1 /* Portions Copyright (C) 2009-2021 Greenbone Networks GmbH
2 * Based on work Copyright (C) 2002 Renaud Deraison
3 *
4 * SPDX-License-Identifier: GPL-2.0-only
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 */
19
20 #define SMART_TCP_RW
21
22 #include "../misc/network.h" /* for get_encaps_through */
23 #include "../misc/plugutils.h" /* for OPENVAS_ENCAPS_IP */
24 #include "nasl_lex_ctxt.h"
25
26 #include <ctype.h> /* for tolower() */
27 #include <errno.h> /* for errno() */
28 #include <glib.h>
29 #include <gvm/util/nvticache.h>
30 #include <regex.h> /* for regex_t */
31 #include <signal.h> /* for signal() */
32 #include <stdio.h> /* for snprintf() */
33 #include <stdlib.h> /* for atoi() */
34 #include <string.h> /* for strstr() */
35 #include <sys/time.h> /* for gettimeofday() */
36 #include <sys/types.h> /* for waitpid() */
37 #include <sys/socket.h>
38 #include <sys/wait.h> /* for waitpid() */
39 #include <unistd.h> /* for usleep() */
40
41 #define CERT_FILE "SSL certificate : "
42 #define KEY_FILE "SSL private key : "
43 #define PEM_PASS "PEM password : "
44 #define CA_FILE "CA file : "
45 #define CNX_TIMEOUT_PREF "Network connection timeout : "
46 #define RW_TIMEOUT_PREF "Network read/write timeout : "
47 #define WRAP_TIMEOUT_PREF "Wrapped service read timeout : "
48 #define TEST_SSL_PREF "Test SSL based services"
49
50 #define NUM_CHILDREN "Number of connections done in parallel : "
51
52 #undef G_LOG_DOMAIN
53 /**
54 * @brief GLib logging domain.
55 */
56 #define G_LOG_DOMAIN "lib nasl"
57
58 const char *oid;
59
60 static void
register_service(struct script_infos * desc,int port,const char * proto)61 register_service (struct script_infos *desc, int port, const char *proto)
62 {
63 char k[265];
64
65 /* Old "magical" key set */
66 snprintf (k, sizeof (k), "Services/%s", proto);
67 /* Do NOT use plug_replace_key! */
68 plug_set_key (desc, k, ARG_INT, GSIZE_TO_POINTER (port));
69
70 /*
71 * 2002-08-24 - MA - My new key set There is a problem: if
72 * register_service is called twice for a port, e.g. first with HTTP
73 * and then with SWAT, the plug_get_key function will fork. This
74 * would not happen if we registered a boolean (i.e. "known") instead
75 * of the name of the protocol. However, we *need* this name for some
76 * scripts. We'll just have to keep in mind that a fork is
77 * possible...
78 *
79 * 2005-06-01 - MA - with plug_replace_key the problem is solved, but I
80 * wonder if this is so great...
81 */
82 snprintf (k, sizeof (k), "Known/tcp/%d", port);
83 plug_replace_key (desc, k, ARG_STRING, (char *) proto);
84 }
85
86 /**
87 * @brief Compares string with the regular expression.
88 * Null characters in buffer are replaced by 'x'.
89 * @param[in] string String to compare
90 * @param[in] pattern regular expression
91 *
92 * @return 1 if match, 0 if not match.
93 */
94 static int
regex_match(char * string,char * pattern)95 regex_match (char *string, char *pattern)
96 {
97 regex_t re;
98 int ret = 1;
99
100 if (regcomp (&re, pattern, REG_EXTENDED | REG_NOSUB | REG_ICASE))
101 ret = 0;
102 if (regexec (&re, string, 0, NULL, 0))
103 ret = 0;
104
105 regfree (&re);
106 return ret;
107 }
108
109 static void
mark_chargen_server(struct script_infos * desc,int port)110 mark_chargen_server (struct script_infos *desc, int port)
111 {
112 register_service (desc, port, "chargen");
113 post_log (oid, desc, port, "Chargen is running on this port");
114 }
115
116 void
mark_echo_server(struct script_infos * desc,int port)117 mark_echo_server (struct script_infos *desc, int port)
118 {
119 register_service (desc, port, "echo");
120 post_log (oid, desc, port, "An echo server is running on this port");
121 }
122
123 void
mark_ncacn_http_server(struct script_infos * desc,int port,char * buffer)124 mark_ncacn_http_server (struct script_infos *desc, int port, char *buffer)
125 {
126 char ban[256];
127 if (port == 593)
128 {
129 register_service (desc, port, "http-rpc-epmap");
130 snprintf (ban, sizeof (ban), "http-rpc-epmap/banner/%d", port);
131 plug_replace_key (desc, ban, ARG_STRING, buffer);
132 }
133 else
134 {
135 register_service (desc, port, "ncacn_http");
136 snprintf (ban, sizeof (ban), "ncacn_http/banner/%d", port);
137 plug_replace_key (desc, ban, ARG_STRING, buffer);
138 }
139 }
140
141 void
mark_vnc_server(struct script_infos * desc,int port,char * buffer)142 mark_vnc_server (struct script_infos *desc, int port, char *buffer)
143 {
144 char ban[512];
145 register_service (desc, port, "vnc");
146 snprintf (ban, sizeof (ban), "vnc/banner/%d", port);
147 plug_replace_key (desc, ban, ARG_STRING, buffer);
148 }
149
150 void
mark_nntp_server(struct script_infos * desc,int port,char * buffer,int trp)151 mark_nntp_server (struct script_infos *desc, int port, char *buffer, int trp)
152 {
153 char ban[512];
154 register_service (desc, port, "nntp");
155 snprintf (ban, sizeof (ban), "nntp/banner/%d", port);
156 plug_replace_key (desc, ban, ARG_STRING, buffer);
157 snprintf (ban, sizeof (ban), "An NNTP server is running on this port%s",
158 get_encaps_through (trp));
159 post_log (oid, desc, port, ban);
160 }
161
162 void
mark_swat_server(struct script_infos * desc,int port)163 mark_swat_server (struct script_infos *desc, int port)
164 {
165 register_service (desc, port, "swat");
166 }
167
168 void
mark_vqserver(struct script_infos * desc,int port)169 mark_vqserver (struct script_infos *desc, int port)
170 {
171 register_service (desc, port, "vqServer-admin");
172 }
173
174 void
mark_mldonkey(struct script_infos * desc,int port)175 mark_mldonkey (struct script_infos *desc, int port)
176 {
177 char ban[512];
178 register_service (desc, port, "mldonkey");
179 snprintf (ban, sizeof (ban), "A mldonkey server is running on this port");
180 post_log (oid, desc, port, ban);
181 }
182
183 void
mark_http_server(struct script_infos * desc,int port,unsigned char * buffer,int trp)184 mark_http_server (struct script_infos *desc, int port, unsigned char *buffer,
185 int trp)
186 {
187 char ban[512];
188 register_service (desc, port, "www");
189 snprintf (ban, sizeof (ban), "www/banner/%d", port);
190 plug_replace_key (desc, ban, ARG_STRING, buffer);
191 snprintf (ban, sizeof (ban), "A web server is running on this port%s",
192 get_encaps_through (trp));
193 post_log (oid, desc, port, ban);
194 }
195
196 void
mark_locked_adsubtract_server(struct script_infos * desc,int port,unsigned char * buffer,int trp)197 mark_locked_adsubtract_server (struct script_infos *desc, int port,
198 unsigned char *buffer, int trp)
199 {
200 char ban[512];
201 register_service (desc, port, "AdSubtract");
202 snprintf (ban, sizeof (ban), "AdSubtract/banner/%d", port);
203 plug_replace_key (desc, ban, ARG_STRING, buffer);
204 snprintf (ban, sizeof (ban),
205 "A (locked) AdSubtract server is running on this port%s",
206 get_encaps_through (trp));
207 post_log (oid, desc, port, ban);
208 }
209
210 static void
mark_gopher_server(struct script_infos * desc,int port)211 mark_gopher_server (struct script_infos *desc, int port)
212 {
213 register_service (desc, port, "gopher");
214 post_log (oid, desc, port, "A gopher server is running on this port");
215 }
216
217 void
mark_rmserver(struct script_infos * desc,int port,char * buffer,int trp)218 mark_rmserver (struct script_infos *desc, int port, char *buffer, int trp)
219 {
220 char ban[512];
221 register_service (desc, port, "realserver");
222 snprintf (ban, sizeof (ban), "realserver/banner/%d", port);
223 plug_replace_key (desc, ban, ARG_STRING, buffer);
224
225 snprintf (ban, sizeof (ban), "A RealMedia server is running on this port%s",
226 get_encaps_through (trp));
227 post_log (oid, desc, port, ban);
228 }
229
230 void
mark_smtp_server(struct script_infos * desc,int port,char * buffer,int trp)231 mark_smtp_server (struct script_infos *desc, int port, char *buffer, int trp)
232 {
233 char ban[512];
234 register_service (desc, port, "smtp");
235 snprintf (ban, sizeof (ban), "smtp/banner/%d", port);
236 plug_replace_key (desc, ban, ARG_STRING, buffer);
237
238 if (strstr (buffer, " postfix"))
239 plug_replace_key (desc, "smtp/postfix", ARG_INT, (void *) 1);
240
241 {
242 char *report = g_malloc0 (255 + strlen (buffer));
243 char *t = strchr (buffer, '\n');
244 if (t)
245 t[0] = 0;
246 snprintf (report, 255 + strlen (buffer),
247 "An SMTP server is running on this port%s\n\
248 Here is its banner : \n%s",
249 get_encaps_through (trp), buffer);
250 post_log (oid, desc, port, report);
251 g_free (report);
252 }
253 }
254
255 void
mark_snpp_server(struct script_infos * desc,int port,char * buffer,int trp)256 mark_snpp_server (struct script_infos *desc, int port, char *buffer, int trp)
257 {
258 char ban[512], *report, *t;
259 register_service (desc, port, "snpp");
260 snprintf (ban, sizeof (ban), "snpp/banner/%d", port);
261 plug_replace_key (desc, ban, ARG_STRING, buffer);
262
263 report = g_malloc0 (255 + strlen (buffer));
264 t = strchr (buffer, '\n');
265 if (t != NULL)
266 *t = '\0';
267 snprintf (report, 255 + strlen (buffer),
268 "An SNPP server is running on this port%s\n\
269 Here is its banner : \n%s",
270 get_encaps_through (trp), buffer);
271 post_log (oid, desc, port, report);
272 g_free (report);
273 }
274
275 void
mark_ftp_server(struct script_infos * desc,int port,char * buffer,int trp)276 mark_ftp_server (struct script_infos *desc, int port, char *buffer, int trp)
277 {
278 register_service (desc, port, "ftp");
279
280 if (buffer != NULL)
281 {
282 char ban[255];
283
284 snprintf (ban, sizeof (ban), "ftp/banner/%d", port);
285 plug_replace_key (desc, ban, ARG_STRING, buffer);
286 }
287 if (buffer != NULL)
288 {
289 char *report = g_malloc0 (255 + strlen (buffer));
290 char *t = strchr (buffer, '\n');
291 if (t != NULL)
292 t[0] = '\0';
293 snprintf (report, 255 + strlen (buffer),
294 "An FTP server is running on this port%s.\n\
295 Here is its banner : \n%s",
296 get_encaps_through (trp), buffer);
297 post_log (oid, desc, port, report);
298 g_free (report);
299 }
300 else
301 {
302 char report[255];
303 snprintf (report, sizeof (report),
304 "An FTP server is running on this port%s.",
305 get_encaps_through (trp));
306 post_log (oid, desc, port, report);
307 }
308 }
309
310 void
mark_ssh_server(struct script_infos * desc,int port,char * buffer)311 mark_ssh_server (struct script_infos *desc, int port, char *buffer)
312 {
313 register_service (desc, port, "ssh");
314 while ((buffer[strlen (buffer) - 1] == '\n')
315 || (buffer[strlen (buffer) - 1] == '\r'))
316 buffer[strlen (buffer) - 1] = '\0';
317 post_log (oid, desc, port, "An ssh server is running on this port");
318 }
319
320 void
mark_http_proxy(struct script_infos * desc,int port,int trp)321 mark_http_proxy (struct script_infos *desc, int port, int trp)
322 {
323 char ban[512];
324 /* the banner is in www/banner/port */
325 register_service (desc, port, "http_proxy");
326 snprintf (ban, sizeof (ban), "An HTTP proxy is running on this port%s",
327 get_encaps_through (trp));
328 post_log (oid, desc, port, ban);
329 }
330
331 void
mark_pop_server(struct script_infos * desc,int port,char * buffer)332 mark_pop_server (struct script_infos *desc, int port, char *buffer)
333 {
334 char *c = strchr (buffer, '\n');
335 char ban[512];
336 char *buffer2;
337 unsigned int i;
338
339 if (c)
340 c[0] = 0;
341 buffer2 = g_strdup (buffer);
342 for (i = 0; i < strlen (buffer2); i++)
343 buffer2[i] = tolower (buffer2[i]);
344 if (!strcmp (buffer2, "+ok"))
345 {
346 register_service (desc, port, "pop1");
347 snprintf (ban, sizeof (ban), "pop1/banner/%d", port);
348 plug_replace_key (desc, ban, ARG_STRING, buffer);
349 }
350 else if (strstr (buffer2, "pop2"))
351 {
352 register_service (desc, port, "pop2");
353 snprintf (ban, sizeof (ban), "pop2/banner/%d", port);
354 plug_replace_key (desc, ban, ARG_STRING, buffer);
355 post_log (oid, desc, port, "a pop2 server is running on this port");
