Hi list,
I am attaching a set of patches that add scap synchronization feature to the
Greenbone Security Assistant.
ov-mgr-scap-sync.patch: Adds --describe and --feedversion support for
openvas-scapdata-sync script.
ov-adm-scap-sync.patch: Adds the possibility to specify scap-script option for
openvasad (defaulting to openvas-scapdata-sync). sync_scap and describe_scap
commands were also added. The patch also includes an interface change. Now,
openvas_sync_feed() and openvas_get_sync_script_identification() take a 3rd
argument to specify whether the wanted synchronization is for NVT or SCAP
(other synchronizations types would be easier to add in the future) to profit
from some code reusing.
All the necessary modifications for this change were applied and all relevant
documentation was updated.
ov-gsa-scap-sync.patch: Adds get_scap and sync_scap commands, synchronization
menu, buttons, relevant help documentation etc,. to Greenbone Security
Assistant.
Reviews and feedback are welcome. Let me know if there are any issues or
possible improvements.
Cheers,
Hani.
Index: tools/openvas-scapdata-sync.in
===================================================================
--- tools/openvas-scapdata-sync.in (revision 14393)
+++ tools/openvas-scapdata-sync.in (working copy)
@@ -46,6 +46,20 @@
RES_DIR=@OPENVAS_SCAP_RES_DIR@
RESTRICTED=0
+TIMESTAMP="$SCAP_DIR/timestamp"
+
+if [ -z "$FEED_NAME" ] ; then
+ FEED_NAME="OpenVAS SCAP Feed"
+fi
+
+if [ -z "$FEED_VENDOR" ] ; then
+ FEED_VENDOR="The OpenVAS Project"
+fi
+
+if [ -z "$FEED_HOME" ] ; then
+ FEED_HOME="http://www.openvas.org/";
+fi
+
# The URL of the plugin feed
if [ -z "$OV_RSYNC_FEED" ]; then
OV_RSYNC_FEED=rsync://feed.openvas.org:/scap-data
@@ -78,6 +92,8 @@
echo " --selftest perform self-test"
echo " --identify display information"
echo " --version display version"
+ echo " --describe display current scap feed info"
+ echo " --feedversion display current scap feed version"
echo " --dst-dir <dir> SCAP destination directory"
echo ""
echo "Environment variables:"
@@ -175,6 +191,19 @@
chk_system_tools
}
+do_describe () {
+ echo "This script synchronizes a SCAP collection with the '$FEED_NAME'."
+ echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'."
+ echo "Online information about this feed: '$FEED_HOME'."
+
+}
+
+do_feedversion () {
+ if [ -r $TIMESTAMP ] ; then
+ echo `cat $TIMESTAMP`
+ fi
+}
+
show_intro () {
echo "[i] This script synchronizes a SCAP data directory with the OpenVAS one."
echo "[i] SCAP dir: $SCAP_DIR"
@@ -325,6 +354,10 @@
do_self_test
exit $SELFTEST_FAIL
;;
+ --describe)
+ do_describe
+ exit 0
+ ;;
--feedversion)
do_feedversion
exit 0
Index: src/openvasad.c
===================================================================
--- src/openvasad.c (revision 14393)
+++ src/openvasad.c (working copy)
@@ -473,6 +473,7 @@
static const gchar *account = NULL;
static const gchar *rules_file = NULL;
static const gchar *sync_script = NULL;
+ static const gchar *scap_script = NULL;
static gboolean print_feed_version = FALSE;
static gboolean perform_feed_sync = FALSE;
static gboolean print_sync_status = FALSE;
@@ -521,6 +522,9 @@
{"sync-script", 's', 0, G_OPTION_ARG_FILENAME, &sync_script,
"Script to use for NVT feed synchronization",
"<sync-script>"},
+ {"scap-script", 's', 0, G_OPTION_ARG_FILENAME, &scap_script,
+ "Script to use for SCAP feed synchronization",
+ "<scap-script>"},
{"feed-version", 'F', 0, G_OPTION_ARG_NONE, &print_feed_version,
"Print version of the installed NVT feed.", NULL},
{"sync-feed", 'S', 0, G_OPTION_ARG_NONE, &perform_feed_sync,
@@ -594,7 +598,8 @@
}
switch (openvas_sync_feed
- (sync_script, name ? name : "openvasad command line user"))
+ (sync_script, name ? name : "openvasad command line user",
+ NVT_FEED))
{
case 0:
{
@@ -919,7 +924,8 @@
}
switch (openvas_sync_feed
- (sync_script, name ? name : "openvasad command line user"))
+ (sync_script, name ? name : "openvasad command line user",
+ NVT_FEED))
{
case 0:
{
@@ -1117,8 +1123,14 @@
infof (" sync_script not set, setting to default\n");
sync_script = OPENVAS_SYNC_SCRIPT_DIR "/openvas-nvt-sync";
}
+ if (scap_script == NULL)
+ {
+ infof (" scap_script not set, setting to default\n");
+ scap_script = OPENVAS_SYNC_SCRIPT_DIR "/openvas-scapdata-sync";
+ }
- infof (" Using %s as the synchronization script\n", sync_script);
+ infof (" Using %s as the nvt synchronization script\n", sync_script);
+ infof (" Using %s as the scap synchronization script\n", scap_script);
if (scanner_config_file == NULL)
{
@@ -1180,7 +1192,7 @@
/* Initialise OAP daemon. */
switch (init_oapd
- (log_config, users_dir, sync_script, scanner_config_file,
+ (log_config, users_dir, sync_script, scap_script, scanner_config_file,
enable_modify_settings))
{
case 0:
Index: src/tests/oap_help_0.c
===================================================================
--- src/tests/oap_help_0.c (revision 14393)
+++ src/tests/oap_help_0.c (working copy)
@@ -39,12 +39,14 @@
" DELETE_USER Delete an existing user.\n"
" DESCRIBE_AUTH Get details about the used authentication methods.\n"
" DESCRIBE_FEED Get details of the NVT feed this administrator uses.\n"
+" DESCRIBE_SCAP Get details of the SCAP feed this administrator uses.\n"
" GET_SETTINGS Get scanner settings.\n"
" GET_USERS Get all users.\n"
" GET_VERSION Get the OpenVAS Administrator Protocol version.\n"
" HELP Get this help text.\n"
" MODIFY_AUTH Modify the authentication methods.\n"
" MODIFY_USER Modify a user.\n"
+" SYNC_SCAP Synchronize with a SCAP feed.\n"
" SYNC_FEED Synchronize with an NVT feed.\n";
int
Index: src/oapd.c
===================================================================
--- src/oapd.c (revision 14393)
+++ src/oapd.c (working copy)
@@ -79,8 +79,10 @@
*
* @param[in] log_config Logging configuration.
