diff --git a/src/gmp.c b/src/gmp.c index 5c7d7a2fc..27b91bcec 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -103,6 +103,7 @@ #include "manage_port_lists.h" #include "manage_report_configs.h" #include "manage_report_formats.h" +#include "manage_resources.h" #include "manage_roles.h" #include "manage_runtime_flags.h" #include "manage_tls_certificates.h" diff --git a/src/manage.h b/src/manage.h index 6da87c484..fbd271126 100644 --- a/src/manage.h +++ b/src/manage.h @@ -386,9 +386,6 @@ get_scanner_type_by_uuid (const char *); /* Resources. */ -int -resource_count (const char *, const get_data_t *); - int resource_id_exists (const char *, const char *); @@ -398,12 +395,6 @@ trash_id_exists (const char *, const char *); int delete_resource (const char *, const char *, int); -int -resource_id_deprecated (const char *, const char *); - -void -set_resource_id_deprecated (const char *, const char *, gboolean); - /* Events and Alerts. */ diff --git a/src/manage_agent_common.h b/src/manage_agent_common.h index f020c414e..4416f384d 100644 --- a/src/manage_agent_common.h +++ b/src/manage_agent_common.h @@ -17,7 +17,7 @@ #include "iterator.h" #include "manage_get.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include "manage_utils.h" #include diff --git a/src/manage_agent_groups.h b/src/manage_agent_groups.h index c4132bda3..2373c5705 100644 --- a/src/manage_agent_groups.h +++ b/src/manage_agent_groups.h @@ -20,7 +20,7 @@ #include "iterator.h" #include "manage_agent_common.h" #include "manage_get.h" -#include "manage_resources.h" +#include "manage_resources_types.h" /** * @brief Represents an agent group and its metadata. diff --git a/src/manage_agent_installers.h b/src/manage_agent_installers.h index bc76aa379..1caa8287c 100644 --- a/src/manage_agent_installers.h +++ b/src/manage_agent_installers.h @@ -15,7 +15,7 @@ #ifndef _GVMD_MANAGE_AGENT_INSTALLERS_H #define _GVMD_MANAGE_AGENT_INSTALLERS_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include "iterator.h" #include "gmp_get.h" #include diff --git a/src/manage_alerts.h b/src/manage_alerts.h index 62946c6e0..a8e1ddd01 100644 --- a/src/manage_alerts.h +++ b/src/manage_alerts.h @@ -6,7 +6,7 @@ #ifndef _GVMD_MANAGE_ALERTS_H #define _GVMD_MANAGE_ALERTS_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include "manage_events.h" #include "manage_get.h" #include "manage_tasks.h" diff --git a/src/manage_configs.h b/src/manage_configs.h index 631a6d686..68431409a 100644 --- a/src/manage_configs.h +++ b/src/manage_configs.h @@ -6,7 +6,7 @@ #ifndef _GVMD_MANAGE_CONFIGS_H #define _GVMD_MANAGE_CONFIGS_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include "manage_get.h" #include "manage_preferences.h" diff --git a/src/manage_container_image_scanner.h b/src/manage_container_image_scanner.h index ec33294db..edba5e237 100644 --- a/src/manage_container_image_scanner.h +++ b/src/manage_container_image_scanner.h @@ -15,7 +15,7 @@ #ifndef _GVMD_MANAGE_CONTAINER_IMAGE_SCANNER_H #define _GVMD_MANAGE_CONTAINER_IMAGE_SCANNER_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include http_scanner_connector_t diff --git a/src/manage_credential_stores.h b/src/manage_credential_stores.h index a06c0fb49..70c6a73a9 100644 --- a/src/manage_credential_stores.h +++ b/src/manage_credential_stores.h @@ -14,7 +14,7 @@ #define _GVMD_MANAGE_CREDENTIAL_STORES_H #include "manage_get.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include /** diff --git a/src/manage_filter_utils.h b/src/manage_filter_utils.h index d8c4bba25..cb1e680a9 100644 --- a/src/manage_filter_utils.h +++ b/src/manage_filter_utils.h @@ -13,7 +13,7 @@ #ifndef _GVMD_MANAGE_FILTER_UTILS_H #define _GVMD_MANAGE_FILTER_UTILS_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include /** diff --git a/src/manage_filters.h b/src/manage_filters.h index ecd01cbff..63ac36095 100644 --- a/src/manage_filters.h +++ b/src/manage_filters.h @@ -7,7 +7,7 @@ #define _GVMD_MANAGE_FILTERS_H #include "gmp_get.h" -#include "manage_resources.h" +#include "manage_resources_types.h" /** * @brief filt_id value to use term or built-in default filter. diff --git a/src/manage_get.h b/src/manage_get.h index d5ffbe31c..7e0c45086 100644 --- a/src/manage_get.h +++ b/src/manage_get.h @@ -12,7 +12,7 @@ #define _GVMD_MANAGE_GET_H #include "iterator.