Greenbone Security Assistant  7.0.0
gsad_omp.c
Go to the documentation of this file.
1 /* Greenbone Security Assistant
2  * $Id$
3  * Description: OMP communication module.
4  *
5  * Authors:
6  * Matthew Mundell <matthew.mundell@greenbone.net>
7  * Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
8  * Michael Wiegand <michael.wiegand@greenbone.net>
9  *
10  * Copyright:
11  * Copyright (C) 2009, 2014 Greenbone Networks GmbH
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software
25  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
26  */
27 
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <errno.h>
40 #include <glib.h>
41 #include <netinet/in.h>
42 #include <netdb.h>
43 #include <sys/socket.h>
44 #include <sys/un.h>
45 #include <sys/time.h>
46 #include <arpa/inet.h>
47 #include <unistd.h>
48 #include <fcntl.h>
49 #include <assert.h>
50 #include <time.h>
51 #include <sys/time.h>
52 
53 #include <microhttpd.h>
54 
55 #include "gsad_base.h"
56 #include "gsad_omp.h"
57 #include "xslt_i18n.h"
58 
59 #include <openvas/misc/openvas_server.h>
60 #include <openvas/base/openvas_file.h>
61 #include <openvas/base/cvss.h>
62 #include <openvas/omp/omp.h>
63 #include <openvas/omp/xml.h>
64 
65 /*
66  * XSLT includes
67  */
68 #include <libxml2/libxml/xmlmemory.h>
69 #include <libxml2/libxml/HTMLtree.h>
70 #include <libxml2/libxml/xmlIO.h>
71 #include <libxml2/libxml/xinclude.h>
72 #include <libxslt/xslt.h>
73 #include <libxslt/xsltInternals.h>
74 #include <libxslt/transform.h>
75 #include <libxslt/xsltutils.h>
76 
77 #undef G_LOG_DOMAIN
78 
81 #define G_LOG_DOMAIN "gsad omp"
82 
86 #define OPENVASMD_ADDRESS "127.0.0.1"
87 
92 
96 gchar *manager_address = NULL;
97 
101 int manager_port = 9390;
102 
103 
104 /* Headers. */
105 
106 static int
107 omp (credentials_t *, gchar **, entity_t *, cmd_response_data_t*,
108  const char *);
109 
110 static int
111 ompf (credentials_t *, gchar **, entity_t *, cmd_response_data_t*,
112  const char *, ...);
113 
114 int manager_connect (credentials_t *, openvas_connection_t *, gchar **,
116 
117 static char *edit_role (credentials_t *, params_t *, const char *,
119 
120 static char *edit_task (credentials_t *, params_t *, const char *,
122 
123 static char *get_alert (credentials_t *, params_t *, const char *,
125 
126 static char *get_alerts (credentials_t *, params_t *, const char *,
128 
129 static char *get_agent (credentials_t *, params_t *, const char *,
131 
132 static char *get_agents (credentials_t *, params_t *, const char *,
134 
135 static char *get_asset (credentials_t *, params_t *, const char *,
137 
138 static char *get_assets (credentials_t *, params_t *, const char *,
140 
141 static char *get_assets_chart (credentials_t *, params_t *, const char *,
143 
144 
145 static char *get_task (credentials_t *, params_t *, const char *,
147 
148 static char *get_tasks (credentials_t *, params_t *, const char *,
150 
151 static char *get_tasks_chart (credentials_t *, params_t *, const char *,
153 
154 static char *get_trash (credentials_t *, params_t *, const char *,
156 
157 static char *get_config_family (credentials_t *, params_t *, int,
159 
160 static char *get_config (credentials_t *, params_t *, const char *, int,
162 
163 static char *get_configs (credentials_t *, params_t *, const char *,
165 
166 static char *get_filter (credentials_t *, params_t *, const char *,
168 
169 static char *get_filters (credentials_t *, params_t *, const char *,
171 
172 static char *get_group (credentials_t *, params_t *, const char *,
174 
175 static char *get_groups (credentials_t *, params_t *, const char *,
177 
178 static char *get_credential (credentials_t *, params_t *, const char *,
180 
181 static char *get_credentials (credentials_t *, params_t *, const char *,
183 
184 static char *get_notes (credentials_t *, params_t *, const char *,
186 
187 static char *get_note (credentials_t *, params_t *, const char *,
189 
190 static char *get_nvts (credentials_t *credentials, params_t *,
191  const char *, const char *, cmd_response_data_t*);
192 
193 static char *get_overrides (credentials_t *, params_t *, const char *,
195 
196 static char *get_override (credentials_t *, params_t *, const char *,
198 
199 static char *get_permission (credentials_t *, params_t *, const char *,
201 
202 static char *get_permissions (credentials_t *, params_t *, const char *,
204 
205 static char *get_port_list (credentials_t *, params_t *, const char *,
207 
208 static char *get_port_lists (credentials_t *, params_t *, const char *,
210 
211 static char *edit_port_list (credentials_t *, params_t *, const char *,
213 
214 static char *get_tag (credentials_t *, params_t *, const char *,
216 
217 static char *get_tags (credentials_t *, params_t *, const char *,
219 
220 static char *get_target (credentials_t *, params_t *, const char *,
222 
223 static char *get_targets (credentials_t *, params_t *, const char *,
225 
226 static char *get_report (credentials_t *, params_t *, const char *, gsize *,
227  gchar **, char **, const char *, int *,
229 
230 static char *get_report_format (credentials_t *, params_t *, const char *,
232 
233 static char *get_report_formats (credentials_t *, params_t *, const char *,
235 
236 static char *get_report_section (credentials_t *, params_t *, const char *,
238 
239 static char *get_reports (credentials_t *, params_t *, const char *,
241 
242 static char *get_result_page (credentials_t *, params_t *, const char *,
244 
245 static char *get_results (credentials_t *, params_t *, const char *,
247 
248 static char *get_role (credentials_t *, params_t *, const char *,
250 
251 static char *get_roles (credentials_t *, params_t *, const char *,
253 
254 static char *get_scanner (credentials_t *, params_t *, const char *,
256 
257 static char *get_scanners (credentials_t *, params_t *, const char *,
259 
260 static char *get_schedule (credentials_t *, params_t *, const char *,
262 
263 static char *get_schedules (credentials_t *, params_t *, const char *,
265 
266 static char *get_user (credentials_t *, params_t *, const char *,
268 
269 static char *get_users (credentials_t *, params_t *, const char *,
271 
272 static char *wizard (credentials_t *, params_t *, const char *,
274 
275 static char *wizard_get (credentials_t *, params_t *, const char *,
277 
278 int token_user_remove (const char *);
279 
280 static int omp_success (entity_t entity);
281 
282 static gchar *next_page_url (credentials_t *, params_t *, const char *,
283  const char *, const char *, const char *,
284  const char *);
285 
286 static gchar *action_result_page (credentials_t *, cmd_response_data_t *,
287  const char*, const char*, const char*,
288  const char*);
289 
290 static gchar* response_from_entity (credentials_t*, params_t *,
291  entity_t, int, const char*, const char *,
292  const char*, const char*, const char*,
294 
295 /* Helpers. */
296 
303 int
304 command_enabled (credentials_t *credentials, const gchar *name)
305 {
306  /* TODO Hack. Fails if command named in summary of another command. */
307  return strstr (credentials->capabilities, name) ? 1 : 0;
308 }
309 
317 void
318 omp_init (const gchar *manager_address_unix, const gchar *manager_address_tls,
319  int port_manager)
320 {
321  if (manager_address_unix)
322  {
323  manager_address = g_strdup (manager_address_unix);
324  manager_use_tls = 0;
325  }
326  else if (manager_address_tls)
327  {
328  manager_address = g_strdup (manager_address_tls);
329  manager_use_tls = 1;
330  }
331  else
332  {
333  manager_address = g_build_filename (OPENVAS_RUN_DIR,
334  "openvasmd.sock",
335  NULL);
336  manager_use_tls = 0;
337  }
338  manager_port = port_manager;
339 }
340 
346 void
348 {
349  data->http_status_code = MHD_HTTP_OK;
350  data->redirect = NULL;
351 }
352 
358 void
360 {
361  memset (data, 0, sizeof (cmd_response_data_t));
362 }
363 
373 static gboolean
374 print_chart_pref (gchar *id, gchar *value, GString* buffer)
375 {
376  g_string_append_printf (buffer,
377  "<chart_preference id=\"%s\">"
378  "<value>%s</value>"
379  "</chart_preference>",
380  id,
381  value);
382  return 0;
383 }
384 
388 typedef struct
389 {
390  gchar *value;
391  GList *keys;
393 
394 void
396 {
397  find->keys = NULL;
398  find->value = value;
399 }
400 
401 void
403 {
404  g_list_free (find->keys);
405 }
406 
417 static gboolean
418 find_by_value (gchar *key, gchar *value, find_by_value_t *data)
419 {
420  if (strcmp (value, data->value) == 0)
421  {
422  g_debug ("%s found key %s for value %s\n",
423  __FUNCTION__, key, value);
424  data->keys = g_list_append (data->keys, key);
425  }
426  return FALSE;
427 }
428 
437 static int
438 filter_exists (openvas_connection_t *connection, const char *filt_id)
439 {
440  entity_t entity;
441 
442  if (filt_id == NULL
443  || strcmp (filt_id, "0")
444  || strcmp (filt_id, "-2"))
445  return 1;
446 
447  /* check if filter still exists */
448  if (openvas_connection_sendf (connection, "<get_filters filter_id='%s'/>",
449  filt_id))
450  {
451  return -2;
452  }
453 
454  if (read_entity_c (connection, &entity))
455  {
456  return -3;
457  }
458 
459  return omp_success (entity);
460 }
461 
471 static char *
472 xsl_transform_omp (credentials_t * credentials, gchar * xml,
473  cmd_response_data_t *response_data)
474 {
475  time_t now;
476  gchar *res, *name;
477  GString *string;
478  char *html;
479  char ctime_now[200];
480  params_iterator_t iter;
481  param_t *param;
482  const char *refresh_interval, *xml_flag;
483  struct timeval tv;
484 
485  assert (credentials);
486 
487  now = time (NULL);
488  ctime_r_strip_newline (&now, ctime_now);
489 
490  string = g_string_new ("");
491 
492  gettimeofday (&tv, NULL);
493  res = g_markup_printf_escaped ("<envelope>"
494  "<version>%s</version>"
495  "<vendor_version>%s</vendor_version>"
496  "<token>%s</token>"
497  "<caller>%s</caller>"
498  "<current_page>%s</current_page>"
499  "<time>%s</time>"
500  "<timezone>%s</timezone>"
501  "<login>%s</login>"
502  "<role>%s</role>"
503  "<severity>%s</severity>"
504  "<i18n>%s</i18n>"
505  "<charts>%d</charts>"
506  "<guest>%d</guest>"
507  "<client_address>%s</client_address>"
508  "<backend_operation>%.2f</backend_operation>",
509  GSAD_VERSION,
511  credentials->token,
512  credentials->caller ? credentials->caller : "",
513  credentials->current_page
514  ? credentials->current_page
515  : (credentials->caller
516  ? credentials->caller
517  : ""),
518  ctime_now,
519  credentials->timezone
520  ? credentials->timezone : "",
521  credentials->username,
522  credentials->role,
523  credentials->severity,
524  credentials->language,
525  credentials->charts,
526  credentials->guest,
527  credentials->client_address,
528  (double) ((tv.tv_sec
529  - credentials->cmd_start.tv_sec)
530  * 1000000L
531  + tv.tv_usec
532  - credentials->cmd_start.tv_usec)
533  / 1000000.0);
534  g_string_append (string, res);
535  g_free (res);
536 
537  g_string_append (string, "<chart_preferences>");
538  g_tree_foreach (credentials->chart_prefs,
539  (GTraverseFunc)print_chart_pref,
540  string);
541  g_string_append (string, "</chart_preferences>");
542 
543  if (credentials->pw_warning)
544  {
545  gchar *warning_elem;
546  warning_elem = g_markup_printf_escaped ("<password_warning>"
547  "%s"
548  "</password_warning>",
549  credentials->pw_warning);
550  g_string_append (string, warning_elem);
551  g_free (warning_elem);
552  }
553 
554  refresh_interval = params_value (credentials->params, "refresh_interval");
555  if ((refresh_interval == NULL) || (strcmp (refresh_interval, "") == 0))
556  g_string_append_printf (string,
557  "<autorefresh interval=\"%s\"/>",
558  credentials->autorefresh);
559  else
560  {
561  int ret;
562  gchar *interval_64, *response;
563  entity_t entity;
564 
565  interval_64 = (refresh_interval
566  ? g_base64_encode ((guchar*) refresh_interval,
567  strlen (refresh_interval))
568  : g_strdup (""));
569  ret = ompf (credentials, &response, &entity, response_data,
570  "<modify_setting"
571  " setting_id=\"578a1c14-e2dc-45ef-a591-89d31391d007\">"
572  "<value>%s</value>"
573  "</modify_setting>",
574  interval_64);
575  g_free (interval_64);
576  switch (ret)
577  {
578  case 0:
579  case -1:
580  break;
581  case 1:
582  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
583  return gsad_message (credentials,
584  "Internal error", __FUNCTION__, __LINE__,
585  "An internal error occurred while modifying the"
586  " autorefresh setting for the settings. "
587  "Diagnostics: Failure to send command to"
588  " manager daemon.",
589  "/omp?cmd=get_my_settings", response_data);
590  case 2:
591  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
592  return gsad_message (credentials,
593  "Internal error", __FUNCTION__, __LINE__,
594  "An internal error occurred while modifying the"
595  " autorefresh setting for the settings. "
596  "Diagnostics: Failure to receive response from"
597  " manager daemon.",
598  "/omp?cmd=get_my_settings", response_data);
599  default:
600  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
601  return gsad_message (credentials,
602  "Internal error", __FUNCTION__, __LINE__,
603  "An internal error occurred while modifying the"
604  " autorefresh setting for the settings. "
605  "Diagnostics: Internal Error.",
606  "/omp?cmd=get_my_settings", response_data);
607  }
608 
609  free_entity (entity);
610  g_free (credentials->autorefresh);
611  credentials->autorefresh = g_strdup (refresh_interval);
612  user_set_autorefresh (credentials->token, refresh_interval);
613 
614  g_string_append_printf (string,
615  "<autorefresh interval=\"%s\"/>",
616  credentials->autorefresh);
617  }
618 
619  g_string_append (string, "<params>");
620  params_iterator_init (&iter, credentials->params);
621  while (params_iterator_next (&iter, &name, &param))
622  {
623  if (name && strcmp (name, ""))
624  {
625  if ((name[strlen (name) - 1] == ':') && param->values)
626  {
627  gchar *child_name;
628  params_iterator_t children_iter;
629  param_t *child_param;
630 
631  params_iterator_init (&children_iter, param->values);
632  while (params_iterator_next (&children_iter, &child_name,
633  &child_param))
634  if (child_param->value
635  && child_param->valid
636  && child_param->valid_utf8)
637  xml_string_append (string,
638  "<_param>"
639  "<name>%s%s</name><value>%s</value>"
640  "</_param>",
641  name, child_name, child_param->value);
642  }
643 
644  if (param->value && param->valid && param->valid_utf8
645  && strcmp (name, "xml_file") && strcmp (name, "installer"))
646  xml_string_append (string, "<%s>%s</%s>", name, param->value, name);
647  }
648  else
649  g_warning ("%s: Param without name found", __FUNCTION__);
650  }
651  g_string_append (string, "</params>");
652 
653  g_string_append_printf (string,
654  "<capabilities>%s</capabilities>"
655  "%s"
656  "</envelope>",
657  credentials->capabilities,
658  xml);
659  g_free (xml);
660 
661  xml_flag = params_value (credentials->params, "xml");
662  if (xml_flag && strcmp (xml_flag, "0"))
663  return g_string_free (string, FALSE);
664 
665  html = xsl_transform (string->str, response_data);
666  g_string_free (string, TRUE);
667  if (html == NULL)
668  {
669  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
670  res = g_strdup_printf ("<gsad_response>"
671  "<title>Internal Error</title>"
672  "<message>"
673  "An internal server error has occurred during XSL"
674  " transformation."
675  "</message>"
676  "<backurl>/omp?cmd=get_tasks</backurl>"
677  "</gsad_response>");
678  html = xsl_transform (res, response_data);
679  if (html == NULL)
680  html = g_strdup ("<html>"
681  "<body>"
682  "An internal server error has occurred during XSL"
683  " transformation."
684  "</body>"
685  "</html>");
686  g_free (res);
687  }
688  return html;
689 }
690 
699 static int
700 member (params_t *params, const char *string)
701 {
702  params_iterator_t iter;
703  param_t *param;
704  char *name;
705 
706  params_iterator_init (&iter, params);
707  while (params_iterator_next (&iter, &name, &param))
708  if (strcmp (name, string) == 0) return 1;
709  return 0;
710 }
711 
720 int
721 member1 (params_t *params, const char *string)
722 {
723  params_iterator_t iter;
724  param_t *param;
725  char *name;
726 
727  params_iterator_init (&iter, params);
728  while (params_iterator_next (&iter, &name, &param))
729  if (param->value_size
730  && param->value[0] == '1'
731  && strcmp (name, string) == 0)
732  return 1;
733  return 0;
734 }
735 
749 static char *
750 check_modify_config (credentials_t *credentials,
751  openvas_connection_t *connection, params_t *params,
752  const char* next, const char* fail_next, int* success,
753  cmd_response_data_t *response_data)
754 {
755  entity_t entity;
756  gchar *response;
757  const char *no_redirect, *status_text;
758 
759  no_redirect = params_value (params, "no_redirect");
760 
761  if (success)
762  *success = 0;
763 
766  /* Read the response. */
767 
768  if (read_entity_c (connection, &entity))
769  {
770  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
771  return gsad_message (credentials,
772  "Internal error", __FUNCTION__, __LINE__,
773  "An internal error occurred while saving a config. "
774  "It is unclear whether the entire config has been saved. "
775  "Diagnostics: Failure to read command to manager daemon.",
776  "/omp?cmd=get_configs", response_data);
777  }
778 
779  /* Check the response. */
780 
781  status_text = entity_attribute (entity, "status_text");
782  if (status_text == NULL)
783  {
784  free_entity (entity);
785  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
786  return gsad_message (credentials,
787  "Internal error", __FUNCTION__, __LINE__,
788  "An internal error occurred while saving a config. "
789  "It is unclear whether the entire config has been saved. "
790  "Diagnostics: Failure to parse status_text from response.",
791  "/omp?cmd=get_configs", response_data);
792  }
793 
794  if (strcmp (status_text, "Config is in use") == 0)
795  {
796  const char* message = "The config is now in use by a task,"
797  " so only name and comment can be modified.";
798  gchar *next_url = next_page_url (credentials, params,
799  NULL, fail_next,
800  "Save Config",
801  entity_attribute (entity, "status"),
802  message);
803 
804  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
805  response
806  = action_result_page (credentials, response_data, "Save Config",
807  entity_attribute (entity, "status"),
808  message, next_url);
809 
810  g_free (next_url);
811  free_entity (entity);
812  return response;
813  }
814  else if (strcmp (status_text, "MODIFY_CONFIG name must be unique") == 0)
815  {
816  const char* message = "A config with the given name exists already.";
817  gchar *next_url = next_page_url (credentials, params,
818  NULL, fail_next,
819  "Save Config",
820  entity_attribute (entity, "status"),
821  message);
822 
823  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
824  response
825  = action_result_page (credentials, response_data, "Save Config",
826  entity_attribute (entity, "status"),
827  message, next_url);
828 
829  g_free (next_url);
830  free_entity (entity);
831  return response;
832  }
833  else if (success && omp_success (entity))
834  {
835  *success = 1;
836  }
837 
838  response
839  = response_from_entity (credentials, params, entity,
840  (no_redirect && strcmp (no_redirect, "0")),
841  NULL, next,
842  NULL, fail_next,
843  "Save Config", response_data);
844  free_entity (entity);
845 
846  return response;
847 }
848 
856 static int
857 omp_success (entity_t entity)
858 {
859  const char *status;
860 
861  if (entity == NULL)
862  return 0;
863 
864  status = entity_attribute (entity, "status");
865  if ((status == NULL)
866  || (strlen (status) == 0))
867  return -1;
868 
869  return status[0] == '2';
870 }
871 
878 void
880  cmd_response_data_t *response_data)
881 {
882  if (entity == NULL)
883  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
884  else if (strcmp (entity_attribute (entity, "status_text"),
885  "Permission denied")
886  == 0)
887  response_data->http_status_code = MHD_HTTP_FORBIDDEN;
888  else if (strcmp (entity_attribute (entity, "status"), "404") == 0)
889  response_data->http_status_code = MHD_HTTP_NOT_FOUND;
890  else
891  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
892 }
893 
906 static int
907 omp (credentials_t *credentials, gchar **response, entity_t *entity_return,
908  cmd_response_data_t *response_data, const char *command)
909 {
910  openvas_connection_t connection;
911  int ret;
912  entity_t entity;
913 
914  if (entity_return)
915  *entity_return = NULL;
916 
917  switch (manager_connect (credentials, &connection, response, response_data))
918  {
919  case 0:
920  break;
921  case -1:
922  return -1;
923  default:
924  if (response_data)
925  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
926  if (response)
927  *response = gsad_message (credentials,
928  "Internal error", __FUNCTION__, __LINE__,
929  "An internal error occurred. "
930  "Diagnostics: Failure to connect to manager daemon.",
931  "/omp?cmd=get_tasks", response_data);
932  return -1;
933  }
934 
935  ret = openvas_connection_sendf (&connection, "%s", command);
936  if (ret == -1)
937  {
938  openvas_connection_close (&connection);
939  return 1;
940  }
941 
942  entity = NULL;
943  if (read_entity_and_text_c (&connection, &entity, response))
944  {
945  openvas_connection_close (&connection);
946  return 2;
947  }
948  if (entity_return)
949  *entity_return = entity;
950  else
951  free_entity (entity);
952  openvas_connection_close (&connection);
953  return 0;
954 }
955 
969 static int
970 simple_ompf (const gchar *message_operation, credentials_t *credentials,
971  gchar **response, cmd_response_data_t *response_data,
972  const char *format, ...)
973 {
974  int ret;
975  gchar *command;
976  va_list args;
977  entity_t entity;
978 
979  va_start (args, format);
980  command = g_markup_vprintf_escaped (format, args);
981  va_end (args);
982 
983  ret = omp (credentials, response, &entity, response_data, command);
984  g_free (command);
985  switch (ret)
986  {
987  case 0:
988  break;
989  case -1:
990  /* 'omp' set response. */
991  return 4;
992  case 1:
993  if (response_data)
994  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
995  if (response)
996  {
997  gchar *message;
998  message = g_strdup_printf
999  ("An internal error occurred while %s. "
1000  " The operation was not started."
1001  " Diagnostics: Failure to send command to manager"
1002  " daemon.",
1003  message_operation
1004  ? message_operation
1005  : "performing an operation");
1006  *response = gsad_message (credentials, "Internal error",
1007  __FUNCTION__, __LINE__,
1008  message, "/omp?cmd=get_tasks",
1009  response_data);
1010  g_free (message);
1011  }
1012  return 1;
1013  case 2:
1014  if (response_data)
1015  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1016  if (response)
1017  {
1018  gchar *message;
1019  message = g_strdup_printf
1020  ("An internal error occurred while %s."
1021  " It is unclear whether the operation succeeded."
1022  " Diagnostics: Failure to receive response from manager"
1023  " daemon.",
1024  message_operation
1025  ? message_operation
1026  : "performing an operation");
1027  *response = gsad_message (credentials, "Internal error",
1028  __FUNCTION__, __LINE__,
1029  message, "/omp?cmd=get_tasks",
1030  response_data);
1031  g_free (message);
1032  }
1033  return 2;
1034  default:
1035  if (response_data)
1036  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1037  if (response)
1038  {
1039  gchar *message;
1040  message = g_strdup_printf
1041  ("An internal error occurred while %s."
1042  " It is unclear whether the operation succeeded."
1043  " Diagnostics: Internal Error.",
1044  message_operation
1045  ? message_operation
1046  : "performing an operation");
1047  *response = gsad_message (credentials, "Internal error",
1048  __FUNCTION__, __LINE__,
1049  message, "/omp?cmd=get_tasks",
1050  response_data);
1051  g_free (message);
1052  }
1053  return -1;
1054  }
1055 
1056  switch (omp_success (entity))
1057  {
1058  case 0:
1059  set_http_status_from_entity (entity, response_data);
1060  ret = 3;
1061  break;
1062  case 1:
1063  ret = 0;
1064  break;
1065  default:
1066  ret = -1;
1067  break;
1068  }
1069  free_entity (entity);
1070  return ret;
1071 }
1072 
1086 static int
1087 ompf (credentials_t *credentials, gchar **response, entity_t *entity_return,
1088  cmd_response_data_t *response_data, const char *format, ...)
