diff --git a/src/gmp.c b/src/gmp.c
index 03219f1d5..6648af6c8 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -950,6 +950,7 @@ typedef struct
char *esxi_credential_id; ///< ESXi credential for new target.
char *esxi_lsc_credential_id; ///< ESXi credential (deprecated).
char *snmp_credential_id; ///< SNMP credential for new target.
+ char *krb5_credential_id; ///< Kerberos 5 credential for new target.
char *name; ///< Name of new target.
} create_target_data_t;
@@ -982,6 +983,7 @@ create_target_data_reset (create_target_data_t *data)
free (data->esxi_credential_id);
free (data->esxi_lsc_credential_id);
free (data->snmp_credential_id);
+ free (data->krb5_credential_id);
free (data->name);
memset (data, 0, sizeof (create_target_data_t));
@@ -2880,6 +2882,7 @@ typedef struct
char *esxi_credential_id; ///< ESXi credential for target.
char *esxi_lsc_credential_id; ///< ESXi credential for target (deprecated).
char *snmp_credential_id; ///< SNMP credential for target.
+ char *krb5_credential_id; ///< Kerberos 5 credential for target.
char *target_id; ///< Target UUID.
} modify_target_data_t;
@@ -2910,6 +2913,7 @@ modify_target_data_reset (modify_target_data_t *data)
free (data->esxi_credential_id);
free (data->esxi_lsc_credential_id);
free (data->snmp_credential_id);
+ free (data->krb5_credential_id);
free (data->target_id);
memset (data, 0, sizeof (modify_target_data_t));
@@ -4292,6 +4296,7 @@ typedef enum
CLIENT_CREATE_TARGET_NAME,
CLIENT_CREATE_TARGET_PORT_LIST,
CLIENT_CREATE_TARGET_PORT_RANGE,
+ CLIENT_CREATE_TARGET_KRB5_CREDENTIAL,
CLIENT_CREATE_TARGET_SMB_CREDENTIAL,
CLIENT_CREATE_TARGET_SNMP_CREDENTIAL,
CLIENT_CREATE_TARGET_SSH_CREDENTIAL,
@@ -4529,6 +4534,7 @@ typedef enum
CLIENT_MODIFY_TARGET_REVERSE_LOOKUP_UNIFY,
CLIENT_MODIFY_TARGET_NAME,
CLIENT_MODIFY_TARGET_PORT_LIST,
+ CLIENT_MODIFY_TARGET_KRB5_CREDENTIAL,
CLIENT_MODIFY_TARGET_SMB_CREDENTIAL,
CLIENT_MODIFY_TARGET_SNMP_CREDENTIAL,
CLIENT_MODIFY_TARGET_SSH_CREDENTIAL,
@@ -6631,6 +6637,12 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
&modify_target_data->port_list_id);
set_client_state (CLIENT_MODIFY_TARGET_PORT_LIST);
}
+ else if (strcasecmp ("KRB5_CREDENTIAL", element_name) == 0)
+ {
+ append_attribute (attribute_names, attribute_values, "id",
+ &modify_target_data->krb5_credential_id);
+ set_client_state (CLIENT_MODIFY_TARGET_KRB5_CREDENTIAL);
+ }
else if (strcasecmp ("SSH_CREDENTIAL", element_name) == 0)
{
append_attribute (attribute_names, attribute_values, "id",
@@ -7642,6 +7654,12 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
gvm_append_string (&create_target_data->port_range, "");
set_client_state (CLIENT_CREATE_TARGET_PORT_RANGE);
}
+ else if (strcasecmp ("KRB5_CREDENTIAL", element_name) == 0)
+ {
+ append_attribute (attribute_names, attribute_values, "id",
+ &create_target_data->krb5_credential_id);
+ set_client_state (CLIENT_CREATE_TARGET_KRB5_CREDENTIAL);
+ }
else if (strcasecmp ("SSH_CREDENTIAL", element_name) == 0)
{
append_attribute (attribute_names, attribute_values, "id",
@@ -17857,18 +17875,20 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error)
char *ssh_name, *ssh_uuid, *smb_name, *smb_uuid;
char *esxi_name, *esxi_uuid, *snmp_name, *snmp_uuid;
char *ssh_elevate_name, *ssh_elevate_uuid;
+ char *krb5_name, *krb5_uuid;
const char *port_list_uuid, *port_list_name, *ssh_port;
const char *hosts, *exclude_hosts, *reverse_lookup_only;
const char *reverse_lookup_unify, *allow_simultaneous_ips;
credential_t ssh_credential, smb_credential;
credential_t esxi_credential, snmp_credential;
