Change: Avoid frequent re-authentication by refreshing auth_cache

Merge pull request #1900 from jhelmold/GEA-36_permanent_new_authentication
greenbone · Feb 13, 2023 · 3472d16 · 3472d16
2 parents e5d9ed3 + afe47cb
commit 3472d16
Show file tree

Hide file tree

Showing 8 changed files with 290 additions and 12 deletions.
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -127,7 +127,7 @@ add_executable (manage-utils-test
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c
                 gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c
-                gmp_license.c
+                gmp_license.c gmp_logout.c
                 gmp_port_lists.c gmp_report_formats.c gmp_tickets.c
                 gmp_tls_certificates.c)
 
@@ -154,7 +154,7 @@ add_executable (manage-test
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c
                 gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c
-                gmp_license.c
+                gmp_license.c gmp_logout.c
                 gmp_port_lists.c gmp_report_formats.c gmp_tickets.c
                 gmp_tls_certificates.c)
 
@@ -181,7 +181,7 @@ add_executable (manage-sql-test
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c
                 gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c
-                gmp_license.c
+                gmp_license.c gmp_logout.c
                 gmp_port_lists.c gmp_report_formats.c gmp_tickets.c
                 gmp_tls_certificates.c)
 
@@ -208,7 +208,7 @@ add_executable (gmp-tickets-test
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c
                 gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c
-                gmp_license.c
+                gmp_license.c gmp_logout.c
                 gmp_port_lists.c gmp_report_formats.c gmp_tls_certificates.c)
 
 add_test (gmp-tickets-test gmp-tickets-test)
@@ -234,7 +234,7 @@ add_executable (utils-test
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c
                 gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c
-                gmp_license.c
+                gmp_license.c gmp_logout.c
                 gmp_port_lists.c gmp_report_formats.c gmp_tickets.c
                 gmp_tls_certificates.c)
 
@@ -263,7 +263,7 @@ add_executable (gvmd
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c
                 gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c
-                gmp_license.c
+                gmp_license.c gmp_logout.c
                 gmp_port_lists.c gmp_report_formats.c gmp_tickets.c
                 gmp_tls_certificates.c)
 

diff --git a/src/gmp.c b/src/gmp.c
@@ -89,6 +89,7 @@
 #include "gmp_get.h"
 #include "gmp_configs.h"
 #include "gmp_license.h"
+#include "gmp_logout.h"
 #include "gmp_port_lists.h"
 #include "gmp_report_formats.h"
 #include "gmp_tickets.h"
@@ -4322,6 +4323,7 @@ typedef enum
   CLIENT_GET_VERSION_AUTHENTIC,
   CLIENT_GET_VULNS,
   CLIENT_HELP,
+  CLIENT_LOGOUT,
   CLIENT_MODIFY_ALERT,
   CLIENT_MODIFY_ALERT_ACTIVE,
   CLIENT_MODIFY_ALERT_COMMENT,
@@ -5696,6 +5698,13 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
                               &help_data->type);
             set_client_state (CLIENT_HELP);
           }
+        else if (strcasecmp ("LOGOUT", element_name) == 0)
+          {
+            logout_start (gmp_parser,
+                          attribute_names,
+                          attribute_values);
+            set_client_state (CLIENT_LOGOUT);
+          }
         else if (strcasecmp ("MODIFY_ALERT", element_name) == 0)
           {
             modify_alert_data->event_data = make_array ();
@@ -7684,6 +7693,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
           set_read_over (gmp_parser);
         break;
 
+      case CLIENT_LOGOUT:
+          logout_element_start (gmp_parser, element_name,
+                                attribute_names, attribute_values);
+	break;
       case CLIENT_MODIFY_LICENSE:
         modify_license_element_start (gmp_parser, element_name,
                                       attribute_names, attribute_values);
@@ -22191,7 +22204,14 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
           }
         set_client_state (CLIENT_AUTHENTIC);
         break;
-
+      case CLIENT_LOGOUT:
+        {
+          if (logout_element_end (gmp_parser, error, element_name))
+            {
+              set_client_state (CLIENT_TOP);
+            }
+          break;
+        }
       case CLIENT_MODIFY_ALERT:
         {
           event_t event;