356 }
357 else
358 {
359 register_service (desc, port, "pop3");
360 snprintf (ban, sizeof (ban), "pop3/banner/%d", port);
361 plug_replace_key (desc, ban, ARG_STRING, buffer);
362 post_log (oid, desc, port, "A pop3 server is running on this port");
363 }
364 g_free (buffer2);
365 }
366
367 void
mark_imap_server(struct script_infos * desc,int port,char * buffer,int trp)368 mark_imap_server (struct script_infos *desc, int port, char *buffer, int trp)
369 {
370 char ban[512];
371 register_service (desc, port, "imap");
372 snprintf (ban, sizeof (ban), "imap/banner/%d", port);
373 plug_replace_key (desc, ban, ARG_STRING, buffer);
374 {
375 snprintf (ban, sizeof (ban), "An IMAP server is running on this port%s",
376 get_encaps_through (trp));
377 post_log (oid, desc, port, ban);
378 }
379 }
380
381 void
mark_auth_server(struct script_infos * desc,int port)382 mark_auth_server (struct script_infos *desc, int port)
383 {
384 register_service (desc, port, "auth");
385 post_log (oid, desc, port, "An identd server is running on this port");
386 }
387
388 /*
389 * Postgres, MySQL & CVS pserver detection by Vincent Renardias
390 * <vincent@strongholdnet.com>
391 */
392 void
mark_postgresql(struct script_infos * desc,int port)393 mark_postgresql (struct script_infos *desc, int port)
394 {
395 register_service (desc, port, "postgresql");
396 /* if (port != 5432) */
397 post_log (oid, desc, port, "A PostgreSQL server is running on this port");
398 }
399
400 void
mark_sphinxql(struct script_infos * desc,int port)401 mark_sphinxql (struct script_infos *desc, int port)
402 {
403 register_service (desc, port, "sphinxql");
404 post_log (oid, desc, port,
405 "A Sphinx search server (MySQL listener) "
406 "seems to be running on this port");
407 }
408
409 void
mark_mysql(struct script_infos * desc,int port)410 mark_mysql (struct script_infos *desc, int port)
411 {
412 register_service (desc, port, "mysql");
413 /* if (port != 3306) */
414 post_log (oid, desc, port, "A MySQL server is running on this port");
415 }
416
417 void
mark_cvspserver(struct script_infos * desc,int port)418 mark_cvspserver (struct script_infos *desc, int port)
419 {
420 register_service (desc, port, "cvspserver");
421 /* if (port != 2401) */
422 post_log (oid, desc, port, "A CVS pserver server is running on this port");
423 }
424
425 void
mark_cvsupserver(struct script_infos * desc,int port)426 mark_cvsupserver (struct script_infos *desc, int port)
427 {
428 register_service (desc, port, "cvsup");
429 post_log (oid, desc, port, "A CVSup server is running on this port");
430 }
431
432 void
mark_cvslockserver(struct script_infos * desc,int port)433 mark_cvslockserver (struct script_infos *desc, int port)
434 {
435 register_service (desc, port, "cvslockserver");
436 /* if (port != 2401) */
437 post_log (oid, desc, port, "A CVSLock server server is running on this port");
438 }
439
440 void
mark_rsync(struct script_infos * desc,int port)441 mark_rsync (struct script_infos *desc, int port)
442 {
443 register_service (desc, port, "rsync");
444 post_log (oid, desc, port, "A rsync server is running on this port");
445 }
446
447 void
mark_wild_shell(struct script_infos * desc,int port)448 mark_wild_shell (struct script_infos *desc, int port)
449 {
450 register_service (desc, port, "wild_shell");
451
452 post_alarm (
453 oid, desc, port,
454 "A shell seems to be running on this port ! (this is a possible backdoor)",
455 NULL);
456 }
457
458 void
mark_telnet_server(struct script_infos * desc,int port,int trp)459 mark_telnet_server (struct script_infos *desc, int port, int trp)
460 {
461 char ban[255];
462 register_service (desc, port, "telnet");
463 {
464 snprintf (ban, sizeof (ban),
465 "A telnet server seems to be running on this port%s",
466 get_encaps_through (trp));
467 post_log (oid, desc, port, ban);
468 }
469 }
470
471 void
mark_gnome14_server(struct script_infos * desc,int port,int trp)472 mark_gnome14_server (struct script_infos *desc, int port, int trp)
473 {
474 char ban[255];
475 register_service (desc, port, "gnome14");
476 {
477 snprintf (ban, sizeof (ban),
478 "A Gnome 1.4 server seems to be running on this port%s",
479 get_encaps_through (trp));
480 post_log (oid, desc, port, ban);
481 }
482 }
483
484 void
mark_eggdrop_server(struct script_infos * desc,int port,int trp)485 mark_eggdrop_server (struct script_infos *desc, int port, int trp)
486 {
487 char ban[255];
488 register_service (desc, port, "eggdrop");
489 {
490 snprintf (
491 ban, sizeof (ban),
492 "An eggdrop IRC bot seems to be running a control server on this port%s",
493 get_encaps_through (trp));
494 post_log (oid, desc, port, ban);
495 }
496 }
497
498 void
mark_netbus_server(struct script_infos * desc,int port)499 mark_netbus_server (struct script_infos *desc, int port)
500 {
501 register_service (desc, port, "netbus");
502 post_alarm (oid, desc, port, "NetBus is running on this port", NULL);
503 }
504
505 void
mark_linuxconf(struct script_infos * desc,int port,unsigned char * buffer)506 mark_linuxconf (struct script_infos *desc, int port, unsigned char *buffer)
507 {
508 char ban[512];
509 register_service (desc, port, "linuxconf");
510 snprintf (ban, sizeof (ban), "linuxconf/banner/%d", port);
511 plug_replace_key (desc, ban, ARG_STRING, buffer);
512 post_log (oid, desc, port, "Linuxconf is running on this port");
513 }
514
515 static void
mark_finger_server(struct script_infos * desc,int port,int trp)516 mark_finger_server (struct script_infos *desc, int port, int trp)
517 {
518 char tmp[256];
519
520 register_service (desc, port, "finger");
521
522 snprintf (tmp, sizeof (tmp),
523 "A finger server seems to be running on this port%s",
524 get_encaps_through (trp));
525 post_log (oid, desc, port, tmp);
526 }
527
528 static void
mark_vtun_server(struct script_infos * desc,int port,unsigned char * banner,int trp)529 mark_vtun_server (struct script_infos *desc, int port, unsigned char *banner,
530 int trp)
531 {
532 char tmp[255];
533
534 snprintf (tmp, sizeof (tmp), "vtun/banner/%d", port);
535 plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
536
537 register_service (desc, port, "vtun");
538
539 if (banner == NULL)
540 {
541 snprintf (tmp, sizeof (tmp),
542 "A VTUN server seems to be running on this port%s",
543 get_encaps_through (trp));
544 }
545 else
546 snprintf (tmp, sizeof (tmp),
547 "A VTUN server seems to be running on this port%s\n"
548 "Here is its banner:\n%s\n",
549 get_encaps_through (trp), banner);
550
551 post_log (oid, desc, port, tmp);
552 }
553
554 static void
mark_uucp_server(struct script_infos * desc,int port,unsigned char * banner,int trp)555 mark_uucp_server (struct script_infos *desc, int port, unsigned char *banner,
556 int trp)
557 {
558 char tmp[255];
559
560 snprintf (tmp, sizeof (tmp), "uucp/banner/%d", port);
561 plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
562
563 register_service (desc, port, "uucp");
564
565 snprintf (tmp, sizeof (tmp),
566 "An UUCP server seems to be running on this port%s",
567 get_encaps_through (trp));
568 post_log (oid, desc, port, tmp);
569 }
570
571 static void
mark_lpd_server(struct script_infos * desc,int port,int trp)572 mark_lpd_server (struct script_infos *desc, int port, int trp)
573 {
574 char tmp[255];
575
576 register_service (desc, port, "lpd");
577 snprintf (tmp, sizeof (tmp),
578 "A LPD server seems to be running on this port%s",
579 get_encaps_through (trp));
580 post_log (oid, desc, port, tmp);
581 }
582
583 /* http://www.lysator.liu.se/lyskom/lyskom-server/ */
584 static void
mark_lyskom_server(struct script_infos * desc,int port,int trp)585 mark_lyskom_server (struct script_infos *desc, int port, int trp)
586 {
587 char tmp[255];
588
589 register_service (desc, port, "lyskom");
590 snprintf (tmp, sizeof (tmp),
591 "A LysKOM server seems to be running on this port%s",
592 get_encaps_through (trp));
593 post_log (oid, desc, port, tmp);
594 }
595
596 /* http://www.emailman.com/ph/ */
597 static void
mark_ph_server(struct script_infos * desc,int port,int trp)598 mark_ph_server (struct script_infos *desc, int port, int trp)
599 {
600 char tmp[255];
601
602 register_service (desc, port, "ph");
603 snprintf (tmp, sizeof (tmp), "A PH server seems to be running on this port%s",
604 get_encaps_through (trp));
605 post_log (oid, desc, port, tmp);
606 }
607
608 static void
mark_time_server(struct script_infos * desc,int port,int trp)609 mark_time_server (struct script_infos *desc, int port, int trp)
610 {
611 char tmp[256];
612
613 register_service (desc, port, "time");
614 snprintf (tmp, sizeof (tmp),
615 "A time server seems to be running on this port%s",
616 get_encaps_through (trp));
617 post_log (oid, desc, port, tmp);
618 }
619
620 static void
mark_ens_server(struct script_infos * desc,int port,int trp)621 mark_ens_server (struct script_infos *desc, int port, int trp)
622 {
623 char tmp[255];
624 register_service (desc, port, "iPlanetENS");
625
626 snprintf (tmp, sizeof (tmp),
627 "An iPlanet ENS (Event Notification Server) seems to be running on "
628 "this port%s",
629 get_encaps_through (trp));
630 post_log (oid, desc, port, tmp);
631 }
632
633 static void
mark_citrix_server(struct script_infos * desc,int port,int trp)634 mark_citrix_server (struct script_infos *desc, int port, int trp)
635 {
636 char tmp[255];
637
638 register_service (desc, port, "citrix");
639 snprintf (tmp, sizeof (tmp),
640 "a Citrix server seems to be running on this port%s",
641 get_encaps_through (trp));
642 post_log (oid, desc, port, tmp);
643 }
644
645 static void
mark_giop_server(struct script_infos * desc,int port,int trp)646 mark_giop_server (struct script_infos *desc, int port, int trp)
647 {
648 char tmp[255];
649
650 register_service (desc, port, "giop");
651 snprintf (tmp, sizeof (tmp),
652 "A GIOP-enabled service is running on this port%s",
653 get_encaps_through (trp));
654
655 post_log (oid, desc, port, tmp);
656 }
657
658 static void
mark_exchg_routing_server(struct script_infos * desc,int port,char * buffer,int trp)659 mark_exchg_routing_server (struct script_infos *desc, int port, char *buffer,
660 int trp)
661 {
662 char ban[255];
663
664 register_service (desc, port, "exchg-routing");
665 snprintf (ban, sizeof (ban), "exchg-routing/banner/%d", port);
666 plug_replace_key (desc, ban, ARG_STRING, buffer);
667 {
668 snprintf (ban, sizeof (ban),
669 "A Microsoft Exchange routing server is running on this port%s",
670 get_encaps_through (trp));
671 post_log (oid, desc, port, ban);
672 }
673 }
674
675 static void
mark_tcpmux_server(struct script_infos * desc,int port,int trp)676 mark_tcpmux_server (struct script_infos *desc, int port, int trp)
677 {
678 char msg[255];
679
680 register_service (desc, port, "tcpmux");
681 snprintf (msg, sizeof (msg),
682 "A tcpmux server seems to be running on this port%s",
683 get_encaps_through (trp));
684 post_log (oid, desc, port, msg);
685 }
686
687 static void
mark_BitTorrent_server(struct script_infos * desc,int port,int trp)688 mark_BitTorrent_server (struct script_infos *desc, int port, int trp)
689 {
690 char msg[255];
691
692 register_service (desc, port, "BitTorrent");
693 snprintf (msg, sizeof (msg),
694 "A BitTorrent server seems to be running on this port%s",
695 get_encaps_through (trp));
696 post_log (oid, desc, port, msg);
697 }
698
699 static void
mark_smux_server(struct script_infos * desc,int port,int trp)700 mark_smux_server (struct script_infos *desc, int port, int trp)
701 {
702 char msg[255];
703
704 register_service (desc, port, "smux");
705 snprintf (msg, sizeof (msg),
706 "A SNMP Multiplexer (smux) seems to be running on this port%s",
707 get_encaps_through (trp));
708 post_log (oid, desc, port, msg);
709 }
710
711 /*
712 * LISa is the LAN Information Server that comes
713 * with KDE in Mandrake Linux 9.0. Apparently
714 * it usually runs on port 7741.
