Merge branch 'main' into builtin-notus

Author: Kraemii

CMakeLists.txt

@@ -8,7 +8,7 @@ message ("-- Configuring the Scanner...")
 
 # VERSION: Always include major, minor and patch level.
 project (openvas
-  VERSION 23.40.4
+  VERSION 23.41.2
   LANGUAGES C)
 
 if (POLICY CMP0005)

charts/openvasd/Chart.yaml

@@ -21,4 +21,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "23.40.4"
+appVersion: "23.41.2"

misc/openvas-krb5.c

@@ -413,13 +413,14 @@ okrb5_gss_free_context (struct OKrb5GSSContext *context)
         }
       if (context->gss_ctx != GSS_C_NO_CONTEXT)
         {
-          gss_delete_sec_context (&min_stat, &context->gss_ctx, GSS_C_NO_BUFFER);
+          gss_delete_sec_context (&min_stat, &context->gss_ctx,
+                                  GSS_C_NO_BUFFER);
         }
       if (context->gss_target != GSS_C_NO_NAME)
         {
           gss_release_name (&min_stat, &context->gss_target);
         }
-      if (context->gss_mech != NULL)
+      if (context->gss_mech != NULL && context->gss_mech != gss_mech_spnego)
         {
           gss_release_oid (&min_stat, &context->gss_mech);
         }
@@ -482,7 +483,7 @@ o_krb5_gss_prepare_context (const OKrb5Credential *creds,
                (char *) target->host_name.data, (char *) creds->realm.data);
     }
 
-  targetbuf = (gss_buffer_desc){
+  targetbuf = (gss_buffer_desc) {
     .value = target_principal_str,
     .length = strlen (target_principal_str),
   };

nasl/exec.c

@@ -15,6 +15,7 @@
 #include "nasl_func.h"
 #include "nasl_global_ctxt.h"
 #include "nasl_init.h"
+#include "nasl_krb5.h" /* for nasl_okrb5_clean */
 #include "nasl_lex_ctxt.h"
 #include "nasl_tree.h"
 #include "nasl_var.h"
@@ -1706,7 +1707,7 @@ exec_nasl_script (struct script_infos *script_infos, int mode)
     }
   else if (!(mode & NASL_EXEC_PARSE_ONLY))
     {
-      char *p;
+      char *p, *name_aux;
 
       bzero (&tc, sizeof (tc));
       tc.type = CONST_INT;
@@ -1719,14 +1720,18 @@ exec_nasl_script (struct script_infos *script_infos, int mode)
       add_named_var_to_ctxt (lexic, "description", &tc);
 
       tc.type = CONST_DATA;
-      p = strrchr (name, '/');
+      // for preserving the const qualifier during assginment
+      name_aux = g_strdup (name);
+      p = strrchr (name_aux, '/');
       if (p == NULL)
-        p = (char *) name;
+        p = (char *) name_aux;
       else
         p++;
+
       tc.x.str_val = p;
       tc.size = strlen (p);
       add_named_var_to_ctxt (lexic, "SCRIPT_NAME", &tc);
+      g_free (name_aux);
 
       truc = (lex_ctxt *) ctx.tree;
       if ((ret = nasl_exec (lexic, ctx.tree)) == NULL)
@@ -1736,6 +1741,7 @@ exec_nasl_script (struct script_infos *script_infos, int mode)
 
       if ((pf = get_func_ref_by_name (lexic, "on_exit")) != NULL)
         nasl_func_call (lexic, pf, NULL);
+
     }
 
   if (g_chdir (old_dir) != 0)
@@ -1745,6 +1751,7 @@ exec_nasl_script (struct script_infos *script_infos, int mode)
     }
   g_free (old_dir);
 
+  nasl_okrb5_clean ();
   nasl_clean_ctx (&ctx);
   free_lex_ctxt (lexic);
   return err;

nasl/nasl_krb5.c

@@ -12,7 +12,11 @@
 #include "nasl_tree.h"
 #include "nasl_var.h"
 
+#include <gvm/base/networking.h>
+#include <netinet/in.h>
 #include <stdio.h>
+#include <string.h>
+#include <unistd.h>
 
 #define NASL_PRINT_KRB_ERROR(lexic, credential, result)                   \
   do                                                                      \
@@ -35,19 +39,22 @@ static OKrb5ErrorCode last_okrb5_result;
 // cached_gss_context is used on cases that require an already existing session.
 // NASL does currently not have the concept of a pointer nor struct so we need
 // to store it as a global variable.
-// 
+//
 // We use one context per run, this means that per run (target + oid) there is
 // only on credential allowed making it safe to be cached in that fashion.
 static struct OKrb5GSSContext *cached_gss_context = NULL;
 
