From 9535336fa01dfdb09ca1c851eafba9887b2ea48c Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 12 Jan 2026 16:32:25 +0200 Subject: [PATCH 1/2] Fix: remove stray headers manage_user_exists was removed in f74e5f149a59ef38b1f3d8bbb84792e314e8d6f1 manage_user_uuid was removed in f74e5f149a59ef38b1f3d8bbb84792e314e8d6f1 --- src/manage.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/manage.h b/src/manage.h index 7bf506a25..38ff958d6 100644 --- a/src/manage.h +++ b/src/manage.h @@ -3208,12 +3208,6 @@ manage_set_password (GSList *, const db_conn_info_t *, const gchar *, gchar * manage_user_hash (const gchar *); -gchar * -manage_user_uuid (const gchar *, auth_method_t); - -int -manage_user_exists (const gchar *, auth_method_t); - int copy_user (const char*, const char*, const char*, user_t*); From da6304d110845c3cda4b57566974ecec5547b55b Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 12 Jan 2026 17:29:55 +0200 Subject: [PATCH 2/2] Change: move add_users to dedicated users files --- src/manage.c | 17 --- src/manage_sql.c | 239 +--------------------------------------- src/manage_sql.h | 5 +- src/manage_sql_groups.c | 1 + src/manage_sql_roles.c | 1 + src/manage_sql_users.c | 231 ++++++++++++++++++++++++++++++++++++++ src/manage_sql_users.h | 19 ++++ src/manage_users.c | 17 +++ 8 files changed, 275 insertions(+), 255 deletions(-) diff --git a/src/manage.c b/src/manage.c index 9a1e4b1c9..68693c274 100644 --- a/src/manage.c +++ b/src/manage.c @@ -5558,23 +5558,6 @@ manage_read_info (gchar *type, gchar *uid, gchar *name, gchar **result) /* Users. */ -/** - * - * @brief Validates a username. - * - * @param[in] name The name. - * - * @return 0 if the username is valid, 1 if not. - */ -int -validate_username (const gchar * name) -{ - if (g_regex_match_simple ("^[[:alnum:]_.-]+$", name, 0, 0)) - return 0; - else - return 1; -} - /* Resource aggregates. */ diff --git a/src/manage_sql.c b/src/manage_sql.c index 7b9ebadbe..bd60f22bf 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -194,9 +194,6 @@ int delete_reports (task_t); int stop_task_internal (task_t); -int -validate_username (const gchar *); - /* Static headers. */ @@ -5666,35 +5663,12 @@ manage_user_hash (const gchar *username) return hash; } -/** - * @brief Get user uuid. - * - * @param[in] username User name. - * @param[in] method Authentication method. - * - * @return UUID. - */ -static gchar * -user_uuid_method (const gchar *username, auth_method_t method) -{ - gchar *uuid, *quoted_username, *quoted_method; - quoted_username = sql_quote (username); - quoted_method = sql_quote (auth_method_name (method)); - uuid = sql_string ("SELECT uuid FROM users" - " WHERE name = '%s' AND method = '%s';", - quoted_username, - quoted_method); - g_free (quoted_username); - g_free (quoted_method); - return uuid; -} - /** * @brief Check whether LDAP is enabled. * * @return 0 no, else yes. */ -static int +int ldap_auth_enabled () { if (gvm_auth_ldap_enabled ()) @@ -5709,7 +5683,7 @@ ldap_auth_enabled () * * @return 0 no, else yes. */ -static int +int radius_auth_enabled () { if (gvm_auth_radius_enabled ()) @@ -5719,54 +5693,6 @@ radius_auth_enabled () return 0; } - -/** - * @brief Check if user exists. - * - * @param[in] name User name. - * @param[in] method Auth method. - * - * @return 1 yes, 0 no. - */ -static int -user_exists_method (const gchar *name, auth_method_t method) -{ - gchar *quoted_name, *quoted_method; - int ret; - - quoted_name = sql_quote (name); - quoted_method = sql_quote (auth_method_name (method)); - ret = sql_int ("SELECT count (*) FROM users" - " WHERE name = '%s' AND method = '%s';", - quoted_name, - quoted_method); - g_free (quoted_name); - g_free (quoted_method); - - return ret; -} - -/** - * @brief Get user uuid, trying all authentication methods. - * - * @param[in] name User name. - * - * @return UUID. - */ -static gchar * -user_uuid_any_method (const gchar *name) -{ - if (ldap_auth_enabled () - && user_exists_method (name, AUTHENTICATION_METHOD_LDAP_CONNECT)) - return user_uuid_method (name, AUTHENTICATION_METHOD_LDAP_CONNECT); - if (radius_auth_enabled () - && user_exists_method (name, AUTHENTICATION_METHOD_RADIUS_CONNECT)) - return user_uuid_method (name, AUTHENTICATION_METHOD_RADIUS_CONNECT); - if (user_exists_method (name, AUTHENTICATION_METHOD_FILE)) - return user_uuid_method (name, AUTHENTICATION_METHOD_FILE); - return NULL; -} - /** * @brief Ensure the user exists in the database. * @@ -5817,25 +5743,6 @@ user_ensure_in_db (const gchar *name, const gchar *method) return 0; } -/** - * @brief Check if user exists. - * - * @param[in] name User name. - * - * @return 1 yes, 0 no. - */ -static int -user_exists (const gchar *name) -{ - if (ldap_auth_enabled () - && user_exists_method (name, AUTHENTICATION_METHOD_LDAP_CONNECT)) - return 1; - if (radius_auth_enabled () - && user_exists_method (name, AUTHENTICATION_METHOD_RADIUS_CONNECT)) - return 1; - return user_exists_method (name, AUTHENTICATION_METHOD_FILE); -} - /** * @brief Set credentials for authenticate. * @@ -37915,148 +37822,6 @@ manage_default_ca_cert () /* Users. */ -/** - * @brief Add users to a group or role. - * - * Caller must take care of transaction. - * - * @param[in] type Type. - * @param[in] resource Group or role. - * @param[in] users List of users. - * - * @return 0 success, 2 failed to find user, 4 user name validation failed, - * 99 permission denied, -1 error. - */ -int -add_users (const gchar *type, resource_t resource, const char *users) -{ - if (users) - { - gchar **split, **point; - GList *added; - - /* Add each user. */ - - added = NULL; - split = g_strsplit_set (users, " ,", 0); - point = split; - - while (*point) - { - user_t user; - gchar *name; - - name = *point; - - g_strstrip (name); - - if (strcmp (name, "") == 0) - { - point++; - continue; - } - - if (g_list_find_custom (added, name, (GCompareFunc) strcmp)) - { - point++; - continue; - } - - added = g_list_prepend (added, name); - - if (user_exists (name) == 0) - { - g_list_free (added); - g_strfreev (split); - return 2; - } - - if (find_user_by_name (name, &user)) - { - g_list_free (added); - g_strfreev (split); - return -1; - } - - if (user == 0) - { - gchar *uuid; - - if (validate_username (name)) - { - g_list_free (added); - g_strfreev (split); - return 4; - } - - uuid = user_uuid_any_method (name); - - if (uuid == NULL) - { - g_list_free (added); - g_strfreev (split); - return -1; - } - - if (sql_int ("SELECT count(*) FROM users WHERE uuid = '%s';", - uuid) - == 0) - { - gchar *quoted_name; - quoted_name = sql_quote (name); - sql ("INSERT INTO users" - " (uuid, name, creation_time, modification_time)" - " VALUES" - " ('%s', '%s', m_now (), m_now ());", - uuid, - quoted_name); - g_free (quoted_name); - - user = sql_last_insert_id (); - } - else - { - /* find_user_by_name should have found it. */ - assert (0); - g_free (uuid); - g_list_free (added); - g_strfreev (split); - return -1; - } - - g_free (uuid); - } - - if (find_user_by_name_with_permission (name, &user, "get_users")) - { - g_list_free (added); - g_strfreev (split); - return -1; - } - - if (user == 0) - { - g_list_free (added); - g_strfreev (split); - return 99; - } - - sql ("INSERT INTO %s_users (\"%s\", \"user\") VALUES (%llu, %llu);", - type, - type, - resource, - user); - - point++; - } - - g_list_free (added); - g_strfreev (split); - } - - return 0; -} - /** * @brief Create the given user. * diff --git a/src/manage_sql.h b/src/manage_sql.h index 7d8229e02..0110a1874 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -605,6 +605,9 @@ int vector_find_filter (const gchar **, const gchar *); int -add_users (const gchar *, resource_t, const char *); +ldap_auth_enabled (); + +int +radius_auth_enabled (); #endif /* not _GVMD_MANAGE_SQL_H */ diff --git a/src/manage_sql_groups.c b/src/manage_sql_groups.c index 0312cb3c0..a5d2e7e33 100644 --- a/src/manage_sql_groups.c +++ b/src/manage_sql_groups.c @@ -7,6 +7,7 @@ #include "manage_sql_groups.h" #include "manage_acl.h" #include "manage_sql.h" +#include "manage_sql_users.h" #include "sql.h" /** diff --git a/src/manage_sql_roles.c b/src/manage_sql_roles.c index d890f3654..7977d0584 100644 --- a/src/manage_sql_roles.c +++ b/src/manage_sql_roles.c @@ -7,6 +7,7 @@ #include "manage_sql_roles.h" #include "manage_acl.h" #include "manage_sql.h" +#include "manage_sql_users.h" #include "sql.h" /** diff --git a/src/manage_sql_users.c b/src/manage_sql_users.c index f0ee0ea0b..a85ce6f6c 100644 --- a/src/manage_sql_users.c +++ b/src/manage_sql_users.c @@ -348,3 +348,234 @@ find_user_by_name (const char* name, user_t *user) { return find_resource_by_name ("user", name, user); } + +/** + * @brief Check if user exists. + * + * @param[in] name User name. + * @param[in] method Auth method. + * + * @return 1 yes, 0 no. + */ +int +user_exists_method (const gchar *name, auth_method_t method) +{ + gchar *quoted_name, *quoted_method; + int ret; + + quoted_name = sql_quote (name); + quoted_method = sql_quote (auth_method_name (method)); + ret = sql_int ("SELECT count (*) FROM users" + " WHERE name = '%s' AND method = '%s';", + quoted_name, + quoted_method); + g_free (quoted_name); + g_free (quoted_method); + + return ret; +} + +/** + * @brief Check if user exists. + * + * @param[in] name User name. + * + * @return 1 yes, 0 no. + */ +int +user_exists (const gchar *name) +{ + if (ldap_auth_enabled () + && user_exists_method (name, AUTHENTICATION_METHOD_LDAP_CONNECT)) + return 1; + if (radius_auth_enabled () + && user_exists_method (name, AUTHENTICATION_METHOD_RADIUS_CONNECT)) + return 1; + return user_exists_method (name, AUTHENTICATION_METHOD_FILE); +} + +/** + * @brief Get user uuid. + * + * @param[in] username User name. + * @param[in] method Authentication method. + * + * @return UUID. + */ +static gchar * +user_uuid_method (const gchar *username, auth_method_t method) +{ + gchar *uuid, *quoted_username, *quoted_method; + quoted_username = sql_quote (username); + quoted_method = sql_quote (auth_method_name (method)); + uuid = sql_string ("SELECT uuid FROM users" + " WHERE name = '%s' AND method = '%s';", + quoted_username, + quoted_method); + g_free (quoted_username); + g_free (quoted_method); + return uuid; +} + +/** + * @brief Get user uuid, trying all authentication methods. + * + * @param[in] name User name. + * + * @return UUID. + */ +gchar * +user_uuid_any_method (const gchar *name) +{ + if (ldap_auth_enabled () + && user_exists_method (name, AUTHENTICATION_METHOD_LDAP_CONNECT)) + return user_uuid_method (name, AUTHENTICATION_METHOD_LDAP_CONNECT); + if (radius_auth_enabled () + && user_exists_method (name, AUTHENTICATION_METHOD_RADIUS_CONNECT)) + return user_uuid_method (name, AUTHENTICATION_METHOD_RADIUS_CONNECT); + if (user_exists_method (name, AUTHENTICATION_METHOD_FILE)) + return user_uuid_method (name, AUTHENTICATION_METHOD_FILE); + return NULL; +} + +/** + * @brief Add users to a group or role. + * + * Caller must take care of transaction. + * + * @param[in] type Type. + * @param[in] resource Group or role. + * @param[in] users List of users. + * + * @return 0 success, 2 failed to find user, 4 user name validation failed, + * 99 permission denied, -1 error. + */ +int +add_users (const gchar *type, resource_t resource, const char *users) +{ + if (users) + { + gchar **split, **point; + GList *added; + + /* Add each user. */ + + added = NULL; + split = g_strsplit_set (users, " ,", 0); + point = split; + + while (*point) + { + user_t user; + gchar *name; + + name = *point; + + g_strstrip (name); + + if (strcmp (name, "") == 0) + { + point++; + continue; + } + + if (g_list_find_custom (added, name, (GCompareFunc) strcmp)) + { + point++; + continue; + } + + added = g_list_prepend (added, name); + + if (user_exists (name) == 0) + { + g_list_free (added); + g_strfreev (split); + return 2; + } + + if (find_user_by_name (name, &user)) + { + g_list_free (added); + g_strfreev (split); + return -1; + } + + if (user == 0) + { + gchar *uuid; + + if (validate_username (name)) + { + g_list_free (added); + g_strfreev (split); + return 4; + } + + uuid = user_uuid_any_method (name); + + if (uuid == NULL) + { + g_list_free (added); + g_strfreev (split); + return -1; + } + + if (sql_int ("SELECT count(*) FROM users WHERE uuid = '%s';", + uuid) + == 0) + { + gchar *quoted_name; + quoted_name = sql_quote (name); + sql ("INSERT INTO users" + " (uuid, name, creation_time, modification_time)" + " VALUES" + " ('%s', '%s', m_now (), m_now ());", + uuid, + quoted_name); + g_free (quoted_name); + + user = sql_last_insert_id (); + } + else + { + /* find_user_by_name should have found it. */ + assert (0); + g_free (uuid); + g_list_free (added); + g_strfreev (split); + return -1; + } + + g_free (uuid); + } + + if (find_user_by_name_with_permission (name, &user, "get_users")) + { + g_list_free (added); + g_strfreev (split); + return -1; + } + + if (user == 0) + { + g_list_free (added); + g_strfreev (split); + return 99; + } + + sql ("INSERT INTO %s_users (\"%s\", \"user\") VALUES (%llu, %llu);", + type, + type, + resource, + user); + + point++; + } + + g_list_free (added); + g_strfreev (split); + } + + return 0; +} diff --git a/src/manage_sql_users.h b/src/manage_sql_users.h index 1b5a4a324..7a75f0a12 100644 --- a/src/manage_sql_users.h +++ b/src/manage_sql_users.h @@ -6,6 +6,8 @@ #ifndef _GVMD_MANAGE_SQL_USERS_H #define _GVMD_MANAGE_SQL_USERS_H +#include + /** * @brief User columns for user iterator. */ @@ -69,4 +71,21 @@ find_user_by_name_with_permission (const char *, user_t *, const char *); gboolean find_user_by_name (const char *, user_t *); +int +user_exists (const gchar *); + +int +user_exists_method (const gchar *, auth_method_t); + +gchar * +user_uuid_any_method (const gchar *); + +int +add_users (const gchar *, resource_t, const char *); + +/* Defined in manage_users.c, but internal to libmanage. */ + +int +validate_username (const gchar *); + #endif //_GVMD_MANAGE_SQL_USERS_H diff --git a/src/manage_users.c b/src/manage_users.c index 66d9aa0b6..e4edf6a42 100644 --- a/src/manage_users.c +++ b/src/manage_users.c @@ -62,3 +62,20 @@ trash_user_writable (user_t user) { return 1; } + +/** + * + * @brief Validates a username. + * + * @param[in] name The name. + * + * @return 0 if the username is valid, 1 if not. + */ +int +validate_username (const gchar *name) +{ + if (g_regex_match_simple ("^[[:alnum:]_.-]+$", name, 0, 0)) + return 0; + else + return 1; +}