715 */
716 static void
mark_LISa_server(struct script_infos * desc,int port,int trp)717 mark_LISa_server (struct script_infos *desc, int port, int trp)
718 {
719 char tmp[255];
720
721 register_service (desc, port, "LISa");
722 snprintf (tmp, sizeof (tmp), "A LISa daemon is running on this port%s",
723 get_encaps_through (trp));
724
725 post_log (oid, desc, port, tmp);
726 }
727
728 /*
729 * msdtc is Microsoft Distributed Transaction Coordinator
730 *
731 * Thanks to jtant@shardwebdesigns.com for reporting it
732 *
733 */
734 static void
mark_msdtc_server(struct script_infos * desc,int port)735 mark_msdtc_server (struct script_infos *desc, int port)
736 {
737 register_service (desc, port, "msdtc");
738 post_log (oid, desc, port, "A MSDTC server is running on this port");
739 }
740
741 static void
mark_pop3pw_server(struct script_infos * desc,int port,char * buffer,int trp)742 mark_pop3pw_server (struct script_infos *desc, int port, char *buffer, int trp)
743 {
744 char ban[512];
745 register_service (desc, port, "pop3pw");
746 snprintf (ban, sizeof (ban), "pop3pw/banner/%d", port);
747 plug_replace_key (desc, ban, ARG_STRING, buffer);
748 snprintf (ban, sizeof (ban), "A pop3pw server is running on this port%s",
749 get_encaps_through (trp));
750 post_log (oid, desc, port, ban);
751 }
752
753 /*
754 * whois++ server, thanks to Adam Stephens -
755 * http://roads.sourceforge.net/index.php
756 *
757 * 00: 25 20 32 32 30 20 4c 55 54 20 57 48 4f 49 53 2b % 220 LUT WHOIS+
758 * 10: 2b 20 73 65 72 76 65 72 20 76 32 2e 31 20 72 65 + server v2.1 re
759 * 20: 61 64 79 2e 20 20 48 69 21 0d 0a 25 20 32 30 30 ady. Hi!..% 200
760 * 30: 20 53 65 61 72 63 68 69 6e 67 20 66 6f 72 20 47 Searching for G
761 * 40: 45 54 26 2f 26 48 54 54 50 2f 31 2e 30 0d 0a 25 ET&/&HTTP/1.0..%
762 * 50: 20 35 30 30 20 45 72 72 6f 72 20 70 61 72 73 69 500 Error parsi
763 * 60: 6e 67 20 42 6f 6f 6c 65 61 6e 20 65 78 70 72 65 ng Boolean expre
764 * 70: 73 73 69 6f 6e 0d 0a ssion..
765 */
766
767 static void
mark_whois_plus2_server(struct script_infos * desc,int port,char * buffer,int trp)768 mark_whois_plus2_server (struct script_infos *desc, int port, char *buffer,
769 int trp)
770 {
771 char ban[255];
772 register_service (desc, port, "whois++");
773 snprintf (ban, sizeof (ban), "whois++/banner/%d", port);
774 plug_replace_key (desc, ban, ARG_STRING, buffer);
775 snprintf (ban, sizeof (ban), "A whois++ server is running on this port%s",
776 get_encaps_through (trp));
777 post_log (oid, desc, port, ban);
778 }
779
780 /*
781 * mon server, thanks to Rafe Oxley <rafe.oxley@moving-edge.net>
782 * (http://www.kernel.org/software/mon/)
783 *
784 * An unknown server is running on this port. If you know what it is, please
785 * send this banner to the development team: 00: 35 32 30 20 63 6f 6d 6d 61 6e
786 * 64 20 63 6f 75 6c 520 command coul 10: 64 20 6e 6f 74 20 62 65 20 65 78 65 63
787 * 75 74 65 d not be execute 20: 64 0a d.
788 */
789 static void
mark_mon_server(struct script_infos * desc,int port,char * buffer,int trp)790 mark_mon_server (struct script_infos *desc, int port, char *buffer, int trp)
791 {
792 char ban[255];
793 register_service (desc, port, "mon");
794 snprintf (ban, sizeof (ban), "mon/banner/%d", port);
795 plug_replace_key (desc, ban, ARG_STRING, buffer);
796 snprintf (ban, sizeof (ban), "A mon server is running on this port%s",
797 get_encaps_through (trp));
798 post_log (oid, desc, port, ban);
799 }
800
801 static void
mark_fw1(struct script_infos * desc,int port,char * buffer,int trp)802 mark_fw1 (struct script_infos *desc, int port, char *buffer, int trp)
803 {
804 char ban[255];
805 register_service (desc, port, "cpfw1");
806 plug_replace_key (desc, ban, ARG_STRING, buffer);
807 snprintf (ban, sizeof (ban),
808 "A CheckPoint FW1 SecureRemote or FW1 FWModule server is running "
809 "on this port%s",
810 get_encaps_through (trp));
811 post_log (oid, desc, port, ban);
812 }
813
814 /*
815 * From: Mike Gitarev [mailto:mik@bofh.lv]
816 *
817 * http://www.psychoid.lam3rz.de
818 * 00: 3a 57 65 6c 63 6f 6d 65 21 70 73 79 42 4e 43 40 :Welcome!psyBNC@
819 * 10: 6c 61 6d 33 72 7a 2e 64 65 20 4e 4f 54 49 43 45 lam3rz.de NOTICE
820 * 20: 20 2a 20 3a 70 73 79 42 4e 43 32 2e 33 2e 31 2d * :psyBNC2.3.1-
821 * 30: 37 0d 0a 7..
822 */
823
824 static void
mark_psybnc(struct script_infos * desc,int port,char * buffer,int trp)825 mark_psybnc (struct script_infos *desc, int port, char *buffer, int trp)
826 {
827 char ban[255];
828 register_service (desc, port, "psybnc");
829 plug_replace_key (desc, ban, ARG_STRING, buffer);
830 snprintf (ban, sizeof (ban), "A PsyBNC IRC proxy is running on this port%s",
831 get_encaps_through (trp));
832 post_log (oid, desc, port, ban);
833 }
834
835 /*
836 * From "Russ Paton" <russell.paton@blueyonder.co.uk>
837 *
838 * 00: 49 43 59 20 32 30 30 20 4f 4b 0d 0a 69 63 79 2d ICY 200 OK..icy-
839 * 10: 6e 6f 74 69 63 65 31 3a 3c 42 52 3e 54 68 69 73 notice1:<BR>This
840 * 20: 20 73 74 72 65 61 6d 20 72 65 71 75 69 72 65 73 stream requires
841 */
842 static void
mark_shoutcast_server(struct script_infos * desc,int port,char * buffer,int trp)843 mark_shoutcast_server (struct script_infos *desc, int port, char *buffer,
844 int trp)
845 {
846 char ban[255];
847 register_service (desc, port, "shoutcast");
848 plug_replace_key (desc, ban, ARG_STRING, buffer);
849 snprintf (ban, sizeof (ban), "A shoutcast server is running on this port%s",
850 get_encaps_through (trp));
851 post_log (oid, desc, port, ban);
852 }
853
854 /*
855 * From "Hendrickson, Chris" <chendric@qssmeds.com>
856 * 00: 41 64 73 47 6f 6e 65 20 42 6c 6f 63 6b 65 64 20 AdsGone Blocked
857 * 10: 48 54 4d 4c 20 41 64 HTML Ad
858 */
859
860 static void
mark_adsgone(struct script_infos * desc,int port,char * buffer,int trp)861 mark_adsgone (struct script_infos *desc, int port, char *buffer, int trp)
862 {
863 char ban[255];
864 register_service (desc, port, "adsgone");
865 plug_replace_key (desc, ban, ARG_STRING, buffer);
866 snprintf (
867 ban, sizeof (ban),
868 "An AdsGone (a popup banner blocking server) is running on this port%s",
869 get_encaps_through (trp));
870 post_log (oid, desc, port, ban);
871 }
872
873 /*
874 * Sig from harm vos <h.vos@fwn.rug.nl> :
875 *
876 * 00: 2a 20 41 43 41 50 20 28 49 4d 50 4c 45 4d 45 4e * ACAP (IMPLEMEN 10:
877 * 54 41 54 49 4f 4e 20 22 43 6f 6d 6d 75 6e 69 47 TATION "CommuniG 20: 61
878 * 74 65 20 50 72 6f 20 41 43 41 50 20 34 2e 30 ate Pro ACAP 4.0 30: 62 39
879 * 22 29 20 28 53 54 41 52 54 54 4c 53 29 20 b9") (STARTTLS) 40: 28 53 41
880 * 53 4c 20 22 4c 4f 47 49 4e 22 20 22 50 (SASL "LOGIN" "P 50: 4c 41 49 4e
881 * 22 20 22 43 52 41 4d 2d 4d 44 35 22 LAIN" "CRAM-MD5" 60: 20 22 44 49 47
882 * 45 53 54 2d 4d 44 35 22 20 22 4e "DIGEST-MD5" "N 70: 54 4c 4d 22 29 20
883 * 28 43 4f 4e 54 45 58 54 4c 49 TLM") (CONTEXTLI 80: 4d 49 54 20 22 32 30
884 * 30 22 29 0d 0a MIT "200")..
885 *
886 * The ACAP protocol allows a client (mailer) application to connect to the
887 * Server computer and upload and download the application preferences,
888 * configuration settings and other datasets (such as personal address
889 * books).
890 */
891 static void
mark_acap_server(struct script_infos * desc,int port,char * buffer,int trp)892 mark_acap_server (struct script_infos *desc, int port, char *buffer, int trp)
893 {
894 char ban[255];
895 register_service (desc, port, "acap");
896 snprintf (ban, sizeof (ban), "acap/banner/%d", port);
897 plug_replace_key (desc, ban, ARG_STRING, buffer);
898 {
899 snprintf (ban, sizeof (ban), "An ACAP server is running on this port%s",
900 get_encaps_through (trp));
901 post_log (oid, desc, port, ban);
902 }
903 }
904
905 /*
906 * Sig from Cedric Foll <cedric.foll@ac-rouen.fr>
907 *
908 *
909 * 00: 53 6f 72 72 79 2c 20 79 6f 75 20 28 31 37 32 2e Sorry, you (172. 10: 33
910 * 30 2e 31 39 32 2e 31 30 33 29 20 61 72 65 20 30.192.103)are 20: 6e 6f 74
911 * 20 61 6d 6f 6e 67 20 74 68 65 20 61 6c not among the al 30: 6c 6f 77 65 64
912 * 20 68 6f 73 74 73 2e 2e 2e 0a lowed hosts....
913 *
914 * The ACAP protocol allows a client (mailer) application to connect to the
915 * Server computer and upload and download the application preferences,
916 * configuration settings and other datasets (such as personal address
917 * books).
918 */
919 static void
mark_nagiosd_server(struct script_infos * desc,int port,int trp)920 mark_nagiosd_server (struct script_infos *desc, int port, int trp)
921 {
922 char ban[255];
923 register_service (desc, port, "nagiosd");
924 snprintf (ban, sizeof (ban), "A nagiosd server is running on this port%s",
925 get_encaps_through (trp));
926 post_log (oid, desc, port, ban);
927 }
928
929 /*
930 * Sig from Michael L�ffler <nimrod@n1mrod.de>
931 *
932 * 00: 5b 54 53 5d 0a 65 72 72 6f 72 0a [TS].error.
933 *
934 * That's Teamspeak2 rc2 Server - http://www.teamspeak.org/
935 */
936 static void
mark_teamspeak2_server(struct script_infos * desc,int port,int trp)937 mark_teamspeak2_server (struct script_infos *desc, int port, int trp)
938 {
939 char ban[255];
940 register_service (desc, port, "teamspeak2");
941 snprintf (ban, sizeof (ban), "A teamspeak2 server is running on this port%s",
942 get_encaps_through (trp));
943 post_log (oid, desc, port, ban);
944 }
945
946 /*
947 * Sig from <Gary.Crowell@experian.com>
948 *
949 *
950 *
951 *
952 * 00: 4c 61 6e 67 75 61 67 65 20 72 65 63 65 69 76 65 Language receive 10:
953 * 64 20 66 72 6f 6d 20 63 6c 69 65 6e 74 3a 20 47 d from client: G 20: 45
954 * 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a 53 ET / HTTP/1.0..S 30: 65 74
955 * 6c 6f 63 61 6c 65 3a 20 0a etlocale: .
