[Openvas-commits] r11671 - in trunk/openvas-manager: . src

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Sep 22 20:25:24 CEST 2011


Author: mattm
Date: 2011-09-22 20:25:22 +0200 (Thu, 22 Sep 2011)
New Revision: 11671

Modified:
   trunk/openvas-manager/ChangeLog
   trunk/openvas-manager/src/omp.c
Log:
	* src/omp.c (omp_xml_handle_end_element): In all CREATE commands, if user
	is observer respond with an error.

Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog	2011-09-22 18:23:04 UTC (rev 11670)
+++ trunk/openvas-manager/ChangeLog	2011-09-22 18:25:22 UTC (rev 11671)
@@ -1,5 +1,10 @@
 2011-09-22  Matthew Mundell <matthew.mundell at greenbone.net>
 
+	* src/omp.c (omp_xml_handle_end_element): In all CREATE commands, if user
+	is observer respond with an error.
+
+2011-09-22  Matthew Mundell <matthew.mundell at greenbone.net>
+
 	* doc/db_postgres.sql (task_users): New table.
 
 	* doc/db.png: Update from SQL.

Modified: trunk/openvas-manager/src/omp.c
===================================================================
--- trunk/openvas-manager/src/omp.c	2011-09-22 18:23:04 UTC (rev 11670)
+++ trunk/openvas-manager/src/omp.c	2011-09-22 18:25:22 UTC (rev 11671)
@@ -113,6 +113,7 @@
 #include <openvas/base/nvti.h>
 #include <openvas/base/openvas_string.h>
 #include <openvas/misc/nvt_categories.h>
+#include <openvas/misc/openvas_auth.h>
 #include <openvas/misc/openvas_logging.h>
 #include <openvas/misc/resource_request.h>
 
@@ -11958,10 +11959,16 @@
           assert (strcasecmp ("CREATE_AGENT", element_name) == 0);
           assert (create_agent_data->name != NULL);
 
-          if (strlen (create_agent_data->name) == 0)
+          if (openvas_is_user_observer (current_credentials.username))
             {
               SEND_TO_CLIENT_OR_FAIL
                (XML_ERROR_SYNTAX ("create_agent",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (strlen (create_agent_data->name) == 0)
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_agent",
                                   "CREATE_AGENT name must be at"
                                   " least one character long"));
             }
@@ -12051,8 +12058,15 @@
 
           /* For now the import element, GET_CONFIGS_RESPONSE, overrides
            * any other elements. */
-          if (import_config_data->import)
+
+          if (openvas_is_user_observer (current_credentials.username))
             {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_config",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (import_config_data->import)
+            {
               char *name;
               array_terminate (import_config_data->nvt_selectors);
               array_terminate (import_config_data->preferences);
@@ -12391,7 +12405,13 @@
           array_terminate (create_escalator_data->event_data);
           array_terminate (create_escalator_data->method_data);
 
-          if (strlen (create_escalator_data->name) == 0)
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_escalator",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (strlen (create_escalator_data->name) == 0)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_escalator",
                                 "CREATE_ESCALATOR requires NAME element which"
@@ -12592,10 +12612,16 @@
           assert (create_lsc_credential_data->name != NULL);
           assert (create_lsc_credential_data->login != NULL);
 
-          if (strlen (create_lsc_credential_data->name) == 0)
+          if (openvas_is_user_observer (current_credentials.username))
             {
               SEND_TO_CLIENT_OR_FAIL
                (XML_ERROR_SYNTAX ("create_lsc_credential",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (strlen (create_lsc_credential_data->name) == 0)
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_lsc_credential",
                                   "CREATE_LSC_CREDENTIAL name must be at"
                                   " least one character long"));
             }
@@ -12699,7 +12725,13 @@
 
           assert (strcasecmp ("CREATE_NOTE", element_name) == 0);
 
-          if (create_note_data->nvt_oid == NULL)
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_note",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (create_note_data->nvt_oid == NULL)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_note",
                                 "CREATE_NOTE requires an NVT entity"));
@@ -12818,7 +12850,13 @@
 
           assert (strcasecmp ("CREATE_OVERRIDE", element_name) == 0);
 
-          if (create_override_data->nvt_oid == NULL)
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_override",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (create_override_data->nvt_oid == NULL)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_override",
                                 "CREATE_OVERRIDE requires an NVT entity"));
@@ -12948,7 +12986,13 @@
           array_terminate (create_report_data->host_ends);
           array_terminate (create_report_data->host_starts);
 
-          if (create_report_data->results == NULL)
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_report",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (create_report_data->results == NULL)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_report",
                                 "CREATE_REPORT requires a REPORT element"));
@@ -13267,8 +13311,15 @@
 
           /* For now the import element, GET_REPORT_FORMATS_RESPONSE, overrides
            * any other elements. */
-          if (create_report_format_data->import)
+
+          if (openvas_is_user_observer (current_credentials.username))
             {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_report_format",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (create_report_format_data->import)
+            {
               array_terminate (create_report_format_data->files);
               array_terminate (create_report_format_data->params);
               array_terminate (create_report_format_data->params_options);
@@ -13570,7 +13621,13 @@
 
           assert (strcasecmp ("CREATE_SCHEDULE", element_name) == 0);
 
-          if (create_schedule_data->name == NULL)
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_schedule",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (create_schedule_data->name == NULL)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_schedule",
                                 "CREATE_SCHEDULE requires a NAME entity"));
@@ -13711,7 +13768,13 @@
 
           assert (strcasecmp ("CREATE_SLAVE", element_name) == 0);
 
-          if (create_slave_data->host == NULL)
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_slave",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (create_slave_data->host == NULL)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_slave",
                                 "CREATE_SLAVE requires a HOST"));
@@ -13822,7 +13885,13 @@
           assert (create_target_data->target_locator
                   || create_target_data->hosts != NULL);
 
-          if (strlen (create_target_data->name) == 0)
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_target",
+                                  "CREATE is forbidden for observer users"));
+            }
+          else if (strlen (create_target_data->name) == 0)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_target",
                                 "CREATE_TARGET name must be at"
@@ -14018,6 +14087,17 @@
           /** @todo Any fail cases of the CLIENT_CREATE_TASK_* states must do
            *        so too. */
 
+          if (openvas_is_user_observer (current_credentials.username))
+            {
+              request_delete_task (&create_task_data->task);
+              SEND_TO_CLIENT_OR_FAIL
+               (XML_ERROR_SYNTAX ("create_task",
+                                  "CREATE is forbidden for observer users"));
+              create_task_data_reset (create_task_data);
+              set_client_state (CLIENT_AUTHENTIC);
+              break;
+            }
+
           /* Get the task ID. */
 
           if (task_uuid (create_task_data->task, &tsk_uuid))



More information about the Openvas-commits mailing list