diff --git a/CHANGELOG.md b/CHANGELOG.md
index 407b7d8d89..bb6dc7e86c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [21.04] - 2021-04-16
### Added
+- Allow to add ssh elevate credential to target dialog and display elevate credential in details [#2954](https://github.com/greenbone/gsa/pull/2954)
- Allow to set unix socket permissions for gsad [#2816](https://github.com/greenbone/gsa/pull/2816)
- Added CVSS date to NVT details [#2802](https://github.com/greenbone/gsa/pull/2802)
- Added option to allow to scan simultaneous IPs to targets
diff --git a/gsa/public/locales/gsa-de.json b/gsa/public/locales/gsa-de.json
index 51a1b77da4..6c6bd41f85 100644
--- a/gsa/public/locales/gsa-de.json
+++ b/gsa/public/locales/gsa-de.json
@@ -385,6 +385,7 @@
"Create new SMB credential": "Neue SMB-Anmeldedaten erstellen",
"Create new SNMP credential": "Neue SNMP-Anmeldedaten erstellen",
"Create new SSH credential": "Neue SSH-Anmeldedaten erstellen",
+ "Create new SSH elevate credential": "Neue SSH-Anmeldedaten für zusätzliche Berechtigungen erstellen",
"Create new Ticket": "Neues Ticket erstellen",
"Create new Ticket for Result": "Neues Ticket für Ergebnis erstellen",
"Create new Ticket for Result {{- name}}": "Neues Ticket für Ergebnis ({{- name}}) erstellen",
@@ -561,6 +562,7 @@
"Edit process": "Prozess bearbeiten",
"Edit {{entity}}": "{{entity}} bearbeiten",
"Effect": "Auswirkung",
+ "Elevate privileges": "Berechtigungen erweitern",
"Email": "E-Mail",
"Email Encryption": "E-Mail-Verschlüsselung",
"Email report to": "E-Mail-Bericht an",
@@ -1390,6 +1392,7 @@
"SSH Credential": "SSH-Anmeldedaten",
"SSH authentication was successful": "SSH-Authentifizierung war erfolgreich",
"SSH authentication was unsuccessful": "SSH-Authentifizierung ist fehlgeschlagen",
+ "SSH elevate credential ": "SSH-Anmeldedaten für zusätzliche Berechtigungen ",
"SSL / TLS Certificate": "SSL-/TLS-Zertifikat",
"Sa.": "Sa.",
"Same": "Gleich",
diff --git a/gsa/src/gmp/commands/targets.js b/gsa/src/gmp/commands/targets.js
index d79444b8e7..84cd47df5b 100644
--- a/gsa/src/gmp/commands/targets.js
+++ b/gsa/src/gmp/commands/targets.js
@@ -23,6 +23,8 @@ import registerCommand from 'gmp/command';
import Target from 'gmp/models/target';
+import {UNSET_VALUE} from 'web/utils/render';
+
import EntitiesCommand from './entities';
import EntityCommand from './entity';
@@ -47,6 +49,7 @@ class TargetCommand extends EntityCommand {
alive_tests,
allowSimultaneousIPs,
ssh_credential_id = 0,
+ ssh_elevate_credential_id = 0,
port,
smb_credential_id = 0,
esxi_credential_id = 0,
@@ -71,6 +74,10 @@ class TargetCommand extends EntityCommand {
alive_tests,
port,
ssh_credential_id,
+ ssh_elevate_credential_id:
+ ssh_credential_id === UNSET_VALUE
+ ? UNSET_VALUE
+ : ssh_elevate_credential_id,
smb_credential_id,
esxi_credential_id,
snmp_credential_id,
@@ -95,6 +102,7 @@ class TargetCommand extends EntityCommand {
alive_tests,
allowSimultaneousIPs,
ssh_credential_id = 0,
+ ssh_elevate_credential_id = 0,
port,
smb_credential_id = 0,
esxi_credential_id = 0,
@@ -124,6 +132,10 @@ class TargetCommand extends EntityCommand {
smb_credential_id,
snmp_credential_id,
ssh_credential_id,
+ ssh_elevate_credential_id:
+ ssh_credential_id === UNSET_VALUE
+ ? UNSET_VALUE
+ : ssh_elevate_credential_id,
target_source,
target_exclude_source,
});
