Skip to content

Commit

Permalink
Add: New Kerberos credential type
Browse files Browse the repository at this point in the history
The new type "krb5" is added to the create_credential, modify_credential
and get_credentials commands.

This will later be usable in scan targets for Kerberos 5 authentication.
  • Loading branch information
timopollmeier committed Nov 29, 2024
1 parent 705c6c2 commit 5bcc39e
Show file tree
Hide file tree
Showing 5 changed files with 185 additions and 11 deletions.
67 changes: 67 additions & 0 deletions src/gmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,7 @@ typedef struct
char *certificate; ///< Certificate for client certificate auth.
char *comment; ///< Comment.
char *copy; ///< UUID of resource to copy.
char *kdc; ///< Kerberos KDC (key distribution centers).
int key; ///< Whether the command included a key element.
char *key_phrase; ///< Passphrase for key.
char *key_private; ///< Private key from key.
Expand All @@ -460,6 +461,7 @@ typedef struct
char *auth_algorithm; ///< SNMP Authentication algorithm.
char *privacy_password; ///< SNMP Privacy password.
char *privacy_algorithm; ///< SNMP Privacy algorithm.
char *realm; ///< Kerberos realm.
char *type; ///< Type of credential.
} create_credential_data_t;

Expand All @@ -475,6 +477,7 @@ create_credential_data_reset (create_credential_data_t *data)
free (data->certificate);
free (data->comment);
free (data->copy);
free (data->kdc);
free (data->key_phrase);
free (data->key_private);
free (data->key_public);
Expand All @@ -485,6 +488,7 @@ create_credential_data_reset (create_credential_data_t *data)
free (data->auth_algorithm);
free (data->privacy_password);
free (data->privacy_algorithm);
free (data->realm);
free (data->type);

memset (data, 0, sizeof (create_credential_data_t));
Expand Down Expand Up @@ -2515,6 +2519,7 @@ typedef struct
char *comment; ///< Comment.
char *community; ///< SNMP Community string.
char *credential_id; ///< ID of credential to modify.
char *kdc; ///< Kerberos KDC (key distribution centers).
int key; ///< Whether the command included a key element.
char *key_phrase; ///< Passphrase for key.
char *key_private; ///< Private key from key.
Expand All @@ -2524,6 +2529,7 @@ typedef struct
char *password; ///< Password associated with login name.
char *privacy_algorithm; ///< SNMP Privacy algorithm.
char *privacy_password; ///< SNMP Privacy password.
char *realm; ///< Kerberos realm.
} modify_credential_data_t;

/**
Expand All @@ -2540,6 +2546,7 @@ modify_credential_data_reset (modify_credential_data_t *data)
free (data->comment);
free (data->community);
free (data->credential_id);
free (data->kdc);
free (data->key_phrase);
free (data->key_private);
free (data->key_public);
Expand All @@ -2548,6 +2555,7 @@ modify_credential_data_reset (modify_credential_data_t *data)
free (data->password);
free (data->privacy_algorithm);
free (data->privacy_password);
free (data->realm);

memset (data, 0, sizeof (modify_credential_data_t));
}
Expand Down Expand Up @@ -4088,6 +4096,7 @@ typedef enum
CLIENT_CREATE_CREDENTIAL_COMMENT,
CLIENT_CREATE_CREDENTIAL_COMMUNITY,
CLIENT_CREATE_CREDENTIAL_COPY,
CLIENT_CREATE_CREDENTIAL_KDC,
CLIENT_CREATE_CREDENTIAL_KEY,
CLIENT_CREATE_CREDENTIAL_KEY_PHRASE,
CLIENT_CREATE_CREDENTIAL_KEY_PRIVATE,
Expand All @@ -4098,6 +4107,7 @@ typedef enum
CLIENT_CREATE_CREDENTIAL_PRIVACY,
CLIENT_CREATE_CREDENTIAL_PRIVACY_ALGORITHM,
CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD,
CLIENT_CREATE_CREDENTIAL_REALM,
CLIENT_CREATE_CREDENTIAL_TYPE,
CLIENT_CREATE_FILTER,
CLIENT_CREATE_FILTER_COMMENT,
Expand Down Expand Up @@ -4420,6 +4430,7 @@ typedef enum
CLIENT_MODIFY_CREDENTIAL_CERTIFICATE,
CLIENT_MODIFY_CREDENTIAL_COMMENT,
CLIENT_MODIFY_CREDENTIAL_COMMUNITY,
CLIENT_MODIFY_CREDENTIAL_KDC,
CLIENT_MODIFY_CREDENTIAL_KEY,
CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE,
CLIENT_MODIFY_CREDENTIAL_KEY_PRIVATE,
Expand All @@ -4430,6 +4441,7 @@ typedef enum
CLIENT_MODIFY_CREDENTIAL_PRIVACY,
CLIENT_MODIFY_CREDENTIAL_PRIVACY_ALGORITHM,
CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD,
CLIENT_MODIFY_CREDENTIAL_REALM,
CLIENT_MODIFY_FILTER,
CLIENT_MODIFY_FILTER_COMMENT,
CLIENT_MODIFY_FILTER_NAME,
Expand Down Expand Up @@ -6283,6 +6295,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
gvm_append_string (&modify_credential_data->community, "");
set_client_state (CLIENT_MODIFY_CREDENTIAL_COMMUNITY);
}
else if (strcasecmp ("KDC", element_name) == 0)
{
set_client_state (CLIENT_MODIFY_CREDENTIAL_KDC);
}
else if (strcasecmp ("KEY", element_name) == 0)
{
modify_credential_data->key = 1;
Expand All @@ -6302,6 +6318,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
gvm_append_string (&modify_credential_data->privacy_algorithm,
"");
}
else if (strcasecmp ("REALM", element_name) == 0)
{
set_client_state (CLIENT_MODIFY_CREDENTIAL_REALM);
}
ELSE_READ_OVER;

