Skip to content

Commit

Permalink
Add: privilege credentials for SSH service
Browse files Browse the repository at this point in the history
  • Loading branch information
@jjnicola
jjnicola committed Feb 15, 2024
1 parent d5facc1 commit 0162ea1
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 10 deletions.
9 changes: 9 additions & 0 deletions rust/doc/openapi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -572,6 +572,15 @@ components:
type: "string"
password:
description: "Password for authentication."
privilege_credential:
description: "Privilege username and password for SSH service"
type: "object"
properties:
username:
description: "Privilege username for authentication."
type: "string"
password:
description: "Privilege password for authentication."
required:
- username

Expand Down
14 changes: 9 additions & 5 deletions rust/models/src/credential.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ impl Default for Credential {
credential_type: CredentialType::UP {
username: "root".to_string(),
password: "".to_string(),
privilege_credential: None,
},
}
}
Expand All @@ -75,16 +76,12 @@ pub enum Service {
#[cfg_attr(feature = "serde_support", serde(rename = "snmp"))]
/// SNMP, supports [SNMP](CredentialType::SNMP)
SNMP,
#[cfg_attr(feature = "serde_support", serde(rename = "privilege_ssh"))]
/// Privilege SSH, supports [SSH](CredentialType::UP)
PSSH,
}

impl AsRef<str> for Service {
fn as_ref(&self) -> &str {
match self {
Service::SSH => "ssh",
Service::PSSH => "privilege_ssh",
Service::SMB => "smb",
Service::ESXi => "esxi",
Service::SNMP => "snmp",
Expand All @@ -107,6 +104,8 @@ pub enum CredentialType {
username: String,
/// The password for authentication.
password: String,
/// privilege credential
privilege_credential: Option<Box<CredentialType>>,
},
#[cfg_attr(feature = "serde_support", serde(rename = "usk"))]
/// User/ssh-key credentials.
Expand Down Expand Up @@ -144,9 +143,14 @@ impl CredentialType {
F: FnOnce(String) -> Result<String, E>,
{
Ok(match self {
CredentialType::UP { username, password } => CredentialType::UP {
CredentialType::UP {
username,
password,
privilege_credential,
} => CredentialType::UP {
username,
password: f(password)?,
privilege_credential,
},
CredentialType::USK {
username,
Expand Down
1 change: 1 addition & 0 deletions rust/openvasd/src/storage/inmemory.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,7 @@ mod tests {
credential_type: models::CredentialType::UP {
username: "test".to_string(),
password: "test".to_string(),
privilege_credential: None,
},
..Default::default()
};
Expand Down
19 changes: 14 additions & 5 deletions rust/osp/src/commands.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,13 +287,22 @@ fn write_credentials(scan: &Scan, writer: &mut Writer) -> Result<()> {

writer.within_parameter_element("credential", parameter, &mut |writer| {
match &c.credential_type {
CredentialType::UP { username, password } => {
// TODO need to add privilege escalation for root when service is ssh
// see
// https://docs.greenbone.net/API/OSP/osp-22.04.html#element_credential
// 5.1.3
CredentialType::UP {
username,
password,
privilege_credential,
} => {
write_str_element(writer, "username", username)?;
write_str_element(writer, "password", password)?;
if let Some(pcred) = privilege_credential {
if let CredentialType::UP {
username, password, ..
} = pcred.as_ref()
{
write_str_element(writer, "priv_username", username)?;
write_str_element(writer, "priv_password", password)?;
}
}
}
CredentialType::USK {
username,
Expand Down

0 comments on commit 0162ea1

Please sign in to comment.