1089 {
1090  int ret;
1091  gchar *command;
1092  va_list args;
1093 
1094  va_start (args, format);
1095  command = g_markup_vprintf_escaped (format, args);
1096  va_end (args);
1097 
1098  ret = omp (credentials, response, entity_return, response_data, command);
1099  g_free (command);
1100  return ret;
1101 }
1102 
1113 static int
1114 setting_get_value (openvas_connection_t *connection, const char *setting_id,
1115  gchar **value, cmd_response_data_t *response_data)
1116 {
1117  int ret;
1118  entity_t entity;
1119  const char *status;
1120  gchar *response;
1121 
1122  *value = NULL;
1123 
1124  ret = openvas_connection_sendf
1125  (connection,
1126  "<get_settings setting_id=\"%s\"/>",
1127  setting_id);
1128  if (ret)
1129  return 1;
1130 
1131  entity = NULL;
1132  if (read_entity_and_text_c (connection, &entity, &response))
1133  return 2;
1134 
1135  status = entity_attribute (entity, "status");
1136  if (status == NULL
1137  || strlen (status) == 0)
1138  {
1139  g_free (response);
1140  free_entity (entity);
1141  return -1;
1142  }
1143 
1144  if (status[0] == '2')
1145  {
1146  entity_t setting;
1147  setting = entity_child (entity, "setting");
1148  if (setting == NULL)
1149  {
1150  free_entity (entity);
1151  g_free (response);
1152  return 0;
1153  }
1154  setting = entity_child (setting, "value");
1155  if (setting == NULL)
1156  {
1157  free_entity (entity);
1158  g_free (response);
1159  return -1;
1160  }
1161  *value = g_strdup (entity_text (setting));
1162  g_free (response);
1163  free_entity (entity);
1164  }
1165  else
1166  {
1167  if (response_data)
1168  set_http_status_from_entity (entity, response_data);
1169  free_entity (entity);
1170  g_free (response);
1171  return -1;
1172  }
1173 
1174  return 0;
1175 }
1176 
1184 #define CHECK_PARAM(name, op_name, ret_func) \
1185  if (name == NULL) \
1186  { \
1187  gchar *msg, *ret_html; \
1188  msg = g_strdup_printf (GSAD_MESSAGE_INVALID, \
1189  "Given " G_STRINGIFY (name) " was invalid", \
1190  op_name); \
1191  ret_html = ret_func (credentials, params, msg, response_data); \
1192  g_free (msg); \
1193  response_data->http_status_code = MHD_HTTP_BAD_REQUEST; \
1194  return ret_html; \
1195  }
1196 
1204 #define CHECK_PARAM_INVALID(name, op_name, next_cmd) \
1205  if (name == NULL) \
1206  { \
1207  return message_invalid (credentials, params, response_data, \
1208  "Given " G_STRINGIFY (name) " was invalid", \
1209  G_STRINGIFY (MHD_HTTP_BAD_REQUEST), \
1210  op_name, next_cmd); \
1211  }
1212 
1221 static char *
1222 page_url (credentials_t *credentials, const gchar *cmd)
1223 {
1224  GString *url;
1225 
1226  assert (cmd);
1227 
1228  url = g_string_new ("");
1229 
1230  if (credentials->caller && strlen (credentials->caller))
1231  {
1232  gchar **split_question, *page, *params;
1233 
1234  split_question = g_strsplit (credentials->caller, "?", 2);
1235 
1236  page = *split_question;
1237 
1238  if (page)
1239  {
1240  g_string_append_printf (url, "%s?cmd=%s", page, cmd);
1241  params = split_question[1];
1242  }
1243  else
1244  {
1245  g_string_append_printf (url, "cmd=%s", cmd);
1246  params = credentials->caller;
1247  }
1248  if (params)
1249  {
1250  gchar **split_amp, **point;
1251 
1252  point = split_amp = g_strsplit (params, "&", 0);
1253  while (*point)
1254  {
1255  gchar *param;
1256 
1257  param = *point;
1258 
1259  g_strstrip (param);
1260 
1261  if (strstr (param, "cmd=") == param)
1262  {
1263  point++;
1264  continue;
1265  }
1266 
1267  g_string_append_printf (url, "&%s", param);
1268 
1269  point++;
1270  }
1271  g_strfreev (split_amp);
1272  }
1273  g_strfreev (split_question);
1274  }
1275  else
1276  g_string_append_printf (url, "?cmd=%s", cmd);
1277 
1278  return g_string_free (url, FALSE);
1279 }
1280 
1288 static gchar*
1289 capitalize (const char* input)
1290 {
1291  gchar *output;
1292  if (input == NULL)
1293  return NULL;
1294  else
1295  {
1296  int first_letter = 1;
1297  int pos = 0;
1298  output = g_strdup (input);
1299 
1300  while (output[pos])
1301  {
1302  if (g_ascii_isalpha (output[pos]) && first_letter)
1303  {
1304  output[pos] = g_ascii_toupper (output[pos]);
1305  first_letter = 0;
1306  }
1307  else if (output[pos] == '_')
1308  {
1309  output[pos] = ' ';
1310  first_letter = 1;
1311  }
1312  pos++;
1313  }
1314  return output;
1315  }
1316 }
1317 
1318 
1319 /* Generic page handlers. */
1320 
1334 static gchar *
1335 next_page_url (credentials_t *credentials, params_t *params,
1336  const char* override_next, const char *default_next,
1337  const char* prev_action, const char* action_status,
1338  const char* action_message)
1339 {
1340  GString *url;
1341  const char *next_cmd, *xml_param, *next_xml_param;
1342  params_iterator_t iter;
1343  gchar *param_name;
1344  param_t *current_param;
1345  int error;
1346  if (action_status && strcmp (action_status, "") && action_status[0] != '2')
1347  error = 1;
1348  else
1349  error = 0;
1350 
1351  url = g_string_new ("/omp?cmd=");
1352 
1353  if (override_next)
1354  next_cmd = override_next;
1355  else if (error && params_valid (params, "next_error"))
1356  next_cmd = params_value (params, "next_error");
1357  else if (!error && params_valid (params, "next"))
1358  next_cmd = params_value (params, "next");
1359  else if (default_next)
1360  next_cmd = default_next;
1361  else
1362  next_cmd = "get_tasks";
1363 
1364  xml_param = params_value (params, "xml");
1365  next_xml_param = params_value (params, "next_xml");
1366 
1367  g_string_append (url, next_cmd);
1368 
1369  params_iterator_init (&iter, params);
1370  while (params_iterator_next (&iter, &param_name, &current_param))
1371  {
1372  if (strcmp (param_name, "asset_type") == 0
1373  || strcmp (param_name, "filter") == 0
1374  || strcmp (param_name, "filt_id") == 0
1375  || (strstr (param_name, "_id")
1376  == param_name + strlen (param_name) - strlen ("_id"))
1377  || (strcmp (param_name, "name") == 0
1378  && strcasecmp (prev_action, "Run Wizard") == 0)
1379  || (strcmp (param_name, "get_name") == 0
1380  && strcasecmp (next_cmd, "wizard_get") == 0))
1381  {
1382  g_string_append_printf (url, "&%s=%s",
1383  param_name,
1384  current_param->value
1385  ? current_param->value
1386  : "");
1387  }
1388  }
1389 
1390  if (next_xml_param)
1391  {
1392  g_string_append_printf (url, "&xml=%s", next_xml_param);
1393  }
1394  else if (xml_param)
1395  {
1396  g_string_append_printf (url, "&xml=%s", xml_param);
1397  }
1398 
1399  if (action_status)
1400  {
1401  gchar *escaped = g_uri_escape_string (action_status, NULL, FALSE);
1402  g_string_append_printf (url, "&action_status=%s", escaped);
1403  g_free (escaped);
1404  }
1405 
1406  if (action_message)
1407  {
1408  gchar *escaped = g_uri_escape_string (action_message, NULL, FALSE);
1409  g_string_append_printf (url, "&action_message=%s", escaped);
1410  g_free (escaped);
1411  }
1412 
1413  if (prev_action)
1414  {
1415  gchar *escaped = g_uri_escape_string (prev_action, NULL, FALSE);
1416  g_string_append_printf (url, "&prev_action=%s", escaped);
1417  g_free (escaped);
1418  }
1419 
1420 
1421  g_string_append_printf (url, "&token=%s", credentials->token);
1422 
1423  return g_string_free (url, FALSE);
1424 }
1425 
1438 static gchar *
1439 action_result_page (credentials_t *credentials,
1440  cmd_response_data_t *response_data,
1441  const char* action, const char* status,
1442  const char* message, const char* next_url)
1443 {
1444  gchar *xml;
1445  xml = g_markup_printf_escaped ("<action_result>"
1446  "<action>%s</action>"
1447  "<status>%s</status>"
1448  "<message>%s</message>"
1449  "<next>%s</next>"
1450  "</action_result>",
1451  action ? action : "",
1452  status ? status : "",
1453  message ? message : "",
1454  next_url ? next_url : "");
1455  return xsl_transform_omp (credentials, xml, response_data);
1456 }
1457 
1471 gchar *
1472 message_invalid (credentials_t *credentials, params_t *params,
1473  cmd_response_data_t *response_data, const char *message,
1474  const char *status, const char *op_name, const char *next_cmd)
1475 {
1476  gchar *ret;
1477  gchar *next_url;
1478 
1479  next_url = next_page_url (credentials, params, next_cmd, NULL, op_name,
1480  status, message);
1481  ret = action_result_page (credentials, response_data, op_name,
1482  G_STRINGIFY (MHD_HTTP_BAD_REQUEST),
1483  message,
1484  next_url);
1485  g_free (next_url);
1486  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
1487  return ret;
1488 }
1489 
1493 static gchar*
1494 response_from_entity (credentials_t* credentials, params_t *params,
1495  entity_t entity, int no_redirect,
1496  const char* override_next, const char *default_next,
1497  const char* override_fail_next,
1498  const char* default_fail_next,
1499  const char* action, cmd_response_data_t *response_data)
1500 {
1501  gchar *res, *next_url;
1502  int success;
1503  success = omp_success (entity);
1504 
1505  if (success)
1506  {
1507  next_url = next_page_url (credentials, params,
1508  override_next, default_next,
1509  action,
1510  entity_attribute (entity, "status"),
1511  entity_attribute (entity, "status_text"));
1512  }
1513  else
1514  {
1515  set_http_status_from_entity (entity, response_data);
1516  next_url = next_page_url (credentials, params,
1517  override_fail_next, default_fail_next,
1518  action,
1519  entity_attribute (entity, "status"),
1520  entity_attribute (entity, "status_text"));
1521  }
1522 
1523  if (no_redirect || success == 0)
1524  {
1525  res = action_result_page (credentials, response_data, action,
1526  entity_attribute (entity, "status"),
1527  entity_attribute (entity, "status_text"),
1528  next_url);
1529  g_free (next_url);
1530  }
1531  else
1532  {
1533  res = NULL;
1534  response_data->redirect = next_url;
1535  }
1536  return res;
1537 }
1538 
1550 static char *
1551 generate_page (credentials_t *credentials, params_t *params, gchar *response,
1552  const gchar *next, cmd_response_data_t* response_data)
1553 {
1554  credentials->current_page = page_url (credentials, next);
1555  if (g_utf8_validate (credentials->current_page, -1, NULL) == FALSE)
1556  {
1557  g_free (credentials->current_page);
1558  g_warning ("%s - current_page is not valid UTF-8", __FUNCTION__);
1559  credentials->current_page = NULL;
1560  }
1561 
1562  if (strcmp (next, "edit_role") == 0)
1563  return edit_role (credentials, params, response, response_data);
1564 
1565  if (strcmp (next, "edit_task") == 0)
1566  return edit_task (credentials, params, response, response_data);
1567 
1568  if (strcmp (next, "get_alerts") == 0)
1569  return get_alerts (credentials, params, response, response_data);
1570 
1571  if (strcmp (next, "get_alert") == 0)
1572  return get_alert (credentials, params, response, response_data);
1573 
1574  if (strcmp (next, "edit_port_list") == 0)
1575  return edit_port_list (credentials, params, response, response_data);
1576 
1577  if (strcmp (next, "get_agents") == 0)
1578  return get_agents (credentials, params, response, response_data);
1579 
1580  if (strcmp (next, "get_agent") == 0)
1581  return get_agent (credentials, params, response, response_data);
1582 
1583  if (strcmp (next, "get_asset") == 0)
1584  return get_asset (credentials, params, response, response_data);
1585 
1586  if (strcmp (next, "get_assets") == 0)
1587  return get_assets (credentials, params, response, response_data);
1588 
1589  if (strcmp (next, "get_assets_chart") == 0)
1590  return get_assets_chart (credentials, params, response, response_data);
1591 
1592  if (strcmp (next, "get_config") == 0)
1593  return get_config (credentials, params, response, 0, response_data);
1594 
1595  if (strcmp (next, "get_configs") == 0)
1596  return get_configs (credentials, params, response, response_data);
1597 
1598  if (strcmp (next, "get_filter") == 0)
1599  return get_filter (credentials, params, response, response_data);
1600 
1601  if (strcmp (next, "get_filters") == 0)
1602  return get_filters (credentials, params, response, response_data);
1603 
1604  if (strcmp (next, "get_group") == 0)
1605  return get_group (credentials, params, response, response_data);
1606 
1607  if (strcmp (next, "get_groups") == 0)
1608  return get_groups (credentials, params, response, response_data);
1609 
1610  if (strcmp (next, "get_credential") == 0)
1611  return get_credential (credentials, params, response, response_data);
1612 
1613  if (strcmp (next, "get_credentials") == 0)
1614  return get_credentials (credentials, params, response, response_data);
1615 
1616  if (strcmp (next, "get_note") == 0)
1617  return get_note (credentials, params, response, response_data);
1618 
1619  if (strcmp (next, "get_notes") == 0)
1620  return get_notes (credentials, params, response, response_data);
1621 
1622  if (strcmp (next, "get_nvts") == 0)
1623  return get_nvts (credentials, params, NULL, response, response_data);
1624 
1625  if (strcmp (next, "get_override") == 0)
1626  return get_override (credentials, params, response, response_data);
1627 
1628  if (strcmp (next, "get_overrides") == 0)
1629  return get_overrides (credentials, params, response, response_data);
1630 
1631  if (strcmp (next, "get_permission") == 0)
1632  return get_permission (credentials, params, response, response_data);
1633 
1634  if (strcmp (next, "get_permissions") == 0)
1635  return get_permissions (credentials, params, response, response_data);
1636 
1637  if (strcmp (next, "get_port_list") == 0)
1638  return get_port_list (credentials, params, response, response_data);
1639 
1640  if (strcmp (next, "get_port_lists") == 0)
1641  return get_port_lists (credentials, params, response, response_data);
1642 
1643  if (strcmp (next, "get_tag") == 0)
1644  return get_tag (credentials, params, response, response_data);
1645 
1646  if (strcmp (next, "get_tags") == 0)
1647  return get_tags (credentials, params, response, response_data);
1648 
1649  if (strcmp (next, "get_target") == 0)
1650  return get_target (credentials, params, response, response_data);
1651 
1652  if (strcmp (next, "get_targets") == 0)
1653  return get_targets (credentials, params, response, response_data);
1654 
1655  if (strcmp (next, "get_task") == 0)
1656  return get_task (credentials, params, response, response_data);
1657 
1658  if (strcmp (next, "get_tasks") == 0)
1659  return get_tasks (credentials, params, response, response_data);
1660 
1661  if (strcmp (next, "get_tasks_chart") == 0)
1662  return get_tasks_chart (credentials, params, response, response_data);
1663 
1664  if (strcmp (next, "get_report") == 0)
1665  {
1666  char *result;
1667  int error = 0;
1668 
1669  result = get_report (credentials, params, NULL, NULL, NULL,
1670  NULL, response, &error, response_data);
1671 
1672  return error ? result : xsl_transform_omp (credentials, result,
1673  response_data);
1674  }
1675 
1676  if (strcmp (next, "get_report_format") == 0)
1677  return get_report_format (credentials, params, response, response_data);
1678 
1679  if (strcmp (next, "get_report_formats") == 0)
1680  return get_report_formats (credentials, params, response, response_data);
1681 
1682  if (strcmp (next, "get_report_section") == 0)
1683  return get_report_section (credentials, params, response, response_data);
1684 
1685  if (strcmp (next, "get_reports") == 0)
1686  return get_reports (credentials, params, response, response_data);
1687 
1688  if (strcmp (next, "get_results") == 0)
1689  return get_results (credentials, params, response, response_data);
1690 
1691  if (strcmp (next, "get_result") == 0)
1692  return get_result_page (credentials, params, response, response_data);
1693 
1694  if (strcmp (next, "get_role") == 0)
1695  return get_role (credentials, params, response, response_data);
1696 
1697  if (strcmp (next, "get_roles") == 0)
1698  return get_roles (credentials, params, response, response_data);
1699 
1700  if (strcmp (next, "get_scanner") == 0)
1701  return get_scanner (credentials, params, response, response_data);
1702 
1703  if (strcmp (next, "get_scanners") == 0)
1704  return get_scanners (credentials, params, response, response_data);
1705 
1706  if (strcmp (next, "get_schedule") == 0)
1707  return get_schedule (credentials, params, response, response_data);
1708 
1709  if (strcmp (next, "get_schedules") == 0)
1710  return get_schedules (credentials, params, response, response_data);
1711 
1712  if (strcmp (next, "get_user") == 0)
1713  return get_user (credentials, params, response, response_data);
1714 
1715  if (strcmp (next, "get_users") == 0)
1716  return get_users (credentials, params, response, response_data);
1717 
1718  if (strcmp (next, "get_info") == 0)
1719  return get_info (credentials, params, response, response_data);
1720 
1721  if (strcmp (next, "wizard") == 0)
1722  return wizard (credentials, params, response, response_data);
1723 
1724  if (strcmp (next, "wizard_get") == 0)
1725  return wizard_get (credentials, params, response, response_data);
1726 
1727  return NULL;
1728 }
1729 
1740 static char *
1741 next_page (credentials_t *credentials, params_t *params, gchar *response,
1742  cmd_response_data_t* response_data)
1743 {
1744  const char *next;
1745 
1746  next = params_value (params, "next");
1747  if (next == NULL)
1748  return NULL;
1749 
1750  return generate_page (credentials, params, response, next, response_data);
1751 }
1752 
1765 char *
1766 get_one (const char *type, credentials_t * credentials, params_t *params,
1767  const char *extra_xml, const char *extra_attribs,
1768  cmd_response_data_t* response_data)
1769 {
1770  GString *xml;
1771  openvas_connection_t connection;
1772  int ret;
1773  gchar *html, *end, *id_name;
1774  const char *id, *sort_field, *sort_order, *filter, *first, *max;
1775 
1776  id_name = g_strdup_printf ("%s_id", type);
1777  id = params_value (params, id_name);
1778  g_free (id_name);
1779  sort_field = params_value (params, "sort_field");
1780  sort_order = params_value (params, "sort_order");
1781 
1782  if (id == NULL)
1783  {
1784  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1785  return gsad_message (credentials,
1786  "Internal error", __FUNCTION__, __LINE__,
1787  "An internal error occurred while getting a resource. "
1788  "Diagnostics: missing ID.",
1789  "/omp?cmd=get_tasks", response_data);
1790  }
1791 
1792  switch (manager_connect (credentials, &connection, &html, response_data))
1793  {
1794  case 0:
1795  break;
1796  case -1:
1797  if (html)
1798  return html;
1799  /* Fall through. */
1800  default:
1801  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1802  return gsad_message (credentials,
1803  "Internal error", __FUNCTION__, __LINE__,
1804  "An internal error occurred while getting a resource. "
1805  "The resource is currently not available. "
1806  "Diagnostics: Failure to connect to manager daemon.",
1807  "/omp?cmd=get_tasks", response_data);
1808  }
1809 
1810  xml = g_string_new ("");
1811  g_string_append_printf (xml, "<get_%s>", type);
1812 
1813  if (strcmp (type, "role") == 0
1814  && command_enabled (credentials, "GET_PERMISSIONS")
1815  && params_value (params, "role_id"))
1816  {
1817  gchar *response;
1818  entity_t entity;
1819 
1820  response = NULL;
1821  entity = NULL;
1822  switch (ompf (credentials, &response, &entity, response_data,
1823  "<get_permissions"
1824  " filter=\"rows=-1 subject_type=role and subject_uuid=%s\"/>",
1825  params_value (params, "role_id")))
1826  {
1827  case 0:
1828  case -1:
1829  break;
1830  case 1:
1831  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1832  return gsad_message (credentials,
1833  "Internal error", __FUNCTION__, __LINE__,
1834  "An internal error occurred getting permissions. "
1835  "Diagnostics: Failure to send command to manager daemon.",
1836  "/omp?cmd=get_roles", response_data);
1837  case 2:
1838  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1839  return gsad_message (credentials,
1840  "Internal error", __FUNCTION__, __LINE__,
1841  "An internal error occurred getting permissions. "
1842  "Diagnostics: Failure to receive response from manager daemon.",
1843  "/omp?cmd=get_roles", response_data);
1844  default:
1845  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1846  return gsad_message (credentials,
1847  "Internal error", __FUNCTION__, __LINE__,
1848  "An internal error occurred getting permissins. "
1849  "Diagnostics: Internal Error.",
1850  "/omp?cmd=get_roles", response_data);
1851  }
1852 
1853  g_string_append (xml, response);
1854 
1855  if (!omp_success (entity))
1856  set_http_status_from_entity (entity, response_data);
1857 
1858  free_entity (entity);
1859  g_free (response);
1860  }
1861 
1862  /* Pass through params for get_resources. */
1863  filter = params_value (params, "filter");
1864  first = params_value (params, "first");
1865  max = params_value (params, "max");
1866  end = g_markup_printf_escaped ("<filters><term>%s</term></filters>"
1867  "<%ss start=\"%s\" max=\"%s\"/>",
1868  filter ? filter : "",
1869  type,
1870  first ? first : "",
1871  max ? max : "");
1872  g_string_append (xml, end);
1873  g_free (end);
1874 
1875  if (extra_xml)
1876  g_string_append (xml, extra_xml);
1877 
1878  /* Get the resource. */
1879 
1880  if (openvas_connection_sendf (&connection,
1881  "<get_%ss"
1882  " %s_id=\"%s\""
1883  " sort_field=\"%s\""
1884  " sort_order=\"%s\""
1885  " details=\"1\""
1886  " %s/>",
1887  type,
1888  type,
1889  id,
1890  sort_field ? sort_field : "name",
1891  sort_order ? sort_order : "ascending",
1892  extra_attribs ? extra_attribs : "")
1893  == -1)
1894  {
1895  g_string_free (xml, TRUE);
1896  openvas_connection_close (&connection);
1897  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1898  return gsad_message (credentials,
1899  "Internal error", __FUNCTION__, __LINE__,
1900  "An internal error occurred while getting resources list. "
1901  "The current list of resources is not available. "
1902  "Diagnostics: Failure to send command to manager daemon.",
1903  "/omp?cmd=get_resources", response_data);
1904  }
1905 
1906  if (read_string_c (&connection, &xml))
1907  {
1908  g_string_free (xml, TRUE);
1909  openvas_connection_close (&connection);
1910  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1911  return gsad_message (credentials,
1912  "Internal error", __FUNCTION__, __LINE__,
1913  "An internal error occurred while getting resources list. "
1914  "The current list of resources is not available. "
1915  "Diagnostics: Failure to receive response from manager daemon.",
1916  "/omp?cmd=get_resources", response_data);
1917  }
1918 
1919  /* Get tag names */
1920 
1921  if (openvas_connection_sendf (&connection,
1922  "<get_tags"
1923  " filter=\"resource_type=%s"
1924  " first=1"
1925  " rows=-1\""
1926  " names_only=\"1\""
1927  "/>",
1928  type)
1929  == -1)
1930  {
1931  g_string_free (xml, TRUE);
1932  openvas_connection_close (&connection);
1933  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1934  return gsad_message (credentials,
1935  "Internal error", __FUNCTION__, __LINE__,
1936  "An internal error occurred while getting tag names list. "
1937  "The current list of resources is not available. "
1938  "Diagnostics: Failure to send command to manager daemon.",
1939  "/omp?cmd=get_resources", response_data);
1940  }
1941 
1942  if (read_string_c (&connection, &xml))
1943  {
1944  g_string_free (xml, TRUE);
1945  openvas_connection_close (&connection);
1946  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1947  return gsad_message (credentials,
1948  "Internal error", __FUNCTION__, __LINE__,
1949  "An internal error occurred while getting tag names list. "
1950  "The current list of resources is not available. "
1951  "Diagnostics: Failure to receive response from manager daemon.",
1952  "/omp?cmd=get_resources", response_data);
1953  }
1954 
1955  /* Get permissions */
1956 
1957  g_string_append (xml, "<permissions>");
1958 
1959  if ((strcmp (type, "user") == 0)
1960  || (strcmp (type, "group") == 0)
1961  || (strcmp (type, "role") == 0))
1962  ret = openvas_connection_sendf (&connection,
1963  "<get_permissions"
1964  " filter=\"subject_uuid=%s"
1965  " and not resource_uuid=&quot;&quot;"
1966  " or resource_uuid=%s"
1967  " first=1 rows=-1\"/>",
1968  id,
1969  id);
1970  else
1971  ret = openvas_connection_sendf (&connection,
1972  "<get_permissions"
1973  " filter=\"resource_uuid=%s"
1974  " first=1 rows=-1\"/>",
1975  id);
1976  if (ret == -1)
1977  {
1978  g_string_free (xml, TRUE);
1979  openvas_connection_close (&connection);
1980  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1981  return gsad_message (credentials,
1982  "Internal error", __FUNCTION__, __LINE__,
1983  "An internal error occurred while getting permissions list. "
1984  "The current list of resources is not available. "
1985  "Diagnostics: Failure to send command to manager daemon.",
1986  "/omp?cmd=get_resources", response_data);
1987  }
1988 
1989  if (read_string_c (&connection, &xml))
1990  {
1991  g_string_free (xml, TRUE);
1992  openvas_connection_close (&connection);
1993  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1994  return gsad_message (credentials,
1995  "Internal error", __FUNCTION__, __LINE__,
1996  "An internal error occurred while getting permissions list. "
1997  "The current list of resources is not available. "
1998  "Diagnostics: Failure to receive response from manager daemon.",
1999  "/omp?cmd=get_resources", response_data);
2000  }
2001 
2002  g_string_append (xml, "</permissions>");
2003 
2004  /* Cleanup, and return transformed XML. */
2005 
2006  g_string_append_printf (xml, "</get_%s>", type);
2007  openvas_connection_close (&connection);
2008  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
2009  response_data);
2010 }
2011 
2024 static char *
2025 get_many (const char *type, credentials_t * credentials, params_t *params,
2026  const char *extra_xml, const char *extra_attribs,
2027  cmd_response_data_t* response_data)
2028 {
2029  GString *xml;
2030  GString *type_many; /* The plural form of type */
2031  openvas_connection_t connection;
2032  gchar *filter_type, *html, *request, *built_filter;
2033  int no_filter_history;
2034  const char *build_filter, *given_filt_id, *filt_id, *filter, *filter_extra;
2035  const char *first, *max, *sort_field, *sort_order, *owner, *permission;
