Author: timopollmeier Date: 2016-09-20 12:00:53 +0200 (Tue, 20 Sep 2016) New Revision: 26237
Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/doc/db.png trunk/openvas-manager/src/manage_migrators.c trunk/openvas-manager/src/manage_sql.c Log: Remove CA certificate and credential from default scanner. Hence increase database version to 178. Add database migration from version 177 to 178. * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 178. * src/manage_migrators.c (migrate_177_to_178): New function. (database_migrators): Add migrate_177_to_178. * src/manage_sql.c (check_db_scanners): Do not add CA certificate for default scanner and do not create a credential. * doc/db.png: Update for version change. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2016-09-20 03:40:20 UTC (rev 26236) +++ trunk/openvas-manager/CMakeLists.txt 2016-09-20 10:00:53 UTC (rev 26237) @@ -122,7 +122,7 @@ ## Variables -set (OPENVASMD_DATABASE_VERSION 177) +set (OPENVASMD_DATABASE_VERSION 178) set (OPENVASMD_SCAP_DATABASE_VERSION 15) Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2016-09-20 03:40:20 UTC (rev 26236) +++ trunk/openvas-manager/ChangeLog 2016-09-20 10:00:53 UTC (rev 26237) @@ -1,3 +1,19 @@ +2016-09-20 Timo Pollmeier <timo.pollme...@greenbone.net> + + Remove CA certificate and credential from default scanner. Hence + increase database version to 178. Add database migration from version + 177 to 178. + + * CMakeLists.txt (OPENVASMD_DATABASE_VERSION): Increase to 178. + + * src/manage_migrators.c (migrate_177_to_178): New function. + (database_migrators): Add migrate_177_to_178. + + * src/manage_sql.c (check_db_scanners): Do not add CA certificate for + default scanner and do not create a credential. + + * doc/db.png: Update for version change. + 2016-09-15 Timo Pollmeier <timo.pollme...@greenbone.net> * tools/greenbone-certdata-sync.in, tools/greenbone-scapdata-sync.in: Modified: trunk/openvas-manager/doc/db.png =================================================================== (Binary files differ) Modified: trunk/openvas-manager/src/manage_migrators.c =================================================================== --- trunk/openvas-manager/src/manage_migrators.c 2016-09-20 03:40:20 UTC (rev 26236) +++ trunk/openvas-manager/src/manage_migrators.c 2016-09-20 10:00:53 UTC (rev 26237) @@ -13346,6 +13346,76 @@ return 0; } +/** + * @brief Migrate the database from version 177 to version 178. + * + * @return 0 success, -1 error. + */ +int +migrate_177_to_178 () +{ + credential_t credential; + sql_begin_exclusive (); + + /* Ensure that the database is currently version 177. */ + + if (manage_db_version () != 177) + { + sql_rollback (); + return -1; + } + + /* Update the database. */ + + /* Remove CA certificate from default scanner. */ + sql ("UPDATE scanners SET ca_pub = NULL" + " WHERE uuid = '" SCANNER_UUID_DEFAULT "';"); + + /* Delete credential of default scanner if it is not used elsewhere. */ + sql_int64 (&credential, + "SELECT credential FROM scanners" + " WHERE uuid = '" SCANNER_UUID_DEFAULT "'"); + + if ((sql_int ("SELECT count(*) FROM scanners" + " WHERE credential = %llu" + " AND uuid != '" SCANNER_UUID_DEFAULT "';", + credential) == 0) + && (sql_int ("SELECT count(*) FROM scanners_trash" + " WHERE credential = %llu" + " AND credential_location = %d;", + credential, LOCATION_TABLE) == 0) + && (sql_int ("SELECT count(*) FROM targets_login_data" + " WHERE credential = %llu;", + credential) == 0) + && (sql_int ("SELECT count(*) FROM targets_trash_login_data" + " WHERE credential = %llu" + " AND credential_location = %d;", + credential, LOCATION_TABLE) == 0) + && (sql_int ("SELECT count(*) FROM slaves" + " WHERE credential = %llu;", + credential) == 0) + && (sql_int ("SELECT count(*) FROM slaves_trash" + " WHERE credential = %llu" + " AND credential_location = %d;", + credential, LOCATION_TABLE) == 0)) + { + sql ("DELETE FROM credentials WHERE id = %llu", + credential); + } + + /* Remove reference to credential from default scanner. */ + sql ("UPDATE scanners SET credential = 0" + " WHERE uuid = '" SCANNER_UUID_DEFAULT "';"); + + /* Set the database version to 178. */ + + set_db_version (178); + + sql_commit (); + + return 0; +} + #undef UPDATE_CHART_SETTINGS #undef UPDATE_DASHBOARD_SETTINGS @@ -13537,6 +13607,7 @@ {175, migrate_174_to_175}, {176, migrate_175_to_176}, {177, migrate_176_to_177}, + {178, migrate_177_to_178}, /* End marker. */ {-1, NULL}}; Modified: trunk/openvas-manager/src/manage_sql.c =================================================================== --- trunk/openvas-manager/src/manage_sql.c 2016-09-20 03:40:20 UTC (rev 26236) +++ trunk/openvas-manager/src/manage_sql.c 2016-09-20 10:00:53 UTC (rev 26237) @@ -13940,100 +13940,14 @@ if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';", SCANNER_UUID_DEFAULT) == 0) { - char *ca_pub; - char *quoted_ca_pub; - GError *error = NULL; - - if (!g_file_get_contents (CACERT, &ca_pub, NULL, &error)) - { - g_warning ("%s: %s\n", __FUNCTION__, error->message); - g_error_free (error); - return -1; - } - quoted_ca_pub = sql_quote (ca_pub); - g_free (ca_pub); - sql ("INSERT INTO scanners" " (uuid, owner, name, host, port, type, ca_pub, credential," " creation_time, modification_time)" " VALUES ('" SCANNER_UUID_DEFAULT "', NULL, 'OpenVAS Default'," - " '" OPENVASSD_ADDRESS "', 0, %d, '%s', NULL, m_now (), m_now ());", - SCANNER_TYPE_OPENVAS, quoted_ca_pub); - g_free (quoted_ca_pub); + " '" OPENVASSD_ADDRESS "', 0, %d, NULL, 0, m_now (), m_now ());", + SCANNER_TYPE_OPENVAS); } - if (sql_int ("SELECT count(*) FROM credentials" - " WHERE id = (SELECT credential FROM scanners" - " WHERE uuid = '%s');", - SCANNER_UUID_DEFAULT) == 0) - { - char *key_pub, *key_priv; - GError *error = NULL; - credential_t new_credential; - - if (!g_file_get_contents (CLIENTCERT, &key_pub, NULL, &error)) - { - g_warning ("%s: %s\n", __FUNCTION__, error->message); - g_error_free (error); - return -1; - } - if (!g_file_get_contents (CLIENTKEY, &key_priv, NULL, &error)) - { - g_warning ("%s: %s\n", __FUNCTION__, error->message); - g_error_free (error); - g_free (key_pub); - return -1; - } - - if (sql_int ("SELECT count(*) FROM credentials" - " WHERE name = 'Credential for Scanner OpenVAS Default'" - " AND owner IS NULL;")) - sql ("INSERT INTO credentials" - " (uuid, name, owner, comment, type," - " creation_time, modification_time)" - " VALUES" - " (make_uuid ()," - " uniquify ('scanner', 'Credential for Scanner OpenVAS Default'," - " NULL, '')," - " NULL, 'Autogenerated by migration', 'cc'," - " m_now (), m_now ());"); - else - sql ("INSERT INTO credentials" - " (uuid, name, owner, comment, type," - " creation_time, modification_time)" - " VALUES" - " (make_uuid (), 'Credential for Scanner OpenVAS Default'," - " NULL, 'Autogenerated by migration', 'cc'," - " m_now (), m_now ());"); - - new_credential = sql_last_insert_id (); - - set_credential_data (new_credential, "certificate", key_pub); - - if (disable_encrypted_credentials) - { - set_credential_data (new_credential, "private_key", key_priv); - } - else - { - lsc_crypt_ctx_t crypt_ctx; - char *secret; - - crypt_ctx = lsc_crypt_new (); - - secret = lsc_crypt_encrypt (crypt_ctx, - "private_key", key_priv, NULL); - if (!secret) - { - return -1; - } - set_credential_data (new_credential, "secret", secret); - } - - sql ("UPDATE scanners SET credential = %llu WHERE uuid = '%s'", - new_credential, SCANNER_UUID_DEFAULT); - } - if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';", SCANNER_UUID_CVE) == 0) sql ("INSERT INTO scanners" _______________________________________________ Openvas-commits mailing list Openvas-commits@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits