From 1c4ee4b9fdade26433c0acb2519260971c74565a Mon Sep 17 00:00:00 2001
From: Philipp Eder <philipp.eder@greenbone.net>
Date: Tue, 10 Dec 2024 06:33:03 +0000
Subject: [PATCH] Refactoring: change macros to MACROS, remove TODOs and dead
 code

---
 misc/openvas-krb5.c | 13 ++++++------
 nasl/nasl_host.c    |  6 ++++--
 nasl/nasl_krb5.c    | 48 ++++++++++++++++++---------------------------
 nasl/nasl_krb5.h    | 15 --------------
 4 files changed, 29 insertions(+), 53 deletions(-)

diff --git a/misc/openvas-krb5.c b/misc/openvas-krb5.c
index 86750d077..b07e7d6ff 100644
--- a/misc/openvas-krb5.c
+++ b/misc/openvas-krb5.c
@@ -318,7 +318,7 @@ static OKrb5ErrorCode
 okrb5_gss_authenticate (const OKrb5Credential *creds,
                         struct OKrb5GSSContext *gss_creds)
 {
-#define check_major_stat()              \
+#define CHECK_MAJOR_STAT()              \
   if (maj_stat != GSS_S_COMPLETE)       \
     {                                   \
       result = O_KRB5_ERROR + maj_stat; \
@@ -365,18 +365,18 @@ okrb5_gss_authenticate (const OKrb5Credential *creds,
 
   maj_stat =
     gss_import_name (&min_stat, &userbuf, GSS_C_NT_USER_NAME, &gss_username);
-  check_major_stat ();
+  CHECK_MAJOR_STAT ();
 
   maj_stat = gss_acquire_cred_with_password (&min_stat, gss_username, &pwbuf, 0,
                                              &creds_mechs, GSS_C_INITIATE,
                                              &cred, NULL, NULL);
 
   (void) gss_release_name (&min_stat, &gss_username);
-  check_major_stat ();
+  CHECK_MAJOR_STAT ();
 
   // let spnego only use the desired mechs
   maj_stat = gss_set_neg_mechs (&min_stat, cred, &spnego_mechs);
-  check_major_stat ();
+  CHECK_MAJOR_STAT ();
   gss_creds->gss_creds = cred;
 result:
   if (user_principal != NULL)
@@ -506,13 +506,12 @@ o_krb5_gss_prepare_context (const OKrb5Credential *creds,
   gss_context->gss_time_rec = 0;
   gss_context->gss_actual_mech_type = NULL;
 result:
-  // TODO: cleanup target_principal_str on failure?
+  if (target_principal_str != NULL)
+    free (target_principal_str);
 
   return result;
 }
 
-// TODO: this signature feels unintuitive based on the mix of in and out and
-// changed gss_context as well...
 OKrb5ErrorCode
 o_krb5_gss_update_context (struct OKrb5GSSContext *gss_context,
                            const struct OKrb5Slice *in_data,
diff --git a/nasl/nasl_host.c b/nasl/nasl_host.c
index 7df41d068..381621d8a 100644
--- a/nasl/nasl_host.c
+++ b/nasl/nasl_host.c
@@ -248,8 +248,9 @@ host_reverse_lookup (lex_ctxt *lexic)
     }
   else
     {
-      // we need to duplicate it as get_str_var_by_name does store it within
-      // string_form which is released with the lex_ctxt release.
+      // we need to duplicate t because plug_get_host_ip_from_str allocates
+      // memory and to have the same behavior for both we simply duplicate the
+      // memory here
       t = g_strdup (t);
     }
   if (t == NULL)
@@ -261,6 +262,7 @@ host_reverse_lookup (lex_ctxt *lexic)
   if (target == NULL)
     {
       nasl_perror (lexic, "%s: Invalid target\n", t);
+      g_free (t);
       goto fail;
     }
   g_free (t);
diff --git a/nasl/nasl_krb5.c b/nasl/nasl_krb5.c
index b865a7149..cd2e2c5ed 100644
--- a/nasl/nasl_krb5.c
+++ b/nasl/nasl_krb5.c
@@ -10,7 +10,7 @@
 
 #include <stdio.h>
 
-#define nasl_print_krb_error(lexic, credential, result)                   \
+#define NASL_PRINT_KRB_ERROR(lexic, credential, result)                   \
   do                                                                      \
     {                                                                     \
       char *error_str = okrb5_error_code_to_string (result);              \
@@ -24,7 +24,7 @@
 
 OKrb5ErrorCode last_okrb5_result;
 
-#define set_slice_from_lex_or_env(lexic, slice, name, env_name)            \
+#define SET_SLICE_FROM_LEX_OR_ENV(lexic, slice, name, env_name)            \
   do                                                                       \
     {                                                                      \
       okrb5_set_slice_from_str (slice, get_str_var_by_name (lexic, name)); \
@@ -35,10 +35,10 @@ OKrb5ErrorCode last_okrb5_result;
     }                                                                      \
   while (0)
 
-#define perror_set_slice_from_lex_or_env(lexic, slice, name, env_name) \
+#define PERROR_SET_SLICE_FROM_LEX_OR_ENV(lexic, slice, name, env_name) \
   do                                                                   \
     {                                                                  \
-      set_slice_from_lex_or_env (lexic, slice, name, env_name);        \
+      SET_SLICE_FROM_LEX_OR_ENV (lexic, slice, name, env_name);        \
       if (slice.len == 0)                                              \
         {                                                              \
           nasl_perror (lexic, "Expected %s or env variable %s", name,  \
@@ -55,37 +55,36 @@ build_krb5_credential (lex_ctxt *lexic)
 
   char *kdc = NULL;
 
-  set_slice_from_lex_or_env (lexic, credential.config_path, "config_path",
+  SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.config_path, "config_path",
                              "KRB5_CONFIG");
   if (credential.config_path.len == 0)
     {
       okrb5_set_slice_from_str (credential.config_path, "/etc/krb5.conf");
     }
-  // TODO: enhance with redis check? maybe.
 
