Merge pull request #1033 from timopollmeier/osp-user-limitations-master

Add user limits on hosts and ifaces to OSP prefs (master)
greenbone · Apr 6, 2020 · f86836d · f86836d
2 parents 79080f1 + 265da81
commit f86836d
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -92,6 +92,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Ensure parent exists when moving report format dir [#1019](https://github.com/greenbone/gvmd/pull/1019)
 - Use nvti_qod instead of the old nvti_get_tag() [#1022](https://github.com/greenbone/gvmd/pull/1022)
 - Remove active clause when filtering resources by tag [#1025](https://github.com/greenbone/gvmd/pull/1025)
+- Add user limits on hosts and ifaces to OSP prefs [#1033](https://github.com/greenbone/gvmd/pull/1033)
 
 ### Removed
 - Remove support for "All SecInfo": removal of "allinfo" for type in get_info [#790](https://github.com/greenbone/gvmd/pull/790)

diff --git a/src/manage.c b/src/manage.c
@@ -4066,6 +4066,50 @@ prepare_osp_scan_for_resume (task_t task, const char *scan_id, char **error)
   return -1;
 }
 
+/**
+ * @brief Add OSP preferences for limiting ifaces and hosts for users.
+ *
+ * @param[in]  scanner_options  The scanner preferences table to add to.
+ */
+static void
+add_user_scan_preferences (GHashTable *scanner_options)
+{
+  gchar *hosts, *ifaces, *name;
+  int hosts_allow, ifaces_allow;
+
+  // Limit access to hosts
+  hosts = user_hosts (current_credentials.uuid);
+  hosts_allow = user_hosts_allow (current_credentials.uuid);
+
+  if (hosts_allow == 1)
+    name = g_strdup ("hosts_allow");
+  else if (hosts_allow == 0)
+    name = g_strdup ("hosts_deny");
+  else
+    name = NULL;
+
+  if (name)
+    g_hash_table_replace (scanner_options, name, hosts);
+  else
+    g_free (hosts);
+
+  // Limit access to ifaces
+  ifaces = user_ifaces (current_credentials.uuid);
+  ifaces_allow = user_ifaces_allow (current_credentials.uuid);
+
+  if (ifaces_allow == 1)
+    name = g_strdup ("ifaces_allow");
+  else if (ifaces_allow == 0)
+    name = g_strdup ("ifaces_deny");
+  else
+    name = NULL;
+
+  if (name)
+    g_hash_table_replace (scanner_options, name, ifaces);
+  else
+    g_free (ifaces);
+}
+
 /**
  * @brief Launch an OpenVAS via OSP task.
  *
@@ -4196,6 +4240,9 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
         }
     }
 
+  /* Setup user-specific scanner preference */
+  add_user_scan_preferences (scanner_options);
+
   /* Setup vulnerability tests (without preferences) */
   vts = NULL;
   vts_hash_table