. * misc/openvas_auth.h (openvas_auth_store_user_roles): Adjusted proto. 2010-04-20 Felix Wolfsteller Added initial support for saving rules of users that were remotely authenticated. Rules file will be saved in OPENVAS_STATE_DIR/users-remote/ldap/USERNAME/auth/rules . * misc/openvas_auth.c (openvas_auth_store_user_rules): Improved doc. Expect a directory where to save the rules file (instead of just the username), to circumvent discrimination of locally and remotely authenticated users. * misc/openvas_auth.h (openvas_auth_store_user_rules): Adjusted proto. * misc/ldap_auth.c: Include openvas_auth. (ldap_auth_query_rules): New function, queries and saves the access-rules of a user. (ldap_authenticate): Call ldap_auth_query_rules for users and admins to query and save the access-rules. * doc/example.auth.conf: Added new configuration parameters. 2010-04-20 Felix Wolfsteller * misc/openvas_auth.c (openvas_auth_store_user_rules): Documented. Do not delete users dir in error case. Return proper. 2010-04-20 Felix Wolfsteller * misc/openvas_auth.c, misc/openvas_auth.h (openvas_auth_store_user_rules): Moved from openvas-administrator/src/admin module. 2010-04-20 Felix Wolfsteller * base/openvas_string.c: Added missing include, updated copyright. 2010-04-20 Felix Wolfsteller Created new module for file based utility functions, moved some functions from openvas-administrator into it. Also, abort build of libopenvas_base library on compiler warnings. * base/openvas_file.c, base/openvas_file.h (openvas_file_remove_recurse, openvas_file_check_is_dir): Added new module with utility functions moved from openvas-administrator/src/admin.c . * MANIFEST: Added new files. * base/CMakeLists.txt: Added new files, pass -Werror to compiler as in other new modules. 2010-04-19 Felix Wolfsteller * misc/openvas_auth.c (is_user_admin): Added todo (wrt remote auth). (openvas_auth_user_rules): Fixed call with double pointer. 2010-04-19 Felix Wolfsteller Improved support for ldap based authentication. Therefore expect the configuration to hold the name of an attribute and possible values to qualify a login as user or administrator. Deny access if the attribute is not found in the ldap directory or does not have the specified values. Do this in every ldap authentication trial. Access rules support (which was prepared) will work similar. Kept the module chatty for debugging purpose. Note that to test, you have to enable LDAP support during build time. * misc/ldap_auth.h, misc/ldap_auth.c (ldap_auth_info_new) (ldap_auth_info_free, ldap_auth_info_from_key_file, ldap_authenticate, (ldap_auth_query_role): Added preliminary support for access rules, added support for user roles. * doc/example.auth.conf: Made role-user-values a semicolon separated list. 2010-04-19 Felix Wolfsteller * base/openvas_string.c, misc/openvas_string.h (openvas_strv_contains_str): New method. Checks whether a string vector contains a certain string. 2010-04-19 Geoff Galitz * doc/wmi-howto.txt: Added a note about recompiling openvas-scanner if adding WMI to an existing deployment. 2010-04-16 Felix Wolfsteller * misc/openvas_auth.c, misc/openvas_auth.h (openvas_auth_user_rules): Moved from openvas-manager/manage_sql.c, access users rules (currently only for locally authenticated users). 2010-04-16 Felix Wolfsteller Fixed wmi/smb support. * Makefile: Fixed building with WMI support. HAVE_WMI definition was not passed correctly. * nasl/CMakeLists.txt: Link openvas-nasl standalone interpretor against WMI, if found. 2010-04-16 Felix Wolfsteller Save uuids of users that are authenticated with a method other than local file based (currently only ldap) in different locations. The API has not settled yet. * misc/openvas_auth.c: Added todo, some need for documentation. (openvas_user_uuid_method): New. Save uuids of users that are "remotely" authenticated in OPENVAS_STATE_DIR/users-remote/[method]/[user]/uuid. (openvas_authenticate_uuid): Use new function. Removed todo. (openvas_user_uuid): Clarified documentation. 2010-04-16 Felix Wolfsteller * misc/ldap_auth.h, misc/ldap_auth.c (ldap_authenticate): Changed signature to overcome compiler warning (likely to be solved differently soon). * misc/openvas_auth.c (openvas_authenticate_method): New function, exposing the authentication method that led to authentication success. (openvas_authenticate_uuid): Use new method, adjusted todo. 2010-04-16 Felix Wolfsteller * MANIFEST: Added misc/ldap_auth module. * misc/CMakeLists.txt: Allow to enable ldap support at configure time - use -DBUILD_WITH_LDAP=ON to activate. Added check for openldap in that case, include ldap_auth module and add definition. 2010-04-16 Felix Wolfsteller * base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Unified formatting of CMakeLists to allow easier reading and extraction of macros. 2010-04-16 Felix Wolfsteller * hg/hg_utils.c (hg_get_name_from_ip): Doc added. Formatting. * misc/bpf_share.h, misc/proctitle.c, nasl/nasl.c, omp/xml.c: Cosmetics. 2010-04-16 Felix Wolfsteller * configure.in: Added check for libuuid. * configure: Regenerated. 2010-04-15 Felix Wolfsteller Moved authentication/uuid code from openvas-manager to openvas_auth module. * misc/openvas_auth.c: Added openvas_uuid include. (openvas_user_uuid): Moved from openvas-manager/manage_sql.c. (openvas_authenticate_uuid): Moved from openvas-manager/manage_sql.c. * misc/openvas_auth.h (openvas_user_uuid, openvas_authenticate_uuid): Added headers accordingly. 2010-04-15 Felix Wolfsteller Moved duplicate code from openvas-manager and openvas-administrator to new module misc/openvas_uuid . * misc/openvas_uuid.h, misc/openvas_uuid.c: New files, containing duplicate code from openvas-manager/manage.c and openvas-administrator/admin.c . Reflect module change in function name change. * MANIFEST: Added new module. * misc/CMakeLists.txt: Added check for uuid library, added new module, install new header. 2010-04-13 Stephan Kleine * hg/CMakeLists.txt: Fix build with no-undefined. * misc/CMakeLists.txt: Fix build with no-undefined. 2010-04-13 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.6.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-04-13 Michael Wiegand Preparing the openvas-libraries 3.0.5 release. * CHANGES: Updated. * VERSION: Set to 3.0.5. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * MANIFEST: Updated. 2010-04-12 Preeti Subramanian * nasl/nasl_packet_forgery_v6.c (nasl_tcp_v6_ping): Fixed issue in packet size caluclation. 2010-04-12 Preeti Subramanian Packet forgery support for ICMPv6, UDP, IGMP. * nasl/nasl_packet_forgery.c: Addressed compilation warnings. * nasl/nasl_packet_forgery_v6.c (insert_ipv6_options) (forge_udp_v6_packet) (set_udp_v6_elements) (dump_udp_v6_packet) (get_udp_v6_element) (forge_icmp_v6_packet) (get_icmp_v6_element) (forge_igmp_v6_packet): Added new functions. * nasl/nasl_packet_forgery_v6.c (nasl_tcp_v6_ping): Fixed checksum calculation logic and compiler warnings. * nasl/nasl_packet_forgery_v6.c (nasl_send_v6packet): Fixed compiler warnings. * nasl/nasl_packet_forgery_v6.h (insert_ipv6_options) (forge_udp_v6_packet) (set_udp_v6_elements) (dump_udp_v6_packet) (get_udp_v6_element) (forge_icmp_v6_packet) (get_icmp_v6_element) (forge_igmp_v6_packet): Added new functions. * nasl/nasl_init.c: Added the above new functions. 2010-04-12 Felix Wolfsteller * nasl/CMakeLists.txt: Do not include standalone nasl tool object in libraries. Statically link openvas-nasl instead. 2010-04-12 Felix Wolfsteller * nasl/CMakeLists.txt: Lowercased cmake commands. 2010-04-12 Stephan Kleine * nasl/CMakeLists.txt: explicitly link against needed libraries so it works also with no-undefined which is e.g. used by Mandriva. 2010-04-08 Jan-Oliver Wagner * nasl/smb_crypt2.c: Replaced include of includes.h by ctype.h. * nasl/includes.h: Removed. * MANIFEST: Updated. 2010-04-08 Jan-Oliver Wagner * nasl/smb_crypt2.c: Use local includes.h. * include/includes.h: Removed. * MANIFEST: Updated. 2010-04-08 Jan-Oliver Wagner * include/includes.h, misc/pcap.c, misc/plugutils.c, misc/hlst.c, nasl/includes.h: Removed code path for "USE_PTHREADS". It was never active anyway. 2010-04-03 Michael Wiegand * MANIFEST: Added missing files. * ChangeLog: Tidied last entry. 2010-04-02 Preeti Subramanian Packet Forgery support for IPv6. * nasl/capture_packet.c (init_v6_capture_device) (capture_next_v6_packet): Added new functions. * nasl/capture_packet.h (init_v6_capture_device) (capture_next_v6_packet): Added new functions. * nasl/nasl_packet_forgery.c (nasl_tcp_ping, nasl_pcap_next) (nasl_send_capture): Modified to support IPv6. * nasl/nasl_packet_forgery_v6.c: Added new module. * nasl/nasl_packet_forgery_v6.h: Added new. * nasl/CMakeLists.txt: Included nasl_packet_forgery_v6.c. * nasl/nasl_init.c: Updated newly added functions from nasl_packet_forgery_v6.c 2010-03-31 Michael Wiegand * misc/store.c (store_load_plugin): Load tags and xrefs into the arglist if they are set in the NVTi cache. Removed obsolete TODO. 2010-03-25 Tim Brown * openvas-libraries/misc/ids_send.c: Fixed uninitialised variable. 2010-03-25 Matthew Mundell * omp/omp.c (omp_resume_or_start_task_report, omp_resume_or_start_task): New functions. * omp/omp.h: Add headers accordingly. 2010-03-24 Michael Wiegand Moved installation of header files away from top level Makefile and into the CMakeLists.txt of the individual modules. * omp/CMakeLists.txt, misc/CMakeLists.txt, nasl/CMakeLists.txt, hg/CMakeLists.txt, base/CMakeLists.txt: Added handling of header installation. * Makefile: Removed handling of header file installation for individual modules. 2010-03-23 Michael Wiegand Fixed some library paths that broke linking. * omp/CMakeLists.txt: Removed superfluous .libs from link_directories. * nasl/CMakeLists.txt: Fixed IMPORTED_LOCATION for libopenvas_hg and libopenvas_base, corrected order of set_property. * hg/CMakeLists.txt: Removed entirely superfluous link_directories. 2010-03-21 Vlatko Kosturjak * Makefile: with distclean clean CMakeCache.txt recursively 2010-03-17 Jan-Oliver Wagner Patch contributed by Mareike Piechowiak : * misc/Makefile: Removed. * misc/CMakeLists.txt: New. * Makefile: Run cmake for library misc. * MANIFEST: Updated. * misc/openvas_ssh_login.c, misc/proctitle.c: Change to "system.h" to run with CMakeLists.txt. * misc/services.h: Fixed paths. 2010-03-16 Jan-Oliver Wagner Patch contributed by Mareike Piechowiak : * hg/Makefile: Removed. * hg/CMakeLists.txt: New. * Makefile: Run cmake for library hg. * MANIFEST: Updated. 2010-03-16 Jan-Oliver Wagner Patch contributed by Mareike Piechowiak : * nasl/CMakeLists.txt: Get version dynamically from file VERSION. 2010-03-16 Jan-Oliver Wagner Patch contributed by Mareike Piechowiak : * base/CMakeLists.txt, omp/CMakeLists.txt: Fix handling of dynamic VERSION handling. 2010-03-16 Felix Wolfsteller Improved remote authentication (ldap), changed config file format. * misc/openvas_auth.c: Use ifdef instead of if != 0 . * misc/ldap_auth.h: Extended ldap_auth_info struct to cover upcoming possible admin/user distinction, replaced two entries for DN to authenticate against with a single entry. * misc/ldap_auth.c (auth_dn_is_good): New function to check auth_dn entry of keyfile. (ldap_auth_dn_new, ldap_info_create_dn): Reflect changes to the ldap_auth_info struct. (ldap_auth_query_role): New function stub to find out role of user. * doc/example.auth.conf: Updated. 2010-03-15 Jan-Oliver Wagner Patch contributed by Mareike Piechowiak : * omp/CMakeLists.txt: Get version dynamically from file VERSION. 2010-03-15 Jan-Oliver Wagner Patch contributed by Mareike Piechowiak : * base/CMakeLists.txt: Get version dynamically from file VERSION. 2010-03-12 Michael Wiegand Added howto for compiling openvas-libraries with WMI support. * doc/wmi-howto.txt: New. 2010-03-09 Felix Wolfsteller Add code to add support for remote (ldap) authentication with the openvas_auth module. Authentication methods are somewhat abstracted ("authenticators") and configurable via a file .auth.conf that is expected to be found in the openvas "users" directory. An exemplary .auth.conf file is found in the doc subdirectory. Note that to test ldap authentication modifications to the Makefile are neccessary. * misc/openvas_auth.c (auth_method_from_string): New function to get an authentication type from its string representation. (order_compare): New helper function to sort entries read in from the configuration file. (classic_authenticator_new): New function to create an authenticator that behaves as it is now (authentication against file). (add_authenticator): New function to add authenticators to the list of authenticators. (openvas_auth_init): New function to initialize the list of authenticators from the configuration file. (openvas_auth_tear_down): New stub function to free memory associated to the authenticators. (openvas_authenticate_classic): New, extracted from openvas_authenticate. (openvas_authenticate): Fall back to the extracted openvas_authenticate_classic if authenticators list was not successfully initialized, otherwise use the sorted list of authenticators. * misc/openvas_auth.h (openvas_auth_init) (openvas_auth_tear_down): Added new protos. * doc/example.auth.conf: Exemplary .auth.conf config file for the authentication methods. 2010-03-09 Felix Wolfsteller * misc/ldap_auth.c, misc/ldap_auth.h: Use angle brackets for non-project include. * misc/openvas_auth.h: Removed yet unneeded prototypes. 2010-03-09 Felix Wolfsteller * misc/ldap_auth.c, misc/ldap_auth.h, misc/openvas_auth.c, misc/openvas_auth.h, misc/openvas_ssh_login.c, misc/openvas_ssh_login.h: Corrected header (description and module). 2010-03-08 Felix Wolfsteller Initial ldap_auth module to enable future ldap authentication support. * misc/ldap_auth.c, misc/ldap_auth.h: Added new files. 2010-03-03 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.5.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-03-03 Michael Wiegand Preparing the openvas-libraries 3.0.4 release. * CHANGES: Updated. * VERSION: Set to 3.0.4. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * MANIFEST: Updated. 2010-03-03 Michael Wiegand * base/nvti.c (nvti_to_keyfile): Use g_mkdir_with_parents to create cache directories to handle multiple levels of subdirectories correctly. 2010-03-02 Michael Wiegand * configure.in: Added support for determining the correct libdir early and for library checking in that directory. * configure: Regenerated. 2010-03-01 Jan-Oliver Wagner * base/CMakeLists.txt: Better naming for VERSION variables. 2010-02-25 Chandrashekhar B * nasl/nasl_wmi.c (nasl_wmi_reg_get_sz, nasl_wmi_reg_enum_value) (nasl_wmi_reg_enum_key, nasl_wmi_reg_get_bin_val, nasl_wmi_reg_get_dword_val) (nasl_wmi_reg_get_ex_string_val, nasl_wmi_reg_get_mul_string_val) (nasl_wmi_reg_get_qword_val): Added REGISTRTY_HIVE as an argument * nasl/openvas_wmi_interface.h: Updated with an additional arg for REGISTRY HIVE * nasl/wmi_interface_stub.c: (nasl_wmi_reg_get_sz, nasl_wmi_reg_enum_value) (nasl_wmi_reg_enum_key, nasl_wmi_reg_get_bin_val, nasl_wmi_reg_get_dword_val) (nasl_wmi_reg_get_ex_string_val, nasl_wmi_reg_get_mul_string_val) (nasl_wmi_reg_get_qword_val): Added REGISTRTY_HIVE as an argument * nasl/nasl_init.c: Updated WMI Registry functions with an additional arg for REGISTRY HIVE 2010-02-24 Michael Wiegand * misc/openvas_server.c (openvas_server_open, openvas_server_connect) (openvas_server_attach): Avoid printing GnuTLS error messages to stderr; they are now handed to g_message so that they can be properly logged if desired. 2010-02-16 Chandrashekhar B * misc/pcap.c (v6_routethrough): Get IPv4/IPv6 routes according to the target IP, whether v4 or v6 and Try connectsockettechnique if procroutetechnique failed. This is to resolve the issues reported with this_host() function. 2010-02-15 Felix Wolfsteller * nasl/CMakeLists.txt: Link the standalone nasl interpreter dynamically. Move linkage commands to the static nasl library. * ChangeLog: Corrected path. 2010-02-15 Stephan Kleine * Makefile, base/CMakeLists.txt, hg/Makefile, misc/Makefile, nasl/CMakeLists.txt, omp/CMakeLists.txt: Fix build order and some linking issues to fix builds on Mandriva 2010-02-11 Matthew Mundell * omp/openvas_server.h: Add extern for C++. 2010-02-11 Matthew Mundell * omp/omp.h, omp/xml.h: Add externs for C++. 2010-02-04 Felix Wolfsteller * misc/openvas_logging.c (openvas_syslog_func): Applying patch from Stephan Kleine, fixing bug #1272 (http://bugs.openvas.org/1272). 2010-02-04 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-02-04 Michael Wiegand * MANIFEST: Added missing files. 2010-02-04 Michael Wiegand Preparing the openvas-libraries 3.0.3 release. * CHANGES: Updated. * VERSION: Set to 3.0.3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-02-04 Felix Wolfsteller * misc/openvas_auth.c (openvas_authenticate): Minor doc, added TODO about possible memleak. 2010-01-29 Chandrashekhar B * nasl/nasl_crypto.c (nasl_ntlmv1_hash, nasl_lm_owf_gen) (nasl_ntv2_owf_gen, nasl_ntlmv2_hash): Addressed compiler warnings. 2010-01-28 Matthew Mundell * misc/openvas_logging.c: Revert last change. * ChangeLog: Neaten entry, flush whitespace. 2010-01-28 Felix Wolfsteller Straightened up log config handling. * misc/openvas_logging.c (openvas_syslog_func): [SYSLOG_SUPPORT] Guarded. (openvas_syslog_func): Changed name of user data parameter and doc. (openvas_log_func): Changed user data parameter, doc, removed looping over list to determine the default (will not be used anyway). (setup_log_handlers): Changed semantics of user data parameter, instead of a more or less unused list, pass the single matching openvas_logging_t struct. Set default handler differently. 2010-01-28 Chandrashekhar B Added new crypto functions and support for SMB NTLMv1 and NTLMv2. Initial patch by Tim Brown * nasl/nasl_crypto.c (nasl_gcrypt_hash): Addressed compiler warning (nasl_md2, nasl_hmac_md2, nasl_ntlmv1_hash, nasl_nt_owf_gen) (nasl_lm_owf_gen, nasl_ntv2_owf_gen, nasl_ntlmv2_hash): Added new. * nasl/nasl_crypto.h: Included new functions from nasl_crypto.c * nasl/smb_crypt.c: Added new. * nasl/smb_crypt.h: Added new. * nasl/smb_crypt2.c: Added new. * nasl/CMakeLists.txt: Updated to include smb_crypt.c, smb_crypt2.c * nasl/nasl_init.c: Updated to include newly added functions in nasl_crypto.c. 2010-01-28 Felix Wolfsteller * omp/xml.c (read_string): Corrected call. 2010-01-28 Felix Wolfsteller * omp/xml.c (read_string): New wrapper function, read entity and string, free entity immediately. * omp/xml.h (read_string): Proto added. 2010-01-28 Felix Wolfsteller * base/drop_privileges.c (drop_privileges): Prevent error-pile-up. * base/drop_priviliges.h: Define return value for error-pile-up programming mistake. 2010-01-28 Felix Wolfsteller Added module for basic support for privilege dropping. * base/drop_privileges.c, base/drop_privileges.h: New module containing basic code to drop privileges. 2010-01-26 Felix Wolfsteller * misc/openvas_logging.c (openvas_syslog_func): New logging function. Plain wrapper to syslog, does not touch the message. (setup_log_handlers) [0]: Register openvas_syslog_func in case the filename is "syslog". 2010-01-26 Felix Wolfsteller * hg/hg_add_hosts.c (range): Doc, renamed parameters. (netmask_to_cidr_netmask): Added doc, minor cosmetic. * hg/hg_filter.c: Minor cosmetics. * hg/hg_subnet.c: Include header file, remove forward declarations, minor cosmetics. (hg_gather_subnet_hosts): Marked a comment about IPv6 as TODO. 2010-01-25 Felix Wolfsteller Added functionality to print an xml entity tree to a string. * omp/xml.c (free_entity): Tiny doc change. (foreach_print_entity_to_string, foreach_print_attribute_to_string) (print_entity_to_string, print_entities_to_string): New functions to print an xml entity tree to string. * omp/xml.h (print_entity_to_string, print_entitites_to_string): Protos for new functions. 2010-01-19 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-01-19 Michael Wiegand Preparing the openvas-libraries 3.0.2 release. * CHANGES: Updated. * VERSION: Set to 3.0.2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-01-14 Matthew Mundell Add support for modifying the scanner configuration file. * base/settings.c (settings_init, settings_cleanup, settings_set) (settings_save, init_settings_iterator): New functions. (init_settings_iterator): Move key_file init to settings_init. (cleanup_settings_iterator): Call through to settings cleanup. (settings_iterator_next, settings_iterator_name): Rename iterator param. (settings_iterator_value): Get fields from settings. * base/settings.h: Update headers accordingly. Make header style more standard. (settings_t): New type. (settings_iterator_t): Move file fields to settings_t and include a settings_t. 2010-01-13 Matthew Mundell Switch to using GKeyFile to represent settings. In the process hide this underlying type from the settings user. * base/settings.c (get_all_settings): Remove. (init_settings_iterator, cleanup_settings_iterator) (settings_iterator_next, settings_iterator_name) (settings_iterator_value): New functions. * base/settings.h: Update headers accordingly. Make header check symbol more unique. (settings_iterator_t): New type. 2010-01-11 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-01-11 Michael Wiegand Committed VERSION file missing from the last commit. * VERSION: Set to 3.0.1. 2010-01-11 Michael Wiegand Preparing the openvas-libraries 3.0.1 release. * CHANGES: Updated. * VERSION: Set to 3.0.1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-01-11 Felix Wolfsteller * hg/hg_add_hosts.c (hg_add_host), hg/hg_add_hosts.h (hg_add_host): Declared function hg_add_host static and removed from interface. 2010-01-11 Felix Wolfsteller * hg/hg_add_hosts.c, hg/hg_dns_axfr.c, hg/hg_subnet.c: Reformatting, doc and todos added. 2010-01-08 Felix Wolfsteller * hg/hg_add_hosts.c (getaddrfamily, real_ip, range, hg_add_host) (hg_add_comma_delimited_hosts, hg_add_ipv6hos_with_options): Reformatting, doc and comments. (real_ip) Added TODO. This function should at least be renamed into contains_three_dots or the like. Added todo about missing documentation of valid input strings to the whole host resolution mechanisms. * hg/hg_add_hosts.h, hg_debug.c, hg_filter.c, hg_filter.h, hg_subnet.h: Reformatting, doc and comments. 2010-01-07 Felix Wolfsteller * hg/hg_utils.c (hg_resolv): Added TODO about incomplete resolution in case of multiple A Records. 2010-01-07 Felix Wolfsteller * hg/hg_utils.c, hg/hg_utils.h: Formatting and documentation. 2010-01-07 Felix Wolfsteller * hg/host_gatherer.h: Formatting. * hg/Makefile: For clean target, remove test executable. * hg/test.c: Formatted, updated doc. 2010-01-07 Felix Wolfsteller * configure.in: Added comments. * hg/host_gatherer.c, hg/host_gatherer.h: Formatting. * hg/Makefile: Adjusted linker flags for the host gatherer test program. * hg/test.c: Formatted, added missing includes. 2009-12-30 Matthew Mundell * omp/omp.c (omp_create_lsc_credential): Add login arg for updated OMP. * omp/omp.h: Update header accordingly. 2009-12-23 Felix Wolfsteller * misc/scanners_utils.h: Copied header of implementation file to header file. 2009-12-23 Felix Wolfsteller * hg/hg_utils.c, misc/bpf_share.c, misc/comm.h, misc/network.h, misc/resolve.c, misc/resolve.h, misc/scanners_utils.c, misc/services.c misc/system.c, misc/www_funcs.c, nasl/nasl_crypto.c, nasl/nasl_func.c, nasl/nasl_func.h, nasl/nasl_host.c, nasl/nasl_init.c, nasl/nasl_text_utils.c, nasl/nasl_var.c: Whitespace cleanups, doc * misc/ids_send.h: Fixed typo in doc. * misc/bpf_share.c: Removed undef of DEBUG_FORWARD. Neither defined nor used anywhere. 2009-12-21 Matthew Mundell * misc/openvas_server.c (openvas_server_new): Remove call to gnutls_session_enable_compatibility_mode. 2009-12-18 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.1.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-12-18 Michael Wiegand Preparing the openvas-libraries 3.0.0 release. * CHANGES: Updated. * VERSION: Set to 3.0.0. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-12-18 Jan-Oliver Wagner * omp/omp.c (omp_create_agent, omp_delete_agent): New functions. * omp/omp.h: Added protos accordingly. 2009-12-18 Michael Wiegand * base/settings.c (get_all_settings): Make sure hash table contents are correctly freed on hash table destruction as suggested by Felix Wolfsteller. 2009-12-17 Michael Wiegand * MANIFEST: Added new files to manifest. 2009-12-17 Michael Wiegand Added initial support for accessing configuration files in the keyfile format. * base/settings.c: New. * base/settings.h: New. * base/CMakeLists.txt: Updated to include settings.c. * Makefile: Update to ensure installation of settings.h. 2009-12-15 Matthew Mundell * base/pidfile.c: Add missing include. 2009-12-09 Felix Wolfsteller * misc/openvas_ssh_login.c: Cosmetics (maily spaces). 2009-12-09 Chandrashekhar B * misc/plugutils.c (mark_post): resolved compiler wanring * misc/openvas_server.c (openvas_server_open, openvas_server_connect, openvas_server_attach): resolved compiler warnings. * misc/www_funcs.c (build_encode_URL): Enable IPv6. * misc/ids_send.c (ids_open_sock_tcp): resolved compiler warning. 2009-12-09 Felix Wolfsteller * misc/plugutils.c: Added TODOs, lead to by compiler warnings of openvas-scanner/cnvts/find_service. 2009-12-09 Felix Wolfsteller * nasl/nasl_host.c: Removed extern function declarations. 2009-12-09 Felix Wolfsteller * nasl/nasl_host.c, nasl/nasl_host.h: Cosmetics, added missing includes. 2009-12-09 Tim Brown * misc/network.c: Fixed a potential resource leak. 2009-12-07 Felix Wolfsteller * base/pidfile.c: Added missing include. 2009-12-07 Felix Wolfsteller * misc/pcap.c: Cosmetics and docs. 2009-12-07 Tim Brown * misc/store.c: Fixed a potential memory leak. 2009-12-07 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-12-07 Michael Wiegand Preparing the openvas-libraries 3.0.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-12-05 Michael Wiegand * nasl/exec.c (exec_nasl_script): Use correct glib function for determining the directory. 2009-12-04 Michael Wiegand * nasl/exec.c (exec_nasl_script): Fixed a potential memory leak, improved error handling, made glib usage more consistent, clarified return value in documentation. 2009-12-04 Michael Wiegand Add support for defining one additional directory on the command line which will be used to look for includes to openvas-nasl. * nasl/nasl.c (main): Introduced the --include-dir / -i command line parameter. 2009-12-04 Michael Wiegand * ChangeLog: Fixed bug # in the last entry. 2009-12-04 Michael Wiegand Solved bug #1101 (http://bugs.openvas.org/1101); openvas-nasl now supports relative paths. * nasl/exec.c (exec_nasl_script): Use glib functions to simplify and extend directory access. Removed todos. * nasl/nasl.c (main): Removed todo. 2009-12-01 Chandrashekhar B * misc/ids_send.c (ids_open_sock_tcp): IPv6 enable. (ids_send): IPv6 enable. (injectv6): Added new. * nasl/nasl_host.c (nasl_this_host): Used proper variable name. 2009-11-25 Michael Wiegand * nasl/nasl_cmd_exec.c (nasl_get_tmp_dir): Use the glib g_get_tmp_dir function to identify the system directory for temporary files. This fixes bug #1170 (http://bugs.openvas.org/1170). 2009-11-25 Felix Wolfsteller * hg/hg_add_hosts.c, misc/kb.c, misc/plugutils.c, misc/plugutils.h, misc/popen.c, misc/proctitle.h, misc/scanners_utils.c, misc/share_fd.c, misc/store.c, misc/system.c, nasl/nasl_cmd_exec.c, nasl/nasl_misc_funcs.c, nasl/nasl_scanner_glue.c, nasl/nasl_signature.c, nasl/nasl_text_utils.c, nasl/nasl_var.c: Cosmetics. 2009-11-25 Michael Wiegand * base/pidfile.c (pidfile_remove): Make pidfile removal more robust. The contents of the pidfile are now checked before removal to prevent accidental deletion of the file by other processes. Removed now obsolete debug message. 2009-11-25 Felix Wolfsteller Cast an int that is passed as an void* explicitely, to avoid issues on 64-bit systems. This should fix bug #1196 (http://bugs.openvas.org/1196). * misc/network.c (ovas_scanner_context_attach): Cast int to pointer using GLib functionality. * ChangeLog: Fixed dates. 2009-11-25 Felix Wolfsteller * misc/network.c: Minor cosmetics. 2009-11-25 Felix Wolfsteller * misc/network.c: Major reformatting, docs and comments. 2009-11-25 Felix Wolfsteller Pass libdir to CMake based subprojects, fixes bug #1194, installation on 64-bit systems (https://bugs.openvas.org/1194). * Makefile: Pass given libdir to cmake. 2009-11-23 Chandrashekhar B * nasl/nasl_socket.c (nasl_open_privileged_socket): Fixed a possible buffer overflow. 2009-11-23 Felix Wolfsteller Applied rest of patch provided by Stephan Kleine (http://lists.wald.intevation.org/pipermail/openvas-devel/2009-November/001907.html) to fix compilation on openSUSE 11.2. * nasl/CMakeList.txt: Moved linker flags to target_link_library command of cmake. 2009-11-23 Felix Wolfsteller Applied part of patch provided by Stephan Kleine (http://lists.wald.intevation.org/pipermail/openvas-devel/2009-November/001907.html) to fix compilation on openSUSE 11.2. * base/CMakeList.txt: Added glib linker flags, patch provided by Stephan Kleine. 2009-11-23 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta8.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-11-23 Michael Wiegand Preparing the openvas-libraries 3.0.0-beta7 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta7. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-11-23 Chandrashekhar B * misc/pcap.c (getipv6routes): Changed the message not to report as error. * hg/hg_utils.c (hg_get_name_from_ip): Bug fixes: - Possible buffer overflow in memcpy() - Seperate v4 and v6 logic so that it resolves to pure IPv4 address and not a v6 mapped v4 address. - Included ':' in the hostname structuring code, ':' is a valid char in v6 address and also trim the resuling hostname. 2009-11-20 Chandrashekhar B * misc/pcap.c (v6_routethrough): Bug fix, segfault when scanner is run as non-root. 2009-11-20 Chandrashekhar B * misc/pcap.c: Fixed compile errors when TCPIP_DEBUGGING is enabled. 2009-11-20 Michael Wiegand * base/pidfile.c (pidfile_remove): Write a debug message to the log on pidfile deletion to help trace premature pidfile deletion. 2009-11-16 Matthew Mundell * omp/omp.c (check_response): Make external. Return 1 on OMP fail instead of -1. * omp/omp.h: Add new header. 2009-11-14 Srinivas NL * misc/network.c : Added the following functions to handle ipv4 and ipv6 address lists parsed from -S option socket_get_next_source_v4_addr, socket_get_next_source_v6_addr, _socket_get_next_source_v4_addr, _socket_get_next_source_v6_addr * misc/network.c (socket_source_init): Calls _socket_get_next_source_v4_addr or _socket_get_next_source_v6_addr depending on address family. * misc/network.h : Added prototype declarations for new functions. * misc/pcap.c (v6_getsourceip): Gets either ipv4 or ipv6 source address depending on destination address type. * misc/pcap.c (v6_routethough): Gets either ipv4 or ipv6 source address depending on destination address type. Initialize source address to wild card address in the beginning of the function. * nasl/nasl_host.c (nasl_this_host): Gets either ipv4 or ipv6 source address depending on target address type. 2009-11-10 Felix Wolfsteller Fixed typos found by Ryan Schmidt. This change closes bug #1167. (bugs.openvas.org/1167) * configure.in, doc/README.BPF: Fixed typos. * configure: Regenerated 2009-11-10 Chandrashekhar B * misc/pcap.c: Migrating to ipv6, first phase. Implemented new functions, v6_getinterfaces, v6_is_local_ip, v6_get_mac_addr, v6_ipaddr2devname, v6_islocalhost, v6_getinterfaces, v6_getsourceip, getipv4routes, getipv6routes, v6_routethrough, ipv6addrmask. * misc/pcap.c (routethrough): Minor formatting. * misc/pcap_openvas.h: Prototypes declaration of new functions. * nasl/nasl_host.h (nasl_islocalhost, nasl_islocalnet, nasl_this_host): Use new ipv6 enabled functions from misc/pcap.c Coding by Srinivasa NL . 2009-11-09 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta7.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-11-09 Michael Wiegand Preparing the openvas-libraries 3.0.0-beta6 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta6. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-30 Matthew Mundell * omp/omp.c (read_entity_and_string): New function. Body from read_entity_and_text, with GString as return param. (read_entity_and_text, read_entity): Call read_entity_and_text to do the work. * omp/omp.h: Add new header. 2009-10-28 Felix Wolfsteller * omp/xml.x (print_entity, print_entity_format): Escape text of entities, as otherwise invalid XML might result. 2009-10-26 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta6.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-26 Michael Wiegand Preparing the openvas-libraries 3.0.0-beta5 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta5. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-23 Matthew Mundell * base/nvti.c (nvti_category): Correct doc typo. 2009-10-23 Matthew Mundell * tools: New directory. * tools/openvas-lsc-rpm-creator.sh: New file. * Makefile (install-tools): New rule. (install): Depend on install-tools. (clean, distclean): Format like others. * MANIFEST: Add new dir and file. 2009-10-22 Matthew Mundell * base/pidfile.c (pidfile_create, pidfile_remove): Add NULL end args. 2009-10-21 Jan-Oliver Wagner * base/pidfile.c, base/pidfile.h: New. * base/CMakeLists.txt: Added handling for pidfile.c. * Makefile: Install pidfile.h. * MANIFEST: Updated. 2009-10-20 Jan-Oliver Wagner * misc/otp.h: Changed author and copyright because absolutely nothing is left of the previous author. 2009-10-20 Jan-Oliver Wagner * ntp.h: Renamed to otp.h. * Makefile, MANIFEST: Adapted accordingly. 2009-10-20 Jan-Oliver Wagner * misc/comm.h: Adjusted proto for comm_init. * misc/ntp.h: Removed struct ntp_caps. 2009-10-20 Felix Wolfsteller Fixed some FIXMEs about response checking. * omp/omp.c (omp_delete_report, omp_modify_task, omp_modify_task_file): Added response checking. 2009-10-20 Felix Wolfsteller Use check_response where response entities have no (interesting) content, avoid duplicate code. * omp/omp.c (omp_delete_task, omp_create_target, omp_delete_target) (omp_create_config, omp_delete_config, omp_create_lsc_credential) (omp_delete_lsc_credential): Call check_response instead of checking response in place. (omp_get_nvt_details_503): Minor cosmetic. 2009-10-20 Felix Wolfsteller Refactored "503" calls. * omp/omp.c (get_omp_response_503): New. Extracted from other functions, added todo about possible memleak. (omp_get_nvt_all, omp_get_nvt_feed_checksum, omp_get_rules_503) (omp_get_dependencies_503, omp_get_preferences_503) (omp_get_nvt_details): Call new function, completed doc work. 2009-10-20 Felix Wolfsteller Moved omp related functions from openvas-client/openvas/comm.c module. * omp/omp.c (omp_get_nvt_all, omp_get_nvt_feed_checksum, omp_get_rules_503, omp_get_dependencies_503): New. Moved from openvas-client/openvas/comm.c. * omp/omp.h: Added protos for new methods. 2009-10-19 Matthew Mundell * omp/xml.c (compare_entities): Continue to the rest of the comparisons when the attributes are both NULL, instead of claiming equality. 2009-10-19 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta5.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-19 Michael Wiegand Preparing the openvas-libraries 3.0.0-beta4 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta4. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-18 Jan-Oliver Wagner * nasl/TODO: Removed old entry and clarified a bit. 2009-10-18 Jan-Oliver Wagner * include/config.h.in, include/libvers.h.in, include/includes.h, misc/comm.h, misc/resolve.c, misc/pcap.c, misc/resolve.h, misc/services.h, misc/scanners_utils.c, misc/kb.c, nasl/includes.h: Replaced Nessus by OpenVAS. 2009-10-16 Matthew Mundell * omp/omp.c (omp_start_task_report): New function. Body of omp_start_task adjusted to return the associated report ID if requested. (omp_start_task): Call omp_start_task_report. * omp/omp.h (omp_start_task_report): New header. 2009-10-16 Felix Wolfsteller * omp/xml.c, omp/xml.h (print_entity_format), (foreach_print_attribute_format, print_entity_format), (print_entities_format): New. Very basic pretty printing of xml trees. (foreach_print_attribute, foreach_print_entity): Declared static. 2009-10-15 Matthew Mundell * misc/openvas_server.c (openvas_server_open, openvas_server_close) (openvas_server_connect, openvas_server_attach, openvas_server_send) (openvas_server_free): Drop SIGPIPE during writes. 2009-10-15 Matthew Mundell * omp/omp.c (omp_modify_task_file): Change content arg element type to void. Add a content_length arg. * omp/omp.h: Update header. 2009-10-15 Matthew Mundell * misc/openvas_logging.c (openvas_log_silent): New function. * misc/openvas_logging.h: Remove param names. Add #endif comment. (openvas_log_silent): New header. 2009-10-15 Felix Wolfsteller * base/openvas_certificate_file.c, base/openvas_certificate_file.h: Reverted last commit. 2009-10-15 Felix Wolfsteller Refactored openvas_certificate_file to be able to parse text directly (in contrast to reading it from a file). * base/openvas_certificate_file.c: Declared string parameters const. (openvas_certificate_file_from_keyfile): New, extracted from openvas_certificate_file_read. (openvas_certificate_file_read): Call extracted method. (openvas_certificate_file_read_buffer): New. Reads from buffer, instead of from file. base/openvas_certificate_file.h: Adjusted protos. 2009-10-14 Matthew Mundell * omp/omp.c (omp_get_report): Add a format arg. (omp_get_report_format): New function. * omp/omp.h: Update headers. 2009-10-14 Felix Wolfsteller Refactored hash_table_file to be able to parse text directly (in contrast to reading it from a file). * misc/hash_table_file.c (hash_table_from_gkeyfile): New. Extracted from hash_table_read. (hash_table_read_text): New. Parse some textbuffer as GKeyFile. (hash_table_read): Call extracted method. misc/hash_table_file.h: Adjusted protos. 2009-10-14 Michael Wiegand * nasl/nasl.c (main): Made command line options more consistent with other modules and coding standards. Short option for --version is now -V (was -v). 2009-10-13 Matthew Mundell * omp/omp.c (check_response, omp_abort_task): New functions. * omp/omp.h (omp_abort_task): New header. 2009-10-13 Matthew Mundell * include/nvt_categories.h (ACT_UNKNOWN, ACT_STRING_INIT) (ACT_STRING_SCANNER, ACT_STRING_SETTINGS, ACT_STRING_GATHER_INFO) (ACT_STRING_ATTACK, ACT_STRING_MIXED_ATTACK) (ACT_STRING_DESTRUCTIVE_ATTACK, ACT_STRING_DENIAL, ACT_STRING_KILL_HOST) (ACT_STRING_FLOOD, ACT_STRING_END, ACT_STRING_UNKNOWN) (ACT_STRING_LIST_ALL): New defines. 2009-10-10 Matthew Mundell * omp/omp.c (omp_modify_task_file): New function. * omp/omp.h: Add header. 2009-10-09 Jan-Oliver Wagner * omp/omp.c (omp_get_nvt_details_503): New. * omp/omp.h: Extended with proto accordingly. 2009-10-08 Michael Wiegand * nasl/CMakeList.txt: Added defines for _FILE_OFFSET_BITS and LARGEFILE_SOURCE since they are needed by GPGME for key access. 2009-10-07 Matthew Mundell * misc/openvas_server.c (openvas_server_open): Create address with getaddrinfo. 2009-10-06 Tim Brown * misc/network.c, misc/openvas_auth.c, nasl/nasl_scanner_glue.c base/openvas_certificate_file.c: Fixed a bunch of resource and memory leaks. 2009-10-06 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-06 Michael Wiegand Preparing the openvas-libraries 3.0.0-beta3 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-06 Felix Wolfsteller * misc/store.c, nasl/nasl_scanner_glue.c: Replaced openvasd by openvassd in documentation, minor cosmetics. 2009-10-06 Michael Wiegand * Makefile: Expose $localstatedir and $sysconfdir set during configure time to CMake. 2009-10-06 Michael Wiegand * misc/proctitle.c (setproctitle): Changed start of proctitle to match the new openvas-scanner binary name. 2009-10-05 Felix Wolfsteller * include/libopenvas.h: Emptied, except for documentation. * Makefile: Do not install libopenvas.h anymore. 2009-10-05 Felix Wolfsteller * include/libopenvas.h: Removed not needed function declarations and includes. * MANIFEST: Updated. 2009-10-05 Felix Wolfsteller * includes/nvt_categories.h: New file, contains categories previously declared in libopenvas.h and a todo. * Makefile: Install nvt_categories.h * include/libopenvas.h: Removed definitions now contained in nvti_categories (ACT_*) and in openvas-scanner/pluginscheduler.h (LAUNCH_*). * nasl/nasl_init.c: Include nvt_categories instead of libopenvas. 2009-10-03 Matthew Mundell * omp.c (omp_get_preferences_503): New function. * omp.h (omp_get_preferences_503): New header. 2009-09-30 Matthew Mundell * nasl/openvas_logging.c (openvas_log_func): Pass the correct variable to dirname. 2009-09-30 Matthew Mundell * nasl/openvas_logging.c (openvas_logging_t, load_log_configuration) (free_log_configuration): Change the default_level field to a gint pointer, so that it's possible to reliably tell if the field was present in the log config file. (openvas_log_func): Always set the default level from the config if the level was present in the log config file (including if the level is 0). 2009-09-29 Matthew Mundell * nasl/openvas_logging.c (openvas_log_func): On failure to create the log file, ensure that the directory exists and try open the file again. 2009-09-28 Matthew Mundell * base/CMakeLists.txt, omp/CMakeLists.txt, nasl/CMakeLists.txt: Set cmake minimum required version to 2.6. 2009-09-28 Jan-Oliver Wagner Post-release version bump. * VERSION: Set to 3.0.0.beta3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-09-28 Jan-Oliver Wagner Last minute fix. * MANIFEST: Updated. 2009-09-28 Jan-Oliver Wagner Preparing the openvas-libraries 3.0.0-beta2 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-09-27 Jan-Oliver Wagner * Makefile: Removed wrongly placed DESTDIRs. 2009-09-27 Jan-Oliver Wagner * misc/network.c, misc/services.c: Resolved libopenvas.h by respective single includes. * misc/ids_send.h: Added missing include. 2009-09-26 Matthew Mundell * omp/omp.c (omp_create_lsc_credential, omp_delete_lsc_credential): New functions. * omp/omp.h: Add headers. 2009-09-25 Jan-Oliver Wagner * base/CMakeLists.txt, nasl/CMakeLists.txt, omp/CMakeLists.txt: Setting version for .so library properly. 2009-09-25 Matthew Mundell * misc/openvas_server.c (openvas_server_new): Add arg "end_type" for setting server connection type. Adjust gnutls_certificate_set_x509_key_file return check. Expand warning message a little. * misc/openvas_server.h: Add arg to header. 2009-09-25 Matthew Mundell Add credential setup to openvas server interface. * misc/openvas_server.c (openvas_server_open): Turn off use of /dev/random. (openvas_server_close): Call gnutls_global_deinit. (openvas_server_session_new): Remove. Renamed to openvas_server_new. Add credential file args. Turn off use of /dev/random. Add global init. Setup credential from files. Set request mode. (openvas_server_session_free): Remove. Renamed to openvas_server_free. Call gnutls_global_deinit. (openvas_server_free, openvas_server_new): New functions, renamed from "session" versions. (openvas_server_attach): New function. * misc/openvas_server.h: Update and add headers. 2009-09-25 Felix Wolfsteller Removed usage of harglist for file path translations, do not export harglist headers anymore. * Makefile: Do not export harglist headers anymore. * misc/plugutils.c (get_plugin_preference_fname): Use GHashTable instead of harglist. 2009-09-25 Felix Wolfsteller * Makefile: Install headers from nasl to openvas/nasl. 2009-09-25 Felix Wolfsteller * hg/Makefile: Install headers from hg to openvas/hg. 2009-09-25 Felix Wolfsteller * Makefile: Install header of omp library to openvas/omp. 2009-09-25 Felix Wolfsteller * misc/openvas_logging.h, misc/openvas_logging.c: Moved struct openvas_logging_t from header to implementation file. 2009-09-25 Felix Wolfsteller Removed base/openvas_certificate module, replaced by base/certificate. * base/openvas_certificate.c, base/openvas_certificate.h: Removed. * Makefile: Do not install openvas_certificate header anymore. * base/CMakeLists.txt: Removed openvas_certificate from files list. * nasl/CMakeLists.txt: Added base as include dir; libopenvas_nasl depends on libopenvas_base. * nasl/nasl.h, nasl/nasl_signature.h: Removed definition of struct openvas_certificate and related functions. * nasl/nasl_signature.c: Adjusted include (openvas_certificate_free, openvas_certificate_new): removed (former duplicates) (nasl_get_pubkey): Switch from emalloc to g_malloc. (nasl_get_all_certificates): Switch from openvas_certificate to certificate_t. 2009-09-25 Felix Wolfsteller * base/openvas_certificate_file.c (add_cert_to_file, openvas_certificate_file_read): Cleaned up includes, switch from openvas_certificate to certificate_t implementation. * base/openvas_certificate_file.h: Removed unneeded include, adjusted doc. 2009-09-25 Felix Wolfsteller * base/certificate.c: Added todo regarding the set_* methods. (certificate_create_full): New, creates a certificate_t with values. * base/certificate.h (struct certificate_t): Changed types from char to gchar (are freed with g_free). (certificate_create_full): Added proto. 2009-09-24 Jan-Oliver Wagner * Makefile (distclean): Also remove the libopenvas.pc file. 2009-09-24 Felix Wolfsteller * misc/openvas_logging.c, misc/openvas_logging.h: Renamed openvasd_logging struct to openvas_logging_t. 2009-09-24 Felix Wolfsteller * nasl/nasl_packet_forgery.c: Added missing include. 2009-09-24 Felix Wolfsteller * Makefile: Install header of libopenvas_base to openvas/base/. 2009-09-24 Felix Wolfsteller Apply convention for libraries, use underscore-separator. * misc/Makefile: Build and install libopenvas_misc* rather than libopenvasmisc*. * hg/Makefile: Build and install libopenvas_hg* rather than libopenvashg*. * libopenvas-config.in, nasl/CMakeLists.txt, misc/README.txt, hg/test.c: Adjusted to changes. 2009-09-24 Felix Wolfsteller * misc/ids_send.c: Added note about BSD_BYTE_ORDERING coming from config.h. * nasl/exec.c, nasl/nasl.c, nasl/nasl_cmd_exec.c, nasl/nasl_grammar.y, nasl/nasl_packet_forgery.c: Removed inclusion of includes.h, added missing includes. 2009-09-24 Felix Wolfsteller * misc/scanners_utils.c (getpts): Merged doc, replaced K&R header decl. * misc/network.c: Minor doc. * misc/network.h: Added separating newline. * misc/share_fd.c: Removed unneeded include. 2009-09-24 Felix Wolfsteller * misc/openvas_ssh_login.c, nasl/capture_packet.c, nasl/exec.c, nasl/nasl_http.c, nasl/nasl_packet_forgery.c, nasl/nasl_scanner_glue.c, nasl/nasl_var.c: Replaced "includes.h" by respective includes where possible. 2009-09-24 Felix Wolfsteller * misc/openvas_logging.c: Added missing include, corrected doc and type of local variable. * misc/openvas_logging.h: Corrected type of variable. 2009-09-24 Felix Wolfsteller * hg/hg_filter.c, hg/hg_debug.c, hg/hg_utils.c, hg/hg_subnet.c, hg/test.c, hg/hosts_gatherer.c, hg/hg_dns_axfr.c, hg/hosts_gatherer.h, hg/hg_add_hosts.c: Removed inclusion of includes.h, added missing includes. 2009-09-24 Felix Wolfsteller * misc/pcap.c: Cosmetics, doc. 2009-09-24 Felix Wolfsteller * nasl/strutils.h, nasl/nasl_tree.c, nasl/nasl_signature.c, nasl/nasl_crypto2.c, nasl/preparse.c, nasl/md5.c, nasl/nasl_host.c, nasl/nasl_crypto.c, nasl/nasl_debug.c, nasl/nasl_socket.c, nasl/nasl_func.c, nasl/hmacmd5.c, nasl/nasl_text_utils.c, nasl/lint.c, nasl/nasl_misc_funcs.c, nasl/nasl_lex_ctxt.c, nasl/nasl_cmd_exec.c, nasl/nasl.c, nasl/nasl.h, nasl/regex.c, nasl/nasl_init.c, nasl/strutils.c, nasl/nasl_regex.h: Resolved "includes.h"-includes. 2009-09-24 Felix Wolfsteller * nasl/nasl_socket.c: Major reformatting. 2009-09-24 Felix Wolfsteller * misc/comm.h, misc/openvas_logging.h: Whitespace removed. * misc/openvas_logging.c: Adjusted comments, resolved "includes.h"-include. * base/certificate.c: Cosmetics. 2009-09-23 Matthew Mundell * misc/openvas_logging.c (free_log_configuration): Explicitly let go of the IO channel. (openvas_log_func): Change default_level to G_LOG_LEVEL_DEBUG, otherwise g_debug messages are always lost when this function is used for g_log_default_handler. Use a temporary openvasd_logging pointer when searching through the domain list, else the second search could overwrite the log_domain_entry found in the first search. * misc/openvas_logging.h: Add rename @todo. 2009-09-23 Matthew Mundell * misc/openvas_auth.c (openvas_set_user_role): New function. * misc/openvas_auth.h (openvas_set_user_role): New header. 2009-09-22 Jan-Oliver Wagner * MANIFEST: Updated. 2009-09-22 Jan-Oliver Wagner * packaging/debian/patches/, packaging/debian/, packaging/: Removed. These directories are now empty anyway. The packaging is kept is separate modules. 2009-09-22 Jan-Oliver Wagner Post-release version bump. * VERSION: Set to 3.0.0.beta2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-09-22 Jan-Oliver Wagner Preparing the openvas-libraries 3.0.0-beta1 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.beta1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-09-22 Felix Wolfsteller * misc/network.c: Cosmetics, doc. 2009-09-22 Felix Wolfsteller * misc/network.h, misc/network.c: Renamed ovas_server_context to ovas_scanner_context. 2009-09-22 Felix Wolfsteller * CHANGES: Minor typo and grammar fix, added missing contributors. * ChangeLog: Fixed date. 2009-09-22 Felix Wolfsteller * nasl/nasl.c (init_hostinfos, sighandlers): Removed K&R function decls. Lowercased todo to be included in doxygen generated todo-list. Removed unneeded global variable. * nasl/hmacmd5.h: Removed whitespaces. * nasl/exec.c: Removed some whitespaces, lowercased todo kexwords to be included in doxygen generated todo-list. (exec_nasl_script) Partly reformatted. (init_nasl_library) Added todo. (nasl_exec) Added brief doc. * nasl/CMakeLists.txt: Removed unnecessary lines. 2009-09-21 Matthew Mundell * omp/omp.c (G_LOG_DOMAIN): New define. * omp/xml.c (G_LOG_DOMAIN): New define. (read_entity_and_text): Remove stderr printing left over from manager. * misc/openvas_logging.c (openvas_log_func): Remove the day name from time_format to make the log prefix shorter. Adjust the message tags slightly so the common messages line up nicely in the log. Add a trailing newline to the message, to be consistent with the predefined glib loggers. Flush two trailing whitespaces. (setup_log_handlers): Setup the default handler to openvas_log_func when the [*] group is present. Correct two typos. Neaten a function call. * misc/openvas_auth.c: Flush trailing blank lines. * misc/openvas_server.c: Offset all log messages in the same way. (G_LOG_DOMAIN): New define. 2009-09-21 Matthew Mundell * CHANGES: Correct some typos, improve a bit of grammar. 2009-09-21 Jan-Oliver Wagner * libopenvas.pc.in: Raised glib dependency to 2.12. * configure: Updated * MANIFEST: Updated. * CHANGES: Added draft text for 3.0.0-beta1 release. * VERSION: Upgraded to 3.0.0.beta1.SVN 2009-09-21 Vlatko Kosturjak * configure.in: initial support for pkg-config for generating libopenvas.pc 2009-09-21 Vlatko Kosturjak * libopenvas.pc.in: new file, support for pkg-config 2009-09-21 Felix Wolfsteller * base/openvas_certificate_file.c: Commented another show_error, added todo regarding re-enabling of error-reporting. 