Remove ifaces element from users

CHANGELOG.md

@@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Removed OVAL definitions from gvmd [#1525](https://github.com/greenbone/gvmd/pull/1525)
 - Removed OVAL definitions from GMP and gvmd documentation [1551](https://github.com/greenbone/gvmd/pull/1551)
 - Removed the Business Process Map from gvmd [1627](https://github.com/greenbone/gvmd/pull/1627)
+- Removed ifaces element from users [#1676](https://github.com/greenbone/gvmd/pull/1676)
 
 [Unreleased]: https://github.com/greenbone/gvmd/compare/gvmd-21.04...master
 

CMakeLists.txt

@@ -96,7 +96,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 246)
+set (GVMD_DATABASE_VERSION 247)
 
 set (GVMD_SCAP_DATABASE_VERSION 19)
 

src/gmp.c

@@ -1084,8 +1084,6 @@ typedef struct
   array_t *groups;        ///< IDs of groups.
   char *hosts;            ///< Hosts.
   int hosts_allow;        ///< Whether hosts are allowed.
-  char *ifaces;           ///< Interfaces.
-  int ifaces_allow;       ///< Whether interfaces are allowed.
   char *name;             ///< User name.
   char *password;         ///< Password.
   char *comment;          ///< Comment.
@@ -1108,7 +1106,6 @@ create_user_data_reset (create_user_data_t * data)
   g_free (data->password);
   g_free (data->comment);
   g_free (data->hosts);
-  g_free (data->ifaces);
   array_free (data->roles);
   if (data->sources)
     {
@@ -3021,8 +3018,6 @@ typedef struct
   array_t *groups;           ///< IDs of groups.
   gchar *hosts;              ///< Hosts.
   int hosts_allow;           ///< Whether hosts are allowed.
-  char *ifaces;              ///< Interfaces.
-  int ifaces_allow;          ///< Whether interfaces are allowed.
   gboolean modify_password;  ///< Whether to modify password.
   gchar *name;               ///< User name.
   gchar *new_name;           ///< New user name.
@@ -3049,7 +3044,6 @@ modify_user_data_reset (modify_user_data_t * data)
   g_free (data->password);
   g_free (data->comment);
   g_free (data->hosts);
-  g_free (data->ifaces);
   array_free (data->roles);
   if (data->sources)
     {
@@ -4294,7 +4288,6 @@ typedef enum
   CLIENT_CREATE_USER_GROUPS,
   CLIENT_CREATE_USER_GROUPS_GROUP,
   CLIENT_CREATE_USER_HOSTS,
-  CLIENT_CREATE_USER_IFACES,
   CLIENT_CREATE_USER_NAME,
   CLIENT_CREATE_USER_PASSWORD,
   CLIENT_CREATE_USER_ROLE,
@@ -4520,7 +4513,6 @@ typedef enum
   CLIENT_MODIFY_USER_GROUPS,
   CLIENT_MODIFY_USER_GROUPS_GROUP,
   CLIENT_MODIFY_USER_HOSTS,
-  CLIENT_MODIFY_USER_IFACES,
   CLIENT_MODIFY_USER_NAME,
   CLIENT_MODIFY_USER_NEW_NAME,
   CLIENT_MODIFY_USER_PASSWORD,
@@ -4826,7 +4818,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             create_user_data->groups = make_array ();
             create_user_data->roles = make_array ();
             create_user_data->hosts_allow = 0;
-            create_user_data->ifaces_allow = 0;
           }
         else if (strcasecmp ("DELETE_ASSET", element_name) == 0)
           {
@@ -6699,17 +6690,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             gvm_append_string (&modify_user_data->hosts, "");
             set_client_state (CLIENT_MODIFY_USER_HOSTS);
           }
-        else if (strcasecmp ("IFACES", element_name) == 0)
-          {
-            const gchar *attribute;
-            if (find_attribute
-                (attribute_names, attribute_values, "allow", &attribute))
-              modify_user_data->ifaces_allow = strcmp (attribute, "0");
-            else
-              modify_user_data->ifaces_allow = 1;
-            gvm_append_string (&modify_user_data->ifaces, "");
-            set_client_state (CLIENT_MODIFY_USER_IFACES);
-          }
         else if (strcasecmp ("NAME", element_name) == 0)
           set_client_state (CLIENT_MODIFY_USER_NAME);
         else if (strcasecmp ("NEW_NAME", element_name) == 0)
@@ -7689,16 +7669,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
               create_user_data->hosts_allow = 1;
             set_client_state (CLIENT_CREATE_USER_HOSTS);
           }
-        else if (strcasecmp ("IFACES", element_name) == 0)
-          {
-            const gchar *attribute;
-            if (find_attribute
-                (attribute_names, attribute_values, "allow", &attribute))
-              create_user_data->ifaces_allow = strcmp (attribute, "0");
-            else
-              create_user_data->ifaces_allow = 1;
-            set_client_state (CLIENT_CREATE_USER_IFACES);
-          }
         else if (strcasecmp ("NAME", element_name) == 0)
           set_client_state (CLIENT_CREATE_USER_NAME);
         else if (strcasecmp ("PASSWORD", element_name) == 0)
@@ -17527,8 +17497,8 @@ handle_get_users (gmp_parser_t *gmp_parser, GError **error)
   while (1)
     {
       iterator_t groups, roles;
-      const char *hosts, *ifaces;
-      int hosts_allow, ifaces_allow;
+      const char *hosts;
+      int hosts_allow;
 
