[Openvas-commits] r11648 - in trunk/openvas-manager: . src

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Sep 21 15:46:16 CEST 2011


Author: mattm
Date: 2011-09-21 15:46:10 +0200 (Wed, 21 Sep 2011)
New Revision: 11648

Modified:
   trunk/openvas-manager/ChangeLog
   trunk/openvas-manager/src/manage.c
   trunk/openvas-manager/src/manage.h
   trunk/openvas-manager/src/manage_sql.c
   trunk/openvas-manager/src/omp.c
Log:
	Add task observers.

	* src/omp.c (get_configs_data_t, get_configs_data_reset)
	(get_lsc_credentials_data_t, get_lsc_credentials_data_reset)
	(get_nvts_data_t, get_nvts_data_reset, get_targets_data_t)
	(get_targets_data_reset, get_tasks_data_t, get_tasks_data_reset): Add
	actions.
	(modify_task_data_t, modify_task_data_reset): Add observers.
	(client_state_t): Add CLIENT_MODIFY_TASK_OBSERVERS.
	(omp_xml_handle_start_element, omp_xml_handle_end_element)
	(omp_xml_handle_text): Add OBSERVERS to MODIFY_TASK and GET_TASK.  Move
	CLIENT_GET_CONFIGS cleanup_iterator into right position.  Add actions flag
	to GET_TASKS, GET_TARGETS, GET_CONFIGS and GET_LSC_CREDENTIALS.

	* src/manage_sql.c (user_t): New type.
	(parse_actions, user_has_access_uuid): New functions.
	(create_tables): Add table task_users.
	(DEF_ACCESS): Move up in file.
	(init_task_user_iterator, task_user_iterator_task)
	(task_user_iterator_user, task_user_iterator_actions)
	(task_user_iterator_name, init_user_task_iterator, task_observers)
	(find_user, set_task_observers, find_task_for_actions)
	(find_report_for_actions, find_target_for_actions)
	(init_user_target_iterator, find_config_for_actions)
	(init_user_config_iterator, find_lsc_credential_for_actions)
	(init_user_lsc_credential_iterator): New functions.
	(init_task_iterator, init_task_iterator, init_config_iterator)
	(init_lsc_credential_iterator): Add actions arg to include other
	users' tasks to which user has given access.  Update callers.
	(report_counts): Count GET accessible tasks.

	* src/manage.h: Update headers appropriately.
	(action_t): New type.

	* src/manage.c: Update iterator init callers.

Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog	2011-09-21 04:34:36 UTC (rev 11647)
+++ trunk/openvas-manager/ChangeLog	2011-09-21 13:46:10 UTC (rev 11648)
@@ -1,5 +1,43 @@
 2011-09-19  Matthew Mundell <matthew.mundell at greenbone.net>
 
+	Add task observers.
+
+	* src/omp.c (get_configs_data_t, get_configs_data_reset)
+	(get_lsc_credentials_data_t, get_lsc_credentials_data_reset)
+	(get_nvts_data_t, get_nvts_data_reset, get_targets_data_t)
+	(get_targets_data_reset, get_tasks_data_t, get_tasks_data_reset): Add
+	actions.
+	(modify_task_data_t, modify_task_data_reset): Add observers.
+	(client_state_t): Add CLIENT_MODIFY_TASK_OBSERVERS.
+	(omp_xml_handle_start_element, omp_xml_handle_end_element)
+	(omp_xml_handle_text): Add OBSERVERS to MODIFY_TASK and GET_TASK.  Move
+	CLIENT_GET_CONFIGS cleanup_iterator into right position.  Add actions flag
+	to GET_TASKS, GET_TARGETS, GET_CONFIGS and GET_LSC_CREDENTIALS.
+
+	* src/manage_sql.c (user_t): New type.
+	(parse_actions, user_has_access_uuid): New functions.
+	(create_tables): Add table task_users.
+	(DEF_ACCESS): Move up in file.
+	(init_task_user_iterator, task_user_iterator_task)
+	(task_user_iterator_user, task_user_iterator_actions)
+	(task_user_iterator_name, init_user_task_iterator, task_observers)
+	(find_user, set_task_observers, find_task_for_actions)
+	(find_report_for_actions, find_target_for_actions)
+	(init_user_target_iterator, find_config_for_actions)
+	(init_user_config_iterator, find_lsc_credential_for_actions)
+	(init_user_lsc_credential_iterator): New functions.
+	(init_task_iterator, init_task_iterator, init_config_iterator)
+	(init_lsc_credential_iterator): Add actions arg to include other
+	users' tasks to which user has given access.  Update callers.
+	(report_counts): Count GET accessible tasks.
+
+	* src/manage.h: Update headers appropriately.
+	(action_t): New type.
+
+	* src/manage.c: Update iterator init callers.
+
+2011-09-19  Matthew Mundell <matthew.mundell at greenbone.net>
+
 	* src/manage_sql.c (print_report_xml): Add renaming TODO.
 
 2011-09-19  Michael Wiegand <michael.wiegand at greenbone.net>

Modified: trunk/openvas-manager/src/manage.c
===================================================================
--- trunk/openvas-manager/src/manage.c	2011-09-21 04:34:36 UTC (rev 11647)
+++ trunk/openvas-manager/src/manage.c	2011-09-21 13:46:10 UTC (rev 11648)
@@ -1344,8 +1344,9 @@
 
       if (target_ssh_credential)
         {
-          init_lsc_credential_iterator (&credentials, target_ssh_credential, 0,
-                                        1, NULL);
+          init_user_lsc_credential_iterator (&credentials,
+                                             target_ssh_credential, 0,
+                                             1, NULL);
           if (next (&credentials))
             {
               const char *user, *password;
@@ -1382,8 +1383,9 @@
 
       if (target_smb_credential)
         {
-          init_lsc_credential_iterator (&credentials, target_smb_credential, 0,
-                                        1, NULL);
+          init_user_lsc_credential_iterator (&credentials,
+                                             target_smb_credential, 0,
+                                             1, NULL);
           if (next (&credentials))
             {
               const char *user, *password;
@@ -1423,7 +1425,7 @@
 
       /* Create the target on the slave. */
 
-      init_target_iterator (&targets, target, 0, 1, NULL);
+      init_user_target_iterator (&targets, target, 0, 1, NULL);
       if (next (&targets))
         {
           const char *hosts;
@@ -2108,7 +2110,8 @@
     {
       iterator_t credentials;
 
-      init_lsc_credential_iterator (&credentials, ssh_credential, 0, 1, NULL);
+      init_user_lsc_credential_iterator (&credentials, ssh_credential, 0, 1,
+                                         NULL);
       if (next (&credentials))
         {
           const char *user = lsc_credential_iterator_login (&credentials);
@@ -2191,7 +2194,8 @@
     {
       iterator_t credentials;
 
-      init_lsc_credential_iterator (&credentials, smb_credential, 0, 1, NULL);
+      init_user_lsc_credential_iterator (&credentials, smb_credential, 0, 1,
+                                         NULL);
       if (next (&credentials))
         {
           const char *user = lsc_credential_iterator_login (&credentials);

Modified: trunk/openvas-manager/src/manage.h
===================================================================
--- trunk/openvas-manager/src/manage.h	2011-09-21 04:34:36 UTC (rev 11647)
+++ trunk/openvas-manager/src/manage.h	2011-09-21 13:46:10 UTC (rev 11648)
@@ -328,7 +328,7 @@
 trash_task_count ();
 
 void
-init_task_iterator (iterator_t*, task_t, int, int, const char*);
+init_task_iterator (iterator_t*, task_t, int, int, const char*, const char *);
 
 task_t
 task_iterator_task (iterator_t*);
@@ -502,6 +502,9 @@
 gboolean
 find_task (const char* id, task_t*);
 
+gboolean
+find_task_for_actions (const char*, task_t*, const char *);
+
 void
 reset_task (task_t);
 
@@ -510,7 +513,13 @@
                     /*@null@*/ const char*,
                     /*@null@*/ /*@only@*/ char*);
 
+char*
+task_observers (task_t);
+
 int
+set_task_observers (task_t, const gchar *);
+
+int
 request_delete_task_uuid (const char *, int);
 
 int
@@ -602,6 +611,19 @@
 next (iterator_t*);
 
 
+/* Access control. */
+
+/**
+ * @brief Actions.
+ */
+typedef enum
+{
+  MANAGE_ACTION_GET = 1,
+  MANAGE_ACTION_MODIFY = 2,
+  MANAGE_ACTION_USE = 3
+} action_t;
+
+
 /* Results. */
 
 gboolean
@@ -622,6 +644,9 @@
 gboolean
 find_report (const char*, report_t*);
 
