Add: multiple kdc support

greenbone · Dec 5, 2024 · fe9d1e4 · fe9d1e4
1 parent 9947153
commit fe9d1e4
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 18 deletions.
diff --git a/misc/openvas-krb5.c b/misc/openvas-krb5.c
@@ -1,5 +1,6 @@
 #include "openvas-krb5.h"
 
+#include <ctype.h>
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_krb5.h>
 #include <krb5/krb5.h>
@@ -178,6 +179,65 @@ o_krb5_find_kdc (const OKrb5Credential *creds, char **kdc)
         }                                         \
     }                                             \
   while (0)
+
+#define CHECK_FPRINT(result, writer, fmt)  \
+  do                                       \
+    {                                      \
+      if (fprintf (writer, fmt) < 0)       \
+        {                                  \
+          result = O_KRB5_UNABLE_TO_WRITE; \
+          goto result;                     \
+        }                                  \
+    }                                      \
+  while (0)
+
+static OKrb5ErrorCode
+o_krb5_write_trimmed (FILE *file, const char *prefix, const char *start,
+                      const char *end)
+{
+  OKrb5ErrorCode result = O_KRB5_SUCCESS;
+  while (start < end && isspace ((unsigned char) *start))
+    start++;
+  while (end > start && isspace ((unsigned char) *(end - 1)))
+    end--;
+  CHECK_FPRINTF (result, file, "%s = %.*s\n", prefix, (int) (end - start),
+                 start);
+
+result:
+  return result;
+}
+
+static OKrb5ErrorCode
+o_krb5_write_realm (FILE *file, const OKrb5Credential *creds, const char *kdc)
+{
+  OKrb5ErrorCode result = O_KRB5_SUCCESS;
+  CHECK_FPRINTF (result, file, "%s = {\n", (char *) creds->realm.data);
+  const char *kdc_delimiter = strchr (kdc, ',');
+  const char *kdc_start = kdc;
+  const char *kdc_first_start = kdc_start;
+  const char *kdc_first_end =
+    kdc_delimiter != NULL ? kdc_delimiter : kdc + strlen (kdc);
+
+  o_krb5_write_trimmed (file, "  kdc", kdc_first_start, kdc_first_end);
+  if (kdc_delimiter != NULL)
+    {
+      kdc_start = kdc_delimiter + 1;
+      while ((kdc_delimiter = strchr (kdc_start, ',')) != NULL)
+        {
+          o_krb5_write_trimmed (file, "  kdc", kdc_start, kdc_delimiter);
+          kdc_start = kdc_delimiter + 1;
+        }
+
+      o_krb5_write_trimmed (file, "  kdc", kdc_start, kdc + strlen (kdc));
+    }
+  o_krb5_write_trimmed (file, "  admin_server", kdc_first_start, kdc_first_end);
+  o_krb5_write_trimmed (file, "  master_kdc", kdc_first_start, kdc_first_end);
+  CHECK_FPRINT (result, file, "\n}\n");
+
+result:
+  return result;
+}
+
 // Adds realm with the given kdc into krb5.conf
 OKrb5ErrorCode
 o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc)
@@ -188,16 +248,16 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc)
   char tmpfn[MAX_LINE_LENGTH] = {0};
   int state, i;
   char *cp = (char *) creds->config_path.data;
-  char *realm = (char *) creds->realm.data;
+
   if ((file = fopen (cp, "r")) == NULL)
     {
       if ((file = fopen (cp, "w")) == NULL)
         {
           result = O_KRB5_CONF_NOT_CREATED;
           goto result;
         }
-      CHECK_FPRINTF (result, file, "[realms]\n%s = {\n  kdc = %s\n}\n", realm,
-                     kdc);
+      CHECK_FPRINT (result, file, "[realms]\n");
+      o_krb5_write_realm (file, creds, kdc);
       goto result;
     }
   snprintf (tmpfn, MAX_LINE_LENGTH, "%s.tmp", cp);
@@ -215,8 +275,8 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc)
           SKIP_WS (line, MAX_LINE_LENGTH, 0, i);
           if (IS_STR_EQUAL (line, MAX_LINE_LENGTH, i, "[realms]", 8) == 1)
             {
-              CHECK_FPRINTF (result, tmp, "%s = {\n  kdc = %s\n}\n", realm,
-                             kdc);
+              o_krb5_write_realm (file, creds, kdc);
+
               state = 1;
             }
         }
@@ -530,13 +590,13 @@ o_krb5_gss_session_key_context (struct OKrb5GSSContext *gss_context,
 char *
 okrb5_error_code_to_string (const OKrb5ErrorCode code)
 {
-#define HEAP_STRING(var, s)             \
-  do                                    \
-    {                                   \
-      var = calloc (1, strlen (s) + 1); \
-      snprintf (var, strlen (s) + 1, s);    \
-      goto result;                      \
-    }                                   \
+#define HEAP_STRING(var, s)              \
+  do                                     \
+    {                                    \
+      var = calloc (1, strlen (s) + 1);  \
+      snprintf (var, strlen (s) + 1, s); \
+      goto result;                       \
+    }                                    \
   while (0)
 
