diff --git a/CHANGELOG.md b/CHANGELOG.md index c50862a29..4ee9f500c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384) - The internal list of current Local Security Checks for the 'Closed CVEs' feature was updated [#1381](https://github.com/greenbone/gvmd/pull/1381) - Limit "whole-only" config families to "growing" and "every nvt" [#1386](https://github.com/greenbone/gvmd/pull/1386) +- Access current user with an SQL function [#1399](https://github.com/greenbone/gvmd/pull/1399) ### Fixed - Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287) diff --git a/src/manage_pg.c b/src/manage_pg.c index 4175f1541..237796b4f 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -49,7 +49,9 @@ void manage_session_init (const char *uuid) { - sql ("SET SESSION \"gvmd.user.uuid\" = '%s';", uuid); + sql ("SET SESSION \"gvmd.user.id\" = %llu;", + sql_int64_0 ("SELECT id FROM users WHERE uuid = '%s';", + uuid)); sql ("SET SESSION \"gvmd.tz_override\" = '';"); } @@ -146,10 +148,7 @@ sql_rename_column (const char *old_table, const char *new_table, " WHERE overrides.result_nvt = results.result_nvt" \ " AND ((overrides.owner IS NULL)" \ " OR (overrides.owner" \ - " = (SELECT id FROM users" \ - " WHERE users.uuid" \ - " = (SELECT current_setting" \ - " ('gvmd.user.uuid')))))" \ + " = gvmd_user ()))" \ " AND ((overrides.end_time = 0)" \ " OR (overrides.end_time >= m_now ()))" \ " AND (overrides.task = results.task" \ @@ -601,8 +600,7 @@ manage_create_sql_functions () " user_zone :=" " coalesce ((SELECT current_setting ('gvmd.tz_override'))," " (SELECT timezone FROM users" - " WHERE uuid" - " = (SELECT current_setting ('gvmd.user.uuid'))));" + " WHERE id = gvmd_user ()));" " RETURN iso_time (seconds, user_zone);" " END;" "$$ LANGUAGE plpgsql;"); @@ -740,33 +738,17 @@ manage_create_sql_functions () " || ' WHERE id = $2)))))" " AND subject_location = " G_STRINGIFY (LOCATION_TABLE) " AND ((subject_type = ''user''" - " AND subject" - " = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " (''gvmd.user.uuid''))))" + " AND subject = gvmd_user ())" " OR (subject_type = ''group''" " AND subject" " IN (SELECT DISTINCT \"group\"" " FROM group_users" - " WHERE" - " \"user\"" - " = (SELECT id" - " FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " (''gvmd.user.uuid'')))))" + " WHERE \"user\" = gvmd_user ()))" " OR (subject_type = ''role''" " AND subject" " IN (SELECT DISTINCT role" " FROM role_users" - " WHERE" - " \"user\"" - " = (SELECT id" - " FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " (''gvmd.user.uuid'')))))))'" + " WHERE \"user\" = gvmd_user ()))))'" " USING arg_type, arg_id" " INTO owns;" " RETURN owns;" @@ -797,11 +779,7 @@ manage_create_sql_functions () " WHERE results.id = arg_id" " AND results.report = reports.id" " AND ((reports.owner IS NULL)" - " OR (reports.owner" - " = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid'))))))" + " OR (reports.owner = gvmd_user ())))" " THEN RETURN true;" " ELSE RETURN false;" " END CASE;" @@ -811,11 +789,7 @@ manage_create_sql_functions () " WHERE id = arg_id" " AND hidden < 2" " AND ((owner IS NULL)" - " OR (owner" - " = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid'))))))" + " OR (owner = gvmd_user ())))" " THEN RETURN true;" " ELSE RETURN false;" " END CASE;" @@ -825,10 +799,7 @@ manage_create_sql_functions () " FROM ' || quote_ident_split ($1 || 's') || '" " WHERE id = $2" " AND ((owner IS NULL)" - " OR (owner = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " (''gvmd.user.uuid''))))))'" + " OR (owner = gvmd_user ())))'" " USING arg_type, arg_id" " INTO owns;" " RETURN owns;" @@ -873,9 +844,7 @@ manage_create_sql_functions () " task_uuid = null;" " END CASE;" " is_get = substr (arg_permission, 0, 4) = 'get';" - " user_id = (SELECT id FROM users" - " WHERE uuid = (SELECT current_setting" - " ('gvmd.user.uuid')));" + " user_id = gvmd_user ();" " ret = (SELECT count(*) FROM permissions" " WHERE resource_uuid = coalesce (task_uuid, arg_uuid)" " AND subject_location = " G_STRINGIFY (LOCATION_TABLE) @@ -908,6 +877,11 @@ manage_create_sql_functions () "$$ LANGUAGE SQL" " STABLE;"); + sql ("CREATE OR REPLACE FUNCTION gvmd_user ()" + " RETURNS integer AS $$" + " SELECT current_setting ('gvmd.user.id')::integer;" + "$$ LANGUAGE SQL;"); + sql ("CREATE OR REPLACE FUNCTION common_cve (text, text)" " RETURNS boolean AS $$" /* Check if two