- credential_t ssh_elevate_credential;
+ credential_t ssh_elevate_credential, krb5_credential;
int port_list_trash, max_hosts, port_list_available;
int ssh_credential_available;
int smb_credential_available;
int esxi_credential_available;
int snmp_credential_available;
int ssh_elevate_credential_available;
+ int krb5_credential_available;
ret = get_next (&targets, &get_targets_data->get, &first,
&count, init_target_iterator);
@@ -17886,6 +17906,7 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error)
snmp_credential = target_iterator_snmp_credential (&targets);
ssh_elevate_credential
= target_iterator_ssh_elevate_credential (&targets);
+ krb5_credential = target_iterator_krb5_credential (&targets);
ssh_credential_available = 1;
if (ssh_credential)
@@ -18043,6 +18064,38 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error)
ssh_elevate_uuid = NULL;
}
+ krb5_credential_available = 1;
+ if (krb5_credential)
+ {
+ if (get_targets_data->get.trash
+ && target_iterator_krb5_trash (&targets))
+ {
+ krb5_name
+ = trash_credential_name (krb5_credential);
+ krb5_uuid
+ = trash_credential_uuid (krb5_credential);
+ krb5_credential_available
+ = trash_credential_readable (krb5_credential);
+ }
+ else
+ {
+ credential_t found;
+
+ krb5_name = credential_name (krb5_credential);
+ krb5_uuid = credential_uuid (krb5_credential);
+ if (find_credential_with_permission (krb5_uuid,
+ &found,
+ "get_credentials"))
+ abort ();
+ krb5_credential_available = (found > 0);
+ }
+ }
+ else
+ {
+ krb5_name = NULL;
+ krb5_uuid = NULL;
+ }
+
port_list_uuid = target_iterator_port_list_uuid (&targets);
port_list_name = target_iterator_port_list_name (&targets);
port_list_trash = target_iterator_port_list_trash (&targets);
@@ -18153,6 +18206,18 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error)
SEND_TO_CLIENT_OR_FAIL ("");
SENDF_TO_CLIENT_OR_FAIL (""
+ ""
+ "%s"
+ "%i",
+ krb5_uuid ? krb5_uuid : "",
+ krb5_name ? krb5_name : "",
+ (get_targets_data->get.trash
+ && target_iterator_krb5_trash (&targets)));
+
+ if (krb5_credential_available == 0)
+ SEND_TO_CLIENT_OR_FAIL ("");
+
+ SENDF_TO_CLIENT_OR_FAIL (""
""
"%s"
""
@@ -18210,6 +18275,8 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error)
free (esxi_uuid);
free (ssh_elevate_name);
free (ssh_elevate_uuid);
+ free (krb5_name);
+ free (krb5_uuid);
}
cleanup_iterator (&targets);
filtered = get_targets_data->get.id
@@ -22958,6 +23025,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
credential_t ssh_credential = 0, ssh_elevate_credential = 0;
credential_t smb_credential = 0;
credential_t esxi_credential = 0, snmp_credential = 0;
+ credential_t krb5_credential = 0;
target_t new_target;
if (create_target_data->copy)
@@ -23026,6 +23094,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
(XML_ERROR_SYNTAX ("create_target",
"Hosts must be at least one"
" character long"));
+ else if (create_target_data->smb_credential_id
+ && create_target_data->krb5_credential_id)
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_target",
+ "Targets cannot have both an SMB and"
+ " Kerberos 5 credential"));
else if (create_target_data->ssh_credential_id
&& find_credential_with_permission
(create_target_data->ssh_credential_id,
@@ -23134,6 +23208,25 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
return;
}
}
+ else if (create_target_data->krb5_credential_id
+ && find_credential_with_permission
+ (create_target_data->krb5_credential_id,
+ &krb5_credential,
+ "get_credentials"))
+ SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_target"));
