diff --git a/src/manage.h b/src/manage.h index cd3ffcf52..83f60c316 100644 --- a/src/manage.h +++ b/src/manage.h @@ -3214,9 +3214,6 @@ copy_user (const char*, const char*, const char*, user_t*); gchar * keyfile_to_auth_conf_settings_xml (const gchar *); -int -delete_user (const char *, const char *, int, const char*, const char*); - int modify_user (const gchar *, gchar **, const gchar *, const gchar *, const gchar*, const gchar *, int, diff --git a/src/manage_sql.c b/src/manage_sql.c index a8922de8d..ad7da44e3 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -304,11 +304,6 @@ type_where_columns (const char *type); static char* trash_target_comment (target_t); -static int -user_resources_in_use (user_t, - const char *, int(*)(resource_t), - const char *, int(*)(resource_t)); - static const char** type_filter_columns (const char *); @@ -3664,7 +3659,7 @@ task_iterator_opts_table (int override, int min_qod, int ignore_severity) * @param[in] trash Whether to iterate over trashcan tasks. * @param[in] ignore_severity Whether to ignore severity data. */ -static void +void init_user_task_iterator (iterator_t* iterator, int trash, int ignore_severity) { static column_t select_columns[] = TASK_ITERATOR_COLUMNS; @@ -38246,711 +38241,6 @@ copy_user (const char* name, const char* comment, const char *user_id, return ret; } -/** - * @brief Delete a user. - * - * @param[in] user_id_arg UUID of user. - * @param[in] name_arg Name of user. Overridden by user_id. - * @param[in] forbid_super_admin Whether to forbid removal of Super Admin. - * @param[in] inheritor_id UUID of user who will inherit owned objects. - * @param[in] inheritor_name Name of user who will inherit owned objects. - * - * @return 0 success, 2 failed to find user, 4 user has active tasks, - * 5 attempted suicide, 6 inheritor not found, 7 inheritor same as - * deleted user, 8 invalid inheritor, 9 resources still in use, - * 10 user is 'Feed Import Owner' 99 permission denied, -1 error. - */ -int -delete_user (const char *user_id_arg, const char *name_arg, - int forbid_super_admin, - const char* inheritor_id, const char *inheritor_name) -{ - iterator_t tasks; - user_t user, inheritor; - get_data_t get; - char *current_uuid, *feed_owner_id; - gboolean has_rows; - iterator_t rows; - gchar *deleted_user_id; - - assert (user_id_arg || name_arg); - - if (current_credentials.username && current_credentials.uuid) - { - if (user_id_arg) - { - if (strcmp (user_id_arg, current_credentials.uuid) == 0) - return 5; - } - else if (name_arg - && (strcmp (name_arg, current_credentials.username) == 0)) - return 5; - } - - sql_begin_immediate (); - - if (acl_user_may ("delete_user") == 0) - { - sql_rollback (); - return 99; - } - - user = 0; - if (user_id_arg) - { - if (forbid_super_admin - && (strcmp (user_id_arg, ROLE_UUID_SUPER_ADMIN) == 0)) - { - sql_rollback (); - return 99; - } - - if (find_user_with_permission (user_id_arg, &user, "delete_user")) - { - sql_rollback (); - return -1; - } - } - else if (find_user_by_name_with_permission (name_arg, &user, "delete_user")) - { - sql_rollback (); - return -1; - } - - if (user == 0) - return 2; - - setting_value (SETTING_UUID_FEED_IMPORT_OWNER, &feed_owner_id); - if (feed_owner_id) - { - char *uuid; - - uuid = user_uuid (user); - if (strcmp (uuid, feed_owner_id) == 0) - { - free (uuid); - free (feed_owner_id); - sql_rollback (); - return 10; - } - free (feed_owner_id); - free (uuid); - } - - if (forbid_super_admin) - { - char *uuid; - - uuid = user_uuid (user); - if (acl_user_is_super_admin (uuid)) - { - free (uuid); - sql_rollback (); - return 99; - } - free (uuid); - } - - /* Fail if there are any active tasks. */ - - memset (&get, '\0', sizeof (get)); - current_uuid = current_credentials.uuid; - current_credentials.uuid = sql_string ("SELECT uuid FROM users" - " WHERE id = %llu;", - user); - init_user_task_iterator (&tasks, 0, 1); - while (next (&tasks)) - switch (task_iterator_run_status (&tasks)) - { - case TASK_STATUS_DELETE_REQUESTED: - case TASK_STATUS_DELETE_ULTIMATE_REQUESTED: - case TASK_STATUS_DELETE_ULTIMATE_WAITING: - case TASK_STATUS_DELETE_WAITING: - case TASK_STATUS_REQUESTED: - case TASK_STATUS_RUNNING: - case TASK_STATUS_QUEUED: - case TASK_STATUS_STOP_REQUESTED: - case TASK_STATUS_STOP_WAITING: - case TASK_STATUS_PROCESSING: - { - cleanup_iterator (&tasks); - free (current_credentials.uuid); - current_credentials.uuid = current_uuid; - sql_rollback (); - return 4; - } - default: - break; - } - cleanup_iterator (&tasks); - free (current_credentials.uuid); - current_credentials.uuid = current_uuid; - - /* Check if there's an inheritor. */ - - if (inheritor_id && strcmp (inheritor_id, "")) - { - if (strcmp (inheritor_id, "self") == 0) - { - sql_int64 (&inheritor, "SELECT id FROM users WHERE uuid = '%s'", - current_credentials.uuid); - - if (inheritor == 0) - { - sql_rollback (); - return -1; - } - } - else - { - if (find_user_with_permission (inheritor_id, &inheritor, "get_users")) - { - sql_rollback (); - return -1; - } - - if (inheritor == 0) - { - sql_rollback (); - return 6; - } - } - } - else if (inheritor_name && strcmp (inheritor_name, "")) - { - if (find_user_by_name_with_permission (inheritor_name, &inheritor, - "get_users")) - { - sql_rollback (); - return -1; - } - - if (inheritor == 0) - { - sql_rollback (); - return 6; - } - } - else - inheritor = 0; - - if (inheritor) - { - gchar *deleted_user_name; - gchar *real_inheritor_id, *real_inheritor_name; - - /* Transfer ownership of objects to the inheritor. */ - - if (inheritor == user) - { - sql_rollback (); - return 7; - } - - real_inheritor_id = user_uuid (inheritor); - - /* Only the current user, owned users or global users may inherit. */ - if (current_credentials.uuid - && strcmp (current_credentials.uuid, "") - && strcmp (real_inheritor_id, current_credentials.uuid) - && sql_int ("SELECT NOT (" ACL_IS_GLOBAL () ")" - " FROM users WHERE id = %llu", - inheritor) - && ! acl_user_owns ("user", inheritor, 0) - && sql_int ("SELECT owner != 0 FROM users WHERE id = %llu", - inheritor)) - { - g_free (real_inheritor_id); - sql_rollback (); - return 8; - } - - deleted_user_id = user_uuid (user); - deleted_user_name = user_name (deleted_user_id); - real_inheritor_name = user_name (real_inheritor_id); - - g_log ("event user", G_LOG_LEVEL_MESSAGE, - "User %s (%s) is inheriting from %s (%s)", - real_inheritor_name, real_inheritor_id, - deleted_user_name, deleted_user_id); - - g_free (deleted_user_name); - g_free (real_inheritor_id); - g_free (real_inheritor_name); - - /* Transfer owned resources. */ - - sql ("UPDATE alerts SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE alerts_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE configs SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE configs_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE credentials SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE credentials_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE host_identifiers SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE host_oss SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE hosts SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE filters SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE filters_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE notes SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE notes_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE oss SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE permissions SET owner = %llu WHERE owner = %llu", - inheritor, user); - - inherit_port_lists (user, inheritor); - - sql ("UPDATE reports SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE report_counts SET \"user\" = %llu WHERE \"user\" = %llu", - inheritor, user); - sql ("UPDATE reports SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE results SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE results_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - - sql ("UPDATE overrides SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE overrides_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE permissions SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE permissions_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE scanners SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE scanners_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE schedules SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE schedules_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("DELETE FROM tag_resources" - " WHERE resource_type = 'user' AND resource = %llu;", - user); - sql ("UPDATE tags SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("DELETE FROM tag_resources_trash" - " WHERE resource_type = 'user' AND resource = %llu;", - user); - sql ("UPDATE tags_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE targets SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE targets_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - - sql ("UPDATE tasks SET owner = %llu WHERE owner = %llu;", - inheritor, user); - - inherit_tickets (user, inheritor); - inherit_tls_certificates (user, inheritor); - - sql ("UPDATE groups SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE roles SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE users SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE groups_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE roles_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - - sql ("UPDATE report_configs SET owner = %llu WHERE owner = %llu;", - inheritor, user); - sql ("UPDATE report_configs_trash SET owner = %llu WHERE owner = %llu;", - inheritor, user); - - /* Report Formats. */ - - has_rows = inherit_report_formats (user, inheritor, &rows); - - /* Delete user. */ - - sql ("DELETE FROM group_users WHERE \"user\" = %llu;", user); - sql ("DELETE FROM group_users_trash WHERE \"user\" = %llu;", user); - sql ("DELETE FROM role_users WHERE \"user\" = %llu;", user); - sql ("DELETE FROM role_users_trash WHERE \"user\" = %llu;", user); - - delete_permissions_cache_for_user (user); - - sql ("DELETE FROM settings WHERE owner = %llu;", user); - sql ("DELETE FROM users WHERE id = %llu;", user); - - /* Very last: report formats dirs. */ - - if (deleted_user_id == NULL) - g_warning ("%s: deleted_user_id NULL, skipping dirs", __func__); - else if (has_rows) - do - { - inherit_report_format_dir (iterator_string (&rows, 0), - deleted_user_id, - inheritor); - } while (next (&rows)); - - g_free (deleted_user_id); - cleanup_iterator (&rows); - - sql_commit (); - - return 0; - } - - /* Delete settings and miscellaneous resources not referenced directly. */ - - /* Settings. */ - sql ("DELETE FROM settings WHERE owner = %llu;", user); - - /* Delete data modifiers (not directly referenced) */ - - /* Notes. */ - sql ("DELETE FROM notes WHERE owner = %llu;", user); - sql ("DELETE FROM notes_trash WHERE owner = %llu;", user); - - /* Overrides. */ - sql ("DELETE FROM overrides WHERE owner = %llu;", user); - sql ("DELETE FROM overrides_trash WHERE owner = %llu;", user); - - /* Tags. */ - sql ("DELETE FROM tag_resources" - " WHERE resource_type = 'user' AND resource = %llu;", - user); - sql ("DELETE FROM tag_resources" - " WHERE tag IN (SELECT id FROM tags WHERE owner = %llu);", - user); - sql ("DELETE FROM tags WHERE owner = %llu;", user); - sql ("DELETE FROM tag_resources_trash" - " WHERE resource_type = 'user' AND resource = %llu;", - user); - sql ("DELETE FROM tag_resources_trash" - " WHERE tag IN (SELECT id FROM tags_trash WHERE owner = %llu);", - user); - sql ("DELETE FROM tags_trash WHERE owner = %llu;", user); - - delete_tickets_user (user); - - delete_tls_certificates_user (user); - - /* Delete assets (not directly referenced). */ - - /* Hosts. */ - sql ("DELETE FROM host_details WHERE host IN" - " (SELECT id FROM hosts WHERE owner = %llu);", user); - sql ("DELETE FROM host_max_severities WHERE host IN" - " (SELECT id FROM hosts WHERE owner = %llu);", user); - sql ("DELETE FROM host_identifiers WHERE owner = %llu;", user); - sql ("DELETE FROM host_oss WHERE owner = %llu;", user); - sql ("DELETE FROM hosts WHERE owner = %llu;", user); - - /* OSs. */ - sql ("DELETE FROM oss WHERE owner = %llu;", user); - - /* Delete report data and tasks (not directly referenced). */ - - /* Counts. */ - sql ("DELETE FROM report_counts WHERE \"user\" = %llu", user); - sql ("DELETE FROM report_counts" - " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", - user); - - /* Hosts. */ - sql ("DELETE FROM report_host_details" - " WHERE report_host IN (SELECT id FROM report_hosts" - " WHERE report IN (SELECT id FROM reports" - " WHERE owner = %llu));", - user); - sql ("DELETE FROM report_hosts" - " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", - user); - - /* Results. */ - sql ("DELETE FROM results" - " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", - user); - sql ("DELETE FROM results_trash" - " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", - user); - - /* Reports. */ - sql ("DELETE FROM result_nvt_reports" - " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", - user); - sql ("DELETE FROM reports WHERE owner = %llu;", user); - - /* Delete tasks (not directly referenced). */ - - if (user_resources_in_use (user, - "tasks", target_in_use, - NULL, NULL)) - { - sql_rollback (); - return 9; - } - tickets_remove_tasks_user (user); - sql ("DELETE FROM task_alerts" - " WHERE task IN (SELECT id FROM tasks WHERE owner = %llu);", - user); - sql ("DELETE FROM task_files" - " WHERE task IN (SELECT id FROM tasks WHERE owner = %llu);", - user); - sql ("DELETE FROM task_preferences" - " WHERE task IN (SELECT id FROM tasks WHERE owner = %llu);", - user); - sql ("DELETE FROM tasks WHERE owner = %llu;", user); - - /* Delete resources directly used by tasks. */ - - /* Alerts. */ - if (user_resources_in_use (user, - "alerts", alert_in_use, - "alerts_trash", trash_alert_in_use)) - { - sql_rollback (); - return 9; - } - sql ("DELETE FROM alert_condition_data" - " WHERE alert IN (SELECT id FROM alerts WHERE owner = %llu);", - user); - sql ("DELETE FROM alert_condition_data_trash" - " WHERE alert IN (SELECT id FROM alerts_trash WHERE owner = %llu);", - user); - sql ("DELETE FROM alert_event_data" - " WHERE alert IN (SELECT id FROM alerts WHERE owner = %llu);", - user); - sql ("DELETE FROM alert_event_data_trash" - " WHERE alert IN (SELECT id FROM alerts_trash WHERE owner = %llu);", - user); - sql ("DELETE FROM alert_method_data" - " WHERE alert IN (SELECT id FROM alerts WHERE owner = %llu);", - user); - sql ("DELETE FROM alert_method_data_trash" - " WHERE alert IN (SELECT id FROM alerts_trash WHERE owner = %llu);", - user); - sql ("DELETE FROM alerts WHERE owner = %llu;", user); - sql ("DELETE FROM alerts_trash WHERE owner = %llu;", user); - - /* Configs. */ - if (user_resources_in_use (user, - "configs", config_in_use, - "configs_trash", trash_config_in_use)) - { - sql_rollback (); - return 9; - } - sql ("DELETE FROM nvt_selectors" - " WHERE name IN (SELECT nvt_selector FROM configs WHERE owner = %llu)" - " AND name != '" MANAGE_NVT_SELECTOR_UUID_ALL "';", - user); - sql ("DELETE FROM config_preferences" - " WHERE config IN (SELECT id FROM configs WHERE owner = %llu);", - user); - sql ("DELETE FROM config_preferences_trash" - " WHERE config IN (SELECT id FROM configs_trash WHERE owner = %llu);", - user); - sql ("DELETE FROM configs WHERE owner = %llu;", user); - sql ("DELETE FROM configs_trash WHERE owner = %llu;", user); - - /* Scanners. */ - if (user_resources_in_use (user, - "scanners", scanner_in_use, - "scanners_trash", trash_scanner_in_use)) - { - sql_rollback (); - return 9; - } - sql ("DELETE FROM scanners WHERE owner = %llu;", user); - sql ("DELETE FROM scanners_trash WHERE owner = %llu;", user); - - /* Schedules. */ - if (user_resources_in_use (user, - "schedules", schedule_in_use, - "schedules_trash", trash_schedule_in_use)) - { - sql_rollback (); - return 9; - } - sql ("DELETE FROM schedules WHERE owner = %llu;", user); - sql ("DELETE FROM schedules_trash WHERE owner = %llu;", user); - - /* Targets. */ - if (user_resources_in_use (user, - "targets", target_in_use, - "targets_trash", trash_target_in_use)) - { - sql_rollback (); - return 9; - } - sql ("DELETE FROM targets_login_data WHERE target IN" - " (SELECT id FROM targets WHERE owner = %llu);", user); - sql ("DELETE FROM targets_trash_login_data WHERE target IN" - " (SELECT id FROM targets_trash WHERE owner = %llu);", user); - sql ("DELETE FROM targets WHERE owner = %llu;", user); - sql ("DELETE FROM targets_trash WHERE owner = %llu;", user); - -#if ENABLE_CONTAINER_SCANNING - /* OCI Image Targets. */ - if (user_resources_in_use (user, - "oci_image_targets", - oci_image_target_in_use, - "oci_image_targets_trash", - trash_oci_image_target_in_use)) - { - sql_rollback (); - return 9; - } - sql ("DELETE FROM oci_image_targets WHERE owner = %llu;", user); - sql ("DELETE FROM oci_image_targets_trash WHERE owner = %llu;", user); -#endif /* ENABLE_CONTAINER_SCANNING */ - - /* Delete resources used indirectly by tasks */ - - /* Filters (used by alerts and settings). */ - if (user_resources_in_use (user, - "filters", filter_in_use, - "filters_trash", trash_filter_in_use)) - { - sql_rollback (); - return 9; - } - sql ("DELETE FROM filters WHERE owner = %llu;", user); - sql ("DELETE FROM filters_trash WHERE owner = %llu;", user); - - /* Port lists (used by targets). */ - if (user_resources_in_use (user, - "port_lists", port_list_in_use, - "port_lists_trash", trash_port_list_in_use)) - { - sql_rollback (); - return 9; - } - delete_port_lists_user (user); - - /* Check credentials before deleting report formats, because we can't - * rollback the deletion of the report format dirs. */ - if (user_resources_in_use (user, - "credentials", credential_in_use, - "credentials_trash", trash_credential_in_use)) - { - sql_rollback (); - return 9; - } - - /* Check report formats (used by alerts). */ - if (user_resources_in_use (user, - "report_formats", - report_format_in_use, - "report_formats_trash", - trash_report_format_in_use)) - { - sql_rollback (); - return 9; - } - - /* Delete credentials last because they can be used in various places */ - - sql ("DELETE FROM credentials_data WHERE credential IN" - " (SELECT id FROM credentials WHERE owner = %llu);", - user); - sql ("DELETE FROM credentials_trash_data WHERE credential IN" - " (SELECT id FROM credentials_trash WHERE owner = %llu);", - user); - - sql ("DELETE FROM credentials WHERE owner = %llu;", user); - sql ("DELETE FROM credentials_trash WHERE owner = %llu;", user); - - /* Make permissions global if they are owned by the user and are related - * to users/groups/roles that are owned by the user. */ - - sql ("UPDATE permissions SET owner = NULL" - " WHERE owner = %llu" - " AND ((subject_type = 'user' AND subject IN (SELECT id FROM users WHERE owner = %llu))" - " OR (subject_type = 'group' AND subject IN (SELECT id FROM groups WHERE owner = %llu))" - " OR (subject_type = 'role' AND subject IN (SELECT id FROM roles WHERE owner = %llu))" - " OR (resource_type = 'user' AND resource IN (SELECT id FROM users WHERE owner = %llu))" - " OR (resource_type = 'group' AND resource IN (SELECT id FROM groups WHERE owner = %llu))" - " OR (resource_type = 'role' AND resource IN (SELECT id FROM roles WHERE owner = %llu)));", - user, - user, - user, - user, - user, - user, - user); - - /* Make users, roles and groups global if they are owned by the user. */ - - sql ("UPDATE users SET owner = NULL WHERE owner = %llu;", user); - sql ("UPDATE roles SET owner = NULL WHERE owner = %llu;", user); - sql ("UPDATE groups SET owner = NULL WHERE owner = %llu;", user); - sql ("UPDATE roles_trash SET owner = NULL WHERE owner = %llu;", user); - sql ("UPDATE groups_trash SET owner = NULL WHERE owner = %llu;", user); - - /* Remove all other permissions owned by the user or given on the user. */ - - sql ("DELETE FROM permissions" - " WHERE owner = %llu" - " OR subject_type = 'user' AND subject = %llu" - " OR (resource_type = 'user' AND resource = %llu);", /* For Super. */ - user, - user, - user); - sql ("DELETE FROM permissions_get_tasks WHERE \"user\" = %llu;", user); - - /* Delete permissions granted by the user. */ - - sql ("DELETE FROM permissions WHERE owner = %llu;", user); - sql ("DELETE FROM permissions_trash WHERE owner = %llu;", user); - - /* Remove user from groups and roles. */ - - sql ("DELETE FROM group_users WHERE \"user\" = %llu;", user); - sql ("DELETE FROM group_users_trash WHERE \"user\" = %llu;", user); - sql ("DELETE FROM role_users WHERE \"user\" = %llu;", user); - sql ("DELETE FROM role_users_trash WHERE \"user\" = %llu;", user); - - /* Delete report configs */ - - delete_report_configs_user (user); - - /* Delete report formats. */ - - has_rows = delete_report_formats_user (user, &rows); - - /* Delete user. */ - - deleted_user_id = user_uuid (user); - - sql ("DELETE FROM users WHERE id = %llu;", user); - - /* Delete report format dirs. */ - - if (deleted_user_id) - delete_report_format_dirs_user (deleted_user_id, has_rows ? &rows : NULL); - else - g_warning ("%s: deleted_user_id NULL, skipping removal of report formats dir", - __func__); - - sql_commit (); - return 0; -} - /** * @brief Modify a user. * @@ -39297,53 +38587,6 @@ modify_user (const gchar * user_id, gchar **name, const gchar *new_name, return 0; } -/** - * @brief Check if a user still has resources that are in use. - * - * @param[in] user The user to check. - * @param[in] table The table to check for resources in use. - * @param[in] in_use Function to check if a resource is in use. - * @param[in] trash_table The trash table to check for resources in use. - * @param[in] trash_in_use Function to check if a trash resource is in use. - * - * @return 0 no resources in use, 1 found resources used by user. - */ -static int -user_resources_in_use (user_t user, - const char *table, int(*in_use)(resource_t), - const char *trash_table, int(*trash_in_use)(resource_t)) -{ - iterator_t iter; - int has_resource_in_use = 0; - - init_iterator (&iter, "SELECT id FROM %s WHERE owner = %llu", - table, user); - while (next (&iter) && has_resource_in_use == 0) - { - resource_t resource = iterator_int64 (&iter, 0); - has_resource_in_use = in_use (resource); - } - cleanup_iterator (&iter); - if (has_resource_in_use) - return 1; - - if (trash_table == NULL || trash_in_use == NULL) - return 0; - - init_iterator (&iter, "SELECT id FROM %s WHERE owner = %llu", - trash_table, user); - while (next (&iter) && has_resource_in_use == 0) - { - resource_t resource = iterator_int64 (&iter, 0); - has_resource_in_use = trash_in_use (resource); - } - cleanup_iterator (&iter); - if (has_resource_in_use) - return 2; - - return 0; -} - /** * @brief Filter columns for vuln iterator. */ diff --git a/src/manage_sql.h b/src/manage_sql.h index 273f920e4..5ed21c788 