* @param[in] users_dir Directory containing user information.
- * @param[in] synchronization_script The script to use for feed
+ * @param[in] nvt_sync_script The script to use for nvt feed
* synchronization.
+ * @param[in] scap_sync_script The script to use for scap feed
+ * synchronization.
* @param[in] configuration_file Configuration file.
* @param[in] enable_modify_settings If true enable OAP MODIFY_SETTINGS.
*
@@ -88,10 +90,10 @@
*/
int
init_oapd (GSList * log_config, const gchar * users_dir,
- const gchar * synchronization_script,
+ const gchar * nvt_sync_script, const gchar * scap_sync_script,
const gchar * configuration_file, gboolean enable_modify_settings)
{
- return init_oap (log_config, users_dir, synchronization_script,
+ return init_oap (log_config, users_dir, nvt_sync_script, scap_sync_script,
configuration_file, enable_modify_settings);
}
Index: src/oapd.h
===================================================================
--- src/oapd.h (revision 14393)
+++ src/oapd.h (working copy)
@@ -30,7 +30,8 @@
#include <glib.h>
#include <gnutls/gnutls.h>
-int init_oapd (GSList *, const gchar *, const gchar *, const gchar *, gboolean);
+int init_oapd (GSList *, const gchar *, const gchar *, const gchar *,
+ const gchar *, gboolean);
int serve_oap (gnutls_session_t *, int, gnutls_certificate_credentials_t *);
Index: src/schema_formats/XML/OAP.xml
===================================================================
--- src/schema_formats/XML/OAP.xml (revision 14393)
+++ src/schema_formats/XML/OAP.xml (working copy)
@@ -458,6 +458,7 @@
<c>delete_user</c>
<c>describe_auth</c>
<c>describe_feed</c>
+ <c>describe_scap</c>
<c>get_settings</c>
<c>get_users</c>
<c>get_version</c>
@@ -465,6 +466,7 @@
<c>modify_auth</c>
<c>modify_user</c>
<c>sync_feed</c>
+ <c>sync_scap</c>
</or>
</any>
</pattern>
@@ -488,6 +490,7 @@
<r>delete_user</r>
<r>describe_auth</r>
<r>describe_feed</r>
+ <r>describe_scap</r>
<r>get_settings</r>
<r>get_users</r>
<r>get_version</r>
@@ -495,6 +498,7 @@
<r>modify_auth</r>
<r>modify_user</r>
<r>sync_feed</r>
+ <r>sync_scap</r>
</or>
</any>
</pattern>
@@ -774,6 +778,79 @@
</example>
</command>
<command>
+ <name>describe_scap</name>
+ <summary>Describe the SCAP feed</summary>
+ <description>
+ <p>
+ The client uses the "describe_scap" command to get details about
+ the SCAP feed used by the administrator.
+ </p>
+ <p>
+ The Administrator will reply with a scap element containing
+ information about the SCAP feed.
+ </p>
+ </description>
+ <pattern>
+ </pattern>
+ <response>
+ <pattern>
+ <attrib>
+ <name>status</name>
+ <type>status</type>
+ <required>1</required>
+ </attrib>
+ <attrib>
+ <name>status_text</name>
+ <type>text</type>
+ <required>1</required>
+ </attrib>
+ <e>scap</e>
+ </pattern>
+ <ele>
+ <name>scap</name>
+ <pattern>
+ <e>name</e>
+ <e>version</e>
+ <e>description</e>
+ </pattern>
+ <ele>
+ <name>name</name>
+ <summary>The name of the scap feed</summary>
+ <pattern>text</pattern>
+ </ele>
+ <ele>
+ <name>version</name>
+ <summary>The version of the scap feed</summary>
+ <pattern>text</pattern>
+ </ele>
+ <ele>
+ <name>description</name>
+ <summary>A description of the scap feed</summary>
+ <pattern>text</pattern>
+ </ele>
+ </ele>
+ </response>
+ <example>
+ <summary>Describe the scap feed</summary>
+ <request>
+ <describe_scap>
+ </describe_scap>
+ </request>
+ <response>
+ <describe_scap_response status="200" status_text="OK">
+ <scap>
+ <name>OpenVAS NVT SCAP</name>
+ <version>201011221324</version>
+ <description>
+ The 'OpenVAS SCAP Feed' is provided by 'The OpenVAS Project'.
