diff --git a/src/manage.h b/src/manage.h index 666f44db4..71522fdea 100644 --- a/src/manage.h +++ b/src/manage.h @@ -3190,9 +3190,6 @@ manage_default_ca_cert (); /* Users. */ -gboolean -find_user_by_name_with_permission (const char *, user_t *, const char *); - int manage_create_user (GSList *, const db_conn_info_t *, const gchar *, const gchar *, const gchar *); @@ -3223,45 +3220,6 @@ copy_user (const char*, const char*, const char*, user_t*); gchar * keyfile_to_auth_conf_settings_xml (const gchar *); -int -init_user_iterator (iterator_t*, get_data_t*); - -const char* -user_iterator_role (iterator_t*); - -const char* -user_iterator_method (iterator_t*); - -const char* -user_iterator_hosts (iterator_t*); - -int -user_iterator_hosts_allow (iterator_t*); - -void -init_user_group_iterator (iterator_t *, user_t); - -const char* -user_group_iterator_uuid (iterator_t*); - -const char* -user_group_iterator_name (iterator_t*); - -int -user_group_iterator_readable (iterator_t*); - -void -init_user_role_iterator (iterator_t *, user_t); - -const char* -user_role_iterator_uuid (iterator_t*); - -const char* -user_role_iterator_name (iterator_t*); - -int -user_role_iterator_readable (iterator_t*); - int create_user (const gchar *, const gchar *, const gchar *, const gchar *, int, const array_t *, array_t *, gchar **, diff --git a/src/manage_sql.c b/src/manage_sql.c index 2e698c81f..db6580dce 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -53,6 +53,7 @@ #include "manage_sql_roles.h" #include "manage_sql_tickets.h" #include "manage_sql_tls_certificates.h" +#include "manage_sql_users.h" #include "manage_acl.h" #include "manage_commands.h" #include "manage_authentication.h" @@ -213,9 +214,6 @@ task_owner_uuid (task_t); gchar* clean_hosts (const char *, int*); -static gboolean -find_user_by_name (const char *, user_t *user); - static int user_ensure_in_db (const gchar *, const gchar *); @@ -983,7 +981,7 @@ find_resource_by_name (const char* type, const char* name, resource_t *resource) * @return FALSE on success (including if failed to find resource), TRUE on * error. */ -static gboolean +gboolean find_resource_by_name_with_permission (const char *type, const char *name, resource_t *resource, const char *permission) @@ -38373,52 +38371,6 @@ manage_set_password (GSList *log_config, const db_conn_info_t *database, return -1; } -/** - * @brief Find a user for a specific permission, given a UUID. - * - * @param[in] uuid UUID of user. - * @param[out] user User return, 0 if successfully failed to find user. - * @param[in] permission Permission. - * - * @return FALSE on success (including if failed to find user), TRUE on error. - */ -static gboolean -find_user_with_permission (const char* uuid, user_t* user, - const char *permission) -{ - return find_resource_with_permission ("user", uuid, user, permission, 0); -} - -/** - * @brief Find a user given a name. - * - * @param[in] name A user name. - * @param[out] user User return, 0 if successfully failed to find user. - * @param[in] permission Permission. - * - * @return FALSE on success (including if failed to find user), TRUE on error. - */ -gboolean -find_user_by_name_with_permission (const char* name, user_t *user, - const char *permission) -{ - return find_resource_by_name_with_permission ("user", name, user, permission); -} - -/** - * @brief Find a user given a name. - * - * @param[in] name A user name. - * @param[out] user User return, 0 if successfully failed to find user. - * - * @return FALSE on success (including if failed to find user), TRUE on error. - */ -static gboolean -find_user_by_name (const char* name, user_t *user) -{ - return find_resource_by_name ("user", name, user); -} - /** * @brief Adds a new user to the GVM installation. * @@ -39842,273 +39794,6 @@ modify_user (const gchar * user_id, gchar **name, const gchar *new_name, return 0; } -/** - * @brief User columns for user iterator. - */ -#define USER_ITERATOR_FILTER_COLUMNS \ - { GET_ITERATOR_FILTER_COLUMNS, "method", "roles", "groups", "hosts", \ - NULL } - -/** - * @brief User iterator columns. - */ -#define USER_ITERATOR_COLUMNS \ - { \ - GET_ITERATOR_COLUMNS (users), \ - { "method", NULL, KEYWORD_TYPE_STRING }, \ - { "hosts", NULL, KEYWORD_TYPE_STRING }, \ - { "hosts_allow", NULL, KEYWORD_TYPE_INTEGER }, \ - { \ - "coalesce ((SELECT group_concat (name, ', ')" \ - " FROM (SELECT DISTINCT name, order_role (name)" \ - " FROM roles, role_users" \ - " WHERE role_users.role = roles.id" \ - " AND \"user\" = users.id" \ - " ORDER BY order_role (roles.name) ASC)" \ - " AS user_iterator_sub)," \ - " '')", \ - "roles", \ - KEYWORD_TYPE_STRING \ - }, \ - { \ - "coalesce ((SELECT group_concat (name, ', ')" \ - " FROM (SELECT DISTINCT name FROM groups, group_users" \ - " WHERE group_users.\"group\" = groups.id" \ - " AND \"user\" = users.id" \ - " ORDER BY groups.name ASC)" \ - " AS user_iterator_sub)," \ - " '')", \ - "groups", \ - KEYWORD_TYPE_STRING \ - }, \ - { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ - } - -/** - * @brief User iterator columns for trash case. - */ -#define USER_ITERATOR_TRASH_COLUMNS \ - { \ - GET_ITERATOR_COLUMNS (users_trash), \ - { "method", NULL, KEYWORD_TYPE_STRING }, \ - { "hosts", NULL, KEYWORD_TYPE_STRING }, \ - { "hosts_allow", NULL, KEYWORD_TYPE_INTEGER }, \ - { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ - } - -/** - * @brief Count number of users. - * - * @param[in] get GET params. - * - * @return Total number of users in usered set. - */ -int -user_count (const get_data_t *get) -{ - static const char *filter_columns[] = USER_ITERATOR_FILTER_COLUMNS; - static column_t columns[] = USER_ITERATOR_COLUMNS; - return count ("user", get, columns, NULL, filter_columns, - 0, 0, 0, TRUE); -} - -/** - * @brief Initialise a user iterator, including observed users. - * - * @param[in] iterator Iterator. - * @param[in] get GET data. - * - * @return 0 success, 1 failed to find user, 2 failed to find user (filt_id), - * -1 error. - */ -int -init_user_iterator (iterator_t* iterator, get_data_t *get) -{ - static const char *filter_columns[] = USER_ITERATOR_FILTER_COLUMNS; - static column_t columns[] = USER_ITERATOR_COLUMNS; - static column_t trash_columns[] = USER_ITERATOR_TRASH_COLUMNS; - - return init_get_iterator (iterator, - "user", - get, - columns, - trash_columns, - filter_columns, - 0, - NULL, - NULL, - TRUE); -} - -/** - * @brief Get the method of the user from a user iterator. - * - * @param[in] iterator Iterator. - * - * @return Method of the user or NULL if iteration is complete. - */ -DEF_ACCESS (user_iterator_method, GET_ITERATOR_COLUMN_COUNT); - -/** - * @brief Get the hosts from a user iterator. - * - * @param[in] iterator Iterator. - * - * @return Hosts or NULL if iteration is complete. - */ -DEF_ACCESS (user_iterator_hosts, GET_ITERATOR_COLUMN_COUNT + 1); - -/** - * @brief Get the hosts allow value from a user iterator. - * - * @param[in] iterator Iterator. - * - * @return Hosts allow. - */ -int -user_iterator_hosts_allow (iterator_t* iterator) -{ - if (iterator->done) return -1; - return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 2); -} - -/** - * @brief Initialise an info iterator. - * - * @param[in] iterator Iterator. - * @param[in] user User. - */ -void -init_user_group_iterator (iterator_t *iterator, user_t user) -{ - gchar *available, *with_clause; - get_data_t get; - array_t *permissions; - - assert (user); - - get.trash = 0; - permissions = make_array (); - array_add (permissions, g_strdup ("get_groups")); - available = acl_where_owned ("group", &get, 1, "any", 0, permissions, 0, - &with_clause); - array_free (permissions); - - init_iterator (iterator, - "%s" - " SELECT DISTINCT id, uuid, name, %s FROM groups" - " WHERE id IN (SELECT \"group\" FROM group_users" - " WHERE \"user\" = %llu)" - " ORDER by name;", - with_clause ? with_clause : "", - available, - user); - - g_free (with_clause); - g_free (available); -} - -/** - * @brief Get the UUID from a user group iterator. - * - * @param[in] iterator Iterator. - * - * @return UUID or NULL if iteration is complete. Freed by cleanup_iterator. - */ -DEF_ACCESS (user_group_iterator_uuid, 1); - -/** - * @brief Get the NAME from a user group