[Openvas-commits] r11655 - in trunk/openvas-libraries: . misc

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Sep 22 13:16:34 CEST 2011


Author: mattm
Date: 2011-09-22 13:16:32 +0200 (Thu, 22 Sep 2011)
New Revision: 11655

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/misc/openvas_auth.c
   trunk/openvas-libraries/misc/openvas_auth.h
Log:
	* misc/openvas_auth.c (openvas_is_user_observer): New function.
	(openvas_set_user_role): Add observer role.

	* misc/openvas_auth.h: Add header accordingly.

Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2011-09-22 09:40:56 UTC (rev 11654)
+++ trunk/openvas-libraries/ChangeLog	2011-09-22 11:16:32 UTC (rev 11655)
@@ -1,3 +1,10 @@
+2011-09-22  Matthew Mundell <matthew.mundell at greenbone.net>
+
+	* misc/openvas_auth.c (openvas_is_user_observer): New function.
+	(openvas_set_user_role): Add observer role.
+
+	* misc/openvas_auth.h: Add header accordingly.
+
 2011-09-21  Matthew Mundell <matthew.mundell at greenbone.net>
 
 	* misc/openvas_auth.c (openvas_auth_store_user_rules): Correct doc typo.

Modified: trunk/openvas-libraries/misc/openvas_auth.c
===================================================================
--- trunk/openvas-libraries/misc/openvas_auth.c	2011-09-22 09:40:56 UTC (rev 11654)
+++ trunk/openvas-libraries/misc/openvas_auth.c	2011-09-22 11:16:32 UTC (rev 11655)
@@ -93,6 +93,7 @@
  *
  *  - uuid : File containing the users uuid.
  *  - isadmin : (optional) flag to mark the user being an admin.
+ *  - isobserver : (optional) flag to mark the user being an observer.
  *  - auth/rules : The rules file.
  *  - auth/hash : (only for locally authenticated users) hash of the users
  *                password
@@ -1109,6 +1110,73 @@
 }
 
 /**
+ * @brief Check if a user is an observer.
+ *
+ * The check for administrative privileges is currently done by looking for an
+ * "ispassword" file in the user directory.
+ *
+ * @param username Username.
+ *
+ * @warning No "sharp" test is performed, as it is possible to have multiple
+ *          users with the same name (in order to allow integration of remote
+ *          authentication sources). Would need the uuid here to fix this
+ *          behaviour.
+ *
+ * @return 1 if user is observer, else 0.
+ */
+int
+openvas_is_user_observer (const gchar * username)
+{
+  gchar *dir_name = g_build_filename (OPENVAS_USERS_DIR, username, NULL);
+  gchar *file_name = g_build_filename (dir_name,
+                                       "isobserver",
+                                       NULL);
+  gboolean file_exists = FALSE;
+  if (g_file_test (dir_name, G_FILE_TEST_IS_DIR))
+    {
+      if (g_file_test (file_name, G_FILE_TEST_IS_REGULAR))
+        {
+          g_free (file_name);
+          g_free (dir_name);
+          return 1;
+        }
+      g_free (file_name);
+      g_free (dir_name);
+      return 0;
+    }
+
+  g_free (dir_name);
+  g_free (file_name);
+
+  // Remote case.
+  if (file_exists == FALSE && (initialized == TRUE && authenticators != NULL))
+    {
+      // Try each authenticator in the list.
+      GSList *item = authenticators;
+      while (item)
+        {
+          authenticator_t authent = (authenticator_t) item->data;
+          file_name = g_build_filename (OPENVAS_STATE_DIR,
+                                        "users-remote",
+                                        authentication_methods[authent->method],
+                                        username,
+                                        "isobserver",
+                                        NULL);
+
+          if (g_file_test (file_name, G_FILE_TEST_EXISTS) == TRUE)
+            {
+              g_free (file_name);
+              return 1;
+            }
+          g_free (file_name);
+          item = g_slist_next (item);
+        }
+    }
+
+  return file_exists;
+}
+
+/**
  * @brief Set the role of a user.
  *
  * @param username      Username.
@@ -1122,39 +1190,70 @@
 openvas_set_user_role (const gchar * username, const gchar * role,
                        const gchar * user_dir_name)
 {
-  int ret = -1;
-  gchar *file_name;
+  gchar *admin_file_name, *observer_file_name;
 
   // Take default directory if none passed as parameter.
+
   if (user_dir_name == NULL)
-    file_name = g_build_filename (OPENVAS_USERS_DIR, username, "isadmin", NULL);
+    admin_file_name = g_build_filename (OPENVAS_USERS_DIR, username, "isadmin",
+                                        NULL);
   else
-    file_name = g_build_filename (user_dir_name, "isadmin", NULL);
+    admin_file_name = g_build_filename (user_dir_name, "isadmin", NULL);
 
+  if (user_dir_name == NULL)
+    observer_file_name = g_build_filename (OPENVAS_USERS_DIR, username,
+                                           "isobserver", NULL);
+  else
+    observer_file_name = g_build_filename (user_dir_name, "isobserver", NULL);
+
   if (strcmp (role, "User") == 0)
     {
-      if (g_remove (file_name))
-        {
-          if (errno == ENOENT)
-            ret = 0;
-        }
-      else
-        ret = 0;
+      if (g_remove (admin_file_name) && errno != ENOENT)
+        goto fail;
+
+      if (g_remove (observer_file_name) && errno != ENOENT)
+        goto fail;
     }
-  else if (strcmp (role, "Admin") == 0
-           && g_file_set_contents (file_name, "", -1, NULL))
+  else if (strcmp (role, "Admin") == 0)
     {
-      g_chmod (file_name, 0600);
-      ret = 0;
+      if (g_remove (admin_file_name) && errno != ENOENT)
+        goto fail;
+
+      if (g_remove (observer_file_name) && errno != ENOENT)
+        goto fail;
+
+      if (g_file_set_contents (admin_file_name, "", -1, NULL)
+          == FALSE)
+        goto fail;
+
+      g_chmod (admin_file_name, 0600);
     }
+  else if (strcmp (role, "Observer") == 0)
+    {
+      if (g_remove (admin_file_name) && errno != ENOENT)
+        goto fail;
+
+      if (g_remove (observer_file_name) && errno != ENOENT)
+        goto fail;
+
+      if (g_file_set_contents (observer_file_name, "", -1, NULL)
+          == FALSE)
+        goto fail;
+
+      g_chmod (observer_file_name, 0600);
+    }
   else
     {
-      g_free (file_name);
+      g_free (admin_file_name);
       return -2;
     }
 
-  g_free (file_name);
-  return ret;
+  g_free (admin_file_name);
+  return 0;
+
+ fail:
+  g_free (admin_file_name);
+  return -1;
 }
 
 #ifndef _WIN32

Modified: trunk/openvas-libraries/misc/openvas_auth.h
===================================================================
--- trunk/openvas-libraries/misc/openvas_auth.h	2011-09-22 09:40:56 UTC (rev 11654)
+++ trunk/openvas-libraries/misc/openvas_auth.h	2011-09-22 11:16:32 UTC (rev 11655)
@@ -51,6 +51,8 @@
 
 int openvas_is_user_admin (const gchar *);
 
+int openvas_is_user_observer (const gchar *);
+
 int openvas_set_user_role (const gchar *, const gchar *,
                            const gchar * user_dir_name);
 



More information about the Openvas-commits mailing list