+ <truncated>...</truncated>
+ </description>
+ </scap>
+ </describe_scap_response>
+ </response>
+ </example>
+ </command>
+ <command>
<name>get_settings</name>
<summary>Get all settings</summary>
<description>
@@ -1094,6 +1171,7 @@
DELETE_USER Delete an existing user.
DESCRIBE_AUTH Get details about the used authentication methods.
DESCRIBE_FEED Get details of the NVT feed this administrator uses.
+ DESCRIBE_SCAP Get details of the SVAP feed this administrator uses.
GET_SETTINGS Get scanner settings.
GET_USERS Get all users.
GET_VERSION Get the OpenVAS Administrator Protocol version.
@@ -1101,6 +1179,7 @@
MODIFY_AUTH Modify the authentication methods.
MODIFY_USER Modify a user.
SYNC_FEED Synchronize with an NVT feed.
+ SYNC_SCAP Synchronize with a SCAP feed.
</help_response>
</response>
</example>
@@ -1386,4 +1465,40 @@
</response>
</example>
</command>
+ <command>
+ <name>sync_scap</name>
+ <summary>Synchronize with a SCAP feed</summary>
+ <description>
+ <p>
+ The client uses the "sync_scap" command to request a
+ synchronization with the SCAP feed service the Administrator uses.
+ </p>
+ </description>
+ <pattern>
+ </pattern>
+ <response>
+ <pattern>
+ <attrib>
+ <name>status</name>
+ <type>status</type>
+ <required>1</required>
+ </attrib>
+ <attrib>
+ <name>status_text</name>
+ <type>text</type>
+ <required>1</required>
+ </attrib>
+ </pattern>
+ </response>
+ <example>
+ <summary>Sync the feed</summary>
+ <request>
+ <sync_scap>
+ </sync_scap>
+ </request>
+ <response>
+ <sync_scap_response status="202" status_text="OK, request submitted"/>
+ </response>
+ </example>
+ </command>
</protocol>
Index: src/oap.c
===================================================================
--- src/oap.c (revision 14393)
+++ src/oap.c (working copy)
@@ -117,6 +117,7 @@
* @brief The synchronization script for this daemon.
*/
static const gchar *sync_script = NULL;
+static const gchar *scap_script = NULL;
/**
* @brief The scanner configuration file for this daemon.
@@ -178,12 +179,14 @@
" DELETE_USER Delete an existing user.\n"
" DESCRIBE_AUTH Get details about the used authentication methods.\n"
" DESCRIBE_FEED Get details of the NVT feed this administrator uses.\n"
+ " DESCRIBE_SCAP Get details of the SCAP feed this administrator uses.\n"
" GET_SETTINGS Get scanner settings.\n"
" GET_USERS Get all users.\n"
" GET_VERSION Get the OpenVAS Administrator Protocol version.\n"
" HELP Get this help text.\n"
" MODIFY_AUTH Modify the authentication methods.\n" "%s"
" MODIFY_USER Modify a user.\n"
+ " SYNC_SCAP Synchronize with a SCAP feed.\n"
" SYNC_FEED Synchronize with an NVT feed.\n";
static char *help_modify_settings =
@@ -543,7 +546,7 @@
/**
- * @brief Frees all data related tp a modify_auth command and nulls the command
+ * @brief Frees all data related to a modify_auth command and nulls the command
* @brief data struct.
*
* @param[in,out] data Data to free and null.
@@ -721,6 +724,7 @@
CLIENT_DELETE_USER,
CLIENT_DESCRIBE_AUTH,
CLIENT_DESCRIBE_FEED,
+ CLIENT_DESCRIBE_SCAP,
CLIENT_GET_SETTINGS,
CLIENT_GET_USERS,
CLIENT_HELP,
@@ -739,6 +743,7 @@
CLIENT_MODIFY_USER_SOURCES,
CLIENT_MODIFY_USER_SOURCES_SOURCE,
CLIENT_SYNC_FEED,
+ CLIENT_SYNC_SCAP,
CLIENT_VERSION
} client_state_t;
@@ -1140,6 +1145,8 @@
}
else if (strcasecmp ("DESCRIBE_FEED", element_name) == 0)
set_client_state (CLIENT_DESCRIBE_FEED);
+ else if (strcasecmp ("DESCRIBE_SCAP", element_name) == 0)
+ set_client_state (CLIENT_DESCRIBE_SCAP);
else if (strcasecmp ("DESCRIBE_AUTH", element_name) == 0)
set_client_state (CLIENT_DESCRIBE_AUTH);
else if (strcasecmp ("GET_USERS", element_name) == 0)
@@ -1179,6 +1186,8 @@
set_client_state (CLIENT_MODIFY_USER);
else if (strcasecmp ("SYNC_FEED", element_name) == 0)
set_client_state (CLIENT_SYNC_FEED);
+ else if (strcasecmp ("SYNC_SCAP", element_name) == 0)
+ set_client_state (CLIENT_SYNC_SCAP);
else
{
if (send_to_client (XML_ERROR_SYNTAX ("oap", "Bogus command name")))
@@ -1879,7 +1888,8 @@
if (openvas_get_sync_script_description (sync_script, &feed_description)
&& openvas_get_sync_script_identification (sync_script,
- &feed_identification)
+ &feed_identification,
+ NVT_FEED)
&& openvas_get_sync_script_feed_version (sync_script,
&feed_version))
{
@@ -1951,6 +1961,90 @@
break;
}
