Skip to content

Commit

Permalink
Merge pull request #722 from timopollmeier/unique-user-name
Browse files Browse the repository at this point in the history
Fixes for unique user names
  • Loading branch information
mattmundell authored Aug 27, 2019
2 parents af29e84 + 0a986d1 commit b5246fc
Show file tree
Hide file tree
Showing 6 changed files with 168 additions and 85 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Check and create default permissions individually [#671](https://github.com/greenbone/gvmd/pull/671)
- Add -f arg to sendmail call in email alert [#676](https://github.com/greenbone/gvmd/pull/676) [#678](https://github.com/greenbone/gvmd/pull/678)
- Change get_tickets to use the status text for filtering. [#697](https://github.com/greenbone/gvmd/pull/697)
- Made checks to prevent duplicate user names stricter. [#708](https://github.com/greenbone/gvmd/pull/708)
- Made checks to prevent duplicate user names stricter. [#708](https://github.com/greenbone/gvmd/pull/708) [#722](https://github.com/greenbone/gvmd/pull/722)
- Send delete command to ospd after stopping the task. [#710](https://github.com/greenbone/gvmd/pull/710)
- Check whether hosts are alive and have results when adding them in slave scans. [#717](https://github.com/greenbone/gvmd/pull/717)

Expand Down
7 changes: 7 additions & 0 deletions src/manage_migrators.c
Original file line number Diff line number Diff line change
Expand Up @@ -1304,6 +1304,13 @@ migrate_217_to_218 ()

/* Update the database. */

/* Ensure all user names are unique */

sql ("UPDATE users"
" SET name = uniquify('user', name, NULL, '')"
" WHERE id != (SELECT min(id) FROM users AS inner_users"
" WHERE users.name = inner_users.name);");

/* Add an UNIQUE constraint to the name column of users */

sql ("ALTER TABLE users ADD UNIQUE (name);");
Expand Down
2 changes: 1 addition & 1 deletion src/manage_pg.c
Original file line number Diff line number Diff line change
Expand Up @@ -1039,7 +1039,7 @@ manage_create_sql_functions ()
" LOOP"
" EXECUTE 'SELECT count (*) = 0 FROM ' || type || 's"
" WHERE name = $1"
" AND ((owner IS NULL) OR (owner = $2))'"
" AND (($2 IS NULL) OR (owner IS NULL) OR (owner = $2))'"
" INTO unique_candidate"
" USING candidate, owner;"
" EXIT WHEN unique_candidate;"
Expand Down
204 changes: 130 additions & 74 deletions src/manage_sql.c
Original file line number Diff line number Diff line change
Expand Up @@ -4461,6 +4461,22 @@ type_named (const char *type)
&& strcasecmp (type, "override");
}

/**
* @brief Check whether a type must have globally unique names.
*
* @param[in] type Type of resource.
*
* @return 1 yes, 0 no.
*/
static int
type_globally_unique (const char *type)
{
if (strcasecmp (type, "user") == 0)
return 1;
else
return 0;
}

/**
* @brief Check whether a type has a comment.
*
Expand Down Expand Up @@ -4761,10 +4777,11 @@ copy_resource_lock (const char *type, const char *name, const char *comment,
resource_t *old_resource)
{
gchar *quoted_name, *quoted_uuid, *uniquify, *command;
int named;
int named, globally_unique;
user_t owner;
resource_t resource;
resource_t new;
int ret = -1;

if (resource_id == NULL)
return -1;
Expand Down Expand Up @@ -4805,6 +4822,7 @@ copy_resource_lock (const char *type, const char *name, const char *comment,
}

named = type_named (type);
globally_unique = type_globally_unique (type);

if (named && name && *name && resource_with_name_exists (name, type, 0))
return 1;
Expand All @@ -4821,71 +4839,93 @@ copy_resource_lock (const char *type, const char *name, const char *comment,

