Greenbone Vulnerability Management Libraries 22.10.0
|
GnuTLS based functions for server communication. More...
#include "serverutils.h"
#include "../base/hosts.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <gcrypt.h>
#include <glib.h>
#include <gnutls/x509.h>
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
Macros | |
#define | _GNU_SOURCE |
#define | G_LOG_DOMAIN "libgvm util" |
GLib logging domain. | |
Functions | |
static int | server_attach_internal (int socket, gnutls_session_t *session, const char *host, int port) |
Attach a socket to a session, and shake hands with the peer. | |
static int | server_new_internal (unsigned int end_type, const char *priority, const gchar *ca_cert_file, const gchar *cert_file, const gchar *key_file, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials) |
Make a session for connecting to a server. | |
static int | close_unix (gvm_connection_t *client_connection) |
Close UNIX socket connection. | |
void | gvm_connection_free (gvm_connection_t *client_connection) |
Free connection. | |
int | gvm_server_verify (gnutls_session_t session) |
Verify certificate. | |
int | load_gnutls_file (const char *file, gnutls_datum_t *loaded_file) |
Loads a file's data into gnutls_datum_t struct. | |
void | unload_gnutls_file (gnutls_datum_t *data) |
Unloads a gnutls_datum_t struct's data. | |
static void | set_cert_pub_mem (const char *data) |
Save cert_pub_mem with public certificate. | |
static void | set_cert_priv_mem (const char *data) |
Save cert_priv_mem with private certificate. | |
static const char * | get_cert_priv_mem () |
Get private certificate from cert_priv_mem. | |
static const char * | get_cert_pub_mem () |
Get public certificate from cert_pub_mem. | |
static int | client_cert_callback (gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t *sign_algos, int sign_algos_length, gnutls_retr2_st *st) |
Callback function to be called in order to retrieve the certificate to be used in the handshake. | |
int | gvm_server_open_verify (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem, int verify) |
Connect to the server using a given host, port and cert. | |
int | gvm_server_open_with_cert (gnutls_session_t *session, const char *host, int port, const char *ca_mem, const char *pub_mem, const char *priv_mem) |
Connect to the server using a given host, port and cert. | |
int | gvm_server_open (gnutls_session_t *session, const char *host, int port) |
Connect to the server using a given host and port. | |
int | gvm_server_close (int socket, gnutls_session_t session) |
Close a server connection and its socket. | |
void | gvm_connection_close (gvm_connection_t *connection) |
Close a server connection and its socket. | |
int | gvm_server_attach (int socket, gnutls_session_t *session) |
Attach a socket to a session, and shake hands with the peer. | |
static int | gvm_server_vsendf_internal (gnutls_session_t *session, const char *fmt, va_list ap, int quiet) |
Send a string to the server. | |
static int | unix_vsendf_internal (int socket, const char *fmt, va_list ap, int quiet) |
Send a string to the server. | |
static int | gvm_connection_vsendf_internal (gvm_connection_t *connection, const char *fmt, va_list ap, int quiet) |
Send a string to the connection. | |
int | gvm_server_vsendf (gnutls_session_t *session, const char *fmt, va_list ap) |
Send a string to the server. | |
int | gvm_socket_vsendf (int socket, const char *fmt, va_list ap) |
Send a string to the server. | |
static int | gvm_connection_vsendf (gvm_connection_t *connection, const char *fmt, va_list ap) |
Send a string to the server. | |
static int | gvm_server_vsendf_quiet (gnutls_session_t *session, const char *fmt, va_list ap) |
Send a string to the server, refraining from logging besides warnings. | |
static int | gvm_connection_vsendf_quiet (gvm_connection_t *connection, const char *fmt, va_list ap) |
Send a string to the server, refraining from logging besides warnings. | |
int | gvm_server_sendf (gnutls_session_t *session, const char *format,...) |
Format and send a string to the server. | |
int | gvm_connection_sendf (gvm_connection_t *connection, const char *format,...) |
Format and send a string to the server. | |
