diff --git a/CHANGELOG.md b/CHANGELOG.md index e27744c54..31c5ceeed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -61,6 +61,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Apply usage_type of tasks in get_aggregates (9.0) [#912](https://github.com/greenbone/gvmd/pull/912) - Add target's alive test method before starting a scan. [#947](https://github.com/greenbone/gvmd/pull/947) - Fix QoD handling in nvti cache and test_alert [#954](https://github.com/greenbone/gvmd/pull/954) +- Fix "Start Task" alerts by using alert owner [#957](https://github.com/greenbone/gvmd/pull/957) ### Removed - Remove support for "All SecInfo": removal of "allinfo" for type in get_info [#790](https://github.com/greenbone/gvmd/pull/790) diff --git a/src/manage_sql.c b/src/manage_sql.c index a2051094f..87bee454a 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -13755,7 +13755,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, case ALERT_METHOD_START_TASK: { gvm_connection_t connection; - char *task_id, *report_id; + char *task_id, *report_id, *owner_id, *owner_name; gmp_authenticate_info_opts_t auth_opts; if (event == EVENT_NEW_SECINFO || event == EVENT_UPDATED_SECINFO) @@ -13776,8 +13776,31 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, } task_id = alert_data (alert, "method", "start_task_task"); + if (task_id == NULL || strcmp (task_id, "") == 0) + { + g_warning ("%s: start_task_task missing or empty", __func__); + return -1; + } - switch (manage_fork_connection (&connection, current_credentials.uuid)) + owner_id = sql_string ("SELECT uuid FROM users" + " WHERE id = (SELECT owner FROM alerts" + " WHERE id = %llu)", + alert); + owner_name = sql_string ("SELECT name FROM users" + " WHERE id = (SELECT owner FROM alerts" + " WHERE id = %llu)", + alert); + + if (owner_id == NULL) + { + g_warning ("%s: could not find alert owner", + __func__); + free (owner_id); + free (owner_name); + return -1; + } + + switch (manage_fork_connection (&connection, owner_id)) { case 0: /* Child. Break, stop task, exit. */ @@ -13793,6 +13816,8 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, default: /* Parent. Continue with whatever lead to this escalation. */ g_free (task_id); + free (owner_id); + free (owner_name); return 0; break; } @@ -13800,23 +13825,29 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, /* Start the task. */ auth_opts = gmp_authenticate_info_opts_defaults; - auth_opts.username = current_credentials.username; + auth_opts.username = owner_name; auth_opts.password = "dummy"; if (gmp_authenticate_info_ext_c (&connection, auth_opts)) { + g_free (task_id); + free (owner_id); + free (owner_name); gvm_connection_free (&connection); exit (EXIT_FAILURE); } - if (gmp_start_task_report_c (&connection, task_id, &report_id)) { g_free (task_id); + free (owner_id); + free (owner_name); gvm_connection_free (&connection); exit (EXIT_FAILURE); } g_free (task_id); g_free (report_id); + free (owner_id); + free (owner_name); gvm_connection_free (&connection); exit (EXIT_SUCCESS); }