-// Is used for `krb5_gss_update_context_out` and is essential a 
-// cache for the data from `krb5_gss_update_context`. 
+// Is used for `krb5_gss_update_context_out` and is essential a
+// cache for the data from `krb5_gss_update_context`.
 static struct OKrb5Slice *to_application = NULL;
 
 // Is used for `krb5_gss_update_context_needs_more` which indicates to the
-// script author that `krb5_gss_update_context` is not satisfied yet. 
+// script author that `krb5_gss_update_context` is not satisfied yet.
 static bool gss_update_context_more = false;
 
+// Stores the path to the generated krb5 config file for cleanup.
+static char *generated_config_path = NULL;
+
 #define SET_SLICE_FROM_LEX_OR_ENV(lexic, slice, name, env_name)            \
   do                                                                       \
     {                                                                      \
@@ -56,6 +63,10 @@ static bool gss_update_context_more = false;
         {                                                                  \
           okrb5_set_slice_from_str (slice, getenv (env_name));             \
         }                                                                  \
+      else                                                                 \
+        {                                                                  \
+          setenv (env_name, get_str_var_by_name (lexic, name), 1);         \
+        }                                                                  \
     }                                                                      \
   while (0)
 
@@ -71,7 +82,6 @@ static bool gss_update_context_more = false;
     }                                                                  \
   while (0)
 
-
 static OKrb5Credential
 build_krb5_credential (lex_ctxt *lexic)
 {
@@ -84,9 +94,27 @@ build_krb5_credential (lex_ctxt *lexic)
                              "KRB5_CONFIG");
   if (credential.config_path.len == 0)
     {
-      okrb5_set_slice_from_str (credential.config_path, "/etc/krb5.conf");
+      char *ip_str = addr6_as_str (lexic->script_infos->ip);
+      for (int i = 0; ip_str[i] != '\0'; i++)
+        {
+          if (ip_str[i] == '.' || ip_str[i] == ':')
+            {
+              ip_str[i] = '_';
+            }
+        }
+      char default_config_path[256];
+      snprintf (default_config_path, sizeof (default_config_path),
+                "/tmp/krb5_%s.conf", ip_str);
+      setenv ("KRB5_CONFIG", default_config_path, 1);
+      okrb5_set_slice_from_str (credential.config_path, default_config_path);
     }
 
+  // Store path for cleanup
+  if (generated_config_path != NULL)
+    free (generated_config_path);
+  generated_config_path =
+    strndup (credential.config_path.data, credential.config_path.len);
+
   PERROR_SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.realm, "realm",
                                     "KRB5_REALM");
   PERROR_SET_SLICE_FROM_LEX_OR_ENV (lexic, credential.kdc, "kdc", "KRB5_KDC");
@@ -240,7 +268,6 @@ nasl_okrb5_is_failure (lex_ctxt *lexic)
   return retc;
 }
 
-
 tree_cell *
 nasl_okrb5_gss_init (lex_ctxt *lexic)
 {
@@ -277,7 +304,6 @@ nasl_okrb5_gss_prepare_context (lex_ctxt *lexic)
   return retc;
 }
 
-
 tree_cell *
 nasl_okrb5_gss_update_context (lex_ctxt *lexic)
 {
@@ -322,6 +348,13 @@ nasl_okrb5_clean (void)
   if (cached_gss_context != NULL)
     {
       okrb5_gss_free_context (cached_gss_context);
+      cached_gss_context = NULL;
+    }
+  if (generated_config_path != NULL)
+    {
+      unlink (generated_config_path);
+      free (generated_config_path);
+      generated_config_path = NULL;
     }
 }
 

rust/crates/greenbone-scanner-framework/src/entry/response/mod.rs

@@ -42,7 +42,7 @@ macro_rules! internal_server_error {
     }};
 }
 
-pub type StreamResult<'a, T, E> = Box<dyn Stream<Item = Result<T, E>> + Unpin + Send + 'a>;
+pub type StreamResult<T, E> = Pin<Box<dyn Stream<Item = Result<T, E>> + Send>>;
 
 pub trait BodyKindError {
     fn into_body_kind(self) -> BodyKind;
@@ -100,7 +100,7 @@ impl BodyKind {
     /// If it is an empty stgream it will return an BodyKind::Stream with an empty stream
     pub async fn from_result_stream<T, E>(
         status_code: StatusCode,
-        mut input: StreamResult<'static, T, E>,
+        mut input: StreamResult<T, E>,
     ) -> Self
     where
         T: Default + serde::Serialize + Send + 'static,

rust/crates/greenbone-scanner-framework/src/get_scans.rs

@@ -12,7 +12,7 @@ use crate::{
 };
 
 pub trait GetScans: Send + Sync {
-    fn get_scans(&self, client_id: String) -> StreamResult<'static, String, GetScansError>;
+    fn get_scans(&self, client_id: String) -> StreamResult<String, GetScansError>;
 }
 
 pub struct GetScansHandler<T> {
@@ -110,6 +110,7 @@ impl From<GetScansError> for BodyKind {
 
