Skip to content

Commit

Permalink
Merge pull request #1399 from mattmundell/db-setting-id
Browse files Browse the repository at this point in the history 
Access current user with an SQL function
  • Loading branch information
@timopollmeier
timopollmeier authored Jan 27, 2021
2 parents 6bd9ee2 + 7618e50 commit 2b98743
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 81 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384)
- The internal list of current Local Security Checks for the 'Closed CVEs' feature was updated [#1381](https://github.com/greenbone/gvmd/pull/1381)
- Limit "whole-only" config families to "growing" and "every nvt" [#1386](https://github.com/greenbone/gvmd/pull/1386)
- Access current user with an SQL function [#1399](https://github.com/greenbone/gvmd/pull/1399)

### Fixed
- Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287)
Expand Down
94 changes: 24 additions & 70 deletions src/manage_pg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,9 @@
void
manage_session_init (const char *uuid)
{
sql ("SET SESSION \"gvmd.user.uuid\" = '%s';", uuid);
sql ("SET SESSION \"gvmd.user.id\" = %llu;",
sql_int64_0 ("SELECT id FROM users WHERE uuid = '%s';",
uuid));
sql ("SET SESSION \"gvmd.tz_override\" = '';");
}

Expand Down Expand Up @@ -146,10 +148,7 @@ sql_rename_column (const char *old_table, const char *new_table,
" WHERE overrides.result_nvt = results.result_nvt" \
" AND ((overrides.owner IS NULL)" \
" OR (overrides.owner" \
" = (SELECT id FROM users" \
" WHERE users.uuid" \
" = (SELECT current_setting" \
" ('gvmd.user.uuid')))))" \
" = gvmd_user ()))" \
" AND ((overrides.end_time = 0)" \
" OR (overrides.end_time >= m_now ()))" \
" AND (overrides.task = results.task" \
Expand Down Expand Up @@ -601,8 +600,7 @@ manage_create_sql_functions ()
" user_zone :="
" coalesce ((SELECT current_setting ('gvmd.tz_override')),"
" (SELECT timezone FROM users"
" WHERE uuid"
" = (SELECT current_setting ('gvmd.user.uuid'))));"
" WHERE id = gvmd_user ()));"
" RETURN iso_time (seconds, user_zone);"
" END;"
"$$ LANGUAGE plpgsql;");
Expand Down Expand Up @@ -740,33 +738,17 @@ manage_create_sql_functions ()
" || ' WHERE id = $2)))))"
" AND subject_location = " G_STRINGIFY (LOCATION_TABLE)
" AND ((subject_type = ''user''"
" AND subject"
" = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" (''gvmd.user.uuid''))))"
" AND subject = gvmd_user ())"
" OR (subject_type = ''group''"
" AND subject"
" IN (SELECT DISTINCT \"group\""
" FROM group_users"
" WHERE"
" \"user\""
" = (SELECT id"
" FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" (''gvmd.user.uuid'')))))"
" WHERE \"user\" = gvmd_user ()))"
" OR (subject_type = ''role''"
" AND subject"
" IN (SELECT DISTINCT role"
" FROM role_users"
" WHERE"
" \"user\""
" = (SELECT id"
" FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" (''gvmd.user.uuid'')))))))'"
" WHERE \"user\" = gvmd_user ()))))'"
" USING arg_type, arg_id"
" INTO owns;"
" RETURN owns;"
Expand Down Expand Up @@ -797,11 +779,7 @@ manage_create_sql_functions ()
" WHERE results.id = arg_id"
" AND results.report = reports.id"
" AND ((reports.owner IS NULL)"
" OR (reports.owner"
" = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid'))))))"
" OR (reports.owner = gvmd_user ())))"
" THEN RETURN true;"
" ELSE RETURN false;"
" END CASE;"
Expand All @@ -811,11 +789,7 @@ manage_create_sql_functions ()
" WHERE id = arg_id"
" AND hidden < 2"
" AND ((owner IS NULL)"
" OR (owner"
" = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid'))))))"
" OR (owner = gvmd_user ())))"
" THEN RETURN true;"
" ELSE RETURN false;"
" END CASE;"
Expand All @@ -825,10 +799,7 @@ manage_create_sql_functions ()
" FROM ' || quote_ident_split ($1 || 's') || '"
" WHERE id = $2"
" AND ((owner IS NULL)"
" OR (owner = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" (''gvmd.user.uuid''))))))'"
" OR (owner = gvmd_user ())))'"
" USING arg_type, arg_id"
" INTO owns;"
" RETURN owns;"
Expand Down Expand Up @@ -873,9 +844,7 @@ manage_create_sql_functions ()
" task_uuid = null;"
" END CASE;"
" is_get = substr (arg_permission, 0, 4) = 'get';"
" user_id = (SELECT id FROM users"
" WHERE uuid = (SELECT current_setting"
" ('gvmd.user.uuid')));"
" user_id = gvmd_user ();"
" ret = (SELECT count(*) FROM permissions"
" WHERE resource_uuid = coalesce (task_uuid, arg_uuid)"
" AND subject_location = " G_STRINGIFY (LOCATION_TABLE)
Expand Down Expand Up @@ -908,6 +877,11 @@ manage_create_sql_functions ()
"$$ LANGUAGE SQL"
" STABLE;");

sql ("CREATE OR REPLACE FUNCTION gvmd_user ()"
" RETURNS integer AS $$"
" SELECT current_setting ('gvmd.user.id')::integer;"
"$$ LANGUAGE SQL;");

sql ("CREATE OR REPLACE FUNCTION common_cve (text, text)"
" RETURNS boolean AS $$"
/* Check if two CVE lists contain a common CVE. */
Expand Down Expand Up @@ -986,10 +960,7 @@ manage_create_sql_functions ()
" SELECT CAST (value AS integer) = 1 FROM settings"
" WHERE name = 'Dynamic Severity'"
" AND ((owner IS NULL)"
" OR (owner = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid')))))"
" OR (owner = gvmd_user ()))"
" ORDER BY coalesce (owner, 0) DESC LIMIT 1;"
"$$ LANGUAGE SQL;");