2009-09-21 Felix Wolfsteller * base/openvas_certificates.c, base/openvas_certificates.h: Renamed to openvas_certificate (stripped trailing s). * base/openvas_certificates.c, base/openvas_certificates.h (openvas_certificate_file_write): Changed signature and implementation, get GHashTable directly instead of a context containing it. * base/openvas_certificates.c, base/openvas_certificates.h, base/openvas_certificate_file.c, base/openvas_certificate_file.h, base/severity_filter.c: Updated includes, added workaround and todos regarding i18n. * MANIFEST: Updated content. * base/CMakeLists.txt: Updated. * Makefile: Install new headers. 2009-09-21 Felix Wolfsteller Moved the openvas_certificate_file module from openvas-client/src/openvas-lib/. * base/openvas_certificate_file.c, base/openvas_certificate_file.h: Moved from openvas-client/src/openvas-lib/. 2009-09-21 Felix Wolfsteller Moved the openvas_certificates module from openvas-client/src/openvas-lib/. * base/openvas_certificates.c, base/openvas_certificates.h: Moved from openvas-client/src/openvas-lib/. 2009-09-21 Felix Wolfsteller Moved the severity_filter module from openvas-client/src/util. * src/util/severity_filter.c, src/util/severity_filter.h: Moved from openvas-client/src/util. 2009-09-21 Jan-Oliver Wagner * nasl/nasl_misc_funcs.c, nasl/nasl_init.c, misc/services.h, misc/services.c, misc/services1.c, misc/scanners_utils.h, misc/resolve.h, misc/plugutils.h, misc/plugutils.c, misc/network.c, misc/ids_send.h, misc/ids_send.c: Renamed NESSUS to OPENVAS. 2009-09-21 Jan-Oliver Wagner * nasl/nasl_udp.h, nasl/nasl_tcp.h, nasl/nasl_scanner_glue.h, nasl/nasl_raw.h, nasl/nasl_ip.h, nasl/nasl_icmp.h, misc/rand.h, misc/comm.h: Replace NESSUS by OPENVAS. 2009-09-20 Jan-Oliver Wagner * omp/README.txt, base/README.txt: Fixed dependency info. * misc/services1.c, misc/network.c: Renamed Nessus to OpenVAS. 2009-09-20 Jan-Oliver Wagner * doc/README.BPF: Moved here from README.BPF. * packaging/fedora/openvas-libraries-1.0.1-1.fc8.openvas.spec, packaging/fedora/openvas-libraries-1.0.1-Makefile.diff, packaging/fedora/openvas-libraries-1.0.1-hg-Makefile.diff, packaging/opensuse/openvas-libraries-1.0.1-1.suse102.openvas.spec, packaging/opensuse/openvas-libraries-1.0.1-Makefile.diff, packaging/opensuse/openvas-libraries-1.0.1-hg-Makefile.diff: Removing hopelessly outdated packaging files. * MANIFEST: Updated. 2009-09-20 Jan-Oliver Wagner * README.BPF: Replaced "nessusd" by "scanner". * INSTALL_README: Reworked. * configure.in: Upgraded dependency for glib from 2.6 to 2.12 in accordance with CR #38. 2009-09-19 Jan-Oliver Wagner * misc/openvas_ssh_login.h, misc/openvas_ssh_login.c, nasl/nasl.c, nasl/nasl_signature.c, nasl/nasl_signature.h, nasl/nasl_text_utils.c, nasl/tests/test_blowfish.nasl, nasl/tests/test_bn.nasl, nasl/tests/test_dh.nasl, nasl/tests/test_dsa.nasl, nasl/tests/test_hexstr.nasl, nasl/tests/test_md.nasl, nasl/tests/test_privkey.nasl, nasl/tests/test_rsa.nasl, nasl/tests/testsuiteinit.nasl, nasl/tests/testsuitesummary.nasl: Copyright transfer from Intevation to Greenbone. 2009-09-18 Matthew Mundell Make OMP interface names consistent. * omp/omp.c (omp_delete_task): Remove. (task_status, authenticate, env_authenticate, create_task) (create_task_from_rc_file, start_task, wait_for_task_start) (wait_for_task_end, wait_for_task_stop, wait_for_task_delete): Remove. Rename with omp_ prefix. (omp_task_status, omp_authenticate, omp_authenticate_env) (omp_create_task_rc, omp_create_task_rc_file, omp_start_task) (omp_wait_for_task_start, omp_wait_for_task_end, omp_wait_for_task_stop) (omp_wait_for_task_delete, omp_delete_task): New. Renamed with prefix. * omp/omp.h: Update headers. 2009-09-18 Matthew Mundell * misc/openvas_string.h: Match declaration names to definition names. 2009-09-18 Matthew Mundell * misc/openvas_server.c (openvas_server_connect) (openvas_server_session_new, openvas_server_session_free): New functions. * misc/openvas_server.h: Add headers. 2009-09-17 Matthew Mundell * libopenvas-config.in (--libs): Add -lopenvas_omp. 2009-09-17 Felix Wolfsteller Removed last OpenSSL-exception statement. openvas does not link openssl anymore. * nasl/nasl_scanner_glue.h: Removed OpenSSL-exception statement. 2009-09-17 Felix Wolfsteller Removed the "OpenSSL-exception" from source files in the 'misc' module (the exception itself allows to do so). openvas does not link against openssl anymore. * misc/hash_table_file.c, misc/hash_table_file.h, misc/openvas_ssh_login.c, misc/openvas_ssh_login.h: Removed the OpenSSL- exception statement. 2009-09-17 Felix Wolfsteller * misc/bpf_share.c, misc/ftp_funcs.c, misc/harglists.c, misc/hlst.c, misc/hlst.h, misc/network.c, misc/resolve.c: Minor cosmetics * misc/ids_send.c, misc/kb.h, misc/openvas_logging.c, misc/openvas_server.c, misc/plugutils.c, misc/www_funcs.c: Replaced uppercase TODOs by lowercase todos, to be included in the doxygen-generated todo-list. * misc/plugutils.c (get_plugin_preference_fname): Documented, reformatted. 2009-09-17 Felix Wolfsteller Removed the "OpenSSL-exception" from source files in the 'nasl' module (the exception itself allows to do so). openvas does not link against openssl anymore. * nasl/capture_packet.h, nasl/exec.h, nasl/nasl_cmd_exec.h, nasl/nasl_crypto2.h, nasl/nasl_debug.h, nasl/nasl_func.h, nasl/nasl_global_ctxt.h, nasl/nasl_host.h, nasl/nasl_http.h, nasl/nasl_init.h, nasl/nasl_lex_ctxt.h, nasl/nasl_misc_funcs.h, nasl/nasl_packet_forgery.h, nasl/nasl_socket.h, nasl/nasl_text_utils.h, nasl/nasl_tree.h, nasl/nasl_var.h, nasl/strutils.h: Removed the OpenSSL-exception statement. 2009-09-17 Felix Wolfsteller Removed the "OpenSSL-exception" from source files in the 'base' module (the exception itself allows to do so). openvas does not link against openssl anymore. * base/hash_table_util.c, base/hash_table_util.h: Removed the OpenSSL- exception statement. 2009-09-17 Felix Wolfsteller * base/nvti.c, nasl/nasl_cmd_exec.c, nasl/nasl_smb.c, nasl/nasl_wmi.c, nasl/strutils.c: Replaced uppercase TODOs by lowercase todos, to be included in the doxygen-generated todo-list. * nasl/lsearch.c (lfind): Added todo, as this source module seems to be obsolete. * nasl/nasl_socket.c: Cosmetics. 2009-09-17 Jan-Oliver Wagner * libopenvas-config.in: Added the top include dir to --cflags, so that #include directives will work for the modules using openvas-libraries 2009-09-16 Matthew Mundell Copy string utilities from manager to libs. * Makefile (install): Add openvas_string.h. * base/openvas_string.h, base/openvas_string.c: New files. * base/CMakeLists.txt (FILES): Add openvas_string.c. * MANIFEST: Add new files. 2009-09-16 Jan-Oliver Wagner * misc/rand.c, misc/network.c, misc/plugutils.c, misc/services1.c, misc/services.c, nasl/nasl_socket.c: Replaced "nessus" by "openvas" in function and struct names. * misc/rand.h, misc/network.h, misc/plugutils.h, misc/services1.h, misc/services.h: Adjusted protos accordingly. 2009-09-15 Jan-Oliver Wagner * doc/openvas-nasl.1, misc/arglists.c, misc/openvas_ssh_login.c, misc/system.c, nasl/nasl_scanner_glue.c: Renamed nessus to openvas. 2009-09-15 Jan-Oliver Wagner * misc/network.c: Renaming of nessus to openvas. 2009-09-15 Jan-Oliver Wagner * nasl/nasl_nessusd_glue.c: Renamed to nasl/nasl_scanner_glue.c. * nasl/nasl_nessusd_glue.h: Renamed to nasl/nasl_scanner_glue.h. * nasl/nasl_init.c, nasl/nasl_scanner_glue.c, nasl/CMakeLists.txt: Adjusted to name change accordingly. * MANIFEST: Updated. 2009-09-15 Matthew Mundell * base/CMakeLists.txt, nasl/CMakeLists.txt: Set project language to C, otherwise building requires a C++ compiler. Improve some formatting. Set policy CMP0005 to OLD. * omp/CMakeLists.txt: Set policy CMP0005 to OLD. 2009-09-15 Matthew Mundell * omp/xml.c.BAK, omp/CMakeLists.txt.BAK, omp/README.txt.BAK, omp/omp.h.BAK, omp/omp.c.BAK, omp/xml.h.BAK: Remove accidentally committed backup files. 2009-09-15 Matthew Mundell * omp/install_manifest.txt, omp/Makefile, omp/cmake_install.cmake, omp/CPackSourceConfig.cmake, omp/CMakeCache.txt, omp/CPackConfig.cmake, omp/CMakeFiles: Remove accidentally committed files. 2009-09-15 Matthew Mundell Copy OMP client interface here from openvas-manager. * omp: New dir. * omp/CMakeLists.txt, omp/README.txt, omp/omp.c, omp/omp.h, omp/xml.c, omp/xml.h: New files. * MANIFEST: Add OMP lib files. * Makefile: Add OMP lib building. Correct typo. Flush trailing whitespace. * doc/Doxyfile, doc/Doxyfile_full: Add omp to include dirs. * misc/openvas_server.c (openvas_server_open): Add const to arg. (openvas_server_send): Check if server closed connection, as in manager. * misc/openvas_server.h: Add include guard. (openvas_server_open): Add const to arg. 2009-09-15 Matthew Mundell * ChangeLog: Flush whitespace. Add spaces to headings. 2009-09-15 Jan-Oliver Wagner * misc/system.h: Added missing include. Again thanks to Marcus Brinkmann for finding this. 2009-09-14 Jan-Oliver Wagner Add support for certificates for GNUTLS connections. Developed by Marcus Brinkmann. * misc/network.c (ovas_allocate_connection): Add parameter certcred and handle credentials accordingly. (nessus_register_connection): Added parameter certcred and now handle credential based connections properly. (ovas_server_context_attach): Adapted to API change. * misc/network.h: Adjusted protos accordingly. * nasl/nasl_socket.c (nasl_open_privileged_socket): Adapted to API change. 2009-09-14 Jan-Oliver Wagner * misc/resolve.c (nn_resolve): memcpy now copies the right size. This was spotted and fixed by Marcus Brinkmann. 2009-09-11 Felix Wolfsteller * nasl/nasl_signature.c (determine_gpghome): Fixed, as OPENVAS_SYSCONFDIR already points to a openvas subdir. 2009-09-11 Felix Wolfsteller * MANIFEST: Added missing (new) files. 2009-09-11 Jan-Oliver Wagner * base/nvticache.c: New. Implements a Cache for NVTIs. * base/nvticache.h: New. Accordingy protos. * base/CMakeLists.txt: Add handling of module nvticache. * misc/store.c (store_dir): Replaced by nvti_cache. (store_init): Added parameter "src". Changed Code to create a NVTI Cache object. (store_load_plugin): Don't do any file-based stuff anymore. Just ask the Cache for the NVTI for the given file. (store_plugin): Adaptapted to use the new location of the cache directory. * misc/store.h: Adjusted protos accordingly. * misc/plugutils.c (plug_set_cachefile, plug_get_cachefile): Removed. These are not required anymore since the NVTI Cache knows how to find it. (_plug_get_path): Removed. (plug_get_path): Now adds directly. * misc/plugutils.h: Adjusted protos accordingly. Remove old protos plug_get_fname and plug_set_fname for which no implementation is present. 2009-09-10 Felix Wolfsteller * nasl/nasl_signature.c (init_openvas_gpgme_ctx): Removed test-surviving "static" keyword. 2009-09-10 Felix Wolfsteller * nasl/nasl_signature.c: Changed uppercase @TODOs to lowercase @todos. 2009-09-10 Felix Wolfsteller * doc/Doxyfile, doc/Doxyfile_full: Added alias to generate todo list from both lower and uppercase @TODOs. 2009-09-09 Felix Wolfsteller * Makefile: Install base/hash_table_util header, sort installation order of headers from base alphabetically. 2009-09-09 Felix Wolfsteller * base/hash_table_util.c, base/hash_table_util.h: New. Implements generation of a list of the keys of a GHashTable. * base/CMakeLists.txt: Added new file to the FILEs list. 2009-09-08 Felix Wolfsteller * misc/arglists.h, misc/arglists.c: Moved declaration of struct name_cache to header, expose the cache_dec function. 2009-09-08 Michael Wiegand * configure.in: Make check for libpcap more robust since it relied on a symbol that might be private in some environments. Fix suggested by Jan Wagner. * configure: Regenerated. 2009-09-08 Jan-Oliver Wagner * misc/plugutils.c (plug_set_cve_id, plug_set_bugtraq_id): NULL guard for parameter "id". * misc/store.c (store_load_plugin): Fix setting of CVE and BID. 2009-09-07 Felix Wolfsteller Preparing removal of rest of slightly differing arglists implementation from client by integrating changes into openvas-libraries. * misc/arglists.c (mkhash): Reformatted. * misc/arglists.c (cache_get_name, cache_add_name): Do not calculate hash value inside function, but expect it as parameter. * misc/arglists.c (cache_inc, cache_dec): Updated calls that require new parameter. * misc/arglists.c (arg_init_element, arg_add_value_at_head, arg_del_value): Added functions from clients implementation. Likely to be obsolete soon. * arglist.h: Added new protos. 2009-09-07 Jan-Oliver Wagner Removing file "plugutils_internal.h". The only function defined there is moved to the only place where it is used. * misc/plugutils_internal.h: Removed. * misc/store.c (_add_plugin_preference): New. Moved here from plugutils.c. * misc/plugutils.c (_add_plugin_preference): Removed. Has gone to store.c. * misc/Makefile: Remove any occurance of plugutil_internal.h. * MANIFEST: Updated. 2009-09-07 Jan-Oliver Wagner Removing file "store_internal.h". The only proto was about a function that does not exist anymore anyway. * misc/plugutils.c, misc/store.c: Don't include store_internal.h anymore. * misc/Makefile: Remove any occurance of store_internal.h. * misc/store_internal.h: Removed. * nasl/nasl_signature.c (nasl_extract_signature_fprs): Removed comments that is not true anymore. * MANIFEST: Updated. 2009-09-06 Jan-Oliver Wagner Now by default add all information about NVT in the server arglist structures. This is the first step to further simplify the NVT information handling. * misc/store.c (store_fetch_version, store_fetch_summary, store_fetch_description, store_fetch_copyright, store_fetch_family, store_fetch_cve_id, store_fetch_bugtraq_id, store_fetch_xref, store_fetch_tag): Removed. (store_load_plugin): Always set version, description, copyright, family, cve_id, bugtraq_id, xref, tag and summary for plugin description. (store_plugin): Now uses the direct function for getting plugin attributes instead of the "_"-prefixed ones. * misc/store_internal.h: Adjusted protos accordingly. * misc/plugutils.c (plug_get_version, plug_get_summary, plug_get_description, plug_get_copyright, plug_get_family, plug_get_cve_id, plug_get_bugtraq_id, plug_get_xref, plug_get_tag): Directly deliver from present data. (_plug_get_version, _plug_get_summary, _plug_get_description, _plug_get_copyright, _plug_get_family, _plug_get_cve_id, _plug_get_bugtraq_id, _plug_get_xref, _plug_get_tag): Removed. (plug_set_version, plug_set_path, plug_set_cachefile): Guard NULL. * misc/plugutils_internal.h: Adjusted protos accordingly. 2009-09-06 Jan-Oliver Wagner * misc/store.c (store_fetch_path, store_fetch_oid, store_fetch_category): Removed. These are not used anywhere. * misc/store_internal.h: Adjusted protos accordingly. 2009-09-06 Jan-Oliver Wagner * misc/store.c (safe_copy): Removed. It is not used here anymore. 2009-09-06 Jan-Oliver Wagner * misc/network.c (nessus_perror): Renamed to pid_perror. * misc/services.h (NESSUS_SVC_SORT_FILES): Removed inactive define which is nowhere used anyway. (NESSUS_SVC_READS_ETC_SERVICES): Removed. This should always be used. * misc/services.c (nessus_get_svc_name): NESSUS_SVC_READS_ETC_SERVICES is always true. 2009-09-04 Jan-Oliver Wagner * misc/popen.c (append_argv, destroy_argv): Removed since the only module that used it is removed meanwhile. 2009-09-04 Jan-Oliver Wagner * misc/popen.c (nessus_popen4): Renamed to openvas_popen4. (nessus_popen): Removed. It is not used anywhere. (nessus_pclose): Renamed to openvas_pclose. * misc/popen.h: Adjust protos accordingly. * nasl/nasl_cmd_exec.c (nasl_pread): Adjust to new API accordingly. 2009-09-04 Michael Wiegand * misc/openvas_auth.c (openvas_is_user_admin): Added new function to determine whether a user has administrative privileges. * misc/openvas_auth.h: Exposed openvas_is_user_admin. 2009-09-04 Jan-Oliver Wagner * misc/network.c (nessus_SSL_init): Renamed to openvas_SSL_init. Also removed the unused parameter. (open_SSL_connection, ovas_server_context_new): Adjusted call accordingly. * misc/network.h: Adjusted proto accordingly. * nasl/nasl.c (main): Adjusted to call of openvas_SSL_init. 2009-09-04 Michael Wiegand * configure.in: Removed checks for libl and libfl which caused unnecessary linking against libl. * libopenvas-config.in: Removed handling of llib. * configure: Regenerated. 2009-09-04 Felix Wolfsteller * nasl/strutils.c, nasl/strutils.h, nasl/nasl_cmd_exec.c, nasl_debug.c: Cosmetics, major reformatting. Added todos about possible replacement by glib and move to other part of openvas-libraries, doc. * nasl/nasl_var.c: Removed unnecessary include 2009-09-04 Felix Wolfsteller * misc/openvas_logging.c, misc/openvas_server.c, misc/openvas_ssh_login.c: Added todos regarding library reorganisation. 2009-09-04 Felix Wolfsteller * misc/plugutils.c: Removed K&R style function declarations, whitespaces, unused define, added doc and made a TODO indexable. 2009-09-04 Chandrashekhar B * nasl/nasl_host.c: (get_host_ip): Addressed an issue. The function was returning IPv6 mapped IPv4 address, now returns pure IPv4 address. Many applications won't accept v6 mapped v4. 2009-09-04 Felix Wolfsteller * libopenvas-config.in: Corrected string comparison. 2009-09-04 Felix Wolfsteller * nasl/nasl_signature (init_openvas_gpgme_ctx): Added call to gpgme_version_check which apparently initializes parts of gpgme. This might fix bug #972 or #1079 (http://bugs.openvas.org/1079). With help from Michael Wiegand. 2009-09-03 Jan-Oliver Wagner * misc/hash_table_file.c: Transferred copyright to Greenbone. Replaced includes.h by those needed really. * misc/hash_table_file.h: Transferred copyright to Greenbone. 2009-09-03 Felix Wolfsteller * Makefile: Install nasl.h header. 2009-09-03 Felix Wolfsteller * libopenvas-config.in: Corrected inverted logic: Add -lwmiclient to linker flags if libwmiclient found during configure step. 2009-09-03 Felix Wolfsteller * Makefile: Pass HAVE_WMI client to cmake if libwmiclient was found during configure step. * libopenvas-config.in: Add -lwmiclient to linker flags if libwmiclient found during configure step. * nasl/CMakeLists.txt: Link against wmiclient if libwmiclient was found during configure step. 2009-09-03 Michael Wiegand * configure.in, openvas-libraries.tmpl.in: Added support for libwmiclient detection. * configure: Regenerated. 2009-09-03 Felix Wolfsteller * nasl/nasl_smb.c, nasl/nasl_wmi.c: Return NULL if no version info is available, as stated in the documentation. This avoid segfaults by unguarded calls strdup and strlen. Minor reformatting. * nasl/nasl_smb.c, nasl/nasl_wmi.c: Added TODOs about possible memleaks. 2009-09-01 Felix Wolfsteller * configure: Regenerated. 2009-09-01 Felix Wolfsteller * nasl/TODO: copied from openvas-nasl/TODO. * nasl/ChangeLog-pre-09-2009: Copied (soon old ChangeLog entries). * nasl/README.txt: New. 2009-09-01 Felix Wolfsteller * nasl/CMakeLists.txt: Added target to build the openvas-nasl standalone interpreter (works at least on debian machines). * MANIFEST: Updated 2009-08-31 Jan-Oliver Wagner * misc/network.c (auth_send): Removed call of nessus_perror because the respective errno has changed at this moment already anyway. 2009-08-31 Felix Wolfsteller * libopenvas-config.1, doc/libopenvas-config.1: Moved libopenvas-config manpage to doc. * Makefile: Install openvas-nasl manpage, adjusted path of libopenvas-config manpage. 2009-08-31 Felix Wolfsteller * doc/openvas-nasl.1, doc/signatures-howto.txt: Added, copied from openvas-libnasl/doc. 2009-08-31 Felix Wolfsteller * nasl/tests/, nasl/tests/Makefile, nasl/tests/README.txt, nasl/tests/signed.nasl, nasl/tests/signed_nasl.asc, nasl/tests/test_blowfish.nasl, nasl/tests/test_bn.nasl, nasl/tests/test_db.nasl, nasl/tests/test_dsa.nasl, nasl/tests/test_hexstr.nasl, nasl/tests/md.nasl, nasl/tests/test_privkey.nasl, nasl/tests/test_rsa.nasl, nasl/tests/test_script_signing.sh, nasl/tests/testseuiteinit.nasl, nasl/tests/testsuitesummary.nasl: Added, copied from openvas-libnasl/test. 2009-08-31 Felix Wolfsteller * libopenvas-config.in, configure.in: Added lopenvas_nasl and its dependencies (from openvas-libnasl-config) to the linker flags. 2009-08-31 Felix Wolfsteller * libopenvas-config.in: Removed lopenvas_nasl from linker flags for now, as it breaks linking. 2009-08-31 Felix Wolfsteller * misc/network.c: Cosmetics, reformatted nsend, auth_send, nessus_perror and removed K&R styled function decls. 2009-08-31 Felix Wolfsteller * libopenvas-config.in: Added lopenvas_nasl to linker flags. * base/README.txt: Corrected. 2009-08-31 Felix Wolfsteller * nasl/CMakeLists.txt: Modify output of custom bison target to remove generated files within the "clean" target, split long list over multiple lines. 2009-08-28 Felix Wolfsteller According to CR #38 (http://www.openvas.org/openvas-cr-38.html), libopenvas_nasl is now "part of" openvas-libraries. Expecting compilation issues due to skip of the old configure step. * doc/Doxyfile, doc/Doxyfile_full: Added nasl to include dirs. * nasl/CMakeLists.txt: Added not so clean way of compiling the parser. * MANIFEST: Added contents of nasl folder. * Makefile: Added nasl to all, install clean targets. Minor cosmetics. 2009-08-28 Felix Wolfsteller Enabled build for the environment where the config was generated, preparing CR #38 (http://www.openvas.org/openvas-cr-38.html). * base/CMakeLists.txt: Removed duplicate (and commented) code. * nasl/CMakeLists.txt: Removed duplicate (and commented) code, added definition for OPENVAS_SYSCONF_DIR. * nasl/nasl_socket.c: Added include. 2009-08-28 Felix Wolfsteller Attempts to enable build, preparing CR #38 (http://www.openvas.org/openvas-cr-38.html). * nasl/capture_packet.c: Changed includes. * nasl/capture_packet.h: Added missing include. * nasl/CMakeLists.txt: Added libopenvas include directories, pass through variables. * nasl/nasl.c, nasl/nasl_init.c, nasl/nasl_ip.h, nasl/nasl_packet_forgery.c, nasl_raw.h, nasl_tcp.h: Changed includes. * Makefile: Removed. Is generated by CMake. * nasl/config.h: Added a generated config.h (from openvas-libnasl/includes) to enable compilation. * nasl/nasl_tcp.h, nasl/nasl_raw.h, nasl/nasl_icmp.h, nasl/nasl_ip.h, nasl/nasl_udp.h: Copied from openvas-libnasl/includes. 2009-08-28 Felix Wolfsteller Copied contents of openvas-libnasl to openvas-libraries, preparing CR #38 (http://www.openvas.org/openvas-cr-38.html). * nasl/capture_packet.c, nasl/nasl_cmd_exec.c, nasl/nasl_host.c, nasl/nasl_misc_funcs.h, nasl/nasl_socket.h, nasl/preparse.c, nasl/capture_packet.h, nasl/nasl_cmd_exec.h, nasl/nasl_host.h, nasl/nasl_nessusd_glue.c, nasl/nasl_text_utils.c, nasl/preparse.h, nasl/exec.c, nasl/nasl_crypto2.c, nasl/nasl_http.c, nasl/nasl_nessusd_glue.h, nasl/nasl_text_utils.h, nasl/regex.c, nasl/exec.h, nasl/nasl_crypto2.h, nasl/nasl_http.h, nasl/nasl_packet_forgery.c, nasl/nasl_tree.c, nasl/smb_interface_stub.c, nasl/hmacmd5.c, nasl/nasl_crypto.c, nasl/nasl_init.c, nasl/nasl_packet_forgery.h, nasl/nasl_tree.h, nasl/strutils.c, nasl/hmacmd5.h, nasl/nasl_crypto.h, nasl/nasl_init.h, nasl/nasl_regex.h, nasl/nasl_var.c, nasl/strutils.h, nasl/lint.c, nasl/nasl_debug.c, nasl/nasl_lex_ctxt_better.h, nasl/nasl_signature.c, nasl/nasl_var.h, nasl/wmi_interface_stub.c, nasl/lsearch.c, nasl/nasl_debug.h, nasl/nasl_lex_ctxt.c, nasl/nasl_signature.h, nasl/nasl_wmi.c, nasl/md5.c, nasl/nasl_func.c, nasl/nasl_lex_ctxt.h, nasl/nasl_smb.c, nasl/nasl_wmi.h, nasl/md5.h, nasl/nasl_func.h, nasl/nasl_misc_funcs_better.c, nasl/nasl_smb.h, nasl/openvas_smb_interface.h, nasl/nasl.c, nasl/nasl_global_ctxt.h, nasl/nasl_misc_funcs.c, nasl/nasl_socket.c, nasl/openvas_wmi_interface.h: Copied from openvas-libnasl/nasl. * nasl/includes.h, nasl/nasl.h: Copied from openvas-libnasl/include. 2009-08-28 Felix Wolfsteller Preparing move of contents of openvas-libnasl to openvas-libraries, according to CR #38 (http://www.openvas.org/openvas-cr-38.html). * nasl/, nasl/CMakeLists.txt: New. 2009-08-28 Felix Wolfsteller Create own library for 'base'. * libopenvas-config.in: Added libopenvas_base to linker flags (libopenvas-config --libs). * Makefile: Added base to all, install and clean targets. * misc/Makefile: Removed targets that are now built 'in' base. 2009-08-28 Jan-Oliver Wagner * base/README: Fixed glib version. * MANIFEST: Updated. 2009-08-27 Felix Wolfsteller * misc/network.h: Added missing include, resolves compiler warnings. 2009-08-27 Felix Wolfsteller * misc/arglists.c (mkhash): Switched to hash algorithm provided by glib. 2009-08-27 Felix Wolfsteller * misc/harglists.c: Added ifdef _WIN32 blocks from clients code. * misc/network.c (recv_line): Reformat and documentation like in clients version of the file. 2009-08-26 Jan-Oliver Wagner * hg/hg_add_hosts.h: Removed proto for cmpipv6addrs as there is nowhere a implementation for this function. 2009-08-26 Jan-Oliver Wagner * hg/hg_add_hosts.h: Removed proto for convipv4toipv4mappedaddr. * misc/network.h: Added proto for convipv4toipv4mappedaddr. 2009-08-26 Jan-Oliver Wagner First set of changes to openvas-libraries towards IPv6 support. This corresponds to Change Request #27, http://www.openvas.org/openvas-cr-27.html Most work done by Srinivasa NL . * misc/resolve.c (nn_resolve): Use getaddrinfo instead of gethostbyname to resolve hostname. Return ip address in in6_addr structure. host2ip function is not used anymore. * misc/resolve.h: Adapted proto accordingly. * misc/plugutils.c (plug_get_host_ip): Change return type to in6_addr instead of in_addr type. * misc/plugutils.h: Adapted proto accordingly. * misc/network.c (convip4toipv4mappedaddr): New. Converts ipv4 address to ipv4 mapped ipv6 address. (open_socket): Added support for ipv6. (open_sock_opt_hn): Added support for ipv6. (set_socket_src_addr): Added additionaly paramter "family" and added support for ipv6. (open_sock_option): Added support for ipv6. * misc/network.h: Prototype of set_socket_src_addr adapted accordingly. * hg/hg_utils.c (hg_resolv): Added parameters in6addr and family. Use getaddrinfo instead of gethostbyname to resolve hostname. (hg_get_name_from_ip): Parameter ip now a pointer to in6_addr. Added support to handle ipv6 address. (hg_valid_ip_addr): New. Checks whether address is a valid ipv4 or ipv6 address. * hg/hg_utils.h: Modified and added prototype declararions correspondigly. * hg/hg_subnet.c (hg_gather_subnet_hosts): Use new interface of hg_get_name_from_ip. Works only for ipv4 targets. * hg/hosts_gatherer.c (hg_next_host): Changed paramter ip to in6_addr. Added support for ipv6. hg/hosts_gatherer.h: Adapted proto for hg_next_host. (struct hg_host): Added support for ipv6. * hg/hg_dns_axfr.c (hg_dns_fill_ns_addrs): Use newer hg_resolve which returns address of hostname in in6_addr type. Works only for ipv4 hosts. * hg/hg_add_hosts.c (getaddrfamily): New. Gets the family to which the given address belongs. (hg_add_host): Added support for ipv6. (hg_add_comma_delimited_hosts): Added support for ipv6. (hg_add_ipv6host_with_options): New. Adds ipv6 hosts to host list. (hg_add_host_with_options): Store ipv4 address as ipv4 mapped ipv6 address. * hg/hg_add_hosts.h: Extended and apdapted protos accordingly. 2009-08-26 Matthew Mundell * base/CMakeLists.txt: New file. Initial cmake building setup. 2009-08-25 Felix Wolfsteller * misc/openvas_ssh_login.c, misc/openvas_ssh_login.h: Cosmetics. Files now equal versions from openvas-client/src/openvas-lib again. * misc/system.c (emalloc): Added ifndef WIN_32 blocks from version in openvas-client. Files are otherwise nearly identical. 2009-08-24 Felix Wolfsteller * misc/arglists.c, misc/system.c: Cosmetics & doc, to increase similarity to arglist implementation in openvas-client. * misc/harglists.c (harg_inct): Added brackets around condition, like in openvas-clients version of this file. * misc/system.h: Removed if(n)defs for HUNT_MEM_LEAKS, as the otherwise defined functions like __hml_free could not be found to be implemented anywhere. * misc/hlst.c (create_hlst, copy_hlst): Added ifdef _WIN32 conditioned code from openvas-client/libness/hlst.c. 2009-08-24 Felix Wolfsteller * misc/plugutils.c: Added NULL-guard that is done in addslashes.c in openvas-client, equal comments. 2009-08-24 Tim Brown * base/nvti.c: Further format string fixes from Stephan Kleine. 2009-08-21 Felix Wolfsteller * base/accessrules.c (accessrule_to_file): New, write a single rule to file (accessrules_to_file): Call accessrule_to_file for each rule (handle_start_element, handle_end_element, handle_text, handle_error): New, stubs for xmlparser (accessrules_from_file): Initialize xml parser. (accessrules_add): Added Null guard. Still incomplete, added TODOs. 2009-08-21 Felix Wolfsteller * base/accessrules.c (accessrules_to_file, accessrules_from_file): Corrected doc. * base/accessrules.c (accessrule_version, accessrule_ip): Renamed function. 2009-08-21 Jan-Oliver Wagner * base/accessrules.c: New. New implementation for access rules. Not finished yet. * base/accessrules.h: New. Respective Protos. * misc/Makefile: Added handling for module "accessrules". 2009-08-21 Jan-Oliver Wagner * base/nvti.c: Fixed a few indentions and incomplete doc strings. 2009-08-20 Felix Wolfsteller * base/README.txt: Removed second blank newline at eof. * hg/README.txt, misc/README.txt: New, describe 'state' of the directories. 2009-08-20 Felix Wolfsteller * TODO, base/certificate.c, base/certificate.h, base/nvti.c, base/nvti.c, misc/openvas_logging.h: Updated paths in comments. * hg/Makefile: Updated include path for the test target. 2009-08-20 Felix Wolfsteller As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed library libopenvas to libopenvasmisc. * misc/Makefile, libopenvas-config.in: Changed library name and output of libopenvas-config. * misc/openvas-logging.c: Changed path in comment. * doc/Doxyfile, doc/Doxyfile_full: Adjusted input path. * hg/Makefile: Changed include path. 2009-08-20 Felix Wolfsteller * MANIFEST: Sorted. 2009-08-20 Felix Wolfsteller As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed openvas-libraries/libopenvas folder to openvas-libraries/misc. * libopenvas/, misc/: Moved. * Makefile: Adjusted path. * MANIFEST: Adjusted paths. 2009-08-20 Felix Wolfsteller * libopenvas/hlst.c (_hashqueue): Cosmetics, doc. 2009-08-20 Felix Wolfsteller As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed libopenvas_hg to libopenvashg. * libopenvas-config.in: Adjusted output of 'libopenvas-config --libs'. 2009-08-20 Felix Wolfsteller * hg/Makefile, include/libopenvas.h, libopenvas/plugutils.h, libopenvas/www_funcs.c, base/certificate.h: Cosmetics and docs. 2009-08-20 Felix Wolfsteller As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed libopenvas_hg to libopenvashg. * hg/Makefile, TODO: Renamed library and references to it. * hg/test.c: Renamed library in comment. 2009-08-20 Felix Wolfsteller * doc/Doxyfile, doc/Doxyfile_full: Corrected path, libopenvas_hg is now hg. 2009-08-20 Felix Wolfsteller As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed openvas-libraries/libopenvas_hg folder to openvas-libraries/hg. * libopenvas_hg/, hg/: Moved. * Makefile: Adjusted path. * MANIFEST: Adjusted paths. 2009-08-20 Felix Wolfsteller * libopenvas_hg/hg_add_hosts.c (hg_add_comma_delimited_hosts): Minimal cosmetics/doc. 2009-08-17 Matthew Mundell * ChangeLog: Switch to full email address. 2009-08-17 Felix Wolfsteller * libopenvas/services1.c (nessus_init_svc): Added RATS:ignore flag where memcopy limit is sane. * libopenvas/openvas_auth.c (get_password_hashes): Added RATS:ignore flag where statically sized buffer is sanely used. 2009-08-17 Felix Wolfsteller * libopenvas/plugutils.c (nessuslib_version): Added RATS:ignore flag where statically sized char buffer is used in a sane manner. 2009-08-17 Felix Wolfsteller * libopenvas/plugutils.c (proto_post_wrapped): Removed unused variable i. 2009-08-17 Felix Wolfsteller * base/nvti.c (nvti_as_openvas_nvt_cache_entry): Corrected doc. * base/nvti.h (struct nvtpref): Made comments 'available' for doxygen, although these members should not be accessed directly. 2009-08-14 Matthew Mundell * libopenvas/openvas_auth.c (openvas_authenticate): Improve doc. Return 1 on g_file_get_contents fail, as this is most probably an auth failure. 2009-08-14 Matthew Mundell * libopenvas/openvas_logging.c (openvas_log_func): Add log_domain NULL guard. 2009-08-13 Matthew Mundell * libopenvas/openvas_logging.c (setup_log_handlers): Adjust the * check so that the * case also goes on to the next item. 2009-08-13 Felix Wolfsteller * doc/Doxyfile, doc/Doxyfile_full: Added 'base' to input paths. 2009-08-13 Felix Wolfsteller * base/certificate.h (certificate_t, certificates_t): Converted documentation contained in comments of struct members, to be useable by doxygen. * ChangeLog: Improved wording. 2009-08-13 Felix Wolfsteller * base/nvti.h: Converted documentation contained in comments of struct members, to be useable by doxygen. 2009-08-12 Laban Mwangi * libopenvas/openvas_logging.c, libopenvas/openvas_logging.h: Added support for the default group and tidying of comments. Fixed setup_log_handlers to load log domains from the configuration file. 2009-08-12 Jan-Oliver Wagner * base/README.txt: Updated. 2009-08-12 Jan-Oliver Wagner According to CR #38 (http://www.openvas.org/openvas-cr-38.html) to reorganize openvas-libraries, this step prepares the "base" lib. * libopenvascommon: rename to "base". * base: The former directory "libopenvascommon". * Makefile, libopenvas/Makefile: replace all occurances of path "libopenvascommon" by "base". * MANIFEST: Updated. 2009-08-12 Jan-Oliver Wagner * libopenvas/resolve.c: Removed definition of __u32 because it is not used anyway. Removed code that is deactivated since ever anyway. 2009-07-27 Felix Wolfsteller * packaging/debian/control, packaging/debian/libopenvas2-dev.dirs, packaging/debian/compat, packaging/debian/libopenvas2.dirs, packaging/debian/libopenvas2-dev.install, packaging/debian/watch, packaging/debian/changelog, packaging/debian/patches/configure-grypt.dpatch, packaging/debian/patches/00list, packaging/debian/copyright, packaging/debian/libopenvas2.install, packaging/debian/rules: Removed. Was moved to /openvas-packaging/openvas-libraries/debian/trunk. 2009-07-27 Jan Wagner * packaging/debian/changelog, packaging/debian/control, packaging/debian/watch, packaging/debian/patches packaging/debian/patches/configure-grypt.dpatch packaging/debian/patches/00list, packaging/debian/copyright packaging/debian/rules: - relicense packaging to GPL-3 - New upstream release - add configure-grypt.dpatch to get grypt working well - fixing DESTDIR in rules - Add debian/watch to detect when a new version is available at wald.intevation.org - Bump Standards-Version to 3.8.2, no changes needed 2009-07-27 Laban Mwangi * libopenvas/openvas_logging.c, libopenvas/openvas_logging.h: Consistency in variable names. 2009-07-27 Matthew Mundell * libopenvas/openvas_logging.c (level_int_from_string): New function. (load_log_configuration): Look for level names and integers when parsing the "level" key. 2009-07-27 Matthew Mundell * libopenvas/openvas_logging.c: Improve spacing. Remove @returns from void functions. Make comment formats more consistent. Shorten some comment lines. Space @params as in other modules. * libopenvas/openvas_logging.h: Improve spacing. Remove function descriptions. (openvasd_logging): Doxyfy docs. 2009-07-27 Matthew Mundell * libopenvas/openvas_logging.c, libopenvas/openvas_logging.h: Convert tabs to spaces. 2009-07-27 Laban Mwangi * libopenvas/openvas_logging.c: Indentation fixes. * libopenvas/openvas_logging.h: Indentation fixes. 2009-07-24 Michael Meyer * libopenvas/plugutils.c: Added line break to debug message because without it was not realy readable. 2009-07-24 Felix Wolfsteller * libopenvas/Makefile: Thankfully applied patch of Stephan Kleine that closes bug 1037 ( http://bugs.openvas.org/1037 ). 2009-07-20 Matthew Mundell * libopenvas/openvas_logging.c (openvas_log_func): Change the timeformat hour-minute-second separators, so that log_separator is unique. Remove log_separator from the initialisation of "prepend", as prepend_buf always starts with the log separator. Add a NULL guard to the creation of logstr. Remove the newline from the stderr output case, so that it works the same as the channel case. (setup_log_handlers): Remove the openvasmd entry, which belongs in the manager. 2009-07-19 Jan-Oliver Wagner Add mandatory_keys to plugin arglist structure. This is part of implementing Change Request #39, http://www.openvas.org/openvas-cr-39.html. * libopenvas/store.c (store_load_plugin, store_plugin): Added handling for mandatory_keys. * libopenvas/plugutils.c (plug_mandatory_key): New. Sets mandatory keys. (plug_get_mandatory_keys): New. Gets mandatory keys. * libopenvas/plugutils.h: Added protos for plug_mandatory_key() and plug_get_mandatory_keys(). 2009-07-19 Jan-Oliver Wagner Add mandatory_keys to NVTI. This is part of implementing Change Request #39, http://www.openvas.org/openvas-cr-39.html. * libopenvascommon/nvti.h: Added manadatory_keys to struct nvti and added respective protos. * libopenvascommon/nvti.c (nvti_free, nvti_add_pref, nvti_from_keyfile): Handle mandatory_keys. (nvti_mandatory_keys): New. Returns mandatory_keys. (nvti_set_mandatory_keys): New. Sets mandatory_keys. 2009-07-17 Matthew Mundell * libopenvas/openvas_logging.c (openvas_log_func): Add log_domain NULL guard. Correct typo. (setup_log_handlers): Add "openvasmd" entry. Correct type in "openvas" entry. 2009-07-17 Matthew Mundell * libopenvas/openvas_logging.c: Flush trailing whitespace. 2009-07-16 Jan-Oliver Wagner * libopenvas/Makefile, libopenvas/services.h, libopenvas/services1.c: Renamed NESSUS_STATE_DIR to OPENVAS_STATE_DIR. 2009-07-12 Michael Wiegand * libopenvas/rand.c: Removed emulation functions for lrand48 and srand48 since they were never exported. Updated comments. (nessus_init_random): Removed useless RATS: ignore statement. 2009-07-10 Michael Wiegand * configure.in: Removed check for rand() since the result is not used anywhere. * configure: Regenerated. * include/config.h.in: Removed handling of HAVE_RAND. 2009-07-06 Jan-Oliver Wagner * include/config.h.in: Removed NESSUSD_DIR, NESSUSD_REPORTS_DIR, NESSUSD_RULES, NESSUSD_USERS, NESSUSD_MESSAGES, PLUGINS_DIR: not used anywhere. 2009-07-05 Jan-Oliver Wagner * libopenvas/store_internal.h: Removed protos for non-existant functions store_save_init and store_save_end. 2009-07-03 Jan-Oliver Wagner * libopenvas/plugutils.c (proto_post_note): Readded a simple version. This needs some more engeneering to get rid of. 2009-07-03 Jan-Oliver Wagner * libopenvas/plugutils.c (proto_post_wrapped, proto_post_hole, proto_post_info, proto_post_debug): Removed unneeded returns. 2009-07-03 Jan-Oliver Wagner * libopenvas/plugutils.c (post_note, post_note_udp): Call proto_post_wrapped() directly instead of proto_post_note. (proto_post_note): Removed. This is a compatibility layer for the (ancient nessus-)times when "notes" where not supported (preference "ntp_client_accepts_notes"). 2009-06-29 Jan-Oliver Wagner * libopenvas/plugutils.h: Added proto for plug_set_port_transport. 2009-06-27 Jan-Oliver Wagner * libopenvas/plugutils.c (plug_set_family, plug_set_name, plug_set_summary, plug_set_description, plug_set_copyright): Removed superfluous parameter "language". * libopenvas/plugutils.h: Adapted protos accordingly. * libopenvas/store.c (store_load_plugin): Adapted call of plug_set_family accordingly. 2009-06-26 Jan-Oliver Wagner * libopenvas/plugutils.c (plug_set_family, plug_set_name, plug_set_summary, plug_set_description, plug_set_copyright): According to CR#36, the language handling is removed. 2009-06-26 Jan-Oliver Wagner * libopenvas/store.c (store_fetch_required_udp_ports, store_fetch_required_udp_ports, store_fetch_excluded_keys, store_fetch_required_keys): Removed because never used anywhere. * libopenvas/store_internal.h: Removed corresponding protos. 2009-06-26 Jan-Oliver Wagner * libopenvas/store_internal.h (MAX_PREFS, MAGIC, pprefs, plugin): Removed all the uneeded makros and structs. (store_get_plugin): Removed proto for this nonexistant funciton. * libopenvas/store.c (store_load_plugin): Removed unused variable pp. 2009-06-26 Jan-Oliver Wagner * libopenvas/store.c(store_init_user, -store_init_sys): Remove these deprecated functions now that this code is heading for the next major release. * libopenvas/store.h: Remove respective protos. 2009-06-26 Jan-Oliver Wagner * libopenvas/store.c (store_get_plugin, store_get_plugin_f): Removed. These functions are not needed anymore. 2009-06-23 Jan-Oliver Wagner * libopenvascommon/nvti.c (nvti_from_keyfile): Guard NULL pointer for g_convert. 2009-06-23 Jan-Oliver Wagner * libopenvascommon/nvti.c (nvti_from_keyfile, nvti_to_keyfile): Before writing a copyright, description, name or summary, convert string to UTF8 and convert to latin-1 when reading it. 2009-06-15 Michael Wiegand * ChangeLog: Corrected module name in last entry. 2009-06-15 Michael Wiegand * configure.in: Added check for gcrypt.h which properly sets $LIBS so gcrypt can be correctly linked. This fixes the linker warnings described in Bug #1035 (http://bugs.openvas.org/1035) that occured if openvas-libraries was configured with LDFLAGS="-Wl,-z,defs" (--no-undefined). * configure: Regenerated. 2009-06-12 Jan-Oliver Wagner Main part of the implementation for Change Request #33 (Change server-side NVT cache from binary dumps to keyfiles), see http://www.openvas.org/openvas-cr-33.html. One important effect of this change is that in the cache directory news files with the suffix ".nvti" will be created. The old ".desc" files will remain there. These can be deleted. * libopenvas/store.c (str2arglist): Apply strchr only if the string is non-empty. (store_load_plugin, store_plugin, store_fetch_path) (store_fetch_version, store_fetch_summary, store_fetch_description) (store_fetch_copyright, store_fetch_family, store_fetch_oid) (store_fetch_cve_id, store_fetch_bugtraq_id, store_fetch_xref) (store_fetch_tag, store_fetch_required_keys, store_fetch_excluded_keys) (store_fetch_required_ports, store_fetch_required_udp_ports): Replace handling from "desc" files to "nvti" files. 2009-06-11 Michael Wiegand Included patch provided by Ryan Schmidt to remove a build failure on Mac OS X 10.4.11. This solves Bug #1033 (http://bugs.openvas.org/1033). * libopenvas/pcap.c: Changed order of includes. 2009-06-10 Michael Wiegand Post branch version bump. * VERSION: Set to 2.1.0.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-06-10 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-06-10 Michael Wiegand * libopenvas/openvas_logging.c (openvas_log_func): Use g_strdup instead of g_strdup_printf to generate empty sting. 2009-06-10 Michael Wiegand Preparing the openvas-libraries 2.0.3 release. * CHANGES: Updated. * VERSION: Set to 2.0.3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-06-10 Michael Wiegand * libopenvas/plugutils.c (post_note): Changed "#if 0" to "#if DEBUG" as recommended by Felix Wolfsteller to make the debug output available when debugging. 2009-06-10 Michael Wiegand * libopenvas/plugutils.c (post_note): Changed "#if 1" back to "#if 0" to remove stray debug output that was accidentally enabled in rev 2958. 2009-06-10 Laban Mwangi * libopenvas/openvas_logging.c, libopenvas/openvas_logging.h: Commenting in doxygen format Compile warning fixes * openvas-libraries.tmpl.in: Fix for an unintended gthread dependency 2009-06-09 Michael Wiegand * libopenvascommon/nvti.c (nvti_to_keyfile): Make sure the string written does not exceed the maximum buffer size. 2009-06-08 Jan-Oliver Wagner * libopenvascommon/nvti.c (nvti_to_keyfile): Added support of subdirectories). 2009-06-08 Michael Wiegand * MANIFEST: Added missing entries. 2009-06-07 Jan-Oliver Wagner * libopenvas/store.c (store_dump_plugin): Removed. This function was deactivated anyway. 2009-06-05 Matthew Mundell * libopenvas/network.c (open_SSL_connection) (ovas_server_context_attach): Remove EAGAIN and EINTR checks added on 2008-11-17 (revision 1769), as GNU TLS always returns its own error codes. 2009-06-05 Matthew Mundell Improve naming of nvtis functions. * libopenvascommon/nvti.c (nvtis_new, nvtis_free, nvtis_add) (nvtis_lookup): New functions, renamed from make_nvtis, free_nvtis, add_nvti and find_nvti. (make_nvtis, free_nvtis, add_nvti, find_nvti): Remove. * libopenvascommon/nvti.h: Update headers. 2009-06-04 Jan-Oliver Wagner * libopenvas/plugutils.c (plug_set_sign_key_ids): If the key_ids are NULL, then don't add "SIGN_KEY_IDS" to the plugin description at all. 2009-06-04 Jan-Oliver Wagner * libopenvascommon/nvti.c (nvtpref_add_to_keyfile): Removed this callback function as it is not needed anymore. (nvti_to_keyfile): Create generic keys "P1" .. "Pn" instead of using the preferences names, because those can sometimes contain chracters that are invalid for keys. Also, replace fprintf by fputs to avoid interpretation of %. 2009-05-31 Jan-Oliver Wagner * libopenvascommon/nvti.h: Added data structure nvtpref_t and associated functionprotos for handling NVT preferences. (nvti_t): Extended to handle its preferences. * libopenvascommon/nvti.c (nvtpref_new, nvtpref_free, nvtpref_name, nvtpref_type, nvtpref_default): New. For handling nvtpref objects. (nvti_free, nvti_from_keyfile, nvti_to_keyfile): Handle preferences accordingly. (nvti_pref_len, nvti_pref, nvti_add_pref, nvtpref_add_to_keyfile): New. (nvti_to_keyfile): Fix bug: release text only when it is really allocated. 2009-05-29 Matthew Mundell Add certificate facilities. * libopenvascommon/certificate.h, libopenvascommon/certificate.c: New files. * libopenvas/Makefile: Add libopenvascommon/certificate. * Makefile: Install libopenvascommon/certificate.h. 2009-05-28 Matthew Mundell * libopenvascommon/nvti.c (nvti_to_keyfile): Rename gerror to error. Free error after use. Add error->message to error message. 2009-05-28 Matthew Mundell Add type nvtis for collections of NVT Infos. * libopenvascommon/nvti.c (free_nvti_for_hash_table, make_nvtis) (free_nvtis, nvtis_size, add_nvti, find_nvti): New functions. * libopenvascommon/nvti.h: Update headers. Add single include guard. * ChangeLog: Add log missed yesterday. 2009-05-28 Felix Wolfsteller * libopenvascommon/nvti.c (nvti_to_keyfile): Fixed mem leak by freeing text, added TODO as function returns 0 also in case of errors. 2009-05-27 Matthew Mundell * Makefile (install): Install libopenvascommon/nvti.h. 2009-05-27 Matthew Mundell * libopenvascommon/nvti.c: Correct function name. 2009-05-27 Matthew Mundell * libopenvascommon/nvti.h, libopenvascommon/nvti.c: Reformat to match standard. 2009-05-27 Matthew Mundell * ChangeLog: Flush trailing whitespace. 2009-05-27 Laban Mwangi Adding initial support for logging. * libopenvas/openvas_logging.c, libopenvas/openvas_logging.h: New. Shared logging functions. * libopenvas/Makefile openvas-libraries.tmpl.in Makefile: Updated. * MANIFEST: Updated. 2009-05-26 Jan-Oliver Wagner Adding a initial version for NVT Info objects. * libopenvascommon/, libopenvascommon/nvti.h, libopenvascommon/nvti.c, libopenvascommon/README.txt: New. A module for handling NVT Info objects. * libopenvas/Makefile: Added handling of module "libopenvascommon/nvti". * MANIFEST: Updated. 2009-05-19 Matthew Mundell Add authentication facilities. * libopenvas/openvas_auth.c: New file. Contains functions digest_hex and get_password_hashes from ../config-manager/src/openvascd.c. * libopenvas/openvas_auth.h: New file. * libopenvas/Makefile (openvas_auth.o): New rule. * Makefile (install): Add openvas_auth.h. (doc-full): Fix comment typo. 2009-05-18 Matthew Mundell * doc/Doxyfile (EXTRACT_ALL): Turn off, to enable warnings about missing function docs. 2009-05-13 Michael Wiegand * libopenvas/store.c: (store_plugin) Don't try to guess the path of the NVT, this resulted in wrong paths. The filename is enough for the error message built by safe_copy. (safe_copy) Display a more descriptive error message. Clarified documentation, made variable name more fitting. 2009-05-05 Jan Wagner * packaging/debian/copyright, packaging/debian/changelog: Added some copyright notices and bumped version number 2009-04-20 Jan-Oliver Wagner * libopenvas/openvas_server.c (openvas_server_sendf): Fixed forgotten name change. 2009-04-17 Michael Wiegand * packaging/debian/patches/: Removed. It contained a single patch which has already been incorporated into the trunk. 2009-04-16 Jan-Oliver Wagner * libopenvas/network.c: Removed any code path for conditional NESSUS_CNX_LOCK. This was a "Quick & dirty patch to run Nessus from behind a picky firewall (e.g. FW/1 and his 'Rule 0'): Nessus will never open more than 1 connection at a time." It appears to be deseperately outdated and never used. OpenVAS allows to configure the number of concurrent checks, so this should be the way to go in case of firewall-based problems. 2009-04-16 Jan-Oliver Wagner * libopenvas/openvas_server.h, libopenvas/openvas_server.c (openvas_server_connect_to_server): Renamed to openvas_server_open. (openvas_server_close_server_connection): Renamed to openvas_server_close. (openvas_server_send_to_server): Renamed to openvas_server_send. (openvas_server_sendf_to_server): Renamed to openvas_server_sendf. 2009-04-15 Michael Wiegand * libopenvas/openvas_server.c: Made function names more intuitive, removed superfluous newlines from log messages, added a little documentation. * libopenvas/openvas_server.h: Made function names more intuitive, removed superfluous include. 2009-04-14 Michael Wiegand Added a new library for GnuTLS based communication, based on work done by Matthew Mundell for the openvas-manager module. * libopenvas/openvas_server.c: New. Contains an initial set of function for GnuTLS based communication. * libopenvas/openvas_server.h: New. Header file for the new functionality. * libopenvas/Makefile: Updated. * Makefile: Updated. * MANIFEST: Updated. 2009-04-02 Jan-Oliver Wagner * libopenvas/plugutils.c (mark_post): Fixed a probably unintended change in r2958 by Felix. 2009-04-01 Felix Wolfsteller Corrected search path for signature files when comparing their timestamps in store module. Declared two parameter of store_load_plugin as const. * libopenvas/store.c, libopenvas/store.h (store_load_plugin): Made parameters const, corrected search path for .asc (signature) files. Was cache dir, now is same dir as plugin. 2009-04-01 Felix Wolfsteller Corrected checks when loading plugins from cache, extended documentation, removed debug printf. * libopenvas/store.c (store_load_plugin): Corrected checks and doc. 2009-04-01 Felix Wolfsteller More reformatting and documentation work in store module. * libopenvas/store.c: Reformatting, doc. 2009-04-01 Felix Wolfsteller Reformatting and documentation work in store module. * libopenvas/store.c: Reformatting, doc. 2009-03-31 Felix Wolfsteller Disabled checking for non-printable chars when posting security messages. This allows localizations and support for e.g. german or french characters in the messages text. It is unclear why this behaviour was wished (in order to prevent NTP corruption?). * libopenvas/plugutils.c (proto_post_wrapped): Disabled replacement of non-printable characters by spaces. 