[Openvas-commits] r3234 - in trunk/openvas-config-manager: . src

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue May 5 12:03:09 CEST 2009


Author: mwiegand
Date: 2009-05-05 12:03:09 +0200 (Tue, 05 May 2009)
New Revision: 3234

Modified:
   trunk/openvas-config-manager/ChangeLog
   trunk/openvas-config-manager/src/openvascd.c
Log:
Added support for setting user rules. Functionality for adding and
deleting users and setting user rules is now exposed via the Command
Line Interface. Improved message handling. Minor reformatting and
cleanup.

* src/openvascd.c: (main) Expose new functionality to the command line
parser. Make sure pointers are correctly initialized. Reverted exposure
of daemon functionality in preparation for the upcoming release. Handle
the verbose (-v) flag by suppressing the output of debug messages
unless this flag is set. (openvas_config_add_user) Adjusted function
definition. Reworked variable allocation and freeing. Don't create a
rules directory since it is supposed to be a file.
(openvas_config_remove_user) Adjusted function definition. Make sure
allocated memory is freed. (openvas_config_set_rules) New. Sets the
rules for an existing user. (silence_messages) New. Empty convenience
function to suppress log messages.


Modified: trunk/openvas-config-manager/ChangeLog
===================================================================
--- trunk/openvas-config-manager/ChangeLog	2009-05-05 09:33:01 UTC (rev 3233)
+++ trunk/openvas-config-manager/ChangeLog	2009-05-05 10:03:09 UTC (rev 3234)
@@ -1,3 +1,22 @@
+2009-05-05  Michael Wiegand <michael.wiegand at intevation.de>
+
+	Added support for setting user rules. Functionality for adding and
+	deleting users and setting user rules is now exposed via the Command
+	Line Interface. Improved message handling. Minor reformatting and
+	cleanup.
+
+	* src/openvascd.c: (main) Expose new functionality to the command line
+	parser. Make sure pointers are correctly initialized. Reverted exposure
+	of daemon functionality in preparation for the upcoming release. Handle
+	the verbose (-v) flag by suppressing the output of debug messages
+	unless this flag is set. (openvas_config_add_user) Adjusted function
+	definition. Reworked variable allocation and freeing. Don't create a
+	rules directory since it is supposed to be a file.
+	(openvas_config_remove_user) Adjusted function definition. Make sure
+	allocated memory is freed. (openvas_config_set_rules) New. Sets the
+	rules for an existing user. (silence_messages) New. Empty convenience
+	function to suppress log messages.
+
 2009-04-30  Michael Wiegand <michael.wiegand at intevation.de>
 
 	Added preliminary support for removing users. This functionality is

Modified: trunk/openvas-config-manager/src/openvascd.c
===================================================================
--- trunk/openvas-config-manager/src/openvascd.c	2009-05-05 09:33:01 UTC (rev 3233)
+++ trunk/openvas-config-manager/src/openvascd.c	2009-05-05 10:03:09 UTC (rev 3234)
@@ -76,7 +76,8 @@
 print_users_xml (GSList *);
 
 gboolean
-openvas_config_add_user (gchar *, gchar *, gchar *, const gchar *);
+openvas_config_add_user (const gchar *, const gchar *, const gchar *,
+                         const gchar *);
 
 gchar *
 digest_hex (int, const guchar *);
@@ -85,7 +86,7 @@
 get_password_hashes (int, const gchar *);
 
 gboolean
-openvas_config_remove_user (gchar *, const gchar *);
+openvas_config_remove_user (const gchar *, const gchar *);
 
 int
 remove_recurse (const gchar *);
@@ -93,6 +94,12 @@
 int
 check_is_dir (const char *);
 