       ret = get_next (&users, &get_users_data->get, &first, &count,
                       init_user_iterator);
@@ -17553,13 +17523,6 @@ handle_get_users (gmp_parser_t *gmp_parser, GError **error)
                                 ? user_iterator_method (&users)
                                 : "file");
 
-      /* Interfaces Access */
-      ifaces = user_iterator_ifaces (&users);
-      ifaces_allow = user_iterator_ifaces_allow (&users);
-      SENDF_TO_CLIENT_OR_FAIL ("<ifaces allow=\"%i\">%s</ifaces>",
-                               ifaces_allow,
-                               ifaces ? ifaces : "");
-
       /* User Roles */
       init_user_role_iterator (&roles,
                                 get_iterator_resource (&users));
@@ -22197,8 +22160,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                         ? create_user_data->comment : "",
                       create_user_data->hosts,
                       create_user_data->hosts_allow,
-                      create_user_data->ifaces,
-                      create_user_data->ifaces_allow,
                       create_user_data->sources,
                       create_user_data->groups,
                       &fail_group_id,
@@ -22282,7 +22243,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_CREATE_USER, GROUPS);
       CLOSE (CLIENT_CREATE_USER_GROUPS, GROUP);
       CLOSE (CLIENT_CREATE_USER, HOSTS);
-      CLOSE (CLIENT_CREATE_USER, IFACES);
       CLOSE (CLIENT_CREATE_USER, NAME);
       CLOSE (CLIENT_CREATE_USER, PASSWORD);
       CLOSE (CLIENT_CREATE_USER, ROLE);
@@ -24760,8 +24720,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                        modify_user_data->comment,
                        modify_user_data->hosts,
                        modify_user_data->hosts_allow,
-                       modify_user_data->ifaces,
-                       modify_user_data->ifaces_allow,
                        modify_user_data->sources,
                        modify_user_data->groups, &fail_group_id,
                        modify_user_data->roles, &fail_role_id,
@@ -24860,7 +24818,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_MODIFY_USER, GROUPS);
       CLOSE (CLIENT_MODIFY_USER_GROUPS, GROUP);
       CLOSE (CLIENT_MODIFY_USER, HOSTS);
-      CLOSE (CLIENT_MODIFY_USER, IFACES);
       CLOSE (CLIENT_MODIFY_USER, NAME);
       CLOSE (CLIENT_MODIFY_USER, NEW_NAME);
       CLOSE (CLIENT_MODIFY_USER, PASSWORD);
@@ -25799,9 +25756,6 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_MODIFY_USER_HOSTS,
               &modify_user_data->hosts);
 
-      APPEND (CLIENT_MODIFY_USER_IFACES,
-              &modify_user_data->ifaces);
-
       APPEND (CLIENT_MODIFY_USER_NAME,
               &modify_user_data->name);
 
@@ -26336,9 +26290,6 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_CREATE_USER_HOSTS,
               &create_user_data->hosts);
 