diff --git a/gsa/src/gmp/models/credential.js b/gsa/src/gmp/models/credential.js
index 948821a44d..13af869c0b 100644
--- a/gsa/src/gmp/models/credential.js
+++ b/gsa/src/gmp/models/credential.js
@@ -37,6 +37,8 @@ export const SSH_CREDENTIAL_TYPES = [
USERNAME_SSH_KEY_CREDENTIAL_TYPE,
];
+export const SSH_ELEVATE_CREDENTIAL_TYPES = [USERNAME_PASSWORD_CREDENTIAL_TYPE];
+
export const SMB_CREDENTIAL_TYPES = [USERNAME_PASSWORD_CREDENTIAL_TYPE];
export const ESXI_CREDENTIAL_TYPES = [USERNAME_PASSWORD_CREDENTIAL_TYPE];
diff --git a/gsa/src/gmp/models/target.js b/gsa/src/gmp/models/target.js
index 9dff57a016..d61b5792f4 100644
--- a/gsa/src/gmp/models/target.js
+++ b/gsa/src/gmp/models/target.js
@@ -30,6 +30,7 @@ export const TARGET_CREDENTIAL_NAMES = [
'snmp_credential',
'ssh_credential',
'esxi_credential',
+ 'ssh_elevate_credential',
];
class Target extends Model {
diff --git a/gsa/src/web/pages/targets/component.js b/gsa/src/web/pages/targets/component.js
index 6fcaf621c5..e41442809a 100644
--- a/gsa/src/web/pages/targets/component.js
+++ b/gsa/src/web/pages/targets/component.js
@@ -69,6 +69,9 @@ class TargetComponent extends React.Component {
this,
);
this.handleSshCredentialChange = this.handleSshCredentialChange.bind(this);
+ this.handleSshElevateCredentialChange = this.handleSshElevateCredentialChange.bind(
+ this,
+ );
this.handleSmbCredentialChange = this.handleSmbCredentialChange.bind(this);
this.handleSnmpCredentialChange = this.handleSnmpCredentialChange.bind(
this,
@@ -128,6 +131,7 @@ class TargetComponent extends React.Component {
smb_credential_id: id_or__(entity.smb_credential),
snmp_credential_id: id_or__(entity.snmp_credential),
ssh_credential_id: id_or__(entity.ssh_credential),
+ ssh_elevate_credential_id: id_or__(entity.ssh_elevate_credential),
});
});
} else {
@@ -154,6 +158,7 @@ class TargetComponent extends React.Component {
smb_credential_id: undefined,
snmp_credential_id: undefined,
ssh_credential_id: undefined,
+ ssh_elevate_credential_id: undefined,
target_source: undefined,
target_exclude_source: undefined,
target_title: _('New Target'),
@@ -269,6 +274,10 @@ class TargetComponent extends React.Component {
this.setState({ssh_credential_id});
}
+ handleSshElevateCredentialChange(ssh_elevate_credential_id) {
+ this.setState({ssh_elevate_credential_id});
+ }
+
handleSnmpCredentialChange(snmp_credential_id) {
this.setState({snmp_credential_id});
}
@@ -327,6 +336,7 @@ class TargetComponent extends React.Component {
smb_credential_id,
snmp_credential_id,
ssh_credential_id,
+ ssh_elevate_credential_id,
target_source,
target_exclude_source,
target_title,
@@ -377,6 +387,7 @@ class TargetComponent extends React.Component {
smb_credential_id={smb_credential_id}
snmp_credential_id={snmp_credential_id}
ssh_credential_id={ssh_credential_id}
+ ssh_elevate_credential_id={ssh_elevate_credential_id}
target_source={target_source}
target_exclude_source={target_exclude_source}
title={target_title}
@@ -388,6 +399,9 @@ class TargetComponent extends React.Component {
onSshCredentialChange={this.handleSshCredentialChange}
onEsxiCredentialChange={this.handleEsxiCredentialChange}
onSmbCredentialChange={this.handleSmbCredentialChange}
+ onSshElevateCredentialChange={
+ this.handleSshElevateCredentialChange
+ }
onSave={d => {
this.handleInteraction();
return save(d).then(() => this.closeTargetDialog());
