From fe9d1e41134652a5ac33147c7a124de5f5d86c56 Mon Sep 17 00:00:00 2001 From: Philipp Eder Date: Wed, 4 Dec 2024 15:56:02 +0000 Subject: [PATCH] Add: multiple kdc support --- misc/openvas-krb5.c | 84 ++++++++++++++++++++++++++++++++++++++------- misc/scanneraux.c | 1 + nasl/nasl_host.h | 1 - nasl/nasl_init.c | 3 +- nasl/nasl_smb.c | 15 ++++++-- src/openvas.c | 4 +-- 6 files changed, 90 insertions(+), 18 deletions(-) diff --git a/misc/openvas-krb5.c b/misc/openvas-krb5.c index 5e2dd44af..99c61ede2 100644 --- a/misc/openvas-krb5.c +++ b/misc/openvas-krb5.c @@ -1,5 +1,6 @@ #include "openvas-krb5.h" +#include #include #include #include @@ -178,6 +179,65 @@ o_krb5_find_kdc (const OKrb5Credential *creds, char **kdc) } \ } \ while (0) + +#define CHECK_FPRINT(result, writer, fmt) \ + do \ + { \ + if (fprintf (writer, fmt) < 0) \ + { \ + result = O_KRB5_UNABLE_TO_WRITE; \ + goto result; \ + } \ + } \ + while (0) + +static OKrb5ErrorCode +o_krb5_write_trimmed (FILE *file, const char *prefix, const char *start, + const char *end) +{ + OKrb5ErrorCode result = O_KRB5_SUCCESS; + while (start < end && isspace ((unsigned char) *start)) + start++; + while (end > start && isspace ((unsigned char) *(end - 1))) + end--; + CHECK_FPRINTF (result, file, "%s = %.*s\n", prefix, (int) (end - start), + start); + +result: + return result; +} + +static OKrb5ErrorCode +o_krb5_write_realm (FILE *file, const OKrb5Credential *creds, const char *kdc) +{ + OKrb5ErrorCode result = O_KRB5_SUCCESS; + CHECK_FPRINTF (result, file, "%s = {\n", (char *) creds->realm.data); + const char *kdc_delimiter = strchr (kdc, ','); + const char *kdc_start = kdc; + const char *kdc_first_start = kdc_start; + const char *kdc_first_end = + kdc_delimiter != NULL ? kdc_delimiter : kdc + strlen (kdc); + + o_krb5_write_trimmed (file, " kdc", kdc_first_start, kdc_first_end); + if (kdc_delimiter != NULL) + { + kdc_start = kdc_delimiter + 1; + while ((kdc_delimiter = strchr (kdc_start, ',')) != NULL) + { + o_krb5_write_trimmed (file, " kdc", kdc_start, kdc_delimiter); + kdc_start = kdc_delimiter + 1; + } + + o_krb5_write_trimmed (file, " kdc", kdc_start, kdc + strlen (kdc)); + } + o_krb5_write_trimmed (file, " admin_server", kdc_first_start, kdc_first_end); + o_krb5_write_trimmed (file, " master_kdc", kdc_first_start, kdc_first_end); + CHECK_FPRINT (result, file, "\n}\n"); + +result: + return result; +} + // Adds realm with the given kdc into krb5.conf OKrb5ErrorCode o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) @@ -188,7 +248,7 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) char tmpfn[MAX_LINE_LENGTH] = {0}; int state, i; char *cp = (char *) creds->config_path.data; - char *realm = (char *) creds->realm.data; + if ((file = fopen (cp, "r")) == NULL) { if ((file = fopen (cp, "w")) == NULL) @@ -196,8 +256,8 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) result = O_KRB5_CONF_NOT_CREATED; goto result; } - CHECK_FPRINTF (result, file, "[realms]\n%s = {\n kdc = %s\n}\n", realm, - kdc); + CHECK_FPRINT (result, file, "[realms]\n"); + o_krb5_write_realm (file, creds, kdc); goto result; } snprintf (tmpfn, MAX_LINE_LENGTH, "%s.tmp", cp); @@ -215,8 +275,8 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) SKIP_WS (line, MAX_LINE_LENGTH, 0, i); if (IS_STR_EQUAL (line, MAX_LINE_LENGTH, i, "[realms]", 8) == 1) { - CHECK_FPRINTF (result, tmp, "%s = {\n kdc = %s\n}\n", realm, - kdc); + o_krb5_write_realm (file, creds, kdc); + state = 1; } } @@ -530,13 +590,13 @@ o_krb5_gss_session_key_context (struct OKrb5GSSContext *gss_context, char * okrb5_error_code_to_string (const OKrb5ErrorCode code) { -#define HEAP_STRING(var, s) \ - do \ - { \ - var = calloc (1, strlen (s) + 1); \ - snprintf (var, strlen (s) + 1, s); \ - goto result; \ - } \ +#define HEAP_STRING(var, s) \ + do \ + { \ + var = calloc (1, strlen (s) + 1); \ + snprintf (var, strlen (s) + 1, s); \ + goto result; \ + } \ while (0) char *result = NULL; diff --git a/misc/scanneraux.c b/misc/scanneraux.c index b6b0acfe7..a820c3665 100644 --- a/misc/scanneraux.c +++ b/misc/scanneraux.c @@ -9,6 +9,7 @@ */ #include "scanneraux.h" + #include "../nasl/nasl_krb5.h" void diff --git a/nasl/nasl_host.h b/nasl/nasl_host.h index cd3f71b5d..384cd9caf 100644 --- a/nasl/nasl_host.h +++ b/nasl/nasl_host.h @@ -62,7 +62,6 @@ nasl_same_host (lex_ctxt *); tree_cell * nasl_target_is_ipv6 (lex_ctxt *lexic); - tree_cell * host_reverse_lookup (lex_ctxt *lexic); diff --git a/nasl/nasl_init.c b/nasl/nasl_init.c index 0a767fab8..e38a800fe 100644 --- a/nasl/nasl_init.c +++ b/nasl/nasl_init.c @@ -423,7 +423,8 @@ static init_func libfuncs[] = { {"krb5_gss_init", nasl_okrb5_gss_init}, {"krb5_gss_prepare_context", nasl_okrb5_gss_prepare_context}, {"krb5_gss_update_context", nasl_okrb5_gss_update_context}, - {"krb5_gss_update_context_needs_more", nasl_okrb5_gss_update_context_needs_more}, + {"krb5_gss_update_context_needs_more", + nasl_okrb5_gss_update_context_needs_more}, {"krb5_gss_update_context_out", nasl_okrb5_gss_update_context_out}, {"krb5_gss_session_key", nasl_okrb5_gss_session_key_context}, {"krb5_error_code_to_string", nasl_okrb5_error_code_to_string}, diff --git a/nasl/nasl_smb.c b/nasl/nasl_smb.c index d60911c4a..bb797e5bd 100644 --- a/nasl/nasl_smb.c +++ b/nasl/nasl_smb.c @@ -346,13 +346,15 @@ nasl_win_cmd_exec (lex_ctxt *lexic) GError *err = NULL; bool krb5 = false; bool calculate_host = false; + char first_kdc[INET6_ADDRSTRLEN] = {0}; + const char *delimiter; IMPORT (host); IMPORT (username); IMPORT (password); IMPORT (realm); - (void) realm; IMPORT (kdc); + IMPORT (cmd); krb5 = kdc != NULL; @@ -407,9 +409,18 @@ nasl_win_cmd_exec (lex_ctxt *lexic) } else { + delimiter = strchr (kdc, ','); + if (delimiter != NULL) + { + strncpy (first_kdc, kdc, delimiter - kdc); + } + else + { + strncpy (first_kdc, kdc, sizeof (first_kdc) - 1); + } argv[1] = "-k"; argv[2] = "-dc-ip"; - argv[3] = kdc; + argv[3] = first_kdc; argv[4] = target; argv[5] = cmd; argv[6] = NULL; diff --git a/src/openvas.c b/src/openvas.c index 09679a7b2..0ecf4a308 100644 --- a/src/openvas.c +++ b/src/openvas.c @@ -26,6 +26,7 @@ #include "../misc/plugutils.h" /* nvticache_free */ #include "../misc/scan_id.h" /* to manage global scan_id */ #include "../misc/vendorversion.h" /* for vendor_version_set */ +#include "../nasl/nasl_krb5.h" /* for nasl_okrb5_clean */ #include "attack.h" /* for attack_network */ #include "debug_utils.h" /* for init_sentry */ #include "pluginlaunch.h" /* for init_loading_shm */ @@ -57,7 +58,6 @@ #include #include /* for waitpid */ #include /* for close() */ -#include "../nasl/nasl_krb5.h" /* for nasl_okrb5_clean */ #ifdef GIT_REV_AVAILABLE #include "gitrevision.h" @@ -641,7 +641,7 @@ openvas (int argc, char *argv[], char *env[]) gvm_close_sentry (); destroy_scan_globals (globals); - nasl_okrb5_clean(); + nasl_okrb5_clean (); #ifdef LOG_REFERENCES_AVAILABLE free_log_reference (); #endif // LOG_REFERENCES_AVAILABLE