+ case CLIENT_DESCRIBE_SCAP:
+ {
+ gchar *scap_description = NULL;
+ gchar *scap_identification = NULL;
+ gchar *scap_version = NULL;
+
+ assert (current_credentials.username);
+
+ if (openvas_get_sync_script_description (scap_script, &scap_description)
+ && openvas_get_sync_script_identification (scap_script,
+ &scap_identification,
+ SCAP_FEED)
+ && openvas_get_sync_script_feed_version (scap_script,
+ &scap_version))
+ {
+ gchar *user, *timestamp;
+ int syncing;
+ gchar **ident = g_strsplit (scap_identification, "|", 6);
+ gchar *selftest_result = NULL;
+
+ syncing = openvas_current_sync (scap_script, ×tamp, &user);
+ if (syncing < 0 || ident[0] == NULL || ident[1] == NULL
+ || ident[2] == NULL || ident[3] == NULL)
+ {
+ g_strfreev (ident);
+ SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("describe_scap"));
+ }
+ else
+ {
+
+ SENDF_TO_CLIENT_OR_FAIL ("<describe_scap_response" " status=\""
+ STATUS_OK "\"" " status_text=\""
+ STATUS_OK_TEXT "\">" "<scap>"
+ "<name>%s</name>"
+ "<version>%s</version>"
+ "<description>%s</description>",
+ ident[3], scap_version,
+ scap_description);
+ g_strfreev (ident);
+ if (openvas_sync_script_perform_selftest
+ (scap_script, &selftest_result) == FALSE)
+ {
+ SENDF_TO_CLIENT_OR_FAIL ("<sync_not_available>"
+ "<error>%s</error>"
+ "</sync_not_available>",
+ selftest_result ? selftest_result :
+ "");
+ g_free (selftest_result);
+ }
+
+ if (syncing > 0)
+ {
+ tracef("ME %s %s", timestamp, user);
+ SENDF_TO_CLIENT_OR_FAIL ("<currently_syncing>"
+ "<timestamp>%s</timestamp>"
+ "<user>%s</user>"
+ "</currently_syncing>",
+ timestamp ? timestamp : "",
+ user ? user : "");
+ g_free (timestamp);
+ g_free (user);
+ }
+ SEND_TO_CLIENT_OR_FAIL ("</scap>" "</describe_scap_response>");
+ }
+
+ g_free (scap_identification);
+ g_free (scap_version);
+ }
+ else
+ {
+ SEND_TO_CLIENT_OR_FAIL ("<describe_scap_response" " status=\""
+ STATUS_OK "\"" " status_text=\""
+ STATUS_OK_TEXT "\">");
+ SEND_TO_CLIENT_OR_FAIL ("<scap>");
+ SEND_TO_CLIENT_OR_FAIL ("<name></name>");
+ SEND_TO_CLIENT_OR_FAIL ("<description></description>");
+ SEND_TO_CLIENT_OR_FAIL ("</scap>");
+ SEND_TO_CLIENT_OR_FAIL ("</describe_scap_response>");
+ }
+ g_free (scap_description);
+ set_client_state (CLIENT_AUTHENTIC);
+ break;
+ }
+
case CLIENT_DESCRIBE_AUTH:
{
assert (current_credentials.username);
@@ -2291,7 +2385,7 @@
* forked children would be using the same server session. */
abort (); // FIX respond with error or something
else
- switch (openvas_sync_feed (sync_script, current_credentials.username))
+ switch (openvas_sync_feed (sync_script, current_credentials.username, NVT_FEED))
{
case 0:
SEND_TO_CLIENT_OR_FAIL (XML_OK_REQUESTED ("sync_feed"));
@@ -2327,6 +2421,49 @@
set_client_state (CLIENT_AUTHENTIC);
break;
+ case CLIENT_SYNC_SCAP:
+ assert (current_credentials.username);
+ if (forked == 2)
+ /* Prevent the forked child from forking again, as then both
+ * forked children would be using the same server session. */
+ abort (); // FIX respond with error or something
+ else
+ switch (openvas_sync_feed (scap_script, current_credentials.username, SCAP_FEED))
+ {
+ case 0:
+ SEND_TO_CLIENT_OR_FAIL (XML_OK_REQUESTED ("sync_scap"));
+ forked = 1;
+ break;
+ case 1:
+ SEND_TO_CLIENT_OR_FAIL (XML_ERROR_BUSY ("sync_scap"));
+ break;
+ case 2:
+ /* Forked sync process: success. */
+ current_error = 2;
+ g_set_error (error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
+ "Dummy error for current_error");
+ break;
+ case 11:
+ /* Forked sync process: success busy. */
+ current_error = 2;
+ g_set_error (error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
+ "Dummy error for current_error");
+ break;
+ case -10:
+ /* Forked sync process: error. */
+ current_error = -10;
+ g_set_error (error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
+ "Dummy error for current_error");
+ break;
+ default:
+ assert (0);
+ case -1:
+ SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("sync_scap"));
+ break;
+ }
+ set_client_state (CLIENT_AUTHENTIC);
+ break;
+
case CLIENT_VERSION:
SEND_TO_CLIENT_OR_FAIL ("<get_version_response" " status=\"" STATUS_OK
"\"" " status_text=\"" STATUS_OK_TEXT "\">"
@@ -2449,8 +2586,10 @@
*
* @param[in] log_config Logging configuration list.