+gboolean
+find_report_for_actions (const char*, report_t*, const char *);
+
 result_t
 make_result (task_t, const char*, const char*, const char*, const char*,
              const char*, const char*);
@@ -833,6 +858,9 @@
 gboolean
 find_target (const char*, target_t*);
 
+gboolean
+find_target_for_actions (const char*, target_t*, const char *);
+
 int
 create_target (const char*, const char*, const char*, const char*,
                lsc_credential_t, const char*, lsc_credential_t, const char*,
@@ -842,8 +870,11 @@
 delete_target (const char*, int);
 
 void
-init_target_iterator (iterator_t*, target_t, int, int, const char*);
+init_user_target_iterator (iterator_t*, target_t, int, int, const char*);
 
+void
+init_target_iterator (iterator_t*, target_t, int, int, const char*, const char*);
+
 target_t
 target_iterator_target (iterator_t*);
 
@@ -957,6 +988,9 @@
 delete_config (const char*, int);
 
 gboolean
+find_config_for_actions (const char*, config_t*, const char*);
+
+gboolean
 find_config (const char*, config_t*);
 
 int
@@ -966,8 +1000,12 @@
 config_nvt_timeout (config_t, const char *);
 
 void
-init_config_iterator (iterator_t*, config_t, int, int, const char*);
+init_user_config_iterator (iterator_t*, config_t, int, int, const char*);
 
+void
+init_config_iterator (iterator_t*, config_t, int, int, const char*,
+                      const char*);
+
 config_t
 config_iterator_config (iterator_t*);
 
@@ -1225,6 +1263,9 @@
 gboolean
 find_lsc_credential (const char*, lsc_credential_t*);
 
+gboolean
+find_lsc_credential_for_actions (const char*, lsc_credential_t*, const char *);
+
 int
 create_lsc_credential (const char*, const char*, const char*, const char*,
                        const char*, const char*, lsc_credential_t*);
@@ -1248,8 +1289,12 @@
 set_lsc_credential_password (lsc_credential_t, const char *);
 
 void
+init_user_lsc_credential_iterator (iterator_t*, lsc_credential_t, int, int,
+                                   const char*);
+
+void
 init_lsc_credential_iterator (iterator_t*, lsc_credential_t, int, int,
-                              const char*);
+                              const char*, const char*);
 
 lsc_credential_t
 lsc_credential_iterator_lsc_credential (iterator_t*);

Modified: trunk/openvas-manager/src/manage_sql.c
===================================================================
--- trunk/openvas-manager/src/manage_sql.c	2011-09-21 04:34:36 UTC (rev 11647)
+++ trunk/openvas-manager/src/manage_sql.c	2011-09-21 13:46:10 UTC (rev 11648)
@@ -71,6 +71,11 @@
 typedef long long int resource_t;
 
 /**
+ * @brief A user.
+ */
+typedef long long int user_t;
+
+/**
  * @brief Database ROWID of 'Full and fast' config.
  */
 #define CONFIG_ID_FULL_AND_FAST 1
@@ -911,6 +916,145 @@
 }
 
 /**
+ * @brief Parse an action specifier.
+ *
+ * @param[in]  actions_string  Specifier.
+ *
+ * @return Actions.
+ */
+static int
+parse_actions (const char *actions_string)
+{
+  int actions;
+  actions = 0;
+  if (strchr (actions_string, 'g'))
+    actions |= MANAGE_ACTION_GET;
+  if (strchr (actions_string, 'm'))
+    actions |= MANAGE_ACTION_MODIFY;
+  if (strchr (actions_string, 'u'))
+    actions |= MANAGE_ACTION_USE;
+  return actions;
+}
+
+/**
+ * @brief Test whether a user may access a resource for a set of actions.
+ *
+ * @param[in]  resource  Type of resource, for example "task".
+ * @param[in]  uuid      UUID of resource.
+ * @param[in]  actions_string   Actions.
+ *
+ * @return 1 if user may access resource, else 0.
+ */
+static int
+user_has_access_uuid (const char *resource, const char *uuid,
+                      const char *actions_string)
+{
+  int ret, actions;
+
+  assert (current_credentials.uuid);
+
+  ret = user_owns_uuid (resource, uuid);
+  if (ret)
+    return ret;
+
+  if (actions_string == NULL || strlen (actions_string) == 0)
+    return 0;
+
+  actions = parse_actions (actions_string);
+
+  if (actions == 0)
+    return 0;
+
+  if (strcmp (resource, "report") == 0)
+    return sql_int (0, 0,
+                    "SELECT count(*) FROM tasks"
+                    " WHERE ROWID = (SELECT task FROM %ss WHERE uuid = '%s')"
+                    " AND"
+                    " ((owner IS NULL) OR (owner ="
+                    "  (SELECT users.ROWID FROM users WHERE users.uuid = '%s'))"
+                    "  OR ROWID IN"
+                    "     (SELECT task FROM task_users WHERE user ="
+                    "      (SELECT ROWID FROM users"
+                    "       WHERE users.uuid = '%s')"
+                    "      AND actions & %u = %u));",
+                    resource,
+                    uuid,
+                    current_credentials.uuid,
+                    current_credentials.uuid,
+                    actions,
+                    actions);
+
+  if (strcmp (resource, "lsc_credential") == 0)
+    return sql_int (0, 0,
+                    "SELECT count(*) FROM tasks, targets"
+                    " WHERE tasks.target = targets.ROWID"
+                    " AND (targets.lsc_credential ="
+                    "      (SELECT %ss.ROWID FROM %ss WHERE uuid = '%s')"
+                    "      OR"
+                    "      targets.smb_lsc_credential ="
+                    "      (SELECT %ss.ROWID FROM %ss WHERE uuid = '%s'))"
+                    " AND"
+                    " ((tasks.owner IS NULL) OR (tasks.owner ="
+                    "  (SELECT users.ROWID FROM users WHERE users.uuid = '%s'))"
+                    "  OR tasks.ROWID IN"
+                    "     (SELECT task FROM task_users WHERE user ="
+                    "      (SELECT users.ROWID FROM users"
+                    "       WHERE users.uuid = '%s')"
+                    "      AND actions & %u = %u));",
+                    resource,
+                    resource,
+                    uuid,
+                    resource,
+                    resource,
+                    uuid,
+                    current_credentials.uuid,
+                    current_credentials.uuid,
+                    actions,
+                    actions);
+
+  if (strcmp (resource, "task"))
+    return sql_int (0, 0,
+                    "SELECT count(*) FROM tasks"
+                    " WHERE %s = (SELECT ROWID FROM %ss WHERE uuid = '%s')"
+                    " AND"
+                    " ((owner IS NULL) OR (owner ="
+                    "  (SELECT users.ROWID FROM users WHERE users.uuid = '%s'))"
+                    "  OR ROWID IN"
+                    "     (SELECT task FROM task_users WHERE user ="
+                    "      (SELECT ROWID FROM users"
+                    "       WHERE users.uuid = '%s')"
+                    "      AND actions & %u = %u));",
+                    resource,
+                    resource,
+                    uuid,
+                    current_credentials.uuid,
+                    current_credentials.uuid,
+                    actions,
+                    actions);
+
+  ret = sql_int (0, 0,
+                 "SELECT count(*) FROM %ss"
+                 " WHERE uuid = '%s'"
+                 " AND ((owner IS NULL) OR (owner ="
+                 " (SELECT users.ROWID FROM users WHERE users.uuid = '%s'))"
+                 " OR ROWID IN"
+                 " (SELECT %s FROM %s_users WHERE user ="
+                 "  (SELECT ROWID FROM users"
+                 "   WHERE users.uuid = '%s')"
+                 "  AND actions & %u = %u));",
+                 resource,
+                 uuid,
+                 current_credentials.uuid,
+                 resource,
+                 resource,
+                 current_credentials.uuid,
+                 actions,
+                 actions);
+
+  return ret;
+}
+
+/**
  * @brief Test whether a user owns a resource.
  *
  * @param[in]  resource  Type of resource, for example "task".
@@ -1114,6 +1258,7 @@
   sql ("CREATE TABLE IF NOT EXISTS task_escalators (id INTEGER PRIMARY KEY, task INTEGER, escalator INTEGER, escalator_location INTEGER);");
   sql ("CREATE TABLE IF NOT EXISTS task_preferences (id INTEGER PRIMARY KEY, task INTEGER, name, value);");
   sql ("CREATE TABLE IF NOT EXISTS tasks   (id INTEGER PRIMARY KEY, uuid, owner INTEGER, name, hidden INTEGER, time, comment, description, run_status INTEGER, start_time, end_time, config INTEGER, target INTEGER, schedule INTEGER, schedule_next_time, slave INTEGER, config_location INTEGER, target_location INTEGER, schedule_location INTEGER, slave_location INTEGER, upload_result_count INTEGER);");
+  sql ("CREATE TABLE IF NOT EXISTS task_users (id INTEGER PRIMARY KEY, task INTEGER, user INTEGER, actions INTEGER);");
   sql ("CREATE TABLE IF NOT EXISTS users   (id INTEGER PRIMARY KEY, uuid UNIQUE, name, password);");
 
