[Openvas-commits] r26237 - in trunk/openvas-manager: . doc src

scm-commit Tue, 20 Sep 2016 03:01:11 -0700

Author: timopollmeier
Date: 2016-09-20 12:00:53 +0200 (Tue, 20 Sep 2016)
New Revision: 26237


Modified:
   trunk/openvas-manager/CMakeLists.txt
   trunk/openvas-manager/ChangeLog
   trunk/openvas-manager/doc/db.png
   trunk/openvas-manager/src/manage_migrators.c
   trunk/openvas-manager/src/manage_sql.c
Log:
        Remove CA certificate and credential from default scanner.  Hence
        increase database version to 178.  Add database migration from version
        177 to 178.

        * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 178.

        * src/manage_migrators.c (migrate_177_to_178): New function.
        (database_migrators): Add migrate_177_to_178.

        * src/manage_sql.c (check_db_scanners): Do not add CA certificate for
        default scanner and do not create a credential.

        * doc/db.png: Update for version change.

Modified: trunk/openvas-manager/CMakeLists.txt
===================================================================
--- trunk/openvas-manager/CMakeLists.txt        2016-09-20 03:40:20 UTC (rev 
26236)
+++ trunk/openvas-manager/CMakeLists.txt        2016-09-20 10:00:53 UTC (rev 
26237)
@@ -122,7 +122,7 @@
 
 ## Variables
 
-set (OPENVASMD_DATABASE_VERSION 177)
+set (OPENVASMD_DATABASE_VERSION 178)
 
 set (OPENVASMD_SCAP_DATABASE_VERSION 15)
 

Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog     2016-09-20 03:40:20 UTC (rev 26236)
+++ trunk/openvas-manager/ChangeLog     2016-09-20 10:00:53 UTC (rev 26237)
@@ -1,3 +1,19 @@
+2016-09-20  Timo Pollmeier <timo.pollme...@greenbone.net>
+
+       Remove CA certificate and credential from default scanner.  Hence
+       increase database version to 178.  Add database migration from version
+       177 to 178.
+
+       * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 178.
+
+       * src/manage_migrators.c (migrate_177_to_178): New function.
+       (database_migrators): Add migrate_177_to_178.
+
+       * src/manage_sql.c (check_db_scanners): Do not add CA certificate for
+       default scanner and do not create a credential.
+
+       * doc/db.png: Update for version change.
+
 2016-09-15  Timo Pollmeier <timo.pollme...@greenbone.net>
 
        * tools/greenbone-certdata-sync.in, tools/greenbone-scapdata-sync.in:

Modified: trunk/openvas-manager/doc/db.png
===================================================================
(Binary files differ)

Modified: trunk/openvas-manager/src/manage_migrators.c
===================================================================
--- trunk/openvas-manager/src/manage_migrators.c        2016-09-20 03:40:20 UTC 
(rev 26236)
+++ trunk/openvas-manager/src/manage_migrators.c        2016-09-20 10:00:53 UTC 
(rev 26237)
@@ -13346,6 +13346,76 @@
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 177 to version 178.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_177_to_178 ()
+{
+  credential_t credential;
+  sql_begin_exclusive ();
+
+  /* Ensure that the database is currently version 177. */
+
+  if (manage_db_version () != 177)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Remove CA certificate from default scanner. */
+  sql ("UPDATE scanners SET ca_pub = NULL"
+       " WHERE uuid = '" SCANNER_UUID_DEFAULT "';");
+
+  /* Delete credential of default scanner if it is not used elsewhere. */
+  sql_int64 (&credential,
+             "SELECT credential FROM scanners"
+             " WHERE uuid = '" SCANNER_UUID_DEFAULT "'");
+
+  if ((sql_int ("SELECT count(*) FROM scanners"
+                " WHERE credential = %llu"
+                "   AND uuid != '" SCANNER_UUID_DEFAULT "';",
+                credential) == 0)
+      && (sql_int ("SELECT count(*) FROM scanners_trash"
+                   " WHERE credential = %llu"
+                   "   AND credential_location = %d;",
+                   credential, LOCATION_TABLE) == 0)
+      && (sql_int ("SELECT count(*) FROM targets_login_data"
+                   " WHERE credential = %llu;",
+                   credential) == 0)
+      && (sql_int ("SELECT count(*) FROM targets_trash_login_data"
+                   " WHERE credential = %llu"
+                   "   AND credential_location = %d;",
+                   credential, LOCATION_TABLE) == 0)
+      && (sql_int ("SELECT count(*) FROM slaves"
+                   " WHERE credential = %llu;",
+                   credential) == 0)
+      && (sql_int ("SELECT count(*) FROM slaves_trash"
+                   " WHERE credential = %llu"
+                   "   AND credential_location = %d;",
+                   credential, LOCATION_TABLE) == 0))
+    {
+      sql ("DELETE FROM credentials WHERE id = %llu",
+           credential);
+    }
+
+  /* Remove reference to credential from default scanner. */
+  sql ("UPDATE scanners SET credential = 0"
+       " WHERE uuid = '" SCANNER_UUID_DEFAULT "';");
+
+  /* Set the database version to 178. */
+
+  set_db_version (178);
+
+  sql_commit ();
+
+  return 0;
+}
+
 #undef UPDATE_CHART_SETTINGS
 #undef UPDATE_DASHBOARD_SETTINGS
 
