Greenbone Vulnerability Manager
22.4.0~dev1
|
GVM management layer: TLS Certificates SQL. More...
#include "manage_tls_certificates.h"
#include "manage_acl.h"
#include "manage_sql_tls_certificates.h"
#include "manage_sql.h"
#include "utils.h"
#include "sql.h"
#include <stdlib.h>
#include <string.h>
Macros | |
#define | G_LOG_DOMAIN "md manage" |
GLib log domain. | |
#define | TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS |
Filter columns for tls_certificate iterator. More... | |
#define | TLS_CERTIFICATE_ITERATOR_COLUMNS |
TLS Certificate iterator columns. | |
Functions | |
static tls_certificate_t | user_tls_certificate_match_internal (tls_certificate_t tls_certificate, user_t user, const char *sha256_fingerprint, const char *md5_fingerprint) |
Tries to find a matching certificate for a given user. More... | |
const char ** | tls_certificate_filter_columns () |
Gets the filter columns for TLS certificates. More... | |
column_t * | tls_certificate_select_columns () |
Gets the select columns for TLS certificates. More... | |
gchar * | tls_certificate_extra_where (const char *filter) |
Get extra_where string for a TLS certificate iterator or count. More... | |
int | tls_certificate_count (const get_data_t *get) |
Count number of tls_certificates. More... | |
int | init_tls_certificate_iterator (iterator_t *iterator, const get_data_t *get) |
Initialise a tls_certificate iterator. More... | |
int | tls_certificate_iterator_trust (iterator_t *iterator) |
Get a column value from a tls_certificate iterator. More... | |
int | tls_certificate_iterator_valid (iterator_t *iterator) |
Get a column value from a tls_certificate iterator. More... | |
int | tls_certificate_in_use (tls_certificate_t tls_certificate) |
Return whether a tls_certificate is in use. More... | |
int | tls_certificate_writable (tls_certificate_t tls_certificate) |
Return whether a tls_certificate is writable. More... | |
static int | make_tls_certificate (const char *name, const char *comment, const char *certificate_b64, time_t activation_time, time_t expiration_time, const char *md5_fingerprint, const char *sha256_fingerprint, const char *subject_dn, const char *issuer_dn, const char *serial, gnutls_x509_crt_fmt_t certificate_format, int trust, int update, tls_certificate_t *tls_certificate) |
Create or update a TLS certificate from collected data. More... | |
int | make_tls_certificate_from_base64 (const char *name, const char *comment, const char *certificate_b64, const char *fallback_fpr, int trust, int allow_failed_info, int update, tls_certificate_t *tls_certificate) |
Create or update a TLS certificate from Base64 encoded file content. More... | |
int | create_tls_certificate (const char *name, const char *comment, const char *certificate_b64, int trust, tls_certificate_t *tls_certificate) |
Create a TLS certificate. More... | |
int | copy_tls_certificate (const char *name, const char *comment, const char *tls_certificate_id, tls_certificate_t *new_tls_certificate) |
Create a TLS certificate from an existing TLS certificate. More... | |
int | delete_tls_certificate (const char *tls_certificate_id, int ultimate) |
Delete a tls_certificate. More... | |
void | delete_tls_certificates_user (user_t user) |
Delete all TLS certificate owned by a user. More... | |
void | inherit_tls_certificates (user_t user, user_t inheritor) |
Change ownership of tls_certificate, for user deletion. More... | |
int | modify_tls_certificate (const gchar *tls_certificate_id, const gchar *comment, const gchar *name, int trust) |
Modify a TLS certificate. More... | |
char * | tls_certificate_uuid (tls_certificate_t tls_certificate) |
Return the UUID of a TLS certificate. More... | |
int | init_tls_certificate_source_iterator (iterator_t *iterator, tls_certificate_t tls_certificate) |
Initialise an iterator of TLS certificate sources. More... | |
resource_t | get_or_make_tls_certificate_location (const char *host_ip, const char *port) |
Gets or creates a tls_certificate_location. More... | |
resource_t | get_or_make_tls_certificate_origin (const char *origin_type, const char *origin_id, const char *origin_data) |
Gets or creates a tls_certificate_origin. More... | |
resource_t | get_or_make_tls_certificate_source (tls_certificate_t tls_certificate, const char *host_ip, const char *port, const char *origin_type, const char *origin_id, const char *origin_data) |
Gets or creates a tls_certificate_source. More... | |
int | user_has_tls_certificate (tls_certificate_t tls_certificate, user_t user) |
Checks if user owns a certificate or one with the same fingerprints. More... | |
int | add_tls_certificates_from_report_host (report_host_t report_host, const char *report_id, const char *host_ip) |
Collects and add TLS certificates from the details of a report host. More... | |
char * | tls_certificate_host_asset_id (const char *host_ip, const char *origin_id) |
Get the host asset UUID of a TLS certificate location. More... | |
GVM management layer: TLS Certificates SQL.
