Greenbone Vulnerability Management Libraries  21.4.2
Macros | Functions | Variables
serverutils.c File Reference

GnuTLS based functions for server communication. More...

#include "serverutils.h"
#include "../base/hosts.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <gcrypt.h>
#include <glib.h>
#include <gnutls/x509.h>
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>

Macros

#define _GNU_SOURCE
 
#define G_LOG_DOMAIN   "libgvm util"
 GLib logging domain. More...
 

Functions

static int server_attach_internal (int socket, gnutls_session_t *session, const char *host, int port)
 Attach a socket to a session, and shake hands with the peer. More...
 
static int server_new_internal (unsigned int end_type, const char *priority, const gchar *ca_cert_file, const gchar *cert_file, const gchar *key_file, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
 Make a session for connecting to a server. More...
 
static int close_unix (gvm_connection_t *client_connection)
 Close UNIX socket connection. More...
 
void gvm_connection_free (gvm_connection_t *client_connection)
 Free connection. More...
 
int gvm_server_verify (gnutls_session_t session)
 Verify certificate. More...
 
int load_gnutls_file (const char *file, gnutls_datum_t *loaded_file)
 Loads a file's data into gnutls_datum_t struct. More...
 
void unload_gnutls_file (gnutls_datum_t *data)
 Unloads a gnutls_datum_t struct's data. More...
 
static void set_cert_pub_mem (const char *data)
 Save cert_pub_mem with public certificate. More...
 
static void set_cert_priv_mem (const char *data)
 Save cert_priv_mem with private certificate. More...
 
static const char * get_cert_priv_mem ()
 Get private certificate from cert_priv_mem. More...
 
static const char * get_cert_pub_mem ()
 Get public certificate from cert_pub_mem. More...
 
static int client_cert_callback (gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t *sign_algos, int sign_algos_length, gnutls_retr2_st *st)
 Callback function to be called in order to retrieve the certificate to be used in the handshake. More...
 
int gvm_server_open_verify (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem, int verify)
 Connect to the server using a given host, port and cert. More...
 
int gvm_server_open_with_cert (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem)
 Connect to the server using a given host, port and cert. More...
 
int gvm_server_open (gnutls_session_t *session, const char *host, int port)
 Connect to the server using a given host and port. More...
 
int gvm_server_close (int socket, gnutls_session_t session)
 Close a server connection and its socket. More...
 
void gvm_connection_close (gvm_connection_t *connection)
 Close a server connection and its socket. More...
 
int gvm_server_attach (int socket, gnutls_session_t *session)
 Attach a socket to a session, and shake hands with the peer. More...
 
static int gvm_server_vsendf_internal (gnutls_session_t *session, const char *fmt, va_list ap, int quiet)
 Send a string to the server. More...
 
static int unix_vsendf_internal (int socket, const char *fmt, va_list ap, int quiet)
 Send a string to the server. More...
 
static int gvm_connection_vsendf_internal (gvm_connection_t *connection, const char *fmt, va_list ap, int quiet)
 Send a string to the connection. More...
 
int gvm_server_vsendf (gnutls_session_t *session, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int gvm_socket_vsendf (int socket, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int gvm_connection_vsendf (gvm_connection_t *connection, const char *fmt, va_list ap)
 Send a string to the server. More...
 
int gvm_server_vsendf_quiet (gnutls_session_t *session, const char *fmt, va_list ap)
 Send a string to the server, refraining from logging besides warnings. More...
 
int gvm_connection_vsendf_quiet (gvm_connection_t *connection, const char *fmt, va_list ap)
 Send a string to the server, refraining from logging besides warnings. More...
 
int gvm_server_sendf (gnutls_session_t *session, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_connection_sendf (gvm_connection_t *connection, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_server_sendf_quiet (gnutls_session_t *session, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_connection_sendf_quiet (gvm_connection_t *connection, const char *format,...)
 Format and send a string to the server. More...
 
int gvm_server_sendf_xml (gnutls_session_t *session, const char *format,...)
 Format and send an XML string to the server. More...
 
int gvm_connection_sendf_xml (gvm_connection_t *connection, const char *format,...)
 Format and send an XML string to the server. More...
 
int gvm_server_sendf_xml_quiet (gnutls_session_t *session, const char *format,...)
 Format and send an XML string to the server. More...
 
int gvm_connection_sendf_xml_quiet (gvm_connection_t *connection, const char *format,...)
 Format and send an XML string to the server. More...
 
