Merge pull request #1539 from jhelmold/extend_gmp_for_escalation_cred…

…ential Include new ssh elevate credential login data in OSP request
greenbone · Jun 2, 2021 · 775878c · 775878c
2 parents d7990db + c9e5d28
commit 775878c
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,7 +8,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Added
 - Add a new modification_time column to reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519)
-- Extend GMP for new privilege escalation credential[#1535](https://github.com/greenbone/gvmd/pull/1535)
+- Extend GMP for new privilege escalation credential [#1535](https://github.com/greenbone/gvmd/pull/1535)
+- Include new ssh elevate (escalation) credential in OSP request [#1539](https://github.com/greenbone/gvmd/pull/1539)
 
 ### Changed
 - Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453)

diff --git a/src/manage.c b/src/manage.c
@@ -2077,16 +2077,19 @@ launch_osp_task (task_t task, target_t target, const char *scan_id,
 static osp_credential_t *
 target_osp_ssh_credential (target_t target)
 {
-  credential_t credential;
+  credential_t credential, ssh_elevate_credential;
   credential = target_ssh_credential (target);
+  ssh_elevate_credential = target_ssh_elevate_credential (target);
+
   if (credential)
     {
-      iterator_t iter;
+      iterator_t iter, ssh_elevate_iter;
       const char *type;
       char *ssh_port;
       osp_credential_t *osp_credential;
 
       init_credential_iterator_one (&iter, credential);
+
       if (!next (&iter))
         {
           g_warning ("%s: SSH Credential not found.", __func__);
@@ -2111,6 +2114,7 @@ target_osp_ssh_credential (target_t target)
       osp_credential_set_auth_data (osp_credential,
                                     "password",
                                     credential_iterator_password (&iter));
+
       if (strcmp (type, "usk") == 0)
         {
           const char *private_key = credential_iterator_private_key (&iter);
@@ -2119,8 +2123,40 @@ target_osp_ssh_credential (target_t target)
           osp_credential_set_auth_data (osp_credential,
                                         "private", base64);
           g_free (base64);
+        }
+
+      if(ssh_elevate_credential)
+        {
+          const char *elevate_type;
 
+          init_credential_iterator_one (&ssh_elevate_iter,
+                                        ssh_elevate_credential);
+          if (!next (&ssh_elevate_iter))
+            {
+              g_warning ("%s: SSH Elevate Credential not found.", __func__);
+              cleanup_iterator (&ssh_elevate_iter);
+              osp_credential_free(osp_credential);
+              return NULL;
+            }
+          elevate_type = credential_iterator_type (&ssh_elevate_iter);
+          if (strcmp (elevate_type, "up"))
+            {
+              g_warning ("%s: SSH Elevate Credential not of type up", __func__);
+              cleanup_iterator (&ssh_elevate_iter);
+              osp_credential_free(osp_credential);
+              return NULL;
+            }
+          osp_credential_set_auth_data (osp_credential,
+                                        "priv_username",
+                                        credential_iterator_login
+                                          (&ssh_elevate_iter));
+          osp_credential_set_auth_data (osp_credential,
+                                        "priv_password",
+                                        credential_iterator_password
+                                          (&ssh_elevate_iter));
+          cleanup_iterator (&ssh_elevate_iter);
         }
+
       cleanup_iterator (&iter);
       return osp_credential;
     }