[Openvas-commits] r6715 - in trunk/openvas-manager: . doc src src/tests
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Feb 11 15:24:51 CET 2010
Author: mattm
Date: 2010-02-11 15:24:46 +0100 (Thu, 11 Feb 2010)
New Revision: 6715
Modified:
trunk/openvas-manager/ChangeLog
trunk/openvas-manager/doc/db_postgres.sql
trunk/openvas-manager/src/manage.h
trunk/openvas-manager/src/omp.c
trunk/openvas-manager/src/tasks_sql.h
trunk/openvas-manager/src/tests/omp_help_0.c
Log:
Add OMP CREATE_NOTE.
* src/tasks_sql.h (user_owns_result, find_result, create_note): New
functions.
(create_tables): Add notes table.
* src/manage.h: Add headers accordingly.
* src/omp.c (help_text): Add CREATE_NOTE.
(create_note_data_t): New type.
(create_note_data_reset): New function.
(command_data_t): Add create_note.
(create_note_data): New variable.
(client_state_t): Add CREATE_NOTE states.
(omp_xml_handle_start_element, omp_xml_handle_end_element)
(omp_xml_handle_text): Add CREATE_NOTE handling.
* doc/db_postgres.sql (notes): New table.
(results): Add uuid.
* src/tests/omp_help_0.c (help_text): Add CREATE_NOTE.
Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog 2010-02-11 14:18:49 UTC (rev 6714)
+++ trunk/openvas-manager/ChangeLog 2010-02-11 14:24:46 UTC (rev 6715)
@@ -1,5 +1,29 @@
2010-02-11 Matthew Mundell <matthew.mundell at intevation.de>
+ Add OMP CREATE_NOTE.
+
+ * src/tasks_sql.h (user_owns_result, find_result, create_note): New
+ functions.
+ (create_tables): Add notes table.
+
+ * src/manage.h: Add headers accordingly.
+
+ * src/omp.c (help_text): Add CREATE_NOTE.
+ (create_note_data_t): New type.
+ (create_note_data_reset): New function.
+ (command_data_t): Add create_note.
+ (create_note_data): New variable.
+ (client_state_t): Add CREATE_NOTE states.
+ (omp_xml_handle_start_element, omp_xml_handle_end_element)
+ (omp_xml_handle_text): Add CREATE_NOTE handling.
+
+ * doc/db_postgres.sql (notes): New table.
+ (results): Add uuid.
+
+ * src/tests/omp_help_0.c (help_text): Add CREATE_NOTE.
+
+2010-02-11 Matthew Mundell <matthew.mundell at intevation.de>
+
* README: Correct typo and grammar.
2010-02-11 Matthew Mundell <matthew.mundell at intevation.de>
Modified: trunk/openvas-manager/doc/db_postgres.sql
===================================================================
--- trunk/openvas-manager/doc/db_postgres.sql 2010-02-11 14:18:49 UTC (rev 6714)
+++ trunk/openvas-manager/doc/db_postgres.sql 2010-02-11 14:24:46 UTC (rev 6715)
@@ -105,6 +105,7 @@
CREATE TABLE results (
id integer PRIMARY KEY,
+ uuid text UNIQUE NOT NULL,
task integer REFERENCES tasks (id) ON DELETE RESTRICT,
subnet text,
host text,
@@ -173,3 +174,17 @@
rpm bytea,
deb bytea,
exe bytea);
+
+CREATE TABLE notes (
+ id integer PRIMARY KEY,
+ uuid text UNIQUE NOT NULL,
+ owner integer REFERENCES users (id) ON DELETE RESTRICT,
+ nvt text NOT NULL, -- OID of NVT
+ creation_time date,
+ modification_time date,
+ text text,
+ hosts text,
+ port text,
+ threat text,
+ task integer REFERENCES tasks (id) ON DELETE RESTRICT,
+ report integer REFERENCES reports (id) ON DELETE RESTRICT);
Modified: trunk/openvas-manager/src/manage.h
===================================================================
--- trunk/openvas-manager/src/manage.h 2010-02-11 14:18:49 UTC (rev 6714)
+++ trunk/openvas-manager/src/manage.h 2010-02-11 14:24:46 UTC (rev 6715)
@@ -544,6 +544,12 @@
�
/* Reports. */
+gboolean
+find_result (const char*, result_t*);
+
+�
+/* Reports. */
+
// FIX how is this doc'd?