static int server_new_gnutls_init (gnutls_certificate_credentials_t *server_credentials)
 Initialize a server session. More...
 
static int server_new_gnutls_set (unsigned int end_type, const char *priority, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
 Set the server credencials. More...
 
int gvm_server_new (unsigned int end_type, gchar *ca_cert_file, gchar *cert_file, gchar *key_file, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials)
 Make a session for connecting to a server. More...
 
int gvm_server_new_mem (unsigned int end_type, const char *ca_cert, const char *pub_key, const char *priv_key, gnutls_session_t *session, gnutls_certificate_credentials_t *credentials)
 Make a session for connecting to a server, with certificates stored in memory. More...
 
int set_gnutls_dhparams (gnutls_certificate_credentials_t creds, const char *dhparams_file)
 Set a gnutls session's Diffie-Hellman parameters. More...
 
int gvm_server_free (int server_socket, gnutls_session_t server_session, gnutls_certificate_credentials_t server_credentials)
 Cleanup a server session. More...
 

Variables

struct sockaddr_in address
 Server address. More...
 
static char * cert_pub_mem = NULL
 
static char * cert_priv_mem = NULL
 

Detailed Description

GnuTLS based functions for server communication.

This library supplies low-level communication functions for communication with a server over GnuTLS.

Macro Definition Documentation

◆ _GNU_SOURCE

#define _GNU_SOURCE

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "libgvm util"

GLib logging domain.

Function Documentation

◆ client_cert_callback()

static int client_cert_callback ( gnutls_session_t  session,
const gnutls_datum_t *  req_ca_rdn,
int  nreqs,
const gnutls_pk_algorithm_t *  sign_algos,
int  sign_algos_length,
gnutls_retr2_st *  st 
)
static

Callback function to be called in order to retrieve the certificate to be used in the handshake.

Parameters
[in]sessionPointer to GNUTLS session. Not in used. Can be NULL.
[in]req_ca_rdnContains a list with the CA names that the server considers trusted. Not in used. Can be NULL.
[in]nreqsNumber of CA requested. Not in used. Can be NULL.
[in]sign_algoscontains a list with server's acceptable public key algorithms. Not in used. Can be NULL.
[in]sign_algos_lengthAlgos list length. Not in used. Can be NULL.
[out]stShould contain the certificates and private keys
Returns
0 on success, non-null otherwise.

◆ close_unix()

static int close_unix ( gvm_connection_t client_connection)
static

Close UNIX socket connection.

Parameters
[in]client_connectionClient connection.
Returns
0 success, -1 error.

◆ get_cert_priv_mem()

static const char* get_cert_priv_mem ( )
static

Get private certificate from cert_priv_mem.

Returns
The DER or PEM encoded certificate.

◆ get_cert_pub_mem()

static const char* get_cert_pub_mem ( )
static

Get public certificate from cert_pub_mem.

Returns
The DER or PEM encoded certificate.

◆ gvm_connection_close()

void gvm_connection_close ( gvm_connection_t connection)

Close a server connection and its socket.

Parameters
[in]connectionConnection.
Returns
0 on success, -1 on error.

◆ gvm_connection_free()

void gvm_connection_free ( gvm_connection_t client_connection)

Free connection.

Parameters
[in]client_connectionConnection.

◆ gvm_connection_sendf()

int gvm_connection_sendf ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_connection_sendf_quiet()

int gvm_connection_sendf_quiet ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_connection_sendf_xml()

int gvm_connection_sendf_xml ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_connection_sendf_xml_quiet()

int gvm_connection_sendf_xml_quiet ( gvm_connection_t connection,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters
[in]connectionConnection.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_connection_vsendf()

int gvm_connection_vsendf ( gvm_connection_t connection,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]connectionConnection.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ gvm_connection_vsendf_internal()

static int gvm_connection_vsendf_internal ( gvm_connection_t connection,
const char *  fmt,
va_list  ap,
int  quiet 
)
static

Send a string to the connection.

Parameters
[in]connectionConnection.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
[in]quietWhether to log debug and info messages. Useful for hiding passwords.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ gvm_connection_vsendf_quiet()

int gvm_connection_vsendf_quiet ( gvm_connection_t connection,
const char *  fmt,
va_list  ap 
)

Send a string to the server, refraining from logging besides warnings.

Parameters
[in]connectionConnection.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ gvm_server_attach()

int gvm_server_attach ( int  socket,
gnutls_session_t *  session 
)

Attach a socket to a session, and shake hands with the peer.