956 *
957 * Port 9090 is for WEBSM, the GUI SMIT tool that AIX RMC (port 657) is
958 * configured and used with. (AIX Version 5.1)
959 */
960 static void
mark_websm_server(struct script_infos * desc,int port,int trp)961 mark_websm_server (struct script_infos *desc, int port, int trp)
962 {
963 char ban[255];
964 register_service (desc, port, "websm");
965 snprintf (ban, sizeof (ban), "A WEBSM server is running on this port%s",
966 get_encaps_through (trp));
967 post_log (oid, desc, port, ban);
968 }
969
970 /*
971 * From Gary Crowell :
972 * 00: 43 4e 46 47 41 50 49 CNFGAPI
973 */
974 static void
mark_ofa_express_server(struct script_infos * desc,int port,int trp)975 mark_ofa_express_server (struct script_infos *desc, int port, int trp)
976 {
977 char ban[255];
978 register_service (desc, port, "ofa_express");
979 snprintf (ban, sizeof (ban),
980 "An OFA/Express server is running on this port%s",
981 get_encaps_through (trp));
982 post_log (oid, desc, port, ban);
983 }
984
985 /*
986 * From Pierre Abbat <phma@webjockey.net> 00: 53 75 53 45 20 4d 65 74 61 20
987 * 70 70 70 64 20 28 SuSE Meta pppd ( 10: 73 6d 70 70 70 64 29 2c 20 56 65 72
988 * 73 69 6f 6e smpppd), Version 20: 20 30 2e 37 38 0d 0a
989 * 0.78..
990 */
991 static void
mark_smppd_server(struct script_infos * desc,int port,int trp)992 mark_smppd_server (struct script_infos *desc, int port, int trp)
993 {
994 char ban[255];
995 register_service (desc, port, "smppd");
996 snprintf (ban, sizeof (ban),
997 "A SuSE Meta pppd server is running on this port%s",
998 get_encaps_through (trp));
999 post_log (oid, desc, port, ban);
1000 }
1001
1002 /*
1003 * From DaLiV <daliv@apollo.lv
1004 *
1005 * 00: 45 52 52 20 55 4e 4b 4e 4f 57 4e 2d 43 4f 4d 4d ERR UNKNOWN-COMM
1006 * 10: 41 4e 44 0a 45 52 52 20 55 4e 4b 4e 4f 57 4e 2d AND.ERR UNKNOWN-
1007 * 20: 43 4f 4d 4d 41 4e 44 0a COMMAND.
1008 */
1009 static void
mark_upsmon_server(struct script_infos * desc,int port,int trp)1010 mark_upsmon_server (struct script_infos *desc, int port, int trp)
1011 {
1012 char ban[255];
1013 register_service (desc, port, "upsmon");
1014 snprintf (ban, sizeof (ban),
1015 "An upsd/upsmon server is running on this port%s",
1016 get_encaps_through (trp));
1017 post_log (oid, desc, port, ban);
1018 }
1019
1020 /*
1021 * From Andrew Yates <pilot1_ace@hotmail.com>
1022 *
1023 * 00: 63 6f 6e 6e 65 63 74 65 64 2e 20 31 39 3a 35 31 connected. 19:51
1024 * 10: 20 2d 20 4d 61 79 20 32 35 2c 20 32 30 30 33 2c - May 25, 2003,
1025 * 20: 20 53 75 6e 64 61 79 2c 20 76 65 72 3a 20 4c 65 Sunday, ver: Le
1026 * 30: 67 65 6e 64 73 20 32 2e 31 gends 2.1
1027 */
1028 static void
mark_sub7_server(struct script_infos * desc,int port,int trp)1029 mark_sub7_server (struct script_infos *desc, int port, int trp)
1030 {
1031 char ban[255];
1032 register_service (desc, port, "sub7");
1033 snprintf (ban, sizeof (ban), "The Sub7 trojan is running on this port%s",
1034 get_encaps_through (trp));
1035 post_alarm (oid, desc, port, ban, NULL);
1036 }
1037
1038 /*
1039 * From "Alex Lewis" <alex@sgl.org.au>
1040 *
1041 * 00: 53 50 41 4d 44 2f 31 2e 30 20 37 36 20 42 61 64 SPAMD/1.0 76 Bad
1042 * 10: 20 68 65 61 64 65 72 20 6c 69 6e 65 3a 20 47 45 header line: GE
1043 * 20: 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0d 0a T /
1044 */
1045 static void
mark_spamd_server(struct script_infos * desc,int port,int trp)1046 mark_spamd_server (struct script_infos *desc, int port, int trp)
1047 {
1048 char ban[255];
1049 register_service (desc, port, "spamd");
1050 snprintf (ban, sizeof (ban),
1051 "a spamd server (part of spamassassin) is running on this port%s",
1052 get_encaps_through (trp));
1053 post_log (oid, desc, port, ban);
1054 }
1055
1056 /* Thanks to Mike Blomgren */
1057 static void
mark_quicktime_streaming_server(struct script_infos * desc,int port,int trp)1058 mark_quicktime_streaming_server (struct script_infos *desc, int port, int trp)
1059 {
1060 char ban[255];
1061 register_service (desc, port, "quicktime-streaming-server");
1062 snprintf (ban, sizeof (ban),
1063 "a quicktime streaming server is running on this port%s",
1064 get_encaps_through (trp));
1065 post_log (oid, desc, port, ban);
1066 }
1067
1068 /* Thanks to Allan <als@bpal.com> */
1069 static void
mark_dameware_server(struct script_infos * desc,int port,int trp)1070 mark_dameware_server (struct script_infos *desc, int port, int trp)
1071 {
1072 char ban[255];
1073 register_service (desc, port, "dameware");
1074 snprintf (ban, sizeof (ban), "a dameware server is running on this port%s",
1075 get_encaps_through (trp));
1076 post_log (oid, desc, port, ban);
1077 }
1078
1079 static void
mark_stonegate_auth_server(struct script_infos * desc,int port,int trp)1080 mark_stonegate_auth_server (struct script_infos *desc, int port, int trp)
1081 {
1082 char ban[255];
1083 register_service (desc, port, "SG_ClientAuth");
1084 snprintf (ban, sizeof (ban),
1085 "a StoneGate authentication server is running on this port%s",
1086 get_encaps_through (trp));
1087 post_log (oid, desc, port, ban);
1088 }
1089
1090 void
mark_listserv_server(struct script_infos * desc,int port,int trp)1091 mark_listserv_server (struct script_infos *desc, int port, int trp)
1092 {
1093 char ban[255];
1094 register_service (desc, port, "listserv");
1095 {
1096 snprintf (ban, sizeof (ban),
1097 "A LISTSERV daemon seems to be running on this port%s",
1098 get_encaps_through (trp));
1099 post_log (oid, desc, port, ban);
1100 }
1101 }
1102
1103 void
mark_fssniffer(struct script_infos * desc,int port,int trp)1104 mark_fssniffer (struct script_infos *desc, int port, int trp)
1105 {
1106 char ban[255];
1107 register_service (desc, port, "FsSniffer");
1108 {
1109 snprintf (ban, sizeof (ban),
1110 "A FsSniffer backdoor seems to be running on this port%s",
1111 get_encaps_through (trp));
1112 post_alarm (oid, desc, port, ban, NULL);
1113 }
1114 }
1115
1116 void
mark_remote_nc_server(struct script_infos * desc,int port,int trp)1117 mark_remote_nc_server (struct script_infos *desc, int port, int trp)
1118 {
1119 char ban[255];
1120 register_service (desc, port, "RemoteNC");
1121 {
1122 snprintf (ban, sizeof (ban),
1123 "A RemoteNC backdoor seems to be running on this port%s",
1124 get_encaps_through (trp));
1125 post_log (oid, desc, port, ban);
1126 }
1127 }
1128
1129 /* Do not use register_service for unknown and wrapped services! */
1130
1131 static void
mark_wrapped_svc(struct script_infos * desc,int port,int delta)1132 mark_wrapped_svc (struct script_infos *desc, int port, int delta)
1133 {
1134 char msg[256];
1135
1136 snprintf (msg, sizeof (msg),
1137 "The service closed the connection after %d seconds "
1138 "without sending any data\n"
1139 "It might be protected by some TCP wrapper\n",
1140 delta);
1141 post_log (oid, desc, port, msg);
1142 /* Do NOT use plug_replace_key! */
1143 plug_set_key (desc, "Services/wrapped", ARG_INT, GSIZE_TO_POINTER (port));
1144 }
1145
1146 static const char *
port_to_name(int port)1147 port_to_name (int port)
1148 {
1149 /* Note: only includes services that are recognized by this plugin! */
1150 switch (port)
1151 {
1152 case 7:
1153 return "Echo";
1154 case 19:
1155 return "Chargen";
1156 case 21:
1157 return "FTP";
1158 case 22:
1159 return "SSH";
1160 case 23:
1161 return "Telnet";
1162 case 25:
1163 return "SMTP";
1164 case 37:
1165 return "Time";
1166 case 70:
1167 return "Gopher";
1168 case 79:
1169 return "Finger";
1170 case 80:
1171 return "HTTP";
1172 case 98:
1173 return "Linuxconf";
1174 case 109:
1175 return "POP2";
1176 case 110:
1177 return "POP3";
1178 case 113:
1179 return "AUTH";
1180 case 119:
1181 return "NNTP";
1182 case 143:
1183 return "IMAP";
1184 case 220:
1185 return "IMAP3";
1186 case 443:
1187 return "HTTPS";
1188 case 465:
1189 return "SMTPS";
1190 case 563:
1191 return "NNTPS";
1192 case 593:
1193 return "Http-Rpc-Epmap";
1194 case 873:
1195 return "Rsyncd";
1196 case 901:
1197 return "SWAT";
1198 case 993:
1199 return "IMAPS";
1200 case 995:
1201 return "POP3S";
1202 case 1109:
1203 return "KPOP"; /* ? */
1204 case 2309:
1205 return "Compaq Management Server";
1206 case 2401:
1207 return "CVSpserver";
1208 case 3128:
1209 return "Squid";
1210 case 3306:
1211 return "MySQL";
1212 case 5000:
1213 return "VTUN";
1214 case 5432:
1215 return "Postgres";
1216 case 8080:
1217 return "HTTP-Alt";
1218 }
1219 return NULL;
1220 }
1221
1222 static void
mark_unknown_svc(struct script_infos * desc,int port,const unsigned char * banner,int trp)1223 mark_unknown_svc (struct script_infos *desc, int port,
1224 const unsigned char *banner, int trp)
1225 {
1226 char tmp[1600], *norm = NULL;
1227
1228 /* Do NOT use plug_replace_key! */
1229 plug_set_key (desc, "Services/unknown", ARG_INT, GSIZE_TO_POINTER (port));
1230 snprintf (tmp, sizeof (tmp), "unknown/banner/%d", port);
1231 plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
1232
1233 norm = (char *) port_to_name (port);
1234 *tmp = '\0';
1235 if (norm != NULL)
1236 {
1237 snprintf (tmp, sizeof (tmp),
1238 "An unknown service is running on this port%s.\n"
1239 "It is usually reserved for %s",
1240 get_encaps_through (trp), norm);
1241 }
1242 if (*tmp != '\0')
1243 post_log (oid, desc, port, tmp);
1244 }
1245
1246 static void
mark_gnuserv(struct script_infos * desc,int port)1247 mark_gnuserv (struct script_infos *desc, int port)
1248 {
1249 register_service (desc, port, "gnuserv");
1250 post_log (oid, desc, port, "gnuserv is running on this port");
1251 }
1252
1253 static void
mark_iss_realsecure(struct script_infos * desc,int port)1254 mark_iss_realsecure (struct script_infos *desc, int port)
1255 {
1256 register_service (desc, port, "issrealsecure");
1257 post_log (oid, desc, port, "ISS RealSecure is running on this port");
1258 }
1259
1260 static void
mark_vmware_auth(struct script_infos * desc,int port,char * buffer,int trp)1261 mark_vmware_auth (struct script_infos *desc, int port, char *buffer, int trp)
1262 {
1263 char ban[512];
1264
1265 register_service (desc, port, "vmware_auth");
1266
1267 snprintf (ban, sizeof (ban),
1268 "A VMWare authentication daemon is running on this port%s:\n%s",
1269 get_encaps_through (trp), buffer);
1270 post_log (oid, desc, port, ban);
1271 }
1272
1273 static void