2009-03-31 Felix Wolfsteller * libopenvas/plugutils.c: Reformatting, whitespace-removal, K&R style replacements, doc. 2009-03-31 Felix Wolfsteller * Makefile: Phony target doc-dev is actually called doc-full. 2009-03-27 Michael Wiegand * libopenvas/Makefile, libopenvas_hg/Makefile: Adjusted libtool calls to remove warnings about deprecated libtool usage during compile. 2009-03-06 Michael Wiegand Post release version bump. * doc/Doxyfile, doc/Doxyfile_full: Set PROJECT_NUMBER to 2.0.3.SVN. * VERSION: Set to 2.0.3.SVN. 2009-03-06 Michael Wiegand Preparing the openvas-libraries 2.0.2 release. * CHANGES: Updated. * VERSION: Set to 2.0.2. 2009-03-04 Vlatko Kosturjak * libopenvas/bpf_share.c: by default, put pcap device in non blocking mode - fixing plugins hang/freeze, fixes #901 2009-02-27 Felix Wolfsteller * libopenvas/openvas_ssh_login.c, libopenvas/openvas_ssh_login.h: Updated to version used in client: Updated ssh_login struct to carry password as well, cosmetics and memleak- fix (done in openvas-client rev 2597 & 2599). 2009-02-22 Jan-Oliver Wagner * libopenvs/www_funcs.c (build_encode_URL): Fixed string length calculation. Thanks to Michael Meyer who spotted this and sent this patch! 2009-02-22 Tim Brown * packaging/debian/control: Fixed minor typo. 2009-02-22 Tim Brown * libopenvas/Makefile: Forward ported fix for broken linking. 2009-02-22 Tim Brown * packaging/debian/changelog: New upstream release. * packaging/debian/control: Updated the control file to take account of translation work as part of the Smith review project. * packaging/debian/patches/00list, packaging/debian/patches/linker-libs.dpatch, packaging/debian/rules: Fixed broken linking (linker-libs.dpatch). 2009-02-14 Felix Wolfsteller * libopenvas/openvas_ssh_login.c (openvas_ssh_login_file_write): Close file descriptor in case of error. 2009-02-10 Jan-Oliver Wagner * doc/Doxyfile_full: Makes the resulting documentation even more comprehensive. Switch off Latex output. * Makefile: make src doc latex creation conditional to presence of respective directories. 2009-02-06 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-02-06 Michael Wiegand Last minute fixes for the openvas-libraries 2.0.1 release. * MANIFEST: Updated. * Makefile: Fixed targets "clean" and "distclean" to correctly remove generated HTML documentation. 2009-02-06 Michael Wiegand Preparing the openvas-libraries 2.0.1 release. * VERSION: Set to 2.0.1. * CHANGES: Updated. * include/libopenvas.h: Added Doxygen directives to include README and COPYING files into HTML documentation. * ChangeLog: Cleanup. * libopenvas/COPYING: Moved to COPYING, a more obvious location. * doc/Doxyfile, doc/Doxyfile_full: Updated version, set EXAMPLE_PATH. * README: Added. 2009-02-06 Felix Wolfsteller Minor cosmetics, improved documentation. * libopenvas/kb.h: Documentation & formatting of kb_item struct. * libopenvas/services1.c: Added file flag for doc block, removed whitespaces. * libopenvas/resolve.c (host2ip) : Documented return code. * libopenvas/system.c (emalloc): Converted doc block. * libopenvas/network.c: Converted documentation blocks. * libopenvas/rand.c: Added file flag for doc block. * libopenvas/store.c: Removed structuring comments, function safe_copy documented. 2009-02-06 Felix Wolfsteller Copied GPL Header from host_gatherer.c over to host_gatherer.h, cosmetics and doc. * libopenvas_hg/host_gatherer.c: Documentation, K&R function decl. replaced. * libopenvas_hg/host_gatherer.h: Copied GPL header from modules implementation file, doc strings converted. 2009-02-05 Felix Wolfsteller * libopenvas/hash_table_file.c: Documentation improved, newlines. 2009-02-05 Michael Wiegand * libopenvas/ids_send.c (which_ttl): Added RATS ignore and a comment explaining the rationale. 2009-02-05 Michael Wiegand * libopenvas/system.c (erealloc): Removed misleading comment; the function is indeed defined in libopenvas/system.h and is used in a number of places in openvas-libraries. 2009-02-05 Felix Wolfsteller Cosmetics and documentation in kb module. * libopenvas/kb.c: Added empty lines in comment blocks to improve readability (thanks matt), added briefs to comment blocks, removed /* within a comment block to avoid compiler warning (thanks michael), donated return types own line. 2009-02-02 Jan-Oliver Wagner * include/config.h.in: Removed define of "DEFAULT_PORT" which is not used anywhere (it defaulted to ancient 3001). Removed define of "CLIENT_TIMEOUT". It is not used anywhere. Removed define of "SERVER_TIMEOUT". It is not used anywhere. Removed define of "LOGMORE". It is not used anywhere. Removed define of "NESSUSD_KEYFILE", "NESSUSD_USRKEYS", "NESSUSD_KEYLENGTH" and "NESSUSD_MAXPWDFAIL". These are not used anywhere. Removed define of "PLUGIN_TIMEOUT". It is not used in this module. Removed define of "LOG_WHOLE_ATTACK". It is not used in this module. 2009-02-02 Jan-Oliver Wagner Removed any code path that is conditional to "ENABLE_RHLST". It was never used, especially because it would require a file "rhlst.h" which isn't present at all. * libopenvas/hlst.h: Removed any code path that is conditional to "ENABLE_RHLST". * libopenvas/hlst.c: Removed any code path that is conditional to "ENABLE_RHLST". * include/config.h.in: Removed undef for ENABLE_RHLST. 2009-02-02 Jan-Oliver Wagner Some cleanups. Basically removing never-used code. * libopenvas/plugutils.c (is_shell_command_present): Removed. It is not used anywhere except in openvas-plugins/plugins/nmap_wrapper/nmap_wrapper.c for very ancient NASL level. * libopenvas/plugutils.h: Removed proto accordingly. * libopenvas/popen.c (nessus_popen4): Removed unused code that is deaactivcated with "#if 0". (append_argv, destroy_argv): marked as to be deleted eventually. * libopenvas/network.c (nessus_print_SSL_certificate, nessus_print_peer_SSL_certificate): Removed. It is unused code that was deactivcated with "#if 0". (nsend): Removed unused code that was deactivated with "#if 0". 2009-01-28 Jan-Oliver Wagner * libopenvas/store.c (store_plugin): When creating a cache file for a plugin, now take care a subdirectory is created in the cachefolder - in case the plugin is located in a subfolder of the plugin folder accordingly. 2009-01-27 Jan-Oliver Wagner * libopenvas/store.c (store_plugin): Fixed a bug: In case of using cache_folder, the wrong filenames for the actual plugin file where written into the cache file. 2009-01-23 Jan-Oliver Wagner * libopenvas/store.c (store_init): Also handle NULL for its parameter. 2009-01-23 Jan-Oliver Wagner * libopenvas/store.c (store_dir, store_init): Improved comments and made implementation more robust. store_init will not anymore try to create the directory. 2009-01-20 Felix Wolfsteller Changed API (new parameter in openvas_ssh_login_file_read). Fixes build of latest openvas-server. * libopenvas/openvas_ssh_login.c, libopenvas/openvas_ssh_login.h: Changed file headers to indicate that they are part of openvas-libraries. * libopenvas/openvas_ssh_login.c (openvas_ssh_login_file_read): Added parameter check_keyfiles to allow exclusion/inclusion of logins that are lacking pub/private key files, included parameter in documentation. * libopenvas/openvas_ssh_login.h: Adjusted proto for openvas_ssh_login_file_read. 2009-01-21 Jan-Oliver Wagner * libopenvas/store.h: Applied gcc deprecation marker for deprecated functions. 2009-01-20 Michael Wiegand * libopenvas/Makefile: Fixed typo in LO_OBJS which caused the build to fail on amd64. 2009-01-20 Felix Wolfsteller Added make targets for openvas_ssh_login module. * libopenvas/Makefile: Included openvas_ssh_login module. 2009-01-20 Felix Wolfsteller Inclusion of openvas_ssh_login module (copy from client). * libopenvas/openvas_ssh_login.c, libopenvas/openvas_ssh_login.h: Added. * MANIFEST, Makefile, libopenvas/Makefile: Updated. 2009-01-20 Felix Wolfsteller Inclusion of hash_table_file module (copy from client). * libopenvas/hash_table_file.c, libopenvas/hash_table.h: Added. * MANIFEST, Makefile, libopenvas/Makefile: Updated. 2009-01-13 Felix Wolfsteller * ChangeLog: Clarified last ChangeLog entry (choice of GPL header). * libopenvas_hg/hg_utils.c: Replaced K&R function declarations, documentation. 2009-01-12 Felix Wolfsteller Added GPL header from host_gatherer.c to other constituent files of the host_gatherer library (referenced as "HostLoop2 library" in hg_add_host.c). * libopenvas_hg/hg_debug.c, libopenvas_hg/hg_filter.h, libopenvas_hg/test.c, libopenvas_hg/hg_utils.h, libopenvas_hg/hg_subnet.h, libopenvas_hg/hg_dns_axfr.h, libopenvas/hg_add_hosts.h : Added GPL header. 2009-01-12 Felix Wolfsteller * libopenvas_hg/hg_filter.c: Replaced K&R function headers, transformed comments to javadoc style, removed some whitespaces. 2009-01-12 Felix Wolfsteller * libopenvas_hg/hg_add_hosts.c (hg_add_comma_delimited_hosts): Reformatted. 2009-01-08 Jan-Oliver Wagner * libopenvas/store.c (store_load_plugin): Fixed memory leaks. 2009-01-04 Jan-Oliver Wagner Name change for cached ("description") files for NVTs. They used to have the suffix ".desc" instead of ".nasl" but they now have the very same name as the corresponding NVT plus additional suffix ".desc", e.g. "x.nasl" will be "x.nasl.desc". This also prevents that e.g. "x.nasl" and "x.nes" (or "x.oval") will overwrite each others' cache. It is recommendable to clean the .desc directory to avoid unnecessary old cache files. * libopenvas/store.c (store_plugin): Added doc string and now uses g_build_filename to assemble filenames instead of doing this on our own. Append ".desc" rather than replace a present suffix. (store_load_plugin): Updated doc string and now uses g_build_filename to assemble filenames instead of doing this on our own. Append ".desc" rather than replace a present suffix. Set the full path as cachefile. (store_get_plugin_f): Aggregated params "dir" and "file" into "desc_file". Thus removed code to assemble name on our own. (store_get_plugin): Adapted call of store_get_plugin_f accordingly, assuming the given desc_file is the full path to the cache file. 2009-01-03 Jan-Oliver Wagner * libopenvas/store.c (store_plugin): change return value to void, because the function never returns something else than NULL. Also any use of the method does not consider a return value at all. Thus cleaning up this method. * libopenvas/store.h: Updated proto of store_plugin accordingly. 2009-01-02 Jan-Oliver Wagner Removing the handling of separate user-specific cache dir. This code are remains of the unsecure feature of plugin upload. Apart from this, the OpenVAS Server should eventually not be responsible anymore for user-specific data storage. * libopenvas/store.c (usr_store_dir, sys_store_dir, current_mode): Removed these static variables as they are not needed anymore. (store_dir): New. Static variable to hold the cache dir. (MODE_SYS, MODE_USR): Removed these macros as they are not needed any more. (store_init, store_init_sys): Use store_dir instead of sys_store_dir. (store_init_user): Removed functionality and marked as deprecated. Now it simply calls store_init_sys(). (store_get_plugin): Reduced functionality to direct call of store_get_plugin_f(), because distinction between user and sys not necessary anymore. (store_plugin): Removed distinction between sys and user. 2009-01-02 Jan-Oliver Wagner Further patches by Stjepan Gros in preparation of Change Request #24 (subdirs for NVTs, http://www.openvas.org/openvas-cr-24.html). * libopenvas/store.c (store_init_sys): Marked as deprecated. (store_init): New. Simply sets the "sys_store_dir" without appending ".desc". (store_get_plugin): Renamed param "name" to "desc_file". * libopenvas/store.h: Added proto for store_init. 2009-01-02 Michael Wiegand Added missing includes to enable compilation on Darwin and NetBSD, based on suggestions by Adrian Portelli. This solves parts of bug #860 (http://bugs.openvas.org/860) and bug #862 (http://bugs.openvas.org/862). * libopenvas/pcap.c: Added missing include for netinet/in.h. * libopenvas/plugutils.c: Changed to use sys/wait.h instead of wait.h. * libopenvas/bpf_share.h: Added missing include for sys/types.h. * libopenvas/popen.c: Added missing include for sys/resource.h. 2009-01-02 Felix Wolfsteller * libopenvas/kb.c: Documentation. 2009-01-02 Michael Wiegand * configure: Regenerated to completely remove --enable-debug-store. 2009-01-01 Jan-Oliver Wagner More patches by Stjepan Gros in preparation of Change Request #24 (subdirs for NVTs, http://www.openvas.org/openvas-cr-24.html). * libopenvas/store.c: Replaced any call of plug_get_fname by plug_get_cachefile. (store_load_plugin): Replaced call of plug_set_fname by plug_set_cachefile. * libopenvas/plugutils.c (plug_get_fname, plug_set_fname): Removed. 2008-12-31 Felix Wolfsteller As Result of CR #20, added two doxygen configuration files and targets to generated source documentation. * doc/Doxyfile: Added. Basic configuration file. * doc/Doxyfile_full: Added. Enables graph generation. * Makefile: Targets 'doc' and 'doc_full' added, 'clean' altered, such that it will remove generated documentation found in doc/generated. 2008-12-31 Jan-Oliver Wagner * configure.in, include/config.h.in: Removed any remains of DEBUG_STORE as it is not used anywhere in the code. This also removed the configure option "--enable-debug-store". 2008-12-30 Jan-Oliver Wagner * libopenvas/store.c: Removed OLD_CVE_SZ, OLD_BID_SZ and OLD_XREF_SZ and their use because this is only meant to support rather old version of Nessus. The removed code was conditionally for DEBUG_STORE anyway. 2008-12-30 Jan-Oliver Wagner Removing unused code. * libopenvas/store.c (store_fetch_dependencies, store_fetch_timeout, store_fetch_name): Removed. This function is never called since a long time. * libopenvas/store_internal.h: Removed proto for store_fetch_dependencies, store_fetch_name and store_fetch_timeout. * libopenvas/plugutils.c (plug_get_deps, plug_get_timeout, plug_get_name): Removed code that is never executed. TODO: Added note on the broken concept of plugutils/store calling each other. 2008-12-30 Felix Wolfsteller * libopenvas/kb.h: Comments. * libopenvas/kb.c: Transformed comments to javadoc, slight doc improvements. 2008-12-30 Jan-Oliver Wagner Reduced the middle layer of the plugin functions that do not use the cache. * libopenvas/store.c (store_plugin): Replace call of _plug_get_id() by plug_get_id() and dito for several other functions (see below). * libopenvas/plugutils_internal.h: Removed unneeded protos. * libopenvas/plugutils.c (plug_get_id): Moved contents of _plug_get_id here. (_plug_get_id): Removed. (plug_get_oid): Moved contents of _plug_get_oid here. (_plug_get_oid): Removed. (plug_get_required_keys): Moved contents of _plug_get_required_keys here. (_plug_get_required_keys): Removed. (plug_get_excluded_keys): Moved contents of _plug_get_excluded_keys here. (_plug_get_excluded_keys): Removed. (plug_get_required_ports): Moved contents of _plug_get_required_ports here. (_plug_get_required_ports): Removed. (plug_get_required_udp_ports): Moved contents of _plug_get_required_udp_ports here. (_plug_get_required_udp_ports): Removed. (plug_get_deps): Moved contents of _plug_get_deps here. (_plug_get_deps): Removed. (plug_get_timeout): Moved contents of _plug_get_timeout here. (_plug_get_timeout): Removed. (plug_get_name): Moved contents of _plug_get_name here. (_plug_get_name): Removed. (plug_get_fname): Moved contents of _plug_get_fname here. (_plug_get_fname): Removed. (plug_get_category): Moved contents of _plug_get_category here. (_plug_get_category): Removed. * libopenvas/kb.h: Added a note on NEW_KB_MGMT. 2008-12-29 Jan-Oliver Wagner Some patches by Stjepan Gros in preparation of Change Request #24 (subdirs for NVTs, http://www.openvas.org/openvas-cr-24.html). * libopenvas/plugutils.c (plug_set_cachefile): New. Sets the "CACHEFILE". (plug_get_cachefile): News. Retrieves the "CACHEFILE". * libopenvas/plugutils.h: Added protos for plug_set_cachefile and plug_get_cachefile. 2008-12-20 Tim Brown * libopenvas_hg/Makefile, libopenvas/Makefile, openvas-libraries.tmpl.in: Honour LDFLAGS. 2008-12-19 Michael Wiegand * configure: Regenerated to include fix for Mac OS X. 2008-12-19 Tim Brown * configure.in: Improved #761, should now work on Mac OS X where __dn_expand does not exist. 2008-12-17 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.1.SVN. 2008-12-17 Michael Wiegand Preparing the openvas-libraries 2.0.0 release. * CHANGES: Updated. * VERSION: Set to 2.0.0. 2008-12-16 Michael Wiegand * libopenvas/plugutils_internal.h: Added declaration of _plug_get_tag. 2008-12-16 Michael Wiegand Updated build environment to use an up-to-date libtool version. * config.guess, config.sub, ltmain.sh: Regenerated. 2008-12-10 Michael Wiegand * libopenvas/proctitle.c (setproctitle): Reverted one instance of strncpy usage back to strcpy since it causes issue on server startup under certain circumstances. 2008-12-05 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.0.rc2.SVN. 2008-12-05 Michael Wiegand Preparing the openvas-libraries 2.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 2.0.0.rc1. 2008-12-05 Felix Wolfsteller * libopenvas/plugutils.c : Changed comment style, added param documentation for plug_set_sign_key_ids. 2008-12-05 Michael Wiegand Checking for potential code quality issues ahead of the 2.0-rc1 release, setting ignore flags for false positives and using more secure functions for certain string manipulations. * libopenvas_hg/test.c (main): Don't warn against getopt usage, it is not critical here since this application is only intended for demonstration purposes. * libopenvas/pcap.c (get_random_bytes): Ignore warning, this random seed is random enough for our purposes. * libopenvas/plugutils.c: (plug_set_cve_id, plug_set_bugtraq_id, plug_set_xref, plug_set_tag, proto_post_wrapped) Ignore warnings regarding strcat since the memory is allocated correctly before calling strcat. (host_add_port_proto, kb_get_port_state_proto, mark_successful_plugin, mark_post, add_plugin_preference, proto_post_wrapped, scanner_add_port, plug_set_port_transport, plug_get_port_transport, plug_set_ssl_item, find_in_path) Ignore warnings regarding snprintf since libc4 (where snprintf is a security issue) is most certainly not present on system able to compile and run openvas-libraries. (plug_get_key, plug_get_host_open_port) Ignore warnings about lrand48 being not random enough; it is random enough for the usage here. (find_in_path) Removed obsolete code, change sprintf usage to snprintf. * libopenvas/network.c: (get_encaps_name, get_encaps_through, open_sock_tcp, auth_printf) Ignore (v)snprintf warnings; see above. (_socket_get_next_source_addr) Ignore warning about lrand48; see above. * libopenvas/network.h: Ignore false positive in function declaration. * libopenvas/proctitle.c: (initsetproctitle) Changed ignore flag to RATS so both flawfinder and RATS honor it. (setproctitle) Ignore snprintf warnings (see above), change strcpy usage to strncpy. * libopenvas/www_funcs.c: (build_encode_URL) Change strcpy usage to strncpy, change sprintf usage to snprintf, ignore snprintf warnings (see above), ignore lrand48 warnings (see above). * libopenvas/rand.c (nessus_init_random, lrand48, srand48): Ignore warnings about insufficient randomness. * libopenvas/ftp_funcs.c (ftp_log_in): Changed remaining sprintf usage to snprintf, ignore snprintf warnings (see above). * libopenvas/store.c: (arglist2str, store_load_plugin, store_plugin, store_get_plugin_f) Change strcat usage to strncat; ignore RATS warnings regarding strncat since sufficient memory is allocate before strncat usage. (safe_copy, store_plugin) Change ignore flag to RATS. (store_init_sys, store_init_user, store_get_plugin_f, store_load_plugin, store_plugin) Ignore snprintf warnings (see above). 2008-12-03 Michael Wiegand Implementing CR #22 (New script_tag Command, http://www.openvas.org/openvas-cr-22.html). * libopenvas/plugutils.c: Added plug_set_tag, plug_get_tag and _plug_get_tag functions. * libopenvas/store_internal.h: Added tag field to struct, incremented magic number, updated function declarations. * libopenvas/plugutils.h: Updated function declarations. * libopenvas/store.c: Added store_fetch_tag function. (store_plugin) Added support for script_tag. 2008-11-18 Tim Brown * packaging/debian/changelog: Updated. 2008-11-18 Michael Wiegand * libopenvas/share_fd.c: Re-added missing include that resulted in recv_fd failing due to missing defines. 2008-11-18 Michael Wiegand Fixing version requirements for glib as pointed out by atomicturtle. * configure.in: Updated glib requirements to >= 2.6.0 * configure: Regenerated. 2008-11-17 Matthew Mundell * libopenvas/network.c (ovas_get_tlssession_from_connection): Return address instead of value, to match return type. (open_SSL_connection): Check errno for EINTR and EAGAIN after gnutls_handshake. (ovas_server_context_attach): Retry gnutls_handshake if necessary. 2008-11-14 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.0.beta3.SVN. 2008-11-14 Michael Wiegand Preparing the 2.0-beta2 release. * VERSION: Set to 2.0.0.beta2. * MANIFEST: Updated. * CHANGES: Updated. 2008-11-14 Michael Wiegand * openvas-libraries.tmpl.in: Added datarootdir to remove configure warning and to be compatible with autoconf 2.60 (see http://www.gnu.org/software/libtool/manual/autoconf/Changed-Directory-Variables.html). 2008-11-14 Michael Wiegand Applying patch provided by Stjepan Gros. * libopenvas/arglists.c (arg_dump): Minor reformattings, added cast to avoid fprintf format string warning. 2008-11-13 Felix Wolfsteller Narrowed down space for fingerprints in servers cache. Attention: Server cache has to be rebuilt! (remove .desc in plugin directory) * libopenvas/store_internal.h : Decreased fingerprint array size. * ChangeLog : Email typo fixed. 2008-11-12 Michael Wiegand Applying patch provided by Stjepan Gros to improve 64-bit cleanliness. * configure.in: Added check for the glib2 library. * configure: Regenerated. * aclocal.m4: Regenerated. * libopenvas/harglists.c, libopenvas/arglists.c, libopenvas/plugutils.c, libopenvas/network.c, libopenvas/Makefile, libopenvas/store.c, libopenvas/scanners_utils.c, libopenvas/kb.c, openvas-libraries.tmpl.in: Introduced glib library. * libopenvas/harglists.c, libopenvas/harglists.h, libopenvas/arglists.c, libopenvas/plugutils.c, libopenvas/network.c, libopenvas/scanners_utils.c, libopenvas/kb.c, libopenvas/store.c: 32/64-bit cleanup. * libopenvas/plugutils.c: Minor reformatings. 2008-11-12 Michael Wiegand * configure.in: Added AC_PREREQ directive to tell autoconf to generate a 2.50-style configure script. 2008-11-11 Jan-Oliver Wagner * libopenvas/network.c (ovas_get_connection_data): Renamed to ovas_get_tlssession_from_connection and made it return the tls session directly instead of connection data. This way it is avoided to expose the internal data structure "nessus_connection". It remains internal now. * libopenvas/network.h: Updated proto accordingly and added include for now-necessary gnutls.h. 2008-11-11 Michael Wiegand * libopenvas/store.c (store_load_plugin): Fixed usage of legacy ID scheme that resulted in an incorrect OID being transmitted to the client when processing NVTs without any legacy ID. 2008-11-10 Michael Wiegand Removed local copies of getopt; the functionality provided by getopt has been replaced with glib as explained in Change Request #9 (http://www.openvas.org/openvas-cr-9.html). * include/config.h.in: Removed obsolete defines for getopt. * configure.in: Removed obsolete checks for getopt. * configure: Regenerated. * libopenvas/getopt.c, libopenvas/getopt.h, libopenvas/getopt1.c: Removed obsolete local copies of getopt. * libopenvas/Makefile: Removed handling of getopt files. * TODO: Removed section regarding getopt copies. * MANIFEST: Updated. * Makefile: Removed handling of getopt files. 2008-11-07 Michael Wiegand * libopenvas/network.c, libopenvas/network.h: Added ovas_get_connection_data function provided by Matthew Mundell as support for the upcoming OpenVAS Management functionality. 2008-11-06 Michael Wiegand * INSTALL_README: Updated note regarding gnutls version requirements as pointed out by Toan Nguyen. 2008-11-05 Felix Wolfsteller Work on Change Request #17 (http://www.openvas.org/openvas-cr-17.html - "OTP: Make NVT signatures available to OpenVAS-Client"). Replaced sending of dummy certificate key oids by "real" fingerprints. * libopenvas/store.c (store_load_plugin): Fixed tests about signature file, replaced obsolete ID check by OID check, removed dummy string. 2008-10-31 Felix Wolfsteller Steps to an implementation of Change Request #17 (http://www.openvas.org/openvas-cr-17.html - "Make NVT signatures available to OpenVAS-Client"). Adds the new field "sign_key_ids" to plugin-structures and the .desc store. Until soon, just a dummy- string will be saved and eventually transmitted by the server. IMPORTANT: Breaks compatibility and renders old server .desc- cache files useless. * libopenvas/plugutils.c (plug_set_sign_key_ids, plug_get_sign_key_ids): Added getter & setter to retrieve key-ids of certificates of a plugin. * libopenvas/plugutils.h: Prototypes for plug_set_sign_key_ids and plug_get_sign_key_ids added. * libopenvas/store_internal.h: Added sign_key_ids field to plugin struct and increased magic number for server-side cache (.desc files) * libopenvas/store.c (store_init_sys, store_init_user): Added comments. * libopenvas/store.c (store_load_plugin): Check if signature file is new than cache (functionality will be moved), set sign_key_ids according to cache, added comments. * libopenvas/store.c (store_plugin): Stores the (dummy) key_id- string. 2008-10-12 Tim Brown * packaging/debian/changelog: Updated. * packaging/debian/copyright: Updated. * packaging/debian/rules: Cleaned up. * packaging/debian/libopenvas2-dev.dirs, packaging/debian/libopenvas2-dev.install, packaging/debian/libopenvas2.dirs, packaging/debian/libopenvas2.install: Added. 2008-10-09 Michael Wiegand * libopenvas/pcap.c: Added missing include for config.h; this fixes a bug caused by a missing #define that led to a segfault on 64bit machines and was discovered by Michael Meyer. 2008-09-23 Jan-Oliver Wagner * libopenvas/ntp.h: Removed elements "scan_ids", "dns" and "pubkey_auth" from struct ntp_caps. * libopenvas/scanners_utils.c (comm_send_status): Removed unneeded variable declaration. 2008-09-23 Jan-Oliver Wagner * libopenvas/ntp.h: Removed elements "md5_caching", "ntp_11", "plugins_oid", and "plugins_version" from struct ntp_caps. 2008-09-23 Jan-Oliver Wagner * libopenvas/scanners_utils.c(comm_send_status): Removed conditional for ntp_11, because this is standard for otp. * libopenvas/plugutils.c (scanner_add_port): Removed conditional for ntp_11, because this is standard for otp. 2008-09-23 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.0.beta2.SVN. 2008-09-23 Michael Wiegand Last minute fix to MANIFEST for 2.0-beta1. * MANIFEST: Updated. 2008-09-23 Michael Wiegand Doing the 2.0-beta1 release. * VERSION: Set to 2.0.0.beta1. * CHANGES: Updated. 2008-09-23 Michael Wiegand Fixed uses of sprintf in libopenvas/plugutils.c that could lead to buffer overflows under certain circumstances. Told RATS and flawfinder to ignore the use of snprintf; we will assume that glibc provides us with an up-to-date snprintf. Changed "flawfinder" ignore statements to "RATS" since the "RATS" keyword is supported by both RATS and flawfinder. * libopenvas/plugutils.c (plug_set_id, _add_plugin_preference, plug_set_replace_key): Replaced sprintf usage with snprintf. 2008-09-22 Jan-Oliver Wagner * libopenvas/plugutils.c (proto_post_wrapped): escape_crlf is now standard with OTP 1.0. Removed unused variables caps and t. * libopenvas/ntp.h: Removed elements "plugins_xrefs", "plugins_bugtraq_id", "md5_by_name", "fast_login", "dependencies", "plugins_cve_id", "ciphered", "escape_crlf" and "timestamps" from struct ntp_caps. Removed defines for NTP_10, NTP_11 and NTP_12. 2008-09-19 Michael Wiegand Added support for new LOG and DEBUG messages. * libopenvas/plugutils.c (proto_post_log, post_log, post_log_udp, proto_post_debug, post_debug, post_debug_udp): Added functions to support new LOG and DEBUG messages. * libopenvas/plugutils.h: Added function declarations for new functions. 2008-09-16 Michael Wiegand * libopenvas/plugutils.c (plug_get_oid): Do not use cached OIDs, use _plug_get_oid instead of store_fetch_oid; otherwise plug_get_oid will return wrong OIDs under certain circumstances, which breaks qsort among others. 2008-09-09 Michael Wiegand * libopenvas/plugutils.c (mark_successful_plugin, mark_post): Use OIDs instead of IDs for logging messages and plugin success in KB. 2008-09-09 Michael Wiegand * libopenvas/plugutils.c (proto_post_wrapped): Use OIDs instead of IDs, removed obsolete code. 2008-09-02 Michael Wiegand * libopenvas/network.c (ovas_server_context_attach): Display gnutls error messages only when DEBUG_SSL is defined. 2008-08-31 Jan-Oliver Wagner * libopenvas/network.h: Added an explicit include. 2008-08-21 Vlatko Kosturjak * libopenvas/plugutils.c (plug_set_id): Display "Legacy detected plugin" only if DEBUG is defined 2008-07-31 Tim Brown * libopenvas/plugutils.c: Fixed duplicate declaration of oldid. * libopenvas/ntp.h: Added definition for ONTP/1.3. 2008-07-30 Jan-Oliver Wagner * libopenvas/pcap.c (getinterfaces): Added a FIXME reminder about bad programming style with potential of runtime failires as reported by Hanno Böck in order to not forget about this problem. 2008-07-18 Tim Brown * libopenvas/plugutils.c, libopenvas/plugutils.h: Added additional checks to plug_set_id and plug_set_oid functions, so that setting an OID can not override an a legacy ID. Moreover, setting a legacy ID implictly sets a legacy OID. 2008-07-08 Tim Brown * ChangeLog, openvas-libraries/libopenvas/store_internal.h, packaging/debian/changelog: Fix typos. 2008-07-07 Jan Wagner * packaging/debian/changelog: Set openvas-distro-deb@wald.intevation.org as Debian Maintainer. * packaging/debian/changelog, packaging/debian/copyright, packaging/debian/rules: Remove trailing witespaces at EOL and EOF. * packaging/debian/changelog, packaging/debian/control: Move Section to right place for openvas-libraries in control. * packaging/debian/changelog, packaging/debian/control: Also depend on libgnutls-dev, libpcap-dev for -dev. * packaging/debian/changelog, packaging/debian/libopenvas1.dirs, packaging/debian/libopenvas1-dev.dirs: Remove debian/*.dirs since unneeded. 2008-07-04 Jan Wagner * packaging/debian/changelog, packaging/debian/control: New debian package version with some minor changes. Set openvas-distro-debian@wald.intevation.org as Debian Maintainer. 2008-07-04 Michael Wiegand * libopenvas_hg/hg_dns_axfr.c (hg_dns_axfr_add_host) (hg_dns_read_ns_from_answer, hg_dns_axfr_query): Replaced ns_get16 with local copies taken from glibc as ns_get16 proved to be not very portable either and led to problems in the build process for RPMs. 2008-06-30 Michael Wiegand Post-release version bump. * VERSION: Set to 1.0.3.SVN. 2008-06-30 Michael Wiegand Doing the 1.0.2 release. * VERSION: Set to 1.0.2. * CHANGES: Updated. 2008-06-27 Jan-Oliver Wagner * libopenvas-config.in: Fix variable replacement problems. Original problem report and initial patch supplied by Ales Nosek. 2008-06-25 Jan-Oliver Wagner Simplify handling of libopenvas-config: The two-step method is not necessary. * libopenvas-config.pre.in: Removed. Renamed to libopenvas-config.in. * libopenvas-config.in: New. Former libopenvas-config.pre.in. * configure.in: Process libopenvas-config.in instead of libopenvas-config.pre.in. * Makefile: Removed any processing of libopenvas-config. * configure: Updated. * MANIFEST: Updated. 2008-06-25 Jan-Oliver Wagner Removing handling of "CIPHER" information because the client-server communication is always encrypted. * configure.in: Removed handling of "cipher_cflags" and "use_cipher". This means the option --enable-cipher is not available anymore. * libopenvas-config.pre.in: Removed handling of CIPHER and CIPHER_CFLAGS. * openvas-libraries.tmpl.in: Removed handling of USE_CIPHER and CIPHER_CFLAGS. * INSTALL_README: only slightly improved. Now does not mention anymore --enable-cipher option. * configure: Updated. 2008-06-20 Tim Brown * libopenvas/hlst.c (sort_hlst): Avoid sorting an hlst if it has no entries since that will lead to an emalloc issue under certain conditions. 2008-06-12 Michael Wiegand * libopenvas/store_internal.h: Increased MAGIC number to reflect changes as suggested by Bernhard Herzog. Deleting /lib/openvas/plugins/.desc/* is no longer neccessary. 2008-06-12 Michael Wiegand Increased the space available to plugins for preferences storage. This resolves an issue with plugins with a large number of radio button options, as they need to store the text for all options in the name field. IMPORTANT: You need to delete the server plugin cache in /lib/openvas/plugins/.desc/* to force the server to create a new cache after compiling with this change. Otherwise the server will send wrong plugin information to the client, resulting in missing options in the preferences. * libopenvas/store_internal.h: Increased size of name field in pprefs struct to allow for plugins with many preferences. 2008-05-06 Jan-Oliver Wagner * libopenvas/store_internal.h: Increased MAGIC number, lowered size of oid vom 1024 bytes to 100. 2008-05-06 Jan-Oliver Wagner * libopenvas/ntp.h: New. Contains the definition for ntp_caps (taken from comm.h) and the makros for NTP protocol IDs (taken from ntp.h of package openvas-server) * libopenvas/comm.h: Removed definition of ntp_caps and cleaned up. * Makefile: Install ntp.h as well. * MANIFEST: Updated. 2008-05-06 Jan-Oliver Wagner * include/nessus-devel.h: Removed. It wasn't included anywhere in OpenVAS. * MANIFEST: Updated. 2008-05-02 Javier Fernández-Sanguino Peña * libopenvas/Makefile, libopenvas_hg/Makefile, openvas-libraries.tmpl.in: Fix the build process to get the libraries to include their linked libraries. * packaging/debian/control, packaging/debian/changelog: New package version, fixing build-dep 2008-05-02 Jan-Oliver Wagner * libopenvas/Makefile: Fixed all dependencies on header files. Removed non-existing module "ptycall". * libopenvas/kb.c: Fixed include method. * libopenvas/store_internal.h: Added missing proto for store_fetch_oid() 2008-04-30 Tim Brown * libopenvas/comm.h, libopenvas/plugutils.c, libopenvas/store_internal.h, libopenvas/plugutils.h, libopenvas/plugutils_internal.h, libopenvas/store.c: Preliminary support for script_oid function. * packaging/debian/control, packaging/debian/copyright: Minor updates to control and copyright file to fix issues highlighted by jfs in regard to the priority and copyright of the packaging respectively. * packaging/debian/control: Minor update to control to fix differing dependency between openvas-libraries and openvas-libnasl as highlighted by jfs. 2008-04-18 Jan-Oliver Wagner * packaging/fedora: New. Directory for Fedora RPM files. * fedora/openvas-libraries-1.0.1-1.fc8.openvas.spec, fedora/openvas-libraries-1.0.1-hg-Makefile.diff fedora/openvas-libraries-1.0.1-Makefile.diff: New. * MANIFEST. 2008-04-16 Jan-Oliver Wagner * packaging/opensuse: New. Directory for OpenSUSE RPM files. * packaging/opensuse/openvas-libraries-1.0.1-1.suse102.openvas.spec, packaging/opensuse/openvas-libraries-1.0.1-Makefile.diff, packaging/opensuse/openvas-libraries-1.0.1-hg-Makefile.diff: New. 2008-04-16 Jan-Oliver Wagner * libopenvas/network.c (open_socket): Fixed makro name for SSL debugging and thus reactived code execute for debug-ssl mode. 2008-04-16 Jan-Oliver Wagner * Makefile, libopenvas_hg/Makefile: Add missing DESTDIR for install targets. 2008-04-16 Jan-Oliver Wagner * INSTALL_README: Remove note about bison as it is not needed anymore. 2008-04-16 Tim Brown * packaging/debian/*: Minor fixes, now lintian clean. 2008-04-02 Tim Brown * packaging/debian/changelog: Updated for new upstream release 2008-04-01 Jan-Oliver Wagner * VERSION: post-release version bump to 1.0.2.SVN 2008-04-01 Jan-Oliver Wagner Doing the release 1.0.1. * VERSION: Set to 1.0.1. * CHANGES: Updated. 2008-03-27 Jan-Oliver Wagner * TODO: Added item about Makefile improvements. * MANIFEST: Fixed. 2008-03-27 Jan-Oliver Wagner * include/libopenvas.h: Removed various declarations that do not appear anywhere else in OpenVAS. 2008-03-27 Jan-Oliver Wagner * include/libopenvas.h: Moved some declarations for module plugutils to libopenvas/plugutils.h. * libopenvas/plugutils.h: Added some declarations from include/libopenvas.h. 2008-03-27 Jan-Oliver Wagner * libopenvas/services.c, libopenvas/network.c: Removed "ExtFunc" declarations. 2008-03-27 Jan-Oliver Wagner * include/libopenvas.h: Removed Windows-Specific ifdef's. * include/includes.h: Removed "ExtFunc". * TODO: Changed entry about include/includes.h 2008-03-26 Jan-Oliver Wagner * libopenvas/getopt1.c: Add inclusion of config.h to have openvas-libnasl compile again. 2008-03-26 Jan-Oliver Wagner * libopenvas/popen.h: Fixed proto. 2008-03-26 Jan-Oliver Wagner * libopenvas/kb.h, libopenvas/store.h, libopenvas/services1.h, libopenvas/system.h, libopenvas/plugutils.h, libopenvas/arglists.h, libopenvas/network.h, libopenvas/bpf_share.h, libopenvas/share_fd.h, libopenvas/pcap_openvas.h, libopenvas/popen.h, libopenvas/www_funcs.h: Changed Author and Copyright to the contents of include/libopenvas.h which is the origin of most of the contents of the new header files. 2008-03-26 Tim Brown * configure.in: Fix up resolv checks as dn_expand is only a weak alias to __dn_expand. resolv.h #define's it but autoconf never #includes that when making the check. * configure: Updated. 2008-03-26 Jan-Oliver Wagner * include/libopenvas.h: Fix up some includes. * Makefile: Don't install includes.h, no one external should be in need of this. 2008-03-26 Jan-Oliver Wagner * libopenvas/getopt.c: Replaced inclusion of includes.h by config.h which appears sufficient. 2008-03-26 Jan-Oliver Wagner * include/getopt.h: Moved to libopenvas/ * libopenvas/getopt.h: New. Previous include/getopt.h. * libopenvas/getopt1.c: Removed includes.h and adapted according to move of getopt.h * MANIFEST: Updated. * Makefile: Reflected location change of getopt.h. 2008-03-26 Jan-Oliver Wagner * libopenvas/ids_send.c: Removed inclusion of includes.h and added FIX() definition from there. 2008-03-26 Jan-Oliver Wagner * libopenvas/hlst.c: replace inlusion of "includes.h" by respective single includes. 2008-03-24 Jan-Oliver Wagner Made openvas-libraries compile after a "make clean". * include/libopenvas.h: Moved various defines to libopenvas/ids_send.h. * libopenvas/ids_send.h: Added some defines moved from libopenvas.h. * libopenvas/plugutils.c: Added missing include. * libopenvas/network.c: replace inlusion of "includes.h" by respective single includes. * libopenvas/ids_send.c: replace inlusion of "includes.h" by respective single includes except that includes.h remains were it is for a missing define ("FIX()"). Removed ExtFunc. * libopenvas/ftp_funcs.h: Added missing include. * TODO: Removed resolved entry. 2008-03-24 Jan-Oliver Wagner Cleanup for module store. * libopenvas/store.c: replace inlusion of "includes.h" by respective single includes. Replaced PATH_MAX by MAXPATHLEN. * libopenvas/store.h: New. Contains declarations for module "store" (extracted from libopenvas.h) * include/libopenvas.h: Removed declarations for store and replaced by include of store.h. * Makefile: Install libopenvas/store.h. * MANIFEST: Updated. 2008-03-24 Jan-Oliver Wagner * libopenvas/store.h: Renamed to store_internal.h. * libopenvas/store_internal.h: New. Former store.h. * libopenvas/plugutils.c: Reflect renaming of store.h to store_internal.h. * libopenvas/store.c: Reflect renaming of store.h to store_internal.h and added missing includes. * MANIFEST: Updated. 2008-03-24 Jan-Oliver Wagner Cleanup for module share_fd. * libopenvas/share_fd.c: removed inlusion of "includes.h". * libopenvas/share_fd.h: New. Contains declarations for module "share_fd" (extracted from libopenvas.h) * include/libopenvas.h: Removed declarations for share_fd and replaced by include of share_fd. * Makefile: Install libopenvas/share_fd.h. * MANIFEST: Updated. 2008-03-23 Jan-Oliver Wagner Cleanup for modules services and services1. * libopenvas/services.c: replace inlusion of "includes.h" by respective single includes. * libopenvas/services1.c: replace inlusion of "includes.h" by respective single includes. * libopenvas/services1.h: New. Contains declarations for module "services1" (extracted from libopenvas.h) * libopenvas/services.h: Moved declarations of services1 to services1.h. * include/libopenvas.h: Removed declarations for services1 and replaced by include of services1. * include/popen.h: Added missing include for stdio.h. * Makefile: Install libopenvas/services1.h. * MANIFEST: Updated. 2008-03-23 Jan-Oliver Wagner Cleanup for module scanners_utils. * libopenvas/scanners_utils.c: replace inlusion of "includes.h" by respective single includes. Removed ExtFunc. * include/libopenvas.h: Removed declarations for scanners_utils and replaced by include of scanners_utils. * include/comm.h: Added missing include for arglists.h. * Makefile: Install libopenvas/scanners_utils.h. 2008-03-23 Jan-Oliver Wagner Cleanup for module rand. * libopenvas/rand.c: replace inlusion of "includes.h" by respective single includes. * include/libopenvas.h: Removed declarations for rand and replaced by include of proctitle. * Makefile: Install libopenvas/rand.h. 2008-03-23 Jan-Oliver Wagner Cleanup for module proctitle. * libopenvas/proctitle.c: replace inlusion of "includes.h" by respective single includes. * include/libopenvas.h: Removed declarations for proctitle and replaced by include of proctitle. The declarations were not identical but similar enough. * Makefile: Install libopenvas/proctitle.h. 2008-03-23 Jan-Oliver Wagner * libopenvas/scanners_utils.c (qsort_compar): Made static. 2008-03-22 Jan-Oliver Wagner Cleanup for module popen. * libopenvas/popen.h: New. Contains declarations for module "popen" (extracted from libopenvas.h) * libopenvas/popen.c: replace inlusion of "includes.h" by respective single includes. * include/libopenvas.h: Moved any popen declarations to popen.h. * libopenvas/scanner_utils.h: Added missing include. * Makefile: Install libopenvas/popen.h. * MANIFEST: Updated. 2008-03-22 Jan-Oliver Wagner Cleanup for module www_funcs. * libopenvas/www_funcs.h: New. Contains declarations for module "www_funcs" (extracted from libopenvas.h) * libopenvas/www_funcs.c: replace inlusion of "includes.h" by respective single includes. * include/libopenvas.h: Moved any www_funcs declarations to www_funcs.h. * libopenvas/plugutils.h: Added missing include. * Makefile: Install libopenvas/plugutils.h. * MANIFEST: Updated. 2008-03-21 Jan-Oliver Wagner Cleanup for module plugutils. * libopenvas/plugutils.h: New. Contains declarations for module "plugutils" (extracted from libopenvas.h) * libopenvas/plugutils.c: replace inlusion of "includes.h" by respective single includes. Removed "ExtFunc". * include/libopenvas.h: Moved any plugutils declarations to plugutils.h. * libopenvas/comm.h, libopenvas/services.h, libopenvas/scanners_utils.h: Remove "ExtFunc" declaration. * Makefile: Install libopenvas/plugutils.h. * MANIFEST: Updated. 2008-03-20 Jan-Oliver Wagner * libopenvas/plugutils.h: Renamed to plugutils_internal.h. * libopenvas/plugutils_internal.h: New. Former plugutils.h. * libopenvas/store.c: Reflect renaming of plugutils.h to plugutils_internal.h. (store_get_plugin_f): Made static. 2008-03-20 Jan-Oliver Wagner Cleanup for module system. * libopenvas/system.h: New. Contains declarations for module "system" (extracted from libopenvas.h) * libopenvas/system.c: replace inlusion of "includes.h" by respective single includes. Removed empty "ExtFunc". * include/libopenvas.h: Moved any system declarations to system.h. * Makefile: Install libopenvas/system.h. * MANIFEST: Updated. 2008-03-20 Jan-Oliver Wagner * libopenvas/system.h: Renamed to system_internal.h * libopenvas/system_internal.h: New. Previous system.h. * libopenvas/harglists.c, libopenvas/pcap.c, libopenvas/system.c, libopenvas/arglists.c, libopenvas/Makefile, libopenvas/kb.c, MANIFEST: Reflect name change from system.h to system_internal.h. 2008-03-20 Jan-Oliver Wagner Cleanup for module pcap. * libopenvas/pcap_openvas.h: New. Contains declarations for module "pcap_openvas" (extracted from libopenvas.h) * libopenvas/pcap.c: replace inlusion of "includes.h" by respective single includes. * include/libopenvas.h: Moved any pcap declarations to pcap_openvas.h. * Makefile: Install libopenvas/pcap_openvas.h. * MANIFEST: Updated. 2008-03-20 Jan-Oliver Wagner Cleanup for module kb. * libopenvas/kb.h: New. Contains declarations for module "kb" (extracted from libopenvas.h) * libopenvas/kb.c: replace inlusion of "includes.h" by respective single includes. * include/libopenvas.h: Moved any kb declarations to kb.h. * Makefile: Install libopenvas/kb.h. * MANIFEST: Updated. 2008-03-20 Jan-Oliver Wagner * include/harglists.h: Removed. Moved to libopenvas/harglists.h. * libopenvas/harglists.h: New. Former include/harglists.h. * Makefile: Reflect move of harglists.h. * libopenvas/harglists.c: replace inlusion of "includes.h" separate ones for the only needed declarations. * MANIFEST: Updated. 2008-03-20 Jan-Oliver Wagner * libopenvas_hg/Makefile: Added path to libopenvas/ for include files. This make the library to build again. 2008-03-17 Jan-Oliver Wagner Cleanup for module bpf_share. * libopenvas/bpf_share.h: New. Contains declarations for module "bpf_share". (extracted from libopenvas.h and removed ExtFunc while we are at it) * libopenvas/bpf_share.c: replace inlusion of "includes.h" by "pcap.h" which is already sufficient. * include/libopenvas.h: Moved any bpf_share declarations to bpf_share.h. * Makefile: Install libopenvas/bpf_share.h. * MANIFEST: Updated. 2008-03-17 Jan-Oliver Wagner Implementing OpenVAS Change Request #5: Remove BPF sharing feature * configure.in: Remove option "--enable-bpf-sharing" and adapt corresponding messages. * configure: updated. * README.BPF: Renamed Nessus to OpenVAS, added note that there once was a feature for bpf-sharing. * libopenvas/bpf_share.c: Removed the whole alternative block for "HAVE_DEV_BPFN". (main): Also removed the now useless=empty test frame. * libopenvas/Makefile: bpf_sharing does not need to know about the StateDir anymore. * TODO: Removed entry about BPF sharing. 2008-03-17 Jan-Oliver Wagner * TODO: Added entry describing how the cleanup re header files should be continued. 2008-03-14 Jan-Oliver Wagner * libopenvas/network.h: New. Contains external header information for module "network". (extracted from libopenvas.h) * libopenvas/ftp_funcs.h: Updated header for OpenVAS, removed "ExtFunc". * libopenvas/ftp_funcs.c: Updated header for OpenVASremoved "ExtFunc", replaced includes.h by actually required includes. * include/libopenvas.h: Moved any ftp_funcs declarations to ftp_funcs.h. Moved most network declarations to network.h. * Makefile: Install libopenvas/network.h and libopenvas/ftp_funcs.h. * libopenvas/arglists.h: Added forgotten ifdef. * MANIFEST: Updated. 2008-03-14 Jan-Oliver Wagner Removing unsused module "data". It was meant as a future replacement of arglists. However, it does only try the same philosophy with some improvments whereas it makes more sense to leave optimized handling to specialists like glib. * libopenvas/data.c, include/data.h: Removed. * TODO: Removed enty about data.c. * MANIFEST: updated. 2008-03-14 Jan-Oliver Wagner A sample cleanup for header files. * libopenvas/arglists.h: New. Contains external header information for module "arglists". (extracted from libopenvas.h) * Makefile: Install libopenvas/arglists.h. * include/libopenvas.h: Converted header block to standard one. Removed any arglists definitions and instead includes arglists.h. * libopenvas/arglists.c: Replace generic include of includes.h by respective required single include statements. Removed any use of "ExtFunc" declaration which is empty anyway. 2008-03-14 Jan-Oliver Wagner * libopenvas/plugutils.c: Removed include for diff.h. 2008-03-14 Jan-Oliver Wagner * include/libopenvas.h: Annotated module names, some lines reordered, removed W32 conditional. 2008-03-14 Jan-Oliver Wagner * TODO: Added entry about data.c 2008-03-13 Jan-Oliver Wagner * libopenvas/Makefile: Removed handling of module "diff". * libopenvas/diff.c, libopenvas/diff.h: Removed as the only method "banner_diff" isn't used anywhere in OpenVAS. * MANIFEST: updated. 2008-03-10 Jan-Oliver Wagner Removing the apparently unused module "snprintf". There exists no corresponding proto and thus it could never be used without occuring warnings during compilation. snprintf is part of C99. * libopenvas/Makefile: Remove handling of snprintf module. * MANIFEST: Updated. * libopenvas/snprintf.c: Removed. 2008-03-03 Laban Mwangi * libopenvas/plugutils.c, libopenvas/proctitle.c, libopenvas/store.c, libopenvas/www_funcs.c: Adding FlawFinder ignores to various string operations as discussed on the Mailing List. 2008-02-16 Laban Mwangi * libopenvas/hlst.c (flush_hlst, make_hlst, sort_hlst, unsort_hlst), libopenvas/hlst.h (_hlst): Fixing flawfinder l4 warnings related to flawfinder thinking that a ptr in a linkedlist called access is = the call access(2) 2008-02-15 Bernhard Herzog * libopenvas/store.c (safe_copy): Cast return value strlen to match format string. Silences a compiler warning 2008-02-15 Bernhard Herzog * libopenvas/www_funcs.c (http11_get_head): Removed this unused function. Silences a compiler warning. 2008-02-15 Bernhard Herzog * libopenvas_hg/hg_dns_axfr.c (hg_dns_axfr_add_host) (hg_dns_read_ns_from_answer, hg_dns_axfr_query): Use ns_get16 instead of _getshort. _getshort is defined in glibc but not declared in any headerfile. ns_get16 is a newer API but should be widely available, too. 2008-02-15 Bernhard Herzog * libopenvas/hlst.c (copy_hlst): Fix Flawfinder issue. 2008-02-15 Bernhard Herzog * libopenvas/harglists.c (say_creating): Fix format string to match the types that will actually be used (say_closing, message): Fix Flawfinder issues (do_printf): Fix flawfinder issues. Fix gcc warnings about fprintf args, adapting a format string to better match the purpose of printing the value of a pointer. 2008-02-15 Jan-Oliver Wagner Removal of Flawfinder issues. * libopenvas/system.c (emalloc): replace usleep() by nanosleep(). (estrdup): Set two Flawfinder: ignore, one reported path can not happen (now documented) and whether to use strlen() is a more general question. 2008-02-15 Jan-Oliver Wagner * libopenvas/system.c, libopenvas/system.h: Applied standard header, added comments on unclear things. 2008-02-15 Jan-Oliver Wagner * libopenvas/system.c (emalloc, erealloc): Added type cast to get rid of compiler warning. 