From 2e70c9b4513ec428b3d8d6cdcfe26d9c26d82eb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Mon, 13 Apr 2026 12:45:45 +0200 Subject: [PATCH] Change: Cleanup manager connection and authentication Introduce dedicated functions for each authentication method and cleanup function naming. --- src/gsad_gmp.c | 2 +- src/gsad_http.c | 3 +- src/gsad_manager.c | 174 +++++++++++++++++++++++++++++++++++++-------- src/gsad_manager.h | 4 +- 4 files changed, 147 insertions(+), 36 deletions(-) diff --git a/src/gsad_gmp.c b/src/gsad_gmp.c index 424b96533..eb98d9517 100644 --- a/src/gsad_gmp.c +++ b/src/gsad_gmp.c @@ -20818,7 +20818,7 @@ authenticate_gmp (const gchar *username, const gchar *password, gsad_settings_is_jwt_requested (gsad_global_settings); auth_opts.jwt = jwt; - int auth = gsad_manager_connect (&connection, auth_opts); + int auth = gsad_manager_connect_with_auth_opts (&connection, auth_opts); if (auth == 0) { entity_t entity; diff --git a/src/gsad_http.c b/src/gsad_http.c index ff8f6680a..c3f5d36e8 100644 --- a/src/gsad_http.c +++ b/src/gsad_http.c @@ -980,11 +980,10 @@ gsad_envelope (gsad_credentials_t *credentials, gchar *xml, const gchar *timezone = gsad_user_get_timezone (user); const gchar *jwt = gsad_user_get_jwt (user); - GString *string = g_string_new (""); + GString *string = g_string_new (""); xml_string_append ( string, - "" "%s" "%s" "%s" diff --git a/src/gsad_manager.c b/src/gsad_manager.c index 6e48f9d76..5711bc4e9 100644 --- a/src/gsad_manager.c +++ b/src/gsad_manager.c @@ -18,40 +18,102 @@ #define G_LOG_DOMAIN "gsad manager" /** - * @brief Connect to Greenbone Vulnerability Manager daemon. + * @brief Authenticate with the manager using XML. * - * @param[in] path Path to the Manager socket. + * @param[in] connection Connection + * @param[in] xml XML to authenticate with * - * @return Socket, or -1 on error. + * @return 0 on success, 1 if manager closed connection, 2 if auth failed, + * 3 on timeout, -1 on error. */ static int -connect_unix (const gchar *path) +gmp_authenticate_with_xml (gvm_connection_t *connection, const gchar *xml) { - struct sockaddr_un address; - int sock; + entity_t entity = NULL; + const char *status; + char first; + int ret; - /* Make socket. */ + /* Send the auth request. */ + ret = gvm_connection_sendf (connection, + "" + "%s" + "", + xml); + if (ret) + return ret; - sock = socket (AF_UNIX, SOCK_STREAM, 0); - if (sock == -1) + /* Read the response. */ + switch (try_read_entity_c (connection, 0, &entity)) { - g_warning ("Failed to create server socket"); + case 0: + break; + case -4: + return 3; + default: return -1; } - /* Connect to server. */ + /* Check the response. */ - address.sun_family = AF_UNIX; - strncpy (address.sun_path, path, sizeof (address.sun_path) - 1); - if (connect (sock, (struct sockaddr *) &address, sizeof (address)) == -1) + status = entity_attribute (entity, "status"); + if (status == NULL) { - g_warning ("Failed to connect to server via unix socket at %s: %s", path, - strerror (errno)); - close (sock); + free_entity (entity); + return -1; + } + if (strlen (status) == 0) + { + free_entity (entity); return -1; } + first = status[0]; + if (first != '2') + { + free_entity (entity); + return 2; + } + free_entity (entity); + return 0; +} + +/** + * @brief Authenticate with the manager using a JWT. + * + * @param[in] connection Connection + * @param[in] token Token to authenticate with + * + * @return 0 on success, 1 if manager closed connection, 2 if auth failed, + * 3 on timeout, -1 on error. + */ +static int +gmp_authenticate_with_jwt (gvm_connection_t *connection, const gchar *token) +{ + const gchar *xml = g_markup_printf_escaped ("%s", token); + int ret = gmp_authenticate_with_xml (connection, xml); + g_free (xml); + return ret; +} - return sock; +/** + * @brief Authenticate with the manager using a token. + * + * @param[in] connection Connection + * @param[in] token Token to authenticate with + * + * @return 0 on success, 1 if manager closed connection, 