2036  const char *replace_task_id;
2037  const char *overrides, *autofp, *autofp_value, *min_qod;
2038  const char *level_high, *level_medium, *level_low, *level_log;
2039  const char *level_false_positive;
2040 
2041  no_filter_history = params_value(params, "no_filter_history")
2042  ? atoi (params_value(params, "no_filter_history"))
2043  : 0;
2044  build_filter = params_value(params, "build_filter");
2045  given_filt_id = params_value (params, "filt_id");
2046  filter = params_value (params, "filter");
2047  filter_extra = params_value (params, "filter_extra");
2048  first = params_value (params, "first");
2049  max = params_value (params, "max");
2050  replace_task_id = params_value (params, "replace_task_id");
2051  sort_field = params_value (params, "sort_field");
2052  sort_order = params_value (params, "sort_order");
2053  owner = params_value (params, "owner");
2054  permission = params_value (params, "permission");
2055  overrides = params_value (params, "overrides");
2056  autofp = params_value (params, "autofp");
2057  autofp_value = params_value (params, "autofp_value");
2058  min_qod = params_value (params, "min_qod");
2059  level_high = params_value (params, "level_high");
2060  level_medium = params_value (params, "level_medium");
2061  level_low = params_value (params, "level_low");
2062  level_log = params_value (params, "level_log");
2063  level_false_positive = params_value (params, "level_false_positive");
2064 
2065  if (strcasecmp (type, "info") == 0)
2066  filter_type = g_strdup (params_value (params, "info_type"));
2067  else
2068  filter_type = g_strdup (type);
2069 
2070  if (given_filt_id)
2071  {
2072  if (no_filter_history == 0 && strcmp (given_filt_id, "0"))
2073  g_tree_replace (credentials->last_filt_ids, filter_type,
2074  g_strdup (given_filt_id));
2075  filt_id = given_filt_id;
2076  }
2077  else
2078  {
2079  if (no_filter_history == 0
2080  && (filter == NULL || strcmp (filter, "") == 0))
2081  filt_id = g_tree_lookup (credentials->last_filt_ids, filter_type);
2082  else
2083  filt_id = NULL;
2084  g_free (filter_type);
2085  }
2086 
2087  switch (manager_connect (credentials, &connection, &html, response_data))
2088  {
2089  case 0:
2090  break;
2091  case -1:
2092  if (html)
2093  return html;
2094  /* Fall through. */
2095  default:
2096  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2097  return gsad_message (credentials,
2098  "Internal error", __FUNCTION__, __LINE__,
2099  "An internal error occurred while getting a resource list. "
2100  "The current list of resources is not available. "
2101  "Diagnostics: Failure to connect to manager daemon.",
2102  "/omp?cmd=get_tasks", response_data);
2103  }
2104 
2105  /* check if filter still exists */
2106  switch (filter_exists (&connection, filt_id))
2107  {
2108  case 1:
2109  break;
2110  case 0:
2111  g_debug ("%s filter doesn't exist anymore %s!\n", __FUNCTION__,
2112  filt_id);
2113  filt_id = NULL;
2114  break;
2115  case -1:
2116  g_debug ("%s filter response didn't contain a status!\n", __FUNCTION__);
2117  filt_id = NULL;
2118  break;
2119  case -2:
2120  g_debug ("%s could not send filter request!\n", __FUNCTION__);
2121  filt_id = NULL;
2122  break;
2123  case -3:
2124  g_debug ("%s could not read entity from filter response!\n",
2125  __FUNCTION__);
2126  filt_id = NULL;
2127  break;
2128  default:
2129  filt_id = NULL;
2130  }
2131 
2132  xml = g_string_new ("");
2133  type_many = g_string_new (type);
2134 
2135  /* Workaround the fact that info is a non countable noun */
2136  if (strcmp (type, "info") != 0)
2137  g_string_append (type_many, "s");
2138 
2139  g_string_append_printf (xml, "<get_%s>", type_many->str);
2140 
2141  if (extra_xml)
2142  g_string_append (xml, extra_xml);
2143 
2144  built_filter = NULL;
2145  if (filt_id == NULL
2146  || (strcmp (filt_id, "") == 0)
2147  || (strcmp (filt_id, "--") == 0))
2148  {
2149  if ((build_filter && (strcmp (build_filter, "1") == 0))
2150  || ((filter == NULL || strcmp (filter, "") == 0)
2151  && (filter_extra == NULL || strcmp (filter_extra, "") == 0)))
2152  {
2153  if (build_filter && (strcmp (build_filter, "1") == 0))
2154  {
2155  gchar *task;
2156  const char *search_phrase, *task_id;
2157 
2158  if (strcmp (type, "report") == 0
2159  || strcmp (type, "task") == 0)
2160  {
2161  task = g_strdup_printf ("apply_overrides=%i min_qod=%s ",
2162  overrides
2163  && strcmp (overrides, "0"),
2164  min_qod ? min_qod : "");
2165  }
2166  else if (strcmp (type, "result") == 0)
2167  {
2168  gchar *levels
2169  = g_strdup_printf ("%s%s%s%s%s",
2170  level_high ? "h" : "",
2171  level_medium ? "m" : "",
2172  level_low ? "l" : "",
2173  level_log ? "g" : "",
2174  level_false_positive ? "f" : "");
2175  task = g_strdup_printf ("apply_overrides=%i min_qod=%s"
2176  " autofp=%s levels=%s ",
2177  (overrides
2178  && strcmp (overrides, "0")),
2179  min_qod ? min_qod : "",
2180  (autofp && autofp_value)
2181  ? autofp_value : "0",
2182  levels);
2183  g_free (levels);
2184  }
2185  else
2186  task = NULL;
2187 
2188  search_phrase = params_value (params, "search_phrase");
2189  task_id = params_value (params, "task_id");
2190  built_filter = g_strdup_printf
2191  ("%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
2192  task ? task : "",
2193  task_id ? "task_id=" : "",
2194  task_id ? task_id : "",
2195  task_id ? " " : "",
2196  first ? "first=" : "",
2197  first ? first : "",
2198  first ? " " : "",
2199  max ? "rows=" : "",
2200  max ? max : "",
2201  max ? " " : "",
2202  sort_field
2203  ? ((sort_order && strcmp (sort_order,
2204  "ascending"))
2205  ? "sort-reverse="
2206  : "sort=")
2207  : "",
2208  sort_field ? sort_field : "",
2209  sort_field ? " " : "",
2210  permission ? "permission=" : "",
2211  permission ? permission : "",
2212  permission ? " " : "",
2213  owner ? "owner=" : "",
2214  owner ? owner : "",
2215  owner ? " " : "",
2216  (filter && search_phrase) ? " " : "",
2217  filter ? filter : "",
2218  search_phrase ? " " : "",
2219  search_phrase
2220  ? search_phrase
2221  : "");
2222  filt_id = "-2";
2223  g_free (task);
2224  }
2225  else if (strcmp (type, "info") == 0
2226  && params_value (params, "info_type"))
2227  {
2228  if (strcmp (params_value (params, "info_type"), "cve") == 0)
2229  filter = "sort-reverse=published rows=-2";
2230  else
2231  filter = "sort-reverse=created rows=-2";
2232  }
2233  else if (strcmp (type, "user") == 0)
2234  filter = "sort=roles rows=-2";
2235  else if (strcmp (type, "report") == 0)
2236  {
2237  const char *task_id;
2238  task_id = params_value (params, "task_id");
2239  if (task_id)
2240  built_filter = g_strdup_printf ("task_id=%s apply_overrides=1"
2241  " rows=-2 sort-reverse=date",
2242  task_id);
2243  else
2244  filter = "apply_overrides=1 rows=-2 sort-reverse=date";
2245  }
2246  else if (strcmp (type, "result") == 0)
2247  {
2248  built_filter
2249  = g_strdup_printf("apply_overrides=%d autofp=%s rows=-2"
2250  " sort-reverse=created",
2251  (overrides == NULL
2252  || strcmp (overrides, "0")),
2253  (autofp && strcmp (autofp, "0"))
2254  ? autofp_value
2255  : "0");
2256  }
2257  else if (strcmp (type, "task"))
2258  filter = "rows=-2";
2259  else
2260  filter = "apply_overrides=1 rows=-2";
2261  if (filt_id && strcmp (filt_id, ""))
2262  /* Request to use "filter" instead. */
2263  filt_id = "0";
2264  else
2265  filt_id = "-2";
2266  }
2267  else if ((strcmp (filter, "sort=nvt") == 0)
2268  && ((strcmp (type, "note") == 0)
2269  || (strcmp (type, "override") == 0)))
2270  filt_id = "-2";
2271  else if ((strcmp (filter, "apply_overrides=1") == 0)
2272  && (strcmp (type, "task") == 0))
2273  filt_id = "-2";
2274  }
2275  else if (replace_task_id)
2276  {
2277  const char *task_id;
2278  task_id = params_value (params, "task_id");
2279  if (task_id)
2280  built_filter = g_strdup_printf ("task_id=%s %s",
2281  task_id,
2282  filter ? filter : "");
2283  }
2284 
2285  /* Get the list. */
2286 
2287  request = g_markup_printf_escaped (" %sfilt_id=\"%s\""
2288  " %sfilter=\"%s%s%s%s\""
2289  " filter_replace=\"%s\""
2290  " first=\"%s\""
2291  " max=\"%s\""
2292  " sort_field=\"%s\""
2293  " sort_order=\"%s\"",
2294  strcmp (type, "report") ? "" : "report_",
2295  filt_id ? filt_id : "0",
2296  strcmp (type, "report") ? "" : "report_",
2297  built_filter
2298  ? built_filter
2299  : (filter ? filter : ""),
2300  filter_extra ? " " : "",
2301  filter_extra ? filter_extra : "",
2302  filter_extra ? " " : "",
2303  replace_task_id ? "task_id" : "",
2304  first ? first : "1",
2305  max ? max : "-2",
2306  sort_field ? sort_field : "name",
2307  sort_order ? sort_order : "ascending");
2308 
2309  g_free (built_filter);
2310  if (openvas_connection_sendf (&connection,
2311  "<get_%s%s%s %s/>",
2312  type_many->str,
2313  strcmp (type, "report") ? "" : " details=\"0\"",
2314  request,
2315  extra_attribs ? extra_attribs : "")
2316  == -1)
2317  {
2318  g_free(request);
2319  g_string_free (xml, TRUE);
2320  g_string_free (type_many, TRUE);
2321  openvas_connection_close (&connection);
2322  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2323  return gsad_message (credentials,
2324  "Internal error", __FUNCTION__, __LINE__,
2325  "An internal error occurred while getting a resource list. "
2326  "The current list of resources is not available. "
2327  "Diagnostics: Failure to send command to manager daemon.",
2328  "/omp?cmd=get_tasks", response_data);
2329  }
2330  g_free(request);
2331  if (read_string_c (&connection, &xml))
2332  {
2333  g_string_free (xml, TRUE);
2334  g_string_free (type_many, TRUE);
2335  openvas_connection_close (&connection);
2336  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2337  return gsad_message (credentials,
2338  "Internal error", __FUNCTION__, __LINE__,
2339  "An internal error occurred while getting resources list. "
2340  "The current list of resources is not available. "
2341  "Diagnostics: Failure to receive response from manager daemon.",
2342  "/omp?cmd=get_tasks", response_data);
2343  }
2344 
2345  // TODO: Test response
2346 
2347  if (command_enabled (credentials, "GET_FILTERS"))
2348  {
2349  /* Get the filters. */
2350 
2351  g_string_append (xml, "<filters>");
2352 
2353  if (openvas_connection_sendf_xml
2354  (&connection,
2355  "<get_filters"
2356  " filter=\"rows=-1 type=%s or type=\"/>",
2357  type)
2358  == -1)
2359  {
2360  g_string_free (xml, TRUE);
2361  g_string_free (type_many, TRUE);
2362  openvas_connection_close (&connection);
2363  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2364  return gsad_message (credentials,
2365  "Internal error", __FUNCTION__, __LINE__,
2366  "An internal error occurred while getting the filter list. "
2367  "The current list of filters is not available. "
2368  "Diagnostics: Failure to send command to manager daemon.",
2369  "/omp?cmd=get_tasks", response_data);
2370  }
2371 
2372  if (read_string_c (&connection, &xml))
2373  {
2374  g_string_free (xml, TRUE);
2375  g_string_free (type_many, TRUE);
2376  openvas_connection_close (&connection);
2377  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2378  return gsad_message (credentials,
2379  "Internal error", __FUNCTION__, __LINE__,
2380  "An internal error occurred while getting the filter list. "
2381  "The current list of filters is not available. "
2382  "Diagnostics: Failure to receive response from manager daemon.",
2383  "/omp?cmd=get_tasks", response_data);
2384  }
2385 
2386  g_string_append (xml, "</filters>");
2387  }
2388 
2389  if (command_enabled (credentials, "GET_SETTINGS"))
2390  {
2391  /* Get the Wizard Rows setting. */
2392 
2393  if (openvas_connection_sendf_xml
2394  (&connection,
2395  "<get_settings"
2396  " setting_id=\"20f3034c-e709-11e1-87e7-406186ea4fc5\"/>",
2397  type)
2398  == -1)
2399  {
2400  g_string_free (xml, TRUE);
2401  g_string_free (type_many, TRUE);
2402  openvas_connection_close (&connection);
2403  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2404  return gsad_message (credentials,
2405  "Internal error", __FUNCTION__, __LINE__,
2406  "An internal error occurred while getting the filter list. "
2407  "The current list of filters is not available. "
2408  "Diagnostics: Failure to send command to manager daemon.",
2409  "/omp?cmd=get_tasks", response_data);
2410  }
2411 
2412  if (read_string_c (&connection, &xml))
2413  {
2414  g_string_free (xml, TRUE);
2415  g_string_free (type_many, TRUE);
2416  openvas_connection_close (&connection);
2417  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2418  return gsad_message (credentials,
2419  "Internal error", __FUNCTION__, __LINE__,
2420  "An internal error occurred while getting the filter list. "
2421  "The current list of filters is not available. "
2422  "Diagnostics: Failure to receive response from manager daemon.",
2423  "/omp?cmd=get_tasks", response_data);
2424  }
2425  }
2426 
2427  if (command_enabled (credentials, "GET_TAGS")
2428  && params_value (params, "details"))
2429  {
2430  /* Get tag names */
2431 
2432  if (openvas_connection_sendf (&connection,
2433  "<get_tags"
2434  " filter=\"resource_type=%s"
2435  " first=1"
2436  " rows=-1\""
2437  " names_only=\"1\""
2438  "/>",
2439  strcmp (type, "info")
2440  ? type
2441  : params_value (params, "info_type"))
2442  == -1)
2443  {
2444  g_string_free (xml, TRUE);
2445  openvas_connection_close (&connection);
2446  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2447  return gsad_message (credentials,
2448  "Internal error", __FUNCTION__, __LINE__,
2449  "An internal error occurred while getting tag names list. "
2450  "The current list of resources is not available. "
2451  "Diagnostics: Failure to send command to manager daemon.",
2452  "/omp?cmd=get_resources", response_data);
2453  }
2454 
2455  if (read_string_c (&connection, &xml))
2456  {
2457  g_string_free (xml, TRUE);
2458  openvas_connection_close (&connection);
2459  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2460  return gsad_message (credentials,
2461  "Internal error", __FUNCTION__, __LINE__,
2462  "An internal error occurred while getting tag names list. "
2463  "The current list of resources is not available. "
2464  "Diagnostics: Failure to receive response from manager daemon.",
2465  "/omp?cmd=get_resources", response_data);
2466  }
2467  }
2468 
2469  /* Cleanup, and return transformed XML. */
2470  g_string_append_printf (xml, "</get_%s>", type_many->str);
2471  openvas_connection_close (&connection);
2472  g_string_free (type_many, TRUE);
2473  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
2474  response_data);
2475 }
2476 
2489 char *
2490 edit_resource (const char *type, credentials_t *credentials, params_t *params,
2491  const char *extra_get_attribs, const char *extra_xml,
2492  cmd_response_data_t* response_data)
2493 {
2494  GString *xml;
2495  openvas_connection_t connection;
2496  gchar *html, *id_name;
2497  const char *resource_id;
2498 
2499  id_name = g_strdup_printf ("%s_id", type);
2500  resource_id = params_value (params, id_name);
2501  g_free (id_name);
2502 
2503  if (resource_id == NULL)
2504  {
2505  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
2506  return gsad_message (credentials,
2507  "Internal error", __FUNCTION__, __LINE__,
2508  "An internal error occurred while editing a resource. "
2509  "The resource remains as it was. "
2510  "Diagnostics: Required ID parameter was NULL.",
2511  "/omp?cmd=get_tasks", response_data);
2512  }
2513 
2514  switch (manager_connect (credentials, &connection, &html,
2515  response_data))
2516  {
2517  case 0:
2518  break;
2519  case -1:
2520  if (html)
2521  return html;
2522  /* Fall through. */
2523  default:
2524  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2525  return gsad_message (credentials,
2526  "Internal error", __FUNCTION__, __LINE__,
2527  "An internal error occurred while editing a resource. "
2528  "The resource remains as it was. "
2529  "Diagnostics: Failure to connect to manager daemon.",
2530  "/omp?cmd=get_tasks", response_data);
2531  }
2532 
2533  if (openvas_connection_sendf (&connection,
2534  /* TODO: Remove redundant COMMANDS. */
2535  "<commands>"
2536  "<get_%ss"
2537  " %s"
2538  " %s_id=\"%s\""
2539  " details=\"1\"/>"
2540  "</commands>",
2541  type,
2542  extra_get_attribs ? extra_get_attribs : "",
2543  type,
2544  resource_id)
2545  == -1)
2546  {
2547  openvas_connection_close (&connection);
2548  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2549  return gsad_message (credentials,
2550  "Internal error", __FUNCTION__, __LINE__,
2551  "An internal error occurred while getting a resource. "
2552  "Diagnostics: Failure to send command to manager daemon.",
2553  "/omp?cmd=get_tasks", response_data);
2554  }
2555 
2556  xml = g_string_new ("");
2557 
2558  g_string_append_printf (xml, "<edit_%s>", type);
2559 
2560  if (extra_xml)
2561  g_string_append (xml, extra_xml);
2562 
2563  if (read_string_c (&connection, &xml))
2564  {
2565  g_string_free (xml, TRUE);
2566  openvas_connection_close (&connection);
2567  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2568  return gsad_message (credentials,
2569  "Internal error", __FUNCTION__, __LINE__,
2570  "An internal error occurred while getting a resource. "
2571  "Diagnostics: Failure to receive response from manager daemon.",
2572  "/omp?cmd=get_tasks", response_data);
2573  }
2574 
2575  /* Cleanup, and return transformed XML. */
2576 
2577  g_string_append_printf (xml, "</edit_%s>", type);
2578  openvas_connection_close (&connection);
2579  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
2580  response_data);
2581 }
2582 
2594 gchar *
2595 format_file_name (gchar* fname_format, credentials_t* credentials,
2596  const char* type, const char* uuid,
2597  entity_t resource_entity)
2598 {
2599  gchar *creation_time, *modification_time, *name, *format_name;
2600  gchar *ret;
2601 
2602  if (resource_entity)
2603  {
2604  entity_t creation_time_entity, modification_time_entity;
2605  entity_t task_entity, format_entity, format_name_entity, name_entity;
2606 
2607  creation_time_entity = entity_child (resource_entity,
2608  "creation_time");
2609 
2610  if (creation_time_entity)
2611  creation_time = entity_text (creation_time_entity);
2612  else
2613  creation_time = NULL;
2614 
2615  modification_time_entity = entity_child (resource_entity,
2616  "modification_time");
2617 
2618  if (modification_time_entity)
2619  modification_time = entity_text (modification_time_entity);
2620  else
2621  modification_time = NULL;
2622 
2623  if (strcasecmp (type, "report") == 0)
2624  {
2625  task_entity = entity_child (resource_entity, "task");
2626  if (task_entity)
2627  name_entity = entity_child (task_entity, "name");
2628  else
2629  name_entity = NULL;
2630 
2631  format_entity = entity_child (resource_entity, "report_format");
2632  if (format_entity)
2633  {
2634  format_name_entity = entity_child (format_entity, "name");
2635  }
2636  else
2637  format_name_entity = NULL;
2638 
2639  if (format_name_entity && strlen (entity_text (format_name_entity)))
2640  format_name = entity_text (format_name_entity);
2641  else
2642  format_name = NULL;
2643  }
2644  else
2645  {
2646  name_entity = entity_child (resource_entity, "name");
2647  format_name = NULL;
2648  }
2649 
2650  if (name_entity)
2651  name = entity_text (name_entity);
2652  else
2653  name = NULL;
2654  }
2655  else
2656  {
2657  creation_time = NULL;
2658  modification_time = NULL;
2659  name = NULL;
2660  format_name = NULL;
2661  }
2662 
2663  ret = openvas_export_file_name (fname_format, credentials->username,
2664  type, uuid, creation_time, modification_time,
2665  name, format_name);
2666  return ret;
2667 }
2668 
2669 
2683 char *
2684 export_resource (const char *type, credentials_t * credentials,
2685  params_t *params, enum content_type * content_type,
2686  char **content_disposition, gsize *content_length,
2687  cmd_response_data_t* response_data)
2688 {
2689  GString *xml;
2690  entity_t entity;
2691  entity_t resource_entity;
2692  openvas_connection_t connection;
2693  char *content = NULL;
2694  gchar *html, *id_name;
2695  gchar *fname_format, *file_name;
2696  int ret;
2697  const char *resource_id, *subtype;
2698 
2699  *content_length = 0;
2700 
2701  switch (manager_connect (credentials, &connection, &html,
2702  response_data))
2703  {
2704  case 0:
2705  break;
2706  case -1:
2707  if (html)
2708  return html;
2709  /* Fall through. */
2710  default:
2711  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2712  return gsad_message (credentials,
2713  "Internal error", __FUNCTION__, __LINE__,
2714  "An internal error occurred while getting a resource. "
2715  "The resource could not be delivered. "
2716  "Diagnostics: Failure to connect to manager daemon.",
2717  "/omp?cmd=get_tasks", response_data);
2718  }
2719 
2720  xml = g_string_new ("");
2721 
2722  id_name = g_strdup_printf ("%s_id", type);
2723  resource_id = params_value (params, id_name);
2724  g_free (id_name);
2725 
2726  if (resource_id == NULL)
2727  {
2728  g_string_append (xml, GSAD_MESSAGE_INVALID_PARAM ("Export Resource"));
2729  openvas_connection_close (&connection);
2730  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
2731  response_data);
2732  }
2733 
2734  subtype = params_value (params, "subtype");
2735 
2736  if (openvas_connection_sendf (&connection,
2737  "<get_%ss"
2738  " %s_id=\"%s\""
2739  "%s%s%s"
2740  " export=\"1\""
2741  " details=\"1\"/>",
2742  type,
2743  type,
2744  resource_id,
2745  subtype ? " type=\"" : "",
2746  subtype ? subtype : "",
2747  subtype ? "\"" : "")
2748  == -1)
2749  {
2750  g_string_free (xml, TRUE);
2751  openvas_connection_close (&connection);
2752  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2753  return gsad_message (credentials,
2754  "Internal error", __FUNCTION__, __LINE__,
2755  "An internal error occurred while getting a resource. "
2756  "The resource could not be delivered. "
2757  "Diagnostics: Failure to send command to manager daemon.",
2758  "/omp?cmd=get_tasks", response_data);
2759  }
2760 
2761  entity = NULL;
2762  if (read_entity_and_text_c (&connection, &entity, &content))
2763  {
2764  g_string_free (xml, TRUE);
2765  openvas_connection_close (&connection);
2766  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2767  return gsad_message (credentials,
2768  "Internal error", __FUNCTION__, __LINE__,
2769  "An internal error occurred while getting a resource. "
2770  "The resource could not be delivered. "
2771  "Diagnostics: Failure to receive response from manager daemon.",
2772  "/omp?cmd=get_tasks", response_data);
2773  }
2774 
2775  if (!omp_success (entity))
2776  set_http_status_from_entity (entity, response_data);
2777 
2778  resource_entity = entity_child (entity, type);
2779 
2780  if (resource_entity == NULL)
2781  {
2782  g_free (content);
2783  free_entity (entity);
2784  g_string_free (xml, TRUE);
2785  openvas_connection_close (&connection);
2786  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2787  return gsad_message (credentials,
2788  "Internal error", __FUNCTION__, __LINE__,
2789  "An internal error occurred while getting a resource. "
2790  "The resource could not be delivered. "
2791  "Diagnostics: Failure to receive resource from manager daemon.",
2792  "/omp?cmd=get_tasks", response_data);
2793  }
2794 
2795  ret = setting_get_value (&connection,
2796  "a6ac88c5-729c-41ba-ac0a-deea4a3441f2",
2797  &fname_format,
2798  response_data);
2799  if (ret)
2800  {
2801  g_free (content);
2802  free_entity (entity);
2803  g_string_free (xml, TRUE);
2804  openvas_connection_close (&connection);
2805  switch (ret)
2806  {
2807  case 1:
2808  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2809  return gsad_message (credentials,
2810  "Internal error", __FUNCTION__, __LINE__,
2811  "An internal error occurred while getting a setting. "
2812  "The setting could not be delivered. "
2813  "Diagnostics: Failure to send command to manager daemon.",
2814  "/omp?cmd=get_tasks", response_data);
2815  case 2:
2816  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2817  return gsad_message (credentials,
2818  "Internal error", __FUNCTION__, __LINE__,
2819  "An internal error occurred while getting a setting. "
2820  "The setting could not be delivered. "
2821  "Diagnostics: Failure to receive response from manager daemon.",
2822  "/omp?cmd=get_tasks", response_data);
2823  default:
2824  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2825  return gsad_message (credentials,
2826  "Internal error", __FUNCTION__, __LINE__,
2827  "An internal error occurred while getting a setting. "
2828  "The setting could not be delivered. "
2829  "Diagnostics: Internal error.",
2830  "/omp?cmd=get_tasks", response_data);
2831  }
2832  }
2833 
2834  if (fname_format == NULL)
2835  {
2836  g_warning ("%s : File name format setting not found.", __FUNCTION__);
2837  fname_format = "%T-%U";
2838  }
2839 
2840  file_name = format_file_name (fname_format, credentials, type, resource_id,
2841  resource_entity);
2842  if (file_name == NULL)
2843  file_name = g_strdup_printf ("%s-%s", type, resource_id);
2844 
2845  *content_type = GSAD_CONTENT_TYPE_APP_XML;
2846  *content_disposition = g_strdup_printf ("attachment; filename=\"%s.xml\"",
2847  file_name);
2848  *content_length = strlen (content);
2849  free_entity (entity);
2850  g_free (file_name);
2851  g_string_free (xml, TRUE);
2852  openvas_connection_close (&connection);
2853  return content;
2854 }
2855 
2868 static char *
2869 export_many (const char *type, credentials_t * credentials, params_t *params,
2870  enum content_type * content_type, char **content_disposition,
2871  gsize *content_length, cmd_response_data_t* response_data)
2872 {
2873  entity_t entity;
2874  openvas_connection_t connection;
2875  char *content = NULL;
2876  gchar *html;
2877  const char *filter;
2878  gchar *filter_escaped;
2879  gchar *type_many;
2880  gchar *fname_format, *file_name;
2881  int ret;
2882 
2883  *content_length = 0;
2884 
2885  switch (manager_connect (credentials, &connection, &html,
2886  response_data))
2887  {
2888  case 0:
2889  break;
2890  case -1:
2891  if (html)
2892  return html;
2893  /* Fall through. */
2894  default:
2895  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2896  return gsad_message (credentials,
2897  "Internal error", __FUNCTION__, __LINE__,
2898  "An internal error occurred while getting a list. "
2899  "The list could not be delivered. "
2900  "Diagnostics: Failure to connect to manager daemon.",
2901  "/omp?cmd=get_tasks", response_data);
2902  }
2903 
2904  filter = params_value (params, "filter");
2905 
2906  filter_escaped = g_markup_escape_text (filter, -1);
2907 
2908  if (strcmp (type, "info") == 0)
2909  {
2910  if (openvas_connection_sendf (&connection,
2911  "<get_info"
2912  " type=\"%s\""
2913  " export=\"1\""
2914  " details=\"1\""
2915  " filter=\"%s\"/>",
2916  params_value (params, "info_type"),
2917  filter_escaped ? filter_escaped : "")
2918  == -1)
2919  {
2920  openvas_connection_close (&connection);
2921  g_free (filter_escaped);
2922  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2923  return gsad_message (credentials,
2924  "Internal error", __FUNCTION__, __LINE__,
2925  "An internal error occurred while getting a list. "
2926  "The list could not be delivered. "
2927  "Diagnostics: Failure to send command to manager daemon.",
2928  "/omp?cmd=get_tasks", response_data);
2929  }
2930  }
2931  else if (strcmp (type, "asset") == 0)
2932  {
2933  if (openvas_connection_sendf (&connection,
2934  "<get_assets"
2935  " type=\"%s\""
2936  " export=\"1\""
2937  " details=\"1\""
2938  " filter=\"%s\"/>",
2939  params_value (params, "asset_type"),
2940  filter_escaped ? filter_escaped : "")
2941  == -1)
2942  {
2943  openvas_connection_close (&connection);
2944  g_free (filter_escaped);
2945  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2946  return gsad_message (credentials,
2947  "Internal error", __FUNCTION__, __LINE__,
2948  "An internal error occurred while getting a list. "
2949  "The list could not be delivered. "
2950  "Diagnostics: Failure to send command to manager daemon.",
2951  "/omp?cmd=get_tasks", response_data);
2952  }
2953  }
2954  else
2955  {
2956  if (openvas_connection_sendf (&connection,
2957  "<get_%ss"
2958  " export=\"1\""
2959  " details=\"1\""
2960  " filter=\"%s\"/>",
2961  type,
2962  filter_escaped ? filter_escaped : "")
2963  == -1)
2964  {
2965  openvas_connection_close (&connection);
2966  g_free (filter_escaped);
2967  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2968  return gsad_message (credentials,
2969  "Internal error", __FUNCTION__, __LINE__,
2970  "An internal error occurred while getting a list. "
2971  "The list could not be delivered. "
2972  "Diagnostics: Failure to send command to manager daemon.",
2973  "/omp?cmd=get_tasks", response_data);
2974  }
2975  }
2976  g_free (filter_escaped);
2977 
2978  entity = NULL;
2979  if (read_entity_and_text_c (&connection, &entity, &content))
2980  {
2981  openvas_connection_close (&connection);
2982  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2983  return gsad_message (credentials,
2984  "Internal error", __FUNCTION__, __LINE__,
2985  "An internal error occurred while getting a list. "
2986  "The list could not be delivered. "
2987  "Diagnostics: Failure to receive response from manager daemon.",
2988  "/omp?cmd=get_tasks", response_data);
2989  }
2990 
2991  if (!omp_success (entity))
2992  set_http_status_from_entity (entity, response_data);
2993 
2994  ret = setting_get_value (&connection,
2995  "0872a6ed-4f85-48c5-ac3f-a5ef5e006745",
2996  &fname_format,
2997  response_data);
2998  if (ret)
2999  {
3000  g_free (content);
3001  free_entity (entity);
3002  openvas_connection_close (&connection);
3003  switch (ret)
3004  {
3005  case 1:
3006  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3007  return gsad_message (credentials,
3008  "Internal error", __FUNCTION__, __LINE__,
3009  "An internal error occurred while getting a setting. "
3010  "The setting could not be delivered. "
3011  "Diagnostics: Failure to send command to manager daemon.",
3012  "/omp?cmd=get_tasks", response_data);
3013  case 2:
3014  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3015  return gsad_message (credentials,
3016  "Internal error", __FUNCTION__, __LINE__,
3017  "An internal error occurred while getting a setting. "
3018  "The setting could not be delivered. "
3019  "Diagnostics: Failure to receive response from manager daemon.",
3020  "/omp?cmd=get_tasks", response_data);
3021  default:
3022  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3023  return gsad_message (credentials,
3024  "Internal error", __FUNCTION__, __LINE__,
3025  "An internal error occurred while getting a setting. "
3026  "The setting could not be delivered. "
3027  "Diagnostics: Internal error.",
3028  "/omp?cmd=get_tasks", response_data);
3029  }
3030  }
3031 
3032  if (fname_format == NULL)
3033  {
3034  g_warning ("%s : File name format setting not found.", __FUNCTION__);
3035  fname_format = "%T-%D";
3036  }
3037 
3038  if (strcmp (type, "info") == 0)
3039  type_many = g_strdup (type);
3040  else
3041  type_many = g_strdup_printf ("%ss", type);
3042 
3043  file_name = format_file_name (fname_format, credentials, type_many, "list",
3044  NULL);
3045  if (file_name == NULL)
3046  file_name = g_strdup_printf ("%s-%s", type_many, "list");
3047 
3048  g_free (type_many);
3049 
3050  *content_type = GSAD_CONTENT_TYPE_APP_XML;
3051  *content_disposition = g_strdup_printf ("attachment; filename=\"%s.xml\"",
3052  file_name);
3053  *content_length = strlen (content);
3054  free_entity (entity);
3055  g_free (file_name);
3056  openvas_connection_close (&connection);
3057  return content;
3058 }
3059 
3072 char *
3073 delete_resource (const char *type, credentials_t * credentials,
3074  params_t *params, int ultimate,
3075  const char *get, cmd_response_data_t* response_data)
3076 {
3077  openvas_connection_t connection;
3078  gchar *html, *response, *id_name, *resource_id, *extra_attribs;
3079  const char *no_redirect, *next_id;
3080  entity_t entity;
3081  gchar *cap_type, *default_next, *prev_action;
3082 
3083  no_redirect = params_value (params, "no_redirect");
3084  id_name = g_strdup_printf ("%s_id", type);
3085  if (params_value (params, id_name))
3086  resource_id = g_strdup (params_value (params, id_name));
3087  else
3088  {
3089  g_free (id_name);
3090  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
3091  return gsad_message (credentials,
3092  "Internal error", __FUNCTION__, __LINE__,
3093  "An internal error occurred while deleting a resource. "
3094  "The resource was not deleted. "
3095  "Diagnostics: Required parameter resource_id was NULL.",
3096  "/omp?cmd=get_tasks", response_data);
3097  }
3098 
3099  /* This is a hack for assets, because asset_id is the param name used for
3100  * both the asset being deleted and the asset on the next page. */
3101  next_id = params_value (params, "next_id");
3102  if (next_id)
3103  {
3104  param_t *param;
3105  param = params_get (params, id_name);
3106  g_free (param->value);
3107  param->value = g_strdup (next_id);
3108  param->value_size = strlen (param->value);
3109  }
3110 
3111  g_free (id_name);
3112 
3113  switch (manager_connect (credentials, &connection, &html,
3114  response_data))
3115  {
3116  case 0:
3117  break;
3118  case -1:
3119  if (html)
3120  {
3121  response_data->http_status_code = MHD_HTTP_SERVICE_UNAVAILABLE;
3122  g_free (resource_id);
3123  return html;
3124  }
3125  /* Fall through. */
3126  default:
3127  g_free (resource_id);
3128  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3129  return gsad_message (credentials,
3130  "Internal error", __FUNCTION__, __LINE__,
3131  "An internal error occurred while deleting a resource. "
3132  "The resource is not deleted. "
3133  "Diagnostics: Failure to connect to manager daemon.",
3134  "/omp?cmd=get_tasks", response_data);
3135  }
3136 
3137  /* Extra attributes */
3138  extra_attribs = NULL;
3139 
3140  /* Inheritor of user's resource */
3141  if (strcmp (type, "user") == 0)
3142  {
3143  const char* inheritor_id;
3144  inheritor_id = params_value (params, "inheritor_id");
3145  if (inheritor_id)
3146  extra_attribs = g_strdup_printf ("inheritor_id=\"%s\"", inheritor_id);
3147  }
3148 
3149  /* Delete the resource and get all resources. */
3150 
3151  if (openvas_connection_sendf (&connection,
3152  "<delete_%s %s_id=\"%s\" ultimate=\"%i\"%s%s/>",
3153  type,
3154  type,
3155  resource_id,
3156  !!ultimate,
3157  extra_attribs ? " " : "",
3158  extra_attribs ? extra_attribs : "")
3159  == -1)
3160  {
3161  openvas_connection_close (&connection);
3162  g_free (resource_id);
3163  g_free (extra_attribs);
3164  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3165  return gsad_message (credentials,
3166  "Internal error", __FUNCTION__, __LINE__,
3167  "An internal error occurred while deleting a resource. "
3168  "The resource is not deleted. "
3169  "Diagnostics: Failure to send command to manager daemon.",
3170  "/omp?cmd=get_tasks", response_data);
3171  }
3172 
3173  g_free (resource_id);
3174  g_free (extra_attribs);
3175 
3176  entity = NULL;
3177  if (read_entity_and_text_c (&connection, &entity, &response))
3178  {
3179  openvas_connection_close (&connection);
3180  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3181  return gsad_message (credentials,
3182  "Internal error", __FUNCTION__, __LINE__,
3183  "An internal error occurred while deleting a resource. "
3184  "It is unclear whether the resource has been deleted or not. "
3185  "Diagnostics: Failure to read response from manager daemon.",
3186  "/omp?cmd=get_tasks", response_data);
3187  }
3188 
3189  if (!omp_success (entity))
3190  set_http_status_from_entity (entity, response_data);
3191  openvas_connection_close (&connection);
3192 
3193  cap_type = capitalize (type);
3194  default_next = g_strdup_printf ("get_%ss", type);
3195  prev_action = g_strdup_printf ("Delete %s", cap_type);
3196 
3197  html = response_from_entity (credentials, params, entity,
3198  (no_redirect && strcmp (no_redirect, "0")),
3199  NULL, default_next,
3200  NULL, default_next,
3201  prev_action, response_data);
3202 
3203  g_free (response);
3204  free_entity (entity);
3205  g_free (cap_type);
3206  g_free (default_next);
3207  g_free (prev_action);
3208 
3209  return html;
3210 }
3211 
3223 char *
3224 resource_action (credentials_t *credentials, params_t *params, const char *type,
3225  const char *action, cmd_response_data_t* response_data)
3226 {
3227  gchar *html, *response, *param_name;
3228  const char *no_redirect, *resource_id;
3229  gchar *cap_action, *cap_type, *get_cmd, *prev_action;
3230 
3231  int ret;
3232  entity_t entity;
3233 
3234  assert (type);
3235 
3236  param_name = g_strdup_printf ("%s_id", type);
3237  no_redirect = params_value (params, "no_redirect");
3238  resource_id = params_value (params, param_name);
3239 
3240  if (resource_id == NULL)
3241  {
3242  gchar *message;
3243  message = g_strdup_printf
3244  ("An internal error occurred while performing an action. "
3245  "The resource remains the same. "
3246  "Diagnostics: Required parameter %s was NULL.",
3247  param_name);
3248  g_free (param_name);
3249  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
3250  html = gsad_message (credentials,
3251  "Internal error", __FUNCTION__, __LINE__,
3252  message,
3253  "/omp?cmd=get_tasks", response_data);
3254  g_free (message);
3255  return html;
3256  }
3257  g_free (param_name);
3258 
3259  response = NULL;
3260  entity = NULL;
3261  ret = ompf (credentials, &response, &entity, response_data,
3262  "<%s_%s %s_id=\"%s\"/>",
3263  action,
3264  type,
3265  type,
3266  resource_id);
3267  switch (ret)
3268  {
3269  case 0:
3270  case -1:
3271  break;
3272  case 1:
3273  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3274  return gsad_message (credentials,
3275  "Internal error", __FUNCTION__, __LINE__,
3276  "An internal error occurred while performing an action. "
3277  "The resource remains the same. "
3278  "Diagnostics: Failure to send command to manager daemon.",
3279  "/omp?cmd=get_tasks", response_data);
3280  case 2:
3281  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3282  return gsad_message (credentials,
3283  "Internal error", __FUNCTION__, __LINE__,
3284  "An internal error occurred while performing an action. "
3285  "It is unclear whether the resource has been affected. "
3286  "Diagnostics: Failure to receive response from manager daemon.",
3287  "/omp?cmd=get_tasks", response_data);
3288  default:
3289  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3290  return gsad_message (credentials,
3291  "Internal error", __FUNCTION__, __LINE__,
3292  "An internal error occurred while performing an action. "
3293  "It is unclear whether the resource has been affected. "
3294  "Diagnostics: Internal Error.",
3295  "/omp?cmd=get_tasks", response_data);
3296  }
3297 
3298  if (!omp_success (entity))
3299  set_http_status_from_entity (entity, response_data);
3300 
3301  cap_action = capitalize (action);
3302  cap_type = capitalize (type);
3303  get_cmd = g_strdup_printf ("get_%ss", type);
3304  prev_action = g_strdup_printf ("%s %s", cap_action, cap_type);
3305  html = response_from_entity (credentials, params, entity,
3306  (no_redirect && strcmp (no_redirect, "0")),
3307  NULL, get_cmd,
3308  NULL, get_cmd,
3309  prev_action, response_data);
3310 
3311  g_free (response);
3312  free_entity (entity);
3313  g_free (cap_action);
3314  g_free (cap_type);
3315  g_free (get_cmd);
3316  g_free (prev_action);
3317 
3318  return html;
3319 }
3320 
3321 
3322 /* Page handlers. */
3323 
3372 static char *
3373 setting_get_value_error (credentials_t *credentials,
3374  openvas_connection_t *connection,
3375  const gchar *setting_id,
3376  gchar **value,
3377  cmd_response_data_t* response_data)
3378 {
3379  switch (setting_get_value (connection, setting_id, value, response_data))
3380  {
3381  case 0:
3382  return NULL;
3383  case 1:
3384  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3385  return gsad_message (credentials,
3386  "Internal error", __FUNCTION__, __LINE__,
3387  "An internal error occurred while getting a setting. "
3388  "The setting could not be delivered. "
3389  "Diagnostics: Failure to send command to manager daemon.",
3390  "/omp?cmd=get_tasks", response_data);
3391  case 2:
3392  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3393  return gsad_message (credentials,
3394  "Internal error", __FUNCTION__, __LINE__,
3395  "An internal error occurred while getting a setting. "
3396  "The setting could not be delivered. "
3397  "Diagnostics: Failure to receive response from manager daemon.",
3398  "/omp?cmd=get_tasks", response_data);
3399  default:
3400  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3401  return gsad_message (credentials,
3402  "Internal error", __FUNCTION__, __LINE__,
3403  "An internal error occurred while getting a setting. "
3404  "The setting could not be delivered. "
3405  "Diagnostics: Internal error.",
3406  "/omp?cmd=get_tasks", response_data);
3407  }
3408 }
3409 
3418 #define PARAM_OR_SETTING(value, param, setting_id, cleanup) \
3419  if (params_valid (params, param)) \
3420  value = g_strdup (params_value (params, param)); \
3421  else \
3422  { \
3423  char *message; \
3424  message = setting_get_value_error (credentials, &connection, setting_id,\
3425  &value, response_data); \
3426  if (message) \
3427  { \
3428  cleanup; \
3429  return message; \
3430  } \
3431  }
3432 
3444 static char *
3445 new_task (credentials_t * credentials, const char *message, params_t *params,
3446  const char *extra_xml, cmd_response_data_t* response_data)
3447 {
3448  GString *xml;
3449  openvas_connection_t connection;
3450  gchar *html;
3451  int apply_overrides;
3452  const char *alerts, *overrides;
3453  int ret;
3454  gchar *alert, *schedule, *target;
3455  gchar *openvas_config, *osp_config, *openvas_scanner, *osp_scanner;
3456 
3457  alerts = params_value (params, "alerts");
3458  overrides = params_value (params, "overrides");
3459 
3460  apply_overrides = overrides ? strcmp (overrides, "0") : 0;
3461 
3462  switch (manager_connect (credentials, &connection, &html,
3463  response_data))
3464  {
3465  case 0:
3466  break;
3467  case -1:
3468  if (html)
3469  return html;
3470  /* Fall through. */
3471  default:
3472  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3473  return gsad_message (credentials,
3474  "Internal error", __FUNCTION__, __LINE__,
3475  "An internal error occurred while getting targets list. "
3476  "The current list of targets is not available. "
3477  "Diagnostics: Failure to connect to manager daemon.",
3478  "/omp?cmd=get_tasks", response_data);
3479  }
3480 
3481  ret = setting_get_value (&connection,
3482  "f9f5a546-8018-48d0-bef5-5ad4926ea899",
3483  &alert,
3484  response_data);
3485  if (ret)
3486  {
3487  openvas_connection_close (&connection);
3488  switch (ret)
3489  {
3490  case 1:
3491  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3492  return gsad_message (credentials,
3493  "Internal error", __FUNCTION__, __LINE__,
3494  "An internal error occurred while getting a setting. "
3495  "The setting could not be delivered. "
3496  "Diagnostics: Failure to send command to manager daemon.",
3497  "/omp?cmd=get_tasks", response_data);
3498  case 2:
3499  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3500  return gsad_message (credentials,
3501  "Internal error", __FUNCTION__, __LINE__,
3502  "An internal error occurred while getting a setting. "
3503  "The setting could not be delivered. "
3504  "Diagnostics: Failure to receive response from manager daemon.",
3505  "/omp?cmd=get_tasks", response_data);
3506  default:
3507  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3508  return gsad_message (credentials,
3509  "Internal error", __FUNCTION__, __LINE__,
3510  "An internal error occurred while getting a setting. "
3511  "The setting could not be delivered. "
3512  "Diagnostics: Internal error.",
3513  "/omp?cmd=get_tasks", response_data);
3514  }
3515  }
3516 
3517  PARAM_OR_SETTING (schedule, "schedule_id",
3518  "778eedad-5550-4de0-abb6-1320d13b5e18",
3519  openvas_connection_close (&connection);
3520  g_free (alert));
3521 
3522  PARAM_OR_SETTING (target, "target_id",
3523  "23409203-940a-4b4a-b70c-447475f18323",
3524  openvas_connection_close (&connection);
3525  g_free (alert);
3526  g_free (schedule));
3527 
3528  PARAM_OR_SETTING (openvas_config, "config_id",
3529  "fe7ea321-e3e3-4cc6-9952-da836aae83ce",
3530  openvas_connection_close (&connection);
3531  g_free (alert);
3532  g_free (schedule);
3533  g_free (target));
3534 
3535  PARAM_OR_SETTING (osp_config, "osp_config_id",
3536  "fb19ac4b-614c-424c-b046-0bc32bf1be73",
3537  openvas_connection_close (&connection);
3538  g_free (alert);
3539  g_free (schedule);
3540  g_free (target);
3541  g_free (openvas_config));
3542 
3543  PARAM_OR_SETTING (openvas_scanner, "scanner_id",
3544  "f7d0f6ed-6f9e-45dc-8bd9-05cced84e80d",
3545  openvas_connection_close (&connection);
3546  g_free (alert);
3547  g_free (schedule);
3548  g_free (target);
3549  g_free (openvas_config);
3550  g_free (osp_config));
3551 
3552  PARAM_OR_SETTING (osp_scanner, "osp_scanner_id",
3553  "b20697c9-be0a-4cd4-8b4d-5fe7841ebb03",
3554  openvas_connection_close (&connection);
3555  g_free (alert);
3556  g_free (schedule);
3557  g_free (target);
3558  g_free (openvas_config);
3559  g_free (osp_config);
3560  g_free (openvas_scanner));
3561 
3562  xml = g_string_new ("<new_task>");
3563 
3564  g_string_append_printf (xml,
3565  "<alert_id>%s</alert_id>"
3566  "<config_id>%s</config_id>"
3567  "<osp_config_id>%s</osp_config_id>"
3568  "<scanner_id>%s</scanner_id>"
3569  "<osp_scanner_id>%s</osp_scanner_id>"
3570  "<schedule_id>%s</schedule_id>"
3571  "<target_id>%s</target_id>",
3572  alert ? alert : "",
3573  (openvas_config && strlen (openvas_config))
3574  ? openvas_config
3575  : "daba56c8-73ec-11df-a475-002264764cea",
3576  osp_config ? osp_config : "",
3577  openvas_scanner ? openvas_scanner : "",
3578  osp_scanner ? osp_scanner : "",
3579  schedule ? schedule : "",
3580  (target && strlen (target))
3581  ? target
3582  : "b493b7a8-7489-11df-a3ec-002264764cea");
3583 
3584  g_free (schedule);
3585  g_free (target);
3586  g_free (openvas_config);
3587  g_free (osp_config);
3588  g_free (openvas_scanner);
3589  g_free (osp_scanner);
3590 
3591  /* Get list of targets. */
3592  if (openvas_connection_sendf (&connection,
3593  "<get_targets"
3594  " filter=\"rows=-1 sort=name\"/>")
3595  == -1)
3596  {
3597  g_string_free (xml, TRUE);
3598  openvas_connection_close (&connection);
3599  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3600  return gsad_message (credentials,
3601  "Internal error", __FUNCTION__, __LINE__,
3602  "An internal error occurred while getting targets list. "
3603  "The current list of targets is not available. "
3604  "Diagnostics: Failure to send command to manager daemon.",
3605  "/omp?cmd=get_tasks", response_data);
3606  }
3607 
3608  if (read_string_c (&connection, &xml))
3609  {
3610  g_string_free (xml, TRUE);
3611  openvas_connection_close (&connection);
3612  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3613  return gsad_message (credentials,
3614  "Internal error", __FUNCTION__, __LINE__,
3615  "An internal error occurred while getting targets list. "
3616  "The current list of targets is not available. "
3617  "Diagnostics: Failure to receive response from manager daemon.",
3618  "/omp?cmd=get_tasks", response_data);
3619  }
3620 
3621  /* Get configs to select in new task UI. */
3622  if (openvas_connection_sendf (&connection,
3623  "<get_configs"
3624  " filter=\"rows=-1 sort=name\"/>")
3625  == -1)
3626  {
3627  g_string_free (xml, TRUE);
3628  openvas_connection_close (&connection);
3629  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3630  return gsad_message (credentials,
3631  "Internal error", __FUNCTION__, __LINE__,
3632  "An internal error occurred while getting config list. "
3633  "The current list of configs is not available. "
3634  "Diagnostics: Failure to send command to manager daemon.",
3635  "/omp?cmd=get_tasks", response_data);
3636  }
3637 
3638  if (read_string_c (&connection, &xml))
3639  {
3640  g_string_free (xml, TRUE);
3641  openvas_connection_close (&connection);
3642  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3643  return gsad_message (credentials,
3644  "Internal error", __FUNCTION__, __LINE__,
3645  "An internal error occurred while getting config list. "
3646  "The current list of configs is not available. "
3647  "Diagnostics: Failure to receive response from manager daemon.",
3648  "/omp?cmd=get_tasks", response_data);
3649  }
3650 
3651  if (command_enabled (credentials, "GET_ALERTS"))
3652  {
3653  /* Get alerts to select in new task UI. */
3654  if (openvas_connection_sendf (&connection,
3655  "<get_alerts"
3656  " filter=\"rows=-1 sort=name\"/>")
3657  == -1)
3658  {
3659  g_string_free (xml, TRUE);
3660  openvas_connection_close (&connection);
3661  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3662  return gsad_message (credentials,
3663  "Internal error", __FUNCTION__, __LINE__,
3664  "An internal error occurred while getting alert list. "
3665  "The current list of alerts is not available. "
3666  "Diagnostics: Failure to send command to manager daemon.",
3667  "/omp?cmd=get_tasks", response_data);
3668  }
3669 
3670  if (read_string_c (&connection, &xml))
3671  {
3672  g_string_free (xml, TRUE);
3673  openvas_connection_close (&connection);
3674  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3675  return gsad_message (credentials,
3676  "Internal error", __FUNCTION__, __LINE__,
3677  "An internal error occurred while getting alert list. "
3678  "The current list of alerts is not available. "
3679  "Diagnostics: Failure to receive response from manager daemon.",
3680  "/omp?cmd=get_tasks", response_data);
3681  }
3682  }
3683 
3684  if (command_enabled (credentials, "GET_SCHEDULES"))
3685  {
3686  /* Get schedules to select in new task UI. */
3687  if (openvas_connection_sendf
3688  (&connection,
3689  "<get_schedules"
3690  " filter=\"rows=-1 sort=name\"/>")
3691  == -1)
3692  {
3693  g_string_free (xml, TRUE);
3694  openvas_connection_close (&connection);
3695  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3696  return gsad_message (credentials,
3697  "Internal error", __FUNCTION__, __LINE__,
3698  "An internal error occurred while getting the schedule list. "
3699  "The current list of schedules is not available. "
3700  "Diagnostics: Failure to send command to manager daemon.",
3701  "/omp?cmd=get_tasks", response_data);
3702  }
3703 
3704  if (read_string_c (&connection, &xml))
3705  {
3706  g_string_free (xml, TRUE);
3707  openvas_connection_close (&connection);
3708  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3709  return gsad_message (credentials,
3710  "Internal error", __FUNCTION__, __LINE__,
3711  "An internal error occurred while getting the schedule list. "
3712  "The current list of schedules is not available. "
3713  "Diagnostics: Failure to receive response from manager daemon.",
3714  "/omp?cmd=get_tasks", response_data);
3715  }
3716  }
3717 
3718  if (command_enabled (credentials, "GET_SCANNERS"))
3719  {
3720  /* Get scanners to select in new task UI. */
3721  if (openvas_connection_sendf (&connection,
3722  "<get_scanners"
3723  " filter=\"rows=-1\"/>")
3724  == -1)
3725  {
3726  g_string_free (xml, TRUE);
3727  openvas_connection_close (&connection);
3728  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3729  return gsad_message (credentials,
3730  "Internal error", __FUNCTION__, __LINE__,
3731  "An internal error occurred while getting the"
3732  " scanner list. "
3733  "The current list of scanners is not available. "
3734  "Diagnostics: Failure to send command to manager"
3735  " daemon.",
3736  "/omp?cmd=get_tasks", response_data);
3737  }
3738 
3739  if (read_string_c (&connection, &xml))
3740  {
3741  g_string_free (xml, TRUE);
3742  openvas_connection_close (&connection);
3743  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3744  return gsad_message (credentials,
3745  "Internal error", __FUNCTION__, __LINE__,
3746  "An internal error occurred while getting"
3747  " the scanner list."
