From c50b9c8ff1b3fa8448157d6fad8cf1ad5d8ef65a Mon Sep 17 00:00:00 2001 From: Philipp Eder Date: Wed, 11 Dec 2024 09:55:28 +0000 Subject: [PATCH] Fix: Document nasl functions --- .../host-functions/ip_reverse_lookup.md | 19 ++++++ .../krb5/krb5_error_code_to_string.md | 38 +++++++++++ .../built-in-functions/krb5/krb5_find_kdc.md | 33 ++++++++++ .../built-in-functions/krb5/krb5_gss_init.md | 33 ++++++++++ .../krb5/krb5_gss_prepare_context.md | 46 ++++++++++++++ .../krb5/krb5_gss_session_key.md | 41 ++++++++++++ .../krb5/krb5_gss_update_context.md | 63 +++++++++++++++++++ .../krb5_gss_update_context_needs_more.md | 43 +++++++++++++ .../krb5/krb5_gss_update_context_out.md | 46 ++++++++++++++ .../krb5/krb5_is_failure.md | 32 ++++++++++ .../krb5/krb5_is_success.md | 32 ++++++++++ nasl/nasl_host.c | 5 ++ 12 files changed, 431 insertions(+) create mode 100644 doc/manual/nasl/built-in-functions/host-functions/ip_reverse_lookup.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_error_code_to_string.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_find_kdc.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_gss_init.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_gss_prepare_context.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_gss_session_key.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_needs_more.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_out.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_is_failure.md create mode 100644 doc/manual/nasl/built-in-functions/krb5/krb5_is_success.md diff --git a/doc/manual/nasl/built-in-functions/host-functions/ip_reverse_lookup.md b/doc/manual/nasl/built-in-functions/host-functions/ip_reverse_lookup.md new file mode 100644 index 000000000..8721f0b5b --- /dev/null +++ b/doc/manual/nasl/built-in-functions/host-functions/ip_reverse_lookup.md @@ -0,0 +1,19 @@ +# ip_reverse_lookup + +## NAME + +**ip_reverse_lookup** - gets the host name of the either the given IP address or the current target + +## SYNOPSIS + +*string* **ip_reverse_lookup**( *string* ); + +Takes an optional *string* parameter, which is the IP address to look up. If no parameter is given, the IP address of the current target is used. + +## DESCRIPTION + +This function uses the `gethostbyaddr` function to get the host name of the given IP address. If no IP address is given, the IP address of the current target is used. + +## RETURN VALUE + +Return the found host name or NULL if the host name could not be retrieved. diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_error_code_to_string.md b/doc/manual/nasl/built-in-functions/krb5/krb5_error_code_to_string.md new file mode 100644 index 000000000..4a7e65257 --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_error_code_to_string.md @@ -0,0 +1,38 @@ +# krb5_error_code_to_string + +## NAME + +**krb5_error_code_to_string** - Returns a string representation of either the given code or the cached code. + +## SYNOPSIS + +*str* **krb5_error_code_to_string**(int); + + +## DESCRIPTION + +Returns a string representation of either the given code or the cached code. + +The cached code reflects the error code of the last krb5 function call. + + +## RETURN VALUE + +Returns a human readable version of the result code. + +## EXAMPLES + +```nasl +login = string( get_kb_item( "KRB5/login_filled/0" ) ); +password = string( get_kb_item( "KRB5/password_filled/0" ) ); +realm = string( get_kb_item( "KRB5/realm_filled/0" ) ); +kdc = string( get_kb_item( "KRB5/kdc_filled/0" ) ); +host = ip_reverse_lookup(); # must be a domain name. + +result = krb5_gss_prepare_context(realm: realm, kdc: kdc, host: host, service: 'cifs', user: login, password: passwod); +if (krb5_is_failure(result)) { + display(krb5_error_code_to_string(result)); +} +display(krb5_error_code_to_string()); +``` + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_find_kdc.md b/doc/manual/nasl/built-in-functions/krb5/krb5_find_kdc.md new file mode 100644 index 000000000..74da9d45a --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_find_kdc.md @@ -0,0 +1,33 @@ +# krb5_find_kdc + +## NAME + +**krb5_find_kdc** - Find the KDC for a given realm + +## SYNOPSIS + +*string* **krb5_find_kdc**(realm: *string*); + +**insstr** takes named argument `realm`. + +## DESCRIPTION + +This function opens the krb5.conf file (located either by environment variable KRB5_CONFIG or /etc/ktrb5.conf) and looks for an kdc entry for the given realm. + + +## RETURN VALUE + +The found KDC or *NULL* if the KDC could not be found. + +## ERRORS + +Returns *NULL* if the realm is not found or the krb5.conf file could not be opened. + +## EXAMPLES + +```c# +kdc = insstr(realm: 'EXAMPLE.COM'); +display(kdc); +``` + + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_gss_init.md b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_init.md new file mode 100644 index 000000000..43f896281 --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_init.md @@ -0,0 +1,33 @@ +# krb5_gss_init + +## NAME + +**krb5_gss_init** - initialize the krb5 GSS-API library + +## SYNOPSIS + +*int* **krb5_gss_init**(); + +**krb5_gss_init** takes no arguments. + +## DESCRIPTION + +Initializes the krb5 GSS-API library. This function can be ommited when gss_prepare_context is called. + +When there is an already initialized context it will be destroyed and a new one will be created. + +## RETURN VALUE + +Returns 0 on success otherwise it is an failure. + + +## EXAMPLES + +```c# +result = krb5_gss_init(); +if (krb5_is_failure(result)) { + exit(42); +} +``` + + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_gss_prepare_context.md b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_prepare_context.md new file mode 100644 index 000000000..4aba85448 --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_prepare_context.md @@ -0,0 +1,46 @@ +# krb5_gss_prepare_context + +## NAME + +**krb5_gss_prepare_context** - Creates tne initial ticket request for the krb5 GSS-API library and prepares the context for further use. + +## SYNOPSIS + +*int* **krb5_gss_prepare_context**(config_patn: str, realm: str, kdc: str, host: str, service: str, user: str, password: str); + +The config_path argument is optional and can be omitted. When it is not set it tries to read it from the `KRB5_CONFIG` environment variables and falls back to `/etc/krb5.conf`. The other arguments are required. + +- realm - The realm of the domain. +- kdc - The KDC server to use. Can be a comma separated list of servers. The first server in the list is the primary server. +- host - The host to use for the ticket request. Usually the host where the service is running. +- service - The service to request the ticket for. +- user - The user to request the ticket for. +- password - The password of the user. + +## DESCRIPTION + +When krb5_gss_prepare_context is called it creates the initial ticket request for the krb5 GSS-API library and prepares the context for further use. + +It can be used directly without calling krb5_gss_init first. + + +## RETURN VALUE + +Returns 0 on success otherwise it is an failure. + + +## EXAMPLES + +```c# +login = string( get_kb_item( "KRB5/login_filled/0" ) ); +password = string( get_kb_item( "KRB5/password_filled/0" ) ); +realm = string( get_kb_item( "KRB5/realm_filled/0" ) ); +kdc = string( get_kb_item( "KRB5/kdc_filled/0" ) ); +host = ip_reverse_lookup(); # must be a domain name. + +result = krb5_gss_prepare_context(realm: realm, kdc: kdc, host: host, service: 'cifs', user: login, password: passwod); +if (krb5_is_failure(result)) { + exit(42); +} +``` + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_gss_session_key.md b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_session_key.md new file mode 100644 index 000000000..b6fa7275a --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_session_key.md @@ -0,0 +1,41 @@ +# krb5_gss_session_key + +## NAME + +**krb5_gss_session_key** - Returns the session key or NULL if none was found. + +## SYNOPSIS + +*str* **krb5_gss_update_context_session_key**(); + + +## DESCRIPTION + +Returns the session key found within the context when the last `krb5_gss_update_context` was called. If no session key was found, NULL is returned. + + +## RETURN VALUE + +Returns the session key or NULL if none was found. + +## EXAMPLES + +```nasl +login = string( get_kb_item( "KRB5/login_filled/0" ) ); +password = string( get_kb_item( "KRB5/password_filled/0" ) ); +realm = string( get_kb_item( "KRB5/realm_filled/0" ) ); +kdc = string( get_kb_item( "KRB5/kdc_filled/0" ) ); +host = ip_reverse_lookup(); # must be a domain name. + +result = krb5_gss_prepare_context(realm: realm, kdc: kdc, host: host, service: 'cifs', user: login, password: passwod); +if (krb5_is_failure(result)) { + exit(42); +} +if (krb5_is_failure(krb5_gss_update_context())) { + exit(42); +} +if (krb5_update_context_needs_more()) { + session_key = krb5_gss_session_key(); +} +``` + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context.md b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context.md new file mode 100644 index 000000000..deaf0bba1 --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context.md @@ -0,0 +1,63 @@ +# krb5_gss_update_context + +## NAME + +**krb5_gss_update_context** - Updates the context with the provided data and caches the output for the application. + +## SYNOPSIS + +*int* **krb5_gss_update_context**(str); + +Has an optional positional argument that contains the byte arrary to send to the KDC. + +## DESCRIPTION + +Initializes the security context with the provided data and caches the output for the application. + +When the service is `cifs` the first call of `krb5_gss_update_context` must be without data. + +As this method returns an error code the caller must get the data for the application via `krb5_gss_update_context_out()`. + +To verify if the process requires further step the caller must call `krb5_gss_update_context_needs_more()`. + + +## RETURN VALUE + +Returns 0 on success otherwise it is an failure. + + +## EXAMPLES + +```nasl +login = string( get_kb_item( "KRB5/login_filled/0" ) ); +password = string( get_kb_item( "KRB5/password_filled/0" ) ); +realm = string( get_kb_item( "KRB5/realm_filled/0" ) ); +kdc = string( get_kb_item( "KRB5/kdc_filled/0" ) ); +host = ip_reverse_lookup(); # must be a domain name. + +result = krb5_gss_prepare_context(realm: realm, kdc: kdc, host: host, service: 'cifs', user: login, password: passwod); +if (krb5_is_failure(result)) { + exit(42); +} +result = krb5_gss_update_context(); +if (krb5_is_failure(result)) { + exit(42); +} +while (krb5_gss_update_context_needs_more()) { + out = krb5_gss_update_context_out(); + soc = open_sock_tcp( 445 ); + if( ! soc ) { + exit(42); + } + send(socket:soc, data:out); + rec = recv(socket: sock); + if (!rec) { + exit(42); + } + result = krb5_gss_update_context(rec); + if (krb5_is_failure(result)) { + exit(42); + } +} +``` + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_needs_more.md b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_needs_more.md new file mode 100644 index 000000000..0af292599 --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_needs_more.md @@ -0,0 +1,43 @@ +# krb5_gss_update_context_needs_more + +## NAME + +**krb5_gss_update_context_needs_more** - Returns true when the previous `krb5_gss_update_context` requires further information/calls. + +## SYNOPSIS + +*int* **krb5_gss_update_context_needs_more**(); + +Returns 1 if the previous `krb5_gss_update_context` requires further information/calls, 0 otherwise. + +## DESCRIPTION + +This method is used to verify if the previous `krb5_gss_update_context` requires further information/calls. + +## RETURN VALUE + + +Returns 1 if the previous `krb5_gss_update_context` requires further information/calls, 0 otherwise. + +## EXAMPLES + +```nasl +login = string( get_kb_item( "KRB5/login_filled/0" ) ); +password = string( get_kb_item( "KRB5/password_filled/0" ) ); +realm = string( get_kb_item( "KRB5/realm_filled/0" ) ); +kdc = string( get_kb_item( "KRB5/kdc_filled/0" ) ); +host = ip_reverse_lookup(); # must