Skip to content

Commit

Permalink
Merge pull request #1415 from greenbone/mergify/bp/master/pr-1406
Browse files Browse the repository at this point in the history
Also create owner WITH clause for single resources (bp #1406)
  • Loading branch information
timopollmeier authored Feb 8, 2021
2 parents fc554cb + 9c94545 commit 94d5a0a
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 65 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Changed

### Fixed
- Also create owner WITH clause for single resources [#1406](https://github.com/greenbone/gvmd/pull/1406)

### Removed

Expand Down
86 changes: 43 additions & 43 deletions src/manage_acl.c
Original file line number Diff line number Diff line change
Expand Up @@ -1011,50 +1011,7 @@ acl_where_owned_user (const char *user_id, const char *user_sql,
guint index;

if (with)
*with = NULL;

if (owned == 0)
return g_strdup (" t ()");

permission_or = g_string_new ("");
index = 0;
if (permissions == NULL || permissions->len == 0)
{
/* Treat filters with no permissions keyword as "any". */
permission_or = g_string_new ("t ()");
index = 1;
}
else if (permissions)
for (; index < permissions->len; index++)
{
gchar *permission, *quoted;
permission = (gchar*) g_ptr_array_index (permissions, index);
if (strcasecmp (permission, "any") == 0)
{
g_string_free (permission_or, TRUE);
permission_or = g_string_new ("t ()");
index = 1;
break;
}
quoted = sql_quote (permission);
if (index == 0)
g_string_append_printf (permission_or, "name = '%s'", quoted);
else
g_string_append_printf (permission_or, " OR name = '%s'",
quoted);
g_free (quoted);
}

table_trash = get->trash && strcasecmp (type, "task");
if (resource || (user_id == NULL))
owned_clause
= g_strdup (" (t ())");
else if (with)
{
gchar *permission_clause;

/* Caller supports WITH clause. */

*with = g_strdup_printf
("WITH permissions_subject"
" AS (SELECT * FROM permissions"
Expand Down Expand Up @@ -1098,6 +1055,49 @@ acl_where_owned_user (const char *user_id, const char *user_sql,
user_sql,
user_sql,
user_sql);
}

if (owned == 0)
return g_strdup (" t ()");

permission_or = g_string_new ("");
index = 0;
if (permissions == NULL || permissions->len == 0)
{
/* Treat filters with no permissions keyword as "any". */
permission_or = g_string_new ("t ()");
index = 1;
}
else if (permissions)
for (; index < permissions->len; index++)
{
gchar *permission, *quoted;
permission = (gchar*) g_ptr_array_index (permissions, index);
if (strcasecmp (permission, "any") == 0)
{
g_string_free (permission_or, TRUE);
permission_or = g_string_new ("t ()");
index = 1;
break;
}
quoted = sql_quote (permission);
if (index == 0)
g_string_append_printf (permission_or, "name = '%s'", quoted);
else
g_string_append_printf (permission_or, " OR name = '%s'",
quoted);
g_free (quoted);
}

table_trash = get->trash && strcasecmp (type, "task");
if (resource || (user_id == NULL))
owned_clause
= g_strdup (" (t ())");
else if (with)
{
gchar *permission_clause;

/* Caller supports WITH clause. */

permission_clause = NULL;
if (user_id && index)
Expand Down
40 changes: 18 additions & 22 deletions src/manage_sql.c
Original file line number Diff line number Diff line change
Expand Up @@ -4795,11 +4795,13 @@ init_get_iterator2_with (iterator_t* iterator, const char *type,

with_clause = NULL;

if (resource)
/* Ownership test is done above by find function. */
owned_clause = g_strdup (" t ()");
else if (assume_permitted)
owned_clause = g_strdup (" t ()");
if (resource || assume_permitted)
/* Ownership test of single resources is done above by find function
* but acl_where_owned has to be called to generate WITH clause
* in case subqueries depend on it.
*/
owned_clause = acl_where_owned (type, get, 0, owner_filter, resource,
permissions, &with_clause);
else
owned_clause = acl_where_owned (type, get, owned, owner_filter, resource,
permissions, &with_clause);
Expand Down Expand Up @@ -21807,7 +21809,7 @@ init_result_get_iterator_severity (iterator_t* iterator, const get_data_t *get,
int ret;
gchar *filter;
int apply_overrides, dynamic_severity;
gchar *extra_tables, *extra_where, *extra_where_single, *opts, *with_clauses;
gchar *extra_tables, *extra_where, *extra_where_single, *opts, *with_clause;
const gchar *lateral;

assert (report);
Expand Down Expand Up @@ -21968,16 +21970,18 @@ init_result_get_iterator_severity (iterator_t* iterator, const get_data_t *get,

if (apply_overrides)
{
gchar *owned_clause, *with_clause;
gchar *owned_clause;
char *user_id;

user_id = sql_string ("SELECT id FROM users WHERE uuid = '%s';",
current_credentials.uuid);
owned_clause = acl_where_owned_for_get ("override", user_id, &with_clause);
// Do not get ACL with_clause as it will be added by
// init_get_iterator2_with.
owned_clause = acl_where_owned_for_get ("override", user_id, NULL);
free (user_id);
with_clauses = g_strdup_printf
("%s%s"
" valid_overrides"

with_clause = g_strdup_printf
(" valid_overrides"
" AS (SELECT result_nvt, hosts, new_severity, port,"
" severity, result"
" FROM overrides"
Expand All @@ -21995,21 +21999,13 @@ init_result_get_iterator_severity (iterator_t* iterator, const get_data_t *get,
" ORDER BY result DESC, task DESC, port DESC, severity ASC,"
" creation_time DESC)"
" ",
with_clause
/* Skip the leading "WITH" because init_get..
* below will add it. A bit of a hack, but
* it's the only place that needs this. */
? with_clause + 4
: "",
with_clause ? "," : "",
owned_clause,
report,
report);
g_free (with_clause);
g_free (owned_clause);
}
else
with_clauses = NULL;
with_clause = NULL;

table_order_if_sort_not_specified = 1;
ret = init_get_iterator2_with (iterator,
Expand All @@ -22029,11 +22025,11 @@ init_result_get_iterator_severity (iterator_t* iterator, const get_data_t *get,
TRUE,
report ? TRUE : FALSE,
extra_order,
with_clauses,
with_clause,
1);
table_order_if_sort_not_specified = 0;
column_array_free (filterable_columns);
g_free (with_clauses);
g_free (with_clause);
g_free (extra_tables);
g_free (extra_where);
g_free (extra_where_single);
Expand Down

0 comments on commit 94d5a0a

Please sign in to comment.