diff --git a/CHANGELOG.md b/CHANGELOG.md index bade95acb..df1c0ea95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,19 +26,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Removed OVAL definitions from gvmd [#1525](https://github.com/greenbone/gvmd/pull/1525) - Removed OVAL definitions from GMP and gvmd documentation [1551](https://github.com/greenbone/gvmd/pull/1551) - Removed the Business Process Map from gvmd [1627](https://github.com/greenbone/gvmd/pull/1627) +- Removed ifaces element from users [#1676](https://github.com/greenbone/gvmd/pull/1676) [Unreleased]: https://github.com/greenbone/gvmd/compare/gvmd-21.04...master -## [21.4.3] (Unreleased) +## [21.4.4] (unreleased) ### Added ### Changed ### Deprecated ### Removed ### Fixed + +[Unreleased]: https://github.com/greenbone/gvmd/compare/v21.4.3...HEAD + + +## [21.4.3] - 2021-08-03 +### Fixed - Fix sending prefs for whole, growing VT families [#1603](https://github.com/greenbone/gvmd/pull/1603) - Add trash columns for target "elevate" credential [#1636](https://github.com/greenbone/gvmd/pull/1636) -[Unreleased]: https://github.com/greenbone/gvmd/compare/v21.4.2...gvmd-21.04 +[21.4.3]: https://github.com/greenbone/gvmd/compare/v21.4.2...gvmd-21.04 ## [21.4.2] - 2021-06-28 ### Fixed @@ -116,24 +123,49 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [21.4.0]: https://github.com/greenbone/gvmd/compare/gvmd-20.08...v21.4.0 -## [20.8.3] (Unreleased) +## [20.8.4] - Unreleased +### Added +### Changed +* Changed defaults for installation locations [#1662](https://github.com/greenbone/gvmd/pull/1662) [#1665](https://github.com/greenbone/gvmd/pull/1665) + * SYSCONFDIR is /etc by default now + * LOCALSTATEDIR is /var by default now + * GVM_RUN_DIR is /run/gvm by default now + * OPENVAS_DEFAULT_SOCKET is /run/ospd/ospd-openvas.sock by default now + * SYSTEMD_SERVICE_DIR is /lib/systemd/system by default now + * Removed gvmd.default file and adjusted gvmd.service file accordingly + * GVM_FEED_LOCK_PATH is /var/lib/gvm/feed-update.lock by default now + +### Deprecated +### Removed +* Remove BID from GMP documentation [#1673](https://github.com/greenbone/gvmd/pull/1673) + +### Fixed + +[20.8.4]: https://github.com/greenbone/gvmd/compare/v20.8.3...gvmd-20.08 + + +## [20.8.3] - 2021-08-03 + ### Added - Add --optimize add-/cleanup-feed-permissions [#1612](https://github.com/greenbone/gvmd/pull/1612) ### Changed - Use less report cache SQL when adding results [#1618](https://github.com/greenbone/gvmd/pull/1618) -### Deprecated -### Removed ### Fixed - Solved a performance problem when filtering results by tags [#1579](https://github.com/greenbone/gvmd/pull/1579) -- Fix VTs hash check and add --dump-vt-verification [#1611](https://github.com/greenbone/gvmd/pull/1611) [#1629](https://github.com/greenbone/gvmd/pull/1629) [#1643](https://github.com/greenbone/gvmd/pull/1643) +- Fix VTs hash check and add --dump-vt-verification + [#1611](https://github.com/greenbone/gvmd/pull/1611) + [#1629](https://github.com/greenbone/gvmd/pull/1629) + [#1641](https://github.com/greenbone/gvmd/pull/1651) + [#1643](https://github.com/greenbone/gvmd/pull/1643) + [#1655](https://github.com/greenbone/gvmd/pull/1655) - Fix memory errors in modify_permission [#1613](https://github.com/greenbone/gvmd/pull/1613) - Fix sensor connection for performance reports on failure [#1633](https://github.com/greenbone/gvmd/pull/1633) - Sort the "host" column by IPv4 address if possible [#1637](https://github.com/greenbone/gvmd/pull/1637) - Fix for parse_iso_time_tz error with musl library [#1644](https://github.com/greenbone/gvmd/pull/1644) -[Unreleased]: https://github.com/greenbone/gvmd/compare/v20.8.2...gvmd-20.08 +[20.8.3]: https://github.com/greenbone/gvmd/compare/v20.8.2...gvmd-20.08 ## [20.8.2] - 2021-06-23 diff --git a/CMakeLists.txt b/CMakeLists.txt index 176767464..d55b227af 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -96,7 +96,7 @@ include (CPack) ## Variables -set (GVMD_DATABASE_VERSION 246) +set (GVMD_DATABASE_VERSION 247) set (GVMD_SCAP_DATABASE_VERSION 19) @@ -110,7 +110,7 @@ if (SYSCONF_INSTALL_DIR) endif (SYSCONF_INSTALL_DIR) if (NOT SYSCONFDIR) - set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc") + set (SYSCONFDIR "/etc") endif (NOT SYSCONFDIR) if (NOT EXEC_PREFIX) @@ -130,7 +130,7 @@ if (NOT LIBDIR) endif (NOT LIBDIR) if (NOT LOCALSTATEDIR) - set (LOCALSTATEDIR "${CMAKE_INSTALL_PREFIX}/var") + set (LOCALSTATEDIR "/var") endif (NOT LOCALSTATEDIR) if (NOT DATADIR) @@ -181,16 +181,16 @@ set (GVM_CLIENT_KEY "${GVM_STATE_DIR}/private/CA/clientkey.pem") set (GVM_CA_CERTIFICATE "${GVM_STATE_DIR}/CA/cacert.pem") if (NOT GVM_RUN_DIR) - set (GVM_RUN_DIR "${LOCALSTATEDIR}/run") + set (GVM_RUN_DIR "/run/gvm") endif (NOT GVM_RUN_DIR) if (NOT GVM_FEED_LOCK_PATH) - set (GVM_FEED_LOCK_PATH "${GVM_RUN_DIR}/feed-update.lock") + set (GVM_FEED_LOCK_PATH "${GVM_STATE_DIR}/feed-update.lock") endif (NOT GVM_FEED_LOCK_PATH) add_definitions (-DGVM_FEED_LOCK_PATH="${GVM_FEED_LOCK_PATH}") if (NOT OPENVAS_DEFAULT_SOCKET) - set (OPENVAS_DEFAULT_SOCKET "/var/run/ospd/ospd.sock") + set (OPENVAS_DEFAULT_SOCKET "/run/ospd/ospd-openvas.sock") endif (NOT OPENVAS_DEFAULT_SOCKET) add_definitions (-DOPENVAS_DEFAULT_SOCKET="${OPENVAS_DEFAULT_SOCKET}") diff --git a/config/CMakeLists.txt b/config/CMakeLists.txt index b0524aba8..015bd98cb 100644 --- a/config/CMakeLists.txt +++ b/config/CMakeLists.txt @@ -17,26 +17,18 @@ if (NOT SYSTEMD_SERVICE_DIR) - set (SYSTEMD_SERVICE_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system") + set (SYSTEMD_SERVICE_DIR "/lib/systemd/system") endif (NOT SYSTEMD_SERVICE_DIR) -if (NOT DEFAULT_CONFIG_DIR) - set (DEFAULT_CONFIG_DIR "${CMAKE_INSTALL_PREFIX}/etc/default") -endif (NOT DEFAULT_CONFIG_DIR) - if (NOT LOGROTATE_DIR) - set (LOGROTATE_DIR "${CMAKE_INSTALL_PREFIX}/etc/logrotate.d") + set (LOGROTATE_DIR "${SYSCONFDIR}/logrotate.d") endif (NOT LOGROTATE_DIR) configure_file (gvmd.service.in gvmd.service) configure_file (gvmd.logrotate.in gvmd.logrotate) -configure_file (gvmd.default.in gvmd.default) install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.service DESTINATION ${SYSTEMD_SERVICE_DIR}/) -install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.default - DESTINATION ${DEFAULT_CONFIG_DIR}/ RENAME gvmd) - install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.logrotate DESTINATION ${LOGROTATE_DIR}/ RENAME gvmd) diff --git a/config/gvmd.default.in b/config/gvmd.default.in deleted file mode 100644 index 28c96744b..000000000 --- a/config/gvmd.default.in +++ /dev/null @@ -1,19 +0,0 @@ -# -# The user for running the gvmd in the gvmd.service systemd file -# -GVMD_USER="gvm" - -# -# The group for running the gvmd in the gvmd.service systemd file -# -GVMD_GROUP="gvm" - -# -# Unix socket for OSP NVT update (--osp-vt-update) -# -OSP_VT_UPDATE="${OPENVAS_DEFAULT_SOCKET}" - -# -# Additional options -# -OPTIONS="" diff --git a/config/gvmd.service.in b/config/gvmd.service.in index 3f47b8639..e708952fa 100644 --- a/config/gvmd.service.in +++ b/config/gvmd.service.in @@ -7,11 +7,13 @@ ConditionKernelCommandLine=!recovery [Service] Type=forking -User=$GVMD_USER -Group=$GVMD_GROUP +User=gvm +Group=gvm PIDFile=${GVM_RUN_DIR}/gvmd.pid +RuntimeDirectory=gvm +RuntimeDirectoryMode=2775 EnvironmentFile=${DEFAULT_CONFIG_DIR}/gvmd -ExecStart=${SBINDIR}/gvmd --osp-vt-update=$OSP_VT_UPDATE $OPTIONS +ExecStart=${SBINDIR}/gvmd --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm Restart=always TimeoutStopSec=10 diff --git a/doc/gvmd.8 b/doc/gvmd.8 index e0f3689ba..a49ea030d 100644 --- a/doc/gvmd.8 +++ b/doc/gvmd.8 @@ -204,7 +204,7 @@ Verify scanner SCANNER-UUID and exit. Print version and exit. .TP \fB--vt-verification-collation=\fICOLLATION\fB\f1 -Set collation for VT verification to COLLATION, leave empty to choose automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings. +Set collation for VT verification to COLLATION, omit or leave empty to choose automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings. .SH SIGNALS SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvas). .SH EXAMPLES diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml index 4cbc22f43..66b1e6ec1 100644 --- a/doc/gvmd.8.xml +++ b/doc/gvmd.8.xml @@ -453,7 +453,7 @@ along with this program. If not, see .