 #[cfg(test)]
 mod tests {
+
     use entry::test_utilities;
     use futures::stream;
     use http_body_util::{BodyExt, Empty};
@@ -127,15 +128,15 @@ mod tests {
     }
 
     impl GetScans for Test {
-        fn get_scans(&self, client_id: String) -> StreamResult<'static, String, GetScansError> {
+        fn get_scans(&self, client_id: String) -> StreamResult<String, GetScansError> {
             let ise = ClientHash::from("internal_server_error").to_string();
             if ise == client_id {
-                return Box::new(stream::iter(vec![Err(GetScansError::External(Box::new(
+                return Box::pin(stream::iter(vec![Err(GetScansError::External(Box::new(
                     io::Error::other("oh no"),
                 )))]));
             }
 
-            Box::new(stream::iter(vec![Ok(String::default())]))
+            Box::pin(stream::iter(vec![Ok(String::default())]))
         }
     }
 

rust/crates/greenbone-scanner-framework/src/get_scans_id.rs

@@ -12,10 +12,10 @@ use crate::{
 };
 
 pub trait GetScansId: MapScanID {
-    fn get_scans_id(
-        &self,
+    fn get_scans_id<'a>(
+        &'a self,
         id: String,
-    ) -> Pin<Box<dyn Future<Output = Result<models::Scan, GetScansIDError>> + Send + '_>>;
+    ) -> Pin<Box<dyn Future<Output = Result<models::Scan, GetScansIDError>> + Send + 'a>>;
 }
 
 pub struct GetScansIdHandler<T> {

rust/crates/greenbone-scanner-framework/src/get_scans_id_results.rs

@@ -17,7 +17,7 @@ pub trait GetScansIdResults: MapScanID {
         id: String,
         from: Option<usize>,
         to: Option<usize>,
-    ) -> StreamResult<'static, models::Result, GetScansIDResultsError>;
+    ) -> StreamResult<models::Result, GetScansIDResultsError>;
 }
 
 pub struct GetScansIdResultsHandler<T> {
@@ -163,10 +163,10 @@ mod tests {
             client_id: String,
             from: Option<usize>,
             to: Option<usize>,
-        ) -> StreamResult<'static, models::Result, GetScansIDResultsError> {
+        ) -> StreamResult<models::Result, GetScansIDResultsError> {
             let ise = ClientHash::from("internal_server_error").to_string();
             if ise == client_id {
-                return Box::new(stream::iter(vec![Err(GetScansError::External(Box::new(
+                return Box::pin(stream::iter(vec![Err(GetScansError::External(Box::new(
                     io::Error::other("oh no"),
                 )))]));
             }
@@ -186,7 +186,7 @@ mod tests {
                 })
                 .collect();
 
-            Box::new(stream::iter(result))
+            Box::pin(stream::iter(result))
         }
     }
 

rust/crates/greenbone-scanner-framework/src/get_vts.rs

@@ -10,9 +10,9 @@ use crate::{
 };
 
 pub trait GetVts: Send + Sync {
-    fn get_oids(&self, client_id: String) -> StreamResult<'static, String, GetVTsError>;
+    fn get_oids(&self, client_id: String) -> StreamResult<String, GetVTsError>;
 
-    fn get_vts(&self, client_id: String) -> StreamResult<'static, VTData, GetVTsError>;
+    fn get_vts(&self, client_id: String) -> StreamResult<VTData, GetVTsError>;
 }
 
 pub struct GetVTsHandler<T> {
@@ -127,7 +127,7 @@ mod tests {
     }
 
     impl GetVts for Test {
-        fn get_oids(&self, client_id: String) -> StreamResult<'static, String, GetVTsError> {
+        fn get_oids(&self, client_id: String) -> StreamResult<String, GetVTsError> {
             let ok = ClientHash::from("ok").to_string();
             let not_found = ClientHash::from("not_found").to_string();
             let unknown = "unknown".to_string();
@@ -141,11 +141,11 @@ mod tests {
                 ))))]
             };
             //stream::iter(result)
-            Box::new(stream::iter(result))
+            Box::pin(stream::iter(result))
         }
 
-        fn get_vts(&self, _: String) -> StreamResult<'static, VTData, GetVTsError> {
-            Box::new(stream::iter(vec![Ok(VTData::default())]))
+        fn get_vts(&self, _: String) -> StreamResult<VTData, GetVTsError> {
+            Box::pin(stream::iter(vec![Ok(VTData::default())]))
         }
     }