2 if auth failed, + * 3 on timeout, -1 on error. + */ +static int +gmp_authenticate_with_username_password (gvm_connection_t *connection, + const gchar *username, + const gchar *password) +{ + const gchar *xml = g_markup_printf_escaped ( + "%s%s", username, password); + int ret = gmp_authenticate_with_xml (connection, xml); + g_free (xml); + return ret; } /** @@ -63,17 +125,32 @@ connect_unix (const gchar *path) * @return 0 success, -1 failed to connect. */ static int -gvm_connection_open (gvm_connection_t *connection, - const gchar *unix_socket_path) +gsad_manager_open_unix_socket_connection (gvm_connection_t *connection, + const gchar *unix_socket_path) { if (unix_socket_path == NULL) return -1; - connection->socket = connect_unix (unix_socket_path); + int sock = socket (AF_UNIX, SOCK_STREAM, 0); + if (sock == -1) + { + g_warning ("Failed to create server socket"); + return -1; + } + + connection->socket = sock; connection->tls = 0; - if (connection->socket == -1) - return -1; + struct sockaddr_un address; + address.sun_family = AF_UNIX; + strncpy (address.sun_path, unix_socket_path, sizeof (address.sun_path) - 1); + if (connect (sock, (struct sockaddr *) &address, sizeof (address)) == -1) + { + g_warning ("Failed to connect to server via unix socket at %s: %s", + unix_socket_path, strerror (errno)); + close (sock); + return -1; + } return 0; } @@ -112,11 +189,46 @@ gsad_manager_connect_with_username_password (gvm_connection_t *connection, const gchar *username, const gchar *password) { - gmp_authenticate_info_opts_t auth_opts; - auth_opts = gmp_authenticate_info_opts_defaults; - auth_opts.username = username; - auth_opts.password = password; - return gsad_manager_connect (connection, auth_opts); + gsad_settings_t *gsad_global_settings = gsad_settings_get_global_settings (); + if (gsad_manager_open_unix_socket_connection ( + connection, gsad_settings_get_manager_address (gsad_global_settings))) + { + return 4; + } + int ret = + gmp_authenticate_with_username_password (connection, username, password); + if (ret) + { + gvm_connection_close (connection); + } + return ret; +} + +/** + * @brief Connect and authenticate to Greenbone Vulnerability Manager daemon + * using a JWT. + * + * @param[out] connection Connection to Manager on success. + * @param[in] token JWT for authentication. + * + * @return 0 success, 1 if manager closed connection, 2 if auth failed, + * 3 on timeout, 4 failed to connect, -1 on error + */ +int +gsad_manager_connect_with_jwt (gvm_connection_t *connection, const gchar *token) +{ + gsad_settings_t *gsad_global_settings = gsad_settings_get_global_settings (); + if (gsad_manager_open_unix_socket_connection ( + connection, gsad_settings_get_manager_address (gsad_global_settings))) + { + return 4; + } + int ret = gmp_authenticate_with_jwt (connection, token); + if (ret) + { + gvm_connection_close (connection); + } + return ret; } /** @@ -132,12 +244,12 @@ gsad_manager_connect_with_username_password (gvm_connection_t *connection, * 3 on timeout, 4 failed to connect, -1 on error */ int -gsad_manager_connect (gvm_connection_t *connection, - gmp_authenticate_info_opts_t auth_opts) +gsad_manager_connect_with_auth_opts (gvm_connection_t *connection, + gmp_authenticate_info_opts_t auth_opts) { gsad_settings_t *gsad_global_settings = gsad_settings_get_global_settings (); - if (gvm_connection_open ( + if (gsad_manager_open_unix_socket_connection ( connection, gsad_settings_get_manager_address (gsad_global_settings))) { return 4; diff --git a/src/gsad_manager.h b/src/gsad_manager.h index fa1140873..e73379c52 100644 --- a/src/gsad_manager.h +++ b/src/gsad_manager.h @@ -26,7 +26,7 @@ gsad_manager_connect_with_username_password (gvm_connection_t *connection, const gchar *password); int -gsad_manager_connect (gvm_connection_t *connection, - gmp_authenticate_info_opts_t auth_opts); +gsad_manager_connect_with_auth_opts (gvm_connection_t *connection, + gmp_authenticate_info_opts_t auth_opts); #endif /* _GSAD_MANAGER_H */