Error 404 while accessing shared targets

gvm-9

#1

Hi,

I am working on a fresh install Debain10/Openvas (GSA 7.0.3, openvas 9.0.3, openvas-scanner 5.1.3-2)

I try to use Openvas in “groupware mode” : users from a group can share targets, port lists, tasks (etc) with users in the same group.

I create a role GrantReadPriv with general command permissions : get_groups, get_roles, get_users
I create a group Grp1 and 2 users (g1u1 and g1u2) belonging to group Grp1 and with roles “User” and “GrantReadPriv”

For each users g1u1 and g1u2, the admin add permissions :

User: g1u1
Permissions :

Name Description Resource Type Resource Subject Type Subject
get_users Has read access to user g1u1 User g1u2 Group Grp1

User: g1u2
Permissions :

Name Description Resource Type Resource Subject Type Subject
get_users Has read access to user g1u2 User g1u2 Group Grp1

First user g1u1 create a target :
==> /var/log/openvas/openvasmd.log <==

event target:MESSAGE:2019-04-09 09h57.40 UTC:19371: Target target:grp1:test (20317382-abd2-4854-929f-9136d935fd8c) has been created by g1u1

and grant proxy permissions to group Grp1 on this target
==> /var/log/openvas/openvasmd.log <==

event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission get_targets (cf69d7dd-23b1-4d7a-a779-bf2efbe2c682) has been created by g1u1
event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission modify_target (26c530c8-8aa1-47a3-8b06-4ebc65b82747) has been created by g1u1
event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission get_port_lists (dc68ed06-0e94-44e5-9b2c-3552676d7dcc) has been created by g1u1
event permission:MESSAGE:2019-04-09 09h58.39 UTC:19387: Permission modify_port_list (401d855c-d963-4162-87c0-87ce1061d747) has been created by g1u1

User g1u2 create a task with this target (created by g1u1) :

event task:MESSAGE:2019-04-09 10h01.49 UTC:19460: Status of task (80070b7a-f811-47ec-9556-a4952825312b) has changed to New
event task:MESSAGE:2019-04-09 10h01.50 UTC:19460: Task [g1u2] target:grp1:test (80070b7a-f811-47ec-9556-a4952825312b) has been created by g1u2

at this point, g1u1 does not see the new task “[g1u2] target:grp1:test”

user g1u2 try to grant read acces to user g1u1 by adding permission :
grant read permissions to Group Grp1 on Task “[g1u2] target:grp1:test”

But I receive error :
(Status code: 404) Operation ‘Create Permissions’ failed
Failed to find resource ‘20317382-abd2-4854-929f-9136d935fd8c


==> /var/log/openvas/openvasmd.log <==
event permission:MESSAGE:2019-04-09 10h05.47 UTC:19499: Permission get_tasks (4f93fc41-0e60-4023-a743-4e29160aa1f0) has been created by g1u2
event permission:MESSAGE:2019-04-09 10h05.47 UTC:19499: Permission could not be created by g1u2

When I close the error box and reload the page, I see the permissions :
get_tasks Has read access to task [g1u2] target:grp1:test Task [g1u2] target:grp1:test Group Grp1

My questions:

  • why this error 404 ?
  • why can’t user g1u2 use targets shared by g1u1 without error ?

Thanks for your help.

Note:
If g1u1 user create the task and grant read acces to group Grp1, there is no error :
==> /var/log/openvas/openvasmd.log <==

event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_tasks (c9b42856-92ab-4338-92b7-e92b49f88dbe) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_targets (b7844083-06f1-4b0f-94f6-7c17abfb41c4) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_port_lists (6f456cb3-72f3-48a0-86cb-dad426facc02) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_configs (9284624b-cabd-4c29-8707-33498fd83418) has been created by g1u1
event permission:MESSAGE:2019-04-09 12h30.45 UTC:20534: Permission get_scanners (f3657d89-93e6-46c9-971b-8c7508c5e586) has been created by g1u1


#2

@gsa-irts I have seen that you have moved this topic back into the Greenbone Community Edition (GCE) category which is about the virtual machine provided by Greenbone. As you’re using an own installation:

the topic belongs into the Greenbone Source Edition (GSE) category so i’m moving this topic back again.