/* Copy the existing resource. */

if (make_name_unique)
uniquify = g_strdup_printf ("uniquify ('%s', name, %llu, '%cClone')",
if (globally_unique && make_name_unique)
uniquify = g_strdup_printf ("uniquify ('%s', name, NULL, '%cClone')",
type,
owner,
strcmp (type, "user") ? ' ' : '_');
else if (make_name_unique)
uniquify = g_strdup_printf ("uniquify ('%s', name, %llu, ' Clone')",
type,
owner);
else
uniquify = g_strdup ("name");
if (named && comment && strlen (comment))
{
gchar *quoted_comment;
quoted_comment = sql_nquote (comment, strlen (comment));
sql ("INSERT INTO %ss"
" (uuid, owner, name, comment, creation_time, modification_time%s%s)"
" SELECT make_uuid (),"
" (SELECT id FROM users where users.uuid = '%s'),"
" %s%s%s, '%s', m_now (), m_now ()%s%s"
" FROM %ss WHERE uuid = '%s';",
type,
columns ? ", " : "",
columns ? columns : "",
current_credentials.uuid,
quoted_name ? "'" : "",
quoted_name ? quoted_name : uniquify,
quoted_name ? "'" : "",
quoted_comment,
columns ? ", " : "",
columns ? columns : "",
type,
quoted_uuid);
ret = sql_error ("INSERT INTO %ss"
" (uuid, owner, name, comment,"
" creation_time, modification_time%s%s)"
" SELECT make_uuid (),"
" (SELECT id FROM users"
" where users.uuid = '%s'),"
" %s%s%s, '%s', m_now (), m_now ()%s%s"
" FROM %ss WHERE uuid = '%s';",
type,
columns ? ", " : "",
columns ? columns : "",
current_credentials.uuid,
quoted_name ? "'" : "",
quoted_name ? quoted_name : uniquify,
quoted_name ? "'" : "",
quoted_comment,
columns ? ", " : "",
columns ? columns : "",
type,
quoted_uuid);
g_free (quoted_comment);
}
else if (named)
sql ("INSERT INTO %ss"
" (uuid, owner, name%s, creation_time, modification_time%s%s)"
" SELECT make_uuid (),"
" (SELECT id FROM users where users.uuid = '%s'),"
" %s%s%s%s, m_now (), m_now ()%s%s"
" FROM %ss WHERE uuid = '%s';",
type,
type_has_comment (type) ? ", comment" : "",
columns ? ", " : "",
columns ? columns : "",
current_credentials.uuid,
quoted_name ? "'" : "",
quoted_name ? quoted_name : uniquify,
quoted_name ? "'" : "",
type_has_comment (type) ? ", comment" : "",
columns ? ", " : "",
columns ? columns : "",
type,
quoted_uuid);
else
sql ("INSERT INTO %ss"
" (uuid, owner, creation_time, modification_time%s%s)"
" SELECT make_uuid (), (SELECT id FROM users where users.uuid = '%s'),"
" m_now (), m_now ()%s%s"
" FROM %ss WHERE uuid = '%s';",
type,
columns ? ", " : "",
columns ? columns : "",
current_credentials.uuid,
columns ? ", " : "",
columns ? columns : "",
type,
quoted_uuid);
ret = sql_error ("INSERT INTO %ss"
" (uuid, owner, name%s,"
" creation_time, modification_time%s%s)"
" SELECT make_uuid (),"
" (SELECT id FROM users where users.uuid = '%s'),"
" %s%s%s%s, m_now (), m_now ()%s%s"
" FROM %ss WHERE uuid = '%s';",
type,
type_has_comment (type) ? ", comment" : "",
columns ? ", " : "",
columns ? columns : "",
current_credentials.uuid,
quoted_name ? "'" : "",
quoted_name ? quoted_name : uniquify,
quoted_name ? "'" : "",
type_has_comment (type) ? ", comment" : "",
columns ? ", " : "",
columns ? columns : "",
type,
quoted_uuid);
else
ret = sql_error ("INSERT INTO %ss"
" (uuid, owner, creation_time, modification_time%s%s)"
" SELECT make_uuid (),"
" (SELECT id FROM users where users.uuid = '%s'),"
" m_now (), m_now ()%s%s"
" FROM %ss WHERE uuid = '%s';",
type,
columns ? ", " : "",
columns ? columns : "",
current_credentials.uuid,
columns ? ", " : "",
columns ? columns : "",
type,
quoted_uuid);

if (ret == 3)
{
g_free (quoted_uuid);
g_free (quoted_name);
g_free (uniquify);
return 1;
}
else if (ret)
{
g_free (quoted_uuid);
g_free (quoted_name);
g_free (uniquify);
return -1;
}

new = sql_last_insert_id ();

Expand Down Expand Up @@ -59670,7 +59710,7 @@ create_user (const gchar * name, const gchar * password, const gchar *comment,
char *errstr, *uuid;
gchar *quoted_hosts, *quoted_ifaces, *quoted_method, *quoted_name, *hash;
gchar *quoted_comment, *clean, *generated;
int index, max;
int index, max, ret;
user_t user;
GArray *cache_users;