3748  "The current list of scanners is not available. "
3749  "Diagnostics: Failure to receive response from"
3750  " manager daemon.",
3751  "/omp?cmd=get_tasks", response_data);
3752  }
3753  }
3754 
3755  if (command_enabled (credentials, "GET_GROUPS"))
3756  {
3757  /* Get groups for Observer Groups. */
3758 
3759  if (openvas_connection_sendf (&connection,
3760  "<get_groups/>")
3761  == -1)
3762  {
3763  g_string_free (xml, TRUE);
3764  openvas_connection_close (&connection);
3765  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3766  return gsad_message (credentials,
3767  "Internal error", __FUNCTION__, __LINE__,
3768  "An internal error occurred while getting group list. "
3769  "The current list of groups is not available. "
3770  "Diagnostics: Failure to send command to manager daemon.",
3771  "/omp?cmd=get_tasks", response_data);
3772  }
3773 
3774  if (read_string_c (&connection, &xml))
3775  {
3776  g_string_free (xml, TRUE);
3777  openvas_connection_close (&connection);
3778  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3779  return gsad_message (credentials,
3780  "Internal error", __FUNCTION__, __LINE__,
3781  "An internal error occurred while getting group list. "
3782  "The current list of groups is not available. "
3783  "Diagnostics: Failure to receive response from manager daemon.",
3784  "/omp?cmd=get_tasks", response_data);
3785  }
3786  }
3787 
3788  if (command_enabled (credentials, "GET_TAGS"))
3789  {
3790  /* Get tag names. */
3791 
3792  if (openvas_connection_sendf (&connection,
3793  "<get_tags names_only=\"1\""
3794  " filter=\"resource_type=task rows=-1\"/>")
3795  == -1)
3796  {
3797  g_string_free (xml, TRUE);
3798  openvas_connection_close (&connection);
3799  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3800  return gsad_message (credentials,
3801  "Internal error", __FUNCTION__, __LINE__,
3802  "An internal error occurred while getting tag list. "
3803  "The current list of tags is not available. "
3804  "Diagnostics: Failure to send command to manager daemon.",
3805  "/omp?cmd=get_tasks", response_data);
3806  }
3807 
3808  if (read_string_c (&connection, &xml))
3809  {
3810  g_string_free (xml, TRUE);
3811  openvas_connection_close (&connection);
3812  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
3813  return gsad_message (credentials,
3814  "Internal error", __FUNCTION__, __LINE__,
3815  "An internal error occurred while getting tag list. "
3816  "The current list of tags is not available. "
3817  "Diagnostics: Failure to receive response from manager daemon.",
3818  "/omp?cmd=get_tasks", response_data);
3819  }
3820  }
3821 
3822  if (extra_xml)
3823  g_string_append (xml, extra_xml);
3824  if (message)
3825  g_string_append_printf (xml, GSAD_MESSAGE_INVALID, message, "Create Task");
3826  g_string_append_printf (xml,
3827  "<user>%s</user>"
3828  "<apply_overrides>%i</apply_overrides>"
3829  "<alerts>%s</alerts>"
3830  "</new_task>",
3831  credentials->username,
3832  apply_overrides,
3833  alerts ? alerts : "1");
3834 
3835  openvas_connection_close (&connection);
3836  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
3837  response_data);
3838 }
3839 
3849 char *
3850 new_task_omp (credentials_t * credentials, params_t *params,
3851  cmd_response_data_t* response_data)
3852 {
3853  return new_task (credentials, NULL, params, NULL, response_data);
3854 }
3855 
3867 static char *
3868 new_container_task (credentials_t * credentials, const char *message,
3869  params_t *params, const char *extra_xml,
3870  cmd_response_data_t* response_data)
3871 {
3872  GString *xml;
3873 
3874  xml = g_string_new ("<new_container_task>");
3875 
3876  if (extra_xml)
3877  g_string_append (xml, extra_xml);
3878 
3879  if (message)
3880  g_string_append_printf (xml, GSAD_MESSAGE_INVALID, message, "Create Task");
3881 
3882  g_string_append_printf (xml, "</new_container_task>");
3883 
3884  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
3885  response_data);
3886 }
3887 
3897 char *
3899  cmd_response_data_t* response_data)
3900 {
3901  return new_container_task (credentials, NULL, params, NULL, response_data);
3902 }
3903 
3914 static char *
3915 upload_report (credentials_t *credentials, params_t *params,
3916  const char *extra_xml, cmd_response_data_t* response_data)
3917 {
3918  GString *xml;
3919 
3920  xml = g_string_new ("<upload_report>");
3921  if (extra_xml)
3922  g_string_append (xml, extra_xml);
3923 
3924  if (command_enabled (credentials, "GET_TASKS"))
3925  {
3926  gchar *response;
3927 
3928  if (simple_ompf ("getting Tasks", credentials, &response, response_data,
3929  "<get_tasks"
3930  /* All container tasks. */
3931  " filter=\"target= rows=-1 owner=any permission=any\"/>"))
3932  {
3933  g_string_free (xml, TRUE);
3934  return response;
3935  }
3936 
3937  g_string_append (xml, response);
3938  }
3939 
3940  g_string_append (xml, "</upload_report>");
3941 
3942  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
3943  response_data);
3944 }
3945 
3955 char *
3957  cmd_response_data_t* response_data)
3958 {
3959  return upload_report (credentials, params, NULL, response_data);
3960 }
3961 
3971 char *
3972 create_report_omp (credentials_t * credentials, params_t *params,
3973  cmd_response_data_t* response_data)
3974 {
3975  entity_t entity;
3976  int ret;
3977  gchar *command, *html, *response;
3978  const char *no_redirect, *cmd, *task_id, *name, *comment, *xml_file;
3979  const char *in_assets;
3980 
3981  no_redirect = params_value (params, "no_redirect");
3982  task_id = params_value (params, "task_id");
3983  xml_file = params_value (params, "xml_file");
3984  name = params_value (params, "name");
3985  comment = params_value (params, "comment");
3986  in_assets = params_value (params, "in_assets");
3987 
3988  if (task_id == NULL)
3989  {
3990  CHECK_PARAM_INVALID (name, "Create Report", "new_container_task");
3991  CHECK_PARAM_INVALID (comment, "Create Report", "new_container_task");
3992  }
3993  CHECK_PARAM_INVALID (xml_file, "Create Report", "new_container_task");
3994 
3995  if (params_given (params, "in_assets"))
3996  CHECK_PARAM_INVALID (xml_file, "Create Report", "new_container_task");
3997 
3998  if (strlen (xml_file) == 0)
3999  {
4000  if (task_id)
4001  return message_invalid (credentials, params, response_data,
4002  "Report required",
4003  G_STRINGIFY (MHD_HTTP_BAD_REQUEST),
4004  "Create Report", "new_container_task");
4005 
4006  /* Create only the container task. */
4007 
4008  command = g_strdup_printf ("<create_task>"
4009  "<target id=\"0\"/>"
4010  "<name>%s</name>"
4011  "<comment>%s</comment>"
4012  "</create_task>",
4013  name,
4014  comment);
4015  }
4016  else
4017  {
4018  gchar **xml_file_array, *xml_file_escaped;
4019 
4020  xml_file_array = g_strsplit (xml_file, "%", -1);
4021  if (xml_file_array != NULL && xml_file_array[0] != NULL)
4022  xml_file_escaped = g_strjoinv ("%%", xml_file_array);
4023  else
4024  xml_file_escaped = g_strdup (xml_file);
4025  g_strfreev (xml_file_array);
4026 
4027  if (task_id)
4028  command = g_strdup_printf ("<create_report>"
4029  "<in_assets>%s</in_assets>"
4030  "<task id=\"%s\"/>"
4031  "%s"
4032  "</create_report>",
4033  in_assets ? in_assets : "0",
4034  task_id ? task_id : "0",
4035  xml_file_escaped ? xml_file_escaped : "");
4036  else
4037  command = g_strdup_printf ("<create_report>"
4038  "<in_assets>%s</in_assets>"
4039  "<task>"
4040  "<name>%s</name>"
4041  "<comment>%s</comment>"
4042  "</task>"
4043  "%s"
4044  "</create_report>",
4045  in_assets ? in_assets : "",
4046  name,
4047  comment,
4048  xml_file_escaped);
4049  g_free (xml_file_escaped);
4050  }
4051 
4052  ret = omp (credentials,
4053  &response,
4054  &entity,
4055  response_data,
4056  command);
4057  g_free (command);
4058 
4059  switch (ret)
4060  {
4061  case 0:
4062  break;
4063  case -1:
4064  /* 'omp' set response. */
4065  return response;
4066  case 1:
4067  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4068  return gsad_message (credentials,
4069  "Internal error", __FUNCTION__, __LINE__,
4070  "An internal error occurred while creating a new report. "
4071  "No new report was created. "
4072  "Diagnostics: Failure to send command to manager daemon.",
4073  "/omp?cmd=get_tasks", response_data);
4074  case 2:
4075  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4076  return gsad_message (credentials,
4077  "Internal error", __FUNCTION__, __LINE__,
4078  "An internal error occurred while creating a new report. "
4079  "It is unclear whether the report has been created or not. "
4080  "Diagnostics: Failure to receive response from manager daemon.",
4081  "/omp?cmd=get_tasks", response_data);
4082  default:
4083  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4084  return gsad_message (credentials,
4085  "Internal error", __FUNCTION__, __LINE__,
4086  "An internal error occurred while creating a new report. "
4087  "It is unclear whether the report has been created or not. "
4088  "Diagnostics: Internal Error.",
4089  "/omp?cmd=get_tasks", response_data);
4090  }
4091 
4092  cmd = params_value (params, "cmd");
4093  html = response_from_entity (credentials, params, entity,
4094  (no_redirect && strcmp (no_redirect, "0")),
4095  NULL, "get_tasks",
4096  NULL,
4097  (cmd && strcmp (cmd, "import_report"))
4098  ? "new_container_task" : "upload_report",
4099  "Import Report", response_data);
4100  free_entity (entity);
4101  g_free (response);
4102  return html;
4103 }
4104 
4114 char *
4115 import_report_omp (credentials_t * credentials, params_t *params,
4116  cmd_response_data_t* response_data)
4117 {
4118  return create_report_omp (credentials, params, response_data);
4119 }
4120 
4121 #define CHECK(name) \
4122 CHECK_PARAM_INVALID (name, "Create Task", "new_task")
4123 
4133 char *
4135  cmd_response_data_t* response_data)
4136 {
4137  entity_t entity;
4138  int ret;
4139  gchar *command, *html, *response;
4140  const char *no_redirect, *name, *comment;
4141 
4142  no_redirect = params_value (params, "no_redirect");
4143  name = params_value (params, "name");
4144  comment = params_value (params, "comment");
4145  CHECK_PARAM_INVALID (name, "Create Container Task", "new_container_task");
4146  CHECK_PARAM_INVALID (comment, "Create Container Task", "new_container_task");
4147 
4148  command = g_strdup_printf ("<create_task>"
4149  "<target id=\"0\"/>"
4150  "<name>%s</name>"
4151  "<comment>%s</comment>"
4152  "</create_task>",
4153  name,
4154  comment);
4155  ret = omp (credentials,
4156  &response,
4157  &entity,
4158  response_data,
4159  command);
4160  g_free (command);
4161 
4162  switch (ret)
4163  {
4164  case 0:
4165  break;
4166  case -1:
4167  /* 'omp' set response. */
4168  return response;
4169  case 1:
4170  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4171  return gsad_message (credentials,
4172  "Internal error", __FUNCTION__, __LINE__,
4173  "An internal error occurred while creating a container task. "
4174  "No task was created. "
4175  "Diagnostics: Failure to send command to manager daemon.",
4176  "/omp?cmd=get_tasks", response_data);
4177  case 2:
4178  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4179  return gsad_message (credentials,
4180  "Internal error", __FUNCTION__, __LINE__,
4181  "An internal error occurred while creating a container task. "
4182  "It is unclear whether the task has been created or not. "
4183  "Diagnostics: Failure to receive response from manager daemon.",
4184  "/omp?cmd=get_tasks", response_data);
4185  default:
4186  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4187  return gsad_message (credentials,
4188  "Internal error", __FUNCTION__, __LINE__,
4189  "An internal error occurred while creating a container task. "
4190  "It is unclear whether the task has been created or not. "
4191  "Diagnostics: Internal Error.",
4192  "/omp?cmd=get_tasks", response_data);
4193  }
4194 
4195  if (entity_attribute (entity, "id"))
4196  params_add (params, "task_id", entity_attribute (entity, "id"));
4197  html = response_from_entity (credentials, params, entity,
4198  (no_redirect && strcmp (no_redirect, "0")),
4199  NULL, "get_tasks",
4200  NULL, "new_container_task",
4201  "Create Container Task", response_data);
4202  free_entity (entity);
4203  g_free (response);
4204  return html;
4205 }
4206 
4216 char *
4217 create_task_omp (credentials_t * credentials, params_t *params,
4218  cmd_response_data_t* response_data)
4219 {
4220  entity_t entity;
4221  int ret;
4222  gchar *schedule_element, *command;
4223  gchar *response, *html;
4224  const char *no_redirect;
4225  const char *name, *comment, *config_id, *target_id, *scanner_type;
4226  const char *scanner_id, *schedule_id, *schedule_periods;
4227  const char *max_checks, *max_hosts;
4228  const char *in_assets, *hosts_ordering, *alterable, *source_iface;
4229  const char *add_tag, *tag_name, *tag_value, *auto_delete, *auto_delete_data;
4230  const char *apply_overrides, *min_qod;
4231  params_t *alerts;
4232  GString *alert_element;
4233 
4234  no_redirect = params_value (params, "no_redirect");
4235  name = params_value (params, "name");
4236  comment = params_value (params, "comment");
4237  target_id = params_value (params, "target_id");
4238  scanner_type = params_value (params, "scanner_type");
4239  hosts_ordering = params_value (params, "hosts_ordering");
4240  schedule_id = params_value (params, "schedule_id");
4241  schedule_periods = params_value (params, "schedule_periods");
4242  scanner_id = params_value (params, "scanner_id");
4243  config_id = params_value (params, "config_id");
4244  in_assets = params_value (params, "in_assets");
4245  apply_overrides = params_value (params, "apply_overrides");
4246  min_qod = params_value (params, "min_qod");
4247  max_checks = params_value (params, "max_checks");
4248  source_iface = params_value (params, "source_iface");
4249  auto_delete = params_value (params, "auto_delete");
4250  auto_delete_data = params_value (params, "auto_delete_data");
4251  max_hosts = params_value (params, "max_hosts");
4252  alterable = params_value (params, "alterable");
4253  add_tag = params_value (params, "add_tag");
4254  tag_name = params_value (params, "tag_name");
4255  tag_value = params_value (params, "tag_value");
4256  CHECK (scanner_type);
4257  if (!strcmp (scanner_type, "1"))
4258  {
4259  hosts_ordering = "";
4260  max_checks = "";
4261  source_iface = "";
4262  max_hosts = "";
4263  }
4264  else if (!strcmp (scanner_type, "3"))
4265  {
4266  config_id = "";
4267  hosts_ordering = "";
4268  max_checks = "";
4269  source_iface = "";
4270  max_hosts = "";
4271  }
4272 
4273  CHECK (name);
4274  CHECK (comment);
4275  CHECK (config_id);
4276  CHECK (target_id);
4277  CHECK (hosts_ordering);
4278  CHECK (scanner_id);
4279  CHECK (schedule_id);
4280  if (params_given (params, "schedule_periods"))
4281  {
4282  CHECK (schedule_periods);
4283  }
4284  else
4285  schedule_periods = "0";
4286  CHECK (in_assets);
4287  if (!strcmp (in_assets, "1"))
4288  {
4289  CHECK (apply_overrides);
4290  CHECK (min_qod);
4291  }
4292  else
4293  {
4294  if (!params_given (params, "apply_overrides")
4295  || !params_valid (params, "apply_overrides"))
4296  apply_overrides = "";
4297 
4298  if (!params_given (params, "min_qod")
4299  || !params_valid (params, "min_qod"))
4300  min_qod = "";
4301  }
4302  CHECK (max_checks);
4303  CHECK (source_iface);
4304  CHECK (auto_delete);
4305  CHECK (auto_delete_data);
4306  CHECK (max_hosts);
4307  CHECK (alterable);
4308  if (add_tag)
4309  {
4310  CHECK (add_tag);
4311  CHECK (tag_name);
4312  CHECK (tag_value);
4313  }
4314 
4315  if (schedule_id == NULL || strcmp (schedule_id, "0") == 0)
4316  schedule_element = g_strdup ("");
4317  else
4318  schedule_element = g_strdup_printf ("<schedule id=\"%s\"/>", schedule_id);
4319 
4320  alert_element = g_string_new ("");
4321  if (params_given (params, "alert_id_optional:"))
4322  alerts = params_values (params, "alert_id_optional:");
4323  else
4324  alerts = params_values (params, "alert_ids:");
4325 
4326  if (alerts)
4327  {
4328  params_iterator_t iter;
4329  char *name;
4330  param_t *param;
4331 
4332  params_iterator_init (&iter, alerts);
4333  while (params_iterator_next (&iter, &name, &param))
4334  if (param->value && strcmp (param->value, "0"))
4335  g_string_append_printf (alert_element,
4336  "<alert id=\"%s\"/>",
4337  param->value ? param->value : "");
4338  }
4339 
4340  command = g_strdup_printf ("<create_task>"
4341  "<config id=\"%s\"/>"
4342  "<schedule_periods>%s</schedule_periods>"
4343  "%s%s"
4344  "<target id=\"%s\"/>"
4345  "<scanner id=\"%s\"/>"
4346  "<hosts_ordering>%s</hosts_ordering>"
4347  "<name>%s</name>"
4348  "<comment>%s</comment>"
4349  "<preferences>"
4350  "<preference>"
4351  "<scanner_name>max_checks</scanner_name>"
4352  "<value>%s</value>"
4353  "</preference>"
4354  "<preference>"
4355  "<scanner_name>max_hosts</scanner_name>"
4356  "<value>%s</value>"
4357  "</preference>"
4358  "<preference>"
4359  "<scanner_name>in_assets</scanner_name>"
4360  "<value>%s</value>"
4361  "</preference>"
4362  "<preference>"
4363  "<scanner_name>"
4364  "assets_apply_overrides"
4365  "</scanner_name>"
4366  "<value>%s</value>"
4367  "</preference>"
4368  "<preference>"
4369  "<scanner_name>assets_min_qod</scanner_name>"
4370  "<value>%s</value>"
4371  "</preference>"
4372  "<preference>"
4373  "<scanner_name>source_iface</scanner_name>"
4374  "<value>%s</value>"
4375  "</preference>"
4376  "<preference>"
4377  "<scanner_name>auto_delete</scanner_name>"
4378  "<value>%s</value>"
4379  "</preference>"
4380  "<preference>"
4381  "<scanner_name>auto_delete_data</scanner_name>"
4382  "<value>%s</value>"
4383  "</preference>"
4384  "</preferences>"
4385  "<alterable>%i</alterable>"
4386  "</create_task>",
4387  config_id,
4388  schedule_periods,
4389  schedule_element,
4390  alert_element->str,
4391  target_id,
4392  scanner_id,
4393  hosts_ordering,
4394  name,
4395  comment,
4396  max_checks,
4397  max_hosts,
4398  strcmp (in_assets, "0") ? "yes" : "no",
4399  strcmp (apply_overrides, "0") ? "yes" : "no",
4400  min_qod,
4401  source_iface,
4402  auto_delete,
4403  auto_delete_data,
4404  alterable ? strcmp (alterable, "0") : 0);
4405 
4406  ret = omp (credentials,
4407  &response,
4408  &entity,
4409  response_data,
4410  command);
4411  g_free (command);
4412 
4413  g_free (schedule_element);
4414  g_string_free (alert_element, TRUE);
4415 
4416  switch (ret)
4417  {
4418  case 0:
4419  break;
4420  case -1:
4421  /* 'omp' set response. */
4422  return response;
4423  case 1:
4424  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4425  return gsad_message (credentials,
4426  "Internal error", __FUNCTION__, __LINE__,
4427  "An internal error occurred while creating a new task. "
4428  "No new task was created. "
4429  "Diagnostics: Failure to send command to manager daemon.",
4430  "/omp?cmd=get_tasks", response_data);
4431  case 2:
4432  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4433  return gsad_message (credentials,
4434  "Internal error", __FUNCTION__, __LINE__,
4435  "An internal error occurred while creating a new task. "
4436  "It is unclear whether the task has been created or not. "
4437  "Diagnostics: Failure to receive response from manager daemon.",
4438  "/omp?cmd=get_tasks", response_data);
4439  default:
4440  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4441  return gsad_message (credentials,
4442  "Internal error", __FUNCTION__, __LINE__,
4443  "An internal error occurred while creating a new task. "
4444  "It is unclear whether the task has been created or not. "
4445  "Diagnostics: Internal Error.",
4446  "/omp?cmd=get_tasks", response_data);
4447  }
4448 
4449  if (omp_success (entity))
4450  {
4451  if (add_tag && strcmp (add_tag, "0"))
4452  {
4453  const char *new_task_id = entity_attribute (entity, "id");
4454  gchar *tag_command, *tag_response;
4455  entity_t tag_entity;
4456 
4457  if (tag_value && strcmp (tag_value, ""))
4458  tag_command
4459  = g_markup_printf_escaped ("<create_tag>"
4460  "<name>%s</name>"
4461  "<resource id=\"%s\">"
4462  "<type>task</type>"
4463  "</resource>"
4464  "<value>%s</value>"
4465  "</create_tag>",
4466  tag_name,
4467  new_task_id,
4468  tag_value);
4469  else
4470  tag_command
4471  = g_markup_printf_escaped ("<create_tag>"
4472  "<name>%s</name>"
4473  "<resource id=\"%s\">"
4474  "<type>task</type>"
4475  "</resource>"
4476  "</create_tag>",
4477  tag_name,
4478  new_task_id);
4479 
4480  ret = omp (credentials,
4481  &tag_response,
4482  &tag_entity,
4483  response_data,
4484  tag_command);
4485 
4486  switch (ret)
4487  {
4488  case 0:
4489  case -1:
4490  break;
4491  case 1:
4492  free_entity (entity);
4493  g_free (response);
4494  response_data->http_status_code
4495  = MHD_HTTP_INTERNAL_SERVER_ERROR;
4496  return gsad_message (credentials,
4497  "Internal error", __FUNCTION__, __LINE__,
4498  "An internal error occurred while creating a new tag. "
4499  "No new tag was created. "
4500  "Diagnostics: Failure to send command to manager daemon.",
4501  "/omp?cmd=get_tasks", response_data);
4502  case 2:
4503  free_entity (entity);
4504  g_free (response);
4505  response_data->http_status_code
4506  = MHD_HTTP_INTERNAL_SERVER_ERROR;
4507  return gsad_message (credentials,
4508  "Internal error", __FUNCTION__, __LINE__,
4509  "An internal error occurred while creating a new tag. "
4510  "It is unclear whether the tag has been created or not. "
4511  "Diagnostics: Failure to receive response from manager daemon.",
4512  "/omp?cmd=get_tasks", response_data);
4513  default:
4514  free_entity (entity);
4515  g_free (response);
4516  response_data->http_status_code
4517  = MHD_HTTP_INTERNAL_SERVER_ERROR;
4518  return gsad_message (credentials,
4519  "Internal error", __FUNCTION__, __LINE__,
4520  "An internal error occurred while creating a new task. "
4521  "It is unclear whether the tag has been created or not. "
4522  "Diagnostics: Internal Error.",
4523  "/omp?cmd=get_tasks", response_data);
4524  }
4525 
4526  if (entity_attribute (entity, "id"))
4527  params_add (params, "task_id", entity_attribute (entity, "id"));
4528  html
4529  = response_from_entity (credentials, params, tag_entity,
4530  (no_redirect && strcmp (no_redirect, "0")),
4531  NULL, "get_tasks",
4532  NULL, "new_tasks",
4533  "Create Task and Tag", response_data);
4534  free_entity (tag_entity);
4535  g_free (tag_response);
4536  }
4537  else
4538  {
4539  if (entity_attribute (entity, "id"))
4540  params_add (params, "task_id", entity_attribute (entity, "id"));
4541  html
4542  = response_from_entity (credentials, params, entity,
4543  (no_redirect && strcmp (no_redirect, "0")),
4544  NULL, "get_tasks",
4545  NULL, "new_task",
4546  "Create Task", response_data);
4547  }
4548  }
4549  else
4550  {
4551  html = response_from_entity (credentials, params, entity,
4552  (no_redirect && strcmp (no_redirect, "0")),
4553  NULL, "get_tasks",
4554  NULL, "new_task",
4555  "Create Task", response_data);
4556  }
4557  free_entity (entity);
4558  g_free (response);
4559  return html;
4560 }
4561 
4562 
4572 char *
4573 delete_task_omp (credentials_t * credentials, params_t *params,
4574  cmd_response_data_t* response_data)
4575 {
4576  return delete_resource ("task", credentials, params, 0, NULL, response_data);
4577 }
4578 
4589 char *
4590 edit_task (credentials_t * credentials, params_t *params, const char *extra_xml,
4591  cmd_response_data_t* response_data)
4592 {
4593  GString *xml;
4594  openvas_connection_t connection;
4595  gchar *html;
4596  const char *task_id, *next, *refresh_interval, *sort_field, *sort_order;
4597  const char *overrides, *alerts;
4598  int apply_overrides;
4599 
4600  task_id = params_value (params, "task_id");
4601  next = params_value (params, "next");
4602  refresh_interval = params_value (params, "refresh_interval");
4603  sort_field = params_value (params, "sort_field");
4604  sort_order = params_value (params, "sort_order");
4605  overrides = params_value (params, "overrides");
4606  alerts = params_value (params, "alerts");
4607 
4608  apply_overrides = overrides ? strcmp (overrides, "0") : 1;
4609 