The TLS Certificates SQL for the GVM management layer.
#define TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS |
Filter columns for tls_certificate iterator.
int add_tls_certificates_from_report_host | ( | report_host_t | report_host, |
const char * | report_id, | ||
const char * | host_ip | ||
) |
Collects and add TLS certificates from the details of a report host.
[in] | report_host | The report host to get certificates from. |
[in] | report_id | UUID of the report |
[in] | host_ip | The IP address of the report host. |
int copy_tls_certificate | ( | const char * | name, |
const char * | comment, | ||
const char * | tls_certificate_id, | ||
tls_certificate_t * | new_tls_certificate | ||
) |
Create a TLS certificate from an existing TLS certificate.
[in] | name | Name. NULL to copy from existing TLS certificate. |
[in] | comment | Comment. NULL to copy from existing TLS certificate. |
[in] | tls_certificate_id | UUID of existing TLS certificate. |
[out] | new_tls_certificate | New TLS certificate. |
int create_tls_certificate | ( | const char * | name, |
const char * | comment, | ||
const char * | certificate_b64, | ||
int | trust, | ||
tls_certificate_t * | tls_certificate | ||
) |
Create a TLS certificate.
[in] | name | Name of new TLS certificate. |
[in] | comment | Comment of TLS certificate. |
[in] | certificate_b64 | Base64 certificate file content. |
[in] | trust | Whether to trust the certificate. |
[out] | tls_certificate | Created TLS certificate. |
int delete_tls_certificate | ( | const char * | tls_certificate_id, |
int | ultimate | ||
) |
Delete a tls_certificate.
TLS certificates do not use the trashcan, so the "ultimate" param is ignored and the resource is always removed completely.
[in] | tls_certificate_id | UUID of tls_certificate. |
[in] | ultimate | Dummy for consistency with other delete commands. |
void delete_tls_certificates_user | ( | user_t | user | ) |
Delete all TLS certificate owned by a user.
Also delete trash TLS certificates.
[in] | user | The user. |
resource_t get_or_make_tls_certificate_location | ( | const char * | host_ip, |
const char * | port | ||
) |
Gets or creates a tls_certificate_location.
If a location with matching host_ip and port exists its id is returned, otherwise a new one is created and its id is returned.
[in] | host_ip | IP address of the location |
[in] | port | Port number of the location |
resource_t get_or_make_tls_certificate_origin | ( | const char * | origin_type, |
const char * | origin_id, | ||
const char * | origin_data | ||
) |
Gets or creates a tls_certificate_origin.
If an origin with matching type, id and data exists its id is returned, otherwise a new one is created and its id is returned.
[in] | origin_type | Origin type, e.g. "GMP" or "Report" |
[in] | origin_id | Origin resource id, e.g. a report UUID. |
[in] | origin_data | Origin extra data, e.g. OID of generating NVT. |
resource_t get_or_make_tls_certificate_source | ( | tls_certificate_t | tls_certificate, |
const char * | host_ip, | ||
const char * | port, | ||
const char * | origin_type, | ||
const char * | origin_id, | ||
const char * | origin_data | ||
) |
Gets or creates a tls_certificate_source.
If a source with matching location and origin data exists its id is returned, otherwise a new one is created and its id is returned.
If all the location data is NULL a NULL location is fetched / created.
[in] | tls_certificate | The TLS certificate of the source |
[in] | host_ip | IP address of the location |
[in] | port | Port number of the location |
[in] | origin_type | Origin type, e.g. "GMP" or "Report" |
[in] | origin_id | Origin resource id, e.g. a report UUID. |
[in] | origin_data | Origin extra data, e.g. OID of generating NVT. |
void inherit_tls_certificates | ( | user_t | user, |
user_t | inheritor | ||
) |
Change ownership of tls_certificate, for user deletion.
Also assign tls_certificate that are assigned to the user to the inheritor.
[in] | user | Current owner. |
[in] | inheritor | New owner. |
int init_tls_certificate_iterator | ( | iterator_t * | iterator, |
const get_data_t * | get | ||
) |
Initialise a tls_certificate iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
int init_tls_certificate_source_iterator | ( | iterator_t * | iterator, |
tls_certificate_t | tls_certificate | ||
) |
Initialise an iterator of TLS certificate sources.
