Greenbone Vulnerability Manager  22.4.0~dev1
Macros | Functions
manage_sql_tls_certificates.c File Reference

GVM management layer: TLS Certificates SQL. More...

#include "manage_tls_certificates.h"
#include "manage_acl.h"
#include "manage_sql_tls_certificates.h"
#include "manage_sql.h"
#include "utils.h"
#include "sql.h"
#include <stdlib.h>
#include <string.h>

Macros

#define G_LOG_DOMAIN   "md manage"
 GLib log domain.
 
#define TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS
 Filter columns for tls_certificate iterator. More...
 
#define TLS_CERTIFICATE_ITERATOR_COLUMNS
 TLS Certificate iterator columns.
 

Functions

static tls_certificate_t user_tls_certificate_match_internal (tls_certificate_t tls_certificate, user_t user, const char *sha256_fingerprint, const char *md5_fingerprint)
 Tries to find a matching certificate for a given user. More...
 
const char ** tls_certificate_filter_columns ()
 Gets the filter columns for TLS certificates. More...
 
column_ttls_certificate_select_columns ()
 Gets the select columns for TLS certificates. More...
 
gchar * tls_certificate_extra_where (const char *filter)
 Get extra_where string for a TLS certificate iterator or count. More...
 
int tls_certificate_count (const get_data_t *get)
 Count number of tls_certificates. More...
 
int init_tls_certificate_iterator (iterator_t *iterator, const get_data_t *get)
 Initialise a tls_certificate iterator. More...
 
int tls_certificate_iterator_trust (iterator_t *iterator)
 Get a column value from a tls_certificate iterator. More...
 
int tls_certificate_iterator_valid (iterator_t *iterator)
 Get a column value from a tls_certificate iterator. More...
 
int tls_certificate_in_use (tls_certificate_t tls_certificate)
 Return whether a tls_certificate is in use. More...
 
int tls_certificate_writable (tls_certificate_t tls_certificate)
 Return whether a tls_certificate is writable. More...
 
static int make_tls_certificate (const char *name, const char *comment, const char *certificate_b64, time_t activation_time, time_t expiration_time, const char *md5_fingerprint, const char *sha256_fingerprint, const char *subject_dn, const char *issuer_dn, const char *serial, gnutls_x509_crt_fmt_t certificate_format, int trust, int update, tls_certificate_t *tls_certificate)
 Create or update a TLS certificate from collected data. More...
 
int make_tls_certificate_from_base64 (const char *name, const char *comment, const char *certificate_b64, const char *fallback_fpr, int trust, int allow_failed_info, int update, tls_certificate_t *tls_certificate)
 Create or update a TLS certificate from Base64 encoded file content. More...
 
int create_tls_certificate (const char *name, const char *comment, const char *certificate_b64, int trust, tls_certificate_t *tls_certificate)
 Create a TLS certificate. More...
 
int copy_tls_certificate (const char *name, const char *comment, const char *tls_certificate_id, tls_certificate_t *new_tls_certificate)
 Create a TLS certificate from an existing TLS certificate. More...
 
int delete_tls_certificate (const char *tls_certificate_id, int ultimate)
 Delete a tls_certificate. More...
 
void delete_tls_certificates_user (user_t user)
 Delete all TLS certificate owned by a user. More...
 
void inherit_tls_certificates (user_t user, user_t inheritor)
 Change ownership of tls_certificate, for user deletion. More...
 
int modify_tls_certificate (const gchar *tls_certificate_id, const gchar *comment, const gchar *name, int trust)
 Modify a TLS certificate. More...
 
char * tls_certificate_uuid (tls_certificate_t tls_certificate)
 Return the UUID of a TLS certificate. More...
 
int init_tls_certificate_source_iterator (iterator_t *iterator, tls_certificate_t tls_certificate)
 Initialise an iterator of TLS certificate sources. More...
 
resource_t get_or_make_tls_certificate_location (const char *host_ip, const char *port)
 Gets or creates a tls_certificate_location. More...
 
resource_t get_or_make_tls_certificate_origin (const char *origin_type, const char *origin_id, const char *origin_data)
 Gets or creates a tls_certificate_origin. More...
 