be a domain name. + +result = krb5_gss_prepare_context(realm: realm, kdc: kdc, host: host, service: 'cifs', user: login, password: passwod); +if (krb5_is_failure(result)) { + exit(42); +} +result = krb5_gss_update_context(); +if (krb5_is_failure(result)) { + exit(42); +} +if (krb5_gss_update_context_needs_more()) { + exit(0); +} +``` + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_out.md b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_out.md new file mode 100644 index 000000000..ca6e471be --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_gss_update_context_out.md @@ -0,0 +1,46 @@ +# krb5_gss_update_context_out + +## NAME + +**krb5_gss_update_context_out** - Returns the data for the application to send to the service. + +## SYNOPSIS + +*str* **krb5_gss_update_context_out**(); + + +## DESCRIPTION + +This function is used to get the data that the application should send to the service. + +It should be called after `krb5_gss_update_context` to may get data that should be sent to the service. + +The caller must check if the result is not NULL before using it. + +## RETURN VALUE + +Returns the data that should be sent to the service or NULL if there is no data to send. + +## EXAMPLES + +```nasl +login = string( get_kb_item( "KRB5/login_filled/0" ) ); +password = string( get_kb_item( "KRB5/password_filled/0" ) ); +realm = string( get_kb_item( "KRB5/realm_filled/0" ) ); +kdc = string( get_kb_item( "KRB5/kdc_filled/0" ) ); +host = ip_reverse_lookup(); # must be a domain name. + +result = krb5_gss_prepare_context(realm: realm, kdc: kdc, host: host, service: 'cifs', user: login, password: passwod); +if (krb5_is_failure(result)) { + exit(42); +} +result = krb5_gss_update_context(); +if ((out = krb5_gss_update_context_out())) { + soc = open_sock_tcp( 445 ); + if( ! soc ) { + exit(42); + } + send(socket:soc, data:out); +} +``` + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_is_failure.md b/doc/manual/nasl/built-in-functions/krb5/krb5_is_failure.md new file mode 100644 index 000000000..ebb2aed1c --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_is_failure.md @@ -0,0 +1,32 @@ +# krb5_is_failure + +## NAME + +**krb5_is_failure** - Returns 1 if the last stored krb5 or given result code is a failure, 0 otherwise. + +## SYNOPSIS + +*int* **krb5_is_failure**(0: *int*); + +**krb5_is_failure** takes an optional positional argument. + +## DESCRIPTION + +Checks if given result code or cached result code is a failure. If no result code is given, the last cached result code is used. + +The cached result code reflects the error code of the last krb5 function call. + + +## RETURN VALUE + +Returns 1 if the result code is a failure, 0 otherwise. + + +## EXAMPLES + +```c# +failure = krb5_is_failure(); +display(failure); +``` + + diff --git a/doc/manual/nasl/built-in-functions/krb5/krb5_is_success.md b/doc/manual/nasl/built-in-functions/krb5/krb5_is_success.md new file mode 100644 index 000000000..2648b18c4 --- /dev/null +++ b/doc/manual/nasl/built-in-functions/krb5/krb5_is_success.md @@ -0,0 +1,32 @@ +# krb5_is_success + +## NAME + +**krb5_is_success** - Returns 1 if the last stored krb5 or given result code is a success, 0 otherwise. + +## SYNOPSIS + +*int* **krb5_is_success**(0: *int*); + +**krb5_is_success** takes an optional positional argument. + +## DESCRIPTION + +Checks if given result code or cached result code is a success. If no result code is given, the last cached result code is used. + +The cached result code reflects the error code of the last krb5 function call. + + +## RETURN VALUE + +Returns 1 if the result code is a success, 0 otherwise. + + +## EXAMPLES + +```c# +success = krb5_is_success(); +display(success); +``` + + diff --git a/nasl/nasl_host.c b/nasl/nasl_host.c index 381621d8a..94c551f7e 100644 --- a/nasl/nasl_host.c +++ b/nasl/nasl_host.c @@ -235,6 +235,11 @@ get_host_open_port (lex_ctxt *lexic) return retc; } +/** + * @brief implements ip_reverse_lookup + * + */ + tree_cell * host_reverse_lookup (lex_ctxt *lexic) {