   sql ("ANALYZE;");
@@ -5358,6 +5503,88 @@
 }
 
 
+/* Access control. */
+
+/** @brief Define an iterator row accessor function.
+ *
+ * @param[in]  name  Name of function.
+ * @param[in]  col   Column number to access.
+  */
+#define DEF_ACCESS(name, col) \
+const char* \
+name (iterator_t* iterator) \
+{ \
+  const char *ret; \
+  if (iterator->done) return NULL; \
+  ret = (const char*) sqlite3_column_text (iterator->stmt, col); \
+  return ret; \
+}
+
+/**
+ * @brief Initialise an escalator data iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ * @param[in]  task      Task.
+ * @param[in]  action    Action.
+ */
+void
+init_task_user_iterator (iterator_t *iterator, task_t task, action_t action)
+{
+  init_iterator (iterator,
+                 "SELECT task_users.ROWID, task, user, actions,"
+                 " (SELECT name FROM users WHERE users.ROWID = task_users.user)"
+                 " FROM task_users"
+                 " WHERE task = %llu AND actions & %u = %u;",
+                 task,
+                 action,
+                 action);
+}
+
+/**
+ * @brief Return the task from a task user iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return Task of the iterator or NULL if iteration is complete.
+ */
+task_t
+task_user_iterator_task (iterator_t* iterator)
+{
+  if (iterator->done) return 0;
+  return sqlite3_column_int64 (iterator->stmt, 1);
+}
+
+/**
+ * @brief Return the user from a user user iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return User of the iterator or NULL if iteration is complete.
+ */
+user_t
+task_user_iterator_user (iterator_t* iterator)
+{
+  if (iterator->done) return 0;
+  return sqlite3_column_int64 (iterator->stmt, 2);
+}
+
+/**
+ * @brief Return the actions from a actions user iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return Actions of the iterator or NULL if iteration is complete.
+ */
+int
+task_user_iterator_actions (iterator_t* iterator)
+{
+  if (iterator->done) return 0;
+  return sqlite3_column_int64 (iterator->stmt, 3);
+}
+
+DEF_ACCESS (task_user_iterator_name, 4);
+
+
 /* Events and Escalators. */
 
 /**
@@ -7363,49 +7590,129 @@
 }
 
 /**
+ * @brief Initialise a task iterator, limited to current user's tasks.
+ *
+ * @param[in]  iterator    Task iterator.
+ * @param[in]  task        Task to limit iteration to.  0 for all.
+ * @param[in]  trash       Whether to iterate over trashcan tasks.
+ * @param[in]  ascending   Whether to sort ascending or descending.
+ * @param[in]  sort_field  Field to sort on, or NULL for "ROWID".
+ */
+void
+init_user_task_iterator (iterator_t* iterator,
+                         task_t task,
+                         int trash,
+                         int ascending,
+                         const char *sort_field)
+{
+  assert (current_credentials.uuid);
+
+  if (task)
+    init_iterator (iterator,
+                   "SELECT ROWID, uuid, run_status FROM tasks"
+                   /* Include NULL so everyone can see the example task. */
+                   " WHERE ((owner IS NULL) OR owner ="
+                   " (SELECT ROWID FROM users"
+                   "  WHERE users.uuid = '%s'))"
+                   " AND ROWID = %llu"
+                   "%s"
+                   " ORDER BY %s %s;",
+                   current_credentials.uuid,
+                   task,
+                   trash ? " AND hidden = 2" : " AND hidden < 2",
+                   sort_field ? sort_field : "ROWID",
+                   ascending ? "ASC" : "DESC");
+  else
+    init_iterator (iterator,
+                   "SELECT ROWID, uuid, run_status FROM tasks WHERE owner ="
+                   " (SELECT ROWID FROM users"
+                   "  WHERE users.uuid = '%s')"
+                   "%s"
+                   " ORDER BY %s %s;",
+                   current_credentials.uuid,
+                   trash ? " AND hidden = 2" : " AND hidden < 2",
+                   sort_field ? sort_field : "ROWID",
+                   ascending ? "ASC" : "DESC");
+}
+
+/**
  * @brief Initialise a task iterator.
  *
- * If there is a current user select that user's tasks, otherwise select
- * all tasks.
+ * If there is a current user select that user's tasks and any tasks that user
+ * is observing (according to actions_string), otherwise select all tasks.
  *
  * @param[in]  iterator    Task iterator.
  * @param[in]  task        Task to limit iteration to.  0 for all.
  * @param[in]  trash       Whether to iterate over trashcan tasks.
  * @param[in]  ascending   Whether to sort ascending or descending.
  * @param[in]  sort_field  Field to sort on, or NULL for "ROWID".
+ * @param[in]  actions_string   Actions.
  */
 void
 init_task_iterator (iterator_t* iterator,
                     task_t task,
                     int trash,
                     int ascending,
-                    const char *sort_field)
+                    const char *sort_field,
+                    const char *actions_string)
 {
   if (current_credentials.uuid)
     {
+      int actions;
+
+      if (actions_string == NULL || strlen (actions_string) == 0)
+        {
+          init_user_task_iterator (iterator, task, trash, ascending, sort_field);
+          return;
+        }
+
+      actions = parse_actions (actions_string);
+
+      if (actions == 0)
+        {
+          init_user_task_iterator (iterator, task, trash, ascending, sort_field);
+          return;
+        }
+
       if (task)
         init_iterator (iterator,
                        "SELECT ROWID, uuid, run_status FROM tasks"
                        /* Include NULL so everyone can see the example task. */
                        " WHERE ((owner IS NULL) OR owner ="
                        " (SELECT ROWID FROM users"
-                       "  WHERE users.uuid = '%s'))"
+                       "  WHERE users.uuid = '%s')"
+                       " OR ROWID IN"
+                       " (SELECT task FROM task_users WHERE user ="
+                       "  (SELECT ROWID FROM users"
+                       "   WHERE users.uuid = '%s')"
+                       "  AND actions & %u = %u))"
                        " AND ROWID = %llu"
                        "%s"
                        " ORDER BY %s %s;",
                        current_credentials.uuid,
+                       current_credentials.uuid,
+                       actions,
+                       actions,
                        task,
                        trash ? " AND hidden = 2" : " AND hidden < 2",
                        sort_field ? sort_field : "ROWID",
                        ascending ? "ASC" : "DESC");
       else
         init_iterator (iterator,
-                       "SELECT ROWID, uuid, run_status FROM tasks WHERE owner ="
+                       "SELECT ROWID, uuid, run_status FROM tasks WHERE (owner ="
                        " (SELECT ROWID FROM users"
                        "  WHERE users.uuid = '%s')"
+                       " OR ROWID IN"
+                       " (SELECT task FROM task_users WHERE user ="
+                       "  (SELECT ROWID FROM users"
+                       "   WHERE users.uuid = '%s')"
+                       "  AND actions & %u = %u))"
                        "%s"
                        " ORDER BY %s %s;",
                        current_credentials.uuid,
+                       current_credentials.uuid,
+                       actions,
+                       actions,
                        trash ? " AND hidden = 2" : " AND hidden < 2",
                        sort_field ? sort_field : "ROWID",
                        ascending ? "ASC" : "DESC");
@@ -8381,7 +8688,7 @@
       /* Set requested, paused and running tasks to stopped. */
 
       assert (current_credentials.uuid == NULL);
-      init_task_iterator (&tasks, 0, 0, 1, NULL);
+      init_task_iterator (&tasks, 0, 0, 1, NULL, NULL);
       while (next (&tasks))
         {
           switch (task_iterator_run_status (&tasks))
@@ -8693,6 +9000,35 @@
 }
 
 /**
+ * @brief Return the observers of a task.
+ *
+ * @param[in]  task  Task.
+ *
+ * @return Observers of task.
+ */
+char*
+task_observers (task_t task)
+{
+  iterator_t users;
+  GString *observers;
+
+  observers = g_string_new ("");
+
+  init_task_user_iterator (&users, task, MANAGE_ACTION_GET);
+  if (next (&users))
+    {
+      g_string_append (observers, task_user_iterator_name (&users));
+      while (next (&users))
+        g_string_append_printf (observers,
+                                " %s",
+                                task_user_iterator_name (&users));
+    }
+  cleanup_iterator (&users);
+
+  return observers->str;
+}
+
+/**
  * @brief Return the config of a task.
  *
  * @param[in]  task  Task.
@@ -9732,6 +10068,161 @@
 }
 
