From 07e45db8ce8673cb4098c0e447636531d66a7a8e Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Wed, 26 May 2021 12:25:04 +0200 Subject: [PATCH 1/3] Add basic Sentry integration and logging At startup and when forking gvmd will try to initialize Sentry using the DSN set in the environment variable SENTRY_DSN_GVMD. When exiting gvmd will close Sentry. This will allow the logging in gvm-libs to send warnings and other more critical error messages to the given Sentry DSN. --- src/CMakeLists.txt | 9 +++- src/debug_utils.c | 45 ++++++++++++++++ src/debug_utils.h | 33 ++++++++++++ src/gvmd.c | 96 +++++++++++++++++++++++++++++++-- src/lsc_crypt.c | 5 ++ src/manage.c | 22 ++++++++ src/manage_sql.c | 32 ++++++++++- src/manage_sql_report_formats.c | 8 +++ src/manage_sql_secinfo.c | 4 ++ src/utils.c | 4 ++ 10 files changed, 251 insertions(+), 7 deletions(-) create mode 100644 src/debug_utils.c create mode 100644 src/debug_utils.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4852cef54..63a5b6f8e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -99,6 +99,7 @@ add_executable (manage-utils-test EXCLUDE_FROM_ALL manage_utils_tests.c + debug_utils.c gvmd.c gmpd.c manage.c sql.c manage_acl.c manage_configs.c manage_get.c @@ -123,6 +124,7 @@ add_executable (manage-test EXCLUDE_FROM_ALL manage_tests.c + debug_utils.c gvmd.c gmpd.c manage_utils.c sql.c manage_acl.c manage_configs.c manage_get.c @@ -147,6 +149,7 @@ add_executable (manage-sql-test EXCLUDE_FROM_ALL manage_sql_tests.c + debug_utils.c gvmd.c gmpd.c manage_utils.c manage.c sql.c manage_acl.c manage_configs.c manage_get.c @@ -171,6 +174,7 @@ add_executable (gmp-tickets-test EXCLUDE_FROM_ALL gmp_tickets_tests.c + debug_utils.c gvmd.c gmpd.c manage_utils.c manage.c sql.c manage_acl.c manage_configs.c manage_get.c @@ -194,6 +198,7 @@ add_executable (utils-test EXCLUDE_FROM_ALL utils_tests.c + debug_utils.c gvmd.c gmpd.c manage_utils.c manage.c sql.c manage_acl.c manage_configs.c manage_get.c @@ -219,7 +224,9 @@ add_custom_target (tests gmp-tickets-test manage-test manage-sql-test manage-utils-test utils-test) add_executable (gvmd - main.c gvmd.c gmpd.c + main.c gvmd.c + debug_utils.c + gmpd.c manage_utils.c manage.c sql.c manage_acl.c manage_configs.c manage_get.c manage_port_lists.c manage_preferences.c diff --git a/src/debug_utils.c b/src/debug_utils.c new file mode 100644 index 000000000..0814261dd --- /dev/null +++ b/src/debug_utils.c @@ -0,0 +1,45 @@ +/* Copyright (C) 2021 Greenbone Networks GmbH + * + * SPDX-License-Identifier: AGPL-3.0-or-later + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +/** + * @file debug_utils.c + * @brief Debug utilties and Sentry integration + */ + +#include "debug_utils.h" + +#include +#include /* for snprintf */ +#include + +int +init_sentry (void) +{ + char *sentry_dsn_gvmd = NULL; + char version[96]; + + snprintf (version, sizeof (version), "gvmd@%s", GVMD_VERSION); + + sentry_dsn_gvmd = getenv ("SENTRY_DSN_GVMD"); + if (gvm_has_sentry_support () && sentry_dsn_gvmd && *sentry_dsn_gvmd) + { + gvm_sentry_init (sentry_dsn_gvmd, version); + return 1; + } + return 0; +} diff --git a/src/debug_utils.h b/src/debug_utils.h new file mode 100644 index 000000000..1e37e8014 --- /dev/null +++ b/src/debug_utils.h @@ -0,0 +1,33 @@ +/* Copyright (C) 2021 Greenbone Networks GmbH + * + * SPDX-License-Identifier: AGPL-3.0-or-later + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + + +/** + * @file debug_utils.h + * @brief Headers for debug utilties and Sentry integration + */ + +#ifndef _OPENVAS_DEBUG_UTILS_H +#define _OPENVAS_DEBUG_UTILS_H + +#include /* for gvm_sentry_init */ + +int +init_sentry (void); + +#endif \ No newline at end of file diff --git a/src/gvmd.c b/src/gvmd.c index 