Expand All @@ -1016,11 +987,7 @@ manage_create_sql_functions ()
" AS (SELECT max(severity) AS max"
" FROM report_counts"
" WHERE report = $1"
" AND (\"user\""
" = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid'))))"
" AND \"user\" = gvmd_user ()"
" AND override = $2"
" AND min_qod = $3"
" AND (end_time = 0 or end_time >= m_now ()))"
Expand Down Expand Up @@ -1088,10 +1055,7 @@ manage_create_sql_functions ()
" SELECT value FROM settings"
" WHERE name = 'Severity Class'"
" AND ((owner IS NULL)"
" OR (owner = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid')))))"
" OR (owner = gvmd_user ()))"
" ORDER BY coalesce (owner, 0) DESC LIMIT 1;"
"$$ LANGUAGE SQL;");

Expand All @@ -1106,11 +1070,7 @@ manage_create_sql_functions ()
" AS (SELECT sum (count) AS total"
" FROM report_counts"
" WHERE report = $1"
" AND (\"user\""
" = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid'))))"
" AND \"user\" = gvmd_user ()"
" AND override = $2"
" AND min_qod = $3"
" AND (end_time = 0"
Expand Down Expand Up @@ -1239,7 +1199,7 @@ manage_create_sql_functions ()
" AND scan_run_status = %u)"
" THEN RETURN ''::text;"
/* Get trend only for authenticated users. */
" WHEN (SELECT current_setting ('gvmd.user.uuid') = '')"
" WHEN gvmd_user () = 0"
" THEN RETURN ''::text;"
/* Skip running and container tasks. */
" WHEN (SELECT run_status = %u OR target = 0"
Expand Down Expand Up @@ -1620,10 +1580,7 @@ manage_create_sql_functions ()
" AND ($4 IS NULL OR results.host = $4)"
" AND (results.severity != " G_STRINGIFY (SEVERITY_ERROR) ")"
" AND (SELECT has_permission FROM permissions_get_tasks"
" WHERE \"user\" = (SELECT id FROM users"
" WHERE uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid')))"
" WHERE \"user\" = gvmd_user ()"
" AND task = results.task)"
"$$ LANGUAGE SQL;");

Expand All @@ -1640,10 +1597,7 @@ manage_create_sql_functions ()
" AND ($4 IS NULL OR results.host = $4)"
" AND (results.severity != " G_STRINGIFY (SEVERITY_ERROR) ")"
" AND (SELECT has_permission FROM permissions_get_tasks"
" WHERE \"user\" = (SELECT id FROM users"
" WHERE uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid')))"
" WHERE \"user\" = gvmd_user ()"
" AND task = results.task))"
"$$ LANGUAGE SQL;");
}
Expand Down
8 changes: 2 additions & 6 deletions src/manage_sql.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15117,7 +15117,7 @@ init_manage_open_db (const db_conn_info_t *database)
}

/* Ensure the user session variables always exists. */
sql ("SET SESSION \"gvmd.user.uuid\" = '';");
sql ("SET SESSION \"gvmd.user.id\" = 0;");
sql ("SET SESSION \"gvmd.tz_override\" = '';");

/* Attach the SCAP and CERT databases. */
Expand Down Expand Up @@ -52468,11 +52468,7 @@ user_resources_in_use (user_t user,
" AND (opts.host IS NULL OR results.host = opts.host)" \
" AND (results.severity != " G_STRINGIFY (SEVERITY_ERROR) ")" \
" AND (SELECT has_permission FROM permissions_get_tasks" \
" WHERE \"user\"" \
" = (SELECT id FROM users" \
" WHERE uuid" \
" = (SELECT current_setting" \
" ('gvmd.user.uuid')))" \
" WHERE \"user\" = gvmd_user ()" \
" AND task = results.task)"

/**
Expand Down
5 changes: 1 addition & 4 deletions src/manage_sql_tickets.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,10 +111,7 @@ ticket_status_integer (const char *status)
" WHERE ticket = tickets.id" \
" LIMIT 1)" \
" AND result_new_severities.user" \
" = (SELECT users.id" \
" FROM users" \
" WHERE users.uuid" \
" = (SELECT current_setting ('gvmd.user.uuid')))" \
" = gvmd_user ()" \
" AND result_new_severities.dynamic = 0" \
" LIMIT 1)" \
" ELSE severity" \
Expand Down
2 changes: 1 addition & 1 deletion src/sql.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -498,7 +498,7 @@ sql_int64 (long long int* ret, char* sql, ...)
* @param[in] sql Format string for SQL query.
* @param[in] ... Arguments for format string.
*
* @return 0 success, 1 too few rows, -1 error.
* @return Column value. 0 if no row.
*/
long long int
sql_int64_0 (char* sql, ...)
Expand Down

0 comments on commit 2b98743

Please sign in to comment.