+gboolean
+openvas_config_set_rules (const gchar *, const gchar *, const gchar *);
+
+void
+silence_messages (const gchar *, GLogLevelFlags, const gchar *, gpointer);
+
 /**
  * @brief Convenience function to produce XML output from key/value pairs of
  * preferences.
@@ -131,9 +138,12 @@
   static gboolean print_version = FALSE;
   static gboolean be_verbose = FALSE;
   static gboolean daemon = FALSE;
-  static gchar *command;
-  static const gchar *users_dir;
-  static const gchar *config_file;
+  static gchar *command = NULL;
+  static const gchar *users_dir = NULL;
+  static const gchar *config_file = NULL;
+  static const gchar *name = NULL;
+  static const gchar *password = NULL;
+  static const gchar *rules_file = NULL;
 
   GError *error = NULL;
 
@@ -144,10 +154,18 @@
           "Print version.", NULL },
         { "verbose", 'v', 0, G_OPTION_ARG_NONE, &be_verbose,
           "Verbose messages.", NULL },
+        /* Don't expose daemon mode just yet.
         { "daemon", 'd', 0, G_OPTION_ARG_NONE, &daemon,
-          "Start in daemon mode.", NULL },
+          "Start in daemon mode.", NULL },*/
         { "command", 'c', 0, G_OPTION_ARG_STRING, &command,
-          "OCP command", "<command>" },
+          "OCP command (e.g. add_user, remove_user, list_users)", "<command>" },
+        { "name", 'n', 0, G_OPTION_ARG_STRING, &name,
+          "Username when creating, editing or removing a user", "<name>" },
+        { "password", 'p', 0, G_OPTION_ARG_STRING, &password,
+          "Password for the new user", "<password>" },
+        { "rules-file", 'r', 0, G_OPTION_ARG_FILENAME, &rules_file,
+          "File containing the rules for the user",
+          "<rules-file>" },
         { "users-dir", 'u', 0, G_OPTION_ARG_FILENAME, &users_dir,
           "Directory containing the OpenVAS user data (default: " OPENVAS_USERS_DIR ")",
           "<users-dir>" },
@@ -164,6 +182,12 @@
       g_error ("%s\n\n", error->message);
     }
 
+  if (!be_verbose)
+    {
+      g_log_set_handler (NULL, G_LOG_LEVEL_INFO | G_LOG_LEVEL_DEBUG,
+                         silence_messages, NULL);
+    }
+
   if (users_dir == NULL)
     {
       g_debug ("users_dir not set, setting to default.");
@@ -188,7 +212,7 @@
 
