From 0162ea1b2f8d67de7d5c98a82d08dd66cc95d2ae Mon Sep 17 00:00:00 2001 From: Juan Jose Nicola Date: Thu, 15 Feb 2024 13:57:37 +0100 Subject: [PATCH] Add: privilege credentials for SSH service --- rust/doc/openapi.yml | 9 +++++++++ rust/models/src/credential.rs | 14 +++++++++----- rust/openvasd/src/storage/inmemory.rs | 1 + rust/osp/src/commands.rs | 19 ++++++++++++++----- 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/rust/doc/openapi.yml b/rust/doc/openapi.yml index 5efac00a7..38432b0ef 100644 --- a/rust/doc/openapi.yml +++ b/rust/doc/openapi.yml @@ -572,6 +572,15 @@ components: type: "string" password: description: "Password for authentication." + privilege_credential: + description: "Privilege username and password for SSH service" + type: "object" + properties: + username: + description: "Privilege username for authentication." + type: "string" + password: + description: "Privilege password for authentication." required: - username diff --git a/rust/models/src/credential.rs b/rust/models/src/credential.rs index 0d22df609..7706d8427 100644 --- a/rust/models/src/credential.rs +++ b/rust/models/src/credential.rs @@ -50,6 +50,7 @@ impl Default for Credential { credential_type: CredentialType::UP { username: "root".to_string(), password: "".to_string(), + privilege_credential: None, }, } } @@ -75,16 +76,12 @@ pub enum Service { #[cfg_attr(feature = "serde_support", serde(rename = "snmp"))] /// SNMP, supports [SNMP](CredentialType::SNMP) SNMP, - #[cfg_attr(feature = "serde_support", serde(rename = "privilege_ssh"))] - /// Privilege SSH, supports [SSH](CredentialType::UP) - PSSH, } impl AsRef for Service { fn as_ref(&self) -> &str { match self { Service::SSH => "ssh", - Service::PSSH => "privilege_ssh", Service::SMB => "smb", Service::ESXi => "esxi", Service::SNMP => "snmp", @@ -107,6 +104,8 @@ pub enum CredentialType { username: String, /// The password for authentication. password: String, + /// privilege credential + privilege_credential: Option>, }, #[cfg_attr(feature = "serde_support", serde(rename = "usk"))] /// User/ssh-key credentials. @@ -144,9 +143,14 @@ impl CredentialType { F: FnOnce(String) -> Result, { Ok(match self { - CredentialType::UP { username, password } => CredentialType::UP { + CredentialType::UP { + username, + password, + privilege_credential, + } => CredentialType::UP { username, password: f(password)?, + privilege_credential, }, CredentialType::USK { username, diff --git a/rust/openvasd/src/storage/inmemory.rs b/rust/openvasd/src/storage/inmemory.rs index cfa5b3798..edce7379f 100644 --- a/rust/openvasd/src/storage/inmemory.rs +++ b/rust/openvasd/src/storage/inmemory.rs @@ -456,6 +456,7 @@ mod tests { credential_type: models::CredentialType::UP { username: "test".to_string(), password: "test".to_string(), + privilege_credential: None, }, ..Default::default() }; diff --git a/rust/osp/src/commands.rs b/rust/osp/src/commands.rs index 445be7ee3..50b5de187 100644 --- a/rust/osp/src/commands.rs +++ b/rust/osp/src/commands.rs @@ -287,13 +287,22 @@ fn write_credentials(scan: &Scan, writer: &mut Writer) -> Result<()> { writer.within_parameter_element("credential", parameter, &mut |writer| { match &c.credential_type { - CredentialType::UP { username, password } => { - // TODO need to add privilege escalation for root when service is ssh - // see - // https://docs.greenbone.net/API/OSP/osp-22.04.html#element_credential - // 5.1.3 + CredentialType::UP { + username, + password, + privilege_credential, + } => { write_str_element(writer, "username", username)?; write_str_element(writer, "password", password)?; + if let Some(pcred) = privilege_credential { + if let CredentialType::UP { + username, password, .. + } = pcred.as_ref() + { + write_str_element(writer, "priv_username", username)?; + write_str_element(writer, "priv_password", password)?; + } + } } CredentialType::USK { username,