diff --git a/src/gmp_logout.c b/src/gmp_logout.c
@@ -0,0 +1,123 @@
+/* Copyright (C) 2021-2022 Greenbone Networks GmbH
+ *
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file gmp_logout.c
+ * @brief GVM GMP layer: Logout handling
+ *
+ * This includes functions for GMP handling of the user logout.
+ */
+
+#include "gmp_logout.h"
+#include "manage.h"
+
+typedef struct
+{
+  context_data_t *context;     ///< XML parser context.
+} logout_t;
+
+static logout_t logout_data;
+
+/*
+ * @brief Reset command data.
+ */
+static void
+logout_reset ()
+{
+  if (logout_data.context->first)
+    {
+      free_entity (logout_data.context->first->data);
+      g_slist_free_1 (logout_data.context->first);
+    }
+  g_free (logout_data.context);
+  memset (&logout_data, 0, sizeof (logout_t));
+}
+
+/**
+ * @brief Start a command.
+ *
+ * @param[in]  gmp_parser        GMP parser.
+ * @param[in]  attribute_names   All attribute names.
+ * @param[in]  attribute_values  All attribute values.
+ */
+void
+logout_start (gmp_parser_t *gmp_parser,
+              const gchar **attribute_names,
+              const gchar **attribute_values)
+{
+  memset (&logout_data, 0, sizeof (logout_t));
+  logout_data.context = g_malloc0 (sizeof (context_data_t));
+  logout_element_start (gmp_parser, "logout",
+                        attribute_names, attribute_values);
+}
+
+/**
+ * @brief Start element.
+ *
+ * @param[in]  gmp_parser        GMP parser.
+ * @param[in]  name              Element name.
+ * @param[in]  attribute_names   All attribute names.
+ * @param[in]  attribute_values  All attribute values.
+ */
+void
+logout_element_start (gmp_parser_t *gmp_parser,
+                           const gchar *name,
+                           const gchar **attribute_names,
+                           const gchar **attribute_values)
+{
+  xml_handle_start_element (logout_data.context, name,
+                            attribute_names, attribute_values);
+}
+
+/**
+ * @brief Execute command.
+ *
+ * @param[in]  gmp_parser   GMP parser.
+ * @param[in]  error        Error parameter.
+ */
+static void
+logout_run (gmp_parser_t *gmp_parser,
+            GError **error)
+{
+  logout_user ();
+  SEND_TO_CLIENT_OR_FAIL ("<logout_response status=\"200\" status_text=\"User logged out\"/>");
+  logout_reset ();
+}
+
+/**
+ * @brief End element.
+ *
+ * @param[in]  gmp_parser   GMP parser.
+ * @param[in]  error        Error parameter.
+ * @param[in]  name         Element name.
+ *
+ * @return 0 success, 1 command finished.
+ */
+int
+logout_element_end (gmp_parser_t *gmp_parser,
+                    GError **error,
+                    const gchar *name)
+{
+  xml_handle_end_element (logout_data.context, name);
+  if (logout_data.context->done)
+    {
+      logout_run (gmp_parser, error);
+      return 1;
+    }
+  return 0;
+}
diff --git a/src/gmp_logout.h b/src/gmp_logout.h
@@ -0,0 +1,34 @@
+/* Copyright (C) 2021-2022 Greenbone Networks GmbH
+ *
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "gmp_base.h"
+
+#include <glib.h>
+#include <gvm/util/xmlutils.h>
+
+void
+logout_start (gmp_parser_t *,
+              const gchar **,
+              const gchar **);
+
+void
+logout_element_start (gmp_parser_t *, const gchar *,
+                      const gchar **, const gchar **);
+
+int
+logout_element_end (gmp_parser_t *, GError **, const gchar *);
diff --git a/src/gvmd.c b/src/gvmd.c
@@ -1822,6 +1822,7 @@ gvmd (int argc, char** argv, char *env[])
 {
   /* Process options. */
 
+  static int auth_timeout = 15;
   static gboolean check_alerts = FALSE;
   static gboolean migrate_database = FALSE;
   static gboolean encrypt_all_credentials = FALSE;
@@ -1895,6 +1896,11 @@ gvmd (int argc, char** argv, char *env[])
   GOptionContext *option_context;
   static GOptionEntry option_entries[]
     = {
+        { "auth-timeout", '\0', 0, G_OPTION_ARG_INT,
+          &auth_timeout,
+          "Sets the authentication timeout time for the cached authentication."
+          " Defaults to 15 minutes.",
+          "<timeout>" },
         { "broker-address", '\0', 0, G_OPTION_ARG_STRING,
           &broker_address,
           "Sets the address for the publish-subscribe message (MQTT) broker."
@@ -2266,6 +2272,9 @@ gvmd (int argc, char** argv, char *env[])
       client_watch_interval = 0;
     }
 
+  /* Set authentication cache timeout */
+  set_auth_timeout (auth_timeout);
+
   /* Set broker address */
   set_broker_address (broker_address
                         ? broker_address

diff --git a/src/manage.c b/src/manage.c
@@ -162,6 +162,12 @@
  */
 #define MAX_HOSTS_DEFAULT "20"
 
+/**
+ * @brief Number of minutes until the authentication cache is deleted
+ *        if the session is idle.
+ */
+static int auth_timeout = 0;
+
 /**
  * @brief Address of the broker used for publish-subscribe messaging (MQTT).
  */
@@ -5997,6 +6003,31 @@ manage_gvmd_data_feed_dirs_exist ()
          && report_formats_feed_dir_exists ();
 }
 
+/**
+ * @brief Get the authentication cache timeout.
+ *
+ * @return The current timeout in minutes.
+ */
+int
+get_auth_timeout ()
+{
+  return auth_timeout;
+}
+
+/**
+ * @brief Set the authentication cache timeout.
+ *
+ * @param new_timeout The new timeout in minutes.
+ */
+void
+set_auth_timeout (int new_timeout)
+{
+  if (new_timeout < 1)
+    auth_timeout = 1;
+  else
+    auth_timeout = new_timeout;
+}
+
 /**
  * @brief Get the publish-subscribe messaging (MQTT) broker address.
  *

diff --git a/src/manage.h b/src/manage.h
@@ -199,6 +199,8 @@ extern credentials_t current_credentials;
 int
 authenticate (credentials_t*);
 
+void
+logout_user ();
 
 /* Database. */
 
@@ -3614,6 +3616,12 @@ manage_gvmd_data_feed_dir_exists (const char *);
 gboolean
 manage_gvmd_data_feed_dirs_exist ();
 
+int
+get_auth_timeout ();
+
+void
+set_auth_timeout (int);
+
 const gchar *
 get_broker_address ();