 /**
+ * @brief Find a user given an identifier.
+ *
+ * @param[in]   uuid  A user identifier.
+ * @param[out]  user  User return, 0 if succesfully failed to find user.
+ *
+ * @return FALSE on success (including if failed to find user), TRUE on error.
+ */
+static gboolean
+find_user (const char* name, user_t *user)
+{
+  gchar *quoted_name;
+  quoted_name = sql_quote (name);
+  switch (sql_int64 (user, 0, 0,
+                     "SELECT ROWID FROM users WHERE name = '%s'",
+                     quoted_name))
+    {
+      case 0:
+        break;
+      case 1:        /* Too few rows in result of query. */
+        *user = 0;
+        break;
+      default:       /* Programming error. */
+        assert (0);
+      case -1:
+        g_free (quoted_name);
+        return TRUE;
+        break;
+    }
+
+  g_free (quoted_name);
+  return FALSE;
+}
+
+/**
+ * @brief Set the observers of a task.
+ *
+ * @param[in]  task       Task.
+ * @param[in]  observers  Observers.
+ *
+ * @return 0 success, -1 error, 1 user name validation failed, 2 failed to find
+ *         user.
+ */
+int
+set_task_observers (task_t task, const gchar *observers)
+{
+  gchar **split, **point;
+  GList *added;
+
+  assert (current_credentials.username);
+
+  added = NULL;
+  split = g_strsplit (observers, " ", 0);
+
+  sql ("BEGIN IMMEDIATE;");
+
+  sql ("DELETE FROM task_users WHERE task = %llu;", task);
+
+  point = split;
+  while (*point)
+    {
+      user_t user;
+      gchar *name;
+
+      name = *point;
+
+      g_strstrip (name);
+
+      if ((strcmp (name, current_credentials.username) == 0)
+          || g_list_find_custom (added, name, (GCompareFunc) strcmp))
+        {
+          point++;
+          continue;
+        }
+
+      added = g_list_prepend (added, name);
+
+      if (openvas_user_exists (name) == 0)
+        {
+          g_list_free (added);
+          g_strfreev (split);
+          sql ("ROLLBACK;");
+          return 2;
+        }
+
+      if (find_user (name, &user))
+        {
+          g_list_free (added);
+          g_strfreev (split);
+          sql ("ROLLBACK;");
+          return -1;
+        }
+
+      if (user == 0)
+        {
+          gchar *uuid;
+
+          /** @todo Similar to validate_user in openvas-administrator. */
+          if (g_regex_match_simple ("^[[:alnum:]-_]+$", name, 0, 0) == 0)
+            {
+              g_list_free (added);
+              g_strfreev (split);
+              sql ("ROLLBACK;");
+              return 1;
+            }
+
+          uuid = openvas_user_uuid (name);
+
+          if (uuid == NULL)
+            {
+              g_list_free (added);
+              g_strfreev (split);
+              sql ("ROLLBACK;");
+              return -1;
+            }
+
+          if (sql_int (0, 0,
+                       "SELECT count(*) FROM users WHERE uuid = '%s';",
+                       uuid)
+              == 0)
+            {
+              gchar *quoted_name;
+              quoted_name = sql_quote (name);
+              sql ("INSERT INTO users (uuid, name) VALUES ('%s', '%s');",
+                   uuid,
+                   quoted_name);
+              g_free (quoted_name);
+
+              user = sqlite3_last_insert_rowid (task_db);
+            }
+          else
+            {
+              /* user_find should have found it. */
+              assert (0);
+              g_list_free (added);
+              g_strfreev (split);
+              sql ("ROLLBACK;");
+              return -1;
+            }
+        }
+
+      sql ("INSERT INTO task_users (task, user, actions)"
+           " VALUES (%llu, %llu, %llu)",
+           task, user, (unsigned long long int) MANAGE_ACTION_GET);
+
+      point++;
+    }
+
+  g_list_free (added);
+  g_strfreev (split);
+  sql ("COMMIT;");
+  return 0;
+}
+
+
+/**
  * @brief Generate rcfile in task from config and target.
  *
  * @param[in]  task  The task.
@@ -9983,16 +10474,6 @@
 
 /* Prognostics. */
 
-#define DEF_ACCESS(name, col) \
-const char* \
-name (iterator_t* iterator) \
-{ \
-  const char *ret; \
-  if (iterator->done) return NULL; \
-  ret = (const char*) sqlite3_column_text (iterator->stmt, col); \
-  return ret; \
-}
-
 /**
  * @brief Initialise a prognosis iterator.
  *
@@ -12905,7 +13386,8 @@
                int* logs, int* warnings, int* false_positives, int override)
 {
   report_t report;
-  if (find_report (report_id, &report)) return -1;
+  if (find_report_for_actions (report_id, &report, "g"))
+    return -1;
   return report_counts_id (report, debugs, holes, infos, logs, warnings,
                            false_positives, override, NULL);
 }
@@ -18386,7 +18868,7 @@
 {
   iterator_t tasks;
 
-  init_task_iterator (&tasks, 0, 1, 1, NULL);
+  init_user_task_iterator (&tasks, 0, 1, 1, NULL);
   while (next (&tasks))
     {
       task_t task;
@@ -18520,6 +19002,43 @@
 }
 
 /**
+ * @brief Find a task for an action, given an identifier.
+ *
+ * @param[in]   uuid     A task identifier.
+ * @param[out]  task     Task return, 0 if succesfully failed to find task.
+ * @param[in]   actions  Actions.
+ *
+ * @return FALSE on success (including if failed to find task), TRUE on error.
+ */
+gboolean
+find_task_for_actions (const char* uuid, task_t* task, const char *actions)
+{
+  if (user_has_access_uuid ("task", uuid, actions) == 0)
+    {
+      *task = 0;
+      return FALSE;
+    }
+  switch (sql_int64 (task, 0, 0,
+                     "SELECT ROWID FROM tasks WHERE uuid = '%s'"
+                     " AND hidden != 2;",
+                     uuid))
+    {
+      case 0:
+        break;
+      case 1:        /* Too few rows in result of query. */
+        *task = 0;
+        break;
+      default:       /* Programming error. */
+        assert (0);
+      case -1:
+        return TRUE;
+        break;
+    }
+
+  return FALSE;
+}
+
+/**
  * @brief Find a task in the trashcan, given an identifier.
  *
  * @param[in]   uuid  A task identifier.
@@ -18591,6 +19110,43 @@
 }
 
 /**
+ * @brief Find a report given an identifier.
+ *
+ * @param[in]   uuid     A report identifier.
+ * @param[out]  report   Report return, 0 if succesfully failed to find report.
+ * @param[in]   actions  Actions.
+ *
+ * @return FALSE on success (including if failed to find report), TRUE on error.
+ */
+gboolean
+find_report_for_actions (const char* uuid, report_t* report,
+                         const char *actions)
+{
+  if (user_has_access_uuid ("report", uuid, actions) == 0)
+    {
+      *report = 0;
+      return FALSE;
+    }
+  switch (sql_int64 (report, 0, 0,
+                     "SELECT ROWID FROM reports WHERE uuid = '%s';",
+                     uuid))
+    {
+      case 0:
+        break;
+      case 1:        /* Too few rows in result of query. */
+        *report = 0;
+        break;
+      default:       /* Programming error. */
+        assert (0);
+      case -1:
+        return TRUE;
+        break;
+    }
+
+  return FALSE;
+}
+
+/**
  * @brief Reset all running information for a task.
  *
  * @param[in]  task  Task.
@@ -18784,6 +19340,47 @@
 }
 
 /**
+ * @brief Find a target for a set of actions, given a UUID.
+ *
+ * @param[in]   uuid     UUID of target.
+ * @param[out]  target   Target return, 0 if succesfully failed to find target.
+ * @param[in]   actions  Actions.
+ *
+ * @return FALSE on success (including if failed to find target), TRUE on error.
+ */
+gboolean
+find_target_for_actions (const char* uuid, target_t* target,
+                         const char *actions)
+{
+  gchar *quoted_uuid = sql_quote (uuid);
+  if (user_has_access_uuid ("target", quoted_uuid, actions) == 0)
+    {
+      g_free (quoted_uuid);
+      *target = 0;
+      return FALSE;
+    }
+  switch (sql_int64 (target, 0, 0,
+                     "SELECT ROWID FROM targets WHERE uuid = '%s';",
+                     quoted_uuid))
+    {
+      case 0:
+        break;
+      case 1:        /* Too few rows in result of query. */
+        *target = 0;
+        break;
+      default:       /* Programming error. */
+        assert (0);
+      case -1:
+        g_free (quoted_uuid);
+        return TRUE;
+        break;
+    }
+
+  g_free (quoted_uuid);
+  return FALSE;
+}
+
+/**
  * @brief Make a copy of a target.
  *
  * @param[in]  target  Target to copy.
@@ -19581,7 +20178,7 @@
 }
 
