Merge pull request #3123 from greenbone/swaterkamp/removeifaces

[AP1584][AP1608] Remove interface access of users

CHANGELOG.md

@@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 ### Fixed
 ### Removed
+- Removed interface access from users in GSA and gsad [#3123](https://github.com/greenbone/gsa/pull/3123)
 - Removed bid and bugtraq_id handling [#3122](https://github.com/greenbone/gsa/pull/3122)
 - Removed OSP scanner and scan config handling [#3094](https://github.com/greenbone/gsa/pull/3094)
 - Removed business process map feature [#3051](https://github.com/greenbone/gsa/pull/3051), [#3058] (https://github.com/greenbone/gsa/pull/3058)

gsa/src/gmp/commands/users.js

@@ -178,12 +178,10 @@ export class UserCommand extends EntityCommand {
 
   create({
     access_hosts,
-    access_ifaces,
     auth_method,
     comment,
     group_ids,
     hosts_allow,
-    ifaces_allow,
     name,
     password,
     role_ids,
@@ -198,12 +196,10 @@ export class UserCommand extends EntityCommand {
     const data = {
       cmd: 'create_user',
       access_hosts,
-      access_ifaces,
       auth_method,
       comment,
       'group_ids:': group_ids,
       hosts_allow,
-      ifaces_allow,
       login: name,
       password,
       'role_ids:': role_ids,
@@ -215,12 +211,10 @@ export class UserCommand extends EntityCommand {
   save({
     id,
     access_hosts = '',
-    access_ifaces = '',
     auth_method,
     comment = '',
     group_ids,
     hosts_allow,
-    ifaces_allow,
     name,
     old_name,
     password = '', // needs to be included in httpPost, should be optional in gsad
@@ -238,12 +232,10 @@ export class UserCommand extends EntityCommand {
     const data = {
       cmd: 'save_user',
       access_hosts,
-      access_ifaces,
       comment,
       'group_ids:': group_ids,
       hosts_allow,
       id,
-      ifaces_allow,
       login: name,
       modify_password: auth_method,
       old_login: old_name,
@@ -310,9 +302,8 @@ export class UserCommand extends EntityCommand {
       [saveDefaultFilterSettingId('group')]: data.groupsFilter,
       [saveDefaultFilterSettingId('host')]: data.hostsFilter,
       [saveDefaultFilterSettingId('note')]: data.notesFilter,
-      [saveDefaultFilterSettingId(
-        'operatingsystem',
-      )]: data.operatingSystemsFilter,
+      [saveDefaultFilterSettingId('operatingsystem')]:
+        data.operatingSystemsFilter,
       [saveDefaultFilterSettingId('override')]: data.overridesFilter,
       [saveDefaultFilterSettingId('permission')]: data.permissionsFilter,
       [saveDefaultFilterSettingId('portlist')]: data.portListsFilter,
@@ -326,9 +317,8 @@ export class UserCommand extends EntityCommand {
       [saveDefaultFilterSettingId('target')]: data.targetsFilter,
       [saveDefaultFilterSettingId('task')]: data.tasksFilter,
       [saveDefaultFilterSettingId('ticket')]: data.ticketsFilter,
-      [saveDefaultFilterSettingId(
-        'tlscertificate',
-      )]: data.tlsCertificatesFilter,
+      [saveDefaultFilterSettingId('tlscertificate')]:
+        data.tlsCertificatesFilter,
       [saveDefaultFilterSettingId('user')]: data.usersFilter,
       [saveDefaultFilterSettingId('vulnerability')]: data.vulnerabilitiesFilter,
       [saveDefaultFilterSettingId('cpe')]: data.cpeFilter,

gsa/src/gmp/models/__tests__/user.js

@@ -81,27 +81,6 @@ describe('User model tests', () => {
     expect(user2.hosts).toEqual(res2);
   });
 
