Merge pull request #2205 from greenbone/validate-user-method

Add: validate source names in CREATE_USER and MODIFY_USER
greenbone · Jun 14, 2024 · 9e1e43c · 9e1e43c
2 parents 0cf9d67 + 8467007
commit 9e1e43c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/src/gmp.c b/src/gmp.c
@@ -23454,6 +23454,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                   log_event_fail ("user", "User", NULL, "created");
                   break;
                 case -3:
+                case -4:
                   SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX
                                           ("create_user", "Error in SOURCE"));
                   log_event_fail ("user", "User", NULL, "created");
@@ -26056,6 +26057,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                                             ("modify_user", "Unknown role"));
                     break;
                   case -3:
+                  case -4:
                     SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX
                                             ("modify_user", "Error in SOURCES"));
                     break;

diff --git a/src/manage_sql.c b/src/manage_sql.c
@@ -53655,7 +53655,8 @@ find_user_by_name (const char* name, user_t *user)
  *
  * @return 0 if the user has been added successfully, 1 failed to find group,
  *         2 failed to find role, 3 syntax error in hosts, 99 permission denied,
- *         -1 on error, -2 if user exists already.
+ *         -1 on error, -2 if user exists already, -3 if wrong number of methods,
+ *         -4 error in method.
  */
 int
 create_user (const gchar * name, const gchar * password, const gchar *comment,
@@ -53684,7 +53685,10 @@ create_user (const gchar * name, const gchar * password, const gchar *comment,
   if (allowed_methods && (allowed_methods->len == 0))
     allowed_methods = NULL;
 
-  // TODO validate methods  single source, one of ldap, ...
+  if (allowed_methods
+      && (auth_method_name_valid (g_ptr_array_index (allowed_methods, 0))
+          == 0))
+    return -4;
 
   if (validate_username (name) != 0)
     {
@@ -54716,7 +54720,8 @@ delete_user (const char *user_id_arg, const char *name_arg, int ultimate,
  *         2 failed to find user, 3 success and user gained admin, 4 success
  *         and user lost admin, 5 failed to find role, 6 syntax error in hosts,
  *         7 syntax error in new name, 99 permission denied, -1 on error,
- *         -2 for an unknown role, -3 if wrong number of methods.
+ *         -2 for an unknown role, -3 if wrong number of methods, -4 error in
+ *         method.
  */
 int
 modify_user (const gchar * user_id, gchar **name, const gchar *new_name,
@@ -54748,7 +54753,10 @@ modify_user (const gchar * user_id, gchar **name, const gchar *new_name,
           || (strlen (g_ptr_array_index (allowed_methods, 0)) == 0)))
     allowed_methods = NULL;
 
-  // TODO Validate methods: single source, one of "", "ldap", ...
+  if (allowed_methods
+      && (auth_method_name_valid (g_ptr_array_index (allowed_methods, 0))
+          == 0))
+    return -4;
 
   sql_begin_immediate ();