mark_interscan_viruswall(struct script_infos * desc,int port,char * buffer,int trp)1274 mark_interscan_viruswall (struct script_infos *desc, int port, char *buffer,
1275 int trp)
1276 {
1277 char ban[512];
1278
1279 register_service (desc, port, "interscan_viruswall");
1280
1281 snprintf (ban, sizeof (ban),
1282 "An interscan viruswall is running on this port%s:\n%s",
1283 get_encaps_through (trp), buffer);
1284 post_log (oid, desc, port, ban);
1285 }
1286
1287 static void
mark_ppp_daemon(struct script_infos * desc,int port,int trp)1288 mark_ppp_daemon (struct script_infos *desc, int port, int trp)
1289 {
1290 char ban[512];
1291
1292 register_service (desc, port, "pppd");
1293
1294 snprintf (ban, sizeof (ban), "A PPP daemon is running on this port%s",
1295 get_encaps_through (trp));
1296 post_log (oid, desc, port, ban);
1297 }
1298
1299 static void
mark_zebra_server(struct script_infos * desc,int port,char * buffer,int trp)1300 mark_zebra_server (struct script_infos *desc, int port, char *buffer, int trp)
1301 {
1302 char ban[512];
1303
1304 register_service (desc, port, "zebra");
1305 snprintf (ban, sizeof (ban), "zebra/banner/%d", port);
1306 plug_replace_key (desc, ban, ARG_STRING, buffer);
1307 snprintf (ban, sizeof (ban),
1308 "A zebra daemon (bgpd or zebrad) is running on this port%s",
1309 get_encaps_through (trp));
1310 post_log (oid, desc, port, ban);
1311 }
1312
1313 static void
mark_ircxpro_admin_server(struct script_infos * desc,int port,int trp)1314 mark_ircxpro_admin_server (struct script_infos *desc, int port, int trp)
1315 {
1316 char ban[512];
1317
1318 register_service (desc, port, "ircxpro_admin");
1319
1320 snprintf (ban, sizeof (ban),
1321 "An IRCXPro administrative server is running on this port%s",
1322 get_encaps_through (trp));
1323 post_log (oid, desc, port, ban);
1324 }
1325
1326 static void
mark_gnocatan_server(struct script_infos * desc,int port,int trp)1327 mark_gnocatan_server (struct script_infos *desc, int port, int trp)
1328 {
1329 char ban[512];
1330
1331 register_service (desc, port, "gnocatan");
1332
1333 snprintf (ban, sizeof (ban),
1334 "A gnocatan game server is running on this port%s",
1335 get_encaps_through (trp));
1336 post_log (oid, desc, port, ban);
1337 }
1338
1339 /* Thanks to Owell Crow */
1340 static void
mark_pbmaster_server(struct script_infos * desc,int port,char * buffer,int trp)1341 mark_pbmaster_server (struct script_infos *desc, int port, char *buffer,
1342 int trp)
1343 {
1344 char ban[512];
1345
1346 register_service (desc, port, "power-broker-master");
1347
1348 snprintf (ban, sizeof (ban),
1349 "A PowerBroker master server is running on this port%s:\n%s",
1350 get_encaps_through (trp), buffer);
1351 post_log (oid, desc, port, ban);
1352 }
1353
1354 /* Thanks to Paulo Jorge */
1355 static void
mark_dictd_server(struct script_infos * desc,int port,char * buffer,int trp)1356 mark_dictd_server (struct script_infos *desc, int port, char *buffer, int trp)
1357 {
1358 char ban[512];
1359
1360 register_service (desc, port, "dicts");
1361
1362 snprintf (ban, sizeof (ban), "A dictd server is running on this port%s:\n%s",
1363 get_encaps_through (trp), buffer);
1364 post_log (oid, desc, port, ban);
1365 }
1366
1367 /* Thanks to Tony van Lingen */
1368 static void
mark_pnsclient(struct script_infos * desc,int port,int trp)1369 mark_pnsclient (struct script_infos *desc, int port, int trp)
1370 {
1371 char ban[512];
1372
1373 register_service (desc, port, "pNSClient");
1374
1375 snprintf (ban, sizeof (ban),
1376 "A Netsaint plugin (pNSClient.exe) is running on this port%s",
1377 get_encaps_through (trp));
1378 post_log (oid, desc, port, ban);
1379 }
1380
1381 /* Thanks to Jesus D. Munoz */
1382 static void
mark_veritas_backup(struct script_infos * desc,int port,int trp)1383 mark_veritas_backup (struct script_infos *desc, int port, int trp)
1384 {
1385 char ban[512];
1386 register_service (desc, port, "VeritasNetBackup");
1387
1388 snprintf (ban, sizeof (ban), "VeritasNetBackup is running on this port%s",
1389 get_encaps_through (trp));
1390 post_log (oid, desc, port, ban);
1391 }
1392
1393 static void
mark_pblocald_server(struct script_infos * desc,int port,char * buffer,int trp)1394 mark_pblocald_server (struct script_infos *desc, int port, char *buffer,
1395 int trp)
1396 {
1397 char ban[512];
1398
1399 register_service (desc, port, "power-broker-master");
1400
1401 snprintf (ban, sizeof (ban),
1402 "A PowerBroker locald server is running on this port%s:\n%s",
1403 get_encaps_through (trp), buffer);
1404 post_log (oid, desc, port, ban);
1405 }
1406
1407 static void
mark_jabber_server(struct script_infos * desc,int port,int trp)1408 mark_jabber_server (struct script_infos *desc, int port, int trp)
1409 {
1410 char ban[255];
1411 register_service (desc, port, "jabber");
1412 snprintf (ban, sizeof (ban),
1413 "jabber daemon seems to be running on this port%s",
1414 get_encaps_through (trp));
1415 post_log (oid, desc, port, ban);
1416 }
1417
1418 static void
mark_avotus_mm_server(struct script_infos * desc,int port,char * buffer,int trp)1419 mark_avotus_mm_server (struct script_infos *desc, int port, char *buffer,
1420 int trp)
1421 {
1422 char ban[512];
1423
1424 register_service (desc, port, "avotus_mm");
1425
1426 snprintf (ban, sizeof (ban),
1427 "An avotus 'mm' server is running on this port%s:\n%s",
1428 get_encaps_through (trp), buffer);
1429 post_log (oid, desc, port, ban);
1430 }
1431
1432 static void
mark_socks_proxy(struct script_infos * desc,int port,int ver)1433 mark_socks_proxy (struct script_infos *desc, int port, int ver)
1434 {
1435 char str[256];
1436
1437 snprintf (str, sizeof (str), "socks%d", ver);
1438 register_service (desc, port, str);
1439 snprintf (str, sizeof (str), "A SOCKS%d proxy is running on this port. ",
1440 ver);
1441 post_log (oid, desc, port, str);
1442 }
1443
1444 static void
mark_direct_connect_hub(struct script_infos * desc,int port,int trp)1445 mark_direct_connect_hub (struct script_infos *desc, int port, int trp)
1446 {
1447 char str[256];
1448
1449 register_service (desc, port, "DirectConnectHub");
1450 snprintf (str, sizeof (str), "A Direct Connect Hub is running on this port%s",
1451 get_encaps_through (trp));
1452 post_log (oid, desc, port, str);
1453 }
1454
1455 static void
mark_mongodb(struct script_infos * desc,int port)1456 mark_mongodb (struct script_infos *desc, int port)
1457 {
1458 register_service (desc, port, "mongodb");
1459 post_log (oid, desc, port, "A MongoDB server is running on this port");
1460 }
1461
1462 /*
1463 * We determine if the 4 bytes we received look like a date. We
1464 * accept clocks desynched up to 3 years;
1465 *
1466 * MA 2002-09-09 : time protocol (RFC 738) returns number of seconds since
1467 * 1900-01-01, while time() returns nb of sec since 1970-01-01.
1468 * The difference is 2208988800 seconds.
1469 * By the way, although the RFC is imprecise, it seems that the returned
1470 * integer is in "network byte order" (i.e. big endian)
1471 */
1472 #define MAX_SHIFT (3 * 365 * 86400)
1473 #define DIFF_1970_1900 2208988800U
1474
1475 static int
may_be_time(time_t * rtime)1476 may_be_time (time_t *rtime)
1477 {
1478 #ifndef ABS
1479 #define ABS(x) (((x) < 0) ? -(x) : (x))
1480 #endif
1481 time_t now = time (NULL);
1482 int rt70 = ntohl (*rtime) - DIFF_1970_1900;
1483
1484 if (ABS (now - rt70) < MAX_SHIFT)
1485 return 1;
1486 else
1487 return 0;
1488 }
1489
1490 static int
plugin_do_run(struct script_infos * desc,GSList * h,int test_ssl)1491 plugin_do_run (struct script_infos *desc, GSList *h, int test_ssl)
1492 {
1493 char *head = "Ports/tcp/", *host_fqdn;
1494 u_short unknown[65535];
1495 int num_unknown = 0;
1496 size_t len_head = strlen (head);
1497
1498 int rw_timeout = 20, cnx_timeout = 20, wrap_timeout = 20;
1499 int x, timeout;
1500 char *rw_timeout_s = get_plugin_preference (oid, RW_TIMEOUT_PREF, -1);
1501 char *cnx_timeout_s = get_plugin_preference (oid, CNX_TIMEOUT_PREF, -1);
1502 char *wrap_timeout_s = get_plugin_preference (oid, WRAP_TIMEOUT_PREF, -1);
1503 unsigned char *p;
1504 fd_set rfds, wfds;
1505 struct timeval tv;
1506 char k[32], *http_get;
1507
1508 host_fqdn = plug_get_host_fqdn (desc);
1509 http_get = g_strdup_printf ("GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host_fqdn);
1510 g_free (host_fqdn);
1511
1512 if (rw_timeout_s != NULL && (x = atoi (rw_timeout_s)) > 0)
1513 rw_timeout = x;
1514 if (cnx_timeout_s != NULL && (x = atoi (cnx_timeout_s)) > 0)
1515 cnx_timeout = x;
1516 if (wrap_timeout_s != NULL && (x = atoi (wrap_timeout_s)) >= 0)
1517 wrap_timeout = x;
1518
1519 bzero (unknown, sizeof (unknown));
1520
1521 while (h)
1522 {
1523 if ((strlen (h->data) > len_head) && !strncmp (h->data, head, len_head))
1524 {
1525 int cnx;
1526 char *line;
1527 char *origline;
1528 int trp;
1529 char buffer[2049];
1530 unsigned char *banner = NULL, *bannerHex = NULL;
1531 size_t banner_len, i;
1532 int port = atoi (h->data + len_head);
1533 int flg = 0;
1534 int unindentified_service = 0;
1535 int three_digits = 0;
1536 int maybe_wrapped = 0;
1537 char kb[64];
1538 int get_sent = 0;
1539 struct timeval tv1, tv2;
1540 int diff_tv = 0, diff_tv2 = 0;
1541 int type, no_banner_grabbed = 0;
1542
1543 #define DIFFTV1000(t1, t2) \
1544 ((t1.tv_sec - t2.tv_sec) * 1000 + (t1.tv_usec - t2.tv_usec) / 1000)
1545
1546 bzero (buffer, sizeof (buffer));
1547 banner_len = 0;
1548 snprintf (kb, sizeof (kb), "BannerHex/%d", port);
1549 bannerHex = plug_get_key (desc, kb, &type, NULL, 0);
1550 if (type == ARG_STRING && bannerHex != NULL && bannerHex[0] != '\0')
1551 {
1552 int c1, c2;
1553 unsigned int i;
1554 banner_len = strlen ((char *) bannerHex) / 2;
1555 if (banner_len >= sizeof (buffer))
1556 banner_len = sizeof (buffer) - 1;
1557 for (i = 0; i < banner_len; i++)
1558 {
1559 c1 = bannerHex[2 * i];
1560 if (c1 >= 0 && c1 <= 9)
1561 c1 -= '0';
1562 else if (c1 >= 'a' && c1 <= 'f')
1563 c1 -= 'a';
1564 else if (c1 >= 'A' && c1 <= 'F')
1565 c1 -= 'A';
1566 else
1567 banner_len = 0; /* Invalid value */
1568 c2 = bannerHex[2 * i + 1];
1569 if (c2 >= 0 && c2 <= 9)
1570 c2 -= '0';
1571 else if (c2 >= 'a' && c2 <= 'f')
1572 c2 -= 'a';
1573 else if (c2 >= 'A' && c2 <= 'F')
1574 c2 -= 'A';
1575 else