   if (command)
     {
-      GString *response = g_string_new(NULL);
+      GString *response = g_string_new (NULL);
       g_strstrip(command);
       if (g_strcasecmp (command, "list_users") == 0)
         {
@@ -202,6 +226,64 @@
           response = print_preferences_xml (all_prefs);
           g_hash_table_destroy (all_prefs);
         }
+      else if (g_strcasecmp (command, "add_user") == 0)
+        {
+          if (name == NULL || password == NULL)
+            {
+              g_warning ("You need to provide both a username and a password to create a new user.");
+              exit (EXIT_FAILURE);
+            }
+          if (rules_file == NULL)
+            {
+              g_warning ("No rules file provided, the new user will have no restrictions.");
+            }
+          if (openvas_config_add_user (name, password, rules_file, users_dir))
+            {
+              g_message ("User %s has been successfully created.", name);
+              exit (EXIT_SUCCESS);
+            }
+          else
+            {
+              g_warning ("Failed to create user %s!", name);
+              exit (EXIT_FAILURE);
+            }
+        }
+      else if (g_strcasecmp (command, "remove_user") == 0)
+        {
+          if (name == NULL)
+            {
+              g_warning ("You need to provide the name of the user to be deleted");
+              exit (EXIT_FAILURE);
+            }
+          if (openvas_config_remove_user (name, users_dir))
+            {
+              g_message ("User %s has been successfully removed.", name);
+              exit (EXIT_SUCCESS);
+            }
+          else
+            {
+              g_warning ("Failed to remove user %s!", name);
+              exit (EXIT_FAILURE);
+            }
+        }
+      else if (g_strcasecmp (command, "set_rules") == 0)
+        {
+          if (name == NULL || rules_file == NULL)
+            {
+              g_warning ("You need to provide both the name of the user and the file containing the new rules to set new rules.");
+              exit (EXIT_FAILURE);
+            }
+          if (openvas_config_set_rules (name, rules_file, users_dir))
+            {
+              g_message ("The rules for user %s have been successfully changed.", name);
+              exit (EXIT_SUCCESS);
+            }
+          else
+            {
+              g_warning ("Failed to change the rules for user %s!", name);
+              exit (EXIT_FAILURE);
+            }
+        }
       else
         {
           g_string_printf (response, "<ocp_response command=\"%s\" status=\"500\" />", command);
@@ -382,7 +464,7 @@
       users_dir = g_dir_open (directory, 0, &error);
       if (users_dir == NULL)
         {
-          g_debug (error->message);
+          g_warning (error->message);
           g_error_free (error);
         }
       else
@@ -406,7 +488,7 @@
     }
   else
     {
-      g_debug ("Could not find %s!", directory);
+      g_warning ("Could not find %s!", directory);
       return NULL;
     }
 }
@@ -450,7 +532,7 @@
     }
   else
     {
-      g_debug ("%s", error->message);
+      g_warning ("%s", error->message);
       g_key_file_free (config_key_file);
       g_error_free (error);
       return NULL;
@@ -558,18 +640,18 @@
  *
  * @param name The name of the new user.
  * @param password The password of the new user.
- * @param rules The rules to be applied to the new user.
+ * @param rules_file A file containing the rules to be applied to the new
+ * user.
  * @param directory The directory containing the user directories.
  *
- * \todo TODO: The rules parameter is currently ignored.
  * \todo TODO: Adding users authenticating with certificates is not yet
  * implemented.
  *
  * @return TRUE if the user has been added successfully, FALSE if not.
  */
 gboolean
-openvas_config_add_user (gchar * name, gchar * password, gchar * rules,
-                         const gchar * directory)
+openvas_config_add_user (const gchar * name, const gchar * password,
+                         const gchar * rules_file, const gchar * directory)
 {
   if (g_file_test (directory, G_FILE_TEST_EXISTS) &&
       g_file_test (directory, G_FILE_TEST_IS_DIR))
@@ -579,58 +661,98 @@
       if (g_file_test (user_dir_name, G_FILE_TEST_EXISTS) &&
           g_file_test (user_dir_name, G_FILE_TEST_IS_DIR))
         {
-          g_debug ("User %s already exists!", name);
+          g_warning ("User %s already exists!", name);
           g_free (user_dir_name);
           return FALSE;
         }
       else
         {
-          gchar *user_auth_dir_name = g_build_filename (user_dir_name, "auth", NULL);
-          gchar *user_rules_dir_name = g_build_filename (user_dir_name, "rules", NULL);
-          gchar *user_hash_file_name = g_build_filename (user_auth_dir_name, "hash", NULL);
+          gchar *rules = NULL;
           GError *error = NULL;
 
-          if (g_mkdir (user_dir_name, 0700) != 0)
+          if (rules_file != NULL)
             {
-              g_debug ("Could not create %s!", user_dir_name);
-              return FALSE;
+              if (!g_file_test (rules_file, G_FILE_TEST_EXISTS))
+                {
+                  g_warning ("Could not find rules file %s!", rules_file);
+                  g_free (user_dir_name);
+                  return FALSE;
+                }
+              if (!g_file_get_contents (rules_file, &rules, NULL, &error))
+                {
+                  g_warning ("Could not read contents of %s!", rules_file);
+                  g_warning ("%s", error->message);
+                  g_error_free (error);
+                  g_free (user_dir_name);
+                  return FALSE;
+                }
             }
 