* @param[in] users_directory Directory containing user info.
- * @param[in] synchronization_script The script to use for feed
+ * @param[in] nvt_sync_script The script to use for nvt feed
* synchronization.
+ * @param[in] scap_sync_script The script to use for scap feed
+ * synchronization.
* @param[in] configuration_file Scanner configuration file.
* @param[in] modify_settings If true enable OAP MODIFY_SETTINGS.
*
@@ -2458,19 +2597,22 @@
*/
int
init_oap (GSList * log_config, const gchar * users_directory,
- const gchar * synchronization_script,
+ const gchar * nvt_sync_script, const gchar * scap_sync_script,
const gchar * configuration_file, gboolean modify_settings)
{
if (users_directory == NULL)
return -1;
- if (synchronization_script == NULL)
+ if (nvt_sync_script == NULL)
return -1;
+ if (scap_sync_script == NULL)
+ return -1;
if (configuration_file == NULL)
return -1;
g_log_set_handler (G_LOG_DOMAIN, ALL_LOG_LEVELS, (GLogFunc) openvas_log_func,
log_config);
users_dir = users_directory;
- sync_script = synchronization_script;
+ sync_script = nvt_sync_script;
+ scap_script = scap_sync_script;
scanner_config_file = configuration_file;
current_credentials.username = NULL;
current_credentials.password = NULL;
Index: src/oap.h
===================================================================
--- src/oap.h (revision 14393)
+++ src/oap.h (working copy)
@@ -35,7 +35,8 @@
*/
#define TO_CLIENT_BUFFER_SIZE 26214400
-int init_oap (GSList *, const gchar *, const gchar *, const gchar *, gboolean);
+int init_oap (GSList *, const gchar *, const gchar *, const gchar *,
+ const gchar *, gboolean);
void init_oap_process ();
Index: src/admin.c
===================================================================
--- src/admin.c (revision 14393)
+++ src/admin.c (working copy)
@@ -697,7 +697,7 @@
}
/**
- * @brief Request an NVT synchronization script selftest.
+ * @brief Request an NVT/SCAP synchronization script selftest.
*
* Ask an NVT synchronization script to perform a selftest and report
* the results.
@@ -770,17 +770,20 @@
}
/**
- * @brief Retrieves the ID string of an NVT sync script, with basic validation.
+ * @brief Retrieves the ID string of an NVT/SCAP sync script, with basic
+ * @brief validation.
*
* @param[in] sync_script The file name of the synchronization script.
* @param[out] identification Return location of the identification string.
+ * @param[in] feed_type NVT_FEED or SCAP_FEED.
*
* @return TRUE if the identification string was retrieved, or FALSE if an
* error occured.
*/
gboolean
openvas_get_sync_script_identification (const gchar * sync_script,
- gchar ** identification)
+ gchar ** identification,
+ int feed_type)
{
g_assert (sync_script);
g_assert_cmpstr (*identification, ==, NULL);
@@ -829,7 +832,8 @@
script_identification = g_strsplit (script_out, "|", 6);
if ((script_identification[0] == NULL)
- || g_ascii_strncasecmp (script_identification[0], "NVTSYNC", 7)
+ || g_ascii_strncasecmp (script_identification[0],
+ (feed_type == NVT_FEED)?"NVTSYNC":"SCAPSYNC", 7)
|| g_ascii_strncasecmp (script_identification[0], script_identification[5], 7))
{
g_warning ("%s is not a NVT synchronization script.", sync_script);
@@ -857,7 +861,8 @@
}
/**
- * @brief Retrieves description of an NVT sync script, with basic validation.
+ * @brief Retrieves description of an NVT/SCAP sync script, with basic
+ * @brief validation.
*
* @param[in] sync_script The file name of the synchronization script.
* @param[out] description Return location of the description string.
@@ -922,8 +927,8 @@
}
/**
- * @brief Retrieves the version of an NVT feed handled by the sync, with basic
- * validation.
+ * @brief Retrieves the version of an NVT/SCAP feed handled by the sync, with
+ * basic validation.
*
* @param[in] sync_script The file name of the synchronization script.
* @param[out] feed_version Return location of the feed version string.
@@ -988,19 +993,21 @@
}
/**
- * @brief Forks a child to synchronize the local NVT collection.
+ * @brief Forks a child to synchronize the local NVT/SCAP collection.
*
- * The forked process calls an NVT sync script to sync the feed.
+ * The forked process calls an NVT/SCAP sync script to sync the feed.
*
* @param[in] sync_script The file name of the synchronization script.
* @param[in] current_user The user currently authenticated.
+ * @param[in] feed_type Could be NVT_FEED or SCAP_FEED.
*
* @return 0 sync requested (parent), 1 sync already in progress (parent),
* -1 error (parent), 2 sync complete (child), 11 sync in progress
* (child), -10 error (child).