--vt-verification-collation=COLLATION

- Set collation for VT verification to COLLATION, leave empty + Set collation for VT verification to COLLATION, omit or leave empty to choose automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings.

diff --git a/doc/gvmd.html b/doc/gvmd.html index 5d0f69f1a..103199801 100644 --- a/doc/gvmd.html +++ b/doc/gvmd.html @@ -415,7 +415,7 @@

Options

--vt-verification-collation=COLLATION

- Set collation for VT verification to COLLATION, leave empty + Set collation for VT verification to COLLATION, omit or leave empty to choose automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings.

diff --git a/src/gmp.c b/src/gmp.c index 79e5a9672..577990967 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -1085,8 +1085,6 @@ typedef struct array_t *groups; ///< IDs of groups. char *hosts; ///< Hosts. int hosts_allow; ///< Whether hosts are allowed. - char *ifaces; ///< Interfaces. - int ifaces_allow; ///< Whether interfaces are allowed. char *name; ///< User name. char *password; ///< Password. char *comment; ///< Comment. @@ -1109,7 +1107,6 @@ create_user_data_reset (create_user_data_t * data) g_free (data->password); g_free (data->comment); g_free (data->hosts); - g_free (data->ifaces); array_free (data->roles); if (data->sources) { @@ -3022,8 +3019,6 @@ typedef struct array_t *groups; ///< IDs of groups. gchar *hosts; ///< Hosts. int hosts_allow; ///< Whether hosts are allowed. - char *ifaces; ///< Interfaces. - int ifaces_allow; ///< Whether interfaces are allowed. gboolean modify_password; ///< Whether to modify password. gchar *name; ///< User name. gchar *new_name; ///< New user name. @@ -3050,7 +3045,6 @@ modify_user_data_reset (modify_user_data_t * data) g_free (data->password); g_free (data->comment); g_free (data->hosts); - g_free (data->ifaces); array_free (data->roles); if (data->sources) { @@ -4295,7 +4289,6 @@ typedef enum CLIENT_CREATE_USER_GROUPS, CLIENT_CREATE_USER_GROUPS_GROUP, CLIENT_CREATE_USER_HOSTS, - CLIENT_CREATE_USER_IFACES, CLIENT_CREATE_USER_NAME, CLIENT_CREATE_USER_PASSWORD, CLIENT_CREATE_USER_ROLE, @@ -4523,7 +4516,6 @@ typedef enum CLIENT_MODIFY_USER_GROUPS, CLIENT_MODIFY_USER_GROUPS_GROUP, CLIENT_MODIFY_USER_HOSTS, - CLIENT_MODIFY_USER_IFACES, CLIENT_MODIFY_USER_NAME, CLIENT_MODIFY_USER_NEW_NAME, CLIENT_MODIFY_USER_PASSWORD, @@ -4829,7 +4821,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, create_user_data->groups = make_array (); create_user_data->roles = make_array (); create_user_data->hosts_allow = 0; - create_user_data->ifaces_allow = 0; } else if (strcasecmp ("DELETE_ASSET", element_name) == 0) { @@ -6716,17 +6707,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, gvm_append_string (&modify_user_data->hosts, ""); set_client_state (CLIENT_MODIFY_USER_HOSTS); } - else if (strcasecmp ("IFACES", element_name) == 0) - { - const gchar *attribute; - if (find_attribute - (attribute_names, attribute_values, "allow", &attribute)) - modify_user_data->ifaces_allow = strcmp (attribute, "0"); - else - modify_user_data->ifaces_allow = 1; - gvm_append_string (&modify_user_data->ifaces, ""); - set_client_state (CLIENT_MODIFY_USER_IFACES); - } else if (strcasecmp ("NAME", element_name) == 0) set_client_state (CLIENT_MODIFY_USER_NAME); else if (strcasecmp ("NEW_NAME", element_name) == 0) @@ -7706,16 +7686,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, create_user_data->hosts_allow = 1; set_client_state (CLIENT_CREATE_USER_HOSTS); } - else if (strcasecmp ("IFACES", element_name) == 0) - { - const gchar *attribute; - if (find_attribute - (attribute_names, attribute_values, "allow", &attribute)) - create_user_data->ifaces_allow = strcmp (attribute, "0"); - else - create_user_data->ifaces_allow = 1; - set_client_state (CLIENT_CREATE_USER_IFACES); - } else if (strcasecmp ("NAME", element_name) == 0) set_client_state (CLIENT_CREATE_USER_NAME); else if (strcasecmp ("PASSWORD", element_name) == 0) @@ -17549,8 +17519,8 @@ handle_get_users (gmp_parser_t *gmp_parser, GError **error) while (1) { iterator_t groups, roles; - const char *hosts, *ifaces; - int hosts_allow, ifaces_allow; + const char *hosts; + int hosts_allow; ret = get_next (&users, &get_users_data->get, &first, &count, init_user_iterator); @@ -17575,13 +17545,6 @@ handle_get_users (gmp_parser_t *gmp_parser, GError **error) ? user_iterator_method (&users) : "file"); - /* Interfaces Access */ - ifaces = user_iterator_ifaces (&users); - ifaces_allow = user_iterator_ifaces_allow (&users); - SENDF_TO_CLIENT_OR_FAIL ("%s", - ifaces_allow, - ifaces ? ifaces : ""); - /* User Roles */ init_user_role_iterator (&roles, get_iterator_resource (&users)); @@ -22228,8 +22191,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, ? create_user_data->comment : "", create_user_data->hosts, create_user_data->hosts_allow, - create_user_data->ifaces, - create_user_data->ifaces_allow, create_user_data->sources, create_user_data->groups, &fail_group_id, @@ -22313,7 +22274,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_CREATE_USER, GROUPS); CLOSE (CLIENT_CREATE_USER_GROUPS, GROUP); CLOSE (CLIENT_CREATE_USER, HOSTS); - CLOSE (CLIENT_CREATE_USER, IFACES); CLOSE (CLIENT_CREATE_USER, NAME); CLOSE (CLIENT_CREATE_USER, PASSWORD); CLOSE (CLIENT_CREATE_USER, ROLE); @@ -24800,8 +24760,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, modify_user_data->comment, modify_user_data->hosts, modify_user_data->hosts_allow, - modify_user_data->ifaces, - modify_user_data->ifaces_allow, modify_user_data->sources, modify_user_data->groups, &fail_group_id, modify_user_data->roles, &fail_role_id, @@ -24900,7 +24858,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_MODIFY_USER, GROUPS); CLOSE (CLIENT_MODIFY_USER_GROUPS, GROUP); CLOSE (CLIENT_MODIFY_USER, HOSTS); - CLOSE (CLIENT_MODIFY_USER, IFACES); CLOSE (CLIENT_MODIFY_USER, NAME); CLOSE (CLIENT_MODIFY_USER, NEW_NAME); CLOSE (CLIENT_MODIFY_USER, PASSWORD); @@ -25839,9 +25796,6 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context, APPEND (CLIENT_MODIFY_USER_HOSTS, &modify_user_data->hosts); - APPEND (CLIENT_MODIFY_USER_IFACES, - &modify_user_data->ifaces); - APPEND (CLIENT_MODIFY_USER_NAME, &modify_user_data->name); @@ -26376,9 +26330,6 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context, APPEND (CLIENT_CREATE_USER_HOSTS, &create_user_data->hosts); - APPEND (CLIENT_CREATE_USER_IFACES, - &create_user_data->ifaces); - APPEND (CLIENT_CREATE_USER_NAME, &create_user_data->name); diff --git a/src/gvmd.c b/src/gvmd.c index e31bbbfe8..d699db061 100644 --- a/src/gvmd.c +++ b/src/gvmd.c @@ -2150,9 +2150,9 @@ gvmd (int argc, char** argv) NULL }, { "vt-verification-collation", '\0', 0, G_OPTION_ARG_STRING, &vt_verification_collation, - "Set collation for VT verification to , leave empty" - " to choose automatically. Should be 'ucs_default' if DB uses UTF-8" - " or 'C' for single-byte encodings.", + "Set collation for VT verification to , omit or leave" + " empty to choose automatically. Should be 'ucs_default' if DB uses" + " UTF-8 or 'C' for single-byte encodings.", "" }, { NULL } }; diff --git a/src/manage.c b/src/manage.c index e473d4807..d3e169607 100644 --- a/src/manage.c +++ b/src/manage.c @@ -2413,15 +2413,15 @@ prepare_osp_scan_for_resume (task_t task, const char *scan_id, char **error) } /** - * @brief Add OSP preferences for limiting ifaces and hosts for users. + * @brief Add OSP preferences for limiting hosts for users. * * @param[in] scanner_options The scanner preferences table to add to. */ static void add_user_scan_preferences (GHashTable *scanner_options) { - gchar *hosts, *ifaces, *name; - int hosts_allow, ifaces_allow; + gchar *hosts, *name; + int hosts_allow; // Limit access to hosts hosts = user_hosts (current_credentials.uuid); @@ -2441,25 +2441,6 @@ add_user_scan_preferences (GHashTable *scanner_options) hosts ? hosts : g_strdup ("")); else g_free (hosts); - - // Limit access to ifaces - ifaces = user_ifaces (current_credentials.uuid); - ifaces_allow = user_ifaces_allow (current_credentials.uuid); - - if (ifaces_allow == 1) - name = g_strdup ("ifaces_allow"); - else if (ifaces_allow == 0) - name = g_strdup ("ifaces_deny"); - else - name = NULL; - - if (name - && (ifaces_allow || (ifaces && strlen (ifaces)))) - g_hash_table_replace (scanner_options, - name, - ifaces ? ifaces : g_strdup ("")); - else - g_free (ifaces); } /** diff --git a/src/manage.h b/src/manage.h index 094a43bd1..6ca56faff 100644 --- a/src/manage.h +++ b/src/manage.h @@ -3361,12 +3361,6 @@ user_iterator_hosts (iterator_t*); int user_iterator_hosts_allow (iterator_t*); -const char* -user_iterator_ifaces (iterator_t*); - -int -user_iterator_ifaces_allow (iterator_t*); - void init_user_group_iterator (iterator_t *, user_t); @@ -3393,7 +3387,7 @@ user_role_iterator_readable (iterator_t*); int create_user (const gchar *, const gchar *, const gchar *, const gchar *, - int, const gchar *, int, const array_t *, array_t *, gchar **, + int, const array_t *, array_t *, gchar **, array_t *, gchar **, gchar **, user_t *, int); int @@ -3401,7 +3395,7 @@ delete_user (const char *, const char *, int, int, const char*, const char*); int modify_user (const gchar *, gchar **, const gchar *, const gchar *, - const gchar*, const gchar *, int, const gchar *, int, + const gchar*, const gchar *, int, const array_t *, array_t *, gchar **, array_t *, gchar **, gchar **); @@ -3426,12 +3420,6 @@ user_name (const char *); char* user_uuid (user_t); -gchar* -user_ifaces (const char *); - -int -user_ifaces_allow (const char *); - gchar* user_hosts (const char *); diff --git a/src/manage_migrators.c b/src/manage_migrators.c index 9a5cfcc3a..86751b31e 100644 --- a/src/manage_migrators.c +++ b/src/manage_migrators.c @@ -2783,6 +2783,39 @@ migrate_245_to_246 () return 0; } +/** + * @brief Migrate the database from version 246 to version 247. + * + * @return 0 success, -1 error. + */ +int +migrate_246_to_247 () +{ + sql_begin_immediate (); + + /* Ensure that the database is currently version 246. */ + + if (manage_db_version () != 246) + { + sql_rollback (); + return -1; + } + + /* Update the database. */ + + /* Per-user limitations on network interfaces have been removed */ + sql ("ALTER TABLE users DROP COLUMN ifaces;"); + sql ("ALTER TABLE users DROP COLUMN ifaces_allow;"); + + /* Set the database version to 247. */ + + set_db_version (247); + + sql_commit (); + + return 0; +} + #undef UPDATE_DASHBOARD_SETTINGS @@ -2836,6 +2869,7 @@ static migrator_t database_migrators[] = { {244, migrate_243_to_244}, {245, migrate_244_to_245}, {246, migrate_245_to_246}, + {247, migrate_246_to_247}, /* End marker. */ {-1, NULL}}; diff --git a/src/manage_pg.c b/src/manage_pg.c index 2a6d1df82..16a83f0bc 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -874,7 +874,10 @@ manage_create_sql_functions () || g_str_match_string ("UTF8", encoding, 0)) quoted_collation = strdup ("ucs_basic"); else - quoted_collation = strdup ("C"); + // quote C collation because this seems to be required + // without quoting it an error is raised + // other collations don't need quoting + quoted_collation = strdup ("\"C\""); free (encoding); } @@ -1750,8 +1753,6 @@ create_tables () " timezone text," " hosts text," " hosts_allow integer," - " ifaces text," - " ifaces_allow integer," " method text," " creation_time integer," " modification_time integer);"); diff --git a/src/manage_sql.c b/src/manage_sql.c index 31caa4064..86576e774 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -16783,11 +16783,11 @@ user_ensure_in_db (const gchar *name, const gchar *method) sql ("INSERT INTO