1576 banner_len = 0; /* Invalid value */
1577 buffer[i] = c1 << 4 | c2;
1578 }
1579 buffer[i] = '\0';
1580 if (banner_len > 0)
1581 banner = (unsigned char *) buffer;
1582 }
1583 g_free (bannerHex);
1584 if (banner_len == 0)
1585 {
1586 snprintf (kb, sizeof (kb), "Banner/%d", port);
1587 banner = plug_get_key (desc, kb, &type, NULL, 0);
1588 if (banner)
1589 banner_len = strlen ((char *) banner);
1590 }
1591 if (banner_len > 0)
1592 {
1593 cnx = -1;
1594 trp = OPENVAS_ENCAPS_IP;
1595 }
1596 else
1597 {
1598 if (banner != NULL)
1599 {
1600 g_free (banner);
1601 banner = NULL;
1602 }
1603 /* If test_ssl is set, try with TLS first. */
1604 if (test_ssl)
1605 trp = OPENVAS_ENCAPS_TLScustom;
1606 else
1607 trp = OPENVAS_ENCAPS_IP;
1608 gettimeofday (&tv1, NULL);
1609 cnx = open_stream_connection (desc, port, trp, cnx_timeout);
1610 if (cnx < 0 && test_ssl)
1611 {
1612 trp = OPENVAS_ENCAPS_IP;
1613 gettimeofday (&tv1, NULL);
1614 cnx = open_stream_connection (desc, port, trp, cnx_timeout);
1615 }
1616 gettimeofday (&tv2, NULL);
1617 diff_tv = DIFFTV1000 (tv2, tv1);
1618 }
1619
1620 if (cnx >= 0 || banner_len > 0)
1621 {
1622 int line_len, realfd = -1;
1623 size_t len;
1624
1625 if (cnx >= 0)
1626 {
1627 realfd = openvas_get_socket_from_connection (cnx);
1628 snprintf (k, sizeof (k), "FindService/CnxTime1000/%d", port);
1629 plug_replace_key (desc, k, ARG_INT,
1630 GSIZE_TO_POINTER (diff_tv));
1631 snprintf (k, sizeof (k), "FindService/CnxTime/%d", port);
1632 plug_replace_key (
1633 desc, k, ARG_INT,
1634 GSIZE_TO_POINTER (((diff_tv + 500) / 1000)));
1635 if (diff_tv / 1000 > cnx_timeout)
1636 plug_replace_key (desc, "/tmp/SlowFindService", ARG_INT,
1637 GSIZE_TO_POINTER (1));
1638 }
1639 plug_set_port_transport (desc, port, trp);
1640 (void) stream_set_timeout (port, rw_timeout);
1641
1642 if (IS_ENCAPS_SSL (trp))
1643 {
1644 char report[160];
1645 snprintf (report, sizeof (report),
1646 "A %s server answered on this port\n",
1647 get_encaps_name (trp));
1648 post_log (oid, desc, port, report);
1649 plug_set_key (desc, "Transport/SSL", ARG_INT,
1650 GSIZE_TO_POINTER (port));
1651 }
1652
1653 len = 0;
1654 timeout = 0;
1655 if (banner_len > 0)
1656 {
1657 len = banner_len;
1658 if (banner != (unsigned char *) buffer)
1659 {
1660 if (len >= sizeof (buffer))
1661 len = sizeof (buffer) - 1;
1662 memcpy (buffer, banner, len);
1663 buffer[len] = '\0';
1664 }
1665 }
1666 else
1667 {
1668 snprintf (kb, sizeof (kb), "/tmp/NoBanner/%d", port);
1669 p = plug_get_key (desc, kb, &type, NULL, 0);
1670 if (p != NULL)
1671 {
1672 if (type == ARG_INT)
1673 no_banner_grabbed = GPOINTER_TO_SIZE (p);
1674 else if (type == ARG_STRING)
1675 no_banner_grabbed = atoi ((char *) p);
1676 }
1677 g_free (p);
1678
1679 if (!no_banner_grabbed)
1680 {
1681 #ifdef SMART_TCP_RW
1682 if (trp == OPENVAS_ENCAPS_IP && realfd >= 0)
1683 {
1684 select_again:
1685 FD_ZERO (&rfds);
1686 FD_ZERO (&wfds);
1687 FD_SET (realfd, &rfds);
1688 FD_SET (realfd, &wfds);
1689
1690 (void) gettimeofday (&tv1, NULL);
1691 tv.tv_usec = 0;
1692 tv.tv_sec = rw_timeout;
1693 x = select (realfd + 1, &rfds, &wfds, NULL, &tv);
1694 if (x < 0)
1695 {
1696 if (errno == EINTR)
1697 goto select_again;
1698 perror ("select");
1699 }
1700 else if (x == 0)
1701 timeout = 1;
1702 else if (x > 0)
1703 {
1704 if (FD_ISSET (realfd, &rfds))
1705 {
1706 len = read_stream_connection_min (
1707 cnx, buffer, 1, sizeof (buffer) - 2);
1708 }
1709 }
1710 (void) gettimeofday (&tv2, NULL);
1711 diff_tv = DIFFTV1000 (tv2, tv1);
1712 }
1713 }
1714 else
1715 { /* No banner was found
1716 * by openvas_tcp_scanner */
1717 len = 0;
1718 timeout = 0;
1719 }
1720
1721 if (len <= 0 && !timeout)
1722 #endif
1723 {
1724 write_stream_connection (cnx, http_get,
1725 strlen (http_get));
1726 (void) gettimeofday (&tv1, NULL);
1727 get_sent = 1;
1728 buffer[sizeof (buffer) - 1] = '\0';
1729 len = read_stream_connection (cnx, buffer,
1730 sizeof (buffer) - 1);
1731 #if 1
1732 /*
1733 * Try to work around broken
1734 * web server (or "magic
1735 * read" bug??)
1736 */
1737 if (len > 0 && len < 8
1738 && strncmp (buffer, "HTTP/1.", len) == 0)
1739 {
1740 int len2 = read_stream_connection (
1741 cnx, buffer + len, sizeof (buffer) - 1 - len);
1742 if (len2 > 0)
1743 len += len2;
1744 }
1745 #endif
1746 (void) gettimeofday (&tv2, NULL);
1747 diff_tv = DIFFTV1000 (tv2, tv1);
1748 }
1749 if (len > 0)
1750 {
1751 snprintf (k, sizeof (k), "FindService/RwTime1000/%d",
1752 port);
1753 plug_replace_key (desc, k, ARG_INT,
1754 GSIZE_TO_POINTER (diff_tv));
1755 snprintf (k, sizeof (k), "FindService/RwTime/%d", port);
1756 plug_replace_key (
1757 desc, k, ARG_INT,
1758 GSIZE_TO_POINTER ((diff_tv + 500) / 1000));
1759 if (diff_tv / 1000 > rw_timeout)
1760 plug_replace_key (desc, "/tmp/SlowFindService", ARG_INT,
1761 GSIZE_TO_POINTER (1));
1762 }
1763 }
1764
1765 if (len > 0)
1766 {
1767 char *t;
1768 banner = g_malloc0 (len + 1);
1769 memcpy (banner, buffer, len);
1770 banner[len] = '\0';
1771
1772 for (i = 0; i < len; i++)
1773 buffer[i] = (buffer[i] == '\0') ? 'x' : tolower (buffer[i]);
1774
1775 line = g_strdup (buffer);
1776
1777 t = strchr (line, '\n');
1778 if (t)
1779 t[0] = '\0';
1780 if (isdigit (banner[0]) && isdigit (banner[1])
1781 && isdigit (banner[2])
1782 && (banner[3] == '\0' || isspace (banner[3])
1783 || banner[3] == '-'))
1784 {
1785 /*
1786 * Do NOT use
1787 * plug_replace_key!
1788 */
1789 plug_set_key (desc, "Services/three_digits", ARG_INT,
1790 GSIZE_TO_POINTER (port));
1791 /*
1792 * Do *not* set
1793 * Known/tcp/<port> to
1794 * "three_digits": the
1795 * service must remain
1796 * "unknown"
1797 */
1798 three_digits = 1;
1799 }
1800 if (get_sent)
1801 snprintf (kb, sizeof (kb), "FindService/tcp/%d/get_http",
1802 port);
1803 else
1804 snprintf (kb, sizeof (kb), "FindService/tcp/%d/spontaneous",
1805 port);
1806 plug_replace_key (desc, kb, ARG_STRING, banner);
1807
1808 {
1809 char buf2[sizeof (buffer) * 2 + 1];
1810 int flag = 0;
1811 unsigned int y;
1812
1813 strcat (kb, "Hex");
1814
1815 if (len >= sizeof (buffer))
1816 len = sizeof (buffer);
1817
1818 for (y = 0; y < len; y++)
1819 {
1820 snprintf (buf2 + 2 * y, sizeof (buf2) - (2 * y), "%02x",
1821 (unsigned char) banner[y]);
1822 if (banner[y] == '\0')
1823 flag = 1;
1824 }
1825 buf2[2 * y] = '\0';
1826 if (flag)
1827 plug_replace_key (desc, kb, ARG_STRING, buf2);
1828 }
1829
1830 origline = g_strdup ((char *) banner);
1831 t = strchr (origline, '\n');
1832 if (t)
1833 t[0] = '\0';
1834 line_len = strlen (origline);
1835
1836 /*
1837 * Many services run on the top of an HTTP protocol,
1838 * so the HTTP test is not an 'ELSE ... IF'
1839 */
1840 if ((!strncmp (line, "http/1.", 7)
1841 || strstr ((char *) banner,
1842 "<title>Not supported</title>")))
1843 { /* <- broken hp
1844 * jetdirect */
1845 flg++;
1846 if (!(port == 5000
1847 && (strstr (line, "http/1.1 400 bad request")
1848 != NULL))
1849 && !(strncmp (line, "http/1.0 403 forbidden",
1850 strlen ("http/1.0 403 forbidden"))
1851 == 0
1852 && strstr (buffer, "server: adsubtract") != NULL)
1853 && !(strstr (
1854 buffer,
1855 "it looks like you are trying to access "
1856 "mongodb over http on the native driver port.")
1857 != NULL
1858 && strstr (buffer, "content-length: 84")
1859 != NULL))
1860 mark_http_server (desc, port, banner, trp);
1861 }
1862 /*
1863 * RFC 854 defines commands between 240 and 254
1864 * shouldn't we look for them too?
1865 */
1866 if (((u_char) buffer[0] == 255)
1867 && (((u_char) buffer[1] == 251)
1868 || ((u_char) buffer[1] == 252)
1869 || ((u_char) buffer[1] == 253)
1870 || ((u_char) buffer[1] == 254)))
1871 mark_telnet_server (desc, port, trp);
1872 else if (((u_char) buffer[0] == 0)
1873 && ((u_char) buffer[1] == 1)
1874 && ((u_char) buffer[2] == 1)
1875 && ((u_char) buffer[3] == 0))
1876 mark_gnome14_server (desc, port, trp);
1877 else if (strncmp (line, "http/1.0 403 forbidden",
1878 strlen ("http/1.0 403 forbidden"))
1879 == 0
1880 && strstr (buffer, "server: adsubtract") != NULL)
1881 {
1882 mark_locked_adsubtract_server (desc, port, banner, trp);
1883 }
1884 else if (strstr ((char *) banner, "Eggdrop") != NULL
1885 && strstr ((char *) banner, "Eggheads") != NULL)
1886 mark_eggdrop_server (desc, port, trp);
1887 else if (strncmp (line, "$lock ", strlen ("$lock ")) == 0)
1888 mark_direct_connect_hub (desc, port, trp);
1889 else if (len > 34 && strstr (&(buffer[34]), "iss ecnra"))
1890 mark_iss_realsecure (desc, port);
1891 else if (len == 4 && origline[0] == 'Q' && origline[1] == 0
1892 && origline[2] == 0 && origline[3] == 0)
1893 mark_fw1 (desc, port, origline, trp);
1894 else if (strstr (line, "adsgone blocked html ad") != NULL)
1895 mark_adsgone (desc, port, origline, trp);
1896 else if (strncmp (line, "icy 200 ok", strlen ("icy 200 ok"))
1897 == 0)
1898 mark_shoutcast_server (desc, port, origline, trp);
1899 else if ((!strncmp (line, "200", 3)
1900 && (strstr (line,
1901 "running eudora internet mail server")))
1902 || (strstr (line, "+ok applepasswordserver")
1903 != NULL))
1904 mark_pop3pw_server (desc, port, origline, trp);
1905 else if ((strstr (line, "smtp")
1906 || strstr (line, "simple mail transfer")
1907 || strstr (line, "mail server")
1908 || strstr (line, "messaging")
1909 || strstr (line, "Weasel"))
1910 && !strncmp (line, "220", 3))
1911 mark_smtp_server (desc, port, origline, trp);
1912 else if (strstr (line, "220 ***************")
1913 || strstr (line, "220 eSafe@")) /* CISCO SMTP (?) -
1914 * see bug #175 */
1915 mark_smtp_server (desc, port, origline, trp);
1916 else if (strstr (line, "220 esafealert") != NULL)
1917 mark_smtp_server (desc, port, origline, trp);
1918 else if (strncmp (line, "220", 3) == 0
1919 && strstr (line, "groupwise internet agent") != NULL)
1920 mark_smtp_server (desc, port, origline, trp);
1921 else if (strncmp (line, "220", 3) == 0
1922 && strstr (line, " SNPP ") != NULL)
1923 mark_snpp_server (desc, port, origline, trp);
1924 else if (strncmp (line, "200", 3) == 0
1925 && strstr (line, "mail ") != NULL)
1926 mark_smtp_server (desc, port, origline, trp);
1927 else if (strncmp (line, "421", 3) == 0
1928 && strstr (line, "smtp ") != NULL)
1929 mark_smtp_server (desc, port, origline, trp);
1930 // Null characters in buffer were replaced by 'x'.