+ else if (create_target_data->krb5_credential_id
+ && krb5_credential == 0)
+ {
+ if (send_find_error_to_client
+ ("create_target", "Credential",
+ create_target_data->krb5_credential_id,
+ gmp_parser))
+ {
+ error_send_to_client (error);
+ return;
+ }
+ }
+
/* Create target from host string. */
else switch (create_target
(create_target_data->name,
@@ -23151,6 +23244,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
smb_credential,
esxi_credential,
snmp_credential,
+ krb5_credential,
create_target_data->reverse_lookup_only,
create_target_data->reverse_lookup_unify,
create_target_data->alive_tests,
@@ -23260,6 +23354,13 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
" different from the SSH credential"));
log_event_fail ("target", "Target", NULL, "created");
break;
+ case 16:
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("create_target",
+ "Kerberos 5 credential must be of type"
+ " 'krb5'"));
+ log_event_fail ("target", "Target", NULL, "created");
+ break;
case 99:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_target",
@@ -23299,6 +23400,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
CLOSE (CLIENT_CREATE_TARGET, NAME);
CLOSE (CLIENT_CREATE_TARGET, PORT_LIST);
CLOSE (CLIENT_CREATE_TARGET, PORT_RANGE);
+ CLOSE (CLIENT_CREATE_TARGET, KRB5_CREDENTIAL);
CLOSE (CLIENT_CREATE_TARGET, SSH_CREDENTIAL);
CLOSE (CLIENT_CREATE_TARGET, SSH_LSC_CREDENTIAL);
CLOSE (CLIENT_CREATE_TARGET, SSH_ELEVATE_CREDENTIAL);
@@ -25758,6 +25860,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
? modify_target_data->esxi_credential_id
: modify_target_data->esxi_lsc_credential_id,
modify_target_data->snmp_credential_id,
+ modify_target_data->krb5_credential_id,
modify_target_data->reverse_lookup_only,
modify_target_data->reverse_lookup_unify,
modify_target_data->alive_tests,
@@ -26007,6 +26110,35 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
log_event_fail ("target", "Target",
modify_target_data->target_id, "modified");
break;
+ case 26:
+ log_event_fail ("target", "Target",
+ modify_target_data->target_id,
+ "modified");
+ if (send_find_error_to_client
+ ("modify_target", "Credential",
+ modify_target_data->krb5_credential_id,
+ gmp_parser))
+ {
+ error_send_to_client (error);
+ return;
+ }
+ break;
+ case 27:
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("modify_target",
+ "Kerberos 5 credential must be of type"
+ " 'krb5'"));
+ log_event_fail ("target", "Target",
+ modify_target_data->target_id, "modified");
+ break;
+ case 28:
+ SEND_TO_CLIENT_OR_FAIL
+ (XML_ERROR_SYNTAX ("modify_target",
+ "Targets cannot have both an SMB and"
+ " Kerberos 5 credential"));
+ log_event_fail ("target", "Target",
+ modify_target_data->target_id, "modified");
+ break;
case 99:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_target",
@@ -26046,6 +26178,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
CLOSE (CLIENT_MODIFY_TARGET, HOSTS);
CLOSE (CLIENT_MODIFY_TARGET, NAME);
CLOSE (CLIENT_MODIFY_TARGET, PORT_LIST);
+ CLOSE (CLIENT_MODIFY_TARGET, KRB5_CREDENTIAL);
CLOSE (CLIENT_MODIFY_TARGET, SSH_CREDENTIAL);
CLOSE (CLIENT_MODIFY_TARGET, SSH_LSC_CREDENTIAL);
CLOSE (CLIENT_MODIFY_TARGET, SSH_ELEVATE_CREDENTIAL);
diff --git a/src/manage.c b/src/manage.c
index 1878928ba..72458dbb1 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -2396,6 +2396,61 @@ target_osp_snmp_credential (target_t target)
return NULL;
}
+/**
+ * @brief Get the Kerberos 5 credential of a target as an osp_credential_t
+ *
+ * @param[in] target The target to get the credential from.
