Skip to content

Commit

Permalink
Merge pull request #2303 from greenbone/extend-get-feeds-gmp-command
Browse files Browse the repository at this point in the history 
Change: Extend get_feeds GMP command.
  • Loading branch information
@a-h-abdelsalam
a-h-abdelsalam authored Oct 8, 2024
2 parents 04071fa + 0761c87 commit 2361f46
Show file tree
Hide file tree
Showing 4 changed files with 97 additions and 0 deletions.
44 changes: 44 additions & 0 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12976,6 +12976,7 @@ static void
handle_get_feeds (gmp_parser_t *gmp_parser, GError **error)
{
assert (current_credentials.username);
assert (current_credentials.uuid);

if (acl_user_may ("get_feeds") == 0)
{
Expand All @@ -12986,10 +12987,53 @@ handle_get_feeds (gmp_parser_t *gmp_parser, GError **error)
return;
}

char *feed_owner_uuid, *feed_roles;
gboolean feed_owner_set, feed_import_roles_set, feed_resources_access;

feed_owner_set = feed_import_roles_set = feed_resources_access = FALSE;

setting_value (SETTING_UUID_FEED_IMPORT_OWNER, &feed_owner_uuid);

if (feed_owner_uuid != NULL && strlen (feed_owner_uuid) > 0)
feed_owner_set = TRUE;

setting_value (SETTING_UUID_FEED_IMPORT_ROLES, &feed_roles);

if (feed_roles != NULL && strlen (feed_roles) > 0)
feed_import_roles_set = TRUE;

if (feed_owner_uuid != NULL && strcmp (feed_owner_uuid, current_credentials.uuid) == 0)
feed_resources_access = TRUE;
else if (feed_roles != NULL)
{
gchar **roles = g_strsplit (feed_roles, ",", -1);
gchar **role = roles;
while (*role)
{
if (acl_user_has_role (current_credentials.uuid, *role))
{
feed_resources_access = TRUE;
break;
}
role++;
}
g_strfreev (roles);
}

free (feed_roles);
free (feed_owner_uuid);

SEND_TO_CLIENT_OR_FAIL ("<get_feeds_response"
" status=\"" STATUS_OK "\""
" status_text=\"" STATUS_OK_TEXT "\">");

SENDF_TO_CLIENT_OR_FAIL ("<feed_owner_set>%s</feed_owner_set>"
"<feed_roles_set>%s</feed_roles_set>"
"<feed_resources_access>%s</feed_resources_access>",
feed_owner_set ? "1" : "0",
feed_import_roles_set ? "1" : "0",
feed_resources_access ? "1" : "0");

if ((get_feeds_data->type == NULL)
|| (strcasecmp (get_feeds_data->type, "nvt") == 0))
get_feed (gmp_parser, error, NVT_FEED);
Expand Down
29 changes: 29 additions & 0 deletions src/manage_acl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,35 @@ acl_user_is_user (const char *uuid)
return ret;
}

/**
* @brief Check whether a user has a given role.
*
* @param[in] user_uuid UUID of the user.
* @param[in] role_uuid UUID of the role.
*
* @return 1 if user has the given role, else 0.
*/
int
acl_user_has_role (const char *user_uuid, const char *role_uuid)
{
int ret;
gchar *quoted_role_uuid, *quoted_user_uuid;

quoted_role_uuid = sql_quote (role_uuid);
quoted_user_uuid = sql_quote (user_uuid);

ret = sql_int ("SELECT count (*) FROM role_users"
" WHERE role = (SELECT id FROM roles"
" WHERE uuid = '%s')"
" AND \"user\" = (SELECT id FROM users WHERE uuid = '%s');",
quoted_role_uuid, quoted_user_uuid);

g_free (quoted_role_uuid);
g_free (quoted_user_uuid);
return ret;
}


/* TODO This is only predicatable for unique fields like "id". If the field
* is "name" then "SELECT ... format" will choose arbitrarily between
* the resources that have the same name. */
Expand Down
3 changes: 3 additions & 0 deletions src/manage_acl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,9 @@ acl_user_is_super_admin (const char *);
int
acl_user_is_observer (const char *);

int
acl_user_has_role (const char *, const char *);

int
acl_user_owns (const char *, resource_t, int);

Expand Down
21 changes: 21 additions & 0 deletions src/schema_formats/XML/GMP.xml.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11525,8 +11525,26 @@ END:VCALENDAR
<type>text</type>
<required>1</required>
</attrib>
<e>feed_owner_set</e>
<e>feed_roles_set</e>
<e>feed_resources_access</e>
<any><e>feed</e></any>
</pattern>
<ele>
<name>feed_owner_set</name>
<summary>Whether the feed owner is set</summary>
<pattern><t>boolean</t></pattern>
</ele>
<ele>
<name>feed_roles_set</name>
<summary>Whether the feed roles are set</summary>
<pattern><t>boolean</t></pattern>
</ele>
<ele>
<name>feed_resources_access</name>
<summary>Whether the user has access to feed resources</summary>
<pattern><t>boolean</t></pattern>
</ele>
<ele>
<name>feed</name>
<pattern>
Expand Down Expand Up @@ -11590,6 +11608,9 @@ END:VCALENDAR
</request>
<response>
<get_feeds_response status_text="OK" status="200">
<feed_owner_set>1</feed_owner_set>
<feed_roles_set>1</feed_roles_set>
<feed_resources_access>1</feed_resources_access>
<feed>
<type>NVT</type>
<name>Greenbone Security Feed</name>
Expand Down

0 comments on commit 2361f46

Please sign in to comment.