diff --git a/gsa/src/web/pages/targets/details.js b/gsa/src/web/pages/targets/details.js
index 675d0248f9..7c8044e86d 100644
--- a/gsa/src/web/pages/targets/details.js
+++ b/gsa/src/web/pages/targets/details.js
@@ -54,6 +54,7 @@ const TargetDetails = ({capabilities, entity, links = true}) => {
smb_credential,
snmp_credential,
ssh_credential,
+ ssh_elevate_credential,
tasks,
allowSimultaneousIPs,
} = entity;
@@ -160,6 +161,24 @@ const TargetDetails = ({capabilities, entity, links = true}) => {
)}
+ {isDefined(ssh_credential) &&
+ isDefined(ssh_elevate_credential) && ( // Skip one column, because there is no way to fit a variation of the word "elevate" without leaving lots of white space on other rows
+
+ {''}
+
+
+ {_('SSH elevate credential ')}
+
+ {ssh_elevate_credential.name}
+
+
+
+
+ )}
+
{isDefined(smb_credential) && (
{_('SMB')}
diff --git a/gsa/src/web/pages/targets/dialog.js b/gsa/src/web/pages/targets/dialog.js
index a5bb8118c0..7fd2673ef3 100644
--- a/gsa/src/web/pages/targets/dialog.js
+++ b/gsa/src/web/pages/targets/dialog.js
@@ -47,6 +47,7 @@ import {
SNMP_CREDENTIAL_TYPES,
SSH_CREDENTIAL_TYPES,
USERNAME_PASSWORD_CREDENTIAL_TYPE,
+ SSH_ELEVATE_CREDENTIAL_TYPES,
} from 'gmp/models/credential';
const DEFAULT_PORT = 22;
@@ -89,6 +90,12 @@ const NEW_SSH = {
title: _l('Create new SSH credential'),
};
+const NEW_SSH_ELEVATE = {
+ id_field: 'ssh_elevate_credential_id',
+ types: SSH_ELEVATE_CREDENTIAL_TYPES,
+ title: _l('Create new SSH elevate credential'),
+};
+
const NEW_SMB = {
id_field: 'smb_credential_id',
title: _l('Create new SMB credential'),
@@ -127,6 +134,7 @@ const TargetDialog = ({
smb_credential_id = UNSET_VALUE,
snmp_credential_id = UNSET_VALUE,
ssh_credential_id = UNSET_VALUE,
+ ssh_elevate_credential_id = UNSET_VALUE,
target_source = 'manual',
target_exclude_source = 'manual',
title = _('New Target'),
@@ -139,6 +147,7 @@ const TargetDialog = ({
onSmbCredentialChange,
onEsxiCredentialChange,
onSnmpCredentialChange,
+ onSshElevateCredentialChange,
...initial
}) => {
const ssh_credentials = credentials.filter(ssh_credential_filter);
@@ -170,6 +179,7 @@ const TargetDialog = ({
smb_credential_id,
snmp_credential_id,
ssh_credential_id,
+ ssh_elevate_credential_id,
};
return (
@@ -342,34 +352,59 @@ const TargetDialog = ({
)}
{capabilities.mayOp('get_credentials') && (
-
-
-
- {_('on port')}
-
- {!in_use && (
-
-
+
+
+
+ {_('on port')}
+
+ {!in_use && (
+
+
+
+ )}
+
+
+ {state.ssh_credential_id !== UNSET_VALUE && (
+
+
+ {_('Elevate privileges')}
+
-
- )}
-
-
+ {!in_use && (
+
+
+
+ )}
+
+
+ )}
+
)}
{capabilities.mayOp('get_credentials') && (
@@ -485,6 +520,7 @@ TargetDialog.propTypes = {
smb_credential_id: PropTypes.idOrZero,
snmp_credential_id: PropTypes.idOrZero,
ssh_credential_id: PropTypes.idOrZero,
+ ssh_elevate_credential_id: PropTypes.idOrZero,
target_exclude_source: PropTypes.oneOf(['manual', 'file']),
target_source: PropTypes.oneOf(['manual', 'file', 'asset_hosts']),
title: PropTypes.string,
@@ -497,6 +533,7 @@ TargetDialog.propTypes = {
onSmbCredentialChange: PropTypes.func.isRequired,
onSnmpCredentialChange: PropTypes.func.isRequired,
onSshCredentialChange: PropTypes.func.isRequired,
+ onSshElevateCredentialChange: PropTypes.func.isRequired,
};
export default withCapabilities(TargetDialog);
diff --git a/gsad/src/gsad.c b/gsad/src/gsad.c
index 9a79e5e181..a47f44f7bb 100644