27999305f..6aa6d6dc6 100644 --- a/src/gvmd.c +++ b/src/gvmd.c @@ -95,10 +95,12 @@ #include #include #include +#include #include #include #include +#include "debug_utils.h" #include "manage.h" #include "manage_sql_nvts.h" #include "manage_sql_secinfo.h" @@ -453,6 +455,7 @@ serve_client (int server_socket, gvm_connection_t *client_connection) g_critical ("%s: failed to set SO_KEEPALIVE on scanner socket: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } } @@ -559,6 +562,7 @@ accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current) g_critical ("%s: failed to accept client connection: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } sockaddr_as_str (&addr, client_address); @@ -580,6 +584,7 @@ accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current) struct sigaction action; gvm_connection_t client_connection; + init_sentry (); is_parent = 0; proctitle_set ("gvmd: Serving client"); @@ -597,6 +602,7 @@ accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current) strerror (errno)); shutdown (client_socket, SHUT_RDWR); close (client_socket); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -610,6 +616,7 @@ accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current) strerror (errno)); shutdown (client_socket, SHUT_RDWR); close (client_socket); + gvm_close_sentry (); exit (EXIT_FAILURE); } /* Reopen the database (required after fork). */ @@ -620,6 +627,7 @@ accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current) client_connection.session = client_session; client_connection.credentials = client_credentials; ret = serve_client (server_socket, &client_connection); + gvm_close_sentry (); exit (ret); } case -1: @@ -666,6 +674,7 @@ fork_connection_internal (gvm_connection_t *client_connection, { case 0: /* Child. */ + init_sentry (); cleanup_manage_process (FALSE); break; @@ -695,6 +704,7 @@ fork_connection_internal (gvm_connection_t *client_connection, if (socketpair (AF_UNIX, SOCK_STREAM, 0, sockets)) { g_warning ("%s: socketpair: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -712,6 +722,7 @@ fork_connection_internal (gvm_connection_t *client_connection, case 0: /* Child. Serve the scheduler GMP, then exit. */ + init_sentry (); proctitle_set ("gvmd: Serving GMP internally"); parent_client_socket = sockets[0]; @@ -726,6 +737,7 @@ fork_connection_internal (gvm_connection_t *client_connection, strerror (errno)); shutdown (parent_client_socket, SHUT_RDWR); close (parent_client_socket); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -739,6 +751,7 @@ fork_connection_internal (gvm_connection_t *client_connection, strerror (errno)); shutdown (parent_client_socket, SHUT_RDWR); close (parent_client_socket); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -770,6 +783,7 @@ fork_connection_internal (gvm_connection_t *client_connection, { g_critical ("%s: client server initialisation failed", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } set_gnutls_priority (&client_session, priorities_option); @@ -790,6 +804,7 @@ fork_connection_internal (gvm_connection_t *client_connection, client_connection->credentials = client_credentials; ret = serve_client (manager_socket, client_connection); + gvm_close_sentry (); exit (ret); break; @@ -797,6 +812,7 @@ fork_connection_internal (gvm_connection_t *client_connection, /* Parent when error. */ g_warning ("%s: fork: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); break; @@ -837,11 +853,17 @@ fork_connection_internal (gvm_connection_t *client_connection, CLIENTKEY, &client_connection->session, &client_connection->credentials)) - exit (EXIT_FAILURE); + { + gvm_close_sentry (); + exit (EXIT_FAILURE); + } if (gvm_server_attach (client_connection->socket, &client_connection->session)) - exit (EXIT_FAILURE); + { + gvm_close_sentry (); + exit (EXIT_FAILURE); + } } g_debug ("%s: all set to request GMP on socket %i", @@ -851,6 +873,7 @@ fork_connection_internal (gvm_connection_t *client_connection, break; } + gvm_close_sentry (); exit (EXIT_FAILURE); return -1; } @@ -1043,6 +1066,7 @@ handle_sigchld (/* unused */ int given_signal, siginfo_t *info, void *ucontext) static void handle_sigabrt_simple (int signal) { + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -1096,6 +1120,8 @@ update_nvt_cache_retry () else if (child_pid == 0) { const char *osp_update_socket; + + init_sentry (); osp_update_socket = get_osp_vt_update_socket (); if (osp_update_socket) { @@ -1112,11 +1138,13 @@ update_nvt_cache_retry () g_message ("%s: rebuild successful", __func__); } + gvm_close_sentry (); exit (ret); } else { g_warning ("%s: No OSP VT update socket set", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } } @@ -1162,6 +1190,7 @@ fork_update_nvt_cache () case 0: /* Child. */ + init_sentry (); proctitle_set ("gvmd: Updating NVT cache"); /* Clean up the process. */ @@ -1182,6 +1211,7 @@ fork_update_nvt_cache () /* Exit. */ cleanup_manage_process (FALSE); + gvm_close_sentry (); exit (EXIT_SUCCESS); break; @@ -1263,6 +1293,7 @@ fork_feed_sync () case 0: /* Child. */ + init_sentry (); proctitle_set ("gvmd: Synchronizing feed data"); /* Clean up the process. */ @@ -1284,6 +1315,7 @@ fork_feed_sync () /* Exit. */ cleanup_manage_process (FALSE); + gvm_close_sentry (); exit (EXIT_SUCCESS); break; @@ -1327,11 +1359,13 @@ serve_and_schedule () if (sigfillset (&sigmask_all)) { g_critical ("%s: Error filling signal set", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (pthread_sigmask (SIG_BLOCK, &sigmask_all, &sigmask_current)) { g_critical ("%s: Error setting signal mask", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } sigmask_normal = &sigmask_current; @@ -1378,6 +1412,7 @@ serve_and_schedule () case 1: break; default: + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -1400,6 +1435,7 @@ serve_and_schedule () g_critical ("%s: select failed: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -1409,11 +1445,13 @@ serve_and_schedule () if (FD_ISSET (manager_socket, &exceptfds)) { g_critical ("%s: exception in select", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } if ((manager_socket_2 > -1) && FD_ISSET (manager_socket_2, &exceptfds)) { g_critical ("%s: exception in select (2)", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (FD_ISSET (manager_socket, &readfds)) @@ -1434,6 +1472,7 @@ serve_and_schedule () case 1: break; default: + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -1802,6 +1841,8 @@ gvmd (int argc, char** argv) static gchar *value = NULL; static gchar *feed_lock_path = NULL; static int feed_lock_timeout = 0; + + int sentry_initialized; GError *error = NULL; lockfile_t lockfile_checking, lockfile_serving; GOptionContext *option_context; @@ -2120,6 +2161,7 @@ gvmd (int argc, char** argv) } g_option_context_free (option_context); + sentry_initialized = init_sentry (); if (print_version) { printf ("Greenbone Vulnerability Manager %s\n", GVMD_VERSION); @@ -2127,11 +2169,24 @@ gvmd (int argc, char** argv) printf ("GIT revision %s\n", GVMD_GIT_REVISION); #endif printf ("Manager DB revision %i\n", manage_db_supported_version ()); + if (gvm_has_sentry_support ()) + { + const char *sentry_dsn; + sentry_dsn = g_getenv ("SENTRY_DSN_GVMD"); + + if (sentry_initialized) + printf ("Sentry support enabled with DSN %s\n", sentry_dsn); + else if (sentry_dsn == NULL) + printf ("Sentry support disabled: no DSN set\n"); + else + printf ("Sentry support disabled\n"); + } printf ("Copyright (C) 2009-2021 Greenbone Networks GmbH\n"); printf ("License: AGPL-3.0-or-later\n"); printf ("This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n\n"); + gvm_close_sentry (); exit (EXIT_SUCCESS); } @@ -2209,6 +2264,7 @@ gvmd (int argc, char** argv) else if (setenv ("TZ", "utc 0", 1) == -1) { g_critical ("%s: failed to set timezone", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } tzset (); @@ -2226,6 +2282,18 @@ gvmd (int argc, char** argv) log_config = load_log_configuration (rc_name); g_free (rc_name); setup_log_handlers (log_config); + + /* Log whether sentry support is enabled */ + if (sentry_initialized) + { + g_message ("Sentry support enabled with DSN %s", + g_getenv ("SENTRY_DSN_GVMD")); + } + else + { + g_debug ("Sentry support disabled"); + } + /* Enable GNUTLS debugging if requested via env variable. */ { const char *s; @@ -2828,6 +2896,7 @@ gvmd (int argc, char** argv) { case 0: /* Child. */ + init_sentry (); break; case -1: /* Parent when error. */ @@ -2835,11 +2904,13 @@ gvmd (int argc, char** argv) __func__, strerror (errno)); log_config_free (); + gvm_close_sentry (); exit (EXIT_FAILURE); break; default: /* Parent. */ log_config_free (); + gvm_close_sentry (); exit (EXIT_SUCCESS); break; } @@ -2857,6 +2928,7 @@ gvmd (int argc, char** argv) case -2: g_critical ("%s: database is wrong version", __func__); log_config_free (); + gvm_close_sentry (); exit (EXIT_FAILURE); break; case -4: @@ -2866,12 +2938,14 @@ gvmd (int argc, char** argv) MANAGE_ABSOLUTE_MAX_IPS_PER_TARGET, max_ips_per_target); log_config_free (); + gvm_close_sentry (); exit (EXIT_FAILURE); break; case -1: default: g_critical ("%s: failed to initialise GMP daemon", __func__); log_config_free (); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -2880,6 +2954,7 @@ gvmd (int argc, char** argv) if (lockfile_unlock (&lockfile_checking)) { g_critical ("%s: Error releasing checking lock", __func__); + gvm_close_sentry (); return EXIT_FAILURE; } @@ -2890,12 +2965,17 @@ gvmd (int argc, char** argv) g_critical ("%s: failed to register `atexit' cleanup function", __func__); log_config_free (); + gvm_close_sentry (); exit (EXIT_FAILURE); } /* Set our pidfile. */ - if (pidfile_create ("gvmd")) exit (EXIT_FAILURE); + if (pidfile_create ("gvmd")) + { + gvm_close_sentry (); + exit (EXIT_FAILURE); + } /* Setup global variables. */ @@ -2916,6 +2996,7 @@ gvmd (int argc, char** argv) g_critical ("%s: failed to create log directory: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -2925,6 +3006,7 @@ gvmd (int argc, char** argv) g_critical ("%s: failed to open log file: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } #endif @@ -2952,6 +3034,7 @@ gvmd (int argc, char** argv) { g_critical ("%s: client server initialisation failed", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } priorities_option = priorities; @@ -2995,7 +3078,10 @@ gvmd (int argc, char** argv) // TODO Should be part of manage init. if (gvm_auth_init ()) - exit (EXIT_FAILURE); + { + gvm_close_sentry (); + exit (EXIT_FAILURE); + } if (check_osp_vt_update_socket ()) { @@ -3003,6 +3089,7 @@ gvmd (int argc, char** argv) " Use --osp-vt-update or change the 'OpenVAS Default'" " scanner to use the main ospd-openvas socket.", __func__); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -3011,5 +3098,6 @@ gvmd (int argc, char** argv) proctitle_set ("gvmd: Waiting for incoming connections"); serve_and_schedule (); + gvm_close_sentry (); return EXIT_SUCCESS; } diff --git a/src/lsc_crypt.c b/src/lsc_crypt.c index 0c1b35235..01aa65807 100644 --- a/src/lsc_crypt.c +++ b/src/lsc_crypt.c @@ -30,6 +30,7 @@ #include #include +#include #include #include "lsc_crypt.h" @@ -269,6 +270,7 @@ find_the_key (lsc_crypt_ctx_t ctx, gboolean no_create) if (!ctx->encctx) { g_critical ("%s: can't continue w/o a gpgme