From be16410e65a0a3d0abe6f63181edd553c80297da Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 26 Nov 2024 10:12:32 +0100 Subject: [PATCH 1/3] Fix: Avoid DB check inserts in cleanup-sequences When running gvmd with the --optimize=cleanup-sequences option, the database checks during initialization will avoid most inserts. Setting database_version and max_hosts in the meta table now uses INSERT ... ON CONFLICT instead of deleting the previous entry. Skipping the inserts prevents the cleanup failing if one of the sequence has already run out of ids. The change to the meta table update reduces the risk of the meta table id sequence running out. (cherry picked from commit 705c6c2569b88970bcdc2af08c2f3ca25c87c39b) --- src/manage.c | 9 +- src/manage.h | 2 +- src/manage_sql.c | 142 ++++++++++++++++++++++---------- src/manage_sql.h | 2 +- src/manage_sql_configs.c | 7 +- src/manage_sql_configs.h | 2 +- src/manage_sql_nvts.c | 6 +- src/manage_sql_port_lists.c | 7 +- src/manage_sql_report_formats.c | 11 ++- src/manage_sql_report_formats.h | 2 +- src/manage_sql_secinfo.c | 3 +- 11 files changed, 135 insertions(+), 58 deletions(-) diff --git a/src/manage.c b/src/manage.c index c924ca36e..37c9ddb24 100644 --- a/src/manage.c +++ b/src/manage.c @@ -975,7 +975,8 @@ int manage_create_encryption_key (GSList *log_config, const db_conn_info_t *database) { - int ret = manage_option_setup (log_config, database); + int ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) { printf ("Error setting up log config or database connection."); @@ -1039,7 +1040,8 @@ manage_set_encryption_key (GSList *log_config, const db_conn_info_t *database, const char *uid) { - int ret = manage_option_setup (log_config, database); + int ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) { printf ("Error setting up log config or database connection.\n"); @@ -5417,7 +5419,8 @@ manage_rebuild_gvmd_data_from_feed (const char *types, return -1; } - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) { if (error_msg) diff --git a/src/manage.h b/src/manage.h index 0ee2e9c23..f86e54524 100644 --- a/src/manage.h +++ b/src/manage.h @@ -127,7 +127,7 @@ init_manage (GSList*, const db_conn_info_t *, int, int, int, int, manage_connection_forker_t, int); int -init_manage_helper (GSList *, const db_conn_info_t *, int); +init_manage_helper (GSList *, const db_conn_info_t *, int, int); void init_manage_process (const db_conn_info_t*); diff --git a/src/manage_sql.c b/src/manage_sql.c index 2b87ba8ac..e3036e361 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -933,13 +933,15 @@ cert_check_time () * * @param[in] log_config Log configuration. * @param[in] database Database. + * @param[in] avoid_db_check_inserts Whether to avoid inserts in DB check. * * @return 0 success, -1 error, -2 database is too old, * -3 database needs to be initialised from server, * -5 database is too new. */ int -manage_option_setup (GSList *log_config, const db_conn_info_t *database) +manage_option_setup (GSList *log_config, const db_conn_info_t *database, + int avoid_db_check_inserts) { int ret; @@ -950,7 +952,8 @@ manage_option_setup (GSList *log_config, const db_conn_info_t *database) } ret = init_manage_helper (log_config, database, - MANAGE_ABSOLUTE_MAX_IPS_PER_TARGET); + MANAGE_ABSOLUTE_MAX_IPS_PER_TARGET, + avoid_db_check_inserts); assert (ret != -4); switch (ret) { @@ -6167,10 +6170,9 @@ manage_cert_db_version () void set_db_version (int version) { - sql ("DELETE FROM %s.meta WHERE name = 'database_version';", - sql_schema ()); sql ("INSERT INTO %s.meta (name, value)" - " VALUES ('database_version', '%i');", + " VALUES ('database_version', '%i')" + " ON CONFLICT (name) DO UPDATE SET value = EXCLUDED.value;", sql_schema (), version); } @@ -6416,7 +6418,8 @@ manage_encrypt_all_credentials (GSList *log_config, g_info (" (Re-)encrypting all credentials."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -6457,7 +6460,8 @@ manage_decrypt_all_credentials (GSList *log_config, g_info (" Decrypting all credentials."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -6796,7 +6800,8 @@ manage_check_alerts (GSList *log_config, const db_conn_info_t *database) g_info (" Checking alerts."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -15919,11 +15924,16 @@ manage_update_nvti_cache () /** * @brief Ensure the predefined scanner exists. * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. + * * @return 0 if success, -1 if error. */ static int -check_db_scanners () +check_db_scanners (int avoid_db_check_inserts) { + if (avoid_db_check_inserts) + return 0; + if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';", SCANNER_UUID_DEFAULT) == 0) { @@ -15952,11 +15962,16 @@ check_db_scanners () /** * @brief Initialize the default settings. * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. + * * Ensure all the default manager settings exist. */ static void -check_db_settings () +check_db_settings (int avoid_db_check_inserts) { + if (avoid_db_check_inserts) + return; + if (sql_int ("SELECT count(*) FROM settings" " WHERE uuid = '6765549a-934e-11e3-b358-406186ea4fc5'" " AND " ACL_IS_GLOBAL () ";") @@ -16314,10 +16329,15 @@ check_db_versions () /** * @brief Ensures the sanity of nvts cache in DB. + * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ static void -check_db_nvt_selectors () +check_db_nvt_selectors (int avoid_db_check_inserts) { + if (avoid_db_check_inserts) + return; + /* Ensure every