-          if (g_mkdir (user_auth_dir_name, 0700) != 0)
+          gchar *user_auth_dir_name = g_build_filename (user_dir_name, "auth", NULL);
+          gchar *user_rules_file_name = g_build_filename (user_auth_dir_name, "rules", NULL);
+          gchar *user_hash_file_name = g_build_filename (user_auth_dir_name, "hash", NULL);
+          gboolean directories_created = TRUE;
+
+          if (g_mkdir (user_dir_name, 0700) != 0)
             {
-              g_debug ("Could not create %s!", user_auth_dir_name);
-              return FALSE;
+              g_warning ("Could not create %s!", user_dir_name);
+              directories_created =  FALSE;
             }
-
-          if (g_mkdir (user_rules_dir_name, 0700) != 0)
+          else if (g_mkdir (user_auth_dir_name, 0700) != 0)
             {
-              g_debug ("Could not create %s!", user_rules_dir_name);
-              return FALSE;
+              g_warning ("Could not create %s!", user_auth_dir_name);
+              directories_created =  FALSE;
             }
 
+          if (!directories_created) {
+            g_free (user_dir_name);
+            g_free (user_auth_dir_name);
+            g_free (user_rules_file_name);
+            g_free (user_hash_file_name);
+            g_warning ("Failed to set up user directories for user %s", name);
+            return FALSE;
+          }
+
           gchar * hashes_out = get_password_hashes (GCRY_MD_MD5, password);
 
           if (!g_file_set_contents (user_hash_file_name, hashes_out, -1, &error))
             {
-              g_debug ("%s", error->message);
+              g_warning ("%s", error->message);
               g_error_free (error);
+              g_free (hashes_out);
+              g_free (user_dir_name);
+              g_free (user_auth_dir_name);
+              g_free (user_rules_file_name);
+              g_free (user_hash_file_name);
               return FALSE;
             }
           g_chmod (user_hash_file_name, 0600);
 
+          if (!g_file_set_contents (user_rules_file_name, rules, -1, &error))
+            {
+              g_warning ("%s", error->message);
+              g_error_free (error);
+              g_free (hashes_out);
+              g_free (user_dir_name);
+              g_free (user_auth_dir_name);
+              g_free (user_rules_file_name);
+              g_free (user_hash_file_name);
+              return FALSE;
+            }
+          g_chmod (user_rules_file_name, 0600);
+
           g_free (hashes_out);
+          g_free (user_dir_name);
           g_free (user_auth_dir_name);
-          g_free (user_rules_dir_name);
+          g_free (user_rules_file_name);
           g_free (user_hash_file_name);
 
-          g_debug ("User %s created successfully!", name);
-          g_free (user_dir_name);
           return TRUE;
         }
     }
   else
     {
-      g_debug ("Could not find %s!", directory);
+      g_warning ("Could not find %s!", directory);
       return FALSE;
     }
 }
@@ -652,7 +774,7 @@
   gcry_error_t err = gcry_md_test_algo (gcrypt_algorithm);
   if (err != 0)
     {
-      g_debug ("Could not select gcrypt algorithm: %s",
+      g_warning ("Could not select gcrypt algorithm: %s",
                gcry_strerror (err));
       return NULL;
     }
@@ -693,7 +815,7 @@
   gcry_error_t err = gcry_md_test_algo (gcrypt_algorithm);
   if (err != 0)
     {
-      g_debug ("Could not select gcrypt algorithm: %s",
+      g_warning ("Could not select gcrypt algorithm: %s",
                gcry_strerror (err));
       return NULL;
     }
@@ -735,7 +857,7 @@
  * @return TRUE if the user has been removed successfully, FALSE if not.
  */
 gboolean
-openvas_config_remove_user (gchar * name, const gchar * directory)
+openvas_config_remove_user (const gchar * name, const gchar * directory)
 {
   if (g_file_test (directory, G_FILE_TEST_EXISTS) &&
       g_file_test (directory, G_FILE_TEST_IS_DIR))
@@ -747,23 +869,26 @@
         {
           if (remove_recurse (user_dir_name) == 0)
             {
+              g_free (user_dir_name);
               return TRUE;
             }
           else
             {
-              g_debug ("Failed to remove %s!", user_dir_name);
+              g_warning ("Failed to remove %s!", user_dir_name);
+              g_free (user_dir_name);
               return FALSE;
             }
         }
       else
         {
-          g_debug ("User %s does not exist!", name);
+          g_free (user_dir_name);
+          g_warning ("User %s does not exist!", name);
           return FALSE;
         }
     }
   else
     {
-      g_debug ("Could not find %s!", directory);
+      g_warning ("Could not find %s!", directory);
       return FALSE;
     }
 }
@@ -790,7 +915,7 @@
 
