Hi,
I am working on a fresh install Debain10/Openvas (GSA 7.0.3, openvas 9.0.3, openvas-scanner 5.1.3-2)
I try to use Openvas in “groupware mode” : users from a group can share targets, port lists, tasks (etc) with users in the same group.
I create a role GrantReadPriv with general command permissions : get_groups, get_roles, get_users
I create a group Grp1 and 2 users (g1u1 and g1u2) belonging to group Grp1 and with roles “User” and “GrantReadPriv”
For each users g1u1 and g1u2, the admin add permissions :
User: g1u1
Permissions :
|Name|Description|Resource Type|Resource|Subject Type|Subject|
|—|—|—|—|—|—|—|—|—|
|get_users|Has read access to user g1u1|User|g1u2|Group|Grp1|
User: g1u2
Permissions :
|Name|Description|Resource Type|Resource|Subject Type|Subject|
|—|—|—|—|—|—|—|—|—|
|get_users|Has read access to user g1u2|User|g1u2|Group|Grp1|
First user g1u1 create a target :
==> /var/log/openvas/openvasmd.log <==
event target:MESSAGE:2019-04-09 09h57.40 UTC:19371: Target target:grp1:test (20317382-abd2-4854-929f-9136d935fd8c) has been created by g1u1
and grant proxy permissions to group Grp1 on this target
==> /var/log/openvas/openvasmd.log <==
event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission get_targets (cf69d7dd-23b1-4d7a-a779-bf2efbe2c682) has been created by g1u1
event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission modify_target (26c530c8-8aa1-47a3-8b06-4ebc65b82747) has been created by g1u1
event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission get_port_lists (dc68ed06-0e94-44e5-9b2c-3552676d7dcc) has been created by g1u1
event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission modify_port_list (401d855c-d963-4162-87c0-87ce1061d747) has been created by g1u1
User g1u2 create a task with this target (created by g1u1) :
event task:MESSAGE:2019-04-09 10h01.49 UTC:19460: Status of task (80070b7a-f811-47ec-9556-a4952825312b) has changed to New
event task:MESSAGE:2019-04-09 10h01.50 UTC:19460: Task [g1u2] target:grp1:test (80070b7a-f811-47ec-9556-a4952825312b) has been created by g1u2
at this point, g1u1 does not see the new task “[g1u2] target:grp1:test”
user g1u2 try to grant read acces to user g1u1 by adding permission :
grant read permissions to Group Grp1 on Task “[g1u2] target:grp1:test”
But I receive error :
(Status code: 404) Operation ‘Create Permissions’ failed
Failed to find resource ‘20317382-abd2-4854-929f-9136d935fd8c’
==> /var/log/openvas/openvasmd.log <==
event permission:MESSAGE:2019-04-09 10h05.47 UTC:19499: Permission get_tasks (4f93fc41-0e60-4023-a743-4e29160aa1f0) has been created by g1u2
event permission:MESSAGE:2019-04-09 10h05.47 UTC:19499: Permission could not be created by g1u2
When I close the error box and reload the page, I see the permissions :
get_tasks Has read access to task [g1u2] target:grp1:test Task [g1u2] target:grp1:test Group Grp1
My questions:
- why this error 404 ?
- why can’t user g1u2 use targets shared by g1u1 without error ?
Thanks for your help.
Note:
If g1u1 user create the task and grant read acces to group Grp1, there is no error :
==> /var/log/openvas/openvasmd.log <==
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_tasks (c9b42856-92ab-4338-92b7-e92b49f88dbe) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_targets (b7844083-06f1-4b0f-94f6-7c17abfb41c4) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_port_lists (6f456cb3-72f3-48a0-86cb-dad426facc02) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_configs (9284624b-cabd-4c29-8707-33498fd83418) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_scanners (f3657d89-93e6-46c9-971b-8c7508c5e586) has been created by g1u1