Expand Down Expand Up @@ -59767,24 +59807,27 @@ create_user (const gchar * name, const gchar * password, const gchar *comment,
quoted_method = sql_quote (allowed_methods
? g_ptr_array_index (allowed_methods, 0)
: "file");
sql ("INSERT INTO users"
" (uuid, owner, name, password, comment, hosts, hosts_allow,"
" ifaces, ifaces_allow, method, creation_time, modification_time)"
" VALUES"
" (make_uuid (),"
" (SELECT id FROM users WHERE uuid = '%s'),"
" '%s', '%s', '%s', '%s', %i,"
" '%s', %i, '%s', m_now (), m_now ());",
current_credentials.uuid,
quoted_name,
hash,
quoted_comment,
quoted_hosts,
hosts_allow,
quoted_ifaces,
ifaces_allow,
quoted_method);
user = sql_last_insert_id ();

ret
= sql_error ("INSERT INTO users"
" (uuid, owner, name, password, comment, hosts, hosts_allow,"
" ifaces, ifaces_allow, method, creation_time,"
" modification_time)"
" VALUES"
" (make_uuid (),"
" (SELECT id FROM users WHERE uuid = '%s'),"
" '%s', '%s', '%s', '%s', %i,"
" '%s', %i, '%s', m_now (),"
" m_now ());",
current_credentials.uuid,
quoted_name,
hash,
quoted_comment,
quoted_hosts,
hosts_allow,
quoted_ifaces,
ifaces_allow,
quoted_method);
g_free (generated);
g_free (hash);
g_free (quoted_comment);
Expand All @@ -59793,6 +59836,19 @@ create_user (const gchar * name, const gchar * password, const gchar *comment,
g_free (quoted_method);
g_free (quoted_name);

if (ret == 3)
{
sql_rollback ();
return -2;
}
else if (ret)
{
sql_rollback ();
return -1;
}

user = sql_last_insert_id ();

/* Add the user to any given groups. */

index = 0;
Expand Down
23 changes: 16 additions & 7 deletions src/sql.c
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,9 @@ sql_insert (const char *string)
* @param[in] sql Format string for SQL statement.
* @param[in] args Arguments for format string.
*
* @return 0 success, 1 gave up (even when retry given), -1 error.
* @return 0 success, 1 gave up (even when retry given),
* 2 reserved (lock unavailable), 3 unique constraint violation,
* -1 error.
*/
int
sqlv (int retry, char* sql, va_list args)
Expand Down Expand Up @@ -188,6 +190,8 @@ sqlv (int retry, char* sql, va_list args)
return 1;
if (ret == -3)
return -1;
if (ret == -4)
return 3;
assert (ret == -1 || ret == 0);
return ret;
}
Expand All @@ -210,11 +214,11 @@ sql (char* sql, ...)
va_start (args, sql);
ret = sqlv (1, sql, args);
va_end (args);
if (ret == -1)
abort ();
if (ret == 1)
/* Gave up with statement reset. */
continue;
else if (ret)
abort();
break;
}
}
Expand All @@ -227,7 +231,8 @@ sql (char* sql, ...)
* @param[in] sql Format string for SQL statement.
* @param[in] ... Arguments for format string.
*
* @return 0 success, -1 error.
* @return 0 success, 2 reserved (lock unavailable),
* 3 unique constraint violation, -1 error.
*/
int
sql_error (char* sql, ...)
Expand All @@ -243,6 +248,8 @@ sql_error (char* sql, ...)
if (ret == 1)
/* Gave up with statement reset. */
continue;
if (ret == -4)
return 3;
break;
}

Expand All @@ -255,7 +262,9 @@ sql_error (char* sql, ...)
* @param[in] sql Format string for SQL statement.
* @param[in] ... Arguments for format string.
*
* @return 0 success, 1 gave up, -1 error.
* @return 0 success, 1 gave up,
* 2 reserved (lock unavailable), 3 unique constraint violation,
* -1 error.
*/
int
sql_giveup (char* sql, ...)
Expand Down Expand Up @@ -305,7 +314,7 @@ sql_x_internal (int log, char* sql, va_list args, sql_stmt_t** stmt_return)
/* Run statement. */

ret = sql_exec_internal (1, *stmt_return);
if (ret == -1)
if (ret == -1 || ret == -4)
{
if (log_errors)
g_warning ("%s: sql_exec_internal failed", __FUNCTION__);
Expand Down Expand Up @@ -691,7 +700,7 @@ next (iterator_t* iterator)
iterator->done = TRUE;
return FALSE;
}
if (ret == -1)
if (ret == -1 || ret == -4)
{
if (log_errors)
g_warning ("%s: sql_exec_internal failed", __FUNCTION__);
Expand Down
Loading

0 comments on commit b5246fc

Please sign in to comment.