part of the predefined selector exists. * This restores entries lost due to the error solved 2010-08-13 by r8805. */ if (sql_int ("SELECT count(*) FROM nvt_selectors WHERE name =" @@ -16454,10 +16474,15 @@ add_permissions_on_globals (const gchar *role_uuid) /** * @brief Ensure the predefined permissions exists. + * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ static void -check_db_permissions () +check_db_permissions (int avoid_db_check_inserts) { + if (avoid_db_check_inserts) + return; + command_t *command; if (sql_int ("SELECT count(*) FROM permissions" @@ -16616,10 +16641,15 @@ check_db_permissions () /** * @brief Ensure the predefined roles exists. + * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ static void -check_db_roles () +check_db_roles (int avoid_db_check_inserts) { + if (avoid_db_check_inserts) + return; + if (sql_int ("SELECT count(*) FROM roles WHERE uuid = '" ROLE_UUID_ADMIN "';") == 0) sql ("INSERT INTO roles" @@ -16775,11 +16805,11 @@ manage_migrate_relay_sensors () * Only called by init_manage_internal, and ultimately only by the main process. * * @param[in] check_encryption_key Whether to check encryption key. - * + * @param[in] avoid_db_check_inserts Whether to avoid inserts in DB check. * @return 0 success, -1 error. */ static int -check_db (int check_encryption_key) +check_db (int check_encryption_key, int avoid_db_check_inserts) { /* The file locks managed at startup ensure that this is the only Manager * process accessing the db. Nothing else should be accessing the db, access @@ -16790,19 +16820,19 @@ check_db (int check_encryption_key) create_tables (); check_db_sequences (); set_db_version (GVMD_DATABASE_VERSION); - check_db_roles (); - check_db_nvt_selectors (); + check_db_roles (avoid_db_check_inserts); + check_db_nvt_selectors (avoid_db_check_inserts); check_db_nvts (); - check_db_port_lists (); + check_db_port_lists (avoid_db_check_inserts); clean_auth_cache (); - if (check_db_scanners ()) + if (check_db_scanners (avoid_db_check_inserts)) goto fail; - if (check_db_report_formats ()) + if (check_db_report_formats (avoid_db_check_inserts)) goto fail; if (check_db_report_formats_trash ()) goto fail; - check_db_permissions (); - check_db_settings (); + check_db_permissions (avoid_db_check_inserts); + check_db_settings (avoid_db_check_inserts); cleanup_schedule_times (); if (check_encryption_key && check_db_encryption_key ()) goto fail; @@ -16969,6 +16999,7 @@ cleanup_tables () * with GMP when an alert occurs. * @param[in] skip_db_check Skip DB check. * @param[in] check_encryption_key Check encryption key if doing DB check. + * @param[in] avoid_db_check_inserts Whether to avoid inserts in DB check. * * @return 0 success, -1 error, -2 database is too old, * -4 max_ips_per_target out of range, -5 database is too new. @@ -16983,7 +17014,8 @@ init_manage_internal (GSList *log_config, int stop_tasks, manage_connection_forker_t fork_connection, int skip_db_check, - int check_encryption_key) + int check_encryption_key, + int avoid_db_check_inserts) { int ret; @@ -17069,7 +17101,7 @@ init_manage_internal (GSList *log_config, * 2 a helper processes (--create-user, --get-users, etc) when the * main process is not running. */ - ret = check_db (check_encryption_key); + ret = check_db (check_encryption_key, avoid_db_check_inserts); if (ret) return ret; @@ -17077,8 +17109,10 @@ init_manage_internal (GSList *log_config, /* Set max_hosts in db, so database server side can access it. */ - sql ("DELETE FROM meta WHERE name = 'max_hosts';"); - sql ("INSERT INTO meta (name, value) VALUES ('max_hosts', %i);", max_hosts); + sql ("INSERT INTO meta (name, value)" + " VALUES ('max_hosts', %i)" + " ON CONFLICT (name) DO UPDATE SET value = EXCLUDED.value;", + max_hosts); } if (stop_tasks) @@ -17092,7 +17126,7 @@ init_manage_internal (GSList *log_config, if (skip_db_check == 0) /* Requires NVT cache. */ - check_db_configs (); + check_db_configs (avoid_db_check_inserts); sql_close (); gvmd_db_conn_info.name = database->name ? g_strdup (database->name) : NULL; @@ -17146,7 +17180,8 @@ init_manage (GSList *log_config, const db_conn_info_t *database, 1, /* Stop active tasks. */ fork_connection, skip_db_check, - 1); /* Check encryption key if checking db. */ + 1, /* Check encryption key if checking db. */ + 0 /* Do not avoid inserts if checking db. */); } /** @@ -17158,7 +17193,8 @@ init_manage (GSList *log_config, const db_conn_info_t *database, * * @param[in] log_config Log configuration. * @param[in] database Location of database. - * @param[in] max_ips_per_target Max number of IPs per target. + * @param[in] max_ips_per_target Max number of IPs per target. + * @param[in] avoid_db_check_inserts Whether to avoid inserts in DB check. * * @return 0 success, -1 error, -2 database is too old, -3 database needs * to be initialised from server, -4 max_ips_per_target out of range, @@ -17166,7 +17202,7 @@ init_manage (GSList *log_config, const db_conn_info_t *database, */ int init_manage_helper (GSList *log_config, const db_conn_info_t *database, - int max_ips_per_target) + int max_ips_per_target, int avoid_db_check_inserts) { return init_manage_internal (log_config, database, @@ -17183,7 +17219,8 @@ init_manage_helper (GSList *log_config, const db_conn_info_t *database, lockfile_locked ("gvm-serving") ? 