 /**
- * @brief Initialise a target iterator.
+ * @brief Initialise a target iterator, limited to the current user's targets.
  *
  * @param[in]  iterator    Iterator.
  * @param[in]  target      Target to limit iteration to.  0 for all.
@@ -19590,8 +20187,8 @@
  * @param[in]  sort_field  Field to sort on, or NULL for "ROWID".
  */
 void
-init_target_iterator (iterator_t* iterator, target_t target, int trash,
-                      int ascending, const char* sort_field)
+init_user_target_iterator (iterator_t* iterator, target_t target, int trash,
+                           int ascending, const char* sort_field)
 {
   assert (current_credentials.uuid);
 
@@ -19628,6 +20225,97 @@
 }
 
 /**
+ * @brief Initialise a target iterator, including observed targets.
+ *
+ * @param[in]  iterator    Iterator.
+ * @param[in]  target      Target to limit iteration to.  0 for all.
+ * @param[in]  trash       Whether to iterate over trashcan targets.
+ * @param[in]  ascending   Whether to sort ascending or descending.
+ * @param[in]  sort_field  Field to sort on, or NULL for "ROWID".
+ * @param[in]  actions_string   Actions.
+ */
+void
+init_target_iterator (iterator_t* iterator, target_t target, int trash,
+                      int ascending, const char* sort_field,
+                      const char *actions_string)
+{
+  int actions;
+
+  assert (current_credentials.uuid);
+
+  if (actions_string == NULL || strlen (actions_string) == 0)
+    {
+      init_user_target_iterator (iterator, target, trash, ascending,
+                                 sort_field);
+      return;
+    }
+
+  actions = parse_actions (actions_string);
+
+  if (actions == 0)
+    {
+      init_user_target_iterator (iterator, target, trash, ascending,
+                                 sort_field);
+      return;
+    }
+
+  if (target)
+    init_iterator (iterator,
+                   "SELECT ROWID, uuid, name, hosts, comment, lsc_credential,"
+                   " ssh_port, smb_lsc_credential, port_range, %s, %s"
+                   " FROM targets%s"
+                   " WHERE ROWID = %llu"
+                   " AND"
+                   " ((owner IS NULL) OR (owner ="
+                   "  (SELECT ROWID FROM users WHERE users.uuid = '%s'))"
+                   "  OR"
+                   "  (SELECT tasks.ROWID FROM tasks"
+                   "   WHERE target = targets.ROWID)"
+                   "  IN"
+                   "  (SELECT task FROM task_users WHERE user ="
+                   "   (SELECT ROWID FROM users"
+                   "    WHERE users.uuid = '%s')"
+                   "   AND actions & %u = %u))"
+                   " ORDER BY %s %s;",
+                   trash ? "ssh_location" : "0",
+                   trash ? "smb_location" : "0",
+                   trash ? "_trash" : "",
+                   target,
+                   current_credentials.uuid,
+                   current_credentials.uuid,
+                   actions,
+                   actions,
+                   sort_field ? sort_field : "ROWID",
+                   ascending ? "ASC" : "DESC");
+  else
+    init_iterator (iterator,
+                   "SELECT ROWID, uuid, name, hosts, comment, lsc_credential,"
+                   " ssh_port, smb_lsc_credential, port_range, %s, %s"
+                   " FROM targets%s"
+                   " WHERE"
+                   " ((owner IS NULL) OR (owner ="
+                   "  (SELECT ROWID FROM users WHERE users.uuid = '%s'))"
+                   "  OR"
+                   "  (SELECT tasks.ROWID FROM tasks"
+                   "   WHERE target = targets.ROWID)"
+                   "  IN"
+                   "  (SELECT task FROM task_users WHERE user ="
+                   "   (SELECT ROWID FROM users"
+                   "    WHERE users.uuid = '%s')"
+                   "   AND actions & %u = %u))"
+                   " ORDER BY %s %s;",
+                   trash ? "ssh_location" : "0",
+                   trash ? "smb_location" : "0",
+                   trash ? "_trash" : "",
+                   current_credentials.uuid,
+                   current_credentials.uuid,
+                   actions,
+                   actions,
+                   sort_field ? sort_field : "ROWID",
+                   ascending ? "ASC" : "DESC");
+}
+
+/**
  * @brief Get the target from a target iterator.
  *
  * @param[in]  iterator  Iterator.
@@ -20095,6 +20783,46 @@
 }
 
 /**
+ * @brief Find a config for a set of actions, given a UUID.
+ *
+ * @param[in]   uuid     Config UUID.
+ * @param[out]  config   Config return, 0 if succesfully failed to find config.
+ * @param[in]   actions  Actions.
+ *
+ * @return FALSE on success (including if failed to find config), TRUE on error.
+ */
+gboolean
+find_config_for_actions (const char* uuid, config_t* config,
+                         const char *actions)
+{
+  gchar *quoted_uuid = sql_quote (uuid);
+  if (user_has_access_uuid ("config", quoted_uuid, actions) == 0)
+    {
+      g_free (quoted_uuid);
+      *config = 0;
+      return FALSE;
+    }
+  switch (sql_int64 (config, 0, 0,
+                     "SELECT ROWID FROM configs WHERE uuid = '%s';",
+                     quoted_uuid))
+    {
+      case 0:
+        break;
+      case 1:        /* Too few rows in result of query. */
+        *config = 0;
+        break;
+      default:       /* Programming error. */
+        assert (0);
+      case -1:
+        g_free (quoted_uuid);
+        return TRUE;
+        break;
+    }
+  g_free (quoted_uuid);
+  return FALSE;
+}
+
+/**
  * @brief Insert preferences into a config.
  *
  * @param[in]  config       Config.
@@ -21093,7 +21821,7 @@
 #define CONFIG_ITERATOR_FIELDS "ROWID, uuid, name, nvt_selector, comment, families_growing, nvts_growing"
 
 /**
- * @brief Initialise a config iterator.
+ * @brief Initialise a config iterator, limited to user's configs.
  *
  * @param[in]  iterator    Iterator.
  * @param[in]  config      Config.  0 for all.
@@ -21102,9 +21830,8 @@
  * @param[in]  sort_field  Field to sort on, or NULL for "ROWID".
  */
 void
-init_config_iterator (iterator_t* iterator, config_t config, int trash,
-                      int ascending, const char* sort_field)
-
+init_user_config_iterator (iterator_t* iterator, config_t config, int trash,
+                           int ascending, const char* sort_field)
 {
   gchar *sql;
 