+ *
+ * @return Pointer to a newly allocated osp_credential_t
+ */
+static osp_credential_t *
+target_osp_krb5_credential (target_t target)
+{
+ credential_t credential;
+ credential = target_credential (target, "krb5");
+ if (credential)
+ {
+ iterator_t iter;
+ osp_credential_t *osp_credential;
+
+ init_credential_iterator_one (&iter, credential);
+ if (!next (&iter))
+ {
+ g_warning ("%s: Kerberos 5 Credential not found.", __func__);
+ cleanup_iterator (&iter);
+ return NULL;
+ }
+ if (strcmp (credential_iterator_type (&iter), "krb5"))
+ {
+ g_warning ("%s: Kerberos 5 Credential not of type 'krb5'.",
+ __func__);
+ cleanup_iterator (&iter);
+ return NULL;
+ }
+
+ osp_credential = osp_credential_new ("up", "krb5", NULL);
+ osp_credential_set_auth_data (osp_credential,
+ "username",
+ credential_iterator_login (&iter)
+ ?: "");
+ osp_credential_set_auth_data (osp_credential,
+ "password",
+ credential_iterator_password (&iter)
+ ?: "");
+ osp_credential_set_auth_data (osp_credential,
+ "kdc",
+ credential_iterator_kdc (&iter)
+ ?: "");
+ osp_credential_set_auth_data (osp_credential,
+ "realm",
+ credential_iterator_realm (&iter)
+ ?: "");
+ cleanup_iterator (&iter);
+ return osp_credential;
+ }
+ return NULL;
+}
+
/**
* @brief Prepare a report for resuming an OSP scan
*
@@ -2571,7 +2626,7 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
GSList *osp_targets, *vts;
GHashTable *vts_hash_table;
osp_credential_t *ssh_credential, *smb_credential, *esxi_credential;
- osp_credential_t *snmp_credential;
+ osp_credential_t *snmp_credential, *krb5_credential;
gchar *max_checks, *max_hosts, *hosts_ordering;
GHashTable *scanner_options;
int ret, empty;
@@ -2663,6 +2718,10 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
if (snmp_credential)
osp_target_add_credential (osp_target, snmp_credential);
+ krb5_credential = target_osp_krb5_credential (target);
+ if (krb5_credential)
+ osp_target_add_credential (osp_target, krb5_credential);
+
/* Initialize vts table for vulnerability tests and their preferences */
vts = NULL;
vts_hash_table
diff --git a/src/manage.h b/src/manage.h
index b5e1711cc..b7d7a3cee 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1826,7 +1826,8 @@ find_target_with_permission (const char *, target_t *, const char *);
int
create_target (const char*, const char*, const char*, const char*, const char*,
const char *, const char*, credential_t, credential_t,
- const char *, credential_t, credential_t, credential_t,
+ const char *,
+ credential_t, credential_t, credential_t, credential_t,
const char *, const char *, const char *, const char *,
target_t*);
@@ -1837,7 +1838,7 @@ int
modify_target (const char*, const char*, const char*, const char*, const char*,
const char*, const char*, const char*, const char*, const char*,
const char*, const char*, const char*, const char*, const char*,
- const char*);
+ const char*, const char*);
int
delete_target (const char*, int);
@@ -1887,6 +1888,9 @@ target_iterator_snmp_credential (iterator_t*);
int
target_iterator_ssh_elevate_credential (iterator_t*);
+int
+target_iterator_krb5_credential (iterator_t*);
+
int
target_iterator_ssh_trash (iterator_t*);
@@ -1902,6 +1906,9 @@ target_iterator_snmp_trash (iterator_t*);
int
target_iterator_ssh_elevate_trash (iterator_t*);
+int
+target_iterator_krb5_trash (iterator_t*);
+
const char*
target_iterator_allow_simultaneous_ips (iterator_t*);
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 917cc1e5f..320a427ae 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -32663,6 +32663,8 @@ target_login_port (target_t target, const char* type)
* 10 invalid SMB credential type, 11 invalid ESXi credential type,
* 12 invalid SNMP credential type, 13 port range or port list required,
* 14 SSH elevate credential without an SSH credential,
+ * 15 elevate credential must be different from the SSH credential,
+ * 16 invalid Kerberos 5 credential type,
* 99 permission denied, -1 error.