1931 else if ((line[0] != '\0'
1932 || (strstr (buffer, "mysql") != NULL))
1933 && (regex_match (
1934 buffer,
1935 "^.x{3}\n[0-9.]+ [0-9a-z]+@[0-9a-z]+ release")
1936 || regex_match (
1937 buffer, "^.x{3}\n[0-9.]+-(id[0-9]+-)?release"
1938 " \\([0-9a-z-]+\\)")))
1939 mark_sphinxql (desc, port);
1940 else if (line[0] != '\0'
1941 && ((strncmp (buffer + 1, "host '", 6) == 0)
1942 || (strstr (buffer, "mysql") != NULL
1943 || strstr (buffer, "mariadb") != NULL)))
1944 mark_mysql (desc, port);
1945 else if (!strncmp (line, "efatal", 6)
1946 || !strncmp (line, "einvalid packet length",
1947 strlen ("einvalid packet length")))
1948 mark_postgresql (desc, port);
1949 else if (strstr (line, "cvsup server ready") != NULL)
1950 mark_cvsupserver (desc, port);
1951 else if (!strncmp (line, "cvs [pserver aborted]:", 22)
1952 || !strncmp (line, "cvs [server aborted]:", 21))
1953 mark_cvspserver (desc, port);
1954 else if (!strncmp (line, "cvslock ", 8))
1955 mark_cvslockserver (desc, port);
1956 else if (!strncmp (line, "@rsyncd", 7))
1957 mark_rsync (desc, port);
1958 else if ((len == 4) && may_be_time ((time_t *) banner))
1959 mark_time_server (desc, port, trp);
1960 else if (strstr (buffer, "rmserver")
1961 || strstr (buffer, "realserver"))
1962 mark_rmserver (desc, port, origline, trp);
1963 else if ((strstr (line, "ftp") || strstr (line, "winsock")
1964 || strstr (line, "axis network camera")
1965 || strstr (line, "netpresenz")
1966 || strstr (line, "serv-u")
1967 || strstr (line, "service ready for new user"))
1968 && !strncmp (line, "220", 3))
1969 mark_ftp_server (desc, port, origline, trp);
1970 else if (strncmp (line, "220-", 4) == 0) /* FTP server with a
1971 * long banner */
1972 mark_ftp_server (desc, port, NULL, trp);
1973 else if (strstr (line, "220") && strstr (line, "whois+"))
1974 mark_whois_plus2_server (desc, port, origline, trp);
1975 else if (strstr (line, "520 command could not be executed"))
1976 mark_mon_server (desc, port, origline, trp);
1977 else if (strstr (line, "ssh-"))
1978 mark_ssh_server (desc, port, origline);
1979 else if (!strncmp (line, "+ok", 3)
1980 || (!strncmp (line, "+", 1) && strstr (line, "pop")))
1981 mark_pop_server (desc, port, origline);
1982 else if (strstr (line, "imap4") && !strncmp (line, "* ok", 4))
1983 mark_imap_server (desc, port, origline, trp);
1984 else if (strstr (line, "*ok iplanet messaging multiplexor"))
1985 mark_imap_server (desc, port, origline, trp);
1986 else if (strstr (line, "*ok communigate pro imap server"))
1987 mark_imap_server (desc, port, origline, trp);
1988 else if (strstr (line, "* ok courier-imap"))
1989 mark_imap_server (desc, port, origline, trp);
1990 else if (strncmp (line, "giop", 4) == 0)
1991 mark_giop_server (desc, port, trp);
1992 else if (strstr (line, "microsoft routing server"))
1993 mark_exchg_routing_server (desc, port, origline, trp);
1994 /* Apparently an iPlanet ENS server */
1995 else if (strstr (line, "gap service ready"))
1996 mark_ens_server (desc, port, trp);
1997 else if (strstr (line, "-service not available"))
1998 mark_tcpmux_server (desc, port, trp);
1999 /*
2000 * Citrix sends 7f 7f 49 43 41, that
2001 * we converted to lowercase
2002 */
2003 else if (strlen (line) > 2 && line[0] == 0x7F
2004 && line[1] == 0x7F
2005 && strncmp (&line[2], "ica", 3) == 0)
2006 mark_citrix_server (desc, port, trp);
2007
2008 else if (strstr (origline, " INN ")
2009 || strstr (origline, " Leafnode ")
2010 || strstr (line, " nntp daemon")
2011 || strstr (line, " nnrp service ready")
2012 || strstr (line, "posting ok")
2013 || strstr (line, "posting allowed")
2014 || strstr (line, "502 no permission")
2015 || (strcmp (line, "502") == 0
2016 && strstr (line, "diablo") != NULL))
2017 mark_nntp_server (desc, port, origline, trp);
2018 else if (strstr (buffer, "networking/linuxconf")
2019 || strstr (buffer, "networking/misc/linuxconf")
2020 || strstr (buffer, "server: linuxconf"))
2021 mark_linuxconf (desc, port, banner);
2022 else if (strncmp (buffer, "gnudoit:", 8) == 0)
2023 mark_gnuserv (desc, port);
2024 else if ((buffer[0] == '0'
2025 && strstr (buffer, "error.host\t1") != NULL)
2026 || (buffer[0] == '3'
2027 && strstr (
2028 buffer,
2029 "That item is not currently available")))
2030 mark_gopher_server (desc, port);
2031 else if (strstr (buffer,
2032 "www-authenticate: basic realm=\"swat\""))
2033 mark_swat_server (desc, port);
2034 else if (strstr (buffer, "vqserver")
2035 && strstr (buffer,
2036 "www-authenticate: basic realm=/"))
2037 mark_vqserver (desc, port);
2038 else if (strstr (buffer, "1invalid request") != NULL)
2039 mark_mldonkey (desc, port);
2040 else if (strstr (buffer, "get: command not found"))
2041 mark_wild_shell (desc, port);
2042 else if (strstr (buffer, "microsoft windows") != NULL
2043 && strstr (buffer, "c:\\") != NULL
2044 && strstr (buffer, "(c) copyright 1985-") != NULL
2045 && strstr (buffer, "microsoft corp.") != NULL)
2046 mark_wild_shell (desc, port);
2047 else if (strstr (buffer, "netbus"))
2048 mark_netbus_server (desc, port);
2049 else if (strstr (line, "0 , 0 : error : unknown-error")
2050 || strstr (line, "0, 0: error: unknown-error")
2051 || strstr (line, "get : error : unknown-error")
2052 || strstr (line, "0 , 0 : error : invalid-port"))
2053 mark_auth_server (desc, port);
2054 else if (!strncmp (line, "http/1.", 7)
2055 && strstr (line, "proxy")) /* my proxy "HTTP/1.1
2056 * 502 Proxy Error" */
2057 mark_http_proxy (desc, port, trp);
2058 else if (!strncmp (line, "http/1.", 7)
2059 && strstr (buffer, "via: "))
2060 mark_http_proxy (desc, port, trp);
2061 else if (!strncmp (line, "http/1.", 7)
2062 && strstr (buffer, "proxy-connection: "))
2063 mark_http_proxy (desc, port, trp);
2064 else if (!strncmp (line, "http/1.", 7)
2065 && strstr (buffer, "cache")
2066 && strstr (line, "bad request"))
2067 mark_http_proxy (desc, port, trp);
2068 else if (!strncmp (origline, "RFB 00", 6)
2069 && strstr (line, ".00"))
2070 mark_vnc_server (desc, port, origline);
2071 else if (!strncmp (line, "ncacn_http/1.", 13))
2072 mark_ncacn_http_server (desc, port, origline);
2073 else if (line_len >= 14 && /* no ending \r\n */
2074 line_len <= 18 && /* full GET request
2075 * length */
2076 strncmp (origline, http_get, line_len) == 0)
2077 mark_echo_server (desc, port);
2078 else if (strstr ((char *) banner, "!\"#$%&'()*+,-./")
2079 && strstr ((char *) banner, "ABCDEFGHIJ")
2080 && strstr ((char *) banner, "abcdefghij")
2081 && strstr ((char *) banner, "0123456789"))
2082 mark_chargen_server (desc, port);
2083 else if (strstr (line, "vtun server"))
2084 mark_vtun_server (desc, port, banner, trp);
2085 else if (strcmp (line, "login: password: ") == 0)
2086 mark_uucp_server (desc, port, banner, trp);
2087 else if (strcmp (line, "bad request") == 0
2088 || /* See bug # 387 */
2089 strstr (
2090 line,
2091 "invalid protocol request (71): gget / http/1.0")
2092 || (strncmp (line, "lpd:", 4) == 0)
2093 || (strstr (line, "lpsched") != NULL)
2094 || (strstr (line, "malformed from address") != NULL)
2095 || (strstr (line, "no connect permissions") != NULL)
2096 || /* <- RH 8 lpd */
2097 strcmp (line, "bad request") == 0)
2098 mark_lpd_server (desc, port, trp);
2099 else if (strstr (line, "%%lyskom unsupported protocol"))
2100 mark_lyskom_server (desc, port, trp);
2101 else if (strstr (line, "598:get:command not recognized"))
2102 mark_ph_server (desc, port, trp);
2103 else if (strstr (line, "BitTorrent prot"))
2104 mark_BitTorrent_server (desc, port, trp);
2105 else if (banner[0] == 'A' && banner[1] == 0x01
2106 && banner[2] == 0x02 && banner[3] == '\0')
2107 mark_smux_server (desc, port, trp);
2108 else if (!strncmp (line, "0 succeeded\n",
2109 strlen ("0 succeeded\n")))
2110 mark_LISa_server (desc, port, trp);
2111 else if (strlen ((char *) banner) == 3 && banner[2] == '\n')
2112 mark_msdtc_server (desc, port);
2113 else if ((!strncmp (line, "220", 3)
2114 && strstr (line, "poppassd")))
2115 mark_pop3pw_server (desc, port, origline, trp);
2116 else if (strstr (line, "welcome!psybnc@") != NULL)
2117 mark_psybnc (desc, port, origline, trp);
2118 else if (strncmp (line, "* acap ", strlen ("* acap ")) == 0)
2119 mark_acap_server (desc, port, origline, trp);
2120 else if (strstr (origline, "Sorry, you (") != NULL
2121 && strstr (origline,
2122 "are not among the allowed hosts...\n")
2123 != NULL)
2124 mark_nagiosd_server (desc, port, trp);
2125 else if (strstr (line, "[ts].error") != NULL
2126 || strstr (line, "[ts].\n") != NULL)
2127 mark_teamspeak2_server (desc, port, trp);
2128 else if (strstr (origline, "Language received from client:")
2129 && strstr (origline, "Setlocale:"))
2130 mark_websm_server (desc, port, trp);
2131 else if (strncmp (origline, "CNFGAPI", 7) == 0)
2132 mark_ofa_express_server (desc, port, trp);
2133 else if (strstr (line, "suse meta pppd") != NULL)
2134 mark_smppd_server (desc, port, trp);
2135 else if (strncmp (origline, "ERR UNKNOWN-COMMAND",
2136 strlen ("ERR UNKNOWN-COMMAND"))
2137 == 0)
2138 mark_upsmon_server (desc, port, trp);
2139 else if (strncmp (line, "connected. ", strlen ("connected. "))
2140 == 0
2141 && strstr (line, "legends") != NULL)
2142 mark_sub7_server (desc, port, trp);
2143 else if (strncmp (line, "spamd/", strlen ("spamd/")) == 0)
2144 mark_spamd_server (desc, port, trp);
2145 else if (strstr (line, " dictd ")
2146 && strncmp (line, "220", 3) == 0)
2147 mark_dictd_server (desc, port, origline, trp);
2148 else if (strncmp (line, "220 ", 4) == 0
2149 && strstr (line, "vmware authentication daemon")
2150 != NULL)
2151 mark_vmware_auth (desc, port, origline, trp);
2152 else if (strncmp (line, "220 ", 4) == 0
2153 && strstr (line, "interscan version") != NULL)
2154 mark_interscan_viruswall (desc, port, origline, trp);
2155 else if ((strlen ((char *) banner) > 1) && (banner[0] == '~')
2156 && (banner[strlen ((char *) banner) - 1] == '~')
2157 && (strchr ((char *) banner, '}') != NULL))
2158 mark_ppp_daemon (desc, port, trp);
2159 else if (strstr ((char *) banner, "Hello, this is zebra ")
2160 != NULL)
2161 mark_zebra_server (desc, port, origline, trp);
2162 else if (strstr (line, "ircxpro ") != NULL)
2163 mark_ircxpro_admin_server (desc, port, trp);
2164 else if (strncmp (origline, "version report",
2165 strlen ("version report"))
2166 == 0)
2167 mark_gnocatan_server (desc, port, trp);
2168 else if (strncmp (origline, "RTSP/1.0", strlen ("RTSP/1.0"))
2169 && strstr (origline, "QTSS/") != NULL)
2170 mark_quicktime_streaming_server (desc, port, trp);
2171 else if (strlen (origline) >= 2 && origline[0] == 0x30
2172 && origline[1] == 0x11 && origline[2] == 0)
2173 mark_dameware_server (desc, port, trp);
2174 else if (strstr (line, "stonegate firewall") != NULL)
2175 mark_stonegate_auth_server (desc, port, trp);
2176 else if (strncmp (line, "pbmasterd", strlen ("pbmasterd"))
2177 == 0)
2178 mark_pbmaster_server (desc, port, origline, trp);
2179 else if (strncmp (line, "pblocald", strlen ("pblocald")) == 0)
2180 mark_pblocald_server (desc, port, origline, trp);
2181 else if (strncmp (
2182 line, "<stream:error>invalid xml</stream:error>",
2183 strlen (
2184 "<stream:error>invalid xml</stream:error>"))
2185 == 0)
2186 mark_jabber_server (desc, port, trp);
2187 else if (strncmp (line, "/c -2 get ctgetoptions",
2188 strlen ("/c -2 get ctgetoptions"))
2189 == 0)
2190 mark_avotus_mm_server (desc, port, origline, trp);
2191 else if (strncmp (line, "error:wrong password",
2192 strlen ("error:wrong password"))
2193 == 0)
2194 mark_pnsclient (desc, port, trp);
2195 else if (strncmp (line, "1000 2", strlen ("1000 2"))
2196 == 0)
2197 mark_veritas_backup (desc, port, trp);
2198 else if (strstr (line,
2199 "the file name you specified is invalid")
2200 && strstr (line, "listserv"))
2201 mark_listserv_server (desc, port, trp);
2202 else if (strncmp (line, "control password:",
2203 strlen ("control password:"))
2204 == 0)
2205 mark_fssniffer (desc, port, trp);
2206 else if (strncmp (line, "remotenc control password:",
2207 strlen ("remotenc control password:"))
2208 == 0)
2209 mark_remote_nc_server (desc, port, trp);
2210 else if (((p = (unsigned char *) strstr (
2211 (char *) banner, "finger: GET: no such user"))
2212 != NULL
2213 && strstr ((char *) banner,
2214 "finger: /: no such user")
2215 != NULL
2216 && strstr ((char *) banner,
2217 "finger: HTTP/1.0: no such user")
2218 != NULL))
2219 {
2220 char c = '\0';
2221 if (p != NULL)
2222 {
2223 while (p - banner > 0 && isspace (*p))
2224 p--;
2225 c = *p;
2226 *p = '\0';
2227 mark_finger_server (desc, port, trp);
2228 }
2229
2230 if (p != NULL)
2231 *p = c;
2232 }
2233 else if (banner[0] == 5 && banner[1] <= 8 && banner[2] == 0
2234 && banner[3] <= 4)
2235 mark_socks_proxy (desc, port, 5);
2236 else if (banner[0] == 0 && banner[1] >= 90 && banner[1] <= 93)
2237 mark_socks_proxy (desc, port, 4);
2238 else if (strstr (
2239 buffer,
2240 "it looks like you are trying to access mongodb "
2241 "over http on the native driver port.")