iterator. - * - * @param[in] iterator Iterator. - * - * @return NAME or NULL if iteration is complete. Freed by cleanup_iterator. - */ -DEF_ACCESS (user_group_iterator_name, 2); - -/** - * @brief Get the read permission status from a GET iterator. - * - * @param[in] iterator Iterator. - * - * @return 1 if may read, else 0. - */ -int -user_group_iterator_readable (iterator_t* iterator) -{ - if (iterator->done) return 0; - return iterator_int (iterator, 3); -} - -/** - * @brief Initialise an info iterator. - * - * @param[in] iterator Iterator. - * @param[in] user User. - */ -void -init_user_role_iterator (iterator_t *iterator, user_t user) -{ - gchar *available, *with_clause; - get_data_t get; - array_t *permissions; - - assert (user); - - get.trash = 0; - permissions = make_array (); - array_add (permissions, g_strdup ("get_roles")); - available = acl_where_owned ("role", &get, 1, "any", 0, permissions, 0, - &with_clause); - array_free (permissions); - - init_iterator (iterator, - "%s" - " SELECT DISTINCT id, uuid, name, order_role (name), %s" - " FROM roles" - " WHERE id IN (SELECT role FROM role_users" - " WHERE \"user\" = %llu)" - " ORDER by order_role (name);", - with_clause ? with_clause : "", - available, - user); - - g_free (with_clause); - g_free (available); -} - -/** - * @brief Get the UUID from a user role iterator. - * - * @param[in] iterator Iterator. - * - * @return UUID or NULL if iteration is complete. Freed by cleanup_iterator. - */ -DEF_ACCESS (user_role_iterator_uuid, 1); - -/** - * @brief Get the NAME from a user role iterator. - * - * @param[in] iterator Iterator. - * - * @return NAME or NULL if iteration is complete. Freed by cleanup_iterator. - */ -DEF_ACCESS (user_role_iterator_name, 2); - -/** - * @brief Get the read permission status from a GET iterator. - * - * @param[in] iterator Iterator. - * - * @return 1 if may read, else 0. - */ -int -user_role_iterator_readable (iterator_t* iterator) -{ - if (iterator->done) return 0; - return iterator_int (iterator, 4); -} - /** * @brief Check if a user still has resources that are in use. * diff --git a/src/manage_sql.h b/src/manage_sql.h index f35ce6995..7d8229e02 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -367,6 +367,10 @@ find_resource_with_permission (const char *, const char *, gboolean find_resource_by_name (const char *, const char *, resource_t *); +gboolean +find_resource_by_name_with_permission (const char *, const char *, + resource_t *, const char *); + int resource_predefined (const gchar *, resource_t); diff --git a/src/manage_sql_users.c b/src/manage_sql_users.c index 936bb5335..f0ee0ea0b 100644 --- a/src/manage_sql_users.c +++ b/src/manage_sql_users.c @@ -4,6 +4,7 @@ */ #include "manage_users.h" +#include "manage_sql_users.h" #include "manage_acl.h" #include "manage_sql.h" #include "sql.h" @@ -88,3 +89,262 @@ user_hosts_allow (const char *uuid) g_free (quoted_uuid); return allow; } + +/** + * @brief Count number of users. + * + * @param[in] get GET params. + * + * @return Total number of users in usered set. + */ +int +user_count (const get_data_t *get) +{ + static const char *filter_columns[] = USER_ITERATOR_FILTER_COLUMNS; + static column_t columns[] = USER_ITERATOR_COLUMNS; + return count ("user", get, columns, NULL, filter_columns, + 0, 0, 0, TRUE); +} + +/** + * @brief Initialise a user iterator, including observed users. + * + * @param[in] iterator Iterator. + * @param[in] get GET data. + * + * @return 0 success, 1 failed to find user, 2 failed to find user (filt_id), + * -1 error. + */ +int +init_user_iterator (iterator_t* iterator, get_data_t *get) +{ + static const char *filter_columns[] = USER_ITERATOR_FILTER_COLUMNS; + static column_t columns[] = USER_ITERATOR_COLUMNS; + static column_t trash_columns[] = USER_ITERATOR_TRASH_COLUMNS; + + return init_get_iterator (iterator, + "user", + get, + columns, + trash_columns, + filter_columns, + 0, + NULL, + NULL, + TRUE); +} + +/** + * @brief Get the method of the user from a user iterator. + * + * @param[in] iterator Iterator. + * + * @return Method of the user or NULL if iteration is complete. + */ +DEF_ACCESS (user_iterator_method, GET_ITERATOR_COLUMN_COUNT); + +/** + * @brief Get the hosts from a user iterator. + * + * @param[in] iterator Iterator. + * + * @return Hosts or NULL if iteration is complete. + */ +DEF_ACCESS (user_iterator_hosts, GET_ITERATOR_COLUMN_COUNT + 1); + +/** + * @brief Get the hosts allow value from a user iterator. + * + * @param[in] iterator Iterator. + * + * @return Hosts allow. + */ +int +user_iterator_hosts_allow (iterator_t* iterator) +{ + if (iterator->done) return -1; + return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 2); +} + +/** + * @brief Initialise an info iterator. + * + * @param[in] iterator Iterator. + * @param[in] user User. + */ +void +init_user_group_iterator (iterator_t *iterator, user_t user) +{ + gchar *available, *with_clause; + get_data_t get; + array_t *permissions; + + assert (user); + + get.trash = 0; + permissions = make_array (); + array_add (permissions, g_strdup ("get_groups")); + available = acl_where_owned ("group", &get, 1, "any", 0, permissions, 0, + &with_clause); + array_free (permissions); + + init_iterator (iterator, + "%s" + " SELECT DISTINCT id, uuid, name, %s FROM groups" + " WHERE id IN (SELECT \"group\" FROM group_users" + " WHERE \"user\" = %llu)" + " ORDER by name;", + with_clause ? with_clause : "", + available, + user); + + g_free (with_clause); + g_free (available); +} + +/** + * @brief Get the UUID from a user group iterator. + * + * @param[in] iterator Iterator. + * + * @return UUID or NULL if iteration is complete. Freed by cleanup_iterator. + */ +DEF_ACCESS (user_group_iterator_uuid, 1); + +/** + * @brief Get the NAME from a user group iterator. + * + * @param[in] iterator Iterator. + * + * @return NAME or NULL if iteration is complete. Freed by cleanup_iterator. + */ +DEF_ACCESS (user_group_iterator_name, 2); + +/** + * @brief Get the read permission status from a GET iterator. + * + * @param[in] iterator Iterator. + * + * @return 1 if may read, else 0. + */ +int +user_group_iterator_readable (iterator_t* iterator) +{ + if (iterator->done) return 0; + return iterator_int (iterator, 3); +} + +/** + * @brief Initialise an info iterator. + * + * @param[in] iterator Iterator. + * @param[in] user User. + */ +void +init_user_role_iterator (iterator_t *iterator, user_t user) +{ + gchar *available, *with_clause; + get_data_t get; + array_t *permissions; + + assert (user); + + get.trash = 0; + permissions = make_array (); + array_add (permissions, g_strdup ("get_roles")); + available = acl_where_owned ("role", &get, 1, "any", 0, permissions, 0, + &with_clause); + array_free (permissions); + + init_iterator (iterator, + "%s" + " SELECT DISTINCT id, uuid, name, order_role (name), %s" + " FROM roles" + " WHERE id IN (SELECT role FROM role_users" + " WHERE \"user\" = %llu)" + " ORDER by order_role (name);", + with_clause ? with_clause : "", + available, + user); + + g_free (with_clause); + g_free (available); +} + +/** + * @brief Get the UUID from a user role iterator. + * + * @param[in] iterator Iterator. + * + * @return UUID or NULL if iteration is complete. Freed by cleanup_iterator. + */ +DEF_ACCESS (user_role_iterator_uuid, 1); + +/** + * @brief Get the NAME from a user role iterator. + * + * @param[in] iterator Iterator. + * + * @return NAME or NULL if iteration is complete. Freed by cleanup_iterator. + */ +DEF_ACCESS (user_role_iterator_name, 2); + +/** + * @brief Get the read permission status from a GET iterator. + * + * @param[in] iterator Iterator. + * + * @return 1 if may read, else 0. + */ +int +user_role_iterator_readable (iterator_t* iterator) +{ + if (iterator->done) return 0; + return iterator_int (iterator, 4); +} + +/** + * @brief Find a user for a specific permission, given a UUID. + * + * @param[in] uuid UUID of user. + * @param[out] user User return, 0 if successfully failed to find user. + * @param[in] permission Permission. + * + * @return FALSE on success (including if failed to find user), TRUE on error. + */ +gboolean +find_user_with_permission (const char* uuid, user_t* user, + const char *permission) +{ + return find_resource_with_permission ("user", uuid, user, permission, 0); +} + +/** + * @brief Find a user given a name. + * + * @param[in] name A user name. + * @param[out] user User return, 0 if successfully failed to find user. + * @param[in] permission Permission. + * + * @return FALSE on success (including if failed to find user), TRUE on error. + */ +gboolean +find_user_by_name_with_permission (const char* name, user_t *user, + const char *permission) +{ + return find_resource_by_name_with_permission ("user", name, user, permission); +} + +/** + * @brief Find a user given a name. + * + * @param[in] name A user name. + * @param[out] user User return, 0 if successfully failed to find user. + * + * @return FALSE on success (including if failed to find user), TRUE on error. + */ +gboolean +find_user_by_name (const char* name, user_t *user) +{ + return find_resource_by_name ("user", name, user); +} diff --git a/src/manage_sql_users.h b/src/manage_sql_users.h new file mode 100644 index 000000000..1b5a4a324 --- /dev/null +++ b/src/manage_sql_users.h @@ -0,0 +1,72 @@ +/* Copyright (C) 2026 Greenbone AG + * + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +#ifndef _GVMD_MANAGE_SQL_USERS_H +#define _GVMD_MANAGE_SQL_USERS_H + +/** + * @brief User columns for user iterator. + */ +#define USER_ITERATOR_FILTER_COLUMNS \ + { GET_ITERATOR_FILTER_COLUMNS, "method", "roles", "groups", "hosts", \ + NULL } + +/** + * @brief User iterator columns. + */ +#define USER_ITERATOR_COLUMNS \ + { \ + GET_ITERATOR_COLUMNS (users), \ + { "method", NULL, KEYWORD_TYPE_STRING }, \ + { "hosts", NULL, KEYWORD_TYPE_STRING }, \ + { "hosts_allow", NULL, KEYWORD_TYPE_INTEGER }, \ + { \ + "coalesce ((SELECT group_concat (name, ', ')" \ + " FROM (SELECT DISTINCT name, order_role (name)" \ + " FROM roles, role_users" \ + " WHERE role_users.role = roles.id" \ + " AND \"user\" = users.id" \ + " ORDER BY order_role (roles.name) ASC)" \ + " AS user_iterator_sub)," \ + " '')", \ + "roles", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "coalesce ((SELECT group_concat (name, ', ')" \ + " FROM (SELECT DISTINCT name FROM groups, group_users" \ + " WHERE group_users.\"group\" = groups.id" \ + " AND \"user\" = users.id" \ + " ORDER BY groups.name ASC)" \ + " AS user_iterator_sub)," \ + " '')", \ + "groups", \ + KEYWORD_TYPE_STRING \ + }, \ + { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ + } + +/** + * @brief User iterator columns for trash case. + */ +#define USER_ITERATOR_TRASH_COLUMNS \ + { \ + GET_ITERATOR_COLUMNS (users_trash), \ + { "method", NULL, KEYWORD_TYPE_STRING }, \ + { "hosts", NULL, KEYWORD_TYPE_STRING }, \ + { "hosts_allow", NULL, KEYWORD_TYPE_INTEGER }, \ + { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ + } + +gboolean +find_user_with_permission (const char *, user_t *, const char *); + +gboolean +find_user_by_name_with_permission (const char *, user_t *, const char *); + +gboolean +find_user_by_name (const char *, user_t *); + +#endif //_GVMD_MANAGE_SQL_USERS_H diff --git a/src/manage_users.h b/src/manage_users.h index 4f18dfcc8..7895d25cd 100644 --- a/src/manage_users.h +++ b/src/manage_users.h @@ -6,6 +6,7 @@ #ifndef _GVMD_MANAGE_USERS_H #define _GVMD_MANAGE_USERS_H +#include "manage_get.h" #include "manage_resources.h" gchar * @@ -32,4 +33,43 @@ user_hosts (const char *); int user_hosts_allow (const char *); +int +init_user_iterator (iterator_t *, get_data_t *); + +const char* +user_iterator_role (iterator_t *); + +const char* +user_iterator_method (iterator_t *); + +const char* +user_iterator_hosts (iterator_t *); + +int +user_iterator_hosts_allow (iterator_t *); + +void +init_user_group_iterator (iterator_t *, user_t); + +const char* +user_group_iterator_uuid (iterator_t *); + +const char* +user_group_iterator_name (iterator_t *); + +int +user_group_iterator_readable (iterator_t *); + +void +init_user_role_iterator (iterator_t *, user_t); + +const char* +user_role_iterator_uuid (iterator_t *); + +const char* +user_role_iterator_name (iterator_t *); + +int +user_role_iterator_readable (iterator_t *); + #endif /* not _GVMD_MANAGE_USERS_H */