static int | gvm_server_sendf_quiet (gnutls_session_t *session, const char *format,...) |
Format and send a string to the server. | |
static int | gvm_connection_sendf_quiet (gvm_connection_t *connection, const char *format,...) |
Format and send a string to the server. | |
int | gvm_server_sendf_xml (gnutls_session_t *session, const char *format,...) |
Format and send an XML string to the server. | |
int | gvm_connection_sendf_xml (gvm_connection_t *connection, const char *format,...) |
Format and send an XML string to the server. | |
int | gvm_server_sendf_xml_quiet (gnutls_session_t *session, const char *format,...) |
Format and send an XML string to the server. | |
int | gvm_connection_sendf_xml_quiet (gvm_connection_t *connection, const char *format,...) |
Format and send an XML string to the server. | |
static int | server_new_gnutls_init (gnutls_certificate_credentials_t *server_credentials) |
Initialize a server session. | |
static int | server_new_gnutls_set (unsigned int end_type, const char *priority, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials) |
Set the server credencials. | |
int | gvm_server_new (unsigned int end_type, gchar *ca_cert_file, gchar *cert_file, gchar *key_file, gnutls_session_t *server_session, gnutls_certificate_credentials_t *server_credentials) |
Make a session for connecting to a server. | |
int | gvm_server_new_mem (unsigned int end_type, const char *ca_cert, const char *pub_key, const char *priv_key, gnutls_session_t *session, gnutls_certificate_credentials_t *credentials) |
Make a session for connecting to a server, with certificates stored in memory. | |
int | set_gnutls_dhparams (gnutls_certificate_credentials_t creds, const char *dhparams_file) |
Set a gnutls session's Diffie-Hellman parameters. | |
int | gvm_server_free (int server_socket, gnutls_session_t server_session, gnutls_certificate_credentials_t server_credentials) |
Cleanup a server session. | |
Variables | |
static char * | cert_pub_mem = NULL |
static char * | cert_priv_mem = NULL |
GnuTLS based functions for server communication.
This library supplies low-level communication functions for communication with a server over GnuTLS.
#define _GNU_SOURCE |
#define G_LOG_DOMAIN "libgvm util" |
GLib logging domain.
|
static |
Callback function to be called in order to retrieve the certificate to be used in the handshake.
[in] | session | Pointer to GNUTLS session. Not in used. Can be NULL. |
[in] | req_ca_rdn | Contains a list with the CA names that the server considers trusted. Not in used. Can be NULL. |
[in] | nreqs | Number of CA requested. Not in used. Can be NULL. |
[in] | sign_algos | contains a list with server's acceptable public key algorithms. Not in used. Can be NULL. |
[in] | sign_algos_length | Algos list length. Not in used. Can be NULL. |
[out] | st | Should contain the certificates and private keys |
|
static |
Close UNIX socket connection.
[in] | client_connection | Client connection. |
|
static |
Get private certificate from cert_priv_mem.
|
static |
Get public certificate from cert_pub_mem.
void gvm_connection_close | ( | gvm_connection_t * | connection | ) |
Close a server connection and its socket.
[in] | connection | Connection. |
void gvm_connection_free | ( | gvm_connection_t * | client_connection | ) |
Free connection.
[in] | client_connection | Connection. |
int gvm_connection_sendf | ( | gvm_connection_t * | connection, |
const char * | format, | ||
... ) |
Format and send a string to the server.
[in] | connection | Connection. |
[in] | format | printf-style format string for message. |
|
static |
Format and send a string to the server.
[in] | connection | Connection. |
[in] | format | printf-style format string for message. |
int gvm_connection_sendf_xml | ( | gvm_connection_t * | connection, |
const char * | format, | ||
... ) |
Format and send an XML string to the server.
Escape XML in string and character args.
[in] | connection | Connection. |
[in] | format | printf-style format string for message. |
int gvm_connection_sendf_xml_quiet | ( | gvm_connection_t * | connection, |
const char * | format, | ||
... ) |
Format and send an XML string to the server.
Escape XML in string and character args.
