From e28405d38d4afed5eee6709236fe429b6d8d18a4 Mon Sep 17 00:00:00 2001 From: Philipp Eder Date: Wed, 4 Dec 2024 15:56:02 +0000 Subject: [PATCH] Add: multiple kdc support --- misc/openvas-krb5.c | 84 ++++++++++++++++++++++++++++++++++++++------- nasl/nasl_init.c | 3 +- nasl/nasl_smb.c | 15 ++++++-- 3 files changed, 87 insertions(+), 15 deletions(-) diff --git a/misc/openvas-krb5.c b/misc/openvas-krb5.c index 5e2dd44af..99c61ede2 100644 --- a/misc/openvas-krb5.c +++ b/misc/openvas-krb5.c @@ -1,5 +1,6 @@ #include "openvas-krb5.h" +#include #include #include #include @@ -178,6 +179,65 @@ o_krb5_find_kdc (const OKrb5Credential *creds, char **kdc) } \ } \ while (0) + +#define CHECK_FPRINT(result, writer, fmt) \ + do \ + { \ + if (fprintf (writer, fmt) < 0) \ + { \ + result = O_KRB5_UNABLE_TO_WRITE; \ + goto result; \ + } \ + } \ + while (0) + +static OKrb5ErrorCode +o_krb5_write_trimmed (FILE *file, const char *prefix, const char *start, + const char *end) +{ + OKrb5ErrorCode result = O_KRB5_SUCCESS; + while (start < end && isspace ((unsigned char) *start)) + start++; + while (end > start && isspace ((unsigned char) *(end - 1))) + end--; + CHECK_FPRINTF (result, file, "%s = %.*s\n", prefix, (int) (end - start), + start); + +result: + return result; +} + +static OKrb5ErrorCode +o_krb5_write_realm (FILE *file, const OKrb5Credential *creds, const char *kdc) +{ + OKrb5ErrorCode result = O_KRB5_SUCCESS; + CHECK_FPRINTF (result, file, "%s = {\n", (char *) creds->realm.data); + const char *kdc_delimiter = strchr (kdc, ','); + const char *kdc_start = kdc; + const char *kdc_first_start = kdc_start; + const char *kdc_first_end = + kdc_delimiter != NULL ? kdc_delimiter : kdc + strlen (kdc); + + o_krb5_write_trimmed (file, " kdc", kdc_first_start, kdc_first_end); + if (kdc_delimiter != NULL) + { + kdc_start = kdc_delimiter + 1; + while ((kdc_delimiter = strchr (kdc_start, ',')) != NULL) + { + o_krb5_write_trimmed (file, " kdc", kdc_start, kdc_delimiter); + kdc_start = kdc_delimiter + 1; + } + + o_krb5_write_trimmed (file, " kdc", kdc_start, kdc + strlen (kdc)); + } + o_krb5_write_trimmed (file, " admin_server", kdc_first_start, kdc_first_end); + o_krb5_write_trimmed (file, " master_kdc", kdc_first_start, kdc_first_end); + CHECK_FPRINT (result, file, "\n}\n"); + +result: + return result; +} + // Adds realm with the given kdc into krb5.conf OKrb5ErrorCode o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) @@ -188,7 +248,7 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) char tmpfn[MAX_LINE_LENGTH] = {0}; int state, i; char *cp = (char *) creds->config_path.data; - char *realm = (char *) creds->realm.data; + if ((file = fopen (cp, "r")) == NULL) { if ((file = fopen (cp, "w")) == NULL) @@ -196,8 +256,8 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) result = O_KRB5_CONF_NOT_CREATED; goto result; } - CHECK_FPRINTF (result, file, "[realms]\n%s = {\n kdc = %s\n}\n", realm, - kdc); + CHECK_FPRINT (result, file, "[realms]\n"); + o_krb5_write_realm (file, creds, kdc); goto result; } snprintf (tmpfn, MAX_LINE_LENGTH, "%s.tmp", cp); @@ -215,8 +275,8 @@ o_krb5_add_realm (const OKrb5Credential *creds, const char *kdc) SKIP_WS (line, MAX_LINE_LENGTH, 0, i); if (IS_STR_EQUAL (line, MAX_LINE_LENGTH, i, "[realms]", 8) == 1) { - CHECK_FPRINTF (result, tmp, "%s = {\n kdc = %s\n}\n", realm, - kdc); + o_krb5_write_realm (file, creds, kdc); + state = 1; } } @@ -530,13 +590,13 @@ o_krb5_gss_session_key_context (struct OKrb5GSSContext *gss_context, char * okrb5_error_code_to_string (const OKrb5ErrorCode code) { -#define HEAP_STRING(var, s) \ - do \ - { \ - var = calloc (1, strlen (s) + 1); \ - snprintf (var, strlen (s) + 1, s); \ - goto result; \ - } \ +#define HEAP_STRING(var, s) \ + do \ + { \ + var = calloc (1, strlen (s) + 1); \ + snprintf (var, strlen (s) + 1, s); \ + goto result; \ + } \ while (0) char *result = NULL; diff --git a/nasl/nasl_init.c b/nasl/nasl_init.c index 0a767fab8..e38a800fe 100644 --- a/nasl/nasl_init.c +++ b/nasl/nasl_init.c @@ -423,7 +423,8 @@ static init_func libfuncs[] = { {"krb5_gss_init", nasl_okrb5_gss_init}, {"krb5_gss_prepare_context", nasl_okrb5_gss_prepare_context}, {"krb5_gss_update_context", nasl_okrb5_gss_update_context}, - {"krb5_gss_update_context_needs_more", nasl_okrb5_gss_update_context_needs_more}, + {"krb5_gss_update_context_needs_more", + nasl_okrb5_gss_update_context_needs_more}, {"krb5_gss_update_context_out", nasl_okrb5_gss_update_context_out}, {"krb5_gss_session_key", nasl_okrb5_gss_session_key_context}, {"krb5_error_code_to_string", nasl_okrb5_error_code_to_string}, diff --git a/nasl/nasl_smb.c b/nasl/nasl_smb.c index d60911c4a..bb797e5bd 100644 --- a/nasl/nasl_smb.c +++ b/nasl/nasl_smb.c @@ -346,13 +346,15 @@ nasl_win_cmd_exec (lex_ctxt *lexic) GError *err = NULL; bool krb5 = false; bool calculate_host = false; + char first_kdc[INET6_ADDRSTRLEN] = {0}; + const char *delimiter; IMPORT (host); IMPORT (username); IMPORT (password); IMPORT (realm); - (void) realm; IMPORT (kdc); + IMPORT (cmd); krb5 = kdc != NULL; @@ -407,9 +409,18 @@ nasl_win_cmd_exec (lex_ctxt *lexic) } else { + delimiter = strchr (kdc, ','); + if (delimiter != NULL) + { + strncpy (first_kdc, kdc, delimiter - kdc); + } + else + { + strncpy (first_kdc, kdc, sizeof (first_kdc) - 1); + } argv[1] = "-k"; argv[2] = "-dc-ip"; - argv[3] = kdc; + argv[3] = first_kdc; argv[4] = target; argv[5] = cmd; argv[6] = NULL;