Parameters
[in]socketSocket.
[in]sessionPointer to GNUTLS session. FIXME: Why is this a pointer to a session?
Returns
0 on success, -1 on error.

◆ gvm_server_close()

int gvm_server_close ( int  socket,
gnutls_session_t  session 
)

Close a server connection and its socket.

Parameters
[in]socketSocket connected to server.
[in]sessionGNUTLS session with server.
Returns
0 on success, -1 on error.

◆ gvm_server_free()

int gvm_server_free ( int  server_socket,
gnutls_session_t  server_session,
gnutls_certificate_credentials_t  server_credentials 
)

Cleanup a server session.

This shuts down the TLS session, closes the socket and releases the TLS resources.

Parameters
[in]server_socketThe socket connected to the server.
[in]server_sessionThe session with the server.
[in]server_credentialsCredentials or NULL.
Returns
0 success, -1 error.

◆ gvm_server_new()

int gvm_server_new ( unsigned int  end_type,
gchar *  ca_cert_file,
gchar *  cert_file,
gchar *  key_file,
gnutls_session_t *  server_session,
gnutls_certificate_credentials_t *  server_credentials 
)

Make a session for connecting to a server.

Parameters
[in]end_typeConnection end type (GNUTLS_SERVER or GNUTLS_CLIENT).
[in]ca_cert_fileCertificate authority file.
[in]cert_fileCertificate file.
[in]key_fileKey file.
[out]server_sessionThe session with the server.
[out]server_credentialsServer credentials.
Returns
0 on success, -1 on error.

◆ gvm_server_new_mem()

int gvm_server_new_mem ( unsigned int  end_type,
const char *  ca_cert,
const char *  pub_key,
const char *  priv_key,
gnutls_session_t *  session,
gnutls_certificate_credentials_t *  credentials 
)

Make a session for connecting to a server, with certificates stored in memory.

Parameters
[in]end_typeConnection end type: GNUTLS_SERVER or GNUTLS_CLIENT.
[in]ca_certCertificate authority public key.
[in]pub_keyPublic key.
[in]priv_keyPrivate key.
[out]sessionThe session with the server.
[out]credentialsServer credentials.
Returns
0 on success, -1 on error.

◆ gvm_server_open()

int gvm_server_open ( gnutls_session_t *  session,
const char *  host,
int  port 
)

Connect to the server using a given host and port.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
Returns
0 on success, -1 on error.

◆ gvm_server_open_verify()

int gvm_server_open_verify ( gnutls_session_t *  session,
const char *  host,
int  port,
const char *  ca_mem,
const char *  pub_mem,
const char *  priv_mem,
int  verify 
)

Connect to the server using a given host, port and cert.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
[in]ca_memCA cert.
[in]pub_memPublic key.
[in]priv_memPrivate key.
[in]verifyWhether to verify.
Returns
0 on success, -1 on error.
Warning
On success we are leaking the credentials. We can't free them because the session only makes a shallow copy.

◆ gvm_server_open_with_cert()

int gvm_server_open_with_cert ( gnutls_session_t *  session,
const char *  host,
int  port,
const char *  ca_mem,
const char *  pub_mem,
const char *  priv_mem 
)

Connect to the server using a given host, port and cert.

Verify if all cert args are given.

Parameters
[in]sessionPointer to GNUTLS session.
[in]hostHost to connect to.
[in]portPort to connect to.
[in]ca_memCA cert.
[in]pub_memPublic key.
[in]priv_memPrivate key.
Returns
0 on success, -1 on error.

◆ gvm_server_sendf()

int gvm_server_sendf ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_server_sendf_quiet()

int gvm_server_sendf_quiet ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_server_sendf_xml()

int gvm_server_sendf_xml ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_server_sendf_xml_quiet()

int gvm_server_sendf_xml_quiet ( gnutls_session_t *  session,
const char *  format,
  ... 
)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]formatprintf-style format string for message.
Returns
0 on success, -1 on error.

◆ gvm_server_verify()

int gvm_server_verify ( gnutls_session_t  session)

Verify certificate.

Parameters
[in]sessionPointer to GNUTLS session.
Returns
0 on success, 1 on failure, -1 on error.