-  perror_set_slice_from_lex_or_env (lexic, credential.realm, "realm",
+  PERROR_SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.realm, "realm",
                                     "KRB5_REALM");
-  perror_set_slice_from_lex_or_env (lexic, credential.kdc, "kdc", "KRB5_KDC");
-  perror_set_slice_from_lex_or_env (lexic, credential.user.user, "user",
+  PERROR_SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.kdc, "kdc", "KRB5_KDC");
+  PERROR_SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.user.user, "user",
                                     "KRB5_USER");
-  perror_set_slice_from_lex_or_env (lexic, credential.user.password, "password",
+  PERROR_SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.user.password, "password",
                                     "KRB5_PASSWORD");
-  perror_set_slice_from_lex_or_env (lexic, credential.target.host_name, "host",
+  PERROR_SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.target.host_name, "host",
                                     "KRB5_TARGET_HOST");
-  // set_slice_from_lex_or_env (lexic, credential.target.service, "service",
+  // SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.target.service, "service",
   // "KRB5_TARGET_SERVICE");
 
   if ((code = o_krb5_find_kdc (&credential, &kdc)))
     {
       if (code != O_KRB5_REALM_NOT_FOUND && code != O_KRB5_CONF_NOT_FOUND)
         {
-          nasl_print_krb_error (lexic, credential, code);
+          NASL_PRINT_KRB_ERROR (lexic, credential, code);
         }
       else
         {
           if ((code = o_krb5_add_realm (&credential, credential.kdc.data)))
             {
-              nasl_print_krb_error (lexic, credential, code);
+              NASL_PRINT_KRB_ERROR (lexic, credential, code);
             }
         }
     }
@@ -97,7 +96,7 @@ build_krb5_credential (lex_ctxt *lexic)
     {
       okrb5_set_slice_from_str (credential.target.service, "cifs");
     }
-  set_slice_from_lex_or_env (lexic, credential.kdc, "kdc", "KRB5_KDC");
+  SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.kdc, "kdc", "KRB5_KDC");
 
   memset (&credential.target.domain, 0, sizeof (struct OKrb5Slice));
 
@@ -134,7 +133,7 @@ nasl_okrb5_find_kdc (lex_ctxt *lexic)
 
   if ((last_okrb5_result = o_krb5_find_kdc (&credential, &kdc)))
     {
-      nasl_print_krb_error (lexic, credential, last_okrb5_result);
+      NASL_PRINT_KRB_ERROR (lexic, credential, last_okrb5_result);
       return FAKE_CELL;
     }
 
@@ -149,7 +148,6 @@ nasl_okrb5_add_realm (lex_ctxt *lexic)
 {
   tree_cell *retc;
   OKrb5Credential credential;
-  // TODO: create macro for that
   char *kdc = get_str_var_by_name (lexic, "kdc");
   if (kdc == NULL)
     {
@@ -157,7 +155,7 @@ nasl_okrb5_add_realm (lex_ctxt *lexic)
       if (kdc == NULL)
         {
           last_okrb5_result = O_KRB5_EXPECTED_NOT_NULL;
-          nasl_print_krb_error (lexic, credential, last_okrb5_result);
+          NASL_PRINT_KRB_ERROR (lexic, credential, last_okrb5_result);
           goto exit;
         }
     }
@@ -166,7 +164,7 @@ nasl_okrb5_add_realm (lex_ctxt *lexic)
 
   if ((last_okrb5_result = o_krb5_add_realm (&credential, kdc)))
     {
-      nasl_print_krb_error (lexic, credential, last_okrb5_result);
+      NASL_PRINT_KRB_ERROR (lexic, credential, last_okrb5_result);
     }
 
 exit:
@@ -175,14 +173,6 @@ nasl_okrb5_add_realm (lex_ctxt *lexic)
   return retc;
 }
 
-tree_cell *
-nasl_okrb5_result (lex_ctxt *lexic)
-{
-  (void) lexic;
-  // TODO: implement function to return string representation of result
-  return NULL;
-}
-
 /**
  * @brief Returns 1 if the krb5 function was successful 0 otherwise
  *
@@ -225,8 +215,8 @@ nasl_okrb5_is_failure (lex_ctxt *lexic)
   return retc;
 }
 
-// TODO: may need a cacing mechanism for different configurations
-// for now we just use one
+// We use one context per run, this means that per run (target + oid) there is
+// only on credential allowed.
 struct OKrb5GSSContext *cached_gss_context = NULL;
 
 tree_cell *
diff --git a/nasl/nasl_krb5.h b/nasl/nasl_krb5.h
index 12b75b4d6..661bd6010 100644
--- a/nasl/nasl_krb5.h
+++ b/nasl/nasl_krb5.h
@@ -46,21 +46,6 @@ nasl_okrb5_find_kdc (lex_ctxt *lexic);
 tree_cell *
 nasl_okrb5_add_realm (lex_ctxt *lexic);
 
-/**
- * @brief Returns the last result of the krb5 functions as a string
- *
- * The nasl function has one optional parameter:
- * - retval: the return value of the krb5 function. If the value is not defined,
- * the return value of the last krb5 function is used.
- *
- *
- * @param[in] lexic     NASL lexer.
- *
- * @return lex cell containing a number indicating success or failure.
- */
-tree_cell *
-nasl_okrb5_result (lex_ctxt *lexic);
-
 /**
  * @brief Returns 1 if the krb5 function was successful 0 otherwise
  *