4610  if (task_id == NULL)
4611  {
4612  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
4613  return gsad_message (credentials,
4614  "Internal error", __FUNCTION__, __LINE__,
4615  "An internal error occurred while editing a task. "
4616  "The task remains as it was. "
4617  "Diagnostics: Required parameter was NULL.",
4618  "/omp?cmd=get_tasks", response_data);
4619  }
4620 
4621  if (next == NULL)
4622  next = "get_task";
4623 
4624  switch (manager_connect (credentials, &connection, &html,
4625  response_data))
4626  {
4627  case 0:
4628  break;
4629  case -1:
4630  if (html)
4631  return html;
4632  /* Fall through. */
4633  default:
4634  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4635  return gsad_message (credentials,
4636  "Internal error", __FUNCTION__, __LINE__,
4637  "An internal error occurred while editing a task. "
4638  "The task remains as it was. "
4639  "Diagnostics: Failure to connect to manager daemon.",
4640  "/omp?cmd=get_tasks", response_data);
4641  }
4642 
4643  if (openvas_connection_sendf (&connection,
4644  "<commands>"
4645  "<get_tasks task_id=\"%s\" details=\"1\" />"
4646  "<get_targets"
4647  " filter=\"rows=-1 sort=name\"/>"
4648  "<get_configs"
4649  " filter=\"rows=-1 sort=name\"/>"
4650  "%s"
4651  "%s"
4652  "%s"
4653  "%s"
4654  "</commands>",
4655  task_id,
4656  command_enabled (credentials, "GET_ALERTS")
4657  ? "<get_alerts"
4658  " filter=\"rows=-1 sort=name\"/>"
4659  : "",
4660  command_enabled (credentials, "GET_SCHEDULES")
4661  ? "<get_schedules"
4662  " filter=\"rows=-1 sort=name\"/>"
4663  : "",
4664  command_enabled (credentials, "GET_SCANNERS")
4665  ? "<get_scanners"
4666  " filter=\"rows=-1\"/>"
4667  : "",
4668  command_enabled (credentials, "GET_GROUPS")
4669  ? "<get_groups/>"
4670  : "")
4671  == -1)
4672  {
4673  openvas_connection_close (&connection);
4674  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4675  return gsad_message (credentials,
4676  "Internal error", __FUNCTION__, __LINE__,
4677  "An internal error occurred while getting task info. "
4678  "Diagnostics: Failure to send command to manager daemon.",
4679  "/omp?cmd=get_tasks", response_data);
4680  }
4681 
4682  xml = g_string_new ("");
4683 
4684  if (extra_xml)
4685  g_string_append (xml, extra_xml);
4686 
4687  g_string_append_printf (xml,
4688  "<edit_task>"
4689  "<task id=\"%s\"/>"
4690  "<user>%s</user>"
4691  "<alerts>%s</alerts>"
4692  /* Page that follows. */
4693  "<next>%s</next>"
4694  /* Passthroughs. */
4695  "<refresh_interval>%s</refresh_interval>"
4696  "<sort_field>%s</sort_field>"
4697  "<sort_order>%s</sort_order>"
4698  "<apply_overrides>%i</apply_overrides>",
4699  task_id,
4700  credentials->username,
4701  alerts ? alerts : "1",
4702  next,
4703  refresh_interval ? refresh_interval : "",
4704  sort_field,
4705  sort_order,
4706  apply_overrides);
4707 
4708  if (read_string_c (&connection, &xml))
4709  {
4710  g_string_free (xml, TRUE);
4711  openvas_connection_close (&connection);
4712  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4713  return gsad_message (credentials,
4714  "Internal error", __FUNCTION__, __LINE__,
4715  "An internal error occurred while getting task info. "
4716  "Diagnostics: Failure to receive response from manager daemon.",
4717  "/omp?cmd=get_tasks", response_data);
4718  }
4719 
4720  /* Cleanup, and return transformed XML. */
4721 
4722  g_string_append (xml, "</edit_task>");
4723  openvas_connection_close (&connection);
4724  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
4725  response_data);
4726 }
4727 
4737 char *
4738 edit_task_omp (credentials_t * credentials, params_t *params,
4739  cmd_response_data_t* response_data)
4740 {
4741  return edit_task (credentials, params, NULL, response_data);
4742 }
4743 
4753 char *
4754 save_task_omp (credentials_t * credentials, params_t *params,
4755  cmd_response_data_t* response_data)
4756 {
4757  gchar *html, *response, *format;
4758  const char *no_redirect;
4759  const char *comment, *name, *schedule_id, *in_assets;
4760  const char *scanner_id, *task_id, *max_checks, *max_hosts;
4761  const char *config_id, *target_id, *hosts_ordering, *alterable, *source_iface;
4762  const char *scanner_type, *schedule_periods, *auto_delete, *auto_delete_data;
4763  const char *apply_overrides, *min_qod;
4764  int ret;
4765  params_t *alerts;
4766  GString *alert_element;
4767  entity_t entity;
4768 
4769  no_redirect = params_value (params, "no_redirect");
4770  comment = params_value (params, "comment");
4771  name = params_value (params, "name");
4772  task_id = params_value (params, "task_id");
4773  in_assets = params_value (params, "in_assets");
4774  apply_overrides = params_value (params, "apply_overrides");
4775  min_qod = params_value (params, "min_qod");
4776  target_id = params_value (params, "target_id");
4777  scanner_type = params_value (params, "scanner_type");
4778  hosts_ordering = params_value (params, "hosts_ordering");
4779  config_id = params_value (params, "config_id");
4780  schedule_id = params_value (params, "schedule_id");
4781  schedule_periods = params_value (params, "schedule_periods");
4782  scanner_id = params_value (params, "scanner_id");
4783  max_checks = params_value (params, "max_checks");
4784  source_iface = params_value (params, "source_iface");
4785  auto_delete = params_value (params, "auto_delete");
4786  auto_delete_data = params_value (params, "auto_delete_data");
4787  max_hosts = params_value (params, "max_hosts");
4788  alterable = params_value (params, "alterable");
4789  CHECK_PARAM_INVALID (scanner_type, "Save Task", "edit_task");
4790  if (!strcmp (scanner_type, "1"))
4791  {
4792  hosts_ordering = "";
4793  max_checks = "";
4794  source_iface = "";
4795  max_hosts = "";
4796  }
4797  else if (!strcmp (scanner_type, "3"))
4798  {
4799  config_id = "0";
4800  hosts_ordering = "";
4801  max_checks = "";
4802  source_iface = "";
4803  max_hosts = "";
4804  }
4805 
4806  CHECK_PARAM_INVALID (name, "Save Task", "edit_task");
4807  CHECK_PARAM_INVALID (comment, "Save Task", "edit_task");
4808  CHECK_PARAM_INVALID (target_id, "Save Task", "edit_task");
4809  CHECK_PARAM_INVALID (hosts_ordering, "Save Task", "edit_task");
4810  CHECK_PARAM_INVALID (config_id, "Save Task", "edit_task");
4811  CHECK_PARAM_INVALID (schedule_id, "Save Task", "edit_task");
4812  if (params_given (params, "schedule_periods"))
4813  {
4814  CHECK (schedule_periods);
4815  }
4816  else
4817  schedule_periods = "0";
4818  CHECK_PARAM_INVALID (scanner_id, "Save Task", "edit_task");
4819  CHECK_PARAM_INVALID (task_id, "Save Task", "edit_task");
4820  CHECK_PARAM_INVALID (max_checks, "Save Task", "edit_task");
4821  CHECK_PARAM_INVALID (source_iface, "Save Task", "edit_task");
4822  CHECK_PARAM_INVALID (auto_delete, "Save Task", "edit_task");
4823  CHECK_PARAM_INVALID (auto_delete_data, "Save Task", "edit_task");
4824  CHECK_PARAM_INVALID (max_hosts, "Save Task", "edit_task");
4825  CHECK_PARAM_INVALID (in_assets, "Save Task", "edit_task");
4826 
4827  if (!strcmp (in_assets, "1"))
4828  {
4829  CHECK_PARAM_INVALID (apply_overrides, "Save Task", "edit_task");
4830  CHECK_PARAM_INVALID (min_qod, "Save Task", "edit_task");
4831  }
4832  else
4833  {
4834  if (!params_given (params, "apply_overrides")
4835  || !params_valid (params, "apply_overrides"))
4836  apply_overrides = "";
4837 
4838  if (!params_given (params, "min_qod")
4839  || !params_valid (params, "min_qod"))
4840  min_qod = "";
4841  }
4842 
4843  alert_element = g_string_new ("");
4844  if (params_given (params, "alert_id_optional:"))
4845  alerts = params_values (params, "alert_id_optional:");
4846  else
4847  alerts = params_values (params, "alert_ids:");
4848 
4849  if (alerts)
4850  {
4851  params_iterator_t iter;
4852  char *name;
4853  param_t *param;
4854 
4855  params_iterator_init (&iter, alerts);
4856  while (params_iterator_next (&iter, &name, &param))
4857  {
4858  if (param->value && strcmp (param->value, "0"))
4859  g_string_append_printf (alert_element,
4860  "<alert id=\"%s\"/>",
4861  param->value ? param->value : "");
4862  }
4863  }
4864 
4865  // Remove Alerts from Task if none are given.
4866  if (strcmp (alert_element->str, "") == 0)
4867  g_string_append_printf (alert_element, "<alert id=\"0\"/>");
4868 
4869  format = g_strdup_printf ("<modify_task task_id=\"%%s\">"
4870  "<name>%%s</name>"
4871  "<comment>%%s</comment>"
4872  "<hosts_ordering>%s</hosts_ordering>"
4873  "%s"
4874  "<target id=\"%%s\"/>"
4875  "<config id=\"%%s\"/>"
4876  "<schedule id=\"%%s\"/>"
4877  "<schedule_periods>%%s</schedule_periods>"
4878  "<scanner id=\"%%s\"/>"
4879  "<preferences>"
4880  "<preference>"
4881  "<scanner_name>max_checks</scanner_name>"
4882  "<value>%%s</value>"
4883  "</preference>"
4884  "<preference>"
4885  "<scanner_name>max_hosts</scanner_name>"
4886  "<value>%%s</value>"
4887  "</preference>"
4888  "<preference>"
4889  "<scanner_name>in_assets</scanner_name>"
4890  "<value>%%s</value>"
4891  "</preference>"
4892  "<preference>"
4893  "<scanner_name>assets_apply_overrides</scanner_name>"
4894  "<value>%%s</value>"
4895  "</preference>"
4896  "<preference>"
4897  "<scanner_name>assets_min_qod</scanner_name>"
4898  "<value>%%s</value>"
4899  "</preference>"
4900  "<preference>"
4901  "<scanner_name>source_iface</scanner_name>"
4902  "<value>%%s</value>"
4903  "</preference>"
4904  "<preference>"
4905  "<scanner_name>auto_delete</scanner_name>"
4906  "<value>%%s</value>"
4907  "</preference>"
4908  "<preference>"
4909  "<scanner_name>auto_delete_data</scanner_name>"
4910  "<value>%%s</value>"
4911  "</preference>"
4912  "</preferences>"
4913  "%s%i%s"
4914  "</modify_task>",
4915  hosts_ordering,
4916  alert_element->str,
4917  alterable ? "<alterable>" : "",
4918  alterable ? strcmp (alterable, "0") : 0,
4919  alterable ? "</alterable>" : "");
4920  response = NULL;
4921  entity = NULL;
4922  ret = ompf (credentials,
4923  &response,
4924  &entity,
4925  response_data,
4926  format,
4927  task_id,
4928  name,
4929  comment,
4930  target_id,
4931  config_id,
4932  schedule_id,
4933  schedule_periods,
4934  scanner_id,
4935  max_checks,
4936  max_hosts,
4937  strcmp (in_assets, "0") ? "yes" : "no",
4938  strcmp (apply_overrides, "0") ? "yes" : "no",
4939  min_qod,
4940  source_iface,
4941  auto_delete,
4942  auto_delete_data);
4943  g_free (format);
4944 
4945  g_string_free (alert_element, TRUE);
4946 
4947  switch (ret)
4948  {
4949  case 0:
4950  case -1:
4951  break;
4952  case 1:
4953  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4954  return gsad_message (credentials,
4955  "Internal error", __FUNCTION__, __LINE__,
4956  "An internal error occurred while saving a task. "
4957  "The task was not saved. "
4958  "Diagnostics: Failure to send command to manager daemon.",
4959  "/omp?cmd=get_tasks", response_data);
4960  case 2:
4961  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4962  return gsad_message (credentials,
4963  "Internal error", __FUNCTION__, __LINE__,
4964  "An internal error occurred while saving a task. "
4965  "It is unclear whether the task has been saved or not. "
4966  "Diagnostics: Failure to receive response from manager daemon.",
4967  "/omp?cmd=get_tasks", response_data);
4968  default:
4969  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
4970  return gsad_message (credentials,
4971  "Internal error", __FUNCTION__, __LINE__,
4972  "An internal error occurred while saving a task. "
4973  "It is unclear whether the task has been saved or not. "
4974  "Diagnostics: Internal Error.",
4975  "/omp?cmd=get_tasks", response_data);
4976  }
4977 
4978  html = response_from_entity (credentials, params, entity,
4979  (no_redirect && strcmp (no_redirect, "0")),
4980  NULL, "get_tasks",
4981  NULL, "edit_task",
4982  "Save Task", response_data);
4983  free_entity (entity);
4984  g_free (response);
4985  return html;
4986 }
4987 
4988 #undef CHECK
4989 
4999 char *
5001  cmd_response_data_t* response_data)
5002 {
5003  gchar *format, *response, *html;
5004  const char *no_redirect, *comment, *name, *task_id;
5005  const char *in_assets, *auto_delete, *auto_delete_data;
5006  int ret;
5007  entity_t entity;
5008 
5009  no_redirect = params_value (params, "no_redirect");
5010  comment = params_value (params, "comment");
5011  in_assets = params_value (params, "in_assets");
5012  name = params_value (params, "name");
5013  task_id = params_value (params, "task_id");
5014  auto_delete = params_value (params, "auto_delete");
5015  auto_delete_data = params_value (params, "auto_delete_data");
5016  CHECK_PARAM_INVALID (name, "Save Task", "edit_task")
5017  CHECK_PARAM_INVALID (comment, "Save Task", "edit_task")
5018  CHECK_PARAM_INVALID (task_id, "Save Task", "edit_task")
5019  CHECK_PARAM_INVALID (in_assets, "Save Task", "edit_task")
5020  CHECK_PARAM_INVALID (auto_delete, "Save Task", "edit_task");
5021  CHECK_PARAM_INVALID (auto_delete_data, "Save Task", "edit_task");
5022 
5023  format = g_strdup_printf ("<modify_task task_id=\"%%s\">"
5024  "<name>%%s</name>"
5025  "<comment>%%s</comment>"
5026  "<preferences>"
5027  "<preference>"
5028  "<scanner_name>in_assets</scanner_name>"
5029  "<value>%%s</value>"
5030  "</preference>"
5031  "<preference>"
5032  "<scanner_name>auto_delete</scanner_name>"
5033  "<value>%%s</value>"
5034  "</preference>"
5035  "<preference>"
5036  "<scanner_name>auto_delete_data</scanner_name>"
5037  "<value>%%s</value>"
5038  "</preference>"
5039  "</preferences>"
5040  "</modify_task>");
5041 
5042  response = NULL;
5043  entity = NULL;
5044  ret = ompf (credentials, &response, &entity, response_data,
5045  format, task_id, name, comment,
5046  strcmp (in_assets, "0") ? "yes" : "no",
5047  auto_delete,
5048  auto_delete_data);
5049  g_free (format);
5050  switch (ret)
5051  {
5052  case 0:
5053  case -1:
5054  break;
5055  case 1:
5056  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5057  return gsad_message (credentials,
5058  "Internal error", __FUNCTION__, __LINE__,
5059  "An internal error occurred while saving a task. "
5060  "No new task was created. "
5061  "Diagnostics: Failure to send command to manager daemon.",
5062  "/omp?cmd=get_tasks", response_data);
5063  case 2:
5064  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5065  return gsad_message (credentials,
5066  "Internal error", __FUNCTION__, __LINE__,
5067  "An internal error occurred while saving a task. "
5068  "It is unclear whether the task has been created or not. "
5069  "Diagnostics: Failure to receive response from manager daemon.",
5070  "/omp?cmd=get_tasks", response_data);
5071  default:
5072  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5073  return gsad_message (credentials,
5074  "Internal error", __FUNCTION__, __LINE__,
5075  "An internal error occurred while saving a task. "
5076  "It is unclear whether the task has been created or not. "
5077  "Diagnostics: Internal Error.",
5078  "/omp?cmd=get_tasks", response_data);
5079  }
5080 
5081  html = response_from_entity (credentials, params, entity,
5082  (no_redirect && strcmp (no_redirect, "0")),
5083  NULL, "get_tasks",
5084  NULL, "edit_task",
5085  "Save Container Task", response_data);
5086  free_entity (entity);
5087  g_free (response);
5088  return html;
5089 }
5090 
5103 char *
5104 export_task_omp (credentials_t * credentials, params_t *params,
5105  enum content_type * content_type, char **content_disposition,
5106  gsize *content_length, cmd_response_data_t* response_data)
5107 {
5108  return export_resource ("task", credentials, params, content_type,
5109  content_disposition, content_length, response_data);
5110 }
5111 
5125 char *
5126 export_tasks_omp (credentials_t * credentials, params_t *params,
5127  enum content_type * content_type, char **content_disposition,
5128  gsize *content_length, cmd_response_data_t* response_data)
5129 {
5130  return export_many ("task", credentials, params, content_type,
5131  content_disposition, content_length, response_data);
5132 }
5133 
5143 char *
5144 stop_task_omp (credentials_t * credentials, params_t *params,
5145  cmd_response_data_t* response_data)
5146 {
5147  return resource_action (credentials, params, "task", "stop", response_data);
5148 }
5149 
5159 char *
5160 resume_task_omp (credentials_t * credentials, params_t *params,
5161  cmd_response_data_t* response_data)
5162 {
5163  return resource_action (credentials, params, "task", "resume", response_data);
5164 }
5165 
5175 char *
5176 start_task_omp (credentials_t * credentials, params_t *params,
5177  cmd_response_data_t* response_data)
5178 {
5179  return resource_action (credentials, params, "task", "start", response_data);
5180 }
5181 
5191 char *
5192 move_task_omp (credentials_t * credentials, params_t *params,
5193  cmd_response_data_t* response_data)
5194 {
5195  gchar *command, *response, *html;
5196  const char *no_redirect, *task_id, *slave_id;
5197  int ret;
5198  entity_t entity;
5199 
5200  no_redirect = params_value (params, "no_redirect");
5201  slave_id = params_value (params, "slave_id");
5202  task_id = params_value (params, "task_id");
5203 
5204  command = g_strdup_printf ("<move_task task_id=\"%s\" slave_id=\"%s\"/>",
5205  task_id ? task_id : "",
5206  slave_id ? slave_id : "");
5207 
5208  response = NULL;
5209  entity = NULL;
5210  ret = omp (credentials, &response, &entity, response_data, command);
5211  g_free (command);
5212  switch (ret)
5213  {
5214  case 0:
5215  break;
5216  case -1:
5217  /* 'omp' set response. */
5218  return response;
5219  case 1:
5220  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5221  return gsad_message (credentials,
5222  "Internal error", __FUNCTION__, __LINE__,
5223  "An internal error occurred while moving a task. "
5224  "The task was not moved. "
5225  "Diagnostics: Failure to send command to manager daemon.",
5226  "/omp?cmd=get_tasks", response_data);
5227  case 2:
5228  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5229  return gsad_message (credentials,
5230  "Internal error", __FUNCTION__, __LINE__,
5231  "An internal error occurred while moving a task. "
5232  "It is unclear whether the task has been moved or not. "
5233  "Diagnostics: Failure to receive response from manager daemon.",
5234  "/omp?cmd=get_tasks", response_data);
5235  default:
5236  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5237  return gsad_message (credentials,
5238  "Internal error", __FUNCTION__, __LINE__,
5239  "An internal error occurred while moving a task. "
5240  "It is unclear whether the task has been moved or not. "
5241  "Diagnostics: Internal Error.",
5242  "/omp?cmd=get_tasks", response_data);
5243  }
5244 
5245  html = response_from_entity (credentials, params, entity,
5246  (no_redirect && strcmp (no_redirect, "0")),
5247  NULL, "get_tasks",
5248  NULL, "get_tasks",
5249  "Move Task", response_data);
5250 
5251  free_entity (entity);
5252  g_free (response);
5253  return html;
5254 }
5255 
5267 static char*
5268 get_nvts (credentials_t *credentials, params_t *params, const char *commands,
5269  const char *extra_xml, cmd_response_data_t* response_data)
5270 {
5271  GString *xml = NULL;
5272  openvas_connection_t connection;
5273  gchar *html;
5274  const char *oid;
5275 
5276  oid = params_value (params, "oid");
5277  if (oid == NULL)
5278  {
5279  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
5280  return gsad_message (credentials,
5281  "Internal error", __FUNCTION__, __LINE__,
5282  "An internal error occurred while getting an NVT. "
5283  "Diagnostics: Required parameter was NULL.",
5284  "/omp?cmd=get_tasks", response_data);
5285  }
5286  switch (manager_connect (credentials, &connection, &html,
5287  response_data))
5288  {
5289  case 0:
5290  break;
5291  case -1:
5292  if (html)
5293  return html;
5294  /* Fall through. */
5295  default:
5296  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5297  return gsad_message (credentials,
5298  "Internal error", __FUNCTION__, __LINE__,
5299  "An internal error occurred while getting nvt details. "
5300  "Diagnostics: Failure to connect to manager daemon.",
5301  "/omp?cmd=get_tasks", response_data);
5302  }
5303 
5304  if (openvas_connection_sendf (&connection,
5305  "<commands>"
5306  "%s"
5307  "<get_nvts"
5308  " nvt_oid=\"%s\""
5309  " details=\"1\""
5310  " preferences=\"1\"/>"
5311  "<get_notes"
5312  " nvt_oid=\"%s\""
5313  " sort_field=\"notes.text\"/>"
5314  "<get_overrides"
5315  " nvt_oid=\"%s\""
5316  " sort_field=\"overrides.text\"/>"
5317  "</commands>",
5318  commands ? commands : "",
5319  oid,
5320  oid,
5321  oid)
5322  == -1)
5323  {
5324  openvas_connection_close (&connection);
5325  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5326  return gsad_message (credentials,
5327  "Internal error", __FUNCTION__, __LINE__,
5328  "An internal error occurred while getting nvt details. "
5329  "Diagnostics: Failure to send command to manager daemon.",
5330  "/omp?cmd=get_tasks", response_data);
5331  }
5332 
5333  xml = g_string_new ("<get_nvts>");
5334  if (read_string_c (&connection, &xml))
5335  {
5336  openvas_connection_close (&connection);
5337  g_string_free (xml, TRUE);
5338  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5339  return gsad_message (credentials,
5340  "Internal error", __FUNCTION__, __LINE__,
5341  "An internal error occurred while getting nvt details. "
5342  "Diagnostics: Failure to receive response from manager daemon.",
5343  "/omp?cmd=get_tasks", response_data);
5344  }
5345 
5346  /* Append extra_xml */
5347  if (extra_xml)
5348  g_string_append (xml, extra_xml);
5349 
5350  /* Get tag names */
5351 
5352  if (openvas_connection_sendf (&connection,
5353  "<get_tags"
5354  " filter=\"resource_type=nvt"
5355  " first=1"
5356  " rows=-1\""
5357  " names_only=\"1\""
5358  "/>")
5359  == -1)
5360  {
5361  g_string_free (xml, TRUE);
5362  openvas_connection_close (&connection);
5363  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5364  return gsad_message (credentials,
5365  "Internal error", __FUNCTION__, __LINE__,
5366  "An internal error occurred while getting tag names list. "
5367  "The current list of resources is not available. "
5368  "Diagnostics: Failure to send command to manager daemon.",
5369  "/omp?cmd=get_resources", response_data);
5370  }
5371 
5372  if (read_string_c (&connection, &xml))
5373  {
5374  g_string_free (xml, TRUE);
5375  openvas_connection_close (&connection);
5376  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5377  return gsad_message (credentials,
5378  "Internal error", __FUNCTION__, __LINE__,
5379  "An internal error occurred while getting tag names list. "
5380  "The current list of resources is not available. "
5381  "Diagnostics: Failure to receive response from manager daemon.",
5382  "/omp?cmd=get_resources", response_data);
5383  }
5384 
5385  g_string_append (xml, "</get_nvts>");
5386 
5387  openvas_connection_close (&connection);
5388  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
5389  response_data);
5390 }
5391 
5402 char *
5403 get_info (credentials_t *credentials, params_t *params, const char *extra_xml,
5404  cmd_response_data_t* response_data)
5405 {
5406  char *ret;
5407  GString *extra_attribs, *extra_response;
5408  const char *info_type;
5409 
5410  info_type = params_value (params, "info_type");
5411  if (info_type == NULL)
5412  {
5413  param_t *param;
5414  param = params_add (params, "info_type", "nvt");
5415  param->valid = 1;
5416  param->valid_utf8 = g_utf8_validate (param->value, -1, NULL);
5417  info_type = params_value (params, "info_type");
5418  }
5419 
5420  if (strcmp (info_type, "nvt")
5421  && strcmp (info_type, "cve")
5422  && strcmp (info_type, "cpe")
5423  && strcmp (info_type, "ovaldef")
5424  && strcmp (info_type, "cert_bund_adv")
5425  && strcmp (info_type, "dfn_cert_adv")
5426  && strcmp (info_type, "allinfo")
5427  && strcmp (info_type, "NVT")
5428  && strcmp (info_type, "CVE")
5429  && strcmp (info_type, "CPE")
5430  && strcmp (info_type, "OVALDEF")
5431  && strcmp (info_type, "CERT_BUND_ADV")
5432  && strcmp (info_type, "DFN_CERT_ADV")
5433  && strcmp (info_type, "ALLINFO"))
5434  {
5435  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
5436  return gsad_message (credentials,