-  test('should parse ifaces', () => {
-    const elem = {
-      ifaces: {
-        __text: '123.456.789.42, 987.654.321.1',
-        _allow: '0',
-      },
-    };
-    const res = {
-      addresses: ['123.456.789.42', '987.654.321.1'],
-      allow: '0',
-    };
-    const res2 = {
-      addresses: [],
-    };
-    const user = User.fromElement(elem);
-    const user2 = User.fromElement({});
-
-    expect(user.ifaces).toEqual(res);
-    expect(user2.ifaces).toEqual(res2);
-  });
-
   test('should parse sources to auth_method', () => {
     const elem1 = {
       sources: {

gsa/src/gmp/models/user.js

@@ -62,17 +62,6 @@ class User extends Model {
       };
     }
 
-    if (isDefined(element.ifaces)) {
-      ret.ifaces = {
-        addresses: parseCsv(element.ifaces.__text),
-        allow: element.ifaces._allow,
-      };
-    } else {
-      ret.ifaces = {
-        addresses: [],
-      };
-    }
-
     if (isDefined(element.sources)) {
       const {source} = element.sources;
       if (source === 'ldap_connect') {

gsa/src/web/pages/users/component.js

@@ -61,11 +61,9 @@ class UserComponent extends React.Component {
         this.setState({
           dialogVisible: true,
           accessHosts: user.hosts.addresses.join(', '),
-          accessIfaces: user.ifaces.addresses.join(', '),
           comment: user.comment,
           groupIds,
           hostsAllow: user.hosts.allow,
-          ifacesAllow: user.ifaces.allow,
           name: user.name,
           oldName: user.name,
           roleIds,
@@ -76,12 +74,10 @@ class UserComponent extends React.Component {
       } else {
         this.setState({
           accessHosts: undefined,
-          accessIfaces: undefined,
           comment: undefined,
           dialogVisible: true,
           groupIds: undefined,
           hostsAllow: undefined,
-          ifacesAllow: undefined,
           name: undefined,
           oldName: undefined,
           roleIds: undefined,
@@ -127,13 +123,11 @@ class UserComponent extends React.Component {
 
     const {
       accessHosts,
-      accessIfaces,
       comment,
       dialogVisible,
       groupIds,
       groups,
       hostsAllow,
-      ifacesAllow,
       name,
       oldName,
       roleIds,
@@ -168,12 +162,10 @@ class UserComponent extends React.Component {
             {dialogVisible && (
               <UserDialog
                 accessHosts={accessHosts}
-                accessIfaces={accessIfaces}
                 comment={comment}
                 groupIds={groupIds}
                 groups={groups}
                 hostsAllow={hostsAllow}
-                ifacesAllow={ifacesAllow}
                 name={name}
                 oldName={oldName}
                 roleIds={roleIds}

gsa/src/web/pages/users/details.js

@@ -71,14 +71,7 @@ export const convert_allow = ({addresses, allow}) => {
 };
 
 const UserDetails = ({entity, links = true}) => {
-  const {
-    auth_method,
-    comment,
-    groups = [],
-    hosts = {},
-    ifaces = [],
-    roles = [],
-  } = entity;
+  const {auth_method, comment, groups = [], hosts = {}, roles = []} = entity;
   return (
     <Layout grow flex="column">
       <InfoTable>
@@ -134,11 +127,6 @@ const UserDetails = ({entity, links = true}) => {
             </TableData>
           </TableRow>
 
-          <TableRow>
-            <TableData>{_('Interface Access')}</TableData>
-            <TableData>{convert_allow(ifaces)}</TableData>
-          </TableRow>
-
           <TableRow>
             <TableData>{_('Authentication Type')}</TableData>
             <TableData>{convert_auth_method(auth_method)}</TableData>