◆ gvm_server_vsendf()

int gvm_server_vsendf ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ gvm_server_vsendf_internal()

static int gvm_server_vsendf_internal ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap,
int  quiet 
)
static

Send a string to the server.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
[in]quietWhether to log debug and info messages. Useful for hiding passwords.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ gvm_server_vsendf_quiet()

int gvm_server_vsendf_quiet ( gnutls_session_t *  session,
const char *  fmt,
va_list  ap 
)

Send a string to the server, refraining from logging besides warnings.

Parameters
[in]sessionPointer to GNUTLS session.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ gvm_socket_vsendf()

int gvm_socket_vsendf ( int  socket,
const char *  fmt,
va_list  ap 
)

Send a string to the server.

Parameters
[in]socketSocket to send string through.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ load_gnutls_file()

int load_gnutls_file ( const char *  file,
gnutls_datum_t *  loaded_file 
)

Loads a file's data into gnutls_datum_t struct.

Parameters
[in]fileFile to load.
[out]loaded_fileDestination to load file into.
Returns
0 if success, -1 if error.

◆ server_attach_internal()

static int server_attach_internal ( int  socket,
gnutls_session_t *  session,
const char *  host,
int  port 
)
static

Attach a socket to a session, and shake hands with the peer.

Parameters
[in]socketSocket.
[in]sessionPointer to GNUTLS session.
[in]hostNULL or the name of the host for diagnostics
[in]portPort number for diagnostics; only used if host is not NULL
Returns
0 on success, -1 on general error, -2 if the TLS handshake failed.

◆ server_new_gnutls_init()

static int server_new_gnutls_init ( gnutls_certificate_credentials_t *  server_credentials)
static

Initialize a server session.

Parameters
[in]server_credentialsCredentials to be allocated.
Returns
0 on success, -1 on error.

◆ server_new_gnutls_set()

static int server_new_gnutls_set ( unsigned int  end_type,
const char *  priority,
gnutls_session_t *  server_session,
gnutls_certificate_credentials_t *  server_credentials 
)
static

Set the server credencials.

Parameters
[in]end_typeConnection end type.
[in]priorityTLS priority to be set. If no one is given, NORMAL is default.
[in]server_sessionGNUTLS session.
[in]server_credentialsCredentials to be set.
Returns
0 on success, -1 on error.

◆ server_new_internal()

static int server_new_internal ( unsigned int  end_type,
const char *  priority,
const gchar *  ca_cert_file,
const gchar *  cert_file,
const gchar *  key_file,
gnutls_session_t *  server_session,
gnutls_certificate_credentials_t *  server_credentials 
)
static

Make a session for connecting to a server.

Parameters
[in]end_typeConnection end type (GNUTLS_SERVER or GNUTLS_CLIENT).
[in]priorityCustom priority string or NULL.
[in]ca_cert_fileCertificate authority file.
[in]cert_fileCertificate file.
[in]key_fileKey file.
[out]server_sessionThe session with the server.
[out]server_credentialsServer credentials.
Returns
0 on success, -1 on error.

◆ set_cert_priv_mem()

static void set_cert_priv_mem ( const char *  data)
static

Save cert_priv_mem with private certificate.

Parameters
[in]dataThe DER or PEM encoded certificate.

◆ set_cert_pub_mem()

static void set_cert_pub_mem ( const char *  data)
static

Save cert_pub_mem with public certificate.

Parameters
[in]dataThe DER or PEM encoded certificate.

◆ set_gnutls_dhparams()

int set_gnutls_dhparams ( gnutls_certificate_credentials_t  creds,
const char *  dhparams_file 
)

Set a gnutls session's Diffie-Hellman parameters.

Parameters
[in]credsGnuTLS credentials.
[in]dhparams_filePath to PEM file containing the DH parameters.
Returns
0 on success, -1 on error.

◆ unix_vsendf_internal()

static int unix_vsendf_internal ( int  socket,
const char *  fmt,
va_list  ap,
int  quiet 
)
static

Send a string to the server.

Parameters
[in]socketSocket.
[in]fmtFormat of string to send.
[in]apArgs for fmt.
[in]quietWhether to log debug and info messages. Useful for hiding passwords.
Returns
0 on success, 1 if server closed connection, -1 on error.

◆ unload_gnutls_file()

void unload_gnutls_file ( gnutls_datum_t *  data)

Unloads a gnutls_datum_t struct's data.

Parameters
[in]dataPointer to gnutls_datum_t struct to be unloaded.

Variable Documentation

◆ address

struct sockaddr_in address

Server address.

◆ cert_priv_mem

char* cert_priv_mem = NULL
static

◆ cert_pub_mem

char* cert_pub_mem = NULL
static