2008-02-12 Laban Mwangi * INSTALL_README: Added dependent libraries (bug fix for aid #591) 2008-02-12 Tim Brown * packaging/debian/*: Minor fixes, now includes scripts to allow dependents to build. Also fixed minor typo in packaging/debian/copyright. 2008-02-05 Tim Brown * packaging/debian/*: Minor changes, now builds lintian clean. * packaging/debian/copyright: More information in the copyright, including a detailed account of holders. 2007-11-07 Tim Brown * packaging/debian/control, packaging/debian/copyright: Minor changes to fix Homepage and Copyright directives. 2007-10-31 Jan-Oliver Wagner * MANIFEST: Updated. 2007-10-31 Tim Brown * packaging, packaging/debian: New directories. * packaging/debian/control, packaging/debian/libopenvas.dirs, packaging/debian/compat, packaging/debian/libopenvas-dev.install, packaging/debian/changelog, packaging/debian/libopenvas.install, packaging/debian/copyright, packaging/debian/rules, packaging/debian/libopenvas-dev.dirs: New. The debian packaging files. 2007-10-12 Jan-Oliver Wagner * VERSION: post-release version bump to 1.0.1.SVN 2007-10-12 Jan-Oliver Wagner * MANIFEST: Updated. 2007-10-12 Jan-Oliver Wagner Doing the release 1.0.0. * VERSION: Set to 1.0.0. * CHANGES: Updated. 2007-10-11 Jan-Oliver Wagner * README.HPUX: Removed. This information seem to be a leftover from stoneage time. * TODO: More things noted. 2007-10-08 Jan-Oliver Wagner Some code cleanups. * libopenvas/plugutils(plug_get_fresh_key): Fixed wrong number of arguments for fprintf call. * libopenvas/harglists.c(harg_addt, harg_set_valuet, harg_renamet): Add more ()s to make clear && is to be evaluated before ||. This was suggested by gcc. * libopenvas/www_funcs.c(http_get, http_head, httpver, http10_head, http10_get, http10_get_head, http11_head, http11_get): Removed. These functions have never been used. 2007-10-08 Bernhard Herzog * libopenvas_hg/Makefile: Install hosts_gatherer.h and hg_utils.h into ${includedir}/openvas. They contain declarations needed by openvas-server and openvas-libnasl 2007-09-25 Tim Brown Patch to fix two "implicit declaration" gcc-warnings submitted by Hanno Böck on openvas-devel. * include/includes.h: Add include of fnmatch.h. * include/libopenvas.h: Added proto for kb_item_rm_all(). 2007-09-13 Jan-Oliver Wagner * VERSION: bumped to 0.9.2.SVN 2007-09-13 Jan-Oliver Wagner Doing the release 0.9.1. * VERSION: Set to 0.9.1. * CHANGES: Updated. 2007-09-13 Jan-Oliver Wagner * TODO: Removed the entry about separate versioning (it is done now). Also removed the entry about reviewing the Debian patches to nessus-libraries (done). * libopenvas/bpf_share.c, libopenvas/services.h: Fixed paths to state dir to LFSH standard. This make the current Debian patch to the according Makefile in nessus-libraries unnecessary. 2007-08-03 Jan-Oliver Wagner * configure.in, openvas-libraries.tmpl.in, include/libvers.h.in, libopenvas/plugutils.c: Replaced NESSUS_MAJOR etc. by OPENVASLIBS_MAJOR etc. as well as NL_MAJOR etc. by OPENVASLIBS_MAJOR etc. * configure: updated. 2007-08-02 Jan-Oliver Wagner * libopenvas/plugutils.c, libopenvas/scanners_utils.c, libopenvas/store.c: Removed unused variables. 2007-08-02 Jan-Oliver Wagner * libopenvas_hg/Makefile: Fix dependencies for target test. * libopenvas_hg/hosts_gatherer.h: Add missing proto for hg_test_syntax(). * libopenvas_hg/test.c (main): Fix return type. 2007-08-02 Jan-Oliver Wagner * VERSION: bumped to 0.9.1.SVN * CHANGES: updated. * libopenvas_hg/hg_dns_axfr.c: Removed CYGWIN part which was not implemented anyway (just a stub). * libopenvas/getopt1.c, libopenvas/getopt.c, libopenvas/harglists.c, libopenvas/hlst.c: Removed handling of _WIN32. * Makefile: Removed target win32. 2007-08-02 Jan-Oliver Wagner * libhosts_gatherer, libopenvas_hg: renamed libhosts_gatherer to libopenvas_hg. * Makefile: renamed libhosts_gatherer to libopenvas_hg. * MANIFEST: updated. 2007-08-02 Jan-Oliver Wagner * libopenvas-config.pre.in, libhosts_gatherer/Makefile, libhosts_gatherer/test.c: Renamed libhost_gatherer by libopenvas_hg. 2007-08-01 Jan-Oliver Wagner Removed strange handling of CWARN which tries to collect a number of warning wishes for compilation. It didn't really work anyway. Replaced this by: allways give all warnings (-Wall). * configure.in, openvas-libraries.tmpl.in: Removed handling of CWARN[01234] and CWALL. * configure: updated. * libopenvas/Makefile, libhosts_gatherer/Makefile: Added -Wall as compile flag. 2007-07-26 Jan-Oliver Wagner * CHANGES: Set release date to 27.7.2007 2007-07-26 Jan-Oliver Wagner Doing the release 0.9.0. * VERSION: Set to 0.9.0. 2007-07-25 Jan-Oliver Wagner * libopenvas/proctitle.c (setproctitle): Change name of daemon from nessusd to openvasd. * include/config.h.in: Removed NESSUSD_USERNAME which is not used anywhere. * libopenvas/services.h: Changed paths from nessus to openvas. 2007-07-25 Jan-Oliver Wagner * configure.in: replaced AC_HAVE_LIBRARY by AC_CHECK_LIB for gnutls, resolve and pcap and emit error when not found. Also replaced the not-so-helpful message after running configure with some more useful. * configure: updated. * libopenvas/Makefile: Fixed dependencies reg. network.h. 2007-07-25 Jan-Oliver Wagner * MANIFEST: updated. 2007-07-25 Bernhard Herzog * libopenvas/network.h: Removed. Everything declared in network.h is also declared in libopenvas.h * libopenvas/pcap.c, libopenvas/network.c, libopenvas/ids_send.c: Remove includes of network.h 2007-07-24 Bernhard Herzog * libopenvas/network.c (ovas_server_context_attach) (read_stream_connection_unbuffered) (write_stream_connection4, internal_send, internal_recv): Remove unused variables 2007-07-24 Bernhard Herzog * libopenvas/network.c: Add missing include of 2007-07-24 Bernhard Herzog * libopenvas/network.c (verify_peer_certificate): Make status an unsigned int so that it matches the signature of gnutls_certificate_verify_peers2 2007-07-24 Bernhard Herzog * libopenvas/network.c (set_gnutls_priorities) (set_gnutls_protocol): Renamed set_gnutls_priorities to set_gnutls_protocol (open_SSL_connection, ovas_server_context_attach): Updated because of set_gnutls_priorities renaming (set_gnutls_priorities): New function that sets the priorities of a session from a bunch of int arrays and handles errors (set_gnutls_sslv23, set_gnutls_sslv3, set_gnutls_tlsv1): Use set_gnutls_priorities to set the priorities instead of calling the gnutls functions directly. Also return an error code properly. 2007-07-24 Bernhard Herzog * libopenvas/network.c (nessus_SSL_init): Return a value (0) if already initialized 2007-07-24 Bernhard Herzog * libopenvas/network.c (nessus_SSL_init): Make sure gnutls_global_init is only called once even if nessus_SSL_init is called multiple times. 2007-07-24 Bernhard Herzog * libopenvas/network.c (load_file, unload_file): Use emalloc and efree to be consistent with the rest of the libopenvas code 2007-07-20 Jan-Oliver Wagner * libopenvas/services.h: Fixed location of openvas-services. 2007-07-19 Jan-Oliver Wagner * openvas-libraries.tmpl.in: Removed remains for libcap-nessus and PCAP_-variables 2007-07-19 Jan-Oliver Wagner First preparations for release. * include/libopenvas.h, include/config.h.in: Removed last occurances of HAVE_SSL. * MANIFEST: updated. * CHANGES: New. Describes Changes for users. * Makefile: No sbin required for installation of this package. * TODO: Removed item about libpcap which indeed has been removed meanwhile. * INSTALL_README: Added a warning that these instructions might not be uptodate. 2007-07-18 Bernhard Herzog * include/includes.h: Remove openssl includes 2007-07-18 Bernhard Herzog * include/libopenvas.h: Removed the declaration of nessus_register_connection that uses a SSL* as the second parameter. The void* variant is still there. 2007-07-17 Bernhard Herzog * libopenvas/network.h, include/libopenvas.h: Remove declarations of unused and unimplemented functions: stream_get_server_certificate stream_get_ascii_server_certificate 2007-07-17 Bernhard Herzog * libopenvas/network.c (nessus_install_passwd_cb, sslerror) (sslerror2): Removed. They are no longer used anywhere. (stream_get_ssl): Change the return type to void* so that we no longer need openssl.h * include/libopenvas.h: Remove declaration of nessus_install_passwd_cb and sslerror. Update declaration of stream_get_ssl 2007-07-02 Bernhard Herzog * libopenvas/network.c (verify_peer_certificate): If the peer did not send a certificate, treat it as valid. 2007-07-02 Bernhard Herzog * libopenvas/network.c (OVAS_CONNECTION_FROM_FD): New. Macro to determine the nessus_connection* given a nessus file descriptor (nessus_register_connection, ovas_allocate_connection): Most of nessus_register_connection is now in the new function ovas_allocate_connection. (set_gnutls_priorities): New. Frontend for the other set_gnutls_* functions. (verify_peer_certificate): New. Function to verify the peer certificate (open_SSL_connection): Use set_gnutls_priorities. (ovas_server_context_new): New. Function to allocate an ovas_server_context_t (ovas_server_context_free): New. Function to free an ovas_server_context_t (ovas_server_context_attach): New. Functin to set up SSL/TLS on a socket with parameters from a ovas_server_context_t * include/libopenvas.h: Add declarations for the new functions and types. Always declare nessus_SSL_init. 2007-06-26 Jan-Oliver Wagner * libhosts_gatherer/hg_add_hosts.c: Backported patch from original nessus-libraries branch NESSUS_2_2 as committed by Renaud Deraison June, 25 2007. Original commit message there: "bugfix". 2007-06-22 Bernhard Herzog * libopenvas/network.c (nessus_SSL_password_cb): Removed because it's not used anymore. 2007-06-22 Bernhard Herzog * libopenvas/network.c (nessus_SSL_init): Handle errors. 2007-06-22 Bernhard Herzog * libopenvas-config.pre.in: remove the @pcap_flag@ substitution from the --libs output. The pcap options are now in EXTRA anyway and @pcap_flag@ is no longer substituted. 2007-06-21 Jan-Oliver Wagner Removed local copy of pcap library. * configure.in, Makefile, libopenvas-config.pre.in: Removed any handling of libpcap-nessus * configure: updated with new autoconf version as of Debian etch * libpcap-nessus/: Removed entire directory. 2007-06-21 Bernhard Herzog * libopenvas/network.c (nessus_install_passwd_cb): Use correct function name in error message 2007-06-21 Bernhard Herzog * libopenvas/network.c (sslerror2, sslerror) (nessus_install_passwd_cb): Get rid of the last actual OpenSSL calls. The implementations now simply print an error message and do nothing. 2007-06-20 Bernhard Herzog * libopenvas/network.c (open_SSL_connection): Better error handling for the gnutls function calls. 2007-06-20 Bernhard Herzog * libopenvas/network.c: Keep a pointer to the gnutls credentials struct so that it can be freed properly: (struct nessus_connection): New member tls_cred (release_connection_fd): Free tls_cred (open_SSL_connection): Store the credentials in the tls_cred member 2007-06-20 Bernhard Herzog * libopenvas/network.c (load_file, unload_file): New. Helper functions to load certificates and keys. (load_cert_and_key): New. Loads certificate and key files into the gnuTLS credentials object. This function supports decryption of private keys. (open_SSL_connection): use load_cert_and_key to load the certificate and key. Remove the warnign about unsupported key decryption. Load the CA files if given. 2007-06-14 Bernhard Herzog First step in the code to move from OpenSSL to GnuTLS. The code in network.c now uses GnuTLS instead of OpenSSL for stream connections. There are still a few remnants of the OpenSSL code, though and code using the library will still need to link -lssl. * libopenvas/network.c (struct nessus_connection) (release_connection_fd, nessus_register_connection, sslerror) (nessus_SSL_init, open_SSL_connection, open_stream_connection) (open_stream_connection_unknown_encaps5) (read_stream_connection_unbuffered, write_stream_connection4) (stream_pending): Use GnuTLS instead of OpenSSL. (stream_get_ssl): Now always returns NULL since there's no SSL* associated with a stream anymore. See the comments in the code for some of the implications of this. (tlserror, set_gnutls_sslv23, set_gnutls_sslv3, set_gnutls_tlsv1): New functions for the GnuTLS support. 2007-06-04 Bernhard Herzog * libopenvas/network.c (struct nessus_connection) (open_SSL_connection, write_stream_connection4): Remove nessus_connection member last_ssl_err because it's only assigned to, but never used. 2007-05-25 Jan-Oliver Wagner * VERSION: Renamed from CVS to SVN. * TODO: Some more open questions. * include/includes.h: Removed a nessus header file. 2007-05-23 Bernhard Herzog * libopenvas/network.c (data_left): Removed. The function was commented out and never used. 2007-05-14 Jan-Oliver Wagner * libopenvas/network.c: Renamed all closesocket() to close(). closesocket() was a remain from trying to be NT compatible. 2007-05-14 Jan-Oliver Wagner * configure: updated. 2007-05-14 Jan-Oliver Wagner * Makefile: Fixed dependencies for target install. This way now also libopenvas-config gets created during install from libopenvas-config.tmpl which wasn't the case before. 2007-05-14 Jan-Oliver Wagner * Makefile: Fixed name for libopenvas-config man page for installation. 2007-05-14 Jan-Oliver Wagner * Makefile: installation target for headerfiles renamed from nessus to openvas. 2007-05-09 Jan-Oliver Wagner Introduce "make dist" to create a tar-ball. * VERSION: Set to .CVS. * MANIFEST: New. List of source files for dist. * Makefile: New target "dist". 2007-05-09 Jan-Oliver Wagner * nessus-config.pre.in: Removed. * libopenvas-config.pre.in: New. Replaces nessus-config.pre.in. * nessus-config.1: Removed. * libopenvas-config.1: New. Replaces nessus-config.1. * configure.in, Makefile: Replace nessus-config by libopenvas-config. 2007-05-09 Jan-Oliver Wagner * nessus-config.pre.in, Makefile: Removed DESTDIR. It looks pretty useless as it needs to be set in the shell. It was introduced in Nessus 1.3.1. 2007-05-09 Jan-Oliver Wagner * libopenvas/plugutils.c: Removed any conditional alternatives for HAVE_SSL (ssl is mandatory now) 2007-05-09 Jan-Oliver Wagner First, intermediate step of migrating from OpenSSL to GNUTLS: Remove the all old stuff at the configure-level. * configure.in: Removed any handling of OpenSSL and the conditional handling of SSL support. Inserterted mandatory requirement of GNUTLS. * configure: Updated. * openvas-libraries.tmpl.in, nessus-config.pre.in: Removed any OpenSSL handling. 2007-04-26 Jan-Oliver Wagner * configure.in: Removed cygwin stuff. 2007-04-24 Jan-Oliver Wagner * configure.in, Makefile, INSTALL_README: Removed handling of "uninstall-nessus". * uninstall-nessus.in: Removed. 2007-04-12 Jan-Oliver Wagner Removing various Windows related files. * README.WINDOWS, nmake.w32, nmake.bat, nessus.def, include/config.w32, include/ntcompat.h: Removed. * include/includes.h: Removed some W32-specific elements. 2007-03-29 Jan-Oliver Wagner * Makefile, libopenvas/Makefile: Renaming libnessus to libopenvas. Fixing header from GPL to LGPL. * libopenvas/store.c, libopenvas/plugutils.c, libopenvas/ids_send.c, libopenvas/arglists.c, libopenvas/data.c, libopenvas/network.c, libopenvas/services.c, uninstall-nessus.in, include/includes.h: Added header. Renaming libnessus to libopenvas. * include/libnessus.h: Renamed to libopenvas.h. * include/libopenvas.h: New. Former libnessus.h. 2007-03-29 Jan-Oliver Wagner * libnessus: Renamed to libopenvas. * libopenvas: New. Former libnessus. 2007-03-28 Jan-Oliver Wagner * TODO: New. Keep a list of issues/ideas/plans for this module. 2007-03-28 Jan-Oliver Wagner * openvas-libraries.tmpl.in: Added header. * Makefile, libhosts_gatherer/Makefile, libnessus/Makefile: Added header. Renamed nessus.tmpl to openvas-libraries.tmpl. * libpcap-nessus/Makefile.in: Renamed nessus.tmpl to openvas-libraries.tmpl. * configure: updated. 2007-03-28 Jan-Oliver Wagner * nessus.tmpl.in: Removed (replaced by openvas-libraries.tmpl.in) * openvas-libraries.tmpl.in: Former nessus.tmpl * configure.in: Name change for .tmpl file. 2007-03-28 Jan-Oliver Wagner * configure.in: Added header information. * ChangeLog: New. Summary of changes. 2007-03-28 Jan-Oliver Wagner * VERSION: Changed version number to 0.9.0 to not confuse with nessus versioning and to make clear that for OpenVAS this is not yet stable. gvm-libs-9.0.3/INSTALL000066400000000000000000000144331334154151000142760ustar00rootroot00000000000000INSTALLATION INSTRUCTIONS FOR OPENVAS-LIBRARIES =============================================== Please note: The reference system used by most of the developers is Debian GNU/Linux 'Jessie' 8. The build might fail on any other system. Also it is necessary to install dependent development packages. Prerequisites for openvas-libraries ----------------------------------- See at the end of this section how to easily install these prerequisites on some supported platforms. General build environment: * a C compiler (e.g. gcc) * bison * flex * cmake >= 2.8 * pkg-config Specific development libraries: * libglib >= 2.32 * libgnutls >= 3.2.15 * libgcrypt >= 1.6 * zlib * libpcap * libgpgme >= 1.1.2 * uuid-dev (from e2fsprogs) * libssh >= 0.5.0 * libhiredis >= 0.10.1 * libksba >= 1.0.7 Prerequisites for building documentation: * doxygen * xmltoman (optional, for building man page) * sqlfairy (optional, for producing database diagram) Recommended to have WMI support: * openvas-smb >= 1.0.4 Recommended to have improved SNMP support: * netsnmp Recommended to have LDAP support: * libldap >= 2.4.11 (LDAP can be disabled with -DBUILD_WITHOUT_LDAP=1) Recommended to have RADIUS support: * libfreeradius-client >= 1.1.6 (RADIUS can be enabled with -DBUILD_WITH_RADIUS=1) Install prerequisites on Debian GNU/Linux 'Jessie' 8: # apt-get install dpkg-dev pkg-config libssh-dev libgnutls28-dev libglib2.0-dev \ libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev libhiredis-dev \ libsnmp-dev libgcrypt20-dev libldap2-dev Compiling openvas-libraries --------------------------- If you have installed required libraries to a non-standard location, remember to set the PKG_CONFIG_PATH environment variable to the location of your pkg-config files before configuring: $ export PKG_CONFIG_PATH=/your/location/lib/pkgconfig:$PKG_CONFIG_PATH Create a build directory and change into it with $ mkdir build $ cd build Configure the build with $ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation .. or (if you want to use the default installation path /usr/local) $ cmake .. This only needs to be done once. Thereafter, the following commands are useful. $ make # build the libraries $ make doc # build the documentation $ make doc-full # build more developer-oriented documentation $ make install # install the build $ make rebuild_cache # rebuild the cmake cache Please note that you may have to execute "make install" as root, especially if you have specified a prefix for which your user does not have full permissions. To clean up the build environment, simply remove the contents of the "build" directory you created above. Configuration Options --------------------- During compilation, the build process uses a set of compiler options which enable very strict error checking and ask the compiler to abort should it detect any errors in the code. This is to ensure a maximum of code quality and security. Unfortunately, some (especially newer) compiler can be more strict than others when it comes to error checking. While this is a good thing and the OpenVAS developers aim to address all compiler warnings, it may lead the build process to abort on your system. Below you will find a list of the most common warnings and what you can do about them. * "call to function ‘xyz’ without a real prototype" This warning shows up on recent openSUSE versions due to a compiler option only present on these systems. To tell the build process to not abort the build process on this warning, add -DIGNORE_UNPROTOTYPED_CALLS=1 to your configuration command, for example: $ cmake -DIGNORE_UNPROTOTYPED_CALLS=1 . Should you notice any other error messages causing your build process to abort, do not hesitate to contact the OpenVAS developers using the mailing lists or IRC chat. Don't forget to include the name and version of your system and distribution in your message. Building OpenVAS Libraries statically linked -------------------------------------------- If you want to build a statically linked version of OpenVAS Libraries -- for example to subsequently build a statically linked OMP command line client or Nagios plugin from the "openvas-cli" module -- you need statically linked versions of the prerequisite libraries as well. This can be a problem with current versions of the GnuTLS library. In most distributions GnuTLS is built with p11-kit support, which makes linking statically against the GnuTLS library impossible. To work around this, you can build the GnuTLS yourself after configuring it without support for p11-kit. This can be done with the following parameters: $ ./configure --disable-shared --enable-static --without-p11-kit Note that you will most likely want to add additional parameters to configure the GnuTLS library based on your distributions policy and/or your personal needs, e.g. the correct prefix so OpenVAS Libraries will find you statically linked version. The "make install" command will then build the GnuTLS library and install it into the path you configured. Once you have build and installed the GnuTLS library, configure OpenVAS Libraries with the following parameters to request statically linked versions of the "base", "misc" and "omp" modules: $ cmake -DBUILD_STATIC=1 -DBUILD_SHARED=0 -DOPENVAS_OMP_ONLY=1 .. Once again, the "make install" command will build and install the requested modules. For instructions on building statically linked binaries from the "openvas-cli" module please see the INSTALL file there. Static code analysis with the Clang Static Analyzer --------------------------------------------------- If you want to use the Clang Static Analyzer (http://clang-analyzer.llvm.org/) to do a static code analysis, you can do so by adding the following parameter when configuring the build: -DCMAKE_C_COMPILER=/usr/share/clang/scan-build/ccc-analyzer Note that the example above uses the default location of ccc-analyzer in Debian GNU/Linux and may be different in other environments. To have the analysis results aggregated into a set of HTML files, use the following command: $ scan-build make The tool will provide a hint on how to launch a web browser with the results. It is recommended to do this analysis in a separate, empty build directory and to empty the build directory before "scan-build" call. gvm-libs-9.0.3/README000066400000000000000000000015651334154151000141270ustar00rootroot00000000000000openvas-libraries ================= This is the libraries module for the Open Vulnerability Assessment System (OpenVAS). For more information, please refer to the OpenVAS website available at http://www.openvas.org/. Please see the file COPYING for the license information. Please refer to the instructions provided in the file INSTALL if you want to install openvas-libraries. If you are not familiar or comfortable with building from source code, we recommend that you use a install package or use a prepared virtual machine. Information regarding available binary packages and virtual machines is available from the download area of the OpenVAS website. If you have any question or suggestions, please feel free to use the mailing list and the IRC chat to contact the OpenVAS developers. Please use the OpenVAS bug tracker located at http://bugs.openvas.org/ to report bugs. gvm-libs-9.0.3/VERSION.in000066400000000000000000000000271334154151000147140ustar00rootroot00000000000000@CPACK_PACKAGE_VERSION@gvm-libs-9.0.3/base/000077500000000000000000000000001334154151000141525ustar00rootroot00000000000000gvm-libs-9.0.3/base/CMakeLists.txt000066400000000000000000000116331334154151000167160ustar00rootroot00000000000000# OpenVAS-libraries/base # $Id$ # Description: Top-level cmake control for the base library. # # Authors: # Matthew Mundell # # Copyright: # Copyright (C) 2009,2010,2013 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ## Library if (NOT MINGW) # FIXME: certain flags should be defined on the global level, # because they change the API (e.g. _FILE_OFFSET_BITS). set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -D_FILE_OFFSET_BITS=64 -Wall -Wextra -fPIC") pkg_check_modules (ZLIB REQUIRED zlib) pkg_check_modules (GIO REQUIRED gio-2.0) pkg_check_modules (REDIS hiredis>=0.10.1) if (NOT REDIS_FOUND) # Make a second attempt to find hiredis without pkg-config message (STATUS "Looking for hiredis...") find_library (HIREDIS hiredis) message (STATUS "Looking for hiredis... ${HIREDIS}") if (NOT HIREDIS) message (SEND_ERROR "The hiredis library is required.") endif (NOT HIREDIS) set (REDIS_LDFLAGS "-lhiredis") endif (NOT REDIS_FOUND) endif (NOT MINGW) include_directories (${GLIB_INCLUDE_DIRS} ${ZLIB_INCLUDE_DIRS} ${REDIS_INCLUDE_DIRS}) if (MINGW) set (FILES array.c credentials.c openvas_hosts.c cvss.c nvti.c nvticache.c openvas_file.c openvas_string.c pidfile.c settings.c gpgme_util.c pwpolicy.c) set (HEADERS array.h credentials.h openvas_hosts.h cvss.h nvti.h settings.h openvas_file.h openvas_string.h pidfile.h gpgme_util.h pwpolicy.h) else (MINGW) set (FILES array.c credentials.c openvas_hosts.c cvss.c drop_privileges.c nvti.c nvticache.c openvas_compress.c openvas_file.c openvas_networking.c kb_redis.c openvas_string.c pidfile.c settings.c gpgme_util.c pwpolicy.c) set (HEADERS array.h credentials.h openvas_hosts.h cvss.h drop_privileges.h kb.h nvticache.h nvti.h settings.h openvas_compress.h openvas_file.h openvas_networking.h openvas_string.h pidfile.h gpgme_util.h pwpolicy.h) endif (MINGW) if (BUILD_STATIC) add_library (openvas_base_static STATIC ${FILES}) set_target_properties (openvas_base_static PROPERTIES OUTPUT_NAME "openvas_base") set_target_properties (openvas_base_static PROPERTIES CLEAN_DIRECT_OUTPUT 1) set_target_properties (openvas_base_static PROPERTIES PUBLIC_HEADER "${HEADERS}") endif (BUILD_STATIC) if (BUILD_SHARED) add_library (openvas_base_shared SHARED ${FILES}) set_target_properties (openvas_base_shared PROPERTIES OUTPUT_NAME "openvas_base") set_target_properties (openvas_base_shared PROPERTIES CLEAN_DIRECT_OUTPUT 1) set_target_properties (openvas_base_shared PROPERTIES SOVERSION "${CPACK_PACKAGE_VERSION_MAJOR}") set_target_properties (openvas_base_shared PROPERTIES VERSION "${CPACK_PACKAGE_VERSION}") set_target_properties (openvas_base_shared PROPERTIES PUBLIC_HEADER "${HEADERS}") if (MINGW) set (GLIB_LDFLAGS -Wl,--start-group ${GLIB_LDFLAGS} gmodule-2.0 -Wl,--end-group) set (W32LIBS ${GLIB_LDFLAGS} intl iconv gpgme assuan libgpg-error ole32 ws2_32 ffi z shlwapi dnsapi winmm) target_link_libraries (openvas_base_shared ${W32LIBS}) else (MINGW) target_link_libraries (openvas_base_shared LINK_PRIVATE ${GLIB_LDFLAGS} ${GIO_LDFLAGS} ${ZLIB_LDFLAGS} ${GPGME_LDFLAGS} ${REDIS_LDFLAGS} ${LINKER_HARDENING_FLAGS}) endif (MINGW) endif (BUILD_SHARED) add_definitions (-DOPENVAS_SYSCONF_DIR=\\\"${OPENVAS_SYSCONF_DIR}\\\") add_definitions (-DOPENVAS_STATE_DIR=\\\"${OPENVAS_STATE_DIR}\\\") if (OPENVAS_PID_DIR) add_definitions (-DOPENVAS_PID_DIR=\\\"${OPENVAS_PID_DIR}\\\") endif (OPENVAS_PID_DIR) add_custom_indent_targets (${FILES}) # Link the test-hosts executable # TODO: This is currently only built for BUILD_SHARED if (BUILD_SHARED) add_executable (test-hosts test-hosts.c) target_link_libraries (test-hosts openvas_base_shared ${GLIB_LDFLAGS} ${REDIS_LDFLAGS}) endif (BUILD_SHARED) ## Install if (BUILD_STATIC) install (TARGETS openvas_base_static RUNTIME DESTINATION ${BINDIR} ARCHIVE DESTINATION ${LIBDIR} PUBLIC_HEADER DESTINATION "${INCLUDEDIR}/openvas/base") endif (BUILD_STATIC) if (BUILD_SHARED) install (TARGETS openvas_base_shared RUNTIME DESTINATION ${BINDIR} LIBRARY DESTINATION ${LIBDIR} ARCHIVE DESTINATION ${LIBDIR} PUBLIC_HEADER DESTINATION "${INCLUDEDIR}/openvas/base") endif (BUILD_SHARED) ## End gvm-libs-9.0.3/base/README.txt000066400000000000000000000006331334154151000156520ustar00rootroot00000000000000This is the library "libopenvas_base". It provides basics for various OpenVAS modules. Any source code of this library fulfills the following requirements: * involves no other dependencies than mandatory libraries (glib, gpgme) * licensed under GNU GPLv2 or any later version * fully documented according to the coding guidelines in order to allow a complete automatically generated API documentation. gvm-libs-9.0.3/base/array.c000066400000000000000000000036641334154151000154450ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Array utilities. * * Authors: * Matthew Mundell * * Copyright: * Copyright (C) 2009,2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file array.c * @brief Array utilities. */ #include "array.h" /** * @brief Make a global array. * * @return New array. */ GPtrArray * make_array () { return g_ptr_array_new (); } /** * @brief Reset an array. * * @param[in] array Pointer to array. */ void array_reset (array_t ** array) { array_free (*array); *array = make_array (); } /** * @brief Free global array value. * * Also g_free any elements. * * @param[in] array Pointer to array. */ void array_free (GPtrArray * array) { if (array) { guint index = array->len; while (index--) g_free (g_ptr_array_index (array, index)); g_ptr_array_free (array, TRUE); } } /** * @brief Push a generic pointer onto an array. * * @param[in] array Array. * @param[in] pointer Pointer. */ void array_add (array_t * array, gpointer pointer) { if (array) g_ptr_array_add (array, pointer); } /** * @brief Terminate an array. */ void array_terminate (array_t * array) { if (array) g_ptr_array_add (array, NULL); } gvm-libs-9.0.3/base/array.h000066400000000000000000000023431334154151000154430ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Array utilities. * * Authors: * Matthew Mundell * * Copyright: * Copyright (C) 2009,2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef _OPENVAS_ARRAY_H #define _OPENVAS_ARRAY_H #include typedef GPtrArray array_t; GPtrArray *make_array (); void array_reset (array_t ** array); void array_free (GPtrArray * array); void array_add (array_t * array, gpointer pointer); void array_terminate (array_t * array); #endif /* not _OPENVAS_ARRAY_H */ gvm-libs-9.0.3/base/credentials.c000066400000000000000000000047431334154151000166230ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Credential pairs and triples. * * Authors: * Matthew Mundell * Michael Wiegand * Felix Wolfsteller * * Copyright: * Copyright (C) 2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "credentials.h" #include "openvas_string.h" /** * @brief Free credentials. * * Free the members of a credentials pair. * * @param[in] credentials Pointer to the credentials. */ void free_credentials (credentials_t * credentials) { g_free (credentials->username); credentials->username = NULL; g_free (credentials->password); credentials->password = NULL; /** @todo Check whether uuid has to be freed, too. */ g_free (credentials->timezone); credentials->timezone = NULL; g_free (credentials->role); credentials->role = NULL; g_free (credentials->severity_class); credentials->severity_class = NULL; credentials->dynamic_severity = 0; } /** * @brief Append text to the username of a credential pair. * * @param[in] credentials Credentials. * @param[in] text The text to append. * @param[in] length Length of the text. */ void append_to_credentials_username (credentials_t * credentials, const char *text, gsize length) { openvas_append_text (&credentials->username, text, length); } /** * @brief Append text to the password of a credential pair. * * @param[in] credentials Credentials. * @param[in] text The text to append. * @param[in] length Length of the text. */ void append_to_credentials_password (credentials_t * credentials, const char *text, gsize length) { openvas_append_text (&credentials->password, text, length); } gvm-libs-9.0.3/base/credentials.h000066400000000000000000000042351334154151000166240ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Credential pairs and triples. * * Authors: * Matthew Mundell * Michael Wiegand * Felix Wolfsteller * * Copyright: * Copyright (C) 2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef _OPENVAS_LIBRARIES_BASE_CREDENTIALS_H #define _OPENVAS_LIBRARIES_BASE_CREDENTIALS_H #include /** * @brief A username password pair. */ typedef struct { /*@null@ */ gchar *username; ///< Login name of user. /*@null@ */ gchar *password; ///< Password of user. /*@null@ */ gchar *uuid; ///< UUID of user. /*@null@ */ gchar *timezone; ///< Timezone of user. Set in OpenVAS Manager. /*@null@ */ double default_severity; ///< Default Severity setting of user. Set in OpenVAS Manager. /*@null@ */ gchar *severity_class; ///< Severity Class setting of user. Set in OpenVAS Manager. /*@null@ */ int dynamic_severity; ///< Dynamic Severity setting of user. Set in OpenVAS Manager. /*@null@ */ gchar *role; ///< Role of user. } credentials_t; void free_credentials (credentials_t * credentials); void append_to_credentials_username (credentials_t * credentials, const char *text, gsize length); void append_to_credentials_password (credentials_t * credentials, const char *text, gsize length); #endif /* _OPENVAS_LIBRARIES_BASE_CREDENTIALS_H */ gvm-libs-9.0.3/base/cvss.c000066400000000000000000000220511334154151000152740ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: CVSS utility functions * * Authors: * Preeti Subramanian * * Copyright: * Copyright (C) 2012 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file cvss.c * @brief CVSS utility functions * * This file contains utility functions for handling CVSS. * Namels a calculator for the CVSS base score from a CVSS base * vector. * * The base equation is the foundation of CVSS scoring. The base equation is: * BaseScore6 = round_to_1_decimal(((0.6*Impact)+(0.4*Exploitability)–1.5)*f(Impact)) * Impact = 10.41*(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact)) * Exploitability = 20* AccessVector*AccessComplexity*Authentication * * f(impact)= 0 if Impact=0, 1.176 otherwise * AccessVector = case AccessVector of * requires local access: 0.395 * adjacent network accessible: 0.646 * network accessible: 1.0 * AccessComplexity = case AccessComplexity of * high: 0.35 * medium: 0.61 * low: 0.71 * Authentication = case Authentication of * requires multiple instances of authentication: 0.45 * requires single instance of authentication: 0.56 * requires no authentication: 0.704 * ConfImpact = case ConfidentialityImpact of * none: 0.0 * partial: 0.275 * complete: 0.660 * IntegImpact = case IntegrityImpact of * none: 0.0 * partial: 0.275 * complete: 0.660 * AvailImpact = case AvailabilityImpact of * none: 0.0 * partial: 0.275 * complete: 0.660 */ #include #include #include /* AccessVector (AV) Constants */ #define AV_NETWORK 1.0 #define AV_ADJACENT_NETWORK 0.646 #define AV_LOCAL 0.395 /* AccessComplexity (AC) Constants */ #define AC_LOW 0.71 #define AC_MEDIUM 0.61 #define AC_HIGH 0.35 /* Authentication (Au) Constants */ #define Au_MULTIPLE_INSTANCES 0.45 #define Au_SINGLE_INSTANCE 0.56 #define Au_NONE 0.704 /* ConfidentialityImpact (C) Constants */ #define C_NONE 0.0 #define C_PARTIAL 0.275 #define C_COMPLETE 0.660 /* IntegrityImpact (I) Constants */ #define I_NONE 0.0 #define I_PARTIAL 0.275 #define I_COMPLETE 0.660 /* AvailabilityImpact (A) Constants */ #define A_NONE 0.0 #define A_PARTIAL 0.275 #define A_COMPLETE 0.660 enum base_metrics { A, I, C, Au, AC, AV }; /** * @brief Describe a CVSS impact element. */ struct impact_item { const char *name; /**< Impact element name */ double nvalue; /**< Numerical value */ }; /** * @brief Describe a CVSS metrics. */ struct cvss { double conf_impact; /**< Confidentiality impact. */ double integ_impact; /**< Integrity impact. */ double avail_impact; /**< Availability impact. */ double access_vector; /**< Access vector. */ double access_complexity; /**< Access complexity. */ double authentication; /**< Authentication. */ }; static const struct impact_item impact_map[][3] = { [A] = { {"N", A_NONE}, {"P", A_PARTIAL}, {"C", A_COMPLETE}, }, [I] = { {"N", I_NONE}, {"P", I_PARTIAL}, {"C", I_COMPLETE}, }, [C] = { {"N", C_NONE}, {"P", C_PARTIAL}, {"C", C_COMPLETE}, }, [Au] = { {"N", Au_NONE}, {"M", Au_MULTIPLE_INSTANCES}, {"S", Au_SINGLE_INSTANCE}, }, [AV] = { {"N", AV_NETWORK}, {"A", AV_ADJACENT_NETWORK}, {"L", AV_LOCAL}, }, [AC] = { {"L", AC_LOW}, {"M", AC_MEDIUM}, {"H", AC_HIGH}, }, }; /** * @brief Determine base metric enumeration from a string. * * @param[in] str Base metric in string form, for example "A". * @param[out] res Where to write the desired value. * * @return 0 on success, -1 on error. */ static int toenum (const char * str, enum base_metrics *res) { int rc = 0; /* let's be optimistic */ if (g_strcmp0 (str, "A") == 0) *res = A; else if (g_strcmp0 (str, "I") == 0) *res = I; else if (g_strcmp0 (str, "C") == 0) *res = C; else if (g_strcmp0 (str, "Au") == 0) *res = Au; else if (g_strcmp0 (str, "AU") == 0) *res = Au; else if (g_strcmp0 (str, "AV") == 0) *res = AV; else if (g_strcmp0 (str, "AC") == 0) *res = AC; else rc = -1; return rc; } /** * @brief Calculate Impact Sub Score. * * @param[in] cvss Contains the subscores associated * to the metrics. * * @return The resulting subscore. */ static double get_impact_subscore (const struct cvss *cvss) { return (10.41 * (1 - (1 - cvss->conf_impact) * (1 - cvss->integ_impact) * (1 - cvss->avail_impact))); } /** * @brief Calculate Exploitability Sub Score. * * @param[in] cvss Contains the subscores associated * to the metrics. * * @return The resulting subscore. */ static double get_exploitability_subscore (const struct cvss *cvss) { return (20 * cvss->access_vector * cvss->access_complexity * cvss->authentication); } /** * @brief Set impact score from string representation. * * @param[in] value The litteral value associated to the metric. * @param[in] metric The enumeration constant identifying the metric. * @param[out] cvss The structure to update with the score. * * @return 0 on success, -1 on error. */ static inline int set_impact_from_str (const char *value, enum base_metrics metric, struct cvss *cvss) { int i; for (i = 0; i < 3; i++) { const struct impact_item *impact; impact = &impact_map[metric][i]; if (g_strcmp0 (impact->name, value) == 0) { switch (metric) { case A: cvss->avail_impact = impact->nvalue; break; case I: cvss->integ_impact = impact->nvalue; break; case C: cvss->conf_impact = impact->nvalue; break; case Au: cvss->authentication = impact->nvalue; break; case AV: cvss->access_vector = impact->nvalue; break; case AC: cvss->access_complexity = impact->nvalue; break; default: return -1; } return 0; } } return -1; } /** * @brief Final CVSS score computation helper. * * @param[in] cvss The CVSS structure that contains the * different metrics and associated scores. * * @return the CVSS score, as a double. */ static double __get_cvss_score (struct cvss *cvss) { double impact = 1.176; double impact_sub; double exploitability_sub; impact_sub = get_impact_subscore (cvss); exploitability_sub = get_exploitability_subscore (cvss); if (impact_sub < 0.1) impact = 0.0; return (((0.6 * impact_sub) + (0.4 * exploitability_sub) - 1.5) * impact) + 0.0; } /** * @brief Calculate CVSS Score. * * @param cvss_str Base vector string from which to compute score. * * @return The resulting score. -1 upon error during parsing. */ double get_cvss_score_from_base_metrics (const char *cvss_str) { struct cvss cvss; char *token, *base_str, *base_metrics; memset(&cvss, 0x00, sizeof(struct cvss)); if (cvss_str == NULL) return -1.0; base_str = base_metrics = g_strdup_printf ("%s/", cvss_str); while ((token = strchr (base_metrics, '/')) != NULL) { char *token2 = strtok (base_metrics, ":"); char *metric_name = token2; char *metric_value; enum base_metrics mval; int rc; *token++ = '\0'; if (metric_name == NULL) goto ret_err; metric_value = strtok (NULL, ":"); if (metric_value == NULL) goto ret_err; rc = toenum (metric_name, &mval); if (rc) goto ret_err; if (set_impact_from_str (metric_value, mval, &cvss)) goto ret_err; base_metrics = token; } g_free (base_str); return __get_cvss_score (&cvss); ret_err: g_free (base_str); return (double)-1; } gvm-libs-9.0.3/base/cvss.h000066400000000000000000000022341334154151000153020ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: CVSS utility functions * * Authors: * Preeti Subramanian * * Copyright: * Copyright (C) 2012 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file cvss.h * @brief Protos for CVSS utility functions. * * This file contains the protos for \ref cvss.c */ #ifndef _CVSS_H #define _CVSS_H #include double get_cvss_score_from_base_metrics (const char *); gchar * cvss_as_str (double); #endif /* not _CVSS_H */ gvm-libs-9.0.3/base/drop_privileges.c000066400000000000000000000076451334154151000175270ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Privilege dropping. * * Authors: * Felix Wolfsteller * based on work by Michael Wiegand * * Copyright: * Copyright (C) 2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file drop_privileges.c * * Basic support to drop privileges. */ /** @todo Eliminate both portability and security issues. */ #include "drop_privileges.h" #include #include #include #include /** * @brief Sets an error and return \param errorcode * * @param error Error to set. * @param errorcode Errorcode (possible values defined in drop_privileges.h), * will be returned. * @param message Message to attach to the error. * * @return \param errorcode. */ static gint drop_privileges_error (GError ** error, gint errorcode, const gchar * message) { g_set_error (error, OPENVAS_DROP_PRIVILEGES, errorcode, "%s", message); return errorcode; } /** * @brief Naive attempt to drop privileges. * * We try to drop our (root) privileges and setuid to \param username to * minimize the risk of privilege escalation. * The current implementation is somewhat linux-specific and may not work on * other platforms. * * @param[in] username The user to become. Its safe to pass "NULL", in which * case it will default to "nobody". * @param[out] error Return location for errors or NULL if not interested * in errors. * * @return OPENVAS_DROP_PRIVILEGES_OK in case of success. Sets \param error * otherwise and returns the error code. */ int drop_privileges (gchar * username, GError ** error) { struct passwd *user_pw = NULL; g_return_val_if_fail (*error == NULL, OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET); if (username == NULL) username = "nobody"; if (geteuid () == 0) { if ((user_pw = getpwnam (username))) { if (initgroups (username, user_pw->pw_gid) != 0) return drop_privileges_error (error, OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY, "Failed to drop supplementary groups privileges!\n"); if (setgid (user_pw->pw_gid) != 0) return drop_privileges_error (error, OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID, "Failed to drop group privileges!\n"); if (setuid (user_pw->pw_uid) != 0) return drop_privileges_error (error, OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID, "Failed to drop user privileges!\n"); } else { g_set_error (error, OPENVAS_DROP_PRIVILEGES, OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER, "Failed to get gid and uid for user %s.", username); return OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER; } return OPENVAS_DROP_PRIVILEGES_OK; } else { return drop_privileges_error (error, OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT, "Only root can drop its privileges."); } } gvm-libs-9.0.3/base/drop_privileges.h000066400000000000000000000033011334154151000175150ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Privilege dropping header file. * * Authors: * Felix Wolfsteller * based on work by Michael Wiegand * * Copyright: * Copyright (C) 2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef _OPENVAS_LIBRARIES_BASE_DROP_PRIVILEGES_H #define _OPENVAS_LIBRARIES_BASE_DROP_PRIVILEGES_H #include /** * @brief The GQuark for privilege dropping errors. */ #define OPENVAS_DROP_PRIVILEGES g_quark_from_static_string ("openvas-drop-privileges-error-quark") /* Definitions of the return codes. */ #define OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 #define OPENVAS_DROP_PRIVILEGES_OK 0 #define OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 #define OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 #define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID 3 #define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID 4 #define OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 int drop_privileges (gchar * username, GError ** error); #endif gvm-libs-9.0.3/base/gpgme_util.c000066400000000000000000000200311334154151000164460ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: GPGME utilities. * * Authors: * Bernhard Herzog * Werner Koch * * Copyright: * Copyright (C) 2009,2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file gpgme_util.c * @brief GPGME utilities. */ #include #include #include #include #include /* for LC_CTYPE */ #include /* for F_OK */ #include /* for mkdir */ #include /* for ENOENT */ #include "gpgme_util.h" #undef G_LOG_DOMAIN /** * @brief GLib log domain. */ #define G_LOG_DOMAIN "base gpgme" static char *gpghome = NULL; /** * @brief Log function with extra gpg-error style output * * If @ref err is not 0, the appropriate error string is appended to * the output. It takes care to only add the error source string if * it makes sense. * * TODO: Make this a global function. There is already a copy in the * manager * * @param level The GLib style log level * @param err An gpg-error value or 0 * @param fmt The printf style format string, followed by its * arguments. * */ static void log_gpgme (GLogLevelFlags level, gpg_error_t err, const char *fmt, ...) { va_list arg_ptr; char *msg; va_start (arg_ptr, fmt); msg = g_strdup_vprintf (fmt, arg_ptr); va_end (arg_ptr); if (err && gpg_err_source (err) != GPG_ERR_SOURCE_ANY && gpg_err_source (err)) g_log (G_LOG_DOMAIN, level, "%s: %s <%s>", msg, gpg_strerror (err), gpg_strsource (err)); else if (err) g_log (G_LOG_DOMAIN, level, "%s: %s", msg, gpg_strerror (err)); else g_log (G_LOG_DOMAIN, level, "%s", msg); g_free (msg); } /** * @brief Returns a new gpgme context. * * Inits a gpgme context with the custom gpg directory, protocol * version etc. Returns the context or NULL if an error occurred. * This function also does an gpgme initialization the first time it * is called. * * @param dir Directory to use for gpg * * @return The gpgme_ctx_t to the context or NULL if an error occurred. */ gpgme_ctx_t openvas_init_gpgme_ctx_from_dir (const gchar *dir) { static int initialized; gpgme_error_t err; gpgme_ctx_t ctx; /* Initialize GPGME the first time we are called. This is a failsafe mode; it would be better to initialize GPGME early at process startup instead of this on-the-fly method; however in this non-threaded system; this is an easier way for a library. We allow to initialize until a valid gpgme or a gpg backend has been found. */ if (!initialized) { gpgme_engine_info_t info; if (!gpgme_check_version (NULL)) { g_critical ("gpgme library could not be initialized."); return NULL; } gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL)); # ifdef LC_MESSAGES gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL)); # endif #ifndef NDEBUG g_message ("Setting GnuPG dir to '%s'", dir); #endif err = 0; if (access (dir, F_OK)) { err = gpg_error_from_syserror (); if (errno == ENOENT) /* directory does not exists. try to create it */ if (mkdir (dir, 0700) == 0) { #ifndef NDEBUG g_message ("Created GnuPG dir '%s'", dir); #endif err = 0; } } if (!err) err = gpgme_set_engine_info (GPGME_PROTOCOL_OpenPGP, NULL, dir); if (err) { log_gpgme (G_LOG_LEVEL_WARNING, err, "Setting GnuPG dir failed"); return NULL; } /* Show the OpenPGP engine version. */ if (!gpgme_get_engine_info (&info)) { while (info && info->protocol != GPGME_PROTOCOL_OpenPGP) info = info->next; } else info = NULL; #ifndef NDEBUG g_message ("Using OpenPGP engine version '%s'", info && info->version? info->version: "[?]"); #endif /* Everything is fine. */ initialized = 1; } /* Allocate the context. */ ctx = NULL; err = gpgme_new (&ctx); if (err) log_gpgme (G_LOG_LEVEL_WARNING, err, "Creating GPGME context failed"); return ctx; } /** * @brief Return the name of the writable GnuPG home directory * * Returns the name of the GnuPG home directory to use when checking * GnuPG signatures. The return value is the value of the environment * variable OPENVAS_GPGHOME if it is set. Otherwise it is the * directory openvas/gnupg under the statedir that was set by * configure (usually $prefix/var/lib/openvas/gnupg). The return * value must be released with g_free. * * @param subdir Directory to use in OPENVAS_STATE_DIR for gpghome, if * environment OPENVAS_GPGHOME is not set. * * @return Custom name of the GnuPG home directory for general use. */ static char * determine_gpghome (const gchar *subdir) { char *envdir = getenv ("OPENVAS_GPGHOME"); if (envdir) return g_strdup (envdir); if (subdir) return g_build_filename (OPENVAS_STATE_DIR, subdir, "gnupg", NULL); return g_build_filename (OPENVAS_STATE_DIR, "gnupg", NULL); } /** * @brief Returns a new gpgme context. * * Inits a gpgme context with the custom gpghome directory, protocol * version etc. Returns the context or NULL if an error occurred. * This function also does an gpgme initialization the first time it * is called. It is advisable to call this function as early as * possible to notice a bad installation (e.g. an too old gpg version). * * @param subdir Directory to use in OPENVAS_STATE_DIR for gpghome, if * environment OPENVAS_GPGHOME is not set. * * @return The gpgme_ctx_t to the context or NULL if an error occurred. */ gpgme_ctx_t openvas_init_gpgme_ctx (const gchar *subdir) { char *path; gpgme_ctx_t ctx; path = determine_gpghome (subdir); ctx = openvas_init_gpgme_ctx_from_dir (path); g_free (path); return ctx; } void set_gpghome (const char *path) { gpghome = g_strdup (path); } /** * @brief Return the name of the sysconf GnuPG home directory * * Returns the name of the GnuPG home directory to use when checking * signatures. It is the directory openvas/gnupg under the sysconfdir * that was set by configure (usually $prefix/etc). * * @return Static name of the Sysconf GnuPG home directory. */ static char * get_sysconf_gpghome (void) { char *envdir = NULL; envdir = getenv ("OPENVAS_GPGHOME"); if (gpghome) return g_strdup (gpghome); else if (envdir) return g_strdup (envdir); else return g_build_filename (OPENVAS_SYSCONF_DIR, "gnupg", NULL); } /** * @brief Returns a new gpgme context using the sycconf directory. * * Inits a gpgme context with the systeconf gpghome directory, * protocol version etc. Returns the context or NULL if an error * occurred. This function also does an gpgme initialization the * first time it is called. It is advisable to call this function (or * openvas_init_gpgme_ctx) as early as possible