gsa/src/web/pages/users/dialog.js

@@ -92,13 +92,11 @@ class Dialog extends React.Component {
   render() {
     const {
       accessHosts = '',
-      accessIfaces = '',
       capabilities,
       comment = '',
       groups,
       groupIds = [],
       hostsAllow = ACCESS_ALLOW_ALL,
-      ifacesAllow = ACCESS_ALLOW_ALL,
       name = _('Unnamed'),
       oldName,
       password = '',
@@ -117,7 +115,6 @@ class Dialog extends React.Component {
     const data = {
       ...user,
       access_hosts: accessHosts,
-      access_ifaces: accessIfaces,
       auth_method:
         isEdit && isDefined(user.authMethod)
           ? user.authMethod
@@ -126,7 +123,6 @@ class Dialog extends React.Component {
       group_ids: groupIds,
       groups,
       hosts_allow: hostsAllow,
-      ifaces_allow: ifacesAllow,
       name,
       old_name: oldName,
       password,
@@ -318,33 +314,6 @@ class Dialog extends React.Component {
                     />
                   </Divider>
                 </FormGroup>
-
-                <FormGroup title={_('Interface Access')}>
-                  <Divider flex="column">
-                    <Divider>
-                      <Radio
-                        name="ifaces_allow"
-                        title={_('Allow all and deny')}
-                        value={ACCESS_ALLOW_ALL}
-                        checked={state.ifaces_allow === ACCESS_ALLOW_ALL}
-                        onChange={onValueChange}
-                      />
-                      <Radio
-                        name="ifaces_allow"
-                        title={_('Deny all and allow')}
-                        value={ACCESS_DENY_ALL}
-                        checked={state.ifaces_allow === ACCESS_DENY_ALL}
-                        onChange={onValueChange}
-                      />
-                    </Divider>
-                    <TextField
-                      name="access_ifaces"
-                      size="30"
-                      value={state.access_ifaces}
-                      onChange={onValueChange}
-                    />
-                  </Divider>
-                </FormGroup>
               </Layout>
               {confirmationDialogVisible && (
                 <ConfirmationDialog
@@ -369,7 +338,6 @@ class Dialog extends React.Component {
 
 Dialog.propTypes = {
   accessHosts: PropTypes.string,
-  accessIfaces: PropTypes.string,
   authMethod: PropTypes.oneOf([
     AUTH_METHOD_LDAP,
     AUTH_METHOD_NEW_PASSWORD,
@@ -382,7 +350,6 @@ Dialog.propTypes = {
   groups: PropTypes.array,
   hostsAllow: PropTypes.oneOf([ACCESS_ALLOW_ALL, ACCESS_DENY_ALL]),
   id: PropTypes.id,
-  ifacesAllow: PropTypes.oneOf([ACCESS_ALLOW_ALL, ACCESS_DENY_ALL]),
   name: PropTypes.string,
   oldName: PropTypes.string,
   password: PropTypes.string,

gsad/src/gsad.c

@@ -582,7 +582,6 @@ init_validator ()
   gvm_validator_add (validator, "id_list:name", "^ *[0-9]+ *$");
   gvm_validator_add (validator, "id_list:value",
                      "^[[:alnum:]\\-_ ]+:[a-z0-9\\-]+$");
-  gvm_validator_add (validator, "ifaces_allow", "^(0|1)$");
   gvm_validator_add (validator, "include_id_list:name", "^[[:alnum:]\\-_ ]+$");
   gvm_validator_add (validator, "include_id_list:value", "^(0|1)$");
   gvm_validator_add (validator, "installer_sig", "(?s)^.*$");
@@ -810,7 +809,6 @@ init_validator ()
   gvm_validator_alias (validator, "ignore_pagination", "boolean");
   gvm_validator_alias (validator, "event", "condition");
   gvm_validator_alias (validator, "access_hosts", "hosts_opt");
-  gvm_validator_alias (validator, "access_ifaces", "hosts_opt");
   gvm_validator_alias (validator, "max_checks", "number");
   gvm_validator_alias (validator, "max_hosts", "number");
   gvm_validator_alias (validator, "method", "condition");

gsad/src/gsad_gmp.c

@@ -14110,7 +14110,7 @@ char *
 create_user_gmp (gvm_connection_t *connection, credentials_t *credentials,
                  params_t *params, cmd_response_data_t *response_data)
 {
-  const char *name, *password, *hosts, *hosts_allow, *ifaces, *ifaces_allow;
+  const char *name, *password, *hosts, *hosts_allow;
   const char *auth_method, *comment;
   int ret;
   params_t *groups, *roles;
@@ -14122,16 +14122,12 @@ create_user_gmp (gvm_connection_t *connection, credentials_t *credentials,
   password = params_value (params, "password");
   hosts = params_value (params, "access_hosts");
   hosts_allow = params_value (params, "hosts_allow");
-  ifaces = params_value (params, "access_ifaces");
-  ifaces_allow = params_value (params, "ifaces_allow");
   auth_method = params_value (params, "auth_method");
   comment = params_value (params, "comment");
 