users" " (uuid, owner, name, comment, password, timezone, method, hosts," - " hosts_allow, ifaces, ifaces_allow, creation_time, modification_time)" + " hosts_allow, creation_time, modification_time)" " VALUES" " (make_uuid ()," " (SELECT id FROM users WHERE users.uuid = '%s')," - " '%s', '', NULL, NULL, '%s', '', 2, '', 2, m_now (), m_now ());", + " '%s', '', NULL, NULL, '%s', '', 2, m_now (), m_now ());", current_credentials.uuid, quoted_name, quoted_method); @@ -50694,7 +50694,7 @@ manage_create_user (GSList *log_config, const db_conn_info_t *database, /* Setup a dummy user, so that create_user will work. */ current_credentials.uuid = ""; - ret = create_user (name, password ? password : uuid, "", NULL, 0, NULL, 0, + ret = create_user (name, password ? password : uuid, "", NULL, 0, NULL, NULL, NULL, roles, NULL, &rejection_msg, NULL, 0); switch (ret) @@ -51024,8 +51024,6 @@ find_user_by_name (const char* name, user_t *user) * @param[in] comment Comment for the new user or NULL. * @param[in] hosts The host the user is allowed/forbidden to scan. * @param[in] hosts_allow Whether hosts is allow or forbid. - * @param[in] ifaces Interfaces the user is allowed/forbidden to scan. - * @param[in] ifaces_allow Whether ifaces is allow or forbid. * @param[in] allowed_methods Allowed login methods. * @param[in] groups Groups. * @param[out] group_id_return ID of group on "failed to find" error. @@ -51044,13 +51042,12 @@ find_user_by_name (const char* name, user_t *user) int create_user (const gchar * name, const gchar * password, const gchar *comment, const gchar * hosts, int hosts_allow, - const gchar *ifaces, int ifaces_allow, const array_t * allowed_methods, array_t *groups, gchar **group_id_return, array_t *roles, gchar **role_id_return, gchar **r_errdesc, user_t *new_user, int forbid_super_admin) { char *errstr, *uuid; - gchar *quoted_hosts, *quoted_ifaces, *quoted_method, *quoted_name, *hash; + gchar *quoted_hosts, *quoted_method, *quoted_name, *hash; gchar *quoted_comment, *clean, *generated; int index, max, ret; user_t user; @@ -51144,7 +51141,6 @@ create_user (const gchar * name, const gchar * password, const gchar *comment, clean = clean_hosts (hosts ? hosts : "", &max); quoted_hosts = sql_quote (clean); - quoted_ifaces = sql_quote (ifaces ? ifaces : ""); g_free (clean); quoted_method = sql_quote (allowed_methods ? g_ptr_array_index (allowed_methods, 0) @@ -51153,28 +51149,23 @@ create_user (const gchar * name, const gchar * password, const gchar *comment, ret = sql_error ("INSERT INTO users" " (uuid, owner, name, password, comment, hosts, hosts_allow," - " ifaces, ifaces_allow, method, creation_time," - " modification_time)" + " method, creation_time, modification_time)" " VALUES" " (make_uuid ()," " (SELECT id FROM users WHERE uuid = '%s')," " '%s', '%s', '%s', '%s', %i," - " '%s', %i, '%s', m_now ()," - " m_now ());", + " '%s', m_now (), m_now ());", current_credentials.uuid, quoted_name, hash, quoted_comment, quoted_hosts, hosts_allow, - quoted_ifaces, - ifaces_allow, quoted_method); g_free (generated); g_free (hash); g_free (quoted_comment); g_free (quoted_hosts); - g_free (quoted_ifaces); g_free (quoted_method); g_free (quoted_name); @@ -51329,8 +51320,7 @@ copy_user (const char* name, const char* comment, const char *user_id, sql_begin_immediate (); ret = copy_resource_lock ("user", name, comment, user_id, - "password, timezone, hosts, hosts_allow," - " ifaces, ifaces_allow, method", + "password, timezone, hosts, hosts_allow, method", 1, &user, NULL); if (ret) { @@ -52083,8 +52073,6 @@ delete_user (const char *user_id_arg, const char *name_arg, int ultimate, * @param[in] hosts The host the user is allowed/forbidden to scan. * NULL to leave as is. * @param[in] hosts_allow Whether hosts is allow or forbid. - * @param[in] ifaces Interfaces the user is allowed/forbidden to scan. - * @param[in] ifaces_allow Whether ifaces is allow or