diff --git a/ospd_openvas/preferencehandler.py b/ospd_openvas/preferencehandler.py index bb8abced..138ad4d9 100644 --- a/ospd_openvas/preferencehandler.py +++ b/ospd_openvas/preferencehandler.py @@ -32,7 +32,7 @@ OID_ESXI_AUTH = "1.3.6.1.4.1.25623.1.0.105058" OID_SNMP_AUTH = "1.3.6.1.4.1.25623.1.0.105076" OID_PING_HOST = "1.3.6.1.4.1.25623.1.0.100315" -# TODO: check me, check me, check me +# TODO: check me, check me, check me OID_KRB5_AUTH = "1.3.6.1.4.1.25623.1.81.0" BOREAS_ALIVE_TEST = "ALIVE_TEST" @@ -588,11 +588,15 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]: added to the redis KB. """ cred_prefs_list = [] + krb5_set = False + smb_set = False for credential in credentials.items(): service = credential[0] cred_params = credentials.get(service) if not cred_params: - logger.warning("No credentials parameter found for service %s", service) + logger.warning( + "No credentials parameter found for service %s", service + ) continue cred_type = cred_params.get('type', '') username = cred_params.get('username', '') @@ -664,6 +668,12 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]: ) # Check servic smb elif service == 'smb': + if krb5_set: + self.errors.append( + "Kerberos and SMB credentials are mutually exclusive." + ) + continue + smb_set = True cred_prefs_list.append( f'{OID_SMB_AUTH}:1:entry:SMB login:|||{username}' ) @@ -671,13 +681,23 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]: f'{OID_SMB_AUTH}:2:password:SMB password:|||{password}' ) elif service == 'krb5': + if smb_set: + self.errors.append( + "Kerberos and SMB credentials are mutually exclusive." + ) + continue + krb5_set = True realm = cred_params.get('realm', '') if not realm: - self.errors.append("Missing realm for Kerberos authentication.") + self.errors.append( + "Missing realm for Kerberos authentication." + ) continue kdc = cred_params.get('kdc', '') if not kdc: - self.errors.append("Missing KDC for Kerberos authentication.") + self.errors.append( + "Missing KDC for Kerberos authentication." + ) continue cred_prefs_list.append( f'{OID_KRB5_AUTH}:1:entry:KRB5 login:|||{username}' @@ -688,7 +708,7 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]: cred_prefs_list.append( f'{OID_KRB5_AUTH}:3:entry:KRB5 realm:|||{realm}' ) - #TODO: add multiple kdcs + # TODO: add multiple kdcs cred_prefs_list.append( f'{OID_KRB5_AUTH}:4:entry:KRB5 kdc:|||{kdc}' )