2242 != NULL)
2243 mark_mongodb (desc, port);
2244 else
2245 unindentified_service = !flg;
2246 g_free (line);
2247 g_free (origline);
2248 }
2249 /* len >= 0 */
2250 else
2251 {
2252 unindentified_service = 1;
2253 #define TESTSTRING "OpenVAS Wrap Test"
2254 if (trp == OPENVAS_ENCAPS_IP && wrap_timeout > 0)
2255 maybe_wrapped = 1;
2256 }
2257 if (cnx > 0)
2258 close_stream_connection (cnx);
2259
2260 /*
2261 * I'll clean this later. Meanwhile, we will not print a silly
2262 * message for rsh and rlogin.
2263 */
2264 if (port == 513 /* rlogin */ || port == 514 /* rsh */)
2265 maybe_wrapped = 0;
2266
2267 if (maybe_wrapped /* && trp ==
2268 * OPENVAS_ENCAPS_IP &&
2269 wrap_timeout > 0 */ )
2270 {
2271 int nfd, fd, x, flag = 0;
2272 char b;
2273
2274 nfd = open_stream_connection (desc, port, OPENVAS_ENCAPS_IP,
2275 cnx_timeout);
2276 if (nfd >= 0)
2277 {
2278 fd = openvas_get_socket_from_connection (nfd);
2279 select_again2:
2280 FD_ZERO (&rfds);
2281 FD_SET (fd, &rfds);
2282 tv.tv_sec = wrap_timeout;
2283 tv.tv_usec = 0;
2284
2285 signal (SIGALRM, SIG_IGN);
2286
2287 (void) gettimeofday (&tv1, NULL);
2288 x = select (fd + 1, &rfds, NULL, NULL, &tv);
2289 (void) gettimeofday (&tv2, NULL);
2290 diff_tv2 = DIFFTV1000 (tv2, tv1);
2291 if (x < 0)
2292 {
2293 if (errno == EINTR)
2294 goto select_again2;
2295 perror ("select");
2296 }
2297 else if (x > 0)
2298 {
2299 errno = 0;
2300 x = recv (fd, &b, 1, MSG_DONTWAIT);
2301 if (x == 0 || (x < 0 && errno == EPIPE))
2302 {
2303 /*
2304 * If the service quickly closes the connection
2305 * when we send garbage but not when we don't send
2306 * anything, it is not wrapped
2307 */
2308 flag = 1;
2309 }
2310 }
2311 else
2312 {
2313 /*
2314 * Timeout - one last
2315 * check
2316 */
2317 errno = 0;
2318 if (send (fd, "Z", 1, MSG_DONTWAIT) < 0)
2319 {
2320 perror ("send");
2321 if (errno == EPIPE)
2322 flag = 1;
2323 }
2324 }
2325 close_stream_connection (nfd);
2326 if (flag)
2327 {
2328 if (diff_tv2 <= 2 * diff_tv + 1)
2329 {
2330 mark_wrapped_svc (desc, port, diff_tv2 / 1000);
2331 unindentified_service = 0;
2332 }
2333 }
2334 }
2335 }
2336
2337 if (unindentified_service && port != 139 && port != 135
2338 && port != 445)
2339 /*
2340 * port 139 can't be marked as
2341 * 'unknown'
2342 */
2343 {
2344 unknown[num_unknown++] = port;
2345 /*
2346 * find_service_3digits will run
2347 * after us
2348 */
2349 if (!three_digits)
2350 mark_unknown_svc (desc, port, banner, trp);
2351 }
2352 g_free (banner);
2353 }
2354 }
2355 h = h->next;
2356 }
2357 g_free (http_get);
2358
2359 return (0);
2360 }
2361
2362 #define MAX_SONS 128
2363
2364 static pid_t sons[MAX_SONS];
2365
2366 static void
sigterm(int s)2367 sigterm (int s)
2368 {
2369 int i;
2370
2371 (void) s;
2372 for (i = 0; i < MAX_SONS; i++)
2373 {
2374 if (sons[i] != 0)
2375 kill (sons[i], SIGTERM);
2376 }
2377 _exit (0);
2378 }
2379
2380 static void
sigchld(int s)2381 sigchld (int s)
2382 {
2383 int i;
2384
2385 (void) s;
2386 for (i = 0; i < MAX_SONS; i++)
2387 {
2388 waitpid (sons[i], NULL, WNOHANG);
2389 }
2390 }
2391
2392 tree_cell *
plugin_run_find_service(lex_ctxt * lexic)2393 plugin_run_find_service (lex_ctxt *lexic)
2394 {
2395 struct script_infos *desc = lexic->script_infos;
2396
2397 oid = lexic->oid;
2398
2399 kb_t kb = plug_get_kb (desc);
2400 struct kb_item *kbitem, *kbitem_tmp;
2401
2402 GSList *sons_args[MAX_SONS];
2403 int num_ports = 0;
2404 char *num_sons_s;
2405 int num_sons = 6;
2406 int port_per_son;
2407 int i;
2408 int test_ssl = 1;
2409 char *key = get_plugin_preference (oid, KEY_FILE, -1);
2410 char *cert = get_plugin_preference (oid, CERT_FILE, -1);
2411 char *pempass = get_plugin_preference (oid, PEM_PASS, -1);
2412 char *cafile = get_plugin_preference (oid, CA_FILE, -1);
2413 char *test_ssl_s = get_plugin_preference (oid, TEST_SSL_PREF, -1);
2414
2415 if (key && key[0] != '\0')
2416 key = (char *) get_plugin_preference_fname (desc, key);
2417 else
2418 key = NULL;
2419
2420 if (cert && cert[0] != '\0')
2421 cert = (char *) get_plugin_preference_fname (desc, cert);
2422 else
2423 cert = NULL;
2424
2425 if (cafile && cafile[0] != '\0')
2426 cafile = (char *) get_plugin_preference_fname (desc, cafile);
2427 else
2428 cafile = NULL;
2429
2430 if (test_ssl_s != NULL)
2431 {
2432 if (strcmp (test_ssl_s, "None") == 0)
2433 test_ssl = 0;
2434 }
2435 g_free (test_ssl_s);
2436 if (key || cert)
2437 {
2438 if (!key)
2439 key = cert;
2440 if (!cert)
2441 cert = key;
2442 plug_set_ssl_cert (desc, cert);
2443 plug_set_ssl_key (desc, key);
2444 }
2445 if (pempass != NULL)
2446 plug_set_ssl_pem_password (desc, pempass);
2447 if (cafile != NULL)
2448 plug_set_ssl_CA_file (desc, cafile);
2449
2450 signal (SIGTERM, sigterm);
2451 signal (SIGCHLD, sigchld);
2452 num_sons_s = get_plugin_preference (oid, NUM_CHILDREN, -1);
2453 if (num_sons_s != NULL)
2454 num_sons = atoi (num_sons_s);
2455 g_free (num_sons_s);
2456
2457 if (num_sons <= 0)
2458 num_sons = 6;
2459
2460 if (num_sons > MAX_SONS)
2461 num_sons = MAX_SONS;
2462
2463 for (i = 0; i < num_sons; i++)
2464 {
2465 sons[i] = 0;
2466 sons_args[i] = NULL;
2467 }
2468
2469 if (kb == NULL)
2470 return NULL; // TODO: in old days returned "1". Still relevant?
2471
2472 kbitem = kb_item_get_pattern (kb, "Ports/tcp/*");
2473
2474 /* count the number of open TCP ports */
2475 kbitem_tmp = kbitem;
2476 while (kbitem_tmp != NULL)
2477 {
2478 num_ports++;
2479 kbitem_tmp = kbitem_tmp->next;
2480 }
2481
2482 port_per_son = num_ports / num_sons;
2483
2484 /* The next two loops distribute the ports across a number of 'sons'.
2485 */
2486
2487 kbitem_tmp = kbitem;
2488
2489 for (i = 0; i < num_sons; i = i + 1)
2490 {
2491 int j;
2492
2493 if (kbitem_tmp != NULL)
2494 {
2495 for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2496 {
2497 sons_args[i] =
2498 g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2499 j++;
2500 kbitem_tmp = kbitem_tmp->next;
2501 }
2502 }
2503 else
2504 break;
2505 }
2506
2507 for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2508 {
2509 sons_args[i] =
2510 g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2511 i++;
2512 kbitem_tmp = kbitem_tmp->next;
2513 }
2514
2515 kb_item_free (kbitem);
2516
2517 for (i = 0; i < num_sons; i++)
2518 if (sons_args[i] == NULL)
2519 break;
2520
2521 num_sons = i;
2522
2523 for (i = 0; i < num_sons; i++)
2524 {
2525 usleep (5000);
2526 if (sons_args[i] != NULL)
2527 {
2528 sons[i] = fork ();
2529 if (sons[i] == 0)
2530 {
2531 kb_lnk_reset (kb);
2532 nvticache_reset ();
2533 signal (SIGTERM, _exit);
2534 plugin_do_run (desc, sons_args[i], test_ssl);
2535 exit (0);
2536 }
2537 else
2538 {
2539 if (sons[i] < 0)
2540 sons[i] = 0; /* Fork failed */
2541 }
2542 g_slist_free_full (sons_args[i], g_free);
2543 }
2544 }
2545
2546 for (;;)
2547 {
2548 int flag = 0;
2549
2550 for (i = 0; i < num_sons; i++)
2551 {
2552 if (sons[i] != 0)
2553 {
2554 while (waitpid (sons[i], NULL, WNOHANG) && errno == EINTR)
2555 ;
2556
2557 if (kill (sons[i], 0) >= 0)
2558 flag++;
2559 }
2560 }
2561
2562 if (flag == 0)
2563 break;
2564 usleep (100000);
2565 }
2566
2567 return NULL;
2568 }
2569