   CHECK_VARIABLE_INVALID (name, "Create User");
   CHECK_VARIABLE_INVALID (hosts, "Create User");
   CHECK_VARIABLE_INVALID (hosts_allow, "Create User");
-  CHECK_VARIABLE_INVALID (ifaces, "Create User");
-  CHECK_VARIABLE_INVALID (ifaces_allow, "Create User");
 
   if (auth_method && strcmp (auth_method, "1") == 0)
     {
@@ -14200,9 +14196,8 @@ create_user_gmp (gvm_connection_t *connection, credentials_t *credentials,
   g_string_append (string, role_elements->str);
   g_string_free (role_elements, TRUE);
 
-  buf = g_markup_printf_escaped ("<hosts allow=\"%s\">%s</hosts>"
-                                 "<ifaces allow=\"%s\">%s</ifaces>",
-                                 hosts_allow, hosts, ifaces_allow, ifaces);
+  buf = g_markup_printf_escaped ("<hosts allow=\"%s\">%s</hosts>", hosts_allow,
+                                 hosts);
   g_string_append (string, buf);
   g_free (buf);
   if (auth_method && !strcmp (auth_method, "1"))
@@ -14368,7 +14363,7 @@ save_user_gmp (gvm_connection_t *connection, credentials_t *credentials,
   int ret;
   gchar *html, *response, *buf;
   const char *user_id, *login, *old_login, *modify_password, *password;
-  const char *hosts, *hosts_allow, *ifaces, *ifaces_allow, *comment;
+  const char *hosts, *hosts_allow, *comment;
   entity_t entity;
   GString *command, *group_elements, *role_elements;
   params_t *groups, *roles;
@@ -14379,8 +14374,6 @@ save_user_gmp (gvm_connection_t *connection, credentials_t *credentials,
   /* Whether hosts grants ("1") or forbids ("0") access.  "2" for all
    * access. */
   hosts_allow = params_value (params, "hosts_allow");
-  ifaces = params_value (params, "access_ifaces");
-  ifaces_allow = params_value (params, "ifaces_allow");
   login = params_value (params, "login");
   old_login = params_value (params, "old_login");
   modify_password = params_value (params, "modify_password");
@@ -14392,8 +14385,6 @@ save_user_gmp (gvm_connection_t *connection, credentials_t *credentials,
   CHECK_VARIABLE_INVALID (modify_password, "Save User");
   CHECK_VARIABLE_INVALID (hosts, "Save User");
   CHECK_VARIABLE_INVALID (hosts_allow, "Save User");
-  CHECK_VARIABLE_INVALID (ifaces, "Save User");
-  CHECK_VARIABLE_INVALID (ifaces_allow, "Save User");
   CHECK_VARIABLE_INVALID (login, "Save User");
   CHECK_VARIABLE_INVALID (old_login, "Save User");
 
@@ -14430,9 +14421,8 @@ save_user_gmp (gvm_connection_t *connection, credentials_t *credentials,
       g_free (buf);
     }
 
-  buf = g_markup_printf_escaped ("<hosts allow=\"%s\">%s</hosts>"
-                                 "<ifaces allow=\"%s\">%s</ifaces>",
-                                 hosts_allow, hosts, ifaces_allow, ifaces);
+  buf = g_markup_printf_escaped ("<hosts allow=\"%s\">%s</hosts>", hosts_allow,
+                                 hosts);
   g_string_append (command, buf);
   g_free (buf);