*/
int
-openvas_sync_feed (const gchar * sync_script, const gchar * current_user)
+openvas_sync_feed (const gchar * sync_script, const gchar * current_user,
+ int feed_type)
{
int fd, ret = 2;
gchar *lockfile_name, *lockfile_dirname;
@@ -1012,7 +1019,7 @@
g_assert (current_user);
if (!openvas_get_sync_script_identification
- (sync_script, &script_identification_string))
+ (sync_script, &script_identification_string, feed_type))
{
g_warning ("No valid synchronization script supplied!");
return -1;
Index: src/admin.h
===================================================================
--- src/admin.h (revision 14393)
+++ src/admin.h (working copy)
@@ -29,6 +29,10 @@
#include <glib.h>
#include <openvas/base/array.h>
+/* For feed syncing */
+#define NVT_FEED 1
+#define SCAP_FEED 2
+
typedef struct
{
gchar *name;
@@ -46,10 +50,10 @@
int openvas_admin_remove_user (const gchar *, const gchar *);
gboolean openvas_admin_set_rules (const gchar *, const gchar *, const gchar *);
-int openvas_sync_feed (const gchar *, const gchar *);
+int openvas_sync_feed (const gchar *, const gchar *, int);
int openvas_current_sync (const gchar *, gchar **, gchar **);
gboolean openvas_sync_script_perform_selftest (const gchar *, gchar **);
-gboolean openvas_get_sync_script_identification (const gchar *, gchar **);
+gboolean openvas_get_sync_script_identification (const gchar *, gchar **, int);
gboolean openvas_get_sync_script_description (const gchar *, gchar **);
gboolean openvas_get_sync_script_feed_version (const gchar *, gchar **);
Index: src/gsad_oap.c
===================================================================
--- src/gsad_oap.c (revision 14393)
+++ src/gsad_oap.c (working copy)
@@ -920,6 +920,76 @@
}
/**
+ * @brief Get descriptions of the scap feed(s) connected to the administrator.
+ *
+ * @param[in] credentials Username and password for authentication
+ * @param[in] params Request parameters.
+ *
+ * @return Result of XSL transformation.
+ */
+char *
+get_scap_oap(credentials_t * credentials, params_t *params)
+{
+ tracef ("In get_scap_oap\n");
+ entity_t entity;
+ char *text = NULL;
+ gnutls_session_t session;
+ int socket;
+ gchar *html;
+
+ switch (administrator_connect (credentials, &socket, &session, &html))
+ {
+ case -1:
+ if (html)
+ return html;
+ return gsad_message (credentials,
+ "Internal error", __FUNCTION__, __LINE__,
+ "An internal error occurred while getting the SCAP feed list. "
+ "The current list of SCAP feeds is not available. "
+ "Diagnostics: Failure to connect to administrator daemon.",
+ "/omp?cmd=get_tasks");
+ case -2:
+ return xsl_transform_oap (credentials,
+ g_strdup
+ ("<gsad_msg status_text=\"Access refused.\""
+ " operation=\"List SCAP Feeds\">"
+ "Only users given the Administrator role"
+ " may access Feed Administration."
+ "</gsad_msg>"));
+ }
+
+ if (openvas_server_sendf (&session,
+ "<commands>"
+ "<describe_scap/>"
+ "</commands>")
+ == -1)
+ {
+ return gsad_message (credentials,
+ "Internal error", __FUNCTION__, __LINE__,
+ "An internal error occurred while getting the SCAP feed list. "
+ "The current list of SCAP feeds is not available. "
+ "Diagnostics: Failure to send command to administrator daemon.",
+ "/omp?cmd=get_tasks");
+ }
+
+ if (read_entity_and_text (&session, &entity, &text))
+ {
+ openvas_server_close (socket, session);
+ return gsad_message (credentials,
+ "Internal error", __FUNCTION__, __LINE__,
+ "An internal error occurred while getting SCAP the feed. "
+ "The current list of SCAP feeds is not available. "
+ "Diagnostics: Failure to receive response from administrator daemon.",
+ "/omp?cmd=get_tasks");
+ }
+
+ openvas_server_close (socket, session);
+ tracef ("get_scap_oap: got text: %s", text);
+ fflush (stderr);
+ return xsl_transform_oap (credentials, text);
+}
+
+/**
* @brief Synchronize with an NVT feed and XSL transform the result.
*
* @param[in] credentials Username and password for authentication
@@ -991,6 +1061,77 @@
}
/**
+ * @brief Synchronize with a SCAP feed and XSL transform the result.
+ *
+ * @param[in] credentials Username and password for authentication
+ * @param[in] params Request parameters.
+ *
+ * @return Result of XSL transformation.
+ */
+char *
+sync_scap_oap (credentials_t * credentials, params_t *params)
+{
+ tracef ("In sync_scap_oap\n");
+ entity_t entity;
+ char *text = NULL;
+ gnutls_session_t session;
+ int socket;
+ gchar *html;
+
+ switch (administrator_connect (credentials, &socket, &session, &html))
+ {
+ case -1:
+ if (html)
+ return html;
+ return gsad_message (credentials,
+ "Internal error", __FUNCTION__, __LINE__,
+ "An internal error occurred while synchronizing with the SCAP feed. "
+ "SCAP Feed synchronization is currently not available. "
+ "Diagnostics: Failure to connect to administrator daemon.",
+ "/omp?cmd=get_tasks");
+ case -2:
+ return xsl_transform_oap (credentials,
+ g_strdup
+ ("<gsad_msg status_text=\"Access refused.\""
+ " operation=\"Synchronize SCAP Feed\">"
+ "Only users given the Administrator role"
+ " may access Feed Administration."