@@ -21139,6 +21866,92 @@
 }
 
 /**
+ * @brief Initialise a config iterator.
+ *
+ * @param[in]  iterator    Iterator.
+ * @param[in]  config      Config.  0 for all.
+ * @param[in]  trash       Whether to iterate over trashcan configs.
+ * @param[in]  ascending   Whether to sort ascending or descending.
+ * @param[in]  sort_field  Field to sort on, or NULL for "ROWID".
+ * @param[in]  actions_string  Actions.
+ */
+void
+init_config_iterator (iterator_t* iterator, config_t config, int trash,
+                      int ascending, const char* sort_field,
+                      const char *actions_string)
+{
+  gchar *sql;
+  int actions;
+
+  assert (current_credentials.uuid);
+
+  if (actions_string == NULL || strlen (actions_string) == 0)
+    {
+      init_user_config_iterator (iterator, config, trash, ascending,
+                                 sort_field);
+      return;
+    }
+
+  actions = parse_actions (actions_string);
+
+  if (actions == 0)
+    {
+      init_user_config_iterator (iterator, config, trash, ascending,
+                                 sort_field);
+      return;
+    }
+
+  if (config)
+    sql = g_strdup_printf ("SELECT " CONFIG_ITERATOR_FIELDS
+                           " FROM configs%s"
+                           " WHERE ROWID = %llu"
+                           " AND"
+                           " ((owner IS NULL) OR (owner ="
+                           "  (SELECT ROWID FROM users WHERE users.uuid = '%s'))"
+                           "  OR"
+                           "  (SELECT tasks.ROWID FROM tasks"
+                           "   WHERE config = configs.ROWID)"
+                           "  IN"
+                           "  (SELECT task FROM task_users WHERE user ="
+                           "   (SELECT ROWID FROM users"
+                           "    WHERE users.uuid = '%s')"
+                           "   AND actions & %u = %u))"
+                           " ORDER BY %s %s;",
+                           trash ? "_trash" : "",
+                           config,
+                           current_credentials.uuid,
+                           current_credentials.uuid,
+                           actions,
+                           actions,
+                           sort_field ? sort_field : "ROWID",
+                           ascending ? "ASC" : "DESC");
+  else
+    sql = g_strdup_printf ("SELECT " CONFIG_ITERATOR_FIELDS
+                           " FROM configs%s"
+                           " WHERE"
+                           " ((owner IS NULL) OR (owner ="
+                           "  (SELECT ROWID FROM users WHERE users.uuid = '%s'))"
+                           "  OR"
+                           "  (SELECT tasks.ROWID FROM tasks"
+                           "   WHERE config = config.ROWID)"
+                           "  IN"
+                           "  (SELECT task FROM task_users WHERE user ="
+                           "   (SELECT ROWID FROM users"
+                           "    WHERE users.uuid = '%s')"
+                           "   AND actions & %u = %u))"
+                           " ORDER BY %s %s;",
+                           trash ? "_trash" : "",
+                           current_credentials.uuid,
+                           current_credentials.uuid,
+                           actions,
+                           actions,
+                           sort_field ? sort_field : "ROWID",
+                           ascending ? "ASC" : "DESC");
+  init_iterator (iterator, sql);
+  g_free (sql);
+}
+
+/**
  * @brief Get the config from a config iterator.
  *
  * @param[in]  iterator  Iterator.
@@ -22529,7 +23342,7 @@
 {
   iterator_t configs;
 
-  init_config_iterator (&configs, config, 0, 1, NULL);
+  init_user_config_iterator (&configs, config, 0, 1, NULL);
   while (next (&configs))
     update_config_cache (&configs);
   cleanup_iterator (&configs);
@@ -24473,6 +25286,50 @@
 }
 
 /**
+ * @brief Find an LSC credential given a UUID.
+ *
+ * @param[in]   uuid            UUID of LSC credential.
+ * @param[out]  lsc_credential  LSC credential return, 0 if succesfully failed
+ *                              to find credential.
+ * @param[in]   actions_string  Actions.
+ *
+ * @return FALSE on success (including if failed to find LSC credential),
+ *         TRUE on error.
+ */
+gboolean
+find_lsc_credential_for_actions (const char* uuid,
+                                 lsc_credential_t* lsc_credential,
+                                 const char *actions)
+{
+  gchar *quoted_uuid = sql_quote (uuid);
+  if (user_has_access_uuid ("lsc_credential", quoted_uuid, actions) == 0)
+    {
+      g_free (quoted_uuid);
+      *lsc_credential = 0;
+      return FALSE;
+    }
+  switch (sql_int64 (lsc_credential, 0, 0,
+                     "SELECT ROWID FROM lsc_credentials WHERE uuid = '%s';",
+                     quoted_uuid))
+    {
+      case 0:
+        break;
+      case 1:        /* Too few rows in result of query. */
+        *lsc_credential = 0;
+        break;
+      default:       /* Programming error. */
+        assert (0);
+      case -1:
+        g_free (quoted_uuid);
+        return TRUE;
+        break;
+    }
+
+  g_free (quoted_uuid);
+  return FALSE;
+}
+
+/**
  * @brief Length of password generated in create_lsc_credential.
  */
 #define PASSWORD_LENGTH 10
@@ -24864,7 +25721,7 @@
 }
 
 /**
- * @brief Initialise an LSC Credential iterator.
+ * @brief Initialise an LSC Credential iterator, limiting to user's credentials.
  *
  * @param[in]  iterator        Iterator.
  * @param[in]  lsc_credential  Single LSC credential to iterate, 0 for all.
@@ -24873,9 +25730,9 @@
  * @param[in]  sort_field      Field to sort on, or NULL for "ROWID".
  */
 void
-init_lsc_credential_iterator (iterator_t* iterator,
-                              lsc_credential_t lsc_credential, int trash,
-                              int ascending, const char* sort_field)
+init_user_lsc_credential_iterator (iterator_t* iterator,
+                                   lsc_credential_t lsc_credential, int trash,
+                                   int ascending, const char* sort_field)
 {
   assert (current_credentials.uuid);
 
@@ -24924,6 +25781,120 @@
 }
 
 /**
+ * @brief Initialise an LSC Credential iterator, limiting to user's credentials.
+ *
+ * @param[in]  iterator        Iterator.
+ * @param[in]  lsc_credential  Single LSC credential to iterate, 0 for all.
+ * @param[in]  trash           Whether to iterate over trashcan credentials.
+ * @param[in]  ascending       Whether to sort ascending or descending.
+ * @param[in]  sort_field      Field to sort on, or NULL for "ROWID".
+ * @param[in]  actions_string  Actions.
+ */
+void
+init_lsc_credential_iterator (iterator_t* iterator,
+                              lsc_credential_t lsc_credential, int trash,
+                              int ascending, const char* sort_field,
+                              const char *actions_string)
+{
+  int actions;
+
+  assert (current_credentials.uuid);
+
+  if (actions_string == NULL || strlen (actions_string) == 0)
+    {
+      init_user_lsc_credential_iterator (iterator, lsc_credential, trash,
+                                         ascending, sort_field);
+      return;
+    }
+
+  actions = parse_actions (actions_string);
+
+  if (actions == 0)
+    {
+      init_user_lsc_credential_iterator (iterator, lsc_credential, trash,
+                                         ascending, sort_field);
+      return;
+    }
+
+  if (lsc_credential)
+    init_iterator (iterator,
+                   "SELECT ROWID, uuid, name, login, password, comment,"
+                   " public_key, private_key, rpm, deb, exe,"
+                   " (SELECT count(*) > 0 FROM targets%s"
+                   "  WHERE lsc_credential = lsc_credentials%s.ROWID)"
+                   " + (SELECT count(*) > 0 FROM targets%s"
+                   "    WHERE smb_lsc_credential = lsc_credentials%s.ROWID)"
+                   " FROM lsc_credentials%s"
+                   " WHERE ROWID = %llu"
+                   " AND"
+                   " ((owner IS NULL) OR (owner ="
+                   "  (SELECT ROWID FROM users WHERE users.uuid = '%s'))"
+                   "  OR"
+                   "  (SELECT tasks.ROWID FROM tasks"
+                   "   WHERE tasks.target ="
+                   "   (SELECT ROWID FROM targets"
+                   "    WHERE lsc_credential = lsc_credentials%s.ROWID"
+                   "    OR smb_lsc_credential = lsc_credentials%s.ROWID))"
+                   "  IN"
+                   "  (SELECT task FROM task_users WHERE user ="
+                   "   (SELECT ROWID FROM users"
+                   "    WHERE users.uuid = '%s')"
+                   "   AND actions & %u = %u))"
+                   " ORDER BY %s %s;",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   lsc_credential,
+                   current_credentials.uuid,
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   current_credentials.uuid,
+                   actions,
+                   actions,
+                   sort_field ? sort_field : "ROWID",
+                   ascending ? "ASC" : "DESC");
+  else
+    init_iterator (iterator,
+                   "SELECT ROWID, uuid, name, login, password, comment,"
+                   " public_key, private_key, rpm, deb, exe,"
+                   " (SELECT count(*) > 0 FROM targets%s"
+                   "  WHERE lsc_credential = lsc_credentials%s.ROWID)"
+                   " + (SELECT count(*) > 0 FROM targets%s"
+                   "    WHERE smb_lsc_credential = lsc_credentials%s.ROWID)"
+                   " FROM lsc_credentials%s"
+                   " WHERE"
+                   " ((owner IS NULL) OR (owner ="
+                   "  (SELECT ROWID FROM users WHERE users.uuid = '%s'))"
+                   "  OR"
+                   "  (SELECT tasks.ROWID FROM tasks"
+                   "   WHERE target ="
+                   "   (SELECT ROWID FROM targets"
+                   "    WHERE lsc_credential = lsc_credentials%s.ROWID"
+                   "    OR smb_lsc_credential = lsc_credentials%s.ROWID))"
+                   "  IN"
+                   "  (SELECT task FROM task_users WHERE user ="
+                   "   (SELECT ROWID FROM users"
+                   "    WHERE users.uuid = '%s')"
+                   "   AND actions & %u = %u))"
+                   " ORDER BY %s %s;",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   current_credentials.uuid,
+                   trash ? "_trash" : "",
+                   trash ? "_trash" : "",
+                   current_credentials.uuid,
+                   actions,
+                   actions,
+                   sort_field ? sort_field : "ROWID",
+                   ascending ? "ASC" : "DESC");
+}
+
+/**
  * @brief Get the LSC credential from an LSC credential iterator.
  *
  * @param[in]  iterator  Iterator.

Modified: trunk/openvas-manager/src/omp.c
===================================================================
--- trunk/openvas-manager/src/omp.c	2011-09-21 04:34:36 UTC (rev 11647)
+++ trunk/openvas-manager/src/omp.c	2011-09-21 13:46:10 UTC (rev 11648)
@@ -1520,6 +1520,7 @@
  */
 typedef struct
 {
+  char *actions;         ///< Actions.
   int export;            ///< Boolean.  Whether to format for create_config.
   int families;          ///< Boolean.  Whether to include config families.
   char *config_id;       ///< ID of single config to iterate over.
@@ -1537,6 +1538,7 @@
 static void
 get_configs_data_reset (get_configs_data_t *data)
 {
+  free (data->actions);
   free (data->config_id);
   free (data->sort_field);
 
@@ -1594,6 +1596,7 @@
  */
 typedef struct
 {
+  char *actions;           ///< Actions.
   char *format;            ///< Format requested: "key", "deb", ....
   char *lsc_credential_id; ///< Single LSC credential to iterate over.
   char *sort_field;        ///< Field to sort results on.
@@ -1609,6 +1612,7 @@
 static void
 get_lsc_credentials_data_reset (get_lsc_credentials_data_t *data)
 {
+  free (data->actions);
   free (data->format);
   free (data->lsc_credential_id);
   free (data->sort_field);
@@ -1650,6 +1654,7 @@
  */
 typedef struct
 {
+  char *actions;         ///< Actions.
   char *config_id;       ///< ID of config to which to limit NVT selection.
   int details;           ///< Boolean.  Whether to include full NVT details.
   char *family;          ///< Name of family to which to limit NVT selection.
@@ -1669,6 +1674,7 @@
 static void
 get_nvts_data_reset (get_nvts_data_t *data)
 {
+  free (data->actions);
   free (data->config_id);
   free (data->family);
   free (data->nvt_oid);
@@ -1966,6 +1972,7 @@
  */
 typedef struct
 {
+  char *actions;       ///< Actions.
   char *sort_field;    ///< Field to sort results on.
   int sort_order;      ///< Result sort order: 0 descending, else ascending.
   char *target_id;     ///< ID of single target to get.
@@ -1981,6 +1988,7 @@
 static void
 get_targets_data_reset (get_targets_data_t *data)
 {
+  free (data->actions);
   free (data->target_id);
   free (data->sort_field);
 
@@ -2018,6 +2026,7 @@
  */
 typedef struct
 {
+  char *actions;         ///< Actions.
   int apply_overrides;   ///< Boolean.  Whether to apply overrides.
   int details;           ///< Boolean.  Whether to include task details.
   char *task_id;         ///< ID of single task to get.
@@ -2035,6 +2044,7 @@
 static void
 get_tasks_data_reset (get_tasks_data_t *data)
 {
+  free (data->actions);
   free (data->task_id);
   free (data->sort_field);
 
@@ -2184,6 +2194,7 @@
   char *file;          ///< File to attach to task.
   char *file_name;     ///< Name of file to attach to task.
   char *name;          ///< New name for task.
+  char *observers;     ///< Space separated list of observer user names.
   name_value_t *preference;  ///< Current preference.
   array_t *preferences;   ///< Preferences.
   char *rcfile;        ///< New definition for task, as an RC file.
@@ -2206,6 +2217,7 @@
   free (data->file);
   free (data->file_name);
   free (data->name);
+  free (data->observers);
   if (data->preferences)
     {
       guint index = data->preferences->len;
@@ -3289,6 +3301,7 @@
   CLIENT_MODIFY_TASK_ESCALATOR,
   CLIENT_MODIFY_TASK_FILE,
   CLIENT_MODIFY_TASK_NAME,
+  CLIENT_MODIFY_TASK_OBSERVERS,
   CLIENT_MODIFY_TASK_PREFERENCES,
   CLIENT_MODIFY_TASK_PREFERENCES_PREFERENCE,
   CLIENT_MODIFY_TASK_PREFERENCES_PREFERENCE_NAME,
@@ -4001,6 +4014,8 @@
             const gchar* attribute;
             append_attribute (attribute_names, attribute_values, "config_id",
                               &get_configs_data->config_id);
+            append_attribute (attribute_names, attribute_values, "actions",
+                              &get_configs_data->actions);
             if (find_attribute (attribute_names, attribute_values,
                                 "families", &attribute))
               get_configs_data->families = atoi (attribute);
@@ -4063,6 +4078,8 @@
             append_attribute (attribute_names, attribute_values,
                               "lsc_credential_id",
                               &get_lsc_credentials_data->lsc_credential_id);
+            append_attribute (attribute_names, attribute_values, "actions",
+                              &get_lsc_credentials_data->actions);
             append_attribute (attribute_names, attribute_values, "format",
                               &get_lsc_credentials_data->format);
             if (find_attribute (attribute_names, attribute_values,
@@ -4125,6 +4142,8 @@
         else if (strcasecmp ("GET_NVTS", element_name) == 0)
           {
             const gchar* attribute;
+            append_attribute (attribute_names, attribute_values, "actions",
+                              &get_nvts_data->actions);
             append_attribute (attribute_names, attribute_values, "nvt_oid",
                               &get_nvts_data->nvt_oid);
             append_attribute (attribute_names, attribute_values, "config_id",
@@ -4507,6 +4526,8 @@
             const gchar* attribute;
             append_attribute (attribute_names, attribute_values, "target_id",
                               &get_targets_data->target_id);
+            append_attribute (attribute_names, attribute_values, "actions",
+                              &get_targets_data->actions);
             if (find_attribute (attribute_names, attribute_values,
                                 "tasks", &attribute))
               get_targets_data->tasks = strcmp (attribute, "0");
@@ -4533,6 +4554,9 @@
             append_attribute (attribute_names, attribute_values, "task_id",
                               &get_tasks_data->task_id);
 
+            append_attribute (attribute_names, attribute_values, "actions",
+                              &get_tasks_data->actions);
+
             if (find_attribute (attribute_names, attribute_values,
                                 "rcfile", &attribute))
               get_tasks_data->rcfile = atoi (attribute);
@@ -5722,6 +5746,11 @@
           }
         else if (strcasecmp ("NAME", element_name) == 0)
           set_client_state (CLIENT_MODIFY_TASK_NAME);
+        else if (strcasecmp ("OBSERVERS", element_name) == 0)
+          {
+            openvas_append_string (&modify_task_data->observers, "");
+            set_client_state (CLIENT_MODIFY_TASK_OBSERVERS);
+          }
         else if (strcasecmp ("PREFERENCES", element_name) == 0)
           {
             modify_task_data->preferences = make_array ();
@@ -9251,8 +9280,9 @@
                     }
                 }
               else if (get_nvts_data->config_id
-                       && find_config (get_nvts_data->config_id,
-                                       &config))
+                       && find_config_for_actions (get_nvts_data->config_id,
+                                                   &config,
+                                                   get_nvts_data->actions))
                 SEND_TO_CLIENT_OR_FAIL
                  (XML_INTERNAL_ERROR ("get_nvts"));
               else if (get_nvts_data->config_id && (config == 0))
@@ -9769,7 +9799,9 @@
 
         if ((strcmp (get_reports_data->type, "scan") == 0)
             && get_reports_data->report_id
-            && find_report (get_reports_data->report_id, &request_report))
+            && find_report_for_actions (get_reports_data->report_id,
+                                        &request_report,
+                                        "g"))
           {
             get_reports_data_reset (get_reports_data);
             SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_reports"));
@@ -9779,7 +9811,9 @@
 
         if (get_reports_data->delta_report_id
             && strcmp (get_reports_data->delta_report_id, "0")
-            && find_report (get_reports_data->delta_report_id, &delta_report))
+            && find_report_for_actions (get_reports_data->delta_report_id,
+                                        &delta_report,
+                                        "g"))
           {
             get_reports_data_reset (get_reports_data);
             SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_reports"));
@@ -11656,6 +11690,33 @@
                       }
                   }
 