to notice a bad * installation (e.g. an too old gpg version). * * @return The gpgme_ctx_t to the context or NULL if an error occurred. */ gpgme_ctx_t openvas_init_gpgme_sysconf_ctx (void) { gpgme_ctx_t ctx; char *path; path = get_sysconf_gpghome (); ctx = openvas_init_gpgme_ctx_from_dir (path); g_free (path); return ctx; } gvm-libs-9.0.3/base/gpgme_util.h000066400000000000000000000024751334154151000164670ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Definitions for GPGME utilities. * * Authors: * Werner Koch * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file gpgme_util.h * @brief Protos and data structures for GPGME utilities. * * This file contains the protos for \ref gpgme_util.c */ #ifndef _OPENVAS_LIBRARIES_GPGME_UTIL_H #define _OPENVAS_LIBRARIES_GPGME_UTIL_H #include gpgme_ctx_t openvas_init_gpgme_ctx (const gchar *); gpgme_ctx_t openvas_init_gpgme_sysconf_ctx (void); void set_gpghome (const char *); #endif /*_OPENVAS_LIBRARIES_GPGME_UTIL_H*/ gvm-libs-9.0.3/base/kb.h000066400000000000000000000276511334154151000147320ustar00rootroot00000000000000/* OpenVAS Libraries * * Authors: * Henri Doreau * * Copyright: * Copyright (C) 2014 - Greenbone Networks GmbH. * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Knowledge base management API - Redis backend. */ #ifndef OPENVAS_KB_H #define OPENVAS_KB_H #include #include "../base/nvti.h" /* for nvti_t */ /** * @brief Default KB location. * * TODO This should eventually be expressed as an URI when/if multiple KB * backends are supported (e.g.: redis:///tmp/redis.sock). */ #define KB_PATH_DEFAULT "/tmp/redis.sock" /** * @brief Possible type of a kb_item. */ enum kb_item_type { KB_TYPE_UNSPEC, /**< Ignore the value (name/presence test). */ KB_TYPE_INT, /**< The kb_items v should then be interpreted as int. */ KB_TYPE_STR, /**< The kb_items v should then be interpreted as char*. */ /* -- */ KB_TYPE_CNT, }; /** * @brief Possible positions of nvt values in cache list. */ enum kb_nvt_pos { NVT_FILENAME_POS, NVT_REQUIRED_KEYS_POS, NVT_MANDATORY_KEYS_POS, NVT_EXCLUDED_KEYS_POS, NVT_REQUIRED_UDP_PORTS_POS, NVT_REQUIRED_PORTS_POS, NVT_DEPENDENCIES_POS, NVT_TAGS_POS, NVT_CVES_POS, NVT_BIDS_POS, NVT_XREFS_POS, NVT_CATEGORY_POS, NVT_TIMEOUT_POS, NVT_FAMILY_POS, NVT_COPYRIGHT_POS, NVT_NAME_POS, NVT_VERSION_POS, }; /** * @brief Knowledge base item (defined by name, type (int/char*) and value). * Implemented as a singly linked list */ struct kb_item { enum kb_item_type type; /**< One of KB_TYPE_INT or KB_TYPE_STR. */ union { char *v_str; int v_int; }; /**< Value of this knowledge base item. */ struct kb_item *next; /**< Next item in list. */ size_t namelen; /**< Name length (including final NULL byte). */ char name[0]; /**< Name of this knowledge base item. */ }; struct kb_operations; /** * @brief Top-level KB. This is to be inherited by KB implementations. */ struct kb { const struct kb_operations *kb_ops; /**< KB vtable. */ }; /** * @brief type abstraction to hide KB internals. */ typedef struct kb *kb_t; /** * @brief KB interface. Functions provided by an implementation. All functions * have to be provided, there is no default/fallback. These functions * should be called via the corresponding static inline wrappers below. * See the wrappers for the documentation. */ struct kb_operations { /* ctor/dtor */ int (*kb_new) (kb_t *, const char *); int (*kb_delete) (kb_t); kb_t (*kb_find) (const char *, const char *); /* Actual kb operations */ struct kb_item *(*kb_get_single) (kb_t, const char *, enum kb_item_type); char *(*kb_get_str) (kb_t, const char *); int (*kb_get_int) (kb_t, const char *); char *(*kb_get_nvt) (kb_t, const char *, enum kb_nvt_pos); struct kb_item * (*kb_get_all) (kb_t, const char *); struct kb_item * (*kb_get_pattern) (kb_t, const char *); size_t (*kb_count) (kb_t, const char *); int (*kb_add_str) (kb_t, const char *, const char *); int (*kb_set_str) (kb_t, const char *, const char *); int (*kb_add_int) (kb_t, const char *, int); int (*kb_set_int) (kb_t, const char *, int); int (*kb_add_nvt) (kb_t, const nvti_t *, const char *); int (*kb_del_items) (kb_t, const char *); /* Utils */ int (*kb_lnk_reset) (kb_t); int (*kb_flush) (kb_t, const char *); }; /** * @brief Default KB operations. * No selection mechanism is provided yet since there's only one * implementation (redis-based). */ extern const struct kb_operations *KBDefaultOperations; /** * @brief Release a KB item (or a list). */ void kb_item_free (struct kb_item *); /** * @brief Initialize a new Knowledge Base object. * @param[in] kb Reference to a kb_t to initialize. * @return 0 on success, non-null on error. */ static inline int kb_new (kb_t *kb, const char *kb_path) { assert (kb); assert (KBDefaultOperations); assert (KBDefaultOperations->kb_new); *kb = NULL; return KBDefaultOperations->kb_new (kb, kb_path); } /** * @brief Find an existing Knowledge Base object with key. * @param[in] kb_path Path to KB. * @param[in] key Marker key to search for in KB objects. * @return Knowledge Base object, NULL otherwise. */ static inline kb_t kb_find (const char *kb_path, const char *key) { assert (KBDefaultOperations); assert (KBDefaultOperations->kb_find); return KBDefaultOperations->kb_find (kb_path, key); } /** * @brief Insert a new nvt. * @param[in] kb KB handle where to store the nvt. * @param[in] nvt nvt to store. * @param[in] filename Path to nvt to store. * @return 0 on success, non-null on error. */ static inline int kb_nvt_add (kb_t kb, const nvti_t *nvt, const char *filename) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_add_nvt); return kb->kb_ops->kb_add_nvt (kb, nvt, filename); } /** * @brief Get field of a NVT. * @param[in] kb KB handle where to store the nvt. * @param[in] oid OID of NVT to get from. * @param[in] field Name of field to get. * @return Value of field, NULL otherwise. */ static inline char * kb_nvt_get (kb_t kb, const char *oid, enum kb_nvt_pos position) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_add_nvt); return kb->kb_ops->kb_get_nvt (kb, oid, position); } /** * @brief Delete all entries and release ownership on the namespace. * @param[in] kb KB handle to release. * @return 0 on success, non-null on error. */ static inline int kb_delete (kb_t kb) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_delete); return kb->kb_ops->kb_delete (kb); } /** * @brief Get a single KB element. * @param[in] kb KB handle where to fetch the item. * @param[in] name Name of the element to retrieve. * @param[in] type Desired element type. * @return A struct kb_item to be freed with kb_item_free() or NULL if no * element was found or on error. */ static inline struct kb_item * kb_item_get_single (kb_t kb, const char *name, enum kb_item_type type) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_get_single); return kb->kb_ops->kb_get_single (kb, name, type); } /** * @brief Get a single KB string item. * @param[in] kb KB handle where to fetch the item. * @param[in] name Name of the element to retrieve. * @return A struct kb_item to be freed with kb_item_free() or NULL if no * element was found or on error. */ static inline char * kb_item_get_str (kb_t kb, const char *name) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_get_str); return kb->kb_ops->kb_get_str (kb, name); } /** * @brief Get a single KB integer item. * @param[in] kb KB handle where to fetch the item. * @param[in] name Name of the element to retrieve. * @return A struct kb_item to be freed with kb_item_free() or NULL if no * element was found or on error. */ static inline int kb_item_get_int (kb_t kb, const char *name) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_get_int); return kb->kb_ops->kb_get_int (kb, name); } /** * @brief Get all items stored under a given name. * @param[in] kb KB handle where to fetch the items. * @param[in] name Name of the elements to retrieve. * @return Linked struct kb_item instances to be freed with kb_item_free() or * NULL if no element was found or on error. */ static inline struct kb_item * kb_item_get_all (kb_t kb, const char *name) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_get_all); return kb->kb_ops->kb_get_all (kb, name); } /** * @brief Get all items stored under a given pattern. * @param[in] kb KB handle where to fetch the items. * @param[in] pattern '*' pattern of the elements to retrieve. * @return Linked struct kb_item instances to be freed with kb_item_free() or * NULL if no element was found or on error. */ static inline struct kb_item * kb_item_get_pattern (kb_t kb, const char *pattern) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_get_pattern); return kb->kb_ops->kb_get_pattern (kb, pattern); } /** * @brief Count all items stored under a given pattern. * * @param[in] kb KB handle where to count the items. * @param[in] pattern '*' pattern of the elements to count. * * @return Count of items. */ static inline size_t kb_item_count (kb_t kb, const char *pattern) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_count); return kb->kb_ops->kb_count (kb, pattern); } /** * @brief Insert (append) a new entry under a given name. * @param[in] kb KB handle where to store the item. * @param[in] name Item name. * @param[in] str Item value. * @return 0 on success, non-null on error. */ static inline int kb_item_add_str (kb_t kb, const char *name, const char *str) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_add_str); return kb->kb_ops->kb_add_str (kb, name, str); } /** * @brief Set (replace) a new entry under a given name. * @param[in] kb KB handle where to store the item. * @param[in] name Item name. * @param[in] str Item value. * @return 0 on success, non-null on error. */ static inline int kb_item_set_str (kb_t kb, const char *name, const char *str) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_set_str); return kb->kb_ops->kb_set_str (kb, name, str); } /** * @brief Insert (append) a new entry under a given name. * @param[in] kb KB handle where to store the item. * @param[in] name Item name. * @param[in] val Item value. * @return 0 on success, non-null on error. */ static inline int kb_item_add_int (kb_t kb, const char *name, int val) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_add_int); return kb->kb_ops->kb_add_int (kb, name, val); } /** * @brief Set (replace) a new entry under a given name. * @param[in] kb KB handle where to store the item. * @param[in] name Item name. * @param[in] val Item value. * @return 0 on success, non-null on error. */ static inline int kb_item_set_int (kb_t kb, const char *name, int val) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_set_int); return kb->kb_ops->kb_set_int (kb, name, val); } /** * @brief Delete all entries under a given name. * @param[in] kb KB handle where to store the item. * @param[in] name Item name. * @return 0 on success, non-null on error. */ static inline int kb_del_items (kb_t kb, const char *name) { assert (kb); assert (kb->kb_ops); assert (kb->kb_ops->kb_del_items); return kb->kb_ops->kb_del_items (kb, name); } /** * @brief Reset connection to the KB. This is called after each fork() to make * sure connections aren't shared between concurrent processes. * @param[in] kb KB handle. * @return 0 on success, non-null on error. */ static inline int kb_lnk_reset (kb_t kb) { int rc = 0; assert (kb); assert (kb->kb_ops); if (kb->kb_ops->kb_lnk_reset != NULL) rc = kb->kb_ops->kb_lnk_reset (kb); return rc; } /** * @brief Flush all the KB's content. Delete all namespaces. * @param[in] kb KB handle. * @param[in] except Don't flush DB with except key. * @return 0 on success, non-null on error. */ static inline int kb_flush (kb_t kb, const char *except) { int rc = 0; assert (kb); assert (kb->kb_ops); if (kb->kb_ops->kb_flush != NULL) rc = kb->kb_ops->kb_flush (kb, except); return rc; } #endif gvm-libs-9.0.3/base/kb_redis.c000066400000000000000000000614451334154151000161120ustar00rootroot00000000000000/* OpenVAS Libraries * * Authors: * Henri Doreau * * Copyright: * Copyright (C) 2014 - Greenbone Networks GmbH. * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Knowledge base management API - Redis backend. */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include "kb.h" #undef G_LOG_DOMAIN #define G_LOG_DOMAIN "lib kb_redis" /** * @file kb_redis.c * * @brief Contains specialized structures and functions to use redis as a KB * server. */ /** * @brief Name of the namespace usage bitmap in redis. */ #define GLOBAL_DBINDEX_NAME "OpenVAS.__GlobalDBIndex" /** * @brief Number of seconds to wait for between two attempts to acquire a KB * namespace. */ #define KB_RETRY_DELAY 60 static const struct kb_operations KBRedisOperations; /** * @brief Subclass of struct kb, it contains the redis-specific fields, such as * the redis context, current DB (namespace) id and the server socket * path. */ struct kb_redis { struct kb kb; /**< Parent KB handle. */ unsigned int max_db; /**< Max # of databases. */ unsigned int db; /**< Namespace ID number, 0 if uninitialized. */ redisContext *rctx; /**< Redis client context. */ char path[0]; /**< Path to the server socket. */ }; #define redis_kb(__kb) ((struct kb_redis *)(__kb)) /** * @brief Redis transaction handle. */ struct redis_tx { struct kb_redis *kbr; /**< Redis KB handle. */ bool valid; /**< Whether the transaction is still valid. */ }; static int redis_delete_all (struct kb_redis *); static int redis_lnk_reset (kb_t); static int redis_flush_all (kb_t, const char *); static redisReply *redis_cmd (struct kb_redis *kbr, const char *fmt, ...) __attribute__((__format__(__printf__, 2, 3))); /** * Attempt to atomically acquire ownership of a database. */ static int try_database_index (struct kb_redis *kbr, int index) { redisContext *ctx = kbr->rctx; redisReply *rep; int rc = 0; rep = redisCommand (ctx, "HSETNX %s %d 1", GLOBAL_DBINDEX_NAME, index); if (rep == NULL) return -ENOMEM; if (rep->type != REDIS_REPLY_INTEGER) rc = -EPROTO; else if (rep->integer == 0) rc = -EALREADY; else kbr->db = index; freeReplyObject (rep); return rc; } /* Redis 2.4.* compatibility mode. * * Before 2.6.* redis won't tell its clients how many databases have been * configured. We can find it empirically by attempting to select a given * DB and seeing whether we get an error or not. */ #define MAX_DB_INDEX__24 1000 static int fetch_max_db_index_compat (struct kb_redis *kbr) { redisContext *ctx = kbr->rctx; redisReply *rep; int min, max; int rc = 0; min = 1; max = MAX_DB_INDEX__24; while (min < max) { int current; current = min + ((max - min) / 2); rep = redisCommand (ctx, "SELECT %d", current); if (rep == NULL) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: redis command failed with '%s'", __func__, ctx->errstr); return -1; } switch (rep->type) { case REDIS_REPLY_ERROR: max = current; break; case REDIS_REPLY_STATUS: min = current + 1; break; default: g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: unexpected reply of type %d", __func__, rep->type); freeReplyObject (rep); return -1; } freeReplyObject (rep); } kbr->max_db = min; /* Go back to DB #0 */ rep = redisCommand (ctx, "SELECT 0"); if (rep == NULL) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: DB selection failed with '%s'", __func__, ctx->errstr); rc = -1; } if (rep) freeReplyObject (rep); return rc; } static int fetch_max_db_index (struct kb_redis *kbr) { int rc = 0; redisContext *ctx = kbr->rctx; redisReply *rep = NULL; rep = redisCommand (ctx, "CONFIG GET databases"); if (rep == NULL) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: redis command failed with '%s'", __func__, ctx->errstr); rc = -1; goto err_cleanup; } if (rep->type != REDIS_REPLY_ARRAY) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: cannot retrieve max DB number: %s", __func__, rep->str); rc = -1; goto err_cleanup; } if (rep->elements == 0) { /* Redis 2.4 compatibility mode. Suboptimal... */ rc = fetch_max_db_index_compat (kbr); } else if (rep->elements == 2) { kbr->max_db = (unsigned)atoi(rep->element[1]->str); } else { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: unexpected reply length (%zd)", __func__, rep->elements); rc = -1; goto err_cleanup; } g_debug ("%s: maximum DB number: %u", __func__, kbr->max_db); err_cleanup: if (rep != NULL) freeReplyObject (rep); return rc; } /** * WARNING: do not call redis_cmd in here, since our context is not fully * acquired yet! */ static int select_database (struct kb_redis *kbr) { int rc; redisContext *ctx = kbr->rctx; redisReply *rep = NULL; if (kbr->db == 0) { unsigned i; if (kbr->max_db == 0) fetch_max_db_index (kbr); for (i = 1; i < kbr->max_db; i++) { rc = try_database_index (kbr, i); if (rc == 0) break; } } /* No DB available, give up. */ if (kbr->db == 0) { rc = -1; goto err_cleanup; } rep = redisCommand (ctx, "SELECT %u", kbr->db); if (rep == NULL || rep->type != REDIS_REPLY_STATUS) { rc = -1; goto err_cleanup; } rc = 0; err_cleanup: if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_release_db (struct kb_redis *kbr) { int rc; redisContext *ctx = kbr->rctx; redisReply *rep; if (ctx == NULL) return -EINVAL; rep = redisCommand (ctx, "SELECT 0"); /* Management database*/ if (rep == NULL || rep->type != REDIS_REPLY_STATUS) { rc = -1; goto err_cleanup; } freeReplyObject (rep); rep = redisCommand (ctx, "HDEL %s %d", GLOBAL_DBINDEX_NAME, kbr->db); if (rep == NULL || rep->type != REDIS_REPLY_INTEGER) { rc = -1; goto err_cleanup; } rc = 0; err_cleanup: if (rep != NULL) freeReplyObject (rep); return rc; } static redisContext * get_redis_ctx (struct kb_redis *kbr) { int rc; if (kbr->rctx != NULL) return kbr->rctx; do { kbr->rctx = redisConnectUnix (kbr->path); if (kbr->rctx == NULL || kbr->rctx->err) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: redis connection error: %s", __func__, kbr->rctx ? kbr->rctx->errstr : strerror (ENOMEM)); redisFree (kbr->rctx); kbr->rctx = NULL; return NULL; } rc = select_database (kbr); if (rc) { g_debug ("%s: No redis DB available, retrying in %ds...", __func__, KB_RETRY_DELAY); sleep (KB_RETRY_DELAY); redisFree (kbr->rctx); kbr->rctx = NULL; } } while (rc != 0); g_debug ("%s: connected to redis://%s/%d", __func__, kbr->path, kbr->db); return kbr->rctx; } static int redis_test_connection (struct kb_redis *kbr) { int rc = 0; redisReply *rep; rep = redis_cmd (kbr, "PING"); if (rep == NULL) { /* not 100% relevant but hiredis doesn't provide us with proper error * codes. */ rc = -ECONNREFUSED; goto out; } if (rep->type != REDIS_REPLY_STATUS) { rc = -EINVAL; goto out; } if (g_ascii_strcasecmp (rep->str, "PONG")) { rc = -EPROTO; goto out; } out: if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_delete (kb_t kb) { struct kb_redis *kbr; kbr = redis_kb (kb); redis_delete_all (kbr); redis_release_db (kbr); if (kbr->rctx != NULL) { redisFree (kbr->rctx); kbr->rctx = NULL; } g_free (kb); return 0; } static int redis_new (kb_t *kb, const char *kb_path) { struct kb_redis *kbr; int rc = 0; kbr = g_malloc0 (sizeof (struct kb_redis) + strlen (kb_path) + 1); kbr->kb.kb_ops = &KBRedisOperations; strcpy (kbr->path, kb_path); rc = redis_test_connection (kbr); if (rc) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: cannot access redis at '%s'", __func__, kb_path); redis_delete ((kb_t)kbr); kbr = NULL; } *kb = (kb_t)kbr; return rc; } static kb_t redis_find (const char *kb_path, const char *key) { struct kb_redis *kbr; unsigned int i = 1; redisReply *rep; kbr = g_malloc0 (sizeof (struct kb_redis) + strlen (kb_path) + 1); kbr->kb.kb_ops = &KBRedisOperations; strncpy (kbr->path, kb_path, strlen (kb_path)); do { kbr->rctx = redisConnectUnix (kbr->path); if (kbr->rctx == NULL || kbr->rctx->err) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: redis connection error: %s", __func__, kbr->rctx ? kbr->rctx->errstr : strerror (ENOMEM)); redisFree (kbr->rctx); g_free (kbr); return NULL; } kbr->db = i; rep = redisCommand (kbr->rctx, "HEXISTS %s %d", GLOBAL_DBINDEX_NAME, i); if (rep == NULL || rep->type != REDIS_REPLY_INTEGER || rep->integer != 1) { if (rep != NULL) freeReplyObject (rep); i++; continue; } freeReplyObject (rep); rep = redisCommand (kbr->rctx, "SELECT %u", i); if (rep == NULL || rep->type != REDIS_REPLY_STATUS) { sleep (KB_RETRY_DELAY); kbr->rctx = NULL; } else { freeReplyObject (rep); if (key && kb_item_get_int (&kbr->kb, key) > 0) return (kb_t) kbr; } redisFree (kbr->rctx); i++; } while (i < kbr->max_db); return NULL; } void kb_item_free (struct kb_item *item) { while (item != NULL) { struct kb_item *next; next = item->next; if (item->type == KB_TYPE_STR && item->v_str != NULL) g_free (item->v_str); g_free (item); item = next; } } static int redis_transaction_new (struct kb_redis *kbr, struct redis_tx *rtx) { int rc = 0; redisContext *ctx; redisReply *rep = NULL; rtx->kbr = kbr; rtx->valid = false; /* That is the quick, dirty & easy way to guarantee a fresh connection */ redis_lnk_reset ((kb_t)kbr); ctx = get_redis_ctx (kbr); if (ctx == NULL) return -1; rep = redisCommand (ctx, "MULTI"); if (rep == NULL || rep->type != REDIS_REPLY_STATUS) { rc = -1; goto err_cleanup; } rtx->valid = true; err_cleanup: if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_transaction_cmd (struct redis_tx *rtx, const char *fmt, ...) { int rc = 0; va_list ap; redisReply *rep; if (!rtx->valid) return -1; va_start (ap, fmt); rep = redisvCommand (rtx->kbr->rctx, fmt, ap); if (rep == NULL || rep->type != REDIS_REPLY_STATUS) { rc = -1; goto err_cleanup; } err_cleanup: va_end (ap); if (rc) rtx->valid = false; if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_transaction_end (struct redis_tx *rtx, redisReply **rep) { int rc; redisReply *preply; preply = NULL; if (!rtx->valid) return -1; preply = redisCommand (rtx->kbr->rctx, "EXEC"); if (preply == NULL || preply->type == REDIS_REPLY_ERROR) { rc = -1; goto err_cleanup; } *rep = preply; rc = 0; err_cleanup: if (rc) { freeReplyObject (preply); *rep = NULL; } memset (rtx, 0, sizeof (struct redis_tx)); return rc; } static struct kb_item * redis2kbitem_single (const char *name, const redisReply *elt, int force_int) { struct kb_item *item; size_t namelen; if (elt->type != REDIS_REPLY_STRING && elt->type != REDIS_REPLY_INTEGER) return NULL; namelen = strlen (name) + 1; item = g_malloc0 (sizeof (struct kb_item) + namelen); if (elt->type == REDIS_REPLY_INTEGER) { item->type = KB_TYPE_INT; item->v_int = elt->integer; } else if (force_int) { item->type = KB_TYPE_INT; item->v_int = atoi (elt->str); } else { item->type = KB_TYPE_STR; item->v_str = g_strdup (elt->str); } item->next = NULL; item->namelen = namelen; strcpy (item->name, name); return item; } static struct kb_item * redis2kbitem (const char *name, const redisReply *rep) { struct kb_item *kbi; kbi = NULL; switch (rep->type) { unsigned int i; case REDIS_REPLY_STRING: case REDIS_REPLY_INTEGER: kbi = redis2kbitem_single (name, rep, 0); break; case REDIS_REPLY_ARRAY: for (i = 0; i < rep->elements; i++) { struct kb_item *tmpitem; tmpitem = redis2kbitem_single (name, rep->element[i], 0); if (tmpitem == NULL) break; if (kbi != NULL) { tmpitem->next = kbi; kbi = tmpitem; } else kbi = tmpitem; } break; case REDIS_REPLY_NIL: case REDIS_REPLY_STATUS: case REDIS_REPLY_ERROR: default: break; } return kbi; } static redisReply * redis_cmd (struct kb_redis *kbr, const char *fmt, ...) { redisReply *rep; va_list ap, aq; int retry = 0; va_start (ap, fmt); do { redisContext *ctx; rep = NULL; ctx = get_redis_ctx (kbr); if (ctx == NULL) { va_end (ap); return NULL; } va_copy (aq, ap); rep = redisvCommand (ctx, fmt, aq); va_end (aq); if (ctx->err) { if (rep != NULL) freeReplyObject (rep); redis_lnk_reset ((kb_t)kbr); retry = !retry; } else retry = 0; } while (retry); va_end (ap); return rep; } static struct kb_item * redis_get_single (kb_t kb, const char *name, enum kb_item_type type) { struct kb_item *kbi; struct kb_redis *kbr; redisReply *rep; kbr = redis_kb (kb); kbi = NULL; rep = redis_cmd (kbr, "SRANDMEMBER %s", name); if (rep == NULL || rep->type != REDIS_REPLY_STRING) { kbi = NULL; goto out; } kbi = redis2kbitem_single (name, rep, type == KB_TYPE_INT); out: if (rep != NULL) freeReplyObject (rep); return kbi; } static char * redis_get_str (kb_t kb, const char *name) { struct kb_item *kbi; kbi = redis_get_single (kb, name, KB_TYPE_STR); if (kbi != NULL) { char *res; res = kbi->v_str; kbi->v_str = NULL; kb_item_free (kbi); return res; } return NULL; } static int redis_get_int (kb_t kb, const char *name) { struct kb_item *kbi; kbi = redis_get_single (kb, name, KB_TYPE_INT); if (kbi != NULL) { int res; res = kbi->v_int; kb_item_free (kbi); return res; } return -1; } static char * redis_get_nvt (kb_t kb, const char *oid, enum kb_nvt_pos position) { struct kb_redis *kbr; redisReply *rep; char *res = NULL; kbr = redis_kb (kb); rep = redis_cmd (kbr, "LINDEX nvt:%s %d", oid, position); if (!rep) return NULL; if (rep->type == REDIS_REPLY_INTEGER) res = g_strdup_printf ("%lld", rep->integer); else if (rep->type == REDIS_REPLY_STRING) res = g_strdup (rep->str); freeReplyObject (rep); return res; } static struct kb_item * redis_get_all (kb_t kb, const char *name) { struct kb_redis *kbr; struct kb_item *kbi; redisReply *rep; kbr = redis_kb (kb); rep = redis_cmd (kbr, "SMEMBERS %s", name); if (rep == NULL) return NULL; kbi = redis2kbitem (name, rep); freeReplyObject (rep); return kbi; } static struct kb_item * redis_get_pattern (kb_t kb, const char *pattern) { struct kb_redis *kbr; struct kb_item *kbi; redisReply *rep; unsigned int i; kbr = redis_kb (kb); kbi = NULL; rep = redis_cmd (kbr, "KEYS %s", pattern); if (rep == NULL) return NULL; if (rep->type != REDIS_REPLY_ARRAY) { freeReplyObject (rep); return NULL; } for (i = 0; i < rep->elements; i++) { const char *key; struct kb_item *tmp; redisReply *rep_range; key = rep->element[i]->str; rep_range = redis_cmd (kbr, "SMEMBERS %s", key); if (rep_range == NULL) continue; tmp = redis2kbitem (key, rep_range); if (tmp == NULL) goto next; /* race condition, bah... */ if (kbi != NULL) { struct kb_item *tmp2; tmp2 = tmp; while (tmp->next != NULL) tmp = tmp->next; tmp->next = kbi; kbi = tmp2; } else kbi = tmp; next: if (rep_range != NULL) freeReplyObject (rep_range); } freeReplyObject (rep); return kbi; } static size_t redis_count (kb_t kb, const char *pattern) { struct kb_redis *kbr; redisReply *rep; size_t count; kbr = redis_kb (kb); rep = redis_cmd (kbr, "KEYS %s", pattern); if (rep == NULL) return 0; if (rep->type != REDIS_REPLY_ARRAY) { freeReplyObject (rep); return 0; } count = rep->elements; freeReplyObject (rep); return count; } static int redis_del_items (kb_t kb, const char *name) { struct kb_redis *kbr; redisReply *rep; int rc = 0; kbr = redis_kb (kb); rep = redis_cmd (kbr, "DEL %s", name); if (rep == NULL || rep->type == REDIS_REPLY_ERROR) rc = -1; if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_add_str (kb_t kb, const char *name, const char *str) { struct kb_redis *kbr; redisReply *rep; int rc = 0; kbr = redis_kb (kb); rep = redis_cmd (kbr, "SADD %s %s", name, str); if (rep == NULL || rep->type == REDIS_REPLY_ERROR) rc = -1; if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_set_str (kb_t kb, const char *name, const char *val) { struct kb_redis *kbr; struct redis_tx rtx; redisReply *rep; int rc; kbr = redis_kb (kb); rep = NULL; rc = redis_transaction_new (kbr, &rtx); if (rc) { rc = -1; goto out; } redis_transaction_cmd (&rtx, "DEL %s", name); redis_transaction_cmd (&rtx, "SADD %s %s", name, val); rc = redis_transaction_end (&rtx, &rep); if (rc || rep == NULL || rep->type == REDIS_REPLY_ERROR) { rc = -1; goto out; } out: if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_add_int (kb_t kb, const char *name, int val) { struct kb_redis *kbr; redisReply *rep; int rc = 0; kbr = redis_kb (kb); rep = redis_cmd (kbr, "SADD %s %d", name, val); if (rep == NULL || rep->type == REDIS_REPLY_ERROR) { rc = -1; goto out; } out: if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_set_int (kb_t kb, const char *name, int val) { struct kb_redis *kbr; struct redis_tx rtx; redisReply *rep; int rc; kbr = redis_kb (kb); rep = NULL; rc = redis_transaction_new (kbr, &rtx); if (rc) { rc = -1; goto out; } redis_transaction_cmd (&rtx, "DEL %s", name); redis_transaction_cmd (&rtx, "SADD %s %d", name, val); rc = redis_transaction_end (&rtx, &rep); if (rc || rep == NULL || rep->type == REDIS_REPLY_ERROR) { rc = -1; goto out; } out: if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_add_nvt (kb_t kb, const nvti_t *nvt, const char *filename) { struct kb_redis *kbr; redisReply *rep = NULL; int rc = 0; if (!nvt || !filename) return -1; kbr = redis_kb (kb); rep = redis_cmd (kbr, "RPUSH nvt:%s %s %s %s %s %s %s %s %s %s %s %s %d %d %s %s" " %s %s", nvti_oid (nvt), filename, nvti_required_keys (nvt) ?: "", nvti_mandatory_keys (nvt) ?: "", nvti_excluded_keys (nvt) ?: "", nvti_required_udp_ports (nvt) ?: "", nvti_required_ports (nvt) ?: "", nvti_dependencies (nvt) ?: "", nvti_tag (nvt) ?: "", nvti_cve (nvt) ?: "", nvti_bid (nvt) ?: "", nvti_xref (nvt) ?: "", nvti_category (nvt), nvti_timeout (nvt), nvti_family (nvt), nvti_copyright (nvt), nvti_name (nvt), nvti_version (nvt)); if (rep == NULL || rep->type == REDIS_REPLY_ERROR) rc = -1; if (rep != NULL) freeReplyObject (rep); rep = redis_cmd (kbr, "SADD filename:%s:oid %s", filename, nvti_oid (nvt)); if (rep == NULL || rep->type == REDIS_REPLY_ERROR) rc = -1; if (rep != NULL) freeReplyObject (rep); return rc; } static int redis_lnk_reset (kb_t kb) { struct kb_redis *kbr; kbr = redis_kb (kb); if (kbr->rctx != NULL) { redisFree (kbr->rctx); kbr->rctx = NULL; } return 0; } static int redis_flush_all (kb_t kb, const char *except) { unsigned int i = 1; struct kb_redis *kbr; redisReply *rep; kbr = redis_kb (kb); if (kbr->rctx) redisFree (kbr->rctx); g_debug ("%s: deleting all DBs at %s except %s", __func__, kbr->path, except); do { kbr->rctx = redisConnectUnix (kbr->path); if (kbr->rctx == NULL || kbr->rctx->err) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, "%s: redis connection error: %s", __func__, kbr->rctx ? kbr->rctx->errstr : strerror (ENOMEM)); redisFree (kbr->rctx); kbr->rctx = NULL; return -1; } kbr->db = i; rep = redisCommand (kbr->rctx, "HEXISTS %s %d", GLOBAL_DBINDEX_NAME, i); if (rep == NULL || rep->type != REDIS_REPLY_INTEGER || rep->integer != 1) { freeReplyObject (rep); redisFree (kbr->rctx); i++; continue; } freeReplyObject (rep); rep = redisCommand (kbr->rctx, "SELECT %u", i); if (rep == NULL || rep->type != REDIS_REPLY_STATUS) { freeReplyObject (rep); sleep (KB_RETRY_DELAY); redisFree (kbr->rctx); kbr->rctx = NULL; } else { freeReplyObject (rep); /* Don't remove DB if it has "except" key. */ if (except && kb_item_get_int (kb, except) > 0) { i++; redisFree (kbr->rctx); continue; } redis_delete_all (kbr); redis_release_db (kbr); redisFree (kbr->rctx); } i++; } while (i < kbr->max_db); g_free (kb); return 0; } int redis_delete_all (struct kb_redis *kbr) { int rc; redisReply *rep; struct sigaction new_action, original_action; /* Ignore SIGPIPE, in case of a lost connection. */ new_action.sa_flags = 0; if (sigemptyset (&new_action.sa_mask)) return -1; new_action.sa_handler = SIG_IGN; if (sigaction (SIGPIPE, &new_action, &original_action)) return -1; g_debug ("%s: deleting all elements from KB #%u", __func__, kbr->db); rep = redis_cmd (kbr, "FLUSHDB"); if (rep == NULL || rep->type != REDIS_REPLY_STATUS) { rc = -1; goto err_cleanup; } rc = 0; err_cleanup: if (sigaction (SIGPIPE, &original_action, NULL)) return -1; if (rep != NULL) freeReplyObject (rep); return rc; } static const struct kb_operations KBRedisOperations = { .kb_new = redis_new, .kb_find = redis_find, .kb_delete = redis_delete, .kb_get_single = redis_get_single, .kb_get_str = redis_get_str, .kb_get_int = redis_get_int, .kb_get_nvt = redis_get_nvt, .kb_get_all = redis_get_all, .kb_get_pattern = redis_get_pattern, .kb_count = redis_count, .kb_add_str = redis_add_str, .kb_set_str = redis_set_str, .kb_add_int = redis_add_int, .kb_set_int = redis_set_int, .kb_add_nvt = redis_add_nvt, .kb_del_items = redis_del_items, .kb_lnk_reset = redis_lnk_reset, .kb_flush = redis_flush_all, }; const struct kb_operations *KBDefaultOperations = &KBRedisOperations; gvm-libs-9.0.3/base/nvti.c000066400000000000000000000557501334154151000153120ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Implementation of API to handle NVT Info datasets * * Authors: * Jan-Oliver Wagner * Matthew Mundell * * Copyright: * Copyright (C) 2009,2011 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file nvti.c * @brief Implementation of API to handle NVT Info datasets * * This file contains all methods to handle NVT Information datasets * (nvti_t). * * The module consequently uses glib datatypes and api for memory * management etc. */ #include #include #include #include #include #include "nvti.h" #undef G_LOG_DOMAIN #define G_LOG_DOMAIN "lib nvti" /** * @brief Create a new nvtpref structure filled with the given values. * * @param name The name to be set. A copy will created of this. * * @param type The type to be set. A copy will created of this. * * @param dflt The default to be set. A copy will created of this. * * @return NULL in case the memory could not be allocated. * Else a nvtpref structure which needs to be * released using @ref nvtpref_free . */ nvtpref_t * nvtpref_new (gchar * name, gchar * type, gchar * dflt) { nvtpref_t *np = g_malloc0 (sizeof (nvtpref_t)); if (!np) return NULL; if (name) np->name = g_strdup (name); if (type) np->type = g_strdup (type); if (dflt) np->dflt = g_strdup (dflt); return (np); } /** * @brief Free memory of a nvtpref structure. * * @param np The structure to be freed. */ void nvtpref_free (nvtpref_t * np) { if (!np) return; if (np->name) g_free (np->name); if (np->type) g_free (np->type); if (np->dflt) g_free (np->dflt); g_free (np); } /** * @brief Get the Name of a NVT Preference. * * @param np The NVT Pref structure of which the Name should * be returned. * * @return The name string. Don't free this. */ gchar * nvtpref_name (const nvtpref_t * np) { return (np ? np->name : NULL); } /** * @brief Get the Type of a NVT Preference. * * @param np The NVT Pref structure of which the Type should * be returned. * * @return The type string. Don't free this. */ gchar * nvtpref_type (const nvtpref_t * np) { return (np ? np->type : NULL); } /** * @brief Get the Default of a NVT Preference. * * @param np The NVT Pref structure of which the Default should * be returned. * * @return The default string. Don't free this. */ gchar * nvtpref_default (const nvtpref_t * np) { return (np ? np->dflt : NULL); } /** * @brief Create a new (empty) nvti structure. * * @return NULL in case the memory could not be allocated. * Else an empty nvti structure which needs to be * released using @ref nvti_free . * The whole struct is initalized with 0's. */ nvti_t * nvti_new (void) { return ((nvti_t *) g_malloc0 (sizeof (nvti_t))); } /** * @brief Free memory of a nvti structure. * * @param n The structure to be freed. */ void nvti_free (nvti_t * n) { if (!n) return; if (n->oid) g_free (n->oid); if (n->version) g_free (n->version); if (n->name) g_free (n->name); if (n->copyright) g_free (n->copyright); if (n->cve) g_free (n->cve); if (n->bid) g_free (n->bid); if (n->xref) g_free (n->xref); if (n->tag) g_free (n->tag); if (n->cvss_base) g_free (n->cvss_base); if (n->dependencies) g_free (n->dependencies); if (n->required_keys) g_free (n->required_keys); if (n->mandatory_keys) g_free (n->mandatory_keys); if (n->excluded_keys) g_free (n->excluded_keys); if (n->required_ports) g_free (n->required_ports); if (n->required_udp_ports) g_free (n->required_udp_ports); if (n->family) g_free (n->family); if (n->prefs) { int i, len = g_slist_length (n->prefs); for (i = 0; i < len; i++) nvtpref_free (g_slist_nth_data (n->prefs, i)); g_slist_free (n->prefs); } g_free (n); } /** * @brief Get the OID string. * * @param n The NVT Info structure of which the OID should * be returned. * * @return The OID string. Don't free this. */ gchar * nvti_oid (const nvti_t * n) { return (n ? n->oid : NULL); } /** * @brief Get the version. * * @param n The NVT Info structure of which the OID should * be returned. * * @return The version string. Don't free this. */ gchar * nvti_version (const nvti_t * n) { return (n ? n->version : NULL); } /** * @brief Get the name. * * @param n The NVT Info structure of which the name should * be returned. * * @return The name string. Don't free this. */ gchar * nvti_name (const nvti_t * n) { return (n ? n->name : NULL); } /** * @brief Get the copyright notice. * * @param n The NVT Info structure of which the name should * be returned. * * @return The copyright string. Don't free this. */ gchar * nvti_copyright (const nvti_t * n) { return (n ? n->copyright : NULL); } /** * @brief Get the CVE references. * * @param n The NVT Info structure of which the name should * be returned. * * @return The CVE list as string. Don't free this. */ gchar * nvti_cve (const nvti_t * n) { return (n ? n->cve : NULL); } /** * @brief Get the bid references. * * @param n The NVT Info structure of which the name should * be returned. * * @return The bid list as string. Don't free this. */ gchar * nvti_bid (const nvti_t * n) { return (n ? n->bid : NULL); } /** * @brief Get the xref's. * * @param n The NVT Info structure of which the name should * be returned. * * @return The xref string. Don't free this. */ gchar * nvti_xref (const nvti_t * n) { return (n ? n->xref : NULL); } /** * @brief Get the tag. * * @param n The NVT Info structure of which the name should * be returned. * * @return The tags string. Don't free this. */ gchar * nvti_tag (const nvti_t * n) { return (n ? n->tag : NULL); } /** * @brief Get the CVSS base. * * @param n The NVT Info structure of which the CVSS base should * be returned. * * @return The cvss_base string. Don't free this. */ gchar * nvti_cvss_base (const nvti_t * n) { return (n ? n->cvss_base : NULL); } /** * @brief Get the dependencies list. * * @param n The NVT Info structure of which the name should * be returned. * * @return The dependencies string. Don't free this. */ gchar * nvti_dependencies (const nvti_t * n) { return (n ? n->dependencies : NULL); } /** * @brief Get the required keys list. * * @param n The NVT Info structure of which the name should * be returned. * * @return The required keys string. Don't free this. */ gchar * nvti_required_keys (const nvti_t * n) { return (n ? n->required_keys : NULL); } /** * @brief Get the mandatory keys list. * * @param n The NVT Info structure of which the name should * be returned. * * @return The mandatory keys string. Don't free this. */ gchar * nvti_mandatory_keys (const nvti_t * n) { return (n ? n->mandatory_keys : NULL); } /** * @brief Get the excluded keys list. * * @param n The NVT Info structure of which the name should * be returned. * * @return The excluded keys string. Don't free this. */ gchar * nvti_excluded_keys (const nvti_t * n) { return (n ? n->excluded_keys : NULL); } /** * @brief Get the required ports list. * * @param n The NVT Info structure of which the name should * be returned. * * @return The required ports string. Don't free this. */ gchar * nvti_required_ports (const nvti_t * n) { return (n ? n->required_ports : NULL); } /** * @brief Get the required udp ports list. * * @param n The NVT Info structure of which the name should * be returned. * * @return The required udp ports string. Don't free this. */ gchar * nvti_required_udp_ports (const nvti_t * n) { return (n ? n->required_udp_ports : NULL); } /** * @brief Get the family name. * * @param n The NVT Info structure of which the name should * be returned. * * @return The family name string. Don't free this. */ gchar * nvti_family (const nvti_t * n) { return (n ? n->family : NULL); } /** * @brief Get the number of preferences of the NVT. * * @param n The NVT Info structure. * * @return The number of preferences. */ guint nvti_pref_len (const nvti_t * n) { return (n ? g_slist_length (n->prefs) : 0); } /** * @brief Get the n'th preferences of the NVT. * * @param n The NVT Info structure. * * @param p The position of the preference to return. * * @return The number of preferences. NULL if */ const nvtpref_t * nvti_pref (const nvti_t * n, guint p) { return (n ? g_slist_nth_data (n->prefs, p) : NULL); } /** * @brief Get the timeout for this NVT. * * @param n The NVT Info structure of which the timeout should * be returned. * * @return The timeout integer number. A value <= 0 indicates it is not set. */ gint nvti_timeout (const nvti_t * n) { return (n ? n->timeout : -1); } /** * @brief Get the category for this NVT. * * @param n The NVT Info structure of which the category should be returned. * * @return The category integer code. A value <= 0 indicates it is not set. */ gint nvti_category (const nvti_t * n) { return (n ? n->category : -1); } /** * @brief Set the OID of a NVT Info. * * @param n The NVT Info structure. * * @param oid The OID to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_oid (nvti_t * n, const gchar * oid) { if (! n) return (-1); if (n->oid) g_free (n->oid); n->oid = g_strdup (oid); return (0); } /** * @brief Set the version of a NVT. * * @param n The NVT Info structure. * * @param version The version to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_version (nvti_t * n, const gchar * version) { if (! n) return (-1); if (n->version) g_free (n->version); n->version = g_strdup (version); return (0); } /** * @brief Set the name of a NVT. * * @param n The NVT Info structure. * * @param name The name to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_name (nvti_t * n, const gchar * name) { if (! n) return (-1); if (n->name) g_free (n->name); n->name = g_strdup (name); return (0); } /** * @brief Set the copyright of a NVT. * * @param n The NVT Info structure. * * @param copyright The copyright to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_copyright (nvti_t * n, const gchar * copyright) { if (! n) return (-1); if (n->copyright) g_free (n->copyright); n->copyright = g_strdup (copyright); return (0); } /** * @brief Set the CVE references of a NVT. * * @param n The NVT Info structure. * * @param cve The cve list to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_cve (nvti_t * n, const gchar * cve) { if (! n) return (-1); if (n->cve) g_free (n->cve); n->cve = g_strdup (cve); return (0); } /** * @brief Set the bid references of a NVT. * * @param n The NVT Info structure. * * @param bid The bid to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_bid (nvti_t * n, const gchar * bid) { if (! n) return (-1); if (n->bid) g_free (n->bid); n->bid = g_strdup (bid); return (0); } /** * @brief Set the xrefs of a NVT. * * @param n The NVT Info structure. * * @param xref The xrefs to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_xref (nvti_t * n, const gchar * xref) { if (! n) return (-1); if (n->xref) g_free (n->xref); if (xref && xref[0]) n->xref = g_strdup (xref); else n->xref = NULL; return (0); } /** * @brief Set the tags of a NVT. * * @param n The NVT Info structure. * * @param tag The tags to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_tag (nvti_t * n, const gchar * tag) { if (! n) return (-1); if (n->tag) g_free (n->tag); if (tag && tag[0]) n->tag = g_strdup (tag); else n->tag = NULL; return (0); } /** * @brief Set the CVSS base of an NVT. * * @param n The NVT Info structure. * * @param cvss_base The CVSS base to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_cvss_base (nvti_t * n, const gchar * cvss_base) { if (! n) return (-1); if (n->cvss_base) g_free (n->cvss_base); if (cvss_base && cvss_base[0]) n->cvss_base = g_strdup (cvss_base); else n->cvss_base = NULL; return (0); } /** * @brief Set the dependencies of a NVT. * * @param n The NVT Info structure. * * @param dependencies The dependencies to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_dependencies (nvti_t * n, const gchar * dependencies) { if (! n) return (-1); if (n->dependencies) g_free (n->dependencies); if (dependencies && dependencies[0]) n->dependencies = g_strdup (dependencies); else n->dependencies = NULL; return (0); } /** * @brief Set the required keys of a NVT. * * @param n The NVT Info structure. * * @param required_keys The required keys to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_required_keys (nvti_t * n, const gchar * required_keys) { if (! n) return (-1); if (n->required_keys) g_free (n->required_keys); if (required_keys && required_keys[0]) n->required_keys = g_strdup (required_keys); else n->required_keys = NULL; return (0); } /** * @brief Set the mandatory keys of a NVT. * * @param n The NVT Info structure. * * @param mandatory_keys The mandatory keys to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_mandatory_keys (nvti_t * n, const gchar * mandatory_keys) { if (! n) return (-1); if (n->mandatory_keys) g_free (n->mandatory_keys); if (mandatory_keys && mandatory_keys[0]) n->mandatory_keys = g_strdup (mandatory_keys); else n->mandatory_keys = NULL; return (0); } /** * @brief Set the excluded keys of a NVT. * * @param n The NVT Info structure. * * @param excluded_keys The excluded keys to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_excluded_keys (nvti_t * n, const gchar * excluded_keys) { if (! n) return (-1); if (n->excluded_keys) g_free (n->excluded_keys); if (excluded_keys && excluded_keys[0]) n->excluded_keys = g_strdup (excluded_keys); else n->excluded_keys = NULL; return (0); } /** * @brief Set the required ports of a NVT. * * @param n The NVT Info structure. * * @param required_ports The required ports to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_required_ports (nvti_t * n, const gchar * required_ports) { if (! n) return (-1); if (n->required_ports) g_free (n->required_ports); if (required_ports && required_ports[0]) n->required_ports = g_strdup (required_ports); else n->required_ports = NULL; return (0); } /** * @brief Set the required udp ports of a NVT. * * @param n The NVT Info structure. * * @param required_udp_ports The required udp ports to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_required_udp_ports (nvti_t * n, const gchar * required_udp_ports) { if (! n) return (-1); if (n->required_udp_ports) g_free (n->required_udp_ports); if (required_udp_ports && required_udp_ports[0]) n->required_udp_ports = g_strdup (required_udp_ports); else n->required_udp_ports = NULL; return (0); } /** * @brief Set the family of a NVT. * * @param n The NVT Info structure. * * @param family The family to set. A copy will be created from this. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_family (nvti_t * n, const gchar * family) { if (! n) return (-1); if (n->family) g_free (n->family); n->family = g_strdup (family); return (0); } /** * @brief Set the timout of a NVT Info. * * @param n The NVT Info structure. * * @param timeout The timeout to set. Values <= 0 will indicate it is not set. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_timeout (nvti_t * n, const gint timeout) { if (! n) return (-1); n->timeout = timeout; return (0); } /** * @brief Set the category type of a NVT Info. * * @param n The NVT Info structure. * * @param category The category to set. Values <= 0 will indicate it is not set. * * @return 0 for success. Anything else indicates an error. */ int nvti_set_category (nvti_t * n, const gint category) { if (! n) return (-1); n->category = category; return (0); } /** * @brief Add a single CVE ID of a NVT. * * @param n The NVT Info structure. * * @param cve_id The CVE ID to add. A copy will be created from this. * * @return 0 for success. 1 if n was NULL, 2 if cve_id was NULL. */ int nvti_add_cve (nvti_t * n, const gchar * cve_id) { gchar * old; if (! n) return (1); if (! cve_id) return (2); old = n->cve; if (old) { n->cve = g_strdup_printf ("%s, %s", old, cve_id); g_free (old); } else n->cve = g_strdup (cve_id); return (0); } /** * @brief Add a single BID ID of a NVT. * * @param n The NVT Info structure. * * @param bid_id The BID ID to add. A copy will be created from this. * * @return 0 for success. 1 if n was NULL. 2 if bid_id was NULL. */ int nvti_add_bid (nvti_t * n, const gchar * bid_id) { gchar * old; if (! n) return (1); if (! bid_id) return (2); old = n->bid; if (old) { n->bid = g_strdup_printf ("%s, %s", old, bid_id); g_free (old); } else n->bid = g_strdup (bid_id); return (0); } /** * @brief Add a required key of a NVT. * * @param n The NVT Info structure. * * @param key The required key to add. A copy will be created from this. * * @return 0 for success. 1 if n was NULL. 2 if key was NULL. */ int nvti_add_required_keys (nvti_t * n, const gchar * key) { gchar * old; if (! n) return (1); if (! key) return (2); old = n->required_keys; if (old) { n->required_keys = g_strdup_printf ("%s, %s", old, key); g_free (old); } else n->required_keys = g_strdup (key); return (0); } /** * @brief Add a mandatory key of a NVT. * * @param n The NVT Info structure. * * @param key The mandatory key to add. A copy will be created from this. * * @return 0 for success. 1 if n was NULL. 2 if key was NULL. */ int nvti_add_mandatory_keys (nvti_t * n, const gchar * key) { gchar * old; if (! n) return (1); if (! key) return (2); old = n->mandatory_keys; if (old) { n->mandatory_keys = g_strdup_printf ("%s, %s", old, key); g_free (old); } else n->mandatory_keys = g_strdup (key); return (0); } /** * @brief Add a excluded key of a NVT. * * @param n The NVT Info structure. * * @param key The excluded key to add. A copy will be created from this. * * @return 0 for success. 1 if n was NULL. 2 if key was NULL. */ int nvti_add_excluded_keys (nvti_t * n, const gchar * key) { gchar * old; if (! n) return (1); if (! key) return (2); old = n->excluded_keys; if (old) { n->excluded_keys = g_strdup_printf ("%s, %s", old, key); g_free (old); } else n->excluded_keys = g_strdup (key); return (0); } /** * @brief Add a required port of a NVT. * * @param n The NVT Info structure. * * @param port The required port to add. A copy will be created from this. * * @return 0 for success. 1 if n was NULL. 2 if port was NULL. */ int nvti_add_required_ports (nvti_t * n, const gchar * port) { gchar * old; if (! n) return (1); if (! port) return (2); old = n->required_ports; if (old) { n->required_ports = g_strdup_printf ("%s, %s", old, port); g_free (old); } else n->required_ports = g_strdup (port); return (0); } /** * @brief Add a required udp port of a NVT. * * @param n The NVT Info structure. * * @param port The required udp port to add. A copy will be created from this. * * @return 0 for success. 