context", G_STRFUNC); + gvm_close_sentry (); exit (EXIT_FAILURE); } } @@ -370,6 +372,7 @@ do_encrypt (lsc_crypt_ctx_t ctx, const void *plaintext, size_t plaintextlen) if (!ciphertext) { g_critical ("%s: error snatching memory", G_STRFUNC); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -461,6 +464,7 @@ do_decrypt (lsc_crypt_ctx_t ctx, const char *cipherstring, if (!result) { g_critical ("%s: error snatching memory", G_STRFUNC); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -489,6 +493,7 @@ lsc_crypt_new () if (!ctx->encctx) { g_critical ("%s: can't continue w/o a gpgme context", G_STRFUNC); + gvm_close_sentry (); exit (EXIT_FAILURE); } diff --git a/src/manage.c b/src/manage.c index 6dca6245a..6c58e5515 100644 --- a/src/manage.c +++ b/src/manage.c @@ -46,6 +46,7 @@ */ #define _GNU_SOURCE +#include "debug_utils.h" #include "gmp_base.h" #include "manage.h" #include "manage_acl.h" @@ -79,6 +80,7 @@ #include #include +#include #include #include #include @@ -2807,6 +2809,7 @@ fork_osp_scan_handler (task_t task, target_t target, int from, switch (fork ()) { case 0: + init_sentry (); break; case -1: /* Parent, failed to fork. */ @@ -2867,6 +2870,7 @@ fork_osp_scan_handler (task_t task, target_t target, int from, g_free (error); g_free (report_id); + gvm_close_sentry (); exit (-1); } @@ -2898,6 +2902,7 @@ fork_osp_scan_handler (task_t task, target_t target, int from, set_scan_end_time_epoch (global_current_report, time (NULL)); global_current_report = 0; current_scanner_task = (task_t) 0; + gvm_close_sentry (); exit (rc); } @@ -3146,6 +3151,7 @@ fork_cve_scan_handler (task_t task, target_t target) switch (pid) { case 0: + init_sentry (); break; case -1: /* Parent, failed to fork. */ @@ -3187,6 +3193,7 @@ fork_cve_scan_handler (task_t task, target_t target) "Error in target host list." " Interrupting scan."); set_report_scan_run_status (global_current_report, TASK_STATUS_INTERRUPTED); + gvm_close_sentry (); exit (1); } @@ -3206,6 +3213,7 @@ fork_cve_scan_handler (task_t task, target_t target) " Interrupting scan."); set_report_scan_run_status (global_current_report, TASK_STATUS_INTERRUPTED); gvm_hosts_free (gvm_hosts); + gvm_close_sentry (); exit (1); } gvm_hosts_free (gvm_hosts); @@ -3218,6 +3226,7 @@ fork_cve_scan_handler (task_t task, target_t target) set_report_scan_run_status (global_current_report, TASK_STATUS_DONE); global_current_report = 0; current_scanner_task = (task_t) 0; + gvm_close_sentry (); exit (0); } @@ -4615,6 +4624,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, /* Restore the sigmask that was blanked for pselect. */ pthread_sigmask (SIG_SETMASK, sigmask_current, NULL); + init_sentry (); reinit_manage_process (); manage_session_init (current_credentials.uuid); break; @@ -4644,6 +4654,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, g_warning ("%s: fork_connection failed", __func__); reschedule_task (scheduled_task->task_uuid); scheduled_task_free (scheduled_task); + gvm_close_sentry (); exit (EXIT_FAILURE); break; @@ -4672,6 +4683,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, __func__, scheduled_task->task_uuid); scheduled_task_free (scheduled_task); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (errno == EINTR) @@ -4684,6 +4696,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, __func__, scheduled_task->task_uuid); scheduled_task_free (scheduled_task); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (WIFEXITED (status)) @@ -4735,6 +4748,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, } } scheduled_task_free (scheduled_task); + gvm_close_sentry (); exit (EXIT_SUCCESS); case EXIT_FAILURE: @@ -4747,6 +4761,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, g_warning ("%s: child failed", __func__); reschedule_task (scheduled_task->task_uuid); scheduled_task_free (scheduled_task); + gvm_close_sentry (); exit (EXIT_FAILURE); } } @@ -4765,6 +4780,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, g_warning ("%s: gmp_authenticate failed", __func__); scheduled_task_free (scheduled_task); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -4786,6 +4802,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task, g_warning ("%s: user denied permission to start task", __func__); scheduled_task_free (scheduled_task); gvm_connection_free (&connection); + gvm_close_sentry (); /* Return success, so that parent stops trying to start the task. */ exit (EXIT_SUCCESS); @@ -4793,12 +4810,14 @@ scheduled_task_start (scheduled_task_t *scheduled_task, g_warning ("%s: gmp_start_task and gmp_resume_task failed", __func__); scheduled_task_free (scheduled_task); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_FAILURE); } } scheduled_task_free (scheduled_task); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_SUCCESS); } @@ -4855,6 +4874,7 @@ scheduled_task_stop (scheduled_task_t *scheduled_task, { scheduled_task_free (scheduled_task); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -4862,11 +4882,13 @@ scheduled_task_stop (scheduled_task_t *scheduled_task, { scheduled_task_free (scheduled_task); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_FAILURE); } scheduled_task_free (scheduled_task); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_SUCCESS); } diff --git a/src/manage_sql.c b/src/manage_sql.c index 7b03e442d..95ae78ec4 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -26,6 +26,7 @@ */ #define _GNU_SOURCE +#include "debug_utils.h" #include "manage_sql.h" #include "manage_port_lists.h" #include "manage_report_formats.h" @@ -66,6 +67,7 @@ #include #include +#include #include #include #include @@ -9376,7 +9378,7 @@ alert_script_exec (const char *alert_id, const char *command_args, case 0: { /* Child. Drop privileges, run command, exit. */ - + init_sentry (); cleanup_manage_process (FALSE); proctitle_set ("gvmd: Running alert script"); @@ -9385,6 +9387,7 @@ alert_script_exec (const char *alert_id, const char *command_args, { g_warning ("%s (child): setgroups: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setgid (nobody->pw_gid)) @@ -9392,6 +9395,7 @@ alert_script_exec (const char *alert_id, const char *command_args, g_warning ("%s (child): setgid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setuid (nobody->pw_uid)) @@ -9399,6 +9403,7 @@ alert_script_exec (const char *alert_id, const char *command_args, g_warning ("%s (child): setuid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -9414,6 +9419,7 @@ alert_script_exec (const char *alert_id, const char *command_args, ret, WEXITSTATUS (ret), command); + gvm_close_sentry (); exit (EXIT_FAILURE); } else if (ret != 0) @@ -9428,6 +9434,7 @@ alert_script_exec (const char *alert_id, const char *command_args, g_error_free (error); if (message) g_free (*message); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -9449,11 +9456,13 @@ alert_script_exec (const char *alert_id, const char *command_args, __func__, error->message); g_error_free (error); g_free (*message); + gvm_close_sentry (); exit (EXIT_FAILURE); } } g_free (*message); + gvm_close_sentry (); exit (2); } @@ -10172,6 +10181,7 @@ send_to_sourcefire (const char *ip, const char *port, const char *pkcs12_64, case 0: { /* Child. Drop privileges, run command, exit. */ + init_sentry (); cleanup_manage_process (FALSE); proctitle_set ("gvmd: Sending to Sourcefire"); @@ -10180,6 +10190,7 @@ send_to_sourcefire (const char *ip, const char *port, const char *pkcs12_64, { g_warning ("%s (child): setgroups: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setgid (nobody->pw_gid)) @@ -10187,6 +10198,7 @@ send_to_sourcefire (const char *ip, const char *port, const char *pkcs12_64, g_warning ("%s (child): setgid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setuid (nobody->pw_uid)) @@ -10194,6 +10206,7 @@ send_to_sourcefire (const char *ip, const char *port, const char *pkcs12_64, g_warning ("%s (child): setuid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -10208,9 +10221,11 @@ send_to_sourcefire (const char *ip, const char *port, const char *pkcs12_64, ret, WEXITSTATUS (ret), command); + gvm_close_sentry (); exit (EXIT_FAILURE); } + gvm_close_sentry (); exit (EXIT_SUCCESS); } @@ -10497,7 +10512,7 @@ send_to_verinice (const char *url, const char *username, const char *password, case 0: { /* Child. Drop privileges, run command, exit. */ - + init_sentry (); proctitle_set ("gvmd: Sending to Verinice"); cleanup_manage_process (FALSE); @@ -10506,6 +10521,7 @@ send_to_verinice (const char *url, const char *username, const char *password, { g_warning ("%s (child): setgroups: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setgid (nobody->pw_gid)) @@ -10513,6 +10529,7 @@ send_to_verinice (const char *url, const char *username, const char *password, g_warning ("%s (child): setgid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setuid (nobody->pw_uid)) @@ -10520,6 +10537,7 @@ send_to_verinice (const char *url, const char *username, const char *password, g_warning ("%s (child): setuid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -10534,9 +10552,11 @@ send_to_verinice (const char *url, const char *username, const char *password, ret, WEXITSTATUS (ret), log_command); + gvm_close_sentry (); exit (EXIT_FAILURE); } + gvm_close_sentry (); exit (EXIT_SUCCESS); } @@ -13667,6 +13687,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, free (owner_id); free (owner_name); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (gmp_start_task_report_c (&connection, task_id, &report_id)) @@ -13675,6 +13696,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, free (owner_id); free (owner_name); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -13683,6 +13705,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, free (owner_id); free (owner_name); gvm_connection_free (&connection); + gvm_close_sentry (); exit (EXIT_SUCCESS); } case ALERT_METHOD_ERROR: @@ -20377,6 +20400,7 @@ create_report (array_t *results, const char *task_id, const char *in_assets, * * Fork again so the parent can wait on the child, to prevent * zombies. */ + init_sentry (); cleanup_manage_process (FALSE); pid = fork (); switch (pid) @@ -20384,16 +20408,19 @@ create_report (array_t *results, const char *task_id, const char *in_assets, case 0: /* Grandchild. Reopen the database (required after fork) and carry on * to import the reports, . */ + init_sentry (); reinit_manage_process (); break; case -1: /* Grandchild's parent when error. */ g_warning ("%s: fork: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); break; default: /* Grandchild's parent. Exit, to close parent's wait. */ g_debug ("%s: %i forked %i", __func__, getpid (), pid); + gvm_close_sentry (); exit (EXIT_SUCCESS); break; } @@ -20699,6 +20726,7 @@ create_report (array_t *results, const char *task_id, const char *in_assets, create_asset_report (*report_id, ""); } + gvm_close_sentry (); exit (EXIT_SUCCESS); return 0; } diff --git a/src/manage_sql_report_formats.c b/src/manage_sql_report_formats.c index 98f2a4e56..58f9cd656 100644 --- a/src/manage_sql_report_formats.c +++ b/src/manage_sql_report_formats.c @@ -23,6 +23,7 @@ * The report format SQL for the GVM management layer. */ +#include "debug_utils.h" #include "manage_sql_report_formats.h" #include "manage_acl.h" #include "manage_report_formats.h" @@ -43,6 +44,7 @@ #include #include +#include #include #include #include @@ -3413,6 +3415,7 @@ run_report_format_script (gchar *report_format_id, { /* Child. Drop privileges, run command, exit. */ + init_sentry (); proctitle_set ("gvmd: Generating report"); cleanup_manage_process (FALSE); @@ -3421,6 +3424,7 @@ run_report_format_script (gchar *report_format_id, { g_warning ("%s (child): setgroups: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setgid (nobody->pw_gid)) @@ -3428,6 +3432,7 @@ run_report_format_script (gchar *report_format_id, g_warning ("%s (child): setgid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } if (setuid (nobody->pw_uid)) @@ -3435,6 +3440,7 @@ run_report_format_script (gchar *report_format_id, g_warning ("%s (child): setuid: %s", __func__, strerror (errno)); + gvm_close_sentry (); exit (EXIT_FAILURE); } @@ -3448,9 +3454,11 @@ run_report_format_script (gchar *report_format_id, ret, WEXITSTATUS (ret), command); + gvm_close_sentry (); exit (EXIT_FAILURE); } + gvm_close_sentry (); exit (EXIT_SUCCESS); } diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index b82302759..131b4fad2 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -28,6 +28,7 @@ */ #define _GNU_SOURCE +#include "debug_utils.h" #include "manage_sql.h" #include "manage_sql_secinfo.h" #include "sql.h" @@ -47,6 +48,7 @@ #include #include +#include #include #include @@ -2702,6 +2704,7 @@ sync_secinfo (sigset_t *sigmask_current, int (*update) (void), case 0: /* Child. Carry on to sync the db, reopen the database (required * after fork). */ + init_sentry (); /* Restore the sigmask that was blanked for pselect in the parent. */ pthread_sigmask (SIG_SETMASK, sigmask_current, NULL); @@ -2735,6 +2738,7 @@ sync_secinfo (sigset_t *sigmask_current, int (*update) (void), check_alerts (); } + gvm_close_sentry (); exit (EXIT_SUCCESS); } diff --git a/src/utils.c b/src/utils.c index baee759ee..6cbfd7338 100644 --- a/src/utils.c +++ b/src/utils.c @@ -49,6 +49,8 @@ #include #include +#include + #undef G_LOG_DOMAIN /** * @brief GLib log domain. @@ -801,6 +803,7 @@ setup_signal_handler (int signal, void (*handler) (int), int block) { g_critical ("%s: failed to register %s handler", __func__, strsignal (signal)); + gvm_close_sentry (); exit (EXIT_FAILURE); } } @@ -832,6 +835,7 @@ setup_signal_handler_info (int signal, { g_critical ("%s: failed to register %s handler", __func__, strsignal (signal)); + gvm_close_sentry (); exit (EXIT_FAILURE); } } From e7a1adfaee7577e7be738c312439a076da0a042a Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 4 Jun 2021 15:30:42 +0200 Subject: [PATCH 2/3] Add CHANGELOG entry for Sentry integration. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7442758e9..d3c4116ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Added - Add a new modification_time column to reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519) +- Add basic Sentry integration and logging [#1550](https://github.com/greenbone/gvmd/pull/1550) ### Changed - Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453) From 4d13d3ac9d754474693e312b60cb2a460dd5c6bc Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 4 Jun 2021 15:40:34 +0200 Subject: [PATCH 3/3] Add missing doc for init_sentry function --- src/debug_utils.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/debug_utils.c b/src/debug_utils.c index 0814261dd..b7d5bca40 100644 --- a/src/debug_utils.c +++ b/src/debug_utils.c @@ -27,6 +27,13 @@ #include /* for snprintf */ #include +/** + * @brief Initialize Sentry using the current gvmd version and DSN. + * + * The DSN is set via the environment variable SENTRY_DSN_GVMD. + * + * @return 1 if sentry support was enabled, 0 if not. + */ int init_sentry (void) {