5437  "Internal error", __FUNCTION__, __LINE__,
5438  "An internal error occurred while getting SecInfo. "
5439  "Diagnostics: Invalid info_type parameter value",
5440  "/omp?cmd=get_info", response_data);
5441  }
5442 
5443  if (params_value (params, "info_name")
5444  && params_value (params, "info_id"))
5445  {
5446  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
5447  return gsad_message (credentials,
5448  "Internal error", __FUNCTION__, __LINE__,
5449  "An internal error occurred while getting SecInfo. "
5450  "Diagnostics: Both ID and Name set.",
5451  "/omp?cmd=get_info", response_data);
5452  }
5453  extra_response = g_string_new (extra_xml ? extra_xml : "");
5454 
5455  if (command_enabled (credentials, "GET_NOTES")
5456  && (strcasecmp (info_type, "NVT") == 0)
5457  && params_value (params, "info_id"))
5458  {
5459  gchar *response;
5460 
5461  if (simple_ompf ("getting SecInfo", credentials, &response, response_data,
5462  "<get_notes"
5463  " nvt_oid=\"%s\""
5464  " sort_field=\"notes.text\"/>",
5465  params_value (params, "info_id")))
5466  {
5467  g_string_free (extra_response, TRUE);
5468  return response;
5469  }
5470 
5471  g_string_append (extra_response, response);
5472  }
5473 
5474  if (command_enabled (credentials, "GET_OVERRIDES")
5475  && (strcasecmp (info_type, "NVT") == 0)
5476  && params_value (params, "info_id"))
5477  {
5478  gchar *response;
5479 
5480  if (simple_ompf ("getting SecInfo", credentials, &response, response_data,
5481  "<get_overrides"
5482  " nvt_oid=\"%s\""
5483  " sort_field=\"overrides.text\"/>",
5484  params_value (params, "info_id")))
5485  {
5486  g_string_free (extra_response, TRUE);
5487  return response;
5488  }
5489 
5490  g_string_append (extra_response, response);
5491  }
5492 
5493  extra_attribs = g_string_new("");
5494  g_string_append_printf (extra_attribs, "type=\"%s\"",
5495  params_value (params, "info_type"));
5496  if (params_value (params, "info_name"))
5497  g_string_append_printf (extra_attribs,
5498  " name=\"%s\"",
5499  params_value (params, "info_name"));
5500  else if (params_value (params, "info_id"))
5501  g_string_append_printf (extra_attribs,
5502  " info_id=\"%s\"",
5503  params_value (params, "info_id"));
5504  if (params_value (params, "details"))
5505  g_string_append_printf (extra_attribs,
5506  " details=\"%s\"",
5507  params_value (params, "details"));
5508  ret = get_many ("info", credentials, params, extra_response->str,
5509  extra_attribs->str, response_data);
5510 
5511  g_string_free (extra_response, TRUE);
5512  g_string_free (extra_attribs, TRUE);
5513 
5514  return ret;
5515 }
5516 
5526 char *
5527 get_info_omp (credentials_t * credentials, params_t *params,
5528  cmd_response_data_t* response_data)
5529 {
5530  return get_info (credentials, params, NULL, response_data);
5531 }
5532 
5542 char*
5543 get_nvts_omp (credentials_t *credentials, params_t *params,
5544  cmd_response_data_t* response_data)
5545 {
5546  return get_nvts (credentials, params, NULL, NULL, response_data);
5547 }
5548 
5555 static void
5556 params_toggle_overrides (params_t *params, const char *overrides)
5557 {
5558  param_t *filt_id, *build_filter;
5559  const char *new_filt_id;
5560 
5561  build_filter = params_get (params, "build_filter");
5562 
5563  if (build_filter)
5564  new_filt_id = "";
5565  else
5566  new_filt_id = "0";
5567 
5568  filt_id = params_get (params, "filt_id");
5569  if (filt_id)
5570  {
5571  filt_id->value = g_strdup (new_filt_id);
5572  filt_id->value_size = strlen (filt_id->value);
5573  filt_id->valid = 1;
5574  filt_id->valid_utf8 = 1;
5575  }
5576  else
5577  params_add (params, "filt_id", new_filt_id);
5578 
5579  if (build_filter == NULL)
5580  {
5581  param_t *filter;
5582  filter = params_get (params, "filter");
5583  if (filter && filter->value)
5584  {
5585  gchar *old;
5586  old = filter->value;
5587  filter->value = g_strdup_printf ("apply_overrides=%s %s",
5588  overrides,
5589  old);
5590  g_free (old);
5591  }
5592  else if (strcmp (overrides, "0"))
5593  params_add (params, "filter",
5594  "apply_overrides=1 rows=-2");
5595  else
5596  params_add (params, "filter",
5597  "apply_overrides=0 rows=-2");
5598  }
5599 }
5600 
5611 static char *
5612 get_tasks (credentials_t *credentials, params_t *params, const char *extra_xml,
5613  cmd_response_data_t* response_data)
5614 {
5615  const char *overrides, *schedules_only, *ignore_pagination;
5616  gchar *extra_attribs, *ret;
5617 
5618  overrides = params_value (params, "overrides");
5619  schedules_only = params_value (params, "schedules_only");
5620  ignore_pagination = params_value (params, "ignore_pagination");
5621 
5622  if (overrides)
5623  /* User toggled overrides. Set the overrides value in the filter. */
5624  params_toggle_overrides (params, overrides);
5625 
5626  extra_attribs = g_strdup_printf ("%s%s%s"
5627  "%s%s%s",
5628  schedules_only ? "schedules_only=\"" : "",
5629  schedules_only ? schedules_only : "",
5630  schedules_only ? "\" " : "",
5631  ignore_pagination
5632  ? "ignore_pagination=\""
5633  : "",
5634  ignore_pagination ? ignore_pagination : "",
5635  ignore_pagination ? "\" " : "");
5636 
5637  ret = get_many ("task", credentials, params, extra_xml, extra_attribs,
5638  response_data);
5639  g_free (extra_attribs);
5640  return ret;
5641 }
5642 
5652 char *
5653 get_tasks_omp (credentials_t * credentials, params_t *params,
5654  cmd_response_data_t* response_data)
5655 {
5656  return get_tasks (credentials, params, NULL, response_data);
5657 }
5658 
5669 static char *
5670 get_tasks_chart (credentials_t *credentials, params_t *params,
5671  const char *extra_xml, cmd_response_data_t* response_data)
5672 {
5673  return xsl_transform_omp (credentials, g_strdup ("<get_tasks_chart/>"),
5674  response_data);
5675 }
5676 
5686 char *
5688  cmd_response_data_t* response_data)
5689 {
5690  return get_tasks_chart (credentials, params, NULL, response_data);
5691 }
5692 
5693 
5704 static char *
5705 get_task (credentials_t *credentials, params_t *params, const char *extra_xml,
5706  cmd_response_data_t* response_data)
5707 {
5708  GString *xml = NULL;
5709  GString *commands_xml = NULL;
5710  entity_t commands_entity = NULL;
5711  entity_t task_entity = NULL;
5712  openvas_connection_t connection;
5713  int notes, get_overrides, apply_overrides;
5714  int get_target, get_alerts;
5715  const char *overrides, *task_id;
5716  gchar *html;
5717 
5718  task_id = params_value (params, "task_id");
5719  if (task_id == NULL)
5720  return get_tasks (credentials, params, extra_xml, response_data);
5721 
5722  overrides = params_value (params, "overrides");
5723  apply_overrides = overrides ? strcmp (overrides, "0") : 1;
5724 
5725  switch (manager_connect (credentials, &connection, &html,
5726  response_data))
5727  {
5728  case 0:
5729  break;
5730  case -1:
5731  if (html)
5732  return html;
5733  /* Fall through. */
5734  default:
5735  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5736  return gsad_message (credentials,
5737  "Internal error", __FUNCTION__, __LINE__,
5738  "An internal error occurred while getting the status. "
5739  "No update on status can be retrieved. "
5740  "Diagnostics: Failure to connect to manager daemon.",
5741  "/omp?cmd=get_tasks", response_data);
5742  }
5743 
5744  notes = command_enabled (credentials, "GET_NOTES");
5745  get_overrides = command_enabled (credentials, "GET_OVERRIDES");
5746  if (openvas_connection_sendf
5747  (&connection,
5748  "<commands>"
5749  "<get_tasks"
5750  " task_id=\"%s\""
5751  " filter=\"apply_overrides=%i\""
5752  " details=\"0\"/>"
5753  "%s%s%s"
5754  "%s%s%s"
5755  "</commands>",
5756  task_id,
5757  apply_overrides,
5758  notes
5759  ? "<get_notes"
5760  " sort_field=\"notes_nvt_name, notes.text\""
5761  " task_id=\""
5762  : "",
5763  notes ? task_id : "",
5764  notes ? "\"/>" : "",
5765  get_overrides
5766  ? "<get_overrides"
5767  " sort_field=\"overrides_nvt_name, overrides.text\""
5768  " task_id=\""
5769  : "",
5770  get_overrides ? task_id : "",
5771  get_overrides ? "\"/>" : "")
5772  == -1)
5773  {
5774  openvas_connection_close (&connection);
5775  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5776  return gsad_message (credentials,
5777  "Internal error", __FUNCTION__, __LINE__,
5778  "An internal error occurred while getting the status. "
5779  "No update on the requested task can be retrieved. "
5780  "Diagnostics: Failure to send command to manager daemon.",
5781  "/omp?cmd=get_tasks", response_data);
5782  }
5783 
5784  commands_xml = g_string_new ("");
5785  xml = g_string_new ("<get_task>");
5786 
5787  if (extra_xml)
5788  g_string_append (xml, extra_xml);
5789 
5790  g_string_append_printf (xml,
5791  "<apply_overrides>%i</apply_overrides>"
5792  "<delta>%s</delta>",
5793  apply_overrides,
5794  params_value (params, "delta_report_id")
5795  ? params_value (params, "delta_report_id")
5796  : "");
5797  if (read_string_c (&connection, &commands_xml))
5798  {
5799  openvas_connection_close (&connection);
5800  g_string_free (commands_xml, TRUE);
5801  g_string_free (xml, TRUE);
5802  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5803  return gsad_message (credentials,
5804  "Internal error", __FUNCTION__, __LINE__,
5805  "An internal error occurred while getting the status. "
5806  "No update of the status can be retrieved. "
5807  "Diagnostics: Failure to receive response from manager daemon.",
5808  "/omp?cmd=get_tasks", response_data);
5809  }
5810  g_string_append (xml, commands_xml->str);
5811 
5812  if (parse_entity (commands_xml->str, &commands_entity))
5813  {
5814  openvas_connection_close (&connection);
5815  g_string_free (commands_xml, TRUE);
5816  g_string_free (xml, TRUE);
5817  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5818  return gsad_message (credentials,
5819  "Internal error", __FUNCTION__, __LINE__,
5820  "An internal error occurred while getting the status. "
5821  "No update of the status can be retrieved. "
5822  "Diagnostics: Failure to parse response from manager daemon.",
5823  "/omp?cmd=get_tasks", response_data);
5824  }
5825 
5826  get_target = command_enabled (credentials, "GET_TARGETS");
5827  get_alerts = command_enabled (credentials, "GET_ALERTS");
5828  task_entity = entity_child (commands_entity, "get_tasks_response");
5829  if (task_entity == NULL)
5830  {
5831  g_warning ("%s: No get_tasks_response found in manager response.",
5832  __FUNCTION__);
5833  }
5834  else
5835  {
5836  task_entity = entity_child (task_entity, "task");
5837  if (task_entity == NULL)
5838  g_message ("%s: No task found in manager response.", __FUNCTION__);
5839  else if (get_target || get_alerts)
5840  {
5841  entities_t child_entities;
5842  entity_t child_entity;
5843  child_entities = task_entity->entities;
5844 
5845  while ((child_entity = first_entity (child_entities)))
5846  {
5847  if (get_alerts &&
5848  strcmp (entity_name (child_entity), "alert") == 0)
5849  {
5850  const char *resource_id
5851  = entity_attribute (child_entity, "id");
5852 
5853  if (resource_id != NULL && strcmp (resource_id, ""))
5854  {
5855  if (openvas_connection_sendf (&connection,
5856  "<get_alerts"
5857  " alert_id=\"%s\"/>",
5858  resource_id))
5859  {
5860  openvas_connection_close (&connection);
5861  g_string_free (xml, TRUE);
5862  g_string_free (commands_xml, TRUE);
5863  free_entity (commands_entity);
5864  response_data->http_status_code
5865  = MHD_HTTP_INTERNAL_SERVER_ERROR;
5866  return gsad_message (credentials,
5867  "Internal error",
5868  __FUNCTION__, __LINE__,
5869  "An internal error occurred while getting an alert of a task. "
5870  "Diagnostics: Failure to send command to manager daemon.",
5871  "/omp?cmd=get_tasks",
5872  response_data);
5873  }
5874  if (read_string_c (&connection, &xml))
5875  {
5876  openvas_connection_close (&connection);
5877  g_string_free (commands_xml, TRUE);
5878  g_string_free (xml, TRUE);
5879  free_entity (commands_entity);
5880  response_data->http_status_code
5881  = MHD_HTTP_INTERNAL_SERVER_ERROR;
5882  return gsad_message (credentials,
5883  "Internal error",
5884  __FUNCTION__, __LINE__,
5885  "An internal error occurred while getting an alert of a task. "
5886  "Diagnostics: Failure to receive response from manager daemon.",
5887  "/omp?cmd=get_tasks",
5888  response_data);
5889  }
5890  }
5891  }
5892 
5893  if (get_target &&
5894  strcmp (entity_name (child_entity), "target") == 0)
5895  {
5896  const char *resource_id
5897  = entity_attribute (child_entity, "id");
5898 
5899  if (resource_id != NULL && strcmp (resource_id, ""))
5900  {
5901  if (openvas_connection_sendf (&connection,
5902  "<get_targets"
5903  " target_id=\"%s\"/>",
5904  resource_id))
5905  {
5906  openvas_connection_close (&connection);
5907  g_string_free (xml, TRUE);
5908  g_string_free (commands_xml, TRUE);
5909  free_entity (commands_entity);
5910  response_data->http_status_code
5911  = MHD_HTTP_INTERNAL_SERVER_ERROR;
5912  return gsad_message (credentials,
5913  "Internal error",
5914  __FUNCTION__, __LINE__,
5915  "An internal error occurred while getting the target of a task. "
5916  "Diagnostics: Failure to send command to manager daemon.",
5917  "/omp?cmd=get_tasks",
5918  response_data);
5919  }
5920  if (read_string_c (&connection, &xml))
5921  {
5922  openvas_connection_close (&connection);
5923  g_string_free (commands_xml, TRUE);
5924  g_string_free (xml, TRUE);
5925  free_entity (commands_entity);
5926  response_data->http_status_code
5927  = MHD_HTTP_INTERNAL_SERVER_ERROR;
5928  return gsad_message (credentials,
5929  "Internal error",
5930  __FUNCTION__, __LINE__,
5931  "An internal error occurred while getting the target of a task. "
5932  "Diagnostics: Failure to receive response from manager daemon.",
5933  "/omp?cmd=get_tasks",
5934  response_data);
5935  }
5936  }
5937  }
5938 
5939  child_entities = next_entities (child_entities);
5940  }
5941  }
5942  }
5943 
5944  g_string_free (commands_xml, TRUE);
5945  free_entity (commands_entity);
5946 
5947  /* Get slave scanners. */
5948 
5949  if (command_enabled (credentials, "GET_SCANNERS"))
5950  {
5951  if (openvas_connection_sendf (&connection,
5952  "<get_scanners"
5953  " filter=\"first=1 rows=-1 type=4\"/>")
5954  == -1)
5955  {
5956  g_string_free (xml, TRUE);
5957  openvas_connection_close (&connection);
5958  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5959  return gsad_message (credentials,
5960  "Internal error", __FUNCTION__, __LINE__,
5961  "An internal error occurred while getting slaves list. "
5962  "The current list of resources is not available. "
5963  "Diagnostics: Failure to send command to manager daemon.",
5964  "/omp?cmd=get_tasks", response_data);
5965  }
5966 
5967  if (read_string_c (&connection, &xml))
5968  {
5969  g_string_free (xml, TRUE);
5970  openvas_connection_close (&connection);
5971  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5972  return gsad_message (credentials,
5973  "Internal error", __FUNCTION__, __LINE__,
5974  "An internal error occurred while getting slaves list. "
5975  "The current list of resources is not available. "
5976  "Diagnostics: Failure to receive response from manager daemon.",
5977  "/omp?cmd=get_tasks", response_data);
5978  }
5979  }
5980 
5981  /* Get tag names */
5982 
5983  if (openvas_connection_sendf (&connection,
5984  "<get_tags"
5985  " filter=\"resource_type=task"
5986  " first=1"
5987  " rows=-1\""
5988  " names_only=\"1\""
5989  "/>")
5990  == -1)
5991  {
5992  g_string_free (xml, TRUE);
5993  openvas_connection_close (&connection);
5994  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
5995  return gsad_message (credentials,
5996  "Internal error", __FUNCTION__, __LINE__,
5997  "An internal error occurred while getting tag names list. "
5998  "The current list of resources is not available. "
5999  "Diagnostics: Failure to send command to manager daemon.",
6000  "/omp?cmd=get_resources", response_data);
6001  }
6002 
6003  if (read_string_c (&connection, &xml))
6004  {
6005  g_string_free (xml, TRUE);
6006  openvas_connection_close (&connection);
6007  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6008  return gsad_message (credentials,
6009  "Internal error", __FUNCTION__, __LINE__,
6010  "An internal error occurred while getting tag names list. "
6011  "The current list of resources is not available. "
6012  "Diagnostics: Failure to receive response from manager daemon.",
6013  "/omp?cmd=get_resources", response_data);
6014  }
6015 
6016  /* Get permissions */
6017 
6018  g_string_append (xml, "<permissions>");
6019 
6020  if (openvas_connection_sendf (&connection,
6021  "<get_permissions"
6022  " filter=\"name:^.*(task)s?$"
6023  " and resource_uuid=%s"
6024  " first=1 rows=-1\"/>",
6025  task_id)
6026  == -1)
6027  {
6028  g_string_free (xml, TRUE);
6029  openvas_connection_close (&connection);
6030  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6031  return gsad_message (credentials,
6032  "Internal error", __FUNCTION__, __LINE__,
6033  "An internal error occurred while getting permissions list. "
6034  "The current list of resources is not available. "
6035  "Diagnostics: Failure to send command to manager daemon.",
6036  "/omp?cmd=get_resources", response_data);
6037  }
6038 
6039  if (read_string_c (&connection, &xml))
6040  {
6041  g_string_free (xml, TRUE);
6042  openvas_connection_close (&connection);
6043  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6044  return gsad_message (credentials,
6045  "Internal error", __FUNCTION__, __LINE__,
6046  "An internal error occurred while getting permissions list. "
6047  "The current list of resources is not available. "
6048  "Diagnostics: Failure to receive response from manager daemon.",
6049  "/omp?cmd=get_resources", response_data);
6050  }
6051 
6052  g_string_append (xml, "</permissions>");
6053 
6054  g_string_append (xml, "</get_task>");
6055 
6056  openvas_connection_close (&connection);
6057  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
6058  response_data);
6059 }
6060 
6070 char *
6071 get_task_omp (credentials_t * credentials, params_t *params,
6072  cmd_response_data_t* response_data)
6073 {
6074  return get_task (credentials, params, NULL, response_data);
6075 }
6076 
6087 static char *
6088 new_credential (credentials_t *credentials, params_t *params,
6089  const char *extra_xml, cmd_response_data_t* response_data)
6090 {
6091  GString *xml;
6092  xml = g_string_new ("<new_credential>");
6093  if (extra_xml)
6094  g_string_append (xml, extra_xml);
6095  g_string_append (xml, "</new_credential>");
6096  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
6097  response_data);
6098 }
6099 
6109 char *
6111  cmd_response_data_t* response_data)
6112 {
6113  int ret;
6114  gchar *html, *response;
6115  const char *no_redirect;
6116  const char *name, *comment, *login, *type, *password, *passphrase;
6117  const char *private_key, *certificate, *community, *privacy_password;
6118  const char *auth_algorithm, *privacy_algorithm, *allow_insecure;
6119  int autogenerate;
6120  entity_t entity;
6121 
6122  no_redirect = params_value (params, "no_redirect");
6123  name = params_value (params, "name");
6124  comment = params_value (params, "comment");
6125  login = params_value (params, "credential_login");
6126  type = params_value (params, "base");
6127  password = params_value (params, "lsc_password");
6128  passphrase = params_value (params, "passphrase");
6129  private_key = params_value (params, "private_key");
6130  certificate = params_value (params, "certificate");
6131  community = params_value (params, "community");
6132  privacy_password = params_value (params, "privacy_password");
6133  auth_algorithm = params_value (params, "auth_algorithm");
6134  privacy_algorithm = params_value (params, "privacy_algorithm");
6135  allow_insecure = params_value (params, "allow_insecure");
6136 
6137  if (params_value (params, "autogenerate"))
6138  autogenerate = strcmp (params_value (params, "autogenerate"), "0");
6139  else
6140  return message_invalid (credentials, params, response_data,
6141  "Given autogenerate was invalid",
6142  G_STRINGIFY (MHD_HTTP_BAD_REQUEST),
6143  "Create Credential", "new_credential");
6144 
6145  CHECK_PARAM_INVALID (name, "Create Credential", "new_credential");
6146  CHECK_PARAM_INVALID (comment, "Create Credential", "new_credential");
6147  CHECK_PARAM_INVALID (type, "Create Credential", "new_credential");
6148  CHECK_PARAM_INVALID (allow_insecure, "Create Credential", "new_credential");
6149 
6150  if (autogenerate)
6151  {
6152  if (type && (strcmp (type, "cc") == 0))
6153  {
6154  // Auto-generate types without username
6155  ret = ompf (credentials,
6156  &response,
6157  &entity,
6158  response_data,
6159  "<create_credential>"
6160  "<name>%s</name>"
6161  "<comment>%s</comment>"
6162  "<type>%s</type>"
6163  "<allow_insecure>%s</allow_insecure>"
6164  "</create_credential>",
6165  name,
6166  comment ? comment : "",
6167  type,
6168  allow_insecure);
6169  }
6170  else
6171  {
6172  // Auto-generate types with username
6173  CHECK_PARAM_INVALID (login, "Create Credential", "new_credential");
6174 
6175  ret = ompf (credentials,
6176  &response,
6177  &entity,
6178  response_data,
6179  "<create_credential>"
6180  "<name>%s</name>"
6181  "<comment>%s</comment>"
6182  "<type>%s</type>"
6183  "<login>%s</login>"
6184  "<allow_insecure>%s</allow_insecure>"
6185  "</create_credential>",
6186  name,
6187  comment ? comment : "",
6188  type,
6189  login,
6190  allow_insecure);
6191  }
6192  }
6193  else
6194  {
6195  if (type && (strcmp (type, "up") == 0))
6196  {
6197  CHECK_PARAM_INVALID (login,
6198  "Create Credential", "new_credential");
6199  CHECK_PARAM_INVALID (password,
6200  "Create Credential", "new_credential");
6201 
6202  ret = ompf (credentials,
6203  &response,
6204  &entity,
6205  response_data,
6206  "<create_credential>"
6207  "<name>%s</name>"
6208  "<comment>%s</comment>"
6209  "<type>%s</type>"
6210  "<login>%s</login>"
6211  "<password>%s</password>"
6212  "<allow_insecure>%s</allow_insecure>"
6213  "</create_credential>",
6214  name,
6215  comment ? comment : "",
6216  type,
6217  login ? login : "",
6218  password ? password : "",
6219  allow_insecure);
6220  }
6221  else if (type && (strcmp (type, "usk") == 0))
6222  {
6223  CHECK_PARAM_INVALID (login,
6224  "Create Credential", "new_credential");
6225  CHECK_PARAM_INVALID (passphrase,
6226  "Create Credential", "new_credential");
6227  CHECK_PARAM_INVALID (private_key,
6228  "Create Credential", "new_credential");
6229 
6230  ret = ompf (credentials,
6231  &response,
6232  &entity,
6233  response_data,
6234  "<create_credential>"
6235  "<name>%s</name>"
6236  "<comment>%s</comment>"
6237  "<type>%s</type>"
6238  "<login>%s</login>"
6239  "<key>"
6240  "<private>%s</private>"
6241  "<phrase>%s</phrase>"
6242  "</key>"
6243  "<allow_insecure>%s</allow_insecure>"
6244  "</create_credential>",
6245  name,
6246  comment ? comment : "",
6247  type,
6248  login ? login : "",
6249  private_key ? private_key : "",
6250  passphrase ? passphrase : "",
6251  allow_insecure);
6252  }
6253  else if (type && (strcmp (type, "cc") == 0))
6254  {
6255  CHECK_PARAM_INVALID (certificate,
6256  "Create Credential", "new_credential");
6257  CHECK_PARAM_INVALID (private_key,
6258  "Create Credential", "new_credential");
6259 
6260  ret = ompf (credentials,
6261  &response,
6262  &entity,
6263  response_data,
6264  "<create_credential>"
6265  "<name>%s</name>"
6266  "<comment>%s</comment>"
6267  "<type>%s</type>"
6268  "<certificate>%s</certificate>"
6269  "<key>"
6270  "<private>%s</private>"
6271  "</key>"
6272  "<allow_insecure>%s</allow_insecure>"
6273  "</create_credential>",
6274  name,
6275  comment ? comment : "",
6276  type,
6277  certificate ? certificate : "",
6278  private_key ? private_key : "",
6279  allow_insecure);
6280 
6281  }
6282  else if (type && (strcmp (type, "snmp") == 0))
6283  {
6284  CHECK_PARAM_INVALID (community,
6285  "Create Credential", "new_credential");
6286  CHECK_PARAM_INVALID (login,
6287  "Create Credential", "new_credential");
6288  CHECK_PARAM_INVALID (password,
6289  "Create Credential", "new_credential");