1 if n was NULL. 2 if port was NULL. */ int nvti_add_required_udp_ports (nvti_t * n, const gchar * port) { gchar * old; if (! n) return (1); if (! port) return (2); old = n->required_udp_ports; if (old) { n->required_udp_ports = g_strdup_printf ("%s, %s", old, port); g_free (old); } else n->required_udp_ports = g_strdup (port); return (0); } /** * @brief Add a preference to the NVT Info. * * @param n The NVT Info structure. * * @param np The NVT preference to add. * * @return 0 for success. Anything else indicates an error. */ int nvti_add_pref (nvti_t * n, nvtpref_t * np) { if (! n) return (-1); n->prefs = g_slist_append (n->prefs, np); return (0); } /* Collections of nvtis. */ /** * @brief Free an NVT Info, for g_hash_table_destroy. * * @param nvti The NVT Info. */ static void free_nvti_for_hash_table (gpointer nvti) { nvti_free ((nvti_t *) nvti); } /** * @brief Make a collection of NVT Infos. */ nvtis_t * nvtis_new (void) { return g_hash_table_new_full (g_str_hash, g_str_equal, NULL, free_nvti_for_hash_table); } /** * @brief Free a collection of NVT Infos. * * @param nvtis The collection of NVT Infos. */ void nvtis_free (nvtis_t * nvtis) { if (nvtis) g_hash_table_destroy (nvtis); } /** * @brief Add an NVT Info to a collection of NVT Infos. * * @param nvtis The collection of NVT Infos. * @param nvti The NVT Info to add. */ void nvtis_add (nvtis_t * nvtis, nvti_t * nvti) { if (nvti) g_hash_table_insert (nvtis, (gpointer) nvti_oid (nvti), (gpointer) nvti); } /** * @brief Add an NVT Info to a collection of NVT Infos. * * @param nvtis The collection of NVT Infos. * @param oid The OID of the NVT. * * @return The NVT Info, if found, else NULL. */ nvti_t * nvtis_lookup (nvtis_t * nvtis, const char *oid) { return g_hash_table_lookup (nvtis, oid); } gvm-libs-9.0.3/base/nvti.h000066400000000000000000000137071334154151000153130ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: API (structs and protos) for NVT Info datasets * * Authors: * Jan-Oliver Wagner * Matthew Mundell * * Copyright: * Copyright (C) 2009, 2011 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file nvti.h * @brief Protos and data structures for NVT Information data sets. * * This file contains the protos for \ref nvti.c */ #ifndef _NVTI_H #define _NVTI_H #include /** * @brief The structure for a preference of a NVT. * * The elements of this structure should never be accessed directly. * Only the functions corresponding to this module should be used. */ typedef struct nvtpref { gchar *type; ///< Preference type gchar *name; ///< Name of the preference gchar *dflt; ///< Default value of the preference } nvtpref_t; nvtpref_t *nvtpref_new (gchar *, gchar *, gchar *); void nvtpref_free (nvtpref_t *); gchar *nvtpref_name (const nvtpref_t *); gchar *nvtpref_type (const nvtpref_t *); gchar *nvtpref_default (const nvtpref_t *); /** * @brief The structure of a information record that corresponds to a NVT. * * The elements of this structure should never be accessed directly. * Only the functions corresponding to this module should be used. */ typedef struct nvti { gchar *oid; /**< @brief Object ID */ gchar *version; /**< @brief Version of the NVT */ gchar *name; /**< @brief The name */ gchar *copyright; /**< @brief Copyright for the NVT */ gchar *cve; /**< @brief List of CVEs, this NVT corresponds to */ gchar *bid; /**< @brief List of Bugtraq IDs, this NVT corresponds to */ gchar *xref; /**< @brief List of Cross-references, this NVT corresponds to */ gchar *tag; /**< @brief List of tags attached to this NVT */ gchar *cvss_base; /**< @brief CVSS base score for this NVT. */ gchar *dependencies; /**< @brief List of dependencies of this NVT */ gchar *required_keys; /**< @brief List of required KB keys of this NVT */ gchar *mandatory_keys; /**< @brief List of mandatory KB keys of this NVT */ gchar *excluded_keys; /**< @brief List of excluded KB keys of this NVT */ gchar *required_ports; /**< @brief List of required ports of this NVT */ gchar *required_udp_ports;/**< @brief List of required UDP ports of this NVT*/ GSList *prefs; /**< @brief Collection of NVT preferences */ // The following are not settled yet. gint timeout; /**< @brief Default timeout time for this NVT */ gint category; /**< @brief The category, this NVT belongs to */ gchar *family; /**< @brief Family the NVT belongs to */ } nvti_t; nvti_t *nvti_new (void); void nvti_free (nvti_t *); gchar *nvti_oid (const nvti_t *); gchar *nvti_version (const nvti_t *); gchar *nvti_name (const nvti_t *); gchar *nvti_copyright (const nvti_t *); gchar *nvti_cve (const nvti_t *); gchar *nvti_bid (const nvti_t *); gchar *nvti_xref (const nvti_t *); gchar *nvti_tag (const nvti_t *); gchar *nvti_cvss_base (const nvti_t *); gchar *nvti_dependencies (const nvti_t *); gchar *nvti_required_keys (const nvti_t *); gchar *nvti_mandatory_keys (const nvti_t *); gchar *nvti_excluded_keys (const nvti_t *); gchar *nvti_required_ports (const nvti_t *); gchar *nvti_required_udp_ports (const nvti_t *); gint nvti_timeout (const nvti_t *); gint nvti_category (const nvti_t *); gchar *nvti_family (const nvti_t *); guint nvti_pref_len (const nvti_t *); const nvtpref_t *nvti_pref (const nvti_t *, guint); int nvti_set_oid (nvti_t *, const gchar *); int nvti_set_version (nvti_t *, const gchar *); int nvti_set_name (nvti_t *, const gchar *); int nvti_set_copyright (nvti_t *, const gchar *); int nvti_set_cve (nvti_t *, const gchar *); int nvti_set_bid (nvti_t *, const gchar *); int nvti_set_xref (nvti_t *, const gchar *); int nvti_set_tag (nvti_t *, const gchar *); int nvti_set_cvss_base (nvti_t *, const gchar *); int nvti_set_dependencies (nvti_t *, const gchar *); int nvti_set_required_keys (nvti_t *, const gchar *); int nvti_set_mandatory_keys (nvti_t *, const gchar *); int nvti_set_excluded_keys (nvti_t *, const gchar *); int nvti_set_required_ports (nvti_t *, const gchar *); int nvti_set_required_udp_ports (nvti_t *, const gchar *); int nvti_set_timeout (nvti_t *, const gint); int nvti_set_category (nvti_t *, const gint); int nvti_set_family (nvti_t *, const gchar *); int nvti_add_cve (nvti_t *, const gchar *); int nvti_add_bid (nvti_t *, const gchar *); int nvti_add_required_keys (nvti_t *, const gchar *); int nvti_add_mandatory_keys (nvti_t *, const gchar *); int nvti_add_excluded_keys (nvti_t *, const gchar *); int nvti_add_required_ports (nvti_t *, const gchar *); int nvti_add_required_udp_ports (nvti_t *, const gchar *); int nvti_add_pref (nvti_t *, nvtpref_t *); /* Collections of NVT Infos. */ /** * @brief A collection of information records corresponding to NVTs. */ typedef GHashTable nvtis_t; nvtis_t * nvtis_new (void); void nvtis_free (nvtis_t *); void nvtis_add (nvtis_t *, nvti_t *); nvti_t * nvtis_lookup (nvtis_t *, const char *); #endif /* not _NVTI_H */ gvm-libs-9.0.3/base/nvticache.c000066400000000000000000000322111334154151000162610ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Implementation of API to handle NVT Info Cache * * Authors: * Jan-Oliver Wagner * * Copyright: * Copyright (C) 2009 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file nvticache.c * @brief Implementation of API to handle NVT Info Cache * * This file contains all methods to handle NVT Information Cache * (nvticache_t). * * The module consequently uses glib datatypes and api for memory * management etc. */ /* for struct stat */ #include /* for nvticache_t */ #include "nvticache.h" #include "kb.h" #include // for strlen #include #include /* for atoi */ #undef G_LOG_DOMAIN #define G_LOG_DOMAIN "lib nvticache" char *src_path = NULL; /* The directory of the source files. */ kb_t cache_kb = NULL; /** * @brief Return whether the nvt cache is initialized. * * @return 1 if cache is initialized, 0 otherwise. */ int nvticache_initialized (void) { return !!cache_kb; } /** * @brief Initializes the nvti cache. * * @param cache The directory where the cache is to be stored. * @param src The directory that contains the nvt files. * @param kb_path Path to kb socket. */ int nvticache_init (const char *src, const char *kb_path) { assert (src); if (src_path) g_free (src_path); src_path = g_strdup (src); if (cache_kb) kb_lnk_reset (cache_kb); cache_kb = kb_find (kb_path, "nvticache"); if (cache_kb) return 0; if (kb_new (&cache_kb, kb_path) || kb_item_set_int (cache_kb, "nvticache", 1)) return -1; return 0; } /** * @brief Return the nvticache kb. * * @return Cache kb. */ kb_t nvticache_get_kb (void) { assert (cache_kb); return cache_kb; } /** * @brief Check if the nvt for the given filename exists in cache. * * @param filename The name of the original NVT without the path * to the base location of NVTs (e.g. * "scriptname1.nasl" or even * "subdir1/subdir2/scriptname2.nasl" ) * * @return 1 if nvt is in cache and up to date, 0 otherwise. */ int nvticache_check (const gchar *filename) { assert (cache_kb); char pattern[2048], *src_file; time_t timestamp; struct stat src_stat; src_file = g_build_filename (src_path, filename, NULL); g_snprintf (pattern, sizeof (pattern), "filename:%s:timestamp", filename); timestamp = kb_item_get_int (cache_kb, pattern); if (timestamp && src_file && stat (src_file, &src_stat) >= 0 && timestamp > src_stat.st_mtime) { g_free (src_file); return 1; } g_free (src_file); return 0; } /** * @brief Reset connection to KB. To be called after a fork(). */ void nvticache_reset () { if (cache_kb) kb_lnk_reset (cache_kb); } /** * @brief Add a NVT Information to the cache. * * @param nvti The NVT Information to add * * @param filename The name of the original NVT without the path * to the base location of NVTs (e.g. * "scriptname1.nasl" or even * "subdir1/subdir2/scriptname2.nasl" ) * * @return 0 in case of success, anything else indicates an error. */ int nvticache_add (const nvti_t *nvti, const char *filename) { char *oid, *dummy, pattern[4096]; GSList *element; assert (cache_kb); /* Check for duplicate OID. */ oid = nvti_oid (nvti); dummy = nvticache_get_filename (oid); if (dummy && strcmp (filename, dummy)) { struct stat src_stat; char *src_file = g_build_filename (src_path, dummy, NULL); /* If .nasl file was duplicated, not moved. */ if (src_file && stat (src_file, &src_stat) >= 0) g_warning ("NVT %s with duplicate OID %s will be replaced with %s", src_file, oid, filename); g_free (src_file); } if (dummy) nvticache_delete (oid); g_free (dummy); if (kb_nvt_add (cache_kb, nvti, filename)) goto kb_fail; element = nvti->prefs; while (element) { char value[4096]; nvtpref_t *pref = element->data; g_snprintf (pattern, sizeof (pattern), "oid:%s:prefs", oid); g_snprintf (value, sizeof (value), "%s|||%s|||%s", pref->name, pref->type, pref->dflt); if (kb_item_add_str (cache_kb, pattern, value)) goto kb_fail; element = element->next; } g_snprintf (pattern, sizeof (pattern), "filename:%s:timestamp", filename); if (kb_item_set_int (cache_kb, pattern, time (NULL))) goto kb_fail; return 0; kb_fail: return -1; } /** * @brief Get the full source filename of an OID. * * @param oid The OID to look up. * * @return Filename with full path matching OID if found, NULL otherwise. */ char * nvticache_get_src (const char *oid) { char *filename, *src; assert (cache_kb); filename = kb_nvt_get (cache_kb, oid, NVT_FILENAME_POS); if (!filename) return NULL; src = g_build_filename (src_path, filename, NULL); g_free (filename); return src; } /** * @brief Get the OID from a plugin filename. * * @param filename Filename to lookup. * * @return OID matching filename if found, NULL otherwise. */ char * nvticache_get_oid (const char *filename) { char *ret, pattern[2048]; struct kb_item *kbi; assert (cache_kb); g_snprintf (pattern, sizeof (pattern), "filename:%s:oid", filename); ret = kb_item_get_str (cache_kb, pattern); if (ret) return ret; /* NVT filename in subfolder case. */ g_snprintf (pattern, sizeof (pattern), "filename:*/%s:oid", filename); kbi = kb_item_get_pattern (cache_kb, pattern); if (!kbi) return NULL; ret = g_strdup (kbi->v_str); kb_item_free (kbi); return ret; } /** * @brief Get the filename from a plugin OID. * * @param[in] oid OID to match. * * @return Filanem matching OID, NULL otherwise. */ char * nvticache_get_filename (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_FILENAME_POS); } /** * @brief Get the Required Keys from a plugin OID. * * @param[in] oid OID to match. * * @return Required Keys matching OID, NULL otherwise. */ char * nvticache_get_required_keys (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_REQUIRED_KEYS_POS); } /** * @brief Get the Mandatory Keys from a plugin OID. * * @param[in] oid OID to match. * * @return Mandatory Keys matching OID, NULL otherwise. */ char * nvticache_get_mandatory_keys (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_MANDATORY_KEYS_POS); } /** * @brief Get the Excluded Keys from a plugin OID. * * @param[in] oid OID to match. * * @return Excluded Keys matching OID, NULL otherwise. */ char * nvticache_get_excluded_keys (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_EXCLUDED_KEYS_POS); } /** * @brief Get the Required udp ports from a plugin OID. * * @param[in] oid OID to match. * * @return Required udp ports matching OID, NULL otherwise. */ char * nvticache_get_required_udp_ports (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_REQUIRED_UDP_PORTS_POS); } /** * @brief Get the Required ports from a plugin OID. * * @param[in] oid OID to match. * * @return Required ports matching OID, NULL otherwise. */ char * nvticache_get_required_ports (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_REQUIRED_PORTS_POS); } /** * @brief Get the Dependencies from a plugin OID. * * @param[in] oid OID to match. * * @return Dependencies matching OID, NULL otherwise. */ char * nvticache_get_dependencies (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_DEPENDENCIES_POS); } /** * @brief Get the Category from a plugin OID. * * @param[in] oid OID to match. * * @return Category matching OID, -1 otherwise. */ int nvticache_get_category (const char *oid) { int category; char *category_s; assert (cache_kb); category_s = kb_nvt_get (cache_kb, oid, NVT_CATEGORY_POS); category = atoi (category_s); g_free (category_s); return category; } /** * @brief Get the Timeout from a plugin OID. * * @param[in] oid OID to match. * * @return Timeout matching OID, -1 otherwise. */ int nvticache_get_timeout (const char *oid) { int timeout; char *timeout_s; assert (cache_kb); timeout_s = kb_nvt_get (cache_kb, oid, NVT_TIMEOUT_POS); timeout = atoi (timeout_s); g_free (timeout_s); return timeout; } /** * @brief Get the name from a plugin OID. * * @param[in] oid OID to match. * * @return Name matching OID, NULL otherwise. */ char * nvticache_get_name (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_NAME_POS); } /** * @brief Get the version from a plugin OID. * * @param[in] oid OID to match. * * @return Version matching OID, NULL otherwise. */ char * nvticache_get_version (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_VERSION_POS); } /** * @brief Get the copyright from a plugin OID. * * @param[in] oid OID to match. * * @return Copyright matching OID, NULL otherwise. */ char * nvticache_get_copyright (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_COPYRIGHT_POS); } /** * @brief Get the cves from a plugin OID. * * @param[in] oid OID to match. * * @return CVEs matching OID, NULL otherwise. */ char * nvticache_get_cves (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_CVES_POS); } /** * @brief Get the bids from a plugin OID. * * @param[in] oid OID to match. * * @return BIDs matching OID, NULL otherwise. */ char * nvticache_get_bids (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_BIDS_POS); } /** * @brief Get the xrefs from a plugin OID. * * @param[in] oid OID to match. * * @return XREFs matching OID, NULL otherwise. */ char * nvticache_get_xrefs (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_XREFS_POS); } /** * @brief Get the family from a plugin OID. * * @param[in] oid OID to match. * * @return Family matching OID, NULL otherwise. */ char * nvticache_get_family (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_FAMILY_POS); } /** * @brief Get the tags from a plugin OID. * * @param[in] oid OID to match. * * @return Tags matching OID, NULL otherwise. */ char * nvticache_get_tags (const char *oid) { assert (cache_kb); return kb_nvt_get (cache_kb, oid, NVT_TAGS_POS); } /** * @brief Get the prefs from a plugin OID. * * @param[in] oid OID to match. * * @return Prefs matching OID, NULL otherwise. */ GSList * nvticache_get_prefs (const char *oid) { char pattern[4096]; struct kb_item *prefs, *element; GSList *list = NULL; assert (cache_kb); g_snprintf (pattern, sizeof (pattern), "oid:%s:prefs", oid); prefs = element = kb_item_get_all (cache_kb, pattern); while (element) { nvtpref_t *np; char **array = g_strsplit (element->v_str, "|||", -1); assert (array[2]); assert (!array[3]); np = g_malloc0 (sizeof (nvtpref_t)); np->name = array[0]; np->type = array[1]; np->dflt = array[2]; list = g_slist_append (list, np); element = element->next; } kb_item_free (prefs); return list; } /** * @brief Get the list of nvti OIDs. * * @return OIDs list. */ GSList * nvticache_get_oids () { struct kb_item *kbi, *item; GSList *list = NULL; assert (cache_kb); kbi = item = kb_item_get_pattern (cache_kb, "filename:*:oid"); if (!kbi) return NULL; while (item) { list = g_slist_prepend (list, g_strdup (item->v_str)); item = item->next; } kb_item_free (kbi); return list; } /** * @brief Get the number of nvt's in the cache. * * @return Number of nvt's. */ size_t nvticache_count () { assert (cache_kb); return kb_item_count (cache_kb, "nvt:*"); } void nvticache_delete (const char *oid) { char pattern[4096]; char *filename; assert (cache_kb); assert (oid); filename = nvticache_get_filename (oid); g_snprintf (pattern, sizeof (pattern), "oid:%s:prefs", oid); kb_del_items (cache_kb, pattern); g_snprintf (pattern, sizeof (pattern), "nvt:%s", oid); kb_del_items (cache_kb, pattern); if (filename) { g_snprintf (pattern, sizeof (pattern), "filename:%s:timestamp", filename); kb_del_items (cache_kb, pattern); g_snprintf (pattern, sizeof (pattern), "filename:%s:oid", filename); kb_del_items (cache_kb, pattern); } g_free (filename); } gvm-libs-9.0.3/base/nvticache.h000066400000000000000000000052201334154151000162660ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: API (structs and protos) for NVT Info Cache * * Authors: * Jan-Oliver Wagner * * Copyright: * Copyright (C) 2009 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file nvticache.h * @brief Protos and data structures for NVT Information Cache. * * This file contains the protos for \ref nvticache.c */ #ifndef _NVTICACHE_H #define _NVTICACHE_H /* for gchar */ #include /* for nvtis_t */ #include "nvti.h" #include "kb.h" int nvticache_init (const char *, const char *); kb_t nvticache_get_kb (); void nvticache_reset (); int nvticache_initialized (void); int nvticache_check (const gchar *); int nvticache_add (const nvti_t *, const char *); nvti_t * nvticache_get_by_oid_full (const char *); nvti_t * nvticache_get_by_name_full (const char *); char * nvticache_get_src (const char *); char * nvticache_get_oid (const char *); char * nvticache_get_name (const char *); char * nvticache_get_tags (const char *); GSList * nvticache_get_prefs (const char *); char * nvticache_get_version (const char *); char * nvticache_get_copyright (const char *); char * nvticache_get_cves (const char *); char * nvticache_get_bids (const char *); char * nvticache_get_xrefs (const char *); char * nvticache_get_family (const char *); char * nvticache_get_filename (const char *); char * nvticache_get_required_keys (const char *); char * nvticache_get_mandatory_keys (const char *); char * nvticache_get_excluded_keys (const char *); char * nvticache_get_required_ports (const char *); char * nvticache_get_required_udp_ports (const char *); int nvticache_get_category (const char *); int nvticache_get_timeout (const char *); char * nvticache_get_dependencies (const char *); void nvticache_free (void); GSList * nvticache_get_names (void); GSList * nvticache_get_oids (void); size_t nvticache_count (void); void nvticache_delete (const char *); #endif /* not _NVTICACHE_H */ gvm-libs-9.0.3/base/openvas_compress.c000066400000000000000000000104151334154151000177050ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Functions related to data compression (gzip format.) * * Authors: * Hani Benhabiles * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /* For z_const to be defined as const. */ #if !defined(ZLIB_CONST) # define ZLIB_CONST #endif #include /* for z_stream */ #include /* for gfree() */ /** * @brief Compresses data in src buffer. * * @param[in] src Buffer of data to compress. * @param[in] srclen Length of data to compress. * @param[out] dstlen Length of compressed data. * * @return Pointer to compressed data if success, NULL otherwise. */ void * openvas_compress (const void *src, unsigned long srclen, unsigned long *dstlen) { unsigned long buflen = srclen * 2; if (src == NULL || dstlen == NULL) return NULL; if (buflen < 30) buflen = 30; while (1) { int err; void *buffer; z_stream strm; /* Initialize deflate state */ strm.zalloc = Z_NULL; strm.zfree = Z_NULL; strm.opaque = Z_NULL; strm.avail_in = srclen; #ifdef z_const strm.next_in = src; #else /* Workaround for older zlib. */ strm.next_in = (void *) src; #endif if (deflateInit (&strm, Z_DEFAULT_COMPRESSION) != Z_OK) return NULL; buffer = g_malloc0 (buflen); strm.avail_out = buflen; strm.next_out = buffer; err = deflate (&strm, Z_SYNC_FLUSH); deflateEnd (&strm); switch (err) { case Z_OK: case Z_STREAM_END: if (strm.avail_out != 0) { *dstlen = strm.total_out; return buffer; } /* Fallthrough. */ case Z_BUF_ERROR: g_free (buffer); buflen *= 2; break; default: g_free (buffer); return NULL; } } } /** * @brief Uncompresses data in src buffer. * * @param[in] src Buffer of data to uncompress. * @param[in] srclen Length of data to uncompress. * @param[out] dstlen Length of uncompressed data. * * @return Pointer to uncompressed data if success, NULL otherwise. */ void * openvas_uncompress (const void *src, unsigned long srclen, unsigned long *dstlen) { unsigned long buflen = srclen * 2; if (src == NULL || dstlen == NULL) return NULL; while (1) { int err; void *buffer; z_stream strm; /* Initialize inflate state */ strm.zalloc = Z_NULL; strm.zfree = Z_NULL; strm.opaque = Z_NULL; strm.avail_in = srclen; #ifdef z_const strm.next_in = src; #else /* Workaround for older zlib. */ strm.next_in = (void *) src; #endif /* * From: http://www.zlib.net/manual.html * Add 32 to windowBits to enable zlib and gzip decoding with automatic header * detection. */ if (inflateInit2 (&strm, 15 + 32) != Z_OK) return NULL; buffer = g_malloc0 (buflen); strm.avail_out = buflen; strm.next_out = buffer; err = inflate (&strm, Z_SYNC_FLUSH); inflateEnd (&strm); switch (err) { case Z_OK: case Z_STREAM_END: if (strm.avail_out != 0) { *dstlen = strm.total_out; return buffer; } /* Fallthrough. */ case Z_BUF_ERROR: g_free (buffer); buflen *= 2; break; default: g_free (buffer); return NULL; } } } gvm-libs-9.0.3/base/openvas_compress.h000066400000000000000000000022451334154151000177140ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: API related to data compression (gzip format.) * * Authors: * Hani Benhabiles * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef _OPENVAS_COMPRESS_H #define _OPENVAS_COMPRESS_H void * openvas_compress (const void *, unsigned long, unsigned long *); void * openvas_uncompress (const void *, unsigned long, unsigned long *); #endif /* not _OPENVAS_COMPRESS_H */ gvm-libs-9.0.3/base/openvas_file.c000066400000000000000000000306511334154151000167750ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: File utilities. * * Authors: * Matthew Mundell * Michael Wiegand * * Copyright: * Copyright (C) 2009,2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file openvas_file.c * @brief File utilities. */ /* time.h in glibc2 needs this for strptime. */ #define _GNU_SOURCE #include "openvas_file.h" #include #include #include #include #include /* for g_remove */ /** * @brief Checks whether a file is a directory or not. * * This is a replacement for the g_file_test functionality which is reported * to be unreliable under certain circumstances, for example if this * application and glib are compiled with a different libc. * * Symbolic links are not followed. * * @param[in] name Name of file or directory. * * @return 1 if parameter is directory, 0 if it is not, -1 if it does not * exist or could not be accessed. */ int openvas_file_check_is_dir (const char *name) { struct stat sb; if (g_lstat (name, &sb)) { g_warning ("g_lstat(%s) failed - %s\n", name, g_strerror (errno)); return -1; } return (S_ISDIR (sb.st_mode)); } /** * @brief Recursively removes files and directories. * * This function will recursively call itself to delete a path and any * contents of this path. * * @param[in] pathname The name of the file to be deleted from the filesystem. * * @return 0 if the name was successfully deleted, -1 if an error occurred. * Please note that errno is currently not guaranteed to contain the correct * value if -1 is returned. */ int openvas_file_remove_recurse (const gchar * pathname) { /** @todo Set errno when we return -1 to maintain remove() compatibility. */ if (openvas_file_check_is_dir (pathname) == 1) { GError *error = NULL; GDir *directory = g_dir_open (pathname, 0, &error); if (directory == NULL) { g_warning ("g_dir_open(%s) failed - %s\n", pathname, error->message); g_error_free (error); return -1; } else { int ret = 0; const gchar *entry = NULL; while ((entry = g_dir_read_name (directory)) && (ret == 0)) { gchar *entry_path = g_build_filename (pathname, entry, NULL); ret = openvas_file_remove_recurse (entry_path); g_free (entry_path); if (ret != 0) { g_warning ("Failed to remove %s from %s!", entry, pathname); g_dir_close (directory); return ret; } } g_dir_close (directory); } } return g_remove (pathname); } /** * @brief Copies a source file into a destination file. * * If the destination file does exist already, it will be overwritten. * * @param[in] source_file Source file name. * @param[in] dest_file Destination file name. * * @return TRUE if successful, FALSE otherwise. */ gboolean openvas_file_copy (const gchar *source_file, const gchar *dest_file) { gboolean rc; GFile *sfile, *dfile; GError *error; #if !GLIB_CHECK_VERSION(2, 35, 0) g_type_init (); #endif sfile = g_file_new_for_path (source_file); dfile = g_file_new_for_path (dest_file); error = NULL; rc = g_file_copy (sfile, dfile, G_FILE_COPY_OVERWRITE, NULL, NULL, NULL, &error); if (!rc) { g_warning ("%s: g_file_copy(%s, %s) failed - %s\n", __FUNCTION__, source_file, dest_file, error->message); g_error_free (error); } g_object_unref (sfile); g_object_unref (dfile); return rc; } /** * @brief Moves a source file into a destination file. * * If the destination file does exist already, it will be overwritten. * * @param[in] source_file Source file name. * @param[in] dest_file Destination file name. * * @return TRUE if successful, FALSE otherwise. */ gboolean openvas_file_move (const gchar *source_file, const gchar *dest_file) { gboolean rc; GFile *sfile, *dfile; GError *error; #if !GLIB_CHECK_VERSION(2, 35, 0) g_type_init (); #endif sfile = g_file_new_for_path (source_file); dfile = g_file_new_for_path (dest_file); error = NULL; rc = g_file_move (sfile, dfile, G_FILE_COPY_OVERWRITE, NULL, NULL, NULL, &error); if (!rc) { g_warning ("%s: g_file_move(%s, %s) failed - %s\n", __FUNCTION__, source_file, dest_file, error->message); g_error_free (error); } g_object_unref (sfile); g_object_unref (dfile); return rc; } /** * @brief Get the content of a file in base64 format. * * @param[in] path Path to file. * * @return Allocated nul-terminated string, NULL otherwise. */ char * openvas_file_as_base64 (const char *path) { GError *error = NULL; char *content, *encoded; gsize len; if (!g_file_get_contents (path, &content, &len, &error)) { g_error_free (error); return NULL; } encoded = g_base64_encode ((guchar *) content, len); g_free (content); return encoded; } /** * @brief Generates a file name for exporting. * * @param[in] fname_format Format string. * @param[in] username Current user name. * @param[in] type Type of resource. * @param[in] uuid UUID of resource. * @param[in] creation_iso_time Creation time of resource in ISO format. * @param[in] modification_iso_time Modification time of resource (ISO). * @param[in] name Name of resource. * @param[in] format_name Name of format plugin. * * @return The file name. */ gchar * openvas_export_file_name (const char* fname_format, const char* username, const char* type, const char* uuid, const char* creation_iso_time, const char* modification_iso_time, const char* name, const char* format_name) { time_t now; struct tm *now_broken; gchar *now_date_str, *creation_date_str, *modification_date_str; gchar *now_time_str, *creation_time_str, *modification_time_str; struct tm creation_time, modification_time; gchar *creation_date_short, *modification_date_short; gchar *fname_point; GString *file_name_buf; int format_state = 0; char *ret; creation_date_str = NULL; modification_date_str = NULL; creation_time_str = NULL; modification_time_str = NULL; now = time (NULL); now_broken = localtime (&now); now_date_str = g_strdup_printf ("%04d%02d%02d", (now_broken->tm_year + 1900), (now_broken->tm_mon + 1), now_broken->tm_mday); now_time_str = g_strdup_printf ("%02d%02d%02d", now_broken->tm_hour, now_broken->tm_min, now_broken->tm_sec); memset (&creation_time, 0, sizeof (struct tm)); memset (&modification_time, 0, sizeof (struct tm)); creation_date_short = NULL; modification_date_short = NULL; if (creation_iso_time && (strlen (creation_iso_time) >= 19)) creation_date_short = g_strndup (creation_iso_time, 19); if (creation_date_short && (((ret = strptime (creation_date_short, "%Y-%m-%dT%H:%M:%S", &creation_time)) == NULL) || (strlen (ret) == 0))) { creation_date_str = g_strdup_printf ("%04d%02d%02d", (creation_time.tm_year + 1900), (creation_time.tm_mon + 1), creation_time.tm_mday); creation_time_str = g_strdup_printf ("%02d%02d%02d", creation_time.tm_hour, creation_time.tm_min, creation_time.tm_sec); } if (modification_iso_time && (strlen (modification_iso_time) >= 19)) modification_date_short = g_strndup (modification_iso_time, 19); if (modification_date_short && (((ret = strptime (modification_date_short, "%Y-%m-%dT%H:%M:%S", &modification_time)) == NULL) || (strlen (ret) == 0))) { modification_date_str = g_strdup_printf ("%04d%02d%02d", (modification_time.tm_year + 1900), (modification_time.tm_mon + 1), modification_time.tm_mday); modification_time_str = g_strdup_printf ("%02d%02d%02d", modification_time.tm_hour, modification_time.tm_min, modification_time.tm_sec); } if (creation_date_str == NULL) creation_date_str = g_strdup (now_date_str); if (modification_date_str == NULL) modification_date_str = g_strdup (creation_date_str); if (creation_time_str == NULL) creation_time_str = g_strdup (now_time_str); if (modification_time_str == NULL) modification_time_str = g_strdup (creation_time_str); file_name_buf = g_string_new (""); fname_point = (char*) fname_format; while (format_state >= 0 && *fname_point != '\0') { if (format_state == 0) { if (*fname_point == '%') format_state = 1; else if (*fname_point == '"') g_string_append (file_name_buf, "\\\""); else g_string_append_c (file_name_buf, *fname_point); } else if (format_state == 1) { format_state = 0; switch (*fname_point) { case 'C': g_string_append (file_name_buf, creation_date_str); break; case 'c': g_string_append (file_name_buf, creation_time_str); break; case 'D': g_string_append (file_name_buf, now_date_str); break; case 'F': g_string_append (file_name_buf, format_name ? format_name : "XML"); break; case 'M': g_string_append (file_name_buf, modification_date_str); break; case 'm': g_string_append (file_name_buf, modification_time_str); break; case 'N': g_string_append (file_name_buf, name ? name : (type ? type : "unnamed")); break; case 'T': g_string_append (file_name_buf, type ? type : "resource"); break; case 't': g_string_append (file_name_buf, now_time_str); break; case 'U': g_string_append (file_name_buf, uuid ? uuid : "list"); break; case 'u': g_string_append (file_name_buf, username ? username : ""); break; case '%': g_string_append_c (file_name_buf, '%'); break; default: g_warning ("%s : Unknown file name format placeholder: %%%c.", __FUNCTION__, *fname_point); format_state = -1; } } fname_point += sizeof (char); } if (format_state || strcmp (file_name_buf->str, "") == 0) { g_warning ("%s : Invalid file name format", __FUNCTION__); g_string_free (file_name_buf, TRUE); return NULL; } g_free (now_date_str); g_free (creation_date_str); g_free (creation_time_str); g_free (modification_date_str); return g_string_free (file_name_buf, FALSE); } gvm-libs-9.0.3/base/openvas_file.h000066400000000000000000000031351334154151000167770ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: File utilities. * * Authors: * Matthew Mundell * Michael Wiegand * * Copyright: * Copyright (C) 2009,2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef _OPENVAS_FILE_H #define _OPENVAS_FILE_H #include #include int openvas_file_check_is_dir (const char *name); int openvas_file_remove_recurse (const gchar * pathname); gboolean openvas_file_copy (const gchar *, const gchar *); gboolean openvas_file_move (const gchar *, const gchar *); char *openvas_file_as_base64 (const char *); gchar *openvas_export_file_name (const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*); #endif /* not _OPENVAS_FILE_H */ gvm-libs-9.0.3/base/openvas_hosts.c000066400000000000000000001267041334154151000172230ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Implementation of API to handle Hosts objects * * Authors: * Hani Benhabiles * Jan-Oliver Wagner * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file openvas_hosts.c * @brief Implementation of an API to handle Hosts objects * * This file contains all methods to handle Hosts collections (openvas_hosts_t) * and single hosts objects (openvas_host_t.) * * The module consequently uses glib datatypes. */ #include "openvas_hosts.h" /* Static variables */ gchar *host_type_str[HOST_TYPE_MAX] = { [HOST_TYPE_NAME] = "Hostname", [HOST_TYPE_IPV4] = "IPv4", [HOST_TYPE_IPV6] = "IPv6", [HOST_TYPE_CIDR_BLOCK] = "IPv4 CIDR block", [HOST_TYPE_RANGE_SHORT] = "IPv4 short range", [HOST_TYPE_RANGE_LONG] = "IPv4 long range" }; /* Function definitions */ /** * @brief Checks if a buffer points to a valid IPv4 address. * "192.168.11.1" is valid, "192.168.1.300" and "192.168.1.1e" are not. * * @param[in] str Buffer to check in. * * @return 1 if valid IPv4 address, 0 otherwise. */ static int is_ipv4_address (const char *str) { struct sockaddr_in sa; return inet_pton(AF_INET, str, &(sa.sin_addr)) == 1; } /** * @brief Checks if a buffer points to a valid IPv6 address. * "0:0:0:0:0:0:0:1", "::1" and "::FFFF:192.168.13.55" are valid "::1g" is not. * * @param[in] str Buffer to check in. * * @return 1 if valid IPv6 address, 0 otherwise. */ static int is_ipv6_address (const char *str) { struct sockaddr_in6 sa6; return inet_pton(AF_INET6, str, &(sa6.sin6_addr)) == 1; } /** * @brief Checks if a buffer points to an IPv4 CIDR-exprpessed block. * "192.168.12.3/24" is valid, "192.168.1.3/31" is not. * * @param[in] str Buffer to check in. * * @return 1 if valid CIDR-expressed block, 0 otherwise. */ static int is_cidr_block (const char *str) { long block; char *addr_str, *block_str, *p; addr_str = g_strdup (str); block_str = strchr (addr_str, '/'); if (block_str == NULL) { g_free (addr_str); return 0; } /* Separate the address from the block value. */ *block_str = '\0'; block_str++; if (!is_ipv4_address (addr_str) || !isdigit (*block_str)) { g_free (addr_str); return 0; } p = NULL; block = strtol (block_str, &p, 10); g_free (addr_str); if (*p || block <= 0 || block > 30) return 0; return 1; } /** * @brief Gets the network block value from a CIDR-expressed block string. * For "192.168.1.1/24" it is 24. * * @param[in] str Buffer containing CIDR-expressed block. * @param[out] block Variable to store block value. * * @return -1 if error, 0 otherwise. */ static int cidr_get_block (const char *str, unsigned int *block) { if (str == NULL || block == NULL) return -1; if (sscanf (str, "%*[0-9.]/%2u", block) != 1) return -1; return 0; } /** * @brief Gets the IPv4 value from a CIDR-expressed block. * eg. For "192.168.1.10/24" it is "192.168.1.10". * * @param[in] str String containing CIDR-expressed block. * @param[out] addr Variable to store the IPv4 address value. * * @return -1 if error, 0 otherwise. */ static int cidr_get_ip (const char *str, struct in_addr *addr) { gchar *addr_str, *tmp; if (str == NULL || addr == NULL) return -1; addr_str = g_strdup (str); tmp = strchr (addr_str, '/'); if (tmp == NULL) { g_free (addr_str); return -1; } *tmp = '\0'; if (inet_pton (AF_INET, addr_str, addr) != 1) return -1; g_free (addr_str); return 0; } /** * @brief Gets the first and last usable IPv4 addresses from a CIDR-expressed * block. eg. "192.168.1.0/24" would give 192.168.1.1 as first and 192.168.1.254 * as last. * * Both network and broadcast addresses are skipped: * - They are _never_ used as a host address. Not being included is the expected * behaviour from users. * - When needed, short/long ranges (eg. 192.168.1.0-255) are available. * * @param[in] str Buffer containing CIDR-expressed block. * @param[out] first First IPv4 address in block. * @param[out] last Last IPv4 address in block. * * @return -1 if error, 0 else. */ static int cidr_block_ips (const char *str, struct in_addr *first, struct in_addr *last) { unsigned int block; if (str == NULL || first == NULL || last == NULL) return -1; /* Get IP and block values. */ if (cidr_get_block (str, &block) == -1) return -1; if (cidr_get_ip (str, first) == -1) return -1; /* First IP: And with mask and increment. */ first->s_addr &= htonl (0xffffffff ^ ((1 << (32 - block)) - 1)); first->s_addr = htonl (ntohl (first->s_addr) + 1); /* Last IP: First IP + Number of usable hosts - 1. */ last->s_addr = htonl (ntohl (first->s_addr) + (1 << (32 - block)) - 3); return 0; } /** * @brief Checks if a buffer points to a valid long range-expressed network. * "192.168.12.1-192.168.13.50" is valid. * * @param[in] str Buffer to check in. * * @return 1 if valid long range-expressed network, 0 otherwise. */ static int is_long_range_network (const char *str) { char *first_str, *second_str; int ret; first_str = g_strdup (str); second_str = strchr (first_str, '-'); if (second_str == NULL) { g_free (first_str); return 0; } /* Separate the addresses. */ *second_str = '\0'; second_str++; ret = is_ipv4_address (first_str) && is_ipv4_address (second_str); g_free (first_str); return ret; } /** * @brief Gets the first and last IPv4 addresses from a long range-expressed * network. eg. "192.168.1.1-192.168.2.40" would give 192.168.1.1 as first and * 192.168.2.40 as last. * * @param[in] str String containing long range-expressed network. * @param[out] first First IP address in block. * @param[out] last Last IP address in block. * * @return -1 if error, 0 else. */ static int long_range_network_ips (const char *str, struct in_addr *first, struct in_addr *last) { char *first_str, *last_str; if (str == NULL || first == NULL || last == NULL) return -1; first_str = g_strdup (str); last_str = strchr (first_str, '-'); if (last_str == NULL) { g_free (first_str); return -1; } /* Separate the two IPs. */ *last_str = '\0'; last_str++; if (inet_pton (AF_INET, first_str, first) != 1 || inet_pton (AF_INET, last_str, last) != 1) { g_free (first_str); return -1; } g_free (first_str); return 0; } /** * @brief Checks if a buffer points to a valid short range-expressed network. * "192.168.11.1-50" is valid, "192.168.1.1-50e" and "192.168.1.1-300" are not. * * @param str String to check in. * * @return 1 if str points to a valid short range-network, 0 otherwise. */ static int is_short_range_network (const char *str) { long end; char *ip_str, *end_str, *p; ip_str = g_strdup (str); end_str = strchr (ip_str, '-'); if (end_str == NULL) { g_free (ip_str); return 0; } /* Separate the addreses. */ *end_str = '\0'; end_str++; if (!is_ipv4_address (ip_str) || !isdigit (*end_str)) { g_free (ip_str); return 0; } p = NULL; end = strtol (end_str, &p, 10); g_free (ip_str); if (*p || end < 0 || end > 255) return 0; return 1; } /** * @brief Gets the first and last IPv4 addresses from a short range-expressed * network. "192.168.1.1-40" would give 192.168.1.1 as first and 192.168.1.40 as * last. * * @param[in] str String containing short range-expressed network. * @param[out] first First IP address in block. * @param[out] last Last IP address in block. * * @return -1 if error, 0 else. */ static int short_range_network_ips (const char *str, struct in_addr *first, struct in_addr *last) { char *first_str, *last_str; int end; if (str == NULL || first == NULL || last == NULL) return -1; first_str = g_strdup (str); last_str = strchr (first_str, '-'); if (last_str == NULL) { g_free (first_str); return -1; } /* Separate the two IPs. */ *last_str = '\0'; last_str++; end = atoi (last_str); /* Get the first IP */ if (inet_pton (AF_INET, first_str, first) != 1) { g_free (first_str); return -1; } /* Get the last IP */ last->s_addr = htonl ((ntohl (first->s_addr) & 0xffffff00) + end); g_free (first_str); return 0; } /** * @brief Checks if a buffer points to a valid hostname. * Valid characters include: Alphanumerics, dot (.), dash (-) and underscore (_) * up to 255 characters. * * @param[in] str Buffer to check in. * * @return 1 if valid hostname, 0 otherwise. */ static int is_hostname (const char *str) { const char *h = str; while (*h && (isalnum (*h) || strchr ("-_.", *h))) h++; /* Valid string if no other chars, and length is 255 at most. */ if (*h == '\0' && h - str < 256) return 1; return 0; } /** * @brief Checks if a buffer points to an IPv6 CIDR-exprpessed block. * "2620:0:2d0:200::7/120" is valid, "2620:0:2d0:200::7/129" is not. * * @param[in] str Buffer to check in. * * @return 1 if valid IPv6 CIDR-expressed block, 0 otherwise. */ static int is_cidr6_block (const char *str) { long block; char *addr6_str, *block_str, *p; addr6_str = g_strdup (str); block_str = strchr (addr6_str, '/'); if (block_str == NULL) { g_free (addr6_str); return 0; } /* Separate the address from the block value. */ *block_str = '\0'; block_str++; if (!is_ipv6_address (addr6_str) || !isdigit (*block_str)) { g_free (addr6_str); return 0; } p = NULL; block = strtol (block_str, &p, 10); g_free (addr6_str); if (*p || block <= 0 || block > 128) return 0; return 1; } /** * @brief Gets the network block value from a CIDR-expressed block string. * For "192.168.1.1/24" it is 24. * * @param[in] str Buffer containing CIDR-expressed block. * @param[out] block Variable to store block value. * * @return -1 if error, 0 otherwise. */ static int cidr6_get_block (const char *str, unsigned int *block) { if (str == NULL || block == NULL) return -1; if (sscanf (str, "%*[0-9a-fA-F.:]/%3u", block) != 1) return -1; return 0; } /** * @brief Gets the IPv4 value from a CIDR-expressed block. * eg. For "192.168.1.10/24" it is "192.168.1.10". * * @param[in] str String containing CIDR-expressed block. * @param[out] addr6 Variable to store the IPv4 address value. * * @return -1 if error, 0 otherwise. */ static int cidr6_get_ip (const char *str, struct in6_addr *addr6) { gchar *addr6_str, *tmp; if (str == NULL || addr6 == NULL) return -1; addr6_str = g_strdup (str); tmp = strchr (addr6_str, '/'); if (tmp == NULL) { g_free (addr6_str); return -1; } *tmp = '\0'; if (inet_pton (AF_INET6, addr6_str, addr6) != 1) return -1; g_free (addr6_str); return 0; } /** * @brief Gets the first and last usable IPv4 addresses from a CIDR-expressed * block. eg. "192.168.1.0/24 would give 192.168.1.1 as first and 192.168.1.254 * as last. Thus, it skips the network and broadcast addresses. * * @param[in] str Buffer containing CIDR-expressed block. * @param[out] first First IPv4 address in block. * @param[out] last Last IPv4 address in block. * * @return -1 if error, 0 else. */ static int cidr6_block_ips (const char *str, struct in6_addr *first, struct in6_addr *last) { unsigned int block; int i, j; if (str == NULL || first == NULL || last == NULL) return -1; /* Get IP and block values. */ if (cidr6_get_block (str, &block) == -1) return -1; if (cidr6_get_ip (str, first) == -1) return -1; memcpy (&last->s6_addr, &first->s6_addr, 16); /* /128 => Specified address is the first and last one. */ if (block == 128) return 0; /* First IP: And with mask and increment to skip network address. */ j = 15; for (i = (128 - block) / 8; i > 0; i--) { first->s6_addr[j] = 0; j--; } first->s6_addr[j] &= 0xff ^ ((1 << ((128 - block) % 8)) - 1); /* Last IP: Broadcast address - 1. */ j = 15; for (i = (128 - block) / 8; i > 0; i--) { last->s6_addr[j] = 0xff; j--; } last->s6_addr[j] |= (1 << ((128 - block) % 8)) - 1; /* /127 => Only two addresses. Don't skip network / broadcast addresses.