Quiet version, only logs warnings.
[in] | connection | Connection. |
[in] | format | printf-style format string for message. |
|
static |
Send a string to the server.
[in] | connection | Connection. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
|
static |
Send a string to the connection.
[in] | connection | Connection. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
[in] | quiet | Whether to log debug and info messages. Useful for hiding passwords. |
|
static |
Send a string to the server, refraining from logging besides warnings.
[in] | connection | Connection. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
int gvm_server_attach | ( | int | socket, |
gnutls_session_t * | session ) |
Attach a socket to a session, and shake hands with the peer.
[in] | socket | Socket. |
[in] | session | Pointer to GNUTLS session. FIXME: Why is this a pointer to a session? |
int gvm_server_close | ( | int | socket, |
gnutls_session_t | session ) |
Close a server connection and its socket.
[in] | socket | Socket connected to server. |
[in] | session | GNUTLS session with server. |
int gvm_server_free | ( | int | server_socket, |
gnutls_session_t | server_session, | ||
gnutls_certificate_credentials_t | server_credentials ) |
Cleanup a server session.
This shuts down the TLS session, closes the socket and releases the TLS resources.
[in] | server_socket | The socket connected to the server. |
[in] | server_session | The session with the server. |
[in] | server_credentials | Credentials or NULL. |
int gvm_server_new | ( | unsigned int | end_type, |
gchar * | ca_cert_file, | ||
gchar * | cert_file, | ||
gchar * | key_file, | ||
gnutls_session_t * | server_session, | ||
gnutls_certificate_credentials_t * | server_credentials ) |
Make a session for connecting to a server.
[in] | end_type | Connection end type (GNUTLS_SERVER or GNUTLS_CLIENT). |
[in] | ca_cert_file | Certificate authority file. |
[in] | cert_file | Certificate file. |
[in] | key_file | Key file. |
[out] | server_session | The session with the server. |
[out] | server_credentials | Server credentials. |
int gvm_server_new_mem | ( | unsigned int | end_type, |
const char * | ca_cert, | ||
const char * | pub_key, | ||
const char * | priv_key, | ||
gnutls_session_t * | session, | ||
gnutls_certificate_credentials_t * | credentials ) |
Make a session for connecting to a server, with certificates stored in memory.
[in] | end_type | Connection end type: GNUTLS_SERVER or GNUTLS_CLIENT. |
[in] | ca_cert | Certificate authority public key. |
[in] | pub_key | Public key. |
[in] | priv_key | Private key. |
[out] | session | The session with the server. |
[out] | credentials | Server credentials. |
int gvm_server_open | ( | gnutls_session_t * | session, |
const char * | host, | ||
int | port ) |
Connect to the server using a given host and port.
[in] | session | Pointer to GNUTLS session. |
[in] | host | Host to connect to. |
[in] | port | Port to connect to. |
int gvm_server_open_verify | ( | gnutls_session_t * | session, |
const char * | host, | ||
int | port, | ||
const char * | ca_mem, | ||
const char * | pub_mem, | ||
const char * | priv_mem, | ||
int | verify ) |
Connect to the server using a given host, port and cert.
[in] | session | Pointer to GNUTLS session. |
[in] | host | Host to connect to. |
[in] | port | Port to connect to. |
[in] | ca_mem | CA cert. |
[in] | pub_mem | Public key. |
[in] | priv_mem | Private key. |
[in] | verify | Whether to verify. |
int gvm_server_open_with_cert | ( | gnutls_session_t * | session, |
const char * | host, | ||
int | port, | ||
const char * | ca_mem, | ||
const char * | pub_mem, | ||
const char * | priv_mem ) |
Connect to the server using a given host, port and cert.
Verify if all cert args are given.
[in] | session | Pointer to GNUTLS session. |
[in] | host | Host to connect to. |
[in] | port | Port to connect to. |
[in] | ca_mem | CA cert. |
[in] | pub_mem | Public key. |
[in] | priv_mem | Private key. |
int gvm_server_sendf | ( | gnutls_session_t * | session, |
const char * | format, | ||
... ) |
Format and send a string to the server.