+                if (fail == 0 && modify_task_data->observers)
+                  {
+                    fail = set_task_observers (task,
+                                               modify_task_data->observers);
+                    switch (fail)
+                      {
+                        case 0:
+                          break;
+                        case 1:
+                        case 2:
+                          SEND_TO_CLIENT_OR_FAIL
+                            (XML_ERROR_SYNTAX ("modify_task",
+                                               "User name error"));
+                          g_log ("event task", G_LOG_LEVEL_MESSAGE,
+                                 "Task %s could not be modified",
+                                 modify_task_data->task_id);
+                          break;
+                        case -1:
+                        default:
+                          SEND_TO_CLIENT_OR_FAIL
+                            (XML_INTERNAL_ERROR ("modify_task"));
+                          g_log ("event task", G_LOG_LEVEL_MESSAGE,
+                                 "Task %s could not be modified",
+                                 modify_task_data->task_id);
+                      }
+                  }
+
                 if (fail == 0 && modify_task_data->escalator_id)
                   {
                     escalator_t escalator = 0;
@@ -11787,6 +11848,10 @@
         assert (strcasecmp ("NAME", element_name) == 0);
         set_client_state (CLIENT_MODIFY_TASK);
         break;
+      case CLIENT_MODIFY_TASK_OBSERVERS:
+        assert (strcasecmp ("OBSERVERS", element_name) == 0);
+        set_client_state (CLIENT_MODIFY_TASK);
+        break;
       case CLIENT_MODIFY_TASK_PREFERENCES:
         assert (strcasecmp ("PREFERENCES", element_name) == 0);
         set_client_state (CLIENT_MODIFY_TASK);
@@ -15297,7 +15362,9 @@
           assert (strcasecmp ("GET_CONFIGS", element_name) == 0);
 
           if (get_configs_data->config_id
-              && find_config (get_configs_data->config_id, &request_config))
+              && find_config_for_actions (get_configs_data->config_id,
+                                          &request_config,
+                                          get_configs_data->actions))
             SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_configs"));
           else if (get_configs_data->config_id && (request_config == 0))
             {
@@ -15328,7 +15395,8 @@
                                     request_config,
                                     get_configs_data->trash,
                                     get_configs_data->sort_order,
-                                    get_configs_data->sort_field);
+                                    get_configs_data->sort_field,
+                                    get_configs_data->actions);
               while (next (&configs))
                 {
                   int config_nvts_growing, config_families_growing;
@@ -15533,8 +15601,8 @@
 
                   SENDF_TO_CLIENT_OR_FAIL ("</config>");
                 }
+              cleanup_iterator (&configs);
             }
-          cleanup_iterator (&configs);
           get_configs_data_reset (get_configs_data);
           SEND_TO_CLIENT_OR_FAIL ("</get_configs_response>");
           set_client_state (CLIENT_AUTHENTIC);
@@ -15731,9 +15799,10 @@
                                 "GET_LSC_CREDENTIALS format attribute should"
                                 " be \"key\", \"rpm\", \"deb\" or \"exe\"."));
           else if (get_lsc_credentials_data->lsc_credential_id
-                   && find_lsc_credential
+                   && find_lsc_credential_for_actions
                        (get_lsc_credentials_data->lsc_credential_id,
-                        &lsc_credential))
+                        &lsc_credential,
+                        get_lsc_credentials_data->actions))
             SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_lsc_credentials"));
           else if (get_lsc_credentials_data->lsc_credential_id
                    && (lsc_credential == 0))
@@ -15758,7 +15827,8 @@
                                             lsc_credential,
                                             get_lsc_credentials_data->trash,
                                             get_lsc_credentials_data->sort_order,
-                                            get_lsc_credentials_data->sort_field);
+                                            get_lsc_credentials_data->sort_field,
+                                            get_lsc_credentials_data->actions);
               while (next (&credentials))
                 {
                   switch (format)
@@ -16099,7 +16169,9 @@
              (XML_ERROR_SYNTAX ("get_target",
                                 "GET_TARGETS tasks given with trash"));
           else if (get_targets_data->target_id
-              && find_target (get_targets_data->target_id, &target))
+                   && find_target_for_actions (get_targets_data->target_id,
+                                               &target,
+                                               get_targets_data->actions))
             SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_targets"));
           else if (get_targets_data->target_id && target == 0)
             {
@@ -16124,7 +16196,8 @@
                                     target,
                                     get_targets_data->trash,
                                     get_targets_data->sort_order,
-                                    get_targets_data->sort_field);
+                                    get_targets_data->sort_field,
+                                    get_targets_data->actions);
               while (next (&targets))
                 {
                   char *ssh_lsc_name, *ssh_lsc_uuid, *smb_lsc_name, *smb_lsc_uuid;
@@ -16244,7 +16317,9 @@
              (XML_ERROR_SYNTAX ("get_task",
                                 "GET_TASKS details given with trash"));
           else if (get_tasks_data->task_id
-              && find_task (get_tasks_data->task_id, &task))
+                   && find_task_for_actions (get_tasks_data->task_id,
+                                             &task,
+                                             get_tasks_data->actions))
             SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("get_tasks"));
           else if (get_tasks_data->task_id && task == 0)
             {
@@ -16296,7 +16371,8 @@
                                   task,
                                   get_tasks_data->trash,
                                   get_tasks_data->sort_order,
-                                  get_tasks_data->sort_field);
+                                  get_tasks_data->sort_field,
+                                  get_tasks_data->actions);
               while (next (&tasks))
                 if (get_tasks_data->details)
                   {
@@ -16312,7 +16388,7 @@
                     char *task_slave_uuid, *task_slave_name;
                     char *task_schedule_uuid, *task_schedule_name, *comment;
                     gchar *first_report_id, *first_report;
-                    char* description;
+                    char *description, *owner, *observers;
                     gchar *description64, *last_report_id, *last_report;
                     gchar *second_last_report_id, *second_last_report;
                     report_t running_report;
@@ -16573,6 +16649,8 @@
 
                     name = task_name (task);
                     comment = task_comment (task);
+                    owner = task_owner_name (task);
+                    observers = task_observers (task);
                     escalator = task_escalator_name (task);
                     escalator_uuid = task_escalator_uuid (task);
                     config = task_config_name (task);
@@ -16597,6 +16675,8 @@
                                 ("<task id=\"%s\">"
                                  "<name>%s</name>"
                                  "<comment>%s</comment>"
+                                 "<owner><name>%s</name></owner>"
+                                 "<observers>%s</observers>"
                                  "<config id=\"%s\">"
                                  "<name>%s</name>"
                                  "</config>"
@@ -16624,6 +16704,8 @@
                                  task_iterator_uuid (&tasks),
                                  name,
                                  comment,
+                                 owner,
+                                 observers,
                                  config_uuid ? config_uuid : "",
                                  config ? config : "",
                                  escalator_uuid ? escalator_uuid : "",
@@ -16661,6 +16743,8 @@
                     g_free (response);
                     g_free (name);
                     g_free (comment);
+                    g_free (owner);
+                    g_free (observers);
                     g_free (description64);
                     free (task_schedule_uuid);
                     free (task_schedule_name);
@@ -16724,6 +16808,8 @@
                     gchar *line, *progress_xml;
                     char *name = task_name (index);
                     char *comment = task_comment (index);
+                    char *observers = task_observers (index);
+                    char *owner = task_owner_name (index);
                     target_t target;
                     slave_t slave;
                     char *tsk_uuid, *config, *config_uuid;
@@ -17041,6 +17127,8 @@
                                             " id=\"%s\">"
                                             "<name>%s</name>"
                                             "<comment>%s</comment>"
+                                            "<owner><name>%s</name></owner>"
+                                            "<observers>%s</observers>"
                                             "<config id=\"%s\">"
                                             "<name>%s</name>"
                                             "<trash>%i</trash>"
@@ -17073,6 +17161,8 @@
                                             tsk_uuid,
                                             name,
                                             comment,
+                                            owner,
+                                            observers,
                                             config_uuid ? config_uuid : "",
                                             config ? config : "",
                                             task_config_in_trash (index),
@@ -17115,6 +17205,8 @@
                     g_free (second_last_report);
                     free (name);
                     free (comment);
+                    free (owner);
+                    free (observers);
                     g_free (description64);
                     free (tsk_uuid);
                     free (task_schedule_uuid);
@@ -17417,6 +17509,9 @@
       case CLIENT_MODIFY_TASK_NAME:
         openvas_append_text (&modify_task_data->name, text, text_len);
         break;
+      case CLIENT_MODIFY_TASK_OBSERVERS:
+        openvas_append_text (&modify_task_data->observers, text, text_len);
+        break;
       case CLIENT_MODIFY_TASK_RCFILE:
         openvas_append_text (&modify_task_data->rcfile, text, text_len);
         break;



More information about the Openvas-commits mailing list