CVE lists contain a common CVE. */ @@ -986,10 +960,7 @@ manage_create_sql_functions () " SELECT CAST (value AS integer) = 1 FROM settings" " WHERE name = 'Dynamic Severity'" " AND ((owner IS NULL)" - " OR (owner = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid')))))" + " OR (owner = gvmd_user ()))" " ORDER BY coalesce (owner, 0) DESC LIMIT 1;" "$$ LANGUAGE SQL;"); @@ -1016,11 +987,7 @@ manage_create_sql_functions () " AS (SELECT max(severity) AS max" " FROM report_counts" " WHERE report = $1" - " AND (\"user\"" - " = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid'))))" + " AND \"user\" = gvmd_user ()" " AND override = $2" " AND min_qod = $3" " AND (end_time = 0 or end_time >= m_now ()))" @@ -1088,10 +1055,7 @@ manage_create_sql_functions () " SELECT value FROM settings" " WHERE name = 'Severity Class'" " AND ((owner IS NULL)" - " OR (owner = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid')))))" + " OR (owner = gvmd_user ()))" " ORDER BY coalesce (owner, 0) DESC LIMIT 1;" "$$ LANGUAGE SQL;"); @@ -1106,11 +1070,7 @@ manage_create_sql_functions () " AS (SELECT sum (count) AS total" " FROM report_counts" " WHERE report = $1" - " AND (\"user\"" - " = (SELECT id FROM users" - " WHERE users.uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid'))))" + " AND \"user\" = gvmd_user ()" " AND override = $2" " AND min_qod = $3" " AND (end_time = 0" @@ -1239,7 +1199,7 @@ manage_create_sql_functions () " AND scan_run_status = %u)" " THEN RETURN ''::text;" /* Get trend only for authenticated users. */ - " WHEN (SELECT current_setting ('gvmd.user.uuid') = '')" + " WHEN gvmd_user () = 0" " THEN RETURN ''::text;" /* Skip running and container tasks. */ " WHEN (SELECT run_status = %u OR target = 0" @@ -1620,10 +1580,7 @@ manage_create_sql_functions () " AND ($4 IS NULL OR results.host = $4)" " AND (results.severity != " G_STRINGIFY (SEVERITY_ERROR) ")" " AND (SELECT has_permission FROM permissions_get_tasks" - " WHERE \"user\" = (SELECT id FROM users" - " WHERE uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid')))" + " WHERE \"user\" = gvmd_user ()" " AND task = results.task)" "$$ LANGUAGE SQL;"); @@ -1640,10 +1597,7 @@ manage_create_sql_functions () " AND ($4 IS NULL OR results.host = $4)" " AND (results.severity != " G_STRINGIFY (SEVERITY_ERROR) ")" " AND (SELECT has_permission FROM permissions_get_tasks" - " WHERE \"user\" = (SELECT id FROM users" - " WHERE uuid" - " = (SELECT current_setting" - " ('gvmd.user.uuid')))" + " WHERE \"user\" = gvmd_user ()" " AND task = results.task))" "$$ LANGUAGE SQL;"); } diff --git a/src/manage_sql.c b/src/manage_sql.c index 37410e05a..10ad25b0d 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -15117,7 +15117,7 @@ init_manage_open_db (const db_conn_info_t *database) } /* Ensure the user session variables always exists. */ - sql ("SET SESSION \"gvmd.user.uuid\" = '';"); + sql ("SET SESSION \"gvmd.user.id\" = 0;"); sql ("SET SESSION \"gvmd.tz_override\" = '';"); /* Attach the SCAP and CERT databases. */ @@ -52468,11 +52468,7 @@ user_resources_in_use (user_t user, " AND (opts.host IS NULL OR results.host = opts.host)" \ " AND (results.severity != " G_STRINGIFY (SEVERITY_ERROR) ")" \ " AND (SELECT has_permission FROM permissions_get_tasks" \ - " WHERE \"user\"" \ - " = (SELECT id FROM users" \ - " WHERE uuid" \ - " = (SELECT current_setting" \ - " ('gvmd.user.uuid')))" \ + " WHERE \"user\" = gvmd_user ()" \ " AND task = results.task)" /** diff --git a/src/manage_sql_tickets.c b/src/manage_sql_tickets.c index f2dcc3abd..dd1149ad2 100644 --- a/src/manage_sql_tickets.c +++ b/src/manage_sql_tickets.c @@ -111,10 +111,7 @@ ticket_status_integer (const char *status) " WHERE ticket = tickets.id" \ " LIMIT 1)" \ " AND result_new_severities.user" \ - " = (SELECT users.id" \ - " FROM users" \ - " WHERE users.uuid" \ - " = (SELECT current_setting ('gvmd.user.uuid')))" \ + " = gvmd_user ()" \ " AND result_new_severities.dynamic = 0" \ " LIMIT 1)" \ " ELSE severity" \ diff --git a/src/sql.c b/src/sql.c index 3ca2f96ac..fb6f689dc 100644 --- a/src/sql.c +++ b/src/sql.c @@ -498,7 +498,7 @@ sql_int64 (long long int* ret, char* sql, ...) * @param[in] sql Format string for SQL query. * @param[in] ... Arguments for format string. * - * @return 0 success, 1 too few rows, -1 error. + * @return Column value. 0 if no row. */ long long int sql_int64_0 (char* sql, ...)