[in] | session | Pointer to GNUTLS session. |
[in] | format | printf-style format string for message. |
|
static |
Format and send a string to the server.
[in] | session | Pointer to GNUTLS session. |
[in] | format | printf-style format string for message. |
int gvm_server_sendf_xml | ( | gnutls_session_t * | session, |
const char * | format, | ||
... ) |
Format and send an XML string to the server.
Escape XML in string and character args.
[in] | session | Pointer to GNUTLS session. |
[in] | format | printf-style format string for message. |
int gvm_server_sendf_xml_quiet | ( | gnutls_session_t * | session, |
const char * | format, | ||
... ) |
Format and send an XML string to the server.
Escape XML in string and character args.
Quiet version, only logs warnings.
[in] | session | Pointer to GNUTLS session. |
[in] | format | printf-style format string for message. |
int gvm_server_verify | ( | gnutls_session_t | session | ) |
Verify certificate.
[in] | session | Pointer to GNUTLS session. |
int gvm_server_vsendf | ( | gnutls_session_t * | session, |
const char * | fmt, | ||
va_list | ap ) |
Send a string to the server.
[in] | session | Pointer to GNUTLS session. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
|
static |
Send a string to the server.
[in] | session | Pointer to GNUTLS session. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
[in] | quiet | Whether to log debug and info messages. Useful for hiding passwords. |
|
static |
Send a string to the server, refraining from logging besides warnings.
[in] | session | Pointer to GNUTLS session. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
int gvm_socket_vsendf | ( | int | socket, |
const char * | fmt, | ||
va_list | ap ) |
Send a string to the server.
[in] | socket | Socket to send string through. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
int load_gnutls_file | ( | const char * | file, |
gnutls_datum_t * | loaded_file ) |
Loads a file's data into gnutls_datum_t struct.
[in] | file | File to load. |
[out] | loaded_file | Destination to load file into. |
|
static |
Attach a socket to a session, and shake hands with the peer.
[in] | socket | Socket. |
[in] | session | Pointer to GNUTLS session. |
[in] | host | NULL or the name of the host for diagnostics |
[in] | port | Port number for diagnostics; only used if host is not NULL |
|
static |
Initialize a server session.
[in] | server_credentials | Credentials to be allocated. |
|
static |
Set the server credencials.
[in] | end_type | Connection end type. |
[in] | priority | TLS priority to be set. If no one is given, NORMAL is default. |
[in] | server_session | GNUTLS session. |
[in] | server_credentials | Credentials to be set. |
|
static |
Make a session for connecting to a server.
[in] | end_type | Connection end type (GNUTLS_SERVER or GNUTLS_CLIENT). |
[in] | priority | Custom priority string or NULL. |
[in] | ca_cert_file | Certificate authority file. |
[in] | cert_file | Certificate file. |
[in] | key_file | Key file. |
[out] | server_session | The session with the server. |
[out] | server_credentials | Server credentials. |
|
static |
Save cert_priv_mem with private certificate.
[in] | data | The DER or PEM encoded certificate. |
|
static |
Save cert_pub_mem with public certificate.
[in] | data | The DER or PEM encoded certificate. |
int set_gnutls_dhparams | ( | gnutls_certificate_credentials_t | creds, |
const char * | dhparams_file ) |
Set a gnutls session's Diffie-Hellman parameters.
[in] | creds | GnuTLS credentials. |
[in] | dhparams_file | Path to PEM file containing the DH parameters. |
|
static |
Send a string to the server.
[in] | socket | Socket. |
[in] | fmt | Format of string to send. |
[in] | ap | Args for fmt. |
[in] | quiet | Whether to log debug and info messages. Useful for hiding passwords. |
void unload_gnutls_file | ( | gnutls_datum_t * | data | ) |
Unloads a gnutls_datum_t struct's data.
[in] | data | Pointer to gnutls_datum_t struct to be unloaded. |
|
static |
|
static |