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include "manage_filter_utils.h" #include diff --git a/src/manage_groups.h b/src/manage_groups.h index 85ca6889a..6fcffaf39 100644 --- a/src/manage_groups.h +++ b/src/manage_groups.h @@ -7,7 +7,7 @@ #define _GVMD_MANAGE_GROUPS_H #include "manage_get.h" -#include "manage_resources.h" +#include "manage_resources_types.h" char* group_uuid (group_t); diff --git a/src/manage_http_scanner.h b/src/manage_http_scanner.h index a51976a16..19125b711 100644 --- a/src/manage_http_scanner.h +++ b/src/manage_http_scanner.h @@ -15,7 +15,7 @@ #ifndef _GVMD_MANAGE_HTTP_SCANNER_H #define _GVMD_MANAGE_HTTP_SCANNER_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include diff --git a/src/manage_openvas.h b/src/manage_openvas.h index af5ccc836..6ec80aba7 100644 --- a/src/manage_openvas.h +++ b/src/manage_openvas.h @@ -15,7 +15,7 @@ #include #include -#include "manage_resources.h" +#include "manage_resources_types.h" #if ENABLE_CREDENTIAL_STORES #include "manage_credential_store_cyberark.h" #endif diff --git a/src/manage_osp.h b/src/manage_osp.h index 971f71bb9..ab9611a70 100644 --- a/src/manage_osp.h +++ b/src/manage_osp.h @@ -14,7 +14,7 @@ #include #include #include "manage_openvas.h" -#include "manage_resources.h" +#include "manage_resources_types.h" /** * @brief Connection data. diff --git a/src/manage_permissions.h b/src/manage_permissions.h index 4b013fc77..4efd4d07b 100644 --- a/src/manage_permissions.h +++ b/src/manage_permissions.h @@ -6,7 +6,7 @@ #ifndef _GVMD_MANAGE_PERMISSIONS_H #define _GVMD_MANAGE_PERMISSIONS_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include "gmp_get.h" int diff --git a/src/manage_port_lists.h b/src/manage_port_lists.h index f3db3350f..5f1fefaac 100644 --- a/src/manage_port_lists.h +++ b/src/manage_port_lists.h @@ -6,7 +6,7 @@ #ifndef _GVMD_MANAGE_PORT_LISTS_H #define _GVMD_MANAGE_PORT_LISTS_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include "gmp_get.h" #include diff --git a/src/manage_report_configs.h b/src/manage_report_configs.h index e2dcfc3d1..9699b8569 100644 --- a/src/manage_report_configs.h +++ b/src/manage_report_configs.h @@ -14,7 +14,7 @@ #define _GVMD_MANAGE_REPORT_CONFIGS_H #include "manage_report_formats.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include diff --git a/src/manage_report_formats.h b/src/manage_report_formats.h index 2d0b6c8a3..523eb910d 100644 --- a/src/manage_report_formats.h +++ b/src/manage_report_formats.h @@ -6,7 +6,7 @@ #ifndef _GVMD_MANAGE_REPORT_FORMATS_H #define _GVMD_MANAGE_REPORT_FORMATS_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include "gmp_get.h" #include diff --git a/src/manage_resources.h b/src/manage_resources.h index f898755b1..381e0f39f 100644 --- a/src/manage_resources.h +++ b/src/manage_resources.h @@ -13,47 +13,9 @@ #ifndef _GVMD_MANAGE_RESOURCES_H #define _GVMD_MANAGE_RESOURCES_H +#include "manage_resources_types.h" #include "iterator.h" - - -/* Resource types */ -#if ENABLE_AGENTS -typedef resource_t agent_t; -typedef resource_t agent_group_t; -typedef resource_t agent_installer_t; -#endif -typedef resource_t alert_t; -typedef resource_t asset_snapshot_t; -typedef resource_t config_t; -typedef resource_t credential_store_t; -typedef resource_t credential_t; -typedef resource_t filter_t; -typedef resource_t group_t; -typedef resource_t host_t; -typedef resource_t note_t; -typedef resource_t nvt_t; -typedef resource_t oci_image_target_t; -typedef resource_t override_t; -typedef resource_t permission_t; -typedef resource_t port_list_t; -typedef resource_t port_range_t; -typedef resource_t report_config_param_t; -typedef resource_t report_config_t; -typedef resource_t report_format_param_t; -typedef resource_t report_format_t; -typedef resource_t report_host_t; -typedef resource_t report_t; -typedef resource_t result_t; -typedef resource_t role_t; -typedef resource_t scanner_t; -typedef resource_t schedule_t; -typedef resource_t setting_t; -typedef resource_t tag_t; -typedef resource_t target_t; -typedef resource_t task_t; -typedef resource_t ticket_t; -typedef resource_t tls_certificate_t; -typedef resource_t user_t; +#include "manage_get.h" /* Resource type information. */ @@ -115,10 +77,19 @@ secinfo_type_is_scap (const char*); /* Everything else. */ +int +resource_count (const char *, const get_data_t *); + int manage_resource_name (const char *, const char *, char **); int manage_trash_resource_name (const char *, const char *, char **); +int +resource_id_deprecated (const char *, const char *); + +void +set_resource_id_deprecated (const char *, const char *, gboolean); + #endif /* not _GVMD_MANAGE_RESOURCES_H */ diff --git a/src/manage_resources_types.h b/src/manage_resources_types.h new file mode 100644 index 000000000..ae19df3a5 --- /dev/null +++ b/src/manage_resources_types.h @@ -0,0 +1,56 @@ +/* Copyright (C) 2025 Greenbone AG + * + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +/** + * @file + * @brief GVM management layer: Generic resource type handling headers. + * + * Non-SQL generic resource type handling headers for the GVM management layer. + */ + +#ifndef _GVMD_MANAGE_RESOURCES_TYPES_H +#define _GVMD_MANAGE_RESOURCES_TYPES_H + +#include "iterator.h" + +#if ENABLE_AGENTS +typedef resource_t agent_t; +typedef resource_t agent_group_t; +typedef resource_t agent_installer_t; +#endif +typedef resource_t alert_t; +typedef resource_t asset_snapshot_t; +typedef resource_t config_t; +typedef resource_t credential_store_t; +typedef resource_t credential_t; +typedef resource_t filter_t; +typedef resource_t group_t; +typedef resource_t host_t; +typedef resource_t note_t; +typedef resource_t nvt_t; +typedef resource_t oci_image_target_t; +typedef resource_t override_t; +typedef resource_t permission_t; +typedef resource_t