case CLIENT_MODIFY_CREDENTIAL_KEY:
Expand Down Expand Up @@ -6962,6 +6982,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
set_client_state (CLIENT_CREATE_CREDENTIAL_COMMENT);
else if (strcasecmp ("COMMUNITY", element_name) == 0)
set_client_state (CLIENT_CREATE_CREDENTIAL_COMMUNITY);
else if (strcasecmp ("KDC", element_name) == 0)
set_client_state (CLIENT_CREATE_CREDENTIAL_KDC);
else if (strcasecmp ("KEY", element_name) == 0)
{
create_credential_data->key = 1;
Expand All @@ -6980,6 +7002,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
}
else if (strcasecmp ("PRIVACY", element_name) == 0)
set_client_state (CLIENT_CREATE_CREDENTIAL_PRIVACY);
else if (strcasecmp ("REALM", element_name) == 0)
set_client_state (CLIENT_CREATE_CREDENTIAL_REALM);
else if (strcasecmp ("TYPE", element_name) == 0)
set_client_state (CLIENT_CREATE_CREDENTIAL_TYPE);
ELSE_READ_OVER;
Expand Down Expand Up @@ -12338,6 +12362,19 @@ handle_get_credentials (gmp_parser_t *gmp_parser, GError **error)
SEND_TO_CLIENT_OR_FAIL (formats_xml);
g_free (formats_xml);

if (type && (strcmp (type, "krb5") == 0))
{
const char *kdc, *realm;
kdc = credential_iterator_kdc (&credentials);
realm = credential_iterator_realm (&credentials);

SENDF_TO_CLIENT_OR_FAIL
("<kdc>%s</kdc>"
"<realm>%s</realm>",
kdc ? kdc : "",
realm ? realm : "");
}

if (type && (strcmp (type, "snmp") == 0))
{
const char *auth_algorithm, *privacy_algorithm;
Expand Down Expand Up @@ -21333,6 +21370,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
create_credential_data->auth_algorithm,
create_credential_data->privacy_password,
create_credential_data->privacy_algorithm,
create_credential_data->kdc,
create_credential_data->realm,
create_credential_data->type,
create_credential_data->allow_insecure,
&new_credential))
Expand Down Expand Up @@ -21440,6 +21479,16 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
(XML_ERROR_SYNTAX ("create_credential",
"Cannot determine type for new credential"));
break;
case 19:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_credential",
"Selected type requires a kdc"));
break;
case 20:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_credential",
"Selected type requires a realm"));
break;
case 99:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_credential",
Expand All @@ -21462,6 +21511,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
CLOSE (CLIENT_CREATE_CREDENTIAL, COMMENT);
CLOSE (CLIENT_CREATE_CREDENTIAL, COMMUNITY);
CLOSE (CLIENT_CREATE_CREDENTIAL, COPY);
CLOSE (CLIENT_CREATE_CREDENTIAL, KDC);
CLOSE (CLIENT_CREATE_CREDENTIAL, KEY);
CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PHRASE);
CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PRIVATE);
Expand All @@ -21472,6 +21522,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
CLOSE (CLIENT_CREATE_CREDENTIAL, PRIVACY);
CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, ALGORITHM);
CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, PASSWORD);
CLOSE (CLIENT_CREATE_CREDENTIAL, REALM);
CLOSE (CLIENT_CREATE_CREDENTIAL, TYPE);