   char *result = NULL;

diff --git a/misc/scanneraux.c b/misc/scanneraux.c
@@ -9,6 +9,7 @@
  */
 
 #include "scanneraux.h"
+
 #include "../nasl/nasl_krb5.h"
 
 void

diff --git a/nasl/nasl_host.h b/nasl/nasl_host.h
@@ -62,7 +62,6 @@ nasl_same_host (lex_ctxt *);
 tree_cell *
 nasl_target_is_ipv6 (lex_ctxt *lexic);
 
-
 tree_cell *
 host_reverse_lookup (lex_ctxt *lexic);
 

diff --git a/nasl/nasl_init.c b/nasl/nasl_init.c
@@ -423,7 +423,8 @@ static init_func libfuncs[] = {
   {"krb5_gss_init", nasl_okrb5_gss_init},
   {"krb5_gss_prepare_context", nasl_okrb5_gss_prepare_context},
   {"krb5_gss_update_context", nasl_okrb5_gss_update_context},
-  {"krb5_gss_update_context_needs_more", nasl_okrb5_gss_update_context_needs_more},
+  {"krb5_gss_update_context_needs_more",
+   nasl_okrb5_gss_update_context_needs_more},
   {"krb5_gss_update_context_out", nasl_okrb5_gss_update_context_out},
   {"krb5_gss_session_key", nasl_okrb5_gss_session_key_context},
   {"krb5_error_code_to_string", nasl_okrb5_error_code_to_string},

diff --git a/nasl/nasl_smb.c b/nasl/nasl_smb.c
@@ -346,13 +346,15 @@ nasl_win_cmd_exec (lex_ctxt *lexic)
   GError *err = NULL;
   bool krb5 = false;
   bool calculate_host = false;
+  char first_kdc[INET6_ADDRSTRLEN] = {0};
+  const char *delimiter;
 
   IMPORT (host);
   IMPORT (username);
   IMPORT (password);
   IMPORT (realm);
-  (void) realm;
   IMPORT (kdc);
+
   IMPORT (cmd);
   krb5 = kdc != NULL;
 
@@ -407,9 +409,18 @@ nasl_win_cmd_exec (lex_ctxt *lexic)
     }
   else
     {
+      delimiter = strchr (kdc, ',');
+      if (delimiter != NULL)
+        {
+          strncpy (first_kdc, kdc, delimiter - kdc);
+        }
+      else
+        {
+          strncpy (first_kdc, kdc, sizeof (first_kdc) - 1);
+        }
       argv[1] = "-k";
       argv[2] = "-dc-ip";
-      argv[3] = kdc;
+      argv[3] = first_kdc;
       argv[4] = target;
       argv[5] = cmd;
       argv[6] = NULL;

diff --git a/src/openvas.c b/src/openvas.c
@@ -26,6 +26,7 @@
 #include "../misc/plugutils.h"     /* nvticache_free */
 #include "../misc/scan_id.h"       /* to manage global scan_id */
 #include "../misc/vendorversion.h" /* for vendor_version_set */
+#include "../nasl/nasl_krb5.h"     /* for nasl_okrb5_clean */
 #include "attack.h"                /* for attack_network */
 #include "debug_utils.h"           /* for init_sentry */
 #include "pluginlaunch.h"          /* for init_loading_shm */
@@ -57,7 +58,6 @@
 #include <sys/un.h>
 #include <sys/wait.h> /* for waitpid */
 #include <unistd.h>   /* for close() */
-#include "../nasl/nasl_krb5.h" /* for nasl_okrb5_clean */
 
 #ifdef GIT_REV_AVAILABLE
 #include "gitrevision.h"
@@ -641,7 +641,7 @@ openvas (int argc, char *argv[], char *env[])
 
       gvm_close_sentry ();
       destroy_scan_globals (globals);
-      nasl_okrb5_clean();
+      nasl_okrb5_clean ();
 #ifdef LOG_REFERENCES_AVAILABLE
       free_log_reference ();
 #endif // LOG_REFERENCES_AVAILABLE
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,7 @@ @@
      */
     #include "scanneraux.h"
     #include "../nasl/nasl_krb5.h"
     void
@@ Expand Down @@