Merge pull request #957 from timopollmeier/alert-method-start-task-fi…

…x-master

Fix "Start Task" alerts by using alert owner

CHANGELOG.md

@@ -61,6 +61,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Apply usage_type of tasks in get_aggregates (9.0) [#912](https://github.com/greenbone/gvmd/pull/912)
 - Add target's alive test method before starting a scan. [#947](https://github.com/greenbone/gvmd/pull/947)
 - Fix QoD handling in nvti cache and test_alert [#954](https://github.com/greenbone/gvmd/pull/954)
+- Fix "Start Task" alerts by using alert owner [#957](https://github.com/greenbone/gvmd/pull/957)
 
 ### Removed
 - Remove support for "All SecInfo": removal of "allinfo" for type in get_info [#790](https://github.com/greenbone/gvmd/pull/790)

src/manage_sql.c

@@ -13755,7 +13755,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
       case ALERT_METHOD_START_TASK:
         {
           gvm_connection_t connection;
-          char *task_id, *report_id;
+          char *task_id, *report_id, *owner_id, *owner_name;
           gmp_authenticate_info_opts_t auth_opts;
 
           if (event == EVENT_NEW_SECINFO || event == EVENT_UPDATED_SECINFO)
@@ -13776,8 +13776,31 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
             }
 
           task_id = alert_data (alert, "method", "start_task_task");
+          if (task_id == NULL || strcmp (task_id, "") == 0)
+            {
+              g_warning ("%s: start_task_task missing or empty", __func__);
+              return -1;
+            }
 
-          switch (manage_fork_connection (&connection, current_credentials.uuid))
+          owner_id = sql_string ("SELECT uuid FROM users"
+                                 " WHERE id = (SELECT owner FROM alerts"
+                                 "              WHERE id = %llu)",
+                                 alert);
+          owner_name = sql_string ("SELECT name FROM users"
+                                   " WHERE id = (SELECT owner FROM alerts"
+                                   "              WHERE id = %llu)",
+                                   alert);
+
+          if (owner_id == NULL)
+            {
+              g_warning ("%s: could not find alert owner",
+                         __func__);
+              free (owner_id);
+              free (owner_name);
+              return -1;
+            }
+
+          switch (manage_fork_connection (&connection, owner_id))
             {
               case 0:
                 /* Child.  Break, stop task, exit. */
@@ -13793,30 +13816,38 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event,
               default:
                 /* Parent.  Continue with whatever lead to this escalation. */
                 g_free (task_id);
+                free (owner_id);
+                free (owner_name);
                 return 0;
                 break;
             }
 
           /* Start the task. */
 
           auth_opts = gmp_authenticate_info_opts_defaults;
-          auth_opts.username = current_credentials.username;
+          auth_opts.username = owner_name;
           auth_opts.password = "dummy";
           if (gmp_authenticate_info_ext_c (&connection, auth_opts))
             {
+              g_free (task_id);
+              free (owner_id);
+              free (owner_name);
               gvm_connection_free (&connection);
               exit (EXIT_FAILURE);
             }
-
           if (gmp_start_task_report_c (&connection, task_id, &report_id))
             {
               g_free (task_id);
+              free (owner_id);
+              free (owner_name);
               gvm_connection_free (&connection);
               exit (EXIT_FAILURE);
             }
 
           g_free (task_id);
           g_free (report_id);
+          free (owner_id);
+          free (owner_name);
           gvm_connection_free (&connection);
           exit (EXIT_SUCCESS);
         }