From 0a15e6bd284e884249e13c19185ef1d854436347 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 24 Jun 2021 07:52:59 +0200 Subject: [PATCH 1/7] Amended if clauses for ssh_elevate_credential/ssh_credential Test In manage_sql.c: Amended the if clause for the Test if the ssh_credential differs from the ssh_elevate_credential in functions "create_target(...)" and "modify_target(...)". (cherry picked from commit fbae05b202840a09c3f0e5b4338f52976c83aec4) --- src/manage_sql.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index e391cd9b9..12624410a 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -30658,7 +30658,7 @@ create_target (const char* name, const char* asset_hosts_filter, if (ssh_elevate_credential && (!ssh_credential)) return 14; - if (ssh_elevate_credential == ssh_credential) + if (ssh_credential && (ssh_elevate_credential == ssh_credential)) return 15; sql_begin_immediate (); @@ -31147,7 +31147,7 @@ modify_target (const char *target_id, const char *name, const char *hosts, return 24; } - if (ssh_elevate_credential_id == ssh_credential_id) + if (ssh_credential_id && (ssh_elevate_credential_id == ssh_credential_id)) { sql_rollback (); return 25; From 5f6b56c6f12b34ba2d75f632fe532c73c09c1910 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 24 Jun 2021 08:22:14 +0200 Subject: [PATCH 2/7] CHANGELOG entry: Amendment ssh_elevate_credential / ssh_credential Test. (cherry picked from commit fc25a57b90fb468275e3aec75bf5ccb0e25cd938) --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79ac5e104..1865cff5a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Add NVT tag "deprecated" [#1536](https://github.com/greenbone/gvmd/pull/1536) - Extend GMP for new privilege escalation credential [#1535](https://github.com/greenbone/gvmd/pull/1535) - Include new ssh elevate (escalation) credential in OSP request [#1539](https://github.com/greenbone/gvmd/pull/1539) -- Add test if the ssh elevate credential is different from the ssh credential [#1582](https://github.com/greenbone/gvmd/pull/1582) +- Add test if the ssh elevate credential is different from the ssh credential [#1582](https://github.com/greenbone/gvmd/pull/1582) [#1586](https://github.com/greenbone/gvmd/pull/1586) ### Changed - Update default log config [#1501](https://github.com/greenbone/gvmd/pull/1501) From 9b23218b835153c92af92fdc36f047de3c0d93b8 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 24 Jun 2021 09:15:30 +0200 Subject: [PATCH 3/7] Changed CHANGELOG entry : Amendment ssh_elevate_credential / ssh_credential Test. (cherry picked from commit 6c60daead1a8efcf178b04a877e2cf70886fe0b7) --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1865cff5a..705f5c5db 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Add NVT tag "deprecated" [#1536](https://github.com/greenbone/gvmd/pull/1536) - Extend GMP for new privilege escalation credential [#1535](https://github.com/greenbone/gvmd/pull/1535) - Include new ssh elevate (escalation) credential in OSP request [#1539](https://github.com/greenbone/gvmd/pull/1539) -- Add test if the ssh elevate credential is different from the ssh credential [#1582](https://github.com/greenbone/gvmd/pull/1582) [#1586](https://github.com/greenbone/gvmd/pull/1586) +- Add test if the ssh elevate credential is different from the ssh credential [#1582](https://github.com/greenbone/gvmd/pull/1582) ### Changed - Update default log config [#1501](https://github.com/greenbone/gvmd/pull/1501) @@ -45,6 +45,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Migrate GMP Scanners to OSP Sensors [#1533](https://github.com/greenbone/gvmd/pull/1533) - Solved a peformance problem for tasks after scanning lots of hosts [#1567](https://github.com/greenbone/gvmd/pull/1567) - Solved a performance problem when filtering results by tags [#1579](https://github.com/greenbone/gvmd/pull/1579) +- Amended Test, if the ssh elevate credential is different from the ssh credential [#1586](https://github.com/greenbone/gvmd/pull/1586) [21.4.0]: https://github.com/greenbone/gvmd/compare/v21.4.0...gvmd-21.04 From cc66cd709e1b505e2086adcdb67e16b0930c358e Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 24 Jun 2021 09:56:59 +0200 Subject: [PATCH 4/7] Changed CHANGELOG entry: Amendment ssh_elevate_credential / ssh_credential Test. (cherry picked from commit 7110683e1a59c6f6f251ec8f1ba20bff92136d65) # Conflicts: # CHANGELOG.md --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 705f5c5db..81c840c26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,9 +16,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Rename the date column of reports to creation_time [#1520](https://github.com/greenbone/gvmd/pull/1520) ### Fixed +<<<<<<< HEAD - Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) - Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) - Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) +======= +- Amended Test, if the ssh elevate credential is different from the ssh credential [#1586](https://github.com/greenbone/gvmd/pull/1586) +>>>>>>> 7110683e1 (Changed CHANGELOG entry: Amendment ssh_elevate_credential / ssh_credential Test.) ### Removed - Remove Network Source Interface from gvmd [#1511](https://github.com/greenbone/gvmd/pull/1511) @@ -45,7 +49,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Migrate GMP Scanners to OSP Sensors [#1533](https://github.com/greenbone/gvmd/pull/1533) - Solved a peformance problem for tasks after scanning lots of hosts [#1567](https://github.com/greenbone/gvmd/pull/1567) - Solved a performance problem when filtering results by tags [#1579](https://github.com/greenbone/gvmd/pull/1579) -- Amended Test, if the ssh elevate credential is different from the ssh credential [#1586](https://github.com/greenbone/gvmd/pull/1586) [21.4.0]: https://github.com/greenbone/gvmd/compare/v21.4.0...gvmd-21.04 From b6ff36eb23c4d2c83e91e622de0a3cc73d65c980 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 24 Jun 2021 12:10:19 +0200 Subject: [PATCH 5/7] Changed if statement for ssh_elevate_credential/ssh_credential check. in manage_sql.c: Replaced the much to simple, erroneous if statement in function modify_target() by a more complex code. (cherry picked from commit 6945200420e4675ad7c4e266515139a7e601446f) --- src/manage_sql.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 12624410a..f501cea93 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -31147,12 +31147,6 @@ modify_target (const char *target_id, const char *name, const char *hosts, return 24; } - if (ssh_credential_id && (ssh_elevate_credential_id == ssh_credential_id)) - { - sql_rollback (); - return 25; - } - target = 0; if (find_target_with_permission (target_id, &target, "modify_target")) { @@ -31330,6 +31324,7 @@ modify_target (const char *target_id, const char *name, const char *hosts, if (ssh_elevate_credential_id) { credential_t ssh_elevate_credential; + credential_t ssh_credential; if (target_in_use (target)) { @@ -31363,6 +31358,24 @@ modify_target (const char *target_id, const char *name, const char *hosts, } g_free (type); + ssh_credential = 0; + if (ssh_credential_id) + if (strcmp (ssh_credential_id, "0")) + { + if (find_credential_with_permission (ssh_credential_id, + &ssh_credential, + "get_credentials")) + { + sql_rollback (); + return -1; + } + if (ssh_elevate_credential == ssh_credential) + { + sql_rollback (); + return 25; + } + } + set_target_login_data (target, "elevate", ssh_elevate_credential, 0); } else From dca03c361bc4f19f8c811aedc3a7630d6ccb3121 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 25 Jun 2021 08:17:08 +0200 Subject: [PATCH 6/7] Changed if statement for ssh_elevate_credential/ssh_credential check again. In manage_sql.c, in function modify_target(...): Replaced the code for the check if the ssh_elevate_credential differs from the ssh_credential by a new one, that works in any case. Amended the check if there is a ssh_elevate_credential without a ssh_credential. (cherry picked from commit 566b77e0e4bb93500d37ae956e67a663fd265a72) --- src/manage_sql.c | 54 +++++++++++++++++++++--------------------------- 1 file changed, 24 insertions(+), 30 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index f501cea93..957753a13 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -31108,7 +31108,9 @@ delete_target (const char *target_id, int ultimate) * 18 invalid SSH credential type, 19 invalid SMB credential type, * 20 invalid ESXi credential type, 21 invalid SNMP credential type, * 22 failed to find SSH elevate cred, 23 invalid SSH elevate - * credential type, 99 permission denied, -1 error. + * credential type, 24 SSH elevate credential without SSH credential, + * 25 SSH elevate credential equals SSH credential, + * 99 permission denied, -1 error. */ int modify_target (const char *target_id, const char *name, const char *hosts, @@ -31122,6 +31124,8 @@ modify_target (const char *target_id, const char *name, const char *hosts, const char *allow_simultaneous_ips) { target_t target; + credential_t ssh_credential = 0; + credential_t ssh_elevate_credential = 0; assert (target_id); @@ -31141,12 +31145,6 @@ modify_target (const char *target_id, const char *name, const char *hosts, return 13; } - if (ssh_elevate_credential_id && (!ssh_credential_id)) - { - sql_rollback (); - return 24; - } - target = 0; if (find_target_with_permission (target_id, &target, "modify_target")) { @@ -31267,8 +31265,6 @@ modify_target (const char *target_id, const char *name, const char *hosts, if (ssh_credential_id) { - credential_t ssh_credential; - if (target_in_use (target)) { sql_rollback (); @@ -31323,9 +31319,6 @@ modify_target (const char *target_id, const char *name, const char *hosts, if (ssh_elevate_credential_id) { - credential_t ssh_elevate_credential; - credential_t ssh_credential; - if (target_in_use (target)) { sql_rollback (); @@ -31358,24 +31351,6 @@ modify_target (const char *target_id, const char *name, const char *hosts, } g_free (type); - ssh_credential = 0; - if (ssh_credential_id) - if (strcmp (ssh_credential_id, "0")) - { - if (find_credential_with_permission (ssh_credential_id, - &ssh_credential, - "get_credentials")) - { - sql_rollback (); - return -1; - } - if (ssh_elevate_credential == ssh_credential) - { - sql_rollback (); - return 25; - } - } - set_target_login_data (target, "elevate", ssh_elevate_credential, 0); } else @@ -31508,6 +31483,25 @@ modify_target (const char *target_id, const char *name, const char *hosts, set_target_login_data (target, "snmp", 0, 0); } + if (ssh_credential_id || ssh_elevate_credential_id) + { + if (!ssh_credential_id) + ssh_credential = target_ssh_credential (target); + if (!ssh_elevate_credential_id) + ssh_elevate_credential = target_ssh_elevate_credential (target); + + if (ssh_elevate_credential && !ssh_credential) + { + sql_rollback (); + return 24; + } + if (ssh_credential && (ssh_credential == ssh_elevate_credential)) + { + sql_rollback (); + return 25; + } + } + if (exclude_hosts) { gchar *quoted_exclude_hosts, *quoted_hosts, *clean, *clean_exclude; From ae4c31faa9234ab691d60217f2576e1ec0153a78 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Mon, 28 Jun 2021 12:17:03 +0200 Subject: [PATCH 7/7] Clean up CHANGELOG.md entries, resolve conflict --- CHANGELOG.md | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 81c840c26..c891a0524 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,22 +16,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Rename the date column of reports to creation_time [#1520](https://github.com/greenbone/gvmd/pull/1520) ### Fixed -<<<<<<< HEAD - Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) - Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) - Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) -======= -- Amended Test, if the ssh elevate credential is different from the ssh credential [#1586](https://github.com/greenbone/gvmd/pull/1586) ->>>>>>> 7110683e1 (Changed CHANGELOG entry: Amendment ssh_elevate_credential / ssh_credential Test.) ### Removed - Remove Network Source Interface from gvmd [#1511](https://github.com/greenbone/gvmd/pull/1511) - Removed OVAL definitions from gvmd [#1525](https://github.com/greenbone/gvmd/pull/1525) - Removed OVAL definitions from GMP and gvmd documentation [1551](https://github.com/greenbone/gvmd/pull/1551) -[21.10]: https://github.com/greenbone/gvmd/compare/gvmd-21.04...master +## [21.4.2] (Unreleased) +### Added +### Changed +### Deprecated +### Removed +### Fixed +- Amended Test, if the ssh elevate credential is different from the ssh credential [#1586](https://github.com/greenbone/gvmd/pull/1586) + +[Unreleased]: https://github.com/greenbone/gvmd/compare/v21.4.1...gvmd-21.04 -## [21.4.1] (unreleased) +## [21.4.1] - 2021-06-23 ### Added - Add NVT tag "deprecated" [#1536](https://github.com/greenbone/gvmd/pull/1536) @@ -44,13 +48,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) +- Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) - Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) - Fix whole-only config family selection [#1517](https://github.com/greenbone/gvmd/pull/1517) - Migrate GMP Scanners to OSP Sensors [#1533](https://github.com/greenbone/gvmd/pull/1533) - Solved a peformance problem for tasks after scanning lots of hosts [#1567](https://github.com/greenbone/gvmd/pull/1567) - Solved a performance problem when filtering results by tags [#1579](https://github.com/greenbone/gvmd/pull/1579) -[21.4.0]: https://github.com/greenbone/gvmd/compare/v21.4.0...gvmd-21.04 +[21.4.1]: https://github.com/greenbone/gvmd/compare/v21.4.0...v21.4.1 ## [21.4.0] (2021-04-16) @@ -100,7 +105,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [21.4.0]: https://github.com/greenbone/gvmd/compare/gvmd-20.08...v21.4.0 -## [20.8.2] (unreleased) +## [20.8.3] (Unreleased) +### Added +### Changed +### Deprecated +### Removed +### Fixed + +[Unreleased]: https://github.com/greenbone/gvmd/compare/v20.8.2...gvmd-20.08 + +## [20.8.2] - 2021-06-23 ### Added - Add standard info elem fields for NVTs in get_info [#1426](https://github.com/greenbone/gvmd/pull/1426) @@ -136,7 +150,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [20.8.2]: https://github.com/greenbone/gvmd/compare/v20.8.1...gvmd-20.08 - ## [20.8.1] (2021-02-02) ### Added @@ -152,6 +165,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Extended the output of invalid / missing --feed parameter given to greenbone-feed-sync [#1255](https://github.com/greenbone/gvmd/pull/1255) - The xsltproc binary is now marked as mandatory [#1259](https://github.com/greenbone/gvmd/pull/1259) - Check feed status without acquiring lock [#1266](https://github.com/greenbone/gvmd/pull/1266) +- Use timestamp in automatic sensor task names [#1390](https://github.com/greenbone/gvmd/pull/1390) - Replace g_file_test with gvm-libs file tests [#1391](https://github.com/greenbone/gvmd/pull/1391) ### Fixed @@ -195,7 +209,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed - Remove DROP from vulns creation [#1281](http://github.com/greenbone/gvmd/pull/1281) -[20.8.1]: https://github.com/greenbone/gvmd/compare/v20.8.0...gvmd-20.08 +[20.8.1]: https://github.com/greenbone/gvmd/compare/v20.8.0...gvmd-20.8.1 ## [20.8.0] (2020-08-11)