*/
int
@@ -32673,6 +32675,7 @@ create_target (const char* name, const char* asset_hosts_filter,
credential_t ssh_elevate_credential,
const char* ssh_port, credential_t smb_credential,
credential_t esxi_credential, credential_t snmp_credential,
+ credential_t krb5_credential,
const char *reverse_lookup_only,
const char *reverse_lookup_unify, const char *alive_tests,
const char *allow_simultaneous_ips,
@@ -32937,6 +32940,23 @@ create_target (const char* name, const char* asset_hosts_filter,
new_target, snmp_credential, "0");
}
+ if (krb5_credential)
+ {
+ gchar *type = credential_type (krb5_credential);
+ if (strcmp (type, "krb5"))
+ {
+ sql_rollback ();
+ g_free (type);
+ return 16;
+ }
+ g_free (type);
+
+ sql ("INSERT INTO targets_login_data"
+ " (target, type, credential, port)"
+ " VALUES (%llu, 'krb5', %llu, %s);",
+ new_target, krb5_credential, "0");
+ }
+
sql_commit ();
return 0;
@@ -33134,6 +33154,7 @@ delete_target (const char *target_id, int ultimate)
* @param[in] smb_credential_id SMB credential.
* @param[in] esxi_credential_id ESXi credential.
* @param[in] snmp_credential_id SNMP credential.
+ * @param[in] krb5_credential_id Kerberos 5 credential.
* @param[in] reverse_lookup_only Scanner preference reverse_lookup_only.
* @param[in] reverse_lookup_unify Scanner preference reverse_lookup_unify.
* @param[in] alive_tests Alive tests.
@@ -33152,6 +33173,9 @@ delete_target (const char *target_id, int ultimate)
* 22 failed to find SSH elevate cred, 23 invalid SSH elevate
* credential type, 24 SSH elevate credential without SSH credential,
* 25 SSH elevate credential equals SSH credential,
+ * 26 failed to find Kerberos 5 credential,
+ * 27 invalid Kerberos 5 credential type,
+ * 28 cannot use both SMB and Kerberos 5 credential,
* 99 permission denied, -1 error.
*/
int
@@ -33161,6 +33185,7 @@ modify_target (const char *target_id, const char *name, const char *hosts,
const char *ssh_elevate_credential_id,
const char *ssh_port, const char *smb_credential_id,
const char *esxi_credential_id, const char* snmp_credential_id,
+ const char *krb5_credential_id,
const char *reverse_lookup_only,
const char *reverse_lookup_unify, const char *alive_tests,
const char *allow_simultaneous_ips)
@@ -33168,6 +33193,8 @@ modify_target (const char *target_id, const char *name, const char *hosts,
target_t target;
credential_t ssh_credential = 0;
credential_t ssh_elevate_credential = 0;
+ credential_t smb_credential;
+ credential_t krb5_credential;
assert (target_id);
@@ -33401,8 +33428,6 @@ modify_target (const char *target_id, const char *name, const char *hosts,
if (smb_credential_id)
{
- credential_t smb_credential;
-
if (target_in_use (target))
{
sql_rollback ();
@@ -33440,6 +33465,8 @@ modify_target (const char *target_id, const char *name, const char *hosts,
else
set_target_login_data (target, "smb", 0, 0);
}
+ else
+ smb_credential = target_smb_credential (target);
if (esxi_credential_id)
{
@@ -33544,6 +33571,55 @@ modify_target (const char *target_id, const char *name, const char *hosts,
}
}
+ if (krb5_credential_id)
+ {
+ if (target_in_use (target))
+ {
+ sql_rollback ();