#define OVAS_MANAGE_REPORT_ID_LENGTH UUID_LEN_STR
@@ -1073,6 +1079,13 @@
agent_name (lsc_credential_t);
�
+/* Notes. */
+
+int
+create_note (const char*, const char*, const char*, const char*, const char*,
+ task_t, result_t);
+
+�
/* Scanner messaging. */
int
Modified: trunk/openvas-manager/src/omp.c
===================================================================
--- trunk/openvas-manager/src/omp.c 2010-02-11 14:18:49 UTC (rev 6714)
+++ trunk/openvas-manager/src/omp.c 2010-02-11 14:24:46 UTC (rev 6715)
@@ -255,6 +255,7 @@
" CREATE_CONFIG Create a config.\n"
" CREATE_ESCALATOR Create an escalator.\n"
" CREATE_LSC_CREDENTIAL Create a local security check credential.\n"
+" CREATE_NOTE Create a note.\n"
" CREATE_TARGET Create a target.\n"
" CREATE_TASK Create a task.\n"
" DELETE_AGENT Delete an agent.\n"
@@ -500,6 +501,31 @@
typedef struct
{
+ char *hosts;
+ char *nvt;
+ char *port;
+ char *result;
+ char *task;
+ char *text;
+ char *threat;
+} create_note_data_t;
+
+static void
+create_note_data_reset (create_note_data_t *data)
+{
+ free (data->hosts);
+ free (data->nvt);
+ free (data->port);
+ free (data->result);
+ free (data->task);
+ free (data->text);
+ free (data->threat);
+
+ memset (data, 0, sizeof (create_note_data_t));
+}
+
+typedef struct
+{
char *name;
} name_command_data_t;
@@ -552,6 +578,7 @@
typedef union
{
create_config_data_t create_config;
+ create_note_data_t create_note;
get_report_data_t get_report;
get_system_reports_data_t get_system_reports;
name_command_data_t name_command;
@@ -581,6 +608,12 @@
= (create_config_data_t*) &(command_data.create_config);
/**
+ * @brief Parser callback data for CREATE_NOTE.
+ */
+create_note_data_t *create_note_data
+ = (create_note_data_t*) &(command_data.create_note);
+
+/**
* @brief Parser callback data for GET_REPORT.
*/
get_report_data_t *get_report_data
@@ -795,6 +828,14 @@
CLIENT_CREATE_LSC_CREDENTIAL_NAME,
CLIENT_CREATE_LSC_CREDENTIAL_PASSWORD,
CLIENT_CREATE_LSC_CREDENTIAL_LOGIN,
+ CLIENT_CREATE_NOTE,
+ CLIENT_CREATE_NOTE_HOSTS,
+ CLIENT_CREATE_NOTE_NVT,
+ CLIENT_CREATE_NOTE_PORT,
+ CLIENT_CREATE_NOTE_RESULT,
+ CLIENT_CREATE_NOTE_TASK,
+ CLIENT_CREATE_NOTE_TEXT,
+ CLIENT_CREATE_NOTE_THREAT,
CLIENT_CREATE_TARGET,
CLIENT_CREATE_TARGET_COMMENT,
CLIENT_CREATE_TARGET_HOSTS,
@@ -1642,6 +1683,8 @@
openvas_append_string (¤t_name, "");
set_client_state (CLIENT_CREATE_LSC_CREDENTIAL);
}
+ else if (strcasecmp ("CREATE_NOTE", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE);
else if (strcasecmp ("CREATE_TASK", element_name) == 0)
{
assert (current_client_task == (task_t) 0);
@@ -2766,6 +2809,36 @@
}
break;
+ case CLIENT_CREATE_NOTE:
+ if (strcasecmp ("HOSTS", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE_HOSTS);
+ else if (strcasecmp ("NVT", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE_NVT);
+ else if (strcasecmp ("PORT", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE_PORT);
+ else if (strcasecmp ("RESULT", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE_RESULT);
+ else if (strcasecmp ("TASK", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE_TASK);
+ else if (strcasecmp ("TEXT", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE_TEXT);
+ else if (strcasecmp ("THREAT", element_name) == 0)
+ set_client_state (CLIENT_CREATE_NOTE_THREAT);