1 /* Skip DB check. */ : 0, /* Do DB check. */ - 0); /* Dummy. */ + 0, /* Dummy. */ + avoid_db_check_inserts); } /** @@ -41479,7 +41516,8 @@ manage_create_scanner (GSList *log_config, const db_conn_info_t *database, g_info (" Creating scanner."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -41668,7 +41706,8 @@ manage_delete_scanner (GSList *log_config, const db_conn_info_t *database, return 3; } - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -41736,7 +41775,8 @@ manage_modify_scanner (GSList *log_config, const db_conn_info_t *database, g_info (" Modifying scanner."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -41955,7 +41995,8 @@ manage_verify_scanner (GSList *log_config, const db_conn_info_t *database, g_info (" Verifying scanner."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -43440,7 +43481,8 @@ manage_get_scanners (GSList *log_config, const db_conn_info_t *database) g_info (" Getting scanners."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -47379,7 +47421,8 @@ manage_get_roles (GSList *log_config, const db_conn_info_t *database, g_info (" Getting roles."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -54054,7 +54097,8 @@ manage_modify_setting (GSList *log_config, const db_conn_info_t *database, return 3; } - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -54209,7 +54253,8 @@ manage_create_user (GSList *log_config, const db_conn_info_t *database, g_info (" Creating user."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -54299,7 +54344,8 @@ manage_delete_user (GSList *log_config, const db_conn_info_t *database, g_info (" Deleting user."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -54364,7 +54410,8 @@ manage_get_users (GSList *log_config, const db_conn_info_t *database, g_info (" Getting users."); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -54468,7 +54515,8 @@ manage_set_password (GSList *log_config, const db_conn_info_t *database, return -1; } - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return ret; @@ -59483,7 +59531,15 @@ manage_optimize (GSList *log_config, const db_conn_info_t *database, return 1; } - ret = manage_option_setup (log_config, database); + int avoid_db_check_inserts = 0; + /* The optimize=cleanup-sequences option may be used if a sequence has + * already reached its maximum value, so avoid any inserts that may cause + * a sequence maximum error. * + */ + if (strcasecmp (name, "cleanup-sequences") == 0) + avoid_db_check_inserts = 1; + + ret = manage_option_setup (log_config, database, avoid_db_check_inserts); if (ret) return ret; diff --git a/src/manage_sql.h b/src/manage_sql.h index b9db9cb99..a4dec72d8 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -453,7 +453,7 @@ void check_alerts (); int -manage_option_setup (GSList *, const db_conn_info_t *); +manage_option_setup (GSList *, const db_conn_info_t *, int); void manage_option_cleanup (); diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c index 28e2bb10e..07e25734e 100644 --- a/src/manage_sql_configs.c +++ b/src/manage_sql_configs.c @@ -4532,12 +4532,17 @@ update_config (config_t config, const gchar *name, /** * @brief Check configs, for startup. + * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ void -check_db_configs () +check_db_configs (int avoid_db_check_inserts) { migrate_predefined_configs (); + if (avoid_db_check_inserts) + return; + if (sync_configs_with_feed (FALSE) <= -1) g_warning ("%s: Failed to sync configs with feed", __func__); diff --git a/src/manage_sql_configs.h b/src/manage_sql_configs.h index 888d4e4fb..901878423 100644 --- a/src/manage_sql_configs.h +++ b/src/manage_sql_configs.h @@ -97,7 +97,7 @@ update_config (config_t, const gchar *, const gchar *, const gchar *, int, const array_t*, const array_t*, const gchar *); void -check_db_configs (); +check_db_configs (int); void check_whole_only_in_configs (); diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 04e9cf3c8..73aab286c 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -2654,7 +2654,8 @@ manage_rebuild (GSList *log_config, const db_conn_info_t *database) return -1; } - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) { feed_lockfile_unlock (&lockfile); @@ -2727,7 +2728,8 @@ manage_dump_vt_verification (GSList *log_config, return -1; } - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) { feed_lockfile_unlock (&lockfile); diff --git a/src/manage_sql_port_lists.c b/src/manage_sql_port_lists.c index c24abaea6..b56b9fcc2 100644 --- a/src/manage_sql_port_lists.c +++ b/src/manage_sql_port_lists.c @@ -2652,12 +2652,17 @@ update_port_list (port_list_t port_list, const gchar *name, /** * @brief Check port lists, for startup. + * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ void -check_db_port_lists () +check_db_port_lists (int avoid_db_check_inserts) { migrate_predefined_port_lists (); + if (avoid_db_check_inserts) + return; + if (sync_port_lists_with_feed (FALSE) <= -1) g_warning ("%s: Failed to sync port lists with feed", __func__); diff --git a/src/manage_sql_report_formats.c b/src/manage_sql_report_formats.c index 1579b3a71..3f1f8238d 100644 --- a/src/manage_sql_report_formats.c +++ b/src/manage_sql_report_formats.c @@ -4895,16 +4895,21 @@ check_db_trash_report_formats () /** * @brief Ensure the predefined report formats exist. * + * @param[in] avoid_db_check_inserts Whether to avoid inserts. + * * @return 0 success, -1 error. */ int -check_db_report_formats () +check_db_report_formats (int avoid_db_check_inserts) { if (migrate_predefined_report_formats ()) return -1; - if (sync_report_formats_with_feed (FALSE) <= -1) - g_warning ("%s: Failed to sync report formats with feed", __func__); + if (avoid_db_check_inserts == 0) + { + if (sync_report_formats_with_feed (FALSE) <= -1) + g_warning ("%s: Failed to sync report formats with feed", __func__); + } if (check_db_trash_report_formats ()) return -1; diff --git a/src/manage_sql_report_formats.h b/src/manage_sql_report_formats.h index 1ea556752..de7a04be2 100644 --- a/src/manage_sql_report_formats.h +++ b/src/manage_sql_report_formats.h @@ -83,7 +83,7 @@ int migrate_predefined_report_formats (); int -check_db_report_formats (); +check_db_report_formats (int); int check_db_report_formats_trash (); diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index a12e4f256..f57cab76e 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -4649,7 +4649,8 @@ manage_rebuild_scap (GSList *log_config, const db_conn_info_t *database) g_info (" Rebuilding SCAP data"); - ret = manage_option_setup (log_config, database); + ret = manage_option_setup (log_config, database, + 0 /* avoid_db_check_inserts */); if (ret) return -1; From f036edc9267a98b91a432bc41bbc58639d5bd40c Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 28 Nov 2024 10:09:42 +0100 Subject: [PATCH 2/3] Add: New Kerberos credential type The new type "krb5" is added to the create_credential, modify_credential and get_credentials commands. This will later be usable in scan targets for Kerberos 5 authentication. (cherry picked from commit 5bcc39e0b4f73a85665553a3301d0aeeea2a9cb6) --- src/gmp.c | 67 +++++++++++++++++++++++++++ src/manage.c | 2 + src/manage.h | 10 +++- src/manage_sql.c | 77 +++++++++++++++++++++++++++---- src/schema_formats/XML/GMP.xml.in | 40 ++++++++++++++++ 5 files changed, 185 insertions(+), 11 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index b9165b39c..51e6f82e7 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -447,6 +447,7 @@ typedef struct char *certificate; ///< Certificate for client certificate auth. char *comment; ///< Comment. char *copy; ///< UUID of resource to copy. + char *kdc; ///< Kerberos KDC (key distribution centers). int key; ///< Whether the command included a key element. char *key_phrase; ///< Passphrase for key. char *key_private; ///< Private key from key. @@ -458,6 +459,7 @@ typedef struct char *auth_algorithm; ///< SNMP Authentication algorithm. char *privacy_password; ///< SNMP Privacy password. char *privacy_algorithm; ///< SNMP Privacy algorithm. + char *realm; ///< Kerberos realm. char *type; ///< Type of credential. } create_credential_data_t; @@ -473,6 +475,7 @@ create_credential_data_reset (create_credential_data_t *data) free (data->certificate); free (data->comment); free (data->copy); + free (data->kdc); free (data->key_phrase); free (data->key_private); free (data->key_public); @@ -483,6 +486,7 @@ create_credential_data_reset (create_credential_data_t *data) free (data->auth_algorithm); free (data->privacy_password); free (data->privacy_algorithm); + free (data->realm); free (data->type); memset (data, 0, sizeof (create_credential_data_t)); @@ -2513,6 +2517,7 @@ typedef struct char *comment; ///< Comment. char *community; ///< SNMP Community string. char *credential_id; ///< ID of credential to modify. + char *kdc; ///< Kerberos KDC (key distribution centers). int key; ///< Whether the command included a key element. char *key_phrase; ///< Passphrase for key. char *key_private; ///< Private key from key. @@ -2522,6 +2527,7 @@ typedef struct char *password; ///< Password associated with login name. char *privacy_algorithm; ///< SNMP Privacy algorithm. char *privacy_password; ///< SNMP Privacy password. + char *realm; ///< Kerberos realm. } modify_credential_data_t; /** @@ -2538,6 +2544,7 @@ modify_credential_data_reset (modify_credential_data_t *data) free (data->comment); free (data->community); free (data->credential_id); + free (data->kdc); free (data->key_phrase); free (data->key_private); free (data->key_public); @@ -2546,6 +2553,7 @@ modify_credential_data_reset (modify_credential_data_t *data) free (data->password); free (data->privacy_algorithm); free (data->privacy_password); + free (data->realm); memset (data, 0, sizeof (modify_credential_data_t)); } @@ -4086,6 +4094,7 @@ typedef enum CLIENT_CREATE_CREDENTIAL_COMMENT, CLIENT_CREATE_CREDENTIAL_COMMUNITY, CLIENT_CREATE_CREDENTIAL_COPY, + CLIENT_CREATE_CREDENTIAL_KDC, CLIENT_CREATE_CREDENTIAL_KEY, CLIENT_CREATE_CREDENTIAL_KEY_PHRASE, CLIENT_CREATE_CREDENTIAL_KEY_PRIVATE, @@ -4096,6 +4105,7 @@ typedef enum CLIENT_CREATE_CREDENTIAL_PRIVACY, CLIENT_CREATE_CREDENTIAL_PRIVACY_ALGORITHM, CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD, + CLIENT_CREATE_CREDENTIAL_REALM, CLIENT_CREATE_CREDENTIAL_TYPE, CLIENT_CREATE_FILTER, CLIENT_CREATE_FILTER_COMMENT, @@ -4418,6 +4428,7 @@ typedef enum CLIENT_MODIFY_CREDENTIAL_CERTIFICATE, CLIENT_MODIFY_CREDENTIAL_COMMENT, CLIENT_MODIFY_CREDENTIAL_COMMUNITY, + CLIENT_MODIFY_CREDENTIAL_KDC, CLIENT_MODIFY_CREDENTIAL_KEY, CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE, CLIENT_MODIFY_CREDENTIAL_KEY_PRIVATE, @@ -4428,6 +4439,7 @@ typedef enum CLIENT_MODIFY_CREDENTIAL_PRIVACY, CLIENT_MODIFY_CREDENTIAL_PRIVACY_ALGORITHM, CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD, + CLIENT_MODIFY_CREDENTIAL_REALM, CLIENT_MODIFY_FILTER, CLIENT_MODIFY_FILTER_COMMENT, CLIENT_MODIFY_FILTER_NAME, @@ -6281,6 +6293,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, gvm_append_string (&modify_credential_data->community, ""); set_client_state (CLIENT_MODIFY_CREDENTIAL_COMMUNITY); } + else if (strcasecmp ("KDC", element_name) == 0) + { + set_client_state (CLIENT_MODIFY_CREDENTIAL_KDC); + } else if (strcasecmp ("KEY", element_name) == 0) { modify_credential_data->key = 1; @@ -6300,6 +6316,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, gvm_append_string (&modify_credential_data->privacy_algorithm, ""); } + else if (strcasecmp ("REALM", element_name) == 0) + { + set_client_state (CLIENT_MODIFY_CREDENTIAL_REALM); + } ELSE_READ_OVER; case CLIENT_MODIFY_CREDENTIAL_KEY: @@ -6960,6 +6980,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, set_client_state (CLIENT_CREATE_CREDENTIAL_COMMENT); else if (strcasecmp ("COMMUNITY", element_name) == 0) set_client_state (CLIENT_CREATE_CREDENTIAL_COMMUNITY); + else if (strcasecmp ("KDC", element_name) == 0) + set_client_state (CLIENT_CREATE_CREDENTIAL_KDC); else if (strcasecmp ("KEY", element_name) == 0) { create_credential_data->key = 1; @@ -6978,6 +7000,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, } else if (strcasecmp ("PRIVACY", element_name) == 0) set_client_state (CLIENT_CREATE_CREDENTIAL_PRIVACY); + else if (strcasecmp ("REALM", element_name) == 0) + set_client_state (CLIENT_CREATE_CREDENTIAL_REALM); else if (strcasecmp ("TYPE", element_name) == 0) set_client_state (CLIENT_CREATE_CREDENTIAL_TYPE); ELSE_READ_OVER; @@ -12336,6 +12360,19 @@ handle_get_credentials (gmp_parser_t *gmp_parser, GError **error) SEND_TO_CLIENT_OR_FAIL (formats_xml); g_free (formats_xml); + if (type && (strcmp (type, "krb5") == 0)) + { + const char *kdc, *realm; + kdc = credential_iterator_kdc (&credentials); + realm = credential_iterator_realm (&credentials); + + SENDF_TO_CLIENT_OR_FAIL + ("%s" + "%s", + kdc ? kdc : "", + realm ? realm : ""); + } + if (type && (strcmp (type, "snmp") == 0)) { const char *auth_algorithm, *privacy_algorithm; @@ -21073,6 +21110,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, create_credential_data->auth_algorithm, create_credential_data->privacy_password, create_credential_data->privacy_algorithm, + create_credential_data->kdc, + create_credential_data->realm, create_credential_data->type, create_credential_data->allow_insecure, &new_credential)) @@ -21180,6 +21219,16 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, (XML_ERROR_SYNTAX ("create_credential", "Cannot determine type for new credential")); break; + case 19: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("create_credential", + "Selected type requires a kdc")); + break; + case 20: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("create_credential", + "Selected type requires a realm")); + break; case 99: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_credential", @@ -21202,6 +21251,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_CREATE_CREDENTIAL, COMMENT); CLOSE (CLIENT_CREATE_CREDENTIAL, COMMUNITY); CLOSE (CLIENT_CREATE_CREDENTIAL, COPY); + CLOSE (CLIENT_CREATE_CREDENTIAL, KDC); CLOSE (CLIENT_CREATE_CREDENTIAL, KEY); CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PHRASE); CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PRIVATE); @@ -21212,6 +21262,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_CREATE_CREDENTIAL, PRIVACY); CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, ALGORITHM); CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, PASSWORD); + CLOSE (CLIENT_CREATE_CREDENTIAL, REALM); CLOSE (CLIENT_CREATE_CREDENTIAL, TYPE); case CLIENT_CREATE_FILTER: @@ -24267,6 +24318,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, modify_credential_data->auth_algorithm, modify_credential_data->privacy_password, modify_credential_data->privacy_algorithm, + modify_credential_data->kdc, + modify_credential_data->realm, modify_credential_data->allow_insecure)) { case 0: @@ -24389,6 +24442,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_MODIFY_CREDENTIAL, CERTIFICATE); CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMENT); CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMUNITY); + CLOSE (CLIENT_MODIFY_CREDENTIAL, KDC); CLOSE (CLIENT_MODIFY_CREDENTIAL, KEY); CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PHRASE); CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PRIVATE); @@ -24399,6 +24453,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_MODIFY_CREDENTIAL, PRIVACY); CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, ALGORITHM); CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, PASSWORD); + CLOSE (CLIENT_MODIFY_CREDENTIAL, REALM); case CLIENT_MODIFY_FILTER: { @@ -27049,6 +27104,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context, APPEND (CLIENT_MODIFY_CREDENTIAL_COMMUNITY, &modify_credential_data->community); + APPEND (CLIENT_MODIFY_CREDENTIAL_KDC, + &modify_credential_data->kdc); + APPEND (CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE, &modify_credential_data->key_phrase); @@ -27073,6 +27131,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context, APPEND (CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD, &modify_credential_data->privacy_password); + APPEND (CLIENT_MODIFY_CREDENTIAL_REALM, + &modify_credential_data->realm); + case CLIENT_MODIFY_REPORT_CONFIG: modify_report_config_element_text (text, text_len); @@ -27180,6 +27241,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context, APPEND (CLIENT_CREATE_CREDENTIAL_COPY, &create_credential_data->copy); + APPEND (CLIENT_CREATE_CREDENTIAL_KDC, + &create_credential_data->kdc); + APPEND (CLIENT_CREATE_CREDENTIAL_KEY_PHRASE, &create_credential_data->key_phrase); @@ -27204,6 +27268,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context, APPEND (CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD, &create_credential_data->privacy_password); + APPEND (CLIENT_CREATE_CREDENTIAL_REALM, + &create_credential_data->realm); + APPEND (CLIENT_CREATE_CREDENTIAL_TYPE, &create_credential_data->type); diff --git a/src/manage.c b/src/manage.c index 37c9ddb24..b61785256 100644 --- a/src/manage.c +++ b/src/manage.c @@ -4128,6 +4128,8 @@ credential_full_type (const char* abbreviation) return NULL; else if (strcasecmp (abbreviation, "cc") == 0) return "client certificate"; + else if (strcasecmp (abbreviation, "krb5") == 0) + return "Kerberos 5"; else if (strcasecmp (abbreviation, "pw") == 0) return "password only"; else if (strcasecmp (abbreviation, "snmp") == 0) diff --git a/src/manage.h b/src/manage.h index f86e54524..e1ddc4a4f 100644 --- a/src/manage.h +++ b/src/manage.h @@ -2218,7 +2218,7 @@ int create_credential (const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, - const char*, credential_t*); + const char*, const char*, const char*, credential_t*); int copy_credential (const char*, const char*, const char*, @@ -2228,7 +2228,7 @@ int modify_credential (const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, - const char*); + const char*, const char*, const char*); int delete_credential (const char *, int); @@ -2269,6 +2269,12 @@ credential_iterator_privacy_password (iterator_t*); const char* credential_iterator_public_key (iterator_t*); +const char* +credential_iterator_kdc (iterator_t*); + +const char* +credential_iterator_realm (iterator_t*); + const char* credential_iterator_private_key (iterator_t*); diff --git a/src/manage_sql.c b/src/manage_sql.c index e3036e361..66fce6cf4 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -36941,6 +36941,8 @@ validate_credential_username_for_format (const gchar *username, * @param[in] auth_algorithm SNMP authentication algorithm, or NULL. * @param[in] privacy_password SNMP privacy password. * @param[in] privacy_algorithm SNMP privacy algorithm. + * @param[in] kdc Kerberos KDC (key distribution centers). + * @param[in] realm Kerberos realm. * @param[in] given_type Credential type or NULL. * @param[in] allow_insecure Whether to allow insecure uses. * @param[out] credential Created Credential. @@ -36954,6 +36956,7 @@ validate_credential_username_for_format (const gchar *username, * 14 privacy algorithm missing, * 15 invalid auth algorithm, 16 invalid privacy algorithm, * 17 invalid certificate, 18 cannot determine type, + * 19 key distribution center missing, 20 realm missing, * 99 permission denied, -1 error. */ int @@ -36963,6 +36966,7 @@ create_credential (const char* name, const char* comment, const char* login, const char* certificate, const char* community, const char* auth_algorithm, const char* privacy_password, const char* privacy_algorithm, + const char* kdc, const char *realm, const char* given_type, const char* allow_insecure, credential_t *credential) { @@ -37009,7 +37013,8 @@ create_credential (const char* name, const char* comment, const char* login, && strcmp (given_type, "snmp") && strcmp (given_type, "smime") && strcmp (given_type, "up") - && strcmp (given_type, "usk")) + && strcmp (given_type, "usk") + && strcmp (given_type, "krb5")) { sql_rollback (); return 4; @@ -37024,6 +37029,8 @@ create_credential (const char* name, const char* comment, const char* login, quoted_type = g_strdup ("cc"); else if (login && key_private) quoted_type = g_strdup ("usk"); + else if (login && given_password && (realm || kdc)) + quoted_type = g_strdup ("krb5"); else if (login && given_password) quoted_type = g_strdup ("up"); else if (login && key_private == NULL && given_password == NULL) @@ -37044,7 +37051,8 @@ create_credential (const char* name, const char* comment, const char* login, && (strcmp (quoted_type, "cc") == 0 || strcmp (quoted_type, "pgp") == 0 || strcmp (quoted_type, "smime") == 0 - || strcmp (quoted_type, "snmp") == 0)) + || strcmp (quoted_type, "snmp") == 0 + || strcmp (quoted_type, "krb5") == 0)) ret = 10; // Type does not support autogenerate using_snmp_v3 = 0; @@ -37058,7 +37066,8 @@ create_credential (const char* name, const char* comment, const char* login, ret = 5; else if (given_password == NULL && auto_generate == 0 && (strcmp (quoted_type, "up") == 0 - || strcmp (quoted_type, "pw") == 0)) + || strcmp (quoted_type, "pw") == 0 + || strcmp (quoted_type, "krb5") == 0)) // (username) password requires a password ret = 6; else if (key_private == NULL && auto_generate == 0 @@ -37072,6 +37081,12 @@ create_credential (const char* name, const char* comment, const char* login, else if (key_public == NULL && auto_generate == 0 && strcmp (quoted_type, "pgp") == 0) ret = 9; + else if (kdc == NULL && auto_generate == 0 + && strcmp (quoted_type, "krb5") == 0) + ret = 19; + else if (realm == NULL && auto_generate == 0 + && strcmp (quoted_type, "krb5") == 0) + ret = 20; else if (strcmp (quoted_type, "snmp") == 0) { if (login || given_password || auth_algorithm @@ -37147,9 +37162,10 @@ create_credential (const char* name, const char* comment, const char* login, "username", login); } + if (kdc) + set_credential_data (new_credential, "kdc", kdc); if (key_public) set_credential_data (new_credential, "public_key", key_public); - if (certificate) { gchar *certificate_truncated; @@ -37170,6 +37186,8 @@ create_credential (const char* name, const char* comment, const char* login, if (privacy_algorithm) set_credential_data (new_credential, "privacy_algorithm", privacy_algorithm); + if (realm) + set_credential_data (new_credential, "realm", realm); g_free (quoted_type); @@ -37448,6 +37466,8 @@ copy_credential (const char* name, const char* comment, * @param[in] auth_algorithm Authentication algorithm of Credential. * @param[in] privacy_password Privacy password of Credential. * @param[in] privacy_algorithm Privacy algorithm of Credential. + * @param[in] kdc Kerberos KDC (key distribution centers). + * @param[in] realm Kerberos realm. * @param[in] allow_insecure Whether to allow insecure use. * * @return 0 success, 1 failed to find credential, 2 credential with new name @@ -37467,6 +37487,7 @@ modify_credential (const char *credential_id, const char* certificate, const char* community, const char* auth_algorithm, const char* privacy_password, const char* privacy_algorithm, + const char* kdc, const char* realm, const char* allow_insecure) { credential_t credential; @@ -37742,6 +37763,15 @@ modify_credential (const char *credential_id, { set_credential_data (credential, "secret", ""); } + else if (strcmp (type, "krb5") == 0) + { + if (password) + set_credential_password (credential, password); + if (kdc) + set_credential_data (credential, "kdc", kdc); + if (realm) + set_credential_data (credential, "realm", realm); + } else { g_warning ("%s: Unknown credential type: %s", __func__, type); @@ -37937,6 +37967,14 @@ delete_credential (const char *credential_id, int ultimate) " WHERE credential = credentials.id AND type = 'public_key')", \ NULL, \ KEYWORD_TYPE_STRING }, \ + { "(SELECT value FROM credentials_data" \ + " WHERE credential = credentials.id AND type = 'kdc')" , \ + "kdc", \ + KEYWORD_TYPE_STRING }, \ + { "(SELECT value FROM credentials_data" \ + " WHERE credential = credentials.id AND type = 'realm')", \ + "realm", \ + KEYWORD_TYPE_STRING }, \ /* private data */ \ { "(SELECT value FROM credentials_data" \ " WHERE credential = credentials.id AND type = 'secret')", \ @@ -38519,20 +38557,20 @@ credential_iterator_encrypted_data (iterator_t* iterator, const char* type) if (iterator->done) return NULL; - secret = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 7); + secret = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 9); if (type == NULL) { g_warning ("%s: NULL data type given", __func__); return NULL; } else if (strcmp (type, "password") == 0) - unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 8); + unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 10); else if (strcmp (type, "private_key") == 0) - unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 9); + unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 11); else if (strcmp (type, "community") == 0) - unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 10); + unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 12); else if (strcmp (type, "privacy_password") == 0) - unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 11); + unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 13); else { g_warning ("%s: unknown data type \"%s\"", __func__, type); @@ -38633,6 +38671,27 @@ DEF_ACCESS (credential_iterator_privacy_algorithm, DEF_ACCESS (credential_iterator_public_key, GET_ITERATOR_COLUMN_COUNT + 6); +/** + * @brief Get the key distribution center from an LSC credential iterator. + * + * @param[in] iterator Iterator. + * + * @return Key distribution center, or NULL if iteration is complete. Freed by + * cleanup_iterator. + */ +DEF_ACCESS (credential_iterator_kdc, + GET_ITERATOR_COLUMN_COUNT + 7); + +/** + * @brief Get the realm from an LSC credential iterator. + * + * @param[in] iterator Iterator. + * + * @return Realm, or NULL if iteration is complete. Freed by cleanup_iterator. + */ +DEF_ACCESS (credential_iterator_realm, + GET_ITERATOR_COLUMN_COUNT + 8); + /** * @brief Get the password from a Credential iterator. * diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 91860510f..cafa9bf7b 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -4003,12 +4003,14 @@ along with this program. If not, see . copy allow_insecure certificate + kdc key login password auth_algorithm community privacy + realm type @@ -4044,6 +4046,11 @@ along with this program. If not, see . text + + kdc + text + The Kerberos KDC (key distribution center(s)) + key @@ -4130,11 +4137,17 @@ along with this program. If not, see . + + realm + text + The Kerberos realm + type The type of credential to create

cc: Client certificate

+

krb5: Kerberos 5

pgp: PGP encryption key

pw: Password only

smime: S/MIME certificate

@@ -4145,6 +4158,7 @@ along with this program. If not, see . cc + krb5 pgp pw smime @@ -10927,6 +10941,8 @@ END:VCALENDAR certificate + kdc + realm owner @@ -11053,6 +11069,7 @@ END:VCALENDAR The type of the credential

cc: Client certificate

+

krb5: Kerberos 5

pgp: PGP encryption key

pw: Password only

smime: S/MIME certificate