case CLIENT_CREATE_FILTER:
Expand Down Expand Up @@ -24527,6 +24578,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
modify_credential_data->auth_algorithm,
modify_credential_data->privacy_password,
modify_credential_data->privacy_algorithm,
modify_credential_data->kdc,
modify_credential_data->realm,
modify_credential_data->allow_insecure))
{
case 0:
Expand Down Expand Up @@ -24649,6 +24702,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
CLOSE (CLIENT_MODIFY_CREDENTIAL, CERTIFICATE);
CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMENT);
CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMUNITY);
CLOSE (CLIENT_MODIFY_CREDENTIAL, KDC);
CLOSE (CLIENT_MODIFY_CREDENTIAL, KEY);
CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PHRASE);
CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PRIVATE);
Expand All @@ -24659,6 +24713,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
CLOSE (CLIENT_MODIFY_CREDENTIAL, PRIVACY);
CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, ALGORITHM);
CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, PASSWORD);
CLOSE (CLIENT_MODIFY_CREDENTIAL, REALM);

case CLIENT_MODIFY_FILTER:
{
Expand Down Expand Up @@ -27309,6 +27364,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
APPEND (CLIENT_MODIFY_CREDENTIAL_COMMUNITY,
&modify_credential_data->community);

APPEND (CLIENT_MODIFY_CREDENTIAL_KDC,
&modify_credential_data->kdc);

APPEND (CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE,
&modify_credential_data->key_phrase);

Expand All @@ -27333,6 +27391,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
APPEND (CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD,
&modify_credential_data->privacy_password);

APPEND (CLIENT_MODIFY_CREDENTIAL_REALM,
&modify_credential_data->realm);


case CLIENT_MODIFY_REPORT_CONFIG:
modify_report_config_element_text (text, text_len);
Expand Down Expand Up @@ -27440,6 +27501,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
APPEND (CLIENT_CREATE_CREDENTIAL_COPY,
&create_credential_data->copy);

APPEND (CLIENT_CREATE_CREDENTIAL_KDC,
&create_credential_data->kdc);

APPEND (CLIENT_CREATE_CREDENTIAL_KEY_PHRASE,
&create_credential_data->key_phrase);

Expand All @@ -27464,6 +27528,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
APPEND (CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD,
&create_credential_data->privacy_password);

APPEND (CLIENT_CREATE_CREDENTIAL_REALM,
&create_credential_data->realm);

APPEND (CLIENT_CREATE_CREDENTIAL_TYPE,
&create_credential_data->type);

Expand Down
2 changes: 2 additions & 0 deletions src/manage.c
Original file line number Diff line number Diff line change
Expand Up @@ -4418,6 +4418,8 @@ credential_full_type (const char* abbreviation)
return NULL;
else if (strcasecmp (abbreviation, "cc") == 0)
return "client certificate";
else if (strcasecmp (abbreviation, "krb5") == 0)
return "Kerberos 5";
else if (strcasecmp (abbreviation, "pw") == 0)
return "password only";
else if (strcasecmp (abbreviation, "snmp") == 0)
Expand Down
10 changes: 8 additions & 2 deletions src/manage.h
Original file line number Diff line number Diff line change
Expand Up @@ -2293,7 +2293,7 @@ int
create_credential (const char*, const char*, const char*, const char*,
const char*, const char*, const char*, const char*,
const char*, const char*, const char*, const char*,
const char*, credential_t*);
const char*, const char*, const char*, credential_t*);

int
copy_credential (const char*, const char*, const char*,
Expand All @@ -2303,7 +2303,7 @@ int
modify_credential (const char*, const char*, const char*, const char*,
const char*, const char*, const char*, const char*,
const char*, const char*, const char*, const char*,
const char*);
const char*, const char*, const char*);

int
delete_credential (const char *, int);
Expand Down Expand Up @@ -2344,6 +2344,12 @@ credential_iterator_privacy_password (iterator_t*);
const char*
credential_iterator_public_key (iterator_t*);

const char*
credential_iterator_kdc (iterator_t*);

const char*
credential_iterator_realm (iterator_t*);

const char*
credential_iterator_private_key (iterator_t*);

Expand Down
Loading

0 comments on commit 5bcc39e

Please sign in to comment.