+ else
+ {
+ if (send_element_error_to_client ("create_note", element_name))
+ {
+ error_send_to_client (error);
+ return;
+ }
+ set_client_state (CLIENT_AUTHENTIC);
+ g_set_error (error,
+ G_MARKUP_ERROR,
+ G_MARKUP_ERROR_UNKNOWN_ELEMENT,
+ "Error");
+ }
+ break;
+
case CLIENT_CREATE_TARGET:
if (strcasecmp ("COMMENT", element_name) == 0)
set_client_state (CLIENT_CREATE_TARGET_COMMENT);
@@ -6965,6 +7038,101 @@
set_client_state (CLIENT_CREATE_LSC_CREDENTIAL);
break;
+ case CLIENT_CREATE_NOTE:
+ {
+ task_t task = 0;
+ result_t result = 0;
+
+ assert (strcasecmp ("CREATE_NOTE", element_name) == 0);
+
+ if (create_note_data->nvt == NULL)
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_note",
+ "CREATE_NOTE requires an NVT entity"));
+ else if (create_note_data->text == NULL)
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_note",
+ "CREATE_NOTE requires an TEXT entity"));
+ else if (create_note_data->task
+ && find_task (create_note_data->task, &task))
+ SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_note"));
+ else if (create_note_data->task && task == 0)
+ {
+ if (send_find_error_to_client ("create_note",
+ "task",
+ create_note_data->task))
+ {
+ error_send_to_client (error);
+ return;
+ }
+ }
+ else if (create_note_data->result
+ && find_result (create_note_data->result, &task))
+ SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_note"));
+ else if (create_note_data->result && result == 0)
+ {
+ if (send_find_error_to_client ("create_note",
+ "result",
+ create_note_data->result))
+ {
+ error_send_to_client (error);
+ return;
+ }
+ }
+ else switch (create_note (create_note_data->nvt,
+ create_note_data->text,
+ create_note_data->hosts,
+ create_note_data->port,
+ create_note_data->threat,
+ task,
+ result))
+ {
+ case 0:
+ SENDF_TO_CLIENT_OR_FAIL (XML_OK_CREATED ("create_note"));
+ break;
+ case -1:
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_INTERNAL_ERROR ("create_note"));
+ break;
+ default:
+ assert (0);
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_INTERNAL_ERROR ("create_note"));
+ break;
+ }
+ create_note_data_reset (create_note_data);
+ set_client_state (CLIENT_AUTHENTIC);
+ break;
+ }
+ case CLIENT_CREATE_NOTE_HOSTS:
+ assert (strcasecmp ("HOSTS", element_name) == 0);
+ set_client_state (CLIENT_CREATE_NOTE);
+ break;
+ case CLIENT_CREATE_NOTE_NVT:
+ assert (strcasecmp ("NVT", element_name) == 0);
+ set_client_state (CLIENT_CREATE_NOTE);
+ break;
+ case CLIENT_CREATE_NOTE_PORT:
+ assert (strcasecmp ("PORT", element_name) == 0);
+ set_client_state (CLIENT_CREATE_NOTE);
+ break;
+ case CLIENT_CREATE_NOTE_RESULT:
+ assert (strcasecmp ("RESULT", element_name) == 0);
+ set_client_state (CLIENT_CREATE_NOTE);
+ break;
+ case CLIENT_CREATE_NOTE_TASK:
+ assert (strcasecmp ("TASK", element_name) == 0);
+ set_client_state (CLIENT_CREATE_NOTE);
+ break;
+ case CLIENT_CREATE_NOTE_TEXT:
+ assert (strcasecmp ("TEXT", element_name) == 0);
+ set_client_state (CLIENT_CREATE_NOTE);
+ break;
+ case CLIENT_CREATE_NOTE_THREAT:
+ assert (strcasecmp ("THREAT", element_name) == 0);
+ set_client_state (CLIENT_CREATE_NOTE);
+ break;
+
case CLIENT_CREATE_TARGET:
{
lsc_credential_t lsc_credential = 0;
@@ -9247,6 +9415,28 @@
openvas_append_text (¤t_uuid, text, text_len);