+ "</gsad_msg>"));
+ }
+
+ if (openvas_server_sendf (&session,
+ "<commands>"
+ "<sync_scap/>"
+ "<describe_scap/>"
+ "</commands>")
+ == -1)
+ {
+ return gsad_message (credentials,
+ "Internal error", __FUNCTION__, __LINE__,
+ "An internal error occurred while synchronizing with the SCAP feed. "
+ "SCAP Feed synchronization is currently not available. "
+ "Diagnostics: Failure to send command to administrator daemon.",
+ "/omp?cmd=get_tasks");
+ }
+
+ if (read_entity_and_text (&session, &entity, &text))
+ {
+ openvas_server_close (socket, session);
+ return gsad_message (credentials,
+ "Internal error", __FUNCTION__, __LINE__,
+ "An internal error occurred while synchronizing with the SCAP feed. "
+ "SCAP Feed synchronization is currently not available. "
+ "Diagnostics: Failure to receive response from administrator daemon.",
+ "/omp?cmd=get_tasks");
+ }
+
+ openvas_server_close (socket, session);
+ tracef ("sync_scap_oap: got text: %s", text);
+ fflush (stderr);
+ return xsl_transform_oap (credentials, text);
+}
+
+/**
* @brief Get all settings and XSL transform the result.
*
* @param[in] credentials Username and password for authentication
Index: src/gsad_oap.h
===================================================================
--- src/gsad_oap.h (revision 14393)
+++ src/gsad_oap.h (working copy)
@@ -44,7 +44,9 @@
char * delete_user_oap (credentials_t *, params_t *);
char * save_user_oap (credentials_t *, params_t *);
char * get_feed_oap (credentials_t *, params_t *);
+char * get_scap_oap (credentials_t *, params_t *);
char * sync_feed_oap (credentials_t *, params_t *);
+char * sync_scap_oap (credentials_t *, params_t *);
char * get_settings_oap (credentials_t *, params_t *);
char * edit_settings_oap (credentials_t *, params_t *);
char * save_settings_oap (credentials_t *, params_t *);
Index: src/html/gsad.xsl
===================================================================
--- src/html/gsad.xsl (revision 14393)
+++ src/html/gsad.xsl (working copy)
@@ -987,6 +987,7 @@
<li class="pointy"></li>
<li><a href="/oap?cmd=get_users&token={/envelope/token}">Users</a></li>
<li><a href="/oap?cmd=get_feed&token={/envelope/token}">NVT Feed</a></li>
+ <li><a href="/oap?cmd=get_scap&token={/envelope/token}">SCAP Feed</a></li>
<li class="last"><a href="/oap?cmd=get_settings&token={/envelope/token}">Settings</a></li>
</ul>
</li>
Index: src/html/oap.xsl
===================================================================
--- src/html/oap.xsl (revision 14393)
+++ src/html/oap.xsl (working copy)
@@ -661,6 +661,134 @@
<!-- END FEED MANAGEMENT -->
+<!-- BEGIN SCAP FEED MANAGEMENT -->
+
+<!-- DESCRIBE SCAP FEED RESPONSE -->
+
+<xsl:template match="describe_scap_response">
+ <xsl:choose>
+ <xsl:when test="substring(@status, 1, 1) = '4' or substring(@status, 1, 1) = '5'">
+ <xsl:call-template name="command_result_dialog">
+ <xsl:with-param name="operation">Describe SCAP Feed</xsl:with-param>
+ <xsl:with-param name="status">
+ <xsl:value-of select="@status"/>
+ </xsl:with-param>
+ <xsl:with-param name="msg">
+ <xsl:value-of select="@status_text"/>
+ </xsl:with-param>
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="html-scap-form"/>
+ </xsl:otherwise>
+ </xsl:choose>
+</xsl:template>
+
+<xsl:template name="html-scap-form">
+ <div class="gb_window">
+ <div class="gb_window_part_left"></div>
+ <div class="gb_window_part_right"></div>
+ <div class="gb_window_part_center">NVT Feed Management
+ <a href="/help/scap_management.html?token={/envelope/token}"
+ title="Help: SCAP Feed Management">
+ <img src="/img/help.png"/>
+ </a>
+ </div>
+ <div class="gb_window_part_content">
+ <form action="/oap" method="post" enctype="multipart/form-data">
+ <input type="hidden" name="token" value="{/envelope/token}"/>
+ <input type="hidden" name="cmd" value="sync_scap"/>
+ <input type="hidden" name="caller" value="{/envelope/caller}"/>
+ <table border="0" cellspacing="0" cellpadding="3" width="100%">
+ <tr>
+ <td valign="top" width="125">Name</td>
+ <td>
+ <b><xsl:value-of select="scap/name"/></b><br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" width="125">Feed Version</td>
+ <td>
+ <xsl:value-of select="scap/version"/>
+ </td>
+ </tr>
+ <xsl:choose>
+ <xsl:when test="scap/currently_syncing">
+ <tr>
+ <td valign="top" width="125"></td>
+ <td>
+ Synchronization
+ <b>in progress</b>. Started
+ <b>
+ <xsl:value-of select="scap/currently_syncing/timestamp"/>
+ </b>
+ by
+ <b><xsl:value-of select="scap/currently_syncing/user"/></b>.
+ </td>
+ </tr>
+ </xsl:when>
+ </xsl:choose>
+ <tr>
+ <td valign="top" width="125">Description</td>
+ <td>
+ <xsl:value-of select="scap/description"/>
+ </td>
+ </tr>
+ <xsl:choose>
+ <xsl:when test="scap/sync_not_available">
+ <tr>
+ <td valign="top" width="125"></td>
+ <td>
+ <b>Warning:</b> Synchronization with this feed is currently not possible.<br/>
+ <xsl:choose>
+ <xsl:when test="scap/sync_not_available/error/text()">
+ The synchronization script returned the following error message: <i><xsl:value-of select="feed/sync_not_available/error/text()"/></i>
+ </xsl:when>
+ </xsl:choose>
+ </td>
+ </tr>
+ </xsl:when>
+ </xsl:choose>
+ <tr>
+ <td colspan="2" style="text-align:right;">
+ <xsl:choose>
+ <xsl:when test="scap/currently_syncing">
+ <input type="submit" name="submit" value="Synchronize with SCAP Feed now" disabled="disabled"/>
+ </xsl:when>
+ <xsl:when test="scap/sync_not_available">
+ <input type="submit" name="submit" value="Synchronize with SCAP Feed now" disabled="disabled"/>
+ </xsl:when>
+ <xsl:otherwise>
+ <input type="submit" name="submit" value="Synchronize with SCAP Feed now"/>
+ </xsl:otherwise>
+ </xsl:choose>
+ <p>
+ <a style="background-color: #ff6;" href="/help/scap_management.html?token={/envelope/token}#side_effects" title="Help: SCAP Feed Management">Learn about the side effects of SCAP Feed synchronization!</a>
+ </p>
+ </td>
+ </tr>
+ </table>
+ </form>
+ </div>
+ </div>
+</xsl:template>
+
+<!-- SYNC_SCAP_RESPONSE -->
+
+<xsl:template match="sync_scap_response">
+ <xsl:call-template name="command_result_dialog">
+ <xsl:with-param name="operation">Synchronization with SCAP Feed</xsl:with-param>
+ <xsl:with-param name="status">
+ <xsl:value-of select="@status"/>
+ </xsl:with-param>
+ <xsl:with-param name="msg">
+ <xsl:value-of select="@status_text"/>
+ </xsl:with-param>
+ </xsl:call-template>
+</xsl:template>
+
+<!-- END SCAP MANAGEMENT -->
+
<!-- BEGIN SETTINGS MANAGEMENT -->
<xsl:template name="html-settings-table">
Index: src/html/help.xsl
===================================================================
--- src/html/help.xsl (revision 14393)
+++ src/html/help.xsl (working copy)
@@ -2248,6 +2248,7 @@
<ul>
<li> <a href="configure_users.html?token={/envelope/token}">Configure Users</a></li>
<li> <a href="feed_management.html?token={/envelope/token}">NVT Feed Management</a></li>
+ <li> <a href="scap_management.html?token={/envelope/token}">SCAP Feed Management</a></li>
<li> <a href="settings.html?token={/envelope/token}">Settings</a></li>
</ul>
<li> Miscellaneous</li>
@@ -2433,6 +2434,48 @@
</div>
</xsl:template>
+<xsl:template mode="help" match="scap_management.html">
+ <div class="gb_window_part_center">Help: SCAP Feed Management</div>
+ <div class="gb_window_part_content">
+ <div style="float:left;"><a href="/help/contents.html?token={/envelope/token}">Help Contents</a></div>
+ <div class="float_right"><a href="/omp?cmd=get_feed&token={/envelope/token}">Jump to dialog</a></div>
+ <div style="text-align:left">
+
+ <br/>
+ <h1>SCAP Feed Management</h1>
+ <p>
+ The management of SCAP feeds is only accessible for users that own
+ the "Administrator" role.
+ </p>
+
+ <a name="scap_synchronization"></a>
+ <h2>Synchronization with a SCAP Feed</h2>
+ <p>
+ This dialog allows you synchronize your SCAP collection with a SCAP feed. It
+ shows the name of the SCAP Feed Service your installation is configured to use
+ and a short description of the tool which will be used to synchronize your SCAP
+ collection with the Feed Service. Hit the "Synchronize with Feed now" button to
+ start the synchronization.
+ </p>
+
+ <a name="side_effects"></a>
+ <h2>Side effects of an SCAP Synchronization</h2>
+ <p>
+ The synchronization with a SCAP Feed Service will usually take a short amount of
+ time. However, in some cases this process can take much longer.
+ This depends on the time of your last synchronization and the number of changes in
+ the Feed Service. While synchronizing, the interface might be slow to react.
+ </p>
+ <p>
+ At the end of the synchronization, some components of your installation will
+ need to be reloaded to make full use of your updated SCAP collection. This also
+ usually takes a short time, but in some cases may take much longer. During this
+ time the interface may be unresponsive.
+ </p>
+ </div>
+ </div>
+</xsl:template>
+
<xsl:template mode="help" match="filter_details.html">
<div class="gb_window_part_center">Help: Filter Details
<!--
Index: src/gsad.c
===================================================================
--- src/gsad.c (revision 14393)
+++ src/gsad.c (working copy)
@@ -589,6 +589,7 @@
"|(get_config_nvt)"
"|(get_configs)"
"|(get_feed)"
+ "|(get_scap)"
"|(get_filter)"
"|(get_filters)"
"|(get_alert)"
@@ -653,6 +654,7 @@
"|(save_user)"
"|(start_task)"
"|(stop_task)"
+ "|(sync_scap)"
"|(sync_feed)"
"|(verify_agent)"
"|(verify_report_format)"
@@ -1602,6 +1604,7 @@
ELSE (start_task)
ELSE (stop_task)
ELSE_OAP (sync_feed)
+ ELSE_OAP (sync_scap)
ELSE (test_alert)
else
{
@@ -1886,6 +1889,7 @@
ELSE_OAP (get_user)
ELSE_OAP (get_users)
ELSE_OAP (get_feed)
+ ELSE_OAP (get_scap)
ELSE (get_config)
ELSE (get_configs)
ELSE (get_config_family)
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