@@ -11063,6 +11080,7 @@ END:VCALENDAR cc + krb5 pgp pw smime @@ -11215,6 +11233,16 @@ END:VCALENDAR certificate text + + kdc + text + The Kerberos KDC (key distribution center(s)) + + + realm + text + The Kerberos realm + filters @@ -26552,12 +26580,14 @@ END:VCALENDAR name allow_insecure certificate + kdc key login password community auth_algorithm privacy + realm name @@ -26585,6 +26615,11 @@ END:VCALENDAR text + + kdc + text + The Kerberos KDC (key distribution center(s)) + key @@ -26671,6 +26706,11 @@ END:VCALENDAR + + realm + text + The Kerberos realm + From 4805971e7b34ba91c1fe7a3d85cc727faae3a8d1 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 29 Nov 2024 09:38:41 +0100 Subject: [PATCH 3/3] Fix prototype and simplify check_db_... functions The new parameter has been added to the check_db_port_lists prototype and various check_db_... functions that would only return if the avoid_db_check_inserts parameter is true have the parameter removed and are instead wrapped in if conditions. (cherry picked from commit 5c0d5fa8887acea08473cb623de322991ad12b1e) --- src/manage_sql.c | 57 +++++++++++++------------------------ src/manage_sql_port_lists.h | 2 +- 2 files changed, 20 insertions(+), 39 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 66fce6cf4..8db8b0759 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -15924,16 +15924,11 @@ manage_update_nvti_cache () /** * @brief Ensure the predefined scanner exists. * - * @param[in] avoid_db_check_inserts Whether to avoid inserts. - * * @return 0 if success, -1 if error. */ static int -check_db_scanners (int avoid_db_check_inserts) +check_db_scanners () { - if (avoid_db_check_inserts) - return 0; - if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';", SCANNER_UUID_DEFAULT) == 0) { @@ -15962,16 +15957,11 @@ check_db_scanners (int avoid_db_check_inserts) /** * @brief Initialize the default settings. * - * @param[in] avoid_db_check_inserts Whether to avoid inserts. - * * Ensure all the default manager settings exist. */ static void -check_db_settings (int avoid_db_check_inserts) +check_db_settings () { - if (avoid_db_check_inserts) - return; - if (sql_int ("SELECT count(*) FROM settings" " WHERE uuid = '6765549a-934e-11e3-b358-406186ea4fc5'" " AND " ACL_IS_GLOBAL () ";") @@ -16329,15 +16319,10 @@ check_db_versions () /** * @brief Ensures the sanity of nvts cache in DB. - * - * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ static void -check_db_nvt_selectors (int avoid_db_check_inserts) +check_db_nvt_selectors () { - if (avoid_db_check_inserts) - return; - /* Ensure every part of the predefined selector exists. * This restores entries lost due to the error solved 2010-08-13 by r8805. */ if (sql_int ("SELECT count(*) FROM nvt_selectors WHERE name =" @@ -16474,15 +16459,10 @@ add_permissions_on_globals (const gchar *role_uuid) /** * @brief Ensure the predefined permissions exists. - * - * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ static void -check_db_permissions (int avoid_db_check_inserts) +check_db_permissions () { - if (avoid_db_check_inserts) - return; - command_t *command; if (sql_int ("SELECT count(*) FROM permissions" @@ -16641,15 +16621,10 @@ check_db_permissions (int avoid_db_check_inserts) /** * @brief Ensure the predefined roles exists. - * - * @param[in] avoid_db_check_inserts Whether to avoid inserts. */ static void -check_db_roles (int avoid_db_check_inserts) +check_db_roles () { - if (avoid_db_check_inserts) - return; - if (sql_int ("SELECT count(*) FROM roles WHERE uuid = '" ROLE_UUID_ADMIN "';") == 0) sql ("INSERT INTO roles" @@ -16820,19 +16795,25 @@ check_db (int check_encryption_key, int avoid_db_check_inserts) create_tables (); check_db_sequences (); set_db_version (GVMD_DATABASE_VERSION); - check_db_roles (avoid_db_check_inserts); - check_db_nvt_selectors (avoid_db_check_inserts); + if (avoid_db_check_inserts == 0) + { + check_db_roles (); + check_db_nvt_selectors (); + } check_db_nvts (); check_db_port_lists (avoid_db_check_inserts); clean_auth_cache (); - if (check_db_scanners (avoid_db_check_inserts)) + if (avoid_db_check_inserts == 0 && check_db_scanners ()) goto fail; if (check_db_report_formats (avoid_db_check_inserts)) goto fail; if (check_db_report_formats_trash ()) goto fail; - check_db_permissions (avoid_db_check_inserts); - check_db_settings (avoid_db_check_inserts); + if (avoid_db_check_inserts == 0) + { + check_db_permissions (); + check_db_settings (); + } cleanup_schedule_times (); if (check_encryption_key && check_db_encryption_key ()) goto fail; @@ -17181,7 +17162,7 @@ init_manage (GSList *log_config, const db_conn_info_t *database, fork_connection, skip_db_check, 1, /* Check encryption key if checking db. */ - 0 /* Do not avoid inserts if checking db. */); + 0 /* Do not avoid inserts if checking db. */); } /** @@ -17220,7 +17201,7 @@ init_manage_helper (GSList *log_config, const db_conn_info_t *database, ? 1 /* Skip DB check. */ : 0, /* Do DB check. */ 0, /* Dummy. */ - avoid_db_check_inserts); + avoid_db_check_inserts); } /** @@ -59597,7 +59578,7 @@ manage_optimize (GSList *log_config, const db_conn_info_t *database, */ if (strcasecmp (name, "cleanup-sequences") == 0) avoid_db_check_inserts = 1; - + ret = manage_option_setup (log_config, database, avoid_db_check_inserts); if (ret) return ret; diff --git a/src/manage_sql_port_lists.h b/src/manage_sql_port_lists.h index 9d20c199c..0539cf253 100644 --- a/src/manage_sql_port_lists.h +++ b/src/manage_sql_port_lists.h @@ -74,6 +74,6 @@ update_port_list (port_list_t, const gchar *, const gchar *, array_t *, const gchar *); void -check_db_port_lists (); +check_db_port_lists (int); #endif /* not _GVMD_MANAGE_SQL_PORT_LISTS_H */