break;
+ case CLIENT_CREATE_NOTE_HOSTS:
+ openvas_append_text (&create_note_data->hosts, text, text_len);
+ break;
+ case CLIENT_CREATE_NOTE_NVT:
+ openvas_append_text (&create_note_data->nvt, text, text_len);
+ break;
+ case CLIENT_CREATE_NOTE_PORT:
+ openvas_append_text (&create_note_data->port, text, text_len);
+ break;
+ case CLIENT_CREATE_NOTE_RESULT:
+ openvas_append_text (&create_note_data->result, text, text_len);
+ break;
+ case CLIENT_CREATE_NOTE_TASK:
+ openvas_append_text (&create_note_data->task, text, text_len);
+ break;
+ case CLIENT_CREATE_NOTE_TEXT:
+ openvas_append_text (&create_note_data->text, text, text_len);
+ break;
+ case CLIENT_CREATE_NOTE_THREAT:
+ openvas_append_text (&create_note_data->threat, text, text_len);
+ break;
+
case CLIENT_CREATE_TARGET_COMMENT:
openvas_append_text (&modify_task_comment, text, text_len);
break;
Modified: trunk/openvas-manager/src/tasks_sql.h
===================================================================
--- trunk/openvas-manager/src/tasks_sql.h 2010-02-11 14:18:49 UTC (rev 6714)
+++ trunk/openvas-manager/src/tasks_sql.h 2010-02-11 14:24:46 UTC (rev 6715)
@@ -512,6 +512,33 @@
}
/**
+ * @brief Test whether a user owns a result.
+ *
+ * @param[in] uuid UUID of result.
+ *
+ * @return 1 if user owns result, else 0.
+ */
+static int
+user_owns_result (const char *uuid)
+{
+ int ret;
+
+ assert (current_credentials.uuid);
+
+ ret = sql_int (0, 0,
+ "SELECT count(*) FROM results, report_results, reports"
+ " WHERE uuid = '%s'"
+ " AND report_results.result = results.ROWID"
+ " AND report_results.report = reports.ROWID"
+ " AND ((report.owner IS NULL) OR (report.owner ="
+ " (SELECT users.ROWID FROM users WHERE users.uuid = '%s')));",
+ uuid,
+ current_credentials.uuid);
+
+ return ret;
+}
+
+/**
* @brief Return the UUID of a user from the OpenVAS user UUID file.
*
* If the user exists, ensure that the user has a UUID.
@@ -621,7 +648,8 @@
sql ("CREATE TABLE IF NOT EXISTS escalator_method_data (id INTEGER PRIMARY KEY, escalator INTEGER, name, data);");
sql ("CREATE TABLE IF NOT EXISTS escalators (id INTEGER PRIMARY KEY, owner INTEGER, name, comment, event INTEGER, condition INTEGER, method INTEGER);");
sql ("CREATE TABLE IF NOT EXISTS lsc_credentials (id INTEGER PRIMARY KEY, owner INTEGER, name, login, password, comment, public_key TEXT, private_key TEXT, rpm TEXT, deb TEXT, exe TEXT);");
- sql ("CREATE TABLE IF NOT EXISTS meta (id INTEGER PRIMARY KEY, name UNIQUE, value);");
+ sql ("CREATE TABLE IF NOT EXISTS meta (id INTEGER PRIMARY KEY, name UNIQUE, value);");
+ sql ("CREATE TABLE IF NOT EXISTS notes (id INTEGER PRIMARY KEY, uuid UNIQUE, owner INTEGER, nvt, creation_time, modification_time, text, hosts, port, threat, task INTEGER, report INTEGER);");
sql ("CREATE TABLE IF NOT EXISTS nvt_preferences (id INTEGER PRIMARY KEY, name, value);");
/* nvt_selectors types: 0 all, 1 family, 2 NVT (NVT_SELECTOR_TYPE_* in manage.h). */
sql ("CREATE TABLE IF NOT EXISTS nvt_selectors (id INTEGER PRIMARY KEY, name, exclude INTEGER, type INTEGER, family_or_nvt, family);");
@@ -4894,6 +4922,41 @@
/* Results. */
/**
+ * @brief Find a result given a UUID.
+ *
+ * @param[in] uuid UUID of result.
+ * @param[out] result Result return, 0 if succesfully failed to find result.