+ return 15;
+ }
+
+ krb5_credential = 0;
+ if (strcmp (krb5_credential_id, "0"))
+ {
+ gchar *type;
+ if (find_credential_with_permission (krb5_credential_id,
+ &krb5_credential,
+ "get_credentials"))
+ {
+ sql_rollback ();
+ return -1;
+ }
+
+ if (krb5_credential == 0)
+ {
+ sql_rollback ();
+ return 26;
+ }
+
+ type = credential_type (krb5_credential);
+ if (strcmp (type, "krb5"))
+ {
+ sql_rollback ();
+ g_free (type);
+ return 27;
+ }
+ g_free (type);
+
+ set_target_login_data (target, "krb5", krb5_credential, 0);
+ }
+ else
+ set_target_login_data (target, "krb5", 0, 0);
+ }
+ else
+ krb5_credential = target_krb5_credential (target);
+
+ if (smb_credential && krb5_credential)
+ {
+ sql_rollback ();
+ return 28;
+ }
+
if (exclude_hosts)
{
gchar *quoted_exclude_hosts, *quoted_hosts, *clean, *clean_exclude;
@@ -33707,6 +33783,12 @@ modify_target (const char *target_id, const char *name, const char *hosts,
NULL, \
KEYWORD_TYPE_INTEGER }, \
{ "0", NULL, KEYWORD_TYPE_INTEGER }, \
+ { "(SELECT credential FROM targets_login_data" \
+ " WHERE target = targets.id" \
+ " AND type = CAST ('krb5' AS text))", \
+ NULL, \
+ KEYWORD_TYPE_INTEGER }, \
+ { "0", NULL, KEYWORD_TYPE_INTEGER }, \
{ "allow_simultaneous_ips", \
NULL, \
KEYWORD_TYPE_INTEGER }, \
@@ -33755,6 +33837,15 @@ modify_target (const char *target_id, const char *name, const char *hosts,
"ssh_elevate_credential", \
KEYWORD_TYPE_STRING \
}, \
+ { \
+ "(SELECT name FROM credentials" \
+ " WHERE credentials.id" \
+ " = (SELECT credential FROM targets_login_data" \
+ " WHERE target = targets.id" \
+ " AND type = CAST ('krb5' AS text)))", \
+ "krb5_credential", \
+ KEYWORD_TYPE_STRING \
+ }, \
{ "hosts", NULL, KEYWORD_TYPE_STRING }, \
{ "max_hosts (hosts, exclude_hosts)", \
"ips", \
@@ -33832,6 +33923,12 @@ modify_target (const char *target_id, const char *name, const char *hosts,
{ "trash_target_credential_location (id, CAST ('elevate' AS text))", \
NULL, \
KEYWORD_TYPE_INTEGER }, \
+ { "target_credential (id, 1, CAST ('krb5' AS text))", \
+ NULL, \
+ KEYWORD_TYPE_INTEGER }, \
+ { "trash_target_credential_location (id, CAST ('krb5' AS text))", \
+ NULL, \
+ KEYWORD_TYPE_INTEGER }, \
{ "allow_simultaneous_ips", \
NULL, \
KEYWORD_TYPE_INTEGER }, \
@@ -34186,6 +34283,38 @@ target_iterator_ssh_elevate_trash (iterator_t* iterator)
return ret;
}
+/**
+ * @brief Get the Kerberos 5 LSC credential from a target iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return Kerberos 5 LSC credential.
+ */
+int
+target_iterator_krb5_credential (iterator_t* iterator)
+{
+ int ret;
+ if (iterator->done) return -1;
+ ret = iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 20);
+ return ret;
+}
+
+/**
+ * @brief Get the Kerberos 5 LSC credential location from a target iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return Kerberos 5 LSC credential.
+ */
+int
+target_iterator_krb5_trash (iterator_t* iterator)
+{
+ int ret;
+ if (iterator->done) return -1;
+ ret = iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 21);
+ return ret;
+}
+
/**
* @brief Get the allow_simultaneous_ips value from a target iterator.