forbid. * @param[in] allowed_methods Allowed login methods. * @param[in] groups Groups. * @param[out] group_id_return ID of group on "failed to find" error. @@ -52104,13 +52092,12 @@ int modify_user (const gchar * user_id, gchar **name, const gchar *new_name, const gchar * password, const gchar * comment, const gchar * hosts, int hosts_allow, - const gchar *ifaces, int ifaces_allow, const array_t * allowed_methods, array_t *groups, gchar **group_id_return, array_t *roles, gchar **role_id_return, gchar **r_errdesc) { char *errstr; - gchar *hash, *quoted_hosts, *quoted_ifaces, *quoted_method, *clean, *uuid; + gchar *hash, *quoted_hosts, *quoted_method, *clean, *uuid; gchar *quoted_new_name, *quoted_comment; user_t user; int max, was_admin, is_admin; @@ -52256,7 +52243,6 @@ modify_user (const gchar * user_id, gchar **name, const gchar *new_name, if ((hosts_allow == 0) && (max == 0)) /* Convert "Deny none" to "Allow All". */ hosts_allow = 2; - quoted_ifaces = sql_quote (ifaces ? ifaces : ""); quoted_hosts = sql_quote (clean); g_free (clean); quoted_method = sql_quote (allowed_methods @@ -52267,8 +52253,6 @@ modify_user (const gchar * user_id, gchar **name, const gchar *new_name, " comment = %s%s%s," " hosts = '%s'," " hosts_allow = '%i'," - " ifaces = '%s'," - " ifaces_allow = %i," " method = %s%s%s," " modification_time = m_now ()" " WHERE id = %llu;", @@ -52280,15 +52264,12 @@ modify_user (const gchar * user_id, gchar **name, const gchar *new_name, quoted_comment ? "'" : "", quoted_hosts, hosts_allow, - quoted_ifaces, - ifaces_allow, allowed_methods ? "'" : "", allowed_methods ? quoted_method : "method", allowed_methods ? "'" : "", user); g_free (quoted_new_name); g_free (quoted_hosts); - g_free (quoted_ifaces); g_free (quoted_method); if (hash) sql ("UPDATE users" @@ -52510,45 +52491,6 @@ trash_user_writable (user_t user) return 1; } -/** - * @brief Return the ifaces of a user. - * - * @param[in] uuid UUID of user. - * - * @return Newly allocated ifaces value if available, else NULL. - */ -gchar* -user_ifaces (const char *uuid) -{ - gchar *name, *quoted_uuid; - - quoted_uuid = sql_quote (uuid); - name = sql_string ("SELECT ifaces FROM users WHERE uuid = '%s';", - quoted_uuid); - g_free (quoted_uuid); - return name; -} - -/** - * @brief Return whether ifaces value of a user denotes allowed. - * - * @param[in] uuid UUID of user. - * - * @return 1 if allow, else 0. - */ -int -user_ifaces_allow (const char *uuid) -{ - gchar *quoted_uuid; - int allow; - - quoted_uuid = sql_quote (uuid); - allow = sql_int ("SELECT ifaces_allow FROM users WHERE uuid = '%s';", - quoted_uuid); - g_free (quoted_uuid); - return allow; -} - /** * @brief Return the hosts of a user. * @@ -52593,7 +52535,7 @@ user_hosts_allow (const char *uuid) */ #define USER_ITERATOR_FILTER_COLUMNS \ { GET_ITERATOR_FILTER_COLUMNS, "method", "roles", "groups", "hosts", \ - "ifaces", NULL } + NULL } /** * @brief User iterator columns. @@ -52627,8 +52569,6 @@ user_hosts_allow (const char *uuid) "groups", \ KEYWORD_TYPE_STRING \ }, \ - { "ifaces", NULL, KEYWORD_TYPE_STRING }, \ - { "ifaces_allow", NULL, KEYWORD_TYPE_INTEGER }, \ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ } @@ -52641,8 +52581,6 @@ user_hosts_allow (const char *uuid) { "method", NULL, KEYWORD_TYPE_STRING }, \ { "hosts", NULL, KEYWORD_TYPE_STRING }, \ { "hosts_allow", NULL, KEYWORD_TYPE_INTEGER }, \ - { "ifaces", NULL, KEYWORD_TYPE_STRING }, \ - { "ifaces_allow", NULL, KEYWORD_TYPE_INTEGER }, \ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ } @@ -52722,29 +52660,6 @@ user_iterator_hosts_allow (iterator_t* iterator) return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 2); } -/** - * @brief Get the ifaces from a user iterator. - * - * @param[in] iterator Iterator. - * - * @return Interfaces or NULL if iteration is complete. - */ -DEF_ACCESS (user_iterator_ifaces, GET_ITERATOR_COLUMN_COUNT + 5); - -/** - * @brief Get the ifaces allow value from a user iterator. - * - * @param[in] iterator Iterator. - * - * @return Interfaces allow. - */ -int -user_iterator_ifaces_allow (iterator_t* iterator) -{ - if (iterator->done) return -1; - return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 6); -} - /** * @brief Initialise an info iterator. * @@ -56068,5 +55983,8 @@ void set_vt_verification_collation (const char *new_collation) { g_free (vt_verification_collation); - vt_verification_collation = new_collation ? g_strdup(new_collation) : NULL; + if (new_collation && strcmp (new_collation, "")) + vt_verification_collation = g_strdup(new_collation); + else + vt_verification_collation = NULL; } diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index df03e8be4..2450b7745 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -920,7 +920,6 @@ along with this program. If not, see . cvss_base severities cve - bid name @@ -945,11 +944,6 @@ along with this program. If not, see . CVE value associated with the NVT text - - bid - BID associated with the NVT - integer - severity @@ -1276,7 +1270,6 @@ along with this program. If not, see . cvss_base severities cve - bid name @@ -1301,11 +1294,6 @@ along with this program. If not, see . CVE value associated with the NVT text - - bid - BID associated with the NVT - integer - threat @@ -1597,7 +1585,7 @@ along with this program. If not, see . type - Type of the reference, for example "cve", "bid", "dfn-cert", "cert-bund" + Type of the reference, for example "cve", "dfn-cert", "cert-bund" text @@ -5815,7 +5803,6 @@ along with this program. If not, see . copy comment hosts - ifaces password role @@ -5848,18 +5835,6 @@ along with this program. If not, see . text - - ifaces - User access rules: a comma-separated list of ifaces - - - allow - If 1, allow only listed, otherwise forbid listed - boolean - - text - - password The password for the user @@ -12620,7 +12595,6 @@ along with this program. If not, see . 5 - Medium Warning with control char between fullstops: . . @@ -13099,7 +13073,7 @@ along with this program. If not, see . type - Type of the reference, for example "cve", "bid", "dfn-cert", "cert-bund" + Type of the reference, for example "cve", "dfn-cert", "cert-bund" text @@ -15624,7 +15598,6 @@ along with this program. If not, see . NOTAGS - @@ -16659,7 +16632,6 @@ along with this program. If not, see . NOTAGS - Medium @@ -16722,7 +16694,6 @@ along with this program. If not, see . NOTAGS - High @@ -21355,11 +21326,6 @@ along with this program. If not, see . text List of host that are either allowed of forbidden - - ifaces - text - List of ifaces that are either allowed of forbidden - @@ -21405,7 +21371,6 @@ along with this program. If not, see . role groups hosts - ifaces permissions user_tags sources @@ -21524,26 +21489,6 @@ along with this program. If not, see . text - - ifaces - Iface access rule for the user - - - allow - 0 forbidden, 1 allowed, 2 all allowed, 3 custom - - - 0 - 1 - 2 - 3 - - - 1 - - text - - permissions @@ -25443,7 +25388,6 @@ along with this program. If not, see . password role hosts - ifaces sources @@ -25476,18 +25420,6 @@ along with this program. If not, see . text - - ifaces - User access rules: a comma-separated list of ifaces - - - allow - If 1, allow only listed, otherwise forbid listed - boolean - - text - - password The password for the user @@ -26069,6 +26001,19 @@ along with this program. If not, see . + + CREATE_TASK, CREATE_USER, GET_TASKS, GET_USERS, MODIFY_TASK, MODIFY_USER + Removed network interface (iface) options + +

+ The option to choose the source interface in the form of the task + preference "source_iface" has been removed as well as + the "ifaces" element of users to limit the allowed network + interfaces. +

+ + 21.10 + GET_INFO Removed the Secinfo-type OVALDEF from the GET_INFO command