--- a/gsad/src/gsad.c
+++ b/gsad/src/gsad.c
@@ -886,6 +886,8 @@ init_validator ()
gvm_validator_alias (validator, "smb_credential_id", "credential_id");
gvm_validator_alias (validator, "snmp_credential_id", "credential_id");
gvm_validator_alias (validator, "ssh_credential_id", "credential_id");
+ gvm_validator_alias (validator, "ssh_elevate_credential_id",
+ "credential_id");
gvm_validator_alias (validator, "subgroup_column", "group_column");
gvm_validator_alias (validator, "subject_id", "id");
gvm_validator_alias (validator, "subject_id_optional", "id_optional");
diff --git a/gsad/src/gsad_gmp.c b/gsad/src/gsad_gmp.c
index 852ce73629..4a1dd63590 100644
--- a/gsad/src/gsad_gmp.c
+++ b/gsad/src/gsad_gmp.c
@@ -5283,6 +5283,7 @@ create_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
gchar *html, *response, *command;
const char *name, *hosts, *exclude_hosts, *comment;
const char *target_ssh_credential, *port, *target_smb_credential;
+ const char *target_ssh_elevate_credential;
const char *target_esxi_credential, *target_snmp_credential, *target_source;
const char *target_exclude_source;
const char *port_list_id, *reverse_lookup_only, *reverse_lookup_unify;
@@ -5290,6 +5291,7 @@ create_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
const char *allow_simultaneous_ips;
gchar *ssh_credentials_element, *smb_credentials_element;
gchar *esxi_credentials_element, *snmp_credentials_element;
+ gchar *ssh_elevate_credentials_element;
gchar *asset_hosts_element;
gchar *comment_element = NULL;
entity_t entity;
@@ -5305,6 +5307,8 @@ create_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
comment = params_value (params, "comment");
port_list_id = params_value (params, "port_list_id");
target_ssh_credential = params_value (params, "ssh_credential_id");
+ target_ssh_elevate_credential = params_value (params,
+ "ssh_elevate_credential_id");
port = params_value (params, "port");
target_smb_credential = params_value (params, "smb_credential_id");
target_esxi_credential = params_value (params, "esxi_credential_id");
@@ -5341,6 +5345,7 @@ create_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
CHECK_VARIABLE_INVALID (target_ssh_credential, "Create Target");
if (strcmp (target_ssh_credential, "--"))
CHECK_VARIABLE_INVALID (port, "Create Target");
+ CHECK_VARIABLE_INVALID (target_ssh_elevate_credential, "Create Target");
CHECK_VARIABLE_INVALID (target_smb_credential, "Create Target");
CHECK_VARIABLE_INVALID (target_esxi_credential, "Create Target");
CHECK_VARIABLE_INVALID (target_snmp_credential, "Create Target");
@@ -5352,13 +5357,19 @@ create_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
else
comment_element = g_strdup ("");
- if (strcmp (target_ssh_credential, "0") == 0)
+ if (strcmp (target_ssh_credential, "0") == 0) {
ssh_credentials_element = g_strdup ("");
- else
+ ssh_elevate_credentials_element = g_strdup ("");
+ }
+ else {
ssh_credentials_element = g_strdup_printf (""
"%s"
"",
target_ssh_credential, port);
+ ssh_elevate_credentials_element =
+ g_strdup_printf ("",
+ target_ssh_elevate_credential);
+ }
if (strcmp (target_smb_credential, "0") == 0)
smb_credentials_element = g_strdup ("");
@@ -5410,15 +5421,17 @@ create_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
allow_simultaneous_ips ? allow_simultaneous_ips : "1");
command = g_strdup_printf (""
- "%s%s%s%s%s%s%s"