       if (directory == NULL)
         {
-          g_debug ("g_dir_open(%s) failed - %s\n", pathname, error->message);
+          g_warning ("g_dir_open(%s) failed - %s\n", pathname, error->message);
           g_error_free (error);
           // errno should be set when we return -1 to maintain remove()
           // compatibility.
@@ -806,10 +931,12 @@
               ret = remove_recurse (g_build_filename (pathname, entry, NULL));
               if (ret != 0)
                 {
-                  g_debug ("Failed to remove %s from %s!", entry, pathname);
+                  g_warning ("Failed to remove %s from %s!", entry, pathname);
+                  g_dir_close (directory);
                   return ret;
                 }
             }
+          g_dir_close (directory);
         }
     }
 
@@ -834,13 +961,94 @@
 {
   struct stat sb;
 
-  if (stat(name, &sb))
+  if (stat (name, &sb))
     {
       return -1;
     }
   else
     {
-      return (S_ISDIR(sb.st_mode));
+      return (S_ISDIR (sb.st_mode));
     }
 }
 
+/**
+ * @brief Sets the rules for an existing user.
+ *
+ * @param name The name of the new user.
+ * @param rules_file A file containing the new rules to be applied to the
+ * user. Note that the new rules will overwrite all old rules.
+ * @param directory The directory containing the user directories.
+ *
+ * @return TRUE if the rules have been changed successfully, FALSE if not.
+ */
+gboolean
+openvas_config_set_rules (const gchar * name, const gchar * rules_file,
+                          const gchar * directory)
+{
+  if (name == NULL || rules_file == NULL)
+    {
+      g_warning ("Missing name or rules_file!");
+      return FALSE;
+    }
+  if (g_file_test (directory, G_FILE_TEST_EXISTS) &&
+      g_file_test (directory, G_FILE_TEST_IS_DIR))
+    {
+      gchar *user_dir_name = g_build_filename (directory, name, NULL);
+
+      if (g_file_test (user_dir_name, G_FILE_TEST_EXISTS) &&
+          g_file_test (user_dir_name, G_FILE_TEST_IS_DIR))
+        {
+          gchar *new_rules = NULL;
+          GError *error = NULL;
+          gchar *user_rules_file_name = NULL;
+
+          if (!g_file_test (rules_file, G_FILE_TEST_EXISTS))
+            {
+              g_warning ("Could not find rules file %s!", rules_file);
+              g_free (user_dir_name);
+              return FALSE;
+            }
+          if (!g_file_get_contents (rules_file, &new_rules, NULL, &error))
+            {
+              g_warning ("Could not read contents of %s!", rules_file);
+              g_warning ("%s", error->message);
+              g_error_free (error);
+              g_free (user_dir_name);
+              return FALSE;
+            }
+
+          user_rules_file_name = g_build_filename (user_dir_name, "auth", "rules", NULL);
+
+          if (!g_file_set_contents (user_rules_file_name, new_rules, -1, &error))
+            {
+              g_warning ("%s", error->message);
+              g_error_free (error);
+              g_free (user_dir_name);
+              g_free (user_rules_file_name);
+              return FALSE;
+            }
+          g_chmod (user_rules_file_name, 0600);
+
+          g_free (user_rules_file_name);
+          g_free (user_dir_name);
+          return TRUE;
+        }
+      else
+        {
+          g_warning ("User %s does not exist!", name);
+          g_free (user_dir_name);
+          return FALSE;
+        }
+    }
+  else
+    {
+      g_warning ("Could not find %s!", directory);
+      return FALSE;
+    }
+}
+
+void
+silence_messages (const gchar *log_domain, GLogLevelFlags log_level,
+                  const gchar *message, gpointer user_data)
+{
+}



More information about the Openvas-commits mailing list