Changed if statement for ssh_elevate_credential/ssh_credential check.

in manage_sql.c: Replaced the much to simple, erroneous if statement in function modify_target() by a more complex code.
greenbone · Jun 24, 2021 · 6945200 · 6945200
1 parent 7110683
commit 6945200
Showing 1 changed file with 19 additions and 6 deletions.
diff --git a/src/manage_sql.c b/src/manage_sql.c
@@ -31158,12 +31158,6 @@ modify_target (const char *target_id, const char *name, const char *hosts,
       return 24;
     }
 
-  if (ssh_credential_id && (ssh_elevate_credential_id == ssh_credential_id))
-    {
-      sql_rollback ();
-      return 25;
-    }
-
   target = 0;
   if (find_target_with_permission (target_id, &target, "modify_target"))
     {
@@ -31341,6 +31335,7 @@ modify_target (const char *target_id, const char *name, const char *hosts,
   if (ssh_elevate_credential_id)
     {
       credential_t ssh_elevate_credential;
+      credential_t ssh_credential;
 
       if (target_in_use (target))
         {
@@ -31374,6 +31369,24 @@ modify_target (const char *target_id, const char *name, const char *hosts,
             }
           g_free (type);
 
+          ssh_credential = 0;
+          if (ssh_credential_id)
+            if (strcmp (ssh_credential_id, "0"))
+              {
+                if (find_credential_with_permission (ssh_credential_id,
+                                                     &ssh_credential,
+                                                     "get_credentials"))
+                  {
+                    sql_rollback ();
+                    return -1;
+                  }
+                if (ssh_elevate_credential == ssh_credential)
+                  {
+                    sql_rollback ();
+                    return 25;
+                  }
+              }
+
           set_target_login_data (target, "elevate", ssh_elevate_credential, 0);
         }
       else