Skip to content

Commit

Permalink
Verifies if smb and krb5 are set.
Browse files Browse the repository at this point in the history
Based on the differences when to use krb5 and when to use smb within the
feed both are mutualy exclusive.

Either use smb, when you have a older system, or krb5 but not both.
  • Loading branch information
nichtsfrei committed Dec 9, 2024
1 parent ea937ec commit 205ba37
Showing 1 changed file with 23 additions and 5 deletions.
28 changes: 23 additions & 5 deletions ospd_openvas/preferencehandler.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
OID_ESXI_AUTH = "1.3.6.1.4.1.25623.1.0.105058"
OID_SNMP_AUTH = "1.3.6.1.4.1.25623.1.0.105076"
OID_PING_HOST = "1.3.6.1.4.1.25623.1.0.100315"
# TODO: check me, check me, check me
OID_KRB5_AUTH = "1.3.6.1.4.1.25623.1.81.0"

BOREAS_ALIVE_TEST = "ALIVE_TEST"
Expand Down Expand Up @@ -588,11 +587,15 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
added to the redis KB.
"""
cred_prefs_list = []
krb5_set = False
smb_set = False
for credential in credentials.items():
service = credential[0]
cred_params = credentials.get(service)
if not cred_params:
logger.warning("No credentials parameter found for service %s", service)
logger.warning(
"No credentials parameter found for service %s", service
)
continue
cred_type = cred_params.get('type', '')
username = cred_params.get('username', '')
Expand Down Expand Up @@ -664,20 +667,36 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
)
# Check servic smb
elif service == 'smb':
if krb5_set:
self.errors.append(
"Kerberos and SMB credentials are mutually exclusive."
)
continue
smb_set = True
cred_prefs_list.append(
f'{OID_SMB_AUTH}:1:entry:SMB login:|||{username}'
)
cred_prefs_list.append(
f'{OID_SMB_AUTH}:2:password:SMB password:|||{password}'
)
elif service == 'krb5':
if smb_set:
self.errors.append(
"Kerberos and SMB credentials are mutually exclusive."
)
continue
krb5_set = True
realm = cred_params.get('realm', '')
if not realm:
self.errors.append("Missing realm for Kerberos authentication.")
self.errors.append(
"Missing realm for Kerberos authentication."
)
continue
kdc = cred_params.get('kdc', '')
if not kdc:
self.errors.append("Missing KDC for Kerberos authentication.")
self.errors.append(
"Missing KDC for Kerberos authentication."
)
continue
cred_prefs_list.append(
f'{OID_KRB5_AUTH}:1:entry:KRB5 login:|||{username}'
Expand All @@ -688,7 +707,6 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
cred_prefs_list.append(
f'{OID_KRB5_AUTH}:3:entry:KRB5 realm:|||{realm}'
)
#TODO: add multiple kdcs
cred_prefs_list.append(
f'{OID_KRB5_AUTH}:4:entry:KRB5 kdc:|||{kdc}'
)
Expand Down

0 comments on commit 205ba37

Please sign in to comment.