resource_t get_or_make_tls_certificate_source (tls_certificate_t tls_certificate, const char *host_ip, const char *port, const char *origin_type, const char *origin_id, const char *origin_data)
 Gets or creates a tls_certificate_source. More...
 
int user_has_tls_certificate (tls_certificate_t tls_certificate, user_t user)
 Checks if user owns a certificate or one with the same fingerprints. More...
 
int add_tls_certificates_from_report_host (report_host_t report_host, const char *report_id, const char *host_ip)
 Collects and add TLS certificates from the details of a report host. More...
 
char * tls_certificate_host_asset_id (const char *host_ip, const char *origin_id)
 Get the host asset UUID of a TLS certificate location. More...
 

Detailed Description

GVM management layer: TLS Certificates SQL.

The TLS Certificates SQL for the GVM management layer.

Macro Definition Documentation

◆ TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS

#define TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS
Value:
{ GET_ITERATOR_FILTER_COLUMNS, "subject_dn", "issuer_dn", "md5_fingerprint", \
"activates", "expires", "valid", "certificate_format", "last_seen", \
"sha256_fingerprint", "serial", "time_status", NULL }

Filter columns for tls_certificate iterator.

Function Documentation

◆ add_tls_certificates_from_report_host()

int add_tls_certificates_from_report_host ( report_host_t  report_host,
const char *  report_id,
const char *  host_ip 
)

Collects and add TLS certificates from the details of a report host.

Parameters
[in]report_hostThe report host to get certificates from.
[in]report_idUUID of the report
[in]host_ipThe IP address of the report host.
Returns
0: success, -1: error

◆ copy_tls_certificate()

int copy_tls_certificate ( const char *  name,
const char *  comment,
const char *  tls_certificate_id,
tls_certificate_t *  new_tls_certificate 
)

Create a TLS certificate from an existing TLS certificate.

Parameters
[in]nameName. NULL to copy from existing TLS certificate.
[in]commentComment. NULL to copy from existing TLS certificate.
[in]tls_certificate_idUUID of existing TLS certificate.
[out]new_tls_certificateNew TLS certificate.
Returns
0 success, 1 TLS certificate exists already, 2 failed to find existing TLS certificate, 99 permission denied, -1 error.

◆ create_tls_certificate()

int create_tls_certificate ( const char *  name,
const char *  comment,
const char *  certificate_b64,
int  trust,
tls_certificate_t *  tls_certificate 
)

Create a TLS certificate.

Parameters
[in]nameName of new TLS certificate.
[in]commentComment of TLS certificate.
[in]certificate_b64Base64 certificate file content.
[in]trustWhether to trust the certificate.
[out]tls_certificateCreated TLS certificate.
Returns
0 success, 1 invalid certificate content, 2 certificate not Base64, 3 certificate already exists, 99 permission denied, -1 error.

◆ delete_tls_certificate()

int delete_tls_certificate ( const char *  tls_certificate_id,
int  ultimate 
)

Delete a tls_certificate.

TLS certificates do not use the trashcan, so the "ultimate" param is ignored and the resource is always removed completely.

Parameters
[in]tls_certificate_idUUID of tls_certificate.
[in]ultimateDummy for consistency with other delete commands.
Returns
0 success, 1 fail because tls_certificate is in use, 2 failed to find tls_certificate, 99 permission denied, -1 error.

◆ delete_tls_certificates_user()

void delete_tls_certificates_user ( user_t  user)

Delete all TLS certificate owned by a user.

Also delete trash TLS certificates.

Parameters
[in]userThe user.

◆ get_or_make_tls_certificate_location()

resource_t get_or_make_tls_certificate_location ( const char *  host_ip,
const char *  port 
)

Gets or creates a tls_certificate_location.

If a location with matching host_ip and port exists its id is returned, otherwise a new one is created and its id is returned.

Parameters
[in]host_ipIP address of the location
[in]portPort number of the location
Returns
Row id of the tls_certificate_location

◆ get_or_make_tls_certificate_origin()

resource_t get_or_make_tls_certificate_origin ( const char *  origin_type,
const char *  origin_id,
const char *  origin_data 
)

Gets or creates a tls_certificate_origin.

