[Openvas-commits] r11671 - in trunk/openvas-manager: . src
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Sep 22 20:25:24 CEST 2011
Author: mattm
Date: 2011-09-22 20:25:22 +0200 (Thu, 22 Sep 2011)
New Revision: 11671
Modified:
trunk/openvas-manager/ChangeLog
trunk/openvas-manager/src/omp.c
Log:
* src/omp.c (omp_xml_handle_end_element): In all CREATE commands, if user
is observer respond with an error.
Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog 2011-09-22 18:23:04 UTC (rev 11670)
+++ trunk/openvas-manager/ChangeLog 2011-09-22 18:25:22 UTC (rev 11671)
@@ -1,5 +1,10 @@
2011-09-22 Matthew Mundell <matthew.mundell at greenbone.net>
+ * src/omp.c (omp_xml_handle_end_element): In all CREATE commands, if user
+ is observer respond with an error.
+
+2011-09-22 Matthew Mundell <matthew.mundell at greenbone.net>
+
* doc/db_postgres.sql (task_users): New table.
* doc/db.png: Update from SQL.
Modified: trunk/openvas-manager/src/omp.c
===================================================================
--- trunk/openvas-manager/src/omp.c 2011-09-22 18:23:04 UTC (rev 11670)
+++ trunk/openvas-manager/src/omp.c 2011-09-22 18:25:22 UTC (rev 11671)
@@ -113,6 +113,7 @@
#include <openvas/base/nvti.h>
#include <openvas/base/openvas_string.h>
#include <openvas/misc/nvt_categories.h>
+#include <openvas/misc/openvas_auth.h>
#include <openvas/misc/openvas_logging.h>
#include <openvas/misc/resource_request.h>
@@ -11958,10 +11959,16 @@
assert (strcasecmp ("CREATE_AGENT", element_name) == 0);
assert (create_agent_data->name != NULL);
- if (strlen (create_agent_data->name) == 0)
+ if (openvas_is_user_observer (current_credentials.username))
{
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_agent",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (strlen (create_agent_data->name) == 0)
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_agent",
"CREATE_AGENT name must be at"
" least one character long"));
}
@@ -12051,8 +12058,15 @@
/* For now the import element, GET_CONFIGS_RESPONSE, overrides
* any other elements. */
- if (import_config_data->import)
+
+ if (openvas_is_user_observer (current_credentials.username))
{
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_config",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (import_config_data->import)
+ {
char *name;
array_terminate (import_config_data->nvt_selectors);
array_terminate (import_config_data->preferences);
@@ -12391,7 +12405,13 @@
array_terminate (create_escalator_data->event_data);
array_terminate (create_escalator_data->method_data);
- if (strlen (create_escalator_data->name) == 0)
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_escalator",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (strlen (create_escalator_data->name) == 0)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_escalator",
"CREATE_ESCALATOR requires NAME element which"
@@ -12592,10 +12612,16 @@
assert (create_lsc_credential_data->name != NULL);
assert (create_lsc_credential_data->login != NULL);
- if (strlen (create_lsc_credential_data->name) == 0)
+ if (openvas_is_user_observer (current_credentials.username))
{
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_lsc_credential",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (strlen (create_lsc_credential_data->name) == 0)
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_lsc_credential",
"CREATE_LSC_CREDENTIAL name must be at"
" least one character long"));
}
@@ -12699,7 +12725,13 @@
assert (strcasecmp ("CREATE_NOTE", element_name) == 0);
- if (create_note_data->nvt_oid == NULL)
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_note",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (create_note_data->nvt_oid == NULL)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_note",
"CREATE_NOTE requires an NVT entity"));
@@ -12818,7 +12850,13 @@
assert (strcasecmp ("CREATE_OVERRIDE", element_name) == 0);
- if (create_override_data->nvt_oid == NULL)
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_override",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (create_override_data->nvt_oid == NULL)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_override",
"CREATE_OVERRIDE requires an NVT entity"));
@@ -12948,7 +12986,13 @@
array_terminate (create_report_data->host_ends);
array_terminate (create_report_data->host_starts);
- if (create_report_data->results == NULL)
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_report",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (create_report_data->results == NULL)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_report",
"CREATE_REPORT requires a REPORT element"));
@@ -13267,8 +13311,15 @@
/* For now the import element, GET_REPORT_FORMATS_RESPONSE, overrides
* any other elements. */
- if (create_report_format_data->import)
+
+ if (openvas_is_user_observer (current_credentials.username))
{
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_report_format",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (create_report_format_data->import)
+ {
array_terminate (create_report_format_data->files);
array_terminate (create_report_format_data->params);
array_terminate (create_report_format_data->params_options);
@@ -13570,7 +13621,13 @@
assert (strcasecmp ("CREATE_SCHEDULE", element_name) == 0);
- if (create_schedule_data->name == NULL)
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_schedule",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (create_schedule_data->name == NULL)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_schedule",
"CREATE_SCHEDULE requires a NAME entity"));
@@ -13711,7 +13768,13 @@
assert (strcasecmp ("CREATE_SLAVE", element_name) == 0);
- if (create_slave_data->host == NULL)
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_slave",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (create_slave_data->host == NULL)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_slave",
"CREATE_SLAVE requires a HOST"));
@@ -13822,7 +13885,13 @@
assert (create_target_data->target_locator
|| create_target_data->hosts != NULL);
- if (strlen (create_target_data->name) == 0)
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_target",
+ "CREATE is forbidden for observer users"));
+ }
+ else if (strlen (create_target_data->name) == 0)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_target",
"CREATE_TARGET name must be at"
@@ -14018,6 +14087,17 @@
/** @todo Any fail cases of the CLIENT_CREATE_TASK_* states must do
* so too. */
+ if (openvas_is_user_observer (current_credentials.username))
+ {
+ request_delete_task (&create_task_data->task);
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_task",
+ "CREATE is forbidden for observer users"));
+ create_task_data_reset (create_task_data);
+ set_client_state (CLIENT_AUTHENTIC);
+ break;
+ }
+
/* Get the task ID. */
if (task_uuid (create_task_data->task, &tsk_uuid))
More information about the Openvas-commits
mailing list