@@ -13537,6 +13607,7 @@
     {175, migrate_174_to_175},
     {176, migrate_175_to_176},
     {177, migrate_176_to_177},
+    {178, migrate_177_to_178},
     /* End marker. */
     {-1, NULL}};
 

Modified: trunk/openvas-manager/src/manage_sql.c
===================================================================
--- trunk/openvas-manager/src/manage_sql.c      2016-09-20 03:40:20 UTC (rev 
26236)
+++ trunk/openvas-manager/src/manage_sql.c      2016-09-20 10:00:53 UTC (rev 
26237)
@@ -13940,100 +13940,14 @@
   if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';",
                SCANNER_UUID_DEFAULT) == 0)
     {
-      char *ca_pub;
-      char *quoted_ca_pub;
-      GError *error = NULL;
-
-      if (!g_file_get_contents (CACERT, &ca_pub, NULL, &error))
-        {
-          g_warning ("%s: %s\n", __FUNCTION__, error->message);
-          g_error_free (error);
-          return -1;
-        }
-      quoted_ca_pub = sql_quote (ca_pub);
-      g_free (ca_pub);
-
       sql ("INSERT INTO scanners"
            " (uuid, owner, name, host, port, type, ca_pub, credential,"
            "  creation_time, modification_time)"
            " VALUES ('" SCANNER_UUID_DEFAULT "', NULL, 'OpenVAS Default',"
-           " '" OPENVASSD_ADDRESS "', 0, %d, '%s', NULL, m_now (), m_now ());",
-           SCANNER_TYPE_OPENVAS, quoted_ca_pub);
-      g_free (quoted_ca_pub);
+           " '" OPENVASSD_ADDRESS "', 0, %d, NULL, 0, m_now (), m_now ());",
+           SCANNER_TYPE_OPENVAS);
     }
 
-  if (sql_int ("SELECT count(*) FROM credentials"
-               " WHERE id = (SELECT credential FROM scanners"
-               "             WHERE uuid = '%s');",
-               SCANNER_UUID_DEFAULT) == 0)
-    {
-      char *key_pub, *key_priv;
-      GError *error = NULL;
-      credential_t new_credential;
-
-      if (!g_file_get_contents (CLIENTCERT, &key_pub, NULL, &error))
-        {
-          g_warning ("%s: %s\n", __FUNCTION__, error->message);
-          g_error_free (error);
-          return -1;
-        }
-      if (!g_file_get_contents (CLIENTKEY, &key_priv, NULL, &error))
-        {
-          g_warning ("%s: %s\n", __FUNCTION__, error->message);
-          g_error_free (error);
-          g_free (key_pub);
-          return -1;
-        }
-
-      if (sql_int ("SELECT count(*) FROM credentials"
-                   " WHERE name = 'Credential for Scanner OpenVAS Default'"
-                   "   AND owner IS NULL;"))
-        sql ("INSERT INTO credentials"
-             " (uuid, name, owner, comment, type,"
-             "  creation_time, modification_time)"
-             " VALUES"
-             " (make_uuid (),"
-             "  uniquify ('scanner', 'Credential for Scanner OpenVAS Default',"
-             "            NULL, ''),"
-             "  NULL, 'Autogenerated by migration', 'cc',"
-             "  m_now (), m_now ());");
-      else
-        sql ("INSERT INTO credentials"
-             " (uuid, name, owner, comment, type,"
-             "  creation_time, modification_time)"
-             " VALUES"
-             " (make_uuid (), 'Credential for Scanner OpenVAS Default',"
-             "  NULL, 'Autogenerated by migration', 'cc',"
-             "  m_now (), m_now ());");
-
-      new_credential = sql_last_insert_id ();
-
-      set_credential_data (new_credential, "certificate", key_pub);
-
-      if (disable_encrypted_credentials)
-        {
-          set_credential_data (new_credential, "private_key", key_priv);
-        }
-      else
-        {
-          lsc_crypt_ctx_t crypt_ctx;
-          char *secret;
-
-          crypt_ctx = lsc_crypt_new ();
-
-          secret = lsc_crypt_encrypt (crypt_ctx,
-                                      "private_key", key_priv, NULL);
-          if (!secret)
-            {
-              return -1;
-            }
-          set_credential_data (new_credential, "secret", secret);
-        }
-
-      sql ("UPDATE scanners SET credential = %llu WHERE uuid = '%s'",
-           new_credential, SCANNER_UUID_DEFAULT);
-    }
-
   if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';",
                SCANNER_UUID_CVE) == 0)
     sql ("INSERT INTO scanners"

_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits

[Openvas-commits] r26237 - in trunk/openvas-manager: . doc src

Reply via email to