-      APPEND (CLIENT_CREATE_USER_IFACES,
-              &create_user_data->ifaces);
-
       APPEND (CLIENT_CREATE_USER_NAME,
               &create_user_data->name);
 

src/manage.c

@@ -2413,15 +2413,15 @@ prepare_osp_scan_for_resume (task_t task, const char *scan_id, char **error)
 }
 
 /**
- * @brief Add OSP preferences for limiting ifaces and hosts for users.
+ * @brief Add OSP preferences for limiting hosts for users.
  *
  * @param[in]  scanner_options  The scanner preferences table to add to.
  */
 static void
 add_user_scan_preferences (GHashTable *scanner_options)
 {
-  gchar *hosts, *ifaces, *name;
-  int hosts_allow, ifaces_allow;
+  gchar *hosts, *name;
+  int hosts_allow;
 
   // Limit access to hosts
   hosts = user_hosts (current_credentials.uuid);
@@ -2441,25 +2441,6 @@ add_user_scan_preferences (GHashTable *scanner_options)
                           hosts ? hosts : g_strdup (""));
   else
     g_free (hosts);
-
-  // Limit access to ifaces
-  ifaces = user_ifaces (current_credentials.uuid);
-  ifaces_allow = user_ifaces_allow (current_credentials.uuid);
-
-  if (ifaces_allow == 1)
-    name = g_strdup ("ifaces_allow");
-  else if (ifaces_allow == 0)
-    name = g_strdup ("ifaces_deny");
-  else
-    name = NULL;
-
-  if (name
-      && (ifaces_allow || (ifaces && strlen (ifaces))))
-    g_hash_table_replace (scanner_options,
-                          name,
-                          ifaces ? ifaces : g_strdup (""));
-  else
-    g_free (ifaces);
 }
 
 /**

src/manage.h

@@ -3361,12 +3361,6 @@ user_iterator_hosts (iterator_t*);
 int
 user_iterator_hosts_allow (iterator_t*);
 
-const char*
-user_iterator_ifaces (iterator_t*);
-
-int
-user_iterator_ifaces_allow (iterator_t*);
-
 void
 init_user_group_iterator (iterator_t *, user_t);
 
@@ -3393,15 +3387,15 @@ user_role_iterator_readable (iterator_t*);
 
 int
 create_user (const gchar *, const gchar *, const gchar *, const gchar *,
-             int, const gchar *, int, const array_t *, array_t *, gchar **,
+             int, const array_t *, array_t *, gchar **,
              array_t *, gchar **, gchar **, user_t *, int);
 
 int
 delete_user (const char *, const char *, int, int, const char*, const char*);
 
 int
 modify_user (const gchar *, gchar **, const gchar *, const gchar *,
-             const gchar*, const gchar *, int, const gchar *, int,
+             const gchar*, const gchar *, int,
              const array_t *, array_t *, gchar **, array_t *, gchar **,
              gchar **);
 
@@ -3426,12 +3420,6 @@ user_name (const char *);
 char*
 user_uuid (user_t);
 
-gchar*
-user_ifaces (const char *);
-
-int
-user_ifaces_allow (const char *);
-
 gchar*
 user_hosts (const char *);
 

src/manage_migrators.c

@@ -2783,6 +2783,39 @@ migrate_245_to_246 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 246 to version 247.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_246_to_247 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 246. */
+
+  if (manage_db_version () != 246)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Per-user limitations on network interfaces have been removed */
+  sql ("ALTER TABLE users DROP COLUMN ifaces;");
+  sql ("ALTER TABLE users DROP COLUMN ifaces_allow;");
+
+  /* Set the database version to 247. */
+
+  set_db_version (247);
+
+  sql_commit ();
+
+  return 0;
+}
+
 
 #undef UPDATE_DASHBOARD_SETTINGS
 
@@ -2836,6 +2869,7 @@ static migrator_t database_migrators[] = {
   {244, migrate_243_to_244},
   {245, migrate_244_to_245},
   {246, migrate_245_to_246},
+  {247, migrate_246_to_247},
   /* End marker. */
   {-1, NULL}};
 

src/manage_pg.c

@@ -1753,8 +1753,6 @@ create_tables ()
        "  timezone text,"
        "  hosts text,"
        "  hosts_allow integer,"
-       "  ifaces text,"
-       "  ifaces_allow integer,"
        "  method text,"
        "  creation_time integer,"
        "  modification_time integer);");