6290  CHECK_PARAM_INVALID (privacy_password,
6291  "Create Credential", "new_credential");
6292  CHECK_PARAM_INVALID (auth_algorithm,
6293  "Create Credential", "new_credential");
6294  CHECK_PARAM_INVALID (privacy_algorithm,
6295  "Create Credential", "new_credential");
6296 
6297  if (privacy_password && strcmp (privacy_password, ""))
6298  ret = ompf (credentials,
6299  &response,
6300  &entity,
6301  response_data,
6302  "<create_credential>"
6303  "<name>%s</name>"
6304  "<comment>%s</comment>"
6305  "<type>%s</type>"
6306  "<community>%s</community>"
6307  "<login>%s</login>"
6308  "<password>%s</password>"
6309  "<privacy>"
6310  "<password>%s</password>"
6311  "<algorithm>%s</algorithm>"
6312  "</privacy>"
6313  "<auth_algorithm>%s</auth_algorithm>"
6314  "<allow_insecure>%s</allow_insecure>"
6315  "</create_credential>",
6316  name,
6317  comment ? comment : "",
6318  type,
6319  community ? community : "",
6320  login ? login : "",
6321  password ? password : "",
6322  privacy_password ? privacy_password : "",
6323  privacy_algorithm ? privacy_algorithm : "",
6324  auth_algorithm ? auth_algorithm : "",
6325  allow_insecure);
6326  else
6327  ret = ompf (credentials,
6328  &response,
6329  &entity,
6330  response_data,
6331  "<create_credential>"
6332  "<name>%s</name>"
6333  "<comment>%s</comment>"
6334  "<type>%s</type>"
6335  "<community>%s</community>"
6336  "<login>%s</login>"
6337  "<password>%s</password>"
6338  "<auth_algorithm>%s</auth_algorithm>"
6339  "<allow_insecure>%s</allow_insecure>"
6340  "</create_credential>",
6341  name,
6342  comment ? comment : "",
6343  type,
6344  community ? community : "",
6345  login ? login : "",
6346  password ? password : "",
6347  auth_algorithm ? auth_algorithm : "",
6348  allow_insecure);
6349  }
6350  else
6351  {
6352  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6353  return gsad_message (credentials,
6354  "Internal error", __FUNCTION__, __LINE__,
6355  "An internal error occurred while creating a new credential. "
6356  "The credential could not be created. "
6357  "Diagnostics: Unrecognized credential type.",
6358  "/omp?cmd=get_credentials", response_data);
6359  }
6360  }
6361 
6362  /* Create the credential. */
6363  switch (ret)
6364  {
6365  case 0:
6366  case -1:
6367  break;
6368  case 1:
6369  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6370  return gsad_message (credentials,
6371  "Internal error", __FUNCTION__, __LINE__,
6372  "An internal error occurred while creating a new credential. "
6373  "It is unclear whether the credential has been created or not. "
6374  "Diagnostics: Failure to send command to manager daemon.",
6375  "/omp?cmd=get_credentials", response_data);
6376  case 2:
6377  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6378  return gsad_message (credentials,
6379  "Internal error", __FUNCTION__, __LINE__,
6380  "An internal error occurred while creating a new credential. "
6381  "It is unclear whether the credential has been created or not. "
6382  "Diagnostics: Failure to receive response from manager daemon.",
6383  "/omp?cmd=get_credentials", response_data);
6384  default:
6385  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6386  return gsad_message (credentials,
6387  "Internal error", __FUNCTION__, __LINE__,
6388  "An internal error occurred while creating a new credential. "
6389  "It is unclear whether the credential has been created or not. "
6390  "Diagnostics: Internal Error.",
6391  "/omp?cmd=get_credentials", response_data);
6392  }
6393 
6394  if (entity_attribute (entity, "id"))
6395  params_add (params, "credential_id", entity_attribute (entity, "id"));
6396  html = response_from_entity (credentials, params, entity,
6397  (no_redirect && strcmp (no_redirect, "0")),
6398  NULL, "get_credentials",
6399  NULL, "new_credential",
6400  "Create Credential",
6401  response_data);
6402  free_entity (entity);
6403  g_free (response);
6404  return html;
6405 }
6406 
6417 static char *
6418 get_credential (credentials_t * credentials, params_t *params,
6419  const char *extra_xml, cmd_response_data_t* response_data)
6420 {
6421  return get_one ("credential", credentials, params, extra_xml,
6422  "targets=\"1\" scanners=\"1\"", response_data);
6423 }
6424 
6434 char *
6436  cmd_response_data_t* response_data)
6437 {
6438  return get_credential (credentials, params, NULL, response_data);
6439 }
6440 
6454 int
6456  params_t *params,
6457  gsize *result_len,
6458  char ** html,
6459  char ** login,
6460  cmd_response_data_t* response_data)
6461 {
6462  entity_t entity;
6463  openvas_connection_t connection;
6464  gchar *connect_html;
6465  const char *credential_id, *format;
6466 
6467  assert (html);
6468 
6469  if (result_len) *result_len = 0;
6470 
6471  switch (manager_connect (credentials, &connection, &connect_html,
6472  response_data))
6473  {
6474  case 0:
6475  break;
6476  case -1:
6477  if (connect_html)
6478  {
6479  *html = connect_html;
6480  return 1;
6481  }
6482  /* Fall through. */
6483  default:
6484  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6485  *html = gsad_message (credentials,
6486  "Internal error", __FUNCTION__, __LINE__,
6487  "An internal error occurred while getting a credential. "
6488  "Diagnostics: Failure to connect to manager daemon.",
6489  "/omp?cmd=get_credentials", response_data);
6490  return 1;
6491  }
6492 
6493  /* Send the request. */
6494 
6495  credential_id = params_value (params, "credential_id");
6496  format = params_value (params, "package_format");
6497 
6498  if ((credential_id == NULL) || (format == NULL))
6499  {
6500  openvas_connection_close (&connection);
6501  response_data->http_status_code = MHD_HTTP_BAD_REQUEST;
6502  *html = gsad_message (credentials,
6503  "Internal error", __FUNCTION__, __LINE__,
6504  "An internal error occurred while getting a credential. "
6505  "Diagnostics: Required parameter was NULL.",
6506  "/omp?cmd=get_credentials", response_data);
6507  return 1;
6508  }
6509 
6510  if (openvas_connection_sendf (&connection,
6511  "<get_credentials"
6512  " credential_id=\"%s\""
6513  " format=\"%s\"/>",
6514  credential_id,
6515  format)
6516  == -1)
6517  {
6518  openvas_connection_close (&connection);
6519  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6520  *html = gsad_message (credentials,
6521  "Internal error", __FUNCTION__, __LINE__,
6522  "An internal error occurred while getting a credential. "
6523  "Diagnostics: Failure to send command to manager daemon.",
6524  "/omp?cmd=get_credentials", response_data);
6525  return 1;
6526  }
6527 
6528  /* Read and handle the response. */
6529 
6530  if (strcmp (format, "rpm") == 0
6531  || strcmp (format, "deb") == 0
6532  || strcmp (format, "exe") == 0)
6533  {
6534  gchar *package_decoded = NULL;
6535  entity_t package_entity = NULL, credential_entity;
6536 
6537  /* A base64 encoded package. */
6538 
6539  entity = NULL;
6540  if (read_entity_c (&connection, &entity))
6541  {
6542  openvas_connection_close (&connection);
6543  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6544  *html = gsad_message (credentials,
6545  "Internal error", __FUNCTION__, __LINE__,
6546  "An internal error occurred while getting a credential. "
6547  "The credential is not available. "
6548  "Diagnostics: Failure to receive response from manager daemon.",
6549  "/omp?cmd=get_credentials", response_data);
6550  return 1;
6551  }
6552 
6553  credential_entity = entity_child (entity, "credential");
6554  if (credential_entity)
6555  package_entity = entity_child (credential_entity, "package");
6556  if (package_entity != NULL)
6557  {
6558  gsize len;
6559  char *package_encoded = entity_text (package_entity);
6560  if (strlen (package_encoded))
6561  {
6562  package_decoded = (gchar *) g_base64_decode (package_encoded,
6563  &len);
6564  if (package_decoded == NULL)
6565  {
6566  package_decoded = (gchar *) g_strdup ("");
6567  len = 0;
6568  }
6569  }
6570  else
6571  {
6572  package_decoded = (gchar *) g_strdup ("");
6573  len = 0;
6574  }
6575  if (result_len) *result_len = len;
6576  openvas_connection_close (&connection);
6577  *html = package_decoded;
6578  if (login)
6579  {
6580  entity_t login_entity;
6581  login_entity = entity_child (credential_entity, "login");
6582  if (login_entity)
6583  *login = g_strdup (entity_text (login_entity));
6584  else
6585  *login = NULL;
6586  }
6587  free_entity (entity);
6588  return 0;
6589  }
6590  else
6591  {
6592  free_entity (entity);
6593  openvas_connection_close (&connection);
6594  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6595  *html = gsad_message (credentials,
6596  "Internal error", __FUNCTION__, __LINE__,
6597  "An internal error occurred while getting a credential. "
6598  "The credential could not be delivered. "
6599  "Diagnostics: Failure to receive credential from manager daemon.",
6600  "/omp?cmd=get_credentials", response_data);
6601  return 1;
6602  }
6603  }
6604  else
6605  {
6606  entity_t credential_entity, key_entity = NULL;
6607 
6608  /* A key or certificate. */
6609 
6610  entity = NULL;
6611  if (read_entity_c (&connection, &entity))
6612  {
6613  openvas_connection_close (&connection);
6614  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6615  *html = gsad_message (credentials,
6616  "Internal error", __FUNCTION__, __LINE__,
6617  "An internal error occurred while getting a credential. "
6618  "The credential could not be delivered. "
6619  "Diagnostics: Failure to receive credential from manager daemon.",
6620  "/omp?cmd=get_credentials", response_data);
6621  return 1;
6622  }
6623  openvas_connection_close (&connection);
6624 
6625  credential_entity = entity_child (entity, "credential");
6626  if (credential_entity)
6627  {
6628  if (strcmp (format, "pem") == 0)
6629  key_entity = entity_child (credential_entity, "certificate");
6630  else
6631  key_entity = entity_child (credential_entity, "public_key");
6632  }
6633  if (key_entity != NULL)
6634  {
6635  *html = g_strdup (entity_text (key_entity));
6636  if (login)
6637  {
6638  entity_t login_entity = entity_child (credential_entity, "login");
6639  if (login_entity)
6640  *login = g_strdup (entity_text (login_entity));
6641  else
6642  *login = NULL;
6643  }
6644  free_entity (entity);
6645  return 0;
6646  }
6647  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6648  *html = gsad_message (credentials,
6649  "Internal error", __FUNCTION__, __LINE__,
6650  "An internal error occurred while getting a credential. "
6651  "The credential could not be delivered. "
6652  "Diagnostics: Failure to parse credential from manager daemon.",
6653  "/omp?cmd=get_credentials", response_data);
6654  free_entity (entity);
6655  return 1;
6656  }
6657 }
6658 
6672 char *
6674  enum content_type * content_type,
6675  char **content_disposition, gsize *content_length,
6676  cmd_response_data_t* response_data)
6677 {
6678  return export_resource ("credential", credentials, params, content_type,
6679  content_disposition, content_length, response_data);
6680 }
6681 
6695 char *
6697  enum content_type * content_type,
6698  char **content_disposition, gsize *content_length,
6699  cmd_response_data_t* response_data)
6700 {
6701  return export_many ("credential", credentials, params, content_type,
6702  content_disposition, content_length, response_data);
6703 }
6704 
6716 static char *
6717 get_credentials (credentials_t * credentials, params_t *params,
6718  const char *extra_xml, cmd_response_data_t* response_data)
6719 {
6720  return get_many ("credential", credentials, params, extra_xml, NULL,
6721  response_data);
6722 }
6723 
6733 char *
6735  cmd_response_data_t* response_data)
6736 {
6737  return get_credentials (credentials, params, NULL, response_data);
6738 }
6739 
6749 char *
6751  cmd_response_data_t* response_data)
6752 {
6753  return delete_resource ("credential", credentials, params, 0,
6754  "get_credentials", response_data);
6755 }
6756 
6766 char *
6768  cmd_response_data_t* response_data)
6769 {
6770  return new_credential (credentials, params, NULL, response_data);
6771 }
6772 
6783 static char *
6784 edit_credential (credentials_t * credentials, params_t *params,
6785  const char *extra_xml, cmd_response_data_t* response_data)
6786 {
6787  return edit_resource ("credential", credentials, params, NULL, extra_xml,
6788  response_data);
6789 }
6790 
6800 char *
6802  cmd_response_data_t* response_data)
6803 {
6804  return edit_credential (credentials, params, NULL, response_data);
6805 }
6806 
6816 char *
6818  cmd_response_data_t* response_data)
6819 {
6820  int ret, change_password, change_passphrase;
6821  int change_community, change_privacy_password;
6822  gchar *html, *response;
6823  const char *no_redirect, *credential_id;
6824  const char *name, *comment, *login, *password, *passphrase;
6825  const char *private_key, *certificate, *community, *privacy_password;
6826  const char *auth_algorithm, *privacy_algorithm, *allow_insecure;
6827  GString *command;
6828  entity_t entity;
6829 
6830  no_redirect = params_value (params, "no_redirect");
6831  credential_id = params_value (params, "credential_id");
6832  name = params_value (params, "name");
6833  comment = params_value (params, "comment");
6834  login = params_value (params, "credential_login");
6835  password = params_value (params, "password");
6836  passphrase = params_value (params, "passphrase");
6837  private_key = params_value (params, "private_key");
6838  certificate = params_value (params, "certificate");
6839  community = params_value (params, "community");
6840  privacy_password = params_value (params, "privacy_password");
6841  auth_algorithm = params_value (params, "auth_algorithm");
6842  privacy_algorithm = params_value (params, "privacy_algorithm");
6843  allow_insecure = params_value (params, "allow_insecure");
6844 
6845  CHECK_PARAM_INVALID (credential_id, "Save Credential", "edit_credential");
6846  CHECK_PARAM_INVALID (name, "Save Credential", "edit_credential");
6847  CHECK_PARAM_INVALID (comment, "Save Credential", "edit_credential");
6848  CHECK_PARAM_INVALID (allow_insecure, "Save Credential", "edit_credential");
6849  if (params_given (params, "certificate"))
6850  CHECK_PARAM_INVALID (certificate, "Save Credential", "edit_credential");
6851  if (params_given (params, "private_key"))
6852  CHECK_PARAM_INVALID (private_key, "Save Credential", "edit_credential");
6853  if (params_given (params, "login"))
6854  CHECK_PARAM_INVALID (login, "Save Credential", "edit_credential");
6855  if (params_given (params, "auth_algorithm"))
6856  CHECK_PARAM_INVALID (auth_algorithm, "Save Credential", "edit_credential");
6857  if (params_given (params, "privacy_algorithm"))
6858  CHECK_PARAM_INVALID (privacy_algorithm,
6859  "Save Credential", "edit_credential");
6860 
6861  change_community = (params_value (params, "change_community") ? 1 : 0);
6862  if (change_community)
6863  CHECK_PARAM_INVALID (community, "Save Credential", "edit_credential");
6864  change_passphrase = (params_value (params, "change_passphrase") ? 1 : 0);
6865  if (change_passphrase)
6866  CHECK_PARAM_INVALID (passphrase, "Save Credential", "edit_credential");
6867  change_password = (params_value (params, "change_password") ? 1 : 0);
6868  if (change_password)
6869  CHECK_PARAM_INVALID (password, "Save Credential", "edit_credential");
6870  change_privacy_password
6871  = (params_value (params, "change_privacy_password") ? 1 : 0);
6872  if (change_privacy_password)
6873  CHECK_PARAM_INVALID (privacy_password,
6874  "Save Credential", "edit_credential");
6875 
6876  /* Prepare command */
6877  command = g_string_new ("");
6878 
6879  xml_string_append (command,
6880  "<modify_credential credential_id=\"%s\">"
6881  "<name>%s</name>"
6882  "<comment>%s</comment>"
6883  "<allow_insecure>%s</allow_insecure>",
6884  credential_id,
6885  name,
6886  comment,
6887  allow_insecure);
6888 
6889  if (auth_algorithm)
6890  xml_string_append (command,
6891  "<auth_algorithm>%s</auth_algorithm>",
6892  auth_algorithm);
6893 
6894  if (certificate && strcmp (certificate, ""))
6895  xml_string_append (command,
6896  "<certificate>%s</certificate>",
6897  certificate);
6898 
6899  if (change_community)
6900  xml_string_append (command,
6901  "<community>%s</community>",
6902  community);
6903 
6904  if (login && strcmp (login, ""))
6905  xml_string_append (command,
6906  "<login>%s</login>",
6907  login);
6908 
6909  if (change_password)
6910  xml_string_append (command,
6911  "<password>%s</password>",
6912  password);
6913 
6914  if (privacy_algorithm || change_privacy_password)
6915  {
6916  xml_string_append (command,
6917  "<privacy>");
6918  if (privacy_algorithm && strcmp (privacy_algorithm, ""))
6919  {
6920  xml_string_append (command,
6921  "<algorithm>%s</algorithm>",
6922  privacy_algorithm);
6923  if (change_privacy_password)
6924  xml_string_append (command,
6925  "<password>%s</password>",
6926  privacy_password);
6927  }
6928  else if (privacy_algorithm)
6929  {
6930  xml_string_append (command,
6931  "<algorithm></algorithm>");
6932  xml_string_append (command,
6933  "<password></password>");
6934  }
6935 
6936  xml_string_append (command,
6937  "</privacy>");
6938  }
6939 
6940  if ((private_key && strcmp (private_key, "")) || change_passphrase)
6941  {
6942  xml_string_append (command,
6943  "<key>");
6944  if (change_passphrase)
6945  xml_string_append (command,
6946  "<phrase>%s</phrase>",
6947  passphrase);
6948  if (private_key)
6949  xml_string_append (command,
6950  "<private>%s</private>",
6951  private_key);
6952  xml_string_append (command,
6953  "</key>");
6954  }
6955 
6956  xml_string_append (command,
6957  "</modify_credential>");
6958 
6959  /* Modify the credential. */
6960  response = NULL;
6961  entity = NULL;
6962  ret = omp (credentials,
6963  &response,
6964  &entity,
6965  response_data,
6966  command->str);
6967  g_string_free (command, TRUE);
6968 
6969  switch (ret)
6970  {
6971  case 0:
6972  break;
6973  case -1:
6974  /* 'omp' set response. */
6975  return response;
6976  case 1:
6977  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6978  return gsad_message (credentials,
6979  "Internal error", __FUNCTION__, __LINE__,
6980  "An internal error occurred while saving a Credential. "
6981  "The Credential was not saved. "
6982  "Diagnostics: Failure to send command to manager daemon.",
6983  "/omp?cmd=get_credentials", response_data);
6984  case 2:
6985  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6986  return gsad_message (credentials,
6987  "Internal error", __FUNCTION__, __LINE__,
6988  "An internal error occurred while saving a Credential. "
6989  "It is unclear whether the Credential has been saved or not. "
6990  "Diagnostics: Failure to receive response from manager daemon.",
6991  "/omp?cmd=get_credentials", response_data);
6992  default:
6993  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
6994  return gsad_message (credentials,
6995  "Internal error", __FUNCTION__, __LINE__,
6996  "An internal error occurred while saving a Credential. "
6997  "It is unclear whether the Credential has been saved or not. "
6998  "Diagnostics: Internal Error.",
6999  "/omp?cmd=get_credentials", response_data);
7000  }
7001 
7002  html = response_from_entity (credentials, params, entity,
7003  (no_redirect && strcmp (no_redirect, "0")),
7004  NULL, "get_credentials",
7005  NULL, "edit_credential",
7006  "Save Credential", response_data);
7007  free_entity (entity);
7008  g_free (response);
7009  return html;
7010 }
7011 
7022 static char *
7023 new_agent (credentials_t *credentials, params_t *params,
7024  const char *extra_xml, cmd_response_data_t* response_data)
7025 {
7026  GString *xml;
7027  xml = g_string_new ("<new_agent>");
7028  if (extra_xml)
7029  g_string_append (xml, extra_xml);
7030  g_string_append (xml, "</new_agent>");
7031  return xsl_transform_omp (credentials, g_string_free (xml, FALSE),
7032  response_data);
7033 }
7034 
7044 char *
7045 new_agent_omp (credentials_t *credentials, params_t *params,
7046  cmd_response_data_t* response_data)
7047 {
7048  return new_agent (credentials, params, NULL, response_data);
7049 }
7050 
7060 char *
7061 create_agent_omp (credentials_t * credentials, params_t *params,
7062  cmd_response_data_t* response_data)
7063 {
7064  entity_t entity;
7065  gchar *response, *html;
7066  const char *no_redirect;
7067  const char *name, *comment, *installer, *installer_filename, *installer_sig;
7068  const char *howto_install, *howto_use;
7069  int installer_size, installer_sig_size, howto_install_size, howto_use_size;
7070  int ret;
7071  gchar *installer_64, *installer_sig_64, *howto_install_64, *howto_use_64;
7072  gchar *command;
7073 
7074  no_redirect = params_value (params, "no_redirect");
7075  name = params_value (params, "name");
7076  comment = params_value (params, "comment");
7077  installer = params_value (params, "installer");
7078  installer_filename = params_filename (params, "installer");
7079  installer_size = params_value_size (params, "installer");
7080  installer_sig = params_value (params, "installer_sig");
7081  installer_sig_size = params_value_size (params, "installer_sig");
7082  howto_install = params_value (params, "howto_install");
7083  howto_install_size = params_value_size (params, "howto_install");
7084  howto_use = params_value (params, "howto_use");
7085  howto_use_size = params_value_size (params, "howto_use");
7086 
7087  CHECK_PARAM_INVALID (name, "Create Agent", "new_agent");
7088  CHECK_PARAM_INVALID (comment, "Create Agent", "new_agent");
7089 
7090  /* Create the agent. */
7091 
7092  installer_64 = (installer_size > 0)
7093  ? g_base64_encode ((guchar *) installer,
7094  installer_size)
7095  : g_strdup ("");
7096 
7097  installer_sig_64 = (installer_sig_size > 0)
7098  ? g_base64_encode ((guchar *) installer_sig,
7099  installer_sig_size)
7100  : g_strdup ("");
7101 
7102  howto_install_64 = (howto_install_size > 0)
7103  ? g_base64_encode ((guchar *) howto_install,
7104  howto_install_size)
7105  : g_strdup ("");
7106 
7107  howto_use_64 = (howto_use_size > 0)
7108  ? g_base64_encode ((guchar *) howto_use,
7109  howto_use_size)
7110  : g_strdup ("");
7111 
7112  command = g_strdup_printf ("<create_agent>"
7113  "<name>%s</name>"
7114  "%s%s%s"
7115  "<installer>"
7116  "%s"
7117  "<signature>%s</signature>"
7118  "<filename>%s</filename>"
7119  "</installer>"
7120  "<howto_install>%s</howto_install>"
7121  "<howto_use>%s</howto_use>"
7122  "</create_agent>",
7123  name, comment ? "<comment>" : "",
7124  comment ? comment : "",
7125  comment ? "</comment>" : "",
7126  installer_64,
7127  installer_sig_64,
7128  installer_filename ? installer_filename : "",
7129  howto_install_64,
7130  howto_use_64);
7131 
7132  ret = omp (credentials,
7133  &response,
7134  &entity,
7135  response_data,
7136  command);
7137  g_free (command);
7138 
7139  g_free (installer_64);
7140  g_free (howto_install_64);
7141  g_free (howto_use_64);
7142 
7143  switch (ret)
7144  {
7145  case 0:
7146  break;
7147  case -1:
7148  /* 'omp' set response. */
7149  return response;
7150  case 1:
7151  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
7152  return gsad_message (credentials,
7153  "Internal error", __FUNCTION__, __LINE__,
7154  "An internal error occurred while creating a new agent. "
7155  "No new agent was created. "
7156  "Diagnostics: Failure to send command to manager daemon.",
7157  "/omp?cmd=get_agents", response_data);
7158  case 2:
7159  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
7160  return gsad_message (credentials,
7161  "Internal error", __FUNCTION__, __LINE__,
7162  "An internal error occurred while creating a new agent. "
7163  "It is unclear whether the agent has been created or not. "
7164  "Diagnostics: Failure to receive response from manager daemon.",
7165  "/omp?cmd=get_agents", response_data);
7166  default:
7167  response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
7168  return gsad_message (credentials,
7169  "Internal error", __FUNCTION__, __LINE__,
7170  "An internal error occurred while creating a new agent. "
7171  "It is unclear whether the agent has been created or not. "
7172  "Diagnostics: Internal Error.",