*/ if (block == 127) return 0; /* Increment first IP. */ for (i = 15; i >= 0; --i) if (first->s6_addr[i] < 255) { first->s6_addr[i]++; break; } else first->s6_addr[i] = 0; /* Decrement last IP. */ for (i = 15; i >= 0; --i) if (last->s6_addr[i] > 0) { last->s6_addr[i]--; break; } else last->s6_addr[i] = 0xff; return 0; } /** * @brief Checks if a buffer points to a valid long IPv6 range-expressed * network. "::fee5-::1:530" is valid. * * @param[in] str Buffer to check in. * * @return 1 if valid long range-expressed network, 0 otherwise. */ static int is_long_range6_network (const char *str) { char *first_str, *second_str; int ret; first_str = g_strdup (str); second_str = strchr (first_str, '-'); if (second_str == NULL) { g_free (first_str); return 0; } /* Separate the addreses. */ *second_str = '\0'; second_str++; ret = is_ipv6_address (first_str) && is_ipv6_address (second_str); g_free (first_str); return ret; } /** * @brief Gets the first and last IPv6 addresses from a long range-expressed * network. eg. "::1:200:7-::1:205:500" would give ::1:200:7 as first and * ::1:205:500 as last. * * @param[in] str String containing long IPv6 range-expressed network. * @param[out] first First IPv6 address in range. * @param[out] last Last IPv6 address in range. * * @return -1 if error, 0 else. */ static int long_range6_network_ips (const char *str, struct in6_addr *first, struct in6_addr *last) { char *first_str, *last_str; if (str == NULL || first == NULL || last == NULL) return -1; first_str = g_strdup (str); last_str = strchr (first_str, '-'); if (last_str == NULL) { g_free (first_str); return -1; } /* Separate the two IPs. */ *last_str = '\0'; last_str++; if (inet_pton (AF_INET6, first_str, first) != 1 || inet_pton (AF_INET6, last_str, last) != 1) { g_free (first_str); return -1; } g_free (first_str); return 0; } /** * @brief Checks if a buffer points to a valid short IPv6 range-expressed * network. "::200:ff:1-fee5" is valid. * * @param str String to check in. * * @return 1 if str points to a valid short-range IPv6 network, 0 otherwise. */ static int is_short_range6_network (const char *str) { char *ip_str, *end_str, *p; ip_str = g_strdup (str); end_str = strchr (ip_str, '-'); if (end_str == NULL) { g_free (ip_str); return 0; } /* Separate the addresses. */ *end_str = '\0'; end_str++; if (!is_ipv6_address (ip_str) || *end_str == '\0') { g_free (ip_str); return 0; } p = end_str; /* Check that the 2nd part is at most 4 hexadecimal characters. */ while (isxdigit (*p) && p++); if (*p || p - end_str > 4) { g_free (ip_str); return 0; } g_free (ip_str); return 1; } /** * @brief Gets the first and last IPv6 addresses from a short range-expressed * network. eg. "\::ffee:1:1001-1005" would give \::ffee:1:1001 as first and * \::ffee:1:1005 as last. * * @param[in] str String containing short IPv6 range-expressed network. * @param[out] first First IPv6 address in range. * @param[out] last Last IPv6 address in range. * * @return -1 if error, 0 else. */ static int short_range6_network_ips (const char *str, struct in6_addr *first, struct in6_addr *last) { char *first_str, *last_str; long int end; if (str == NULL || first == NULL || last == NULL) return -1; first_str = g_strdup (str); last_str = strchr (first_str, '-'); if (last_str == NULL) { g_free (first_str); return -1; } /* Separate the first IP. */ *last_str = '\0'; last_str++; if (inet_pton (AF_INET6, first_str, first) != 1) { g_free (first_str); return -1; } /* Calculate the last IP. */ memcpy (last, first, sizeof (*last)); end = strtol (last_str, NULL, 16); memcpy (&last->s6_addr[15], &end, 1); memcpy (&last->s6_addr[14], ((char *) &end) + 1, 1); g_free (first_str); return 0; } /** * @brief Determines the host type in a buffer. * * @param[in] str_stripped Buffer that contains host definition, could a be hostname, * single IPv4 or IPv6, CIDR-expressed block etc,. * * @return Host_TYPE_*, -1 if error. */ int openvas_get_host_type (const gchar *str_stripped) { /* * We have a single element with no leading or trailing * white spaces. This element could represent different host * definitions: single IPs, host names, CIDR-expressed blocks, * range-expressed networks, IPv6 addresses. */ /* Null or empty string. */ if (str_stripped == NULL || *str_stripped == '\0') return -1; /* Check for regular single IPv4 address. */ if (is_ipv4_address (str_stripped)) return HOST_TYPE_IPV4; /* Check for regular single IPv6 address. */ if (is_ipv6_address (str_stripped)) return HOST_TYPE_IPV6; /* Check for regular IPv4 CIDR-expressed block like "192.168.12.0/24" */ if (is_cidr_block (str_stripped)) return HOST_TYPE_CIDR_BLOCK; /* Check for short range-expressed networks "192.168.12.5-40" */ if (is_short_range_network (str_stripped)) return HOST_TYPE_RANGE_SHORT; /* Check for long range-expressed networks "192.168.1.0-192.168.3.44" */ if (is_long_range_network (str_stripped)) return HOST_TYPE_RANGE_LONG; /* Check for regular IPv6 CIDR-expressed block like "2620:0:2d0:200::7/120" */ if (is_cidr6_block (str_stripped)) return HOST_TYPE_CIDR6_BLOCK; /* Check for short range-expressed networks "::1-ef12" */ if (is_short_range6_network (str_stripped)) return HOST_TYPE_RANGE6_SHORT; /* Check for long IPv6 range-expressed networks like "::1:20:7-::1:25:3" */ if (is_long_range6_network (str_stripped)) return HOST_TYPE_RANGE6_LONG; /* Check for hostname. */ if (is_hostname (str_stripped)) return HOST_TYPE_NAME; /* @todo: If everything else fails, fallback to hostname ? */ return -1; } /** * @brief Creates a new openvas_host_t object. * * @return Pointer to new host object, NULL if creation fails. */ static openvas_host_t * openvas_host_new () { openvas_host_t *host; host = g_malloc0 (sizeof (openvas_host_t)); return host; } /** * @brief Frees the memory occupied by an openvas_host_t object. * * @param[in] host Host to free. */ static void openvas_host_free (gpointer host) { openvas_host_t *h = host; if (h == NULL) return; /* If host of type hostname, free the name buffer, first. */ if (h->type == HOST_TYPE_NAME) g_free (h->name); g_free (h); } /** * @brief Removes duplicate hosts values from an openvas_hosts_t structure. * Also resets the iterator current position. * * @param[in] hosts hosts collection from which to remove duplicates. */ static void openvas_hosts_deduplicate (openvas_hosts_t *hosts) { /** * Uses a hash table in order to deduplicate the hosts list in O(N) time. */ GList *element; GHashTable *name_table; int duplicates = 0; if (hosts == NULL) return; element = hosts->hosts; name_table = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); while (element) { gchar *name; if ((name = openvas_host_value_str (element->data))) { if (g_hash_table_lookup (name_table, name)) { GList *tmp; tmp = element; element = element->next; openvas_host_free (tmp->data); hosts->hosts = g_list_delete_link (hosts->hosts, tmp); duplicates++; g_free (name); } else { /* Insert in hash table. Value not important, but not NULL. */ g_hash_table_insert (name_table, name, hosts); element = element->next; } } else element = element->next; } g_hash_table_destroy (name_table); hosts->count -= duplicates; hosts->removed += duplicates; hosts->current = hosts->hosts; } /** * @brief Creates a new openvas_hosts_t structure and the associated hosts * objects from the provided hosts_str. * * @param[in] hosts_str The hosts string. A copy will be created of this within * the returned struct. * @param[in] max_hosts Max number of hosts in hosts_str. 0 means unlimited. * * @return NULL if error or hosts_str contains more than max hosts. otherwise, a * hosts structure that should be released using @ref openvas_hosts_free. */ openvas_hosts_t * openvas_hosts_new_with_max (const gchar *hosts_str, unsigned int max_hosts) { openvas_hosts_t *hosts; gchar **host_element, **split; gchar *str; if (hosts_str == NULL) return NULL; hosts = g_malloc0 (sizeof (openvas_hosts_t)); if (hosts == NULL) return NULL; hosts->orig_str = g_strdup (hosts_str); /* Normalize separator: Transform newlines into commas. */ str = hosts->orig_str; while (*str) { if (*str == '\n') *str = ','; str++; } /* Split comma-separeted list into single host-specifications */ split = g_strsplit (hosts->orig_str, ",", 0); /* first element of the splitted list */ host_element = split; while (*host_element) { int host_type; gchar *stripped = g_strstrip (*host_element); if (stripped == NULL || *stripped == '\0') { host_element++; continue; } /* IPv4, hostname, IPv6, collection (short/long range, cidr block) etc,. ? */ /* -1 if error. */ host_type = openvas_get_host_type (stripped); switch (host_type) { case HOST_TYPE_NAME: case HOST_TYPE_IPV4: case HOST_TYPE_IPV6: { /* New host. */ openvas_host_t *host = openvas_host_new (); host->type = host_type; if (host_type == HOST_TYPE_NAME) host->name = g_strdup (stripped); else if (host_type == HOST_TYPE_IPV4) inet_pton (AF_INET, stripped, &host->addr); else if (host_type == HOST_TYPE_IPV6) inet_pton (AF_INET6, stripped, &host->addr6); /* Prepend to list of hosts. */ hosts->hosts = g_list_prepend (hosts->hosts, host); hosts->count++; break; } case HOST_TYPE_CIDR_BLOCK: case HOST_TYPE_RANGE_SHORT: case HOST_TYPE_RANGE_LONG: { struct in_addr first, last; uint32_t current; int (*ips_func) (const char *, struct in_addr *, struct in_addr *); if (host_type == HOST_TYPE_CIDR_BLOCK) ips_func = cidr_block_ips; else if (host_type == HOST_TYPE_RANGE_SHORT) ips_func = short_range_network_ips; else if (host_type == HOST_TYPE_RANGE_LONG) ips_func = long_range_network_ips; else break; if (ips_func (stripped, &first, &last) == -1) break; /* Make sure that first actually comes before last */ if (ntohl (first.s_addr) > ntohl (last.s_addr)) break; /* Add addresses from first to last as single hosts. */ current = first.s_addr; while (ntohl (current) <= ntohl (last.s_addr)) { openvas_host_t *host = openvas_host_new (); host->type = HOST_TYPE_IPV4; host->addr.s_addr = current; hosts->hosts = g_list_prepend (hosts->hosts, host); hosts->count++; if (max_hosts > 0 && hosts->count > max_hosts) { g_strfreev (split); openvas_hosts_free (hosts); return NULL; } /* Next IP address. */ current = htonl (ntohl (current) + 1); } break; } case HOST_TYPE_CIDR6_BLOCK: case HOST_TYPE_RANGE6_LONG: case HOST_TYPE_RANGE6_SHORT: { struct in6_addr first, last; unsigned char current[16]; int (*ips_func) (const char *, struct in6_addr *, struct in6_addr *); if (host_type == HOST_TYPE_CIDR6_BLOCK) ips_func = cidr6_block_ips; else if (host_type == HOST_TYPE_RANGE6_SHORT) ips_func = short_range6_network_ips; else if (host_type == HOST_TYPE_RANGE6_LONG) ips_func = long_range6_network_ips; else continue; if (ips_func (stripped, &first, &last) == -1) break; /* Make sure the first comes before the last. */ if (memcmp (&first.s6_addr, &last.s6_addr, 16) > 0) break; /* Add addresses from first to last as single hosts. */ memcpy (current, &first.s6_addr, 16); while (memcmp (current, &last.s6_addr, 16) <= 0) { int i; openvas_host_t *host = openvas_host_new (); host->type = HOST_TYPE_IPV6; memcpy (host->addr6.s6_addr, current, 16); hosts->hosts = g_list_prepend (hosts->hosts, host); hosts->count++; if (max_hosts > 0 && hosts->count > max_hosts) { g_strfreev (split); openvas_hosts_free (hosts); return NULL; } /* Next IPv6 address. */ for (i = 15; i >= 0; --i) if (current[i] < 255) { current[i]++; break; } else current[i] = 0; } break; } case -1: default: /* Invalid host string. */ g_strfreev (split); openvas_hosts_free (hosts); return NULL; } host_element++; /* move on to next element of splitted list */ if (max_hosts > 0 && hosts->count > max_hosts) { g_strfreev (split); openvas_hosts_free (hosts); return NULL; } } /* Reverse list, as we were prepending (for performance) to the list. */ hosts->hosts = g_list_reverse (hosts->hosts); /* Remove duplicated values. */ openvas_hosts_deduplicate (hosts); /* Set current to start of hosts list. */ hosts->current = hosts->hosts; g_strfreev (split); return hosts; } /** * @brief Creates a new openvas_hosts_t structure and the associated hosts * objects from the provided hosts_str. * * @param[in] hosts_str The hosts string. A copy will be created of this within * the returned struct. * * @return NULL if error, otherwise, a hosts structure that should be released * using @ref openvas_hosts_free. */ openvas_hosts_t * openvas_hosts_new (const gchar *hosts_str) { return openvas_hosts_new_with_max (hosts_str, 0); } /** * @brief Gets the next openvas_host_t from a openvas_hosts_t structure. The * state of iteration is kept internally within the openvas_hosts structure. * * @param[in] hosts openvas_hosts_t structure to get next host from. * * @return Pointer to host. NULL if error or end of hosts. */ openvas_host_t * openvas_hosts_next (openvas_hosts_t *hosts) { openvas_host_t *next; if (hosts == NULL || hosts->current == NULL) return NULL; next = hosts->current->data; hosts->current = g_list_next (hosts->current); return next; } /** * @brief Frees memory occupied by an openvas_hosts_t structure. * * @param[in] hosts The hosts collection to free. * */ void openvas_hosts_free (openvas_hosts_t *hosts) { if (hosts == NULL) return; if (hosts->orig_str) g_free (hosts->orig_str); g_list_free_full (hosts->hosts, openvas_host_free); g_free (hosts); } /** * @brief Randomizes the order of the hosts objects in the collection. * Not to be used while iterating over the single hosts as it resets the * iterator. * * @param[in] hosts The hosts collection to shuffle. */ void openvas_hosts_shuffle (openvas_hosts_t *hosts) { int count; GList *new_list; GRand *rand; if (hosts == NULL) return; count = openvas_hosts_count (hosts); new_list = NULL; rand = g_rand_new (); while (count) { GList *element; /* Get element from random position [0, count[. */ element = g_list_nth (hosts->hosts, g_rand_int_range (rand, 0, count)); /* Remove it. */ hosts->hosts = g_list_remove_link (hosts->hosts, element); /* Insert it in new list */ new_list = g_list_concat (element, new_list); count--; } hosts->hosts = new_list; hosts->current = hosts->hosts; g_rand_free (rand); } /** * @brief Reverses the order of the hosts objects in the collection. * Not to be used while iterating over the single hosts as it resets the * iterator. * * @param[in] hosts The hosts collection to reverse. */ void openvas_hosts_reverse (openvas_hosts_t *hosts) { if (hosts == NULL || hosts->hosts == NULL) return; hosts->hosts = g_list_reverse (hosts->hosts); hosts->current = hosts->hosts; } /** * @brief Removes an element from the hosts list and frees the host object. * * @param[in] hosts The hosts collection from which to remove. * @param[in] element Element to remove from the list. * * @return Next element value. */ static GList * openvas_hosts_remove_element (openvas_hosts_t *hosts, GList *element) { GList *tmp; tmp = element; element = element->next; openvas_host_free (tmp->data); hosts->hosts = g_list_delete_link (hosts->hosts, tmp); return element; } /** * @brief Resolves host objects of type name in a hosts collection, replacing * hostnames with IPv4 values. * Not to be used while iterating over the single hosts as it resets the * iterator. * * @param[in] hosts The hosts collection from which to exclude. */ void openvas_hosts_resolve (openvas_hosts_t *hosts) { openvas_host_t *host; hosts->current = hosts->hosts; while ((host = openvas_hosts_next (hosts))) { struct in_addr addr; if (host->type != HOST_TYPE_NAME) continue; if (openvas_host_resolve (host, &addr, AF_INET) == 0) { g_free (host->name); host->type = HOST_TYPE_IPV4; memcpy (&host->addr, &addr, sizeof (host->addr)); } } hosts->current = hosts->hosts; } /** * @brief Excludes a set of hosts provided as a string from a hosts collection. * Not to be used while iterating over the single hosts as it resets the * iterator. * * @param[in] hosts The hosts collection from which to exclude. * @param[in] excluded_str String of hosts to exclude. * @param[in] resolve Boolean. Whether to also resolve hostnames when excluding. * * @return Number of excluded hosts, -1 if error. */ int openvas_hosts_exclude (openvas_hosts_t *hosts, const char *excluded_str, int resolve) { /** * Uses a hash table in order to exclude hosts in O(N+M) time. */ openvas_hosts_t *excluded_hosts; GList *element; GHashTable *name_table; int excluded = 0; if (hosts == NULL || excluded_str == NULL) return -1; excluded_hosts = openvas_hosts_new (excluded_str); if (excluded_hosts == NULL) return -1; if (resolve) openvas_hosts_resolve (excluded_hosts); if (openvas_hosts_count (excluded_hosts) == 0) { openvas_hosts_free (excluded_hosts); return 0; } /* Hash host values from excluded hosts list. */ element = excluded_hosts->hosts; name_table = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); while (element) { gchar *name; if ((name = openvas_host_value_str (element->data))) g_hash_table_insert (name_table, name, hosts); element = element->next; } /* Check for hosts values in hash table. */ element = hosts->hosts; while (element) { gchar *name; struct in_addr addr; openvas_host_t *host = element->data; if ((name = openvas_host_value_str (host))) { if (g_hash_table_lookup (name_table, name)) { element = openvas_hosts_remove_element (hosts, element); excluded++; g_free (name); continue; } g_free (name); } /* If hostname, try to resolve it and check if IP is excluded. */ if (resolve && host->type == HOST_TYPE_NAME && openvas_host_resolve (host, &addr, AF_INET) == 0) { struct in6_addr addr6; ipv4_as_ipv6 (&addr, &addr6); name = addr6_as_str (&addr6); if (g_hash_table_lookup (name_table, name)) { element = openvas_hosts_remove_element (hosts, element); excluded++; g_free (name); continue; } g_free (name); } element = element->next; } /* Cleanup. */ hosts->count -= excluded; hosts->removed += excluded; hosts->current = hosts->hosts; g_hash_table_destroy (name_table); openvas_hosts_free (excluded_hosts); return excluded; } /** * @brief Checks for a host object reverse dns lookup existence. * * @param[in] host The host to reverse-lookup. * * @return Result of look-up or name if host of type name already, NULL * otherwise. Free with g_free(). */ char * openvas_host_reverse_lookup (openvas_host_t *host) { if (host == NULL) return NULL; if (host->type == HOST_TYPE_NAME) return g_strdup (host->name); else if (host->type == HOST_TYPE_IPV4) { struct sockaddr_in sa; int retry = 2; gchar hostname[1000]; bzero (&sa, sizeof (struct sockaddr)); sa.sin_addr = host->addr; sa.sin_family = AF_INET; while (retry--) { int ret = getnameinfo ((struct sockaddr *) &sa, sizeof (sa), hostname, sizeof (hostname), NULL, 0, NI_NAMEREQD); if (!ret) return g_strdup (hostname); if (ret != EAI_AGAIN) break; } return NULL; } else if (host->type == HOST_TYPE_IPV6) { struct sockaddr_in6 sa; char hostname[1000]; bzero (&sa, sizeof (struct sockaddr)); memcpy (&sa.sin6_addr, &host->addr6, 16); sa.sin6_family = AF_INET6; if (getnameinfo ((struct sockaddr *) &sa, sizeof (sa), hostname, sizeof (hostname), NULL, 0, NI_NAMEREQD)) return NULL; else return g_strdup (hostname); } else return NULL; } /** * @brief Removes hosts that don't reverse-lookup from the hosts collection. * Not to be used while iterating over the single hosts as it resets the * iterator. * * @param[in] hosts The hosts collection to filter. * * @return Number of hosts removed, -1 if error. */ int openvas_hosts_reverse_lookup_only (openvas_hosts_t *hosts) { int count; GList *element; if (hosts == NULL) return -1; count = 0; element = hosts->hosts; while (element) { gchar *name = openvas_host_reverse_lookup (element->data); if (name == NULL) { element = openvas_hosts_remove_element (hosts, element); count++; } else { g_free (name); element = element->next; } } hosts->count -= count; hosts->removed += count; hosts->current = hosts->hosts; return count; } /** * @brief Removes hosts duplicates that reverse-lookup to the same value. * Not to be used while iterating over the single hosts as it resets the * iterator. * * @param[in] hosts The hosts collection to filter. * * @return Number of hosts removed, -1 if error. */ int openvas_hosts_reverse_lookup_unify (openvas_hosts_t *hosts) { /** * Uses a hash table in order to unify the hosts list in O(N) time. */ int count; GList *element; GHashTable *name_table; if (hosts == NULL) return -1; name_table = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); count = 0; element = hosts->hosts; while (element) { gchar *name; if ((name = openvas_host_reverse_lookup (element->data))) { if (g_hash_table_lookup (name_table, name)) { element = openvas_hosts_remove_element (hosts, element); count++; g_free (name); } else { /* Insert in the hash table. Value not important. */ g_hash_table_insert (name_table, name, hosts); element = element->next; } } else element = element->next; } g_hash_table_destroy (name_table); hosts->removed += count; hosts->count -= count; hosts->current = hosts->hosts; return count; } /** * @brief Gets the count of single hosts objects in a hosts collection. * * @param[in] hosts The hosts collection to count hosts of. * * @return The number of single hosts. */ unsigned int openvas_hosts_count (const openvas_hosts_t *hosts) { return hosts ? hosts->count : 0; } /** * @brief Gets the count of single values in hosts string that were removed * (duplicates / excluded.) * * @param[in] hosts The hosts collection. * * @return The number of removed values. */ unsigned int openvas_hosts_removed (const openvas_hosts_t *hosts) { return hosts ? hosts->removed : 0; } /** * @brief Returns whether a host has an equal host in a hosts collection. * eg. 192.168.10.1 has an equal in list created from * "192.168.10.1-5, 192.168.10.10-20" string while 192.168.10.7 doesn't. * * @param[in] host The host object. * @param[in] addr Optional pointer to ip address. Could be used so that host * isn't resolved multiple times when type is HOST_TYPE_NAME. * @param[in] hosts Hosts collection. * * @return 1 if host has equal in hosts, 0 otherwise. */ int openvas_host_in_hosts (const openvas_host_t *host, const struct in6_addr *addr, const openvas_hosts_t *hosts) { char *host_str; GList *element; if (host == NULL || hosts == NULL) return 0; host_str = openvas_host_value_str (host); element = hosts->hosts; while (element) { char *tmp = openvas_host_value_str (element->data); if (strcasecmp (host_str, tmp) == 0) { g_free (host_str); g_free (tmp); return 1; } g_free (tmp); /* Hostnames in hosts list shouldn't be resolved. */ if (addr && openvas_host_type (element->data) != HOST_TYPE_NAME) { struct in6_addr tmpaddr; openvas_host_get_addr6 (element->data, &tmpaddr); if (memcmp (addr->s6_addr, &tmpaddr.s6_addr, 16) == 0) { g_free (host_str); return 1; } } element = element->next; } g_free (host_str); return 0; } /** * @brief Gets a host object's type. * * @param[in] host The host object. * * @return Host type. */ enum host_type openvas_host_type (const openvas_host_t *host) { assert (host); return host->type; } /** * @brief Gets a host's type in printable format. * * @param[in] host The host object. * * @return String representing host type. Statically allocated, thus, not to be * freed. */ gchar * openvas_host_type_str (const openvas_host_t *host) { if (host == NULL) return NULL; return host_type_str[host->type]; } /** * @brief Gets a host's value in printable format. * * @param[in] host The host object. * * @return String representing host value. To be freed with g_free(). */ gchar * openvas_host_value_str (const openvas_host_t *host) { if (host == NULL) return NULL; switch (host->type) { case HOST_TYPE_NAME: return g_strdup (host->name); break; case HOST_TYPE_IPV4: case HOST_TYPE_IPV6: /* Handle both cases using inet_ntop(). */ { int family, size; gchar *str; const void *srcaddr; if (host->type == HOST_TYPE_IPV4) { family = AF_INET; size = INET_ADDRSTRLEN; srcaddr = &host->addr; } else { family = AF_INET6; size = INET6_ADDRSTRLEN; srcaddr = &host->addr6; } str = g_malloc0 (size); if (inet_ntop (family, srcaddr, str, size) == NULL) { perror ("inet_ntop"); g_free (str); return NULL; } return str; } default: return g_strdup ("Erroneous host type: Should be Hostname/IPv4/IPv6."); } } /** * @brief Resolves a host object's name to an IPv4 or IPv6 address. Host object * should be of type HOST_TYPE_NAME. * * @param[in] host The host object whose name to resolve. * @param[out] dst Buffer to store resolved address. Size must be at least * 4 bytes for AF_INET and 16 bytes for AF_INET6. * @param[in] family Either AF_INET or AF_INET6. * * @return -1 if error, 0 otherwise. */ int openvas_host_resolve (const openvas_host_t *host, void *dst, int family) { if (host == NULL || dst == NULL || host->type != HOST_TYPE_NAME) return -1; return openvas_resolve (host->name, dst, family); } /** * @brief Gives a host object's value as an IPv6 address. * If the host type is hostname, it resolves the IPv4 address then gives an * IPv4-mapped IPv6 address (eg. \::ffff:192.168.1.1 .) * If the host type is IPv4, it gives an IPv4-mapped IPv6 address. * If the host's type is IPv6, it gives the value directly. * * @param[in] host The host object whose value to get as IPv6. * @param[out] ip6 Buffer to store the IPv6 address. * * @return -1 if error, 0 otherwise. */ int openvas_host_get_addr6 (const openvas_host_t *host, struct in6_addr *ip6) { if (host == NULL || ip6 == NULL) return -1; switch (openvas_host_type (host)) { case HOST_TYPE_IPV6: memcpy (ip6, &host->addr6, sizeof (struct in6_addr)); return 0; case HOST_TYPE_IPV4: ipv4_as_ipv6 (&host->addr, ip6); return 0; case HOST_TYPE_NAME: { struct in_addr ip4; /* Fail if IPv4 and IPv6 both don't resolve. */ if (openvas_host_resolve (host, &ip4, AF_INET) == 0) ipv4_as_ipv6 (&ip4, ip6); else if (openvas_host_resolve (host, ip6, AF_INET6) == -1) return -1; return 0; } default: return -1; } } gvm-libs-9.0.3/base/openvas_hosts.h000066400000000000000000000106461334154151000172250ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: API (structs and protos) for Hosts objects * * Authors: * Hani Benhabiles * Jan-Oliver Wagner * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file openvas_hosts.h * @brief Protos and data structures for Hosts collections and single hosts * objects. * * This file contains the protos for \ref hosts.c */ #ifndef _OPENVAS_HOSTS_H #define _OPENVAS_HOSTS_H #include "openvas_networking.h" #include #include #include #include #include #include #include #include /* Static values */ enum host_type { HOST_TYPE_NAME = 0, /* Hostname eg. foo */ HOST_TYPE_IPV4, /* eg. 192.168.1.1 */ HOST_TYPE_CIDR_BLOCK, /* eg. 192.168.15.0/24 */ HOST_TYPE_RANGE_SHORT, /* eg. 192.168.15.10-20 */ HOST_TYPE_RANGE_LONG, /* eg. 192.168.15.10-192.168.18.3 */ HOST_TYPE_IPV6, /* eg. ::1 */ HOST_TYPE_CIDR6_BLOCK, /* eg. ::ffee/120 */ HOST_TYPE_RANGE6_LONG, /* eg. ::1:200:7-::1:205:500 */ HOST_TYPE_RANGE6_SHORT, /* eg. ::1-fe10 */ HOST_TYPE_MAX /* Boundary checking. */ }; /* Typedefs */ typedef struct openvas_host openvas_host_t; typedef struct openvas_hosts openvas_hosts_t; /* Data structures. */ /** * @brief The structure for a single host object. * * The elements of this structure should never be accessed directly. * Only the functions corresponding to this module should be used. */ struct openvas_host { union { gchar *name; /* Hostname. */ struct in_addr addr; /* IPv4 address */ struct in6_addr addr6; /* IPv6 address */ }; enum host_type type; /* HOST_TYPE_NAME, HOST_TYPE_IPV4 or HOST_TYPE_IPV6. */ }; /** * @brief The structure for Hosts collection. * * The elements of this structure should never be accessed directly. * Only the functions corresponding to this module should be used. */ struct openvas_hosts { gchar *orig_str; /* Original hosts definition string. */ GList *hosts; /* Hosts objects list. */ GList *current; /* Current host object in iteration. */ unsigned int count; /* Number of single host objects in hosts list. */ unsigned int removed; /* Number of duplicate/excluded values. */ }; /* Function prototypes. */ /* openvas_hosts_t related */ openvas_hosts_t * openvas_hosts_new (const gchar *); openvas_hosts_t * openvas_hosts_new_with_max (const gchar *, unsigned int); openvas_host_t * openvas_hosts_next (openvas_hosts_t *); void openvas_hosts_free (openvas_hosts_t *); void openvas_hosts_shuffle (openvas_hosts_t *); void openvas_hosts_reverse (openvas_hosts_t *); void openvas_hosts_resolve (openvas_hosts_t *); int openvas_hosts_exclude (openvas_hosts_t *, const gchar *, int); char * openvas_host_reverse_lookup (openvas_host_t *); int openvas_hosts_reverse_lookup_only (openvas_hosts_t *); int openvas_hosts_reverse_lookup_unify (openvas_hosts_t *); unsigned int openvas_hosts_count (const openvas_hosts_t *); unsigned int openvas_hosts_removed (const openvas_hosts_t *); /* openvas_host_t related */ int openvas_host_in_hosts (const openvas_host_t *, const struct in6_addr *, const openvas_hosts_t *); gchar * openvas_host_type_str (const openvas_host_t *); enum host_type openvas_host_type (const openvas_host_t *); gchar * openvas_host_value_str (const openvas_host_t *); int openvas_host_resolve (const openvas_host_t *, void *, int); int openvas_host_get_addr6 (const openvas_host_t *, struct in6_addr *); /* Miscellaneous functions */ int openvas_get_host_type (const gchar *); #endif /* not _OPENVAS_HOSTS_H */ gvm-libs-9.0.3/base/openvas_networking.c000066400000000000000000000364701334154151000202520ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Implementation of OpenVAS Networking related API. * * Authors: * Hani Benhabiles * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "openvas_networking.h" #include #include #include /* Global variables */ /* Source interface name eg. eth1. */ char global_source_iface[IFNAMSIZ] = { '\0' }; /* Source IPv4 address. */ struct in_addr global_source_addr = { .s_addr = 0 }; /* Source IPv6 address. */ struct in6_addr global_source_addr6 = { .s6_addr32 = { 0, 0, 0, 0 } }; /* Source Interface/Address related functions. */ /** * @brief Initializes the source network interface name and related information. * * @param[in] iface Name of network interface to use as source interface. * * @return 0 if success. If error, return 1 and reset source values to default. */ int openvas_source_iface_init (const char *iface) { struct ifaddrs *ifaddr, *ifa; int ret = 1; bzero (global_source_iface, sizeof (global_source_iface)); global_source_addr.s_addr = INADDR_ANY; global_source_addr6 = in6addr_any; if (iface == NULL) return ret; if (getifaddrs (&ifaddr) == -1) return ret; /* Search for the adequate interface/family. */ for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr && strcmp (iface, ifa->ifa_name) == 0) { if (ifa->ifa_addr->sa_family == AF_INET) { struct in_addr *addr = &((struct sockaddr_in *) ifa->ifa_addr)->sin_addr; memcpy (&global_source_addr, addr, sizeof (global_source_addr)); ret = 0; } else if (ifa->ifa_addr->sa_family == AF_INET6) { struct sockaddr_in6 *addr; addr = (struct sockaddr_in6 *) ifa->ifa_addr; memcpy (&global_source_addr6.s6_addr, &addr->sin6_addr, sizeof (struct in6_addr)); ret = 0; } } } /* At least one address for the interface was found. */ if (ret == 0) strncpy (global_source_iface, iface, sizeof (global_source_iface)); freeifaddrs (ifaddr); return ret; } int openvas_source_iface_is_set (void) { return *global_source_iface != '\0'; } /** * @brief Binds a socket to use the global source address. * * @param[in] socket Socket to set source address for. * @param[in] port Network port for socket. * @param[in] family Family of socket. AF_INET or AF_INET6. * * @return 0 if success, -1 if error. */ int openvas_source_set_socket (int socket, int port, int family) { if (family == AF_INET) { struct sockaddr_in addr; openvas_source_addr (&addr.sin_addr); addr.sin_port = htons (port); addr.sin_family = AF_INET; if (bind (socket, (struct sockaddr *) &addr, sizeof (addr)) < 0) return -1; } else if (family == AF_INET6) { struct sockaddr_in6 addr6; openvas_source_addr6 (&addr6.sin6_addr); addr6.sin6_port = htons (port); addr6.sin6_family = AF_INET6; if (bind (socket, (struct sockaddr *) &addr6, sizeof (addr6)) < 0) return -1; } else return -1; return 0; } /** * @brief Gives the source IPv4 address. * * @param[out] addr Buffer of at least 4 bytes. */ void openvas_source_addr (void *addr) { if (addr) memcpy (addr, &global_source_addr.s_addr, 4); } /** * @brief Gives the source IPv6 address. * * @param[out] addr6 Buffer of at least 16 bytes. */ void openvas_source_addr6 (void *addr6) { if (addr6) memcpy (addr6, &global_source_addr6.s6_addr, 16); } /** * @brief Gives the source IPv4 mapped as an IPv6 address. * eg. 192.168.20.10 would map to \::ffff:192.168.20.10. * * @param[out] addr6 Buffer of at least 16 bytes. */ void openvas_source_addr_as_addr6 (struct in6_addr *addr6) { if (addr6) ipv4_as_ipv6 (&global_source_addr, addr6); } /** * @brief Gives the source IPv4 address in string format. * * @return Source IPv4 string. Free with g_free(). */ char * openvas_source_addr_str (void) { char *str = g_malloc0 (INET_ADDRSTRLEN); inet_ntop (AF_INET, &global_source_addr.s_addr, str, INET_ADDRSTRLEN); return str; } /** * @brief Gives the source IPv6 address in string format. * * @return Source IPv6 string. Free with g_free(). */ char * openvas_source_addr6_str (void) { char *str = g_malloc0 (INET6_ADDRSTRLEN); inet_ntop (AF_INET6, &global_source_addr6, str, INET6_ADDRSTRLEN); return str; } /* Miscellaneous functions. */ /** * @brief Maps an IPv4 address as an IPv6 address. * eg. 192.168.10.20 would map to \::ffff:192.168.10.20. * * @param[in] ip4 IPv4 address to map. * @param[out] ip6 Buffer to store the IPv6 address. */ void ipv4_as_ipv6 (const struct in_addr *ip4, struct in6_addr *ip6) { if (ip4 == NULL || ip6 == NULL) return; ip6->s6_addr32[0] = 0; ip6->s6_addr32[1] = 0; ip6->s6_addr32[2] = htonl (0xffff); memcpy (&ip6->s6_addr32[3], ip4, sizeof (struct in_addr)); } char * addr6_as_str (const struct in6_addr *addr6) { char *str; if (!addr6) return NULL; str = g_malloc0 (INET6_ADDRSTRLEN); if (IN6_IS_ADDR_V4MAPPED (addr6)) inet_ntop (AF_INET, &addr6->s6_addr32[3], str, INET6_ADDRSTRLEN); else inet_ntop (AF_INET6, addr6, str, INET6_ADDRSTRLEN); return str; } /** * @brief Convert an IP address to string format. * * @param[in] addr Address to convert. * @param[out] str Buffer of INET6_ADDRSTRLEN size. */ void sockaddr_as_str (const struct sockaddr_storage *addr, char *str) { if (!addr || !str) return; if (addr->ss_family == AF_INET) { struct sockaddr_in *saddr = (struct sockaddr_in *) addr; inet_ntop (AF_INET, &saddr->sin_addr, str, INET6_ADDRSTRLEN); } else if (addr->ss_family == AF_INET6) { struct sockaddr_in6 *s6addr = (struct sockaddr_in6 *) addr; if (IN6_IS_ADDR_V4MAPPED (&s6addr->sin6_addr)) inet_ntop (AF_INET, &s6addr->sin6_addr.s6_addr[12], str, INET6_ADDRSTRLEN); else inet_ntop (AF_INET6, &s6addr->sin6_addr, str, INET6_ADDRSTRLEN); } else if (addr->ss_family == AF_UNIX) { g_snprintf (str, INET6_ADDRSTRLEN, "unix_socket"); } else if (addr->ss_family == AF_UNSPEC) { g_snprintf (str, INET6_ADDRSTRLEN, "unknown_socket"); } else { g_snprintf (str, INET6_ADDRSTRLEN, "type_%d_socket", addr->ss_family); } } /** * @brief Resolves a hostname to an IPv4 or IPv6 address. * * @param[in] name Hostname to resolve. * @param[out] dst Buffer to store resolved address. Size must be at least * 4 bytes for AF_INET and 16 bytes for AF_INET6. * @param[in] family Either AF_INET or AF_INET6. * * @return -1 if error, 0 otherwise. */ int openvas_resolve (const char *name, void *dst, int family) { struct addrinfo hints, *info, *p; if (name == NULL || dst == NULL || (family != AF_INET && family != AF_INET6 && family != AF_UNSPEC)) return -1; bzero (&hints, sizeof (hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = 0; if ((getaddrinfo (name, NULL, &hints, &info)) != 0) return -1; p = info; while (p) { if (p->ai_family == family || family == AF_UNSPEC) { if (p->ai_family == AF_INET && family == AF_UNSPEC) { struct sockaddr_in *addrin = (struct sockaddr_in *) p->ai_addr; ipv4_as_ipv6 (&(addrin->sin_addr), dst); } else if (p->ai_family == AF_INET) { struct sockaddr_in *addrin = (struct sockaddr_in *) p->ai_addr; memcpy (dst, &(addrin->sin_addr), sizeof (struct in_addr)); } else if (p->ai_family == AF_INET6) { struct sockaddr_in6 *addrin = (struct sockaddr_in6 *) p->ai_addr; memcpy (dst, &(addrin->sin6_addr), sizeof (struct in6_addr)); } break; } p = p->ai_next; } freeaddrinfo (info); return 0; } /** * @brief Resolves a hostname to an IPv4-mapped IPv6 or IPv6 address. * * @param[in] name Hostname to resolve. * @param[out] ip6 Buffer to store resolved address. * * @return -1 if error, 0 otherwise. */ int openvas_resolve_as_addr6 (const char *name, struct in6_addr *ip6) { return openvas_resolve (name, ip6, AF_UNSPEC); } /* Ports related. */ /** * @brief Validate a port range string. * * Accepts ranges in form of "103,U:200-1024,3000-4000,T:3-4,U:7". * * @param[in] port_range A port range. * * @return 0 success, 1 failed. */ int validate_port_range (const char* port_range) { gchar **split, **point, *range, *range_start; if (!port_range) return 1; while (*port_range && isblank (*port_range)) port_range++; if (*port_range == '\0') return 1; /* Treat newlines like commas. */ range = range_start = g_strdup (port_range); while (*range) { if (*range == '\n') *range = ','; range++; } split = g_strsplit (range_start, ",", 0); g_free (range_start); point = split; while (*point) { gchar *hyphen, *element; /* Strip off any outer whitespace. */ element = g_strstrip (*point); /* Strip off any leading type specifier. */ if ((strlen (element) >= 2) && ((element[0] == 'T') || (element[0] == 'U')) && (element[1] == ':')) element = element + 2; /* Look for a hyphen. */ hyphen = strchr (element, '-'); if (hyphen) { long int number1, number2; const char *first; char *end; hyphen++; /* Check the first number. */ first = element; while (*first && isblank (*first)) first++; if (*first == '-') goto fail; errno = 0; number1 = strtol (first, &end, 10); while (*end && isblank (*end)) end++; if (errno || (*end != '-')) goto fail; if (number1 == 0) goto fail; if (number1 > 65535) goto fail; /* Check the second number. */ while (*hyphen && isblank (*hyphen)) hyphen++; if (*hyphen == '\0') goto fail; errno = 0; number2 = strtol (hyphen, &end, 10); while (*end && isblank (*end)) end++; if (errno || *end) goto fail; if (number2 == 0) goto fail; if (number2 > 65535) goto fail; if (number1 > number2) goto fail; } else { long int number; const char *only; char *end; /* Check the single number. */ only = element; while (*only && isblank (*only)) only++; /* Empty ranges are OK. */ if (*only) { errno = 0; number = strtol (only, &end, 10); while (*end && isblank (*end)) end++; if (errno || *end) goto fail; if (number == 0) goto fail; if (number > 65535) goto fail; } } point += 1; } g_strfreev (split); return 0; fail: g_strfreev (split); return 1; } /** * @brief Create a range array from a port_range string. * * @param[in] port_range Valid port_range string. * * @return Range array. */ array_t* port_range_ranges (const char *port_range) { gchar **split, **point, *range_start, *current; array_t *ranges; int tcp; if (!port_range) return NULL; ranges = make_array (); while (*port_range && isblank (*port_range)) port_range++; /* Accepts T: and U: before any of the ranges. This toggles the remaining * ranges, as in nmap. Treats a leading naked range as TCP, whereas nmap * treats it as TCP and UDP. */ /* Treat newlines like commas. */ range_start = current = g_strdup (port_range); while (*current) { if (*current == '\n') *current = ','; current++; } tcp = 1; split = g_strsplit (range_start, ",", 0); g_free (range_start); point = split; while (*point) { gchar *hyphen, *element; range_t *range; element = g_strstrip (*point); if (strlen (element) >= 2) { if ((element[0] == 'T') && (element[1] == ':')) { tcp = 1; element = element + 2; } else if ((element[0] == 'U') && (element[1] == ':')) { tcp = 0; element = element + 2; } /* Else tcp stays as it is. */ } /* Skip any space that followed the type specifier. */ while (*element && isblank (*element)) element++; hyphen = strchr (element, '-'); if (hyphen) { *hyphen = '\0'; hyphen++; while (*hyphen && isblank (*hyphen)) hyphen++; assert (*hyphen); /* Validation checks this. */ /* A range. */ range = (range_t*) g_malloc0 (sizeof (range_t)); range->start = atoi (element); range->end = atoi (hyphen); range->type = tcp ? PORT_PROTOCOL_TCP : PORT_PROTOCOL_UDP; range->exclude = 0; array_add (ranges, range); } else if (*element) { /* A single port. */ range = (range_t*) g_malloc0 (sizeof (range_t)); range->start = atoi (element); range->end = range->start; range->type = tcp ? PORT_PROTOCOL_TCP : PORT_PROTOCOL_UDP; range->exclude = 0; array_add (ranges, range); } /* Else skip over empty range. */ point += 1; } g_strfreev (split); return ranges; } /** * @brief Checks if a port num is in port ranges array. * * @param[in] pnum Port number. * @param[in] ptype Port type. * @param[in] pranges Array of port ranges. * * @return 1 if port in port ranges, 0 otherwise. */ int port_in_port_ranges (int pnum, port_protocol_t ptype, array_t *pranges) { unsigned int i; if (pranges == NULL || pnum < 0 || pnum > 65536) return 0; for (i = 0; i < pranges->len; i++) { range_t *range = (range_t *) g_ptr_array_index (pranges, i); if (range->type != ptype) continue; if (range->start <= pnum && pnum <= range->end) return 1; } return 0; } /** * @brief Checks if IPv6 support is enabled. * * @return 1 if IPv6 is enabled, 0 if disabled. */ int ipv6_is_enabled () { int sock = socket (PF_INET6, SOCK_STREAM, 0); if (sock == -1 && errno == EAFNOSUPPORT) return 0; close (sock); return 1; } gvm-libs-9.0.3/base/openvas_networking.h000066400000000000000000000052431334154151000202510ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: OpenVAS Networking related API. * * Authors: * Hani Benhabiles * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include #include #include #include #include #include #include #include #include "array.h" #ifndef _OPENVAS_NETWORKING_H #define _OPENVAS_NETWORKING_H /** * @brief Possible port types. * * Used in Manager database. If any symbol changes then a migrator must be * added to update existing data. */ typedef enum { PORT_PROTOCOL_TCP = 0, PORT_PROTOCOL_UDP = 1, PORT_PROTOCOL_OTHER = 2 } port_protocol_t; /** * @brief A port range. */ struct range { gchar *comment; /* Comment. */ gchar *id; /* UUID. */ int end; /* End port. 0 for single port. */ int exclude; /* Whether to exclude range. */ int start; /* Start port. */ port_protocol_t type; /* Port protocol. */ }; typedef struct range range_t; int openvas_source_iface_init (const char *); int openvas_source_iface_is_set (void); int openvas_source_set_socket (int, int, int); void openvas_source_addr (void *); void openvas_source_addr6 (void *); void openvas_source_addr_as_addr6 (struct in6_addr *); char * openvas_source_addr_str (void); char * openvas_source_addr6_str (void); void ipv4_as_ipv6 (const struct in_addr *, struct in6_addr *); char * addr6_as_str (const struct in6_addr *); void sockaddr_as_str (const struct sockaddr_storage *, char *); int openvas_resolve (const char *, void *, int); int openvas_resolve_as_addr6 (const char *, struct in6_addr *); int validate_port_range (const char *); array_t* port_range_ranges (const char *); int port_in_port_ranges (int, port_protocol_t, array_t *); int ipv6_is_enabled (); #endif /* not _OPENVAS_NETWORKING_H */ gvm-libs-9.0.3/base/openvas_string.c000066400000000000000000000106131334154151000173600ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: String utilities. * * Authors: * Matthew Mundell * * Copyright: * Copyright (C) 2009,2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file openvas_string.c * @brief String utilities. */ /** * @brief Trace flag. * * 0 to turn off all tracing messages. */ #define TRACE 1 #include #include #include #include #include /* for strcmp */ #include #include // FIX #if 0 #include "tracef.h" #endif #include "openvas_string.h" #undef G_LOG_DOMAIN /** * @brief GLib log domain. */ #define G_LOG_DOMAIN "md string" /** * @brief Append a string to a string variable. * * When the variable is NULL store a copy of the given string in the variable. * * When the variable already contains a string replace the string with a new * string that is the concatenation of the two, freeing the old string. It is * up to the caller to free the given string if it was dynamically allocated. * * @param[in] var The address of a string variable, that is, a pointer to * a string. * @param[in] string The string to append to the string in the variable. */ void openvas_append_string (gchar ** var, const gchar * string) { if (*var) { char *old = *var; *var = g_strconcat (old, string, NULL); g_free (old); } else *var = g_strdup (string); } /** * @brief Append a string of a known length to a string variable. * * When the variable is NULL store a copy of the given string in the variable. * * When the variable already contains a string replace the string with a new * string that is the concatenation of the two, freeing the old string. It is * up to the caller to free the given string if it was dynamically allocated. * * The string must be NULL terminated, and the given length must be the * actual length of the string. * * @param[in] var The address of a string variable, that is, a pointer to * a string. * @param[in] string The string to append to the string in the variable. * @param[in] length The length of string. */ void openvas_append_text (gchar ** var, const gchar * string, gsize length) { if (*var) { char *old = *var; *var = g_strconcat (old, string, NULL); g_free (old); } else *var = g_strndup (string, length); } /** * @brief Free a string variable. * * Free the string in the variable and set the variable to NULL. * * @param[in] var The address of a string variable, that is, a pointer to * a string. */ void openvas_free_string_var (string * var) { g_free (*var); *var = NULL; } /** * @brief "Strip" space and newline characters from either end of some memory. * * Return the given pointer moved forward past any spaces, replacing the * first of any contiguous spaces at or before the end of the memory with * a terminating NULL. * * This is for use when string points into a static buffers. * * @param[in,out] string The start of the memory. * @param[in] end Pointer to the byte after the end of the memory. * * @return A new pointer into the string. */ char * openvas_strip_space (char *string, char *end) { assert (string <= end); if (string >= end) return string; end--; while (string[0] == ' ' || string[0] == '\n') { string++; if (string >= end) { end[0] = '\0'; return end; } } /* Here string is < end. */ if (end[0] == ' ' || end[0] == '\n') { end--; while (end >= string && (end[0] == ' ' || end[0] == '\n')) { end--; } end[1] = '\0'; } return string; } gvm-libs-9.0.3/base/openvas_string.h000066400000000000000000000024571334154151000173740ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: String utilities. * * Authors: * Matthew Mundell * Jan-Oliver Wagner * * Copyright: * Copyright (C) 2009 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef _OPENVAS_LIBRARIES_STRING_H #define _OPENVAS_LIBRARIES_STRING_H #include typedef gchar *string; void openvas_append_string (string *, const gchar *); void openvas_append_text (string *, const gchar *, gsize); void openvas_free_string_var (string *); char *openvas_strip_space (char *, char *); #endif /* not _OPENVAS_LIBRARIES_STRING_H */ gvm-libs-9.0.3/base/pidfile.c000066400000000000000000000053271334154151000157410ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: PID-file management. * * Authors: * Jan-Oliver Wagner * * Copyright: * Copyright (C) 2009 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file pidfile.c * @brief PID-file management. */ #include #include /* for g_fopen */ #include /* for FILE */ #include #include /* for strerror */ #include /* for errno */ #include /* for getpid */ #include "pidfile.h" /** * @brief GLib log domain. */ #undef G_LOG_DOMAIN #define G_LOG_DOMAIN "base pidfile" /** * @brief Create a PID-file. * * A standard PID file will be created for the * given daemon name. * * @param[in] daemon_name The name of the daemon (e.g. "openvasmd") * * @return 0 for success, anything else indicates an error. */ int pidfile_create (gchar * daemon_name) { gchar *name_pid = g_strconcat (daemon_name, ".pid", NULL); gchar *pidfile_name = g_build_filename (OPENVAS_PID_DIR, name_pid, NULL); FILE *pidfile = g_fopen (pidfile_name, "w"); g_free (name_pid); if (pidfile == NULL) { g_critical ("%s: failed to open pidfile: %s\n", __FUNCTION__, strerror (errno)); return 1; } else { g_fprintf (pidfile, "%d\n", getpid ()); fclose (pidfile); g_free (pidfile_name); } return 0; } /** * @brief Remove PID file. * * @param[in] daemon_name The name of the daemon (e.g. "openvasmd") */ void pidfile_remove (gchar * daemon_name) { gchar *name_pid = g_strconcat (daemon_name, ".pid", NULL); gchar *pidfile_name = g_build_filename (OPENVAS_PID_DIR, name_pid, NULL); gchar *pidfile_contents; g_free (name_pid); if (g_file_get_contents (pidfile_name, &pidfile_contents, NULL, NULL)) { int pid = atoi (pidfile_contents); if (pid == getpid ()) { g_unlink (pidfile_name); } g_free (pidfile_contents); } g_free (pidfile_name); } gvm-libs-9.0.3/base/pidfile.h000066400000000000000000000021661334154151000157440ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: PID-file management. * * Authors: * Jan-Oliver Wagner * * Copyright: * Copyright (C) 2009 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef _OPENVAS_LIBRARIES_BASE_PIDFILE_H #define _OPENVAS_LIBRARIES_BASE_PIDFILE_H #include int pidfile_create (gchar *); void pidfile_remove (gchar *); #endif /* not _OPENVAS_LIBRARIES_BASE_PIDFILE_H */ gvm-libs-9.0.3/base/pwpolicy.c000066400000000000000000000305661334154151000161760ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Check a password policy * * Authors: * Werner Koch * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file pwpolicy.c * @brief Check passwords against a list of pattern * * See \ref PWPOLICY_FILE_NAME for a syntax description of the pattern * file. */ #include #include #include #include #include #include "pwpolicy.h" #ifndef DIM # define DIM(v) (sizeof(v)/sizeof((v)[0])) # define DIMof(type,member) DIM(((type *)0)->member) #endif #undef G_LOG_DOMAIN /** * @brief GLib log domain. */ #define G_LOG_DOMAIN "base plcy" /** * @brief The name of the pattern file * * This file contains pattern with bad passphrases. The file is line * based with maximum length of 255 bytes per line and expected to be * in UTF-8 encoding. Each line may either be a comment line, a * simple string, a regular expression or a processing instruction. * The lines are parsed sequentially. * * *Comments* are indicated by a hash mark ('#') as the first non * white-space character of a line followed immediately by a space or * end of line. Such a comment line is completely ignored. * * *Simple strings* start after optional leading white-space. They * are compared to the password under validation. The comparison is * case insensitive for all ASCII characters. * * *Regular expressions* start after optional leading white-space with * either a single slash ('/') or an exclamation mark ('!') directly * followed by a slash. They extend to the end of the line but may be * terminated with another slash which may then only be followed by * more white-space. The regular expression are Perl Compatible * Regular Expressions (PCRE) and are by default case insensitive. If * the regular expression line starts with the exclamation mark, the * match is reversed; i.e. an error is returned if the password does * not match. * * *Processing instructions* are special comments to control the * operation of the policy checking. The start like a comment but the * hash mark is immediately followed by a plus ('+') signed, a * keyword, an optional colon (':') and an optional value string. The * following processing instructions are supported: * * #+desc[:] STRING * * This is used to return a meaningful error message. STRING is * used a the description for all errors up to the next /desc/ or * /nodesc/ processing instruction. * * #+nodesc * * This is syntactic sugar for /desc/ without a value. It * switches back to a default error description (pattern file name * and line number). * * #+search[:] FILENAME * * This searches the file with name FILENAME for a match. The * comparison is case insensitive for all ASCII characters. This * is a simple linear search and stops at the first match. * Comments are not allowed in that file. A line in that file may * not be longer than 255 characters. An example for such a file * is "/usr/share/dict/words". * * #+username * * This is used to perform checks on the name/password * combination. Currently this checks whether the password * matches or is included in the password. It may eventually be * extended to further tests. */ #define PWPOLICY_FILE_NAME OPENVAS_SYSCONF_DIR "/pwpolicy.conf" /** * @brief Flag indicating that passwords are not checked. */ static gboolean disable_password_policy; /** * @return A malloced string to be returned on read and configuration * errors. */ static char * policy_checking_failed (void) { return g_strdup ("Password policy checking failed (internal error)"); } /** * @brief Check whether a string starts with a keyword * * Note that the keyword may optionally be terminated by a colon. * * @param string The string to check * @param keyword The keyword * * @return NULL if the keyword is not found. If found a pointer into * @ref line to the value of the keyword with removed leading * spaces is returned. */ static char * is_keyword (char *string, const char *keyword) { int n = strlen (keyword); if (!strncmp (string, keyword, n)) { if (string[n] == ':') /* Skip the optional colon. */ n++; if (!string[n] || g_ascii_isspace (string[n])) { string += n; while (g_ascii_isspace (*string)) string++; return string; } } return NULL; } /** * @brief Search a file for a matching line * * This is a case insensitive search for a password in a file. The * file is assumed to be a simple LF delimited list of words. * * @param fname Name of the file to search. * @param password Password to search for. * * @return -1 if the file could not be opened or a read error * occurred, 0 if password was not found and 1 if password was found. */ static int search_file (const char *fname, const char *password) { FILE *fp; int c; size_t len; char line[256]; fp = fopen (fname, "r"); if (!fp) return -1; while (fgets (line, DIM(line)-1, fp)) { len = strlen (line); if (!len || line[len-1] != '\n') { /* Incomplete last line or line too long. Eat until end of line. */ while ( (c=getc (fp)) != EOF && c != '\n') ; continue; } line[--len] = 0; /* Chop the LF. */ if (len && line[len-1] == '\r') line[--len] = 0; /* Chop an optional CR. */ if (!len) continue; /* Empty */ if (!g_ascii_strcasecmp (line, password)) { fclose (fp); return 1; /* Found. */ } } if (ferror (fp)) { int save_errno = errno; fclose (fp); errno = save_errno; return -1; /* Read error. */ } fclose (fp); return 0; /* Not found. */ } /** * @brief parse one line of a pettern file * * @param line A nul terminated buffer with the content of the line. * The line terminator has already been stripped. It may * be modified after return. * @param fname The name of the pattern file for error reporting * @param lineno The current line number for error reporting * @param descp Pointer to a variable holding the current description * string or NULL for no description. * @param password The password to check. * @param username The username to check. * * @return NULL on success or a malloced string with an error * description. */ static char * parse_pattern_line (char *line, const char *fname, int lineno, char **descp, const char *password, const char *username) { char *ret = NULL; char *p; size_t n; /* Skip leading spaces. */ while (g_ascii_isspace (*line)) line++; if (!*line) /* Empty line. */ { ret = NULL; } else if (*line == '#' && line[1] == '+') /* Processing instruction. */ { line += 2; if ((p = is_keyword (line, "desc"))) { g_free (*descp); if (*p) *descp = g_strdup (p); else *descp = NULL; } else if ((p = is_keyword (line, "nodesc"))) { g_free (*descp); *descp = NULL; } else if ((p = is_keyword (line, "search"))) { int sret; sret = search_file (p, password); if (sret == -1) { g_warning ("error searching '%s' (requested at line %d): %s", p, lineno, g_strerror (errno)); ret = policy_checking_failed (); } else if (sret && *descp) ret = g_strdup_printf ("Weak password (%s)", *descp); else if (sret) ret = g_strdup_printf ("Weak password (found in '%s')", p); else ret = NULL; } else if (is_keyword (line, "username")) { /* Fixme: The include check is case sensitive and the strcmp does only work with ascii. Changing this required a bit more more (g_utf8_casefold) and also requires checking for valid utf8 sequences in the password and all pattern. */ if (!username) ret = NULL; else if (!g_ascii_strcasecmp (password, username)) ret = g_strdup_printf ("Weak password (%s)", "user name matches password"); else if (strstr (password, username)) ret = g_strdup_printf ("Weak password (%s)", "user name is part of the password"); else if (strstr (username, password)) ret = g_strdup_printf ("Weak password (%s)", "password is part of the user name"); else ret = NULL; } else { g_warning ("error reading '%s', line %d: %s", fname, lineno, "unknown processing instruction"); ret = policy_checking_failed (); } } else if (*line == '#') /* Comment */ { ret = NULL; } else if (*line == '/' || (*line == '!' && line[1] == '/')) /* Regular expression. */ { int rev = (*line == '!'); if (rev) line++; line++; n = strlen (line); if (n && line[n-1] == '/') line[n-1] = 0; if (((!g_regex_match_simple (line, password, G_REGEX_CASELESS, 0)) ^ rev)) ret = NULL; else if (*descp) ret = g_strdup_printf ("Weak password (%s)", *descp); else ret = g_strdup_printf ("Weak password (see '%s' line %d)", fname, lineno); } else /* Simple string. */ { if (g_ascii_strcasecmp (line, password)) ret = NULL; else if (*descp) ret = g_strdup_printf ("Weak password (%s)", *descp); else ret = g_strdup_printf ("Weak password (see '%s' line %d)", fname, lineno); } return ret; } /** * @brief Validate a password against the pattern file * * @param[in] password The password to check * @param[in] username The user name or NULL. This is used to check * the passphrase against the user name. * * @return NULL on success or a malloced string with an error * description. */ char * openvas_validate_password (const char *password, const char *username) { const char *patternfile = PWPOLICY_FILE_NAME; char *ret; FILE *fp; int lineno; size_t len; char line[256]; char *desc = NULL; if (disable_password_policy) return NULL; if (!password || !