+ *
+ * @return FALSE on success (including if failed to find result), TRUE on error.
+ */
+gboolean
+find_result (const char* uuid, result_t* result)
+{
+ if (user_owns_result (uuid) == 0)
+ {
+ *result = 0;
+ return FALSE;
+ }
+ switch (sql_int64 (result, 0, 0,
+ "SELECT ROWID FROM results WHERE uuid = '%s';",
+ uuid))
+ {
+ case 0:
+ break;
+ case 1: /* Too few rows in outcome of query. */
+ *result = 0;
+ break;
+ default: /* Programming error. */
+ assert (0);
+ case -1:
+ return TRUE;
+ break;
+ }
+
+ return FALSE;
+}
+
+/**
* @brief Make a result.
*
* @param[in] task The task associated with the result.
@@ -6429,7 +6492,7 @@
* @brief Find a report given an identifier.
*
* @param[in] uuid A report identifier.
- * @param[out] report Report return, 0 if succesfully failed to find task.
+ * @param[out] report Report return, 0 if succesfully failed to find report.
*
* @return FALSE on success (including if failed to find report), TRUE on error.
*/
@@ -11283,4 +11346,75 @@
agent);
}
+�
+/* Notes. */
+
+/**
+ * @brief Create a note.
+ *
+ * @param[in] nvt OID of noted NVT.
+ * @param[in] text Note text.
+ * @param[in] hosts Hosts to apply note to, NULL for any host.
+ * @param[in] port Port to apply note to, NULL for any port.
+ * @param[in] threat Threat to apply note to, NULL for any threat.
+ * @param[in] task Task to apply note to, 0 for any task.
+ * @param[in] result Result to apply note to, 0 for any result.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+create_note (const char* nvt, const char* text, const char* hosts,
+ const char* port, const char* threat, task_t task,
+ result_t result)
+{
+ gchar *quoted_text, *quoted_hosts, *quoted_port, *quoted_threat;
+ char *uuid;
+
+ if (nvt == NULL)
+ return -1;
+
+ if (text == NULL)
+ return -1;
+
+ if (threat && strcmp (threat, "High") && strcmp (threat, "Medium")
+ && strcmp (threat, "Low") && strcmp (threat, "Log")
+ && strcmp (threat, "Debug"))
+ return -1;
+
+ uuid = make_report_uuid ();
+ if (uuid == NULL)
+ return -1;
+
+ quoted_text = sql_insert (text);
+ quoted_hosts = sql_insert (hosts);
+ quoted_port = sql_insert (port);
+ quoted_threat = sql_insert (threat);
+
+ sql ("INSERT INTO notes"
+ " (uuid, owner, nvt, creation_time, modification_time, text, hosts,"
+ " port, threat, task, report)"
+ " VALUES"
+ " ('%s', (SELECT ROWID FROM users WHERE users.uuid = '%s'),"
+ " '%s', %i, %i, %s, %s, %s, %s, %llu, %llu);",
+ uuid,
+ current_credentials.uuid,
+ nvt,
+ time (NULL),
+ time (NULL),
+ quoted_text,
+ quoted_hosts,
+ quoted_port,
+ quoted_threat,
+ task,
+ result);
+
+ free (uuid);
+ g_free (quoted_text);
+ g_free (quoted_hosts);
+ g_free (quoted_port);
+ g_free (quoted_threat);
+
+ return 0;
+}
+
#undef DEF_ACCESS
Modified: trunk/openvas-manager/src/tests/omp_help_0.c
===================================================================
--- trunk/openvas-manager/src/tests/omp_help_0.c 2010-02-11 14:18:49 UTC (rev 6714)
+++ trunk/openvas-manager/src/tests/omp_help_0.c 2010-02-11 14:24:46 UTC (rev 6715)
@@ -40,6 +40,7 @@
" CREATE_CONFIG Create a config.\n"
" CREATE_ESCALATOR Create an escalator.\n"
" CREATE_LSC_CREDENTIAL Create a local security check credential.\n"
+" CREATE_NOTE Create a note.\n"
" CREATE_TARGET Create a target.\n"
" CREATE_TASK Create a task.\n"
" DELETE_AGENT Delete an agent.\n"
More information about the Openvas-commits
mailing list