[in] | iterator | Iterator to initialise. |
[in] | tls_certificate | TLS certificate to get sources for. |
|
static |
Create or update a TLS certificate from collected data.
[in] | name | Optional name for the certificate. |
[in] | comment | Optional comment for the certificate. |
[in] | certificate_b64 | Base64 encoded certificate. |
[in] | activation_time | Activation time of the certificate. |
[in] | expiration_time | Expiration time of the certificate |
[in] | md5_fingerprint | MD5 fingerprint of the certificate. |
[in] | sha256_fingerprint | SHA-256 fingerprint of the certificate. |
[in] | subject_dn | Subject DN of the certificate. |
[in] | issuer_dn | Issuer DN of the certificate. |
[in] | serial | Serial of the certificate. |
[in] | certificate_format | Certificate format (0 = DER, 1 = PEM). |
[in] | trust | Whether to trust the certificate. |
[in] | update | Whether/how to update if certificate exists. 0: reject, 1: update missing. |
[out] | tls_certificate | Created TLS certificate. |
int make_tls_certificate_from_base64 | ( | const char * | name, |
const char * | comment, | ||
const char * | certificate_b64, | ||
const char * | fallback_fpr, | ||
int | trust, | ||
int | allow_failed_info, | ||
int | update, | ||
tls_certificate_t * | tls_certificate | ||
) |
Create or update a TLS certificate from Base64 encoded file content.
[in] | name | Name of new TLS certificate. |
[in] | comment | Comment of TLS certificate. |
[in] | certificate_b64 | Base64 certificate file content. |
[in] | fallback_fpr | Fallback fingerprint if getting data fails. |
[in] | trust | Whether to trust the certificate. |
[in] | allow_failed_info | Whether to use if get_certificate_info fails. |
[in] | update | Whether/how to update if certificate exists. 0: reject, 1: update missing. |
[out] | tls_certificate | Created TLS certificate. |
int modify_tls_certificate | ( | const gchar * | tls_certificate_id, |
const gchar * | comment, | ||
const gchar * | name, | ||
int | trust | ||
) |
Modify a TLS certificate.
[in] | tls_certificate_id | UUID of TLS certificate. |
[in] | comment | New comment on TLS certificate. |
[in] | name | New name of TLS certificate. |
[in] | trust | New trust value or -1 to keep old value. |
int tls_certificate_count | ( | const get_data_t * | get | ) |
Count number of tls_certificates.
[in] | get | GET params. |
gchar* tls_certificate_extra_where | ( | const char * | filter | ) |
Get extra_where string for a TLS certificate iterator or count.
[in] | filter | Filter string. |
const char** tls_certificate_filter_columns | ( | ) |
Gets the filter columns for TLS certificates.
char* tls_certificate_host_asset_id | ( | const char * | host_ip, |
const char * | origin_id | ||
) |
Get the host asset UUID of a TLS certificate location.
[in] | host_ip | IP address of the host. |
[in] | origin_id | UUID of the origin report. |
int tls_certificate_in_use | ( | tls_certificate_t | tls_certificate | ) |
Return whether a tls_certificate is in use.
[in] | tls_certificate | TLS Certificate. |
int tls_certificate_iterator_trust | ( | iterator_t * | iterator | ) |
Get a column value from a tls_certificate iterator.
[in] | iterator | Iterator. |
int tls_certificate_iterator_valid | ( | iterator_t * | iterator | ) |
Get a column value from a tls_certificate iterator.
[in] | iterator | Iterator. |
column_t* tls_certificate_select_columns | ( | ) |
Gets the select columns for TLS certificates.
char* tls_certificate_uuid | ( | tls_certificate_t | tls_certificate | ) |
Return the UUID of a TLS certificate.
[in] | tls_certificate | TLS certificate. |
int tls_certificate_writable | ( | tls_certificate_t | tls_certificate | ) |
Return whether a tls_certificate is writable.
[in] | tls_certificate | TLS Certificate. |
int user_has_tls_certificate | ( | tls_certificate_t | tls_certificate, |
user_t | user | ||
) |
Checks if user owns a certificate or one with the same fingerprints.
[in] | tls_certificate | The certificate to check |
[in] | user | The user to check |
|
static |
Tries to find a matching certificate for a given user.
[in] | tls_certificate | The certificate to check |
[in] | user | The user to check |
[in] | sha256_fingerprint | The SHA256 fingerprint to match |
[in] | md5_fingerprint | The MD5 fingerprint to match |