If an origin with matching type, id and data exists its id is returned, otherwise a new one is created and its id is returned.

Parameters
[in]origin_typeOrigin type, e.g. "GMP" or "Report"
[in]origin_idOrigin resource id, e.g. a report UUID.
[in]origin_dataOrigin extra data, e.g. OID of generating NVT.
Returns
Row id of the tls_certificate_origin

◆ get_or_make_tls_certificate_source()

resource_t get_or_make_tls_certificate_source ( tls_certificate_t  tls_certificate,
const char *  host_ip,
const char *  port,
const char *  origin_type,
const char *  origin_id,
const char *  origin_data 
)

Gets or creates a tls_certificate_source.

If a source with matching location and origin data exists its id is returned, otherwise a new one is created and its id is returned.

If all the location data is NULL a NULL location is fetched / created.

Parameters
[in]tls_certificateThe TLS certificate of the source
[in]host_ipIP address of the location
[in]portPort number of the location
[in]origin_typeOrigin type, e.g. "GMP" or "Report"
[in]origin_idOrigin resource id, e.g. a report UUID.
[in]origin_dataOrigin extra data, e.g. OID of generating NVT.
Returns
Row id of the tls_certificate_origin

◆ inherit_tls_certificates()

void inherit_tls_certificates ( user_t  user,
user_t  inheritor 
)

Change ownership of tls_certificate, for user deletion.

Also assign tls_certificate that are assigned to the user to the inheritor.

Parameters
[in]userCurrent owner.
[in]inheritorNew owner.

◆ init_tls_certificate_iterator()

int init_tls_certificate_iterator ( iterator_t iterator,
const get_data_t get 
)

Initialise a tls_certificate iterator.

Parameters
[in]iteratorIterator.
[in]getGET data.
Returns
0 success, 1 failed to find tls_certificate, 2 failed to find filter, -1 error.

◆ init_tls_certificate_source_iterator()

int init_tls_certificate_source_iterator ( iterator_t iterator,
tls_certificate_t  tls_certificate 
)

Initialise an iterator of TLS certificate sources.

Parameters
[in]iteratorIterator to initialise.
[in]tls_certificateTLS certificate to get sources for.
Returns
0 success, -1 error.

◆ make_tls_certificate()

static int make_tls_certificate ( const char *  name,
const char *  comment,
const char *  certificate_b64,
time_t  activation_time,
time_t  expiration_time,
const char *  md5_fingerprint,
const char *  sha256_fingerprint,
const char *  subject_dn,
const char *  issuer_dn,
const char *  serial,
gnutls_x509_crt_fmt_t  certificate_format,
int  trust,
int  update,
tls_certificate_t *  tls_certificate 
)
static

Create or update a TLS certificate from collected data.

Parameters
[in]nameOptional name for the certificate.
[in]commentOptional comment for the certificate.
[in]certificate_b64Base64 encoded certificate.
[in]activation_timeActivation time of the certificate.
[in]expiration_timeExpiration time of the certificate
[in]md5_fingerprintMD5 fingerprint of the certificate.
[in]sha256_fingerprintSHA-256 fingerprint of the certificate.
[in]subject_dnSubject DN of the certificate.
[in]issuer_dnIssuer DN of the certificate.
[in]serialSerial of the certificate.
[in]certificate_formatCertificate format (0 = DER, 1 = PEM).
[in]trustWhether to trust the certificate.
[in]updateWhether/how to update if certificate exists. 0: reject, 1: update missing.
[out]tls_certificateCreated TLS certificate.
Returns
0 success, -1 error, 3 certificate already exists.

◆ make_tls_certificate_from_base64()

int make_tls_certificate_from_base64 ( const char *  name,
const char *  comment,
const char *  certificate_b64,
const char *  fallback_fpr,
int  trust,
int  allow_failed_info,
int  update,
tls_certificate_t *  tls_certificate 
)

Create or update a TLS certificate from Base64 encoded file content.

