Skip to content

Commit

Permalink
Merge pull request #2205 from greenbone/validate-user-method
Browse files Browse the repository at this point in the history
Add: validate source names in CREATE_USER and MODIFY_USER
  • Loading branch information
a-h-abdelsalam authored Jun 14, 2024
2 parents 0cf9d67 + 8467007 commit 9e1e43c
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
2 changes: 2 additions & 0 deletions src/gmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -23454,6 +23454,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
log_event_fail ("user", "User", NULL, "created");
break;
case -3:
case -4:
SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX
("create_user", "Error in SOURCE"));
log_event_fail ("user", "User", NULL, "created");
Expand Down Expand Up @@ -26056,6 +26057,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
("modify_user", "Unknown role"));
break;
case -3:
case -4:
SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX
("modify_user", "Error in SOURCES"));
break;
Expand Down
16 changes: 12 additions & 4 deletions src/manage_sql.c
Original file line number Diff line number Diff line change
Expand Up @@ -53655,7 +53655,8 @@ find_user_by_name (const char* name, user_t *user)
*
* @return 0 if the user has been added successfully, 1 failed to find group,
* 2 failed to find role, 3 syntax error in hosts, 99 permission denied,
* -1 on error, -2 if user exists already.
* -1 on error, -2 if user exists already, -3 if wrong number of methods,
* -4 error in method.
*/
int
create_user (const gchar * name, const gchar * password, const gchar *comment,
Expand Down Expand Up @@ -53684,7 +53685,10 @@ create_user (const gchar * name, const gchar * password, const gchar *comment,
if (allowed_methods && (allowed_methods->len == 0))
allowed_methods = NULL;

// TODO validate methods single source, one of ldap, ...
if (allowed_methods
&& (auth_method_name_valid (g_ptr_array_index (allowed_methods, 0))
== 0))
return -4;

if (validate_username (name) != 0)
{
Expand Down Expand Up @@ -54716,7 +54720,8 @@ delete_user (const char *user_id_arg, const char *name_arg, int ultimate,
* 2 failed to find user, 3 success and user gained admin, 4 success
* and user lost admin, 5 failed to find role, 6 syntax error in hosts,
* 7 syntax error in new name, 99 permission denied, -1 on error,
* -2 for an unknown role, -3 if wrong number of methods.
* -2 for an unknown role, -3 if wrong number of methods, -4 error in
* method.
*/
int
modify_user (const gchar * user_id, gchar **name, const gchar *new_name,
Expand Down Expand Up @@ -54748,7 +54753,10 @@ modify_user (const gchar * user_id, gchar **name, const gchar *new_name,
|| (strlen (g_ptr_array_index (allowed_methods, 0)) == 0)))
allowed_methods = NULL;

// TODO Validate methods: single source, one of "", "ldap", ...
if (allowed_methods
&& (auth_method_name_valid (g_ptr_array_index (allowed_methods, 0))
== 0))
return -4;

sql_begin_immediate ();

Expand Down

0 comments on commit 9e1e43c

Please sign in to comment.