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -490,6 +490,9 @@ permissions_set_subjects (const char *, resource_t, resource_t, int); void cache_all_permissions_for_users (GArray *); +void +init_user_task_iterator (iterator_t *, int, int); + int copy_resource (const char *, const char *, const char *, const char *, const char *, int, resource_t *, resource_t *); diff --git a/src/manage_sql_users.c b/src/manage_sql_users.c index d2a4e1798..26b852754 100644 --- a/src/manage_sql_users.c +++ b/src/manage_sql_users.c @@ -7,9 +7,17 @@ #include "manage_sql_users.h" #include "manage_acl.h" #include "manage_authentication.h" +#include "manage_filters.h" +#include "manage_port_lists.h" +#include "manage_report_formats.h" #include "manage_sql.h" #include "manage_sql_groups.h" +#include "manage_sql_port_lists.h" +#include "manage_sql_report_configs.h" +#include "manage_sql_report_formats.h" #include "manage_sql_roles.h" +#include "manage_sql_tickets.h" +#include "manage_sql_tls_certificates.h" #include "sql.h" #include @@ -868,3 +876,755 @@ create_user (const gchar * name, const gchar * password, const gchar *comment, sql_commit (); return 0; } + +/** + * @brief Check if a user still has resources that are in use. + * + * @param[in] user The user to check. + * @param[in] table The table to check for resources in use. + * @param[in] in_use Function to check if a resource is in use. + * @param[in] trash_table The trash table to check for resources in use. + * @param[in] trash_in_use Function to check if a trash resource is in use. + * + * @return 0 no resources in use, 1 found resources used by user. + */ +static int +user_resources_in_use (user_t user, + const char *table, int(*in_use)(resource_t), + const char *trash_table, int(*trash_in_use)(resource_t)) +{ + iterator_t iter; + int has_resource_in_use = 0; + + init_iterator (&iter, "SELECT id FROM %s WHERE owner = %llu", + table, user); + while (next (&iter) && has_resource_in_use == 0) + { + resource_t resource = iterator_int64 (&iter, 0); + has_resource_in_use = in_use (resource); + } + cleanup_iterator (&iter); + if (has_resource_in_use) + return 1; + + if (trash_table == NULL || trash_in_use == NULL) + return 0; + + init_iterator (&iter, "SELECT id FROM %s WHERE owner = %llu", + trash_table, user); + while (next (&iter) && has_resource_in_use == 0) + { + resource_t resource = iterator_int64 (&iter, 0); + has_resource_in_use = trash_in_use (resource); + } + cleanup_iterator (&iter); + if (has_resource_in_use) + return 2; + + return 0; +} + +/** + * @brief Delete a user. + * + * @param[in] user_id_arg UUID of user. + * @param[in] name_arg Name of user. Overridden by user_id. + * @param[in] forbid_super_admin Whether to forbid removal of Super Admin. + * @param[in] inheritor_id UUID of user who will inherit owned objects. + * @param[in] inheritor_name Name of user who will inherit owned objects. + * + * @return 0 success, 2 failed to find user, 4 user has active tasks, + * 5 attempted suicide, 6 inheritor not found, 7 inheritor same as + * deleted user, 8 invalid inheritor, 9 resources still in use, + * 10 user is 'Feed Import Owner' 99 permission denied, -1 error. + */ +int +delete_user (const char *user_id_arg, const char *name_arg, + int forbid_super_admin, + const char* inheritor_id, const char *inheritor_name) +{ + iterator_t tasks; + user_t user, inheritor; + get_data_t get; + char *current_uuid, *feed_owner_id; + gboolean has_rows; + iterator_t rows; + gchar *deleted_user_id; + + assert (user_id_arg || name_arg); + + if (current_credentials.username && current_credentials.uuid) + { + if (user_id_arg) + { + if (strcmp (user_id_arg, current_credentials.uuid) == 0) + return 5; + } + else if (name_arg + && (strcmp (name_arg, current_credentials.username) == 0)) + return 5; + } + + sql_begin_immediate (); + + if (acl_user_may ("delete_user") == 0) + { + sql_rollback (); + return 99; + } + + user = 0; + if (user_id_arg) + { + if (forbid_super_admin + && (strcmp (user_id_arg, ROLE_UUID_SUPER_ADMIN) == 0)) + { + sql_rollback (); + return 99; + } + + if (find_user_with_permission (user_id_arg, &user, "delete_user")) + { + sql_rollback (); + return -1; + } + } + else if (find_user_by_name_with_permission (name_arg, &user, "delete_user")) + { + sql_rollback (); + return -1; + } + + if (user == 0) + return 2; + + setting_value (SETTING_UUID_FEED_IMPORT_OWNER, &feed_owner_id); + if (feed_owner_id) + { + char *uuid; + + uuid = user_uuid (user); + if (strcmp (uuid, feed_owner_id) == 0) + { + free (uuid); + free (feed_owner_id); + sql_rollback (); + return 10; + } + free (feed_owner_id); + free (uuid); + } + + if (forbid_super_admin) + { + char *uuid; + + uuid = user_uuid (user); + if (acl_user_is_super_admin (uuid)) + { + free (uuid); + sql_rollback (); + return 99; + } + free (uuid); + } + + /* Fail if there are any active tasks. */ + + memset (&get, '\0', sizeof (get)); + current_uuid = current_credentials.uuid; + current_credentials.uuid = sql_string ("SELECT uuid FROM users" + " WHERE id = %llu;", + user); + init_user_task_iterator (&tasks, 0, 1); + while (next (&tasks)) + switch (task_iterator_run_status (&tasks)) + { + case TASK_STATUS_DELETE_REQUESTED: + case TASK_STATUS_DELETE_ULTIMATE_REQUESTED: + case TASK_STATUS_DELETE_ULTIMATE_WAITING: + case TASK_STATUS_DELETE_WAITING: + case TASK_STATUS_REQUESTED: + case TASK_STATUS_RUNNING: + case TASK_STATUS_QUEUED: + case TASK_STATUS_STOP_REQUESTED: + case TASK_STATUS_STOP_WAITING: + case TASK_STATUS_PROCESSING: + { + cleanup_iterator (&tasks); + free (current_credentials.uuid); + current_credentials.uuid = current_uuid; + sql_rollback (); + return 4; + } + default: + break; + } + cleanup_iterator (&tasks); + free (current_credentials.uuid); + current_credentials.uuid = current_uuid; + + /* Check if there's an inheritor. */ + + if (inheritor_id && strcmp (inheritor_id, "")) + { + if (strcmp (inheritor_id, "self") == 0) + { + sql_int64 (&inheritor, "SELECT id FROM users WHERE uuid = '%s'", + current_credentials.uuid); + + if (inheritor == 0) + { + sql_rollback (); + return -1; + } + } + else + { + if (find_user_with_permission (inheritor_id, &inheritor, "get_users")) + { + sql_rollback (); + return -1; + } + + if (inheritor == 0) + { + sql_rollback (); + return 6; + } + } + } + else if (inheritor_name && strcmp (inheritor_name, "")) + { + if (find_user_by_name_with_permission (inheritor_name, &inheritor, + "get_users")) + { + sql_rollback (); + return -1; + } + + if (inheritor == 0) + { + sql_rollback (); + return 6; + } + } + else + inheritor = 0; + + if (inheritor) + { + gchar *deleted_user_name; + gchar *real_inheritor_id, *real_inheritor_name; + + /* Transfer ownership of objects to the inheritor. */ + + if (inheritor == user) + { + sql_rollback (); + return 7; + } + + real_inheritor_id = user_uuid (inheritor); + + /* Only the current user, owned users or global users may inherit. */ + if (current_credentials.uuid + && strcmp (current_credentials.uuid, "") + && strcmp (real_inheritor_id, current_credentials.uuid) + && sql_int ("SELECT NOT (" ACL_IS_GLOBAL () ")" + " FROM users WHERE id = %llu", + inheritor) + && ! acl_user_owns ("user", inheritor, 0) + && sql_int ("SELECT owner != 0 FROM users WHERE id = %llu", + inheritor)) + { + g_free (real_inheritor_id); + sql_rollback (); + return 8; + } + + deleted_user_id = user_uuid (user); + deleted_user_name = user_name (deleted_user_id); + real_inheritor_name = user_name (real_inheritor_id); + + g_log ("event user", G_LOG_LEVEL_MESSAGE, + "User %s (%s) is inheriting from %s (%s)", + real_inheritor_name, real_inheritor_id, + deleted_user_name, deleted_user_id); + + g_free (deleted_user_name); + g_free (real_inheritor_id); + g_free (real_inheritor_name); + + /* Transfer owned resources. */ + + sql ("UPDATE alerts SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE alerts_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE configs SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE configs_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE credentials SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE credentials_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE host_identifiers SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE host_oss SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE hosts SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE filters SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE filters_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE notes SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE notes_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE oss SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE permissions SET owner = %llu WHERE owner = %llu", + inheritor, user); + + inherit_port_lists (user, inheritor); + + sql ("UPDATE reports SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE report_counts SET \"user\" = %llu WHERE \"user\" = %llu", + inheritor, user); + sql ("UPDATE reports SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE results SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE results_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + + sql ("UPDATE overrides SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE overrides_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE permissions SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE permissions_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE scanners SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE scanners_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE schedules SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE schedules_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("DELETE FROM tag_resources" + " WHERE resource_type = 'user' AND resource = %llu;", + user); + sql ("UPDATE tags SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("DELETE FROM tag_resources_trash" + " WHERE resource_type = 'user' AND resource = %llu;", + user); + sql ("UPDATE tags_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE targets SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE targets_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + + sql ("UPDATE tasks SET owner = %llu WHERE owner = %llu;", + inheritor, user); + + inherit_tickets (user, inheritor); + inherit_tls_certificates (user, inheritor); + + sql ("UPDATE groups SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE roles SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE users SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE groups_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE roles_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + + sql ("UPDATE report_configs SET owner = %llu WHERE owner = %llu;", + inheritor, user); + sql ("UPDATE report_configs_trash SET owner = %llu WHERE owner = %llu;", + inheritor, user); + + /* Report Formats. */ + + has_rows = inherit_report_formats (user, inheritor, &rows); + + /* Delete user. */ + + sql ("DELETE FROM group_users WHERE \"user\" = %llu;", user); + sql ("DELETE FROM group_users_trash WHERE \"user\" = %llu;", user); + sql ("DELETE FROM role_users WHERE \"user\" = %llu;", user); + sql ("DELETE FROM role_users_trash WHERE \"user\" = %llu;", user); + + delete_permissions_cache_for_user (user); + + sql ("DELETE FROM settings WHERE owner = %llu;", user); + sql ("DELETE FROM users WHERE id = %llu;", user); + + /* Very last: report formats dirs. */ + + if (deleted_user_id == NULL) + g_warning ("%s: deleted_user_id NULL, skipping dirs", __func__); + else if (has_rows) + do + { + inherit_report_format_dir (iterator_string (&rows, 0), + deleted_user_id, + inheritor); + } while (next (&rows)); + + g_free (deleted_user_id); + cleanup_iterator (&rows); + + sql_commit (); + + return 0; + } + + /* Delete settings and miscellaneous resources not referenced directly. */ + + /* Settings. */ + sql ("DELETE FROM settings WHERE owner = %llu;", user); + + /* Delete data modifiers (not directly referenced) */ + + /* Notes. */ + sql ("DELETE FROM notes WHERE owner = %llu;", user); + sql ("DELETE FROM notes_trash WHERE owner = %llu;", user); + + /* Overrides. */ + sql ("DELETE FROM overrides WHERE owner = %llu;", user); + sql ("DELETE FROM overrides_trash WHERE owner = %llu;", user); + + /* Tags. */ + sql ("DELETE FROM tag_resources" + " WHERE resource_type = 'user' AND resource = %llu;", + user); + sql ("DELETE FROM tag_resources" + " WHERE tag IN (SELECT id FROM tags WHERE owner = %llu);", + user); + sql ("DELETE FROM tags WHERE owner = %llu;", user); + sql ("DELETE FROM tag_resources_trash" + " WHERE resource_type = 'user' AND resource = %llu;", + user); + sql ("DELETE FROM tag_resources_trash" + " WHERE tag IN (SELECT id FROM tags_trash WHERE owner = %llu);", + user); + sql ("DELETE FROM tags_trash WHERE owner = %llu;", user); + + delete_tickets_user (user); + + delete_tls_certificates_user (user); + + /* Delete assets (not directly referenced). */ + + /* Hosts. */ + sql ("DELETE FROM host_details WHERE host IN" + " (SELECT id FROM hosts WHERE owner = %llu);", user); + sql ("DELETE FROM host_max_severities WHERE host IN" + " (SELECT id FROM hosts WHERE owner = %llu);", user); + sql ("DELETE FROM host_identifiers WHERE owner = %llu;", user); + sql ("DELETE FROM host_oss WHERE owner = %llu;", user); + sql ("DELETE FROM hosts WHERE owner = %llu;", user); + + /* OSs. */ + sql ("DELETE FROM oss WHERE owner = %llu;", user); + + /* Delete report data and tasks (not directly referenced). */ + + /* Counts. */ + sql ("DELETE FROM report_counts WHERE \"user\" = %llu", user); + sql ("DELETE FROM report_counts" + " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", + user); + + /* Hosts. */ + sql ("DELETE FROM report_host_details" + " WHERE report_host IN (SELECT id FROM report_hosts" + " WHERE report IN (SELECT id FROM reports" + " WHERE owner = %llu));", + user); + sql ("DELETE FROM report_hosts" + " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", + user); + + /* Results. */ + sql ("DELETE FROM results" + " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", + user); + sql ("DELETE FROM results_trash" + " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", + user); + + /* Reports. */ + sql ("DELETE FROM result_nvt_reports" + " WHERE report IN (SELECT id FROM reports WHERE owner = %llu);", + user); + sql ("DELETE FROM reports WHERE owner = %llu;", user); + + /* Delete tasks (not directly referenced). */ + + if (user_resources_in_use (user, + "tasks", target_in_use, + NULL, NULL)) + { + sql_rollback (); + return 9; + } + tickets_remove_tasks_user (user); + sql ("DELETE FROM task_alerts" + " WHERE task IN (SELECT id FROM tasks WHERE owner = %llu);", + user); + sql ("DELETE FROM task_files" + " WHERE task IN (SELECT id FROM tasks WHERE owner = %llu);", + user); + sql ("DELETE FROM task_preferences" + " WHERE task IN (SELECT id FROM tasks WHERE owner = %llu);", + user); + sql ("DELETE FROM tasks WHERE owner = %llu;", user); + + /* Delete resources directly used by tasks. */ + + /* Alerts. */ + if (user_resources_in_use (user, + "alerts", alert_in_use, + "alerts_trash", trash_alert_in_use)) + { + sql_rollback (); + return 9; + } + sql ("DELETE FROM alert_condition_data" + " WHERE alert IN (SELECT id FROM alerts WHERE owner = %llu);", + user); + sql ("DELETE FROM alert_condition_data_trash" + " WHERE alert IN (SELECT id FROM alerts_trash WHERE owner = %llu);", + user); + sql ("DELETE FROM alert_event_data" + " WHERE alert IN (SELECT id FROM alerts WHERE owner = %llu);", + user); + sql ("DELETE FROM alert_event_data_trash" + " WHERE alert IN (SELECT id FROM alerts_trash WHERE owner = %llu);", + user); + sql ("DELETE FROM alert_method_data" + " WHERE alert IN (SELECT id FROM alerts WHERE owner = %llu);", + user); + sql ("DELETE FROM alert_method_data_trash" + " WHERE alert IN (SELECT id FROM alerts_trash WHERE owner = %llu);", + user); + sql ("DELETE FROM alerts WHERE owner = %llu;", user); + sql ("DELETE FROM alerts_trash WHERE owner = %llu;", user); + + /* Configs. */ + if (user_resources_in_use (user, + "configs", config_in_use, + "configs_trash", trash_config_in_use)) + { + sql_rollback (); + return 9; + } + sql ("DELETE FROM nvt_selectors" + " WHERE name IN (SELECT nvt_selector FROM configs WHERE owner = %llu)" + " AND name != '" MANAGE_NVT_SELECTOR_UUID_ALL "';", + user); + sql ("DELETE FROM config_preferences" + " WHERE config IN (SELECT id FROM configs WHERE owner = %llu);", + user); + sql ("DELETE FROM config_preferences_trash" + " WHERE config IN (SELECT id FROM configs_trash WHERE owner = %llu);", + user); + sql ("DELETE FROM configs WHERE owner = %llu;", user); + sql ("DELETE FROM configs_trash WHERE owner = %llu;", user); + + /* Scanners. */ + if (user_resources_in_use (user, + "scanners", scanner_in_use, + "scanners_trash", trash_scanner_in_use)) + { + sql_rollback (); + return 9; + } + sql ("DELETE FROM scanners WHERE owner = %llu;", user); + sql ("DELETE FROM scanners_trash WHERE owner = %llu;", user); + + /* Schedules. */ + if (user_resources_in_use (user, + "schedules", schedule_in_use, + "schedules_trash", trash_schedule_in_use)) + { + sql_rollback (); + return 9; + } + sql ("DELETE FROM schedules WHERE owner = %llu;", user); + sql ("DELETE FROM schedules_trash WHERE owner = %llu;", user); + + /* Targets. */ + if (user_resources_in_use (user, + "targets", target_in_use, + "targets_trash", trash_target_in_use)) + { + sql_rollback (); + return 9; + } + sql ("DELETE FROM targets_login_data WHERE target IN" + " (SELECT id FROM targets WHERE owner = %llu);", user); + sql ("DELETE FROM targets_trash_login_data WHERE target IN" + " (SELECT id FROM targets_trash WHERE owner = %llu);", user); + sql ("DELETE FROM targets WHERE owner = %llu;", user); + sql ("DELETE FROM targets_trash WHERE owner = %llu;", user); + +#if ENABLE_CONTAINER_SCANNING + /* OCI Image Targets. */ + if (user_resources_in_use (user, + "oci_image_targets", + oci_image_target_in_use, + "oci_image_targets_trash", + trash_oci_image_target_in_use)) + { + sql_rollback (); + return 9; + } + sql ("DELETE FROM oci_image_targets WHERE owner = %llu;", user); + sql ("DELETE FROM oci_image_targets_trash WHERE owner = %llu;", user); +#endif /* ENABLE_CONTAINER_SCANNING */ + + /* Delete resources used indirectly by tasks */ + + /* Filters (used by alerts and settings). */ + if (user_resources_in_use (user, + "filters", filter_in_use, + "filters_trash", trash_filter_in_use)) + { + sql_rollback (); + return 9; + } + sql ("DELETE FROM filters WHERE owner = %llu;", user); + sql ("DELETE FROM filters_trash WHERE owner = %llu;", user); + + /* Port lists (used by targets). */ + if (user_resources_in_use (user, + "port_lists", port_list_in_use, + "port_lists_trash", trash_port_list_in_use)) + { + sql_rollback (); + return 9; + } + delete_port_lists_user (user); + + /* Check credentials before deleting report formats, because we can't + * rollback the deletion of the report format dirs. */ + if (user_resources_in_use (user, + "credentials", credential_in_use, + "credentials_trash", trash_credential_in_use)) + { + sql_rollback (); + return 9; + } + + /* Check report formats (used by alerts). */ + if (user_resources_in_use (user, + "report_formats", + report_format_in_use, + "report_formats_trash", + trash_report_format_in_use)) + { + sql_rollback (); + return 9; + } + + /* Delete credentials last because they can be used in various places */ + + sql ("DELETE FROM credentials_data WHERE credential IN" + " (SELECT id FROM credentials WHERE owner = %llu);", + user); + sql ("DELETE FROM credentials_trash_data WHERE credential IN" + " (SELECT id FROM credentials_trash WHERE owner = %llu);", + user); + + sql ("DELETE FROM credentials WHERE owner = %llu;", user); + sql ("DELETE FROM credentials_trash WHERE owner = %llu;", user); + + /* Make permissions global if they are owned by the user and are related + * to users/groups/roles that are owned by the user. */ + + sql ("UPDATE permissions SET owner = NULL" + " WHERE owner = %llu" + " AND ((subject_type = 'user' AND subject IN (SELECT id FROM users WHERE owner = %llu))" + " OR (subject_type = 'group' AND subject IN (SELECT id FROM groups WHERE owner = %llu))" + " OR (subject_type = 'role' AND subject IN (SELECT id FROM roles WHERE owner = %llu))" + " OR (resource_type = 'user' AND resource IN (SELECT id FROM users WHERE owner = %llu))" + " OR (resource_type = 'group' AND resource IN (SELECT id FROM groups WHERE owner = %llu))" + " OR (resource_type = 'role' AND resource IN (SELECT id FROM roles WHERE owner = %llu)));", + user, + user, + user, + user, + user, + user, + user); + + /* Make users, roles and groups global if they are owned by the user. */ + + sql ("UPDATE users SET owner = NULL WHERE owner = %llu;", user); + sql ("UPDATE roles SET owner = NULL WHERE owner = %llu;", user); + sql ("UPDATE groups SET owner = NULL WHERE owner = %llu;", user); + sql ("UPDATE roles_trash SET owner = NULL WHERE owner = %llu;", user); + sql ("UPDATE groups_trash SET owner = NULL WHERE owner = %llu;", user); + + /* Remove all other permissions owned by the user or given on the user. */ + + sql ("DELETE FROM permissions" + " WHERE owner = %llu" + " OR subject_type = 'user' AND subject = %llu" + " OR (resource_type = 'user' AND resource = %llu);", /* For Super. */ + user, + user, + user); + sql ("DELETE FROM permissions_get_tasks WHERE \"user\" = %llu;", user); + + /* Delete permissions granted by the user. */ + + sql ("DELETE FROM permissions WHERE owner = %llu;", user); + sql ("DELETE FROM permissions_trash WHERE owner = %llu;", user); + + /* Remove user from groups and roles. */ + + sql ("DELETE FROM group_users WHERE \"user\" = %llu;", user); + sql ("DELETE FROM group_users_trash WHERE \"user\" = %llu;", user); + sql ("DELETE FROM role_users WHERE \"user\" = %llu;", user); + sql ("DELETE FROM role_users_trash WHERE \"user\" = %llu;", user); + + /* Delete report configs */ + + delete_report_configs_user (user); + + /* Delete report formats. */ + + has_rows = delete_report_formats_user (user, &rows); + + /* Delete user. */ + + deleted_user_id = user_uuid (user); + + sql ("DELETE FROM users WHERE id = %llu;", user); + + /* Delete report format dirs. */ + + if (deleted_user_id) + delete_report_format_dirs_user (deleted_user_id, has_rows ? &rows : NULL); + else + g_warning ("%s: deleted_user_id NULL, skipping removal of report formats dir", + __func__); + + sql_commit (); + return 0; +} diff --git a/src/manage_users.h b/src/manage_users.h index c5a5494e7..30974e777 100644 --- a/src/manage_users.h +++ b/src/manage_users.h @@ -77,4 +77,7 @@ create_user (const gchar *, const gchar *, const gchar *, const gchar *, int, const array_t *, array_t *, gchar **, array_t *, gchar **, gchar **, user_t *, int); +int +delete_user (const char *, const char *, int, const char *, const char *); + #endif /* not _GVMD_MANAGE_USERS_H */