Parameters
[in]nameName of new TLS certificate.
[in]commentComment of TLS certificate.
[in]certificate_b64Base64 certificate file content.
[in]fallback_fprFallback fingerprint if getting data fails.
[in]trustWhether to trust the certificate.
[in]allow_failed_infoWhether to use if get_certificate_info fails.
[in]updateWhether/how to update if certificate exists. 0: reject, 1: update missing.
[out]tls_certificateCreated TLS certificate.
Returns
0 success, 1 invalid certificate content, 2 certificate not Base64, 3 certificate already exists, 99 permission denied, -1 error.

◆ modify_tls_certificate()

int modify_tls_certificate ( const gchar *  tls_certificate_id,
const gchar *  comment,
const gchar *  name,
int  trust 
)

Modify a TLS certificate.

Parameters
[in]tls_certificate_idUUID of TLS certificate.
[in]commentNew comment on TLS certificate.
[in]nameNew name of TLS certificate.
[in]trustNew trust value or -1 to keep old value.
Returns
0 success, 1 TLS certificate exists already, 2 failed to find TLS certificate, 3 invalid certificate content, 4 certificate is not valid Base64, 99 permission denied, -1 error.

◆ tls_certificate_count()

int tls_certificate_count ( const get_data_t get)

Count number of tls_certificates.

Parameters
[in]getGET params.
Returns
Total number of tls_certificates in filtered set.

◆ tls_certificate_extra_where()

gchar* tls_certificate_extra_where ( const char *  filter)

Get extra_where string for a TLS certificate iterator or count.

Parameters
[in]filterFilter string.
Returns
Newly allocated extra_where string.

◆ tls_certificate_filter_columns()

const char** tls_certificate_filter_columns ( )

Gets the filter columns for TLS certificates.

Returns
Constant array of filter columns.

◆ tls_certificate_host_asset_id()

char* tls_certificate_host_asset_id ( const char *  host_ip,
const char *  origin_id 
)

Get the host asset UUID of a TLS certificate location.

Parameters
[in]host_ipIP address of the host.
[in]origin_idUUID of the origin report.
Returns
The newly allocated host asset UUID.

◆ tls_certificate_in_use()

int tls_certificate_in_use ( tls_certificate_t  tls_certificate)

Return whether a tls_certificate is in use.

Parameters
[in]tls_certificateTLS Certificate.
Returns
1 if in use, else 0.

◆ tls_certificate_iterator_trust()

int tls_certificate_iterator_trust ( iterator_t iterator)

Get a column value from a tls_certificate iterator.

Parameters
[in]iteratorIterator.
Returns
Value of the column or NULL if iteration is complete.

◆ tls_certificate_iterator_valid()

int tls_certificate_iterator_valid ( iterator_t iterator)

Get a column value from a tls_certificate iterator.

Parameters
[in]iteratorIterator.
Returns
Value of the column or NULL if iteration is complete.

◆ tls_certificate_select_columns()

column_t* tls_certificate_select_columns ( )

Gets the select columns for TLS certificates.

Returns
Constant array of select columns.

◆ tls_certificate_uuid()

char* tls_certificate_uuid ( tls_certificate_t  tls_certificate)

Return the UUID of a TLS certificate.

Parameters
[in]tls_certificateTLS certificate.
Returns
Newly allocated UUID if available, else NULL.

◆ tls_certificate_writable()

int tls_certificate_writable ( tls_certificate_t  tls_certificate)

Return whether a tls_certificate is writable.

Parameters
[in]tls_certificateTLS Certificate.
Returns
1 if writable, else 0.

◆ user_has_tls_certificate()

int user_has_tls_certificate ( tls_certificate_t  tls_certificate,
user_t  user 
)

Checks if user owns a certificate or one with the same fingerprints.

Parameters
[in]tls_certificateThe certificate to check
[in]userThe user to check
Returns
1 matching certificate found, 0 no matching certificate

◆ user_tls_certificate_match_internal()

static tls_certificate_t user_tls_certificate_match_internal ( tls_certificate_t  tls_certificate,
user_t  user,
const char *  sha256_fingerprint,
const char *  md5_fingerprint 
)
static

Tries to find a matching certificate for a given user.

Parameters
[in]tls_certificateThe certificate to check
[in]userThe user to check
[in]sha256_fingerprintThe SHA256 fingerprint to match
[in]md5_fingerprintThe MD5 fingerprint to match
Returns
The matching certificate or 0 if none is found.