+ "%s%s%s%s%s%s%s%s"
"",
xml->str, comment_element, ssh_credentials_element,
+ ssh_elevate_credentials_element,
smb_credentials_element, esxi_credentials_element,
snmp_credentials_element, asset_hosts_element);
g_string_free (xml, TRUE);
g_free (comment_element);
g_free (ssh_credentials_element);
+ g_free (ssh_elevate_credentials_element);
g_free (smb_credentials_element);
g_free (esxi_credentials_element);
@@ -6189,6 +6202,7 @@ save_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
gchar *html, *response;
const char *name, *hosts, *exclude_hosts, *comment;
const char *target_ssh_credential, *port, *target_smb_credential;
+ const char *target_ssh_elevate_credential;
const char *target_esxi_credential, *target_snmp_credential;
const char *target_source, *target_exclude_source;
const char *target_id, *port_list_id, *reverse_lookup_only;
@@ -6280,6 +6294,8 @@ save_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
target_exclude_source = params_value (params, "target_exclude_source");
port_list_id = params_value (params, "port_list_id");
target_ssh_credential = params_value (params, "ssh_credential_id");
+ target_ssh_elevate_credential = params_value (params,
+ "ssh_elevate_credential_id");
port = params_value (params, "port");
target_smb_credential = params_value (params, "smb_credential_id");
target_esxi_credential = params_value (params, "esxi_credential_id");
@@ -6296,8 +6312,10 @@ save_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
CHECK_VARIABLE_INVALID (allow_simultaneous_ips, "Save Target");
if (strcmp (target_ssh_credential, "--")
- && strcmp (target_ssh_credential, "0"))
- CHECK_VARIABLE_INVALID (port, "Save Target");
+ && strcmp (target_ssh_credential, "0")) {
+ CHECK_VARIABLE_INVALID (port, "Save Target");
+ CHECK_VARIABLE_INVALID (target_ssh_elevate_credential, "Save Target");
+ }
if (str_equal (target_source, "manual"))
{
@@ -6307,6 +6325,7 @@ save_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
{
int ret;
gchar *ssh_credentials_element, *smb_credentials_element;
+ gchar *ssh_elevate_credentials_element;
gchar *esxi_credentials_element, *snmp_credentials_element;
gchar *comment_element;
entity_t entity;
@@ -6316,13 +6335,19 @@ save_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
else
comment_element = g_strdup ("");
- if (str_equal (target_ssh_credential, "--"))
+ if (str_equal (target_ssh_credential, "--")) {
ssh_credentials_element = g_strdup ("");
- else
+ ssh_elevate_credentials_element = g_strdup ("");
+ }
+ else {
ssh_credentials_element = g_strdup_printf (""
"%s"
"",
target_ssh_credential, port);
+ ssh_elevate_credentials_element =
+ g_strdup_printf ("",
+ target_ssh_elevate_credential);
+ }
if (str_equal (target_smb_credential, "--"))
smb_credentials_element = g_strdup ("");
@@ -6365,14 +6390,16 @@ save_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
allow_simultaneous_ips ? allow_simultaneous_ips : "1");
g_string_append_printf (command,
- "%s%s%s%s%s"
+ "%s%s%s%s%s%s"
"",
comment_element, ssh_credentials_element,
+ ssh_elevate_credentials_element,
smb_credentials_element, esxi_credentials_element,
snmp_credentials_element);
g_free (comment_element);
g_free (ssh_credentials_element);
+ g_free (ssh_elevate_credentials_element);
g_free (smb_credentials_element);
g_free (esxi_credentials_element);
g_free (snmp_credentials_element);