Skip to content

Commit eec1fad

Browse files
nichtsfreinichtsfrei
committed
Add: krb5 credential
To support krb5 a new credential service is required to get the `realm`, as well as `kdc` in addition to `username` and `password`. This adds: ``` <credentials> <credential type="up" service="krb5"> <username>scanuser</username> <password>mypass</password> <realm>myrealm</realm> <kdc>mykdc</kdc> </credential> </credentials> ```
1 parent 961048a commit eec1fad

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

ospd_openvas/preferencehandler.py

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@
3232
OID_ESXI_AUTH = "1.3.6.1.4.1.25623.1.0.105058"
3333
OID_SNMP_AUTH = "1.3.6.1.4.1.25623.1.0.105076"
3434
OID_PING_HOST = "1.3.6.1.4.1.25623.1.0.100315"
35+
# TODO: check me, check me, check me
36+
OID_KRB5_AUTH = "1.3.6.1.4.1.25623.1.81.0"
3537

3638
BOREAS_ALIVE_TEST = "ALIVE_TEST"
3739
BOREAS_ALIVE_TEST_PORTS = "ALIVE_TEST_PORTS"
@@ -589,6 +591,9 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
589591
for credential in credentials.items():
590592
service = credential[0]
591593
cred_params = credentials.get(service)
594+
if not cred_params:
595+
logger.warning("No credentials parameter found for service %s", service)
596+
continue
592597
cred_type = cred_params.get('type', '')
593598
username = cred_params.get('username', '')
594599
password = cred_params.get('password', '')
@@ -665,6 +670,28 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
665670
cred_prefs_list.append(
666671
f'{OID_SMB_AUTH}:2:password:SMB password:|||{password}'
667672
)
673+
elif service == 'krb5':
674+
realm = cred_params.get('realm', '')
675+
if not realm:
676+
self.errors.append("Missing realm for Kerberos authentication.")
677+
continue
678+
kdc = cred_params.get('kdc', '')
679+
if not kdc:
680+
self.errors.append("Missing KDC for Kerberos authentication.")
681+
continue
682+
cred_prefs_list.append(
683+
f'{OID_KRB5_AUTH}:1:entry:KRB5 login:|||{username}'
684+
)
685+
cred_prefs_list.append(
686+
f'{OID_KRB5_AUTH}:2:password:KRB5 password:|||{password}'
687+
)
688+
cred_prefs_list.append(
689+
f'{OID_KRB5_AUTH}:3:entry:KRB5 realm:|||{realm}'
690+
)
691+
#TODO: add multiple kdcs
692+
cred_prefs_list.append(
693+
f'{OID_KRB5_AUTH}:4:entry:KRB5 kdc:|||{kdc}'
694+
)
668695
# Check service esxi
669696
elif service == 'esxi':
670697
cred_prefs_list.append(

0 commit comments

Comments
 (0)