Add: find or add realm, fixes error code handling

When creating the credentials nasl_krb5 checks if the provided realm is configured within the provided krb5.conf. If not it adds the provided kdc to the realm within krb5.conf. Additionally this commit fixes the error handling by first setting msg_ctx to 0.
greenbone · Dec 17, 2024 · 7dca969 · 7dca969
1 parent 0a85c1d
commit 7dca969
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 9 deletions.
diff --git a/misc/openvas-krb5.c b/misc/openvas-krb5.c
@@ -1,6 +1,5 @@
 #include "openvas-krb5.h"
 
-#include <assert.h>
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_krb5.h>
 #include <krb5/krb5.h>
@@ -78,7 +77,7 @@ o_krb5_find_kdc (const OKrb5Credential *creds, char **kdc)
   // we don't know if we should free it or just override it.
   // aborting instead.
   GUARD_NULL (*kdc, result);
-  if ((file = fopen ((char *) &creds->config_path.data, "r")) == NULL)
+  if ((file = fopen ((char *) creds->config_path.data, "r")) == NULL)
     {
       result = O_KRB5_CONF_NOT_FOUND;
       goto result;
@@ -762,7 +761,6 @@ o_krb5_gss_update_context (struct OKrb5GSSContext *gss_context,
   *out_data = malloc (sizeof (struct OKrb5Slice));
   (*out_data)->data = calloc (1, out_buf.length);
   memcpy ((*out_data)->data, out_buf.value, out_buf.length);
-  printf ("out_buf.length: %lu\n", out_buf.length);
   (*out_data)->len = out_buf.length;
 
   gss_release_buffer (&min_stat, &out_buf);
@@ -849,7 +847,7 @@ okrb5_error_code_to_string (const OKrb5ErrorCode code)
           int maj_stat = code - O_KRB5_ERROR;
           OM_uint32 min_stat;
           gss_buffer_desc msg;
-          OM_uint32 msg_ctx;
+          OM_uint32 msg_ctx = 0;
 
           (void) gss_display_status (&min_stat, maj_stat, GSS_C_GSS_CODE,
                                      GSS_C_NULL_OID, &msg_ctx, &msg);

diff --git a/nasl/nasl_krb5.c b/nasl/nasl_krb5.c
@@ -10,10 +10,17 @@
 
 #include <stdio.h>
 // TODO: add string function for result
-#define nasl_print_krb_error(lexic, credential, result)                      \
-  nasl_perror (lexic, "%s[config_path: '%s' realm: '%s' user: '%s'] => %d",  \
-               __func__, credential.config_path.data, credential.realm.data, \
-               credential.user.user.data, result);
+#define nasl_print_krb_error(lexic, credential, result)                       \
+  do                                                                          \
+    {                                                                         \
+      char *error_str = okrb5_error_code_to_string (result);                  \
+      nasl_perror (lexic,                                                     \
+                   "%s[config_path: '%s' realm: '%s' user: '%s'] => %s (%d)", \
+                   __func__, credential.config_path.data,                     \
+                   credential.realm.data, credential.user.user.data, result); \
+      free (error_str);                                                       \
+    }                                                                         \
+  while (0)
 
 OKrb5ErrorCode last_okrb5_result;
 
@@ -44,6 +51,9 @@ static OKrb5Credential
 build_krb5_credential (lex_ctxt *lexic)
 {
   OKrb5Credential credential;
+  OKrb5ErrorCode code;
+
+  char *kdc = NULL;
   memset (&credential, 0, sizeof (OKrb5Credential));
 
   set_slice_from_lex_or_env (lexic, credential.config_path, "config_path",
@@ -56,6 +66,7 @@ build_krb5_credential (lex_ctxt *lexic)
 
   perror_set_slice_from_lex_or_env (lexic, credential.realm, "realm",
                                     "KRB5_REALM");
+  perror_set_slice_from_lex_or_env (lexic, credential.kdc, "kdc", "KRB5_KDC");
   perror_set_slice_from_lex_or_env (lexic, credential.user.user, "user",
                                     "KRB5_USER");
   perror_set_slice_from_lex_or_env (lexic, credential.user.password, "password",
@@ -64,6 +75,25 @@ build_krb5_credential (lex_ctxt *lexic)
                                     "KRB5_TARGET_HOST");
   // set_slice_from_lex_or_env (lexic, credential.target.service, "service",
   // "KRB5_TARGET_SERVICE");
+
+  if ((code = o_krb5_find_kdc (&credential, &kdc)))
+    {
+      if (code != O_KRB5_REALM_NOT_FOUND)
+        {
+          nasl_print_krb_error (lexic, credential, code);
+        }
+      else
+        {
+          if ((code = o_krb5_add_realm (&credential, credential.kdc.data)))
+            {
+              nasl_print_krb_error (lexic, credential, code);
+            }
+        }
+    }
+  else
+    {
+      free (kdc);
+    }
   if (credential.target.service.len == 0)
     {
       okrb5_set_slice_from_str (credential.target.service, "cifs");
@@ -301,7 +331,11 @@ nasl_okrb5_gss_update_context_out (lex_ctxt *lexic)
     {
       return FAKE_CELL;
     }
-  return okrb5_slice_to_tree_cell (to_application);
+  tree_cell *out = okrb5_slice_to_tree_cell (to_application);
+  // we need to prevent accidental free it as it is freed when the tree_cell is
+  // cleaned up
+  to_application = NULL;
+  return out;
 }
 
 tree_cell *