*password) return g_strdup ("Empty password"); fp = fopen (patternfile, "r"); if (!fp) { g_warning ("error opening '%s': %s", patternfile, g_strerror (errno)); return policy_checking_failed (); } lineno = 0; ret = NULL; while (fgets (line, DIM(line)-1, fp)) { lineno++; len = strlen (line); if (!len || line[len-1] != '\n') { g_warning ("error reading '%s', line %d: %s", patternfile, lineno, len? "line too long":"line without a LF"); ret = policy_checking_failed (); break; } line[--len] = 0; /* Chop the LF. */ if (len && line[len-1] == '\r') line[--len] = 0; /* Chop an optional CR. */ ret = parse_pattern_line (line, patternfile, lineno, &desc, password, username); if (ret) break; } fclose (fp); g_free (desc); return ret; } /** * @brief Disable all password policy checking */ void openvas_disable_password_policy (void) { disable_password_policy = TRUE; g_warning ("Password policy checking has been disabled."); } gvm-libs-9.0.3/base/pwpolicy.h000066400000000000000000000024141334154151000161720ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Definitions for password policy checking * * Authors: * Werner Koch * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file pwpolicy.h * @brief Protos and data structures for pwpolicy checking. * * This file contains the protos for \ref pwpolicy.c */ #ifndef _OPENVAS_LIBRARIES_PWPOLICY_H #define _OPENVAS_LIBRARIES_PWPOLICY_H char *openvas_validate_password (const char *, const char *); void openvas_disable_password_policy (void); #endif /*_OPENVAS_LIBRARIES_PWPOLICY_H*/ gvm-libs-9.0.3/base/settings.c000066400000000000000000000121221334154151000161540ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Implementation of API to handle configuration file management * * Authors: * Matthew Mundell * Michael Wiegand * * Copyright: * Copyright (C) 2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file settings.c * @brief Implementation of API to handle configuration file management * */ #include #include #include #include #include "settings.h" /** * @brief Initialise a settings struct from a file. * * @param[in] settings Settings. * @param[in] filename Complete name of the configuration file. * @param[in] group Name of the group in the file. * * @return 0 success, -1 error. */ int settings_init_from_file (settings_t * settings, const gchar * filename, const gchar * group) { GError *error = NULL; if (filename == NULL || group == NULL) return -1; gchar *contents = NULL; if (!g_file_get_contents (filename, &contents, NULL, &error)) { g_error_free (error); return -1; } if (contents != NULL) { gchar *contents_with_group = g_strjoin ("\n", "[Misc]", contents, NULL); settings->key_file = g_key_file_new (); if (!g_key_file_load_from_data (settings->key_file, contents_with_group, strlen (contents_with_group), G_KEY_FILE_KEEP_COMMENTS | G_KEY_FILE_KEEP_TRANSLATIONS, &error)) { g_warning ("Failed to load configuration from %s: %s", filename, error->message); g_error_free (error); g_free (contents_with_group); g_free (contents); return -1; } g_free (contents_with_group); g_free (contents); } settings->group_name = g_strdup (group); settings->file_name = g_strdup (filename); return 0; } /** * @brief Cleanup a settings structure. * * @param[in] settings Settings structure. */ void settings_cleanup (settings_t * settings) { g_free (settings->group_name); g_free (settings->file_name); g_key_file_free (settings->key_file); } /** * @brief Initialise a settings iterator from a file. * * @param[in] iterator Settings iterator. * @param[in] filename Complete name of the configuration file. * @param[in] group Name of the group in the file. * * @return 0 success, -1 error. */ int init_settings_iterator_from_file (settings_iterator_t * iterator, const gchar * filename, const gchar * group) { int ret; gsize keys_length; GError *error = NULL; ret = settings_init_from_file (&iterator->settings, filename, group); if (ret) return ret; iterator->keys = g_key_file_get_keys (iterator->settings.key_file, group, &keys_length, &error); if (iterator->keys == NULL) { if (error) { g_warning ("Failed to retrieve keys of group %s from %s: %s", group, filename, error->message); g_error_free (error); } g_key_file_free (iterator->settings.key_file); return -1; } iterator->current_key = iterator->keys - 1; iterator->last_key = iterator->keys + keys_length - 1; return 0; } /** * @brief Cleanup a settings iterator. * * @param[in] iterator Settings iterator. */ void cleanup_settings_iterator (settings_iterator_t * iterator) { g_strfreev (iterator->keys); settings_cleanup (&iterator->settings); } /** * @brief Increment an iterator. * * @param[in] iterator Settings iterator. * * @return TRUE if there was a next item, else FALSE. */ gboolean settings_iterator_next (settings_iterator_t * iterator) { if (iterator->current_key == iterator->last_key) return FALSE; iterator->current_key++; return TRUE; } /** * @brief Get the name from a settings iterator. * * @param[in] iterator Settings iterator. * * @return Name of current key. */ const gchar * settings_iterator_name (settings_iterator_t * iterator) { return *iterator->current_key; } /** * @brief Get the value from a settings iterator. * * @param[in] iterator Settings iterator. * * @return Value of current key. */ const gchar * settings_iterator_value (settings_iterator_t * iterator) { return g_key_file_get_value (iterator->settings.key_file, iterator->settings.group_name, *iterator->current_key, NULL); } gvm-libs-9.0.3/base/settings.h000066400000000000000000000036271334154151000161730ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: API (structs and protos) for configuration file management * * Authors: * Matthew Mundell * Michael Wiegand * * Copyright: * Copyright (C) 2010 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file settings.h * @brief Protos and data structures for configuration file management * * This file contains the protos for \ref settings.c */ #ifndef _OPENVAS_LIBRARIES_BASE_SETTINGS_H #define _OPENVAS_LIBRARIES_BASE_SETTINGS_H #include typedef struct { gchar *file_name; gchar *group_name; GKeyFile *key_file; } settings_t; void settings_cleanup (settings_t *); typedef struct { gchar **keys; settings_t settings; gchar **current_key; gchar **last_key; } settings_iterator_t; int init_settings_iterator_from_file (settings_iterator_t *, const gchar *, const gchar *); void cleanup_settings_iterator (settings_iterator_t *); int settings_iterator_next (settings_iterator_t *); const gchar *settings_iterator_name (settings_iterator_t *); const gchar *settings_iterator_value (settings_iterator_t *); #endif /* not _OPENVAS_LIBRARIES_BASE_SETTINGS_H */ gvm-libs-9.0.3/base/test-hosts.c000066400000000000000000000063441334154151000164420ustar00rootroot00000000000000/* openvas-libraries/base * $Id$ * Description: Stand-alone tool to test module "openvas_hosts". * * Authors: * Hani Benhabiles * * Copyright: * Copyright (C) 2013 Greenbone Networks GmbH * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. */ /** * @file test-hosts.c * @brief Stand-alone tool to test module "openvas_hosts". * * This file offers a command line interface to test the functionalities * of the hosts object. */ #include #include "openvas_hosts.h" int main (int argc, char **argv) { openvas_hosts_t *hosts; openvas_host_t *host; int i; if (argc < 2) return 1; hosts = openvas_hosts_new (argv[1]); if (hosts == NULL) return 1; if (argv[2]) { if (openvas_hosts_exclude (hosts, argv[2], 1) == -1) return 2; } printf ("Count: %u\n", openvas_hosts_count (hosts)); printf ("Removed: %u\n", openvas_hosts_removed (hosts)); i = 1; while ((host = openvas_hosts_next (hosts))) { char *str; str = openvas_host_value_str (host); if (openvas_host_type (host) == HOST_TYPE_NAME) { char name[INET_ADDRSTRLEN], name6[INET6_ADDRSTRLEN]; struct in_addr addr; struct in6_addr addr6; if (openvas_host_resolve (host, &addr, AF_INET) == -1) { fprintf (stderr, "ERROR - %s: Couldn't resolve IPv4 address.\n", host->name); printf ("#%d %s %s\n", i, openvas_host_type_str (host), str); i++; g_free (str); continue; } if (inet_ntop (AF_INET, &addr, name, sizeof (name)) == NULL) { printf ("inet_ntop() error.\n"); break; } if (openvas_host_resolve (host, &addr6, AF_INET6) == -1) { fprintf (stderr, "ERROR - %s: Couldn't resolve IPv6 address.\n", host->name); printf ("#%d %s %s (%s)\n", i, openvas_host_type_str (host), str, name); i++; g_free (str); continue; } if (inet_ntop (AF_INET6, &addr6, name6, sizeof (name6)) == NULL) { printf ("inet_ntop() error.\n"); break; } printf ("#%d %s %s (%s / %s)\n", i, openvas_host_type_str (host), str, name, name6); } else printf ("#%d %s %s\n", i, openvas_host_type_str (host), str); i++; g_free (str); } openvas_hosts_free (hosts); return 0; } gvm-libs-9.0.3/doc/000077500000000000000000000000001334154151000140055ustar00rootroot00000000000000gvm-libs-9.0.3/doc/CMakeLists.txt000066400000000000000000000036461334154151000165560ustar00rootroot00000000000000# OpenVAS # $Id$ # Description: CMakefile for the openvas-libraries documentation # # Authors: # Matthew Mundell # Michael Wiegand # # Copyright: # Copyright (C) 2011 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ## build include (FindDoxygen) if (NOT DOXYGEN_EXECUTABLE) message (STATUS "WARNING: Doxygen is required to build the HTML docs.") else (NOT DOXYGEN_EXECUTABLE) add_custom_target (doc COMMENT "Building documentation..." DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile ${CMAKE_CURRENT_BINARY_DIR}/.built-html) add_custom_command (OUTPUT .built-html COMMAND sh ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html\;\" DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile) add_custom_target (doc-full COMMENT "Building documentation..." DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full) add_custom_command (OUTPUT .built-html_full COMMAND sh ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full\;\" DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full) endif (NOT DOXYGEN_EXECUTABLE) gvm-libs-9.0.3/doc/Doxyfile.in000066400000000000000000003117171334154151000161320ustar00rootroot00000000000000# Doxyfile 1.8.8 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a double hash (##) is considered a comment and is placed in # front of the TAG it is preceding. # # All text after a single hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists, items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (\" \"). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all text # before the first occurrence of this tag. Doxygen uses libiconv (or the iconv # built into libc) for the transcoding. See http://www.gnu.org/software/libiconv # for the list of possible encodings. # The default value is: UTF-8. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded by # double-quotes, unless you are using Doxywizard) that should identify the # project for which the documentation is generated. This name is used in the # title of most generated pages and in a few other places. # The default value is: My Project. PROJECT_NAME = "OpenVAS Libraries" # The PROJECT_NUMBER tag can be used to enter a project or revision number. This # could be handy for archiving the generated documentation or if some version # control system is used. PROJECT_NUMBER = @CPACK_PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is included in # the documentation. The maximum height of the logo should not exceed 55 pixels # and the maximum width should not exceed 200 pixels. Doxygen will copy the logo # to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is # entered, it will be relative to the location where doxygen was started. If # left blank the current directory will be used. OUTPUT_DIRECTORY = @CMAKE_BINARY_DIR@/doc/generated # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 4096 sub- # directories (in 2 levels) under the output directory of each output format and # will distribute the generated files over these directories. Enabling this # option can be useful when feeding doxygen a huge amount of source files, where # putting all generated files in the same directory would otherwise causes # performance problems for the file system. # The default value is: NO. CREATE_SUBDIRS = NO # If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII # characters to appear in the names of generated files. If set to NO, non-ASCII # characters will be escaped, for example _xE3_x81_x84 will be used for Unicode # U+3044. # The default value is: NO. ALLOW_UNICODE_NAMES = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, # Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), # Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, # Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), # Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, # Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, # Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, # Ukrainian and Vietnamese. # The default value is: English. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. # The default value is: YES. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES doxygen will prepend the brief # description of a member or function before the detailed description # # Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. # The default value is: YES. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator that is # used to form the text in various listings. Each string in this list, if found # as the leading text of the brief description, will be stripped from the text # and the result, after processing the whole list, is used as the annotated # text. Otherwise, the brief description is used as-is. If left blank, the # following values are used ($name is automatically replaced with the name of # the entity):The $name class, The $name widget, The $name file, is, provides, # specifies, contains, represents, a, an and the. ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # doxygen will generate a detailed section even if there is only a brief # description. # The default value is: NO. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. # The default value is: NO. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES doxygen will prepend the full path # before files name in the file list and in the header files. If set to NO the # shortest path that makes the file name unique will be used # The default value is: YES. FULL_PATH_NAMES = YES # The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. # Stripping is only done if one of the specified strings matches the left-hand # part of the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the path to # strip. # # Note that you can specify absolute paths here, but also relative paths, which # will be relative from the directory where doxygen is started. # This tag requires that the tag FULL_PATH_NAMES is set to YES. STRIP_FROM_PATH = @CMAKE_SOURCE_DIR@ # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the # path mentioned in the documentation of a class, which tells the reader which # header file to include in order to use a class. If left blank only the name of # the header file containing the class definition is used. Otherwise one should # specify the list of include paths that are normally passed to the compiler # using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but # less readable) file names. This can be useful is your file systems doesn't # support long names like on DOS, Mac, or CD-ROM. # The default value is: NO. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the # first line (until the first dot) of a Javadoc-style comment as the brief # description. If set to NO, the Javadoc-style will behave just like regular Qt- # style comments (thus requiring an explicit @brief command for a brief # description.) # The default value is: NO. JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus # requiring an explicit \brief command for a brief description.) # The default value is: NO. QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a # multi-line C++ special comment block (i.e. a block of //! or /// comments) as # a brief description. This used to be the default behavior. The new default is # to treat a multi-line C++ comment block as a detailed description. Set this # tag to YES if you prefer the old behavior instead. # # Note that setting this tag to YES also means that rational rose comments are # not recognized any more. # The default value is: NO. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce a # new page for each member. If set to NO, the documentation of a member will be # part of the file/class/namespace that contains it. # The default value is: NO. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen # uses this value to replace tabs by spaces in code fragments. # Minimum value: 1, maximum value: 16, default value: 4. TAB_SIZE = 2 # This tag can be used to specify a number of aliases that act as commands in # the documentation. An alias has the form: # name=value # For example adding # "sideeffect=@par Side Effects:\n" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines. ALIASES = "TODO=\todo" \ "naslfn{1}=\par NASL Function: \b \1\n" \ "nasluparam=\par NASL Unnamed Parameters:\n" \ "naslnparam=\par NASL Named Parameters:\n" \ "naslret=\par NASL Returns:\n" # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding "class=itcl::class" # will allow you to use the command class in the itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all # members will be omitted, etc. # The default value is: NO. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored # for that language. For instance, namespaces will be presented as packages, # qualified scopes will look different, etc. # The default value is: NO. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources. Doxygen will then generate output that is tailored for Fortran. # The default value is: NO. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for VHDL. # The default value is: NO. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, Javascript, # C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: # FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: # Fortran. In the later case the parser tries to guess whether the code is fixed # or free formatted code, this is the default for Fortran type files), VHDL. For # instance to make doxygen treat .inc files as Fortran files (default is PHP), # and .f files as C (default is Fortran), use: inc=Fortran f=C. # # Note For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise # the files are not read by doxygen. EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. # The default value is: YES. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can # be prevented in individual cases by by putting a % sign in front of the word # or globally by setting AUTOLINK_SUPPORT to NO. # The default value is: YES. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should set this # tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); # versus func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. # The default value is: NO. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. # The default value is: NO. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip (see: # http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen # will parse them like normal C++ but will assume all classes use public instead # of private inheritance when no explicit protection keyword is present. # The default value is: NO. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES will make # doxygen to replace the get and set methods by a property in the documentation. # This will only work if the methods are indeed getting or setting a simple # type. If this is not the case, or you want to show the methods anyway, you # should set this option to NO. # The default value is: YES. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. # The default value is: NO. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES to allow class member groups of the same type # (for instance a group of public functions) to be put as a subgroup of that # type (e.g. under the Public Functions section). Set it to NO to prevent # subgrouping. Alternatively, this can be done per class using the # \nosubgrouping command. # The default value is: YES. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions # are shown inside the group in which they are included (e.g. using \ingroup) # instead of on a separate page (for HTML and Man pages) or section (for LaTeX # and RTF). # # Note that this feature does not work in combination with # SEPARATE_MEMBER_PAGES. # The default value is: NO. INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions # with only public data fields or simple typedef fields will be shown inline in # the documentation of the scope in which they are defined (i.e. file, # namespace, or group documentation), provided this scope is documented. If set # to NO, structs, classes, and unions are shown on a separate page (for HTML and # Man pages) or section (for LaTeX and RTF). # The default value is: NO. INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or # enum is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically be # useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. # The default value is: NO. TYPEDEF_HIDES_STRUCT = NO # The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This # cache is used to resolve symbols given their name and scope. Since this can be # an expensive process and often the same symbol appears multiple times in the # code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small # doxygen will become slower. If the cache is too large, memory is wasted. The # cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range # is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 # symbols. At the end of a run doxygen will report the cache usage and suggest # the optimal cache size from a speed point of view. # Minimum value: 0, maximum value: 9, default value: 0. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. Private # class members and static file members will be hidden unless the # EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. # Note: This will also disable the warnings about undocumented members that are # normally produced when WARNINGS is set to YES. # The default value is: NO. EXTRACT_ALL = YES # If the EXTRACT_PRIVATE tag is set to YES all private members of a class will # be included in the documentation. # The default value is: NO. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES all members with package or internal # scope will be included in the documentation. # The default value is: NO. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file will be # included in the documentation. # The default value is: NO. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) defined # locally in source files will be included in the documentation. If set to NO # only classes defined in header files are included. Does not have any effect # for Java sources. # The default value is: YES. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. When set to YES local methods, # which are defined in the implementation section but not in the interface are # included in the documentation. If set to NO only methods in the interface are # included. # The default value is: NO. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base name of # the file that contains the anonymous namespace. By default anonymous namespace # are hidden. # The default value is: NO. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation # section is generated. This option has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_MEMBERS = NO # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. If set # to NO these classes will be included in the various overviews. This option has # no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend # (class|struct|union) declarations. If set to NO these declarations will be # included in the documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any # documentation blocks found inside the body of a function. If set to NO these # blocks will be appended to the function's detailed documentation block. # The default value is: NO. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation that is typed after a # \internal command is included. If the tag is set to NO then the documentation # will be excluded. Set it to YES to include the internal documentation. # The default value is: NO. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file # names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. # The default value is: system dependent. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with # their full class and namespace scopes in the documentation. If set to YES the # scope will be hidden. # The default value is: NO. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. SHOW_INCLUDE_FILES = YES # If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each # grouped member an include statement to the documentation, telling the reader # which file to include in order to use the member. # The default value is: NO. SHOW_GROUPED_MEMB_INC = NO # If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. # The default value is: YES. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the # (detailed) documentation of file and class members alphabetically by member # name. If set to NO the members will appear in declaration order. # The default value is: YES. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief # descriptions of file, namespace and class members alphabetically by member # name. If set to NO the members will appear in declaration order. Note that # this will also influence the order of the classes in the class list. # The default value is: NO. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the # (brief and detailed) documentation of class members so that constructors and # destructors are listed first. If set to NO the constructors will appear in the # respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. # Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief # member documentation. # Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting # detailed member documentation. # The default value is: NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy # of group names into alphabetical order. If set to NO the group names will # appear in their defined order. # The default value is: NO. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by # fully-qualified names, including namespaces. If set to NO, the class list will # be sorted only by class name, not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the alphabetical # list. # The default value is: NO. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper # type resolution of all parameters of a function it will reject a match between # the prototype and the implementation of a member function even if there is # only one candidate or it is obvious which candidate to choose by doing a # simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still # accept a match between prototype and implementation in such cases. # The default value is: NO. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable ( YES) or disable ( NO) the # todo list. This list is created by putting \todo commands in the # documentation. # The default value is: YES. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable ( YES) or disable ( NO) the # test list. This list is created by putting \test commands in the # documentation. # The default value is: YES. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable ( YES) or disable ( NO) the bug # list. This list is created by putting \bug commands in the documentation. # The default value is: YES. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable ( YES) or disable ( NO) # the deprecated list. This list is created by putting \deprecated commands in # the documentation. # The default value is: YES. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional documentation # sections, marked by \if ... \endif and \cond # ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the # initial value of a variable or macro / define can have for it to appear in the # documentation. If the initializer consists of more lines than specified here # it will be hidden. Use a value of 0 to hide initializers completely. The # appearance of the value of individual variables and macros / defines can be # controlled using \showinitializer or \hideinitializer command in the # documentation regardless of this setting. # Minimum value: 0, maximum value: 10000, default value: 30. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated at # the bottom of the documentation of classes and structs. If set to YES the list # will mention the files that were used to generate the documentation. # The default value is: YES. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. This # will remove the Files entry from the Quick Index and from the Folder Tree View # (if specified). # The default value is: YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces # page. This will remove the Namespaces entry from the Quick Index and from the # Folder Tree View (if specified). # The default value is: YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command command input-file, where command is the value of the # FILE_VERSION_FILTER tag, and input-file is the name of an input file provided # by doxygen. Whatever the program writes to standard output is used as the file # version. For an example see the documentation. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml # will be used as the name of the layout file. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE # tag is left empty. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files containing # the reference definitions. This must be a list of .bib files. The .bib # extension is automatically appended if omitted. This requires the bibtex tool # to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. # For LaTeX the style of the bibliography can be controlled using # LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the # search path. See also \cite for info how to create references. CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated to # standard output by doxygen. If QUIET is set to YES this implies that the # messages are off. # The default value is: NO. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated to standard error ( stderr) by doxygen. If WARNINGS is set to YES # this implies that the warnings are on. # # Tip: Turn warnings on while writing the documentation. # The default value is: YES. WARNINGS = YES # If the WARN_IF_UNDOCUMENTED tag is set to YES, then doxygen will generate # warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag # will automatically be disabled. # The default value is: YES. WARN_IF_UNDOCUMENTED = YES # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some parameters # in a documented function, or documenting parameters that don't exist or using # markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO doxygen will only warn about wrong or incomplete parameter # documentation, but not about the absence of documentation. # The default value is: NO. WARN_NO_PARAMDOC = YES # The WARN_FORMAT tag determines the format of the warning messages that doxygen # can produce. The string should contain the $file, $line, and $text tags, which # will be replaced by the file and line number from which the warning originated # and the warning text. Optionally the format may contain $version, which will # be replaced by the version of the file (if it could be obtained via # FILE_VERSION_FILTER) # The default value is: $file:$line: $text. WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard # error (stderr). WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag is used to specify the files and/or directories that contain # documented source files. You may enter file names like myfile.cpp or # directories like /usr/src/myproject. Separate the files or directories with # spaces. # Note: If this tag is empty the current directory is searched. INPUT = @CMAKE_SOURCE_DIR@/base \ @CMAKE_SOURCE_DIR@/misc \ @CMAKE_SOURCE_DIR@/nasl \ @CMAKE_SOURCE_DIR@/omp \ @CMAKE_SOURCE_DIR@/osp # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv # documentation (see: http://www.gnu.org/software/libiconv) for the list of # possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank the # following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii, # *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, # *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, # *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, # *.qsf, *.as and *.js. FILE_PATTERNS = # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. # The default value is: NO. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. # The default value is: NO. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories for example use the pattern */test/* EXCLUDE_PATTERNS = # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or directories # that contain example code fragments that are included (see the \include # command). EXAMPLE_PATH = @CMAKE_SOURCE_DIR@ \ @CMAKE_SOURCE_DIR@/doc # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank all # files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude commands # irrespective of the value of the RECURSIVE tag. # The default value is: NO. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or directories # that contain images that are to be included in the documentation (see the # \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command: # # # # where is the value of the INPUT_FILTER tag, and is the # name of an input file. Doxygen will then use the output that the filter # program writes to standard output. If FILTER_PATTERNS is specified, this tag # will be ignored. # # Note that the filter must not add or remove lines; it is applied before the # code is scanned, but not when the output code is generated. If lines are added # or removed, the anchors will not be placed correctly. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: pattern=filter # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how # filters are used. If the FILTER_PATTERNS tag is empty or if none of the # patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER ) will also be used to filter the input files that are used for # producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). # The default value is: NO. FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) and # it is also possible to disable source filtering for a specific pattern using # *.ext= (so without naming a filter). # This tag requires that the tag FILTER_SOURCE_FILES is set to YES. FILTER_SOURCE_PATTERNS = # If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page # (index.html). This can be useful if you have a project on for instance GitHub # and want to reuse the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will be # generated. Documented entities will be cross-referenced with these sources. # # Note: To get rid of all source code in the generated output, make sure that # also VERBATIM_HEADERS is set to NO. # The default value is: NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body of functions, # classes and enums directly into the documentation. # The default value is: NO. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any # special comment blocks from generated source code fragments. Normal C, C++ and # Fortran comments will always remain visible. # The default value is: YES. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # function all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES, then the hyperlinks from functions in REFERENCES_RELATION and # REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will # link to the documentation. # The default value is: YES. REFERENCES_LINK_SOURCE = YES # If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the # source code will show a tooltip with additional information such as prototype, # brief description and links to the definition and documentation. Since this # will make the HTML file larger and loading of large files a bit slower, you # can opt to disable this feature. # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. SOURCE_TOOLTIPS = YES # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in # source browser. The htags tool is part of GNU's global source tagging system # (see http://www.gnu.org/software/global/global.html). You will need version # 4.8.6 or higher. # # To use it do the following: # - Install the latest version of global # - Enable SOURCE_BROWSER and USE_HTAGS in the config file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # # Doxygen will invoke htags (and that will in turn invoke gtags), so these # tools must be available from the command line (i.e. in the search path). # # The result: instead of the source browser generated by doxygen, the links to # source code will now point to the output of htags. # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is # specified. Set to NO to disable this. # See also: Section \class. # The default value is: YES. VERBATIM_HEADERS = YES # If the CLANG_ASSISTED_PARSING tag is set to YES, then doxygen will use the # clang parser (see: http://clang.llvm.org/) for more accurate parsing at the # cost of reduced performance. This can be particularly helpful with template # rich C++ code for which doxygen's built-in parser lacks the necessary type # information. # Note: The availability of this option depends on whether or not doxygen was # compiled with the --with-libclang option. # The default value is: NO. CLANG_ASSISTED_PARSING = NO # If clang assisted parsing is enabled you can provide the compiler with command # line options that you would normally use when invoking the compiler. Note that # the include paths will already be set by doxygen for the files and directories # specified with INPUT and INCLUDE_PATH. # This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. CLANG_OPTIONS = #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all # compounds will be generated. Enable this if the project contains a lot of # classes, structs, unions or interfaces. # The default value is: YES. ALPHABETICAL_INDEX = YES # The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in # which the alphabetical index list will be split. # Minimum value: 1, maximum value: 20, default value: 5. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored # while generating the index headers. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES doxygen will generate HTML output # The default value is: YES. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). # The default value is: .html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a user-defined HTML header file for # each generated HTML page. If the tag is left blank doxygen will generate a # standard header. # # To get valid HTML the header file that includes any scripts and style sheets # that doxygen needs, which is dependent on the configuration options used (e.g. # the setting GENERATE_TREEVIEW). It is highly recommended to start with a # default header using # doxygen -w html new_header.html new_footer.html new_stylesheet.css # YourConfigFile # and then modify the file new_header.html. See also section "Doxygen usage" # for information on how to generate the default header that doxygen normally # uses. # Note: The header is subject to change so you typically have to regenerate the # default header when upgrading to a newer version of doxygen. For a description # of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each # generated HTML page. If the tag is left blank doxygen will generate a standard # footer. See HTML_HEADER for more information on how to generate a default # footer and what special commands can be used inside the footer. See also # section "Doxygen usage" for information on how to generate the default footer # that doxygen normally uses. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading style # sheet that is used by each HTML page. It can be used to fine-tune the look of # the HTML output. If left blank doxygen will generate a default style sheet. # See also section "Doxygen usage" for information on how to generate the style # sheet that doxygen normally uses. # Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as # it is more robust and this tag (HTML_STYLESHEET) will in the future become # obsolete. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined # cascading style sheets that are included after the standard style sheets # created by doxygen. Using this option one can overrule certain style aspects. # This is preferred over using HTML_STYLESHEET since it does not replace the # standard style sheet and is therefor more robust against future updates. # Doxygen will copy the style sheet files to the output directory. # Note: The order of the extra stylesheet files is of importance (e.g. the last # stylesheet in the list overrules the setting of the previous ones in the # list). For an example see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that the # files will be copied as-is; there are no commands or markers available. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the stylesheet and background images according to # this color. Hue is specified as an angle on a colorwheel, see # http://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. # Minimum value: 0, maximum value: 359, default value: 220. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors # in the HTML output. For a value of 0 the output will use grayscales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the # luminance component of the colors in the HTML output. Values below 100 # gradually make the output lighter, whereas values above 100 make the output # darker. The value divided by 100 is the actual gamma applied, so 80 represents # a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not # change the gamma. # Minimum value: 40, maximum value: 240, default value: 80. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting this # to NO can help when comparing the output of multiple runs. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_TIMESTAMP = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries # shown in the various tree structured indices initially; the user can expand # and collapse entries dynamically later on. Doxygen will expand the tree to # such a level that at most the specified number of entries are visible (unless # a fully collapsed tree already exceeds this amount). So setting the number of # entries 1 will produce a full collapsed tree by default. 0 is a special value # representing an infinite number of entries and will result in a full expanded # tree by default. # Minimum value: 0, maximum value: 9999, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development # environment (see: http://developer.apple.com/tools/xcode/), introduced with # OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_DOCSET = NO # This tag determines the name of the docset feed. A documentation feed provides # an umbrella under which multiple documentation sets from a single provider # (such as a company or product suite) can be grouped. # The default value is: Doxygen generated docs. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_FEEDNAME = "Doxygen generated docs" # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_BUNDLE_ID = org.doxygen.Project # The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. # The default value is: org.doxygen.Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. # The default value is: Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop # (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML # files are now used as the Windows 98 help format, and will replace the old # Windows help format (.hlp) on all Windows platforms in the future. Compressed # HTML files also contain an index, a table of contents, and you can search for # words in the documentation. The HTML workshop also contains a viewer for # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be # written to the html output directory. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_FILE = # The HHC_LOCATION tag can be used to specify the location (absolute path # including file name) of the HTML help compiler ( hhc.exe). If non-empty # doxygen will try to run the HTML help compiler on the generated index.hhp. # The file has to be specified with full path. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated ( # YES) or that it should be included in the master .chm file ( NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. GENERATE_CHI = NO # The CHM_INDEX_ENCODING is used to encode HtmlHelp index ( hhk), content ( hhc) # and project file content. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_INDEX_ENCODING = # The BINARY_TOC flag controls whether a binary table of contents is generated ( # YES) or a normal table of contents ( NO) in the .chm file. Furthermore it # enables the Previous and Next buttons. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members to # the table of contents of the HTML help documentation and to the tree view. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help # (.qch) of the generated HTML documentation. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify # the file name of the resulting .qch file. The path specified is relative to # the HTML output folder. # This tag requires that the tag GENERATE_QHP is set to YES. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace # (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual # Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- # folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: # http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = # The QHG_LOCATION tag can be used to specify the location of Qt's # qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the # generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be # generated, together with the HTML files, they form an Eclipse help plugin. To # install this plugin and make it available under the help contents menu in # Eclipse, the contents of the directory containing the HTML and XML files needs # to be copied into the plugins directory of eclipse. The name of the directory # within the plugins directory should be the same as the ECLIPSE_DOC_ID value. # After copying Eclipse needs to be restarted before the help appears. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_ECLIPSEHELP = NO # A unique identifier for the Eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have this # name. Each documentation set should have its own identifier. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. ECLIPSE_DOC_ID = org.doxygen.Project # If you want full control over the layout of the generated HTML pages it might # be necessary to disable the index and replace it with your own. The # DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top # of each HTML page. A value of NO enables the index and the value YES disables # it. Since the tabs in the index contain the same information as the navigation # tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. If the tag # value is set to YES, a side panel will be generated containing a tree-like # index structure (just like the one that is generated for HTML Help). For this # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom stylesheets (see HTML_EXTRA_STYLESHEET) one can # further fine-tune the look of the index. As an example, the default style # sheet generated by doxygen has an example that shows how to put an image at # the root of the tree instead of the PROJECT_NAME. Since the tree basically has # the same information as the tab index, you could consider setting # DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = NO # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # # Note that a value of 0 will completely suppress the enum values from appearing # in the overview section. # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. # Minimum value: 0, maximum value: 1500, default value: 250. # This tag requires that the tag GENERATE_HTML is set to YES. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open links to # external symbols imported via tag files in a separate window. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML # output directory to force them to be regenerated. # Minimum value: 8, maximum value: 50, default value: 10. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # # Note that when changing this option you need to delete any form_*.png files in # the HTML output directory before the changes have effect. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see # http://www.mathjax.org) which uses client side Javascript for the rendering # instead of using prerendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path # to it using the MATHJAX_RELPATH option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: # http://docs.mathjax.org/en/latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the HTML # output directory using the MATHJAX_RELPATH option. The destination directory # should contain the MathJax.js script. For instance, if the mathjax directory # is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from http://www.mathjax.org before deployment. # The default value is: http://cdn.mathjax.org/mathjax/latest. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site # (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_CODEFILE = # When the SEARCHENGINE tag is enabled doxygen will generate a search box for # the HTML output. The underlying search engine uses javascript and DHTML and # should work on any modern browser. Note that when using HTML help # (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) # there is already a search function so this one should typically be disabled. # For large projects the javascript based search engine can be slow, then # enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to # search using the keyboard; to jump to the search box use + S # (what the is depends on the OS and browser, but it is typically # , /