port_list_t; +typedef resource_t port_range_t; +typedef resource_t report_config_param_t; +typedef resource_t report_config_t; +typedef resource_t report_format_param_t; +typedef resource_t report_format_t; +typedef resource_t report_host_t; +typedef resource_t report_t; +typedef resource_t result_t; +typedef resource_t role_t; +typedef resource_t scanner_t; +typedef resource_t schedule_t; +typedef resource_t setting_t; +typedef resource_t tag_t; +typedef resource_t target_t; +typedef resource_t task_t; +typedef resource_t ticket_t; +typedef resource_t tls_certificate_t; +typedef resource_t user_t; + +#endif /* not _GVMD_MANAGE_RESOURCES_TYPES_H */ diff --git a/src/manage_roles.h b/src/manage_roles.h index 5e442b60a..bfb37d313 100644 --- a/src/manage_roles.h +++ b/src/manage_roles.h @@ -7,7 +7,7 @@ #define _GVMD_MANAGE_ROLES_H #include "manage_get.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include "sql.h" // Sadly, for db_conn_info_t int diff --git a/src/manage_scan_queue.h b/src/manage_scan_queue.h index 132c16488..5b9974716 100644 --- a/src/manage_scan_queue.h +++ b/src/manage_scan_queue.h @@ -12,7 +12,7 @@ #define _GVMD_MANAGE_SCAN_QUEUE_H #include -#include "manage_resources.h" +#include "manage_resources_types.h" /** * @brief Default maximum number of active scan handlers diff --git a/src/manage_sql.c b/src/manage_sql.c index 78b9ecdd1..1dddda3aa 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -218,15 +218,6 @@ report_counts_id_full (report_t, int *, int *, int *, int *, int *, int *, double *, const get_data_t*, const char* , int *, int *, int *, int *, int *, int *, double *); -static gchar* -vulns_extra_where (int); - -static gchar* -vuln_iterator_opts_from_filter (const gchar *); - -static gchar* -vuln_iterator_extra_with_from_filter (const gchar *); - static gboolean find_trash_task (const char*, task_t*); @@ -236,9 +227,6 @@ find_trash_report_with_permission (const char *, report_t *, const char *); static int cleanup_schedule_times (); -static gchar * -reports_extra_where (int, const gchar *, const char *); - static int set_credential_data (credential_t, const char*, const char*); @@ -739,305 +727,7 @@ column_array_set (column_t *columns, const gchar *filter, gchar *select) } -/* Resources. */ - -/** - * @brief Create a resource from an existing resource. - * - * @param[in] type Type of resource. - * @param[in] name Name of new resource. NULL to copy from existing. - * @param[in] comment Comment on new resource. NULL to copy from existing. - * @param[in] resource_id UUID of existing resource. - * @param[in] columns Extra columns in resource. - * @param[in] make_name_unique When name NULL, whether to make existing name - * unique. - * @param[out] new_resource Address for new resource, or NULL. - * @param[out] old_resource Address for existing resource, or NULL. - * - * @return 0 success, 1 resource exists already, 2 failed to find existing - * resource, 99 permission denied, -1 error. - */ -int -copy_resource_lock (const char *type, const char *name, const char *comment, - const char *resource_id, const char *columns, - int make_name_unique, resource_t* new_resource, - resource_t *old_resource) -{ - gchar *quoted_name, *quoted_uuid, *uniquify, *command; - int named, globally_unique; - user_t owner; - resource_t resource; - resource_t new; - int ret = -1; - - if (resource_id == NULL) - return -1; - - command = g_strdup_printf ("create_%s", type); - if (acl_user_may (command) == 0) - { - g_free (command); - return 99; - } - g_free (command); - - command = g_strdup_printf ("get_%ss", type); - if (find_resource_with_permission (type, resource_id, &resource, command, 0)) - { - g_free (command); - return -1; - } - g_free (command); - - if (resource == 0) - return 2; - - if (find_user_by_name (current_credentials.username, &owner) - || owner == 0) - { - return -1; - } - - if (strcmp (type, "permission") == 0) - { - resource_t perm_resource; - perm_resource = permission_resource (resource); - if ((perm_resource == 0) - && (acl_user_can_everything (current_credentials.uuid) == 0)) - /* Only admins can copy permissions that apply to whole commands. */ - return 99; - } - - named = type_named (type); - globally_unique = type_globally_unique (type); - - if (named && name && *name && resource_with_name_exists (name, type, 0)) - return 1; - - if ((strcmp (type, "tls_certificate") == 0) - && user_has_tls_certificate (resource, owner)) - return 1; - - if (name && *name) - quoted_name = sql_quote (name); - else - quoted_name = NULL; - quoted_uuid = sql_quote (resource_id); - - /* Copy the existing resource. */ - - if (globally_unique && make_name_unique) - uniquify = g_strdup_printf ("uniquify ('%s', name, NULL, '%cClone')", - type, - strcmp (type, "user") ? ' ' : '_'); - else if (make_name_unique) - uniquify = g_strdup_printf ("uniquify ('%s', name, %llu, ' Clone')", - type, - owner); - else - uniquify = g_strdup ("name"); - if (named && comment && strlen (comment)) - { - gchar *quoted_comment; - quoted_comment = sql_nquote (comment, strlen (comment)); - ret = sql_error ("INSERT INTO %ss" - " (uuid, owner, name, comment," - " creation_time, modification_time%s%s)" - " SELECT make_uuid ()," - " (SELECT id FROM users" - " where users.uuid = '%s')," - " %s%s%s, '%s', m_now (), m_now ()%s%s" - " FROM %ss WHERE uuid = '%s';", - type, - columns ? ", " : "", - columns ? columns : "", - current_credentials.uuid, - quoted_name ? "'" : "", - quoted_name ? quoted_name : uniquify, - quoted_name ? "'" : "", - quoted_comment, - columns ? ", " : "", - columns ? columns : "", - type, - quoted_uuid); - g_free (quoted_comment); - } - else if (named) - ret = sql_error ("INSERT INTO %ss" - " (uuid, owner, name%s," - " creation_time, modification_time%s%s)" - " SELECT make_uuid ()," - " (SELECT id FROM users where users.uuid = '%s')," - " %s%s%s%s, m_now (), m_now ()%s%s" - " FROM %ss WHERE uuid = '%s';", - type, - type_has_comment (type) ? ", comment" : "", - columns ? ", " : "", - columns ? columns : "", - current_credentials.uuid, - quoted_name ? "'" : "", - quoted_name ? quoted_name : uniquify, - quoted_name ? "'" : "", - type_has_comment (type) ? ", comment" : "", - columns ? ", " : "", - columns ? columns : "", - type, - quoted_uuid); - else - ret = sql_error ("INSERT INTO %ss" - " (uuid, owner, creation_time, modification_time%s%s)" - " SELECT make_uuid ()," - " (SELECT id FROM users where users.uuid = '%s')," - " m_now (), m_now ()%s%s" - " FROM %ss WHERE uuid = '%s';", - type, - columns ? ", " : "", - columns ? columns : "", - current_credentials.uuid, - columns ? ", " : "", - columns ? columns : "", - type, - quoted_uuid); - - if (ret == 3) - { - g_free (quoted_uuid); - g_free (quoted_name); - g_free (uniquify); - return 1; - } - else if (ret) - { - g_free (quoted_uuid); - g_free (quoted_name); - g_free (uniquify); - return -1; - } - - new = sql_last_insert_id (); - - /* Copy attached tags */ - sql ("INSERT INTO tag_resources" - " (tag, resource_type, resource, resource_uuid, resource_location)" - " SELECT tag, resource_type, %llu," - " (SELECT uuid FROM %ss WHERE id = %llu)," - " resource_location" - " FROM tag_resources" - " WHERE resource_type = '%s' AND resource = %llu" - " AND resource_location = " G_STRINGIFY (LOCATION_TABLE) ";", - new, - type, new, - type, resource); - - if (new_resource) - *new_resource = new; - - if (old_resource) - *old_resource = resource; - - g_free (quoted_uuid); - g_free (quoted_name); - g_free (uniquify); - if (sql_last_insert_id () == 0) - return -1; - return 0; -} - -/** - * @brief Create a resource from an existing resource. - * - * @param[in] type Type of resource. - * @param[in] name Name of new resource. NULL to copy from existing. - * @param[in] comment Comment on new resource. NULL to copy from existing. - * @param[in] resource_id UUID of existing resource. - * @param[in] columns Extra columns in resource. - * @param[in] make_name_unique When name NULL, whether to make existing name - * unique. - * @param[out] new_resource New resource. - * @param[out] old_resource Address for existing resource, or NULL. - * - * @return 0 success, 1 resource exists already, 2 failed to find existing - * resource, 99 permission denied, -1 error. - */ -int -copy_resource (const char *type, const char *name, const char *comment, - const char *resource_id, const char *columns, - int make_name_unique, resource_t* new_resource, - resource_t *old_resource) -{ - int ret; - - assert (current_credentials.uuid); - - sql_begin_immediate (); - - ret = copy_resource_lock (type, name, comment, resource_id, columns, - make_name_unique, new_resource, old_resource); - - if (ret) - sql_rollback (); - else - sql_commit (); - - return ret; -} - -/** - * @brief Check if a resource has been marked as deprecated. - * - * @param[in] type Resource type. - * @param[in] resource_id UUID of the resource. - * - * @return 1 if deprecated, else 0. - */ -int -resource_id_deprecated (const char *type, const char *resource_id) -{ - int ret; - gchar *quoted_type = sql_quote (type); - gchar *quoted_uuid = sql_quote (resource_id); - - ret = sql_int ("SELECT count(*) FROM deprecated_feed_data" - " WHERE type = '%s' AND uuid = '%s';", - quoted_type, quoted_uuid); - - g_free (quoted_type); - g_free (quoted_uuid); - - return ret != 0; -} - -/** - * @brief Mark whether resource is deprecated. - * - * @param[in] type Resource type. - * @param[in] resource_id UUID of the resource. - * @param[in] deprecated Whether the resource is deprecated. - */ -void -set_resource_id_deprecated (const char *type, const char *resource_id, - gboolean deprecated) -{ - gchar *quoted_type = sql_quote (type); - gchar *quoted_uuid = sql_quote (resource_id); - - if (deprecated) - { - sql ("INSERT INTO deprecated_feed_data (type, uuid, modification_time)" - " VALUES ('%s', '%s', m_now ())" - " ON CONFLICT (uuid, type)" - " DO UPDATE SET modification_time = m_now ()", - quoted_type, quoted_uuid); - } - else - { - sql ("DELETE FROM deprecated_feed_data" - " WHERE type = '%s' AND uuid = '%s'", - quoted_type, quoted_uuid); - } - g_free (quoted_type); - g_free (quoted_uuid); -} +/* GET iterators. */ /** * @brief Initialise a GET iterator, including observed resources. @@ -2166,6 +1856,7 @@ info_name_count (const char *type, const char *name) } +/* Versions. */ /** * @brief Return the database version supported by this manager. @@ -2291,6 +1982,8 @@ set_db_version (int version) } +/* Encryption. */ + /** * @brief Encrypt, re-encrypt or decrypt all credentials * @@ -2767,7 +2460,7 @@ DEF_ACCESS (task_role_iterator_uuid, 4); * * @return Newly allocated where clause string. */ -static gchar * +gchar * tasks_extra_where (int trash, const char *usage_type) { gchar *extra_where = NULL; @@ -5681,80 +5374,6 @@ logout_user () manage_reset_currents (); } -/** - * @brief Return number of resources of a certain type for current user. - * - * @param[in] type Type. - * @param[in] get GET params. - * - * @return The number of resources associated with the current user. - */ -int -resource_count (const char *type, const get_data_t *get) -{ - static const char *filter_columns[] = { "owner", NULL }; - static column_t select_columns[] = {{ "owner", NULL }, { NULL, NULL }}; - get_data_t count_get; - gchar *extra_where, *extra_with, *extra_tables; - int rc; - - memset (&count_get, '\0', sizeof (count_get)); - count_get.trash = get->trash; - if (type_owned (type)) - count_get.filter = "rows=-1 first=1 permission=any owner=any min_qod=0"; - else - count_get.filter = "rows=-1 first=1 permission=any min_qod=0"; - - extra_with = extra_tables = NULL; - - if (strcasecmp (type, "config") == 0) - { - const gchar *usage_type = get_data_get_extra (get, "usage_type"); - extra_where = configs_extra_where (usage_type); - } - else if (strcmp (type, "task") == 0) - { - const gchar *usage_type = get_data_get_extra (get, "usage_type"); - extra_where = tasks_extra_where (get->trash, usage_type); - } - else if (strcmp (type, "report") == 0) - { - const gchar *usage_type = get_data_get_extra (get, "usage_type"); - extra_where = reports_extra_where (0, NULL, usage_type); - } - else if (strcmp (type, "result") == 0) - { - extra_where - = g_strdup (" AND (severity != " G_STRINGIFY (SEVERITY_ERROR) ")"); - } - else if (strcmp (type, "vuln") == 0) - { - extra_where = vulns_extra_where (filter_term_min_qod (count_get.filter)); - extra_with = vuln_iterator_extra_with_from_filter (count_get.filter); - extra_tables = vuln_iterator_opts_from_filter (count_get.filter); - } - else - extra_where = NULL; - - rc = count2 (get->subtype ? get->subtype : type, - &count_get, - type_owned (type) ? select_columns : NULL, - type_owned (type) ? select_columns : NULL, - NULL, - NULL, - type_owned (type) ? filter_columns : NULL, - 0, - extra_tables, - extra_where, - extra_with, - type_owned (type)); - - g_free (extra_where); - g_free (extra_with); - g_free (extra_tables); - return rc; -} - /** * @brief Return the number of tasks associated with the current user. * @@ -10560,7 +10179,7 @@ where_compliance_status (const char *compliance) * * @return Newly allocated where clause string. */ -static gchar * +gchar * reports_extra_where (int trash, const gchar *filter, const char *usage_type) { @@ -35565,7 +35184,7 @@ vuln_iterator_extra_with (const gchar *task_id, const gchar *report_id, * * @return Newly allocated string with the extra_with clause. */ -static gchar* +gchar* vuln_iterator_extra_with_from_filter (const gchar *filter) { gchar *task_id, *report_id, *host; @@ -35653,7 +35272,7 @@ vuln_iterator_opts_table (const gchar *task_id, const gchar *report_id, * * @return Newly allocated string with the extra_tables clause. */ -static gchar* +gchar* vuln_iterator_opts_from_filter (const gchar *filter) { gchar *task_id, *report_id, *host; @@ -35905,7 +35524,7 @@ vuln_count (const get_data_t *get) * * @return WHERE clause. */ -static gchar* +gchar* vulns_extra_where (int min_qod) { return g_strdup_printf (" AND (vulns.qod >= %d)", diff --git a/src/manage_sql.h b/src/manage_sql.h index 0a2879342..c6ad2ab0a 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -439,6 +439,21 @@ task_second_last_report (task_t, report_t *); double task_severity_double (task_t, int, int, int); +gchar * +tasks_extra_where (int, const char *); + +gchar * +reports_extra_where (int, const gchar *, const char *); + +gchar* +vulns_extra_where (int); + +gchar * +vuln_iterator_extra_with_from_filter (const gchar *); + +gchar* +vuln_iterator_opts_from_filter (const gchar *); + gboolean find_trash (const char *, const char *, resource_t *); @@ -451,10 +466,6 @@ tags_set_locations (const char *, resource_t, resource_t, int); void init_user_task_iterator (iterator_t *, int, int); -int -copy_resource (const char *, const char *, const char *, const char *, - const char *, int, resource_t *, resource_t *); - gboolean resource_with_name_exists (const char *, const char *, resource_t); @@ -470,10 +481,6 @@ int create_permission_no_acl (const char *, const char *, const char *, const char *, const char *, const char *, permission_t *); -int -copy_resource_lock (const char *, const char *, const char *, const char *, - const char *, int, resource_t *, resource_t *); - nvti_t * lookup_nvti (const gchar *); diff --git a/src/manage_sql_assets.h b/src/manage_sql_assets.h index fe29a4463..3fc74e549 100644 --- a/src/manage_sql_assets.h +++ b/src/manage_sql_assets.h @@ -7,7 +7,7 @@ #define _GVMD_MANAGE_SQL_ASSETS_H #include "manage_assets.h" -#include "manage_resources.h" +#include "manage_resources_types.h" /** * @file diff --git a/src/manage_sql_nvts_openvasd.h b/src/manage_sql_nvts_openvasd.h index 5cb18a1fd..cbfbb8141 100644 --- a/src/manage_sql_nvts_openvasd.h +++ b/src/manage_sql_nvts_openvasd.h @@ -13,7 +13,7 @@ #include "manage_nvts_openvasd.h" #include "manage_sql_nvts_common.h" -#include "manage_resources.h" +#include "manage_resources_types.h" int update_or_rebuild_nvts_openvasd (int update); diff --git a/src/manage_sql_oci_image_targets.c b/src/manage_sql_oci_image_targets.c index e3689e24e..aef1b80d1 100644 --- a/src/manage_sql_oci_image_targets.c +++ b/src/manage_sql_oci_image_targets.c @@ -9,6 +9,7 @@ #include "manage_sql_oci_image_targets.h" #include "manage_acl.h" #include "manage_sql_permissions.h" +#include "manage_sql_resources.h" #include "sql.h" #include "utils.h" diff --git a/src/manage_sql_permissions.h b/src/manage_sql_permissions.h index ac92893d7..5f3bb6f10 100644 --- a/src/manage_sql_permissions.h +++ b/src/manage_sql_permissions.h @@ -7,7 +7,7 @@ #define _GVMD_MANAGE_SQL_PERMISSIONS_H #include "manage_permissions.h" -#include "manage_resources.h" +#include "manage_resources_types.h" /** * @brief Predefined role UUID. diff --git a/src/manage_sql_permissions_cache.h b/src/manage_sql_permissions_cache.h index 4d97dbb3b..4fe67dacf 100644 --- a/src/manage_sql_permissions_cache.h +++ b/src/manage_sql_permissions_cache.h @@ -6,7 +6,7 @@ #ifndef _GVMD_MANAGE_SQL_PERMISSIONS_CACHE_H #define _GVMD_MANAGE_SQL_PERMISSIONS_CACHE_H -#include "manage_resources.h" +#include "manage_resources_types.h" void cache_permissions_for_resource (const char *, resource_t, GArray *); diff --git a/src/manage_sql_report_configs.c b/src/manage_sql_report_configs.c index d043d3ca3..7897b96df 100644 --- a/src/manage_sql_report_configs.c +++ b/src/manage_sql_report_configs.c @@ -15,6 +15,7 @@ #include "manage_acl.h" #include "manage_sql_permissions.h" #include "manage_sql_report_formats.h" +#include "manage_sql_resources.h" #include "sql.h" #include "utils.h" #include diff --git a/src/manage_sql_report_configs.h b/src/manage_sql_report_configs.h index 08483ad16..abb7711b2 100644 --- a/src/manage_sql_report_configs.h +++ b/src/manage_sql_report_configs.h @@ -14,7 +14,7 @@ #define _GVMD_MANAGE_SQL_REPORT_CONFIGS_H #include "manage_report_configs.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include diff --git a/src/manage_sql_report_formats.c b/src/manage_sql_report_formats.c index ee73ea057..4fec90ad2 100644 --- a/src/manage_sql_report_formats.c +++ b/src/manage_sql_report_formats.c @@ -15,6 +15,7 @@ #include "manage_acl.h" #include "manage_sql_permissions.h" #include "manage_sql_report_configs.h" +#include "manage_sql_resources.h" #include "manage_sql_users.h" #include "sql.h" #include "utils.h" diff --git a/src/manage_sql_resources.c b/src/manage_sql_resources.c index c345e39e8..40dc9bcbc 100644 --- a/src/manage_sql_resources.c +++ b/src/manage_sql_resources.c @@ -6,6 +6,10 @@ #include "manage_sql_resources.h" #include "manage_acl.h" #include "manage_sql.h" +#include "manage_sql_configs.h" +#include "manage_sql_permissions.h" +#include "manage_sql_tls_certificates.h" +#include "manage_sql_users.h" #include "manage_utils.h" #include "sql.h" @@ -421,3 +425,375 @@ find_resource_by_name_with_permission (const char *type, const char *name, g_free (quoted_name); return FALSE; } + +/** + * @brief Create a resource from an existing resource. + * + * @param[in] type Type of resource. + * @param[in] name Name of new resource. NULL to copy from existing. + * @param[in] comment Comment on new resource. NULL to copy from existing. + * @param[in] resource_id UUID of existing resource. + * @param[in] columns Extra columns in resource. + * @param[in] make_name_unique When name NULL, whether to make existing name + * unique. + * @param[out] new_resource Address for new resource, or NULL. + * @param[out] old_resource Address for existing resource, or NULL. + * + * @return 0 success, 1 resource exists already, 2 failed to find existing + * resource, 99 permission denied, -1 error. + */ +int +copy_resource_lock (const char *type, const char *name, const char *comment, + const char *resource_id, const char *columns, + int make_name_unique, resource_t* new_resource, + resource_t *old_resource) +{ + gchar *quoted_name, *quoted_uuid, *uniquify, *command; + int named, globally_unique; + user_t owner; + resource_t resource; + resource_t new; + int ret = -1; + + if (resource_id == NULL) + return -1; + + command = g_strdup_printf ("create_%s", type); + if (acl_user_may (command) == 0) + { + g_free (command); + return 99; + } + g_free (command); + + command = g_strdup_printf ("get_%ss", type); + if (find_resource_with_permission (type, resource_id, &resource, command, 0)) + { + g_free (command); + return -1; + } + g_free (command); + + if (resource == 0) + return 2; + + if (find_user_by_name (current_credentials.username, &owner) + || owner == 0) + { + return -1; + } + + if (strcmp (type, "permission") == 0) + { + resource_t perm_resource; + perm_resource = permission_resource (resource); + if ((perm_resource == 0) + && (acl_user_can_everything (current_credentials.uuid) == 0)) + /* Only admins can copy permissions that apply to whole commands. */ + return 99; + } + + named = type_named (type); + globally_unique = type_globally_unique (type); + + if (named && name && *name && resource_with_name_exists (name, type, 0)) + return 1; + + if ((strcmp (type, "tls_certificate") == 0) + && user_has_tls_certificate (resource, owner)) + return 1; + + if (name && *name) + quoted_name = sql_quote (name); + else + quoted_name = NULL; + quoted_uuid = sql_quote (resource_id); + + /* Copy the existing resource. */ + + if (globally_unique && make_name_unique) + uniquify = g_strdup_printf ("uniquify ('%s', name, NULL, '%cClone')", + type, + strcmp (type, "user") ? ' ' : '_'); + else if (make_name_unique) + uniquify = g_strdup_printf ("uniquify ('%s', name, %llu, ' Clone')", + type, + owner); + else + uniquify = g_strdup ("name"); + if (named && comment && strlen (comment)) + { + gchar *quoted_comment; + quoted_comment = sql_nquote (comment, strlen (comment)); + ret = sql_error ("INSERT INTO %ss" + " (uuid, owner, name, comment," + " creation_time, modification_time%s%s)" + " SELECT make_uuid ()," + " (SELECT id FROM users" + " where users.uuid = '%s')," + " %s%s%s, '%s', m_now (), m_now ()%s%s" + " FROM %ss WHERE uuid = '%s';", + type, + columns ? ", " : "", + columns ? columns : "", + current_credentials.uuid, + quoted_name ? "'" : "", + quoted_name ? quoted_name : uniquify, + quoted_name ? "'" : "", + quoted_comment, + columns ? ", " : "", + columns ? columns : "", + type, + quoted_uuid); + g_free (quoted_comment); + } + else if (named) + ret = sql_error ("INSERT INTO %ss" + " (uuid, owner, name%s," + " creation_time, modification_time%s%s)" + " SELECT make_uuid ()," + " (SELECT id FROM users where users.uuid = '%s')," + " %s%s%s%s, m_now (), m_now ()%s%s" + " FROM %ss WHERE uuid = '%s';", + type, + type_has_comment (type) ? ", comment" : "", + columns ? ", " : "", + columns ? columns : "", + current_credentials.uuid, + quoted_name ? "'" : "", + quoted_name ? quoted_name : uniquify, + quoted_name ? "'" : "", + type_has_comment (type) ? ", comment" : "", + columns ? ", " : "", + columns ? columns : "", + type, + quoted_uuid); + else + ret = sql_error ("INSERT INTO %ss" + " (uuid, owner, creation_time, modification_time%s%s)" + " SELECT make_uuid ()," + " (SELECT id FROM users where users.uuid = '%s')," + " m_now (), m_now ()%s%s" + " FROM %ss WHERE uuid = '%s';", + type, + columns ? ", " : "", + columns ? columns : "", + current_credentials.uuid, + columns ? ", " : "", + columns ? columns : "", + type, + quoted_uuid); + + if (ret == 3) + { + g_free (quoted_uuid); + g_free (quoted_name); + g_free (uniquify); + return 1; + } + else if (ret) + { + g_free (quoted_uuid); + g_free (quoted_name); + g_free (uniquify); + return -1; + } + + new = sql_last_insert_id (); + + /* Copy attached tags */ + sql ("INSERT INTO tag_resources" + " (tag, resource_type, resource, resource_uuid, resource_location)" + " SELECT tag, resource_type, %llu," + " (SELECT uuid FROM %ss WHERE id = %llu)," + " resource_location" + " FROM tag_resources" + " WHERE resource_type = '%s' AND resource = %llu" + " AND resource_location = " G_STRINGIFY (LOCATION_TABLE) ";", + new, + type, new, + type, resource); + + if (new_resource) + *new_resource = new; + + if (old_resource) + *old_resource = resource; + + g_free (quoted_uuid); + g_free (quoted_name); + g_free (uniquify); + if (sql_last_insert_id () == 0) + return -1; + return 0; +} + +/** + * @brief Create a resource from an existing resource. + * + * @param[in] type Type of resource. + * @param[in] name Name of new resource. NULL to copy from existing. + * @param[in] comment Comment on new resource. NULL to copy from existing. + * @param[in] resource_id UUID of existing resource. + * @param[in] columns Extra columns in resource. + * @param[in] make_name_unique When name NULL, whether to make existing name + * unique. + * @param[out] new_resource New resource. + * @param[out] old_resource Address for existing resource, or NULL. + * + * @return 0 success, 1 resource exists already, 2 failed to find existing + * resource, 99 permission denied, -1 error. + */ +int +copy_resource (const char *type, const char *name, const char *comment, + const char *resource_id, const char *columns, + int make_name_unique, resource_t* new_resource, + resource_t *old_resource) +{ + int ret; + + assert (current_credentials.uuid); + + sql_begin_immediate (); + + ret = copy_resource_lock (type, name, comment, resource_id, columns, + make_name_unique, new_resource, old_resource); + + if (ret) + sql_rollback (); + else + sql_commit (); + + return ret; +} + +/** + * @brief Check if a resource has been marked as deprecated. + * + * @param[in] type Resource type. + * @param[in] resource_id UUID of the resource. + * + * @return 1 if deprecated, else 0. + */ +int +resource_id_deprecated (const char *type, const char *resource_id) +{ + int ret; + gchar *quoted_type = sql_quote (type); + gchar *quoted_uuid = sql_quote (resource_id); + + ret = sql_int ("SELECT count(*) FROM deprecated_feed_data" + " WHERE type = '%s' AND uuid = '%s';", + quoted_type, quoted_uuid); + + g_free (quoted_type); + g_free (quoted_uuid); + + return ret != 0; +} + +/** + * @brief Mark whether resource is deprecated. + * + * @param[in] type Resource type. + * @param[in] resource_id UUID of the resource. + * @param[in] deprecated Whether the resource is deprecated. + */ +void +set_resource_id_deprecated (const char *type, const char *resource_id, + gboolean deprecated) +{ + gchar *quoted_type = sql_quote (type); + gchar *quoted_uuid = sql_quote (resource_id); + + if (deprecated) + { + sql ("INSERT INTO deprecated_feed_data (type, uuid, modification_time)" + " VALUES ('%s', '%s', m_now ())" + " ON CONFLICT (uuid, type)" + " DO UPDATE SET modification_time = m_now ()", + quoted_type, quoted_uuid); + } + else + { + sql ("DELETE FROM deprecated_feed_data" + " WHERE type = '%s' AND uuid = '%s'", + quoted_type, quoted_uuid); + } + g_free (quoted_type); + g_free (quoted_uuid); +} + +/** + * @brief Return number of resources of a certain type for current user. + * + * @param[in] type Type. + * @param[in] get GET params. + * + * @return The number of resources associated with the current user. + */ +int +resource_count (const char *type, const get_data_t *get) +{ + static const char *filter_columns[] = { "owner", NULL }; + static column_t select_columns[] = {{ "owner", NULL }, { NULL, NULL }}; + get_data_t count_get; + gchar *extra_where, *extra_with, *extra_tables; + int rc; + + memset (&count_get, '\0', sizeof (count_get)); + count_get.trash = get->trash; + if (type_owned (type)) + count_get.filter = "rows=-1 first=1 permission=any owner=any min_qod=0"; + else + count_get.filter = "rows=-1 first=1 permission=any min_qod=0"; + + extra_with = extra_tables = NULL; + + if (strcasecmp (type, "config") == 0) + { + const gchar *usage_type = get_data_get_extra (get, "usage_type"); + extra_where = configs_extra_where (usage_type); + } + else if (strcmp (type, "task") == 0) + { + const gchar *usage_type = get_data_get_extra (get, "usage_type"); + extra_where = tasks_extra_where (get->trash, usage_type); + } + else if (strcmp (type, "report") == 0) + { + const gchar *usage_type = get_data_get_extra (get, "usage_type"); + extra_where = reports_extra_where (0, NULL, usage_type); + } + else if (strcmp (type, "result") == 0) + { + extra_where + = g_strdup (" AND (severity != " G_STRINGIFY (SEVERITY_ERROR) ")"); + } + else if (strcmp (type, "vuln") == 0) + { + extra_where = vulns_extra_where (filter_term_min_qod (count_get.filter)); + extra_with = vuln_iterator_extra_with_from_filter (count_get.filter); + extra_tables = vuln_iterator_opts_from_filter (count_get.filter); + } + else + extra_where = NULL; + + rc = count2 (get->subtype ? get->subtype : type, + &count_get, + type_owned (type) ? select_columns : NULL, + type_owned (type) ? select_columns : NULL, + NULL, + NULL, + type_owned (type) ? filter_columns : NULL, + 0, + extra_tables, + extra_where, + extra_with, + type_owned (type)); + + g_free (extra_where); + g_free (extra_with); + g_free (extra_tables); + return rc; +} diff --git a/src/manage_sql_resources.h b/src/manage_sql_resources.h index 851f85444..2a14a8b26 100644 --- a/src/manage_sql_resources.h +++ b/src/manage_sql_resources.h @@ -6,7 +6,7 @@ #ifndef _GVMD_MANAGE_SQL_RESOURCES_H #define _GVMD_MANAGE_SQL_RESOURCES_H -#include "manage_resources.h" +#include "manage_resources_types.h" #include @@ -30,4 +30,12 @@ gboolean find_resource_by_name_with_permission (const char *, const char *, resource_t *, const char *); +int +copy_resource_lock (const char *, const char *, const char *, const char *, + const char *, int, resource_t *, resource_t *); + +int +copy_resource (const char *, const char *, const char *, const char *, + const char *, int, resource_t *, resource_t *); + #endif // not _GVMD_MANAGE_SQL_RESOURCES_H diff --git a/src/manage_sql_scan_queue.h b/src/manage_sql_scan_queue.h index 4f878d518..ef6268dd2 100644 --- a/src/manage_sql_scan_queue.h +++ b/src/manage_sql_scan_queue.h @@ -13,7 +13,7 @@ #include "manage_scan_queue.h" #include "iterator.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include "time.h" void diff --git a/src/manage_users.h b/src/manage_users.h index defb9318c..fddd58e5d 100644 --- a/src/manage_users.h +++ b/src/manage_users.h @@ -7,7 +7,7 @@ #define _GVMD_MANAGE_USERS_H #include "manage_get.h" -#include "manage_resources.h" +#include "manage_resources_types.h" #include "sql.h" // Sadly, for db_conn_info_t gchar *