*
@@ -34194,7 +34323,7 @@ target_iterator_ssh_elevate_trash (iterator_t* iterator)
* @return allow_simult_ips_same_host or NULL if iteration is complete.
*/
DEF_ACCESS (target_iterator_allow_simultaneous_ips,
- GET_ITERATOR_COLUMN_COUNT + 20);
+ GET_ITERATOR_COLUMN_COUNT + 22);
/**
* @brief Return the UUID of a tag.
@@ -34457,6 +34586,19 @@ target_ssh_elevate_credential (target_t target)
return target_credential (target, "elevate");
}
+/**
+ * @brief Return the Kerberos 5 credential associated with a target, if any.
+ *
+ * @param[in] target Target.
+ *
+ * @return Kerberos 5 credential if any, else 0.
+ */
+credential_t
+target_krb5_credential (target_t target)
+{
+ return target_credential (target, "krb5");
+}
+
/**
* @brief Return the port list associated with a target, if any.
*
diff --git a/src/manage_sql.h b/src/manage_sql.h
index d24868e61..c7181ac4a 100644
--- a/src/manage_sql.h
+++ b/src/manage_sql.h
@@ -353,6 +353,7 @@ credential_t target_ssh_credential (target_t);
credential_t target_smb_credential (target_t);
credential_t target_esxi_credential (target_t);
credential_t target_ssh_elevate_credential (target_t);
+credential_t target_krb5_credential (target_t);
int create_current_report (task_t, char **, task_status_t);
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 4f25be9fe..7b2bfc493 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -5698,7 +5698,12 @@ END:VCALENDAR
exclude_hosts
ssh_credential
ssh_elevate_credential
- smb_credential
+
+
+ krb5_credential
+ smb_credential
+
+
esxi_credential
snmp_credential
ssh_lsc_credential
@@ -5788,6 +5793,17 @@ END:VCALENDAR
+
+ krb5_credential
+ Kerberos 5 login credentials for target
+
+
+ id
+ uuid
+ 1
+
+
+
smb_credential
SMB login credentials for target
@@ -21835,6 +21851,7 @@ END:VCALENDAR
ssh_credential
smb_credential
esxi_credential
+ krb5_credential
snmp_credential
ssh_elevate_credential
permissions
@@ -21998,7 +22015,7 @@ END:VCALENDAR
permissions
- Permissions the user has on the task
+ Permissions the user has on the credential
@@ -22034,7 +22051,7 @@ END:VCALENDAR
permissions
- Permissions the user has on the task
+ Permissions the user has on the credential
@@ -22065,7 +22082,38 @@ END:VCALENDAR
permissions
- Permissions the user has on the task
+ Permissions the user has on the credential
+
+
+
+ trash
+ Whether the LSC credential is in the trashcan
+ boolean
+
+
+
+ krb5_credential
+
+
+ id
+
+ A UUID if there is a credential, otherwise the empty string
+
+ uuid_or_empty
+ 1
+
+ name
+ permissions
+ trash
+
+
+ name
+ The name of the Kerberos 5 LSC credential
+ name
+
+
+ permissions
+ Permissions the user has on the credential
@@ -22130,7 +22178,7 @@ END:VCALENDAR
permissions
- Permissions the user has on the task
+ Permissions the user has on the credential
@@ -22163,7 +22211,7 @@ END:VCALENDAR
permissions
- Permissions the user has on the task
+ Permissions the user has on the port_list
@@ -23005,7 +23053,7 @@ END:VCALENDAR
permissions
- Permissions the user has on the task
+ Permissions the user has on the scanner
@@ -28148,7 +28196,12 @@ END:VCALENDAR
exclude_hosts
ssh_credential
ssh_elevate_credential
- smb_credential
+
+
+ krb5_credential
+ smb_credential
+
+
esxi_credential
snmp_credential
ssh_lsc_credential
@@ -28220,6 +28273,17 @@ END:VCALENDAR
+
+ krb5_credential
+ Kerberos 5 login credentials for target
+
+
+ id
+ uuid
+ 1
+
+
+
esxi_credential
ESXi credential to use on target